dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2025-08-12 08:52:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:eee3f2e9a3e2d05108354d52b4fa9bc6cd6a4a83
Branches Tags
dave:main

1 Commits
main ... eee3f2e9a3

Author SHA1 Message Date
Dave Gallant
eee3f2e9a3 Cleanup hephaestus 2025-04-06 12:52:42 -04:00
19 changed files with 796 additions and 658 deletions
Expand all files Collapse all files

5
.envrc Normal file
View File

@@ -0,0 +1,5 @@
if has lorri; then
eval "$(lorri direnv)"
else
use nix
fi

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml .pre-commit-config.yaml
.vscode .vscode
git-crypt-key
result result

14
README.md
View File

@@ -1,17 +1,17 @@
# nix-config # nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS. This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment. The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
## Prerequisites ## Setup
- [Determinate Nix](https://determinate.systems/nix-installer) > on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
- [just](https://github.com/casey/just) > and nix-darwin: https://github.com/LnL7/nix-darwin
## Build Recipes are stored in a justfile. [just](https://github.com/casey/just) is required.
To run a build/rebuild: To run a rebuild:
```sh ```sh
just rebuild just rebuild
@@ -45,4 +45,4 @@ just clean
## Pre-commit hooks ## Pre-commit hooks
Run `nix develop` to install the pre-commit hooks. Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.

13
default.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nix-pre-commit-hooks = import (
builtins.fetchTarball "https://github.com/cachix/git-hooks.nix/tarball/master"
);
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
};
};
}

766
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

78
flake.nix
View File

@@ -3,82 +3,52 @@
inputs = { inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*";
nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-unstable.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
pre-commit-hooks.url = "github:cachix/git-hooks.nix";
darwin = { darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.05"; url = "github:lnl7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager.url = "github:nix-community/home-manager/release-25.05"; home-manager.url = "https://flakehub.com/f/nix-community/home-manager/*";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.05"; url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix.url = "github:danth/stylix/release-25.05"; # stylix.url = "https://flakehub.com/f/danth/stylix/*";
vpngate.url = "github:davegallant/vpngate"; stylix.url = "github:danth/stylix/release-24.11";
}; };
outputs = outputs =
{ {
self,
darwin, darwin,
fh,
determinate, determinate,
home-manager, home-manager,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
nixpkgs-master,
stylix, stylix,
vpngate,
... ...
}@inputs: }@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{ {
checks = forAllSystems (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
nixfmt-rfc-style.enable = true;
};
};
});
devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
nixosConfigurations = nixosConfigurations =
let let
unstable = import nixpkgs-unstable { unstable = import nixpkgs-unstable {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
}; };
master = import nixpkgs-master {
system = "x86_64-linux";
config.allowUnfree = true;
};
in in
{ {
hephaestus = nixpkgs.lib.nixosSystem { hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit fh;
inherit unstable; inherit unstable;
inherit master;
inherit vpngate;
}; };
modules = [ modules = [
./hosts/hephaestus.nix ./fonts.nix
./common-packages.nix ./machines/hephaestus/configuration.nix
./packages.nix
./services/netdata/default.nix
./upgrade-diff.nix ./upgrade-diff.nix
determinate.nixosModules.default determinate.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@@ -94,10 +64,9 @@
substituters = [ "https://davegallant.cachix.org" ]; substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [ trusted-users = [
"root" "root"
"dave"
]; ];
trusted-public-keys = [ trusted-public-keys = [ "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" ];
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
}; };
registry = { registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;
@@ -115,12 +84,11 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.dave.imports = [ users.dave.imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
}; };
}; };
@@ -137,24 +105,19 @@
config.allowUnfree = true; config.allowUnfree = true;
inherit system; inherit system;
}; };
master = import nixpkgs-master {
config.allowUnfree = true;
inherit system;
};
in in
{ {
zelus = darwin.lib.darwinSystem { zelus = darwin.lib.darwinSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
modules = [ modules = [
home-manager.darwinModules.home-manager home-manager.darwinModules.home-manager
stylix.darwinModules.stylix stylix.darwinModules.stylix
./hosts/zelus.nix ./machines/zelus/configuration.nix
./common-packages.nix ./packages.nix
./upgrade-diff.nix ./upgrade-diff.nix
( (
@@ -166,12 +129,11 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users."dave.gallant".imports = [ users."dave.gallant".imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
}; };
}; };

24
fonts.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

44
home.nix → home/default.nix
View File

@@ -8,13 +8,21 @@ let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
home.stateVersion = "25.05"; home.stateVersion = "24.11";
home.packages = with pkgs; [ just ]; home.packages = with pkgs; [ just ];
stylix = { stylix = {
enable = true; enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml"; base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
targets = {
alacritty.enable = true;
vscode.enable = false; # overrides synced settings
};
opacity.terminal = 1.0;
fonts.sizes = if stdenv.isLinux then { terminal = 20; } else { terminal = 16; };
fonts.monospace = { fonts.monospace = {
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
@@ -50,15 +58,12 @@ in
userName = "Dave Gallant"; userName = "Dave Gallant";
diff-so-fancy.enable = true;
lfs.enable = true; lfs.enable = true;
aliases = { aliases = {
aa = "add -A ."; aa = "add -A .";
br = "branch"; br = "branch";
c = "commit -S"; c = "commit -S";
cm = "commit -S -m";
ca = "commit -S --amend"; ca = "commit -S --amend";
cane = "commit -S --amend --no-edit"; cane = "commit -S --amend --no-edit";
cb = "checkout -b"; cb = "checkout -b";
@@ -79,6 +84,21 @@ in
includes = [ { path = "~/.gitconfig-work"; } ]; includes = [ { path = "~/.gitconfig-work"; } ];
delta = {
enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
};
};
extraConfig = { extraConfig = {
push = { push = {
default = "current"; default = "current";
@@ -95,6 +115,7 @@ in
settings = { settings = {
add_newline = false; add_newline = false;
scan_timeout = 10;
gcloud = { gcloud = {
format = ""; format = "";
}; };
@@ -136,7 +157,7 @@ in
export PATH=$PATH:$GOBIN export PATH=$PATH:$GOBIN
''; '';
initContent = '' initExtra = ''
setopt noincappendhistory setopt noincappendhistory
source $HOME/.zsh-work source $HOME/.zsh-work
@@ -175,6 +196,7 @@ in
l = "eza -la --git --group-directories-first"; l = "eza -la --git --group-directories-first";
m = "make"; m = "make";
nix-install = "nix-env -iA"; nix-install = "nix-env -iA";
ps = "procs";
t = "cd-fzf"; t = "cd-fzf";
tf = "terraform"; tf = "terraform";
tree = "eza --tree"; tree = "eza --tree";
@@ -276,6 +298,10 @@ in
}; };
cmp.enable = true; cmp.enable = true;
nvim-tree.enable = true; nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true; rainbow-delimiters.enable = true;
treesitter.enable = true; treesitter.enable = true;
telescope = { telescope = {
@@ -374,10 +400,10 @@ in
}; };
vscode = { vscode = {
enable = stdenv.isLinux; enable = true;
package = unstable.vscode; package = pkgs.vscode;
profiles.default.extensions = extensions =
with unstable.vscode-extensions; with pkgs.vscode-extensions;
[ [
bbenoist.nix bbenoist.nix
github.vscode-pull-request-github github.vscode-pull-request-github

137
hosts/zelus.nix
View File

@@ -1,137 +0,0 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
nix.enable = false;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/Visual Studio Code.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"vault"
];
casks = [
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"ollama"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale"
"vlc"
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
enable = true;
image = "/Library/tokyo-night.jpg";
};
}

6
justfile
View File

@@ -8,7 +8,7 @@ arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" } cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild: rebuild:
sudo $cmd switch --flake . -I nixos-config="hosts/$(hostname).nix" sudo $cmd switch --flake . -I nixos-config="machines/$(hostname)/configuration.nix"
rollback: rollback:
$cmd switch --rollback --flake . $cmd switch --rollback --flake .
@@ -18,10 +18,10 @@ channel-update:
sudo nix-channel --update sudo nix-channel --update
update: update:
@./update-flake.sh @./nix-flake-update.sh
fmt: fmt:
nixfmt *.nix nixfmt .
clean: clean:
echo 'Cleaning user...' echo 'Cleaning user...'

98
hosts/hephaestus.nix → machines/hephaestus/configuration.nix
View File

@@ -1,18 +1,15 @@
{ {
config, config,
fh,
lib, lib,
master,
modulesPath, modulesPath,
pkgs, pkgs,
unstable, unstable,
vpngate,
... ...
}: }:
let let
gnomeExtensions = with pkgs.gnomeExtensions; [ gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine caffeine
clipboard-history
grand-theft-focus
]; ];
in in
{ {
@@ -30,24 +27,9 @@ in
fonts.sizes.desktop = 24; fonts.sizes.desktop = 24;
}; };
security.sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
};
boot = { boot = {
kernelModules = [ kernelModules = [ "kvm-amd" ];
"kvm-amd"
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amd_iommu=on"
];
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@@ -88,6 +70,7 @@ in
environment.systemPackages = environment.systemPackages =
with pkgs; with pkgs;
[ [
albert
android-studio android-studio
android-tools android-tools
bleachbit bleachbit
@@ -96,38 +79,34 @@ in
cryptsetup cryptsetup
discord discord
docker-compose docker-compose
fh.packages.x86_64-linux.default
freefilesync freefilesync
gimp-with-plugins gimp-with-plugins
gnome-tweaks gnome-tweaks
google-chrome
httpie-desktop httpie-desktop
iputils iputils
libation libation
mission-center mission-center
mupen64plus netdata
nfs-utils nfs-utils
onlyoffice-desktopeditors onlyoffice-desktopeditors
opensnitch-ui opensnitch-ui
pavucontrol pavucontrol
pciutils
pika-backup pika-backup
pinentry-curses pinentry-curses
protonvpn-gui protonvpn-gui
qemu qemu
terminator ryujinx
traceroute traceroute
unityhub unityhub
unstable.beszel unstable.ghostty
unstable.obsidian unstable.obsidian
unstable.ryubing unstable.signal-desktop
unstable.signal-desktop-bin
unstable.spotify
unstable.tailscale unstable.tailscale
unstable.zoom-us unstable.zoom-us
usbutils usbutils
virt-manager virt-manager
vlc vlc
vpngate.packages.x86_64-linux.default
whois whois
wine wine
] ]
@@ -151,35 +130,11 @@ in
fsType = "nfs"; fsType = "nfs";
}; };
"/mnt/truenas/home/backups" = { "/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/"; device = "192.168.1.32:/mnt/wd4t/data/home/backup/";
fsType = "nfs"; fsType = "nfs";
}; };
}; };
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
google-fonts
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = { nixpkgs = {
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
config = { config = {
@@ -206,38 +161,13 @@ in
}; };
}; };
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = { systemd.services = {
NetworkManager-wait-online.enable = false; NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
}; };
system = { system = {
autoUpgrade.enable = true; autoUpgrade.enable = true;
stateVersion = "25.05"; stateVersion = "24.11";
}; };
nix = { nix = {
@@ -326,23 +256,21 @@ in
}; };
services.ollama = { services.ollama = {
package = master.ollama; package = unstable.ollama;
enable = true; enable = true;
acceleration = "rocm"; acceleration = "rocm";
host = "0.0.0.0";
environmentVariables = { environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2"; HSA_OVERRIDE_GFX_VERSION = "11.0.2";
}; };
loadModels = [ loadModels = [
"deepseek-r1:8b"
"dolphin3:8b" "dolphin3:8b"
"llama3.1"
"llava"
]; ];
}; };
services.open-webui = { services.open-webui = {
enable = true; enable = true;
package = pkgs.open-webui; package = unstable.open-webui;
host = "0.0.0.0"; host = "0.0.0.0";
environment = { environment = {
ANONYMIZED_TELEMETRY = "False"; ANONYMIZED_TELEMETRY = "False";

119
machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,119 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
services.nix-daemon.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
environment = {
variables = {
LANG = "en_US.UTF-8";
};
};
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.0;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"karabiner-elements"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"iterm2"
"knockknock"
"librewolf"
"logseq"
"lulu"
"mitmproxy"
"notunes"
"postman"
"raycast"
"rectangle"
"stats"
"taskexplorer"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
# enable = true;
image = "/Library/tokyo-night.jpg";
};
}

0
update-flake.sh → nix-flake-update.sh
View File

1
overlays/default.nix
View File

@@ -1,3 +1,4 @@
final: prev: { final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { }; cd-fzf = prev.callPackage ./cd-fzf { };
vpngate = prev.callPackage ./vpngate { };
} }

28
overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.3.0";
vendorHash = "sha256-4JeVXLoiXdZoQM76cHOt5i31ZZGTId0rt8RkMH62/EM=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-P3eQvdUfjpq4a0Q2Hxby4zZ2uTSPjG1oXHxt8cW6fTQ=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux ++ platforms.darwin;
};
}

43
common-packages.nix → packages.nix
View File

@@ -1,8 +1,13 @@
{ {
config,
lib,
pkgs, pkgs,
unstable, unstable,
... ...
}: }:
let
inherit (pkgs) stdenv;
in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# essentials # essentials
@@ -16,30 +21,37 @@
zip zip
# modern cli # modern cli
atuin
bat bat
cd-fzf cd-fzf
doggo doggo
eza eza
fd fd
github-cli
hadolint hadolint
nodePackages.eslint
oha
pre-commit pre-commit
progress progress
ripgrep ripgrep
shellcheck shellcheck
shfmt shfmt
tldr
atuin
github-cli
viddy viddy
yq-go yq-go
# containers # containers
unstable.k9s krew
unstable.krew kubecolor
unstable.kubecolor kubectl
unstable.kubectl kubectx
unstable.kubectx minikube
unstable.kubernetes-helm stern
unstable.stern dive
helm-docs
k9s
kubernetes-helm
# cloud # cloud
awscli2 awscli2
@@ -48,12 +60,12 @@
# lsp # lsp
nodePackages.bash-language-server nodePackages.bash-language-server
nodePackages.eslint
nodePackages.yaml-language-server nodePackages.yaml-language-server
terraform-ls terraform-ls
# monitoring # monitoring
btop htop
procs
# golang # golang
gofumpt gofumpt
@@ -76,6 +88,7 @@
openssl openssl
openvpn openvpn
tcpdump tcpdump
vpngate
# rice # rice
fastfetch fastfetch
@@ -87,16 +100,10 @@
# python # python
poetry poetry
(unstable.python3.withPackages (ps: [ python313
ps.llm
ps.llm-ollama
]))
virtualenv virtualenv
# media # media
yt-dlp yt-dlp
# llm
llm
]; ];
} }

43
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.11";
pkgs = import nixpkgs {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}