seang96/nixos-config
1
0
Fork 0
mirror of https://github.com/buckley310/nixos-config.git synced 2024-12-21 19:24:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: seang96:2081f38f9650cf9b0afe45736b97d5db853a984c
Branches Tags
seang96:master
..
compare: seang96:cbb212cbcdbec600ac5bd62c2899d3db9488f277
Branches Tags
seang96:master

No commits in common. "2081f38f9650cf9b0afe45736b97d5db853a984c" and "cbb212cbcdbec600ac5bd62c2899d3db9488f277" have entirely different histories.
2081f38f96 ... cbb212cbcd

37 changed files with 502 additions and 670 deletions
Show stats Expand all files Collapse all files

10
.editorconfig Normal file
View file

@ -0,0 +1,10 @@
[*]
indent_style = tab
[*.{nix,yaml}]
indent_style = space
indent_size = 2
[*.py]
indent_style = space
indent_size = 4

12
flake.lock
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1730403150, "lastModified": 1729068498,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", "narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", "rev": "e337457502571b23e449bf42153d7faa10c0a562",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -17,11 +17,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730531603, "lastModified": 1729665710,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github" "type": "github"
}, },
"original": { "original": {

64
flake.nix
View file

@ -2,19 +2,13 @@
inputs.nixpkgs.url = "nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "nixpkgs/nixos-unstable";
inputs.impermanence.url = "github:nix-community/impermanence"; inputs.impermanence.url = "github:nix-community/impermanence";
outputs = outputs = { self, nixpkgs, impermanence }:
{
self,
nixpkgs,
impermanence,
}:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
mypkgs = mypkgs = pkgs:
pkgs: self.lib.dirToAttrs ./pkgs (x: pkgs.callPackage x { }) //
self.lib.dirToAttrs ./pkgs (x: pkgs.callPackage x { }) {
// {
iso = import lib/gen-iso.nix lib pkgs.system; iso = import lib/gen-iso.nix lib pkgs.system;
}; };
@ -36,39 +30,43 @@
in in
{ {
formatter = forAllSystems (system:
nixpkgs.legacyPackages.${system}.nixpkgs-fmt);
lib = { lib = {
base64 = import lib/base64.nix; base64 = import lib/base64.nix;
gen-ssh-config = import lib/gen-ssh-config.nix lib; gen-ssh-config = import lib/gen-ssh-config.nix lib;
ssh-keys = import lib/ssh-keys.nix; ssh-keys = import lib/ssh-keys.nix;
dirToAttrs = dirToAttrs = dir: f: lib.mapAttrs'
dir: f: (name: _: {
lib.mapAttrs' (name: _: {
name = lib.removeSuffix ".nix" name; name = lib.removeSuffix ".nix" name;
value = f "${toString dir}/${name}"; value = f "${toString dir}/${name}";
}) (builtins.readDir dir); })
(builtins.readDir dir);
}; };
nixosModules = self.lib.dirToAttrs ./modules import // { nixosModules =
inherit pins; {
inherit (impermanence.nixosModules) impermanence; inherit pins;
pkgs.nixpkgs.overlays = [ (_: mypkgs) ]; inherit (impermanence.nixosModules) impermanence;
}; pkgs.nixpkgs.overlays = [ (_: mypkgs) ];
} //
self.lib.dirToAttrs ./modules import;
nixosConfigurations = self.lib.dirToAttrs ./hosts ( nixosConfigurations = self.lib.dirToAttrs ./hosts
dir: (dir:
let let cfg = import dir;
cfg = import dir; in lib.nixosSystem {
in inherit (cfg) system;
lib.nixosSystem { modules =
inherit (cfg) system; cfg.modules ++
modules = [{ networking.hostName = builtins.baseNameOf dir; }] ++
cfg.modules (builtins.attrValues self.nixosModules);
++ [ { networking.hostName = builtins.baseNameOf dir; } ] }
++ (builtins.attrValues self.nixosModules); );
}
);
packages = forAllSystems (system: mypkgs nixpkgs.legacyPackages.${system}); packages = forAllSystems (system:
mypkgs nixpkgs.legacyPackages.${system});
}; };
} }

31
hosts/hp/configuration.nix
View file

@ -20,10 +20,7 @@ in
]; ];
services.openssh.hostKeys = [ services.openssh.hostKeys = [
{ { type = "ed25519"; path = "${persist}/ssh_host_ed25519_key"; }
type = "ed25519";
path = "${persist}/ssh_host_ed25519_key";
}
]; ];
users.mutableUsers = false; users.mutableUsers = false;
@ -39,27 +36,11 @@ in
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
fileSystems = { fileSystems = {
"/" = { "/" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "mode=755" ]; };
device = "tmpfs"; "/boot" = { device = "/dev/disk/by-partlabel/EFI\\x20system\\x20partition"; fsType = "vfat"; };
fsType = "tmpfs"; "/home" = { device = "zroot/locker/home"; fsType = "zfs"; };
options = [ "mode=755" ]; "/nix" = { device = "zroot/locker/nix"; fsType = "zfs"; };
}; "/var/log" = { device = "zroot/locker/log"; fsType = "zfs"; };
"/boot" = {
device = "/dev/disk/by-partlabel/EFI\\x20system\\x20partition";
fsType = "vfat";
};
"/home" = {
device = "zroot/locker/home";
fsType = "zfs";
};
"/nix" = {
device = "zroot/locker/nix";
fsType = "zfs";
};
"/var/log" = {
device = "zroot/locker/log";
fsType = "zfs";
};
}; };
system.stateVersion = "22.05"; system.stateVersion = "22.05";

38
hosts/levi/configuration.nix
View file

@ -8,10 +8,7 @@ in
}; };
services.openssh.hostKeys = [ services.openssh.hostKeys = [
{ { type = "ed25519"; path = "${persist}/ssh_host_ed25519_key"; }
type = "ed25519";
path = "${persist}/ssh_host_ed25519_key";
}
]; ];
# services.ollama = { # services.ollama = {
@ -25,10 +22,7 @@ in
sconfig = { sconfig = {
gnome = true; gnome = true;
desktop.enable = true; desktop.enable = true;
wg-home = { wg-home = { enable = true; path = "${persist}/wireguard_home.conf"; };
enable = true;
path = "${persist}/wireguard_home.conf";
};
}; };
environment.persistence."${persist}/system".directories = [ environment.persistence."${persist}/system".directories = [
@ -55,32 +49,14 @@ in
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
initrd.availableKernelModules = [ initrd.availableKernelModules = [ "xhci_pci" "vmd" "nvme" "sd_mod" ];
"xhci_pci"
"vmd"
"nvme"
"sd_mod"
];
}; };
fileSystems = { fileSystems = {
"/" = { "/" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "mode=755" ]; };
device = "tmpfs"; "/boot" = { fsType = "vfat"; device = "/dev/nvme0n1p1"; };
fsType = "tmpfs"; "/nix" = { device = "levi/nix"; fsType = "zfs"; };
options = [ "mode=755" ]; "/home" = { device = "levi/home"; fsType = "zfs"; };
};
"/boot" = {
fsType = "vfat";
device = "/dev/nvme0n1p1";
};
"/nix" = {
device = "levi/nix";
fsType = "zfs";
};
"/home" = {
device = "levi/home";
fsType = "zfs";
};
}; };
users.mutableUsers = false; users.mutableUsers = false;

62
hosts/levi/gpu_notes.txt
View file

@ -1,62 +0,0 @@
{
hardware.nvidia.prime.intelBusId = "PCI:0:2:0";
hardware.nvidia.prime.nvidiaBusId = "PCI:1:0:0";
}
### Nothing here has been tested since 2022
################################################################################
### "sync mode"
#
# good:
# max performance on external displays
# no BIOS settings change needed
#
# bad:
# graphics performance overhead on internal display
# internal display capped at 60hz
#
# hardware.nvidia.prime.sync.enable = true;
# hardware.nvidia.modesetting.enable = true;
# services.xserver.displayManager.gdm.wayland = false;
# services.xserver.videoDrivers = [ "nvidia" ];
# # xrandr workaround for laptop panel not showing up with GDM. Reference:
# # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix
# services.xserver.displayManager.sessionCommands = ''
# ${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource modesetting NVIDIA-0
# '';
################################################################################
### nvidia drivers disabled
#
# Not well tested. Possibly Incomplete.
# Won't allow external displays connected to nvidia GPU.
#
# Shutting off Nvidia GPU would theoretically save power.
# I do not think this actually powers down the Nvidia GPU, just stops using it.
#
# boot.kernelParams = [ "module_blacklist=nouveau" ];
################################################################################
### hybrid graphics
#
# Not well tested. Possibly Incomplete.
# Won't allow external displays connected to nvidia GPU.
#
# Everything would use intel by default,
# but specific apps would run on the nvidia GPU under the script.
#
# hardware.nvidia.prime.offload.enable = true;
# services.xserver.videoDrivers = [ "nvidia" ];
# environment.systemPackages = [
# (pkgs.writeShellScriptBin "nv" ''
# export __NV_PRIME_RENDER_OFFLOAD=1
# export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
# export __GLX_VENDOR_LIBRARY_NAME=nvidia
# export __VK_LAYER_NV_optimus=NVIDIA_only
# exec "$@"
# '')
# ];

69
hosts/levi/xorg.nix
View file

@ -1,5 +1,16 @@
{ {
hardware.nvidia.prime.intelBusId = "PCI:0:2:0";
hardware.nvidia.prime.nvidiaBusId = "PCI:1:0:0";
### NVIDIA-only using MUX switch in BIOS. ### NVIDIA-only using MUX switch in BIOS.
#
# good:
# simple, always works.
# max performance everywhere.
#
# bad:
# requires BIOS setting changes, which is annoying.
#
boot.kernelParams = [ "module_blacklist=i915" ]; boot.kernelParams = [ "module_blacklist=i915" ];
services.xserver.displayManager.gdm.wayland = false; services.xserver.displayManager.gdm.wayland = false;
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
@ -8,3 +19,61 @@
Option "metamodes" "DP-2: 2560x1440_165 +0+0 {AllowGSYNCCompatible=On}" Option "metamodes" "DP-2: 2560x1440_165 +0+0 {AllowGSYNCCompatible=On}"
''; '';
} }
### Nothing below this line has been tested since 2022
################################################################################
### "sync mode"
#
# good:
# max performance on external displays
# no BIOS settings change needed
#
# bad:
# graphics performance overhead on internal display
# internal display capped at 60hz
#
# hardware.nvidia.prime.sync.enable = true;
# hardware.nvidia.modesetting.enable = true;
# services.xserver.displayManager.gdm.wayland = false;
# services.xserver.videoDrivers = [ "nvidia" ];
# # xrandr workaround for laptop panel not showing up with GDM. Reference:
# # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/hardware/video/nvidia.nix
# services.xserver.displayManager.sessionCommands = ''
# ${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource modesetting NVIDIA-0
# '';
################################################################################
### nvidia drivers disabled
#
# Not well tested. Possibly Incomplete.
# Won't allow external displays connected to nvidia GPU.
#
# Shutting off Nvidia GPU would theoretically save power.
# I do not think this actually powers down the Nvidia GPU, just stops using it.
#
# boot.kernelParams = [ "module_blacklist=nouveau" ];
################################################################################
### hybrid graphics
#
# Not well tested. Possibly Incomplete.
# Won't allow external displays connected to nvidia GPU.
#
# Everything would use intel by default,
# but specific apps would run on the nvidia GPU under the script.
#
# hardware.nvidia.prime.offload.enable = true;
# services.xserver.videoDrivers = [ "nvidia" ];
# environment.systemPackages = [
# (pkgs.writeShellScriptBin "nv" ''
# export __NV_PRIME_RENDER_OFFLOAD=1
# export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
# export __GLX_VENDOR_LIBRARY_NAME=nvidia
# export __VK_LAYER_NV_optimus=NVIDIA_only
# exec "$@"
# '')
# ];

23
lib/base64.nix
View file

@ -1,20 +1,15 @@
{ runCommand }: { runCommand }: {
{
b64decode = b64decode = input:
input: builtins.readFile
builtins.readFile ( (runCommand "b64decode" { } ''
runCommand "b64decode" { } ''
base64 -d >$out <${builtins.toFile "input" input} base64 -d >$out <${builtins.toFile "input" input}
'' '');
);
b64encode = b64encode = input:
input: builtins.readFile
builtins.readFile ( (runCommand "b64encode" { } ''
runCommand "b64encode" { } ''
base64 -w0 >$out <${builtins.toFile "input" input} base64 -w0 >$out <${builtins.toFile "input" input}
'' '');
);
} }

18
lib/gen-iso.nix
View file

@ -1,18 +1,16 @@
lib: system: lib:
system:
let let
sys = lib.nixosSystem { sys = lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
( ({ modulesPath, ... }: {
{ modulesPath, ... }: imports = [
{ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
imports = [ ];
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" isoImage.squashfsCompression = "gzip -Xcompression-level 1";
]; })
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
}
)
]; ];
}; };

29
lib/gen-ssh-config.nix
View file

@ -1,22 +1,23 @@
lib: nixosConfigurations: lib:
nixosConfigurations:
let let
sshKnownHostsTxt = builtins.toFile "known_hosts" ( sshKnownHostsTxt = builtins.toFile "known_hosts" (lib.concatMapStrings
lib.concatMapStrings ( (hostName:
hostName: let d = nixosConfigurations.${hostName}.config.deploy;
let in lib.concatMapStrings (key: "${d.ssh.HostName} ${key}\n") d.sshPublicKeys
d = nixosConfigurations.${hostName}.config.deploy; )
in (builtins.attrNames nixosConfigurations)
lib.concatMapStrings (key: "${d.ssh.HostName} ${key}\n") d.sshPublicKeys
) (builtins.attrNames nixosConfigurations)
); );
attrsToList = lib.mapAttrsToList (n: v: "${n} ${v}"); attrsToList = lib.mapAttrsToList (n: v: "${n} ${v}");
attrsToLines = a: lib.concatLines (attrsToList a); attrsToLines = a: lib.concatLines (attrsToList a);
in in
lib.concatMapStrings (host: '' lib.concatMapStrings
Host ${host} (host: ''
UserKnownHostsFile ${sshKnownHostsTxt} Host ${host}
${attrsToLines nixosConfigurations.${host}.config.deploy.ssh} UserKnownHostsFile ${sshKnownHostsTxt}
'') (builtins.attrNames nixosConfigurations) ${attrsToLines nixosConfigurations.${host}.config.deploy.ssh}
'')
(builtins.attrNames nixosConfigurations)

116
modules/ad-domain.nix
View file

@ -1,17 +1,10 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
let let
cfg = config.sconfig.ad-domain; cfg = config.sconfig.ad-domain;
in in
{ {
options.sconfig.ad-domain = options.sconfig.ad-domain = with lib; with types;
with lib;
with types;
{ {
enable = mkEnableOption "Join Domain with SSSD"; enable = mkEnableOption "Join Domain with SSSD";
longname = mkOption { longname = mkOption {
@ -24,57 +17,58 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable
networking.domain = cfg.longname; {
networking.search = [ (cfg.longname) ]; networking.domain = cfg.longname;
security.pam.services.sshd.makeHomeDir = true; networking.search = [ (cfg.longname) ];
security.krb5 = { security.pam.services.sshd.makeHomeDir = true;
# These settings have been updated for NixOS 24.05. security.krb5 = {
# Breaking changes happenned since 23.11. # These settings have been updated for NixOS 24.05.
enable = true; # Breaking changes happenned since 23.11.
settings.libdefaults.default_realm = lib.toUpper cfg.longname; enable = true;
settings.libdefaults.default_realm = lib.toUpper cfg.longname;
};
services.sssd = {
enable = true;
sshAuthorizedKeysIntegration = true;
config = ''
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = ${cfg.longname}
[domain/${cfg.longname}]
id_provider = ad
ldap_sasl_mech = gssapi
access_provider = ad
override_homedir = /home/%u.%d
override_shell = /run/current-system/sw/bin/bash
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = True
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
'';
};
# Samba is configured, but just for the "net" command, to
# join the domain. A better join method probably exists.
# `net ads join -U Administrator`
environment.systemPackages = [ pkgs.samba4Full ];
systemd.services.samba-smbd.enable = lib.mkDefault false;
services.samba = {
enable = true;
enableNmbd = lib.mkDefault false;
enableWinbindd = lib.mkDefault false;
package = pkgs.samba4Full;
securityType = "ads";
extraConfig = ''
realm = ${lib.toUpper cfg.longname}
workgroup = ${lib.toUpper cfg.shortname}
client use spnego = yes
restrict anonymous = 2
server signing = mandatory
client signing = mandatory
kerberos method = secrets and keytab
'';
};
}; };
services.sssd = {
enable = true;
sshAuthorizedKeysIntegration = true;
config = ''
[sssd]
services = nss, pam, ssh
config_file_version = 2
domains = ${cfg.longname}
[domain/${cfg.longname}]
id_provider = ad
ldap_sasl_mech = gssapi
access_provider = ad
override_homedir = /home/%u.%d
override_shell = /run/current-system/sw/bin/bash
ad_gpo_access_control = permissive
ad_gpo_ignore_unreadable = True
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
'';
};
# Samba is configured, but just for the "net" command, to
# join the domain. A better join method probably exists.
# `net ads join -U Administrator`
environment.systemPackages = [ pkgs.samba4Full ];
systemd.services.samba-smbd.enable = lib.mkDefault false;
services.samba = {
enable = true;
enableNmbd = lib.mkDefault false;
enableWinbindd = lib.mkDefault false;
package = pkgs.samba4Full;
securityType = "ads";
extraConfig = ''
realm = ${lib.toUpper cfg.longname}
workgroup = ${lib.toUpper cfg.shortname}
client use spnego = yes
restrict anonymous = 2
server signing = mandatory
client signing = mandatory
kerberos method = secrets and keytab
'';
};
};
} }

36
modules/backport.nix
View file

@ -1,24 +1,24 @@
let let
brave = ( brave = (final: prev: {
final: prev: { brave =
brave = let
let # updates to the newer version before it hits the channels
# updates to the newer version before it hits the channels version = "1";
version = "1"; hash = "";
hash = ""; in
in if
if prev.lib.versionAtLeast prev.brave.version version then prev.lib.versionAtLeast prev.brave.version version
prev.brave then
else prev.brave
prev.brave.overrideAttrs { else
src = prev.fetchurl { prev.brave.overrideAttrs {
inherit hash; src = prev.fetchurl {
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb"; inherit hash;
}; url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
}; };
} };
); });
in in
{ {

16
modules/cli/default.nix
View file

@ -18,9 +18,9 @@
lm_sensors lm_sensors
ncdu ncdu
nix-diff nix-diff
nixfmt-rfc-style
nix-index nix-index
nix-prefetch-github nix-prefetch-github
nixpkgs-fmt
nodejs nodejs
openssl openssl
parted parted
@ -42,11 +42,9 @@
(writeShellScriptBin "dirt" "while sleep 1; do grep '^Dirty:' /proc/meminfo ; done") (writeShellScriptBin "dirt" "while sleep 1; do grep '^Dirty:' /proc/meminfo ; done")
(lib.hiPrio ( (lib.hiPrio (writeShellScriptBin "iftop" ''
writeShellScriptBin "iftop" '' exec ${iftop}/bin/iftop -P -m100M "$@"
exec ${iftop}/bin/iftop -P -m100M "$@" ''))
''
))
(writeShellScriptBin "bat" '' (writeShellScriptBin "bat" ''
${bat}/bin/bat --pager=never --color=always --wrap=never --terminal-width=80 "$@" ${bat}/bin/bat --pager=never --color=always --wrap=never --terminal-width=80 "$@"
@ -87,11 +85,7 @@
update_process_names = 1; update_process_names = 1;
}; };
package = pkgs.htop.overrideAttrs ( package = pkgs.htop.overrideAttrs (
{ { patches ? [ ], ... }: {
patches ? [ ],
...
}:
{
patches = patches ++ [ patches = patches ++ [
# This patch fixes process sort order while in tree view. # This patch fixes process sort order while in tree view.
# Started in 3.3.0. Should be fixed in 3.4.0. # Started in 3.3.0. Should be fixed in 3.4.0.

30
modules/cli/powerline.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
let let
left_hard_divider = builtins.fromJSON ''"\uE0B0" ''; left_hard_divider = builtins.fromJSON '' "\uE0B0" '';
upper_left_triangle = builtins.fromJSON ''"\uE0BC" ''; upper_left_triangle = builtins.fromJSON '' "\uE0BC" '';
theme = { theme = {
BoldForeground = true; BoldForeground = true;
@ -11,20 +11,16 @@ let
SeparatorFg = 16; SeparatorFg = 16;
}; };
customEnd = [ customEnd = [{
{ Content = "$";
Content = "$"; Foreground = 231;
Foreground = 231; Background = 102;
Background = 102; Separator = left_hard_divider;
Separator = left_hard_divider; }];
}
];
plconfig = builtins.toFile "powerline-config.json" ( plconfig = builtins.toFile "powerline-config.json" (builtins.toJSON {
builtins.toJSON { modes.patched.Separator = upper_left_triangle;
modes.patched.Separator = upper_left_triangle; });
}
);
args = [ args = [
"-modules=\${remote:+'user,host,'}nix-shell,git,jobs,cwd,newline,customend" "-modules=\${remote:+'user,host,'}nix-shell,git,jobs,cwd,newline,customend"
@ -41,7 +37,9 @@ in
environment.systemPackages = [ environment.systemPackages = [
pkgs.powerline-go pkgs.powerline-go
(pkgs.writeShellScriptBin "powerline-go-customend" "echo '${builtins.toJSON customEnd}'") (pkgs.writeShellScriptBin
"powerline-go-customend"
"echo '${builtins.toJSON customEnd}'")
]; ];
environment.etc."powerline-theme.json".text = builtins.toJSON theme; environment.etc."powerline-theme.json".text = builtins.toJSON theme;

63
modules/desktop/alacritty.nix
View file

@ -1,50 +1,27 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
let let
aconfig = (pkgs.formats.toml { }).generate "alacritty.toml" { aconfig = (pkgs.formats.toml { }).generate "alacritty.toml"
env.TERM = "xterm-256color"; {
font.size = 12; env.TERM = "xterm-256color";
window = { font.size = 12;
dynamic_padding = true; window = {
resize_increments = true; dynamic_padding = true;
dimensions = { resize_increments = true;
columns = 120; dimensions = { columns = 120; lines = 40; };
lines = 40;
}; };
keyboard.bindings = [
{ action = "ScrollHalfPageDown"; mods = "Shift"; key = "PageDown"; }
{ action = "ScrollHalfPageUp"; mods = "Shift"; key = "PageUp"; }
{ action = "SpawnNewInstance"; mods = "Control|Shift"; key = "N"; }
{ action = "SpawnNewInstance"; mods = "Control|Shift"; key = "T"; }
];
colors = {
primary.background = "0x1e1e1e";
primary.foreground = "0xffffff";
};
import = [ "${pkgs.alacritty-theme}/tango_dark.toml" ];
}; };
keyboard.bindings = [
{
action = "ScrollHalfPageDown";
mods = "Shift";
key = "PageDown";
}
{
action = "ScrollHalfPageUp";
mods = "Shift";
key = "PageUp";
}
{
action = "SpawnNewInstance";
mods = "Control|Shift";
key = "N";
}
{
action = "SpawnNewInstance";
mods = "Control|Shift";
key = "T";
}
];
colors = {
primary.background = "0x1e1e1e";
primary.foreground = "0xffffff";
};
general.import = [ "${pkgs.alacritty-theme}/tango_dark.toml" ];
};
# Alacritty seems to not communicate well with gnome-shell. Quick fix: # Alacritty seems to not communicate well with gnome-shell. Quick fix:
notify-fix = pkgs.runCommand "alacritty-fix" { } '' notify-fix = pkgs.runCommand "alacritty-fix" { } ''

17
modules/desktop/chromium.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
config = lib.mkIf (config.sconfig.desktop.enable) { config = lib.mkIf (config.sconfig.desktop.enable) {
environment.systemPackages = [ environment.systemPackages = [
@ -31,14 +26,8 @@
ShowFullUrlsInAddressBar = true; ShowFullUrlsInAddressBar = true;
SyncDisabled = true; # required for BrowsingDataLifetime SyncDisabled = true; # required for BrowsingDataLifetime
BrowsingDataLifetime = [ BrowsingDataLifetime = [
{ { data_types = [ "browsing_history" ]; time_to_live_in_hours = 24 * 7; }
data_types = [ "browsing_history" ]; { data_types = [ "download_history" ]; time_to_live_in_hours = 6; }
time_to_live_in_hours = 24 * 7;
}
{
data_types = [ "download_history" ];
time_to_live_in_hours = 6;
}
]; ];
}; };
}; };

7
modules/desktop/default.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.sconfig.desktop = { options.sconfig.desktop = {

49
modules/desktop/firefox.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
config = lib.mkIf (config.sconfig.desktop.enable) { config = lib.mkIf (config.sconfig.desktop.enable) {
environment.systemPackages = [ environment.systemPackages = [
@ -17,31 +12,25 @@
OfferToSaveLogins = false; OfferToSaveLogins = false;
DisableFormHistory = true; DisableFormHistory = true;
SearchSuggestEnabled = false; SearchSuggestEnabled = false;
Preferences = Preferences = builtins.mapAttrs
builtins.mapAttrs (n: v: { Value = v; Status = "locked"; })
(n: v: {
Value = v;
Status = "locked";
})
{
"accessibility.force_disabled" = 1;
"browser.aboutConfig.showWarning" = false;
"browser.contentblocking.category" = "strict";
"browser.tabs.firefox-view" = false;
"browser.uitour.enabled" = false;
"browser.zoom.siteSpecific" = false;
"extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.creditCards.enabled" = false;
"extensions.formautofill.heuristics.enabled" = false;
"network.IDN_show_punycode" = true;
"places.history.expiration.max_pages" = 2048;
"ui.key.menuAccessKeyFocuses" = false;
};
ExtensionSettings =
{ {
"*".installation_mode = "blocked"; "accessibility.force_disabled" = 1;
} "browser.aboutConfig.showWarning" = false;
// builtins.mapAttrs "browser.contentblocking.category" = "strict";
"browser.tabs.firefox-view" = false;
"browser.uitour.enabled" = false;
"browser.zoom.siteSpecific" = false;
"extensions.formautofill.addresses.enabled" = false;
"extensions.formautofill.creditCards.enabled" = false;
"extensions.formautofill.heuristics.enabled" = false;
"network.IDN_show_punycode" = true;
"places.history.expiration.max_pages" = 2048;
"ui.key.menuAccessKeyFocuses" = false;
};
ExtensionSettings =
{ "*".installation_mode = "blocked"; } //
builtins.mapAttrs
(n: v: { (n: v: {
installation_mode = "force_installed"; installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/${v}/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/${v}/latest.xpi";

12
modules/desktop/vscode.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
config = lib.mkIf (config.sconfig.desktop.enable) { config = lib.mkIf (config.sconfig.desktop.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -27,8 +22,9 @@
environment.etc."vscode-keybindings.json".source = ./vscode-keybindings.json; environment.etc."vscode-keybindings.json".source = ./vscode-keybindings.json;
environment.etc."vscode-settings.json".text = builtins.toJSON ( environment.etc."vscode-settings.json".text = builtins.toJSON (
(builtins.fromJSON (builtins.readFile ./vscode-settings.json)) (
// { builtins.fromJSON (builtins.readFile ./vscode-settings.json)
) // {
# NixOS-specific vscode settings: # NixOS-specific vscode settings:
"extensions.autoCheckUpdates" = false; "extensions.autoCheckUpdates" = false;
"extensions.autoUpdate" = false; "extensions.autoUpdate" = false;

63
modules/devtools.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
cfg = config.sconfig.devtools; cfg = config.sconfig.devtools;
in in
@ -11,35 +6,37 @@ in
options.sconfig.devtools.enable = lib.mkEnableOption "Development Tools"; options.sconfig.devtools.enable = lib.mkEnableOption "Development Tools";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
black [
cargo black
efm-langserver cargo
errcheck efm-langserver
go errcheck
gopls go
kubectl gopls
kubernetes-helm kubectl
lua-language-server kubernetes-helm
nil lua-language-server
nodePackages.prettier nil
nodePackages.typescript-language-server nodePackages.prettier
pyright nodePackages.typescript-language-server
rust-analyzer pyright
rustc rust-analyzer
rustc.llvmPackages.lld rustc
rustfmt rustc.llvmPackages.lld
stern rustfmt
terraform stern
terraform-ls terraform
vscode-langservers-extracted terraform-ls
yaml-language-server vscode-langservers-extracted
yaml-language-server
# dedicated script, because bash aliases dont work with `watch` # dedicated script, because bash aliases dont work with `watch`
(writeShellScriptBin "k" "exec kubectl \"$@\"") (writeShellScriptBin "k" "exec kubectl \"$@\"")
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ]) (google-cloud-sdk.withExtraComponents
]; [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
programs.bash.interactiveShellInit = '' programs.bash.interactiveShellInit = ''
alias t=terraform alias t=terraform
complete -C terraform t complete -C terraform t

7
modules/gnome.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
cfg = config.sconfig.gnome; cfg = config.sconfig.gnome;
in in

173
modules/helix/default.nix
View file

@ -4,115 +4,90 @@ let
exec prettier --stdin-filepath "$HX_FILE" exec prettier --stdin-filepath "$HX_FILE"
''; '';
prettier-formats = prettier-formats = map
map (name: {
(name: { inherit name;
inherit name; auto-format = true;
auto-format = true; indent = { tab-width = 4; unit = "\t"; };
indent = { formatter.command = hx-pretty;
tab-width = 4; })
unit = "\t"; [
}; "css"
formatter.command = hx-pretty; "html"
}) "javascript"
[ "json"
"css" "typescript"
"html" ];
"javascript"
"json"
"typescript"
];
in in
{ {
environment.etc."bck-helix/config.toml".source = (pkgs.formats.toml { }).generate "config.toml" { environment.etc."bck-helix/config.toml".source =
theme = "dark_plus"; (pkgs.formats.toml { }).generate "config.toml" {
editor = { theme = "dark_plus";
auto-format = true; editor = {
bufferline = "multiple"; auto-format = true;
indent-guides.render = true; bufferline = "multiple";
line-number = "relative"; indent-guides.render = true;
mouse = false; line-number = "relative";
scrolloff = 10; mouse = false;
true-color = true; scrolloff = 10;
true-color = true;
};
keys = {
normal.A-j = ":buffer-previous";
normal.A-k = ":buffer-next";
normal.space.e = ":w";
normal.space.x = ":q";
normal.space.backspace = ":reset-diff-change";
};
}; };
keys = {
normal.A-j = ":buffer-previous";
normal.A-k = ":buffer-next";
normal.space.e = ":w";
normal.space.x = ":q";
normal.space.backspace = ":reset-diff-change";
};
};
environment.etc."bck-helix/languages.toml".source = environment.etc."bck-helix/languages.toml".source =
(pkgs.formats.toml { }).generate "languages.toml" (pkgs.formats.toml { }).generate "languages.toml" {
{ language = prettier-formats ++ [
language = prettier-formats ++ [ {
{ name = "bash";
name = "bash"; auto-format = true;
auto-format = true; indent = { tab-width = 4; unit = "\t"; };
indent = { }
tab-width = 4; {
unit = "\t"; name = "lua";
}; auto-format = true;
} indent = { tab-width = 4; unit = "\t"; };
{ }
name = "lua"; {
auto-format = true; name = "nix";
indent = { auto-format = true;
tab-width = 4; formatter.command = "nixpkgs-fmt";
unit = "\t"; }
}; {
} name = "python";
{ auto-format = true;
name = "nix"; language-servers = [ "pyright" ];
auto-format = true; formatter = { command = "black"; args = [ "--quiet" "-" ]; };
formatter = { }
command = "nixfmt"; {
args = [ "--verify" ]; name = "yaml";
}; auto-format = true;
} formatter.command = hx-pretty;
{ }
name = "python"; ];
auto-format = true; language-server = {
language-servers = [ "pyright" ]; pyright = {
formatter = { command = "pyright-langserver";
command = "black"; args = [ "--stdio" ];
args = [
"--quiet"
"-"
];
};
}
{
name = "yaml";
auto-format = true;
formatter.command = hx-pretty;
}
];
language-server = {
pyright = {
command = "pyright-langserver";
args = [ "--stdio" ];
};
}; };
}; };
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(helix.overrideAttrs ( (helix.overrideAttrs ({ patches ? [ ], ... }: {
{ # Patch required for .editorconfig to work properly with formatters
patches ? [ ], patches = patches ++ [ ./format-filepath.patch ];
... postPatch = ''
}: sed 's/tab-width = .,/tab-width = 4,/' -i languages.toml
{ '';
# Patch required for .editorconfig to work properly with formatters }))
patches = patches ++ [ ./format-filepath.patch ];
postPatch = ''
sed 's/tab-width = .,/tab-width = 4,/' -i languages.toml
'';
}
))
]; ];
environment.etc."bck-settings.sh".text = '' environment.etc."bck-settings.sh".text = ''

7
modules/plasma.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
cfg = config.sconfig.plasma; cfg = config.sconfig.plasma;
in in

7
modules/security-tools.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
let let
cfg = config.sconfig.security-tools; cfg = config.sconfig.security-tools;

7
modules/swapspace.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
let let
cfg = config.sconfig.swapspace; cfg = config.sconfig.swapspace;
in in

7
modules/wg-home.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
let let
cfg = config.sconfig.wg-home; cfg = config.sconfig.wg-home;
in in

5
pkgs/bck-authorized-keys.nix
View file

@ -1,6 +1,5 @@
{ { lib
lib, , writeTextDir
writeTextDir,
}: }:
writeTextDir "authorized_keys" (lib.concatLines (import ../lib/ssh-keys.nix)) writeTextDir "authorized_keys" (lib.concatLines (import ../lib/ssh-keys.nix))

21
pkgs/bck-nvim/default.nix
View file

@ -1,17 +1,20 @@
{ { lib
lib, , extraBinPaths ? [ ]
extraBinPaths ? [ ], , neovim-unwrapped
neovim-unwrapped, , vimPlugins
vimPlugins, , wrapNeovim
wrapNeovim,
}: }:
let let
luafiles = lib.concatLines ( luafiles = lib.concatLines (map
map (x: "luafile ${./lua}/${x}") (builtins.attrNames (builtins.readDir ./lua)) (x: "luafile ${./lua}/${x}")
(builtins.attrNames (builtins.readDir ./lua))
); );
extraPath = lib.concatLines (map (p: "let $PATH .= ':${p}/bin'") (extraBinPaths)); extraPath = lib.concatLines (map
(p: "let $PATH .= ':${p}/bin'")
(extraBinPaths)
);
in in
wrapNeovim neovim-unwrapped { wrapNeovim neovim-unwrapped {

2
pkgs/bck-nvim/lua/5-lsp.lua
View file

@ -56,7 +56,7 @@ lspconfig.nil_ls.setup({
settings = { settings = {
['nil'] = { ['nil'] = {
formatting = { formatting = {
command = { "nixfmt", "--verify" }, command = { "nixpkgs-fmt" },
}, },
}, },
}, },

17
pkgs/binaryninja/default.nix
View file

@ -1,12 +1,11 @@
{ { stdenv
stdenv, , autoPatchelfHook
autoPatchelfHook, , libglvnd
libglvnd, , makeWrapper
makeWrapper, , python3
python3, , qt6
qt6, , requireFile
requireFile, , unzip
unzip,
}: }:
let let

7
pkgs/deploy/default.nix
View file

@ -1,7 +1,6 @@
{ { nixos-rebuild
nixos-rebuild, , python3
python3, , writeShellScriptBin
writeShellScriptBin,
}: }:
writeShellScriptBin "deploy" '' writeShellScriptBin "deploy" ''

49
pkgs/firecracker-vm/default.nix
View file

@ -1,39 +1,34 @@
{ { callPackage
callPackage, , firecracker
firecracker, , writeShellApplication
writeShellApplication, , writeText
writeText,
}: }:
let let
kernel = callPackage ./kernel.nix { }; kernel = callPackage ./kernel.nix { };
rootfs = callPackage ./rootfs.nix { }; rootfs = callPackage ./rootfs.nix { };
vmconfig = writeText "vmconfig.json" ( vmconfig = writeText "vmconfig.json" (builtins.toJSON {
builtins.toJSON { boot-source = {
boot-source = { kernel_image_path = "${kernel}/vmlinux";
kernel_image_path = "${kernel}/vmlinux"; boot_args = "panic=1 console=ttyS0 ro";
boot_args = "panic=1 console=ttyS0 ro"; };
}; drives = [
drives = [ {
{ drive_id = "rootfs";
drive_id = "rootfs"; path_on_host = rootfs;
path_on_host = rootfs; is_root_device = true;
is_root_device = true; is_read_only = true;
is_read_only = true; }
} ];
]; machine-config.vcpu_count = 2;
machine-config.vcpu_count = 2; machine-config.mem_size_mib = 1024;
machine-config.mem_size_mib = 1024; network-interfaces = [ ];
network-interfaces = [ ]; });
}
);
in in
writeShellApplication { writeShellApplication {
name = "firecracker-vm"; name = "firecracker-vm";
text = "${firecracker}/bin/firecracker --no-api --config-file ${vmconfig}"; text = "${firecracker}/bin/firecracker --no-api --config-file ${vmconfig}";
derivationArgs.passthru = { derivationArgs.passthru = { inherit kernel rootfs; };
inherit kernel rootfs;
};
} }

31
pkgs/firecracker-vm/kernel.nix
View file

@ -1,8 +1,7 @@
{ { fetchFromGitHub
fetchFromGitHub, , linuxManualConfig
linuxManualConfig, , linux_6_1
linux_6_1, , kernel ? linux_6_1
kernel ? linux_6_1,
}: }:
let let
@ -13,21 +12,23 @@ let
hash = "sha256-NuVH12cy38uu+8oms66p9k0xoMOJSl5AvY5pD1FCKkI="; hash = "sha256-NuVH12cy38uu+8oms66p9k0xoMOJSl5AvY5pD1FCKkI=";
}; };
shortVer = builtins.head (builtins.match "([0-9]+\.[0-9]+).*" kernel.version); shortVer = builtins.head (
builtins.match
"([0-9]+\.[0-9]+).*"
kernel.version
);
in in
(linuxManualConfig { (linuxManualConfig {
inherit (kernel) src version; inherit (kernel) src version;
configfile = "${fcsrc}/resources/guest_configs/microvm-kernel-ci-x86_64-${shortVer}.config"; configfile =
"${fcsrc}/resources/guest_configs/microvm-kernel-ci-x86_64-${shortVer}.config";
}).overrideAttrs }).overrideAttrs (o: {
(o: {
postInstall = postInstall = (o.postInstall or "") + ''
(o.postInstall or "") cp vmlinux $out/
+ '' '';
cp vmlinux $out/
'';
}) })

11
pkgs/firecracker-vm/rootfs.nix
View file

@ -1,9 +1,8 @@
{ { e2fsprogs
e2fsprogs, , pkgsStatic
pkgsStatic, , runCommand
runCommand, , util-linux
util-linux, , writeShellScript
writeShellScript,
}: }:
let let

11
pkgs/ftb.nix
View file

@ -1,9 +1,8 @@
{ { lib
lib, , dpkg
dpkg, , fetchurl
fetchurl, , stdenv
stdenv, , steam-run
steam-run,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {

20
pkgs/mp4grep.nix
View file

@ -1,12 +1,11 @@
{ { stdenv
stdenv, , autoPatchelfHook
autoPatchelfHook, , fetchFromGitHub
fetchFromGitHub, , fetchzip
fetchzip, , gcc-unwrapped
gcc-unwrapped, , makeWrapper
makeWrapper, , ocamlPackages
ocamlPackages, , model ? "small"
model ? "small",
}: }:
let let
@ -31,7 +30,8 @@ let
''; '';
in in
stdenv.mkDerivation rec { stdenv.mkDerivation rec
{
pname = "mp4grep"; pname = "mp4grep";
version = "0.1.4"; version = "0.1.4";

25
pkgs/weevely.nix
View file

@ -1,9 +1,4 @@
{ { stdenv, python3, fetchFromGitHub, makeWrapper }:
stdenv,
python3,
fetchFromGitHub,
makeWrapper,
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "weevely"; pname = "weevely";
@ -16,16 +11,14 @@ stdenv.mkDerivation rec {
sha256 = "0sgjf7ihgipb33k73d84dcx7snv2fvbzyd0f4468k1w5w6zqm9xj"; sha256 = "0sgjf7ihgipb33k73d84dcx7snv2fvbzyd0f4468k1w5w6zqm9xj";
}; };
pythonWithPkgs = python3.withPackages ( pythonWithPkgs = python3.withPackages (ps: with ps; [
ps: with ps; [ Mako
Mako prettytable
prettytable pyopenssl
pyopenssl pysocks
pysocks python-dateutil
python-dateutil pyyaml
pyyaml ]);
]
);
buildInputs = [ makeWrapper ]; buildInputs = [ makeWrapper ];