jacob/nix_config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'main' of git.jhink.org:jacob/nix_config

Browse Source
This commit is contained in:
Jacob Hinkle 2022-10-13 09:24:02 -04:00
commit ffe5a7665a
14 changed files with 517 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
flake.lock generated
View File

@ -18,11 +18,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1660407119, "lastModified": 1662458987,
"narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", "narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", "rev": "504b32caf83986b7e6b9c79c1c13008f83290f19",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -34,11 +34,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1661864979, "lastModified": 1662099760,
"narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=", "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979", "rev": "67e45078141102f45eff1589a831aeaa3182b41e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -48,38 +48,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-22_05": {
"locked": {
"lastModified": 1661656705,
"narHash": "sha256-1ujNuL1Tx1dt8dC/kuYS329ZZgiXXmD96axwrqsUY7w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "290dbaacc1f0b783fd8e271b585ec2c8c3b03954",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1661353537,
"narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e304ff0d9db453a4b230e9386418fd974d5804a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
@ -90,15 +58,19 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2", "nixpkgs": [
"nixpkgs-22_05": "nixpkgs-22_05" "nixpkgs"
],
"nixpkgs-22_05": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1661660105, "lastModified": 1662390490,
"narHash": "sha256-3ITdkYwsNDh2DRqi7FZOJ92ui92NmcO6Nhj49u+JjWY=", "narHash": "sha256-HnFHRFu0eoB0tLOZRjLgVfHzK+4bQzAmAmHSzOquuyI=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d92fba1bfc9f64e4ccb533701ddd8590c0d8c74a", "rev": "044ccfe24b349859cd9efc943e4465cc993ac84e",
"type": "github" "type": "github"
}, },
"original": { "original": {

42
flake.nix
View File

@ -3,35 +3,59 @@
inputs = { inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixos-22.05; nixpkgs.url = github:nixos/nixpkgs/nixos-22.05;
nixos-hardware.url = github:nixos/nixos-hardware/master; nixos-hardware = {
url = github:nixos/nixos-hardware/master;
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
#url = "github:nix-community/home-manager";
url = "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz"; url = "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix.url = github:Mic92/sops-nix; sops-nix = {
url = github:Mic92/sops-nix;
# sops-nix uses both -22.05 and -unstable in their flake.
# As far as I can tell, 22.05 is only used for testing, whereas unstable
# is used for the tooling. So here, I let both of these follow our
# nixpkgs input. Note that after NixOS releases, this might break since
# they may do away with 22.05 at that point.
# https://github.com/Mic92/sops-nix/blob/master/flake.nix
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-22_05.follows = "nixpkgs";
};
}; };
outputs = inputs @ { self, nixpkgs, nixos-hardware, home-manager, sops-nix, ... }: outputs = inputs @ {
let self,
nixpkgs,
nixos-hardware,
home-manager,
sops-nix,
...
}: let
system = "x86_64-linux"; system = "x86_64-linux";
homeManagerConfFor = config: { ... }: { homeManagerConfFor = config: { ... }: {
#nixpkgs.overlays = [ nur.overlay ]; #nixpkgs.overlays = [ nur.overlay ];
imports = [ config ]; imports = [ config ];
}; };
jacobHome = homeManagerConfFor ./home/jacob.nix;
jacobHomeMod = {
home-manager.useUserPackages = true;
home-manager.users.jacob = jacobHome;
};
mkNixosSystem = extraModules: nixpkgs.lib.nixosSystem { mkNixosSystem = extraModules: nixpkgs.lib.nixosSystem {
inherit system; inherit system;
# see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html # see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager
home-manager.useUserPackages = true; jacobHomeMod
home-manager.users.jacob = homeManagerConfFor ./home/jacob.nix;
}
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
] ++ extraModules; ] ++ extraModules;
}; };
in { in {
homeManagerConfigurations = {
jacob = jacobHome;
};
nixosConfigurations = { nixosConfigurations = {
# Thinkpad T470 laptop # Thinkpad T470 laptop
buck = mkNixosSystem [ buck = mkNixosSystem [

39
home/i3.nix
View File

@ -1,11 +1,11 @@
pkgs : pkgs: rec {
rec {
menu = "${pkgs.dmenu}/bin/dmenu_run"; menu = "${pkgs.dmenu}/bin/dmenu_run";
modifier = "Mod1"; modifier = "Mod1";
terminal = "kitty"; terminal = "kitty";
keybindings = let keybindings = let
browser = "qutebrowser"; browser = "qutebrowser";
scrot2clip = pkgs.writeShellScript "scrot2clip" scrot2clip =
pkgs.writeShellScript "scrot2clip"
"${pkgs.scrot}/bin/scrot -s - | ${pkgs.xclip}/bin/xclip -selection primary -i -t image/png"; "${pkgs.scrot}/bin/scrot -s - | ${pkgs.xclip}/bin/xclip -selection primary -i -t image/png";
in { in {
"${modifier}+Return" = "exec ${terminal} tmux new"; "${modifier}+Return" = "exec ${terminal} tmux new";
@ -54,31 +54,20 @@ rec {
"${modifier}+9" = "workspace number 9"; "${modifier}+9" = "workspace number 9";
"${modifier}+0" = "workspace number 10"; "${modifier}+0" = "workspace number 10";
"${modifier}+Shift+1" = "${modifier}+Shift+1" = "move container to workspace number 1";
"move container to workspace number 1"; "${modifier}+Shift+2" = "move container to workspace number 2";
"${modifier}+Shift+2" = "${modifier}+Shift+3" = "move container to workspace number 3";
"move container to workspace number 2"; "${modifier}+Shift+4" = "move container to workspace number 4";
"${modifier}+Shift+3" = "${modifier}+Shift+5" = "move container to workspace number 5";
"move container to workspace number 3"; "${modifier}+Shift+6" = "move container to workspace number 6";
"${modifier}+Shift+4" = "${modifier}+Shift+7" = "move container to workspace number 7";
"move container to workspace number 4"; "${modifier}+Shift+8" = "move container to workspace number 8";
"${modifier}+Shift+5" = "${modifier}+Shift+9" = "move container to workspace number 9";
"move container to workspace number 5"; "${modifier}+Shift+0" = "move container to workspace number 10";
"${modifier}+Shift+6" =
"move container to workspace number 6";
"${modifier}+Shift+7" =
"move container to workspace number 7";
"${modifier}+Shift+8" =
"move container to workspace number 8";
"${modifier}+Shift+9" =
"move container to workspace number 9";
"${modifier}+Shift+0" =
"move container to workspace number 10";
"${modifier}+Shift+c" = "reload"; "${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart"; "${modifier}+Shift+r" = "restart";
"${modifier}+Shift+e" = "${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+r" = "mode resize"; "${modifier}+r" = "mode resize";
}; };

176
home/jacob.nix
View File

@ -1,10 +1,14 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
imports = [ imports = [
({ lib, ...}: { ({lib, ...}: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate = pkg:
"zoom" builtins.elem (lib.getName pkg) [
]; "zoom"
];
}) })
]; ];
@ -16,18 +20,21 @@
keyboard = { keyboard = {
layout = "us"; layout = "us";
options = [ "caps:swapescape" "ctrl:ralt_rctrl" ]; options = ["caps:swapescape" "ctrl:ralt_rctrl"];
}; };
packages = with pkgs; [ packages = with pkgs; [
age age
bitwarden bitwarden
chromium chromium
fd
feh feh
file file
#freecad #freecad
fzf
#gnumake #gnumake
hack-font hack-font
jq
inconsolata inconsolata
libreoffice libreoffice
logseq logseq
@ -36,17 +43,24 @@
#openscad #openscad
#pandoc #pandoc
pavucontrol pavucontrol
ripgrep
scli scli
scrot scrot
signal-desktop signal-desktop
sops sops
speedcrunch
spotify-tui spotify-tui
sxiv sxiv
#texlive.combined.scheme-full #texlive.combined.scheme-full
xclip xclip
zathura
zoom-us zoom-us
]; ];
sessionVariables = {
QT_ENABLE_HIGHDPI_SCALING = 1;
};
# This value determines the Home Manager release that your # This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage # configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards # when a new Home Manager release introduces backwards
@ -58,8 +72,21 @@
stateVersion = "22.05"; stateVersion = "22.05";
}; };
accounts.email = { xdg = {
accounts.gmail = { enable = true;
mimeApps = {
enable = true;
associations.added = {
"application/pdf" = ["zathura.desktop"];
};
defaultApplications = {
"application/pdf" = ["zathura.desktop"];
};
};
};
accounts.email.accounts = {
gmail = {
address = "jacob.hinkle@gmail.com"; address = "jacob.hinkle@gmail.com";
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/gmail/password"; passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/gmail/password";
flavor = "gmail.com"; flavor = "gmail.com";
@ -68,13 +95,25 @@
create = "maildir"; create = "maildir";
}; };
notmuch.enable = false; notmuch.enable = false;
primary = true;
realName = "Jacob Hinkle"; realName = "Jacob Hinkle";
}; };
accounts.jhink = { jhink = {
address = "jacob.hinkle@jhink.org"; address = "jacob.hinkle@jhink.org";
imap.host = "mail.privateemail.com"; primary = true;
smtp.host = "mail.privateemail.com"; imap = {
host = "imap.fastmail.com";
tls = {
enable = true;
useStartTls = false;
};
};
smtp = {
host = "smtp.fastmail.com";
tls = {
enable = true;
useStartTls = false;
};
};
flavor = "plain"; flavor = "plain";
userName = "jacob.hinkle@jhink.org"; userName = "jacob.hinkle@jhink.org";
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/jhink/password"; passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/jhink/password";
@ -88,11 +127,10 @@
}; };
programs = { programs = {
bat = { bat.enable = true;
enable = true;
};
direnv = { direnv = {
enable = true; enable = true;
nix-direnv.enable = true;
enableZshIntegration = true; enableZshIntegration = true;
}; };
firefox = { firefox = {
@ -106,28 +144,66 @@
git = { git = {
enable = true; enable = true;
userName = "Jacob Hinkle"; userName = "Jacob Hinkle";
userEmail = "jacob.hinkle@jhink.org"; userEmail = "jacob@jhink.org";
lfs.enable = true; lfs.enable = true;
delta.enable = true; difftastic = {
}; enable = true;
htop = { background = "dark";
enable = true; };
aliases = {
ci = "commit";
lg = "log --pretty=format:\"%C(magenta)%h%Creset -%C(red)%d%Creset %s %C(dim green)(%cr) [%an]\" --abbrev-commit -30";
s = "status";
};
extraConfig = {
color.ui = "auto";
push.default = "simple";
pull.rebase = false;
branch.autosetupmerge = true;
};
}; };
htop.enable = true;
kitty = { kitty = {
enable = true; enable = true;
font = { font = {
name = "Hack"; name = "Hack";
size = 16; size = 24;
}; };
}; };
lazygit.enable = true;
mbsync = { mbsync = {
enable = true; enable = true;
}; };
neovim = { neovim = {
enable = true; enable = true;
extraConfig = ''
set tabstop=4
set softtabstop=4 " enables backspacing, etc
set shiftwidth=4
set expandtab
set tw=80
set bs=2 " allow backspacing over everything in insert mode
set ai " always set autoindenting on
set number relativenumber
set colorcolumn=100
'';
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
#context-vim
#ctrlp
#fzf
#gundo
python-mode
#telescope-nvim
#telescope-fzf-native-nvim
#nvim-treesitter
vim-nix vim-nix
]; ];
vimAlias = true;
};
notmuch = {
enable = true;
}; };
qutebrowser = import ./qutebrowser.nix; qutebrowser = import ./qutebrowser.nix;
rbw = { rbw = {
@ -154,33 +230,58 @@
}; };
}; };
tmux = import ./tmux.nix; tmux = import ./tmux.nix;
xmobar = {
enable = true;
extraConfig = builtins.readFile ./xmobarrc;
};
zsh = { zsh = {
enable = true; enable = true;
enableSyntaxHighlighting = true; enableSyntaxHighlighting = true;
shellAliases = { shellAliases = {
lg = "lazygit";
vim = "nvim"; vim = "nvim";
}; };
sessionVariables = { sessionVariables = {
EDITOR = "nvim"; EDITOR = "nvim";
FZF_DEFAULT_OPTS = "--layout=reverse --inline-info --height=40% --border";
}; };
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = [ plugins = [
"direnv" "direnv"
"git" "git"
"sudo" "sudo"
"vi-mode" "vi-mode"
"fzf"
]; ];
theme = "michelebologna"; # nice clean theme that shows jobs theme = "michelebologna"; # nice clean theme that shows jobs
}; };
# michelebologna theme doesn't have an RPROMPT, but I like the one from the clean theme
initExtra = '' initExtra = ''
# michelebologna theme doesn't have an RPROMPT, but I like the one from
# the clean theme
RPROMPT='[%*]' RPROMPT='[%*]'
# wrap the fzf command with some killable helpers
function vif() {
local fname
fname=$(fzf) || return
vim "$fname"
}
function fcd() {
local dirname
dirname=$(find -type d | fzf) || return
cd "$dirname"
}
''; '';
}; };
}; };
services = { services = {
mbsync = {
enable = true;
verbose = true;
};
spotifyd = { spotifyd = {
enable = true; enable = true;
settings = { settings = {
@ -207,9 +308,24 @@
xsession = { xsession = {
enable = true; enable = true;
windowManager.i3 = { windowManager = {
enable = true; i3 = {
config = import ./i3.nix pkgs; enable = false;
config = import ./i3.nix pkgs;
};
xmonad = {
enable = true;
enableContribAndExtras = true;
extraPackages = haskellPackages:
with haskellPackages; [
#dbus
#List
#monad-logger
xmonad
xmonad-contrib
];
config = ./xmonad.hs;
};
}; };
}; };
} }

4
home/tmux.nix
View File

@ -1,7 +1,7 @@
{ {
enable = true; enable = true;
aggressiveResize = true; aggressiveResize = true;
clock24 = true; clock24 = true;
escapeTime = 0; escapeTime = 0;
historyLimit = 10000; historyLimit = 10000;
keyMode = "vi"; keyMode = "vi";
@ -26,6 +26,6 @@
set-window-option -g window-status-current-style fg=red set-window-option -g window-status-current-style fg=red
# align center the window list # align center the window list
set -g status-justify centre set -g status-justify centre
''; '';
} }

45
home/xmobarrc Normal file
View File

@ -0,0 +1,45 @@
Config { overrideRedirect = False
, font = "xft:iosevka-9"
, bgColor = "#1f1f1f"
, fgColor = "#f8f8f2"
, position = TopW L 90
, commands = [
--Run Weather "EGPF"
--[ "--template", "<weather> <tempF>°F"
--, "-L", "35"
--, "-H", "85"
--, "--low" , "lightblue"
--, "--normal", "#f8f8f2"
--, "--high" , "red"
--] 36000
-- ,
Run Cpu
[ "-L", "3"
, "-H", "50"
, "--high" , "red"
, "--normal", "green"
] 10
, Run BatteryP ["BAT1"]
["-t", "<acstatus><watts> (<left>%)",
"-L", "10", "-H", "80", "-p", "3",
"--", "-O", "<fc=green>On</fc> - ", "-i", "",
"-L", "-15", "-H", "-5",
"-l", "red", "-m", "blue", "-h", "green",
"-a", "notify-send -u critical 'Battery running out!!'",
"-A", "3"]
600
, Run Alsa "default" "Master"
[ "--template", "<volumestatus>"
, "--suffix" , "True"
, "--"
, "--on", ""
]
, Run Memory ["--template", "Mem: <usedratio>%"] 10
, Run Swap [] 10
, Run Date "%a %Y-%m-%d <fc=#8be9fd>%H:%M</fc>" "date" 10
, Run XMonadLog
]
, sepChar = "%"
, alignSep = "}{"
, template = "%XMonadLog% }{ Sound: %alsa:default:Master% | %cpu% | %memory% * %swap% | BAT1: %battery% | %date% "
}

107
home/xmonad.hs Normal file
View File

@ -0,0 +1,107 @@
-- See https://xmonad.org/TUTORIAL.html
import XMonad
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.RotSlaves
import XMonad.Hooks.DynamicLog
import XMonad.Hooks.EwmhDesktops
import XMonad.Hooks.StatusBar
import XMonad.Hooks.StatusBar.PP
import qualified XMonad.StackSet as W
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.Loggers
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns
main :: IO ()
main = xmonad
. ewmhFullscreen
. ewmh
-- . xmobarProp
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
myConfig = def
{ terminal = "kitty tmux new"
, modMask = mod1Mask
, borderWidth = 3
, workspaces = myWorkspaces
, layoutHook = myLayout
}
`additionalKeysP`
-- See below for help defining keymaps
-- https://hackage.haskell.org/package/xmonad-contrib-0.17.1/docs/XMonad-Util-EZConfig.html#v:mkKeymap
([
-- launch programs
("M-'", spawn "qutebrowser")
, ("M-s", spawn "scrot -s")
-- launch a terminal _without_ a new tmux session
, ("M-C-<Return>", spawn "kitty")
-- xrandr commands for when (dis)connecting from external monitor
-- I have temporarily given up on using autorandr fo rthis
, ("M-x", spawn "xrandr --output DP-1 --auto --output eDP-1 --off") -- external
, ("M-c", spawn "xrandr --output eDP-1 --auto --output DP-1 --off") -- laptop only
-- Control monitor brightness
, ("<XF86MonBrightnessUp>", spawn "light -A 10")
, ("<XF86MonBrightnessDown>", spawn "light -U 10")
-- cycle windows within a workspace
, ("M-a", rotAllUp)
, ("M-f", rotAllDown)
-- switch to previous workspace
, ("M-;", toggleWS)
-- Warn (disable shutting down xmonad since we can do that in other ways from a terminal...
, ("M-S-q", spawn "kitty --hold echo M-S-q quits XMonad\\! You probably meant to use M-S-c to close the current window.")
]
++
-- access additional workspaces
[("M-" ++ w, windows $ W.greedyView w) | w <- addlWorkspaces]
++
[("M-S-" ++ w, windows $ W.shift w) | w <- addlWorkspaces]
)
myLayout = threeCol ||| tiled ||| Mirror tiled ||| Full
where
--threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
threeCol = ThreeColMid nmaster delta ratio
tiled = Tall nmaster delta ratio
nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""
addlWorkspaces :: [String]
addlWorkspaces = ["0", "-", "=", "i"]
myWorkspaces :: [String]
myWorkspaces = ["1", "2", "3", "4", "5", "6", "7", "8", "9"] ++ addlWorkspaces

46
machines/buck/configuration.nix
View File

@ -5,10 +5,15 @@
{ config, pkgs, inputs, sops, ... }: { config, pkgs, inputs, sops, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
./hardware-configuration.nix sops,
]; ...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# This lets us pin the nixpkgs registry by default to the nixpkgs used to build this system. # This lets us pin the nixpkgs registry by default to the nixpkgs used to build this system.
# Doing this means we are less likely to require the 30+MB download when # Doing this means we are less likely to require the 30+MB download when
@ -22,7 +27,7 @@
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml"; # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
defaultSopsFile = ../../secrets.yaml; defaultSopsFile = ../../secrets.yaml;
# This will automatically import SSH keys as age keys # This will automatically import SSH keys as age keys
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This is using an age key that is expected to already be in the filesystem # This is using an age key that is expected to already be in the filesystem
#age.keyFile = "/var/lib/sops-nix/key.txt"; #age.keyFile = "/var/lib/sops-nix/key.txt";
# This will generate a new key if the key specified above does not exist # This will generate a new key if the key specified above does not exist
@ -37,9 +42,17 @@
}; };
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader = {
boot.loader.efi.canTouchEfiVariables = true; systemd-boot = {
boot.loader.efi.efiSysMountPoint = "/boot/efi"; enable = true;
# limit number of configurations to save in the boot menu
configurationLimit = 10;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
networking.hostName = "buck"; # Define your hostname. networking.hostName = "buck"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -49,7 +62,7 @@
environmentFile = "/run/secrets/wifi/env"; environmentFile = "/run/secrets/wifi/env";
networks = { networks = {
"@SSID_HOME@" = { "@SSID_HOME@" = {
pskRaw = "@PSKRAW_HOME@"; pskRaw = "@PSKRAW_HOME@";
}; };
}; };
}; };
@ -67,7 +80,6 @@
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8"; i18n.defaultLocale = "en_US.utf8";
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -91,7 +103,7 @@
# List services that you want to enable: # List services that you want to enable:
# Enable sound. # Enable sound.
sound.enable = true; sound.enable = true;
#hardware.raspberry-pi."4".fkms-3d.enable = true; #hardware.raspberry-pi."4".fkms-3d.enable = true;
# Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true;
@ -99,11 +111,11 @@
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.jacob = { users.users.jacob = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = ["wheel"]; # Enable sudo for the user.
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
security.rtkit.enable = true; # recommended for pipewire security.rtkit.enable = true; # recommended for pipewire
# List services that you want to enable: # List services that you want to enable:
services = { services = {
@ -128,7 +140,7 @@
# Enable the X11 windowing system. services.xserver.enable = true; # Enable the X11 windowing system. services.xserver.enable = true;
xserver = { xserver = {
enable = true; enable = true;
#dpi = 180; dpi = 180;
displayManager = { displayManager = {
defaultSession = "none+i3"; defaultSession = "none+i3";
autoLogin = { autoLogin = {
@ -139,7 +151,7 @@
enable = true; enable = true;
greeter.enable = false; greeter.enable = false;
}; };
}; };
libinput = { libinput = {
enable = true; enable = true;
touchpad = { touchpad = {
@ -154,7 +166,7 @@
i3status # gives you the default i3 status bar i3status # gives you the default i3 status bar
i3lock #default i3 screen locker i3lock #default i3 screen locker
i3blocks #if you are planning on using i3blocks over i3status i3blocks #if you are planning on using i3blocks over i3status
]; ];
}; };
}; };
}; };
@ -185,6 +197,6 @@
gc = { gc = {
automatic = true; automatic = true;
}; };
settings.experimental-features = [ "nix-command" "flakes" ]; settings.experimental-features = ["nix-command" "flakes"];
}; };
} }

45
machines/buck/hardware-configuration.nix
View File

@ -1,29 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20"; device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot/efi" = fileSystems."/boot/efi" = {
{ device = "/dev/disk/by-uuid/164F-882B"; device = "/dev/disk/by-uuid/164F-882B";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [
{
device = "/var/swap";
size = 1024 * 8 * 2;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

96
machines/pedro/configuration.nix
View File

@ -19,7 +19,7 @@
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml"; # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
defaultSopsFile = ../../secrets.yaml; defaultSopsFile = ../../secrets.yaml;
# This will automatically import SSH keys as age keys # This will automatically import SSH keys as age keys
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This is using an age key that is expected to already be in the filesystem # This is using an age key that is expected to already be in the filesystem
#age.keyFile = "/var/lib/sops-nix/key.txt"; #age.keyFile = "/var/lib/sops-nix/key.txt";
# This will generate a new key if the key specified above does not exist # This will generate a new key if the key specified above does not exist
@ -36,13 +36,14 @@
boot = { boot = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default) # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
loader = { loader = {
# Enables the generation of /extlinux/extlinux.conf grub.enable = true; # Enables the generation of /extlinux/extlinux.conf grub.enable = true;
#grub.version = 2; grub.device = "/dev/sda"; grub.efiSupport = true; #grub.version = 2; grub.device = "/dev/sda"; grub.efiSupport = true;
systemd-boot.enable = true; systemd-boot.enable = true;
}; };
# ZFS settings # ZFS settings
initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/"; initrd.availableKernelModules = ["usbhid" "usb_storage"];
initrd.supportedFilesystems = ["zfs"]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/";
}; };
# Set your time zone. # Set your time zone.
@ -67,18 +68,64 @@
}; };
}; };
}; };
<<<<<<< HEAD
firewall = import ./firewall.nix; firewall = import ./firewall.nix;
timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default; timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default;
=======
firewall = {
allowedTCPPorts = [
8384
22000 # syncthing
8080
8443
6789
8880
8843
27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
53
8088 # pihole
#3000 # gitea
#8081 # vaultwarden
#8000 # paperless
80
443 # reverse proxy
];
allowedUDPPorts = [
22000
21027 # syncthing
3478
5514
10001
1900
123 # unifi
53 # pihole
];
allowedUDPPortRanges = [
{
from = 5656;
to = 5699;
} # unifi
];
};
timeServers = ["192.168.88.1"] ++ options.networking.timeServers.default;
>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c
}; };
hardware.video.hidpi.enable = false; hardware.video.hidpi.enable = false;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
#hardware.pulseaudio = { #hardware.pulseaudio = {
#enable = true; #enable = true;
#extraModules = [ pkgs.pulseaudio-modules-bt ]; #extraModules = [ pkgs.pulseaudio-modules-bt ];
#package = pkgs.pulseaudioFull; #package = pkgs.pulseaudioFull;
#}; #};
hardware.bluetooth.enable = false; hardware.bluetooth.enable = false;
<<<<<<< HEAD
=======
services.blueman.enable = false;
# Enable CUPS to print documents.
services.printing.enable = false;
>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c
# Enable sound. # Enable sound.
sound.enable = false; sound.enable = false;
@ -86,28 +133,28 @@
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.jacob = { users.users.jacob = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = ["wheel"]; # Enable sudo for the user.
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
# List packages installed in system profile. To search, run: $ nix search wget # List packages installed in system profile. To search, run: $ nix search wget
environment.systemPackages = with pkgs; [ vim git wget ]; environment.systemPackages = with pkgs; [vim git wget];
#environment.variables = { #environment.variables = {
#GDK_SCALE = "2"; #GDK_SCALE = "2";
#GDK_DPI_SCALE = "0.5"; #GDK_DPI_SCALE = "0.5";
#_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2"; #_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2";
#}; #};
# Some programs need SUID wrappers, can be configured further or are started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { # Some programs need SUID wrappers, can be configured further or are started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = {
# enable = true; enableSSHSupport = true; # enable = true; enableSSHSupport = true;
# }; # };
security.rtkit.enable = true; # recommended for pipewire security.rtkit.enable = true; # recommended for pipewire
# enable acme for certbot # enable acme for certbot
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "jacob.hinkle@gmail.com"; email = "jacob.hinkle@gmail.com";
}; };
@ -186,7 +233,7 @@
enable = true; enable = true;
greeter.enable = false; greeter.enable = false;
}; };
}; };
layout = "us"; layout = "us";
libinput.enable = true; libinput.enable = true;
windowManager.i3 = { windowManager.i3 = {
@ -196,7 +243,7 @@
i3status # gives you the default i3 status bar i3status # gives you the default i3 status bar
i3lock #default i3 screen locker i3lock #default i3 screen locker
i3blocks #if you are planning on using i3blocks over i3status i3blocks #if you are planning on using i3blocks over i3status
]; ];
}; };
}; };
@ -205,7 +252,7 @@
trim.enable = true; trim.enable = true;
autoScrub = { autoScrub = {
enable = true; enable = true;
pools = [ "rpool" ]; pools = ["rpool"];
}; };
autoSnapshot = { autoSnapshot = {
enable = true; enable = true;
@ -214,18 +261,17 @@
}; };
}; };
}; };
# Due to bug in home assistant, this workaround is suggested temporarily as of May 6, 2022 # Due to bug in home assistant, this workaround is suggested temporarily as of May 6, 2022
# https://github.com/nix-community/home-manager/issues/2942#issuecomment-1119760100 # https://github.com/nix-community/home-manager/issues/2942#issuecomment-1119760100
#nixpkgs.config.allowUnfree = true; #nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = ( pkg: true ); nixpkgs.config.allowUnfreePredicate = (pkg: true);
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
# This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were taken. Its perfectly fine and recommended to leave this value at the # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were taken. Its perfectly fine and recommended to leave this value at the
# release version of the first install of this system. Before changing this value read the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # release version of the first install of this system. Before changing this value read the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment? system.stateVersion = "22.05"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = ["nix-command" "flakes"];
} }

40
machines/pedro/hardware-configuration-zfs.nix
View File

@ -1,33 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display # high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true; hardware.video.hidpi.enable = lib.mkDefault true;
fileSystems."/" = fileSystems."/" = {
{ device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4";
device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4"; fsType = "vfat";
fsType = "vfat"; };
};
fileSystems."/nix" = fileSystems."/nix" =
{ device = "rpool/nixos/nix"; { device = "rpool/nixos/nix";
@ -111,5 +114,4 @@
randomEncryption = true; randomEncryption = true;
} }
]; ];
} }

2
machines/pedro/nginx.nix
View File

@ -2,7 +2,7 @@
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = let virtualHosts = let
simpleProxy = ip : { simpleProxy = ip: {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''

5
machines/pedro/pihole.nix
View File

@ -1,5 +1,4 @@
serverIP : serverIP: {
{
image = "pihole/pihole:2022.07.1"; image = "pihole/pihole:2022.07.1";
ports = [ ports = [
"${serverIP}:53:53/tcp" "${serverIP}:53:53/tcp"
@ -22,6 +21,6 @@ serverIP :
]; ];
extraOptions = [ extraOptions = [
"--cap-add=NET_ADMIN" "--cap-add=NET_ADMIN"
"--no-hosts" # do not populate internal /etc/hosts with container host's "--no-hosts" # do not populate internal /etc/hosts with container host's
]; ];
} }

7
secrets.yaml
View File

@ -2,9 +2,10 @@ email:
gmail: gmail:
address: ENC[AES256_GCM,data:uWVgCX2nTVJn8HlEMKfU86DsVG9c0A==,iv:uLJk521DET65fizoUUKnLB325fNmSZNc3M9tNqjq2qg=,tag:zSlTWP3VYu0JR0FH0gdCHw==,type:str] address: ENC[AES256_GCM,data:uWVgCX2nTVJn8HlEMKfU86DsVG9c0A==,iv:uLJk521DET65fizoUUKnLB325fNmSZNc3M9tNqjq2qg=,tag:zSlTWP3VYu0JR0FH0gdCHw==,type:str]
password: ENC[AES256_GCM,data:DKB+h3jaX+BP,iv:kdc1NcYVLie3TRCf2qq5x8V3WaSKXKKHDqBDzjpQMDw=,tag:P1mmaKhPcX1yMUxI5I/uXA==,type:str] password: ENC[AES256_GCM,data:DKB+h3jaX+BP,iv:kdc1NcYVLie3TRCf2qq5x8V3WaSKXKKHDqBDzjpQMDw=,tag:P1mmaKhPcX1yMUxI5I/uXA==,type:str]
#ENC[AES256_GCM,data:Otd/3wBbI7DCFsZwyg==,iv:rUajD3QRS4u1kdwpnfS8RQaNbB/WwtHnjDnsYkDe7Po=,tag:SS0lGIqLxmpdiJN1qvZoYg==,type:comment]
jhink: jhink:
address: ENC[AES256_GCM,data:nIuL4Ay343z3lzjiXKnSqPLsqZR96w==,iv:iKQCw/cj70q2Afuf97g3njkEcD5ux4HquXFTZ5K7xHo=,tag:BsnLC1MspQOsMN6qxtY4uQ==,type:str] address: ENC[AES256_GCM,data:nIuL4Ay343z3lzjiXKnSqPLsqZR96w==,iv:iKQCw/cj70q2Afuf97g3njkEcD5ux4HquXFTZ5K7xHo=,tag:BsnLC1MspQOsMN6qxtY4uQ==,type:str]
password: ENC[AES256_GCM,data:/F+gn/TaRqX+,iv:y6aNJb1zG+plXwcKilQLVFEnlemDJUV0PyIicbAD6BU=,tag:A2KPxqB4xZ2erFA/nstovg==,type:str] password: ENC[AES256_GCM,data:db0Wll4B8eXYc70dsIuYbw==,iv:2g4fE2GQyKxiVMkOQqOCPjAISdlXElvWYt0XKPEOWv0=,tag:73ymkTNGUlVccJFXjT40EA==,type:str]
pihole: pihole:
webpassword: ENC[AES256_GCM,data:bqBbGE5M4LUukMh7vQA=,iv:YhKaO2WQq5Ar9aKitgRTbDU2Ld2Cdc0wmrcQZ92lztY=,tag:UGnerGhtQBjO+n4LobdSyg==,type:str] webpassword: ENC[AES256_GCM,data:bqBbGE5M4LUukMh7vQA=,iv:YhKaO2WQq5Ar9aKitgRTbDU2Ld2Cdc0wmrcQZ92lztY=,tag:UGnerGhtQBjO+n4LobdSyg==,type:str]
spotify: spotify:
@ -59,8 +60,8 @@ sops:
WVUwaEIwWTFFTExyT3hLSC9wODhJdGcKWsNIUsT06qYA9vUVeFHQrCdcn2MkHt+w WVUwaEIwWTFFTExyT3hLSC9wODhJdGcKWsNIUsT06qYA9vUVeFHQrCdcn2MkHt+w
Rr7W+4uaNb8Qxo/NUp9kodE9m/fg9XVd8wM7HUP4wJC0rE4GSnFvGg== Rr7W+4uaNb8Qxo/NUp9kodE9m/fg9XVd8wM7HUP4wJC0rE4GSnFvGg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-30T17:05:20Z" lastmodified: "2022-09-27T13:16:21Z"
mac: ENC[AES256_GCM,data:6f2RYsTBhMgLlwDgJ6vj2Jv82kFMNmjwYGV072YrfOE7qwjwcRRFE26L6mVkQ3yOt94wuOMAV/8gbqxY5hqVf1QxdnIiPDisks8yriquGBWM3RJZPA6i4Q8sBDqxA5Q9h/2geaHOpdu5If0XJolwhJOYso5buxWH2nrCIXQQ0B4=,iv:KaOccL/d/NSDI+jVMhbtBdNc/6ysK9nFUEbAHoyZ+lM=,tag:FnHUlPu5xmgJle4UVz0rcg==,type:str] mac: ENC[AES256_GCM,data:UkvaiVtsbMKNeMKlf6N6N0dxQWAUxT2VMQrhMJFqwdyRoFvTQ+4a27sXHIQgr+G+BAnsFBeWFjA3SS+YhHcDYCx1boXMhdoFeNjVZ2TUURX/KazcIwJNGmrt4qMK7BkfUu1mLa58pxie+XSY1MBRwByg7rnLaSJzNiWgqgLRGy0=,iv:7kBE0EKhvesWToa6+At0yWt1IzTWipv0fSvopA2PUXg=,tag:0e+5Gu5Ajw7r3AgeJLg+EQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3