kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Refactors, konawall-py for darwin, sumireko update to Sonoma

Browse source
This commit is contained in:
Kat Inskip 2023-11-15 11:10:44 -08:00
parent 091ddb5b91
commit bc61d82487
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
151 changed files with 691 additions and 792 deletions
Download patch file Download diff file Expand all files Collapse all files

97
systems/chen.nix
View file

@ -4,9 +4,8 @@ _: let
tree,
inputs,
...
}:
let
inherit (lib.modules) mkForce;
}: let
inherit (lib.modules) mkForce;
in {
imports = with tree; [
inputs.wsl.nixosModules.wsl
@ -76,61 +75,61 @@ _: let
services.gpg-agent.enable = false;
programs.git.signing.gpgPath = "/mnt/c/Program Files (x86)/GnuPG/bin/gpg.exe";
programs.zsh.profileExtra = ''
if [[ -n "$XDG_SESSION_ID" && "$TERM" == "dumb" &&
"$(ps -p $PPID -o comm=)" == "login" ]]; then
# Running in the background login process. Do nothing.
return
fi
gpg-connect-agent killagent /bye &> /dev/null
WIN_USER="kat"
SSH_DIR="''${HOME}/.ssh" #
mkdir -p "''${SSH_DIR}"
wsl2_ssh_pageant_bin="''${SSH_DIR}/wsl2-ssh-pageant.exe"
ln -sf "/mnt/c/Users/''${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "''${wsl2_ssh_pageant_bin}"
if [[ -n "$XDG_SESSION_ID" && "$TERM" == "dumb" &&
"$(ps -p $PPID -o comm=)" == "login" ]]; then
# Running in the background login process. Do nothing.
return
fi
gpg-connect-agent killagent /bye &> /dev/null
WIN_USER="kat"
SSH_DIR="''${HOME}/.ssh" #
mkdir -p "''${SSH_DIR}"
wsl2_ssh_pageant_bin="''${SSH_DIR}/wsl2-ssh-pageant.exe"
ln -sf "/mnt/c/Users/''${WIN_USER}/.ssh/wsl2-ssh-pageant.exe" "''${wsl2_ssh_pageant_bin}"
listen_socket() {
sock_path="$1" && shift
fork_args="''${sock_path},fork"
exec_args="''${wsl2_ssh_pageant_bin} $@"
listen_socket() {
sock_path="$1" && shift
fork_args="''${sock_path},fork"
exec_args="''${wsl2_ssh_pageant_bin} $@"
if ! ps x | grep -v grep | grep -q "''${fork_args}"; then
rm -f "''${sock_path}"
(setsid nohup socat "UNIX-LISTEN:''${fork_args}" "EXEC:''${exec_args}" &>/dev/null &)
fi
}
if ! ps x | grep -v grep | grep -q "''${fork_args}"; then
rm -f "''${sock_path}"
(setsid nohup socat "UNIX-LISTEN:''${fork_args}" "EXEC:''${exec_args}" &>/dev/null &)
fi
}
# SSH
export SSH_AUTH_SOCK="''${SSH_DIR}/agent.sock"
listen_socket "''${SSH_AUTH_SOCK}"
# SSH
export SSH_AUTH_SOCK="''${SSH_DIR}/agent.sock"
listen_socket "''${SSH_AUTH_SOCK}"
# GPG
export GPG_AGENT_SOCK="''$(gpgconf --list-dirs socketdir)/S.gpg-agent"
# GPG
export GPG_AGENT_SOCK="''$(gpgconf --list-dirs socketdir)/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
fi
export GPG_AGENT_SOCK="/home/kat/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
fi
export GPG_AGENT_SOCK="/home/kat/.gnupg/S.gpg-agent"
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
fi
unset wsl2_ssh_pageant_bin
if ! ss -a | grep -q "$GPG_AGENT_SOCK"; then
echo "1"
rm -rf "$GPG_AGENT_SOCK"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$GPG_AGENT_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin -gpg S.gpg-agent" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
fi
unset wsl2_ssh_pageant_bin
'';
};
programs.gnupg.agent.pinentryFlavor = mkForce "curses";
programs.gnupg.agent.pinentryFlavor = mkForce "curses";
networking = {
hostId = "dddbb888";

7
systems/default.nix
View file

@ -70,10 +70,13 @@
}
.${string.toLower config.type};
modules = with tree; [
# per-OS modules
tree.modules.${config.folder}
#tree.modules.common
# per-OS configuration
tree.${config.folder}.common
tree.kat.user.${config.folder}
# per-OS user definition
tree.home.user.${config.folder}
# the base common module
common
];
builder =

73
systems/goliath.nix
View file

@ -8,20 +8,27 @@ _: let
}: let
inherit (lib.modules) mkDefault;
in {
imports = with tree.nixos.hardware;
[
common-wifi-bt
sound
]
++ (with tree.nixos.roles; [
kde
imports =
(with tree.nixos.profiles; [
graphical
gaming
])
++ (with tree.kat; [
gui
++ (with tree.nixos.environments; [
kde
])
++ (with tree.home.profiles; [
devops
graphical
wireless
]);
machine = {
cpuVendor = "amd";
};
# to-do: add this and kvm-amd to automation
hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
environment.systemPackages = with pkgs; [
fd # fd, better fine!
ripgrep # rg, better grep!
@ -35,19 +42,32 @@ _: let
k9s
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelParams = [
"amdgpu.gpu_recovery=1"
];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["ntfs"];
nixpkgs.hostPlatform = mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
boot = {
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
# Enable swap on luks
boot.initrd = {
luks.devices = {
"luks-111c4857-5d73-4e75-89c7-43be9b044ade".device = "/dev/disk/by-uuid/111c4857-5d73-4e75-89c7-43be9b044ade";
"luks-111c4857-5d73-4e75-89c7-43be9b044ade".keyFile = "/crypto_keyfile.bin";
"luks-af144e7f-e35b-49e7-be90-ef7001cc2abd".device = "/dev/disk/by-uuid/af144e7f-e35b-49e7-be90-ef7001cc2abd";
};
availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
secrets = {
"/crypto_keyfile.bin" = null;
};
};
kernelParams = [
"amdgpu.gpu_recovery=1"
];
kernelModules = ["kvm-amd"];
supportedFilesystems = ["ntfs"];
};
fileSystems = {
"/" = {
@ -60,15 +80,6 @@ _: let
};
};
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
# Enable swap on luks
boot.initrd.luks.devices."luks-111c4857-5d73-4e75-89c7-43be9b044ade".device = "/dev/disk/by-uuid/111c4857-5d73-4e75-89c7-43be9b044ade";
boot.initrd.luks.devices."luks-111c4857-5d73-4e75-89c7-43be9b044ade".keyFile = "/crypto_keyfile.bin";
boot.initrd.luks.devices."luks-af144e7f-e35b-49e7-be90-ef7001cc2abd".device = "/dev/disk/by-uuid/af144e7f-e35b-49e7-be90-ef7001cc2abd";
services.openssh = {
hostKeys = [
{

36
systems/koishi.nix
View file

@ -1,25 +1,20 @@
_: let
hostConfig = {
config,
tree,
...
}: {
imports = with tree.nixos.hardware;
[
lenovo-thinkpad-x260
common-pc-laptop-ssd
]
++ (with tree.nixos.roles; [
hostConfig = {tree, ...}: {
imports =
(with tree.nixos.profiles; [
graphical
kde
wireless
laptop
])
++ (with tree; [
kat.gui
kat.vscode
kat.kde
++ (with tree.nixos.environments; [
kde
]);
home-manager.users.kat.imports = with tree.home.profiles; [
graphical
devops
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/a664de0f-9883-420e-acc5-b9602a23e816";
@ -31,6 +26,10 @@ _: let
};
};
machine = {
cpuVendor = "intel";
};
networking.networkmanager.wifi.backend = "iwd";
swapDevices = [
@ -39,7 +38,10 @@ _: let
boot = {
supportedFilesystems = ["xfs"];
initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105";
initrd = {
availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod" "sr_mod" "rtsx_usb_sdmmc"];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105";
};
loader = {
efi = {
canTouchEfiVariables = true;

41
systems/renko.nix
View file

@ -1,7 +1,6 @@
_: let
hostConfig = {
lib,
tree,
pkgs,
inputs,
...
@ -67,25 +66,27 @@ _: let
services.openssh.enable = true;
# systemd
systemd.services."systemd-oomd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-resolved".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-userdbd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-udevd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-timesyncd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-timedated".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-portabled".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-nspawn@".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-networkd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-machined".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-localed".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-logind".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journald@".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journald".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journal-remote".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-journal-upload".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-importd".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-hostnamed".serviceConfig.WatchdogSec = 0;
systemd.services."systemd-homed".serviceConfig.WatchdogSec = 0;
systemd.services = {
"systemd-oomd".serviceConfig.WatchdogSec = 0;
"systemd-resolved".serviceConfig.WatchdogSec = 0;
"systemd-userdbd".serviceConfig.WatchdogSec = 0;
"systemd-udevd".serviceConfig.WatchdogSec = 0;
"systemd-timesyncd".serviceConfig.WatchdogSec = 0;
"systemd-timedated".serviceConfig.WatchdogSec = 0;
"systemd-portabled".serviceConfig.WatchdogSec = 0;
"systemd-nspawn@".serviceConfig.WatchdogSec = 0;
"systemd-networkd".serviceConfig.WatchdogSec = 0;
"systemd-machined".serviceConfig.WatchdogSec = 0;
"systemd-localed".serviceConfig.WatchdogSec = 0;
"systemd-logind".serviceConfig.WatchdogSec = 0;
"systemd-journald@".serviceConfig.WatchdogSec = 0;
"systemd-journald".serviceConfig.WatchdogSec = 0;
"systemd-journal-remote".serviceConfig.WatchdogSec = 0;
"systemd-journal-upload".serviceConfig.WatchdogSec = 0;
"systemd-importd".serviceConfig.WatchdogSec = 0;
"systemd-hostnamed".serviceConfig.WatchdogSec = 0;
"systemd-homed".serviceConfig.WatchdogSec = 0;
};
# package installation: not needed

148
systems/sumireko.nix
View file

@ -2,101 +2,40 @@ _: let
hostConfig = {
tree,
pkgs,
inputs,
std,
...
}: let
inherit (std) string;
in {
imports = with tree; [
kat.work
}: {
imports = with tree.darwin; [
orbstack
];
home-manager.users.kat.imports =
(with tree.home.profiles; [
graphical.gpg
graphical.vscode
graphical.wezterm
])
++ (with tree.home.profiles; [
devops
])
++ (with tree.home.environments; [
darwin
]);
security.pam.enableSudoTouchIdAuth = true;
home-manager.users.root.programs.ssh = {
enable = true;
extraConfig = ''
Host orb
HostName 127.0.0.1
Port 32222
User default
IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
'';
/*
ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass
ProxyUseFdpass yes
*/
};
nix.buildMachines = [
{
hostName = "nixos@orb";
system = "aarch64-linux";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}
{
hostName = "nixos@orb";
system = "x86_64-linux";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}
];
nix.distributedBuilds = true;
nix.extraOptions = ''
builders-use-substitutes = true
'';
environment.systemPackages = with pkgs; [
fd # fd, better fine!
terraform
ripgrep # rg, better grep!
deadnix # dead-code scanner
alejandra # code formatter
statix # anti-pattern finder
deploy-rs.deploy-rs # deployment system
rnix-lsp # vscode nix extensions
kubectl # kubernetes
k9s # cute k8s client, canines~
kubernetes-helm # helm
awscli2
];
home-manager.users.kat = {
home.sessionVariables = {
ARTEMISCLI_CONFIG_PATH = "/Users/kat/.artemisconfig";
};
home.file = {
".orbstack/ssh/authorized_keys".text =
(string.concatSep "\n" tree.kat.user.data.keys)
+ ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILW2V8yL2vC/KDmIQdxhEeevKo1vGG18bvMNj9mLL/On
'';
".ssh/authorized_keys".text = ''
${string.concatSep "\n" tree.kat.user.data.keys}
'';
};
programs = {
zsh = {
initExtra = ''
source <(kubectl completion zsh)
'';
};
ssh = {
enable = true;
extraConfig = ''
Host orb
HostName 127.0.0.1
Port 32222
User default
IdentityFile /Users/kat/.orbstack/ssh/id_ed25519
'';
/*
ProxyCommand env HOME=/Users/kat '/Applications/OrbStack.app/Contents/Frameworks/OrbStack Helper (VM).app/Contents/MacOS/OrbStack Helper (VM)' ssh-proxy-fdpass
ProxyUseFdpass yes
*/
};
};
};
@ -113,36 +52,45 @@ _: let
"snyk"
];
casks = [
"barrier"
"bitwarden"
"mullvadvpn"
# Browsers
"firefox"
"disk-inventory-x"
"dozer"
"devtoys"
"cyberduck"
"spotify"
"pycharm-ce"
"prismlauncher"
"element"
"logseq"
"slack"
"boop"
"iterm2"
"obsidian"
"contexts"
"rectangle"
"google-chrome"
# Chat
"signal"
"telegram"
"discord"
"deluge"
"element"
"slack"
"keybase"
"anki"
# Media
"spotify"
"deluge"
# Exocortex
"obsidian"
# Security
"bitwarden"
"mullvadvpn"
"pycharm-ce"
# Development Tools
"iterm2"
"cyberduck"
"boop"
# Utilities
"disk-inventory-x"
"devtoys"
"contexts"
"rectangle"
"syncthing"
"firefox"
"google-chrome"
"orbstack"
"anki"
"bartender"
];
taps = [
"pulumi/tap"
"homebrew/cask-versions"