v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure

Browse source
This commit is contained in:
Vivian 2023-06-01 10:28:50 +02:00
commit f387a44282
24 changed files with 497 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

82
nixos/common/common.nix
View file

@ -1,82 +0,0 @@
{ config, lib, pkgs, ... }: {
imports = [ ./users ./modules ];
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam";
# Systemd OOMd
# Fedora enables these options by default. See the 10-oomd-* files here:
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
systemd.oomd = {
enableRootSlice = true;
enableUserServices = true;
};
# Nix Settings
nix = {
package = pkgs.nixUnstable;
settings = {
auto-optimise-store = true;
trusted-users = [ "root" "victor" ];
substituters = [
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
"https://cache.garnix.io"
"https://0x76-infra.cachix.org"
"https://webcord.cachix.org"
];
trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
"webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
];
};
optimise = {
automatic = true;
dates = [ "weekly" ];
};
gc = {
automatic = true;
dates = "weekly";
randomizedDelaySec = "3h";
options = "--delete-older-than 7d";
};
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1t"
"nodejs-16.20.0"
];
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
# Enable SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "no";
};
};
}

108
nixos/common/default.nix
View file

@ -1,13 +1,6 @@
{ inputs, lib, config, ... }: {
# This file deals with everything requiring `inputs`, the rest being delagated to `common.nix`
# this is because we can't import inputs from all contexts as that can lead to infinite recursion.
imports = [ ./common.nix inputs.vault-secrets.nixosModules.vault-secrets ];
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
nix.registry.nixpkgs.flake = inputs.nixpkgs;
home-manager.sharedModules =
[ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ];
{ lib, pkgs, inputs, config, ... }: {
imports =
[ ./users ./modules inputs.vault-secrets.nixosModules.vault-secrets ];
vault-secrets = let
inherit (config.networking) domain hostName;
@ -17,4 +10,99 @@
vaultAddress = "http://${server}.${domain}:8200/";
approlePrefix = "${domain}-${hostName}";
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs; };
sharedModules = [ ./hm-modules inputs.nixvim.homeManagerModules.nixvim ];
};
# Clean /tmp on boot.
boot.tmp.cleanOnBoot = true;
# Set your time zone.
time.timeZone = lib.mkDefault "Europe/Amsterdam";
# Systemd OOMd
# Fedora enables these options by default. See the 10-oomd-* files here:
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
systemd.oomd = {
enableRootSlice = true;
enableUserServices = true;
};
# Nix Settings
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
package = pkgs.nixUnstable;
settings = {
auto-optimise-store = true;
trusted-users = [ "root" "victor" ];
substituters = [
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
"https://cache.garnix.io"
"https://0x76-infra.cachix.org"
"https://webcord.cachix.org"
];
trusted-public-keys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
"webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
];
};
optimise = {
automatic = true;
dates = [ "weekly" ];
};
gc = {
automatic = true;
dates = "weekly";
randomizedDelaySec = "3h";
options = "--delete-older-than 7d";
};
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages =
[ "nodejs-14.21.3" "openssl-1.1.1t" "nodejs-16.20.0" ];
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
# Enable SSH
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = lib.mkDefault false;
PermitRootLogin = lib.mkDefault "no";
};
};
# Debloat
documentation = {
enable = lib.mkForce false;
doc.enable = lib.mkForce false;
man.enable = lib.mkForce false;
info.enable = lib.mkForce false;
nixos.enable = lib.mkForce false;
};
system.disableInstallerTools = lib.mkDefault true;
}

15
nixos/common/desktop/default.nix
View file

@ -1,9 +1,9 @@
{ pkgs, lib, ... }: {
{ pkgs, lib, inputs, ... }: {
# Bootloader.
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
};
@ -15,6 +15,12 @@
};
hardware.keyboard.qmk.enable = true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.victor = import ./home.nix;
extraSpecialArgs = { inherit inputs; };
};
# Enable my config for the gnome desktop environment
services.v.gnome.enable = true;
@ -40,7 +46,9 @@
services.printing.enable = true;
# Global Packages
environment.systemPackages = with pkgs; [ wireguard-tools ];
environment = {
systemPackages = with pkgs; [ wireguard-tools sbctl ];
};
# Enable sound with pipewire.
sound.enable = true;
@ -85,6 +93,7 @@
remotePlay.openFirewall = true;
};
programs.adb.enable = true;
# Networking
networking.networkmanager.enable = true;
networking.firewall.checkReversePath = false;

17
nixos/common/desktop/home.nix
View file

@ -7,6 +7,7 @@ let
my-python-packages = ps: with ps; [ pandas requests numpy ];
in {
home.packages = with pkgs; [
(python3.withPackages my-python-packages)
btop
calibre
celluloid
@ -17,13 +18,11 @@ in {
gimp
inputs.comma.packages.${pkgs.system}.default
inputs.webcord.packages.${pkgs.system}.default
# jetbrains.clion
kdenlive
mullvad-vpn
neofetch
nixfmt
nixpkgs-review
(python3.withPackages my-python-packages)
plex-media-player
rustup
solo2-cli
@ -35,7 +34,6 @@ in {
# Enable my own hm modules
themes.v.catppuccin.enable = true;
programs.v.nvim.enable = true;
programs.v.vscode.enable = true;
programs.riff = {
@ -56,22 +54,21 @@ in {
userName = "Victor";
userEmail = "victor@xirion.net";
lfs.enable = true;
# delta.enable = true;
extraConfig = {
push.autoSetupRemote = true;
init.defaultBranch = "main";
};
};
programs.tmux = {
enable = true;
shortcut = "b";
terminal = "screen-256color";
clock24 = true;
difftastic.enable = true;
};
programs.firefox.enable = true;
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
};
programs.direnv = {
enable = true;
nix-direnv.enable = true;

20
nixos/common/hm-modules/nvim.nix
View file

@ -11,11 +11,16 @@ in {
globals = { mapleader = " "; };
options = { number = true; };
maps.normal = {
"<leader>ff" = "<cmd>lua require('telescope.builtin').find_files()<cr>";
"<leader>fg" = "<cmd>lua require('telescope.builtin').live_grep()<cr>";
"<C-_>" =
"<cmd>lua require('Comment.api').toggle.linewise.current()<cr>"; # map ctrl+/ to commenting code
"g=" = "<cmd>lua vim.lsp.buf.format{async=true}<cr>";
};
extraPlugins = with pkgs.vimPlugins; [ catppuccin-nvim luasnip ];
@ -26,6 +31,19 @@ in {
plugins = {
bufferline.enable = true;
null-ls = {
enable = true;
sources = {
formatting.nixpkgs_fmt.enable = true;
code_actions.shellcheck.enable = true;
code_actions.statix.enable = true;
diagnostics = {
statix.enable = true;
deadnix.enable = true;
shellcheck.enable = true;
};
};
};
nix.enable = true;
treesitter = {
enable = true;
@ -47,8 +65,8 @@ in {
comment-nvim = { enable = true; };
lsp = {
enable = true;
servers.nil_ls.enable = true;
servers.rust-analyzer.enable = true;
servers.rnix-lsp.enable = true;
servers.pyright.enable = true;
servers.elixirls.enable = true;
servers.clangd.enable = true;

2
nixos/common/users/default.nix
View file

@ -23,6 +23,8 @@
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
defaultEditor = true;
};
# Disable sudo prompt for `wheel` users.

17
nixos/common/users/victor.nix
View file

@ -21,4 +21,21 @@
extraGroups =
[ "systemd-journal" "wheel" "networkmanager" "libvirtd" "dialout" ];
};
home-manager.users.victor = {
programs.home-manager.enable = true;
home.username = "victor";
home.homeDirectory = "/home/victor";
home.stateVersion = "23.05";
programs.v.nvim.enable = true;
programs.tmux = {
enable = true;
shortcut = "b";
terminal = "screen-256color";
clock24 = true;
};
};
}