diff --git a/flake.lock b/flake.lock index c349a22..4bfb60f 100644 --- a/flake.lock +++ b/flake.lock @@ -18,11 +18,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660407119, - "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", + "lastModified": 1662458987, + "narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", + "rev": "504b32caf83986b7e6b9c79c1c13008f83290f19", "type": "github" }, "original": { @@ -34,11 +34,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661864979, - "narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=", + "lastModified": 1662099760, + "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979", + "rev": "67e45078141102f45eff1589a831aeaa3182b41e", "type": "github" }, "original": { @@ -48,38 +48,6 @@ "type": "github" } }, - "nixpkgs-22_05": { - "locked": { - "lastModified": 1661656705, - "narHash": "sha256-1ujNuL1Tx1dt8dC/kuYS329ZZgiXXmD96axwrqsUY7w=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "290dbaacc1f0b783fd8e271b585ec2c8c3b03954", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-22.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1661353537, - "narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0e304ff0d9db453a4b230e9386418fd974d5804a", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "home-manager": "home-manager", @@ -90,15 +58,19 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", - "nixpkgs-22_05": "nixpkgs-22_05" + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-22_05": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1661660105, - "narHash": "sha256-3ITdkYwsNDh2DRqi7FZOJ92ui92NmcO6Nhj49u+JjWY=", + "lastModified": 1662390490, + "narHash": "sha256-HnFHRFu0eoB0tLOZRjLgVfHzK+4bQzAmAmHSzOquuyI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d92fba1bfc9f64e4ccb533701ddd8590c0d8c74a", + "rev": "044ccfe24b349859cd9efc943e4465cc993ac84e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7de2980..9362c14 100644 --- a/flake.nix +++ b/flake.nix @@ -3,35 +3,59 @@ inputs = { nixpkgs.url = github:nixos/nixpkgs/nixos-22.05; - nixos-hardware.url = github:nixos/nixos-hardware/master; + nixos-hardware = { + url = github:nixos/nixos-hardware/master; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { - #url = "github:nix-community/home-manager"; url = "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; - sops-nix.url = github:Mic92/sops-nix; + sops-nix = { + url = github:Mic92/sops-nix; + # sops-nix uses both -22.05 and -unstable in their flake. + # As far as I can tell, 22.05 is only used for testing, whereas unstable + # is used for the tooling. So here, I let both of these follow our + # nixpkgs input. Note that after NixOS releases, this might break since + # they may do away with 22.05 at that point. + # https://github.com/Mic92/sops-nix/blob/master/flake.nix + inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-22_05.follows = "nixpkgs"; + }; }; - outputs = inputs @ { self, nixpkgs, nixos-hardware, home-manager, sops-nix, ... }: - let + outputs = inputs @ { + self, + nixpkgs, + nixos-hardware, + home-manager, + sops-nix, + ... + }: let system = "x86_64-linux"; homeManagerConfFor = config: { ... }: { #nixpkgs.overlays = [ nur.overlay ]; imports = [ config ]; }; + jacobHome = homeManagerConfFor ./home/jacob.nix; + jacobHomeMod = { + home-manager.useUserPackages = true; + home-manager.users.jacob = jacobHome; + }; mkNixosSystem = extraModules: nixpkgs.lib.nixosSystem { inherit system; # see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html specialArgs = { inherit inputs; }; modules = [ - home-manager.nixosModules.home-manager { - home-manager.useUserPackages = true; - home-manager.users.jacob = homeManagerConfFor ./home/jacob.nix; - } + home-manager.nixosModules.home-manager + jacobHomeMod sops-nix.nixosModules.sops ] ++ extraModules; }; in { + homeManagerConfigurations = { + jacob = jacobHome; + }; nixosConfigurations = { # Thinkpad T470 laptop buck = mkNixosSystem [ diff --git a/home/i3.nix b/home/i3.nix index 639159e..05c8108 100644 --- a/home/i3.nix +++ b/home/i3.nix @@ -1,11 +1,11 @@ -pkgs : -rec { +pkgs: rec { menu = "${pkgs.dmenu}/bin/dmenu_run"; modifier = "Mod1"; terminal = "kitty"; keybindings = let browser = "qutebrowser"; - scrot2clip = pkgs.writeShellScript "scrot2clip" + scrot2clip = + pkgs.writeShellScript "scrot2clip" "${pkgs.scrot}/bin/scrot -s - | ${pkgs.xclip}/bin/xclip -selection primary -i -t image/png"; in { "${modifier}+Return" = "exec ${terminal} tmux new"; @@ -54,31 +54,20 @@ rec { "${modifier}+9" = "workspace number 9"; "${modifier}+0" = "workspace number 10"; - "${modifier}+Shift+1" = - "move container to workspace number 1"; - "${modifier}+Shift+2" = - "move container to workspace number 2"; - "${modifier}+Shift+3" = - "move container to workspace number 3"; - "${modifier}+Shift+4" = - "move container to workspace number 4"; - "${modifier}+Shift+5" = - "move container to workspace number 5"; - "${modifier}+Shift+6" = - "move container to workspace number 6"; - "${modifier}+Shift+7" = - "move container to workspace number 7"; - "${modifier}+Shift+8" = - "move container to workspace number 8"; - "${modifier}+Shift+9" = - "move container to workspace number 9"; - "${modifier}+Shift+0" = - "move container to workspace number 10"; + "${modifier}+Shift+1" = "move container to workspace number 1"; + "${modifier}+Shift+2" = "move container to workspace number 2"; + "${modifier}+Shift+3" = "move container to workspace number 3"; + "${modifier}+Shift+4" = "move container to workspace number 4"; + "${modifier}+Shift+5" = "move container to workspace number 5"; + "${modifier}+Shift+6" = "move container to workspace number 6"; + "${modifier}+Shift+7" = "move container to workspace number 7"; + "${modifier}+Shift+8" = "move container to workspace number 8"; + "${modifier}+Shift+9" = "move container to workspace number 9"; + "${modifier}+Shift+0" = "move container to workspace number 10"; "${modifier}+Shift+c" = "reload"; "${modifier}+Shift+r" = "restart"; - "${modifier}+Shift+e" = - "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'"; + "${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'"; "${modifier}+r" = "mode resize"; }; diff --git a/home/jacob.nix b/home/jacob.nix index f3c3b18..a067fad 100644 --- a/home/jacob.nix +++ b/home/jacob.nix @@ -1,10 +1,14 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { imports = [ - ({ lib, ...}: { - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "zoom" - ]; + ({lib, ...}: { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "zoom" + ]; }) ]; @@ -16,18 +20,21 @@ keyboard = { layout = "us"; - options = [ "caps:swapescape" "ctrl:ralt_rctrl" ]; + options = ["caps:swapescape" "ctrl:ralt_rctrl"]; }; packages = with pkgs; [ age bitwarden chromium + fd feh file #freecad + fzf #gnumake hack-font + jq inconsolata libreoffice logseq @@ -36,17 +43,24 @@ #openscad #pandoc pavucontrol + ripgrep scli scrot signal-desktop sops + speedcrunch spotify-tui sxiv #texlive.combined.scheme-full xclip + zathura zoom-us ]; + sessionVariables = { + QT_ENABLE_HIGHDPI_SCALING = 1; + }; + # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards @@ -58,8 +72,21 @@ stateVersion = "22.05"; }; - accounts.email = { - accounts.gmail = { + xdg = { + enable = true; + mimeApps = { + enable = true; + associations.added = { + "application/pdf" = ["zathura.desktop"]; + }; + defaultApplications = { + "application/pdf" = ["zathura.desktop"]; + }; + }; + }; + + accounts.email.accounts = { + gmail = { address = "jacob.hinkle@gmail.com"; passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/gmail/password"; flavor = "gmail.com"; @@ -68,13 +95,25 @@ create = "maildir"; }; notmuch.enable = false; - primary = true; realName = "Jacob Hinkle"; }; - accounts.jhink = { + jhink = { address = "jacob.hinkle@jhink.org"; - imap.host = "mail.privateemail.com"; - smtp.host = "mail.privateemail.com"; + primary = true; + imap = { + host = "imap.fastmail.com"; + tls = { + enable = true; + useStartTls = false; + }; + }; + smtp = { + host = "smtp.fastmail.com"; + tls = { + enable = true; + useStartTls = false; + }; + }; flavor = "plain"; userName = "jacob.hinkle@jhink.org"; passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/jhink/password"; @@ -88,11 +127,10 @@ }; programs = { - bat = { - enable = true; - }; + bat.enable = true; direnv = { enable = true; + nix-direnv.enable = true; enableZshIntegration = true; }; firefox = { @@ -106,28 +144,66 @@ git = { enable = true; userName = "Jacob Hinkle"; - userEmail = "jacob.hinkle@jhink.org"; + userEmail = "jacob@jhink.org"; lfs.enable = true; - delta.enable = true; - }; - htop = { - enable = true; + difftastic = { + enable = true; + background = "dark"; + }; + aliases = { + ci = "commit"; + lg = "log --pretty=format:\"%C(magenta)%h%Creset -%C(red)%d%Creset %s %C(dim green)(%cr) [%an]\" --abbrev-commit -30"; + s = "status"; + }; + extraConfig = { + color.ui = "auto"; + push.default = "simple"; + pull.rebase = false; + branch.autosetupmerge = true; + }; }; + htop.enable = true; kitty = { enable = true; font = { name = "Hack"; - size = 16; + size = 24; }; }; + lazygit.enable = true; mbsync = { enable = true; }; neovim = { enable = true; + extraConfig = '' + set tabstop=4 + set softtabstop=4 " enables backspacing, etc + set shiftwidth=4 + set expandtab + set tw=80 + + set bs=2 " allow backspacing over everything in insert mode + set ai " always set autoindenting on + + set number relativenumber + set colorcolumn=100 + ''; plugins = with pkgs.vimPlugins; [ + #context-vim + #ctrlp + #fzf + #gundo + python-mode + #telescope-nvim + #telescope-fzf-native-nvim + #nvim-treesitter vim-nix ]; + vimAlias = true; + }; + notmuch = { + enable = true; }; qutebrowser = import ./qutebrowser.nix; rbw = { @@ -154,33 +230,58 @@ }; }; tmux = import ./tmux.nix; + xmobar = { + enable = true; + extraConfig = builtins.readFile ./xmobarrc; + }; zsh = { enable = true; enableSyntaxHighlighting = true; shellAliases = { + lg = "lazygit"; vim = "nvim"; }; sessionVariables = { EDITOR = "nvim"; + FZF_DEFAULT_OPTS = "--layout=reverse --inline-info --height=40% --border"; }; oh-my-zsh = { enable = true; plugins = [ - "direnv" - "git" - "sudo" - "vi-mode" + "direnv" + "git" + "sudo" + "vi-mode" + "fzf" ]; - theme = "michelebologna"; # nice clean theme that shows jobs + theme = "michelebologna"; # nice clean theme that shows jobs }; - # michelebologna theme doesn't have an RPROMPT, but I like the one from the clean theme initExtra = '' + # michelebologna theme doesn't have an RPROMPT, but I like the one from + # the clean theme RPROMPT='[%*]' + + # wrap the fzf command with some killable helpers + function vif() { + local fname + fname=$(fzf) || return + vim "$fname" + } + + function fcd() { + local dirname + dirname=$(find -type d | fzf) || return + cd "$dirname" + } ''; }; }; services = { + mbsync = { + enable = true; + verbose = true; + }; spotifyd = { enable = true; settings = { @@ -207,9 +308,24 @@ xsession = { enable = true; - windowManager.i3 = { - enable = true; - config = import ./i3.nix pkgs; + windowManager = { + i3 = { + enable = false; + config = import ./i3.nix pkgs; + }; + xmonad = { + enable = true; + enableContribAndExtras = true; + extraPackages = haskellPackages: + with haskellPackages; [ + #dbus + #List + #monad-logger + xmonad + xmonad-contrib + ]; + config = ./xmonad.hs; + }; }; }; } diff --git a/home/tmux.nix b/home/tmux.nix index 4822eec..f5ceb21 100644 --- a/home/tmux.nix +++ b/home/tmux.nix @@ -1,7 +1,7 @@ { enable = true; aggressiveResize = true; - clock24 = true; + clock24 = true; escapeTime = 0; historyLimit = 10000; keyMode = "vi"; @@ -26,6 +26,6 @@ set-window-option -g window-status-current-style fg=red # align center the window list set -g status-justify centre - + ''; } diff --git a/home/xmobarrc b/home/xmobarrc new file mode 100644 index 0000000..7b2c036 --- /dev/null +++ b/home/xmobarrc @@ -0,0 +1,45 @@ +Config { overrideRedirect = False + , font = "xft:iosevka-9" + , bgColor = "#1f1f1f" + , fgColor = "#f8f8f2" + , position = TopW L 90 + , commands = [ + --Run Weather "EGPF" + --[ "--template", " °F" + --, "-L", "35" + --, "-H", "85" + --, "--low" , "lightblue" + --, "--normal", "#f8f8f2" + --, "--high" , "red" + --] 36000 + -- , + Run Cpu + [ "-L", "3" + , "-H", "50" + , "--high" , "red" + , "--normal", "green" + ] 10 + , Run BatteryP ["BAT1"] + ["-t", " (%)", + "-L", "10", "-H", "80", "-p", "3", + "--", "-O", "On - ", "-i", "", + "-L", "-15", "-H", "-5", + "-l", "red", "-m", "blue", "-h", "green", + "-a", "notify-send -u critical 'Battery running out!!'", + "-A", "3"] + 600 + , Run Alsa "default" "Master" + [ "--template", "" + , "--suffix" , "True" + , "--" + , "--on", "" + ] + , Run Memory ["--template", "Mem: %"] 10 + , Run Swap [] 10 + , Run Date "%a %Y-%m-%d %H:%M" "date" 10 + , Run XMonadLog + ] + , sepChar = "%" + , alignSep = "}{" + , template = "%XMonadLog% }{ Sound: %alsa:default:Master% | %cpu% | %memory% * %swap% | BAT1: %battery% | %date% " + } diff --git a/home/xmonad.hs b/home/xmonad.hs new file mode 100644 index 0000000..87a5818 --- /dev/null +++ b/home/xmonad.hs @@ -0,0 +1,107 @@ +-- See https://xmonad.org/TUTORIAL.html +import XMonad + +import XMonad.Actions.CycleWS (toggleWS) +import XMonad.Actions.RotSlaves + +import XMonad.Hooks.DynamicLog +import XMonad.Hooks.EwmhDesktops +import XMonad.Hooks.StatusBar +import XMonad.Hooks.StatusBar.PP + +import qualified XMonad.StackSet as W + +import XMonad.Util.EZConfig (additionalKeysP) +import XMonad.Util.Loggers + +import XMonad.Layout.Magnifier +import XMonad.Layout.ThreeColumns + +main :: IO () +main = xmonad + . ewmhFullscreen + . ewmh +-- . xmobarProp + . withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey + $ myConfig + +myConfig = def + { terminal = "kitty tmux new" + , modMask = mod1Mask + , borderWidth = 3 + , workspaces = myWorkspaces + , layoutHook = myLayout + } + `additionalKeysP` + -- See below for help defining keymaps + -- https://hackage.haskell.org/package/xmonad-contrib-0.17.1/docs/XMonad-Util-EZConfig.html#v:mkKeymap + ([ + -- launch programs + ("M-'", spawn "qutebrowser") + , ("M-s", spawn "scrot -s") + -- launch a terminal _without_ a new tmux session + , ("M-C-", spawn "kitty") + -- xrandr commands for when (dis)connecting from external monitor + -- I have temporarily given up on using autorandr fo rthis + , ("M-x", spawn "xrandr --output DP-1 --auto --output eDP-1 --off") -- external + , ("M-c", spawn "xrandr --output eDP-1 --auto --output DP-1 --off") -- laptop only + -- Control monitor brightness + , ("", spawn "light -A 10") + , ("", spawn "light -U 10") + -- cycle windows within a workspace + , ("M-a", rotAllUp) + , ("M-f", rotAllDown) + -- switch to previous workspace + , ("M-;", toggleWS) + -- Warn (disable shutting down xmonad since we can do that in other ways from a terminal... + , ("M-S-q", spawn "kitty --hold echo M-S-q quits XMonad\\! You probably meant to use M-S-c to close the current window.") + ] + ++ + -- access additional workspaces + [("M-" ++ w, windows $ W.greedyView w) | w <- addlWorkspaces] + ++ + [("M-S-" ++ w, windows $ W.shift w) | w <- addlWorkspaces] + ) + +myLayout = threeCol ||| tiled ||| Mirror tiled ||| Full + where + --threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio + threeCol = ThreeColMid nmaster delta ratio + tiled = Tall nmaster delta ratio + nmaster = 1 -- Default number of windows in the master pane + ratio = 1/2 -- Default proportion of screen occupied by master pane + delta = 3/100 -- Percent of screen to increment by when resizing panes + +myXmobarPP :: PP +myXmobarPP = def + { ppSep = magenta " • " + , ppTitleSanitize = xmobarStrip + , ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2 + , ppHidden = white . wrap " " "" + , ppHiddenNoWindows = lowWhite . wrap " " "" + , ppUrgent = red . wrap (yellow "!") (yellow "!") + , ppOrder = \[ws, l, _, wins] -> [ws, l, wins] + , ppExtras = [logTitles formatFocused formatUnfocused] + } + where + formatFocused = wrap (white "[") (white "]") . magenta . ppWindow + formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow + + -- | Windows should have *some* title, which should not not exceed a + -- sane length. + ppWindow :: String -> String + ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30 + + blue, lowWhite, magenta, red, white, yellow :: String -> String + magenta = xmobarColor "#ff79c6" "" + blue = xmobarColor "#bd93f9" "" + white = xmobarColor "#f8f8f2" "" + yellow = xmobarColor "#f1fa8c" "" + red = xmobarColor "#ff5555" "" + lowWhite = xmobarColor "#bbbbbb" "" + +addlWorkspaces :: [String] +addlWorkspaces = ["0", "-", "=", "i"] + +myWorkspaces :: [String] +myWorkspaces = ["1", "2", "3", "4", "5", "6", "7", "8", "9"] ++ addlWorkspaces diff --git a/machines/buck/configuration.nix b/machines/buck/configuration.nix index 533bb69..d3b40c0 100644 --- a/machines/buck/configuration.nix +++ b/machines/buck/configuration.nix @@ -5,10 +5,15 @@ { config, pkgs, inputs, sops, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + config, + pkgs, + sops, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; # This lets us pin the nixpkgs registry by default to the nixpkgs used to build this system. # Doing this means we are less likely to require the 30+MB download when @@ -22,7 +27,7 @@ # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml"; defaultSopsFile = ../../secrets.yaml; # This will automatically import SSH keys as age keys - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; # This is using an age key that is expected to already be in the filesystem #age.keyFile = "/var/lib/sops-nix/key.txt"; # This will generate a new key if the key specified above does not exist @@ -37,9 +42,17 @@ }; # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader = { + systemd-boot = { + enable = true; + # limit number of configurations to save in the boot menu + configurationLimit = 10; + }; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + }; networking.hostName = "buck"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -49,7 +62,7 @@ environmentFile = "/run/secrets/wifi/env"; networks = { "@SSID_HOME@" = { - pskRaw = "@PSKRAW_HOME@"; + pskRaw = "@PSKRAW_HOME@"; }; }; }; @@ -67,7 +80,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.utf8"; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -91,7 +103,7 @@ # List services that you want to enable: # Enable sound. sound.enable = true; - + #hardware.raspberry-pi."4".fkms-3d.enable = true; # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; @@ -99,11 +111,11 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.jacob = { isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; }; - security.rtkit.enable = true; # recommended for pipewire + security.rtkit.enable = true; # recommended for pipewire # List services that you want to enable: services = { @@ -128,7 +140,7 @@ # Enable the X11 windowing system. services.xserver.enable = true; xserver = { enable = true; - #dpi = 180; + dpi = 180; displayManager = { defaultSession = "none+i3"; autoLogin = { @@ -139,7 +151,7 @@ enable = true; greeter.enable = false; }; - }; + }; libinput = { enable = true; touchpad = { @@ -154,7 +166,7 @@ i3status # gives you the default i3 status bar i3lock #default i3 screen locker i3blocks #if you are planning on using i3blocks over i3status - ]; + ]; }; }; }; @@ -185,6 +197,6 @@ gc = { automatic = true; }; - settings.experimental-features = [ "nix-command" "flakes" ]; + settings.experimental-features = ["nix-command" "flakes"]; }; } diff --git a/machines/buck/hardware-configuration.nix b/machines/buck/hardware-configuration.nix index a37362e..1899fe0 100644 --- a/machines/buck/hardware-configuration.nix +++ b/machines/buck/hardware-configuration.nix @@ -1,29 +1,38 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20"; + fsType = "ext4"; + }; - fileSystems."/boot/efi" = - { device = "/dev/disk/by-uuid/164F-882B"; - fsType = "vfat"; - }; + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/164F-882B"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = [ + { + device = "/var/swap"; + size = 1024 * 8 * 2; + } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/pedro/configuration.nix b/machines/pedro/configuration.nix index 5123663..eed98c9 100644 --- a/machines/pedro/configuration.nix +++ b/machines/pedro/configuration.nix @@ -19,7 +19,7 @@ # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml"; defaultSopsFile = ../../secrets.yaml; # This will automatically import SSH keys as age keys - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; # This is using an age key that is expected to already be in the filesystem #age.keyFile = "/var/lib/sops-nix/key.txt"; # This will generate a new key if the key specified above does not exist @@ -36,13 +36,14 @@ boot = { # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) loader = { - # Enables the generation of /extlinux/extlinux.conf grub.enable = true; - #grub.version = 2; grub.device = "/dev/sda"; grub.efiSupport = true; - systemd-boot.enable = true; + # Enables the generation of /extlinux/extlinux.conf grub.enable = true; + #grub.version = 2; grub.device = "/dev/sda"; grub.efiSupport = true; + systemd-boot.enable = true; }; - + # ZFS settings - initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/"; + initrd.availableKernelModules = ["usbhid" "usb_storage"]; + initrd.supportedFilesystems = ["zfs"]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/"; }; # Set your time zone. @@ -67,18 +68,64 @@ }; }; }; +<<<<<<< HEAD firewall = import ./firewall.nix; timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default; +======= + firewall = { + allowedTCPPorts = [ + 8384 + 22000 # syncthing + 8080 + 8443 + 6789 + 8880 + 8843 + 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference + 53 + 8088 # pihole + #3000 # gitea + #8081 # vaultwarden + #8000 # paperless + 80 + 443 # reverse proxy + ]; + allowedUDPPorts = [ + 22000 + 21027 # syncthing + 3478 + 5514 + 10001 + 1900 + 123 # unifi + 53 # pihole + ]; + allowedUDPPortRanges = [ + { + from = 5656; + to = 5699; + } # unifi + ]; + }; + timeServers = ["192.168.88.1"] ++ options.networking.timeServers.default; +>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c }; hardware.video.hidpi.enable = false; hardware.enableRedistributableFirmware = true; #hardware.pulseaudio = { - #enable = true; - #extraModules = [ pkgs.pulseaudio-modules-bt ]; - #package = pkgs.pulseaudioFull; + #enable = true; + #extraModules = [ pkgs.pulseaudio-modules-bt ]; + #package = pkgs.pulseaudioFull; #}; hardware.bluetooth.enable = false; +<<<<<<< HEAD +======= + services.blueman.enable = false; + + # Enable CUPS to print documents. + services.printing.enable = false; +>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c # Enable sound. sound.enable = false; @@ -86,28 +133,28 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.jacob = { isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; }; # List packages installed in system profile. To search, run: $ nix search wget - environment.systemPackages = with pkgs; [ vim git wget ]; + environment.systemPackages = with pkgs; [vim git wget]; #environment.variables = { - #GDK_SCALE = "2"; - #GDK_DPI_SCALE = "0.5"; - #_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2"; + #GDK_SCALE = "2"; + #GDK_DPI_SCALE = "0.5"; + #_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2"; #}; # Some programs need SUID wrappers, can be configured further or are started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { # enable = true; enableSSHSupport = true; # }; - security.rtkit.enable = true; # recommended for pipewire + security.rtkit.enable = true; # recommended for pipewire # enable acme for certbot security.acme = { - acceptTerms = true; + acceptTerms = true; defaults = { email = "jacob.hinkle@gmail.com"; }; @@ -186,7 +233,7 @@ enable = true; greeter.enable = false; }; - }; + }; layout = "us"; libinput.enable = true; windowManager.i3 = { @@ -196,7 +243,7 @@ i3status # gives you the default i3 status bar i3lock #default i3 screen locker i3blocks #if you are planning on using i3blocks over i3status - ]; + ]; }; }; @@ -205,7 +252,7 @@ trim.enable = true; autoScrub = { enable = true; - pools = [ "rpool" ]; + pools = ["rpool"]; }; autoSnapshot = { enable = true; @@ -214,18 +261,17 @@ }; }; }; - + # Due to bug in home assistant, this workaround is suggested temporarily as of May 6, 2022 # https://github.com/nix-community/home-manager/issues/2942#issuecomment-1119760100 #nixpkgs.config.allowUnfree = true; - nixpkgs.config.allowUnfreePredicate = ( pkg: true ); - + nixpkgs.config.allowUnfreePredicate = (pkg: true); + powerManagement.cpuFreqGovernor = "ondemand"; - # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were taken. It‘s perfectly fine and recommended to leave this value at the + # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were taken. It‘s perfectly fine and recommended to leave this value at the # release version of the first install of this system. Before changing this value read the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; } - diff --git a/machines/pedro/hardware-configuration-zfs.nix b/machines/pedro/hardware-configuration-zfs.nix index a571462..40847f7 100644 --- a/machines/pedro/hardware-configuration-zfs.nix +++ b/machines/pedro/hardware-configuration-zfs.nix @@ -1,33 +1,36 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # high-resolution display hardware.video.hidpi.enable = lib.mkDefault true; - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - }; + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4"; + fsType = "vfat"; + }; fileSystems."/nix" = { device = "rpool/nixos/nix"; @@ -111,5 +114,4 @@ randomEncryption = true; } ]; - } diff --git a/machines/pedro/nginx.nix b/machines/pedro/nginx.nix index 3f4b845..203e31d 100644 --- a/machines/pedro/nginx.nix +++ b/machines/pedro/nginx.nix @@ -2,7 +2,7 @@ enable = true; recommendedProxySettings = true; virtualHosts = let - simpleProxy = ip : { + simpleProxy = ip: { forceSSL = true; enableACME = true; extraConfig = '' diff --git a/machines/pedro/pihole.nix b/machines/pedro/pihole.nix index 8ebdde1..ec844af 100644 --- a/machines/pedro/pihole.nix +++ b/machines/pedro/pihole.nix @@ -1,5 +1,4 @@ -serverIP : -{ +serverIP: { image = "pihole/pihole:2022.07.1"; ports = [ "${serverIP}:53:53/tcp" @@ -22,6 +21,6 @@ serverIP : ]; extraOptions = [ "--cap-add=NET_ADMIN" - "--no-hosts" # do not populate internal /etc/hosts with container host's + "--no-hosts" # do not populate internal /etc/hosts with container host's ]; } diff --git a/secrets.yaml b/secrets.yaml index 3767dd3..97fee5d 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,9 +2,10 @@ email: gmail: address: ENC[AES256_GCM,data:uWVgCX2nTVJn8HlEMKfU86DsVG9c0A==,iv:uLJk521DET65fizoUUKnLB325fNmSZNc3M9tNqjq2qg=,tag:zSlTWP3VYu0JR0FH0gdCHw==,type:str] password: ENC[AES256_GCM,data:DKB+h3jaX+BP,iv:kdc1NcYVLie3TRCf2qq5x8V3WaSKXKKHDqBDzjpQMDw=,tag:P1mmaKhPcX1yMUxI5I/uXA==,type:str] + #ENC[AES256_GCM,data:Otd/3wBbI7DCFsZwyg==,iv:rUajD3QRS4u1kdwpnfS8RQaNbB/WwtHnjDnsYkDe7Po=,tag:SS0lGIqLxmpdiJN1qvZoYg==,type:comment] jhink: address: ENC[AES256_GCM,data:nIuL4Ay343z3lzjiXKnSqPLsqZR96w==,iv:iKQCw/cj70q2Afuf97g3njkEcD5ux4HquXFTZ5K7xHo=,tag:BsnLC1MspQOsMN6qxtY4uQ==,type:str] - password: ENC[AES256_GCM,data:/F+gn/TaRqX+,iv:y6aNJb1zG+plXwcKilQLVFEnlemDJUV0PyIicbAD6BU=,tag:A2KPxqB4xZ2erFA/nstovg==,type:str] + password: ENC[AES256_GCM,data:db0Wll4B8eXYc70dsIuYbw==,iv:2g4fE2GQyKxiVMkOQqOCPjAISdlXElvWYt0XKPEOWv0=,tag:73ymkTNGUlVccJFXjT40EA==,type:str] pihole: webpassword: ENC[AES256_GCM,data:bqBbGE5M4LUukMh7vQA=,iv:YhKaO2WQq5Ar9aKitgRTbDU2Ld2Cdc0wmrcQZ92lztY=,tag:UGnerGhtQBjO+n4LobdSyg==,type:str] spotify: @@ -59,8 +60,8 @@ sops: WVUwaEIwWTFFTExyT3hLSC9wODhJdGcKWsNIUsT06qYA9vUVeFHQrCdcn2MkHt+w Rr7W+4uaNb8Qxo/NUp9kodE9m/fg9XVd8wM7HUP4wJC0rE4GSnFvGg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-08-30T17:05:20Z" - mac: ENC[AES256_GCM,data:6f2RYsTBhMgLlwDgJ6vj2Jv82kFMNmjwYGV072YrfOE7qwjwcRRFE26L6mVkQ3yOt94wuOMAV/8gbqxY5hqVf1QxdnIiPDisks8yriquGBWM3RJZPA6i4Q8sBDqxA5Q9h/2geaHOpdu5If0XJolwhJOYso5buxWH2nrCIXQQ0B4=,iv:KaOccL/d/NSDI+jVMhbtBdNc/6ysK9nFUEbAHoyZ+lM=,tag:FnHUlPu5xmgJle4UVz0rcg==,type:str] + lastmodified: "2022-09-27T13:16:21Z" + mac: ENC[AES256_GCM,data:UkvaiVtsbMKNeMKlf6N6N0dxQWAUxT2VMQrhMJFqwdyRoFvTQ+4a27sXHIQgr+G+BAnsFBeWFjA3SS+YhHcDYCx1boXMhdoFeNjVZ2TUURX/KazcIwJNGmrt4qMK7BkfUu1mLa58pxie+XSY1MBRwByg7rnLaSJzNiWgqgLRGy0=,iv:7kBE0EKhvesWToa6+At0yWt1IzTWipv0fSvopA2PUXg=,tag:0e+5Gu5Ajw7r3AgeJLg+EQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3