ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP refactor

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-03-17 22:44:10 -05:00
parent c10446db21
commit 2087ee1015
16 changed files with 342 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

3
common/flake.nix
View file

@ -22,9 +22,10 @@
{ {
imports = [ imports = [
./options.nix ./options.nix
./general
./boot ./boot
./users ./users
./general ./programs
]; ];
}; };
}; };

11
common/programs/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./qFlipper.nix
./rustDev.nix
./uhkAgent.nix
./tailnet.nix
./ssh.nix
./docker.nix
];
}

38
common/programs/docker.nix Normal file
View file

@ -0,0 +1,38 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"docker"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "docker";
};
config = lib.mkIf cfg.enable {
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
# TODO add admins?
users.extraGroups.docker.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
environment.shellAliases = {
dockerv = "docker volume";
dockeri = "docker image";
dockerc = "docker container";
};
};
}

33
common/programs/qFlipper.nix Normal file
View file

@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"qFlipper"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "qFlipper";
};
config = lib.mkIf cfg.enable {
hardware.flipperzero.enable = true;
environment.systemPackages = with pkgs; [ qFlipper ];
services.udev.extraRules = ''
#Flipper Zero serial port
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", GROUP="users", TAG+="uaccess"
#Flipper Zero DFU
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", GROUP="users", TAG+="uaccess"
'';
};
}

53
common/programs/rustDev.nix Normal file
View file

@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"rustDev"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "rust development tools";
repl = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable the evcxr repl for `rust` command.";
};
# TODO?
# channel = lib.mkOption {
# type = lib.types.str;
# default = "stable";
# description = "The Rust release channel to use (e.g., stable, beta, nightly).";
# };
# version = lib.mkOption {
# type = lib.types.str;
# default = "latest";
# description = "The specific version of Rust to use. Use 'latest' for the latest stable release.";
# };
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
rustup
gcc
]
++ (if cfg.repl then [ pkgs.evcxr ] else [ ]);
environment.shellAliases = lib.mkIf cfg.repl {
rust = "evcxr";
};
};
}

94
common/programs/ssh.nix Normal file
View file

@ -0,0 +1,94 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"ssh"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "ssh";
sshPortOpen = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Open the ssh port.";
};
fail2Ban = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable fail2ban.";
};
allowRootPasswordLogin = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Allow root password login.";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
openssh
autossh
];
# Use fail2ban
services.fail2ban = lib.mkIf cfg.fail2Ban {
enable = true;
};
# Open ports in the firewall if enabled.
networking.firewall.allowedTCPPorts = lib.mkIf cfg.sshPortOpen [
22 # sshd
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
LogLevel = "VERBOSE";
PermitRootLogin = "yes";
PasswordAuthentication = if cfg.allowRootPasswordLogin then true else false;
};
};
# Ensure SSH key pair generation for non-root users
systemd.services = lib.mapAttrs' (name: _: {
name = "generate_ssh_key_${name}";
value = {
description = "Generate SSH key pair for ${name}";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = name;
Type = "oneshot";
};
script = ''
#!/run/current-system/sw/bin/bash
if [ ! -f /home/${name}/.ssh/id_ed25519 ]; then
if [ -v DRY_RUN ]; then
echo "DRY_RUN is set. Would generate SSH key for ${name}.";
else
echo "Generating SSH key for ${name}.";
mkdir -p /home/${name}/.ssh;
chmod 700 /home/${name}/.ssh;
/run/current-system/sw/bin/ssh-keygen -t ed25519 -f /home/${name}/.ssh/id_ed25519 -N "";
fi
else
echo "SSH key already exists for ${name}.";
fi
'';
};
}) config.mods.common.users;
};
}

51
common/programs/tailnet.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"tailnet"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "rust development tools";
useSecretsAuth = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use secrets authentication for Tailscale";
};
useHeadscale = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use headscale login server.";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ tailscale ];
services.tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
authKeyFile = lib.mkIf cfg.useSecretsAuth config.age.secrets.headscale_auth.path;
# https://tailscale.com/kb/1241/tailscale-up
extraUpFlags = lib.mkIf cfg.useHeadscale [
"--login-server=https://headscale.joshuabell.xyz"
"--no-logs-support"
];
};
networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
networking.firewall.checkReversePath = "loose";
};
}

31
common/programs/uhkAgent.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"uhkAgent"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "uhk agent (ultimate hacking keyboard)";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
uhk-agent
uhk-udev-rules
];
services.udev.packages = [ pkgs.uhk-udev-rules ];
};
}

12
components/nix/qflipper.nix
View file

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
hardware.flipperzero.enable = true;
environment.systemPackages = with pkgs; [ qFlipper ];
services.udev.extraRules = ''
#Flipper Zero serial port
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5740", ATTRS{manufacturer}=="Flipper Devices Inc.", GROUP="users", TAG+="uaccess"
#Flipper Zero DFU
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", ATTRS{manufacturer}=="STMicroelectronics", GROUP="users", TAG+="uaccess"
'';
}

50
components/nix/rust-dev.nix
View file

@ -1,50 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
rustChannel = config.programs.rust.channel;
rustVersion = config.programs.rust.version;
in
{
options.components.rust = {
enable = mkOption {
type = types.bool;
default = true;
description = "Enable Rust programming language support.";
};
repl = mkOption {
type = types.bool;
default = true;
description = "Enable the evcxr repl for `rust` command.";
};
channel = mkOption {
type = types.str;
default = "stable";
description = "The Rust release channel to use (e.g., stable, beta, nightly).";
};
version = mkOption {
type = types.str;
default = "latest";
description = "The specific version of Rust to use. Use 'latest' for the latest stable release.";
};
};
config = mkIf config.components.rust.enable {
environment.systemPackages = with pkgs; [
rustup gcc
] ++ (if config.components.rust.repl then [ pkgs.evcxr ] else [ ]);
environment.shellAliases = mkIf config.components.rust.repl {
rust = "evcxr";
};
};
}

7
components/nix/rust-repl.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ evcxr rustc ];
environment.shellAliases = {
rust = "evcxr";
};
}

4
components/nix/steam.nix
View file

@ -1,4 +0,0 @@
{ ... }:
{
programs.steam.enable = true;
}

37
components/nix/tailscale.nix
View file

@ -1,37 +0,0 @@
{
lib,
pkgs,
config,
...
}:
{
options.components.tailscale = {
useSecretsAuth = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use secrets authentication for Tailscale";
};
useHeadscale = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use headscale login server.";
};
};
config = {
environment.systemPackages = with pkgs; [ tailscale ];
services.tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
authKeyFile = lib.mkIf config.components.tailscale.useSecretsAuth config.age.secrets.headscale_auth.path;
# https://tailscale.com/kb/1241/tailscale-up
extraUpFlags = lib.mkIf config.components.tailscale.useHeadscale [
"--login-server=https://headscale.joshuabell.xyz"
"--no-logs-support"
];
};
networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
networking.firewall.checkReversePath = "loose";
};
}

6
components/nix/uhk-agent.nix
View file

@ -1,6 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ uhk-agent uhk-udev-rules ];
services.udev.packages = [ pkgs.uhk-udev-rules ];
}

22
hosts/lio/flake.lock generated
View file

@ -96,7 +96,7 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-anAVUUAUV6r9kepJRMPQX9bUNZfkXgsWwZ4/pDlvuWM=", "narHash": "sha256-m8fxD1m9NkoFI10VdK3Mc/dd4ECFs5IApuIor9Yr+FI=",
"path": "../../common", "path": "../../common",
"type": "path" "type": "path"
}, },
@ -299,11 +299,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1739757849, "lastModified": 1742234739,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=",
"owner": "rycee", "owner": "rycee",
"repo": "home-manager", "repo": "home-manager",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -461,11 +461,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1742223160, "lastModified": 1742261820,
"narHash": "sha256-lExsJAtqhTITVBRuRoWklddFekm5CO+nrS2sxG4rsIA=", "narHash": "sha256-KYriCbjqEh+NWJOuRFEut4hIdIVtqPIhYWSGRKRooOU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "011d7ccb91081ff99f184564ea38d1b9e543a99c", "rev": "ec4bea7901bdb1f36d33354c02e36d7e03b1ac1e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -664,11 +664,11 @@
}, },
"mod_common": { "mod_common": {
"locked": { "locked": {
"lastModified": 1742225898, "lastModified": 1742269254,
"narHash": "sha256-c4dLwf8WhC5Qc7Z+jjPFcLFNvEFI0aBrkNhKWnuSg3E=", "narHash": "sha256-G+ZJAzU5gqXib98pb7Vhq56IVknxqhFScC3kARS3Qgk=",
"ref": "mod_common", "ref": "mod_common",
"rev": "75cbb43b5341f60fa9453b0167684573d727261d", "rev": "e3e6d8473dbd3d5ef98c421b6b7f203f1cbff6f3",
"revCount": 21, "revCount": 22,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/dotfiles" "url": "https://git.joshuabell.xyz/dotfiles"
}, },

34
hosts/lio/flake.nix
View file

@ -20,6 +20,7 @@
outputs = outputs =
{ {
nixpkgs, nixpkgs,
common,
... ...
}@inputs: }@inputs:
let let
@ -47,18 +48,19 @@
( (
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [
../../components/nix/rust-dev.nix
../../components/nix/qflipper.nix
../../components/nix/steam.nix
../../components/nix/tailscale.nix
];
ringofstorms_common = { ringofstorms_common = {
systemName = configuration_name; systemName = configuration_name;
boot.systemd.enable = true; boot.systemd.enable = true;
general = { general = {
# NOTE bunch of defaults in here I dont need to change disableRemoteBuildsOnLio = true;
};
programs = {
qFlipper.enable = true;
rustDev.enable = true;
uhkAgent.enable = true;
tailnet.enable = true;
ssh.enable = true;
docker.enable = true;
}; };
users = { users = {
# Users are all normal users and default password is password1 # Users are all normal users and default password is password1
@ -92,10 +94,14 @@
}; };
}; };
programs = {
steam.enable = true;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
lua lua
qdirstat qdirstat
qflipper # qflipper
steam steam
]; ];
@ -108,14 +114,10 @@
mods = { mods = {
common = { common = {
disableRemoteBuildsOnLio = true;
systemName = configuration_name;
allowUnfree = true;
primaryUser = "josh";
docker = true;
zsh = true; zsh = true;
users = { # still used somewhere...
}; systemName = configuration_name;
primaryUser = "josh";
}; };
home_manager = { home_manager = {
users = { users = {