diff options
Diffstat (limited to 'nix-conf')
29 files changed, 1311 insertions, 512 deletions
diff --git a/nix-conf/.sops.yaml b/nix-conf/.sops.yaml new file mode 100644 index 0000000..2cb1a1e --- /dev/null +++ b/nix-conf/.sops.yaml @@ -0,0 +1,18 @@ +keys: + - &admin_djm age1w7kjp0qdgfyg9cyj5w4qc4fc9qz3w65xw2veazesfgdenqrd3ucqsc5ejv + - &server_edrahil age1tjfctwnwldmyxnu6qmeufgr9l79vyzmrs7fy58v3d0qj4x4nhqhq2gjmlp + - &server_djmuk2 age17j56andser5ddtlfunm35m25xueua4djh9glxlscfcet8865yv9s5aqvla +creation_rules: + - path_regex: edrahil/secrets\.(json|yaml)$ + key_groups: + - age: + - *server_edrahil + - *admin_djm + - path_regex: djmuk2/secrets\.(json|yaml)$ + key_groups: + - age: + - *server_djmuk2 + - path_regex: secrets\.(json|yaml)$ + key_groups: + - age: + - *admin_djm diff --git a/nix-conf/home/config.nix b/nix-conf/home/config.nix deleted file mode 100644 index 69baf10..0000000 --- a/nix-conf/home/config.nix +++ /dev/null @@ -1 +0,0 @@ -{ allowUnfree = true; } diff --git a/nix-conf/home/djmuk1.nix b/nix-conf/home/djmuk1.nix index 54b1171..d11499e 100644 --- a/nix-conf/home/djmuk1.nix +++ b/nix-conf/home/djmuk1.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ./includes/linux-server.nix - ]; + imports = [ ./includes/linux-server.nix ]; # Let Home Manager install and manage itself. programs.home-manager.enable = true; @@ -11,7 +9,7 @@ # paths it should manage. home.username = "djm"; home.homeDirectory = "/home/djm"; - + # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards diff --git a/nix-conf/home/djmuk2.nix b/nix-conf/home/djmuk2.nix index b871056..576ed39 100644 --- a/nix-conf/home/djmuk2.nix +++ b/nix-conf/home/djmuk2.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ./includes/linux-server.nix - ]; + imports = [ ./includes/linux-server.nix ]; # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/nix-conf/home/edrahil.nix b/nix-conf/home/edrahil.nix index 1db7be3..9b7f2fb 100644 --- a/nix-conf/home/edrahil.nix +++ b/nix-conf/home/edrahil.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - imports = [ + imports = [ ./includes/linux-server.nix ./includes/irssi.nix ]; @@ -14,7 +14,7 @@ home.homeDirectory = "/home/djm"; home.sessionVariables = { - TMUX_AUTO_ATTACH=1; + TMUX_AUTO_ATTACH = 1; }; # This value determines the Home Manager release that your diff --git a/nix-conf/home/egalmoth.nix b/nix-conf/home/egalmoth.nix index 6e41320..79d29d0 100644 --- a/nix-conf/home/egalmoth.nix +++ b/nix-conf/home/egalmoth.nix @@ -1,8 +1,6 @@ { config, pkgs, ... }: { - imports = [ - ./includes/linux-dev.nix - ]; + imports = [ ./includes/linux-dev.nix ]; # Let Home Manager install and manage itself. programs.home-manager.enable = true; @@ -11,7 +9,7 @@ # paths it should manage. home.username = "djm"; home.homeDirectory = "/home/djm"; - + # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards diff --git a/nix-conf/home/includes/clojure.nix b/nix-conf/home/includes/clojure.nix index 3681e8b..3915ab3 100644 --- a/nix-conf/home/includes/clojure.nix +++ b/nix-conf/home/includes/clojure.nix @@ -1,18 +1,25 @@ -{ config, pkgs, lib, isDarwin, isLinux, ... }: +{ + config, + pkgs, + lib, + ... +}: let inherit (lib) optionals; in { - home.packages = with pkgs; [ - babashka - clj-kondo - clojure - clojure-lsp - jet - maven - neil - ] - ++ optionals stdenv.isDarwin [ (leiningen.override { jdk = jdk8; }) ] - ++ optionals stdenv.isLinux [ leiningen ]; + home.packages = + with pkgs; + [ + babashka + clj-kondo + clojure-lsp + emacs-lsp-booster + jet + maven + neil + ] + # TODO these are here because of the custom versions in otm.nix + # but there should be a better way + ++ optionals stdenv.isLinux [ leiningen clojure ]; } - diff --git a/nix-conf/home/includes/common.nix b/nix-conf/home/includes/common.nix index f43168a..7f88087 100644 --- a/nix-conf/home/includes/common.nix +++ b/nix-conf/home/includes/common.nix @@ -1,14 +1,47 @@ -{ config, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let hcr = pkgs.callPackage ./scripts/hm-changes-report.nix { inherit config pkgs; }; scr = pkgs.callPackage ./scripts/system-changes-report.nix { inherit config pkgs; }; - email = builtins.readFile "${config.home.homeDirectory}/email.txt"; + unstable = import <unstable> { }; in { imports = [ ./zsh.nix + <sops-nix/modules/home-manager/sops.nix> ]; + nixpkgs.config.allowUnfreePredicate = + pkg: builtins.elem (lib.getName pkg) [ "aspell-dict-en-science" ]; + + nix = { + package = pkgs.nix; + settings = { + extra-experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + sops = { + age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; + defaultSopsFile = builtins.path { + path = ./secrets.yaml; + name = "home-secrets.yaml"; + }; + secrets."ssh_config/oci" = { }; + secrets."git_email_config/default" = { }; + }; + + home.sessionVariables = { + LSP_USE_PLISTS = "true"; + }; + home.packages = with pkgs; [ hcr scr @@ -17,14 +50,10 @@ in aspellDicts.en aspellDicts.en-computers aspellDicts.en-science - bat - bat-extras.batdiff - bat-extras.batgrep - bat-extras.batman - bat-extras.batwatch - bat-extras.batpipe + bandwhich bottom broot + comma curl diff-so-fancy difftastic @@ -33,7 +62,6 @@ in ea elinks entr - eza fd file fzf @@ -44,37 +72,83 @@ in inetutils ispell isync + jd-diff-patch jq libqalculate lscolors - lsd lynx mercurial - nixfmt-classic nix-info nix-prefetch-git nix-prefetch-github + nix-search nixpkgs-review nvd pass + procs + pstree + rage ripgrep rlwrap sd + shfmt + sops + ssh-to-age tealdeer tre-command + tree ugrep uni + unzip w3m + xan + yq + zip zstd + + unstable.nixfmt-rfc-style + unstable.wcurl ]; - nix = { - package = pkgs.nix; - settings = { - extra-experimental-features = [ "nix-command" "flakes" ]; + programs.bat = { + enable = true; + extraPackages = with pkgs.bat-extras; [ + batdiff + batgrep + batman + batwatch + batpipe + ]; + config = { + style = "full"; + pager = "less -RXF"; + map-syntax = [ + ".ignore:Git Ignore" + "*.jenkinsfile:Groovy" + ]; }; }; + programs.eza = { + enable = true; + git = true; + icons = "auto"; + enableBashIntegration = false; + enableZshIntegration = false; + enableFishIntegration = false; + enableIonIntegration = false; + extraOptions = [ + "--colour=auto" + "--long" + "--group-directories-first" + "--classify" + "--no-user" + "--no-time" + "--no-filesize" + "--no-permissions" + ]; + }; + programs.gpg.enable = true; programs.nix-index = { enable = true; @@ -94,20 +168,29 @@ in set pastetoggle=<F2> nmap <silent> <F3> :silent nohlsearch<CR> imap <silent> <F3> <C-o>:silent nohlsearch<CR> + nmap <silent> <F4> :silent setlocal spell spelllang=en_gb<CR> + imap <silent> <F4> <C-o>:silent setlocal spell spelllang=en_gb<CR> + nmap <silent> <F5> :silent setlocal nospell<CR> + imap <silent> <F5> <C-o>:silent setlocal nospell<CR> + nmap <silent> <F6> :silent set diffopt+=iwhite<CR> + imap <silent> <F6> <C-o>:silent set diffopt+=iwhite<CR> + nmap <silent> <F7> :silent set diffopt-=iwhite<CR> + imap <silent> <F7> <C-o>:silent set diffopt-=iwhite<CR> ''; - plugins = [ pkgs.vimPlugins.sensible - pkgs.vimPlugins.auto-pairs - pkgs.vimPlugins.ctrlp - pkgs.vimPlugins.editorconfig-vim - pkgs.vimPlugins.inkpot - pkgs.vimPlugins.molokai - pkgs.vimPlugins.surround - pkgs.vimPlugins.vim-lastplace - pkgs.vimPlugins.vim-nix - pkgs.vimPlugins.vim-pasta - pkgs.vimPlugins.vim-repeat - pkgs.vimPlugins.vim-sexp-mappings-for-regular-people - pkgs.vimPlugins.vim-sleuth + plugins = [ + pkgs.vimPlugins.sensible + pkgs.vimPlugins.auto-pairs + pkgs.vimPlugins.ctrlp + pkgs.vimPlugins.editorconfig-vim + pkgs.vimPlugins.inkpot + pkgs.vimPlugins.molokai + pkgs.vimPlugins.surround + pkgs.vimPlugins.vim-lastplace + pkgs.vimPlugins.vim-nix + pkgs.vimPlugins.vim-pasta + pkgs.vimPlugins.vim-repeat + pkgs.vimPlugins.vim-sexp-mappings-for-regular-people + pkgs.vimPlugins.vim-sleuth ]; settings = { background = "dark"; @@ -130,17 +213,19 @@ in UseKeychain yes User djm ''; - includes = [ "~/.ssh/config_local" ]; + includes = [ + "~/.ssh/config_local" + config.sops.secrets."ssh_config/oci".path + ]; matchBlocks = { "djm.ovh" = { hostname = "v.djm.ovh"; port = 2222; - dynamicForwards = [ { port = 8889; } ]; }; "devio" = { - hostname = "devio.us"; - user = "deejayem"; - port = 2222; + hostname = "devio.us"; + user = "deejayem"; + port = 2222; }; "sdf" = { hostname = "sdf.org"; @@ -155,18 +240,12 @@ in user = "deejayem"; }; "blinkenshell" = { - hostname = "ssh.blinkenshell.org"; - port = 2222; + hostname = "ssh.blinkenshell.org"; + port = 2222; }; "hashbang" = { hostname = "de1.hashbang.sh"; }; - "o1" = { - hostname = "130.162.163.108"; - }; - "o2" = { - hostname = "143.47.239.39"; - }; "tilde.institute" = { hostname = "tilde.institute"; }; @@ -182,13 +261,29 @@ in identityFile = "~/.ssh/id_ed25519"; identitiesOnly = true; }; + "hb-backup" = { + hostname = "de1.hashbang.sh"; + identityFile = "~/.ssh/hb_backup_key"; + identitiesOnly = true; + }; + "bs-backup" = { + hostname = "ssh.blinkenshell.org"; + port = 2222; + identityFile = "~/.ssh/bs_backup_key"; + identitiesOnly = true; + }; + "tt-backup" = { + hostname = "tilde.team"; + identityFile = "~/.ssh/tt_backup_key"; + identitiesOnly = true; + }; }; }; programs.git = { enable = true; userName = "David Morgan"; - userEmail = email; + includes = [ { path = config.sops.secrets."git_email_config/default".path; } ]; aliases = { # difftastic logt = "!sh -c 'GIT_EXTERNAL_DIFF=\"difft --background=dark\" git log -p --ext-diff'"; @@ -203,9 +298,9 @@ in cshow = "!git -c delta.line-numbers=false show"; cdiff = "!git -c delta.line-numbers=false diff"; # diff-so-fancy - flog = "!git -c core.pager=\"diff-so-fancy | less\" log"; # usually used with -p - fshow = "!git -c core.pager=\"diff-so-fancy | less\" show"; - fdiff = "!git -c core.pager=\"diff-so-fancy | less\" diff"; + flog = ''!git -c core.pager="diff-so-fancy | less" log''; # usually used with -p + fshow = ''!git -c core.pager="diff-so-fancy | less" show''; + fdiff = ''!git -c core.pager="diff-so-fancy | less" diff''; upstream = "!git push -u origin HEAD"; update-master = "!git fetch origin master:master"; @@ -220,13 +315,20 @@ in diff = { tool = "difftastic"; colorMoved = "default"; - elisp = { xfuncname = "^\\((((def\\S+)|use-package)\\s+\\S+)"; }; - clojure = { xfuncname = "^\\((def\\S+\\s+\\S+)"; }; + elisp = { + xfuncname = "^\\((((def\\S+)|use-package)\\s+\\S+)"; + }; + clojure = { + xfuncname = "^\\((def\\S+\\s+\\S+)"; + }; }; difftool = { prompt = false; - difftastic = { cmd = ''difft "$LOCAL" "$REMOTE"''; }; + difftastic = { + cmd = ''difft "$LOCAL" "$REMOTE"''; + }; }; + merge.conflictstyle = "diff3"; pull = { ff = "only"; rebase = false; @@ -261,5 +363,23 @@ in signByDefault = true; }; }; -} + programs.lsd = { + enable = true; + enableZshIntegration = false; # don't set aliases + settings = { + indicators = true; + #layout = "oneline"; + sorting.dir-grouping = "first"; + blocks = [ + "git" + "permission" + "user" + "group" + "size" + "date" + "name" + ]; + }; + }; +} diff --git a/nix-conf/home/includes/darwin.nix b/nix-conf/home/includes/darwin.nix index 3d81678..e85f3f9 100644 --- a/nix-conf/home/includes/darwin.nix +++ b/nix-conf/home/includes/darwin.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let @@ -20,56 +25,120 @@ let makeWrapper ${pkgs.mopidy}/bin/mopidy $out/bin/mopidy \ --prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages} ''; - }; + }; + + # https://github.com/NixOS/nixpkgs/issues/395169 + patched-pkgs = pkgs.extend ( + _final: prev: { + ld64 = prev.ld64.overrideAttrs (old: { + patches = old.patches ++ [ ./Dedupe-RPATH-entries.patch ]; + }); + libuv = prev.libuv.overrideAttrs (old: { + doCheck = false; + }); + dbus = prev.dbus.overrideAttrs (old: { + doCheck = false; + }); + python313 = prev.python313.override { + packageOverrides = self: super: { + execnet = super.execnet.overridePythonAttrs (old: { + doCheck = false; + }); + pytest-xdist = super.pytest-xdist.overridePythonAttrs (old: { + doCheck = false; + }); + requests = super.requests.overridePythonAttrs (old: { + doCheck = false; + }); + sphinx = super.sphinx.overridePythonAttrs (old: { + doCheck = false; + }); + }; + }; + } + ); + + # Use the patches from emacs-plus + emacs-plus = (patched-pkgs.emacs30-pgtk.overrideAttrs (old: { + patches = + (old.patches or []) + ++ [ + (pkgs.fetchpatch { + url = "https://raw.githubusercontent.com/d12frosted/homebrew-emacs-plus/master/patches/emacs-30/fix-window-role.patch"; + sha256 = "0c41rgpi19vr9ai740g09lka3nkjk48ppqyqdnncjrkfgvm2710z"; + }) + (pkgs.fetchpatch { + url = "https://raw.githubusercontent.com/d12frosted/homebrew-emacs-plus/master/patches/emacs-30/round-undecorated-frame.patch"; + sha256 = "uYIxNTyfbprx5mCqMNFVrBcLeo+8e21qmBE3lpcnd+4="; + }) + (pkgs.fetchpatch { + url = "https://raw.githubusercontent.com/d12frosted/homebrew-emacs-plus/master/patches/emacs-30/system-appearance.patch"; + sha256 = "3QLq91AQ6E921/W9nfDjdOUWR8YVsqBAT/W9c1woqAw="; + }) + ]; + })).override{ withNativeCompilation = true; }; + + emacs-plus-with-packages = (pkgs.emacsPackagesFor emacs-plus).emacsWithPackages (ps: [ + ps.vterm + ps.multi-vterm + ]); + in { - imports = [ - ./dev-common.nix - ]; + imports = [ ./dev-common.nix ]; home.packages = with pkgs; [ awscli2 cacert + caddy coreutils curl diffutils - ((emacsPackagesFor emacs29-macport).emacsWithPackages(ps: [ ps.vterm ps.multi-vterm ])) + emacs-plus-with-packages findutils gh gh-dash #gnused - mopidy-with-extensions - mpdscribble - mpc-cli - mpd - mpv - ncmpcpp + #mopidy-with-extensions + #mpdscribble + #mpc-cli + #mpd + #ncmpcpp nix # on darwin we are not using nixos (duh) nodejs - nodePackages.eslint - openvpn pam-reattach pinentry_mac pgcli pgformatter - pms + #pms + poetry postgresql podman #python310Packages.sqlparse + redis sqls - vimpc + #vimpc wget ]; + nixpkgs.config.permittedInsecurePackages = [ + "emacs-mac-macport-29.1" + "emacs-mac-macport-with-packages-29.1" + ]; + nix.settings = { sandbox = true; keep-outputs = true; keep-derivations = true; }; - programs.java = { - enable = true; - #package = (pkgs.jdk8.overrideAttrs (_: { postPatch = "ln -nsf ../zulu-8.jdk/Contents/Home/man man"; })); - }; -} + programs.bat.extraPackages = with pkgs.bat-extras; [ + (prettybat.override { + withClangTools = false; + withRustFmt = false; + }) + ]; + # TODO is this a good idea? + #programs.zsh.shellAliases = { emacs = "${emacs-plus-with-packages}/Applications/Emacs.app/Contents/MacOS/Emacs"; }; +} diff --git a/nix-conf/home/includes/dev-common.nix b/nix-conf/home/includes/dev-common.nix index a76eb72..92b286e 100644 --- a/nix-conf/home/includes/dev-common.nix +++ b/nix-conf/home/includes/dev-common.nix @@ -1,21 +1,33 @@ -{ config, pkgs, lib, ... }: { - + config, + pkgs, + lib, + ... +}: +let + inherit (lib) optionals; +in +{ imports = [ ./common.nix ./clojure.nix ]; - home.packages = with pkgs; [ - docker - docker-compose - docker-credential-helpers - ffmpeg - gopass-jsonapi - mpv - multimarkdown - neovim - ]; + home.packages = + with pkgs; + [ + docker + docker-compose + docker-credential-helpers + gopass-jsonapi + multimarkdown + neovim + ripgrep-all + ] + ++ optionals (!stdenv.isDarwin) [ + ffmpeg + mpv + ]; programs.tmux = { enable = true; @@ -47,28 +59,27 @@ } ]; extraConfig = '' - unbind-key R - bind-key R run-shell ' \ - tmux source-file ~/.config/tmux/tmux.conf > /dev/null; \ - tmux display-message "Sourced .config/tmux/tmux.conf!"' + unbind-key R + bind-key R run-shell ' \ + tmux source-file ~/.config/tmux/tmux.conf > /dev/null; \ + tmux display-message "Sourced .config/tmux/tmux.conf!"' - bind-key £ split-window -h + bind-key £ split-window -h - set-option -g status-bg '#666666' - set-option -g status-fg '#aaaaaa' - set-option -g status-left-length 50 - set-option -g status-right " %a, %b %d - %H:%M " + set-option -g status-bg '#666666' + set-option -g status-fg '#aaaaaa' + set-option -g status-left-length 50 + set-option -g status-right " %a, %b %d - %H:%M " - ${lib.optionalString pkgs.stdenv.isLinux '' - bind-key -T copy-mode y send-keys -X copy-pipe-and-cancel "xsel -i -p && xsel -o -p | xsel -i -b" - bind-key C-y run "xsel -o | tmux load-buffer - ; tmux paste-buffer" - ''} - ${lib.optionalString pkgs.stdenv.isDarwin '' - bind-key -T copy-mode y send-keys -X copy-pipe-and-cancel "reattach-to-user-namespace pbcopy" - bind-key C-y run "reattach-to-user-namespace pbpaste | tmux load-buffer - ; tmux paste-buffer" - ''} + ${lib.optionalString pkgs.stdenv.isLinux '' + bind-key -T copy-mode y send-keys -X copy-pipe-and-cancel "xsel -i -p && xsel -o -p | xsel -i -b" + bind-key C-y run "xsel -o | tmux load-buffer - ; tmux paste-buffer" + ''} + ${lib.optionalString pkgs.stdenv.isDarwin '' + bind-key -T copy-mode y send-keys -X copy-pipe-and-cancel "reattach-to-user-namespace pbcopy" + bind-key C-y run "reattach-to-user-namespace pbpaste | tmux load-buffer - ; tmux paste-buffer" + ''} ''; }; } - diff --git a/nix-conf/home/includes/irssi.nix b/nix-conf/home/includes/irssi.nix index e7cd92c..54bdc9b 100644 --- a/nix-conf/home/includes/irssi.nix +++ b/nix-conf/home/includes/irssi.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { programs.irssi = { @@ -41,7 +46,7 @@ extraConfig = '' settings = { core = { - real_name = "David Morgan"; + real_name = "djm"; user_name = "djm"; nick = "djm"; timestamp_format = "%H:%M:%S"; @@ -85,6 +90,7 @@ 11 = { items = ( { type = "CHANNEL"; chat_type = "IRC"; name = "#!"; tag = "hashbang"; }); }; 12 = { items = ( { type = "CHANNEL"; chat_type = "IRC"; name = "#nixos"; tag = "libera"; }); }; 13 = { items = ( { type = "CHANNEL"; chat_type = "IRC"; name = "#home-manager"; tag = "oftc"; }); }; + 14 = { items = ( { type = "CHANNEL"; chat_type = "IRC"; name = "#blinkenshell.log"; tag = "blinkenirc"; }); }; }; ''; networks = { @@ -123,7 +129,6 @@ }; channels = { ctrl-c.autoJoin = true; - emacs.autoJoin = true; institute.autoJoin = true; meta.autoJoin = true; team.autoJoin = true; @@ -147,7 +152,11 @@ }; blinkenirc = { nick = "djm"; - autoCommands = [ "msg chanserv invite #blinkenshell.op" "wait 2000" ]; + autoCommands = [ + "msg chanserv invite #blinkenshell.op" + "msg chanserv invite #blinkenshell.log" + "wait 2000" + ]; saslExternal = true; server = { address = "irc.blinkenshell.org"; @@ -162,6 +171,7 @@ channels = { blinkenshell.autoJoin = true; "blinkenshell.op".autoJoin = true; + "blinkenshell.log".autoJoin = true; }; }; hashbang = { diff --git a/nix-conf/home/includes/linux-dev.nix b/nix-conf/home/includes/linux-dev.nix index cfd3760..473118e 100644 --- a/nix-conf/home/includes/linux-dev.nix +++ b/nix-conf/home/includes/linux-dev.nix @@ -1,23 +1,26 @@ { config, pkgs, ... }: { - imports = [ - ./dev-common.nix - ]; + imports = [ ./dev-common.nix ]; programs.emacs = { enable = true; - package = pkgs.emacs29; - extraPackages = (epkgs: [ epkgs.vterm epkgs.multi-vterm ] ); + extraPackages = ( + epkgs: [ + epkgs.vterm + epkgs.multi-vterm + ] + ); }; home.packages = with pkgs; [ + lame libtree - mpv + mp3cat mu pinentry protonvpn-cli - youtube-dl + sword + yt-dlp ]; } - diff --git a/nix-conf/home/includes/linux-server.nix b/nix-conf/home/includes/linux-server.nix index 12164b4..62233f0 100644 --- a/nix-conf/home/includes/linux-server.nix +++ b/nix-conf/home/includes/linux-server.nix @@ -1,22 +1,21 @@ { config, pkgs, ... }: { - imports = [ - ./common.nix - ]; + imports = [ ./common.nix ]; home.packages = with pkgs; [ emacs-nox irssi libtree msmtp - neomutt pinentry restic + sword + yt-dlp ]; services.gpg-agent = { enable = true; - pinentryPackage = pkgs.pinentry-curses; + pinentry.package = pkgs.pinentry-curses; defaultCacheTtl = 34560000; maxCacheTtl = 34560000; }; @@ -51,4 +50,3 @@ programs.vim.packageConfigurable = pkgs.vim; } - diff --git a/nix-conf/home/includes/scripts/hm-changes-report.nix b/nix-conf/home/includes/scripts/hm-changes-report.nix index 303d482..65e7fe8 100644 --- a/nix-conf/home/includes/scripts/hm-changes-report.nix +++ b/nix-conf/home/includes/scripts/hm-changes-report.nix @@ -2,7 +2,7 @@ # https://github.com/gvolpe/nix-config/blob/e28a220d0087064e6bad6b992b4914a65eb545e5/home/scripts/changes-report.nix let - hm-profiles = "/nix/var/nix/profiles/per-user/${config.home.username}/profile-*-link"; + hm-profiles = "${config.home.homeDirectory}/.local/state/nix/profiles/home-manager-*-link"; in pkgs.writeShellScriptBin "hm-changes-report" '' # Disable nvd if there are less than 2 hm profiles. @@ -12,4 +12,3 @@ pkgs.writeShellScriptBin "hm-changes-report" '' ${pkgs.nvd}/bin/nvd diff $(ls -d1v ${hm-profiles} | tail -2) fi '' - diff --git a/nix-conf/home/includes/scripts/system-changes-report.nix b/nix-conf/home/includes/scripts/system-changes-report.nix index 56166cb..b94498c 100644 --- a/nix-conf/home/includes/scripts/system-changes-report.nix +++ b/nix-conf/home/includes/scripts/system-changes-report.nix @@ -12,4 +12,3 @@ pkgs.writeShellScriptBin "system-changes-report" '' ${pkgs.nvd}/bin/nvd diff $(ls -d1v ${system-profiles} | tail -2) fi '' - diff --git a/nix-conf/home/includes/secrets.yaml b/nix-conf/home/includes/secrets.yaml new file mode 100644 index 0000000..2fc9d8c --- /dev/null +++ b/nix-conf/home/includes/secrets.yaml @@ -0,0 +1,21 @@ +ssh_config: + oci: ENC[AES256_GCM,data:l1GZ6mszgDhGztWmMdkNY2wRGfLIOGfHou7m0p8NkvaZZ3oKhblyu9C2Y2uEZArC8aCysxmU0QDfeIxDAzBdszUY,iv:HD8xdaiF9s0XZAuHNjAQfEtMgKaM0R12FCv5rTq19+Y=,tag:bfa48iOXhASXc+JhmYy/EQ==,type:str] + otm: "" +git_email_config: + default: ENC[AES256_GCM,data:ADmbGuV+E5wvGdbdC12BDi2TvHeoIRWjerKxnvDV7dENCxFyy+3P01IyCA==,iv:Nik4YiC8WhWmAnM7g1ER5HU0pg88l9uFiHQNtou5jas=,tag:RtK0XKKcHHR39p3mSl5YRw==,type:str] + otm: ENC[AES256_GCM,data:dFrxmxFRU5MThUSdqWuL3ZmBCJfMUVYWQTnWQF25Cnn6lMflau5vHNEFZZDZxyFBk7A=,iv:EOv1xgxXuN3LuiO1eorazgQHBkWY9GKUjFBaYnfkLRI=,tag:Mg6SwdQSGjtlR5iiOU/q7g==,type:str] +sops: + age: + - recipient: age1w7kjp0qdgfyg9cyj5w4qc4fc9qz3w65xw2veazesfgdenqrd3ucqsc5ejv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybC93bWJ1d05pSWdyOHkv + eXBUa1dUcWFnNTRKZXpxckhKNXlLMVBoR0dFCnNKcVhmcWFaQkllc05iVmtub2E2 + YkRTbnNNSnF2WWlET2N4MExYNFAzZFEKLS0tIHhwbTE3bEJlTEpXOXprSTBRckF0 + cjlWWTNQR3lLLzBqTHhld05VblFJdHcKihceil9ge+IKG2GZcLpGWUncvRvmyJ7w + YiWtb/ApF4T27wsmmFyLSnG8OWkLCKzaeU4QOVIGYQcfzzcQD5nUGg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-29T13:45:42Z" + mac: ENC[AES256_GCM,data:Z4jJujUvl8jmJQbquV9NeczVZF17HI01sDpUoSSS7cM89WUOZzAOcT3zxR4hzyCfq4je++YkBPPFl4hcqbuVyBu8zCxY4z9673sFSLYrUA8THVeLYjMOTo0Hu0tIy8vy+uZZcAuRFaXyS+GrQHAdSSm4zVkwLG9R1nod+ys6LvQ=,iv:WfubcgFSY94cyfrlAlND6CQudoISuGL5fBhm9E3O4Q4=,tag:IeKYzou3EDwGyA23FGHtdA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/nix-conf/home/includes/zsh.nix b/nix-conf/home/includes/zsh.nix index 9729386..650f559 100644 --- a/nix-conf/home/includes/zsh.nix +++ b/nix-conf/home/includes/zsh.nix @@ -1,17 +1,33 @@ -{ config, pkgs, lib, isDarwin, ... }: +{ + config, + pkgs, + lib, + ... +}: let - inherit (lib) - optionalAttrs - optionals; + inherit (lib) optionalAttrs optionals; + show_file_or_dir_preview = "if [ -d {} ]; then eza --tree --color=always {} | head -200; else bat -n --color=always --line-range :500 {}; fi"; in { - home.packages = with pkgs; [ - zsh-completions - ]; + home.packages = with pkgs; [ zsh-completions ]; programs.fzf = { enable = true; enableZshIntegration = true; + changeDirWidgetCommand = "fd --type=d --hidden --strip-cwd-prefix --exclude .git --exclude node_modules"; # FZF_ALT_C_COMMAND + changeDirWidgetOptions = [ "--preview 'eza --tree --color=always {} | head -200'" ]; # FZF_ALT_C_OPTS + defaultCommand = "fd --hidden --strip-cwd-prefix --exclude .git --exclude node_modules"; # FZF_DEFAULT_COMMAND + defaultOptions = [ + "--bind=ctrl-t:toggle-all" + "--bind=ctrl-j:jump" + ]; # FZF_DEFAULT_OPTS + fileWidgetCommand = config.programs.fzf.defaultCommand; # FZF_CTRL_T_COMMAND + fileWidgetOptions = [ "--preview '${show_file_or_dir_preview}'" ]; # FZF_CTRL_T_OPTS + historyWidgetOptions = [ + "--preview 'echo {}'" + "--preview-window down:3:hidden:wrap" + "--bind 'ctrl-t:toggle-preview'" + ]; # FZF_CTRL_R_OPTS }; programs.zoxide = { enable = true; @@ -23,20 +39,41 @@ in }; programs.keychain = { enable = lib.mkIf pkgs.stdenv.isLinux true; - agents = [ "ssh" "gpg"]; - keys = [ "id_rsa" "id_ed25519" "C171251002C200F2" ]; - # extraFlags = [ "--quiet" "--ignore-missing" ]; + agents = [ + "ssh" + "gpg" + ]; + keys = [ + "id_rsa" + "id_ed25519" + "C171251002C200F2" + ]; + # extraFlags = [ "--quiet" "--ignore-missing" ]; }; programs.command-not-found.enable = true; programs.zsh = { enable = true; enableCompletion = true; - autosuggestion.enable = true; + autosuggestion = { + enable = true; + highlight = "fg=#808080"; + strategy = [ + "history" + "completion" + ]; + }; defaultKeymap = "emacs"; history = { - size = 100000; - save = 100000; expireDuplicatesFirst = true; + ignoreSpace = true; + save = 100000; + share = true; + size = 100000; + }; + historySubstringSearch = { + enable = true; + searchUpKey = "$terminfo[kcuu1]"; + searchDownKey = "$terminfo[kcud1]"; }; profileExtra = '' @@ -50,11 +87,23 @@ in cp = "cp -iv"; mv = "mv -iv"; mkdir = "mkdir -v"; - tree = "eza --tree"; - - pp = "pushbullet push \"Pixel\" link \"\${1}\" \"\${1}\""; - - upgrade_emacs = "cp ~/.emacs.d/straight/versions/default.el ~/straight-versions-default-`date \"+%Y-%m-%d-%H%M%S\"`.el && emacs --batch -l \"~/.emacs.d/init.el\" -f \"my/upgrade-packages\""; + cat = "bat -p"; + c = "bat -p"; + l = "eza"; + la = "eza -a"; + lg = "eza -G"; + lga = "eza -aG"; + ll = "\\eza --icons --git --colour --long --group-directories-first --classify"; + lla = "ll -a"; + t = "eza --tree"; + p = "lsd"; + pa = "lsd -a"; + pll = "lsd -l"; + pla = "lsd -la"; + + pp = ''pushbullet push "Pixel" link "''${1}" "''${1}"''; + + upgrade_emacs = ''cp ~/.emacs.d/straight/versions/default.el ~/straight-versions-default-`date "+%Y-%m-%d-%H%M%S"`.el && emacs --batch -l "~/.emacs.d/init.el" -f "my/upgrade-packages"''; diff_emacs = "difft --color always --context 0 $(ls -d1v ~/straight-versions-default-*.el | tail -1) ~/.emacs.d/straight/versions/default.el | grep '\\[9[12]' | egrep -v '(gnu-elpa-mirror|nongnu-elpa|melpa|emacsmirror-mirror)'"; nix-up = "git -C ~/dotfiles pull && doas nix-channel --update && doas nixos-rebuild switch && nix-channel --update && home-manager switch && system-changes-report && hm-changes-report && df -h && date"; @@ -65,13 +114,14 @@ in fb = "fzf --preview 'bat --color=always --style=numbers --line-range=:500 {}'"; + # Restrict matches to subdirs of the current one (https://github.com/skywind3000/z.lua/blob/ef9a49d73d2b4f262c6fbb23262253dcda7c19a7/README.md#tips) zz = "z $PWD"; els = "ea run linear ls -- -1"; erg = "ea run grouped rg --"; fd = "ea run linear fd --"; - git-reset-branch = "git fetch && git reset --hard origin/\$(git branch --show-current)"; + git-reset-branch = "git fetch && git reset --hard origin/$(git branch --show-current)"; # Git log aliases from the omz git plugin gl = "git pull"; @@ -81,165 +131,211 @@ in glgga = "git log --graph --decorate --all"; glgm = "git log --graph --max-count=10"; glo_ = "git log --oneline --decorate"; - glol = "git log --graph --pretty=\"%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ar) %C(bold blue)<%an>%Creset\""; - glols = "git log --graph --pretty=\"%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ar) %C(bold blue)<%an>%Creset\" --stat"; - glod = "git log --graph --pretty=\"%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ad) %C(bold blue)<%an>%Creset\""; - glods = "git log --graph --pretty=\"%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ad) %C(bold blue)<%an>%Creset\" --date=short"; - glola = "git log --graph --pretty=\"%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ar) %C(bold blue)<%an>%Creset\" --all"; + glol = ''git log --graph --pretty="%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ar) %C(bold blue)<%an>%Creset"''; + glols = ''git log --graph --pretty="%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ar) %C(bold blue)<%an>%Creset" --stat''; + glod = ''git log --graph --pretty="%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ad) %C(bold blue)<%an>%Creset"''; + glods = ''git log --graph --pretty="%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ad) %C(bold blue)<%an>%Creset" --date=short''; + glola = ''git log --graph --pretty="%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%ar) %C(bold blue)<%an>%Creset" --all''; glog = "git log --oneline --decorate --graph"; gloga = "git log --oneline --decorate --graph --all"; - } - // optionalAttrs pkgs.stdenv.isDarwin { - oemacs = "open -a /Applications/Emacs.app"; - }; + } // optionalAttrs pkgs.stdenv.isDarwin { oemacs = "open -a /Applications/Emacs.app"; }; localVariables = { PER_DIRECTORY_HISTORY_TOGGLE = "^\\\\"; # ^\\ is ^# HISTORY_START_WITH_GLOBAL = true; - - ZSH_AUTOSUGGEST_STRATEGY = ["history" "completion"]; - - NVM_AUTO_USE = true; - NVM_LAZY_LOAD = true; - - LSP_USE_PLISTS = true; LESS = "-iRXF"; }; - initExtraFirst = '' - [[ $TERM == "tramp" ]] && unsetopt zle && PS1='$ ' && return - ''; - initExtra = '' - # Based on prezto tmux plugin - if [[ -z "$TMUX" && -z "$EMACS" && -z "$VIM" && -z "$INSIDE_EMACS" && (-z "$SSH_TTY" || -n "$TMUX_AUTO_ATTACH") ]]; then - tmux start-server + initContent = lib.mkMerge [ + (lib.mkBefore '' + [[ $TERM == "tramp" ]] && unsetopt zle && PS1='$ ' && return + '') + '' + # Based on prezto tmux plugin + if [[ -z "$TMUX" && -z "$EMACS" && -z "$VIM" && -z "$INSIDE_EMACS" && (-z "$SSH_TTY" || -n "$TMUX_AUTO_ATTACH") ]]; then + tmux start-server + + if ! tmux has-session 2> /dev/null; then + tmux new-session -d -s "0" \; set-option -t "0" destroy-unattached off &> /dev/null + fi - if ! tmux has-session 2> /dev/null; then - tmux new-session -d -s "0" \; set-option -t "0" destroy-unattached off &> /dev/null + if [[ -n "$SSH_TTY" ]]; then + exec tmux -u attach-session + else + exec tmux -u attach-session -d + fi fi - if [[ -n "$SSH_TTY" ]]; then - exec tmux -u attach-session - else - exec tmux -u attach-session -d - fi - fi - - # Keep these in initExtra, rather than localVariables, because the order matters - export FZF_DEFAULT_COMMAND='rg --files --no-ignore --hidden --follow -g "!{.git,node_modules}/*" 2> /dev/null' - export FZF_CTRL_T_COMMAND="$FZF_DEFAULT_COMMAND" - export FZF_ALT_C_COMMAND='rg --hidden --files --sort-files --null -g "!{.git,node_modules}/*" | xargs -0 dirname | sort -u' - export FZF_ALT_C_OPTS="--preview 'eza --tree {} | head -200'" - export FZF_CTRL_R_OPTS="--preview 'echo {}' --preview-window down:3:hidden:wrap --bind 'ctrl-t:toggle-preview'" - export FZF_DEFAULT_OPTS="--bind=ctrl-t:toggle-all --bind=ctrl-j:jump" - - eval "$(batpipe)" - autopair-init - enable-fzf-tab - bindkey '^[[A' history-substring-search-up - bindkey '^[[B' history-substring-search-down - - # make home and end work - [[ -z "$terminfo[khome]" ]] || bindkey -M emacs "$terminfo[khome]" beginning-of-line - [[ -z "$terminfo[kend]" ]] || bindkey -M emacs "$terminfo[kend]" end-of-line - - # disable sort when completing `git checkout` - zstyle ''\':completion:*:git-checkout:*''\' sort false - # set descriptions format to enable group support - zstyle ''\':completion:*:descriptions''\' format ''\'[%d]''\' - # Allow tab to expand aliases - zstyle ':completion:*' completer _expand_alias _complete _ignored - # set list-colors to enable filename colorizing - #zstyle ''\':completion:*''\' list-colors ''${(s.:.)LS_COLORS} - # preview directory''\'s content with eza when completing cd - zstyle ''\':fzf-tab:complete:cd:*''\' fzf-preview ''\'eza -1 --color=always ''$realpath''\' - # switch group using `,` and `.` - zstyle ''\':fzf-tab:*''\' switch-group ''\',''\' ''\'.''\' - - set -o noclobber append_history share_history - - # disable flow control (so that fzf-git.sh's ^g^s can work) - stty -ixon - - function generate () { gopass generate -s -p $1 $((RANDOM % 14 + 45)) } - function fcd { cd $(fd -L --max-depth=''${1:-4} --type=d 2>/dev/null | fzf-tmux) } - - fif() { - if [ ! "$#" -gt 0 ]; then - echo "usage: fif <SEARCH_TERM>" - return 1; - fi - rg --files-with-matches --no-messages "$1" | fzf $FZF_PREVIEW_WINDOW --preview "rg --ignore-case --pretty --context 10 '$1' {}" - } + autopair-init + enable-fzf-tab + + # make home and end work + [[ -z "$terminfo[khome]" ]] || bindkey -M emacs "$terminfo[khome]" beginning-of-line + [[ -z "$terminfo[kend]" ]] || bindkey -M emacs "$terminfo[kend]" end-of-line + + # disable sort when completing `git checkout` + zstyle ':completion:*:git-checkout:*' sort false + # set descriptions format to enable group support + zstyle ':completion:*:descriptions' format '[%d]' + # Allow tab to expand aliases + zstyle ':completion:*' completer _expand_alias _complete _ignored + # set list-colors to enable filename colorizing + #zstyle ':completion:*' list-colors ''${(s.:.)LS_COLORS} + # preview directory's content with eza when completing cd + zstyle ':fzf-tab:complete:cd:*' fzf-preview 'eza -1 --color=always $realpath' + # switch group using `,` and `.` + zstyle ':fzf-tab:*' switch-group ',' '.' + + # functions modified from https://www.josean.com/posts/7-amazing-cli-tools + _fzf_compgen_path() { + fd --hidden --exclude .git --exclude node_modules . "$1" + } + _fzf_compgen_dir() { + fd --type=d --hidden --exclude .git --exclude node_modules . "$1" + } + _fzf_comprun() { + local command=$1 + shift + + case "$command" in + cd) fzf --preview 'eza --tree --color=always {} | head -200' "$@" ;; + export|unset) fzf --preview "eval 'echo $'{}" "$@" ;; + ssh) fzf --preview 'dig {}' "$@" ;; + *) fzf --preview "${show_file_or_dir_preview}" "$@" ;; + esac + } - fe() { - IFS=$'\n' files=($(fzf-tmux --query="$1" --multi --select-1 --exit-0)) - [[ -n "$files" ]] && ''${EDITOR:-vim} "''${files[@]}" - } + set -o noclobber + + # disable flow control (so that fzf-git.sh's ^g^s can work) + stty -ixon + + # These functions are called as follows, after using ea (using vip as an example): + # vip # edits the first result from ea (roughly equivalent to vi `ea p 1`) + # vip <n> # edits the nth result from ea (vi `ea p <n>`) + # vip <n> foo # if the nth result from ea is a directory, edit foo in that directory (vi `ea p <n>`/foo) + # Will add +<line-number>, where the line number is available + function _vip () { + local cmd=(''${=1}) # zsh only, not portable; something like CMD=($(echo $1)) is more portable but is ugly + local idx=''${2:-1} + local base_path=$(ea p $idx) + local line=$(ea p $idx "{line}") + local ea_format="'{path}'" + + if [ -z "$base_path" ]; then + echo "No file path found for index $2" + return 1 + fi - # TODO is there a way to do this in shellAliases - alias ..="cd .." - alias -- -="cd -" + if [ $# -gt 2 -a ! -d "$base_path" ]; then + echo "$base_path is not a directory" + return 2 + fi - ...() { - local declare dirs=() - get_parent_dirs() { - if [[ -d "''${1}" ]]; then dirs+=("$1"); else return; fi - if [[ "''${1}" == '/' ]]; then - for _dir in "''${dirs[@]}"; do echo $_dir; done - else - get_parent_dirs $(dirname "$1") + if [ $# -lt 3 -a $line -ne 1 ]; then + ea_format+=" +{line}" fi + + eval $(ea p $idx "$cmd ''${ea_format}$3") } - local DIR=$(get_parent_dirs $(realpath "$PWD/..") | fzf-tmux) - cd "$DIR" - } - # From omz - function mkcd () { - mkdir -p $@ && cd ''${@:$#} - } + function vip () { + _vip $EDITOR ''${@} + } + function bp () { + _vip bat ''${@} + } + function bpp () { + # this will be split into an array in _vip + CMD="bat -p" + _vip $CMD ''${@} + } - tre () { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; } + function ecd () { + cd $(ea p ''${1:-1}) + } - function gcd () { - if [ $# -eq 0 ] ; then - echo "Number of days must be specified" >&2 - return 1 - fi - if ! [[ $1 =~ '^[0-9]+$' ]] ; then - echo "Number of days must be a number" >&2 - return 2 - fi + function generate () { gopass generate -s -p $1 $((RANDOM % 14 + 45)) } + function fcd { cd $(fd -L --max-depth=''${1:-4} --type=d 2>/dev/null | fzf-tmux) } - if [ $1 -eq 0 ] ; then - GC_ARGS=(-d) - else - GC_ARGS=(--delete-older-than ''${1}d) - fi + fif() { + if [ ! "$#" -gt 0 ]; then + echo "usage: fif <SEARCH_TERM>" + return 1; + fi + rg --files-with-matches --no-messages "$1" | fzf $FZF_PREVIEW_WINDOW --preview "rg --ignore-case --pretty --context 10 '$1' {}" + } - DOAS=$(command -v doas) + fe() { + IFS=$'\n' files=($(fzf-tmux --query="$1" --multi --select-1 --exit-0)) + [[ -n "$files" ]] && ''${EDITOR:-vim} "''${files[@]}" + } - # Run as the current user (as well as root) to clean up hm generations - nix-collect-garbage ''${GC_ARGS[@]} - if [ -n $DOAS ] ; then - $DOAS nix-collect-garbage ''${GC_ARGS[@]} - fi + # TODO is there a way to do this in shellAliases + alias ..="cd .." + alias ...="cd ../.." + alias -- -="cd -" + + .,() { + local declare dirs=() + get_parent_dirs() { + if [[ -d "''${1}" ]]; then dirs+=("$1"); else return; fi + if [[ "''${1}" == '/' ]]; then + for _dir in "''${dirs[@]}"; do echo $_dir; done + else + get_parent_dirs $(dirname "$1") + fi + } + local DIR=$(get_parent_dirs $(realpath "$PWD/..") | fzf-tmux) + cd "$DIR" + } - df -h - date - } + # From omz + function mkcd () { + mkdir -p $@ && cd ''${@:$#} + } - function checkout-pr () { - git fetch ''${2:-upstream} pull/''${1}/head:pr-''${1} - git switch pr-''${1} - } + tre () { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; } - [[ ! -f ~/.zsh.local ]] || source ~/.zsh.local + function gcd () { + if [ $# -eq 0 ] ; then + echo "Number of days must be specified" >&2 + return 1 + fi + if ! [[ $1 =~ '^[0-9]+$' ]] ; then + echo "Number of days must be a number" >&2 + return 2 + fi - [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh - ''; + if [ $1 -eq 0 ] ; then + GC_ARGS=(-d) + else + GC_ARGS=(--delete-older-than ''${1}d) + fi - plugins = with pkgs; [ + DOAS=$(command -v doas) + + # Run as the current user (as well as root) to clean up hm generations + nix-collect-garbage ''${GC_ARGS[@]} + if [ -n $DOAS ] ; then + $DOAS nix-collect-garbage ''${GC_ARGS[@]} + fi + + df -h + date + } + + function checkout-pr () { + git fetch ''${2:-upstream} pull/''${1}/head:pr-''${1} + git switch pr-''${1} + } + + [[ ! -f ~/.zsh.local ]] || source ~/.zsh.local + + [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh + '' + ]; + + plugins = with pkgs; [ { name = "zsh-autopair"; src = zsh-autopair; @@ -266,11 +362,6 @@ in file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme"; } { - name = "zsh-history-substring-search"; - src = zsh-history-substring-search; - file = "share/zsh-history-substring-search/zsh-history-substring-search.zsh"; - } - { name = "zsh-forgit"; src = zsh-forgit; file = "share/zsh/zsh-forgit/forgit.plugin.zsh"; @@ -283,7 +374,7 @@ in { name = "fzf-git.sh"; src = fzf-git-sh; - file = "share/zsh/fzf-git-sh/fzf-git.sh"; + file = "share/fzf-git-sh/fzf-git.sh"; } { name = "per-directory-history"; @@ -295,19 +386,6 @@ in }; file = "per-directory-history.zsh"; } - ] - ++ optionals stdenv.isDarwin [ - { - name = "zsh-nvm"; - src = fetchFromGitHub { - owner = "lukechilds"; - repo = "zsh-nvm"; - rev = "23067bd9bb6eb6f4737a3ea90cb0cb5e85f61ba2"; - sha256 = "Zwdi7bezMFKaIKYwsSftu3mJSFvadEWmY2hYnU1Kpu4="; - }; - file = "zsh-nvm.plugin.zsh"; - } ]; }; } - diff --git a/nix-conf/home/otm.nix b/nix-conf/home/otm.nix index cf9a219..2055780 100644 --- a/nix-conf/home/otm.nix +++ b/nix-conf/home/otm.nix @@ -1,12 +1,123 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - email = builtins.readFile "${config.home.homeDirectory}/email.txt"; - otmEmail = builtins.readFile "${config.home.homeDirectory}/otm_email.txt"; + zscaler-cert = '' + -----BEGIN CERTIFICATE----- + MIIE0zCCA7ugAwIBAgIJANu+mC2Jt3uTMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD + VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux + FTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMMWnNjYWxlciBJbmMuMRgw + FgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRA + enNjYWxlci5jb20wHhcNMTQxMjE5MDAyNzU1WhcNNDIwNTA2MDAyNzU1WjCBoTEL + MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBK + b3NlMRUwEwYDVQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5j + LjEYMBYGA1UEAxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBw + b3J0QHpzY2FsZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + qT7STSxZRTgEFFf6doHajSc1vk5jmzmM6BWuOo044EsaTc9eVEV/HjH/1DWzZtcr + fTj+ni205apMTlKBW3UYR+lyLHQ9FoZiDXYXK8poKSV5+Tm0Vls/5Kb8mkhVVqv7 + LgYEmvEY7HPY+i1nEGZCa46ZXCOohJ0mBEtB9JVlpDIO+nN0hUMAYYdZ1KZWCMNf + 5J/aTZiShsorN2A38iSOhdd+mcRM4iNL3gsLu99XhKnRqKoHeH83lVdfu1XBeoQz + z5V6gA3kbRvhDwoIlTBeMa5l4yRdJAfdpkbFzqiwSgNdhbxTHnYYorDzKfr2rEFM + dsMU0DHdeAZf711+1CunuQIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFLm33UrNww4M + hp1d3+wcBGnFTpjfMIHWBgNVHSMEgc4wgcuAFLm33UrNww4Mhp1d3+wcBGnFTpjf + oYGnpIGkMIGhMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G + A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMM + WnNjYWxlciBJbmMuMRgwFgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG + 9w0BCQEWE3N1cHBvcnRAenNjYWxlci5jb22CCQDbvpgtibd7kzAMBgNVHRMEBTAD + AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw0NdJh8w3NsJu4KHuVZUrmZgIohnTm0j+ + RTmYQ9IKA/pvxAcA6K1i/LO+Bt+tCX+C0yxqB8qzuo+4vAzoY5JEBhyhBhf1uK+P + /WVWFZN/+hTgpSbZgzUEnWQG2gOVd24msex+0Sr7hyr9vn6OueH+jj+vCMiAm5+u + kd7lLvJsBu3AO3jGWVLyPkS3i6Gf+rwAp1OsRrv3WnbkYcFf9xjuaf4z0hRCrLN2 + xFNjavxrHmsH8jPHVvgc1VD0Opja0l/BRVauTrUaoW6tE+wFG5rEcPGS80jjHK4S + pB5iDj2mUZH1T8lzYtuZy0ZPirxmtsk3135+CKNa2OCAhhFjE0xd + -----END CERTIFICATE----- + ''; + + internal-cert = '' + -----BEGIN CERTIFICATE----- + MIIDpzCCAo+gAwIBAgIRAPimIVPUvFeeWdKoTVr/KaowDQYJKoZIhvcNAQELBQAw + bTELMAkGA1UEBhMCR0IxGDAWBgNVBAoMD29udGhlbWFya2V0LmNvbTELMAkGA1UE + CwwCSVQxDzANBgNVBAgMBkxvbmRvbjEVMBMGA1UEAwwMaW50ZXJuYWwub3RtMQ8w + DQYDVQQHDAZMb25kb24wHhcNMjQwNTIxMTIyNTUzWhcNMzQwNTIxMTMyNTQ1WjBt + MQswCQYDVQQGEwJHQjEYMBYGA1UECgwPb250aGVtYXJrZXQuY29tMQswCQYDVQQL + DAJJVDEPMA0GA1UECAwGTG9uZG9uMRUwEwYDVQQDDAxpbnRlcm5hbC5vdG0xDzAN + BgNVBAcMBkxvbmRvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMb + +jxbONNYRWXFYLHOVsKkTBVY/SkPo9VYv63Xzp8YF5CC3GMNKVvtdfwDLxdB4yDE + 71kOngybxIRTeX+UdZCfhmcgpmu6trT8RB27SzpOVkrVz+wCzYx/3qE4xSQok474 + komOtHkuwoL1MMqTH1WOPqUL3RaNkK3YSq2M8JPfjG9w6eboT0i+c7GG9OEk9BwW + 35M+tdiI9fjAK95yMU9DjVI7PqTfqBVT5pUoyzAKhTikZlC6O8X8U98NJojwhaT4 + RJcbbd1bdNqcxdpshIiP1kWAE4CKp2+tMzzz9yqwgQ1igbsm2j37TxI74JoEV9+k + 95tFwgXLT7Bih3MFuI0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E + FgQUuA22mh+yV3W8D3mpiouhO2Y/2c4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 + DQEBCwUAA4IBAQCJgkhzAWW0Rh4EWyAdVIoUnjHIr032Qu61cXiNqvvRS9GIF5gs + oynXjIIj2scBeNlkG3oSy0G3wWyFzng6ixwuol2fRhDsllvm2bgeaObdbccbLbWx + 8OTobCqWTfZvEn8dYs7Qbx/9l4yBH6pYptnOmDt+Ze2hOVZyTuiVq91CEn+on9FG + 2V6Bjuu8dNpz2CC8na7H4wsqUNRfBVSTSKgdeeiLj1zdueWgOtA1PNOZp5wi452U + mpb61I1k/Xfe6ECUn8QEh9oEB4MprNvlvLVmmnstcBmqU9SvONtmSrn8ekI2OO69 + R7pRciveNTEVrJRPqOfL4fjfQbjtpKx6Gk5m + -----END CERTIFICATE----- + ''; + + internal-staging-cert = '' + -----BEGIN CERTIFICATE----- + MIIDpzCCAo+gAwIBAgIRANXYUsUWHHGL/LgpcIY3zlUwDQYJKoZIhvcNAQELBQAw + bTELMAkGA1UEBhMCR0IxGDAWBgNVBAoMD29udGhlbWFya2V0LmNvbTELMAkGA1UE + CwwCSVQxDzANBgNVBAgMBkxvbmRvbjEVMBMGA1UEAwwMaW50ZXJuYWwub3RtMQ8w + DQYDVQQHDAZMb25kb24wHhcNMjQwNTI0MDc1MDQ3WhcNMzQwNTI0MDg1MDQ0WjBt + MQswCQYDVQQGEwJHQjEYMBYGA1UECgwPb250aGVtYXJrZXQuY29tMQswCQYDVQQL + DAJJVDEPMA0GA1UECAwGTG9uZG9uMRUwEwYDVQQDDAxpbnRlcm5hbC5vdG0xDzAN + BgNVBAcMBkxvbmRvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAImM + FljdqdQ4M0tRYAiRU6WPWiIKFHwZSTsdLohNXikjnSar1xnN1LQLLH1mzPpztnpA + eCnADo9Dc1Nsm+dt6WREL6n57oQSG3d5eM+br6MIm2qWIXQhtJtpKFcbSuOlaB4z + uWNmk3R09+3GaGNhpYBmEbh3Nvc5it0/p6EUOVWigF3ghr0NO2JSOhPtGhNSPyyS + 9Q7DZSwdaGeix9yKWKDh3X4ikZvjm4xqkogFFdyFHKA1qmsaCsT+NP1iH6HNb6pB + xOb1ZyzR1EcFKAP+8uOgoI3bF0iJswNtkSc2kqf0vNQ+K/qoNL8OH7VyKCfeQqNL + 2b8lV+FwHIBD2ZwhsuUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E + FgQUxbubUk2Kf9k68OUOSwrdgGuAtJYwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 + DQEBCwUAA4IBAQBNRKzWrQQBh1RAU023u0pgNjfk0OV5mTlb2024jCLmqG7U/eSC + X8LoO/Gm3yVuj5RsoH8H5ftNU1j71c+dHg7+UVvQZRCOfgVIMnPCxuMvcaljRnLG + qHaRCra5G3IOLrBtJDg9DgKg6/gUbg5DvZwiO5J21yzJWxy6wmoRBmy43DZBa2RV + /rO3WOM0uuMp4DHqBIYx55d+4mdtshikZoys3TCiFH3C11xrUwkIdNEqvMcjl/Pr + 5WrzfbTpDzvo/GCkPhA0thVgUBx4LXB8HizVmDZgGbSuh7ic7LHyh1ahE0fqGX9C + ZvHif3XTcAZlNkilVHvF3pM4EIosFEc6dHFy + -----END CERTIFICATE----- + ''; + + aws-cert = + (builtins.readFile "${pkgs.awscli2}/lib/python${pkgs.awscli2.python.pythonVersion}/site-packages/awscli/botocore/cacert.pem") + + zscaler-cert; + + full-cert = + (builtins.readFile /etc/ssl/cert.pem) + aws-cert + internal-cert + internal-staging-cert; + + zscaler-cert-file = pkgs.writeText "zscaler-cert.pem" zscaler-cert; + aws-cert-file = pkgs.writeText "aws-cert.pem" aws-cert; + full-cert-file = pkgs.writeText "full-cert.pem" full-cert; + + zscaler-jdk = pkgs.jdk.overrideAttrs (old: { + # passthru.home must be set to ensure JAVA_HOME is set correctly + # See https://github.com/nix-community/home-manager/blob/086f619dd991a4d355c07837448244029fc2d9ab/modules/programs/java.nix#L39-L41 + # and https://github.com/NixOS/nixpkgs/blob/4877ea239f4d02410c3516101faf35a81af0c30e/pkgs/development/compilers/openjdk/jre.nix#L32 + passthru.home = "${zscaler-jdk}"; # make sure JAVA_HOME is set + installPhase = + # This is probably equivalent to + # $out/bin/keytool -import -noprompt -trustcacerts -alias zscalerrootca -keystore $out/lib/security/cacerts <<< "${zscaler-cert}" + # but follow the zscaler instructions just in case + old.installPhase + + '' + ${pkgs.openssl}/bin/openssl x509 -inform pem -outform der <<< "${zscaler-cert}" | $out/bin/keytool -import -noprompt -trustcacerts -alias zscalerrootca -keystore $out/lib/security/cacerts + ''; + }); + + zscaler-lein = pkgs.leiningen.override { jdk = zscaler-jdk; }; + zscaler-clojure = pkgs.clojure.override { jdk = zscaler-jdk; }; + in { - imports = [ - ./includes/darwin.nix - ]; + imports = [ ./includes/darwin.nix ]; # Let Home Manager install and manage itself. programs.home-manager.enable = true; @@ -16,15 +127,84 @@ in home.username = "dmorgan"; home.homeDirectory = "/Users/dmorgan"; + home.sessionPath = [ "$HOME/.costar/auth2aws" ]; + + home.sessionVariables = { + AWS_DEFAULT_REGION = "eu-west-1"; + AWS_PROFILE = "aws_otm_dev_developers"; + AM_PROFILE = "staging"; + AWS_CA_BUNDLE = "${aws-cert-file}"; + CURL_CA_BUNDLE = "${full-cert-file}"; + NIX_SSL_CERT_FILE = "${full-cert-file}"; + NODE_EXTRA_CA_CERTS = "${zscaler-cert-file}"; + JVM_OPTS = "-Dcom.amazonaws.sdk.disableCertChecking"; + LEIN_JVM_OPTS = "-Dcom.amazonaws.sdk.disableCertChecking"; + }; + + home.shellAliases = { + notify_success = ''( osascript -e 'display notification "The command finished" with title "Success"' && afplay /System/Library/Sounds/Ping.aiff && say done )''; + notify_failure = ''( osascript -e 'display notification "The command failed" with title "Failure"' && afplay /System/Library/Sounds/Sosumi.aiff && say failed )''; + notify = "notify_success || notify_failure"; + ltn = "lein test && notify"; + yb = "aws codeartifact login --tool npm --repository otm-js --domain otm --domain-owner 103567893073 --region eu-west-1 --profile aws_otm_dev_developers && yarn && yarn build && notify"; + auth = "auth2aws login -r aws_otm_dev_developers,aws_otm_prd_developers && osascript -e 'tell app \"iTerm\" to activate'"; + }; + + home.packages = with pkgs; [ + zscaler-clojure + zscaler-lein + ]; + + home.file = { + "certs/zscaler-cert.pem".source = zscaler-cert-file; + "certs/aws-cert.pem".source = aws-cert-file; + "certs/full-cert.pem".source = full-cert-file; + "certs/internal-ca.pem".text = internal-cert; + "certs/staging-internal-ca.pem".text = internal-staging-cert; + ".docker/certs.d/zcaler-cert.pem".source = zscaler-cert-file; + ".wgetrc".text = "ca_certificate=${full-cert-file}"; + }; + + sops.secrets = { + "git_email_config/otm" = { }; + "ssh_config/otm" = { }; + }; + + programs.java = { + enable = true; + package = zscaler-jdk; + }; + programs.git = { signing.signByDefault = lib.mkForce false; - userEmail = lib.mkForce otmEmail; - includes = [ - { contents = { commit.gpgSign = true; user.email = email; }; condition = "gitdir:~/src/personal/"; } - { contents = { commit.gpgSign = true; user.email = email; }; condition = "gitdir:~/dotfiles/"; } + includes = lib.mkForce [ + { path = config.sops.secrets."git_email_config/otm".path; } + { + path = config.sops.secrets."git_email_config/default".path; + condition = "gitdir:~/src/personal/"; + } + { + path = config.sops.secrets."git_email_config/default".path; + condition = "gitdir:~/dotfiles/"; + } + { + contents = { + commit.gpgSign = true; + tag.gpgSign = true; + }; + condition = "gitdir:~/src/personal/"; + } + { + contents = { + commit.gpgSign = true; + tag.gpgSign = true; + }; + condition = "gitdir:~/dotfiles/"; + } ]; extraConfig = { github.user = "david-morgan-otm"; + http.sslcainfo = "${full-cert-file}"; }; ignores = [ ".envrc" @@ -37,21 +217,24 @@ in "resources/next/package-lock.json" ]; }; - programs.ssh.matchBlocks = { - "github.com" = lib.mkForce { - hostname = "github.com"; - user = "git"; - identityFile = "~/.ssh/id_rsa"; - identitiesOnly = true; - }; - "github.com-personal" = { - hostname = "github.com"; - user = "git"; - identityFile = "~/.ssh/id_ed25519"; - identitiesOnly = true; + programs.ssh = { + includes = [ config.sops.secrets."ssh_config/otm".path ]; + matchBlocks = { + "github.com" = lib.mkForce { + hostname = "github.com"; + user = "git"; + identityFile = "~/.ssh/id_rsa"; + identitiesOnly = true; + }; + "github.com-personal" = { + hostname = "github.com"; + user = "git"; + identityFile = "~/.ssh/id_ed25519"; + identitiesOnly = true; + }; }; }; - + # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage # when a new Home Manager release introduces backwards diff --git a/nix-conf/machines/djmuk1/configuration.nix b/nix-conf/machines/djmuk1/configuration.nix index 8c7187e..7405e9a 100644 --- a/nix-conf/machines/djmuk1/configuration.nix +++ b/nix-conf/machines/djmuk1/configuration.nix @@ -1,7 +1,6 @@ -{ config, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; +{ config, pkgs, ... }: +{ + imports = [ ./hardware-configuration.nix ]; boot.tmp.cleanOnBoot = true; @@ -30,45 +29,60 @@ services.sshguard.enable = true; services.oidentd.enable = true; - services.locate = { - enable = true; - package = pkgs.plocate; - localuser = null; - }; + services.locate.enable = true; - users.users.djm = - { isNormalUser = true; - home = "/home/djm"; - description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" + users.users.djm = { + isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ + "wheel" + "plocate" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; + ]; + }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; + }; - programs.zsh.enable = true; + programs.zsh.enable = true; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; - environment.systemPackages = with pkgs; [ - #procmail - vim - wget - ]; + environment.systemPackages = with pkgs; [ + #procmail + wget + ]; + + nix.settings.trusted-users = [ + "root" + "djm" + ]; - nix.settings.trusted-users = [ "root" "djm" ]; + i18n.defaultLocale = "en_GB.UTF-8"; - i18n.defaultLocale = "en_GB.UTF-8"; + swapDevices = [ { + device = "/var/lib/swapfile"; + size = 2*1024; + } ]; - system.stateVersion = "22.05"; + system.stateVersion = "23.11"; } diff --git a/nix-conf/machines/djmuk1/hardware-configuration.nix b/nix-conf/machines/djmuk1/hardware-configuration.nix index 4d5ccf9..894b817 100644 --- a/nix-conf/machines/djmuk1/hardware-configuration.nix +++ b/nix-conf/machines/djmuk1/hardware-configuration.nix @@ -6,7 +6,20 @@ efiInstallAsRemovable = true; device = "nodev"; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/C149-C30B"; fsType = "vfat"; }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0D60-CDE2"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + } diff --git a/nix-conf/machines/djmuk2/configuration.nix b/nix-conf/machines/djmuk2/configuration.nix index 8d679ac..0b31a01 100644 --- a/nix-conf/machines/djmuk2/configuration.nix +++ b/nix-conf/machines/djmuk2/configuration.nix @@ -1,7 +1,6 @@ -{ config, pkgs, ... }: { - imports = [ - ./hardware-configuration.nix - ]; +{ config, pkgs, ... }: +{ + imports = [ ./hardware-configuration.nix ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -31,49 +30,65 @@ services.sshguard.enable = true; services.oidentd.enable = true; - services.locate = { - enable = true; - package = pkgs.plocate; - localuser = null; - }; + services.locate.enable = true; - users.users.djm = - { isNormalUser = true; - home = "/home/djm"; - description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ + # Emulate nix-sops. Technically an anti-pattern, but this isn't a real secret, and this has to be embedded here, as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["openiscsi_name"]' machines/djmuk2/secrets.yaml | doas tee /root/.config/secrets/openiscsi_name + services.openiscsi.enable = true; + services.openiscsi.name = builtins.readFile "/root/.config/secrets/openiscsi_name"; + #services.openiscsi.enableAutoLoginOut = true; + + users.users.djm = { + isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ + "wheel" + "plocate" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; + ]; + }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; + }; - programs.zsh.enable = true; + programs.zsh.enable = true; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; - environment.systemPackages = with pkgs; [ - #procmail - git - vim - wget - ]; + environment.systemPackages = with pkgs; [ + #procmail + git + wget + ]; - nix.settings.trusted-users = [ "root" "djm" ]; - nix.optimise.automatic = true; - nix.optimise.dates = [ "03:00" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; + nix.optimise.automatic = true; + nix.optimise.dates = [ "03:00" ]; - i18n.defaultLocale = "en_GB.UTF-8"; + i18n.defaultLocale = "en_GB.UTF-8"; - system.stateVersion = "22.05"; + system.stateVersion = "22.05"; } - diff --git a/nix-conf/machines/djmuk2/hardware-configuration.nix b/nix-conf/machines/djmuk2/hardware-configuration.nix index e27e899..5c421f9 100644 --- a/nix-conf/machines/djmuk2/hardware-configuration.nix +++ b/nix-conf/machines/djmuk2/hardware-configuration.nix @@ -6,9 +6,19 @@ efiInstallAsRemovable = true; device = "nodev"; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/4875-017B"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/4875-017B"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; - + fileSystems."/" = { + device = "/dev/mapper/ocivolume-root"; + fsType = "xfs"; + }; + } diff --git a/nix-conf/machines/djmuk2/secrets.yaml b/nix-conf/machines/djmuk2/secrets.yaml new file mode 100644 index 0000000..3216fd3 --- /dev/null +++ b/nix-conf/machines/djmuk2/secrets.yaml @@ -0,0 +1,21 @@ +openiscsi_name: ENC[AES256_GCM,data:RZtrRGCnYgiAwq1bVnyK8fiYCxCKbtNs5diV3nUmNWAhU8CYRxau6SIAhB9t3f7p1fKgVC1V0fxV0nko6tdK,iv:M7qSnfBdxdTaCIb2/QZfrTUOZGX19IJY69IncTEk68w=,tag:eIo0fSKZTMEakGHh2zi5oQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age17j56andser5ddtlfunm35m25xueua4djh9glxlscfcet8865yv9s5aqvla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UFgxckhMa1RWL3hGQkZw + M25XN1JkT2dnQk9iVXdyaFJsa3hMM0pVam04CmZSWFdJbnl4RzFpUUpYK2JmRXFO + L3ZZbXZ3aHA4NjBuRCtnYlpsNG94ZVkKLS0tIFNIUTVjOUxhS00zZFlyODVuQ1lB + bC9sLzdObkpFNTJRcmk3N3Y0TG1xakkKvFbr1YlLFS7c0BfK1MYczTXgjwcaNjxH + tHCQWzVyx1VzLID1TCQDGXWApkaaQYxa2d/afTTRxk98w6xJIvLj2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-03T15:08:24Z" + mac: ENC[AES256_GCM,data:CtMDdk/tY52HLDuTHIUWF8qV3wdyykWnEKJk0bGMT+feWd/+PAzJRzCOVDuL6AxT1FmtZGx2lFZz6A9vzFbGsn1fawXVo40q+6TWpdcv80tRaicfyh1FTppWGNOJn/bh7DILuX41HRTEP2ngpMHwSr3cbCUfhxrV+r7giguj1do=,iv:uGe15h57SyQr8yi19sqDRPwtC/4WmBAwqvsHI5g5pAc=,tag:2Lv+QZf0CsgusJMay9MyQQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix index 2ef4c9d..a1bc8e3 100644 --- a/nix-conf/machines/edrahil/configuration.nix +++ b/nix-conf/machines/edrahil/configuration.nix @@ -1,7 +1,9 @@ -{ config, pkgs,... }: { +{ config, pkgs, ... }: +{ imports = [ ./hardware-configuration.nix ./network-configuration.nix + <sops-nix/modules/sops> ]; boot.tmp.cleanOnBoot = true; @@ -10,7 +12,20 @@ networking.hostName = "edrahil"; networking.firewall = { enable = true; - allowedTCPPorts = [ 113 2222 ]; + allowedTCPPorts = [ + 113 + 2222 + ]; + }; + + sops = { + defaultSopsFile = builtins.path { + path = /etc/nixos/secrets.yaml; + name = "edrahil-secrets.yaml"; + }; + secrets.restic_password = { + owner = config.users.users.djm.name; + }; }; services.openssh = { @@ -34,50 +49,158 @@ services.sshguard.enable = true; services.oidentd.enable = true; - services.locate = { - enable = true; - package = pkgs.plocate; - localuser = null; + services.locate.enable = true; + + services.restic = { + backups = { + hb = { + paths = [ "${config.users.users.djm.home}" ]; + repository = "sftp:djm@hb-backup:/home/djm/backup/edrahil"; + initialize = true; + user = "djm"; + environmentFile = "/etc/restic-environment"; + passwordFile = config.sops.secrets.restic_password.path; + timerConfig = { + OnCalendar = "02:25"; + RandomizedDelaySec = "20min"; + }; + exclude = [ + "irclogs" + ".cache" + ".config" + ".directory_history" + ".local" + "nixpkgs" + ]; + extraBackupArgs = [ + "--compression=max" + ]; + pruneOpts = [ + "--keep-daily 5" + "--keep-weekly 2" + "--keep-monthly 3" + ]; + }; + bs = { + paths = [ "${config.users.users.djm.home}" ]; + repository = "sftp:djm@bs-backup:/home/djm/backup/edrahil"; + initialize = true; + user = "djm"; + environmentFile = "/etc/restic-environment"; + passwordFile = config.sops.secrets.restic_password.path; + timerConfig = { + OnCalendar = "03:15"; + RandomizedDelaySec = "20min"; + }; + exclude = [ + "irclogs" + ".cache" + ".config" + ".directory_history" + ".local" + "nixpkgs" + ]; + extraBackupArgs = [ + "--compression=max" + ]; + pruneOpts = [ + "--keep-daily 5" + "--keep-weekly 2" + "--keep-monthly 3" + ]; + }; + tt = { + paths = [ "${config.users.users.djm.home}" ]; + repository = "sftp:djm@tt-backup:/home/djm/backup/edrahil"; + initialize = true; + user = "djm"; + environmentFile = "/etc/restic-environment"; + passwordFile = config.sops.secrets.restic_password.path; + timerConfig = { + OnCalendar = "04:05"; + RandomizedDelaySec = "20min"; + }; + exclude = [ + "irclogs" + ".cache" + ".config" + ".directory_history" + ".local" + "nixpkgs" + ]; + extraBackupArgs = [ + "--compression=max" + ]; + pruneOpts = [ + "--keep-daily 5" + "--keep-weekly 2" + "--keep-monthly 3" + ]; + }; + }; }; time.timeZone = "Europe/London"; - users.users.djm = - { isNormalUser = true; - home = "/home/djm"; - description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ + users.users.djm = { + isNormalUser = true; + home = "/home/djm"; + description = "David Morgan"; + extraGroups = [ + "wheel" + "plocate" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; + ]; + }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { + enable = true; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; + }; + + programs.zsh.enable = true; - programs.zsh.enable = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; - programs.vim.defaultEditor = true; + environment.etc = { + "restic-environment" = { + text = '' + RESTIC_COMPRESSION=max + ''; + }; + }; - environment.systemPackages = with pkgs; [ - #procmail - git - wget - ]; + environment.systemPackages = with pkgs; [ + #procmail + git + wget + ]; - nix.settings.trusted-users = [ "root" "djm" ]; - nix.optimise.automatic = true; - nix.optimise.dates = [ "03:00" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; + nix.optimise.automatic = true; + nix.optimise.dates = [ "03:00" ]; - i18n.defaultLocale = "en_GB.UTF-8"; + i18n.defaultLocale = "en_GB.UTF-8"; - system.stateVersion = "22.05"; + system.stateVersion = "22.05"; } diff --git a/nix-conf/machines/edrahil/hardware-configuration.nix b/nix-conf/machines/edrahil/hardware-configuration.nix index f67b9f4..c8ee3f5 100644 --- a/nix-conf/machines/edrahil/hardware-configuration.nix +++ b/nix-conf/machines/edrahil/hardware-configuration.nix @@ -2,8 +2,16 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "vmw_pvscsi" "xen_blkfront" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "vmw_pvscsi" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + } diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix new file mode 100644 index 0000000..4b85912 --- /dev/null +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + networking = { + interfaces.ens3.ipv6.addresses = [ + { + # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, + # as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' machines/edrahil/secrets.yaml | doas tee /root/.config/secrets/ipv6_address + address = builtins.readFile "/root/.config/secrets/ipv6_address"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; + }; +} diff --git a/nix-conf/machines/edrahil/secrets.yaml b/nix-conf/machines/edrahil/secrets.yaml new file mode 100644 index 0000000..1f4c31e --- /dev/null +++ b/nix-conf/machines/edrahil/secrets.yaml @@ -0,0 +1,31 @@ +ipv6_address: ENC[AES256_GCM,data:CGQWUSuwmucIEwtlLK0FodXOWjM=,iv:ZLPiACwjOmes+FbezZKjjwUETujhTbT++4zCuoptpkY=,tag:VjMtetJhRDlJXdKAmJlOxQ==,type:str] +restic_password: ENC[AES256_GCM,data:2sxeUDRdh9cPv0ACY9EIP7JcmPFo/w==,iv:bkA/FW82l5gSEOZPtVhSNoATmoJf07kC0FJLAcXFkZU=,tag:PbDY039oBas7CvK8RaFRkA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1tjfctwnwldmyxnu6qmeufgr9l79vyzmrs7fy58v3d0qj4x4nhqhq2gjmlp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvUGNnbm1Jemc5dVZYM01h + R0h4RlRpVnU1ZGxyL3V2TXdYS2JUSHFNTm1BCjJxdlFFbURjdXBaNjNUdldXNkJy + blZYRkhkZUgxR0lST2MxM3hENUhiQkEKLS0tIDhvYjhpRnpIVnVmV0VoTDFNOXIx + RlB1dXVsdEhETTNUdTRIbGxIMGNFSEkKqeafOyRg3F9dtENNnH5DhJzJU+AEEqrV + nfndOlVQe0G/e8SUzUYjVtD6V6Hj/x8OxN6FSOfZnNFNFHQgJ42jFg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w7kjp0qdgfyg9cyj5w4qc4fc9qz3w65xw2veazesfgdenqrd3ucqsc5ejv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSGIvTjdEZGdGWm9ldnow + RGxnZ3RhMmthQXFhOCtaNUk1UGhYSytQdkFnCmY3UUxWVFJKeDE5eG9GNktobndz + UjBLOFBNWmFXSmJ2akRDYitsZm9TcmMKLS0tIDZoTGFxSWpwWmFTNjN6b2Q2T2Y3 + Qm1PWnAvZGcxWGZjcnE4QWJZaDE2cGMKOAfTIipI68eJnOnvpQyLCOyH1KAWd/d/ + SLnJQ+rmh9onA/znahB7Pn3LQtfKLNBADVtwLIuPID0FcgUW7nlOiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-17T13:43:53Z" + mac: ENC[AES256_GCM,data:lVMbjnDvwlw72CiixJkEXCO7a20DYi4zKA8JTf0kSVQR/xjr9WbLpyllNq9Ex+eca/X0yaHBYjyOnBBpgz1h5o4i5iq738VXOEqD9v5BMdOrVmmDNnVcTAXqmWZGE7/pGmkiKef/iXOyJT2vsrrYR0vhgrvo/0WXce1YLUA4NTs=,iv:Y1w/llSNDry+PWz4oA/0MBJ+Ra6ceC1ZHMKb+CPCvE0=,tag:r2RR6ZfGL9TYwHtV9auL3A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/nix-conf/machines/egalmoth/configuration.nix b/nix-conf/machines/egalmoth/configuration.nix index 66382dd..e47cd45 100644 --- a/nix-conf/machines/egalmoth/configuration.nix +++ b/nix-conf/machines/egalmoth/configuration.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ... }: - { - imports = - [ - ./hardware-configuration.nix - ]; + config, + pkgs, + lib, + ... +}: +let + unstable = import <unstable> { }; +in +{ + imports = [ ./hardware-configuration.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelParams = ["intel_pstate=enable"]; + boot.kernelParams = [ "intel_pstate=enable" ]; powerManagement = { enable = true; #cpuFreqGovernor = "powersave"; @@ -50,8 +54,7 @@ }; }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; + hardware.graphics.enable = true; networking.hostName = "egalmoth"; # Define your hostname. networking.networkmanager.enable = true; @@ -80,13 +83,19 @@ services.xserver.xkb.layout = "gb"; services.printing.enable = true; - services.printing.drivers = [ pkgs.gutenprint pkgs.hplipWithPlugin ]; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "hplip" - "corefonts" + services.printing.drivers = [ + pkgs.gutenprint + pkgs.hplipWithPlugin ]; + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "corefonts" + "hplip" + "zoom" + ]; + hardware.sane.enable = true; services.udev.packages = [ @@ -118,31 +127,40 @@ pulse.enable = true; }; - users.users.djm = - { isNormalUser = true; - description = "David Morgan"; - extraGroups = [ "wheel" "networkmanager" "scanner" "lp" "plocate" "cdrom" ]; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ + users.users.djm = { + isNormalUser = true; + description = "David Morgan"; + extraGroups = [ + "wheel" + "networkmanager" + "scanner" + "lp" + "plocate" + "cdrom" + "disk" + ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9UDTaVnUOU/JknrNdihlhhGOk53LmHq9I1ASri3aga djm@gaius" - ]; - }; - security.sudo.extraConfig = '' - djm ALL=(ALL) NOPASSWD: ALL - ''; - security.doas = { - enable = true; - extraRules = [ { users = [ "djm" ]; noPass = true; keepEnv = true; } ]; - }; - - - services.locate = { + ]; + }; + security.sudo.extraConfig = '' + djm ALL=(ALL) NOPASSWD: ALL + ''; + security.doas = { enable = true; - package = pkgs.plocate; - localuser = null; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; + services.locate.enable = true; + environment.systemPackages = with pkgs; [ acpi acpitool @@ -160,19 +178,25 @@ rofi st sway - vim + vdhcoapp + ungoogled-chromium wayland wayst wezterm wl-clipboard wget xclip + xorg.xkill xurls xst + zoom-us libreoffice onlyoffice-bin ]; + programs.nix-ld.enable = true; + + programs.nix-ld.libraries = with pkgs; [ xorg.libxcb ]; fonts.packages = with pkgs; [ corefonts @@ -180,6 +204,7 @@ iosevka-bin jetbrains-mono meslo-lgs-nf + unstable.aporetic ]; programs.zsh.enable = true; @@ -194,7 +219,10 @@ enableSSHSupport = true; }; - programs.vim.defaultEditor = true; + programs.vim = { + enable = true; + defaultEditor = true; + }; services.openssh.enable = true; @@ -203,4 +231,3 @@ system.stateVersion = "21.05"; # Did you read the comment? } - diff --git a/nix-conf/machines/egalmoth/hardware-configuration.nix b/nix-conf/machines/egalmoth/hardware-configuration.nix index 4a5ae74..e5cb5f7 100644 --- a/nix-conf/machines/egalmoth/hardware-configuration.nix +++ b/nix-conf/machines/egalmoth/hardware-configuration.nix @@ -1,31 +1,40 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/b2189909-19fe-4f58-a8ff-4de288199843"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/b2189909-19fe-4f58-a8ff-4de288199843"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/6ED1-F330"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6ED1-F330"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/a130cacb-d7e0-4fb8-a312-a34d19f00796"; } - ]; + swapDevices = [ { device = "/dev/disk/by-uuid/a130cacb-d7e0-4fb8-a312-a34d19f00796"; } ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; } |