jacob/nix_config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'main' of git.jhink.org:jacob/nix_config

Browse Source
This commit is contained in:
Jacob Hinkle 2022-10-13 09:24:02 -04:00
commit ffe5a7665a
14 changed files with 517 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
flake.lock generated
View File

@ -18,11 +18,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1660407119,
"narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
"lastModified": 1662458987,
"narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
"rev": "504b32caf83986b7e6b9c79c1c13008f83290f19",
"type": "github"
},
"original": {
@ -34,11 +34,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1661864979,
"narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=",
"lastModified": 1662099760,
"narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979",
"rev": "67e45078141102f45eff1589a831aeaa3182b41e",
"type": "github"
},
"original": {
@ -48,38 +48,6 @@
"type": "github"
}
},
"nixpkgs-22_05": {
"locked": {
"lastModified": 1661656705,
"narHash": "sha256-1ujNuL1Tx1dt8dC/kuYS329ZZgiXXmD96axwrqsUY7w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "290dbaacc1f0b783fd8e271b585ec2c8c3b03954",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1661353537,
"narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e304ff0d9db453a4b230e9386418fd974d5804a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
@ -90,15 +58,19 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-22_05": "nixpkgs-22_05"
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-22_05": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1661660105,
"narHash": "sha256-3ITdkYwsNDh2DRqi7FZOJ92ui92NmcO6Nhj49u+JjWY=",
"lastModified": 1662390490,
"narHash": "sha256-HnFHRFu0eoB0tLOZRjLgVfHzK+4bQzAmAmHSzOquuyI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d92fba1bfc9f64e4ccb533701ddd8590c0d8c74a",
"rev": "044ccfe24b349859cd9efc943e4465cc993ac84e",
"type": "github"
},
"original": {

42
flake.nix
View File

@ -3,35 +3,59 @@
inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixos-22.05;
nixos-hardware.url = github:nixos/nixos-hardware/master;
nixos-hardware = {
url = github:nixos/nixos-hardware/master;
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
#url = "github:nix-community/home-manager";
url = "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix.url = github:Mic92/sops-nix;
sops-nix = {
url = github:Mic92/sops-nix;
# sops-nix uses both -22.05 and -unstable in their flake.
# As far as I can tell, 22.05 is only used for testing, whereas unstable
# is used for the tooling. So here, I let both of these follow our
# nixpkgs input. Note that after NixOS releases, this might break since
# they may do away with 22.05 at that point.
# https://github.com/Mic92/sops-nix/blob/master/flake.nix
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-22_05.follows = "nixpkgs";
};
};
outputs = inputs @ { self, nixpkgs, nixos-hardware, home-manager, sops-nix, ... }:
let
outputs = inputs @ {
self,
nixpkgs,
nixos-hardware,
home-manager,
sops-nix,
...
}: let
system = "x86_64-linux";
homeManagerConfFor = config: { ... }: {
#nixpkgs.overlays = [ nur.overlay ];
imports = [ config ];
};
jacobHome = homeManagerConfFor ./home/jacob.nix;
jacobHomeMod = {
home-manager.useUserPackages = true;
home-manager.users.jacob = jacobHome;
};
mkNixosSystem = extraModules: nixpkgs.lib.nixosSystem {
inherit system;
# see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
specialArgs = { inherit inputs; };
modules = [
home-manager.nixosModules.home-manager {
home-manager.useUserPackages = true;
home-manager.users.jacob = homeManagerConfFor ./home/jacob.nix;
}
home-manager.nixosModules.home-manager
jacobHomeMod
sops-nix.nixosModules.sops
] ++ extraModules;
};
in {
homeManagerConfigurations = {
jacob = jacobHome;
};
nixosConfigurations = {
# Thinkpad T470 laptop
buck = mkNixosSystem [

39
home/i3.nix
View File

@ -1,11 +1,11 @@
pkgs :
rec {
pkgs: rec {
menu = "${pkgs.dmenu}/bin/dmenu_run";
modifier = "Mod1";
terminal = "kitty";
keybindings = let
browser = "qutebrowser";
scrot2clip = pkgs.writeShellScript "scrot2clip"
scrot2clip =
pkgs.writeShellScript "scrot2clip"
"${pkgs.scrot}/bin/scrot -s - | ${pkgs.xclip}/bin/xclip -selection primary -i -t image/png";
in {
"${modifier}+Return" = "exec ${terminal} tmux new";
@ -54,31 +54,20 @@ rec {
"${modifier}+9" = "workspace number 9";
"${modifier}+0" = "workspace number 10";
"${modifier}+Shift+1" =
"move container to workspace number 1";
"${modifier}+Shift+2" =
"move container to workspace number 2";
"${modifier}+Shift+3" =
"move container to workspace number 3";
"${modifier}+Shift+4" =
"move container to workspace number 4";
"${modifier}+Shift+5" =
"move container to workspace number 5";
"${modifier}+Shift+6" =
"move container to workspace number 6";
"${modifier}+Shift+7" =
"move container to workspace number 7";
"${modifier}+Shift+8" =
"move container to workspace number 8";
"${modifier}+Shift+9" =
"move container to workspace number 9";
"${modifier}+Shift+0" =
"move container to workspace number 10";
"${modifier}+Shift+1" = "move container to workspace number 1";
"${modifier}+Shift+2" = "move container to workspace number 2";
"${modifier}+Shift+3" = "move container to workspace number 3";
"${modifier}+Shift+4" = "move container to workspace number 4";
"${modifier}+Shift+5" = "move container to workspace number 5";
"${modifier}+Shift+6" = "move container to workspace number 6";
"${modifier}+Shift+7" = "move container to workspace number 7";
"${modifier}+Shift+8" = "move container to workspace number 8";
"${modifier}+Shift+9" = "move container to workspace number 9";
"${modifier}+Shift+0" = "move container to workspace number 10";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+e" =
"exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+r" = "mode resize";
};

176
home/jacob.nix
View File

@ -1,10 +1,14 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
({ lib, ...}: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"zoom"
];
({lib, ...}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"zoom"
];
})
];
@ -16,18 +20,21 @@
keyboard = {
layout = "us";
options = [ "caps:swapescape" "ctrl:ralt_rctrl" ];
options = ["caps:swapescape" "ctrl:ralt_rctrl"];
};
packages = with pkgs; [
age
bitwarden
chromium
fd
feh
file
#freecad
fzf
#gnumake
hack-font
jq
inconsolata
libreoffice
logseq
@ -36,17 +43,24 @@
#openscad
#pandoc
pavucontrol
ripgrep
scli
scrot
signal-desktop
sops
speedcrunch
spotify-tui
sxiv
#texlive.combined.scheme-full
xclip
zathura
zoom-us
];
sessionVariables = {
QT_ENABLE_HIGHDPI_SCALING = 1;
};
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
@ -58,8 +72,21 @@
stateVersion = "22.05";
};
accounts.email = {
accounts.gmail = {
xdg = {
enable = true;
mimeApps = {
enable = true;
associations.added = {
"application/pdf" = ["zathura.desktop"];
};
defaultApplications = {
"application/pdf" = ["zathura.desktop"];
};
};
};
accounts.email.accounts = {
gmail = {
address = "jacob.hinkle@gmail.com";
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/gmail/password";
flavor = "gmail.com";
@ -68,13 +95,25 @@
create = "maildir";
};
notmuch.enable = false;
primary = true;
realName = "Jacob Hinkle";
};
accounts.jhink = {
jhink = {
address = "jacob.hinkle@jhink.org";
imap.host = "mail.privateemail.com";
smtp.host = "mail.privateemail.com";
primary = true;
imap = {
host = "imap.fastmail.com";
tls = {
enable = true;
useStartTls = false;
};
};
smtp = {
host = "smtp.fastmail.com";
tls = {
enable = true;
useStartTls = false;
};
};
flavor = "plain";
userName = "jacob.hinkle@jhink.org";
passwordCommand = "${pkgs.coreutils}/bin/cat /run/secrets/email/jhink/password";
@ -88,11 +127,10 @@
};
programs = {
bat = {
enable = true;
};
bat.enable = true;
direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
firefox = {
@ -106,28 +144,66 @@
git = {
enable = true;
userName = "Jacob Hinkle";
userEmail = "jacob.hinkle@jhink.org";
userEmail = "jacob@jhink.org";
lfs.enable = true;
delta.enable = true;
};
htop = {
enable = true;
difftastic = {
enable = true;
background = "dark";
};
aliases = {
ci = "commit";
lg = "log --pretty=format:\"%C(magenta)%h%Creset -%C(red)%d%Creset %s %C(dim green)(%cr) [%an]\" --abbrev-commit -30";
s = "status";
};
extraConfig = {
color.ui = "auto";
push.default = "simple";
pull.rebase = false;
branch.autosetupmerge = true;
};
};
htop.enable = true;
kitty = {
enable = true;
font = {
name = "Hack";
size = 16;
size = 24;
};
};
lazygit.enable = true;
mbsync = {
enable = true;
};
neovim = {
enable = true;
extraConfig = ''
set tabstop=4
set softtabstop=4 " enables backspacing, etc
set shiftwidth=4
set expandtab
set tw=80
set bs=2 " allow backspacing over everything in insert mode
set ai " always set autoindenting on
set number relativenumber
set colorcolumn=100
'';
plugins = with pkgs.vimPlugins; [
#context-vim
#ctrlp
#fzf
#gundo
python-mode
#telescope-nvim
#telescope-fzf-native-nvim
#nvim-treesitter
vim-nix
];
vimAlias = true;
};
notmuch = {
enable = true;
};
qutebrowser = import ./qutebrowser.nix;
rbw = {
@ -154,33 +230,58 @@
};
};
tmux = import ./tmux.nix;
xmobar = {
enable = true;
extraConfig = builtins.readFile ./xmobarrc;
};
zsh = {
enable = true;
enableSyntaxHighlighting = true;
shellAliases = {
lg = "lazygit";
vim = "nvim";
};
sessionVariables = {
EDITOR = "nvim";
FZF_DEFAULT_OPTS = "--layout=reverse --inline-info --height=40% --border";
};
oh-my-zsh = {
enable = true;
plugins = [
"direnv"
"git"
"sudo"
"vi-mode"
"direnv"
"git"
"sudo"
"vi-mode"
"fzf"
];
theme = "michelebologna"; # nice clean theme that shows jobs
theme = "michelebologna"; # nice clean theme that shows jobs
};
# michelebologna theme doesn't have an RPROMPT, but I like the one from the clean theme
initExtra = ''
# michelebologna theme doesn't have an RPROMPT, but I like the one from
# the clean theme
RPROMPT='[%*]'
# wrap the fzf command with some killable helpers
function vif() {
local fname
fname=$(fzf) || return
vim "$fname"
}
function fcd() {
local dirname
dirname=$(find -type d | fzf) || return
cd "$dirname"
}
'';
};
};
services = {
mbsync = {
enable = true;
verbose = true;
};
spotifyd = {
enable = true;
settings = {
@ -207,9 +308,24 @@
xsession = {
enable = true;
windowManager.i3 = {
enable = true;
config = import ./i3.nix pkgs;
windowManager = {
i3 = {
enable = false;
config = import ./i3.nix pkgs;
};
xmonad = {
enable = true;
enableContribAndExtras = true;
extraPackages = haskellPackages:
with haskellPackages; [
#dbus
#List
#monad-logger
xmonad
xmonad-contrib
];
config = ./xmonad.hs;
};
};
};
}

4
home/tmux.nix
View File

@ -1,7 +1,7 @@
{
enable = true;
aggressiveResize = true;
clock24 = true;
clock24 = true;
escapeTime = 0;
historyLimit = 10000;
keyMode = "vi";
@ -26,6 +26,6 @@
set-window-option -g window-status-current-style fg=red
# align center the window list
set -g status-justify centre
'';
}

45
home/xmobarrc Normal file
View File

@ -0,0 +1,45 @@
Config { overrideRedirect = False
, font = "xft:iosevka-9"
, bgColor = "#1f1f1f"
, fgColor = "#f8f8f2"
, position = TopW L 90
, commands = [
--Run Weather "EGPF"
--[ "--template", "<weather> <tempF>°F"
--, "-L", "35"
--, "-H", "85"
--, "--low" , "lightblue"
--, "--normal", "#f8f8f2"
--, "--high" , "red"
--] 36000
-- ,
Run Cpu
[ "-L", "3"
, "-H", "50"
, "--high" , "red"
, "--normal", "green"
] 10
, Run BatteryP ["BAT1"]
["-t", "<acstatus><watts> (<left>%)",
"-L", "10", "-H", "80", "-p", "3",
"--", "-O", "<fc=green>On</fc> - ", "-i", "",
"-L", "-15", "-H", "-5",
"-l", "red", "-m", "blue", "-h", "green",
"-a", "notify-send -u critical 'Battery running out!!'",
"-A", "3"]
600
, Run Alsa "default" "Master"
[ "--template", "<volumestatus>"
, "--suffix" , "True"
, "--"
, "--on", ""
]
, Run Memory ["--template", "Mem: <usedratio>%"] 10
, Run Swap [] 10
, Run Date "%a %Y-%m-%d <fc=#8be9fd>%H:%M</fc>" "date" 10
, Run XMonadLog
]
, sepChar = "%"
, alignSep = "}{"
, template = "%XMonadLog% }{ Sound: %alsa:default:Master% | %cpu% | %memory% * %swap% | BAT1: %battery% | %date% "
}

107
home/xmonad.hs Normal file
View File

@ -0,0 +1,107 @@
-- See https://xmonad.org/TUTORIAL.html
import XMonad
import XMonad.Actions.CycleWS (toggleWS)
import XMonad.Actions.RotSlaves
import XMonad.Hooks.DynamicLog
import XMonad.Hooks.EwmhDesktops
import XMonad.Hooks.StatusBar
import XMonad.Hooks.StatusBar.PP
import qualified XMonad.StackSet as W
import XMonad.Util.EZConfig (additionalKeysP)
import XMonad.Util.Loggers
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns
main :: IO ()
main = xmonad
. ewmhFullscreen
. ewmh
-- . xmobarProp
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
myConfig = def
{ terminal = "kitty tmux new"
, modMask = mod1Mask
, borderWidth = 3
, workspaces = myWorkspaces
, layoutHook = myLayout
}
`additionalKeysP`
-- See below for help defining keymaps
-- https://hackage.haskell.org/package/xmonad-contrib-0.17.1/docs/XMonad-Util-EZConfig.html#v:mkKeymap
([
-- launch programs
("M-'", spawn "qutebrowser")
, ("M-s", spawn "scrot -s")
-- launch a terminal _without_ a new tmux session
, ("M-C-<Return>", spawn "kitty")
-- xrandr commands for when (dis)connecting from external monitor
-- I have temporarily given up on using autorandr fo rthis
, ("M-x", spawn "xrandr --output DP-1 --auto --output eDP-1 --off") -- external
, ("M-c", spawn "xrandr --output eDP-1 --auto --output DP-1 --off") -- laptop only
-- Control monitor brightness
, ("<XF86MonBrightnessUp>", spawn "light -A 10")
, ("<XF86MonBrightnessDown>", spawn "light -U 10")
-- cycle windows within a workspace
, ("M-a", rotAllUp)
, ("M-f", rotAllDown)
-- switch to previous workspace
, ("M-;", toggleWS)
-- Warn (disable shutting down xmonad since we can do that in other ways from a terminal...
, ("M-S-q", spawn "kitty --hold echo M-S-q quits XMonad\\! You probably meant to use M-S-c to close the current window.")
]
++
-- access additional workspaces
[("M-" ++ w, windows $ W.greedyView w) | w <- addlWorkspaces]
++
[("M-S-" ++ w, windows $ W.shift w) | w <- addlWorkspaces]
)
myLayout = threeCol ||| tiled ||| Mirror tiled ||| Full
where
--threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
threeCol = ThreeColMid nmaster delta ratio
tiled = Tall nmaster delta ratio
nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""
addlWorkspaces :: [String]
addlWorkspaces = ["0", "-", "=", "i"]
myWorkspaces :: [String]
myWorkspaces = ["1", "2", "3", "4", "5", "6", "7", "8", "9"] ++ addlWorkspaces

46
machines/buck/configuration.nix
View File

@ -5,10 +5,15 @@
{ config, pkgs, inputs, sops, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
config,
pkgs,
sops,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# This lets us pin the nixpkgs registry by default to the nixpkgs used to build this system.
# Doing this means we are less likely to require the 30+MB download when
@ -22,7 +27,7 @@
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
defaultSopsFile = ../../secrets.yaml;
# This will automatically import SSH keys as age keys
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This is using an age key that is expected to already be in the filesystem
#age.keyFile = "/var/lib/sops-nix/key.txt";
# This will generate a new key if the key specified above does not exist
@ -37,9 +42,17 @@
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader = {
systemd-boot = {
enable = true;
# limit number of configurations to save in the boot menu
configurationLimit = 10;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
networking.hostName = "buck"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -49,7 +62,7 @@
environmentFile = "/run/secrets/wifi/env";
networks = {
"@SSID_HOME@" = {
pskRaw = "@PSKRAW_HOME@";
pskRaw = "@PSKRAW_HOME@";
};
};
};
@ -67,7 +80,6 @@
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
@ -91,7 +103,7 @@
# List services that you want to enable:
# Enable sound.
sound.enable = true;
#hardware.raspberry-pi."4".fkms-3d.enable = true;
# Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true;
@ -99,11 +111,11 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.jacob = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
extraGroups = ["wheel"]; # Enable sudo for the user.
shell = pkgs.zsh;
};
security.rtkit.enable = true; # recommended for pipewire
security.rtkit.enable = true; # recommended for pipewire
# List services that you want to enable:
services = {
@ -128,7 +140,7 @@
# Enable the X11 windowing system. services.xserver.enable = true;
xserver = {
enable = true;
#dpi = 180;
dpi = 180;
displayManager = {
defaultSession = "none+i3";
autoLogin = {
@ -139,7 +151,7 @@
enable = true;
greeter.enable = false;
};
};
};
libinput = {
enable = true;
touchpad = {
@ -154,7 +166,7 @@
i3status # gives you the default i3 status bar
i3lock #default i3 screen locker
i3blocks #if you are planning on using i3blocks over i3status
];
];
};
};
};
@ -185,6 +197,6 @@
gc = {
automatic = true;
};
settings.experimental-features = [ "nix-command" "flakes" ];
settings.experimental-features = ["nix-command" "flakes"];
};
}

45
machines/buck/hardware-configuration.nix
View File

@ -1,29 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/cc13728f-a446-49db-98fc-51db875bba20";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/164F-882B";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/164F-882B";
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [
{
device = "/var/swap";
size = 1024 * 8 * 2;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

96
machines/pedro/configuration.nix
View File

@ -19,7 +19,7 @@
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
defaultSopsFile = ../../secrets.yaml;
# This will automatically import SSH keys as age keys
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This is using an age key that is expected to already be in the filesystem
#age.keyFile = "/var/lib/sops-nix/key.txt";
# This will generate a new key if the key specified above does not exist
@ -36,13 +36,14 @@
boot = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
loader = {
# Enables the generation of /extlinux/extlinux.conf grub.enable = true;
#grub.version = 2; grub.device = "/dev/sda"; grub.efiSupport = true;
systemd-boot.enable = true;
# Enables the generation of /extlinux/extlinux.conf grub.enable = true;
#grub.version = 2; grub.device = "/dev/sda"; grub.efiSupport = true;
systemd-boot.enable = true;
};
# ZFS settings
initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; initrd.supportedFilesystems = [ "zfs" ]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/";
initrd.availableKernelModules = ["usbhid" "usb_storage"];
initrd.supportedFilesystems = ["zfs"]; # boot from zfs supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/";
};
# Set your time zone.
@ -67,18 +68,64 @@
};
};
};
<<<<<<< HEAD
firewall = import ./firewall.nix;
timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default;
=======
firewall = {
allowedTCPPorts = [
8384
22000 # syncthing
8080
8443
6789
8880
8843
27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
53
8088 # pihole
#3000 # gitea
#8081 # vaultwarden
#8000 # paperless
80
443 # reverse proxy
];
allowedUDPPorts = [
22000
21027 # syncthing
3478
5514
10001
1900
123 # unifi
53 # pihole
];
allowedUDPPortRanges = [
{
from = 5656;
to = 5699;
} # unifi
];
};
timeServers = ["192.168.88.1"] ++ options.networking.timeServers.default;
>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c
};
hardware.video.hidpi.enable = false;
hardware.enableRedistributableFirmware = true;
#hardware.pulseaudio = {
#enable = true;
#extraModules = [ pkgs.pulseaudio-modules-bt ];
#package = pkgs.pulseaudioFull;
#enable = true;
#extraModules = [ pkgs.pulseaudio-modules-bt ];
#package = pkgs.pulseaudioFull;
#};
hardware.bluetooth.enable = false;
<<<<<<< HEAD
=======
services.blueman.enable = false;
# Enable CUPS to print documents.
services.printing.enable = false;
>>>>>>> 337a41901fccf4591c5315525a74e6e52d33589c
# Enable sound.
sound.enable = false;
@ -86,28 +133,28 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.jacob = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
extraGroups = ["wheel"]; # Enable sudo for the user.
shell = pkgs.zsh;
};
# List packages installed in system profile. To search, run: $ nix search wget
environment.systemPackages = with pkgs; [ vim git wget ];
environment.systemPackages = with pkgs; [vim git wget];
#environment.variables = {
#GDK_SCALE = "2";
#GDK_DPI_SCALE = "0.5";
#_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2";
#GDK_SCALE = "2";
#GDK_DPI_SCALE = "0.5";
#_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2";
#};
# Some programs need SUID wrappers, can be configured further or are started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = {
# enable = true; enableSSHSupport = true;
# };
security.rtkit.enable = true; # recommended for pipewire
security.rtkit.enable = true; # recommended for pipewire
# enable acme for certbot
security.acme = {
acceptTerms = true;
acceptTerms = true;
defaults = {
email = "jacob.hinkle@gmail.com";
};
@ -186,7 +233,7 @@
enable = true;
greeter.enable = false;
};
};
};
layout = "us";
libinput.enable = true;
windowManager.i3 = {
@ -196,7 +243,7 @@
i3status # gives you the default i3 status bar
i3lock #default i3 screen locker
i3blocks #if you are planning on using i3blocks over i3status
];
];
};
};
@ -205,7 +252,7 @@
trim.enable = true;
autoScrub = {
enable = true;
pools = [ "rpool" ];
pools = ["rpool"];
};
autoSnapshot = {
enable = true;
@ -214,18 +261,17 @@
};
};
};
# Due to bug in home assistant, this workaround is suggested temporarily as of May 6, 2022
# https://github.com/nix-community/home-manager/issues/2942#issuecomment-1119760100
#nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = ( pkg: true );
nixpkgs.config.allowUnfreePredicate = (pkg: true);
powerManagement.cpuFreqGovernor = "ondemand";
# This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were taken. Its perfectly fine and recommended to leave this value at the
# This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were taken. Its perfectly fine and recommended to leave this value at the
# release version of the first install of this system. Before changing this value read the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = ["nix-command" "flakes"];
}

40
machines/pedro/hardware-configuration-zfs.nix
View File

@ -1,33 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-partuuid/e7ebac1e-eb4c-4a7d-8893-49a95f6014d4";
fsType = "vfat";
};
fileSystems."/nix" =
{ device = "rpool/nixos/nix";
@ -111,5 +114,4 @@
randomEncryption = true;
}
];
}

2
machines/pedro/nginx.nix
View File

@ -2,7 +2,7 @@
enable = true;
recommendedProxySettings = true;
virtualHosts = let
simpleProxy = ip : {
simpleProxy = ip: {
forceSSL = true;
enableACME = true;
extraConfig = ''

5
machines/pedro/pihole.nix
View File

@ -1,5 +1,4 @@
serverIP :
{
serverIP: {
image = "pihole/pihole:2022.07.1";
ports = [
"${serverIP}:53:53/tcp"
@ -22,6 +21,6 @@ serverIP :
];
extraOptions = [
"--cap-add=NET_ADMIN"
"--no-hosts" # do not populate internal /etc/hosts with container host's
"--no-hosts" # do not populate internal /etc/hosts with container host's
];
}

7
secrets.yaml
View File

@ -2,9 +2,10 @@ email:
gmail:
address: ENC[AES256_GCM,data:uWVgCX2nTVJn8HlEMKfU86DsVG9c0A==,iv:uLJk521DET65fizoUUKnLB325fNmSZNc3M9tNqjq2qg=,tag:zSlTWP3VYu0JR0FH0gdCHw==,type:str]
password: ENC[AES256_GCM,data:DKB+h3jaX+BP,iv:kdc1NcYVLie3TRCf2qq5x8V3WaSKXKKHDqBDzjpQMDw=,tag:P1mmaKhPcX1yMUxI5I/uXA==,type:str]
#ENC[AES256_GCM,data:Otd/3wBbI7DCFsZwyg==,iv:rUajD3QRS4u1kdwpnfS8RQaNbB/WwtHnjDnsYkDe7Po=,tag:SS0lGIqLxmpdiJN1qvZoYg==,type:comment]
jhink:
address: ENC[AES256_GCM,data:nIuL4Ay343z3lzjiXKnSqPLsqZR96w==,iv:iKQCw/cj70q2Afuf97g3njkEcD5ux4HquXFTZ5K7xHo=,tag:BsnLC1MspQOsMN6qxtY4uQ==,type:str]
password: ENC[AES256_GCM,data:/F+gn/TaRqX+,iv:y6aNJb1zG+plXwcKilQLVFEnlemDJUV0PyIicbAD6BU=,tag:A2KPxqB4xZ2erFA/nstovg==,type:str]
password: ENC[AES256_GCM,data:db0Wll4B8eXYc70dsIuYbw==,iv:2g4fE2GQyKxiVMkOQqOCPjAISdlXElvWYt0XKPEOWv0=,tag:73ymkTNGUlVccJFXjT40EA==,type:str]
pihole:
webpassword: ENC[AES256_GCM,data:bqBbGE5M4LUukMh7vQA=,iv:YhKaO2WQq5Ar9aKitgRTbDU2Ld2Cdc0wmrcQZ92lztY=,tag:UGnerGhtQBjO+n4LobdSyg==,type:str]
spotify:
@ -59,8 +60,8 @@ sops:
WVUwaEIwWTFFTExyT3hLSC9wODhJdGcKWsNIUsT06qYA9vUVeFHQrCdcn2MkHt+w
Rr7W+4uaNb8Qxo/NUp9kodE9m/fg9XVd8wM7HUP4wJC0rE4GSnFvGg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-30T17:05:20Z"
mac: ENC[AES256_GCM,data:6f2RYsTBhMgLlwDgJ6vj2Jv82kFMNmjwYGV072YrfOE7qwjwcRRFE26L6mVkQ3yOt94wuOMAV/8gbqxY5hqVf1QxdnIiPDisks8yriquGBWM3RJZPA6i4Q8sBDqxA5Q9h/2geaHOpdu5If0XJolwhJOYso5buxWH2nrCIXQQ0B4=,iv:KaOccL/d/NSDI+jVMhbtBdNc/6ysK9nFUEbAHoyZ+lM=,tag:FnHUlPu5xmgJle4UVz0rcg==,type:str]
lastmodified: "2022-09-27T13:16:21Z"
mac: ENC[AES256_GCM,data:UkvaiVtsbMKNeMKlf6N6N0dxQWAUxT2VMQrhMJFqwdyRoFvTQ+4a27sXHIQgr+G+BAnsFBeWFjA3SS+YhHcDYCx1boXMhdoFeNjVZ2TUURX/KazcIwJNGmrt4qMK7BkfUu1mLa58pxie+XSY1MBRwByg7rnLaSJzNiWgqgLRGy0=,iv:7kBE0EKhvesWToa6+At0yWt1IzTWipv0fSvopA2PUXg=,tag:0e+5Gu5Ajw7r3AgeJLg+EQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3