dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2025-08-11 20:32:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:114d75da7fbdfb6f69a429379671b940bda8095c
Branches Tags
dave:main

1 Commits
main ... 114d75da7f

Author SHA1 Message Date
Dave Gallant
114d75da7f Add more mac defaults 2025-04-12 22:47:45 -04:00
15 changed files with 658 additions and 473 deletions
Expand all files Collapse all files

5
.envrc Normal file
View File

@@ -0,0 +1,5 @@
if has lorri; then
eval "$(lorri direnv)"
else
use nix
fi

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml
.vscode
git-crypt-key
result

6
README.md
View File

@@ -1,12 +1,12 @@
# nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS.
This repo stores nix configuration to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
## Prerequisites
- [Determinate Nix](https://determinate.systems/nix-installer)
- [Determine Nix](https://determinate.systems/nix-installer)
- [just](https://github.com/casey/just)
## Build
@@ -45,4 +45,4 @@ just clean
## Pre-commit hooks
Run `nix develop` to install the pre-commit hooks.
Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.

13
default.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nix-pre-commit-hooks = import (
builtins.fetchTarball "https://github.com/cachix/git-hooks.nix/tarball/master"
);
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
};
};
}

739
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

74
flake.nix
View File

@@ -3,82 +3,54 @@
inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
pre-commit-hooks.url = "github:cachix/git-hooks.nix";
fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*";
nixpkgs-unstable.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.05";
url = "github:lnl7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager/release-25.05";
home-manager.url = "https://flakehub.com/f/nix-community/home-manager/*";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.05";
url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix/release-25.05";
stylix.url = "github:danth/stylix/release-24.11";
vpngate.url = "github:davegallant/vpngate";
};
outputs =
{
self,
darwin,
fh,
determinate,
home-manager,
nixpkgs,
nixpkgs-unstable,
nixpkgs-master,
stylix,
vpngate,
...
}@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{
checks = forAllSystems (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt-rfc-style.enable = true;
};
};
});
devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
nixosConfigurations =
let
unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
master = import nixpkgs-master {
system = "x86_64-linux";
config.allowUnfree = true;
};
in
{
hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit fh;
inherit unstable;
inherit master;
inherit vpngate;
};
modules = [
./hosts/hephaestus.nix
./common-packages.nix
./fonts.nix
./machines/hephaestus/configuration.nix
./packages.nix
./services/netdata/default.nix
./upgrade-diff.nix
determinate.nixosModules.default
home-manager.nixosModules.home-manager
@@ -94,10 +66,9 @@
substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [
"root"
"dave"
];
trusted-public-keys = [
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
trusted-public-keys = [ "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" ];
};
registry = {
nixpkgs.flake = nixpkgs;
@@ -115,12 +86,11 @@
useGlobalPkgs = true;
useUserPackages = true;
users.dave.imports = [
./home.nix
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
inherit master;
};
};
};
@@ -137,24 +107,19 @@
config.allowUnfree = true;
inherit system;
};
master = import nixpkgs-master {
config.allowUnfree = true;
inherit system;
};
in
{
zelus = darwin.lib.darwinSystem {
inherit system;
specialArgs = {
inherit unstable;
inherit master;
};
modules = [
home-manager.darwinModules.home-manager
stylix.darwinModules.stylix
./hosts/zelus.nix
./common-packages.nix
./machines/zelus/configuration.nix
./packages.nix
./upgrade-diff.nix
(
@@ -166,12 +131,11 @@
useGlobalPkgs = true;
useUserPackages = true;
users."dave.gallant".imports = [
./home.nix
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
inherit master;
};
};
};

24
fonts.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

27
home.nix → home/default.nix
View File

@@ -8,13 +8,21 @@ let
inherit (pkgs) stdenv;
in
{
home.stateVersion = "25.05";
home.stateVersion = "24.11";
home.packages = with pkgs; [ just ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
targets = {
alacritty.enable = true;
vscode.enable = false; # overrides synced settings
};
opacity.terminal = 1.0;
fonts.sizes = if stdenv.isLinux then { terminal = 20; } else { terminal = 16; };
fonts.monospace = {
name = "FiraCode Nerd Font Mono";
@@ -58,7 +66,6 @@ in
aa = "add -A .";
br = "branch";
c = "commit -S";
cm = "commit -S -m";
ca = "commit -S --amend";
cane = "commit -S --amend --no-edit";
cb = "checkout -b";
@@ -95,6 +102,7 @@ in
settings = {
add_newline = false;
scan_timeout = 10;
gcloud = {
format = "";
};
@@ -136,7 +144,7 @@ in
export PATH=$PATH:$GOBIN
'';
initContent = ''
initExtra = ''
setopt noincappendhistory
source $HOME/.zsh-work
@@ -175,6 +183,7 @@ in
l = "eza -la --git --group-directories-first";
m = "make";
nix-install = "nix-env -iA";
ps = "procs";
t = "cd-fzf";
tf = "terraform";
tree = "eza --tree";
@@ -276,6 +285,10 @@ in
};
cmp.enable = true;
nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true;
treesitter.enable = true;
telescope = {
@@ -374,10 +387,10 @@ in
};
vscode = {
enable = stdenv.isLinux;
package = unstable.vscode;
profiles.default.extensions =
with unstable.vscode-extensions;
enable = true;
package = pkgs.vscode;
extensions =
with pkgs.vscode-extensions;
[
bbenoist.nix
github.vscode-pull-request-github

4
justfile
View File

@@ -5,10 +5,10 @@ alias r := rebuild
arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
cmd := if arch == "Linux" { "sudo nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild:
sudo $cmd switch --flake . -I nixos-config="hosts/$(hostname).nix"
$cmd switch --flake . -I nixos-config="machines/$(hostname)/configuration.nix"
rollback:
$cmd switch --rollback --flake .

96
hosts/hephaestus.nix → machines/hephaestus/configuration.nix
View File

@@ -1,7 +1,7 @@
{
config,
fh,
lib,
master,
modulesPath,
pkgs,
unstable,
@@ -11,8 +11,6 @@
let
gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine
clipboard-history
grand-theft-focus
];
in
{
@@ -30,24 +28,9 @@ in
fonts.sizes.desktop = 24;
};
security.sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
};
boot = {
kernelModules = [
"kvm-amd"
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amd_iommu=on"
];
loader = {
efi.canTouchEfiVariables = true;
@@ -88,6 +71,7 @@ in
environment.systemPackages =
with pkgs;
[
albert
android-studio
android-tools
bleachbit
@@ -96,32 +80,29 @@ in
cryptsetup
discord
docker-compose
fh.packages.x86_64-linux.default
freefilesync
gimp-with-plugins
gnome-tweaks
google-chrome
httpie-desktop
iputils
libation
mission-center
mupen64plus
netdata
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pavucontrol
pciutils
pika-backup
pinentry-curses
protonvpn-gui
qemu
terminator
ryujinx
traceroute
unityhub
unstable.beszel
unstable.ghostty
unstable.obsidian
unstable.ryubing
unstable.signal-desktop-bin
unstable.spotify
unstable.signal-desktop
unstable.tailscale
unstable.zoom-us
usbutils
@@ -151,35 +132,11 @@ in
fsType = "nfs";
};
"/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/";
device = "192.168.1.32:/mnt/wd4t/data/home/backup/";
fsType = "nfs";
};
};
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
google-fonts
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
@@ -206,38 +163,13 @@ in
};
};
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = {
NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
system = {
autoUpgrade.enable = true;
stateVersion = "25.05";
stateVersion = "24.11";
};
nix = {
@@ -326,23 +258,21 @@ in
};
services.ollama = {
package = master.ollama;
package = unstable.ollama;
enable = true;
acceleration = "rocm";
host = "0.0.0.0";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"deepseek-r1:8b"
"dolphin3:8b"
"llama3.1"
"llava"
];
};
services.open-webui = {
enable = true;
package = pkgs.open-webui;
package = unstable.open-webui;
host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "False";

23
hosts/zelus.nix → machines/zelus/configuration.nix
View File

@@ -22,8 +22,6 @@
users.users."dave.gallant".home = "/Users/dave.gallant";
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
@@ -39,11 +37,12 @@
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Ghostty.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Logseq.app"
"/Applications/Slack.app"
"/Applications/Spotify.app"
"/Applications/Visual Studio Code.app"
"/Applications/zoom.us.app"
];
@@ -68,7 +67,7 @@
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
security.pam.enableSudoTouchIdAuth = true;
homebrew = {
enable = true;
@@ -82,15 +81,14 @@
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"netdata"
"node"
"oras"
"vault"
"k6"
];
casks = [
@@ -99,15 +97,17 @@
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"ghostty"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"logseq"
"lulu"
"mitmproxy"
"notunes"
"obsidian"
"ollama"
"postman"
"raycast"
"rectangle"
"signal"
@@ -121,7 +121,6 @@
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
@@ -130,7 +129,7 @@
};
stylix = {
enable = true;
# enable = true;
image = "/Library/tokyo-night.jpg";
};

42
common-packages.nix → packages.nix
View File

@@ -1,8 +1,13 @@
{
config,
lib,
pkgs,
unstable,
...
}:
let
inherit (pkgs) stdenv;
in
{
environment.systemPackages = with pkgs; [
# essentials
@@ -16,30 +21,37 @@
zip
# modern cli
atuin
bat
cd-fzf
doggo
eza
fd
github-cli
hadolint
nodePackages.eslint
oha
pre-commit
progress
ripgrep
shellcheck
shfmt
tldr
atuin
github-cli
viddy
yq-go
# containers
unstable.k9s
unstable.krew
unstable.kubecolor
unstable.kubectl
unstable.kubectx
unstable.kubernetes-helm
unstable.stern
krew
kubecolor
kubectl
kubectx
minikube
stern
dive
helm-docs
k9s
kubernetes-helm
# cloud
awscli2
@@ -48,12 +60,12 @@
# lsp
nodePackages.bash-language-server
nodePackages.eslint
nodePackages.yaml-language-server
terraform-ls
# monitoring
btop
htop
procs
# golang
gofumpt
@@ -87,16 +99,10 @@
# python
poetry
(unstable.python3.withPackages (ps: [
ps.llm
ps.llm-ollama
]))
python313
virtualenv
# media
yt-dlp
# llm
llm
];
}

43
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.11";
pkgs = import nixpkgs {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}