ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip on new module system, copied secrets over

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2024-12-23 23:43:19 -06:00
parent 25e9d06354
commit 7f5e4a0d93
126 changed files with 2722 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

89
hosts/_archive/joe/configuration.nix
View file

@ -1,89 +0,0 @@
{
config,
pkgs,
settings,
...
}:
{
imports = [
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/josh/configuration.nix")
];
# My custom modules
mods = {
boot_systemd.enable = true;
shell_common.enable = true;
de_cosmic.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
fonts.enable = true;
nebula.enable = true;
ssh.enable = true;
# stormd.enable = true; # TODO figure out why this is failing
};
networking.firewall.allowedTCPPorts = [
5173 # test
];
# machine specific configuration
# ==============================
hardware.enableAllFirmware = true;
# Connectivity
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
environment.shellAliases = {
wifi = "nmtui";
};
environment.systemPackages = with pkgs; [ nvtopPackages.full ];
# nvidia gfx https://nixos.wiki/wiki/Nvidia
# =========
# Enable OpenGL
hardware.opengl = {
enable = true;
# driSupport = true;
driSupport32Bit = true;
};
# hardware.opengl.driSupport32Bit = true;
# hardware.graphics.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia-container-toolkit.enable = true;
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
system.stateVersion = "23.11";
}

38
hosts/_archive/joe/hardware-configuration.nix
View file

@ -1,38 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

5
hosts/_archive/joe/windows_notes.md
View file

@ -1,5 +0,0 @@
- [Start menu sanity](http://startisback.com) (license in password manager)
- [Alt Drag](https://stefansundin.github.io/altdrag/)
- Change to win key in config
- Power Toys
- Remap caps lock to esc

121
hosts/configuration.nix
View file

@ -1,121 +0,0 @@
{
settings,
config,
...
}:
let
defaultLocal = "en_US.UTF-8";
in
{
imports = [
# Secrets management
./ragenix.nix
# Include the results of the hardware scan.
(/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix)
# Include the specific machine's config.
(/${settings.hostsDir}/${settings.system.hostname}/configuration.nix)
];
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# allow mounting ntfs filesystems
boot.supportedFilesystems = [ "ntfs" ];
nix.settings = {
max-jobs = "auto";
# Fallback quickly if substituters are not available.
connect-timeout = 5;
download-attempts = 3;
# The default at 10 is rarely enough.
log-lines = 50;
# Avoid disk full issues
max-free = (3000 * 1024 * 1024);
min-free = (1000 * 1024 * 1024);
# Avoid copying unnecessary stuff over SSH
builders-use-substitutes = true;
# Slower but more robust during crash TODO enable once we upgrade nix
# fsync-store-paths = true;
# fsync-metadata = true;
auto-optimise-store = true;
# TODO should I have this set for my user...
trusted-users = [
"root"
"${settings.user.username}"
];
};
# rate limiting for github
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
!include ${config.age.secrets.github_read_token.path}
'';
# nix helper
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep 10";
# TODO this may need to be defined higher up if it is ever different for a machine...
flake = "/home/${settings.user.username}/.config/nixos-config";
};
# Remote build off home lio computer
programs.ssh.extraConfig = ''
Host lio_
PubkeyAcceptedKeyTypes ssh-ed25519
ServerAliveInterval 60
IPQoS throughput
IdentityFile ${config.age.secrets.nix2lio.path}
'';
nix = {
distributedBuilds = true;
buildMachines = [
{
hostName = "lio";
system = "x86_64-linux";
protocol = "ssh-ng";
maxJobs = 32;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"uid-range" # Often helpful
];
mandatoryFeatures = [ ];
}
];
};
# TODO do I want this dynamic at all? Roaming?
time.timeZone = "America/Chicago";
# Select internationalization properties.
i18n.defaultLocale = defaultLocal;
i18n.extraLocaleSettings = {
LC_ADDRESS = defaultLocal;
LC_IDENTIFICATION = defaultLocal;
LC_MEASUREMENT = defaultLocal;
LC_MONETARY = defaultLocal;
LC_NAME = defaultLocal;
LC_NUMERIC = defaultLocal;
LC_PAPER = defaultLocal;
LC_TELEPHONE = defaultLocal;
LC_TIME = defaultLocal;
};
# make shutdown faster for waiting
systemd.extraConfig = ''
DefaultTimeoutStopSec=5s
'';
# Some basics
nixpkgs.config.allowUnfree = settings.allowUnfree;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
}

102
hosts/gpdPocket3/configuration.nix
View file

@ -1,102 +0,0 @@
{
config,
lib,
pkgs,
settings,
...
}:
{
imports = [
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/josh/configuration.nix")
];
# My custom modules
mods = {
boot_systemd.enable = true;
shell_common.enable = true;
de_cosmic.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
fonts.enable = true;
stormd.enable = true;
nebula.enable = true;
ssh.enable = true;
rustdesk.enable = true;
};
# machine specific configuration
# ==============================
hardware.enableAllFirmware = true;
# Connectivity
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
environment.shellAliases = {
wifi = "nmtui";
};
environment.systemPackages = with pkgs; [
# [Laptop] Battery status
acpi
];
environment.shellAliases = {
battery = "acpi";
};
# [Laptop] screens with brightness settings
programs.light.enable = true;
console = {
# We want to be able to read the screen so use a 32 sized font on this tiny panel
font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz";
};
# ========
# FINGERPRINTS for the sensor on GPD P3 do not work on linux yet: todo find the source of this again online for tracking...
# Attempting to get fingerprint scanner to work... having issues though, no device detected with all methods
# services.fprintd = {
# enable = true;
# tod = {
# enable = true;
# driver = pkgs.libfprint-2-tod1-elan;
# };
# };
# TODO evaluate if any of this kernal/hardware stuff is actually needed for our pocket. This is a hodge podge of shit from online
# The GPD Pocket3 uses a tablet OLED display, that is mounted rotated 90° counter-clockwise.
# This requires cusotm kernal params.
boot.kernelParams = [
"video=DSI-1:panel_orientation=right_side_up"
"fbcon=rotate:1"
"mem_sleep_default=s2idel"
];
boot.kernelModules = [ "btusb" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
];
services.xserver.videoDrivers = [ "intel" ];
hardware.graphics.enable = true;
hardware.graphics.extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
];
# Stuff from https://github.com/NixOS/nixos-hardware/blob/9a763a7acc4cfbb8603bb0231fec3eda864f81c0/gpd/pocket-3/default.nix
services.fstrim.enable = true;
services.libinput.enable = true;
services.tlp.enable = lib.mkDefault (
(lib.versionOlder (lib.versions.majorMinor lib.version) "21.05")
|| !config.services.power-profiles-daemon.enable
);
# KVM module video
environment.shellAliases = {
kvm = "ffplay -i /dev/video2";
};
system.stateVersion = "23.11";
}

37
hosts/gpdPocket3/hardware-configuration.nix
View file

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp175s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
hosts/h002/configuration.nix
View file

@ -1,41 +0,0 @@
{
pkgs,
settings,
...
}:
{
imports = [
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/luser/configuration.nix")
];
# My custom modules
mods = {
boot_grub.enable = true;
shell_common.enable = true;
# de_gnome_xorg.enable = true;
# audio.enable = true;
de_cosmic.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
stormd.enable = true;
nebula.enable = true;
ssh.enable = true;
};
# machine specific configuration
# ==============================
hardware.enableAllFirmware = true;
# Connectivity
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
environment.shellAliases = {
wifi = "nmtui";
};
environment.systemPackages = with pkgs; [ nvtopPackages.full ];
system.stateVersion = "23.11";
}

37
hosts/h002/hardware-configuration.nix
View file

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

50
hosts/lio/configuration.nix
View file

@ -1,50 +0,0 @@
{
settings,
...
}:
{
imports = [
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/josh/configuration.nix")
];
# My custom modules
mods = {
boot_systemd.enable = true;
shell_common.enable = true;
# de_cosmic.enable = true;
audio.enable = true;
de_gnome_xorg.enable = true;
# de_gnome_wayland.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
fonts.enable = true;
ssh.enable = true;
stormd.enable = true;
nebula.enable = true;
rustdesk.enable = true;
saber.enable = true;
};
# opening this port for dev purposes
networking.firewall.allowedTCPPorts = [
5173 # Vite
];
# machine specific configuration
# ==============================
hardware.enableAllFirmware = true;
# Connectivity
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
environment.shellAliases = {
wifi = "nmtui";
};
# System76
hardware.system76.enableAll = true;
system.stateVersion = "23.11";
}

65
hosts/lio/hardware-configuration.nix
View file

@ -1,65 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
fileSystems."/mnt/nvme1tb" = {
device = "/dev/disk/by-uuid/7ddb48bd-160c-4049-a4fa-a5ac2b6a5402";
fsType = "ext4";
};
swapDevices = [
{
device = "/.swapfile";
size = 64 * 1024; # 64GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/oren/configuration.nix
View file

@ -1,29 +0,0 @@
{
settings,
...
}:
{
imports = [
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/josh/configuration.nix")
];
# My custom modules
mods = {
boot_systemd.enable = true;
shell_common.enable = true;
de_cosmic.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
fonts.enable = true;
stormd.enable = true;
nebula.enable = true;
ssh.enable = true;
# rustdesk.enable = true;
};
# Use the systemd-boot EFI boot loader.
system.stateVersion = "24.11"; # Did you read the comment?
}

60
hosts/oren/hardware-configuration.nix
View file

@ -1,60 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{
device = "/.swapfile";
size = 64 * 1024; # 64GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp196s0f4u1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

81
hosts/ragenix.nix
View file

@ -1,81 +0,0 @@
# TODO check out the by host way this person does: https://github.com/hlissner/dotfiles/blob/089f1a9da9018df9e5fc200c2d7bef70f4546026/modules/agenix.nix
{
settings,
lib,
pkgs,
ragenix,
...
}:
# TODO auto import secret files here
# secretsFile = (settings.secretsDir + /secrets.nix);
{
imports = [ ragenix.nixosModules.age ];
environment.systemPackages = [
ragenix.packages.${settings.system.system}.default
pkgs.rage
];
age = {
secrets =
# builtins.mapAttrs
# (name: _value: lib.nameValuePair (lib.removeSuffix ".age" name) {
# file = (settings.secretsDir + "/${name}");
# owner = lib.mkDefault settings.user.username;
# })
# (import secretsFile);
{
nix2github = {
file = /${settings.secretsDir}/nix2github.age;
owner = settings.user.username;
};
nix2bitbucket = {
file = /${settings.secretsDir}/nix2bitbucket.age;
owner = settings.user.username;
};
nix2gitjosh = {
file = /${settings.secretsDir}/nix2gitjosh.age;
owner = settings.user.username;
};
nix2h001 = {
file = /${settings.secretsDir}/nix2h001.age;
owner = settings.user.username;
};
nix2h002 = {
file = /${settings.secretsDir}/nix2h002.age;
owner = settings.user.username;
};
nix2joe = {
file = /${settings.secretsDir}/nix2joe.age;
owner = settings.user.username;
};
nix2gpdPocket3 = {
file = /${settings.secretsDir}/nix2gpdPocket3.age;
owner = settings.user.username;
};
nix2t = {
file = /${settings.secretsDir}/nix2t.age;
owner = settings.user.username;
};
nix2l001 = {
file = /${settings.secretsDir}/nix2l001.age;
owner = settings.user.username;
};
nix2l002 = {
file = /${settings.secretsDir}/nix2l002.age;
owner = settings.user.username;
};
nix2lio = {
file = /${settings.secretsDir}/nix2lio.age;
owner = settings.user.username;
};
nix2oren = {
file = /${settings.secretsDir}/nix2oren.age;
owner = settings.user.username;
};
github_read_token = {
file = /${settings.secretsDir}/github_read_token.age;
owner = settings.user.username;
};
};
};
}