rename systems -> hosts. Per host program specifications for user programs

hosts/_common/components/caps_to_escape_in_tty.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  # I want this globally even for root so doing it outside of home manager
+  services.xserver.xkbOptions = "caps:escape";
+  console = {
+    earlySetup = true;
+    packages = with pkgs; [ terminus_font ];
+    useXkbConfig = true; # use xkb.options in tty. (caps -> escape)
+  };
+}

hosts/_common/components/font_jetbrainsmono.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  fonts.packages = with pkgs; [
+    (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+  ];
+}
+

hosts/_common/components/gnome_wayland.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  services.xserver = {
+    enable = true;
+    displayManager.gdm = {
+      enable = true;
+      autoSuspend = false;
+      wayland = true;
+    };
+    desktopManager.gnome.enable = true;
+  };
+  services.gnome.core-utilities.enable = false;
+  environment.systemPackages = with pkgs; [
+    gnome.dconf-editor
+    gnomeExtensions.workspace-switch-wraparound
+    # wayland clipboard in terminal
+    wl-clipboard
+  ];
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+}
+

hosts/_common/components/gnome_xorg.nix

@@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  services.xserver = {
+    enable = true;
+    displayManager.gdm = {
+      enable = true;
+      autoSuspend = false;
+      wayland = false;
+    };
+    desktopManager.gnome.enable = true;
+  };
+  services.gnome.core-utilities.enable = false;
+  environment.systemPackages = with pkgs; [
+    gnome.dconf-editor
+    gnomeExtensions.workspace-switch-wraparound
+    xclip
+  ];
+}
+

hosts/_common/components/home_manager.nix

@@ -0,0 +1,22 @@
+{ config, pkgs, settings, ylib, ... } @ inputs:
+let
+  home-manager = builtins.fetchTarball {
+    url = "https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz";
+    # to get hash run `nix-prefetch-url --unpack "https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz"`
+    sha256 = "0g51f2hz13dk953i501fmc6935difhz60741nypaqwz127hy5ldk";
+  };
+in
+{
+  imports =
+    [
+      # home manager import
+      (import "${home-manager}/nixos")
+    ];
+  # Home manager options
+  security.polkit.enable = true;
+  home-manager.useUserPackages = true;
+  home-manager.useGlobalPkgs = true;
+  home-manager.extraSpecialArgs = { inherit settings; inherit ylib; inherit (inputs) ragenix; inherit (config) age; };
+}
+
+

hosts/_common/components/ssh.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.settings.PermitRootLogin = "yes";
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    22 # sshd
+  ];
+}

hosts/_common/components/systemd_boot.nix

@@ -0,0 +1,15 @@
+{ ... }:
+{
+  # Use the systemd-boot EFI boot loader.
+  boot.loader = {
+    systemd-boot = {
+      enable = true;
+      consoleMode = "keep";
+    };
+    timeout = 5;
+    efi = {
+      canTouchEfiVariables = true;
+    };
+  };
+}
+

hosts/_common/components/todo_neovim.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    # extras, more for my neovim setup TODO move these into a more isolated place for nvim setup? Should be its own flake probably
+    neovim
+    cargo
+    rustc
+    nodejs_21
+    python313
+    nodePackages.cspell
+    # ripgrep (now in common but will be needed in neovim flake)
+  ];
+}
+

hosts/_common/configuration.nix

@@ -0,0 +1,94 @@
+{ config, lib, pkgs, settings, ylib, ... } @ inputs:
+let
+  defaultLocal = "en_US.UTF-8";
+in
+{
+  imports =
+    [
+      # Secrets management
+      ./ragenix.nix
+      # Include the results of the hardware scan.
+      (/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix)
+      # Include the specific machine's config.
+      (/${settings.hostsDir}/${settings.system.hostname}/configuration.nix)
+    ];
+
+  # Enable flakes
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # ==========
+  #   Common
+  # ==========
+  networking.hostName = settings.system.hostname;
+  # TODO do I want this dynamic at all? Roaming?
+  time.timeZone = "America/Chicago";
+
+  # Select internationalization properties.
+  i18n.defaultLocale = defaultLocal;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = defaultLocal;
+    LC_IDENTIFICATION = defaultLocal;
+    LC_MEASUREMENT = defaultLocal;
+    LC_MONETARY = defaultLocal;
+    LC_NAME = defaultLocal;
+    LC_NUMERIC = defaultLocal;
+    LC_PAPER = defaultLocal;
+    LC_TELEPHONE = defaultLocal;
+    LC_TIME = defaultLocal;
+  };
+
+  # Some basics
+  nixpkgs.config.allowUnfree = true;
+  environment.systemPackages = with pkgs; [
+    # Basics
+    # neovim in TODO nix file in common, to split out into its own flake eventually
+    vim
+    wget
+    curl
+    neofetch
+    bat
+    htop
+    nvtop
+    unzip
+    git
+    fzf
+    ripgrep
+
+    # TODO keep in common or move to specific machines, I want this for my pocket 3 video KDM module but I use ffmpeg on most machines anyways?
+    ffmpeg_5-full
+  ];
+
+  environment.shellAliases = {
+    n = "nvim";
+    nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim";
+    bat = "bat --theme Coldark-Dark";
+    cat = "bat --pager=never -p";
+    nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix-collect-garbage -d; nixos-rebuild boot; echo; df";
+
+    # general unix
+    date_compact = "date +'%Y%m%d'";
+    date_short = "date +'%Y-%m-%d'";
+    ls = "ls --color -Ga";
+    ll = "ls --color -Gal";
+    lss = "du --max-depth=0 -h * 2>/dev/null";
+    psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep";
+    cl = "clear";
+
+    # git
+    stash = "git stash";
+    pop = "git stash pop";
+    branch = "git checkout -b";
+    status = "git status";
+    diff = "git diff";
+    branches = "git branch -a";
+    gcam = "git commit -a -m";
+    stashes = "git stash list";
+
+    # ripgrep
+    rg = "rg --no-ignore";
+    rgf = "rg --files 2>/dev/null | rg";
+  };
+  environment.shellInit = builtins.readFile ./shellInit.sh;
+
+  system.stateVersion = "23.11";
+}

hosts/_common/ragenix.nix

@@ -0,0 +1,29 @@
+# TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
+{ settings, lib, ragenix, ... }:
+let
+  # secretsFile = (settings.secretsDir + /secrets.nix);
+in
+{
+  imports = [ ragenix.nixosModules.age ];
+  environment.systemPackages = [ ragenix.packages.${settings.system.system}.default ];
+
+  age = {
+    secrets =
+      # builtins.mapAttrs
+      #   (name: _value: lib.nameValuePair (lib.removeSuffix ".age" name) {
+      #     file = (settings.secretsDir + "/${name}");
+      #     owner = lib.mkDefault settings.user.username;
+      #   })
+      #   (import secretsFile);
+      {
+        nix2github = {
+          file = /${settings.secretsDir}/nix2github.age;
+          owner = settings.user.username;
+        };
+        nix2bitbucket = {
+          file = /${settings.secretsDir}/nix2bitbucket.age;
+          owner = settings.user.username;
+        };
+      };
+  };
+}

hosts/_common/shellInit.sh

@@ -0,0 +1,110 @@
+# basics
+htop_psg () {
+  htop -p $(psg $1 | awk '{r=r s $2;s=","} END{print r}')
+}
+
+htop_pid () {
+  htop -p $(ps -ef | awk -v proc=$1 '$3 == proc { cnt++;if (cnt == 1) { printf "%s",$2 } else { printf ",%s",$2 } }')
+}
+
+kill_psg() {
+  PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
+  echo Killing ${PIDS}
+  for pid in ${PIDS}; do
+    kill -9 ${pid} &> /dev/null
+  done
+}
+
+term_psg() {
+  PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
+  echo Terminating ${PIDS}
+  for pid in ${PIDS}; do
+    kill -15 ${pid} &> /dev/null
+  done
+}
+
+skill_psg() {
+  PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
+  echo Quitting ${PIDS}
+  for pid in ${PIDS}; do
+    sudo kill -9 ${pid} &> /dev/null
+  done;
+}
+
+mail_clear() {
+  : > /var/mail/$USER
+}
+
+# git
+getdefault () {
+  git remote show origin | grep "HEAD branch" | sed 's/.*: //'
+}
+
+master () {
+  git stash
+  git checkout $(getdefault)
+  pull
+}
+
+mp () {
+  master
+  prunel
+}
+
+pullmaster () {
+  git pull origin $(getdefault)
+}
+
+push () {
+  B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
+  git pull origin $B
+  git push origin $B --no-verify
+}
+
+pull () {
+  git fetch
+  B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
+  git pull origin $B
+}
+
+forcepush () {
+  B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
+  git push origin $B --force
+}
+
+remote_branches () {
+  git branch -a | grep 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | cut -d'/' -f 3-
+}
+
+local_branches () {
+  git branch -a | grep -v 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | grep -v '^*' |  cut -d' ' -f 3-
+}
+
+prunel () {
+  git fetch
+  git remote prune origin
+
+  for local in $(local_branches); do
+    in=false
+    for remote in $(remote_branches); do
+      if [[ ${local} = ${remote} ]]; then
+        in=true
+      fi
+    done;
+    if [[ $in = 'false' ]]; then
+      git branch -D ${local}
+    else
+      echo 'Skipping branch '${local}
+    fi
+  done;
+}
+
+checkout () {
+  git fetch
+  git checkout $1
+  pull
+}
+
+from_master () {
+  git checkout $(getdefault) $@
+}

hosts/gpdPocket3/configuration.nix

@@ -0,0 +1,86 @@
+{ config, lib, pkgs, settings, ... } @ args:
+{
+  imports =
+    [
+      # TODO revisit
+      (settings.hostsDir + "/_common/components/todo_neovim.nix")
+      # Common components this machine uses
+      (settings.hostsDir + "/_common/components/systemd_boot.nix")
+      (settings.hostsDir + "/_common/components/ssh.nix")
+      (settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix")
+      (settings.hostsDir + "/_common/components/font_jetbrainsmono.nix")
+      (settings.hostsDir + "/_common/components/home_manager.nix")
+      (settings.hostsDir + "/_common/components/gnome_wayland.nix")
+      # Users this machine has
+      (settings.usersDir + "/root/configuration.nix")
+      (settings.usersDir + "/josh/configuration.nix")
+      # Our custom stuff
+      ./stupid-keyboard.nix
+    ];
+
+  # machine specific configuration
+  # ==============================
+  hardware.enableAllFirmware = true;
+  # Connectivity
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+  environment.shellAliases = {
+    wifi = "nmtui";
+  };
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.package = pkgs.pulseaudioFull;
+
+  environment.systemPackages = with pkgs; [
+    # [Laptop] Battery status
+    acpi
+  ];
+  environment.shellAliases = {
+    battery = "acpi";
+  };
+  # [Laptop] screens with brightness settings
+  programs.light.enable = true;
+
+  console = {
+    # We want to be able to read the screen so use a 32 sized font on this tiny panel
+    font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz";
+  };
+
+  # ========
+
+  # FINGERPRINTS for the sensor on GPD P3 do not work on linux yet: todo find the source of this again online for tracking...
+  # Attempting to get fingerprint scanner to work... having issues though, no device detected with all methods
+  # services.fprintd = {
+  #   enable = true;
+  #   tod = {
+  #     enable = true;
+  #     driver = pkgs.libfprint-2-tod1-elan;
+  #   };
+  # };
+
+  # TODO evaluate if any of this kernal/hardware stuff is actually needed for our pocket. This is a hodge podge of shit from online
+  # The GPD Pocket3 uses a tablet OLED display, that is mounted rotated 90° counter-clockwise.
+  # This requires cusotm kernal params.
+  boot.kernelParams = [
+    "video=DSI-1:panel_orientation=right_side_up"
+    "fbcon=rotate:1"
+    "mem_sleep_default=s2idel"
+  ];
+  boot.kernelModules = [ "btusb" ];
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "thunderbolt" ];
+  services.xserver.videoDrivers = [ "intel" ];
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+  };
+  hardware.opengl.extraPackages = with pkgs; [
+    intel-media-driver
+    intel-vaapi-driver
+  ];
+  # Stuff from https://github.com/NixOS/nixos-hardware/blob/9a763a7acc4cfbb8603bb0231fec3eda864f81c0/gpd/pocket-3/default.nix
+  services.fstrim.enable = true;
+  services.xserver.libinput.enable = true;
+  services.tlp.enable = lib.mkDefault ((lib.versionOlder (lib.versions.majorMinor lib.version) "21.05")
+    || !config.services.power-profiles-daemon.enable);
+}

hosts/gpdPocket3/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3A6C-BF60";
+      fsType = "vfat";
+      # umask=0077 ensures that only the owner (root) can read, write, or execute files on the EFI partition, while all other users are denied all permissions
+      options = [ "umask=0077" ];
+    };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e740e27d-13bf-468c-a5c6-fa06fe4ac3cd";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/91682eed-a01c-482d-8000-bd1222d4952a"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp175s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/gpdPocket3/stupid-keyboard.nix

@@ -0,0 +1,34 @@
+# This nix file is just a fix for a really stupid lay-outed keyboard I bought that I
+# only use with the gpd pocket 3. Probably not relevant to anyone else
+#
+# Keyboard in question: https://www.walmart.com/ip/R-Go-Split-Ergonomic-Keyboard-QWERTY-US-Black-Wired-USB-Keyboard-Spilt-Wired-Windows-Linux/452297950
+# R-Go Split Break Keyboard (maybe the walmart one is a fake since their real site does not have the same layout)
+#    https://www.r-go-tools.com/ergonomic-keyboard/r-go-split-break/
+{ ... }:
+let
+  rgo_keyboard_vid = "0911";
+  rgo_keyboard_pid = "2188";
+  rgo_hub_vid = "05e3";
+  rgo_hub_pid = "0608";
+in
+{
+  services.keyd = {
+    enable = true;
+    # `keyd monitor` to get new keys to remap
+    keyboards = {
+      rgo_sino_keyboard = {
+        ids = [ "0911:2188" "05e3:0608" ];
+        settings = {
+          main = {
+            # Backslash is in place of the enter key's normal position, so setting it to enter
+            "\\" = "enter";
+            # This keyboard has a strange extra key that outputs < and > characters. It has the
+            # backslash key printed on it though, conveniently, so we will just map this to backslash
+            # since it does not affect how I use left shift (which it takes half the space of)
+            "102nd" = "\\";
+          };
+        };
+      };
+    };
+  };
+}

hosts/joe/configuration.nix

@@ -0,0 +1,76 @@
+{ config, lib, pkgs, settings, ... } @ args:
+{
+  imports =
+    [
+      # TODO revisit
+      (settings.hostsDir + "/_common/components/todo_neovim.nix")
+      # Common components this machine uses
+      (settings.hostsDir + "/_common/components/systemd_boot.nix")
+      (settings.hostsDir + "/_common/components/ssh.nix")
+      (settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix")
+      (settings.hostsDir + "/_common/components/font_jetbrainsmono.nix")
+      (settings.hostsDir + "/_common/components/home_manager.nix")
+      (settings.hostsDir + "/_common/components/gnome_xorg.nix")
+      # Users this machine has
+      (settings.usersDir + "/root/configuration.nix")
+      (settings.usersDir + "/josh/configuration.nix")
+    ];
+
+  # machine specific configuration
+  # ==============================
+  hardware.enableAllFirmware = true;
+  # Connectivity
+  networking.networkmanager.enable = true;
+  hardware.bluetooth.enable = true;
+  environment.shellAliases = {
+    wifi = "nmtui";
+  };
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.package = pkgs.pulseaudioFull;
+
+  # environment.systemPackages = with pkgs; [ ];
+
+  # nvidia gfx https://nixos.wiki/wiki/Nvidia
+  # =========
+  # Enable OpenGL
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  # Load nvidia driver for Xorg and Wayland
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    # Enable this if you have graphical corruption issues or application crashes after waking
+    # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 
+    # of just the bare essentials.
+    powerManagement.enable = false;
+
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of 
+    # supported GPUs is at: 
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Only available from driver 515.43.04+
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false;
+
+    # Enable the Nvidia settings menu,
+    # accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+}

hosts/joe/hardware-configuration.nix

@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}