diff options
| -rw-r--r-- | compat/default.nix | 20 | ||||
| -rw-r--r-- | compat/flake-compat.nix | 11 | ||||
| -rw-r--r-- | compat/nixos/default.nix | 13 | ||||
| -rw-r--r-- | config.nix | 3 | ||||
| -rw-r--r-- | configs/.vimrc | 60 | ||||
| -rw-r--r-- | flake.lock | 82 | ||||
| -rw-r--r-- | flake.nix | 56 | ||||
| -rw-r--r-- | machines/corsac/default.nix | 12 | ||||
| -rw-r--r-- | machines/corsac/devices.nix | 16 | ||||
| -rw-r--r-- | machines/corsac/hardware.nix | 40 | ||||
| -rw-r--r-- | machines/corsac/home.nix | 9 | ||||
| -rw-r--r-- | modules/common.nix | 74 | ||||
| -rw-r--r-- | modules/home/common.nix | 34 | ||||
| -rw-r--r-- | modules/locale.nix | 32 | ||||
| -rw-r--r-- | modules/nix-ld.nix | 59 | ||||
| -rw-r--r-- | modules/nix.nix | 16 | ||||
| -rw-r--r-- | modules/user.nix | 16 | ||||
| -rw-r--r-- | pkgs/default.nix | 5 | ||||
| -rw-r--r-- | security.nix | 14 |
19 files changed, 572 insertions, 0 deletions
diff --git a/compat/default.nix b/compat/default.nix new file mode 100644 index 0000000..0077090 --- /dev/null +++ b/compat/default.nix @@ -0,0 +1,20 @@ +# compatability files for `nixos-option` and other legacy +# nix tools. +# +# `nixos-option` does not support flakes (as of yet), +# so we need to give it the path to `<nixpkgs>` (this file) +# and to `<nixos-config>` (in `./nixos/default.nix`) which +# then both return the correct outputs from the system flake. +# +# can also be useful for running out-of-tree `shell.nix` and `default.nix` +# files, without creating a custom flake for them and still having them +# get the correct package sets from the system flake configuration. +# +# see here: https://github.com/NixOS/nixpkgs/issues/97855#issuecomment-799925924 + +{ ... }: + +let + flake = import ./flake-compat.nix { src = ./..; }; +in +flake.defaultNix.legacyPackages.${builtins.currentSystem} diff --git a/compat/flake-compat.nix b/compat/flake-compat.nix new file mode 100644 index 0000000..ac56432 --- /dev/null +++ b/compat/flake-compat.nix @@ -0,0 +1,11 @@ +with builtins; +let + lock = fromJSON (readFile ../flake.lock); + + flake-compat = builtins.fetchGit (with lock.nodes.flake-compat.locked; { + inherit rev; + url = "https://github.com/${owner}/${repo}.git"; + }); + +in +{ src, ... }: import flake-compat { inherit src; } diff --git a/compat/nixos/default.nix b/compat/nixos/default.nix new file mode 100644 index 0000000..3d547c2 --- /dev/null +++ b/compat/nixos/default.nix @@ -0,0 +1,13 @@ +# this file provides the current nixos configuration +# taken from the system flake. +# see `../default.nix` for explanation. +{ nixpkgs ? import <nixpkgs> {}, ... }: + +with builtins; +let + me = with builtins; + nixpkgs.lib.toLower (head (split "\n" (readFile /etc/hostname))); + + flake = import ../flake-compat.nix { src = ./../..; }; +in +flake.defaultNix.nixosConfigurations.${me} diff --git a/config.nix b/config.nix new file mode 100644 index 0000000..1dd1750 --- /dev/null +++ b/config.nix @@ -0,0 +1,3 @@ +{ + allowUnfree = true; +} diff --git a/configs/.vimrc b/configs/.vimrc new file mode 100644 index 0000000..79ae89a --- /dev/null +++ b/configs/.vimrc @@ -0,0 +1,60 @@ +" NECESSITIES: + +" disable vi compatability, if still on for some reason +set nocompatible + +" enable syntax highlight +syntax on + +" indent settings +set autoindent +set smarttab +set smartindent +set expandtab +set tabstop=4 +set softtabstop=4 +set shiftwidth=4 +set shiftround + +" disable text wrapping +set nowrap + +" allow backspace over everything, default is dumb +set backspace=indent,eol,start + +" never hide statusbar +set laststatus=2 + +" search settings +set incsearch +set hlsearch +set smartcase +set ignorecase +" map CTRL+L to remove search highlights +nnoremap <silent> <C-L> :noh<C-R><CR><CR><C-L> + +" open windows below and to the right of current (why is the default opposite lol) +set splitbelow splitright + +" show unfinished command in the last line (like 4dd) +set showcmd + +" show relative numbers and absolute number for current line +set number relativenumber + +" COLOR: + +" temporary default color scheme +colorscheme habamax + +" dont change default background color +highlight Normal ctermbg=NONE + +" CUSTOMIZATION: + +" disable arrow keys, use hjkl instead +noremap <Up> <Nop> +noremap <Down> <Nop> +noremap <Left> <Nop> +noremap <Right> <Nop> + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..ad13e17 --- /dev/null +++ b/flake.lock @@ -0,0 +1,82 @@ +{ + "nodes": { + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1729691686, + "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1729665710, + "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..82f0f09 --- /dev/null +++ b/flake.nix @@ -0,0 +1,56 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + + home-manager = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake-compat.url = "github:edolstra/flake-compat"; + }; + + outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, home-manager, ... }: + let + system = "x86_64-linux"; + + machines = [ + "corsac" + ]; + + packageSets = let + pkgsInputs = { inherit system; config = import ./config.nix; }; + in rec { + pkgs = import nixpkgs pkgsInputs; + unstablePkgs = import nixpkgs-unstable pkgsInputs; + auxiliaryPkgs = import ./pkgs { inherit pkgs unstablePkgs; }; + }; + + in { + nixosConfigurations = nixpkgs.lib.genAttrs machines + (machine: nixpkgs.lib.nixosSystem { + inherit system; + + specialArgs = inputs // packageSets // { + me = machine; + security = import ./security.nix; + }; + + modules = [ + ./machines/${machine} + + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.mel = import ./machines/${machine}/home.nix; + } + ]; + } + ); + + # compatibility wrapper for nixos-option + legacyPackages.${system} = with packageSets; pkgs.recurseIntoAttrs pkgs; + }; +} diff --git a/machines/corsac/default.nix b/machines/corsac/default.nix new file mode 100644 index 0000000..b118d10 --- /dev/null +++ b/machines/corsac/default.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + imports = [ + ../../modules/common.nix + + ./hardware.nix + ./devices.nix + ]; + + system.stateVersion = "24.05"; +} diff --git a/machines/corsac/devices.nix b/machines/corsac/devices.nix new file mode 100644 index 0000000..71ef8d2 --- /dev/null +++ b/machines/corsac/devices.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + # boot settings + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + initrd.systemd.enable = true; + }; + + # internet + networking.networkmanager.enable = true; +} diff --git a/machines/corsac/hardware.nix b/machines/corsac/hardware.nix new file mode 100644 index 0000000..c3038be --- /dev/null +++ b/machines/corsac/hardware.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6f0a097f-b957-4210-b51a-65e62aa780b2"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/914D-4159"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/ce3c3e2c-1f16-4e37-90f3-9ccfc81ee4c8"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/corsac/home.nix b/machines/corsac/home.nix new file mode 100644 index 0000000..dce0783 --- /dev/null +++ b/machines/corsac/home.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + imports = [ + ../../modules/home/common.nix + ]; + + home.stateVersion = "24.05"; +} diff --git a/modules/common.nix b/modules/common.nix new file mode 100644 index 0000000..f035db5 --- /dev/null +++ b/modules/common.nix @@ -0,0 +1,74 @@ +{ me, config, lib, pkgs, ... }: + +{ + imports = [ + ./nix.nix + ./user.nix + ./locale.nix + ./nix-ld.nix + ]; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + networking.hostName = me; + + services.envfs.enable = true; + virtualisation.libvirtd.enable = true; + + services = { + openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = "no"; + }; + }; + tailscale = { + enable = true; + useRoutingFeatures = "both"; + extraUpFlags = [ "--ssh" ]; + }; + + # sometimes needed for gnupg + pcscd.enable = true; + }; + + programs = { + vim = { + defaultEditor = true; + package = pkgs.vim_configurable.customize { + vimrcFile = ../configs/.vimrc; + }; + }; + fish.enable = true; + git.enable = true; + tmux.enable = true; + + gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-curses; + }; + }; + + environment.systemPackages = (with pkgs; [ + file unzip jq dig htop glances wget gnupg pinentry-curses + inetutils pciutils lshw inxi iw + tcpdump + ffmpeg_7-headless + qemu_full virtiofsd + + openvpn openvpn3 update-resolv-conf + + ripgrep gnumake gdb gcc clang + go gopls delve go-task + meson cmake + nil direnv + + wineWowPackages.stagingFull + borgbackup + ]); + + environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn"; +} diff --git a/modules/home/common.nix b/modules/home/common.nix new file mode 100644 index 0000000..20275ea --- /dev/null +++ b/modules/home/common.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: + +{ + programs = { + git = { + enable = true; + userName = "Mel"; + userEmail = "einebeere@gmail.com"; + signing = { + key = "D75A C286 ACA7 00B4 D8EC 377D 2082 F8EC 11CC 009B"; + signByDefault = true; + }; + extraConfig.init.defaultBranch = "main"; + }; + + tmux = { + enable = true; + mouse = true; + keyMode = "vi"; + plugins = with pkgs.tmuxPlugins; [ + yank fpp open fuzzback + ]; + }; + + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ''; + }; + + zoxide = { enable = true; enableFishIntegration = true; }; + }; +} diff --git a/modules/locale.nix b/modules/locale.nix new file mode 100644 index 0000000..2c900c2 --- /dev/null +++ b/modules/locale.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +{ + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + # breaks tailscale ssh with constant + # "cannot change locale" messages when connecting. + # there may be a way to use these anyway... + # i18n.extraLocaleSettings = { + # LC_ADDRESS = "de_DE.UTF-8"; + # LC_IDENTIFICATION = "de_DE.UTF-8"; + # LC_MEASUREMENT = "de_DE.UTF-8"; + # LC_MONETARY = "de_DE.UTF-8"; + # LC_NAME = "de_DE.UTF-8"; + # LC_NUMERIC = "de_DE.UTF-8"; + # LC_PAPER = "de_DE.UTF-8"; + # LC_TELEPHONE = "de_DE.UTF-8"; + # LC_TIME = "de_DE.UTF-8"; + # }; + + i18n.supportedLocales = [ "all" ]; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; +} diff --git a/modules/nix-ld.nix b/modules/nix-ld.nix new file mode 100644 index 0000000..2ab5df5 --- /dev/null +++ b/modules/nix-ld.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: + +{ + programs.nix-ld.enable = true; + + programs.nix-ld.libraries = with pkgs; [ + alsa-lib + at-spi2-atk + at-spi2-core + atk + cairo + cups + curl + dbus + expat + fontconfig + freetype + fuse3 + gdk-pixbuf + glib + gtk3 + icu + libGL + libappindicator-gtk3 + libdrm + libglvnd + libnotify + libpulseaudio + libunwind + libusb1 + libuuid + libxkbcommon + libxml2 + mesa + nspr + nss + openssl + pango + pipewire + stdenv.cc.cc + systemd + vulkan-loader + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxcb + xorg.libxkbfile + xorg.libxshmfence + zlib + ]; +} diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..d98f64d --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,16 @@ +{ self, ... }: + +{ + nix = { + # add compat scripts to the environment, + # to allow nixos-option to find the configuration + nixPath = [ + "nixpkgs=${self}/compat" + "nixos-config=${self}/compat/nixos" + ]; + + settings = { + experimental-features = [ "flakes" "nix-command" ]; + }; + }; +} diff --git a/modules/user.nix b/modules/user.nix new file mode 100644 index 0000000..2ca826b --- /dev/null +++ b/modules/user.nix @@ -0,0 +1,16 @@ +{ config, pkgs, security, ... }: + +{ + users.mutableUsers = false; + users.users.mel = { + isNormalUser = true; + description = "Mel"; + shell = pkgs.fish; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPassword = security.password; + openssh.authorizedKeys.keys = security.keys; + + packages = (with pkgs; []); + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..c7d053b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + # nothing here for now :) +} diff --git a/security.nix b/security.nix new file mode 100644 index 0000000..6488e4c --- /dev/null +++ b/security.nix @@ -0,0 +1,14 @@ +{ + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2HuNCosEE5SZOv5g8mLDn5jCJRFnYTLZifMl+N6iUD mel@rite" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY mel@bismuth" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3PPmDNIBxdRig9JvEf/KNOw+6+A6+FEeXrmaT9Ijkb mel@concrete" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls mel@grimoire" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINs2TTjnQvDNr/S3lPLWYOnZi00YIMrRUDH8cpBz1k1m mel@renard" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHBsr3M7YFIXhKJADIanCmnvUbqm4uSlkSMLhykHf3gq mel@souris" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzDyaafULcgTuFca51NNgYAzZ28RFDQwVWavRpnY5c+ mel@lapin" + ]; + + password = "$y$j9T$4wGl.YJizIpcfFv0LyvLU0$7LLEkjIFWBOV.XXynReCOczBYNX0EZfMPIDB/bmmhhC"; +} |