ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

working lio config I think with new system

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-10-21 23:31:59 -05:00
parent 50825c9b84
commit 9de4c7892b
20 changed files with 625 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

8
flakes/common/flake.nix
View file

@ -1,7 +1,3 @@
let
utils = import ./utils.nix;
in
with utils;
{
description = "Common NixOS configuration modules and Home Manager modules that require not other inputs beyond nixpkgs or home-manager itself. This is made by me for me and not designed to be general purpose for anyone else, but could be useful nontheless.";
inputs = { };
@ -9,6 +5,10 @@ with utils;
{
...
}:
let
utils = import ./utils.nix;
in
with utils;
{
nixosModules = importAll ./nix_modules;
homeManagerModules = importAll ./hm_modules;

2
flakes/common/hm_modules/de_sway/sway.nix
View file

@ -103,7 +103,7 @@
# Keybindings mirroring Hyprland
keybindings = {
# Apps
"${modifier}+return" = "exec ${config.wayland.winfowManager.sway.config.terminal}";
"${modifier}+return" = "exec ${config.wayland.windowManager.sway.config.terminal}";
"${modifier}+space" = "exec pkill wofi || wofi --show drun";
"${modifier}+q" = "kill";
"${modifier}+shift+Escape" = "exit";

5
flakes/common/nix_modules/de_sway.nix
View file

@ -6,11 +6,6 @@
}:
{
# Enable for all users via Home Manager fragments in this module
home-manager = {
sharedModules = [ ./home_manager ];
};
services.greetd = {
enable = true;
vt = 2;

2
flakes/common/nix_modules/docker.nix
View file

@ -8,7 +8,7 @@
enable = true;
autoPrune.enable = true;
};
users.extraGroups.docker.members = builtins.AttrNames config.users.users;
users.extraGroups.docker.members = builtins.attrNames config.users.users;
environment.shellAliases = {
dockerv = "docker volume";
dockeri = "docker image";

0
flakes/test → flakes/common/nix_modules/flatpaks.nix
View file

1
flakes/common/nix_modules/hardening.nix
View file

@ -52,6 +52,7 @@
enable = true;
settings = {
LogLevel = "VERBOSE";
# TODO revisit allowing root login
PermitRootLogin = "yes";
PasswordAuthentication = false;
};

2
flakes/common/nix_modules/podman.nix
View file

@ -7,5 +7,5 @@
enable = true;
autoPrune.enable = true;
};
users.extraGroups.docker.members = builtins.AttrNames config.users.users;
users.extraGroups.docker.members = builtins.attrNames config.users.users;
}

30
flakes/common/readme.md
View file

@ -1,7 +1,10 @@
required settings?
- nixpkgs and home manager flake inputs
```nix
# Required system information
system.stateVersion = "ORIGINAL VALUE"
networking.hostName = "system_name";
# Where this config lives for this machine
@ -14,14 +17,32 @@ users.users = {
josh = {
isNormalUser = true;
initialPassword = "password1";
extraGroups = [ "wheel" ];
extraGroups = [ "wheel" "networkmanager" "video" "input" ];
openssh.authorizedKeys.keys = [ "replace" ];
};
};
# Home manager only below this line (optional)
security.polkit.enable = true;
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "bak";
sharedModules = [
({}: {
home.stateVersion = "MATCH_HM_VERSION_AS_INPUT";
programs.home-manager.enable = true;
})
];
};
```
# TODO add somewhere
```nix
# allow mounting ntfs filesystems
boot.supportedFilesystems = [ "ntfs" ];
@ -53,4 +74,9 @@ services.tailscale.extraUpFlags = ++ (lib.optionals cfg.enableExitNode [ "--adve
- rust dev (now using direnv local flakes for that)
- incus
- virt-manager
-
- hm not ported
- obs
- opensnitch
- homemanager `services.opensnitch-ui.enable = true;`
- hyprland config
- i3 isntead of sway?

27
flakes/flatpaks/flake.lock generated Normal file
View file

@ -0,0 +1,27 @@
{
"nodes": {
"nix-flatpak": {
"locked": {
"lastModified": 1739444422,
"narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177",
"type": "github"
},
"original": {
"owner": "gmodena",
"ref": "latest",
"repo": "nix-flatpak",
"type": "github"
}
},
"root": {
"inputs": {
"nix-flatpak": "nix-flatpak"
}
}
},
"root": "root",
"version": 7
}

65
flakes/flatpaks/flake.nix Normal file
View file

@ -0,0 +1,65 @@
{
inputs = {
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
};
outputs =
{
nix-flatpak,
...
}:
{
nixosModules = {
default =
{
config,
lib,
pkgs,
...
}:
{
imports = [
nix-flatpak.nixosModules.nix-flatpak
];
config = {
services.flatpak = {
enable = true;
overrides = {
global = {
Context.sockets = [
"wayland"
"x11"
];
Context.devices = [ "dri" ]; # allow GPU access if desired
Environment = {
XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons";
GTK_THEME = "Adwaita:dark";
# Force wayland as much as possible.
ELECTRON_OZONE_PLATFORM_HINT = "auto"; # or 'auto'
GTK_USE_PORTAL = "1";
OZONE_PLATFORM = "wayland";
QT_QPA_PLATFORM = "xcb"; # force XCB for Flatpaks (XWayland)
};
};
"org.signal.Signal" = {
Environment = {
SIGNAL_PASSWORD_STORE = "gnome-libsecret";
};
Context = {
sockets = [
"xfg-settings"
];
};
};
"com.google.Chrome" = {
Environment = {
CHROME_EXTRA_ARGS = "--enable-features=WaylandWindowDecorations --ozone-platform-hint=auto";
};
};
};
};
};
};
};
};
}

202
flakes/secrets/flake.lock generated Normal file
View file

@ -0,0 +1,202 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"ragenix",
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1741481578,
"narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
"owner": "ipetkov",
"repo": "crane",
"rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1744897914,
"narHash": "sha256-GIVU92o2TZBnKQXTb76zpQbWR4zjU2rFqWKNIIpXnqA=",
"owner": "yaxitech",
"repo": "ragenix",
"rev": "40f2e17ecaeab4d78ec323e96a04548c0aaa5223",
"type": "github"
},
"original": {
"owner": "yaxitech",
"repo": "ragenix",
"type": "github"
}
},
"root": {
"inputs": {
"ragenix": "ragenix"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741400194,
"narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

3
flakes/secrets/flake.nix
View file

@ -20,7 +20,6 @@
{
imports = [
ragenix.nixosModules.age
./secrets
];
config =
let
@ -64,7 +63,7 @@
in
lib.nameValuePair base (
{
file = ./. + "/secrets/${name}";
file = ./. + "/${name}";
owner = user;
}
// lib.optionalAttrs (lib.elem base worldReadable) {