thunderbottom
/
flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: migrate to new flake structure for modularity 

coolcoolcool

Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com>
This commit is contained in:
Chinmay D. Pai 2023-12-08 10:08:21 +05:30
parent 3647ebdd26
commit b14c62da0e
Signed by: thunderbottom
GPG Key ID: 75507BE256F40CED
42 changed files with 756 additions and 905 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

444
flake.lock
View File

@ -24,29 +24,6 @@
"type": "github"
}
},
"beautysh": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"poetry2nix": "poetry2nix",
"utils": "utils"
},
"locked": {
"lastModified": 1680308980,
"narHash": "sha256-aUEHV0jk2qIFP3jlsWYWhBbm+w/N9gzH3e4I5DcdB5s=",
"owner": "lovesegfault",
"repo": "beautysh",
"rev": "9845efc3ea3e86cc0d41465d720a47f521b2799c",
"type": "github"
},
"original": {
"owner": "lovesegfault",
"repo": "beautysh",
"type": "github"
}
},
"cachix": {
"locked": {
"lastModified": 1635350005,
@ -85,39 +62,18 @@
"type": "github"
}
},
"devenv": {
"inputs": {
"flake-compat": "flake-compat",
"nix": "nix",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1701187605,
"narHash": "sha256-NctguPdUeDVLXFsv6vI1RlEiHLsXkeW3pgZe/mwn1BU=",
"owner": "cachix",
"repo": "devenv",
"rev": "a7c4dd8f4eb1f98a6b8f04bf08364954e1e73e4f",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"emacs-overlay": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable_2"
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1701423569,
"narHash": "sha256-kY6xzfsKX0vvO6+ZXMdLjYxU/fihSm5IZQx6e04AlMw=",
"lastModified": 1701855622,
"narHash": "sha256-Mv3J3L61hn9MShgwboviXCdqHvl13atJMHl0rZMCmdI=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "ead33b53bddac6d9e4e01d1e80e6dc1d8d30d2a3",
"rev": "ff6270444ab7e1ab6fac3464d173b03aa8cb7a75",
"type": "github"
},
"original": {
@ -129,17 +85,17 @@
"firefox-nightly": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"lib-aggregate": "lib-aggregate",
"mozilla": "mozilla",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1701450914,
"narHash": "sha256-0ikei2QP1oU7Zpga9+2opYx6/nwbRFdh2yZGZuFx4xU=",
"lastModified": 1701861309,
"narHash": "sha256-4+yJkGvG/5sGSCBl74sjzj7QbN3vPZK+cvJUHYcHexA=",
"owner": "nix-community",
"repo": "flake-firefox-nightly",
"rev": "4f0642ca3980ea78343dc274f2cc941fabf3ca22",
"rev": "6467bcaea657dca4a333f7b58572748653ccdcfd",
"type": "github"
},
"original": {
@ -149,22 +105,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -179,7 +119,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -200,11 +140,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -218,11 +158,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -272,11 +212,11 @@
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -289,24 +229,6 @@
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
@ -322,28 +244,6 @@
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"devenv",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
@ -372,11 +272,11 @@
]
},
"locked": {
"lastModified": 1701433070,
"narHash": "sha256-Gf9JStfENaUQ7YWFz3V7x/srIwr4nlnVteqaAxtwpgM=",
"lastModified": 1701728041,
"narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4a8545f5e737a6338814a4676dc8e18c7f43fc57",
"rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"type": "github"
},
"original": {
@ -387,15 +287,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701000511,
"narHash": "sha256-ISihdFB0FlIk5d5tdyqL+61o0by0p1ugA9w5c8qQtFM=",
"lastModified": 1701691817,
"narHash": "sha256-NX3tSg2KcYKz9KNQgWbqzEH8LUzHXXFbv8iR7A9vOMM=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "565fa4f33c785158e3effe4fee3cd9b143d5761d",
"rev": "087a3db40268af929b2f19c02c1a994c71653830",
"type": "github"
},
"original": {
@ -404,25 +304,9 @@
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"maych-in": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
@ -454,28 +338,10 @@
"type": "github"
}
},
"nh": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1701344951,
"narHash": "sha256-F0jd1tbSFreIpxNGtqVCxzUHKdSxjKLl2XFZPiz83zY=",
"owner": "viperML",
"repo": "nh",
"rev": "c192a4a937ed3ab974e14c09b90092b226188281",
"type": "github"
},
"original": {
"owner": "viperML",
"repo": "nh",
"type": "github"
}
},
"nil": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_5",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -492,37 +358,13 @@
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": [
"devenv",
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1676545802,
"narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
"owner": "domenkozar",
"repo": "nix",
"rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "relaxed-flakes",
"repo": "nix",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1701250978,
"narHash": "sha256-ohu3cz4edjpGxs2qUTgbs0WrnewOX4crnUJNEB6Jox4=",
"lastModified": 1701656485,
"narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "8772491ed75f150f02552c60694e1beff9f46013",
"rev": "fa194fc484fd7270ab324bb985593f71102e84d1",
"type": "github"
},
"original": {
@ -533,27 +375,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1678875422,
"narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
"lastModified": 1701436327,
"narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
"rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1700959576,
"narHash": "sha256-2hoFXToIiGdPzVKKUEUhNuWAvSb0lOfdCvhHhISvb7I=",
"lastModified": 1701564385,
"narHash": "sha256-um5ce7hnsQ8Do+oKf90zGKVmEqufr4Q6T8zfY9Hon38=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "d00d4561f0601ff5aaacff6d4882513e379ca873",
"rev": "152c00fc19bc45af5dd65bd41d1d020c2ba0b4ca",
"type": "github"
},
"original": {
@ -562,29 +404,13 @@
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"lastModified": 1701540982,
"narHash": "sha256-5ajSy6ODgGmAbmymRdHnjfVnuVrACjI8wXoGVvrtvww=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"rev": "6386d8aafc28b3a7ed03880a57bdc6eb4465491d",
"type": "github"
},
"original": {
@ -595,22 +421,6 @@
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1701268161,
"narHash": "sha256-hL4jGGwMHHmyx6G9wi6IrYa8RLkoEtzCb4zWITH1B40=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "67be70a859530f6f7c358568eaa6ab0d84b36b01",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
@ -628,53 +438,21 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"owner": "NixOS",
"lastModified": 1701436327,
"narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1701156937,
"narHash": "sha256-jpMJOFvOTejx211D8z/gz0ErRtQPy6RXxgD2ZB86mso=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c4c20509c4363195841faa6c911777a134acdf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1696725822,
"narHash": "sha256-B7uAOS7TkLlOg1aX01rQlYbydcyB6ZnLJSfaYbKVww8=",
@ -690,13 +468,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_4": {
"locked": {
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"lastModified": 1701436327,
"narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
"type": "github"
},
"original": {
@ -706,13 +484,13 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_5": {
"locked": {
"lastModified": 1701068326,
"narHash": "sha256-vmMceA+q6hG1yrjb+MP8T0YFDQIrW3bl45e7z24IEts=",
"lastModified": 1701436327,
"narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8cfef6986adfb599ba379ae53c9f5631ecd2fd9c",
"rev": "91050ea1e57e50388fa87a3302ba12d188ef723a",
"type": "github"
},
"original": {
@ -724,17 +502,16 @@
},
"nixvim": {
"inputs": {
"beautysh": "beautysh",
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_7",
"pre-commit-hooks": "pre-commit-hooks_2"
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_5",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1701379698,
"narHash": "sha256-u4wV7iI5XCMkj/BSyr9sih9WgevnYhw01nFWAerFEGE=",
"lastModified": 1701879058,
"narHash": "sha256-cOHIndHbXJ69DeYpa3srPBmAa+MuJhq1RgF1J1I3c3s=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "28fc85484ab827912b1785484dd709c62d9a8237",
"rev": "032f697da6ae830460095f881644da650f17a967",
"type": "github"
},
"original": {
@ -743,71 +520,16 @@
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": [
"nixvim",
"beautysh",
"utils"
],
"nixpkgs": [
"nixvim",
"beautysh",
"nixpkgs"
]
},
"locked": {
"lastModified": 1658665240,
"narHash": "sha256-/wkx7D7enyBPRjIkK0w7QxLQhzEkb3UxNQnjyc3FTUI=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "8b8edc85d24661d5a6d0d71d6a7011f3e699780f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
"devenv",
"flake-compat"
],
"flake-utils": "flake-utils",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_6",
"gitignore": "gitignore",
"nixpkgs": [
"devenv",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1688056373,
"narHash": "sha256-2+SDlNRTKsgo3LBRiMUcoEUb6sDViRNQhzJquZ4koOI=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "5843cf069272d92b60c3ed9e55b7a8989c01d4c7",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_7",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1700922917,
@ -826,15 +548,13 @@
"root": {
"inputs": {
"agenix": "agenix",
"devenv": "devenv",
"emacs-overlay": "emacs-overlay",
"firefox-nightly": "firefox-nightly",
"home-manager": "home-manager",
"maych-in": "maych-in",
"nh": "nh",
"nil": "nil",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim"
}
},
@ -952,36 +672,6 @@
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

102
flake.nix
View File

@ -1,102 +1,48 @@
{
outputs = {
self,
home-manager,
nixos-hardware,
nixpkgs,
...
} @ inputs: let
system = "x86_64-linux";
nixosSystem = import ./lib/nixosSystem.nix;
# Add package overlays and enable unfree
pkgs = import nixpkgs {
inherit system;
config = {allowUnfree = true;};
overlays = [
inputs.emacs-overlay.overlay
(_: prev: {
inherit (inputs.devenv.packages.${prev.system}) devenv;
inherit (inputs.agenix.packages.${prev.system}) agenix;
inherit (inputs.firefox-nightly.packages.${prev.system}) firefox-nightly-bin;
inherit (inputs.maych-in.packages.${prev.system}) maych-in;
inherit (inputs.nil.packages.${prev.system}) nil;
intel-vaapi-driver = prev.intel-vaapi-driver.override {enableHybridCodec = true;};
})
];
};
commons = [
inputs.agenix.nixosModules.default
inputs.nh.nixosModules.default
inputs.nixvim.nixosModules.nixvim
];
# Laptop, X1 Carbon 9th Gen.
hades = {
nixos-modules =
[
./machines/hades
nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
]
++ commons;
home-module = import ./home/desktop;
specialArgs =
{
username = "chnmy";
passwdHash = "$y$j9T$G75cisWVMV27C2TLIqk0P/$GsICzokHJs.FQ2Yr2rLga9iawMrY3g1SAwe8wYZNY6/";
sshKeys = [];
}
// inputs;
};
# Server, AMD A8 APU.
trench = {
nixos-modules =
[
./machines/trench
]
++ commons;
home-module = import ./home/base;
specialArgs =
{
username = "blurryface";
passwdHash = "$y$j9T$ab7R9O2uUPI.ctGSVWgMg0$eA2Eh2lP7XxJpslkxSIy8AJQvpkvwJKwSqK9B5TOXS3";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN cc@predator"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C cc@eden"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM chnmy@bastion"
];
}
// inputs;
};
inherit (self) outputs;
stateVersion = "23.11";
libx = import ./lib {inherit inputs outputs stateVersion;};
in {
nixosConfigurations = let
base = {
inherit home-manager nixpkgs pkgs system;
homeConfigurations = {
"chnmy@hades" = libx.mkHome {
hostname = "hades";
username = "chnmy";
desktop = "gnome";
};
"blurryface@trench" = libx.mkHome {
hostname = "trench";
username = "blurryface";
};
in {
hades = nixosSystem (hades // base);
trench = nixosSystem (trench // base);
};
formatter = {
"${system}" = nixpkgs.legacyPackages.${system}.alejandra;
nixosConfigurations = {
hades = libx.mkHost {
hostname = "hades";
username = "chnmy";
desktop = "gnome";
};
trench = libx.mkHost {
hostname = "trench";
username = "blurryface";
};
};
formatter = libx.forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
};
inputs = {
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.inputs.home-manager.follows = "nixpkgs";
devenv.url = "github:cachix/devenv";
emacs-overlay.url = "github:nix-community/emacs-overlay";
firefox-nightly.url = "github:nix-community/flake-firefox-nightly";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
maych-in.url = "https://git.deku.moe/thunderbottom/website/archive/main.tar.gz";
maych-in.inputs.nixpkgs.follows = "nixpkgs";
nh.url = "github:viperML/nh";
nil.url = "github:oxalica/nil";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware";
@ -111,12 +57,10 @@
# the specified cache.
extra-substituters = [
"https://nix-community.cachix.org"
"https://devenv.cachix.org"
"https://viperml.cachix.org"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8="
];
};

73
home-manager/default.nix Normal file
View File

@ -0,0 +1,73 @@
{
config,
desktop,
hostname,
inputs,
lib,
pkgs,
stateVersion,
username,
...
}: let
inherit (pkgs.stdenv) isDarwin;
in {
imports =
[
./system
]
++ lib.optional (builtins.isPath (./. + "/system/users/${username}")) ./system/users/${username}
++ lib.optional (builtins.pathExists (./. + "/system/users/${username}/hosts/${hostname}.nix")) ./system/users/${username}/hosts/${hostname}.nix
++ lib.optional (desktop != null) ./system/desktop;
home = {
# TODO: remove or keep?
# activation.report-changes = config.lib.dag.entryAnywhere ''
# ${pkgs.nvd}/bin/nvd diff $oldGenPath $newGenPath
# '';
homeDirectory =
if isDarwin
then "/Users/${username}"
else "/home/${username}";
inherit stateVersion;
inherit username;
};
# Workaround `home-manager news` bug with flakes
# - https://github.com/nix-community/home-manager/issues/2033
news.display = "silent";
nixpkgs = {
overlays = [
inputs.emacs-overlay.overlay
(_: prev: {
inherit (inputs.agenix.packages.${prev.system}) agenix;
inherit (inputs.firefox-nightly.packages.${prev.system}) firefox-nightly-bin;
inherit (inputs.maych-in.packages.${prev.system}) maych-in;
inherit (inputs.nil.packages.${prev.system}) nil;
intel-vaapi-driver = prev.intel-vaapi-driver.override {enableHybridCodec = true;};
})
];
config = {
allowUnfree = true;
# Workaround for https://github.com/nix-community/home-manager/issues/2942
allowUnfreePredicate = _: true;
};
};
nix = {
# This will add each flake input as a registry
# To make nix3 commands consistent with flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
package = pkgs.nix;
settings = {
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
# Avoid unwanted garbage collection when using nix-direnv
keep-outputs = true;
keep-derivations = true;
warn-dirty = false;
};
};
}

56
home/base/default.nix → home-manager/system/default.nix
View File

@ -1,23 +1,16 @@
{
pkgs,
username,
...
}: {
home = {
inherit username;
homeDirectory = "/home/${username}";
stateVersion = "23.05";
};
{pkgs, ...}: {
programs = {
home-manager.enable = true;
# A modern `ls` alternative
eza.enable = true;
# Fuzzy finder
fzf.enable = true;
eza = {
enable = true;
enableAliases = true;
extraOptions = [
"--group-directories-first"
"--header"
];
git = true;
icons = true;
};
# Fish shell
fish = {
enable = true;
@ -33,22 +26,12 @@
name = "autopair";
}
];
shellAliases = {
ls = "${pkgs.eza}/bin/eza --color=auto --sort=size --group-directories-first";
};
};
# Fuzzy finder
fzf.enable = true;
# Git configuration
git = {
enable = true;
ignores = ["*~" ".#*"];
lfs.enable = true;
extraConfig = {
core.editor = "vim";
gc.writeCommitGraph = true;
pull.rebase = false;
};
delta = {
enable = true;
options = {
@ -57,13 +40,20 @@
true-color = "always";
};
};
extraConfig = {
core.editor = "vim";
gc.writeCommitGraph = true;
pull.rebase = false;
};
ignores = ["*~" ".#*"];
};
home-manager.enable = true;
# Faster, indexed search for nixpkgs
nix-index = {
enable = true;
enableFishIntegration = true;
};
# TODO: replace?
# Shell Prompt
starship = {
enable = true;
@ -80,7 +70,6 @@
};
};
};
# Terminal multiplexer
tmux = {
enable = true;
@ -102,7 +91,6 @@
bind c new-window -c "#{pane_current_path}"
'';
};
# Faster, smarter `cd`
zoxide.enable = true;
};

10
home-manager/system/desktop/default.nix Normal file
View File

@ -0,0 +1,10 @@
{
desktop,
lib,
username,
...
}: {
imports =
lib.optional (builtins.pathExists (./. + "/../users/${username}/desktop.nix")) ../users/${username}/desktop.nix
++ lib.optional (builtins.pathExists (./. + "/${desktop}.nix")) ./${desktop}.nix;
}

1
home-manager/system/users/blurryface/default.nix Normal file
View File

@ -0,0 +1 @@
_: {}

4
home/desktop/default.nix → home-manager/system/users/chnmy/default.nix
View File

@ -1,12 +1,9 @@
{pkgs, ...}: {
imports = [../base];
home.packages = with pkgs; [
firefox-nightly-bin
];
programs = {
# Fish shell
# Git configuration
git = {
userEmail = "chinmay.pai@zerodha.com";
@ -21,7 +18,6 @@
url."ssh://git@gitlab.zerodha.tech:2280/".insteadOf = "git@gitlab.zerodha.tech:";
};
};
# Terminal emulator for wayland
wezterm = {
enable = true;

5
home-manager/system/users/chnmy/desktop.nix Normal file
View File

@ -0,0 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [
firefox-nightly-bin
];
}

12
lib/default.nix Normal file
View File

@ -0,0 +1,12 @@
{
inputs,
outputs,
stateVersion,
...
}: let
helpers = import ./helpers.nix {inherit inputs outputs stateVersion;};
in {
inherit (helpers) mkHome;
inherit (helpers) mkHost;
inherit (helpers) forAllSystems;
}

50
lib/helpers.nix Normal file
View File

@ -0,0 +1,50 @@
{
inputs,
outputs,
stateVersion,
...
}: {
# Helper function for generating home-manager configs
mkHome = {
hostname,
username,
desktop ? null,
platform ? "x86_64-linux",
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.${platform};
extraSpecialArgs = {
inherit inputs outputs desktop hostname platform username stateVersion;
};
modules = [../home-manager];
};
# Helper function for generating host configs
mkHost = {
hostname,
username,
desktop ? null,
installer ? null,
platform ? "x86_64-linux",
}:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs desktop hostname platform username stateVersion;
};
modules =
[
../nixos
inputs.agenix.nixosModules.default
inputs.nixvim.nixosModules.nixvim
]
++ (inputs.nixpkgs.lib.optionals (installer != null) [installer]);
};
forAllSystems = inputs.nixpkgs.lib.genAttrs [
"aarch64-linux"
"i686-linux"
"x86_64-linux"
"aarch64-darwin"
"x86_64-darwin"
];
}

33
lib/nixosSystem.nix
View File

@ -1,33 +0,0 @@
{
pkgs,
nixpkgs,
home-manager,
system,
specialArgs,
nixos-modules,
home-module,
}:
nixpkgs.lib.nixosSystem {
inherit pkgs system specialArgs;
modules =
nixos-modules
++ [
{
# use flake's nixpkgs for `nix run nixpkgs#nixpkgs`
# and `nix repl '<nixpkgs>'`
nix.registry.nixpkgs.flake = nixpkgs;
environment.etc."nix/inputs/nixpkgs".source = "${nixpkgs}";
nix.nixPath = ["/etc/nix/inputs"];
}
home-manager.nixosModules.home-manager
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = specialArgs;
users."${specialArgs.username}" = home-module;
};
}
];
}

49
machines/hades/default.nix
View File

@ -1,49 +0,0 @@
{
lib,
pkgs,
...
}: {
imports = [
./hardware.nix
../../modules/nixos/core-desktop.nix
../../modules/nixos/user-group.nix
../../modules/gnome
../../modules/programs/nixvim
../../modules/programs/emacs
];
environment.systemPackages = with pkgs; [
easyeffects
editorconfig-core-c
netbird-ui
pulumi-bin
terraform
terraform-ls
];
networking = {
hostName = "hades";
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault false;
interfaces.wlan0.useDHCP = lib.mkDefault false;
networkmanager = {
enable = true;
wifi.backend = "iwd"; # Use iwd instead of wpa_supplicant
};
wireless.iwd.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
services = {
netbird.enable = true;
};
system.stateVersion = "23.05";
}

27
machines/trench/default.nix
View File

@ -1,27 +0,0 @@
{pkgs, ...}: {
imports = [
./hardware.nix
../../modules/commons
../../modules/nixos/core-server.nix
../../modules/nixos/user-group.nix
../../modules/programs/nginx.nix
../../modules/programs/nixvim
../../modules/programs/nomad
../../modules/programs/gitea
../../modules/programs/vaultwarden
../../modules/sites/maych-in.nix
];
environment.systemPackages = with pkgs; [tailscale];
services = {
unifi = {
enable = true;
unifiPackage = pkgs.unifi7;
maximumJavaHeapSize = 256;
openFirewall = true;
};
};
system.stateVersion = "23.05";
}

7
modules/commons/default.nix
View File

@ -1,7 +0,0 @@
{
imports = [
./fonts.nix
./graphics.nix
./sound.nix
];
}

52
modules/commons/fonts.nix
View File

@ -1,52 +0,0 @@
{
lib,
pkgs,
...
}: {
fonts = {
fontDir.enable = true;
packages = with pkgs; [
aileron
corefonts
dejavu_fonts
dina-font
fira
fira-code
fira-code-symbols
google-fonts
hack-font
ibm-plex
inconsolata
inter
iosevka
liberation_ttf
libertine
libre-baskerville
material-design-icons
mplus-outline-fonts.githubRelease
nerdfonts
noto-fonts
noto-fonts-extra
noto-fonts-cjk
noto-fonts-emoji
powerline-fonts
proggyfonts
roboto
vistafonts
];
fontconfig.defaultFonts = {
serif = ["Noto Serif" "Noto Color Emoji"];
sansSerif = ["Noto Sans" "Noto Color Emoji"];
monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
emoji = ["Noto Color Emoji"];
};
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = lib.mkDefault "us";
useXkbConfig = true; # use xkbOptions in tty.
};
}

15
modules/commons/graphics.nix
View File

@ -1,15 +0,0 @@
{pkgs, ...}: {
hardware = {
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
libvdpau-va-gl
];
};
};
}

6
modules/gnome/default.nix
View File

@ -1,6 +0,0 @@
{
imports = [
./gnome.nix
./fingerprint.nix
];
}

27
modules/nixos/core-desktop.nix
View File

@ -1,27 +0,0 @@
{
lib,
pkgs,
...
}: {
imports = [
./core-server.nix
../commons
];
environment.shells = with pkgs; [
bash
fish
];
environment.systemPackages = with pkgs; [
devenv
];
programs = {
adb.enable = true;
ssh.startAgent = true;
dconf.enable = true;
};
services.udev.packages = with pkgs; [android-udev-rules];
}

88
modules/nixos/core-server.nix
View File

@ -1,88 +0,0 @@
{
lib,
pkgs,
...
}: {
# Keep only last 10 generations
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
environment.systemPackages = with pkgs; [
agenix
bottom
busybox
curl
dnsutils
ethtool
fd
git
gnumake
nil
python3
ripgrep
tree
wget
];
# nix-helper configuration
nh = {
enable = true;
clean = {
enable = true;
extraArgs = "--keep-since 30d";
};
};
nix = {
package = pkgs.nixUnstable;
# run garbage collector daily
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
settings = {
auto-optimise-store = true;
builders-use-substitutes = true;
experimental-features = ["nix-command" "flakes"];
sandbox = true;
trusted-users = ["root" "@wheel"];
};
};
programs = {
fish.enable = true;
gnupg.agent.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
mtr.enable = true;
nix-ld.enable = true;
};
services = {
# Firmware updates for the system
fwupd.enable = true;
# Enable the OpenSSH daemon.
openssh = {
enable = true;
# Disable PasswordAuthentication for Sekurity
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
X11Forwarding = true;
};
openFirewall = true;
};
};
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "Asia/Kolkata";
virtualisation.docker = {
enable = true;
# Required for containers with `--restart=always`
enableOnBoot = true;
};
zramSwap.enable = true;
}

21
modules/nixos/user-group.nix
View File

@ -1,21 +0,0 @@
{
pkgs,
specialArgs,
username,
...
}: {
nix.settings.trusted-users = [username];
users = {
mutableUsers = false;
users = {
"${username}" = {
hashedPassword = "${specialArgs.passwdHash}";
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ["docker" "networkmanager" "wheel"]; # Enable sudo for the user.
openssh.authorizedKeys.keys = specialArgs.sshKeys;
};
};
};
}

96
nixos/default.nix Normal file
View File

@ -0,0 +1,96 @@
{
config,
desktop,
hostname,
inputs,
lib,
modulesPath,
pkgs,
platform,
stateVersion,
username,
...
}: {
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
./machines/${hostname}
./system
./system/users/root
]
++ lib.optional (builtins.pathExists (./. + "/system/users/${username}")) ./system/users/${username}
++ lib.optional (desktop != null) ./system/desktop;
console = {
font = "Lat2-Terminus16";
keyMap = lib.mkDefault "us";
useXkbConfig = true; # use xkbOptions in tty.
};
documentation = {
enable = true;
nixos.enable = false;
man.enable = true;
info.enable = false;
doc.enable = false;
};
nixpkgs = {
overlays = [
inputs.emacs-overlay.overlay
(_: prev: {
inherit (inputs.agenix.packages.${prev.system}) agenix;
inherit (inputs.firefox-nightly.packages.${prev.system}) firefox-nightly-bin;
inherit (inputs.maych-in.packages.${prev.system}) maych-in;
inherit (inputs.nil.packages.${prev.system}) nil;
intel-vaapi-driver = prev.intel-vaapi-driver.override {enableHybridCodec = true;};
})
];
config = {
allowUnfree = true;
};
hostPlatform = lib.mkDefault "${platform}";
};
# nix-helper configuration
nix = {
# run garbage collector daily
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# This will additionally add inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
optimise.automatic = true;
package = pkgs.nixUnstable;
settings = {
auto-optimise-store = true;
experimental-features = ["nix-command" "flakes"];
# Avoid unwanted garbage collection when using nix-direnv
keep-outputs = true;
keep-derivations = true;
# Add `wheel` group to trusted users
trusted-users = ["root" "@wheel"];
warn-dirty = false;
};
};
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "Asia/Kolkata";
virtualisation.docker = {
enable = true;
# Required for containers with `--restart=always`
enableOnBoot = true;
};
system.stateVersion = stateVersion;
zramSwap.enable = true;
}

45
machines/hades/hardware.nix → nixos/machines/hades/default.nix
View File

@ -1,29 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
inputs,
lib,
modulesPath,
pkgs,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-9th-gen
../../system/hardware/boot.nix
];
networking = {
hostName = "hades";
useDHCP = lib.mkDefault false;
interfaces.wlan0.useDHCP = lib.mkDefault false;
networkmanager = {
enable = true;
wifi.backend = "iwd"; # Use iwd instead of wpa_supplicant
wifi.powersave = false;
};
wireless.iwd.enable = true;
firewall.enable = false;
};
hardware.bluetooth.enable = true;
virtualisation.docker.storageDriver = "btrfs";
boot = {
extraModulePackages = [];
initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/312b4d84-64dc-4721-9be3-bb0148199b16";
};
kernelModules = ["kvm-intel" "iwlwifi"];
kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
};
fileSystems = {
@ -75,16 +83,5 @@
fsType = "vfat";
};
};
swapDevices = [];
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
bluetooth.enable = true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
virtualisation.docker.storageDriver = "btrfs";
}

94
machines/trench/hardware.nix → nixos/machines/trench/default.nix
View File

@ -1,44 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
inputs,
lib,
modulesPath,
pkgs,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [
inputs.nixos-hardware.commons.cpu.amd
../../system/hardware/boot.nix
../../system/hardware/initrd-luks.nix
../../system/services/nginx.nix
../../system/services/nomad.nix
../../system/services/gitea.nix
../../system/services/maych-in.nix
../../system/services/vaultwarden.nix
../../system/services/unifi.nix
];
environment.systemPackages = with pkgs; [tailscale];
networking = {
hostName = "trench";
nameservers = ["1.1.1.1"];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault false;
interfaces.enp6s0 = {
useDHCP = lib.mkDefault true;
wakeOnLan.enable = true;
};
networkmanager.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "r8169"];
kernelModules = [];
availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"];
luks.devices."root".device = "/dev/disk/by-uuid/e70bfc3c-1147-4af7-9bae-69f70146953f";
network = {
enable = true;
ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
hostKeys = ["/etc/ssh/ssh_host_ed25519_key"];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN cc@predator"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C cc@eden"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM chnmy@bastion"
];
};
};
};
extraModulePackages = [];
kernelModules = ["kvm-amd"];
kernelParams = ["ip=dhcp"];
# Use the systemd-boot EFI boot loader.
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
};
fileSystems = {
@ -84,32 +89,5 @@
fsType = "vfat";
};
};
swapDevices = [];
networking = {
hostName = "trench";
nameservers = ["1.1.1.1"];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault false;
interfaces.enp6s0 = {
useDHCP = lib.mkDefault true;
wakeOnLan.enable = true;
};
networkmanager.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

93
nixos/system/default.nix Normal file
View File

@ -0,0 +1,93 @@
{
lib,
pkgs,
...
}: {
environment = {
defaultPackages = with pkgs;
lib.mkForce [
gitMinimal
home-manager
rsync
];
shells = with pkgs; [
bash
fish
];
systemPackages = with pkgs; [
bottom
busybox
curl
dnsutils
ethtool
pciutils
python3
unzip
wget
];
};
fonts = {
# Enable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.
enableDefaultPackages = false;
fontDir.enable = true;
packages = with pkgs; [
(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono" "SourceCodePro" "UbuntuMono"];})
fira
fira-go
liberation_ttf
noto-fonts
noto-fonts-emoji
noto-fonts-extra
source-serif
ubuntu_font_family
work-sans
];
fontconfig = {
antialias = true;
defaultFonts = {
serif = ["Noto Serif" "Noto Color Emoji"];
sansSerif = ["Noto Sans" "Noto Color Emoji"];
monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
emoji = ["Noto Color Emoji"];
};
enable = true;
hinting = {
autohint = false;
enable = true;
style = "slight";
};
subpixel = {
rgba = "rgb";
lcdfilter = "light";
};
};
};
programs = {
fish.enable = true;
gnupg.agent.enable = true;
# Some programs need SUID wrappers,
# can be configured further or is started in user sessions.
mtr.enable = true;
nix-ld.enable = true;
};
services = {
# Firmware updates for the system
fwupd.enable = true;
# Enable the OpenSSH daemon.
openssh = {
enable = true;
# Disable PasswordAuthentication for Sekurity
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
X11Forwarding = true;
};
openFirewall = true;
};
};
}

48
nixos/system/desktop/default.nix Normal file
View File

@ -0,0 +1,48 @@
{
desktop,
lib,
pkgs,
...
}: {
imports =
[
./fonts.nix
../services/pipewire.nix
]
++ lib.optional (builtins.pathExists (./. + "/${desktop}.nix")) ./${desktop}.nix;
boot = {
plymouth.enable = true;
};
hardware = {
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
libvdpau-va-gl
];
};
};
programs = {
adb.enable = true;
ssh.startAgent = true;
dconf.enable = true;
};
# Disable xterm
services.xserver.excludePackages = [pkgs.xterm];
services.xserver.desktopManager.xterm.enable = false;
# Add udev rules for adb
services.udev.packages = with pkgs; [android-udev-rules];
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
};
}

0
modules/gnome/fingerprint.nix → nixos/system/desktop/fingerprint.nix
View File

29
nixos/system/desktop/fonts.nix Normal file
View File

@ -0,0 +1,29 @@
{pkgs, ...}: {
fonts = {
fontDir.enable = true;
packages = with pkgs; [
aileron
cantarell-fonts
corefonts
dejavu_fonts
dina-font
fira-code
fira-code-symbols
google-fonts
hack-font
ibm-plex
inconsolata
inter
iosevka
libertine
libre-baskerville
material-design-icons
mplus-outline-fonts.githubRelease
noto-fonts-cjk
powerline-fonts
proggyfonts
roboto
vistafonts
];
};
}

7
modules/gnome/gnome.nix → nixos/system/desktop/gnome.nix
View File

@ -1,4 +1,7 @@
{pkgs, ...}: {
imports = [
./fingerprint.nix
];
# Install a few enchancements for gnome
environment.systemPackages = with pkgs; [
gnome.gnome-tweaks
@ -9,8 +12,7 @@
pinentry-gnome
];
# Add udev rules for gnome-settings-daemon
# to allow changes to the gnome shell
# Add udev rules for gnome-settings-daemon to allow changes to the gnome shell
services.udev.packages = with pkgs; [gnome.gnome-settings-daemon];
# Remove some gnome bloatware that we don't require
@ -43,7 +45,6 @@
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [xterm];
# Enable touchpad support (enabled default in most desktopManager).
libinput.enable = true;
};

20
nixos/system/hardware/boot.nix Normal file
View File

@ -0,0 +1,20 @@
{lib, ...}: {
boot = {
consoleLogLevel = 0;
initrd.verbose = false;
kernelParams = [
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
];
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
configurationLimit = lib.mkDefault 10;
};
};
};
}

20
nixos/system/hardware/initrd-luks.nix Normal file
View File

@ -0,0 +1,20 @@
_: {
# Enable remote LUKS Unlocking
# - https://nixos.wiki/wiki/Remote_LUKS_Unlocking
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
hostKeys = ["/etc/ssh/ssh_host_ed25519_key"];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN cc@predator"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C cc@eden"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM chnmy@bastion"
];
};
};
boot.initrd.availableKernelModules = ["r8169"];
boot.kernelParams = ["ip=dhcp"];
}

0
modules/programs/emacs/default.nix → nixos/system/services/emacs.nix
View File

0
modules/programs/gitea/default.nix → nixos/system/services/gitea.nix
View File

0
modules/sites/maych-in.nix → nixos/system/services/maych-in.nix
View File

2
modules/programs/nginx.nix → nixos/system/services/nginx.nix
View File

@ -1,4 +1,4 @@
{...}: {
_: {
security.acme = {
acceptTerms = true;
defaults.email = "chinmaydpai@gmail.com";

0
modules/programs/nixvim/default.nix → nixos/system/services/nixvim.nix
View File

0
modules/programs/nomad/default.nix → nixos/system/services/nomad.nix
View File

0
modules/commons/sound.nix → nixos/system/services/pipewire.nix
View File

10
nixos/system/services/unifi.nix Normal file
View File

@ -0,0 +1,10 @@
{pkgs, ...}: {
services = {
unifi = {
enable = true;
unifiPackage = pkgs.unifi8;
maximumJavaHeapSize = 256;
openFirewall = true;
};
};
}

0
modules/programs/vaultwarden/default.nix → nixos/system/services/vaultwarden.nix
View File

45
nixos/system/users/blurryface/default.nix Normal file
View File

@ -0,0 +1,45 @@
{
config,
# desktop,
# lib,
pkgs,
...
}: let
ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
imports = [];
# ++ lib.optionals (desktop != null) [
# ../../desktop/chromium.nix
# ../../desktop/chromium-extensions.nix
# ../../desktop/obs-studio.nix
# ../../desktop/${desktop}-apps.nix
# ];
environment.localBinInPath = true;
environment.systemPackages = [];
users.users.blurryface = {
description = "Blurryface";
extraGroups =
[
"networkmanager"
"users"
"wheel"
]
++ ifExists [
"docker"
"lxd"
"podman"
];
# mkpasswd -m sha-512
hashedPassword = "$y$j9T$ab7R9O2uUPI.ctGSVWgMg0$eA2Eh2lP7XxJpslkxSIy8AJQvpkvwJKwSqK9B5TOXS3";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN cc@predator"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C cc@eden"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM chnmy@bastion"
];
packages = [pkgs.home-manager];
shell = pkgs.fish;
};
}

63
nixos/system/users/chnmy/default.nix Normal file
View File

@ -0,0 +1,63 @@
{
config,
desktop,
lib,
pkgs,
...
}: let
ifExists = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
imports =
[
../../services/nixvim.nix
]
++ lib.optionals (desktop != null) [
../../services/emacs.nix
];
environment.localBinInPath = true;
environment.systemPackages = with pkgs;
[
agenix
editorconfig-core-c
fd
gnumake
nil
ripgrep
terraform
terraform-ls
tree
]
++ lib.optionals (desktop != null) [
easyeffects
netbird-ui
];
services = {
netbird.enable = true;
};
users.users.chnmy = {
description = "Chinmay D. Pai";
extraGroups =
[
"audio"
"input"
"networkmanager"
"users"
"video"
"wheel"
]
++ ifExists [
"docker"
"lxd"
"podman"
];
# mkpasswd -m sha-512
hashedPassword = "$y$j9T$G75cisWVMV27C2TLIqk0P/$GsICzokHJs.FQ2Yr2rLga9iawMrY3g1SAwe8wYZNY6/";
isNormalUser = true;
openssh.authorizedKeys.keys = [];
packages = [pkgs.home-manager];
shell = pkgs.fish;
};
}

7
nixos/system/users/root/default.nix Normal file
View File

@ -0,0 +1,7 @@
_: {
users.users.root = {
hashedPassword = null;
# TODO: add authorized keys
openssh.authorizedKeys.keys = [];
};
}