karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: karaolidis:2da836953bca2d7d5abaf61f6fb6abfe3a839532
Branches Tags
karaolidis:main karaolidis:wireguard karaolidis:kubernetes
...
compare: karaolidis:main
Branches Tags
karaolidis:main karaolidis:wireguard karaolidis:kubernetes

50 Commits
2da836953b ... main

Author SHA1 Message Date
Nikolaos Karaolidis
4f3bf154c0 Fix substituter settings 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-05 12:31:41 +01:00
Nikolaos Karaolidis
6ac95006cf Remove sish idle timeout 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-05 10:21:32 +00:00
Nikolaos Karaolidis
987ecc4935 Fix duplicate trusted nix user 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-05 10:19:43 +00:00
Nikolaos Karaolidis
0ceab452be Add attic 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 15:03:30 +01:00
Nikolaos Karaolidis
dd34a05ee8 Silence uwsm 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 10:49:17 +00:00
Nikolaos Karaolidis
35b9dd0cfc Remove elara sudo password 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 10:49:05 +00:00
Nikolaos Karaolidis
cf0d77b4d9 Update nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-03 07:53:08 +00:00
Nikolaos Karaolidis
20b38b0467 Add sish tcp forwarding 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 16:33:35 +01:00
Nikolaos Karaolidis
f7112f73d7 Fix installer completions 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 14:37:59 +01:00
Nikolaos Karaolidis
8975de670a Update elara, jupiter 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 14:21:21 +01:00
Nikolaos Karaolidis
77baa2640f Add git host cli tools 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-09-01 12:55:05 +01:00
Nikolaos Karaolidis
8a21f9bbc7 Fix pinentry 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-31 18:16:41 +03:00
Nikolaos Karaolidis
02fce06e94 Update 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-31 13:06:33 +03:00
Nikolaos Karaolidis
10ae9082ba Add nvf persistence 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 14:00:43 +00:00
Nikolaos Karaolidis
85a62a84da Add hyprsunset 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 13:54:28 +00:00
Nikolaos Karaolidis
6883541678 Update gpg pinentry 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 13:54:07 +00:00
Nikolaos Karaolidis
2292c5663c Update nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-29 13:32:11 +00:00
Nikolaos Karaolidis
56b53752bd Disable toggleterm winbar 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 12:58:48 +00:00
Nikolaos Karaolidis
ac06ba4fc6 Disable kitty window management 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 11:38:48 +00:00
Nikolaos Karaolidis
332b981f9b Fix neovim wsl 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 11:38:30 +00:00
Nikolaos Karaolidis
0ffc3e6df2 Update nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-28 10:00:19 +00:00
Nikolaos Karaolidis
641d97f793 Add nvf 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-27 10:29:05 +00:00
Nikolaos Karaolidis
afe0298b1c Add zellij 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-26 11:41:55 +00:00
Nikolaos Karaolidis
deb460989e Update nixos-wsl 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-26 07:11:49 +00:00
Nikolaos Karaolidis
26fb9785b8 Update gitmodules 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-23 11:45:18 +03:00
Nikolaos Karaolidis
1877efac1d Add some GUI tools on elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-20 14:45:53 +00:00
Nikolaos Karaolidis
a3f6127cf8 Add cgroup v2 note 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-19 11:08:41 +00:00
Nikolaos Karaolidis
af53af5630 Let's hope WSL is not against company policy 
If you are looking at this, you know who you are

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-19 11:00:12 +00:00
Nikolaos Karaolidis
cd4976e22d Disable hyprland animations on elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 21:14:01 +03:00
Nikolaos Karaolidis
1550d6cdd4 Remove personal obsidian vault from elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 14:03:34 -04:00
Nikolaos Karaolidis
334778287d Update elara drive 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:46:02 -04:00
Nikolaos Karaolidis
dedbe814d5 Add hyper-v modules to installer 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:35:08 -04:00
Nikolaos Karaolidis
9b9c38c265 Update install script 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:32:46 -04:00
Nikolaos Karaolidis
fd78a2b3a2 Virtualize elara 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 13:07:20 -04:00
Nikolaos Karaolidis
063d3e57b3 Update sas flake 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 12:15:02 +03:00
Nikolaos Karaolidis
12c7181490 Optimize patching 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 11:46:33 +03:00
Nikolaos Karaolidis
adf022169e Use docker base image pkg 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-18 11:11:12 +03:00
Nikolaos Karaolidis
09fbf7150c Use overlay 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-17 21:24:31 +03:00
Nikolaos Karaolidis
795ea28583 Flakify lib, sas 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-17 16:47:20 +03:00
Nikolaos Karaolidis
4129589665 Disable fail2ban 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-17 10:59:13 +03:00
Nikolaos Karaolidis
62bd6e557b Add klog 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 14:00:12 +03:00
Nikolaos Karaolidis
bbe3219985 Add sonder 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 13:21:47 +03:00
Nikolaos Karaolidis
f0554a6a61 Disable system-wide ssh agent 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 12:59:07 +03:00
Nikolaos Karaolidis
197bfc447b Fix SSH identities bug 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-16 12:38:09 +03:00
Nikolaos Karaolidis
37888fd991 Commit submodules 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 22:07:52 +03:00
Nikolaos Karaolidis
7b93b1ac5b Add ncspot 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:33:36 +03:00
Nikolaos Karaolidis
9792e6b05b Add elara keybinds 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:33:11 +03:00
Nikolaos Karaolidis
a039938333 Add sas input 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:32:44 +03:00
Nikolaos Karaolidis
573d3dccc2 Remove GitLab CI 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 14:30:55 +03:00
Nikolaos Karaolidis
0665ded197 Reorganize secrets 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
 2025-08-15 09:58:03 +03:00
235 changed files with 27402 additions and 1969 deletions
Expand all files Collapse all files

7
.gitignore vendored Normal file
View File

@@ -0,0 +1,7 @@
# ---> Nix
# Ignore build outputs from performing a nix-build or `nix build` command
result
result-*
# Ignore automatically generated direnv output
.direnv

27
.gitlab-ci.yml
View File

@@ -1,27 +0,0 @@
stages:
- build
- test
variables:
GIT_SUBMODULE_STRATEGY: recursive
cache: &global_cache
key:
files:
- flake.lock
- flake.nix
paths:
- /nix/store
policy: pull-push
build:
image: nixos/nix
stage: build
timeout: 48h
cache:
<<: *global_cache
script:
- nix --experimental-features 'nix-command flakes' flake check --show-trace
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml

10
.gitmodules vendored
View File

@@ -1,3 +1,9 @@
[submodule "secrets"]
path = secrets
url = https://git.karaolidis.com/karaolidis/nix-secrets.git
path = submodules/secrets
url = git@karaolidis.com:karaolidis/nix-secrets.git
[submodule "sas"]
path = submodules/sas
url = git@karaolidis.com:karaolidis/nix-sas.git
[submodule "lib"]
path = submodules/lib
url = git@karaolidis.com:karaolidis/nix-lib.git

16
README.md
View File

@@ -7,7 +7,6 @@ NixOS dotfiles and configuration for various hosts and users.
- [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points.
- [`hosts/`](./hosts): All host-specific configurations.
- [`common/`](./hosts/common): Shared configuration definitions.
- [`shells/`](./hosts/common/shells): Nix dev shells.
- [`configs/`](./hosts/common/configs): System configurations applicable to all hosts.
@@ -17,15 +16,16 @@ NixOS dotfiles and configuration for various hosts and users.
- [`gui/`](./hosts/common/configs/user/gui): GUI-related settings.
- `<name>/`: Individual host configurations.
- [`overlays/`](./overlays/): Custom patches.
- [`packages/`](./packages/): Custom packages.
- [`lib/`](./lib): Nix library function definitions and utilities.
- [`scripts/`](./lib/scripts): Utility scripts for managing the repository.
- [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration.
- [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host.
- [`update-keys.sh`](./lib/scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
- [`update.sh`](./lib/scripts/update.sh): Update flake and all packages.
- [`scripts/`](./scripts): Utility scripts for managing the repository.
- [`add-host.sh`](./scripts/add-host.sh): Instantiate the keys for a new host configuration.
- [`remove-host.sh`](./scripts/remove-host.sh): Remove references to a host.
- [`update-keys.sh`](./scripts/update-keys.sh): Update the encryption keys in all relevant files using `sops.yaml` configurations.
- [`update.sh`](./scripts/update.sh): Update flake and all packages.
- [`cache.sh`](./scripts/cache.sh): Build all `nixosConfiguration`s and push them to `attic`.
Any `options.nix` files create custom option definitions when present.

201
flake.lock generated
View File

@@ -10,11 +10,11 @@
]
},
"locked": {
"lastModified": 1754932414,
"narHash": "sha256-V8c+68Axn5AGDCaG9Zv+EqNU4D6xWPHNXLIapq6AGiM=",
"lastModified": 1756487002,
"narHash": "sha256-hN9RfNXy53qAkT68T+IYZpl68uE1uPOVMkw0MqC43KA=",
"owner": "aylur",
"repo": "ags",
"rev": "9e6912b51d7bc58f35d10b11be1a126b926b56d3",
"rev": "8ff792dba6cc82eed10e760f551075564dd0a407",
"type": "github"
},
"original": {
@@ -30,11 +30,11 @@
]
},
"locked": {
"lastModified": 1754893912,
"narHash": "sha256-kzU/3A4k+d3PsgMLohzSh4KJybTqvzqibUVqV2yXCGY=",
"lastModified": 1756474652,
"narHash": "sha256-iiBU6itpEqE0spXeNJ3uJTfioSyKYjt5bNepykpDXTE=",
"owner": "aylur",
"repo": "astal",
"rev": "5d4eef66392b0dff99a63a4f39ff886624bd69dd",
"rev": "20bd8318e4136fbd3d4eb2d64dbabc3acbc915dd",
"type": "github"
},
"original": {
@@ -80,19 +80,17 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-input-patcher": {
@@ -185,11 +183,11 @@
]
},
"locked": {
"lastModified": 1754974548,
"narHash": "sha256-XMjUjKD/QRPcqUnmSDczSYdw46SilnG0+wkho654DFM=",
"lastModified": 1756579987,
"narHash": "sha256-duCce8zGsaMsrqqOmLOsuaV1PVIw/vXWnKuLKZClsGg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "27a26be51ff0162a8f67660239f9407dba68d7c5",
"rev": "99a69bdf8a3c6bf038c4121e9c4b6e99706a187a",
"type": "github"
},
"original": {
@@ -201,7 +199,9 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
@@ -225,13 +225,75 @@
"type": "github"
}
},
"lib": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": [
"treefmt-nix"
]
},
"locked": {
"lastModified": 1755506074,
"narHash": "sha256-SztuKbAPppW5grMJLSGO5rBCXEWCOfhb39cPDONEUfo=",
"ref": "refs/heads/main",
"rev": "ac85b6f608ed88d424621ec30f3848d621383487",
"revCount": 6,
"type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
},
"original": {
"type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-lib.git"
}
},
"mnw": {
"locked": {
"lastModified": 1748710831,
"narHash": "sha256-eZu2yH3Y2eA9DD3naKWy/sTxYS5rPK2hO7vj8tvUCSU=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "cff958a4e050f8d917a6ff3a5624bc4681c6187d",
"type": "github"
},
"original": {
"owner": "Gerg-L",
"repo": "mnw",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1755774185,
"narHash": "sha256-XjKqiTA19mkoBkja0VOy90qp2gC1f2fGgsLb9m1lg5Q=",
"owner": "karaolidis",
"repo": "NixOS-WSL",
"rev": "b1f426697f62006b99fac0cc25a106626c78f874",
"type": "github"
},
"original": {
"owner": "karaolidis",
"ref": "extra-files",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github"
},
"original": {
@@ -266,11 +328,11 @@
]
},
"locked": {
"lastModified": 1755067854,
"narHash": "sha256-VP+2GVREkB7tg8vGBJ2yOlfwng+TEv45vZGvb4eV17E=",
"lastModified": 1756630008,
"narHash": "sha256-weZiVKbiWQzTifm6qCxzhxghEu5mbh9mWNUdkzOLCR0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "3352304d8f256bb67b5f9662b3493b069b3cac25",
"rev": "f6a5a7b60dd6065e78ef06390767e689ffa3c23f",
"type": "github"
},
"original": {
@@ -279,6 +341,36 @@
"type": "github"
}
},
"nvf": {
"inputs": {
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"mnw": "mnw",
"nixpkgs": [
"nixpkgs"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1755463179,
"narHash": "sha256-5Ggb1Mhf7ZlRgGi2puCa2PvWs6KbMnWBlW6KW7Vf79Y=",
"owner": "NotAShelf",
"repo": "nvf",
"rev": "03833118267ad32226b014b360692bdce9d6e082",
"type": "github"
},
"original": {
"owner": "NotAShelf",
"repo": "nvf",
"type": "github"
}
},
"nvidia-patch": {
"inputs": {
"nixpkgs": [
@@ -289,11 +381,11 @@
]
},
"locked": {
"lastModified": 1755069017,
"narHash": "sha256-cTD5WfZRK2mwrSktlYcrk6DOEEkQbE1z78O16TF293c=",
"lastModified": 1756052001,
"narHash": "sha256-dlLqyHxqiFAoIwshKe9X3PzXcJ+up88Qb2JVQswFaNE=",
"owner": "icewind1991",
"repo": "nvidia-patch-nixos",
"rev": "d187885c14bdd8520d40f527134d536168f8d92b",
"rev": "780af7357d942fad2ddd9f325615a5f6ea7e37ee",
"type": "github"
},
"original": {
@@ -348,15 +440,20 @@
"ags": "ags",
"astal": "astal",
"disko": "disko",
"flake-compat": "flake-compat",
"flake-input-patcher": "flake-input-patcher",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"lib": "lib",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs",
"nur": "nur",
"nvf": "nvf",
"nvidia-patch": "nvidia-patch",
"quadlet-nix": "quadlet-nix",
"sas": "sas",
"secrets": "secrets",
"sops-nix": "sops-nix",
"spicetify-nix": "spicetify-nix",
@@ -385,14 +482,40 @@
"type": "github"
}
},
"sas": {
"inputs": {
"lib": [
"lib"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": [
"treefmt-nix"
]
},
"locked": {
"lastModified": 1755532656,
"narHash": "sha256-xYb5dJej3emyr4oWWAhkMP8rPc3kdVOXGZcIbAx1Y/I=",
"ref": "refs/heads/main",
"rev": "b01f3f8456903cb1bde9637cc23b456b47354138",
"revCount": 11,
"type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
},
"original": {
"type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1754897748,
"narHash": "sha256-835Ez+LG0vYZhSuVUreVwoL6qBk7EVtCGuPcluimlBE=",
"lastModified": 1756900832,
"narHash": "sha256-sMne4dvYzcdbDVcMPY6NLVHiZbgjtDrxttKG0Vig8WQ=",
"ref": "refs/heads/main",
"rev": "148402e92b624b350a600cba8324a54ab014941d",
"revCount": 30,
"rev": "adac63f6daffb4e14ce0fb94e93eb987e2460064",
"revCount": 38,
"type": "git",
"url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
},
@@ -431,11 +554,11 @@
]
},
"locked": {
"lastModified": 1754801101,
"narHash": "sha256-oxWjZ/SfhCvHFNePZcUu+LcE5j4xxuIt/yaoaSvMZk0=",
"lastModified": 1756614537,
"narHash": "sha256-qyszmZO9CEKAlj5NBQo1AIIADm5Fgqs5ZggW1sU1TVo=",
"owner": "Gerg-L",
"repo": "spicetify-nix",
"rev": "fcbfc21572518c68317df992929b28df9a1d8468",
"rev": "374eb5d97092b97f7aaafd58a2012943b388c0df",
"type": "github"
},
"original": {
@@ -466,11 +589,11 @@
]
},
"locked": {
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"lastModified": 1755934250,
"narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
"type": "github"
},
"original": {

120
flake.nix
View File

@@ -1,5 +1,6 @@
{
inputs = {
# Configuration
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
@@ -7,29 +8,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
};
secrets = {
url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git";
flake = false;
};
# Packages
nur = {
url = "github:nix-community/NUR";
inputs = {
@@ -38,6 +17,12 @@
};
};
# DevOps
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
@@ -51,6 +36,66 @@
};
};
# Personal
lib = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+https://git.karaolidis.com/karaolidis/nix-lib.git";
inputs = {
nixpkgs.follows = "nixpkgs";
treefmt-nix.follows = "treefmt-nix";
};
};
sas = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git";
inputs = {
nixpkgs.follows = "nixpkgs";
lib.follows = "lib";
treefmt-nix.follows = "treefmt-nix";
};
};
secrets = {
# FIXME: https://github.com/NixOS/nix/issues/12281
url = "git+ssh://git@karaolidis.com/karaolidis/nix-secrets.git";
flake = false;
};
# Hardware
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
};
};
nixos-wsl = {
url = "github:karaolidis/NixOS-WSL/extra-files";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
};
};
# Applications
nvf = {
url = "github:NotAShelf/nvf";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
systems.follows = "systems";
};
};
quadlet-nix.url = "github:SEIAROTg/quadlet-nix";
nvidia-patch = {
@@ -82,6 +127,7 @@
};
};
# Transitive Dependencies
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
@@ -90,17 +136,20 @@
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
};
outputs =
inputs:
unpatchedInputs:
let
mkInputs =
patchInputs =
system:
let
patcher = inputs.flake-input-patcher.lib.${system};
patcher = unpatchedInputs.flake-input-patcher.lib.${system};
patches = import ./patches.nix { inherit patcher; };
in
patcher.patch inputs (import ./patches.nix { inherit patcher; });
if patches != { } then patcher.patch unpatchedInputs patches else unpatchedInputs;
mkNixosConfiguration =
inputs: system: modules:
@@ -109,14 +158,21 @@
specialArgs = { inherit inputs system; };
};
in
(
{
overlays.default = import ./overlays;
}
// (
let
system = "x86_64-linux";
inputs = mkInputs system;
inputs = patchInputs system;
pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
];
};
treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
@@ -131,11 +187,9 @@
};
devShells.${system} = import ./hosts/common/shells { inherit pkgs; };
lib.${system} = import ./lib { inherit pkgs; };
packages.${system} = import ./packages { inherit pkgs inputs system; };
packages.${system} = import ./packages { inherit pkgs; };
formatter.${system} = treefmt.config.build.wrapper;
checks.formatting.${system} = treefmt.config.build.check inputs.self;
checks.${system}.formatting = treefmt.config.build.check inputs.self;
}
);
}

5
hosts/common/configs/system/cloudflared/default.nix
View File

@@ -1,5 +0,0 @@
{ ... }:
{
# https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/
services.cloudflared.enable = true;
}

22
hosts/common/configs/system/dnsmasq/default.nix
View File

@@ -1,22 +0,0 @@
{ lib, pkgs, ... }:
{
networking.networkmanager.dns = "dnsmasq";
environment.etc."NetworkManager/dnsmasq.d/10-bind-interfaces.conf".source =
(pkgs.formats.keyValue {
mkKeyValue =
name: value:
if value == true then
name
else if value == false then
""
else
lib.generators.mkKeyValueDefault { } "=" name value;
listsAsDuplicateKeys = true;
}).generate
"10-bind-interfaces.conf"
{
bind-interfaces = true;
listen-address = [ "127.0.0.1" ];
};
}

14
hosts/common/configs/system/fail2ban/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ ... }:
{
environment.persistence."/persist/state"."/var/lib/fail2ban" = { };
services.fail2ban = {
enable = true;
bantime = "24h";
bantime-increment = {
enable = true;
maxtime = "720h";
overalljails = true;
};
};
}

4
hosts/common/configs/system/gpg-agent/default.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
programs.gnupg.agent.enable = true;
}

7
hosts/common/configs/system/libvirt/default.nix
View File

@@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, pkgs, ... }:
{
virtualisation = {
libvirtd = {

4
hosts/common/configs/system/nix-install/install.completion.zsh
View File

@@ -18,8 +18,8 @@ _nix-install_completion() {
_list_keys() {
local flake="$(realpath ${words[2]})"
if [[ -d "$flake/secrets" ]]; then
find "$flake/secrets" -type f -name 'key.txt' | sed -E 's|^.*/secrets/([^/]+)/key.txt$|\1|' | sort -u
if [[ -d "$flake/submodules/secrets/domains" ]]; then
find "$flake/submodules/secrets/domains" -type f -name 'key.txt' | sed -E 's|^.*/submodules/secrets/domains/([^/]+)/key.txt$|\1|' | sort -u
fi
}

26
hosts/common/configs/system/nix-install/install.sh
View File

@@ -43,17 +43,17 @@ check_host() {
}
check_key() {
if [[ -n "$key" ]] && [[ ! -f "$flake/secrets/$key/key.txt" ]]; then
if [[ -n "$key" ]] && [[ ! -f "$flake/submodules/secrets/domains/$key/key.txt" ]]; then
echo "Key '$key' not found."
exit 1
fi
}
set_password_file() {
SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt"
export SOPS_AGE_KEY_FILE
install -m 600 /dev/null /tmp/keyfile
sops --decrypt --extract "['luks']" "$flake/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile
sops --decrypt --extract "['luks']" "$flake/submodules/secrets/hosts/$host/secrets.yaml" > /tmp/keyfile
unset SOPS_AGE_KEY_FILE
}
@@ -66,7 +66,7 @@ prepare_disk() {
copy_sops_keys() {
mkdir -p "$root/persist/state/etc/ssh"
cp -f "$flake/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
cp -f "$flake/submodules/secrets/hosts/$host/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
for path in "$flake/hosts/$host/users"/*; do
if [[ -z "$key" ]]; then
@@ -77,7 +77,7 @@ copy_sops_keys() {
user=$(basename "$path")
mkdir -p "$root/persist/state/home/$user/.config/sops-nix"
cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
cp -f "$flake/submodules/secrets/domains/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
owner=$(cat "$flake/hosts/$host/users/$user/uid")
group=100
@@ -92,16 +92,16 @@ copy_sops_keys() {
copy_secure_boot_keys() {
mkdir -p "$root/persist/state/var/lib/sbctl/keys"/{db,KEK,PK}
SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
SOPS_AGE_KEY_FILE="$flake/submodules/secrets/domains/$key/key.txt"
export SOPS_AGE_KEY_FILE
sops --decrypt --extract "['guid']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
sops --decrypt --extract "['keys']['kek']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
sops --decrypt --extract "['keys']['kek']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
sops --decrypt --extract "['keys']['pk']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
sops --decrypt --extract "['keys']['pk']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
sops --decrypt --extract "['keys']['db']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
sops --decrypt --extract "['keys']['db']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"
sops --decrypt --extract "['guid']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
sops --decrypt --extract "['keys']['kek']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
sops --decrypt --extract "['keys']['kek']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
sops --decrypt --extract "['keys']['pk']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
sops --decrypt --extract "['keys']['pk']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
sops --decrypt --extract "['keys']['db']['key']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
sops --decrypt --extract "['keys']['db']['pem']" "$flake/submodules/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"
chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/*

34
hosts/common/configs/system/nix/default.nix
View File

@@ -1,27 +1,51 @@
{ config, inputs, ... }:
{
config,
inputs,
lib,
...
}:
{
sops = {
secrets = {
"git/credentials/github.com/public/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"git/credentials/github.com/public/password".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"git/credentials/github.com/tokens/public".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
};
templates.nix-access-tokens = {
templates = {
nix-access-tokens = {
content = ''
access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/public/password"}
access-tokens = github.com=${config.sops.placeholder."git/credentials/github.com/tokens/public"}
'';
group = "users";
mode = "0440";
};
nix-netrc = {
content = ''
machine nix.karaolidis.com
password ${config.sops.placeholder."nix/cache/nix.karaolidis.com"}
'';
group = "users";
mode = "0440";
};
};
};
nix = {
settings = {
trusted-users = lib.mkAfter [ "@wheel" ];
use-xdg-base-directories = true;
experimental-features = [
"nix-command"
"flakes"
];
download-buffer-size = 524288000;
substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ];
trusted-substituters = config.nix.settings.substituters;
trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ];
netrc-file = config.sops.templates.nix-netrc.path;
};
channel.enable = false;

4
hosts/common/configs/system/nixpkgs/default.nix
View File

@@ -1,7 +1,5 @@
{ inputs, system, ... }:
{ system, ... }:
{
imports = [ inputs.nur.modules.nixos.default ];
nixpkgs = {
hostPlatform = system;
config.allowUnfree = true;

4
hosts/common/configs/system/ssh-agent/default.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
programs.ssh.startAgent = true;
}

2
hosts/common/configs/system/ssh/default.nix
View File

@@ -12,7 +12,7 @@
jupiter-sish = {
publicKeyFile = "${inputs.secrets}/hosts/jupiter/ssh_sish_ed25519_key.pub";
extraHostNames = [ "karaolidis.com" ];
extraHostNames = [ "tunnel.karaolidis.com" ];
};
jupiter-vps = {

23
hosts/common/configs/system/sshd/default.nix
View File

@@ -1,31 +1,12 @@
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
kitty.terminfo
tmux.terminfo
];
environment.systemPackages = with pkgs; [ kitty.terminfo ];
persistence."/persist/state"."/var/lib/fail2ban" = { };
};
services = {
openssh = {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PrintMotd = false;
};
};
fail2ban = {
enable = true;
bantime = "24h";
bantime-increment = {
enable = true;
maxtime = "720h";
overalljails = true;
};
};
};
}

10
hosts/common/configs/system/tmux/default.nix
View File

@@ -1,10 +0,0 @@
{ ... }:
{
programs.tmux = {
enable = true;
clock24 = true;
historyLimit = 10000;
keyMode = "vi";
newSession = true;
};
}

8
hosts/common/configs/user/console/android/default.nix
View File

@@ -1,14 +1,6 @@
{ user, home }:
{ config, pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
android-tools = prev.android-tools.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./env-var-user-home.patch ];
});
})
];
programs.adb.enable = true;
services.gvfs.enable = true;

33
hosts/common/configs/user/console/attic/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{ user, home }:
{
config,
inputs,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user} = {
sops = {
secrets."nix/cache/nix.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
templates."attic" = {
content = builtins.readFile (
(pkgs.formats.toml { }).generate "config.toml" {
default-server = "main";
servers."main" = {
endpoint = "https://nix.karaolidis.com/";
token = hmConfig.sops.placeholder."nix/cache/nix.karaolidis.com";
};
}
);
path = "${home}/.config/attic/config.toml";
};
};
home.packages = with pkgs; [ attic-client ];
};
}

21
hosts/common/configs/user/console/btop/default.nix
View File

@@ -1,9 +1,11 @@
{ user, home }:
{ ... }:
{ lib, pkgs, ... }:
{
home-manager.users.${user}.programs.btop = {
home-manager.users.${user} = {
programs.btop = {
enable = true;
settings = {
color_theme = "matugen";
theme_background = false;
presets = "";
vim_keys = true;
@@ -14,4 +16,19 @@
disks_filter = "/ /nix /persist";
};
};
theme = {
template.".config/btop/themes/matugen.theme".source = ./theme.theme;
reloadExtraConfig = "${
lib.meta.getExe (
pkgs.writeShellApplication {
name = "reload-btop";
runtimeInputs = with pkgs; [ procps ];
text = "exec pkill btop -SIGUSR2";
}
)
} &";
};
};
}

0
hosts/common/configs/user/gui/btop/theme.theme → hosts/common/configs/user/console/btop/theme.theme
View File

36
hosts/common/configs/user/console/git/default.nix
View File

@@ -41,5 +41,41 @@ in
);
};
};
home = {
packages = with pkgs; [
(pkgs.writeShellApplication {
name = "gh";
runtimeInputs = with pkgs; [ gh ];
text = builtins.readFile ./gh.sh;
})
(pkgs.writeShellApplication {
name = "glab";
runtimeInputs = with pkgs; [ glab ];
text = builtins.readFile ./glab.sh;
})
(pkgs.writeShellApplication {
name = "tea";
runtimeInputs = with pkgs; [ tea ];
text = builtins.readFile ./tea.sh;
})
];
sessionVariables = {
GITEA_HOST = "git.karaolidis.com";
GITEA_SSH_HOST = "karaolidis.com";
};
};
xdg.configFile = {
"gh/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
version = 1;
git_protocol = "ssh";
};
"glab-cli/config.yml".source = (pkgs.formats.yaml { }).generate "config.yml" {
git_protocol = "ssh";
};
};
};
}

8
hosts/common/configs/user/console/git/gh.sh Normal file
View File

@@ -0,0 +1,8 @@
# shellcheck shell=bash
GH_HOST="${GH_HOST:-github.com}"
GH_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GH_HOST}#\1#p" "$HOME/.config/git/credentials")
export GH_TOKEN
exec gh "$@"

8
hosts/common/configs/user/console/git/glab.sh Normal file
View File

@@ -0,0 +1,8 @@
# shellcheck shell=bash
GITLAB_HOST="${GITLAB_HOST:-gitlab.com}"
GITLAB_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITLAB_HOST}#\1#p" "$HOME/.config/git/credentials")
export GITLAB_TOKEN
exec glab "$@"

13
hosts/common/configs/user/console/git/tea.sh Normal file
View File

@@ -0,0 +1,13 @@
# shellcheck shell=bash
GITEA_HOST="${GITEA_HOST:-gitea.com}"
GITEA_SSH_HOST="${GITEA_SSH_HOST:-gitea.com}"
GITEA_TOKEN=$(sed -n "s#https://[^:]*:\([^@]*\)@${GITEA_HOST}#\1#p" "$HOME/.config/git/credentials")
GITEA_INSTANCE_URL="https://${GITEA_HOST}"
GITEA_INSTANCE_SSH_HOST="$GITEA_SSH_HOST"
export GITEA_TOKEN
export GITEA_INSTANCE_URL
export GITEA_INSTANCE_SSH_HOST
exec tea "$@"

4
hosts/common/configs/user/console/gpg-agent/default.nix
View File

@@ -20,6 +20,10 @@
enable = true;
defaultCacheTtl = 31536000;
maxCacheTtl = 31536000;
pinentry = {
package = pkgs.pinentry-all;
program = "pinentry-tty";
};
};
systemd.user = {

22
hosts/common/configs/user/console/home-manager/default.nix
View File

@@ -1,5 +1,10 @@
{ user, home }:
{ config, inputs, ... }:
{
config,
inputs,
lib,
...
}:
{
imports = [ inputs.home-manager.nixosModules.default ];
@@ -15,10 +20,17 @@
home.stateVersion = "24.11";
systemd.user.startServices = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings = {
inherit (config.nix.settings)
use-xdg-base-directories
experimental-features
download-buffer-size
substituters
trusted-substituters
trusted-public-keys
netrc-file
;
};
};
};
}

5
hosts/common/configs/user/console/ncspot/default.nix
View File

@@ -6,11 +6,6 @@
"/persist/cache"."${home}/.cache/ncspot" = { };
};
# FIXME: https://github.com/hrkfdn/ncspot/issues/1676
networking.extraHosts = ''
0.0.0.0 apresolve.spotify.com
'';
home-manager.users.${user} = {
programs.ncspot.enable = true;

309
hosts/common/configs/user/console/neovim/default.nix
View File

@@ -1,22 +1,299 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs = {
neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
extraConfig = ''
set tabstop=2
set shiftwidth=2
set expandtab
set smartindent
set mouse=
'';
inputs,
lib,
pkgs,
...
}:
{
environment.persistence = {
"/persist/state"."${home}/.local/share/nvf" = { };
"/persist/cache"."${home}/.cache/nvf" = { };
};
zsh.p10k.extraRightPromptElements = [ "vim_shell" ];
home-manager.users.${user} = {
imports = [ inputs.nvf.homeManagerModules.default ];
programs = {
nvf = {
enable = true;
defaultEditor = true;
settings = {
vim = {
enableLuaLoader = true;
viAlias = true;
vimAlias = true;
autocomplete = {
blink-cmp.enable = true;
};
binds = {
# hardtime-nvim.enable = true;
whichKey.enable = true;
};
clipboard = {
enable = true;
providers.wl-copy.enable = true;
registers = "unnamedplus";
};
comments = {
comment-nvim.enable = true;
};
# dashboard = {
# alpha.enable = true;
# };
filetree = {
neo-tree = {
enable = true;
setupOpts = {
git_status_async = true;
window.mappings = lib.generators.mkLuaInline ''
{
["<space>"] = "noop",
}
'';
};
};
};
# formatter = {
# conform-nvim.enable = true;
# };
git = {
enable = true;
# git-conflict.enable = true;
gitsigns.enable = true;
# neogit.enable = true;
};
languages = {
enableDAP = true;
enableFormat = true;
enableTreesitter = true;
enableExtraDiagnostics = true;
assembly.enable = true;
bash.enable = true;
clang.enable = true;
csharp.enable = true;
css.enable = true;
go.enable = true;
html.enable = true;
java.enable = true;
lua.enable = true;
markdown.enable = true;
nix = {
enable = true;
format.type = "nixfmt";
lsp.options.nil = {
nix = {
maxMemoryMB = null;
flake = {
autoArchive = true;
autoEvalInputs = true;
};
};
};
};
php.enable = true;
python.enable = true;
rust.enable = true;
sql.enable = true;
svelte.enable = true;
ts.enable = true;
yaml.enable = true;
};
lsp = {
enable = true;
formatOnSave = true;
# nvim-docs-view.enable = true;
# otter-nvim.enable = true;
# trouble.enable = true;
};
# minimap = {
# codewindow.enable = true;
# };
notify = {
nvim-notify.enable = true;
};
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smartindent = true;
};
# projects = {
# project-nvim.enable = true;
# };
searchCase = "smart";
# snippets = {
# luasnip.enable = true;
# };
tabline = {
nvimBufferline = {
enable = true;
mappings.closeCurrent = "<leader>bd";
setupOpts.options = {
indicator.style = "icon";
show_close_icon = false;
show_buffer_close_icons = false;
};
};
};
telescope = {
enable = true;
setupOpts.defaults.file_ignore_patterns = [
"node_modules"
"%.venv/"
"%.git/"
"dist/"
"build/"
"target/"
"result/"
];
};
terminal = {
toggleterm = {
enable = true;
setupOpts.winbar.enabled = false;
};
};
treesitter = {
enable = true;
context.enable = true;
fold = true;
textobjects.enable = true;
};
ui = {
# breadcrumbs = {
# enable = true;
# navbuddy.enable = true;
# };
colorizer.enable = true;
# fastaction.enable = true;
# illuminate.enable = true;
};
undoFile.enable = true;
utility = {
# diffview-nvim.enable = true;
# icon-picker.enable = true;
# images = {
# img-clip.enable = true;
# };
# mkdir.enable = true;
motion = {
precognition.enable = true;
};
# nvim-biscuits.enable = true;
# smart-splits.enable = true;
surround.enable = true;
# undotree.enable = true;
# yazi-nvim.enable = true;
};
visuals = {
# cinnamon-nvim.enable = true;
# fidget-nvim.enable = true;
# highlight-undo.enable = true;
indent-blankline.enable = true;
nvim-cursorline.enable = true;
# nvim-scrollbar.enable = true;
nvim-web-devicons.enable = true;
};
keymaps = [
{
mode = [ "n" ];
key = "<C-b>";
action = "<C-b>zz";
silent = true;
noremap = true;
desc = "Page up and center";
}
{
mode = [ "n" ];
key = "<C-u>";
action = "<C-u>zz";
silent = true;
noremap = true;
desc = "Half-page up and center";
}
{
mode = [ "n" ];
key = "<C-d>";
action = "<C-d>zz";
silent = true;
noremap = true;
desc = "Half-page down and center";
}
{
mode = [ "n" ];
key = "<C-f>";
action = "<C-f>zz";
silent = true;
noremap = true;
desc = "Page down and center";
}
{
mode = [ "n" ];
key = "<leader>ww";
action = "<cmd>w<CR>";
silent = true;
desc = "Save";
}
{
mode = [ "n" ];
key = "<leader>wq";
action = "<cmd>wq<CR>";
silent = true;
desc = "Save & Quit";
}
{
mode = [ "n" ];
key = "<leader>ee";
action = "<cmd>Neotree toggle<CR>";
silent = true;
desc = "Toggle Neo-tree";
}
{
mode = [ "n" ];
key = "<leader>ef";
action = "<cmd>Neotree reveal<CR>";
silent = true;
desc = "Reveal file in Neo-tree";
}
];
};
};
};
zsh = {
p10k.extraRightPromptElements = [ "vim_shell" ];
shellAliases.v = "nvim";
};
};
};
}

2
hosts/common/configs/user/console/nix-develop/template.nix
View File

@@ -2,8 +2,6 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";

16
hosts/common/configs/user/console/sops/default.nix
View File

@@ -3,12 +3,18 @@
{
environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt" = { };
home-manager.users.${user} = {
home-manager.users.${user} =
let
sopsKeyFile =
if config.environment.impermanence.enable then
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source
else
"${home}/.config/sops-nix/key.txt";
in
{
imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops.age.keyFile =
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
home.sessionVariables.SOPS_AGE_KEY_FILE =
config.environment.persistence."/persist/state"."${home}/.config/sops-nix/key.txt".source;
sops.age.keyFile = sopsKeyFile;
home.sessionVariables.SOPS_AGE_KEY_FILE = sopsKeyFile;
};
}

2
hosts/common/configs/user/console/ssh-agent/default.nix
View File

@@ -3,6 +3,6 @@
{
home-manager.users.${user} = {
services.ssh-agent.enable = true;
programs.ssh.addKeysToAgent = "yes";
programs.ssh.matchBlocks."*".addKeysToAgent = "yes";
};
}

6
hosts/common/configs/user/console/ssh/default.nix
View File

@@ -1,5 +1,9 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.ssh.enable = true;
home-manager.users.${user}.programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks."*".identitiesOnly = true;
};
}

2
hosts/common/configs/user/console/syncthing/default.nix
View File

@@ -14,11 +14,13 @@
"syncthing/key" = {
owner = user;
group = "users";
mode = "0440";
};
# openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing"
"syncthing/cert" = {
owner = user;
group = "users";
mode = "0440";
};
};

5
hosts/common/configs/user/console/tmux/default.nix
View File

@@ -1,5 +0,0 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.tmux.enable = true;
}

8
hosts/common/configs/user/console/yazi/default.nix
View File

@@ -3,13 +3,10 @@
config,
lib,
pkgs,
inputs,
system,
...
}:
let
hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in
{
home-manager.users.${user} = {
@@ -26,7 +23,7 @@ in
opener = {
edit = [
{
run = "${hmConfig.programs.neovim.finalPackage}/bin/nvim \"$@\"";
run = "${hmConfig.programs.nvf.finalPackage}/bin/nvim \"$@\"";
desc = "nvim";
block = true;
}
@@ -187,9 +184,8 @@ in
ouch
mount
mediainfo
custom-shell
;
custom-shell = selfPkgs.yazi-plugin-custom-shell;
};
};

26
hosts/common/configs/user/console/zellij/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user} = {
programs.zellij = {
enable = true;
settings = {
theme = "matugen";
pane_frames = false;
copy_command = "wl-copy";
ui.pane_frames.hide_session_name = true;
pane_viewport_serialization = true;
scrollback_lines_to_serialize = 0;
show_startup_tips = false;
show_release_notes = false;
};
};
theme.template.".config/zellij/themes/matugen.kdl".source = ./theme.kdl;
};
}

128
hosts/common/configs/user/console/zellij/theme.kdl Normal file
View File

@@ -0,0 +1,128 @@
themes {
matugen {
text_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
}
text_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
ribbon_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface_container.default.red}} {{colors.surface_container.default.green}} {{colors.surface_container.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
ribbon_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
table_title {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
table_cell_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
table_cell_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
list_unselected {
base {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_1 {{colors.secondary.default.red}} {{colors.secondary.default.green}} {{colors.secondary.default.blue}}
emphasis_2 {{colors.tertiary.default.red}} {{colors.tertiary.default.green}} {{colors.tertiary.default.blue}}
emphasis_3 {{colors.on_surface.default.red}} {{colors.on_surface.default.green}} {{colors.on_surface.default.blue}}
}
list_selected {
base {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
background {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
emphasis_0 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_1 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_2 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
emphasis_3 {{colors.on_primary.default.red}} {{colors.on_primary.default.green}} {{colors.on_primary.default.blue}}
}
frame_unselected {
base {{colors.outline_variant.default.red}} {{colors.outline_variant.default.green}} {{colors.outline_variant.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
frame_selected {
base {{colors.primary.default.red}} {{colors.primary.default.green}} {{colors.primary.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
frame_highlight {
base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
background {{colors.surface.default.red}} {{colors.surface.default.green}} {{colors.surface.default.blue}}
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
exit_code_success {
base {{colors.success.default.red}} {{colors.success.default.green}} {{colors.success.default.blue}}
background 0
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
exit_code_error {
base {{colors.error.default.red}} {{colors.error.default.green}} {{colors.error.default.blue}}
background 0
emphasis_0 0
emphasis_1 0
emphasis_2 0
emphasis_3 0
}
multiplayer_user_colors {
player_1 0
player_2 0
player_3 0
player_4 0
player_5 0
player_6 0
player_7 0
player_8 0
player_9 0
player_10 0
}
}
}

26
hosts/common/configs/user/gui/btop/default.nix
View File

@@ -1,26 +0,0 @@
{ user, home }:
{
config,
lib,
pkgs,
...
}:
{
home-manager.users.${user} = {
programs.btop.settings.color_theme = "matugen";
theme = {
template.".config/btop/themes/matugen.theme".source = ./theme.theme;
reloadExtraConfig = "${
lib.meta.getExe (
pkgs.writeShellApplication {
name = "reload-btop";
runtimeInputs = with pkgs; [ procps ];
text = "exec pkill btop -SIGUSR2";
}
)
} &";
};
};
}

45
hosts/common/configs/user/gui/darktable/default.nix
View File

@@ -1,24 +1,6 @@
{ user, home }:
{ pkgs, ... }:
{
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
in
{
nixpkgs.overlays = [
(final: prev: {
darktable = prev.darktable.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./better-copy-and-import.patch ];
});
})
];
environment.persistence = {
"/persist/state" = {
"${home}/.config/darktable/data.db" = { };
@@ -28,22 +10,11 @@ in
};
home-manager.users.${user} = {
home = {
packages =
with pkgs;
with selfPkgs;
[
home.packages = with pkgs; [
darktable
exiftool
darktable-ghost-cms-publish
];
sessionVariables = {
GHOST_URL = "https://photos.karaolidis.com";
GHOST_ADMIN_API_KEY_PATH = hmConfig.sops.secrets."jupiter/photos.karaolidis.com/admin".path;
};
};
xdg.configFile = {
"darktable/darktablerc".source = (pkgs.formats.keyValue { }).generate "darktablerc" {
"compress_xmp_tags" = "never";
@@ -69,19 +40,13 @@ in
"darktable/luarc".text = ''
require "tools/script_manager"
require "tools/publish"
'';
"darktable/lua/lib".source = "${selfPkgs.darktable-lua-scripts}/lib";
"darktable/lua/lib".source = "${pkgs.darktable-lua-scripts}/lib";
"darktable/lua/tools/script_manager.lua".source =
"${selfPkgs.darktable-lua-scripts}/tools/script_manager.lua";
"darktable/lua/tools/publish.lua".source =
"${selfPkgs.darktable-ghost-cms-publish}/lib/darktable-ghost-cms-publish/publish.lua";
"${pkgs.darktable-lua-scripts}/tools/script_manager.lua";
"darktable/luts".source = selfPkgs.darktable-hald-clut;
"darktable/luts".source = pkgs.darktable-hald-clut;
};
sops.secrets."jupiter/photos.karaolidis.com/admin".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
};
}

10
hosts/common/configs/user/gui/hyprland/default.nix
View File

@@ -6,14 +6,6 @@
...
}:
{
nixpkgs.overlays = [
(final: prev: {
hyprland = prev.hyprland.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./fix-maxwidth-resolution-mode.patch ];
});
})
];
programs.hyprland = {
enable = true;
withUWSM = true;
@@ -162,7 +154,7 @@
programs.zsh = {
loginExtra = lib.mkAfter ''
if uwsm check may-start; then
if uwsm check may-start > /dev/null; then
exec uwsm start hyprland-uwsm.desktop
fi
'';

5
hosts/common/configs/user/gui/hyprsunset/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.services.hyprsunset.enable = true;
}

50
hosts/common/configs/user/gui/kitty/default.nix
View File

@@ -26,6 +26,56 @@ in
enable_audio_bell = false;
};
keybindings =
{ }
// builtins.listToAttrs (
builtins.map
(k: {
name = k;
value = "no_op";
})
[
# Window management
"kitty_mod+enter"
"kitty_mod+n"
"kitty_mod+w"
"kitty_mod+]"
"kitty_mod+["
"kitty_mod+f"
"kitty_mod+b"
"kitty_mod+`"
"kitty_mod+r"
"kitty_mod+1"
"kitty_mod+2"
"kitty_mod+3"
"kitty_mod+4"
"kitty_mod+5"
"kitty_mod+6"
"kitty_mod+7"
"kitty_mod+8"
"kitty_mod+9"
"kitty_mod+0"
"kitty_mod+f7"
"kitty_mod+f8"
# Tab management
"kitty_mod+right"
"shift+cmd+]"
"ctrl+tab"
"kitty_mod+left"
"shift+cmd+["
"ctrl+shift+tab"
"kitty_mod+t"
"kitty_mod+q"
"kitty_mod+."
"kitty_mod+,"
"kitty_mod+alt+t"
# Layout management
"kitty_mod+l"
]
);
extraConfig = ''
include theme.conf
'';

6
hosts/common/configs/user/gui/mpv/default.nix
View File

@@ -1,12 +1,6 @@
{ user, home }:
{ pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
mpv = pkgs.mpv-unwrapped.wrapper { mpv = pkgs.mpv-unwrapped.override { cddaSupport = true; }; };
})
];
home-manager.users.${user} = {
programs.mpv = {
enable = true;

33
hosts/common/configs/user/gui/obsidian/default.nix
View File

@@ -4,11 +4,9 @@
lib,
pkgs,
inputs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
in
{
@@ -78,9 +76,9 @@ in
}
];
communityPlugins = [
communityPlugins = with pkgs; [
{
pkg = selfPkgs.obsidian-plugin-better-word-count;
pkg = obsidianPlugins.better-word-count;
settings = {
statusBar = [
{
@@ -106,7 +104,7 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-dataview;
pkg = obsidianPlugins.dataview;
settings = {
enableDataviewJs = true;
enableInlineDataviewJs = true;
@@ -116,7 +114,7 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-excalidraw;
pkg = obsidianPlugins.excalidraw;
settings = {
folder = "Inbox";
templateFilePath = "Templates";
@@ -139,7 +137,7 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-kanban;
pkg = obsidianPlugins.kanban;
settings = {
move-tags = true;
move-dates = true;
@@ -153,7 +151,7 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-languagetool;
pkg = obsidianPlugins.languagetool;
settings = {
shouldAutoCheck = true;
pickyMode = true;
@@ -162,7 +160,7 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-linter;
pkg = obsidianPlugins.linter;
settings = {
lintOnSave = true;
displayChanged = false;
@@ -302,7 +300,7 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-map-view;
pkg = obsidianPlugins.map-view;
settings = {
"markerIconRules" = [
{
@@ -388,21 +386,21 @@ in
};
}
{
pkg = selfPkgs.obsidian-plugin-minimal-settings;
pkg = obsidianPlugins.minimal-settings;
settings = {
editorFont = "var(--font-monospace)";
};
}
{
pkg = selfPkgs.obsidian-plugin-outliner;
pkg = obsidianPlugins.outliner;
settings = {
styleLists = false;
stickCursor = "never";
};
}
(selfPkgs.obsidian-plugin-style-settings)
(obsidianPlugins.style-settings)
{
pkg = selfPkgs.obsidian-plugin-tasks;
pkg = obsidianPlugins.tasks;
settings = {
globalQuery = "short mode";
globalFilter = "#todo";
@@ -548,10 +546,10 @@ in
};
};
}
(selfPkgs.obsidian-plugin-url-into-selection)
(obsidianPlugins.url-into-selection)
];
themes = [ selfPkgs.obsidian-theme-minimal ];
themes = with pkgs; [ obsidianThemes.minimal ];
hotkeys = {
"command-palette:open" = [ { key = "F1"; } ];
@@ -608,6 +606,7 @@ in
}
) hmConfig.programs.obsidian.vaults;
sops.secrets."google/cloud/obsidian/geocoding".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sops.secrets."google/cloud/obsidian/geocoding".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
};
}

15
hosts/common/configs/user/gui/spicetify/default.nix
View File

@@ -7,18 +7,9 @@
...
}:
let
selfLib = inputs.self.lib.${system};
hmConfig = config.home-manager.users.${user};
in
{
nixpkgs.overlays = [
(final: prev: {
spicetify-cli = prev.spicetify-cli.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./user-colors.patch ];
});
})
];
networking.firewall = {
allowedTCPPorts = [ 57621 ];
allowedUDPPorts = [ 5353 ];
@@ -64,13 +55,13 @@ in
];
};
sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
xdg.configFile = {
"spotify/prefs.init" = {
source = ./config/prefs;
onChange = ''
${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs"
${lib.runtime.merge.keyValue} "${home}/.config/spotify/prefs.init" "${home}/.config/spotify/prefs"
'';
};
@@ -78,7 +69,7 @@ in
source = ./config/prefs-user;
onChange = ''
user=$(cat "${hmConfig.sops.secrets."spotify/username".path}")
${selfLib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs"
${lib.runtime.merge.keyValue} "${home}/.config/spotify/prefs-user.init" "${home}/.config/spotify/Users/''${user}-user/prefs"
'';
};
};

11
hosts/elara/README.md
View File

@@ -4,7 +4,12 @@
This host uses private SAS repositories. You can find the imports for these in:
- [./default.nix](./default.nix)
- [./users/nikara/default.nix](./users/nikara/default.nix)
You must build the system once with `sas.build.private = false;`. Then, connect to the SAS VPN, and rebuild the system.
You must build the system once with these imports commented out. Then, connect to the SAS VPN, uncomment them, and rebuild the system.
## Installation Instructions
1. Using a separate Nix system, run `hosts/elara/build-tarball.sh`
2. Copy the generated tarball to the Elara host
3. On the Elara host, run `wsl --import NixOS $env:USERPROFILE\NixOS nixos.wsl --version 2` in PowerShell
4. Enable `cgroup v2` support by setting `kernelCommandLine=cgroup_no_v1=all` in `.wslconfig` in your Windows home directory
5. Optionally, run `wsl --set-default nixos` to make NixOS the default WSL distribution

23
hosts/elara/build-tarball.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
temp=$(mktemp -d)
cleanup() {
rm -rf "$temp"
}
trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh"
cp ./submodules/secrets/hosts/elara/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
install -d -m 700 "$temp/home/nikara"
install -d -m 755 "$temp/home/nikara/.config/sops-nix"
cp ./submodules/secrets/domains/sas/key.txt "$temp/home/nikara/.config/sops-nix/key.txt"
sudo nix run .#nixosConfigurations.elara.config.system.build.tarballBuilder -- \
--extra-files "$temp" \
--chown /home/nikara 1000:100

4
hosts/elara/configs/nix/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ inputs, ... }:
{
nix.registry.sas.flake = inputs.sas;
}

12
hosts/elara/configs/pki/default.nix
View File

@@ -1,15 +1,11 @@
{
config,
inputs,
system,
lib,
pkgs,
...
}:
let
selfPkgs = inputs.self.packages.${system};
in
{
security.pki.certificateFiles = lib.lists.optionals config.sas.build.private [
"${selfPkgs.sas-cacert}/etc/ssl/certs/ca-bundle.crt"
];
security.pki.certificateFiles =
with pkgs;
lib.lists.optionals config.sas.build.private [ "${sas-cacert}/etc/ssl/certs/ca-bundle.crt" ];
}

4
hosts/elara/configs/podman/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ lib, ... }:
{
virtualisation.containers.storage.settings.storage.driver = lib.mkForce "overlay";
}

23
hosts/elara/configs/ssh/default.nix
View File

@@ -1,23 +1,20 @@
{
config,
inputs,
system,
lib,
pkgs,
...
}:
let
selfPkgs = inputs.self.packages.${system};
in
{
sops.secrets = {
"ssh/personal/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "ssh/key";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
"ssh/sas/ed25519/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/ed25519/key";
path = "/root/.ssh/ssh_sas_ed25519_key";
};
@@ -29,23 +26,21 @@ in
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
Host github.com
Host github.sas.com
User git
HostName github.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key
IdentitiesOnly yes
UserKnownHostsFile ${pkgs.sshKnownHosts.github}
Host gitlab.sas.com
User git
HostName gitlab.sas.com
IdentityFile /root/.ssh/ssh_sas_ed25519_key
IdentitiesOnly yes
${lib.strings.optionalString config.sas.build.private "UserKnownHostsFile ${pkgs.sshKnownHosts.sas-gitlab}"}
'';
knownHostsFiles =
with selfPkgs;
(
[ ssh-known-hosts-github ]
++ lib.lists.optionals config.sas.build.private [ ssh-known-hosts-sas-gitlab ]
);
};
}

49
hosts/elara/default.nix
View File

@@ -1,55 +1,41 @@
{ config, inputs, ... }:
{ inputs, lib, ... }:
{
imports = [
./options.nix
nixpkgs.overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
inputs.sas.overlays.default
];
imports = [
inputs.nixos-wsl.nixosModules.default
inputs.sas.nixosModules.default
inputs.disko.nixosModules.disko
./format.nix
./hardware
./options.nix
../common/configs/system
../common/configs/system/bluetooth
../common/configs/system/boot
../common/configs/system/brightnessctl
../common/configs/system/btrbk
../common/configs/system/btrfs
../common/configs/system/cloudflared
../common/configs/system/dnsmasq
../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/libvirt
../common/configs/system/neovim
../common/configs/system/networkmanager
../common/configs/system/nix
../common/configs/system/nix-cleanup
../common/configs/system/nix-install
../common/configs/system/nix-ld
../common/configs/system/nix-update
../common/configs/system/nixpkgs
../common/configs/system/ntp
../common/configs/system/pipewire
../common/configs/system/podman
../common/configs/system/power
../common/configs/system/printing
../common/configs/system/smartmontools
../common/configs/system/sops
../common/configs/system/ssh
../common/configs/system/ssh-agent
../common/configs/system/sshd
../common/configs/system/sudo
../common/configs/system/system
../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower
../common/configs/system/users
../common/configs/system/zsh
"${inputs.secrets}/hosts/elara/configs/globalprotect"
./configs/nix
./configs/pki
./configs/podman
./configs/ssh
./users/nikara
@@ -57,8 +43,7 @@
networking.hostName = "elara";
sas.build.private = true;
sas.build.private = false;
environment.impermanence.device =
config.disko.devices.disk.usb.content.partitions.root.content.content.device;
environment.impermanence.enable = lib.mkForce false;
}

87
hosts/elara/format.nix
View File

@@ -1,87 +0,0 @@
{
disko.devices = {
disk.usb = {
device = "/dev/disk/by-id/ata-Samsung_SSD_990_EVO_1TB_S7GCNL0XA04998F";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "esp";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
swap = {
name = "swap";
size = "32G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
name = "usb";
type = "luks";
passwordFile = "/tmp/keyfile";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd:3"
"noatime"
"user_subvol_rm_allowed"
];
in
{
"@" = {
mountpoint = "/";
inherit mountOptions;
};
"@persist" = {
mountpoint = "/persist";
inherit mountOptions;
};
"@persist/user" = {
mountpoint = "/persist/user";
inherit mountOptions;
};
"@persist/state" = {
mountpoint = "/persist/state";
inherit mountOptions;
};
"@persist/cache" = {
mountpoint = "/persist/cache";
inherit mountOptions;
};
"@nix" = {
mountpoint = "/nix";
inherit mountOptions;
};
};
};
};
};
};
};
};
};
}

19
hosts/elara/hardware/default.nix
View File

@@ -1,19 +1,10 @@
{ ... }:
{
boot.initrd.kernelModules = [
"xhci_pci"
"uas"
"sd_mod"
];
imports = [ ./display.nix ];
services.tlp.settings.DISK_DEVICES = "sda";
# By default, this host runs on an external SSD attached to himalia...
imports = [ ../../himalia/hardware ];
# ...but it can also run attached to a SAS-provided laptop.
specialisation.sas.configuration = {
disabledModules = [ ../../himalia/hardware ];
imports = [ ./sas ];
wsl = {
enable = true;
tarball.configPath = ../../../.;
startMenuLaunchers = true;
};
}

6
hosts/elara/hardware/display.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
home-manager.sharedModules = [
{ programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2; }
];
}

25
hosts/elara/hardware/sas/default.nix
View File

@@ -1,25 +0,0 @@
{ ... }:
{
imports = [ ./display.nix ];
hardware = {
enableAllFirmware = true;
cpu = {
cores = 8;
threads = 12;
intel.updateMicrocode = true;
};
};
boot = {
kernelModules = [ "kvm-intel" ];
initrd.kernelModules = [
"thunderbolt"
"vmd"
"nvme"
];
};
services.fstrim.enable = true;
}

30
hosts/elara/hardware/sas/display.nix
View File

@@ -1,30 +0,0 @@
{ ... }:
{
boot.kernelParams = [ "video=eDP-1:1920x1200@60" ];
home-manager.sharedModules = [
{
wayland.windowManager.hyprland.settings = {
monitor = [
"eDP-1, preferred, 0x0, 1"
", maxwidth, auto-center-up, 1"
];
workspace = [
"1, monitor:eDP-1, layoutopt:orientation:left"
"2, monitor:eDP-1, layoutopt:orientation:left"
"3, monitor:eDP-1, layoutopt:orientation:left"
"4, monitor:eDP-1, layoutopt:orientation:left"
"5, monitor:eDP-1, layoutopt:orientation:left"
"6, monitor:eDP-1, layoutopt:orientation:left"
"7, monitor:eDP-1, layoutopt:orientation:left"
"8, monitor:eDP-1, layoutopt:orientation:left"
"9, monitor:eDP-1, layoutopt:orientation:left"
"10, monitor:eDP-1, layoutopt:orientation:left"
];
};
programs.vscode.profiles.default.userSettings."window.zoomLevel" = (1.25 - 1) / 0.2;
}
];
}

9
hosts/elara/users/nikara/configs/console/c/default.nix
View File

@@ -1,9 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [
gcc
cmake
gnumake
];
}

26
hosts/elara/users/nikara/configs/console/go/default.nix
View File

@@ -1,26 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
environment.persistence."/persist/cache"."${home}/.local/share/go" = { };
home-manager.users.${user} = {
programs.go = {
enable = true;
goPath = ".local/share/go";
};
home = {
packages = with pkgs; [
gopls
go-tools
golangci-lint
golangci-lint-langserver
];
sessionVariables = {
GOPROXY = "goproxy.unx.sas.com";
GONOSUMDB = "*.sas.com,sassoftware.io";
};
};
};
}

15
hosts/elara/users/nikara/configs/console/gpg/default.nix
View File

@@ -1,5 +1,10 @@
{ user, home }:
{ config, inputs, ... }:
{
config,
inputs,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
in
@@ -7,22 +12,22 @@ in
home-manager.users.${user} = {
sops.secrets = {
"gpg/personal/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "gpg/key";
};
"gpg/personal/pass" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "gpg/pass";
};
"gpg/sas/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "gpg/key";
};
"gpg/sas/pass" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "gpg/pass";
};
};

23
hosts/elara/users/nikara/configs/console/gradle/default.nix
View File

@@ -1,23 +0,0 @@
{ user, home }:
{ config, pkgs, ... }:
let
hmConfig = config.home-manager.users.${user};
in
{
environment.persistence."/persist/cache"."${home}/.local/share/gradle" = { };
home-manager.users.${user} = {
programs.gradle = {
enable = true;
home = ".local/share/gradle";
};
sops.templates."gradle.properties" = {
content = ''
cdpUser=${hmConfig.sops.placeholder."artifactory/cdp/user"}
cdpPassword=${hmConfig.sops.placeholder."artifactory/cdp/password"}
'';
path = "${home}/.local/share/gradle/gradle.properties";
};
};
}

8
hosts/elara/users/nikara/configs/console/java/default.nix
View File

@@ -1,8 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.programs.java = {
enable = true;
package = pkgs.jdk17;
};
}

17
hosts/elara/users/nikara/configs/console/kubernetes/default.nix
View File

@@ -1,17 +0,0 @@
{ user, home }:
{ pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
telepresence = prev.telepresence.overrideAttrs (oldAttrs: {
patches = oldAttrs.patches or [ ] ++ [ ./extend-timeout.patch ];
});
})
];
home-manager.users.${user}.home.packages = with pkgs; [
telepresence
kubeval
calicoctl
];
}

6
hosts/elara/users/nikara/configs/console/neovim/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.programs.nvf.settings.vim.clipboard.providers.wl-copy.package =
pkgs.wsl-wl-clipboard;
}

12
hosts/elara/users/nikara/configs/console/podman/default.nix
View File

@@ -10,20 +10,21 @@ let
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user}.sops = {
home-manager.users.${user} = {
sops = {
secrets = {
"registry/personal/git.karaolidis.com" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "registry/git.karaolidis.com";
};
"registry/personal/docker.io" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "registry/docker.io";
};
"registry/sas/cr.sas.com" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "registry/cr.sas.com";
};
};
@@ -47,4 +48,7 @@ in
path = "${home}/.config/containers/auth.json";
};
};
services.podman.settings.storage.storage.driver = lib.mkForce "overlay";
};
}

84
hosts/elara/users/nikara/configs/console/sas/default.nix
View File

@@ -1,8 +1,84 @@
{ user, home }:
{ inputs, ... }:
{
home-manager.users.${user}.sops.secrets = {
"artifactory/cdp/user".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
"artifactory/cdp/password".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
config,
inputs,
pkgs,
lib,
...
}:
let
hmConfig = config.home-manager.users.${user};
in
{
environment.persistence."/persist/cache" = {
"${home}/.local/share/go" = { };
"${home}/.local/share/gradle" = { };
};
home-manager.users.${user} = {
sops = {
secrets = {
"artifactory/cdp/user".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"artifactory/cdp/password".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"viya/orders-api/key".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
"viya/orders-api/secret".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
};
templates."gradle.properties" = {
content = ''
cdpUser=${hmConfig.sops.placeholder."artifactory/cdp/user"}
cdpPassword=${hmConfig.sops.placeholder."artifactory/cdp/password"}
'';
path = "${home}/.local/share/gradle/gradle.properties";
};
};
programs = {
go = {
enable = true;
goPath = ".local/share/go";
};
gradle = {
enable = true;
home = ".local/share/gradle";
};
java = {
enable = true;
package = pkgs.jdk17;
};
};
home = {
packages =
with pkgs;
[
gcc
gopls
go-tools
delve
golangci-lint
golangci-lint-langserver
]
++ lib.lists.optionals config.sas.build.private [
viya4-orders-cli
sagew
sonder
klog
];
sessionVariables = {
GOPROXY = "goproxy.unx.sas.com";
GONOSUMDB = "*.sas.com,sassoftware.io";
};
};
xdg.configFile."viya4-orders-cli/config.yaml" = lib.mkIf config.sas.build.private {
source = (pkgs.formats.yaml { }).generate "config.yaml" {
clientCredentialsIdFile = hmConfig.sops.secrets."viya/orders-api/key".path;
clientCredentialsSecretFile = hmConfig.sops.secrets."viya/orders-api/secret".path;
};
};
};
}

131
hosts/elara/users/nikara/configs/console/ssh/default.nix
View File

@@ -2,122 +2,181 @@
{
config,
inputs,
system,
pkgs,
lib,
...
}:
let
hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"ssh/personal/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "ssh/key";
path = "${home}/.ssh/ssh_personal_ed25519_key";
};
"ssh/personal/pass" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "ssh/pass";
};
"ssh/sas/ed25519/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/ed25519/key";
path = "${home}/.ssh/ssh_sas_ed25519_key";
};
"ssh/sas/ed25519/pass" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/ed25519/pass";
};
"ssh/sas/rsa/key" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/rsa/key";
path = "${home}/.ssh/ssh_sas_rsa_key";
};
"ssh/sas/rsa/pass" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "ssh/rsa/pass";
};
"git/credentials/personal/git.karaolidis.com/admin/username" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/admin/username";
"git/credentials/personal/git.karaolidis.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/username";
};
"git/credentials/personal/git.karaolidis.com/admin/password" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/admin/password";
"git/credentials/personal/git.karaolidis.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/git.karaolidis.com/tokens/admin";
};
"git/credentials/sas/github.com/admin/username" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "git/credentials/github.com/admin/username";
"git/credentials/sas/github.com/username" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "git/credentials/github.com/username";
};
"git/credentials/sas/github.com/admin/password" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
key = "git/credentials/github.com/admin/password";
"git/credentials/sas/github.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "git/credentials/github.com/tokens/admin";
};
"git/credentials/personal/github.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/github.com/username";
};
"git/credentials/personal/github.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/github.com/tokens/admin";
};
"git/credentials/personal/gitlab.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitlab.com/username";
};
"git/credentials/personal/gitlab.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitlab.com/tokens/admin";
};
"git/credentials/personal/gitea.com/username" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitea.com/username";
};
"git/credentials/personal/gitea.com/tokens/admin" = {
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "git/credentials/gitea.com/tokens/admin";
};
};
templates."git/credentials" = {
content = ''
https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/tokens/admin"
}@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/username"}:${
hmConfig.sops.placeholder."git/credentials/sas/github.com/tokens/admin"
}@github.com
https://${hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/personal/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/personal/gitea.com/tokens/admin"
}@gitea.com
'';
path = "${home}/.config/git/credentials";
};
};
programs = {
ssh = {
matchBlocks = {
ssh.matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"tunnel.karaolidis.com" = {
hostname = "tunnel.karaolidis.com";
user = "nick";
port = 2222;
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_personal_ed25519_key" ];
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
"github.sas.com" = {
hostname = "github.com";
user = "git";
identityFile = [ "${home}/.ssh/ssh_sas_ed25519_key" ];
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.github
);
};
"cldlgn.fyi.sas.com" = {
inherit user;
hostname = "cldlgn.fyi.sas.com";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-cldlgn
);
};
"gitlab.sas.com" = {
hostname = "gitlab.sas.com";
user = "git";
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-gitlab
);
};
"gerrit-svi.unx.sas.com" = {
@@ -125,6 +184,9 @@ in
user = "nikara";
port = 29418;
identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-gerrit
);
};
"artifactlfs.unx.sas.com" = {
@@ -132,23 +194,12 @@ in
user = "nikara";
port = 1339;
identityFile = "${home}/.ssh/ssh_sas_rsa_key";
userKnownHostsFile = lib.mkIf config.sas.build.private (
builtins.toString pkgs.sshKnownHosts.sas-artifact
);
};
};
userKnownHostsFiles =
with selfPkgs;
[
ssh-known-hosts-github
ssh-known-hosts-gitlab
]
++ lib.lists.optionals config.sas.build.private [
ssh-known-hosts-sas-cldlgn
ssh-known-hosts-sas-gitlab
ssh-known-hosts-sas-gerrit
ssh-known-hosts-sas-artifact
];
};
git.extraConfig.url = {
"git@github.sas.com:sas-institute-rnd-product".insteadOf =
"git@github.com:sas-institute-rnd-product";

29
hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix
View File

@@ -1,29 +0,0 @@
{ user, home }:
{
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
in
{
home-manager.users.${user} = {
sops.secrets = {
"viya/orders-api/key".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
"viya/orders-api/secret".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
};
home.packages = [ selfPkgs.viya4-orders-cli ];
xdg.configFile."viya4-orders-cli/config.yaml".source =
(pkgs.formats.yaml { }).generate "config.yaml"
{
clientCredentialsIdFile = hmConfig.sops.secrets."viya/orders-api/key".path;
clientCredentialsSecretFile = hmConfig.sops.secrets."viya/orders-api/secret".path;
};
};
}

5
hosts/elara/users/nikara/configs/console/wsl/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ pkgs, ... }:
{
home-manager.users.${user}.home.packages = with pkgs; [ wsl-wl-clipboard ];
}

5
hosts/elara/users/nikara/configs/gui/kitty/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user}.programs.kitty.settings.hide_window_decorations = true;
}

20
hosts/elara/users/nikara/configs/gui/obsidian/default.nix
View File

@@ -1,23 +1,5 @@
{ user, home }:
{ ... }:
{
home-manager.users.${user} = {
programs.obsidian.vaults = {
"Documents/Obsidian/personal/master".enable = true;
"Documents/Obsidian/sas/master".enable = true;
};
services.syncthing.settings.folders.obsidian = {
label = "Obsidian";
path = "${home}/Documents/Obsidian/personal";
devices = [
"amalthea"
"ganymede"
];
maxConflicts = 0;
};
home.file."Documents/Obsidian/personal/.stignore".source =
../../../../../../common/configs/user/gui/obsidian/.stignore;
};
home-manager.users.${user}.programs.obsidian.vaults."Documents/Obsidian/master".enable = true;
}

8
hosts/elara/users/nikara/configs/gui/vscode/default.nix
View File

@@ -1,7 +1,8 @@
{ user, home }:
{ ... }:
{ lib, ... }:
{
home-manager.users.${user}.programs.vscode = {
home-manager.users.${user} = {
programs.vscode = {
languages = {
c.enable = true;
go.enable = true;
@@ -23,4 +24,7 @@
copilot.enable = true;
};
home.sessionVariables.DONT_PROMPT_WSL_INSTALL = "1";
};
}

53
hosts/elara/users/nikara/default.nix
View File

@@ -14,8 +14,7 @@ in
imports = [
(import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/android { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -27,82 +26,48 @@ in
(import ../../../common/configs/user/console/ip { inherit user home; })
(import ../../../common/configs/user/console/jq { inherit user home; })
(import ../../../common/configs/user/console/kubernetes { inherit user home; })
(import ../../../common/configs/user/console/libvirt { inherit user home; })
(import ../../../common/configs/user/console/lsof { inherit user home; })
(import ../../../common/configs/user/console/mprocs { inherit user home; })
(import ../../../common/configs/user/console/ncdu { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/nix { inherit user home; })
(import ../../../common/configs/user/console/nix-cleanup { inherit user home; })
(import ../../../common/configs/user/console/nix-develop { inherit user home; })
(import ../../../common/configs/user/console/nix-direnv { inherit user home; })
(import ../../../common/configs/user/console/ouch { inherit user home; })
(import ../../../common/configs/user/console/pipewire { inherit user home; })
(import ../../../common/configs/user/console/podman { inherit user home; })
(import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/syncthing { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/yt-dlp { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/emoji { inherit user home; })
(import ../../../common/configs/user/gui/feh { inherit user home; })
(import ../../../common/configs/user/gui/firefox { inherit user home; })
(import ../../../common/configs/user/gui/gtk { inherit user home; })
(import ../../../common/configs/user/gui/hypridle { inherit user home; })
(import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; })
(import ../../../common/configs/user/gui/networkmanager { inherit user home; })
(import ../../../common/configs/user/gui/obs { inherit user home; })
(import ../../../common/configs/user/gui/obsidian { inherit user home; })
(import ../../../common/configs/user/gui/pipewire { inherit user home; })
(import ../../../common/configs/user/gui/qalculate { inherit user home; })
(import ../../../common/configs/user/gui/qt { inherit user home; })
(import ../../../common/configs/user/gui/rofi { inherit user home; })
(import ../../../common/configs/user/gui/rquickshare { inherit user home; })
(import ../../../common/configs/user/gui/spicetify { inherit user home; })
(import ../../../common/configs/user/gui/swww { inherit user home; })
(import ../../../common/configs/user/gui/theme { inherit user home; })
(import ../../../common/configs/user/gui/vscode { inherit user home; })
(import ../../../common/configs/user/gui/wev { inherit user home; })
(import ../../../common/configs/user/gui/wl-clipboard { inherit user home; })
(import ../../../common/configs/user/gui/x11 { inherit user home; })
(import ../../../common/configs/user/gui/xdg { inherit user home; })
(import ./configs/console/c { inherit user home; })
(import ./configs/console/go { inherit user home; })
(import ./configs/console/gpg { inherit user home; })
(import ./configs/console/gradle { inherit user home; })
(import ./configs/console/java { inherit user home; })
(import ./configs/console/kubernetes { inherit user home; })
(import ./configs/console/neovim { inherit user home; })
(import ./configs/console/podman { inherit user home; })
(import ./configs/console/sas { inherit user home; })
(import ./configs/console/ssh { inherit user home; })
(import ./configs/console/viya4-orders-cli { inherit user home; })
(import ./configs/console/wsl { inherit user home; })
(import ./configs/gui/kitty { inherit user home; })
(import ./configs/gui/obsidian { inherit user home; })
(import ./configs/gui/vscode { inherit user home; })
];
# mkpasswd -s
sops.secrets."${user}-password" = {
sopsFile = "${inputs.secrets}/sas/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
key = "password";
neededForUsers = true;
};
@@ -120,9 +85,13 @@ in
];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [
"${inputs.secrets}/domains/personal/id_ed25519.pub"
"${inputs.secrets}/domains/sas/id_ed25519.pub"
];
};
services.getty.autologinUser = user;
wsl.defaultUser = user;
home-manager.users.${user}.home = {
username = user;

3
hosts/himalia/configs/ssh/default.nix
View File

@@ -1,7 +1,7 @@
{ inputs, ... }:
{
sops.secrets."ssh/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
@@ -10,5 +10,6 @@
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
'';
}

10
hosts/himalia/default.nix
View File

@@ -1,5 +1,11 @@
{ inputs, ... }:
{
nixpkgs.overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
];
imports = [
inputs.disko.nixosModules.disko
./format.nix
@@ -15,7 +21,6 @@
../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/libvirt
@@ -35,11 +40,10 @@
../common/configs/system/smartmontools
../common/configs/system/sops
../common/configs/system/ssh
../common/configs/system/ssh-agent
../common/configs/system/sshd
../common/configs/system/sudo
../common/configs/system/system
../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/upower
../common/configs/system/users
../common/configs/system/zsh

12
hosts/himalia/hardware/keybinds.nix
View File

@@ -29,18 +29,6 @@
", XF86Launch4, exec, ${asusctl} profile -n"
", XF86TouchpadToggle, exec, ${touchpadHelper} asuf1209:00-2808:0219-touchpad"
];
bind =
let
farmAura = lib.meta.getExe (
pkgs.writeShellApplication {
name = "farm-aura";
runtimeInputs = with pkgs; [ genact ];
text = builtins.readFile ./scripts/farm-aura.sh;
}
);
in
[ ", XF86Launch3, exec, uwsm app -- $term ${farmAura}" ];
};
}
];

13
hosts/himalia/hardware/scripts/farm-aura.sh
View File

@@ -1,13 +0,0 @@
# shellcheck shell=bash
SESSION_NAME="aura-farm-$$"
tmux new-session -d -s "$SESSION_NAME" "genact -s 25"
tmux set-hook -t "$SESSION_NAME" pane-exited "run-shell 'tmux kill-session -t $SESSION_NAME'"
for _ in {1..4}; do
tmux split-window -t "$SESSION_NAME" -h "genact -s 25"
done
tmux select-layout -t "$SESSION_NAME" tiled
tmux attach-session -t "$SESSION_NAME"

4
hosts/himalia/users/nick/configs/console/gpg/default.nix
View File

@@ -6,8 +6,8 @@ in
{
home-manager.users.${user} = {
sops.secrets = {
"gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
};
programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path;

4
hosts/himalia/users/nick/configs/console/podman/default.nix
View File

@@ -11,8 +11,8 @@ in
{
home-manager.users.${user}.sops = {
secrets = {
"registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
};
templates."containers-auth.json" = {

66
hosts/himalia/users/nick/configs/console/ssh/default.nix
View File

@@ -2,67 +2,99 @@
{
config,
inputs,
system,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"ssh/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "${home}/.ssh/ssh_personal_ed25519_key";
};
"ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/admin/username".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/username".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/admin/password".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
};
templates."git/credentials" = {
content = ''
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin"
}@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${
hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin"
}@github.com
https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin"
}@gitea.com
'';
path = "${home}/.config/git/credentials";
};
};
programs = {
ssh = {
matchBlocks = {
ssh.matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"tunnel.karaolidis.com" = {
hostname = "tunnel.karaolidis.com";
user = "nick";
port = 2222;
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
userKnownHostsFiles = with selfPkgs; [
ssh-known-hosts-github
ssh-known-hosts-gitlab
];
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
};
clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;

10
hosts/himalia/users/nick/default.nix
View File

@@ -15,6 +15,7 @@ in
(import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/android { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/dive { inherit user home; })
@@ -29,6 +30,7 @@ in
(import ../../../common/configs/user/console/libvirt { inherit user home; })
(import ../../../common/configs/user/console/lsof { inherit user home; })
(import ../../../common/configs/user/console/mprocs { inherit user home; })
(import ../../../common/configs/user/console/ncdu { inherit user home; })
(import ../../../common/configs/user/console/ncspot { inherit user home; })
(import ../../../common/configs/user/console/neovim { inherit user home; })
(import ../../../common/configs/user/console/nix { inherit user home; })
@@ -42,18 +44,17 @@ in
(import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/syncthing { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/yt-dlp { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; })
(import ../../../common/configs/user/gui/astal { inherit user home; })
(import ../../../common/configs/user/gui/bluetooth { inherit user home; })
(import ../../../common/configs/user/gui/btop { inherit user home; })
(import ../../../common/configs/user/gui/clipbook { inherit user home; })
(import ../../../common/configs/user/gui/cliphist { inherit user home; })
(import ../../../common/configs/user/gui/darktable { inherit user home; })
@@ -73,6 +74,7 @@ in
(import ../../../common/configs/user/gui/hyprland { inherit user home; })
(import ../../../common/configs/user/gui/hyprpicker { inherit user home; })
(import ../../../common/configs/user/gui/hyprshot { inherit user home; })
(import ../../../common/configs/user/gui/hyprsunset { inherit user home; })
(import ../../../common/configs/user/gui/kitty { inherit user home; })
(import ../../../common/configs/user/gui/libreoffice { inherit user home; })
(import ../../../common/configs/user/gui/mpv { inherit user home; })
@@ -84,7 +86,6 @@ in
(import ../../../common/configs/user/gui/qt { inherit user home; })
(import ../../../common/configs/user/gui/rofi { inherit user home; })
(import ../../../common/configs/user/gui/rquickshare { inherit user home; })
(import ../../../common/configs/user/gui/spicetify { inherit user home; })
(import ../../../common/configs/user/gui/swww { inherit user home; })
(import ../../../common/configs/user/gui/theme { inherit user home; })
(import ../../../common/configs/user/gui/transmission { inherit user home; })
@@ -105,7 +106,7 @@ in
# mkpasswd -s
sops.secrets."${user}-password" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "password";
neededForUsers = true;
};
@@ -123,6 +124,7 @@ in
];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
};
services.getty.autologinUser = user;

3
hosts/installer/configs/ssh/default.nix
View File

@@ -1,7 +1,7 @@
{ inputs, ... }:
{
sops.secrets."ssh/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
@@ -10,5 +10,6 @@
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
'';
}

10
hosts/installer/default.nix
View File

@@ -1,5 +1,11 @@
{ config, inputs, ... }:
{
nixpkgs.overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
];
imports = [
inputs.disko.nixosModules.disko
./format.nix
@@ -13,7 +19,6 @@
../common/configs/system/documentation
../common/configs/system/getty
../common/configs/system/git
../common/configs/system/gpg-agent
../common/configs/system/impermanence
../common/configs/system/lanzaboote
../common/configs/system/neovim
@@ -28,11 +33,10 @@
../common/configs/system/power
../common/configs/system/sops
../common/configs/system/ssh
../common/configs/system/ssh-agent
../common/configs/system/sshd
../common/configs/system/sudo
../common/configs/system/system
../common/configs/system/timezone
../common/configs/system/tmux
../common/configs/system/users
../common/configs/system/zsh

3
hosts/installer/hardware/default.nix
View File

@@ -9,6 +9,9 @@
"xhci_pci"
"usb_storage"
"sd_mod"
"hv_vmbus"
"hv_storvsc"
"hyperv_keyboard"
];
services.fstrim.enable = true;

4
hosts/installer/users/nick/configs/console/gpg/default.nix
View File

@@ -2,7 +2,7 @@
{ inputs, ... }:
{
home-manager.users.${user}.sops.secrets = {
"gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
};
}

66
hosts/installer/users/nick/configs/console/ssh/default.nix
View File

@@ -2,66 +2,98 @@
{
config,
inputs,
system,
pkgs,
...
}:
let
hmConfig = config.home-manager.users.${user};
selfPkgs = inputs.self.packages.${system};
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"ssh/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "${home}/.ssh/ssh_personal_ed25519_key";
};
"ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
"ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/admin/username".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/username".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/admin/password".sopsFile =
"${inputs.secrets}/personal/secrets.yaml";
"git/credentials/git.karaolidis.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/github.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitlab.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
"git/credentials/gitea.com/tokens/admin".sopsFile =
"${inputs.secrets}/domains/personal/secrets.yaml";
};
templates."git/credentials" = {
content = ''
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${
hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/tokens/admin"
}@git.karaolidis.com
https://${hmConfig.sops.placeholder."git/credentials/github.com/username"}:${
hmConfig.sops.placeholder."git/credentials/github.com/tokens/admin"
}@github.com
https://${hmConfig.sops.placeholder."git/credentials/gitlab.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitlab.com/tokens/admin"
}@gitlab.com
https://${hmConfig.sops.placeholder."git/credentials/gitea.com/username"}:${
hmConfig.sops.placeholder."git/credentials/gitea.com/tokens/admin"
}@gitea.com
'';
path = "${home}/.config/git/credentials";
};
};
programs.ssh = {
matchBlocks = {
programs.ssh.matchBlocks = {
"karaolidis.com" = {
hostname = "karaolidis.com";
user = "nick";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"tunnel.karaolidis.com" = {
hostname = "tunnel.karaolidis.com";
user = "nick";
port = 2222;
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
"github.com" = {
hostname = "github.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github;
};
"gitlab.com" = {
hostname = "gitlab.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
};
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab;
};
userKnownHostsFiles = with selfPkgs; [
ssh-known-hosts-github
ssh-known-hosts-gitlab
];
"gitea.com" = {
hostname = "gitea.com";
user = "git";
identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitea;
};
};
};
}

6
hosts/installer/users/nick/default.nix
View File

@@ -14,6 +14,7 @@ in
imports = [
(import ../../../common/configs/user { inherit user home; })
(import ../../../common/configs/user/console/attic { inherit user home; })
(import ../../../common/configs/user/console/brightnessctl { inherit user home; })
(import ../../../common/configs/user/console/btop { inherit user home; })
(import ../../../common/configs/user/console/fastfetch { inherit user home; })
@@ -31,11 +32,11 @@ in
(import ../../../common/configs/user/console/sops { inherit user home; })
(import ../../../common/configs/user/console/ssh { inherit user home; })
(import ../../../common/configs/user/console/ssh-agent { inherit user home; })
(import ../../../common/configs/user/console/tmux { inherit user home; })
(import ../../../common/configs/user/console/tree { inherit user home; })
(import ../../../common/configs/user/console/wget { inherit user home; })
(import ../../../common/configs/user/console/xdg { inherit user home; })
(import ../../../common/configs/user/console/yazi { inherit user home; })
(import ../../../common/configs/user/console/zellij { inherit user home; })
(import ../../../common/configs/user/console/zoxide { inherit user home; })
(import ../../../common/configs/user/console/zsh { inherit user home; })
@@ -45,7 +46,7 @@ in
# mkpasswd -s
sops.secrets."${user}-password" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
key = "password";
neededForUsers = true;
};
@@ -63,6 +64,7 @@ in
];
linger = true;
uid = lib.strings.toInt (builtins.readFile ./uid);
openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
};
services.getty.autologinUser = user;

2
hosts/jupiter-vps/README.md
View File

@@ -2,7 +2,7 @@
## Installation Instructions
1. Provision an OVHcloud VPS (ideally running Ubuntu).
1. Provision an OVHcloud VPS (ideally running Ubuntu)
2. Add personal public key
3. Add a CNAME entry for `vps.karaolidis.com` pointing to the VPS IP/host
4. Run `hosts/jupiter-vps/install.sh`

16
hosts/jupiter-vps/configs/podman/prometheus/default.nix
View File

@@ -1,19 +1,15 @@
{ inputs, system, ... }:
let
selfPkgs = inputs.self.packages.${system};
in
{ pkgs, ... }:
{
boot.kernelParams = [ "psi=1" ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [
9100
9882
9191
];
virtualisation.quadlet.containers = {
prometheus-node-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-node-exporter}";
image = "docker-archive:${pkgs.dockerImages.prometheus-node-exporter}";
# Allow collecting host metrics, port :9100 by default
networks = [ "host" ];
podmanArgs = [
@@ -50,16 +46,10 @@ in
};
prometheus-podman-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-podman-exporter}";
image = "docker-archive:${pkgs.dockerImages.prometheus-podman-exporter}";
publishPorts = [ "9882:9882/tcp" ];
volumes = [ "/run/podman/podman.sock:/run/podman/podman.sock:ro" ];
exec = [ "--collector.enable-all" ];
};
prometheus-fail2ban-exporter.containerConfig = {
image = "docker-archive:${selfPkgs.docker-prometheus-fail2ban-exporter}";
publishPorts = [ "9191:9191/tcp" ];
volumes = [ "/run/fail2ban/fail2ban.sock:/var/run/fail2ban/fail2ban.sock:ro" ];
};
};
}

3
hosts/jupiter-vps/configs/ssh/default.nix
View File

@@ -1,7 +1,7 @@
{ inputs, ... }:
{
sops.secrets."ssh/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
@@ -10,5 +10,6 @@
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
'';
}

10
hosts/jupiter-vps/default.nix
View File

@@ -1,5 +1,11 @@
{ inputs, lib, ... }:
{
nixpkgs.overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
];
imports = [
inputs.disko.nixosModules.disko
./format.nix
@@ -31,5 +37,7 @@
environment.impermanence.enable = lib.mkForce false;
users.users.root.openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ];
users.users.root.openssh.authorizedKeys.keyFiles = [
"${inputs.secrets}/domains/personal/id_ed25519.pub"
];
}

2
hosts/jupiter-vps/install.sh
View File

@@ -12,6 +12,6 @@ cleanup() {
trap cleanup EXIT
install -d -m 755 "$temp/etc/ssh"
cp ./secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
cp ./submodules/secrets/hosts/jupiter-vps/ssh_host_ed25519_key "$temp/etc/ssh/ssh_host_ed25519_key"
nix run github:nix-community/nixos-anywhere -- --flake .#jupiter-vps --extra-files "$temp" --target-host ubuntu@vps.karaolidis.com -i ~/.ssh/ssh_personal_ed25519_key

3
hosts/jupiter/configs/ssh/default.nix
View File

@@ -1,7 +1,7 @@
{ inputs, ... }:
{
sops.secrets."ssh/key" = {
sopsFile = "${inputs.secrets}/personal/secrets.yaml";
sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
path = "/root/.ssh/ssh_personal_ed25519_key";
};
@@ -10,5 +10,6 @@
User git
HostName karaolidis.com
IdentityFile /root/.ssh/ssh_personal_ed25519_key
IdentitiesOnly yes
'';
}

4
hosts/jupiter/configs/tv/default.nix
View File

@@ -2,11 +2,9 @@
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
inherit (config.virtualisation.quadlet) volumes;
inboundInterface = "wlo1";
inboundGateway = "192.168.1.1";
@@ -92,7 +90,7 @@ in
containers.tv-adguard = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-adguardhome}";
image = "docker-archive:${pkgs.dockerImages.adguardhome}";
volumes =
let
config = (pkgs.formats.yaml { }).generate "config.yaml.default" {

10
hosts/jupiter/default.nix
View File

@@ -1,5 +1,11 @@
{ inputs, ... }:
{
nixpkgs.overlays = [
inputs.lib.overlays.default
inputs.self.overlays.default
inputs.nur.overlays.default
];
imports = [
inputs.disko.nixosModules.disko
./format.nix
@@ -64,5 +70,7 @@
"v /mnt/storage/private 0755 root root - -"
];
users.users.root.openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ];
users.users.root.openssh.authorizedKeys.keyFiles = [
"${inputs.secrets}/domains/personal/id_ed25519.pub"
];
}

6
hosts/jupiter/hardware/default.nix
View File

@@ -6,10 +6,10 @@
...
}:
{
imports = [ ./display.nix ];
nixpkgs.overlays = [ inputs.nvidia-patch.overlays.default ];
imports = [ ./display.nix ];
hardware = {
enableAllFirmware = true;
@@ -93,6 +93,6 @@
xserver.videoDrivers = [ "nvidia" ];
fstrim.enable = true;
tlp.settings.DISK_DEVICES = lib.mkDefault "nvme0n1 nvme1n1";
logind.lidSwitch = "ignore";
logind.settings.Login.HandleLidSwitch = "ignore";
};
}

2
hosts/jupiter/users/nick/configs/console/podman/default.nix
View File

@@ -10,7 +10,7 @@ let
in
{
home-manager.users.${user}.sops = {
secrets."registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
secrets."registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
templates.containers-auth = {
content = builtins.readFile (

Some files were not shown because too many files have changed in this diff Show More