ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

initial artemision changes (#116)

Browse Source 
* Add artemision

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* blank config.nix for alice

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move alice config

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix slack (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix unipicker (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix vscode (artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add wired-notify (not currently working, artemision)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* update lock

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* initial format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision settings

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add artemision files

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* artemision initial setup

* artemision initial setup

* sops generation

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* sops updates

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix breaking changes, add framework module

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting and friends

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot, mutable users is true

* fmt

* Add desktop/framework dependencies

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* enable sops

* sops/ethernet fixes

* update subs

* cache key fix & mutable users

* temp neovim

* zsh changes

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* dependency fixes, zsh.nix

* zsh fixes for home-manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* minor zsh fixes

* minor zsh/home fixes

* cleanup

* typo from merge

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove owner

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* non-server :)

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add display manager

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* switch to gdm

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland errors

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* remove ZFS unstable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* zsh reorg

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland enable

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* add boot partition options

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* wayland agian

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* nix format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
Co-authored-by: ahuston-0 <alice.huston@gmail.com>
This commit is contained in:
Alice Huston
2024-03-24 14:21:28 -04:00
committed by GitHub
parent bc7034e7e2
commit 46a605d12e
20 changed files with 1093 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
users/alice/home.nix
View File

@ -1,6 +1,8 @@
{ pkgs, ... }:
{
imports = [ ./home/zsh.nix ];
home = {
# # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run.
@ -52,13 +54,17 @@
};
programs = {
zsh.enable = true;
starship.enable = true;
fzf = {
enable = true;
enableZshIntegration = true;
};
nix-index = {
enable = true;
enableZshIntegration = true;
};
topgrade = {
enable = true;
settings = {
@ -73,5 +79,7 @@
};
};
services.ssh-agent.enable = true;
home.stateVersion = "23.11";
}

99
users/alice/home/zsh.nix Normal file
View File

@ -0,0 +1,99 @@
{ ... }:
{
programs.zsh = {
enable = true;
# autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"docker"
"docker-compose"
"colored-man-pages"
"rust"
"systemd"
"tmux"
"ufw"
"z"
"fzf"
];
};
initExtra = ''
# functions
function mount-data {
if [[ -f /home/alice/backup/.noconnection ]]; then
sshfs -p 10934 lily@192.168.1.154:/mnt/backup/data/ ~/backup -C
else
echo "Connection to backup server already open."
fi
}
function mount-backup {
if [[ -f /home/alice/backup/.noconnection ]]; then
sudo borgmatic mount --options allow_other,nonempty --archive latest --mount-point ~/backup -c /etc/borgmatic/config_checkless.yaml
else
echo "Connection to backup server already open."
fi
}
function mount-ubuntu {
if [[ -f /home/alice/backup/.noconnection ]]; then
sshfs lily@192.168.76.101:/mnt/backup/ubuntu.old/ ~/backup -C
else
echo "Connection to backup server already open."
fi
}
'';
shellAliases = {
"sgc" = "sudo git -C /root/dotfiles";
## SSH
"ssh-init" = "ssh-add -t 24h ~/.ssh/id_ed25519_janus ~/.ssh/id_ed25519_dennis ~/.ssh/id_ed25519_hetzner ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_ed25519_jeeves2 ~/.ssh/id_ed25519_jeeves ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine";
## Backups
"borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
"borgmatic-backup-full" = "sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"umount-backup" = "sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"restic-backup" = "/home/alice/Scripts/restic/backup.sh";
## VPN
"pfSense-vpn" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1194-alice-config.ovpn";
"pfSense-vpn-all" = "sudo openvpn --config /etc/openvpn/client/pfSense-TCP4-1195-alice-config.ovpn";
## Utilities
"lrt" = "exa --icons -lsnew";
"lynis-grep" = ''sudo lynis audit system 2&>1 | grep -v "egrep"'';
"egrep" = "grep -E";
"htgp" = "history | grep";
"gen_walpaper" = "wal -i '/home/alice/Pictures/Wallpapers/1440pdump'";
"vlgdf" = "valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes";
"ls" = "exa --icons";
"libreoffice-writer" = "libreoffice --writer";
"libreoffice-calc" = "libreoffice --calc";
"notes" = "code /home/alice/Scripts/Notes/dendron.code-workspace";
"ua-drop-caches" = "sudo paccache -rk3; yay -Sc --aur --noconfirm";
"ua-update-all" = ''
(export TMPFILE="$(mktemp)"; \
sudo true; \
rate-mirrors --save=$TMPFILE --protocol https\
--country-test-mirrors-per-country 10 arch --max-delay=21600 \
&& sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist-backup \
&& sudo mv $TMPFILE /etc/pacman.d/mirrorlist \
&& ua-drop-caches \
&& yay -Syyu)
'';
# applications (rofi entries)
"ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &";
"Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101";
"Wizard101" = "prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"Pirate101" = "prime-run playonlinux --run Pirate\\ 101";
"octave" = "prime-run octave --gui";
"pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050";
"hx" = "helix";
};
};
# TODO: add environment bs
}

64
users/alice/secrets.yaml
View File

@ -6,54 +6,54 @@ sops:
azure_kv: []
hc_vault: []
age:
- recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQjVEMCtsREdCUTBQa21D
dDFSVnkrbk5hNlo3RkFoTTg3MjBLbE1oaVVrCjltcEQyRlhtWWtCQzlseEtvRks5
bmpTcUNZeDJ0VEFCa0FyZytIbTZhVGcKLS0tIE8zVld3cnEvR0VtN3d3d2lpWmg0
enZHM1ZycDQwUS9Ea05QWHdJeGM0UDAKop5M4ubVN+5nfeCS37T4j3FPn+aheo+y
eIUPSSo8Tzl+b7eNyvj4nrG7zGr+kTJhc2m03FNacadVblQiHXlc+g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Mk13QUFFeGx3OFc2MnN1
ejBwa25sVGJSaWhHTXI3L2dQWEk4Sm9zZ0dVCnpIblczcWRvVU02SnlNZFdvWHhy
d2NEMXpUUGFyUHZJeVluSEVROHV1UncKLS0tIHl0V1JaQ3ZtSkhrOXAzRkNMOU5B
Y0oyRWJMdXZmeDZxSzNCWUJEQzRESUkKIwxWT8Px1Y4QxW6FC349N89UbeGiA98k
gTwTDmABCbJt6MEc3zmoRSObirGLzgvmPjzXlHdmqcKoR0twXUBDYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b0FVMHdMWENPTXNZSEJG
SXBOdnhmUWt4QWZCOS9SRFJyNXY2Q1pDS2pJCk5sN25xSm5KVGNsWTlaOWRUaEFY
MXR4RHFaY1RRNEVVSHgweW1LUDlweFUKLS0tIFp1dG5RS05FdXlvTGMwUFdLK3o3
Y0pCclZFVGZxNlBrdFBocnBoVVNmMm8K7R9LKDLZPQbSU4rRoIKbbI/QWDG2A9V1
3Gour+tJuf/UjYsP/vqmNPzNrCjOu2iJ/WKBvtMJ3CVsJsEEWMuvTA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra1V4bXBkZklucDEwbmdz
dk41QjN0eUtsZVMvellRMFRCOHd3Q2p4cXhZCmhkZzhwWTg0QkgrQTdIeEU0QjZS
aTU0c1NFV1hjZmFUUTFtaUYyMG1Pd2sKLS0tICtoMmsrSHJLS3g3K1JWelFOcWhL
VW1yekgzQkI2Uk9tRDJQTldrakZLUmMKMhmS9xqucsbfdIe1BjlPSYkvF88onzww
j5YkZSaaxNHcbMaTVc1+QjYv7NooM79EpUX96hP4BDwORpU3FWS2jA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeHF2aXErVkJ3ZnhLNWYv
VEZJcTFzUHgvRHloeG1mWnZtdGt5UUNhWkcwCittNzRGQXJ1dkdJaVl0elNtVVFI
Y2dDcFdsK2k3eUhWUEFLYWdwUHRONUkKLS0tIHhrek1RTG1sM2NaakdVZHpDZlk3
aVhmdXBkbDhrRG9ZaHFVR3FOZUJFejQK6q/JOuoST0zCZzg6C7Se7VzVs9DpSMD4
0uddoEsKadtI+II+ozmuc/RkdP4lfymBioW7ka4Wlyap5apzWHd0fg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VHF0aUN3cE1OcUtzWkdM
UGNPdVJteDFvRXFXVFVTV2p0WDV1TjBrTDIwCjVpYU1vbXdDQ24vR25qN0pEalVw
U2laUHg4TkVCLzNQRDI5Tnpzam5ZT2MKLS0tIDJNdXk2Y3V0bEFlY0NLdXUyMWw0
aHZYZkJoajZDa0pZVkpxbzFXTm9ZbXMKamjLneLosXuqhUcsiLXFGEgMVN+Yzklh
XKf6vPmwcPuOsy5yimy5P/TygLWJ0JeXDoieDEL+/NN6kt2qtUWD4g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-03T22:20:54Z"
mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
pgp:
- created_at: "2024-03-02T20:52:45Z"
- created_at: "2024-03-23T05:48:28Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nARAAr8UXHBCr6C3TrW1g+xLf7Q5XMP1cx2TAId7tCS/Z9R5e
+Zdzx+WYRuQwKLAYB7MwzVA22DpK8o5FY0kSXQCEziha5HCRMta2XHeprOU1GfK5
jDOqdZK/DOpmqeuaBDhzczgXFR3h5nRQ9YJFcfEVB0JhUmsoLUTR/I9fTUNXPFa7
d6urPxEcLyLqgWR5AxO9xjeia/WObidfYrYaXn+VY4lTx/kwV6Rsm5eThAagmtYP
kQqfNn9M68zgf8yQre9piNEktHf0tBhREZycd0xd0EMCM6TbIbisPI3ITqDQPV6c
eglcqcdOqNMjeVVbzQtTglzfKO4M2gquSLR4Kuvt08JH6bhtOGlT1njKfDKGykti
+ifHYD8iEk4opYJ1H9fS55E673gJXN1rUZGvAhG+FPz2bW/UAgq0OvdzAdZ+90B9
fm8vb7F0UdwC8lO6SC2QLiTVzu3wNuh9s//2rwXLmzewkkH+J4wpg6+Kyer/IkrI
D9qak5tRFJcKlfWbn4skH2T7aloFXuJYHcVjAIg7XHjK4PUsHkq1n2lP9VkpQ14w
zt2Mn9gmtYX8GNwqQeys/BqkHdkVk2VTV6Ge9O0PmIGx2n/3F8iZwNedz324I8HE
NIbdNR3V94uDRuHAPH4hL+1t9MoEklFbvvMp1Aak/eaw6rvQV/Ore3852pX7xJ7S
XgH3rCh73zJEq9NuqKux2U4sW47e1J8tFPet5Sfvm7Ra/0fqtf6YbufKNvd9OuXc
m61xY+IxYwDfxvMLfFKX0GLFyLNmBoiPCLkVZ6Y+UmK3zD2BVbVtDLuVSi/ELV4=
=iuPC
hQIMA84hNUGIgI/nAQ/9HO5t//5ztagOvKoBP/W4p9Huhav4MEmqZADmbXEv+ZcG
ihnaeiofyoaKbJXfmGZ8vDIA68ZvKFL/n0sDR/plUHAuHuCR2qa+sVmo9ruJyKEq
EWc/BlguqXJCiga/MP2Ocbh+XQYJMcwGorcR1tkFjL3HkHlY+MuMCZJr8nhoERba
bHNIG6J31EHZ3ivub38C9GWuwaosBqO5AlUH3nRA63vMcOCwdnpXzvc4qeIgtfxn
ouSdj7zl75v1KG8wlR0v8ciHHdNxQ/8WoLK9QduXIFnFGxAXFYOY2838mMNZOSr4
q6tg7ICKdMS1h3I4cTknUFEE7ZEEDMoZR/r89rJMXMQJGZ4JWVgkAroXyriRACSp
GmObXzur8BmJvaSmpckacNqZqUyVCveM82344t/q4BDZmiOKUhFQNeo8uQhgd3Jf
Z3gnNA1FsvMJOn2/oLxDP0d54uysN1fWnuhXiosiONonBNcHCuPF5Zp3OdAXJ/a9
YSj0n6mee600bhn0ff0MrxXfiBQUXBnTjtUljhM1EuXrniskp1OK2Xi736O+5KwN
ppT0Iol/cdfUcPNj+cONjkk6xVcARNuQ8vu0clGMPfqfkg3Ne9gLqUGoH5f2PMe2
sWNFMhhfqcnhwEGXDw3hXEGoabzxKr5YbItwe3t9oxbp59lgxuP38yaTnOe4KzPS
XgHntRY2zgxeKFruk8BjCyeffJO/4uXaj2LKcGcRKP3nyJ1h0JX7itmsGbYshhTZ
976Oaooyoabhv7NbUrZkpk6TcD+H6AIC7vavLZsva+BgDXKRH9nxTcDXo45WbL8=
=qXlJ
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
unencrypted_suffix: _unencrypted

63
users/alice/systems/artemision/configuration.nix Normal file
View File

@ -0,0 +1,63 @@
{ pkgs, ... }:
{
imports = [
../configuration.nix
../programs.nix
./programs.nix
./desktop.nix
];
time.timeZone = "America/New_York";
console.keyMap = "us";
# temp workaround for building while in nixos-enter
services.logrotate.checkConfig = false;
networking = {
hostId = "58f50a15";
firewall.enable = true;
};
boot = {
useSystemdBoot = true;
default = true;
};
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
virtualisation = {
docker = {
enable = true;
recommendedDefaults = true;
logDriver = "local";
storageDriver = "overlay2";
daemon."settings" = {
experimental = true;
data-root = "/var/lib/docker";
exec-opts = [ "native.cgroupdriver=systemd" ];
log-opts = {
max-size = "10m";
max-file = "5";
};
};
};
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services.fwupd.package =
(import
(builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
})
{ inherit (pkgs) system; }
).fwupd;
services.fprintd.enable = false;
system.stateVersion = "24.05";
}

10
users/alice/systems/artemision/default.nix Normal file
View File

@ -0,0 +1,10 @@
{ inputs, ... }:
{
system = "x86_64-linux";
home = true;
sops = true;
modules = [
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
{ environment.systemPackages = [ inputs.wired-notify.packages.x86_64-linux.default ]; }
];
}

19
users/alice/systems/artemision/desktop.nix Normal file
View File

@ -0,0 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
services.xserver.displayManager.gdm = {
enable = true;
};
}

90
users/alice/systems/artemision/hardware.nix Normal file
View File

@ -0,0 +1,90 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [
"dm-snapshot"
"r8152"
];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f3c11d62-37f4-495e-b668-1ff49e0d3a47";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/720af942-464c-4c1e-be41-0438936264f0";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/035f23f8-d895-4b0c-bcf5-45885a5dbbd9";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5AD7-6005";
fsType = "vfat";
options = [
"noatime"
"nodiratime"
"discard"
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {
device = "/dev/disk/by-uuid/12a7f660-bbcc-4066-81d0-e66005ee534a";
preLVM = true;
allowDiscards = true;
};
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp196s0f3u2u1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

101
users/alice/systems/artemision/non-server.nix Normal file
View File

@ -0,0 +1,101 @@
{
config,
lib,
pkgs,
...
}:
{
# Adds some items from the server config without importing everything
security.auditd.enable = true;
nixpkgs.config.allowUnfree = true;
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
boot = {
default = true;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
};
networking = {
firewall = {
enable = lib.mkDefault true;
allowedTCPPorts = [ ];
};
};
services = {
autopull = {
enable = true;
ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
path = /root/dotfiles;
};
};
# programs = {
# zsh = {
# enable = true;
# syntaxHighlighting.enable = true;
# zsh-autoenv.enable = true;
# enableCompletion = true;
# enableBashCompletion = true;
# ohMyZsh.enable = true;
# autosuggestions = {
# enable = true;
# strategy = [ "completion" ];
# async = true;
# };
# };
# };
nix = {
diffSystem = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
keep-outputs = true;
builders-use-substitutes = true;
connect-timeout = 20;
};
# free up to 10 gb when only 1 gb left
extraOptions = ''
min-free = ${toString (1 * 1024 * 1024 * 1024)}
max-free = ${toString (10 * 1024 * 1024 * 1024)}
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
optimise = {
automatic = true;
dates = [ "01:00" ];
};
};
system = {
autoUpgrade = {
enable = true;
randomizedDelaySec = "1h";
persistent = true;
flake = "github:RAD-Development/nix-dotfiles";
};
};
}

40
users/alice/systems/artemision/programs.nix Normal file
View File

@ -0,0 +1,40 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bat
btop
croc
deadnix
direnv
fd
file
htop
hwloc
iperf3
jp2a
jq
lsof
lynis
ncdu
neofetch
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
nmap
pciutils
python3
qrencode
ripgrep
smartmontools
tig
tokei
tree
unzip
ventoy
wget
zoxide
zsh-nix-shell
];
}

51
users/alice/systems/artemision/secrets.yaml Normal file
View File

@ -0,0 +1,51 @@
hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
#ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
example_array:
- ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
- ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
example_booleans:
- ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
- ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
#ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM
MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz
UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk
UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc
FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T05:46:44Z"
mac: ENC[AES256_GCM,data:/QpK5JuZgnKKHSOTKMRV291UJbPQaNFOx5hheBFx8aVKbS0TGPBMhFp65mw2dOjwT92iyjTxsox/wwev0wcNdNwlvLYTwFdwf4D6FHyLgX/DSkMfqcXbk8HHFlu0LEyd3W6wi2DBsB0KwiVcfsFKoUD4fKbpWnY2EXFOPD6L2Vg=,iv:hPlgFlPqTDXqfcCjRsJuznR+d3PlwT2kJ/TwFe1obfM=,tag:ZkpcEP0u95vvR37GkJGkuQ==,type:str]
pgp:
- created_at: "2024-03-23T05:46:35Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u
wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk
93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb
sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1
vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy
fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN
4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc
g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW
xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO
xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq
WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS
XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle
uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4=
=XdJo
-----END PGP MESSAGE-----
fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
unencrypted_suffix: _unencrypted
version: 3.8.1

12
users/alice/systems/configuration.nix Normal file
View File

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./non-server.nix ];
services.fwupd.enable = true;
}

88
users/alice/systems/non-server.nix Normal file
View File

@ -0,0 +1,88 @@
{
config,
lib,
pkgs,
...
}:
{
# Adds some items from the server config without importing everything
security.auditd.enable = true;
nixpkgs.config.allowUnfree = true;
i18n = {
defaultLocale = "en_US.utf8";
supportedLocales = [ "en_US.UTF-8/UTF-8" ];
};
boot = {
default = true;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
};
networking = {
firewall = {
enable = lib.mkDefault true;
allowedTCPPorts = [ ];
};
};
services = {
autopull = {
enable = true;
ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
path = /root/dotfiles;
};
};
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
zsh-autoenv.enable = true;
enableCompletion = true;
enableBashCompletion = true;
ohMyZsh.enable = true;
autosuggestions = {
enable = true;
strategy = [ "completion" ];
async = true;
};
};
nix = {
diffSystem = true;
settings = {
experimental-features = [
"nix-command"
"flakes"
];
keep-outputs = true;
builders-use-substitutes = true;
connect-timeout = 20;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
system = {
autoUpgrade = {
enable = true;
randomizedDelaySec = "1h";
persistent = true;
flake = "github:RAD-Development/nix-dotfiles";
};
};
}

53
users/alice/systems/programs.nix Normal file
View File

@ -0,0 +1,53 @@
{
pkgs,
config,
inputs,
...
}:
{
environment.systemPackages = with pkgs; [
bfg-repo-cleaner
candy-icons
calibre
# calibre dedrm?
discord-canary
fanficfare
ferium
# gestures replacement
gpu-viewer
headsetcontrol
ipmiview
ipscan
masterpdfeditor4
mons
# nbt explorer?
neovim
noisetorch
ocrmypdf
pinentry-rofi
playonlinux
protonmail-bridge
protontricks
redshift
ripgrep
rpi-imager
rofi-wayland
# signal in tray?
siji
simple-mtpfs
slack
snyk
spotify
spotify-player
#swaylock/waylock?
sweet-nova
unipicker
ventoy
vscode
watchman
xboxdrv
yubioath-flutter
zoom
];
# ++ [ inputs.wired.packages.${system}.wired ];
}