pegasust
/
dotfiles
1
0
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

Compare commits

base: pegasust:b22ef28604bc3556a9d2c82a0fc7feb26ba26fa8
Branches Tags
pegasust:bleed
pegasust:telescope-reuse-window
pegasust:lean
pegasust:try-kitty
pegasust:bare
pegasust:master
pegasust:std
pegasust:top-level-wip
pegasust:top-level-wip-bao
pegasust:top-level-nix
pegasust:lazy-refac
pegasust:nix-refac
pegasust:nix-rearch
pegasust:nix-components
pegasust:yaml
pegasust:consolidate-nix
pegasust:fix-pylsp
pegasust:mason-deno-fix
pegasust:archive/test-hm
pegasust:archive/plugins-need-update
pegasust:archive/boost
..
compare: pegasust:1cab6d34300ef591ee5d51ca584925540e69f1c2
Branches Tags
pegasust:bleed
pegasust:telescope-reuse-window
pegasust:lean
pegasust:try-kitty
pegasust:bare
pegasust:master
pegasust:std
pegasust:top-level-wip
pegasust:top-level-wip-bao
pegasust:top-level-nix
pegasust:lazy-refac
pegasust:nix-refac
pegasust:nix-rearch
pegasust:nix-components
pegasust:yaml
pegasust:consolidate-nix
pegasust:fix-pylsp
pegasust:mason-deno-fix
pegasust:archive/test-hm
pegasust:archive/plugins-need-update
pegasust:archive/boost

No commits in common. "b22ef28604bc3556a9d2c82a0fc7feb26ba26fa8" and "1cab6d34300ef591ee5d51ca584925540e69f1c2" have entirely different histories.
b22ef28604 ... 1cab6d3430

51 changed files with 108 additions and 993 deletions
Show Stats Expand all files Collapse all files

18
flake.lock
View File

@ -89,11 +89,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1671966569,
"narHash": "sha256-jbLgfSnmLchARBNFRvCic63CFQ9LAyvlXnBpc2kwjQc=",
"lastModified": 1671958483,
"narHash": "sha256-wX+VBdHwrpW654PzmM4efiPdUDI8da8TGZeQt/zYP40=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c55fa26ce05fee8e063db22918d05a73d430b2ea",
"rev": "939731b8cb75fb451170cb8f935186a6a7424444",
"type": "github"
},
"original": {
@ -138,11 +138,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1671983799,
"narHash": "sha256-Z2Ro6hFPZHkBqkVXY5/aBUzxi5xizQGvuHQ9+T5B/ks=",
"lastModified": 1671722432,
"narHash": "sha256-ojcZUekIQeOZkHHzR81st7qxX99dB1Eaaq6PU5MNeKc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fad51abd42ca17a60fc1d4cb9382e2d79ae31836",
"rev": "652e92b8064949a11bc193b90b74cb727f2a1405",
"type": "github"
},
"original": {
@ -184,11 +184,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1672107670,
"narHash": "sha256-m4kP+8k46JwSXYDugykIVvRyoNofZDG7atjbi5+sLoU=",
"lastModified": 1671935094,
"narHash": "sha256-fWEkH5550R6q6+CeG/317g9ywE/ZhW/4zuCjTaDsHe8=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f4827ef0518463f31a52ab2e5c500c80558fdd78",
"rev": "fd2740316bacb3e0106381c325e0bb90d6790aeb",
"type": "github"
},
"original": {

41
flake.nix
View File

@ -40,20 +40,9 @@
inherit system;
# NOTE: this will only read files that are within git tree
# all secrets should go into secrets.nix and secrets/*.age
proj_root = let
path = builtins.toString ./.;
in {
inherit path;
configs.path = "${path}/native-configs";
scripts.path = "${path}/scripts";
secrets.path = "${path}/secrets";
testdata.path = "${path}/tests";
modules.path = "${path}/modules";
hosts.path = "${path}/hosts";
users.path = "${path}/users";
};
proj_root = builtins.toString ./.;
} _inputs);
inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs; lib = pkgs.lib;} inputs);
inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs;} inputs);
lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib;
# update inputs with our library and past onto our end configurations
@ -62,34 +51,10 @@
hosts = (import ./hosts inputs_w_lib);
users = (import ./users inputs_w_lib);
# {nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
# ,pkgs, lib (extended), proj_root}
final_inputs = inputs_w_lib;
# Tests: unit + integration
unit_tests = (import ./lib/test.nix final_inputs) //
{
test_example = {
expr = "names must start with 'test'";
expected = "or won't show up";
};
not_show = {
expr = "this will be ignored by lib.runTests";
expected = "for sure";
};
};
in {
inherit (hosts) nixosConfigurations;
# inherit (hosts) nixosConfigurations;
# inherit (users) homeConfigurations;
inherit lib;
devShell."${system}" = import ./dev-shell.nix final_inputs;
templates = import ./templates final_inputs;
unit_tests = lib.runTests unit_tests;
secrets = import ./secrets final_inputs;
debug = {
inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests;
};
};
}

80
hosts/Felia/hardware-configuration.nix
View File

@ -1,80 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
## NOTE: These filesystems are mounted by a wrapper script from nix-wsl
# fileSystems."/" =
# {
# device = "/dev/sdc";
# fsType = "ext4";
# };
#
# fileSystems."/mnt/wsl" =
# {
# device = "tmpfs";
# fsType = "tmpfs";
# };
#
# fileSystems."/mnt/wsl/docker-desktop/shared-sockets/guest-services" =
# {
# device = "none";
# fsType = "tmpfs";
# };
#
# fileSystems."/usr/lib/wsl/drivers" =
# {
# device = "drivers";
# fsType = "drvfs";
# };
#
# fileSystems."/usr/lib/wsl/lib" =
# {
# device = "lib";
# fsType = "drvfs";
# };
fileSystems."/mnt/c" =
{
device = "C:";
fsType = "drvfs";
};
fileSystems."/mnt/d" =
{
device = "D:";
fsType = "drvfs";
};
fileSystems."/mnt/f" =
{
device = "F:";
fsType = "drvfs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.bond0.useDHCP = lib.mkDefault true;
# networking.interfaces.bonding_masters.useDHCP = lib.mkDefault true;
# networking.interfaces.dummy0.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.sit0.useDHCP = lib.mkDefault true;
# networking.interfaces.tunl0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

5
hosts/bao/default.nix
View File

@ -1,5 +0,0 @@
{nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
,pkgs, lib, proj_root}: {
}

41
hosts/bao/hardware-configuration.nix
View File

@ -1,41 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
# boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" "coretemp"];
boot.extraModulePackages = [ ];
fileSystems."/" =
# Might be wise to use /dev/nvme0p1 instead
{ device = "/dev/disk/by-uuid/27fc09b3-e3b7-4883-94a0-c313a0e0abe2";
fsType = "ext4";
};
fileSystems."/boot" =
# Might be wise to use /dev/nvme0p2 instead
{ device = "/dev/disk/by-uuid/EBA6-394D";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

64
hosts/default.nix
View File

@ -1,64 +0,0 @@
{nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
,pkgs, lib, proj_root, nixosDefaultVersion? "22.05", defaultSystem? "x86_64-linux",...}@finalInputs: let
config = {
bao.metadata = {
# req
hostName = "bao";
# opts
ssh_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs";
nixosVersion = "22.11";
system = "x86_64-linux";
preset = "base";
};
bao.nixosConfig = {
modules = [
import ../modules/kde.sys.nix
import ../modules/pulseaudio.sys.nix
import ../modules/storage.perso.sys.nix
];
};
};
propagate = hostConfig@{metadata, nixosConfig}: let
# req
inherit (metadata) hostName;
# opts
ssh_pubkey = lib.attrByPath ["ssh_pubkey"] null metadata; # metadata.ssh_pubkey??undefined
users = lib.attrByPath ["users"] {} metadata;
nixosVersion = lib.attrByPath ["nixosVersion"] nixosDefaultVersion metadata;
system = lib.attrByPath ["system"] defaultSystem metadata;
preset = lib.attrByPath ["preset"] "base" metadata;
# infer
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
in {
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
nixosConfig = nixosConfig // {
inherit system;
lib = finalInputs.lib;
modules = [
{
system.stateVersion = nixosVersion;
networking.hostName = hostName;
users.users = users;
}
{
_module.args = finalInputs;
}
import "${proj_root.modules.path}/secrets.nix"
import "${proj_root.modules.path}/${preset}.sys.nix"
] ++ nixosConfig.modules;
};
};
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
trimNull = lib.filterAttrs (name: value: value != null);
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
in {
inherit config;
# nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
nixosConfigurations = {};
debug = {
propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config;
};
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
hostKeys = trimNull (flattenPubkey config);
}

43
hosts/homeless/hardware-configuration.nix
View File

@ -1,43 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/sda";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/sdb"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

42
hosts/lester/hardware-configuration.nix
View File

@ -1,42 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/sda";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/sdb"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
hosts/lizzi/default.nix
View File

@ -1,4 +0,0 @@
{nixpkgs, agenix, home-manager, flake-utils, nixgl, rust-overlay, flake-compat
,pkgs, lib, proj_root}: {
}

49
hosts/lizzi/hardware-configuration.nix
View File

@ -1,49 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial;
terminal_output serial
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems = {
"/" = {
device = "/dev/sda";
fsType = "ext4";
};
# Assume Linode volume "gitea" exists, mount it to '/gitea"'
"/gitea" = {
device = "/dev/disk/by-id/scsi-0Linode_Volume_gitea";
fsType = "ext4";
};
};
swapDevices =
[{ device = "/dev/sdb"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

42
hosts/nyx/hardware-configuration.nix
View File

@ -1,42 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelParams = ["console=ttyS0,19200n8"];
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial;
terminal_output serial;
'';
boot.loader.grub.forceInstall = true;
boot.loader.grub.device = "nodev";
boot.loader.timeout = 10;
fileSystems."/" =
{ device = "/dev/sda";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/sdb"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s5.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

0
hosts/prince/hardware-configuration.nix
View File

49
lib/default.nix
View File

@ -1,12 +1,11 @@
{pkgs
,nixpkgs
,proj_root
,agenix
,nixosDefaultVersion? "22.05"
,defaultSystem? "x86_64-linux"
,defaultSystem? "x86_64-linux";
,...}@inputs: let
lib = pkgs.lib;
serde = import ./serde.nix inputs // {inherit lib;};
# procedure =
in {
# short-hand to create a shell derivation
@ -18,31 +17,21 @@ in {
) {});
# Configures hosts as nixosConfiguration
# mkHost = {hostName
# , nixosBareConfiguration
# , finalInputs
# , users ? {}
# , nixosVersion? nixosDefaultVersion
# , system? defaultSystem
# , preset? "base"}: # base | minimal
# let
# hardwareConfig = hostname: import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
# in nixpkgs.lib.nixosSystem (nixosBareConfiguration // {
# inherit system;
# modules = [
# {
# system.stateVersion = nixosVersion;
# networking.hostName = hostName;
# users.users = users;
# }
# {
# _module.args = finalInputs;
# }
# import "${proj_root.modules.path}/secrets.nix"
# import "${proj_root.modules.path}/${preset}.sys.nix"
# ] ++ nixosBareConfiguration.modules;
# lib = finalInputs.lib;
# });
inherit serde;
inherit (serde) fromYaml fromYamlPath;
# [host_T] -> {host_T[int].hostName = type (nixpkgs.lib.nixosConfiguration);}
mkHost = {hostName
, nixosBareConfiguration
, nixosVersion? nixosDefaultVersion
, system? defaultSystem
, preset? "base"}: # base | minimal
nixpkgs.lib.nixosSystem (nixosBareConfiguration // {
inherit system;
modules = [
{
system.stateVersion = nixosVersion;
networking.hostName = hostName;
}
import "${proj_root}/modules/base.nix"
import "${proj_root}/modules/tailscale.sys.nix"
] ++ nixosBareConfiguration.modules;
});
}

29
lib/serde.nix
View File

@ -1,29 +0,0 @@
# Takes care of serializing and deserializing to some formats
# Blame: Pegasust<pegasucksgg@gmail.com>
# TODO: Add to* formats from pkgs.formats.*
{ pkgs
, lib
,...
} @ inputs:
let
yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage
({ runCommand }:
# runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33
runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; }
# run yq which outputs '.' (no filter) on file at yamlPath
# note that $out is passed onto the bash/sh script for execution
''
echo "$yamlContent" | yq >$out
'')
{ };
in {
# Takes in a yaml string and produces a derivation with translated JSON at $outputPath
# similar to builtins.fromJSON, turns a YAML string to nix attrset
fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json"));
fromYamlPath = yamlPath: builtins.fromJSON (
builtins.readFile (
yamlToJsonDrv (
builtins.readFile yamlPath)
"any-output.json"));
# TODO: fromToml?
}

3
lib/test.nix
View File

@ -1,3 +0,0 @@
{lib,...}: {
}

4
modules/base.sys.nix
View File

@ -6,9 +6,5 @@
./minimal.sys.nix
./mosh.sys.nix
./tailscale.sys.nix
./ssh.sys.nix
];
environment.systemPackages = [pkgs.lm_sensors];
time.timeZone = "America/Phoenix";
}

29
modules/kde.sys.nix
View File

@ -1,27 +1,8 @@
{ pkgs
, lib
{pkgs
,lib
,config
,proj_root
,agenix
}: {
environment.noXlibs = lib.mkForce false;
# TODO: wireless networking
# Enable the X11 windowing system.
services.xserver.enable = true;
# KDE & Plasma 5
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5 = {
enable = true;
excludePackages = let plasma5 = pkgs.libsForQt5; in
[
plasma5.elisa # audio viewer
plasma5.konsole # I use alacritty instaed
plasma5.plasma-browser-integration
plasma5.print-manager # will enable if I need
plasma5.khelpcenter # why not just write manpages instead :(
# plasma5.ksshaskpass # pls just put prompts on my dear terminal
];
};
# disables KDE's setting of askpassword
programs.ssh.askPassword = "";
programs.ssh.enableAskPassword = false;
}

15
modules/pipewire.audio.sys.nix
View File

@ -1,15 +0,0 @@
{
# Sound: pipewire
sound.enable = false;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# Might want to use JACK in the future
jack.enable = true;
};
security.rtkit.enable = true;
}

9
modules/pulseaudio.sys.nix
View File

@ -1,9 +0,0 @@
{
# Enable sound. (pulse audio)
sound.enable = true;
programs.dconf.enable = true;
hardware.pulseaudio.enable = true;
hardware.pulseaudio.support32Bit = true;
nixpkgs.config.pulseaudio = true;
hardware.pulseaudio.extraConfig = "load-module module-combine-sink";
}

9
modules/secrets.nix
View File

@ -1,19 +1,16 @@
{agenix
,proj_root}: {
imports = [
agenix.nixosModule
];
age.secrets.s3fs = {
file = "${proj_root.secrets.path}/s3fs.age";
file = "${proj_root}/secrets/s3fs.age";
# mode = "600"; # owner + group only
# owner = "hungtr";
# group = "users";
};
age.secrets."s3fs.digital-garden" = {
file = "${proj_root.secrets.path}/s3fs.digital-garden.age";
file = "${proj_root}/secrets/s3fs.digital-garden.age";
};
age.secrets._nhitrl_cred = {
file = "${proj_root.secrets.path}/_nhitrl.age";
file = "${proj_root}/secrets/_nhitrl.age";
};
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
}

6
modules/ssh.sys.nix
View File

@ -1,6 +0,0 @@
{
services.openssh = {
enable = true;
permitRootLogin = false;
};
}

110
modules/storage.perso.sys.nix
View File

@ -1,110 +0,0 @@
# Personal configuration on storage solution
{ pkgs, config, lib }: {
environment.systemPackages = [
pkgs.s3fs
pkgs.cifs-utils
];
# Sadly, autofs uses systemd, so we can't put it in home-manager
# HACK: need to store secret somewhere so that root can access this
# because autofs may run as root for now, we enforce putting the secret in this monorepo
# TODO: make this configuration nix-less to show that it's 100% data
services.autofs =
let
# confToBackendArg {lol="what"; empty=""; name_only=null;} -> "lol=what,empty=,name_only"
# TODO: change null -> true/false. This allows overriding & better self-documentation
confToBackendArg = conf: (lib.concatStringsSep ","
(lib.mapAttrsToList (name: value: "${name}${lib.optionalString (value != null) "=${value}"}") conf));
# mount_dest: path ("wow")
# backend_args: nix attrs representing the arguments to be passed to s3fs
# ({"-fstype" = "fuse"; "use_cache" = "/tmp";})
# bucket: bucket name (hungtr-hot)
# NOTE: s3 custom provider will be provided inside
# backend_args, so just put the bucket name here
#
#-> "${mount_dest} ${formatted_args} ${s3fs-bin}#${bucket}"
autofs-s3fs_entry =
{ mount_dest
, backend_args ? { "-fstype" = "fuse"; }
, bucket
}@inputs:
let
s3fs-exec = "${pkgs.s3fs}/bin/s3fs";
in
"${mount_dest} ${confToBackendArg backend_args} :${s3fs-exec}\#${bucket}";
personalStorage = [
# hungtr-hot @ phoenix is broken :)
# (autofs-s3fs_entry {
# mount_dest = "hot";
# backend_args = {
# "-fstype" = "fuse";
# use_cache = "/tmp";
# del_cache = null;
# allow_other = null;
# url = ''"https://f5i0.ph.idrivee2-32.com"'';
# # TODO: builtins.readFile requires a Git-controlled file
# passwd_file = config.age.secrets.s3fs.path;
# dbglevel = "debug"; # enable this for better debugging info in journalctl
# uid = "1000"; # default user
# gid = "100"; # users
# umask="003"; # others read only, fully shared for users group
# # _netdev = null; # ignored by s3fs (https://github.com/s3fs-fuse/s3fs-fuse/blob/master/src/s3fs.cpp#L4910)
# };
# bucket = "hungtr-hot";
# })
(autofs-s3fs_entry {
mount_dest = "garden";
backend_args = {
"-fstype" = "fuse";
use_cache = "/tmp";
del_cache = null;
allow_other = null;
url = "https://v5h5.la11.idrivee2-14.com";
passwd_file = config.age.secrets."s3fs.digital-garden".path;
dbglevel = "debug"; # enable this for better debugging info in journalctl
uid = "1000"; # default user
gid = "100"; # users
umask = "003"; # others read only, fully shared for users group
};
bucket = "digital-garden";
})
(
let args = {
"-fstype" = "cifs";
credentials = config.age.secrets._nhitrl_cred.path;
user = null;
uid = "1001";
gid = "100";
dir_mode = "0777";
file_mode = "0777";
};
in "felia_d ${confToBackendArg args} ://felia.coati-celsius.ts.net/d"
)
(
let args = {
"-fstype" = "cifs";
credentials = config.age.secrets._nhitrl_cred.path;
user = null;
uid = "1001";
gid = "100";
dir_mode = "0777";
file_mode = "0777";
};
in "felia_f ${confToBackendArg args} ://felia.coati-celsius.ts.net/f"
)
];
persoConf = pkgs.writeText "auto.personal" (builtins.concatStringsSep "\n" personalStorage);
in
{
enable = true;
# Creates /perso directory with every subdirectory declared by ${personalStorage}
# as of now (might be stale), /perso/hot is the only mount accessible
# that is also managed by s3fs
autoMaster = ''
/perso file:${persoConf}
'';
timeout = 30; # default: 600, 600 seconds (10 mins) of inactivity => unmount
# debug = true; # writes to more to journalctl
};
}

48
nix-conf/home-manager/base/private_chromium.nix
View File

@ -1,48 +0,0 @@
{ config, pkgs, lib, ... }:
let cfg = config.base.private_chromium;
in
{
options.base.private_chromium = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = ''
Enable extremely lightweight chromium with vimium plugin
'';
};
};
config = lib.mkIf cfg.enable {
# home.packages = [pkgs.ungoogled-chromium];
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions =
let
mkChromiumExtForVersion = browserVersion: { id, sha256, extVersion, ... }:
{
inherit id;
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx" +
"?response=redirect" +
"&acceptformat=crx2,crx3" +
"&prodversion=${browserVersion}" +
"&x=id%3D${id}%26installsource%3Dondemand%26uc";
name = "${id}.crx";
inherit sha256;
};
version = extVersion;
};
mkChromiumExt = mkChromiumExtForVersion (lib.versions.major pkgs.ungoogled-chromium.version);
in
[
# vimium
(mkChromiumExt {
id = "dbepggeogbaibhgnhhndojpepiihcmeb";
sha256 = "00qhbs41gx71q026xaflgwzzridfw1sx3i9yah45cyawv8q7ziic";
extVersion = "1.67.4";
})
];
};
};
}

9
nix-conf/home-manager/base/productive_desktop.nix
View File

@ -1,9 +0,0 @@
inputs@{pkgs,...}: {
imports = [
# slack
({pkgs,...}: {
home.packages = [pkgs.slack];
})
./private_chromium.nix
];
}

49
nix-conf/home-manager/flake.nix
View File

@ -35,7 +35,52 @@
# lib = (import ../lib { inherit pkgs; lib = pkgs.lib; });
base = import ./base;
inherit (base) mkModuleArgs;
private_chromium = {config, pkgs, lib, ...}: let cfg = config.base.private_chromium;
in {
options.base.private_chromium = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
example = false;
description = ''
Enable extremely lightweight chromium with vimium plugin
'';
};
};
config = lib.mkIf cfg.enable {
# home.packages = [pkgs.ungoogled-chromium];
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions =
let
mkChromiumExtForVersion = browserVersion: {id, sha256, extVersion,...}:
{
inherit id;
crxPath = builtins.fetchurl {
url = "https://clients2.google.com/service/update2/crx"+
"?response=redirect"+
"&acceptformat=crx2,crx3"+
"&prodversion=${browserVersion}"+
"&x=id%3D${id}%26installsource%3Dondemand%26uc";
name = "${id}.crx";
inherit sha256;
};
version = extVersion;
};
mkChromiumExt = mkChromiumExtForVersion (lib.versions.major pkgs.ungoogled-chromium.version);
in
[
# vimium
(mkChromiumExt {
id = "dbepggeogbaibhgnhhndojpepiihcmeb";
sha256 = "00qhbs41gx71q026xaflgwzzridfw1sx3i9yah45cyawv8q7ziic";
extVersion = "1.67.4";
})
];
};
};
};
kde_module = {config, pkgs, ...}: {
fonts.fontconfig.enable = true;
home.packages = [
@ -76,7 +121,7 @@
modules = base.modules ++ [
./home.nix
kde_module
./base/productive_desktop.nix
private_chromium
];
# optionally pass inarguments to module
# we migrate this from in-place modules to allow flexibility

2
nix-conf/system/configuration.nix
View File

@ -33,7 +33,7 @@ with lib;
};
users.users.root = {
# openssh runs in root, no? This is because port < 1024 requires root.
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/native_configs/ssh/authorized_keys");
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys");
};
# Some basic programs

4
nix-conf/system/flake.nix
View File

@ -211,9 +211,7 @@
./configuration.nix
# automount using s3fs
({config, pkgs, lib, ...}: {
environment.systemPackages = [
pkgs.s3fs pkgs.cifs-utils pkgs.lm_sensors pkgs.hddtemp
]; # s3fs-fuse
environment.systemPackages = [pkgs.s3fs pkgs.cifs-utils]; # s3fs-fuse
# Sadly, autofs uses systemd, so we can't put it in home-manager
# HACK: need to store secret somewhere so that root can access this
# because autofs may run as root for now, we enforce putting the secret in this monorepo

2
nix-conf/system/profiles/bao/hardware-configuration.nix
View File

@ -11,7 +11,7 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
# boot.initrd.kernelModules = [ "amdgpu" ];
boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" "coretemp"];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =

50
scripts/config-sysnix-edge.sh
View File

@ -1,50 +0,0 @@
#!/usr/bin/env sh
## Configures a new nixos system to this repository
## Blame: Hung Tran (Pegasust) <pegasucksgg@gmail.com>
set -xv
HOSTNAME=${1}
if [ -z $HOSTNAME ]; then
current_hostname=$(hostname)
echo "Missing hostname as first param."
echo "Type the hostname you want to be here"
read -p "[${current_hostname}] > " HOSTNAME
HOSTNAME=${HOSTNAME:-${current_hostname}}
read -p "Using hostname: ${HOSTNAME}. Press ENTER to continue." _WHATEVER_
fi
# Where is this script located
SCRIPT_DIR=$(realpath $(dirname $0))
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
SYSNIX_DIR="${SCRIPT_DIR}/.."
# Copy hardware-configuration of existing machine onto our version control
SYSNIX_PROF="${SYSNIX_DIR}/hosts/${HOSTNAME}"
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
if [ ! -f "${HARDWARE_CONF}" ]; then
mkdir "$SYSNIX_PROF"
sudo cp /etc/nixos/hardware-configuration.nix ${HARDWARE_CONF}
fi
git add "${HARDWARE_CONF}"
# Copy ssh/id-rsa details onto ssh/authorized_keys
SSH_PRIV="${HOME}/.ssh/id_rsa"
SSH_PUB="${SSH_PRIV}.pub"
SSH_DIR="${SCRIPT_DIR}/../native_configs/ssh"
if [ ! -f "${SSH_PRIV}" ]; then
ssh-keygen -b 2048 -t rsa -f "${SSH_PRIV}" -q -N ""
fi
# idempotently adds to authorized_keys
cat "${SSH_PUB}" >> "${SSH_DIR}/authorized_keys"
# sort "${SSH_DIR}/authorized_keys" | uniq >"${SSH_DIR}/authorized_keys"
# NOTE: if we do sort... file >file, the ">file" is performed first, which truncates
# the file before we open to read. Hence, `sort [...] file >file` yields empty file.
# Because of this, we have to use `-o`
sort -u "${SSH_DIR}/authorized_keys" -o "${SSH_DIR}/authorized_keys"
echo "Apply nixos-rebuild"
sudo nixos-rebuild switch --flake "${SYSNIX_DIR}#${HOSTNAME}"

2
scripts/config-sysnix.sh
View File

@ -33,7 +33,7 @@ git add "${HARDWARE_CONF}"
# Copy ssh/id-rsa details onto ssh/authorized_keys
SSH_PRIV="${HOME}/.ssh/id_rsa"
SSH_PUB="${SSH_PRIV}.pub"
SSH_DIR="${SCRIPT_DIR}/../native_configs/ssh"
SSH_DIR="${SCRIPT_DIR}/../ssh"
if [ ! -f "${SSH_PRIV}" ]; then
ssh-keygen -b 2048 -t rsa -f "${SSH_PRIV}" -q -N ""
fi

28
secrets.nix
View File

@ -1,10 +1,18 @@
(import
(
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{ src = ./.; }
).defaultNix.secrets
let
# user-specific (~/.ssh/id_ed25519.pub)
users = {
"hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
};
# System-specific settings (/etc/ssh/ssh_host_ed25519_key.pub)
systems = {
"bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs";
};
all = users // systems;
# stands for calculus
c_ = builtins;
in {
"system/secrets/s3fs.age".publicKeys = c_.attrValues (all);
"system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
"system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
}

18
secrets/default.nix
View File

@ -1,18 +0,0 @@
# TODO: put ssh keys as user/host config
inputs: let
# user-specific (~/.ssh/id_ed25519.pub)
users = {
"hungtr@bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
};
# System-specific settings (/etc/ssh/ssh_host_ed25519_key.pub)
systems = {
"bao" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBuAaAE7TiQmMH300VRj/pYCri1qPmHjd+y9aX2J0Fs";
};
all = users // systems;
# stands for calculus
c_ = builtins;
in {
"system/secrets/s3fs.age".publicKeys = c_.attrValues (all);
"system/secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
"system/secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
}

15
templates/default.nix
View File

@ -1,15 +0,0 @@
# TODO: templates should be able to have initial states like
# repo name, author,...
{pkgs
,lib
,...
}: {
rust = {
path = ./rust;
description = "Minimal Rust build template using Naersk, rust-overlay, rust-analyzer";
};
rust-monorepo = {
path = ./rust-monorepo;
description = "Opinionated Rust monorepo, extended from ./rust, using Cargo workspace";
};
}

1
templates/rust-monorepo/.envrc
View File

@ -1 +0,0 @@
use flake

13
templates/rust-monorepo/.github/workflows/build_nix.yml vendored
View File

@ -1,13 +0,0 @@
name: "Build legacy Nix package on Ubuntu"
on:
push:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v12
- name: Building package
run: nix-build . -A defaultPackage.x86_64-linux

14
templates/rust-monorepo/Cargo.lock generated
View File

@ -1,14 +0,0 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "cli"
version = "0.1.0"
dependencies = [
"core",
]
[[package]]
name = "core"
version = "0.1.0"

5
templates/rust-monorepo/Cargo.toml
View File

@ -1,5 +0,0 @@
[workspace]
members = [
"packages/*",
"exec/*"
]

7
templates/rust-monorepo/default.nix
View File

@ -1,7 +0,0 @@
(import (
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
) {
src = ./.;
}).defaultNix

1
templates/rust-monorepo/exec/cli/.gitignore vendored
View File

@ -1 +0,0 @@
/target

9
templates/rust-monorepo/exec/cli/Cargo.toml
View File

@ -1,9 +0,0 @@
[package]
name = "cli"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
core = { version = "0.1.0", path = "../../packages/core" }

3
templates/rust-monorepo/exec/cli/src/main.rs
View File

@ -1,3 +0,0 @@
fn main() {
println!("Hello, world!");
}

35
templates/rust-monorepo/flake.nix
View File

@ -1,35 +0,0 @@
{
inputs = {
naersk.url = "github:nix-community/naersk/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
utils.url = "github:numtide/flake-utils";
rust-overlay = "github:oxalica/rust-overlay";
};
outputs = { self, nixpkgs, utils, naersk, rust-overlay }:
utils.lib.eachDefaultSystem (system:
let
overlays = [ rust-overlay.overlays.default ];
pkgs = import nixpkgs { inherit system overlays; };
naersk-lib = pkgs.callPackage naersk { };
in
{
defaultPackage = naersk-lib.buildPackage ./.;
devShell = with pkgs; mkShell {
buildInputs = [
(pkgs.rust-bin.selectLatestNightlyWith
(
toolchain:
toolchain.default.override {
extensions = [ "rust-src" ];
}
))
pkgs.rust-analyzer
];
RUST_SRC_PATH = rustPlatform.rustLibSrc;
shellHook = ''
# nix flake update # is this even needed?
'';
};
});
}

2
templates/rust-monorepo/packages/core/.gitignore vendored
View File

@ -1,2 +0,0 @@
/target
/Cargo.lock

8
templates/rust-monorepo/packages/core/Cargo.toml
View File

@ -1,8 +0,0 @@
[package]
name = "core"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]

14
templates/rust-monorepo/packages/core/src/lib.rs
View File

@ -1,14 +0,0 @@
pub fn add(left: usize, right: usize) -> usize {
left + right
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn it_works() {
let result = add(2, 2);
assert_eq!(result, 4);
}
}

7
templates/rust-monorepo/shell.nix
View File

@ -1,7 +0,0 @@
(import (
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
) {
src = ./.;
}).shellNix

1
templates/rust/.envrc
View File

@ -1 +0,0 @@
use flake

13
templates/rust/.github/workflows/build_nix.yml vendored
View File

@ -1,13 +0,0 @@
name: "Build legacy Nix package on Ubuntu"
on:
push:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v12
- name: Building package
run: nix-build . -A defaultPackage.x86_64-linux

7
templates/rust/default.nix
View File

@ -1,7 +0,0 @@
(import (
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
) {
src = ./.;
}).defaultNix

35
templates/rust/flake.nix
View File

@ -1,35 +0,0 @@
{
inputs = {
naersk.url = "github:nix-community/naersk/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
utils.url = "github:numtide/flake-utils";
rust-overlay = "github:oxalica/rust-overlay";
};
outputs = { self, nixpkgs, utils, naersk, rust-overlay }:
utils.lib.eachDefaultSystem (system:
let
overlays = [ rust-overlay.overlays.default ];
pkgs = import nixpkgs { inherit system overlays; };
naersk-lib = pkgs.callPackage naersk { };
in
{
defaultPackage = naersk-lib.buildPackage ./.;
devShell = with pkgs; mkShell {
buildInputs = [
(pkgs.rust-bin.selectLatestNightlyWith
(
toolchain:
toolchain.default.override {
extensions = [ "rust-src" ];
}
))
pkgs.rust-analyzer
];
RUST_SRC_PATH = rustPlatform.rustLibSrc;
shellHook = ''
# nix flake update # is this even needed?
'';
};
});
}

7
templates/rust/shell.nix
View File

@ -1,7 +0,0 @@
(import (
fetchTarball {
url = "https://github.com/edolstra/flake-compat/archive/99f1c2157fba4bfe6211a321fd0ee43199025dbf.tar.gz";
sha256 = "0x2jn3vrawwv9xp15674wjz9pixwjyj3j771izayl962zziivbx2"; }
) {
src = ./.;
}).shellNix