Compare commits

...

6 Commits

8 changed files with 156 additions and 38 deletions

View File

@ -35,6 +35,61 @@
# lib = (import ../lib { inherit pkgs; lib = pkgs.lib; });
base = import ./base;
inherit (base) mkModuleArgs;
private_chromium = {config, pkgs, lib, ...}: let cfg = config.base.private_chromium;
in {
options.base.private_chromium = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = ''
Enable extremely lightweight chromium with vimium plugin
'';
};
};
config = lib.mkIf cfg.enable {
# home.packages = [pkgs.ungoogled-chromium];
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions =
let
mkChromiumExtForVersion = browserVersion: {id, sha256, extVersion,...}:
{
inherit id;
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx"+
"?response=redirect"+
"&acceptformat=crx2,crx3"+
"&prodversion=${browserVersion}"+
"&x=id%3D${id}%26installsource%3Dondemand%26uc";
name = "${id}.crx";
inherit sha256;
};
version = extVersion;
};
mkChromiumExt = mkChromiumExtForVersion (lib.versions.major pkgs.ungoogled-chromium.version);
in
[
# vimium
(mkChromiumExt {
id = "dbepggeogbaibhgnhhndojpepiihcmeb";
sha256 = "00qhbs41gx71q026xaflgwzzridfw1sx3i9yah45cyawv8q7ziic";
extVersion = "1.67.4";
})
];
};
};
};
kde_module = {config, pkgs, ...}: {
fonts.fontconfig.enable = true;
home.packages = [
(pkgs.nerdfonts.override {fonts = ["DroidSansMono"];})
];
# For some reasons, Windows es in the font name as DroidSansMono NF
# so we need to override this
base.alacritty.font.family = "DroidSansMono Nerd Font";
};
in
{
homeConfigurations =
@ -61,6 +116,24 @@
};
};
};
"hungtr@bao" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = base.modules ++ [
./home.nix
kde_module
private_chromium
];
# optionally pass inarguments to module
# we migrate this from in-place modules to allow flexibility
# in this case, we can add "home" to input arglist of home.nix
extraSpecialArgs = mkModuleArgs {
inherit pkgs;
myHome = {
username = "hungtr";
homeDirectory = "/home/hungtr";
};
};
};
"nixos@Felia" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [

View File

@ -57,6 +57,9 @@ in
# pkgs.nixops_unstable # nixops v2 # insecure for now
pkgs.lynx # Web browser at your local terminal
# Personal management
pkgs.keepass
# pkgs.tailscale # VPC;; This should be installed in system-nix
pkgs.python310 # dev packages should be in project
# pkgs.python310.numpy
@ -88,4 +91,7 @@ in
# https://github.com/nix-community/home-manager/pull/3287
# extraConfig = builtins.readFile "${proj_root}/neovim/init.lua";
};
# not exist in home-manager
# have to do it at system level
# services.ntp.enable = true; # automatic time
}

View File

@ -29,7 +29,7 @@ with lib;
isNormalUser = true;
home = "/home/hungtr";
description = "pegasust/hungtr";
extraGroups = [ "wheel" "networkmanager" ];
extraGroups = [ "wheel" "networkmanager" "audio"];
};
users.users.root = {
# openssh runs in root, no? This is because port < 1024 requires root.
@ -61,6 +61,7 @@ with lib;
# inherit services;
services = lib.recursiveUpdate _services {
tailscale.enable = true;
ntp.enable = true;
};
# create a oneshot job to authenticate to Tailscale
systemd.services.tailscale-autoconnect = {

View File

@ -184,7 +184,17 @@
specialArgs.hostname = "bao";
modules = [
./configuration.nix
# automount using s3fs
({config, pkgs, lib, ...}: {
environment.systemPackages = [pkgs.s3fs]; # s3fs-fuse
# Sadly, this uses systemd, so we can't put it in home-manager yet
# WIP
# services.autofs = {
# enable = true;
# autoMaster =
# };
})
# GPU, sound, networking stuffs
({ config, pkgs, lib, ... }:
let
gpu_pkgs = [ pkgs.clinfo pkgs.lshw pkgs.glxinfo pkgs.pciutils ];
@ -194,8 +204,7 @@
enable = true;
extraPackages = let
inherit (pkgs) rocm-opencl-icd rocm-opencl-runtime;
in
[rocm-opencl-icd rocm-opencl-runtime];
in [rocm-opencl-icd rocm-opencl-runtime];
# Vulkan
driSupport = true;
driSupport32Bit = true;
@ -217,13 +226,7 @@
};
systemPackages = [] ++ gpu_pkgs;
in
lib.recursiveUpdate gpu_conf (lib.recursiveUpdate nv_rtx3060
{
imports =
[ # Include the results of the hardware scan.
./profiles/bao/hardware-configuration.nix
];
lib.recursiveUpdate gpu_conf (lib.recursiveUpdate nv_rtx3060 {
# Use UEFI
boot.loader.systemd-boot.enable = true;
@ -234,11 +237,11 @@
# Enable the X11 windowing system.
services.xserver.enable = true;
# KDE & Plasma 5
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
time.timeZone = "America/Phoenix";
# Configure keymap in X11
services.xserver.layout = "us";
# services.xserver.xkbOptions = {
@ -249,9 +252,28 @@
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# Enable sound. (pulse audio)
sound.enable = true;
programs.dconf.enable = true;
hardware.pulseaudio.enable = true;
hardware.pulseaudio.support32Bit = true;
nixpkgs.config.pulseaudio = true;
hardware.pulseaudio.extraConfig = "load-module module-combine-sink";
# Sound: pipewire
# sound.enable = false;
# hardware.pulseaudio.enable = false;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# # Might want to use JACK in the future
# jack.enable = true;
# };
#
# security.rtkit.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
@ -268,7 +290,7 @@
# Just an initial user to get this started lol
users.users.user = {
initialPassword = "pw123";
extraGroups = [ "wheel" "networkmanager" ];
extraGroups = [ "wheel" "networkmanager" "audio"];
isNormalUser = true;
};
@ -310,7 +332,6 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}))
];
};

View File

@ -30,6 +30,20 @@ if [ ! -f "${HARDWARE_CONF}" ]; then
fi
git add "${HARDWARE_CONF}"
# Copy ssh/id-rsa details onto ssh/authorized_keys
SSH_PRIV="${HOME}/.ssh/id_rsa"
SSH_PUB="${SSH_PRIV}.pub"
SSH_DIR="${SCRIPT_DIR}/../ssh"
if [ ! -f "${SSH_PRIV}" ]; then
ssh-keygen -b 2048 -t rsa -f "${SSH_PRIV}" -q -N ""
fi
# idempotently adds to authorized_keys
cat "${SSH_PUB}" >> "${SSH_DIR}/authorized_keys"
# If we do this, then uniq is performed first :?
# sort "${SSH_DIR}/authorized_keys" | uniq >"${SSH_DIR}/authorized_keys"
sort "${SSH_DIR}/authorized_keys" | uniq | tee "${SSH_DIR}/authorized_keys"
cat "${SSH_DIR}/authorized_keys"
echo "Apply nixos-rebuild"
sudo nixos-rebuild switch --flake "${SYSNIX_DIR}#${HOSTNAME}"

View File

@ -1,7 +1,6 @@
#!/usr/bin/env sh
# NOTE: Untested on case of no home-manager
set -xv
# Where this script located
SCRIPT_DIR=$(realpath $(dirname $0))
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
@ -13,7 +12,7 @@ HOME_MANAGER_DIR="${SCRIPT_DIR}/../nix-conf/home-manager"
if [ $(home-manager >/dev/null 2>&1) ]; then
nix-shell -p home-manager --run "home-manager switch --flake $HOME_MANAGER_DIR"
else
home-manager switch --flake "$HOME_MANAGER_DIR"
home-manager switch -b backup --flake "$HOME_MANAGER_DIR"
fi

3
scripts/list-generations.sh Executable file
View File

@ -0,0 +1,3 @@
#!/usr/bin/env sh
sudo nix-env --list-generations --profile /nix/var/nix/profiles/system

View File

@ -1,6 +1,7 @@
sh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgmng5xL/auvI2F8ufFAfId2Ey55ONHjgnKKSEWLVWkPMutXT3BCnSglNAuEVRLX2zfzg3beQd80AHTow+qro5QWI/rYfeL1QPNEwoThbRFcvtWLTlgzBGA4ejjpIF9sCPNp0sXrrQRfxRP7w4b23BcRJQcsDoaEtKGKJZ2GQIoOafkYypwcunANb54EAouZTfHEPKDr26Gfw8usc2Sae32G/80QLBF2jGabyexJjNE3F6hdJTwq5iiqIVdSr4ue82zo3M8jBdtCMDGaOliI5RWSa9iuX9o2scCGDU69Gkw7ma+JHOP/e9Z8sUz03TkjPbEnGi3EC3YAHEoDzmwqTi07hppCuzacLB5NZ9UZ1g5PzBIZR8TJTONngT08EQyGrkNv2sUnn0dtBqve5tHR04NuXy65ym7Iwl2DDVbAL0NlM4gKWzOGZ2CnSLT0WmkG2sQKU37NmS2pBJ8RXJBatUFe4vQVzqlFj39iRGIBV5XR0I9xcxDfCxBHFs3aIqAqE= hwtr@hwtr-prince
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAW4E8L/zGkcqixJo1102ddqeexoBMHIhXRXpWR3dTmJtbaaVbo4+rHRsjHPvHif9CRfi+BQ8CHG3zmBjH7DZPZIRCVtkms1EDe1k/G3fEnfgYc6gboJfoTdLkVjNOtdStTi03dCA/riQqUKc7/v16R5ZXIAmNCnmMHelObCSDPzYg8psZAUk1ZZY//pnhp9JRPsC2JxsshN7HCNIED9aFgrJkvUt+wUVGjVHzyQwyR6J7m1yyoivTwdmYdulG7OriLeeNq8vkoDmLGgLSC+zKehzJYOZsH3EKuxuZjQ3J9tK/NseQOhsQglRHE/OvphMwT/J96gl9dZR/LQXp4S6hwLccTzFfs8rLaTOIK6CEpqBUuBonot/1vJP5j5E73hfkHwZO7TQKwfXtpRCxCl5Nm3cB2Y3kz5mArDiwWioVsX4qd0XR0F9MFtuTVTn2f4K/Gwr9P3XMkLWXU1+1KbQiWIg+Zf5DpQgBW5HWryZzsMcjyMC2I2BJCl6Q+V8ofSM= nixos@Felia
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD49VHCU8S6zqNsaS0SFiVqULmOWtyVOIeteYSOznzTHJ0dVjXnamuj/uVsSXRkYIIdAkABWQm9WKELUC2SBBE7DgDj+Izv3cO7QkAJ9v1cxV1P1efrTytz8XtyX++XYygxXCwZ5zyqxhSF5ZW+FO0CNRx1cNisAhF6AMzoXRsyF1dqNioitXTN0xh0xx2mR0Bb3zy1kYNZVwn1uBYyd4Hz6CBgJ7Xi6d/STXWcmc0XnEJTllNSQNEpI6vJjL62JmUPubqDjVKh4awiPRPiw9By1FGaGVtHhOZ+8AvVMTps07GNVJ+XZi1DJLmeItpiCwYsWh96HCp3lup0onLzubpP pi@raspberrypi
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClSDhyOeehUOIMdRonTDD9h7kBbzC3c/QG650S7vfhLE67UNt5tuUjazQg7pFj3O/5WnyqCpBOMJoPaSZ0S5gGdo4h4xatPUBAGDjMygKhg4VA0x7Lr3Tbc1CF8dyuRKVlB+aIWLIyLHHPL5wDao7tnvmuCGKDyaV8XFaKpzRZqAlpfn8svR90Y4wNFYr1V+F+Y6r8reB1Rph6A9BY4niDKY0MbFhvTj6VJQf++1ji0FziACVpYI9aqAcZ4ngReUtgWiIsnq5UMfrEk0vYBG/3KsYElaRig76Bucz1fBA16iAgQua1hthPifsw8vmaK5k6Q3c2SOdc5PGF6IlTfSGJ root@Fel
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Z5noQn3mHy5yiN3n6YyOKRhlQT6fx4NLmI/3d4vY6 root@Fel
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClSDhyOeehUOIMdRonTDD9h7kBbzC3c/QG650S7vfhLE67UNt5tuUjazQg7pFj3O/5WnyqCpBOMJoPaSZ0S5gGdo4h4xatPUBAGDjMygKhg4VA0x7Lr3Tbc1CF8dyuRKVlB+aIWLIyLHHPL5wDao7tnvmuCGKDyaV8XFaKpzRZqAlpfn8svR90Y4wNFYr1V+F+Y6r8reB1Rph6A9BY4niDKY0MbFhvTj6VJQf++1ji0FziACVpYI9aqAcZ4ngReUtgWiIsnq5UMfrEk0vYBG/3KsYElaRig76Bucz1fBA16iAgQua1hthPifsw8vmaK5k6Q3c2SOdc5PGF6IlTfSGJ root@Fel
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD49VHCU8S6zqNsaS0SFiVqULmOWtyVOIeteYSOznzTHJ0dVjXnamuj/uVsSXRkYIIdAkABWQm9WKELUC2SBBE7DgDj+Izv3cO7QkAJ9v1cxV1P1efrTytz8XtyX++XYygxXCwZ5zyqxhSF5ZW+FO0CNRx1cNisAhF6AMzoXRsyF1dqNioitXTN0xh0xx2mR0Bb3zy1kYNZVwn1uBYyd4Hz6CBgJ7Xi6d/STXWcmc0XnEJTllNSQNEpI6vJjL62JmUPubqDjVKh4awiPRPiw9By1FGaGVtHhOZ+8AvVMTps07GNVJ+XZi1DJLmeItpiCwYsWh96HCp3lup0onLzubpP pi@raspberrypi
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFQN5Ia8rTalnQgcvdxH2n7UNNT1Tq9UvNdJeg9ziJtUkKaC6H4NM4ArOEZ60izANOQX1crAD8hmBmz1Go8/4P3VXTYlTb7eDyZqLyncOe/shBXeVVLxJWzhEj60RTgecnmNYdtRAm+9INbPW/Bvcj8U2KyaykIXZGdjIuZ7TPruHjITxZYR+dkDOoVkJuYJMdYzxyHZpylPh+HjgDDvUG3oNJtj4ri5JKwLAMyq5t5S1JcLx4rXivrKREizUMMG8LzWSfjeByTzF8+lHtUdP94ygG02v/6Jod/g6taUQS9Yu+NDFqkKjRH3H9jgyd/DVGsRw5akBWbR81DATtTprx ssh-key-2022-12-15
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/UzKwmFsAlLoCXvOq2lsC1sr1BRDW5uPkdcYUfQ7z4JowL/pscoTV9zjfJd1hPBvHLBvn7gs7gWt0wNnJfD1Oor26VreHjhi1PZE2kovrEzjmPoz+GqMPciV+HF9XNIRwDiHlUNFPt9qJjAJXJCFhzcmT9q0JQuPlNgJtQ6+By7RgPuJczpf17IbxpheLcXqtOFcTHyRT01KijIPhAtWRlmG5dahVuu50EfpmHRYZ8nCJJqkuJ6uRbFaPE6mYLnXLSzJUdyakYnzWbCd5phpoGAuFyQZnS503CFZUOFCnNEN8QfO2DXihp7lvrzzpI6PgcpvpotSo9kYFiEuB+DRlBQcVMWL0lUk2J1JHJH83y3CxwH0pUc7E1k6FAZE4pv4x0KEvbZSvmb8jAGWZkn4HvZCwXR5wGVi22s6RCdIHvR2PCpAy+ZSjpM+2FJIqDHpxY/vo3ktM9rpeCSwp14F/iiw6nanVq/KZBpCZ2paMcAU4WreCFZiPdGsdiixYlts= hungtr@bao
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAW4E8L/zGkcqixJo1102ddqeexoBMHIhXRXpWR3dTmJtbaaVbo4+rHRsjHPvHif9CRfi+BQ8CHG3zmBjH7DZPZIRCVtkms1EDe1k/G3fEnfgYc6gboJfoTdLkVjNOtdStTi03dCA/riQqUKc7/v16R5ZXIAmNCnmMHelObCSDPzYg8psZAUk1ZZY//pnhp9JRPsC2JxsshN7HCNIED9aFgrJkvUt+wUVGjVHzyQwyR6J7m1yyoivTwdmYdulG7OriLeeNq8vkoDmLGgLSC+zKehzJYOZsH3EKuxuZjQ3J9tK/NseQOhsQglRHE/OvphMwT/J96gl9dZR/LQXp4S6hwLccTzFfs8rLaTOIK6CEpqBUuBonot/1vJP5j5E73hfkHwZO7TQKwfXtpRCxCl5Nm3cB2Y3kz5mArDiwWioVsX4qd0XR0F9MFtuTVTn2f4K/Gwr9P3XMkLWXU1+1KbQiWIg+Zf5DpQgBW5HWryZzsMcjyMC2I2BJCl6Q+V8ofSM= nixos@Felia