Glued together corsac configuration

Signed-off-by: Mel <einebeere@gmail.com>

19 files changed, 572 insertions, 0 deletions

diff --git a/compat/default.nix b/compat/default.nix
new file mode 100644
index 0000000..0077090
--- /dev/null
+++ b/compat/default.nix
@@ -0,0 +1,20 @@
+# compatability files for `nixos-option` and other legacy
+# nix tools.
+#
+# `nixos-option` does not support flakes (as of yet),
+# so we need to give it the path to `<nixpkgs>` (this file)
+# and to `<nixos-config>` (in `./nixos/default.nix`) which
+# then both return the correct outputs from the system flake.
+#
+# can also be useful for running out-of-tree `shell.nix` and `default.nix`
+# files, without creating a custom flake for them and still having them
+# get the correct package sets from the system flake configuration.
+#
+# see here: https://github.com/NixOS/nixpkgs/issues/97855#issuecomment-799925924
+
+{ ... }:
+
+let
+  flake = import ./flake-compat.nix { src = ./..; };
+in
+flake.defaultNix.legacyPackages.${builtins.currentSystem}
diff --git a/compat/flake-compat.nix b/compat/flake-compat.nix
new file mode 100644
index 0000000..ac56432
--- /dev/null
+++ b/compat/flake-compat.nix
@@ -0,0 +1,11 @@
+with builtins;
+let
+  lock = fromJSON (readFile ../flake.lock);
+  
+  flake-compat = builtins.fetchGit (with lock.nodes.flake-compat.locked; {
+    inherit rev;
+    url = "https://github.com/${owner}/${repo}.git";
+  });
+
+in
+{ src, ... }: import flake-compat { inherit src; }
diff --git a/compat/nixos/default.nix b/compat/nixos/default.nix
new file mode 100644
index 0000000..3d547c2
--- /dev/null
+++ b/compat/nixos/default.nix
@@ -0,0 +1,13 @@
+# this file provides the current nixos configuration
+# taken from the system flake.
+# see `../default.nix` for explanation.
+{ nixpkgs ? import <nixpkgs> {}, ... }:
+
+with builtins;
+let
+  me = with builtins;
+    nixpkgs.lib.toLower (head (split "\n" (readFile /etc/hostname)));
+
+  flake = import ../flake-compat.nix { src = ./../..; };
+in
+flake.defaultNix.nixosConfigurations.${me}
diff --git a/config.nix b/config.nix
new file mode 100644
index 0000000..1dd1750
--- /dev/null
+++ b/config.nix
@@ -0,0 +1,3 @@
+{
+  allowUnfree = true;
+}
diff --git a/configs/.vimrc b/configs/.vimrc
new file mode 100644
index 0000000..79ae89a
--- /dev/null
+++ b/configs/.vimrc
@@ -0,0 +1,60 @@
+" NECESSITIES:
+
+" disable vi compatability, if still on for some reason
+set nocompatible
+
+" enable syntax highlight
+syntax on
+
+" indent settings
+set autoindent
+set smarttab
+set smartindent
+set expandtab
+set tabstop=4
+set softtabstop=4
+set shiftwidth=4
+set shiftround
+
+" disable text wrapping
+set nowrap
+
+" allow backspace over everything, default is dumb
+set backspace=indent,eol,start
+
+" never hide statusbar
+set laststatus=2
+
+" search settings
+set incsearch
+set hlsearch
+set smartcase
+set ignorecase
+" map CTRL+L to remove search highlights
+nnoremap <silent> <C-L> :noh<C-R><CR><CR><C-L>
+
+" open windows below and to the right of current (why is the default opposite lol)
+set splitbelow splitright
+
+" show unfinished command in the last line (like 4dd)
+set showcmd
+
+" show relative numbers and absolute number for current line
+set number relativenumber
+
+" COLOR:
+
+" temporary default color scheme
+colorscheme habamax
+
+" dont change default background color
+highlight Normal ctermbg=NONE
+
+" CUSTOMIZATION:
+
+" disable arrow keys, use hjkl instead
+noremap <Up> <Nop>
+noremap <Down> <Nop>
+noremap <Left> <Nop>
+noremap <Right> <Nop>
+
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..ad13e17
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,82 @@
+{
+  "nodes": {
+    "flake-compat": {
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1726989464,
+        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-24.05",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1729691686,
+        "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1729665710,
+        "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..82f0f09
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,56 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+    home-manager = {
+      url = "github:nix-community/home-manager/release-24.05";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    flake-compat.url = "github:edolstra/flake-compat";
+  };
+
+  outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, home-manager, ... }:
+  let
+    system = "x86_64-linux";
+
+    machines = [
+      "corsac"
+    ];
+    
+    packageSets = let
+      pkgsInputs = { inherit system; config = import ./config.nix; };
+    in rec {
+      pkgs = import nixpkgs pkgsInputs;
+      unstablePkgs = import nixpkgs-unstable pkgsInputs;
+      auxiliaryPkgs = import ./pkgs { inherit pkgs unstablePkgs; };
+    };
+
+  in {
+    nixosConfigurations = nixpkgs.lib.genAttrs machines
+      (machine: nixpkgs.lib.nixosSystem {
+        inherit system;
+
+        specialArgs = inputs // packageSets // {
+          me = machine;
+          security = import ./security.nix;
+        };
+
+        modules = [
+          ./machines/${machine}
+        
+          home-manager.nixosModules.home-manager {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.mel = import ./machines/${machine}/home.nix;
+          }
+        ];
+      }
+    );
+
+    # compatibility wrapper for nixos-option
+    legacyPackages.${system} = with packageSets; pkgs.recurseIntoAttrs pkgs;
+  };
+}
diff --git a/machines/corsac/default.nix b/machines/corsac/default.nix
new file mode 100644
index 0000000..b118d10
--- /dev/null
+++ b/machines/corsac/default.nix
@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  imports = [
+    ../../modules/common.nix
+
+    ./hardware.nix
+    ./devices.nix
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/machines/corsac/devices.nix b/machines/corsac/devices.nix
new file mode 100644
index 0000000..71ef8d2
--- /dev/null
+++ b/machines/corsac/devices.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  # boot settings
+  boot = {
+    loader = { 
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  
+    initrd.systemd.enable = true; 
+  };
+
+  # internet
+  networking.networkmanager.enable = true;
+}
diff --git a/machines/corsac/hardware.nix b/machines/corsac/hardware.nix
new file mode 100644
index 0000000..c3038be
--- /dev/null
+++ b/machines/corsac/hardware.nix
@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6f0a097f-b957-4210-b51a-65e62aa780b2";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/914D-4159";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/ce3c3e2c-1f16-4e37-90f3-9ccfc81ee4c8"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/machines/corsac/home.nix b/machines/corsac/home.nix
new file mode 100644
index 0000000..dce0783
--- /dev/null
+++ b/machines/corsac/home.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ../../modules/home/common.nix
+  ];
+
+  home.stateVersion = "24.05";
+}
diff --git a/modules/common.nix b/modules/common.nix
new file mode 100644
index 0000000..f035db5
--- /dev/null
+++ b/modules/common.nix
@@ -0,0 +1,74 @@
+{ me, config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./nix.nix
+    ./user.nix
+    ./locale.nix
+    ./nix-ld.nix
+  ];
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  networking.hostName = me;
+
+  services.envfs.enable = true;
+  virtualisation.libvirtd.enable = true;
+
+  services = {
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+    tailscale = {
+      enable = true;
+      useRoutingFeatures = "both";
+      extraUpFlags = [ "--ssh" ];
+    };
+  
+    # sometimes needed for gnupg
+    pcscd.enable = true;
+  };
+ 
+  programs = {
+    vim = {
+      defaultEditor = true;
+      package = pkgs.vim_configurable.customize {
+        vimrcFile = ../configs/.vimrc;
+      };
+    };
+    fish.enable = true;
+    git.enable = true;
+    tmux.enable = true;
+
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+      pinentryPackage = pkgs.pinentry-curses;
+    };
+  };
+
+  environment.systemPackages = (with pkgs; [
+    file unzip jq dig htop glances wget gnupg pinentry-curses
+    inetutils pciutils lshw inxi iw
+    tcpdump
+    ffmpeg_7-headless
+    qemu_full virtiofsd
+
+    openvpn openvpn3 update-resolv-conf
+    
+    ripgrep gnumake gdb gcc clang
+    go gopls delve go-task
+    meson cmake
+    nil direnv
+
+    wineWowPackages.stagingFull
+    borgbackup
+  ]);
+
+  environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
+}
diff --git a/modules/home/common.nix b/modules/home/common.nix
new file mode 100644
index 0000000..20275ea
--- /dev/null
+++ b/modules/home/common.nix
@@ -0,0 +1,34 @@
+{ pkgs, ... }:
+
+{
+  programs = {
+    git = {
+      enable = true;
+      userName = "Mel";
+      userEmail = "einebeere@gmail.com";
+      signing = { 
+        key = "D75A C286 ACA7 00B4 D8EC 377D 2082 F8EC 11CC 009B";
+        signByDefault = true;
+      };
+      extraConfig.init.defaultBranch = "main";
+    };
+
+    tmux = {
+      enable = true;
+      mouse = true;
+      keyMode = "vi";
+      plugins = with pkgs.tmuxPlugins; [
+        yank fpp open fuzzback
+      ];
+    };
+
+    fish = {
+      enable = true;
+      interactiveShellInit = ''
+        set fish_greeting
+      '';
+    };
+
+    zoxide = { enable = true; enableFishIntegration = true; };
+  };
+}
diff --git a/modules/locale.nix b/modules/locale.nix
new file mode 100644
index 0000000..2c900c2
--- /dev/null
+++ b/modules/locale.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+
+{
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # breaks tailscale ssh with constant
+  # "cannot change locale" messages when connecting.
+  # there may be a way to use these anyway...
+  # i18n.extraLocaleSettings = {
+  #   LC_ADDRESS = "de_DE.UTF-8";
+  #   LC_IDENTIFICATION = "de_DE.UTF-8";
+  #   LC_MEASUREMENT = "de_DE.UTF-8";
+  #   LC_MONETARY = "de_DE.UTF-8";
+  #   LC_NAME = "de_DE.UTF-8";
+  #   LC_NUMERIC = "de_DE.UTF-8";
+  #   LC_PAPER = "de_DE.UTF-8";
+  #   LC_TELEPHONE = "de_DE.UTF-8";
+  #   LC_TIME = "de_DE.UTF-8";
+  # };
+
+  i18n.supportedLocales = [ "all" ]; 
+  
+  # Configure keymap in X11
+  services.xserver.xkb = {
+    layout = "us";
+    variant = "";
+  };
+}
diff --git a/modules/nix-ld.nix b/modules/nix-ld.nix
new file mode 100644
index 0000000..2ab5df5
--- /dev/null
+++ b/modules/nix-ld.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+{
+  programs.nix-ld.enable = true;
+
+  programs.nix-ld.libraries = with pkgs; [
+    alsa-lib
+    at-spi2-atk
+    at-spi2-core
+    atk
+    cairo
+    cups
+    curl
+    dbus
+    expat
+    fontconfig
+    freetype
+    fuse3
+    gdk-pixbuf
+    glib
+    gtk3
+    icu
+    libGL
+    libappindicator-gtk3
+    libdrm
+    libglvnd
+    libnotify
+    libpulseaudio
+    libunwind
+    libusb1
+    libuuid
+    libxkbcommon
+    libxml2
+    mesa
+    nspr
+    nss
+    openssl
+    pango
+    pipewire
+    stdenv.cc.cc
+    systemd
+    vulkan-loader
+    xorg.libX11
+    xorg.libXScrnSaver
+    xorg.libXcomposite
+    xorg.libXcursor
+    xorg.libXdamage
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXi
+    xorg.libXrandr
+    xorg.libXrender
+    xorg.libXtst
+    xorg.libxcb
+    xorg.libxkbfile
+    xorg.libxshmfence
+    zlib
+  ];
+}
diff --git a/modules/nix.nix b/modules/nix.nix
new file mode 100644
index 0000000..d98f64d
--- /dev/null
+++ b/modules/nix.nix
@@ -0,0 +1,16 @@
+{ self, ... }:
+
+{
+  nix = {
+    # add compat scripts to the environment,
+    # to allow nixos-option to find the configuration
+    nixPath = [
+      "nixpkgs=${self}/compat"
+      "nixos-config=${self}/compat/nixos"
+    ];
+
+    settings = {
+      experimental-features = [ "flakes" "nix-command" ];
+    };
+  };
+}
diff --git a/modules/user.nix b/modules/user.nix
new file mode 100644
index 0000000..2ca826b
--- /dev/null
+++ b/modules/user.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, security, ... }:
+
+{
+  users.mutableUsers = false;
+  users.users.mel = {
+    isNormalUser = true;
+    description = "Mel";
+    shell = pkgs.fish;
+    extraGroups = [ "networkmanager" "wheel" ];
+
+    hashedPassword = security.password;
+    openssh.authorizedKeys.keys = security.keys;
+
+    packages = (with pkgs; []);
+  };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
new file mode 100644
index 0000000..c7d053b
--- /dev/null
+++ b/pkgs/default.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  # nothing here for now :)
+}
diff --git a/security.nix b/security.nix
new file mode 100644
index 0000000..6488e4c
--- /dev/null
+++ b/security.nix
@@ -0,0 +1,14 @@
+{
+  keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2HuNCosEE5SZOv5g8mLDn5jCJRFnYTLZifMl+N6iUD mel@rite"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY mel@bismuth"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3PPmDNIBxdRig9JvEf/KNOw+6+A6+FEeXrmaT9Ijkb mel@concrete"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls mel@grimoire"
+
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINs2TTjnQvDNr/S3lPLWYOnZi00YIMrRUDH8cpBz1k1m mel@renard"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHBsr3M7YFIXhKJADIanCmnvUbqm4uSlkSMLhykHf3gq mel@souris"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzDyaafULcgTuFca51NNgYAzZ28RFDQwVWavRpnY5c+ mel@lapin"
+  ];
+
+  password = "$y$j9T$4wGl.YJizIpcfFv0LyvLU0$7LLEkjIFWBOV.XXynReCOczBYNX0EZfMPIDB/bmmhhC";
+}