dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2025-10-11 12:36:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:411d5056a8c2a4c3ea8aea0240afdd97d1499ca0
Branches Tags
dave:main

3 Commits
main ... 411d5056a8

Author SHA1 Message Date
Dave Gallant
411d5056a8 Remove bluetooth-quick-connect 2024-11-30 20:08:05 -05:00
Dave Gallant
e872d4ba33 nix flake update: 2024-11-30 16:59:30 UTC 
• Updated input 'darwin':
    'github:lnl7/nix-darwin/698a62c628c2ec423aa770d8ec0e1d0bcf4fca1a' (2024-11-23)
  → 'github:lnl7/nix-darwin/6ab87b7c84d4ee873e937108c4ff80c015a40c7a' (2024-11-26)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16)
  → 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16)
  → 'github:NixOS/nixpkgs/0c5b4ecbed5b155b705336aa96d878e55acd8685' (2024-11-27)
• Updated input 'nixpkgs-master':
    'github:NixOS/nixpkgs/41153887f033e82e9d2b3470282d6b5c1246c201' (2024-11-23)
  → 'github:NixOS/nixpkgs/f4a5f018f7f15ae644cb4ba4854b5a4062ae57b6' (2024-11-30)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/5083ec887760adfe12af64830a66807423a859a7' (2024-11-18)
  → 'github:NixOS/nixpkgs/581d7e4d23b91daf2afa0005a5d3d01d6a8884fe' (2024-11-28)
 2024-11-30 11:59:30 -05:00
Dave Gallant
d54b9e26ed Add yt-dlp 2024-11-23 21:18:28 -05:00
24 changed files with 1100 additions and 1490 deletions
Expand all files Collapse all files

5
.envrc Normal file
View File

@@ -0,0 +1,5 @@
if has lorri; then
eval "$(lorri direnv)"
else
use nix
fi

6
.github/workflows/cachix.yml vendored
View File

@@ -14,11 +14,11 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v30
with: with:
nix_path: nixpkgs=channel:nixos-unstable nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v15
with: with:
name: davegallant name: davegallant
authToken: '${{ secrets.CACHIX_API_KEY }}' authToken: '${{ secrets.CACHIX_API_KEY }}'

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml .pre-commit-config.yaml
.vscode .vscode
git-crypt-key
result result

14
README.md
View File

@@ -1,17 +1,17 @@
# nix-config # nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS. This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment. The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
## Prerequisites ## Setup
- [Determinate Nix](https://determinate.systems/nix-installer) > on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
- [just](https://github.com/casey/just) > and nix-darwin: https://github.com/LnL7/nix-darwin
## Build Recipes are stored in a justfile. [just](https://github.com/casey/just) is required.
To run a build/rebuild: To run a rebuild:
```sh ```sh
just rebuild just rebuild
@@ -45,4 +45,4 @@ just clean
## Pre-commit hooks ## Pre-commit hooks
Run `nix develop` to install the pre-commit hooks. Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.

14
default.nix Normal file
View File

@@ -0,0 +1,14 @@
let
nix-pre-commit-hooks = import (
builtins.fetchTarball "https://github.com/cachix/git-hooks.nix/tarball/master"
);
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
nixfmt.enable = true;
};
};
}

868
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

72
flake.nix
View File

@@ -2,62 +2,38 @@
description = "nixos and macos configurations"; description = "nixos and macos configurations";
inputs = { inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; nixos-hardware.url = "github:NixOS/nixos-hardware";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
pre-commit-hooks.url = "github:cachix/git-hooks.nix";
darwin = { darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.05"; url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager.url = "github:nix-community/home-manager/release-25.05";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.05"; url = "github:nix-community/nixvim/nixos-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix.url = "github:danth/stylix/release-25.05"; stylix.url = "github:danth/stylix/release-24.05";
vpngate.url = "github:davegallant/vpngate";
}; };
outputs = outputs =
{ {
self, self,
darwin, darwin,
determinate,
home-manager, home-manager,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
nixpkgs-master, nixpkgs-master,
nixos-hardware,
stylix, stylix,
vpngate,
... ...
}@inputs: }@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{ {
checks = forAllSystems (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt-rfc-style.enable = true;
};
};
});
devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
nixosConfigurations = nixosConfigurations =
let let
unstable = import nixpkgs-unstable { unstable = import nixpkgs-unstable {
@@ -74,17 +50,18 @@
specialArgs = { specialArgs = {
inherit unstable; inherit unstable;
inherit master; inherit master;
inherit vpngate;
}; };
modules = [ modules = [
./hosts/hephaestus.nix ./fonts.nix
./common-packages.nix ./machines/hephaestus/configuration.nix
./packages.nix
./services/netdata/default.nix
./upgrade-diff.nix ./upgrade-diff.nix
determinate.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
stylix.nixosModules.stylix stylix.nixosModules.stylix
( (
{ ... }: { config, lib, ... }:
{ {
config = { config = {
nix = { nix = {
@@ -94,10 +71,9 @@
substituters = [ "https://davegallant.cachix.org" ]; substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [ trusted-users = [
"root" "root"
"dave"
]; ];
trusted-public-keys = [ trusted-public-keys = [ "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" ];
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
}; };
registry = { registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;
@@ -115,7 +91,7 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.dave.imports = [ users.dave.imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {
@@ -153,12 +129,12 @@
modules = [ modules = [
home-manager.darwinModules.home-manager home-manager.darwinModules.home-manager
stylix.darwinModules.stylix stylix.darwinModules.stylix
./hosts/zelus.nix ./machines/zelus/configuration.nix
./common-packages.nix ./packages.nix
./upgrade-diff.nix ./upgrade-diff.nix
( (
{ ... }: { config, ... }:
{ {
config = { config = {
nixpkgs.overlays = [ (import ./overlays) ]; nixpkgs.overlays = [ (import ./overlays) ];
@@ -166,7 +142,7 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users."dave.gallant".imports = [ users."dave.gallant".imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {

24
fonts.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

278
home.nix → home/default.nix
View File

@@ -2,19 +2,29 @@
lib, lib,
pkgs, pkgs,
unstable, unstable,
master,
... ...
}: }:
let let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
home.stateVersion = "25.05"; home.stateVersion = "24.05";
home.packages = with pkgs; [ just ]; home.packages = with pkgs; [ just ];
stylix = { stylix = {
enable = true; enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml"; base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
targets = {
alacritty.enable = true;
tmux.enable = true;
vscode.enable = false; # overrides synced settings
};
opacity.terminal = 1.0;
fonts.sizes = if stdenv.isLinux then { terminal = 20; } else { terminal = 16; };
fonts.monospace = { fonts.monospace = {
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
@@ -50,15 +60,12 @@ in
userName = "Dave Gallant"; userName = "Dave Gallant";
diff-so-fancy.enable = true;
lfs.enable = true; lfs.enable = true;
aliases = { aliases = {
aa = "add -A ."; aa = "add -A .";
br = "branch"; br = "branch";
c = "commit -S"; c = "commit -S";
cm = "commit -S -m";
ca = "commit -S --amend"; ca = "commit -S --amend";
cane = "commit -S --amend --no-edit"; cane = "commit -S --amend --no-edit";
cb = "checkout -b"; cb = "checkout -b";
@@ -79,6 +86,21 @@ in
includes = [ { path = "~/.gitconfig-work"; } ]; includes = [ { path = "~/.gitconfig-work"; } ];
delta = {
enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
};
};
extraConfig = { extraConfig = {
push = { push = {
default = "current"; default = "current";
@@ -89,36 +111,26 @@ in
}; };
}; };
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "zsh";
};
font = {
size = lib.mkForce 18.0;
};
window = {
opacity = lib.mkForce 0.9;
};
};
};
starship = { starship = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
settings = { settings = {
add_newline = false; add_newline = false;
scan_timeout = 10;
character = {
error_symbol = "[](bold red)";
};
gcloud = { gcloud = {
format = ""; format = "";
}; };
kubernetes = { kubernetes = {
disabled = false; disabled = false;
context_aliases = {
".*stg_.*" = "stg";
".*test_.*" = "test";
".*prd_.*" = "prd";
};
}; };
}; };
}; };
@@ -141,11 +153,6 @@ in
envExtra = '' envExtra = ''
export PAGER=less export PAGER=less
export EDITOR=vim export EDITOR=vim
export DOCKER_CLI_HINTS=false
export TERM=xterm-256color
export DOCKER_DEFAULT_PLATFORM=linux/amd64
export NNN_FIFO="$XDG_RUNTIME_DIR/nnn.fifo";
export PATH=$PATH:~/.cargo/bin export PATH=$PATH:~/.cargo/bin
export PATH=$PATH:~/.local/bin export PATH=$PATH:~/.local/bin
@@ -156,9 +163,14 @@ in
export GOPATH=~/go export GOPATH=~/go
export GOBIN=$GOPATH/bin export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN export PATH=$PATH:$GOBIN
export WINEPREFIX=~/.wine32
# homebrew for x86
export PATH=$PATH:/usr/local/homebrew/bin
''; '';
initContent = '' initExtra = ''
setopt noincappendhistory setopt noincappendhistory
source $HOME/.zsh-work source $HOME/.zsh-work
@@ -197,7 +209,9 @@ in
l = "eza -la --git --group-directories-first"; l = "eza -la --git --group-directories-first";
m = "make"; m = "make";
nix-install = "nix-env -iA"; nix-install = "nix-env -iA";
t = "cd-fzf"; ps = "procs";
t = "tms";
ts = "tms switch";
tf = "terraform"; tf = "terraform";
tree = "eza --tree"; tree = "eza --tree";
v = "nvim"; v = "nvim";
@@ -208,38 +222,126 @@ in
}; };
}; };
alacritty = {
enable = true;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
live_config_reload = true;
mouse.hide_when_typing = false;
shell = {
program = "zsh";
args = [
"-l"
"-c"
"tmux"
"u"
];
};
};
};
go = { go = {
enable = true; enable = true;
}; };
fzf = { tmux = {
enable = true; enable = true;
clock24 = true;
terminal = "tmux-256color";
customPaneNavigationAndResize = true;
plugins = with pkgs.tmuxPlugins; [
{
plugin = pain-control;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-pain-control'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = sessionist;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sessionist'";
}
{
plugin = yank;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-yank'";
}
{
plugin = copycat;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-copycat'";
}
{
plugin = tmux-colors-solarized;
extraConfig = ''
set -g @plugin 'seebi/tmux-colors-solarized'
set -g @colors-solarized 'dark'
'';
}
{
plugin = resurrect;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-resurrect'
'';
}
{
plugin = continuum;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-continuum'
set -g @continuum-restore 'on'
'';
}
{
plugin = open;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-open'
'';
}
];
extraConfig = ''
set-window-option -g automatic-rename on
set-option -g set-titles on
# Proper colors
set-option -sa terminal-features ',alacritty:RGB'
# Undercurl
set-option -g default-terminal "tmux-256color"
set-option -ga terminal-features ",alacritty:usstyle"
set -g mouse on
set -g status-left-length 30
set -g status-right-length 150
set -g xterm-keys on
set -g pane-border-status top
set -g set-titles on
set -g display-panes-time 800
set -g display-time 2000
set -q -g utf8 on
set -g monitor-activity on
set -g visual-activity off
set -g status-right '#(gitmux #{pane_current_path})'
#unbind -T copy-mode-vi MouseDragEnd1Pane
set-window-option -g mode-keys vi
bind-key -T copy-mode-vi v send -X begin-selection
bind-key -T copy-mode-vi V send -X select-line
bind-key -T copy-mode-vi y send -X copy-pipe-and-cancel 'xclip -in -selection clipboard'
'';
}; };
nnn = { fzf = {
enable = stdenv.isLinux; enable = true;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
}; };
nixvim = { nixvim = {
@@ -293,7 +395,8 @@ in
]; ];
plugins = { plugins = {
auto-save.enable = true; auto-save.enable = false;
copilot-vim.enable = true;
cmp-path.enable = true; cmp-path.enable = true;
cmp-treesitter.enable = true; cmp-treesitter.enable = true;
commentary.enable = true; commentary.enable = true;
@@ -308,15 +411,16 @@ in
bashls.enable = true; bashls.enable = true;
dockerls.enable = true; dockerls.enable = true;
gopls.enable = true; gopls.enable = true;
helm_ls.enable = true; helm-ls.enable = true;
jsonls.enable = true; jsonls.enable = true;
pyright.enable = true;
nixd.enable = true; nixd.enable = true;
terraformls.enable = true; terraformls.enable = true;
yamlls.enable = true; yamlls.enable = true;
}; };
lsp-format = { lsp-format = {
enable = true; enable = true;
settings = { setup = {
terraform = { }; terraform = { };
nix = { }; nix = { };
go = { }; go = { };
@@ -324,6 +428,10 @@ in
}; };
cmp.enable = true; cmp.enable = true;
nvim-tree.enable = true; nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true; rainbow-delimiters.enable = true;
treesitter.enable = true; treesitter.enable = true;
telescope = { telescope = {
@@ -338,7 +446,6 @@ in
}; };
package = pkgs.vimPlugins.telescope-fzy-native-nvim; package = pkgs.vimPlugins.telescope-fzy-native-nvim;
}; };
web-devicons.enable = true;
}; };
opts = { opts = {
autoindent = true; autoindent = true;
@@ -421,43 +528,24 @@ in
''; '';
}; };
zed-editor = { vscode = {
enable = true; enable = true;
package = unstable.zed-editor; package = pkgs.vscode;
extensions = [ extensions =
"ansible" with pkgs.vscode-extensions;
"color-highlight" [
"dockerfile" bbenoist.nix
"html" github.vscode-pull-request-github
"make" golang.go
"material-icon-theme" hashicorp.terraform
"nix" ms-dotnettools.csharp
"tokyo-night" ms-kubernetes-tools.vscode-kubernetes-tools
"toml" redhat.vscode-yaml
"vue" ]
]; ++ lib.optionals stdenv.isLinux [
userSettings = { ms-vsliveshare.vsliveshare
icon_theme = "Material Icon Theme"; ms-python.python
theme = lib.mkForce "Tokyo Night"; ];
features = {
edit_prediction_provider = "copilot";
};
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
}
// (
if pkgs.stdenv.isLinux then
{
ui_font_size = lib.mkForce 24;
buffer_font_size = lib.mkForce 22;
}
else
{ }
);
}; };
firefox = { firefox = {

508
hosts/hephaestus.nix
View File

@@ -1,508 +0,0 @@
{
config,
lib,
master,
modulesPath,
pkgs,
unstable,
vpngate,
...
}:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine
clipboard-history
grand-theft-focus
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
image = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/davegallant/nix-config/refs/heads/main/nixos-wallpaper.png";
sha256 = "Ztqn9+CHslr6wZdnOTeo/YNi/ICerpcFLyMArsZ/PIY=";
};
polarity = "dark";
};
security.sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
};
boot = {
kernelModules = [
"kvm-amd"
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amd_iommu=on"
];
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
environment.systemPackages =
with pkgs;
[
android-studio
android-tools
bleachbit
calibre
chromium
cryptsetup
dbeaver-bin
discord
freefilesync
gimp-with-plugins
gnome-tweaks
google-chrome
httpie-desktop
iputils
libation
mission-center
mupen64plus
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pavucontrol
pciutils
pika-backup
pinentry-curses
pinta
protonvpn-gui
qemu
traceroute
unityhub
unstable.podman
unstable.podman-compose
unstable.podman-desktop
unstable.beszel
unstable.obsidian
unstable.ryubing
unstable.signal-desktop-bin
unstable.spotify
unstable.tailscale
unstable.zoom-us
usbutils
virt-manager
vlc
vpngate.packages.x86_64-linux.default
whois
wine
]
++ gnomeExtensions;
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat";
};
"/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
"/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/";
fsType = "nfs";
};
};
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
google-fonts
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
hostId = "0e8aad53";
interfaces."enp34s0" = {
useDHCP = true;
wakeOnLan = {
enable = true;
policy = [ "magic" ];
};
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = {
NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
system = {
autoUpgrade.enable = true;
stateVersion = "25.05";
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
};
users.users.dave = {
isNormalUser = true;
extraGroups = [
"wheel"
"libvirtd"
"corectrl"
];
shell = pkgs.zsh;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.inputMethod = {
enable = true;
type = "ibus";
ibus.engines = with pkgs.ibus-engines; [ anthy ];
};
time.timeZone = "America/Toronto";
hardware.graphics = {
enable = true;
enable32Bit = true;
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix-ld.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
};
zsh.enable = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
services.flatpak.enable = true;
services.gnome.gnome-keyring.enable = true;
services.printing.enable = true;
services.resolved.enable = true;
services.sshd.enable = true;
services.tailscale = {
enable = true;
package = unstable.tailscale;
};
services.xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
desktopManager.gnome.enable = true;
videoDrivers = [ "amdgpu" ];
};
services.ollama = {
package = master.ollama;
enable = true;
acceleration = "rocm";
host = "0.0.0.0";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"dolphin3:8b"
"llama3.1"
"llava"
];
};
services.open-webui = {
enable = true;
package = pkgs.open-webui;
host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
};
};
services.opensnitch = {
enable = true;
rules = {
avahi-ipv4 = {
name = "Allow avahi daemon IPv4";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
operand = "process.path";
sensitive = false;
data = "${lib.getBin pkgs.avahi}/bin/avahi-daemon";
}
{
type = "network";
operand = "dest.network";
data = "224.0.0.0/24";
}
];
};
};
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
systemd-resolved = {
name = "systemd-resolved";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
};
};
localhost = {
name = "Allow all localhost";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "regexp";
operand = "dest.ip";
sensitive = false;
data = "^(127\\.0\\.0\\.1|::1)$";
list = [ ];
};
};
nix-update = {
name = "Allow Nix";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.nix}/bin/nix";
}
{
type = "regexp";
operand = "dest.host";
sensitive = false;
data = "^(([a-z0-9|-]+\\.)*github\\.com|([a-z0-9|-]+\\.)*nixos\\.org)$";
}
];
};
};
NetworkManager = {
name = "Allow NetworkManager";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
}
{
type = "simple";
operand = "dest.port";
sensitive = false;
data = "67";
}
{
type = "simple";
operand = "protocol";
sensitive = false;
data = "udp";
}
];
};
};
ssh-github = {
name = "Allow SSH to github";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.openssh}/bin/ssh";
}
{
type = "simple";
operand = "dest.host";
sensitive = false;
data = "github.com";
}
];
};
};
};
};
virtualisation = {
podman.enable = true;
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
};
}

136
hosts/zelus.nix
View File

@@ -1,136 +0,0 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
nix.enable = false;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"vault"
];
casks = [
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"ollama"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale"
"vlc"
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
enable = true;
image = "/Library/tokyo-night.jpg";
};
}

8
justfile
View File

@@ -8,20 +8,20 @@ arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" } cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild: rebuild:
sudo $cmd switch --flake . -I nixos-config="hosts/$(hostname).nix" $cmd switch --flake . -I nixos-config="machines/$(hostname)/configuration.nix"
rollback: rollback:
sudo $cmd switch --rollback --flake . $cmd switch --rollback --flake .
channel-update: channel-update:
nix-channel --update nix-channel --update
sudo nix-channel --update sudo nix-channel --update
update: update:
@./update-flake.sh @./nix-flake-update.sh
fmt: fmt:
nixfmt *.nix nixfmt .
clean: clean:
echo 'Cleaning user...' echo 'Cleaning user...'

296
machines/hephaestus/configuration.nix Normal file
View File

@@ -0,0 +1,296 @@
{
config,
lib,
modulesPath,
pkgs,
unstable,
...
}:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
appindicator
blur-my-shell
caffeine
clipboard-indicator
grand-theft-focus
notification-banner-reloaded
quick-settings-tweaker
tailscale-status
tray-icons-reloaded
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
image = pkgs.fetchurl {
url = "https://github.com/davegallant/nix-config/blob/main/nixos-wallpaper.png?raw=true";
sha256 = "Ztqn9+CHslr6wZdnOTeo/YNi/ICerpcFLyMArsZ/PIY=";
};
polarity = "dark";
fonts.sizes.desktop = 24;
};
boot = {
extraModulePackages = with config.boot.kernelPackages; [ xpadneo ];
kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages;
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [
"ntfs"
"zfs"
];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
environment.systemPackages =
with pkgs;
[
android-tools
blender
cartridges
cryptsetup
discord
docker
docker-compose
ghostscript
gimp-with-plugins
glibcLocales
httpie-desktop
gnome.gnome-tweaks
google-chrome
iputils
kazam
legendary-gl
libation
lm_sensors
logseq
mitmproxy
mullvad-vpn
netdata
nfs-utils
pavucontrol
pika-backup
pinentry-curses
podman
qemu
sbx-h6-rgb
strace
traceroute
ulauncher
unstable.burpsuite
unstable.dotnet-sdk_8
unstable.ryujinx
unstable.signal-desktop
unstable.spotify
unstable.tailscale
unstable.unityhub
unstable.zoom-us
unstable.zulip
usbutils
virt-manager
vlc
whois
wine
wine64
wireshark-qt
]
++ gnomeExtensions;
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat";
};
"/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
"/mnt/synology-2b/backups" = {
device = "192.168.1.178:/volume1/Backups";
fsType = "nfs";
};
"/mnt/zfs/backups" = {
device = "zpool/backups";
fsType = "zfs";
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/5d6d0388-2b15-4ff1-9f0f-391818a76090"; } ];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [ "electron-27.3.11" ];
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
hostId = "0e8aad53";
interfaces.enp34s0 = {
useDHCP = true;
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
systemd.services = {
NetworkManager-wait-online.enable = false;
};
system = {
autoUpgrade.enable = true;
stateVersion = "24.05";
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
};
users.users.dave = {
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"corectrl"
];
shell = pkgs.zsh;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.inputMethod = {
enabled = "ibus";
ibus.engines = with pkgs.ibus-engines; [ anthy ];
};
time.timeZone = "America/Toronto";
hardware = {
opengl.enable = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = true;
# Vulkan
opengl.driSupport = true;
opengl.driSupport32Bit = true;
# Steam
opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
pulseaudio.support32Bit = true;
};
programs = {
corectrl.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix-ld.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
};
zsh.enable = true;
};
services = {
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
gnome.gnome-keyring.enable = true;
mullvad-vpn.enable = false;
printing.enable = true;
resolved.enable = true;
sshd.enable = true;
tailscale = {
enable = true;
package = unstable.tailscale;
};
udev.extraRules = ''
ACTION=="add", ATTR{idVendor}=="041e", ATTR{idProduct}=="3255", RUN+="${pkgs.sbx-h6-rgb}/bin/sbx-h6-ctl -c c010ff 041e:3255"
'';
xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
desktopManager.gnome.enable = true;
videoDrivers = [ "amdgpu" ];
};
zfs = {
autoScrub.enable = true;
autoSnapshot.enable = true;
};
};
virtualisation = {
docker.enable = true;
libvirtd.enable = true;
podman.enable = true;
};
}

125
machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,125 @@
{ pkgs, ... }:
let
checkBrew = "command -v brew > /dev/null";
in
{
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [ ];
};
};
networking = {
hostName = "zelus";
};
services.nix-daemon.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
environment = {
extraInit = ''
${checkBrew} || >&2 echo "brew is not installed (install it via https://brew.sh)"
'';
variables = {
LANG = "en_US.UTF-8";
};
};
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.0;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"iterm2"
"karabiner-elements"
"librewolf"
"logseq"
"lulu"
"mitmproxy"
"notunes"
"postman"
"raycast"
"rectangle"
"stats"
"warp"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
# enable = true;
image = "/Library/tokyo-night.jpg";
};
}

6
update-flake.sh → nix-flake-update.sh
View File

@@ -6,12 +6,6 @@ git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:') update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild just rebuild
git add . git add .
read -p "Commit and push changes? [yN]? " -r
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
git commit -S -m "nix flake update: $(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z') git commit -S -m "nix flake update: $(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z')
$update_msg" $update_msg"

17
overlays/cd-fzf/cd-fzf
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
readarray -t directories < ~/.config/cd-fzf
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
cd "$selected"
$SHELL

19
overlays/cd-fzf/default.nix
View File

@@ -1,19 +0,0 @@
{
stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "cd-fzf";
version = "0.0.1";
executable = ./cd-fzf;
phases = [ "unpackPhase" ]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/cd-fzf
'';
meta = with lib; {
description = "\n Fuzzy find change directory";
platforms = platforms.unix;
};
}

3
overlays/default.nix
View File

@@ -1,3 +1,4 @@
final: prev: { final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { }; sbx-h6-rgb = prev.callPackage ./sbx-h6-rgb { };
vpngate = prev.callPackage ./vpngate { };
} }

35
overlays/sbx-h6-rgb/default.nix Normal file
View File

@@ -0,0 +1,35 @@
{
lib,
fetchFromGitHub,
pkgs,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "sbx-h6-rgb";
version = "95b4ef9788ef94e557a4d1e815079d5ea8a70943";
src = fetchFromGitHub {
owner = "Oscillope";
repo = "sbx-h6-rgb";
rev = version;
sha256 = "sha256-tKKNdzijloBiGBHf5C604824B/BbxBxvCL/ms4orT9M=";
};
buildInputs = with pkgs; [ hidapi ];
buildPhase = ''
make
'';
installPhase = ''
install -D sbx-h6-ctl $out/bin/sbx-h6-ctl
'';
meta = with lib; {
description = "Creative SoundBlasterX RGB LED setter.";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux;
};
}

28
overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.3.0";
vendorHash = "sha256-4JeVXLoiXdZoQM76cHOt5i31ZZGTId0rt8RkMH62/EM=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-P3eQvdUfjpq4a0Q2Hxby4zZ2uTSPjG1oXHxt8cW6fTQ=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux ++ platforms.darwin;
};
}

50
common-packages.nix → packages.nix
View File

@@ -1,8 +1,13 @@
{ {
config,
lib,
pkgs, pkgs,
unstable, unstable,
... ...
}: }:
let
inherit (pkgs) stdenv;
in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# essentials # essentials
@@ -16,45 +21,51 @@
zip zip
# modern cli # modern cli
atuin
bat bat
cd-fzf
doggo doggo
eza eza
fd fd
github-cli
hadolint hadolint
nodePackages.eslint
oha
pre-commit pre-commit
progress progress
ripgrep ripgrep
shellcheck shellcheck
shfmt shfmt
tldr
tmux-sessionizer
unstable.atuin
unstable.github-cli
viddy viddy
yq-go yq-go
# containers # containers
unstable.argocd krew
kubecolor
kubectl
kubectx
minikube
stern
unstable.dive
unstable.helm-docs
unstable.k9s unstable.k9s
unstable.krew
unstable.kubecolor
unstable.kubectl
unstable.kubectx
unstable.kubernetes-helm unstable.kubernetes-helm
unstable.stern
# cloud # cloud
awscli2 unstable.awscli2
google-cloud-sdk unstable.google-cloud-sdk
terraform unstable.terraform
# lsp # lsp
nodePackages.bash-language-server nodePackages.bash-language-server
nodePackages.eslint nodePackages.pyright
nodePackages.yaml-language-server nodePackages.yaml-language-server
terraform-ls terraform-ls
# monitoring # monitoring
btop htop
procs
# golang # golang
gofumpt gofumpt
@@ -77,9 +88,10 @@
openssl openssl
openvpn openvpn
tcpdump tcpdump
vpngate
# rice # rice
fastfetch neofetch
# nix # nix
nix-tree nix-tree
@@ -88,16 +100,10 @@
# python # python
poetry poetry
(unstable.python3.withPackages (ps: [ python313
ps.llm
ps.llm-ollama
]))
virtualenv virtualenv
# media # media
yt-dlp yt-dlp
# llm
llm
]; ];
} }

43
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.05";
pkgs = import nixpkgs {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}