jacob/nix_config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'main' of git.jhink.org:jacob/nix_config

Browse Source
This commit is contained in:
Jacob Hinkle 2022-10-13 09:24:02 -04:00
commit ffe5a7665a
14 changed files with 517 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
flake.lock generated
View File

@ -18,11 +18,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1660407119,
"narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
"lastModified": 1662458987,
"narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
"rev": "504b32caf83986b7e6b9c79c1c13008f83290f19",
"type": "github"
},
"original": {
@ -34,11 +34,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1661864979,
"narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=",
"lastModified": 1662099760,
"narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979",
"rev": "67e45078141102f45eff1589a831aeaa3182b41e",
"type": "github"
},
"original": {
@ -48,38 +48,6 @@
"type": "github"
}
},
"nixpkgs-22_05": {
"locked": {
"lastModified": 1661656705,
"narHash": "sha256-1ujNuL1Tx1dt8dC/kuYS329ZZgiXXmD96axwrqsUY7w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "290dbaacc1f0b783fd8e271b585ec2c8c3b03954",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1661353537,
"narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e304ff0d9db453a4b230e9386418fd974d5804a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
@ -90,15 +58,19 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-22_05": "nixpkgs-22_05"
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_05": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1661660105,
"narHash": "sha256-3ITdkYwsNDh2DRqi7FZOJ92ui92NmcO6Nhj49u+JjWY=",
"lastModified": 1662390490,
"narHash": "sha256-HnFHRFu0eoB0tLOZRjLgVfHzK+4bQzAmAmHSzOquuyI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d92fba1bfc9f64e4ccb533701ddd8590c0d8c74a",
"rev": "044ccfe24b349859cd9efc943e4465cc993ac84e",
"type": "github"
},
"original": {

42
flake.nix
View File

@ -3,35 +3,59 @@
inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixos-22.05;
nixos-hardware.url = github:nixos/nixos-hardware/master;
nixos-hardware = {
url = github:nixos/nixos-hardware/master;
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
#url = "github:nix-community/home-manager";
url = "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = github:Mic92/sops-nix;
sops-nix = {
url = github:Mic92/sops-nix;
# sops-nix uses both -22.05 and -unstable in their flake.
# As far as I can tell, 22.05 is only used for testing, whereas unstable
# is used for the tooling. So here, I let both of these follow our
# nixpkgs input. Note that after NixOS releases, this might break since
# they may do away with 22.05 at that point.
# https://github.com/Mic92/sops-nix/blob/master/flake.nix
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-22_05.follows = "nixpkgs";
};
};
outputs = inputs @ { self, nixpkgs, nixos-hardware, home-manager, sops-nix, ... }:
let
outputs = inputs @ {
self,
nixpkgs,
nixos-hardware,
home-manager,
sops-nix,
...
}: let
system = "x86_64-linux";
homeManagerConfFor = config: { ... }: {
#nixpkgs.overlays = [ nur.overlay ];
imports = [ config ];
};
jacobHome = homeManagerConfFor ./home/jacob.nix;
jacobHomeMod = {
home-manager.useUserPackages = true;
home-manager.users.jacob = jacobHome;
};
mkNixosSystem = extraModules: nixpkgs.lib.nixosSystem {
inherit system;
# see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
specialArgs = { inherit inputs; };
modules = [
home-manager.nixosModules.home-manager {
home-manager.useUserPackages = true;
home-manager.users.jacob = homeManagerConfFor ./home/jacob.nix;
}
home-manager.nixosModules.home-manager
jacobHomeMod
sops-nix.nixosModules.sops
] ++ extraModules;
};
in {
homeManagerConfigurations = {
jacob = jacobHome;
};
nixosConfigurations = {
# Thinkpad T470 laptop
buck = mkNixosSystem [

39
home/i3.nix
View File

@ -1,11 +1,11 @@
pkgs :
rec {
pkgs: rec {
menu = "${pkgs.dmenu}/bin/dmenu_run";
modifier = "Mod1";
terminal = "kitty";
keybindings = let
browser = "qutebrowser";
scrot2clip = pkgs.writeShellScript "scrot2clip"
scrot2clip =
pkgs.writeShellScript "scrot2clip"
"${pkgs.scrot}/bin/scrot -s - | ${pkgs.xclip}/bin/xclip -selection primary -i -t image/png";
in {
"${modifier}+Return" = "exec ${terminal} tmux new";
@ -54,31 +54,20 @@ rec {
"${modifier}+9" = "workspace number 9";
"${modifier}+0" = "workspace number 10";
"${modifier}+Shift+1" =
"move container to workspace number 1";
"${modifier}+Shift+2" =
"move container to workspace number 2";
"${modifier}+Shift+3" =
"move container to workspace number 3";
"${modifier}+Shift+4" =
"move container to workspace number 4";
"${modifier}+Shift+5" =
"move container to workspace number 5";
"${modifier}+Shift+6" =
"move container to workspace number 6";
"${modifier}+Shift+7" =
"move container to workspace number 7";
"${modifier}+Shift+8" =
"move container to workspace number 8";
"${modifier}+Shift+9" =
"move container to workspace number 9";
"${modifier}+Shift+0" =
"move container to workspace number 10";
"${modifier}+Shift+1" = "move container to workspace number 1";
"${modifier}+Shift+2" = "move container to workspace number 2";
"${modifier}+Shift+3" = "move container to workspace number 3";
"${modifier}+Shift+4" = "move container to workspace number 4";
"${modifier}+Shift+5" = "move container to workspace number 5";
"${modifier}+Shift+6" = "move container to workspace number 6";
"${modifier}+Shift+7" = "move container to workspace number 7";
"${modifier}+Shift+8" = "move container to workspace number 8";
"${modifier}+Shift+9" = "move container to workspace number 9";
"${modifier}+Shift+0" = "move container to workspace number 10";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+e" =
"exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+r" = "mode resize";
};

158
home/jacob.nix
View File

@ -1,8 +1,12 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
({ lib, ...}: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
({lib, ...}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"zoom"
];
})
@ -16,18 +20,21 @@
keyboard = {
layout = "us";
options = [ "caps:swapescape" "ctrl:ralt_rctrl" ];
options = ["caps:swapescape" "ctrl:ralt_rctrl"];
};
packages = with pkgs; [
age
bitwarden
chromium
fd
feh
file
#freecad
fzf
#gnumake
hack-font
jq
inconsolata
libreoffice
logseq
@ -36,17 +43,24 @@
#openscad
#pandoc
pavucontrol
ripgrep
scli
scrot
signal-desktop
sops
speedcrunch
spotify-tui
sxiv
#texlive.combined.scheme-full
xclip
zathura
zoom-us
];
sessionVariables = {
QT_ENABLE_HIGHDPI_SCALING = 1;
};
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
@ -58,8 +72,21 @@
stateVersion = "22.05";
};
accounts.email = {
accounts.gmail = {
xdg = {
enable = true;
mimeApps = {
enable = true;
associations.added = {
"application/pdf" = ["zathura.desktop"];
};
defaultApplications = {
"application/pdf" = ["zathura.desktop"];
};
};
};
accounts.email.accounts = {
gmail = {
address = "jacob.hinkle@gmail.com";
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/gmail/password";
flavor = "gmail.com";
@ -68,13 +95,25 @@
create = "maildir";
};
notmuch.enable = false;
primary = true;
realName = "Jacob Hinkle";
};
accounts.jhink = {
jhink = {
address = "jacob.hinkle@jhink.org";
imap.host = "mail.privateemail.com";
smtp.host = "mail.privateemail.com";
primary = true;
imap = {
host = "imap.fastmail.com";
tls = {
enable = true;
useStartTls = false;
};
};
smtp = {
host = "smtp.fastmail.com";
tls = {
enable = true;
useStartTls = false;
};
};
flavor = "plain";
userName = "jacob.hinkle@jhink.org";
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/jhink/password";
@ -88,11 +127,10 @@
};
programs = {
bat = {
enable = true;
};
bat.enable = true;
direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
firefox = {
@ -106,28 +144,66 @@
git = {
enable = true;
userName = "Jacob Hinkle";
userEmail = "jacob.hinkle@jhink.org";
userEmail = "jacob@jhink.org";
lfs.enable = true;
delta.enable = true;
};
htop = {
difftastic = {
enable = true;
background = "dark";
};
aliases = {
ci = "commit";
lg = "log --pretty=format:\"%C(magenta)%h%Creset -%C(red)%d%Creset %s %C(dim green)(%cr) [%an]\" --abbrev-commit -30";
s = "status";
};
extraConfig = {
color.ui = "auto";
push.default = "simple";
pull.rebase = false;
branch.autosetupmerge = true;
};
};
htop.enable = true;
kitty = {
enable = true;
font = {
name = "Hack";
size = 16;
size = 24;
};
};
lazygit.enable = true;
mbsync = {
enable = true;
};
neovim = {
enable = true;
extraConfig = ''
set tabstop=4
set softtabstop=4 " enables backspacing, etc
set shiftwidth=4
set expandtab
set tw=80
set bs=2 " allow backspacing over everything in insert mode
set ai " always set autoindenting on
set number relativenumber
set colorcolumn=100
'';
plugins = with pkgs.vimPlugins; [
#context-vim
#ctrlp
#fzf
#gundo
python-mode
#telescope-nvim
#telescope-fzf-native-nvim
#nvim-treesitter
vim-nix
];
vimAlias = true;
};
notmuch = {
enable = true;
};
qutebrowser = import ./qutebrowser.nix;
rbw = {
@ -154,14 +230,20 @@
};
};
tmux = import ./tmux.nix;
xmobar = {
enable = true;
extraConfig = builtins.readFile ./xmobarrc;
};
zsh = {
enable = true;
enableSyntaxHighlighting = true;
shellAliases = {
lg = "lazygit";
vim = "nvim";
};
sessionVariables = {
EDITOR = "nvim";
FZF_DEFAULT_OPTS = "--layout=reverse --inline-info --height=40% --border";
};
oh-my-zsh = {
enable = true;
@ -170,17 +252,36 @@
"git"
"sudo"
"vi-mode"
"fzf"
];
theme = "michelebologna"; # nice clean theme that shows jobs
};
# michelebologna theme doesn't have an RPROMPT, but I like the one from the clean theme
initExtra = ''
# michelebologna theme doesn't have an RPROMPT, but I like the one from
# the clean theme
RPROMPT='[%*]'
# wrap the fzf command with some killable helpers
function vif() {
local fname
fname=$(fzf) || return
vim "$fname"
}
function fcd() {
local dirname
dirname=$(find -type d | fzf) || return
cd "$dirname"
}
'';
};
};
services = {
mbsync = {
enable = true;
verbose = true;
};
spotifyd = {
enable = true;
settings = {
@ -207,9 +308,24 @@
xsession = {
enable = true;
windowManager.i3 = {
enable = true;
windowManager = {
i3 = {
enable = false;
config = import ./i3.nix pkgs;
};
xmonad = {
enable = true;
enableContribAndExtras = true;
extraPackages = haskellPackages:
with haskellPackages; [
#dbus
#List
#monad-logger
xmonad
xmonad-contrib
];
config = ./xmonad.hs;
};
};
};
}

45
home/xmobarrc Normal file
View File

@ -0,0 +1,45 @@
Config { overrideRedirect = False
, font = "xft:iosevka-9"
, bgColor = "#1f1f1f"
, fgColor = "#f8f8f2"
, position = TopW L 90
, commands = [
--Run Weather "EGPF"
--[ "--template", "<weather> <tempF>°F"
--, "-L", "35"
--, "-H", "85"
--, "--low" , "lightblue"
--, "--normal", "#f8f8f2"
--, "--high" , "red"
--] 36000
-- ,
Run Cpu
[ "-L", "3"
, "-H", "50"
, "--high" , "red"
, "--normal", "green"
] 10
, Run BatteryP ["BAT1"]
["-t", "<acstatus><watts> (<left>%)",
"-L", "10", "-H", "80", "-p", "3",
"--", "-O", "<fc=green>On</fc> - ", "-i", "",
"-L", "-15", "-H", "-5",
"-l", "red", "-m", "blue", "-h", "green",
"-a", "notify-send -u critical 'Battery running out!!'",
"-A", "3"]
600
, Run Alsa "default" "Master"
[ "--template", "<volumestatus>"
, "--suffix" , "True"
, "--"
, "--on", ""
]
, Run Memory ["--template", "Mem: <usedratio>%"] 10
, Run Swap [] 10
, Run Date "%a %Y-%m-%d <fc=#8be9fd>%H:%M</fc>" "date" 10
, Run XMonadLog
]
, sepChar = "%"
, alignSep = "}{"
, template = "%XMonadLog% }{ Sound: %alsa:default:Master% | %cpu% | %memory% * %swap% | BAT1: %battery% | %date% "
}

107
home/xmonad.hs Normal file
View File

@ -0,0 +1,107 @@
-- See https://xmonad.org/TUTORIAL.html
import XMonad
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.RotSlaves
import XMonad.Hooks.DynamicLog
import XMonad.Hooks.EwmhDesktops
import XMonad.Hooks.StatusBar
import XMonad.Hooks.StatusBar.PP
import qualified XMonad.StackSet as W
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.Loggers
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns
main :: IO ()
main = xmonad
. ewmhFullscreen
. ewmh
-- . xmobarProp
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
myConfig = def
{ terminal = "kitty tmux new"
, modMask = mod1Mask
, borderWidth = 3
, workspaces = myWorkspaces
, layoutHook = myLayout
}
`additionalKeysP`
-- See below for help defining keymaps
-- https://hackage.haskell.org/package/xmonad-contrib-0.17.1/docs/XMonad-Util-EZConfig.html#v:mkKeymap
([
-- launch programs
("M-'", spawn "qutebrowser")
, ("M-s", spawn "scrot -s")
-- launch a terminal _without_ a new tmux session
, ("M-C-<Return>", spawn "kitty")
-- xrandr commands for when (dis)connecting from external monitor
-- I have temporarily given up on using autorandr fo rthis
, ("M-x", spawn "xrandr --output DP-1 --auto --output eDP-1 --off") -- external
, ("M-c", spawn "xrandr --output eDP-1 --auto --output DP-1 --off") -- laptop only
-- Control monitor brightness
, ("<XF86MonBrightnessUp>", spawn "light -A 10")
, ("<XF86MonBrightnessDown>", spawn "light -U 10")
-- cycle windows within a workspace
, ("M-a", rotAllUp)
, ("M-f", rotAllDown)
-- switch to previous workspace
, ("M-;", toggleWS)
-- Warn (disable shutting down xmonad since we can do that in other ways from a terminal...
, ("M-S-q", spawn "kitty --hold echo M-S-q quits XMonad\\! You probably meant to use M-S-c to close the current window.")
]
++
-- access additional workspaces
[("M-" ++ w, windows $ W.greedyView w) | w <- addlWorkspaces]
++
[("M-S-" ++ w, windows $ W.shift w) | w <- addlWorkspaces]
)
myLayout = threeCol ||| tiled ||| Mirror tiled ||| Full
where
--threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
threeCol = ThreeColMid nmaster delta ratio
tiled = Tall nmaster delta ratio
nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""
addlWorkspaces :: [String]
addlWorkspaces = ["0", "-", "=", "i"]
myWorkspaces :: [String]
myWorkspaces = ["1", "2", "3", "4", "5", "6", "7", "8", "9"] ++ addlWorkspaces

32
machines/buck/configuration.nix
View File

@ -5,8 +5,13 @@
{ config, pkgs, inputs, sops, ... }:
{
imports =
[ # Include the results of the hardware scan.
config,
pkgs,
sops,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
@ -22,7 +27,7 @@
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
defaultSopsFile = ../../secrets.yaml;
# This will automatically import SSH keys as age keys
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This is using an age key that is expected to already be in the filesystem
#age.keyFile = "/var/lib/sops-nix/key.txt";
# This will generate a new key if the key specified above does not exist
@ -37,9 +42,17 @@
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader = {
systemd-boot = {
enable = true;
# limit number of configurations to save in the boot menu
configurationLimit = 10;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
networking.hostName = "buck"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -67,7 +80,6 @@
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
@ -99,7 +111,7 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.jacob = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
extraGroups = ["wheel"]; # Enable sudo for the user.
shell = pkgs.zsh;
};
@ -128,7 +140,7 @@
# Enable the X11 windowing system. services.xserver.enable = true;
xserver = {
enable = true;
#dpi = 180;
dpi = 180;
displayManager = {
defaultSession = "none+i3";
autoLogin = {
@ -185,6 +197,6 @@
gc = {
automatic = true;
};
settings.experimental-features = [ "nix-command" "flakes" ];
settings.experimental-features = ["nix-command" "flakes"];
};
}

35
machines/buck/hardware-configuration.nix
View File

@ -1,29 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20";
fileSystems."/" = {
device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/164F-882B";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/164F-882B";
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [
{
device = "/var/swap";
size = 1024 * 8 * 2;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

62
machines/pedro/configuration.nix
View File

@ -19,7 +19,7 @@
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
defaultSopsFile = ../../secrets.yaml;
# This will automatically import SSH keys as age keys
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This is using an age key that is expected to already be in the filesystem
#age.keyFile = "/var/lib/sops-nix/key.txt";
# This will generate a new key if the key specified above does not exist
@ -42,7 +42,8 @@
};
# ZFS settings
initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/";
initrd.availableKernelModules = ["usbhid" "usb_storage"];
initrd.supportedFilesystems = ["zfs"]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/";
};
# Set your time zone.
@ -67,8 +68,47 @@
};
};
};
<<<<<<< HEAD
firewall = import ./firewall.nix;
timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default;
=======
firewall = {
allowedTCPPorts = [
8384
22000 # syncthing
8080
8443
6789
8880
8843
27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
53
8088 # pihole
#3000 # gitea
#8081 # vaultwarden
#8000 # paperless
80
443 # reverse proxy
];
allowedUDPPorts = [
22000
21027 # syncthing
3478
5514
10001
1900
123 # unifi
53 # pihole
];
allowedUDPPortRanges = [
{
from = 5656;
to = 5699;
} # unifi
];
};
timeServers = ["192.168.88.1"] ++ options.networking.timeServers.default;
>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c
};
hardware.video.hidpi.enable = false;
@ -79,6 +119,13 @@
#package = pkgs.pulseaudioFull;
#};
hardware.bluetooth.enable = false;
<<<<<<< HEAD
=======
services.blueman.enable = false;
# Enable CUPS to print documents.
services.printing.enable = false;
>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c
# Enable sound.
sound.enable = false;
@ -86,12 +133,12 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.jacob = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
extraGroups = ["wheel"]; # Enable sudo for the user.
shell = pkgs.zsh;
};
# List packages installed in system profile. To search, run: $ nix search wget
environment.systemPackages = with pkgs; [ vim git wget ];
environment.systemPackages = with pkgs; [vim git wget];
#environment.variables = {
#GDK_SCALE = "2";
@ -205,7 +252,7 @@
trim.enable = true;
autoScrub = {
enable = true;
pools = [ "rpool" ];
pools = ["rpool"];
};
autoSnapshot = {
enable = true;
@ -218,7 +265,7 @@
# Due to bug in home assistant, this workaround is suggested temporarily as of May 6, 2022
# https://github.com/nix-community/home-manager/issues/2942#issuecomment-1119760100
#nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = ( pkg: true );
nixpkgs.config.allowUnfreePredicate = (pkg: true);
powerManagement.cpuFreqGovernor = "ondemand";
@ -226,6 +273,5 @@
# release version of the first install of this system. Before changing this value read the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = ["nix-command" "flakes"];
}

28
machines/pedro/hardware-configuration-zfs.nix
View File

@ -1,30 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
fileSystems."/" =
{ device = "none";
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{
fileSystems."/boot" = {
device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4";
fsType = "vfat";
};
@ -111,5 +114,4 @@
randomEncryption = true;
}
];
}

2
machines/pedro/nginx.nix
View File

@ -2,7 +2,7 @@
enable = true;
recommendedProxySettings = true;
virtualHosts = let
simpleProxy = ip : {
simpleProxy = ip: {
forceSSL = true;
enableACME = true;
extraConfig = ''

3
machines/pedro/pihole.nix
View File

@ -1,5 +1,4 @@
serverIP :
{
serverIP: {
image = "pihole/pihole:2022.07.1";
ports = [
"${serverIP}:53:53/tcp"

7
secrets.yaml
View File

@ -2,9 +2,10 @@ email:
gmail:
address: ENC[AES256_GCM,data:uWVgCX2nTVJn8HlEMKfU86DsVG9c0A==,iv:uLJk521DET65fizoUUKnLB325fNmSZNc3M9tNqjq2qg=,tag:zSlTWP3VYu0JR0FH0gdCHw==,type:str]
password: ENC[AES256_GCM,data:DKB+h3jaX+BP,iv:kdc1NcYVLie3TRCf2qq5x8V3WaSKXKKHDqBDzjpQMDw=,tag:P1mmaKhPcX1yMUxI5I/uXA==,type:str]
#ENC[AES256_GCM,data:Otd/3wBbI7DCFsZwyg==,iv:rUajD3QRS4u1kdwpnfS8RQaNbB/WwtHnjDnsYkDe7Po=,tag:SS0lGIqLxmpdiJN1qvZoYg==,type:comment]
jhink:
address: ENC[AES256_GCM,data:nIuL4Ay343z3lzjiXKnSqPLsqZR96w==,iv:iKQCw/cj70q2Afuf97g3njkEcD5ux4HquXFTZ5K7xHo=,tag:BsnLC1MspQOsMN6qxtY4uQ==,type:str]
password: ENC[AES256_GCM,data:/F+gn/TaRqX+,iv:y6aNJb1zG+plXwcKilQLVFEnlemDJUV0PyIicbAD6BU=,tag:A2KPxqB4xZ2erFA/nstovg==,type:str]
password: ENC[AES256_GCM,data:db0Wll4B8eXYc70dsIuYbw==,iv:2g4fE2GQyKxiVMkOQqOCPjAISdlXElvWYt0XKPEOWv0=,tag:73ymkTNGUlVccJFXjT40EA==,type:str]
pihole:
webpassword: ENC[AES256_GCM,data:bqBbGE5M4LUukMh7vQA=,iv:YhKaO2WQq5Ar9aKitgRTbDU2Ld2Cdc0wmrcQZ92lztY=,tag:UGnerGhtQBjO+n4LobdSyg==,type:str]
spotify:
@ -59,8 +60,8 @@ sops:
WVUwaEIwWTFFTExyT3hLSC9wODhJdGcKWsNIUsT06qYA9vUVeFHQrCdcn2MkHt+w
Rr7W+4uaNb8Qxo/NUp9kodE9m/fg9XVd8wM7HUP4wJC0rE4GSnFvGg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-30T17:05:20Z"
mac: ENC[AES256_GCM,data:6f2RYsTBhMgLlwDgJ6vj2Jv82kFMNmjwYGV072YrfOE7qwjwcRRFE26L6mVkQ3yOt94wuOMAV/8gbqxY5hqVf1QxdnIiPDisks8yriquGBWM3RJZPA6i4Q8sBDqxA5Q9h/2geaHOpdu5If0XJolwhJOYso5buxWH2nrCIXQQ0B4=,iv:KaOccL/d/NSDI+jVMhbtBdNc/6ysK9nFUEbAHoyZ+lM=,tag:FnHUlPu5xmgJle4UVz0rcg==,type:str]
lastmodified: "2022-09-27T13:16:21Z"
mac: ENC[AES256_GCM,data:UkvaiVtsbMKNeMKlf6N6N0dxQWAUxT2VMQrhMJFqwdyRoFvTQ+4a27sXHIQgr+G+BAnsFBeWFjA3SS+YhHcDYCx1boXMhdoFeNjVZ2TUURX/KazcIwJNGmrt4qMK7BkfUu1mLa58pxie+XSY1MBRwByg7rnLaSJzNiWgqgLRGy0=,iv:7kBE0EKhvesWToa6+At0yWt1IzTWipv0fSvopA2PUXg=,tag:0e+5Gu5Ajw7r3AgeJLg+EQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3