dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2025-10-05 19:56:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:10e0c2fc7c8aad0664fba336d78839ffc5a88465
Branches Tags
dave:main

1 Commits
main ... 10e0c2fc7c

Author SHA1 Message Date
Dave Gallant
10e0c2fc7c Check arch in justfile 2024-03-15 08:17:21 -04:00
29 changed files with 1089 additions and 1724 deletions
Expand all files Collapse all files

3
.envrc Normal file
View File

@@ -0,0 +1,3 @@
if has nix-shell; then
use_nix
fi

6
.github/workflows/cachix.yml vendored
View File

@@ -14,11 +14,11 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: cachix/install-nix-action@v31
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v26
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v16
- uses: cachix/cachix-action@v14
with:
name: davegallant
authToken: '${{ secrets.CACHIX_API_KEY }}'

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml
.vscode
git-crypt-key
result

14
README.md
View File

@@ -1,17 +1,17 @@
# nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS.
This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
## Prerequisites
## Setup
- [Determinate Nix](https://determinate.systems/nix-installer)
- [just](https://github.com/casey/just)
> on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
> and nix-darwin: https://github.com/LnL7/nix-darwin
## Build
Recipes are stored in a justfile. [just](https://github.com/casey/just) is required.
To run a build/rebuild:
To run a rebuild:
```sh
just rebuild
@@ -45,4 +45,4 @@ just clean
## Pre-commit hooks
Run `nix develop` to install the pre-commit hooks.
Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.

14
default.nix Normal file
View File

@@ -0,0 +1,14 @@
let
nix-pre-commit-hooks =
import (builtins.fetchTarball
"https://github.com/cachix/pre-commit-hooks.nix/tarball/master");
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
nixpkgs-fmt.enable = true;
};
};
}

842
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

143
flake.nix
View File

@@ -2,106 +2,71 @@
description = "nixos and macos configurations";
inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
pre-commit-hooks.url = "github:cachix/git-hooks.nix";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware";
darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.05";
url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim/nixos-25.05";
url = "github:nix-community/nixvim/nixos-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix/release-25.05";
vpngate.url = "github:davegallant/vpngate";
};
outputs =
{
self,
darwin,
determinate,
home-manager,
nixpkgs,
nixpkgs-unstable,
nixpkgs-master,
stylix,
vpngate,
...
}@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{
checks = forAllSystems (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt-rfc-style.enable = true;
};
};
});
devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
{ self
, darwin
, home-manager
, nixpkgs
, nixpkgs-unstable
, nixos-hardware
, ...
} @ inputs: {
nixosConfigurations =
let
unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
master = import nixpkgs-master {
system = "x86_64-linux";
config.allowUnfree = true;
config.permittedInsecurePackages = [ ];
};
in
{
hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit unstable;
inherit master;
inherit vpngate;
};
modules = [
./hosts/hephaestus.nix
./common-packages.nix
specialArgs = { inherit unstable; };
modules =
[
./fonts.nix
./machines/hephaestus/configuration.nix
./packages.nix
./services/netdata/default.nix
./upgrade-diff.nix
determinate.nixosModules.default
home-manager.nixosModules.home-manager
stylix.nixosModules.stylix
(
{ ... }:
{
({ config
, lib
, ...
}: {
config = {
nix = {
settings = {
auto-optimise-store = true;
sandbox = false;
substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [
"root"
];
trusted-users = [ "root" "dave" ];
trusted-public-keys = [
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
};
registry = {
nixpkgs.flake = nixpkgs;
};
registry = { nixpkgs.flake = nixpkgs; };
gc = {
automatic = true;
dates = "daily";
@@ -109,23 +74,23 @@
};
};
nixpkgs.overlays = [ (import ./overlays) ];
nixpkgs.overlays = [
(import ./overlays)
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.dave.imports = [
./home.nix
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
inherit master;
};
};
};
}
)
})
];
};
};
@@ -137,46 +102,36 @@
config.allowUnfree = true;
inherit system;
};
master = import nixpkgs-master {
config.allowUnfree = true;
inherit system;
};
in
{
zelus = darwin.lib.darwinSystem {
inherit system;
specialArgs = {
inherit unstable;
inherit master;
};
specialArgs = { inherit unstable; };
modules = [
home-manager.darwinModules.home-manager
stylix.darwinModules.stylix
./hosts/zelus.nix
./common-packages.nix
./machines/zelus/configuration.nix
./packages.nix
./upgrade-diff.nix
(
{ ... }:
{
({ config, ... }: {
config = {
nixpkgs.overlays = [ (import ./overlays) ];
nixpkgs.overlays = [
(import ./overlays)
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."dave.gallant".imports = [
./home.nix
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
inherit master;
};
};
};
}
)
})
];
};
};

23
fonts.nix Normal file
View File

@@ -0,0 +1,23 @@
{ pkgs, ... }: {
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

381
home.nix → home/default.nix
View File

@@ -1,31 +1,16 @@
{
lib,
pkgs,
unstable,
...
{ lib
, pkgs
, unstable
, ...
}:
let
inherit (pkgs) stdenv;
in
{
home.stateVersion = "25.05";
home.stateVersion = "23.11";
home.packages = with pkgs; [ just ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
fonts.monospace = {
name = "FiraCode Nerd Font Mono";
package = "${pkgs.fira-mono}";
};
fonts.sansSerif = {
name = "FiraCode Nerd Font";
package = "${pkgs.fira-code}";
};
};
services = {
gpg-agent = {
@@ -36,8 +21,6 @@ in
};
};
services.lorri.enable = stdenv.isLinux;
fonts.fontconfig.enable = true;
programs = {
@@ -50,15 +33,12 @@ in
userName = "Dave Gallant";
diff-so-fancy.enable = true;
lfs.enable = true;
aliases = {
aa = "add -A .";
br = "branch";
c = "commit -S";
cm = "commit -S -m";
ca = "commit -S --amend";
cane = "commit -S --amend --no-edit";
cb = "checkout -b";
@@ -79,32 +59,24 @@ in
includes = [{ path = "~/.gitconfig-work"; }];
extraConfig = {
push = {
default = "current";
};
pull = {
rebase = true;
delta = {
enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
};
};
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "zsh";
};
font = {
size = lib.mkForce 18.0;
};
window = {
opacity = lib.mkForce 0.9;
};
extraConfig = {
push = { default = "current"; };
pull = { rebase = true; };
};
};
@@ -114,18 +86,25 @@ in
settings = {
add_newline = false;
scan_timeout = 10;
character = { error_symbol = "[](bold red)"; };
gcloud = {
format = "";
format = "[$symbol($project) ~ $region]($style)";
};
kubernetes = {
disabled = false;
context_aliases = {
".*stg_.*" = "stg";
".*test_.*" = "test";
".*prd_.*" = "prd";
};
};
};
};
zsh = {
enable = true;
autosuggestion.enable = true;
enableAutosuggestions = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
history.size = 1000000;
@@ -141,11 +120,6 @@ in
envExtra = ''
export PAGER=less
export EDITOR=vim
export DOCKER_CLI_HINTS=false
export TERM=xterm-256color
export DOCKER_DEFAULT_PLATFORM=linux/amd64
export NNN_FIFO="$XDG_RUNTIME_DIR/nnn.fifo";
export PATH=$PATH:~/.cargo/bin
export PATH=$PATH:~/.local/bin
@@ -156,9 +130,14 @@ in
export GOPATH=~/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN
export WINEPREFIX=~/.wine32
# homebrew for x86
export PATH=$PATH:/usr/local/homebrew/bin
'';
initContent = ''
initExtra = ''
setopt noincappendhistory
source $HOME/.zsh-work
@@ -178,6 +157,8 @@ in
alias kubectl=kubecolor
# make completion work with kubecolor
compdef kubecolor=kubectl
pfetch
'';
shellAliases = {
@@ -191,13 +172,13 @@ in
grep = "rg --smart-case";
j = "just";
k = "kubecolor";
kp = "viddy 'kubectl get pods'";
kcx = "kubectx";
kns = "kubens";
l = "eza -la --git --group-directories-first";
m = "make";
nix-install = "nix-env -iA";
t = "cd-fzf";
ps = "procs";
t = "tmux-sessionizer";
tf = "terraform";
tree = "eza --tree";
v = "nvim";
@@ -208,44 +189,177 @@ in
};
};
alacritty = {
enable = true;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
live_config_reload = true;
mouse.hide_when_typing = false;
font =
if stdenv.isLinux
then {
normal.family = "Fira Code";
size = 12;
}
else {
normal.family = "FiraCode Nerd Font";
size = 16;
};
shell = {
program = "zsh";
args = [ "-l" "-c" "tmux" "u" ];
};
colors = {
primary.background = "0x282828";
primary.foreground = "0xebdbb2";
normal = {
black = "0x282828";
red = "0xcc241d";
green = "0x98971a";
yellow = "0xd79921";
blue = "0x458588";
magenta = "0xb16286";
cyan = "0x689d6a";
white = "0xa89984";
};
bright = {
black = "0x928374";
red = "0xfb4934";
green = "0xb8bb26";
yellow = "0xfabd2f";
blue = "0x83a598";
magenta = "0xd3869b";
cyan = "0x8ec07c";
white = "0xebdbb2";
};
key_bindings = [
{
key = "Home";
mods = "Control";
action = "ResetFontSize";
}
{
key = "Plus";
mods = "Control";
action = "IncreaseFontSize";
}
{
key = "Minus";
mods = "Control";
action = "DecreaseFontSize";
}
];
};
};
};
go = {
enable = true;
};
tmux = {
enable = true;
clock24 = true;
terminal = "xterm-256color";
customPaneNavigationAndResize = true;
plugins = with pkgs.tmuxPlugins; [
{
plugin = pain-control;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-pain-control'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = sessionist;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sessionist'";
}
{
plugin = yank;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-yank'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = tmux-colors-solarized;
extraConfig = ''
set -g @plugin 'seebi/tmux-colors-solarized'
set -g @colors-solarized 'dark'
'';
}
{
plugin = resurrect;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-resurrect'
'';
}
{
plugin = continuum;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-continuum'
set -g @continuum-restore 'on'
'';
}
];
extraConfig = ''
set-window-option -g automatic-rename on
set-option -g set-titles on
set -g mouse on
set -g status-left-length 30
set -g status-right-length 150
set -g xterm-keys on
set -g pane-border-status top
set -g set-titles on
set -g display-panes-time 800
set -g display-time 2000
set -q -g utf8 on
set -g monitor-activity on
set -g visual-activity off
set -g status-right '#(gitmux #{pane_current_path})'
'';
};
rofi = {
enable = stdenv.isLinux;
plugins = [ pkgs.rofi-emoji ];
terminal = "${pkgs.alacritty}/bin/alacritty";
font = "Fira Font Mono 24";
theme = "gruvbox-dark";
extraConfig = {
modi = "drun,run";
show-icons = true;
};
};
fzf = {
enable = true;
};
nnn = {
enable = stdenv.isLinux;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
};
nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
colorschemes.gruvbox.enable = true;
keymaps = [
{
key = "<C-n>";
@@ -258,7 +372,7 @@ in
{
key = "<leader>y";
mode = [ "v" ];
action = ''"+y''; # copy to OS clipboard
action = "\"+y"; # copy to OS clipboard
}
{
key = "<leader>t";
@@ -280,20 +394,11 @@ in
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.references()<CR>";
}
{
key = "<leader>ff";
mode = [ "n" ];
action = "<cmd>Telescope find_files<CR>";
}
{
key = "<leader>fg";
mode = [ "n" ];
action = "<cmd>Telescope live_grep<CR>";
}
];
plugins = {
auto-save.enable = true;
copilot-vim.enable = true;
cmp-path.enable = true;
cmp-treesitter.enable = true;
commentary.enable = true;
@@ -304,31 +409,36 @@ in
lualine.enable = true;
lsp.enable = true;
lsp.servers = {
ansiblels.enable = true;
#ansiblels.enable = true;
bashls.enable = true;
dockerls.enable = true;
#dockerls.enable = true;
gopls.enable = true;
helm_ls.enable = true;
#helm-ls.enable = true;
jsonls.enable = true;
pyright.enable = true;
nixd.enable = true;
terraformls.enable = true;
yamlls.enable = true;
};
lsp-format = {
enable = true;
settings = {
setup = {
terraform = { };
nix = { };
go = { };
};
};
cmp.enable = true;
nvim-cmp.enable = true;
nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true;
treesitter.enable = true;
telescope = {
enable = true;
settings.defaults = {
defaults = {
layout_strategy = "vertical";
layout_config = {
vertical = {
@@ -337,10 +447,17 @@ in
};
};
package = pkgs.vimPlugins.telescope-fzy-native-nvim;
keymaps = {
"<leader>ff" = {
action = "git_files";
desc = "Telescope Git Files";
};
web-devicons.enable = true;
"<leader>fg" = "live_grep";
};
opts = {
keymapsSilent = true;
};
};
options = {
autoindent = true;
backup = false;
belloff = "all";
@@ -383,12 +500,6 @@ in
};
extraConfigLua = ''
-- https://github.com/orgs/community/discussions/108329
vim.cmd([[let g:copilot_filetypes = {'yaml': v:true}]])
vim.cmd([[let g:copilot_filetypes = {'gitcommit': v:true}]])
-- Format JSON
vim.cmd([[command! JsonFormat execute "::%!jq '.'"]])
@@ -421,49 +532,29 @@ in
'';
};
zed-editor = {
vscode = {
enable = true;
package = unstable.zed-editor;
extensions = [
"ansible"
"color-highlight"
"dockerfile"
"html"
"make"
"material-icon-theme"
"nix"
"tokyo-night"
"toml"
"vue"
package = pkgs.vscode;
extensions = with pkgs.vscode-extensions;
[
bbenoist.nix
github.vscode-pull-request-github
golang.go
hashicorp.terraform
ms-dotnettools.csharp
ms-kubernetes-tools.vscode-kubernetes-tools
redhat.vscode-yaml
]
++ lib.optionals stdenv.isLinux [
ms-vsliveshare.vsliveshare
ms-python.python
];
userSettings = {
icon_theme = "Material Icon Theme";
theme = lib.mkForce "Tokyo Night";
features = {
edit_prediction_provider = "copilot";
};
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
}
// (
if pkgs.stdenv.isLinux then
{
ui_font_size = lib.mkForce 24;
buffer_font_size = lib.mkForce 22;
}
else
{ }
);
};
firefox = {
enable = stdenv.isLinux;
package = unstable.librewolf;
package = pkgs.firefox-devedition;
profiles = {
default = {
@@ -477,6 +568,8 @@ in
"intl.regional_prefs.use_os_locales" = true;
"services.sync.prefs.sync.intl.regional._prefs.use_os_locates" = false;
};
name = "dev-edition-default";
path = "6b7pm104.dev-edition-default";
};
};
};

508
hosts/hephaestus.nix
View File

@@ -1,508 +0,0 @@
{
config,
lib,
master,
modulesPath,
pkgs,
unstable,
vpngate,
...
}:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine
clipboard-history
grand-theft-focus
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
image = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/davegallant/nix-config/refs/heads/main/nixos-wallpaper.png";
sha256 = "Ztqn9+CHslr6wZdnOTeo/YNi/ICerpcFLyMArsZ/PIY=";
};
polarity = "dark";
};
security.sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
};
boot = {
kernelModules = [
"kvm-amd"
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amd_iommu=on"
];
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
environment.systemPackages =
with pkgs;
[
android-studio
android-tools
bleachbit
calibre
chromium
cryptsetup
dbeaver-bin
discord
freefilesync
gimp-with-plugins
gnome-tweaks
google-chrome
httpie-desktop
iputils
libation
mission-center
mupen64plus
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pavucontrol
pciutils
pika-backup
pinentry-curses
pinta
protonvpn-gui
qemu
traceroute
unityhub
unstable.podman
unstable.podman-compose
unstable.podman-desktop
unstable.beszel
unstable.obsidian
unstable.ryubing
unstable.signal-desktop-bin
unstable.spotify
unstable.tailscale
unstable.zoom-us
usbutils
virt-manager
vlc
vpngate.packages.x86_64-linux.default
whois
wine
]
++ gnomeExtensions;
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat";
};
"/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
"/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/";
fsType = "nfs";
};
};
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
google-fonts
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
hostId = "0e8aad53";
interfaces."enp34s0" = {
useDHCP = true;
wakeOnLan = {
enable = true;
policy = [ "magic" ];
};
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = {
NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
system = {
autoUpgrade.enable = true;
stateVersion = "25.05";
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
};
users.users.dave = {
isNormalUser = true;
extraGroups = [
"wheel"
"libvirtd"
"corectrl"
];
shell = pkgs.zsh;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.inputMethod = {
enable = true;
type = "ibus";
ibus.engines = with pkgs.ibus-engines; [ anthy ];
};
time.timeZone = "America/Toronto";
hardware.graphics = {
enable = true;
enable32Bit = true;
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix-ld.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
};
zsh.enable = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
services.flatpak.enable = true;
services.gnome.gnome-keyring.enable = true;
services.printing.enable = true;
services.resolved.enable = true;
services.sshd.enable = true;
services.tailscale = {
enable = true;
package = unstable.tailscale;
};
services.xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
desktopManager.gnome.enable = true;
videoDrivers = [ "amdgpu" ];
};
services.ollama = {
package = master.ollama;
enable = true;
acceleration = "rocm";
host = "0.0.0.0";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"dolphin3:8b"
"llama3.1"
"llava"
];
};
services.open-webui = {
enable = true;
package = pkgs.open-webui;
host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
};
};
services.opensnitch = {
enable = true;
rules = {
avahi-ipv4 = {
name = "Allow avahi daemon IPv4";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
operand = "process.path";
sensitive = false;
data = "${lib.getBin pkgs.avahi}/bin/avahi-daemon";
}
{
type = "network";
operand = "dest.network";
data = "224.0.0.0/24";
}
];
};
};
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
systemd-resolved = {
name = "systemd-resolved";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
};
};
localhost = {
name = "Allow all localhost";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "regexp";
operand = "dest.ip";
sensitive = false;
data = "^(127\\.0\\.0\\.1|::1)$";
list = [ ];
};
};
nix-update = {
name = "Allow Nix";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.nix}/bin/nix";
}
{
type = "regexp";
operand = "dest.host";
sensitive = false;
data = "^(([a-z0-9|-]+\\.)*github\\.com|([a-z0-9|-]+\\.)*nixos\\.org)$";
}
];
};
};
NetworkManager = {
name = "Allow NetworkManager";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
}
{
type = "simple";
operand = "dest.port";
sensitive = false;
data = "67";
}
{
type = "simple";
operand = "protocol";
sensitive = false;
data = "udp";
}
];
};
};
ssh-github = {
name = "Allow SSH to github";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.openssh}/bin/ssh";
}
{
type = "simple";
operand = "dest.host";
sensitive = false;
data = "github.com";
}
];
};
};
};
};
virtualisation = {
podman.enable = true;
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
};
}

137
hosts/zelus.nix
View File

@@ -1,137 +0,0 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
nix.enable = false;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/Zed.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"vault"
];
casks = [
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"ollama"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale"
"vlc"
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
enable = true;
image = "/Library/tokyo-night.jpg";
};
}

16
justfile
View File

@@ -1,27 +1,21 @@
set export
alias u := update
alias r := rebuild
config := "machines/$(hostname)/configuration.nix"
arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild:
sudo $cmd switch --flake . -I nixos-config="hosts/$(hostname).nix"
$cmd switch --flake . -I nixos-config=$config
rollback:
sudo $cmd switch --rollback --flake .
channel-update:
nix-channel --update
sudo nix-channel --update
$cmd switch --rollback -I nixos-config=$config
update:
@./update-flake.sh
@./nix-flake-update.sh
fmt:
nixfmt *.nix
nixpkgs-fmt .
clean:
echo 'Cleaning user...'

264
machines/hephaestus/configuration.nix Normal file
View File

@@ -0,0 +1,264 @@
{ config
, lib
, modulesPath
, pkgs
, unstable
, ...
}:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
appindicator
bluetooth-quick-connect
blur-my-shell
caffeine
clipboard-indicator
dash-to-dock
grand-theft-focus
notification-banner-reloaded
quick-settings-tweaker
tailscale-status
tray-icons-reloaded
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
extraModulePackages = with config.boot.kernelPackages; [
xpadneo
];
kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages;
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [ "ntfs" ];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
environment.systemPackages = with pkgs;
[
android-tools
bitwarden
cryptsetup
deja-dup
discord
docker
docker-compose
foliate
ghostscript
gimp-with-plugins
glibcLocales
gnome.gnome-tweaks
iputils
kazam
legendary-gl
lm_sensors
mullvad-vpn
netdata
nfs-utils
pavucontrol
pinentry-curses
podman
psst
qemu
sbx-h6-rgb
strace
tailscale
traceroute
ungoogled-chromium
unstable.burpsuite
unstable.logseq
unstable.obsidian
unstable.ryujinx
unstable.signal-desktop
usbutils
virt-manager
vlc
whois
wine
wine64
wireshark-qt
zoom-us
]
++ gnomeExtensions;
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat";
};
"/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
"/mnt/synology-2b/backups" = {
device = "192.168.1.178:/volume1/Backups";
fsType = "nfs";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/5d6d0388-2b15-4ff1-9f0f-391818a76090"; }
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [
"nix-2.16.2"
];
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
interfaces.enp34s0 = {
useDHCP = true;
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
systemd.services = {
NetworkManager-wait-online.enable = false;
};
system = {
autoUpgrade.enable = true;
stateVersion = "23.11";
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixUnstable;
};
users.users.dave = {
isNormalUser = true;
extraGroups = [ "docker" "wheel" "libvirtd" "corectrl" ];
shell = pkgs.zsh;
};
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/Toronto";
hardware = {
opengl.enable = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = true;
# Vulkan
opengl.driSupport = true;
opengl.driSupport32Bit = true;
# Steam
opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
pulseaudio.support32Bit = true;
};
programs = {
corectrl.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
};
zsh.enable = true;
};
services = {
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
gnome.gnome-keyring.enable = true;
mullvad-vpn.enable = false;
printing.enable = true;
resolved.enable = true;
sshd.enable = true;
tailscale.enable = true;
udev.extraRules = ''
ACTION=="add", ATTR{idVendor}=="041e", ATTR{idProduct}=="3255", RUN+="${pkgs.sbx-h6-rgb}/bin/sbx-h6-ctl -c c010ff 041e:3255"
'';
xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = false;
};
};
desktopManager = {
gnome = {
enable = true;
};
};
videoDrivers = [ "amdgpu" ];
};
};
virtualisation = {
docker.enable = true;
libvirtd.enable = true;
podman.enable = true;
};
}

114
machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,114 @@
{ pkgs, ... }:
let
checkBrew = "command -v brew > /dev/null";
in
{
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"nix-2.16.2"
];
};
};
networking = { hostName = "zelus"; };
services.nix-daemon.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
environment = {
extraInit = ''
${checkBrew} || >&2 echo "brew is not installed (install it via https://brew.sh)"
'';
variables = { LANG = "en_US.UTF-8"; };
};
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.000;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"coreutils"
"gnu-sed"
"gnu-tar"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"karabiner-elements"
"logseq"
"lulu"
"notunes"
"obsidian"
"postman"
"raycast"
"rectangle"
"stats"
"warp"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
}

8
update-flake.sh → nix-flake-update.sh
View File

@@ -4,14 +4,8 @@ set -euo pipefail
git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild
just build
git add .
read -p "Commit and push changes? [yN]? " -r
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
git commit -S -m "nix flake update: $(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z')
$update_msg"

BIN
nixos-wallpaper.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 297 KiB

17
overlays/cd-fzf/cd-fzf
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
readarray -t directories < ~/.config/cd-fzf
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
cd "$selected"
$SHELL

19
overlays/cd-fzf/default.nix
View File

@@ -1,19 +0,0 @@
{
stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "cd-fzf";
version = "0.0.1";
executable = ./cd-fzf;
phases = [ "unpackPhase" ]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/cd-fzf
'';
meta = with lib; {
description = "\n Fuzzy find change directory";
platforms = platforms.unix;
};
}

4
overlays/default.nix
View File

@@ -1,3 +1,5 @@
final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { };
sbx-h6-rgb = prev.callPackage ./sbx-h6-rgb { };
tmux-sessionizer = prev.callPackage ./tmux-sessionizer { };
vpngate = prev.callPackage ./vpngate { };
}

38
overlays/sbx-h6-rgb/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{ lib
, fetchFromGitHub
, pkgs
, stdenv
,
}:
stdenv.mkDerivation rec {
pname = "sbx-h6-rgb";
version = "95b4ef9788ef94e557a4d1e815079d5ea8a70943";
src = fetchFromGitHub {
owner = "Oscillope";
repo = "sbx-h6-rgb";
rev = version;
sha256 = "sha256-tKKNdzijloBiGBHf5C604824B/BbxBxvCL/ms4orT9M=";
};
buildInputs = with pkgs; [
hidapi
];
buildPhase = ''
make
'';
installPhase = ''
install -D sbx-h6-ctl $out/bin/sbx-h6-ctl
'';
meta = with lib; {
description = "Creative SoundBlasterX RGB LED setter.";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux;
};
}

24
overlays/tmux-sessionizer/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{ stdenv
, lib
, fetchurl
,
}:
stdenv.mkDerivation rec {
pname = "tmux-sessionizer";
version = "0.0.0";
executable = ./tmux-sessionizer;
phases = [ "unpackPhase" ]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/tmux-sessionizer
'';
meta = with lib; {
description = "
Tmux sessionizer adapted from https://sourcegraph.com/github.com/ThePrimeagen/.dotfiles@5cd09f06d6683b91c26822a73b40e3d7fb9af57a/-/blob/bin/.local/bin/tmux-sessionizer";
platforms = platforms.unix;
};
}

31
overlays/tmux-sessionizer/tmux-sessionizer Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Credit to ThePrimeagen for this:
# https://sourcegraph.com/github.com/ThePrimeagen/.dotfiles@5cd09f06d6683b91c26822a73b40e3d7fb9af57a/-/blob/bin/.local/bin/tmux-sessionizer
readarray -t directories < ~/.config/tmux-sessionizer
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
selected_name=$(basename "$selected" | tr . _)
tmux_running=$(pgrep tmux)
if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then
tmux new-session -s "$selected_name" -c "$selected"
exit 0
fi
if ! tmux has-session -t "$selected_name" 2> /dev/null; then
tmux new-session -ds "$selected_name" -c "$selected"
fi
tmux switch-client -t "$selected_name"

28
overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ lib
, fetchFromGitHub
, buildGoModule
,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.1.5";
vendorHash = "sha256-TQLHvoVAMvDtm/9EQUaNVVjQajyMBnJu8NF6Kt0+RJ8=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-+KZ6/h8JLEisnIja4lstJYVHzEC/8PdHL3czK/mJCAs=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux ++ platforms.darwin;
};
}

68
common-packages.nix → packages.nix
View File

@@ -1,8 +1,12 @@
{
pkgs,
unstable,
...
{ config
, lib
, pkgs
, unstable
, ...
}:
let
inherit (pkgs) stdenv;
in
{
environment.systemPackages = with pkgs; [
# essentials
@@ -16,45 +20,54 @@
zip
# modern cli
atuin
bat
cd-fzf
doggo
eza
fd
github-cli
hadolint
nodePackages.eslint
oha
pre-commit
progress
ripgrep
shellcheck
shfmt
starship
tldr
tmux-sessionizer
unstable.atuin
unstable.github-cli
viddy
yq-go
# containers
unstable.argocd
unstable.k9s
unstable.krew
unstable.kubecolor
unstable.kubectl
unstable.kubectx
krew
kubecolor
kubectl
kubectx
minikube
stern
unstable.helm-docs
unstable.kubernetes-helm
unstable.stern
unstable.k9s
unstable.skaffold
# cloud
awscli2
google-cloud-sdk
terraform
aws-vault
unstable.awscli2
unstable.azure-cli
unstable.google-cloud-sdk
unstable.terraform
# lsp
nodePackages.bash-language-server
nodePackages.eslint
nodePackages.pyright
nodePackages.yaml-language-server
terraform-ls
# monitoring
btop
htop
procs
# golang
gofumpt
@@ -77,27 +90,20 @@
openssl
openvpn
tcpdump
vpngate
# rice
fastfetch
neofetch
pfetch
# nix
nix-tree
nixfmt-rfc-style
nixpkgs-fmt
nixpkgs-review
# python
poetry
(unstable.python3.withPackages (ps: [
ps.llm
ps.llm-ollama
]))
python313
virtualenv
# media
yt-dlp
# llm
llm
];
}

3
renovate.json
View File

@@ -1,8 +1,5 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"schedule": [
"every weekend"
],
"extends": [
"config:recommended"
]

46
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config
, pkgs
, ...
}:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

5
shell.nix Normal file
View File

@@ -0,0 +1,5 @@
(import <nixpkgs> { }).mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}

3
upgrade-diff.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''