ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Getting more idomatic nix modules setup... will tackle users dir later

Browse source
This commit is contained in:
RingOfStorms (Josh) 2024-10-10 15:21:39 -05:00
parent 6316fffeb1
commit 913cff0ffa
41 changed files with 675 additions and 498 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/_common/components/audio.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
# Enable sound.
hardware.pulseaudio.enable = true;
hardware.pulseaudio.package = pkgs.pulseaudioFull;
environment.systemPackages = [ pkgs.pavucontrol ];
}

10
hosts/_common/components/caps_to_escape_in_tty.nix
View file

@ -1,10 +0,0 @@
{ pkgs, ... }:
{
# I want this globally even for root so doing it outside of home manager
services.xserver.xkb.options = "caps:escape";
console = {
earlySetup = true;
packages = with pkgs; [ terminus_font ];
useXkbConfig = true; # use xkb.options in tty. (caps -> escape)
};
}

12
hosts/_common/components/cosmic.nix
View file

@ -1,12 +0,0 @@
{ cosmic, ... }:
{
nix.settings = {
substituters = [ "https://cosmic.cachix.org/" ];
trusted-public-keys = [ "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" ];
};
imports = [ cosmic.nixosModules.default ];
services.desktopManager.cosmic.enable = true;
services.displayManager.cosmic-greeter.enable = true;
}

10
hosts/_common/components/docker.nix
View file

@ -1,10 +0,0 @@
{ settings, ... }:
{
virtualisation.docker.enable = true;
users.extraGroups.docker.members = [ settings.user.username ];
environment.shellAliases = {
dockerv = "docker volume";
dockeri = "docker image";
dockerc = "docker container";
};
}

7
hosts/_common/components/font_jetbrainsmono.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
];
}

20
hosts/_common/components/gnome_wayland.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
displayManager.gdm = {
enable = true;
autoSuspend = false;
wayland = true;
};
desktopManager.gnome.enable = true;
};
services.gnome.core-utilities.enable = false;
environment.systemPackages = with pkgs; [
gnome.dconf-editor
# wayland clipboard in terminal
wl-clipboard
];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

18
hosts/_common/components/gnome_xorg.nix
View file

@ -1,18 +0,0 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
displayManager.gdm = {
enable = true;
autoSuspend = false;
wayland = false;
};
desktopManager.gnome.enable = true;
};
services.gnome.core-utilities.enable = false;
environment.systemPackages = with pkgs; [
gnome.dconf-editor
xclip
];
}

23
hosts/_common/components/home_manager.nix
View file

@ -1,23 +0,0 @@
{
config,
settings,
ylib,
...
}@inputs:
let
home-manager = settings.home-manager;
in
{
imports = [ home-manager.nixosModules.home-manager ];
# Home manager options
security.polkit.enable = true;
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = {
inherit settings;
inherit ylib;
inherit (inputs) ragenix;
inherit (config) age;
};
}

51
hosts/_common/components/nebula.nix
View file

@ -1,51 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
nebula
traceroute # for debugging
];
networking.firewall.allowedUDPPorts = [ 4242 ];
systemd.services."nebula" = {
description = "Nebula VPN service";
wants = [ "basic.target" ];
after = [
"basic.target"
"network.target"
];
before = [ "sshd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "notify";
Restart = "always";
RestartSec = 1;
ExecStart = "${pkgs.nebula}/bin/nebula -config /etc/nebula/config.yml";
UMask = "0027";
CapabilityBoundingSet = "CAP_NET_ADMIN";
AmbientCapabilities = "CAP_NET_ADMIN";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = false; # needs access to /dev/net/tun (below)
DeviceAllow = "/dev/net/tun rw";
DevicePolicy = "closed";
PrivateTmp = true;
PrivateUsers = false; # CapabilityBoundingSet needs to apply to the host namespace
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictNamespaces = true;
RestrictSUIDSGID = true;
};
unitConfig = {
StartLimitIntervalSec = 5;
StartLimitBurst = 3;
};
};
}

7
hosts/_common/components/neovim.nix
View file

@ -1,7 +0,0 @@
{ settings, ringofstorms-nvim, ... }:
{
environment.systemPackages = [
ringofstorms-nvim.packages.${settings.system.system}.neovim
];
}

21
hosts/_common/components/plasma_wayland.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
displayManager.gdm = {
enable = true;
autoSuspend = false;
wayland = true;
};
displayManager.defaultSession = "plasma";
displayManager.sddm.wayland.enable = true;
desktopManager.plasma6 = {
enable = true;
};
};
environment.systemPackages = with pkgs; [
xclip
];
}

19
hosts/_common/components/plasma_xorg.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
displayManager.gdm = {
enable = true;
autoSuspend = false;
wayland = false;
};
displayManager.defaultSession = "plasmax11";
desktopManager.plasma6 = {
enable = true;
};
};
environment.systemPackages = with pkgs; [
xclip
];
}

21
hosts/_common/components/ssh.nix
View file

@ -1,21 +0,0 @@
{ ... }:
{
# Use fail2ban
services.fail2ban = {
enable = true;
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # sshd
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
LogLevel = "VERBOSE";
PermitRootLogin = "yes";
};
};
}

29
hosts/_common/components/stormd.nix
View file

@ -1,29 +0,0 @@
{ pkgs, ... }:
{
# environment.systemPackages = with pkgs; [
# ];
# TODO make a derivation for stormd binary and get it properlly in the store. This is super janky and the binary just has to exist there right now.
# networking.firewall.allowedUDPPorts = [ 4242 ];
systemd.services."stormd" = {
description = "Stormd service";
wants = [ "basic.target" ];
after = [
"basic.target"
"network.target"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "notify";
Restart = "always";
RestartSec = 1;
ExecStart = "/etc/stormd/stormd daemon";
};
unitConfig = {
StartLimitIntervalSec = 5;
StartLimitBurst = 3;
};
};
}

15
hosts/_common/components/systemd_boot.nix
View file

@ -1,15 +0,0 @@
{ ... }:
{
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot = {
enable = true;
consoleMode = "keep";
};
timeout = 5;
efi = {
canTouchEfiVariables = true;
};
};
}

147
hosts/_common/configuration.nix
View file

@ -1,147 +0,0 @@
{
lib,
pkgs,
settings,
...
}:
let
defaultLocal = "en_US.UTF-8";
in
{
imports = [
# Secrets management
./ragenix.nix
# Include the results of the hardware scan.
(/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix)
# Include the specific machine's config.
(/${settings.hostsDir}/${settings.system.hostname}/configuration.nix)
];
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# allow mounting ntfs filesystems
boot.supportedFilesystems = [ "ntfs" ];
# Fallback quickly if substituters are not available.
nix.settings.connect-timeout = 5;
nix.settings.download-attempts = 3;
# The default at 10 is rarely enough.
nix.settings.log-lines = 50;
# Avoid disk full issues
nix.settings.max-free = (3000 * 1024 * 1024);
nix.settings.min-free = (1000 * 1024 * 1024);
# Avoid copying unnecessary stuff over SSH
nix.settings.builders-use-substitutes = true;
# Slower but mroe robust during crash TODO enable once we upgrade nix
# nix.settings.fsync-store-paths = true;
# nix.settings.fsync-metadata = true;
nix.settings.auto-optimise-store = true;
# ==========
# Common
# ==========
networking = {
hostName = settings.system.hostname;
extraHosts = ''
127.0.0.1 local.belljm.com
127.0.0.1 n0.local.belljm.com
127.0.0.1 n1.local.belljm.com
127.0.0.1 n2.local.belljm.com
127.0.0.1 n3.local.belljm.com
127.0.0.1 n4.local.belljm.com
'';
# Use nftables not iptables
nftables.enable = true;
firewall.enable = true;
};
# TODO do I want this dynamic at all? Roaming?
time.timeZone = "America/Chicago";
# nix helper
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep 3";
# TODO this may need to be defined higher up if it is ever different for a machine...
flake = "/home/${settings.user.username}/.config/nixos-config";
};
# Select internationalization properties.
i18n.defaultLocale = defaultLocal;
i18n.extraLocaleSettings = {
LC_ADDRESS = defaultLocal;
LC_IDENTIFICATION = defaultLocal;
LC_MEASUREMENT = defaultLocal;
LC_MONETARY = defaultLocal;
LC_NAME = defaultLocal;
LC_NUMERIC = defaultLocal;
LC_PAPER = defaultLocal;
LC_TELEPHONE = defaultLocal;
LC_TIME = defaultLocal;
};
# Some basics
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
# Basics
vim
wget
curl
fastfetch
bat
htop
unzip
git
fzf
ripgrep
lsof
killall
hdparm
speedtest-cli
# TODO keep in common or move to specific machines, I want this for my pocket 3 video KDM module but I use ffmpeg on most machines anyways?
ffmpeg-full
];
environment.shellAliases = {
n = "nvim";
nn = "nvim --headless '+SessionDelete' +qa > /dev/null 2>&1 && nvim";
bat = "bat --theme Coldark-Dark";
cat = "bat --pager=never -p";
# TODO this may not be needed now that I am using `nh` clean mode (see /hosts/_common/configuration.nix#programs.nh)
nix-boot-clean = "find '/boot/loader/entries' -type f ! -name 'windows.conf' | head -n -4 | xargs -I {} rm {}; nix store gc; nixos-rebuild boot; echo; df";
# general unix
date_compact = "date +'%Y%m%d'";
date_short = "date +'%Y-%m-%d'";
ls = "ls --color -Ga";
ll = "ls --color -Gal";
lss = "du --max-depth=0 -h * 2>/dev/null";
psg = "ps aux | head -n 1 && ps aux | grep -v 'grep' | grep";
cl = "clear";
# git
stash = "git stash";
pop = "git stash pop";
branch = "git checkout -b";
status = "git status";
diff = "git diff";
branches = "git branch -a";
gcam = "git commit -a -m";
stashes = "git stash list";
# ripgrep
rg = "rg --no-ignore";
rgf = "rg --files 2>/dev/null | rg";
# Neofetch is dead
neofetch = "fastfetch";
};
environment.shellInit = builtins.readFile ./shellInit.sh;
system.stateVersion = "23.11";
}

141
hosts/_common/shellInit.sh
View file

@ -1,141 +0,0 @@
# basics
htop_psg () {
htop -p $(psg $1 | awk '{r=r s $2;s=","} END{print r}')
}
htop_pid () {
htop -p $(ps -ef | awk -v proc=$1 '$3 == proc { cnt++;if (cnt == 1) { printf "%s",$2 } else { printf ",%s",$2 } }')
}
kill_psg() {
PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
echo Killing ${PIDS}
for pid in ${PIDS}; do
kill -9 ${pid} &> /dev/null
done
}
term_psg() {
PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
echo Terminating ${PIDS}
for pid in ${PIDS}; do
kill -15 ${pid} &> /dev/null
done
}
skill_psg() {
PIDS=$(ps aux | grep -v "grep" | grep ${1} | awk '{print $2}')
echo Quitting ${PIDS}
for pid in ${PIDS}; do
sudo kill -9 ${pid} &> /dev/null
done;
}
mail_clear() {
: > /var/mail/$USER
}
speedtest_fs () {
dir=$(pwd)
drive=$(df -h ${dir} | awk 'NR==2 {print $1}')
echo Testing read speeds on drive ${drive}
sudo hdparm -Tt ${drive}
test_file=$(date +%u%m%d)
test_file="${dir}/speedtest_fs_${test_file}"
echo
echo Testing write speeds into test file: ${test_file}
dd if=/dev/zero of=${test_file} bs=8k count=10k; rm -f ${test_file}
}
speedtest_internet () {
speedtest-cli
}
# git
getdefault () {
git remote show origin | grep "HEAD branch" | sed 's/.*: //'
}
master () {
git stash
git checkout $(getdefault)
pull
}
mp () {
master
prunel
}
pullmaster () {
git pull origin $(getdefault)
}
push () {
B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
git pull origin $B
git push origin $B --no-verify
}
pull () {
git fetch
B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
git pull origin $B
}
forcepush () {
B=$(git branch | sed -n -e 's/^\* \(.*\)/\1/p')
git push origin $B --force
}
remote_branches () {
git branch -a | grep 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | cut -d'/' -f 3-
}
local_branches () {
git branch -a | grep -v 'remotes' | grep -v -E '.*(HEAD|${DEFAULT})' | grep -v '^*' | cut -d' ' -f 3-
}
prunel () {
git fetch
git remote prune origin
for local in $(local_branches); do
in=false
for remote in $(remote_branches); do
if [[ ${local} = ${remote} ]]; then
in=true
fi
done;
if [[ $in = 'false' ]]; then
git branch -D ${local}
else
echo 'Skipping branch '${local}
fi
done;
}
checkout () {
git fetch
git checkout $1
pull
}
from_master () {
git checkout $(getdefault) $@
}
# nix
alias nixpkgs=nixpkg
nixpkg () {
if [ $# -eq 0 ]; then
echo "Error: No arguments provided. Please specify at least one package."
return 1
fi
cmd="nix shell"
for pkg in "$@"; do
cmd="$cmd \"nixpkgs#$pkg\""
done
eval $cmd
}

71
hosts/configuration.nix Normal file
View file

@ -0,0 +1,71 @@
{
settings,
...
}:
let
defaultLocal = "en_US.UTF-8";
in
{
imports = [
# Secrets management
./ragenix.nix
# Include the results of the hardware scan.
(/${settings.hostsDir}/${settings.system.hostname}/hardware-configuration.nix)
# Include the specific machine's config.
(/${settings.hostsDir}/${settings.system.hostname}/configuration.nix)
];
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# allow mounting ntfs filesystems
boot.supportedFilesystems = [ "ntfs" ];
# Fallback quickly if substituters are not available.
nix.settings.connect-timeout = 5;
nix.settings.download-attempts = 3;
# The default at 10 is rarely enough.
nix.settings.log-lines = 50;
# Avoid disk full issues
nix.settings.max-free = (3000 * 1024 * 1024);
nix.settings.min-free = (1000 * 1024 * 1024);
# Avoid copying unnecessary stuff over SSH
nix.settings.builders-use-substitutes = true;
# Slower but mroe robust during crash TODO enable once we upgrade nix
# nix.settings.fsync-store-paths = true;
# nix.settings.fsync-metadata = true;
nix.settings.auto-optimise-store = true;
# nix helper
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep 3";
# TODO this may need to be defined higher up if it is ever different for a machine...
flake = "/home/${settings.user.username}/.config/nixos-config";
};
# TODO do I want this dynamic at all? Roaming?
time.timeZone = "America/Chicago";
# Select internationalization properties.
i18n.defaultLocale = defaultLocal;
i18n.extraLocaleSettings = {
LC_ADDRESS = defaultLocal;
LC_IDENTIFICATION = defaultLocal;
LC_MEASUREMENT = defaultLocal;
LC_MONETARY = defaultLocal;
LC_NAME = defaultLocal;
LC_NUMERIC = defaultLocal;
LC_PAPER = defaultLocal;
LC_TELEPHONE = defaultLocal;
LC_TIME = defaultLocal;
};
# Some basics
nixpkgs.config.allowUnfree = settings.allowUnfree;
system.stateVersion = "23.11";
}

25
hosts/gpdPocket3/configuration.nix
View file

@ -7,18 +7,6 @@
}:
{
imports = [
# Common components this machine uses
(settings.hostsDir + "/_common/components/neovim.nix")
(settings.hostsDir + "/_common/components/systemd_boot.nix")
(settings.hostsDir + "/_common/components/ssh.nix")
(settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix")
(settings.hostsDir + "/_common/components/font_jetbrainsmono.nix")
# (settings.hostsDir + "/_common/components/audio.nix")
(settings.hostsDir + "/_common/components/home_manager.nix")
# (settings.hostsDir + "/_common/components/gnome_wayland.nix")
# (settings.hostsDir + "/_common/components/cosmic.nix")
(settings.hostsDir + "/_common/components/docker.nix")
(settings.hostsDir + "/_common/components/nebula.nix")
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/josh/configuration.nix")
@ -27,7 +15,18 @@
# ./stupid-keyboard-2.nix
];
mods.de_cosmic.enable = true;
# My custom modules
mods = {
boot_systemd.enable = true;
shell_common.enable = true;
de_cosmic.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
fonts.enable = true;
nebula.enable = true;
ssh.enable = true;
};
# machine specific configuration
# ==============================

22
hosts/h002/configuration.nix
View file

@ -5,14 +5,6 @@
}:
{
imports = [
# Common components this machine uses
(settings.hostsDir + "/_common/components/neovim.nix")
(settings.hostsDir + "/_common/components/ssh.nix")
(settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix")
(settings.hostsDir + "/_common/components/audio.nix")
(settings.hostsDir + "/_common/components/home_manager.nix")
(settings.hostsDir + "/_common/components/docker.nix")
(settings.hostsDir + "/_common/components/nebula.nix")
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/luser/configuration.nix")
@ -20,9 +12,17 @@
# (settings.hostsDir + "/h002/nixserver.nix")
];
boot.loader.grub = {
enable = true;
device = "/dev/sdb";
# My custom modules
mods = {
boot_grub = true;
shell_common.enable = true;
de_gnome_xorg.enable = true;
audio_pulse.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
nebula.enable = true;
ssh.enable = true;
};
# machine specific configuration

27
hosts/joe/configuration.nix
View file

@ -6,24 +6,25 @@
}:
{
imports = [
# Common components this machine uses
(settings.hostsDir + "/_common/components/neovim.nix")
(settings.hostsDir + "/_common/components/systemd_boot.nix")
(settings.hostsDir + "/_common/components/ssh.nix")
(settings.hostsDir + "/_common/components/caps_to_escape_in_tty.nix")
(settings.hostsDir + "/_common/components/font_jetbrainsmono.nix")
(settings.hostsDir + "/_common/components/audio.nix")
(settings.hostsDir + "/_common/components/home_manager.nix")
(settings.hostsDir + "/_common/components/gnome_xorg.nix")
(settings.hostsDir + "/_common/components/docker.nix")
# (settings.hostsDir + "/_common/components/stormd.nix") TODO figure out why this is failing
(settings.hostsDir + "/_common/components/nebula.nix")
# Users this machine has
(settings.usersDir + "/root/configuration.nix")
(settings.usersDir + "/josh/configuration.nix")
];
# test
# My custom modules
mods = {
boot_systemd.enable = true;
shell_common.enable = true;
de_gnome_xorg.enable = true;
audio_pulse.enable = true;
neovim.enable = true;
tty_caps_esc.enable = true;
docker.enable = true;
fonts.enable = true;
nebula.enable = true;
ssh.enable = true;
# storage.enable = true; # TODO figure out why this is failing
};
networking.firewall.allowedTCPPorts = [
5173 # test

2
hosts/_common/ragenix.nix → hosts/ragenix.nix
View file

@ -6,8 +6,6 @@
ragenix,
...
}:
let
in
# TODO auto import secret files here
# secretsFile = (settings.secretsDir + /secrets.nix);
{