again
This commit is contained in:
parent
6cfbc68c8b
commit
dccbb234f2
7
.sops.yaml
Normal file
7
.sops.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
keys:
|
||||
- &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_reichard
|
8
TODO.md
Normal file
8
TODO.md
Normal file
@ -0,0 +1,8 @@
|
||||
- Nix Builder
|
||||
|
||||
- Keys
|
||||
- User
|
||||
- Etc
|
||||
|
||||
- SSH
|
||||
- Known Hosts
|
23
flake.lock
generated
23
flake.lock
generated
@ -244,7 +244,8 @@
|
||||
"home-manager": "home-manager",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"snowfall-lib": "snowfall-lib"
|
||||
"snowfall-lib": "snowfall-lib",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
@ -285,6 +286,26 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1743305778,
|
||||
"narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "8e873886bbfc32163fe027b8676c75637b7da114",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
52
flake.nix
52
flake.nix
@ -14,7 +14,6 @@
|
||||
};
|
||||
apple-silicon = {
|
||||
url = "github:tpwrules/nixos-apple-silicon/releasep2-2024-12-25";
|
||||
# ref = "releasep2-2024-12-25";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixos-generators = {
|
||||
@ -25,6 +24,10 @@
|
||||
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs:
|
||||
@ -33,12 +36,53 @@
|
||||
src = ./.;
|
||||
|
||||
snowfall = {
|
||||
namespace = "reichard";
|
||||
meta = {
|
||||
name = "reichardnix";
|
||||
title = "ReichardNix";
|
||||
title = "Reichard";
|
||||
name = "reichard";
|
||||
};
|
||||
};
|
||||
|
||||
namespace = "reichardnix";
|
||||
homes.modules = with inputs; [
|
||||
sops-nix.homeManagerModules.sops
|
||||
];
|
||||
|
||||
systems.modules = {
|
||||
nixos = with inputs; [
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
|
||||
outputs-builder = channels: {
|
||||
# Define packages using nixos-generators
|
||||
packages.x86_64-linux = {
|
||||
# VMware image
|
||||
vmware-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "vmware";
|
||||
modules = [
|
||||
# Your VMware configuration
|
||||
./hosts/vmware-image.nix
|
||||
];
|
||||
};
|
||||
|
||||
# Keep your other images
|
||||
rke2-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "vmware";
|
||||
modules = [
|
||||
./hosts/rke2-image.nix
|
||||
];
|
||||
};
|
||||
|
||||
usb-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "x86_64-linux";
|
||||
format = "raw-efi";
|
||||
modules = [
|
||||
./hosts/usb-image.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,20 +1,36 @@
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib.${namespace}) enabled;
|
||||
in
|
||||
{
|
||||
reichardnix = {
|
||||
programs.btop.enable = true;
|
||||
programs.direnv.enable = true;
|
||||
programs.ghostty.enable = true;
|
||||
programs.git.enable = true;
|
||||
programs.k9s.enable = true;
|
||||
programs.nvim.enable = true;
|
||||
reichard = {
|
||||
user = {
|
||||
enable = true;
|
||||
inherit (config.snowfallorg.user) name;
|
||||
};
|
||||
|
||||
programs.hyprland.enable = false;
|
||||
programs.aws.enable = false;
|
||||
services = {
|
||||
ssh-agent = enabled;
|
||||
};
|
||||
|
||||
programs = {
|
||||
graphical = {
|
||||
ghostty = enabled;
|
||||
};
|
||||
|
||||
terminal = {
|
||||
btop = enabled;
|
||||
direnv = enabled;
|
||||
git = enabled;
|
||||
k9s = enabled;
|
||||
nvim = enabled;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Global Packages
|
||||
programs.jq.enable = true;
|
||||
programs.pandoc.enable = true;
|
||||
programs.jq = enabled;
|
||||
programs.pandoc = enabled;
|
||||
home.packages = with pkgs; [
|
||||
android-tools
|
||||
imagemagick
|
||||
@ -31,7 +47,5 @@
|
||||
.mode column
|
||||
'';
|
||||
|
||||
# Enable Home Manager & Self Manage
|
||||
home.stateVersion = "24.11";
|
||||
programs.home-manager.enable = true;
|
||||
}
|
||||
|
@ -1,75 +1,52 @@
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (pkgs.lib) mkForce;
|
||||
inherit (pkgs.stdenv) isLinux;
|
||||
inherit (lib.${namespace}) enabled;
|
||||
in
|
||||
{
|
||||
reichardnix = {
|
||||
programs.nvim.enable = true;
|
||||
reichard = {
|
||||
user = {
|
||||
enable = true;
|
||||
inherit (config.snowfallorg.user) name;
|
||||
};
|
||||
|
||||
services = {
|
||||
ssh-agent = enabled;
|
||||
};
|
||||
|
||||
programs = {
|
||||
graphical = {
|
||||
ghostty = enabled;
|
||||
};
|
||||
|
||||
terminal = {
|
||||
btop = enabled;
|
||||
direnv = enabled;
|
||||
git = enabled;
|
||||
k9s = enabled;
|
||||
nvim = enabled;
|
||||
aws = enabled;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Home Manager Config
|
||||
home.stateVersion = "24.11";
|
||||
home.username = "evanreichard";
|
||||
home.homeDirectory = mkForce (if isLinux then "/home/evanreichard" else "/Users/evanreichard");
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
# Global Packages
|
||||
# home.packages = with pkgs; [
|
||||
# (nerdfonts.override { fonts = [ "Meslo" ]; })
|
||||
# # ghostty - Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
|
||||
# android-tools
|
||||
# awscli2
|
||||
# bashInteractive
|
||||
# cw
|
||||
# fastfetch
|
||||
# gitAndTools.gh
|
||||
# google-cloud-sdk
|
||||
# imagemagick
|
||||
# kubectl
|
||||
# kubernetes-helm
|
||||
# mosh
|
||||
# pre-commit
|
||||
# python311
|
||||
# ssm-session-manager-plugin
|
||||
# texliveSmall # Pandoc PDF Dep
|
||||
# thefuck
|
||||
# tldr
|
||||
# ]
|
||||
# ++ optionals isLinux [
|
||||
# ghostty
|
||||
# hyprpaper
|
||||
# firefox
|
||||
# ]
|
||||
# ++ optionals isDarwin [ ];
|
||||
programs.jq = enabled;
|
||||
programs.pandoc = enabled;
|
||||
home.packages = with pkgs; [
|
||||
android-tools
|
||||
imagemagick
|
||||
mosh
|
||||
python311
|
||||
texliveSmall # Pandoc PDF Dep
|
||||
google-cloud-sdk
|
||||
tldr
|
||||
];
|
||||
|
||||
# # GitHub CLI
|
||||
# programs.gh = {
|
||||
# enable = true;
|
||||
# settings = {
|
||||
# git_protocol = "ssh";
|
||||
# };
|
||||
# };
|
||||
# SQLite Configuration
|
||||
home.file.".sqliterc".text = ''
|
||||
.headers on
|
||||
.mode column
|
||||
'';
|
||||
|
||||
# # Misc Programs
|
||||
# programs.jq.enable = true;
|
||||
# programs.k9s.enable = true;
|
||||
# programs.pandoc.enable = true;
|
||||
|
||||
# # Enable Flakes & Commands
|
||||
# nix = {
|
||||
# package = mkForce pkgs.nix;
|
||||
# settings = {
|
||||
# experimental-features = "nix-command flakes";
|
||||
# };
|
||||
# };
|
||||
|
||||
# # SQLite Configuration
|
||||
# home.file.".sqliterc".text = ''
|
||||
# .headers on
|
||||
# .mode column
|
||||
# '';
|
||||
|
||||
# # Darwin Spotlight Indexing Hack
|
||||
# disabledModules = [ "targets/darwin/linkapps.nix" ];
|
||||
home.stateVersion = "24.11";
|
||||
}
|
||||
|
@ -1,31 +1,47 @@
|
||||
{ pkgs, config, ... }:
|
||||
{ pkgs, lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib.${namespace}) enabled;
|
||||
in
|
||||
{
|
||||
reichardnix = {
|
||||
reichard = {
|
||||
user = {
|
||||
enable = true;
|
||||
inherit (config.snowfallorg.user) name;
|
||||
};
|
||||
|
||||
programs = {
|
||||
browsers.firefox = {
|
||||
services = {
|
||||
ssh-agent = enabled;
|
||||
sops = {
|
||||
enable = true;
|
||||
gpuAcceleration = true;
|
||||
hardwareDecoding = true;
|
||||
defaultSopsFile = lib.snowfall.fs.get-file "secrets/mbp-nixos/default.yaml";
|
||||
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
graphical = {
|
||||
wms.hyprland = enabled;
|
||||
ghostty = enabled;
|
||||
browsers.firefox = {
|
||||
enable = true;
|
||||
gpuAcceleration = true;
|
||||
hardwareDecoding = true;
|
||||
};
|
||||
};
|
||||
|
||||
btop.enable = true;
|
||||
direnv.enable = true;
|
||||
ghostty.enable = true;
|
||||
git.enable = true;
|
||||
hyprland.enable = true;
|
||||
k9s.enable = true;
|
||||
nvim.enable = true;
|
||||
terminal = {
|
||||
btop = enabled;
|
||||
direnv = enabled;
|
||||
git = enabled;
|
||||
k9s = enabled;
|
||||
nvim = enabled;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Global Packages
|
||||
programs.jq.enable = true;
|
||||
programs.pandoc.enable = true;
|
||||
programs.jq = enabled;
|
||||
programs.pandoc = enabled;
|
||||
home.packages = with pkgs; [
|
||||
android-tools
|
||||
imagemagick
|
||||
|
189
hosts/rke2-image.nix
Normal file
189
hosts/rke2-image.nix
Normal file
@ -0,0 +1,189 @@
|
||||
{ pkgs, lib, modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
config = {
|
||||
# Basic System
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
time.timeZone = "UTC";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
autoResize = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
# Xen
|
||||
"xen_blkfront"
|
||||
"xen_netfront"
|
||||
];
|
||||
kernelModules = [ "xen_netfront" "xen_blkfront" ];
|
||||
supportedFilesystems = [ "ext4" "xenfs" ];
|
||||
};
|
||||
kernelModules = [
|
||||
# Xen VM Requirements
|
||||
"xen_netfront"
|
||||
"xen_blkfront"
|
||||
"xenfs"
|
||||
|
||||
# iSCSI
|
||||
"iscsi_tcp"
|
||||
];
|
||||
};
|
||||
|
||||
# Add Intel Arc A310 GPU Drivers
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
libvdpau-va-gl
|
||||
intel-vaapi-driver
|
||||
intel-media-driver
|
||||
intel-compute-runtime
|
||||
intel-ocl
|
||||
];
|
||||
};
|
||||
|
||||
# Network Configuration
|
||||
networking = {
|
||||
hostName = lib.mkForce "";
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
||||
allowedTCPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
6443 # Kubernetes API
|
||||
9345 # RKE2 supervisor API
|
||||
2379 # etcd Client Port
|
||||
2380 # etcd Peer Port
|
||||
2381 # etcd Metrics Port
|
||||
10250 # kubelet metrics
|
||||
9099 # Canal CNI health checks
|
||||
];
|
||||
|
||||
allowedUDPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
8472 # Canal CNI with VXLAN
|
||||
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
|
||||
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
|
||||
];
|
||||
|
||||
# Allow Multicast
|
||||
extraCommands = ''
|
||||
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
# Enable Xen Guest Utilities
|
||||
xe-guest-utilities.enable = true;
|
||||
|
||||
# Enable iSCSI
|
||||
openiscsi = {
|
||||
enable = true;
|
||||
name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
|
||||
};
|
||||
|
||||
# Cloud Init
|
||||
cloud-init = {
|
||||
enable = true;
|
||||
network.enable = true;
|
||||
settings = {
|
||||
datasource_list = [ "NoCloud" ];
|
||||
preserve_hostname = false;
|
||||
system_info.distro = "nixos";
|
||||
system_info.network.renderers = [ "networkd" ];
|
||||
};
|
||||
};
|
||||
|
||||
# Enable SSH
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable RKE2
|
||||
rke2 = {
|
||||
enable = true;
|
||||
disable = [ "rke2-ingress-nginx" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
# RKE2 - Wait Cloud Init
|
||||
rke2-server = {
|
||||
after = [ "cloud-final.service" ];
|
||||
requires = [ "cloud-final.service" ];
|
||||
};
|
||||
|
||||
# Runtime iSCSI Initiator Setup
|
||||
iscsi-initiator-setup = {
|
||||
description = "Setup iSCSI Initiator Name";
|
||||
requires = [ "cloud-final.service" ];
|
||||
before = [ "iscsid.service" ];
|
||||
after = [ "cloud-final.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
path = [ pkgs.hostname pkgs.util-linux ];
|
||||
script = ''
|
||||
mkdir -p /run/iscsi
|
||||
echo "InitiatorName=iqn.2025.org.nixos:$(hostname)" > /run/iscsi/initiatorname.iscsi
|
||||
mount --bind /run/iscsi/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
|
||||
# Add Symlinks Expected by Democratic
|
||||
system.activationScripts = {
|
||||
iscsi-initiator = ''
|
||||
mkdir -p /usr/bin
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
|
||||
'';
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
htop
|
||||
intel-gpu-tools
|
||||
k9s
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
nfs-utils
|
||||
openiscsi
|
||||
tmux
|
||||
vim
|
||||
];
|
||||
|
||||
# Don't Manage - Runtime Generation
|
||||
etc."iscsi/initiatorname.iscsi".enable = false;
|
||||
};
|
||||
};
|
||||
}
|
@ -7,6 +7,13 @@ rec {
|
||||
type: default: description:
|
||||
mkOption { inherit type default description; };
|
||||
|
||||
|
||||
mkBoolOpt = mkOpt types.bool;
|
||||
|
||||
enabled = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
disabled = {
|
||||
enable = false;
|
||||
};
|
||||
}
|
||||
|
@ -8,12 +8,12 @@ let
|
||||
;
|
||||
inherit (lib.${namespace}) mkBoolOpt mkOpt;
|
||||
|
||||
cfg = config.${namespace}.programs.browsers.firefox;
|
||||
cfg = config.${namespace}.programs.graphical.browsers.firefox;
|
||||
in
|
||||
{
|
||||
imports = lib.snowfall.fs.get-non-default-nix-files ./.;
|
||||
|
||||
options.${namespace}.programs.browsers.firefox = with types; {
|
||||
options.${namespace}.programs.graphical.browsers.firefox = with types; {
|
||||
enable = lib.mkEnableOption "Firefox";
|
||||
|
||||
extraConfig = mkOpt str "" "Extra configuration for the user profile JS file.";
|
@ -1,11 +1,12 @@
|
||||
{ pkgs, lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.ghostty;
|
||||
inherit (pkgs.stdenv) isLinux;
|
||||
inherit (lib) mkIf mkEnableOption optionals;
|
||||
cfg = config.${namespace}.programs.graphical.ghostty;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.ghostty = {
|
||||
enable = lib.mkEnableOption "Ghostty";
|
||||
options.${namespace}.programs.graphical.ghostty = {
|
||||
enable = mkEnableOption "Ghostty";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
@ -53,12 +54,13 @@ in
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
|
||||
# ghostty
|
||||
thefuck
|
||||
fastfetch
|
||||
bashInteractive
|
||||
(nerdfonts.override { fonts = [ "Meslo" ]; })
|
||||
] ++ optionals isLinux [
|
||||
# Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
|
||||
ghostty
|
||||
];
|
||||
|
||||
home.file.".config/fastfetch/config.jsonc".text = builtins.readFile ./config/fastfetch.jsonc;
|
@ -49,7 +49,7 @@ env = HYPRCURSOR_SIZE,24
|
||||
# https://wiki.hyprland.org/Configuring/Variables/#general
|
||||
general {
|
||||
gaps_in = 5
|
||||
gaps_out = 20
|
||||
gaps_out = 12
|
||||
|
||||
border_size = 2
|
||||
|
@ -38,32 +38,31 @@
|
||||
color: @text;
|
||||
}
|
||||
|
||||
/* Icon Only Sizes */
|
||||
#network,
|
||||
#backlight,
|
||||
#battery {
|
||||
font-size: 18px;
|
||||
}
|
||||
|
||||
/* Node Styles */
|
||||
#workspaces,
|
||||
#window,
|
||||
#cpu,
|
||||
#memory,
|
||||
#battery,
|
||||
#backlight,
|
||||
#pulseaudio,
|
||||
#network,
|
||||
#backlight,
|
||||
#battery,
|
||||
#clock {
|
||||
margin-top: 0.75rem;
|
||||
padding: 0px 0.5rem;
|
||||
margin-top: 1rem;
|
||||
padding: 0.2px 1rem;
|
||||
background-color: @surface0;
|
||||
}
|
||||
|
||||
#workspaces {
|
||||
margin-left: 1rem;
|
||||
border-radius: 1rem;
|
||||
padding: 0px;
|
||||
background-color: @surface0;
|
||||
}
|
||||
|
||||
#window {
|
||||
background: transparent;
|
||||
margin-left: 0.5rem;
|
||||
margin-right: 8rem; /* Notch */
|
||||
margin-left: 1rem;
|
||||
}
|
||||
|
||||
#workspaces button {
|
||||
@ -74,30 +73,38 @@
|
||||
#workspaces button.active {
|
||||
color: @sky;
|
||||
background-color: @surface2;
|
||||
border-radius: 1rem;
|
||||
}
|
||||
|
||||
#workspaces button:hover {
|
||||
color: @sapphire;
|
||||
border-radius: 1rem;
|
||||
}
|
||||
|
||||
#clock {
|
||||
color: @blue;
|
||||
border-radius: 0px 1rem 1rem 0px;
|
||||
margin-right: 1rem;
|
||||
#window {
|
||||
background: transparent;
|
||||
margin-left: 0.5rem;
|
||||
margin-right: 8rem; /* Notch */
|
||||
}
|
||||
|
||||
#memory {
|
||||
color: @blue;
|
||||
border-radius: 0px 1rem 1rem 0px;
|
||||
margin-right: 0.5rem;
|
||||
}
|
||||
|
||||
#pulseaudio {
|
||||
color: @maroon;
|
||||
}
|
||||
|
||||
#network {
|
||||
color: @mauve;
|
||||
}
|
||||
|
||||
#cpu {
|
||||
color: @peach;
|
||||
}
|
||||
|
||||
#backlight {
|
||||
color: @yellow;
|
||||
}
|
||||
|
||||
#battery {
|
||||
color: @green;
|
||||
}
|
||||
@ -110,13 +117,25 @@
|
||||
color: @red;
|
||||
}
|
||||
|
||||
#backlight {
|
||||
color: @yellow;
|
||||
#clock {
|
||||
color: @blue;
|
||||
margin-right: 1rem;
|
||||
}
|
||||
|
||||
#pulseaudio,
|
||||
#cpu {
|
||||
color: @maroon;
|
||||
border-radius: 1rem 0px 0px 1rem;
|
||||
margin-left: 0.5rem;
|
||||
/* Left Border Radius */
|
||||
#clock,
|
||||
#network,
|
||||
#cpu,
|
||||
#workspaces {
|
||||
border-top-left-radius: 1rem;
|
||||
border-bottom-left-radius: 1rem;
|
||||
}
|
||||
|
||||
/* Right Border Radius */
|
||||
#pulseaudio,
|
||||
#clock,
|
||||
#battery,
|
||||
#workspaces {
|
||||
border-top-right-radius: 1rem;
|
||||
border-bottom-right-radius: 1rem;
|
||||
}
|
@ -1,17 +1,16 @@
|
||||
{ lib, pkgs, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.hyprland;
|
||||
cfg = config.${namespace}.programs.graphical.wms.hyprland;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.hyprland = {
|
||||
options.${namespace}.programs.graphical.wms.hyprland = {
|
||||
enable = lib.mkEnableOption "Hyprland";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
wayland.windowManager.hyprland = {
|
||||
enable = true;
|
||||
# systemd.enable = false;
|
||||
extraConfig = builtins.readFile ./config/hyprland.conf;
|
||||
};
|
||||
|
||||
@ -36,9 +35,9 @@ in
|
||||
"memory"
|
||||
"tray"
|
||||
"pulseaudio"
|
||||
"network"
|
||||
"backlight"
|
||||
"battery"
|
||||
"network"
|
||||
"clock"
|
||||
];
|
||||
"hyprland/window" = { format = "{}"; };
|
||||
@ -48,10 +47,33 @@ in
|
||||
all-outputs = true;
|
||||
on-click = "activate";
|
||||
};
|
||||
battery = { format = " {}%"; };
|
||||
battery = {
|
||||
states = {
|
||||
warning = 30;
|
||||
critical = 15;
|
||||
};
|
||||
format = "{icon}";
|
||||
format-charging = "";
|
||||
format-plugged = "";
|
||||
format-alt = "{icon}";
|
||||
format-icons = [
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
];
|
||||
};
|
||||
cpu = {
|
||||
interval = 10;
|
||||
format = " {}%";
|
||||
format = " {}%";
|
||||
max-length = 10;
|
||||
on-click = "";
|
||||
};
|
||||
@ -61,9 +83,24 @@ in
|
||||
format-alt = " {used:0.1f}G";
|
||||
max-length = 10;
|
||||
};
|
||||
# backlight = {
|
||||
# format = " {}%";
|
||||
# device = "acpi_video0";
|
||||
# };
|
||||
|
||||
backlight = {
|
||||
format = " {}%";
|
||||
device = "acpi_video0";
|
||||
format = "{icon}";
|
||||
format-icons = [
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
""
|
||||
];
|
||||
on-scroll-up = "brightnessctl s 1%-";
|
||||
on-scroll-down = "brightnessctl s +1%";
|
||||
};
|
||||
tray = {
|
||||
icon-size = 13;
|
||||
@ -71,8 +108,29 @@ in
|
||||
spacing = 10;
|
||||
};
|
||||
network = {
|
||||
format = " {essid}";
|
||||
format-disconnected = " disconnected";
|
||||
interval = 1;
|
||||
format-wifi = "";
|
||||
format-ethernet = "";
|
||||
format-linked = "";
|
||||
format-disconnected = "";
|
||||
on-click-right = "${pkgs.networkmanagerapplet}/bin/nm-connection-editor";
|
||||
# tooltip-format = ''
|
||||
# <big>Network Details</big>
|
||||
# <tt><small>Interface: {ifname}</small></tt>
|
||||
# <tt><small>IP: {ipaddr}/{cidr}</small></tt>
|
||||
# <tt><small>Gateway: {gwaddr}</small></tt>
|
||||
# <tt><small> {bandwidthUpBytes}\n {bandwidthDownBytes}</small></tt>'';
|
||||
tooltip-format = ''
|
||||
<big>Network Details</big>
|
||||
<small>
|
||||
Interface: {ifname}
|
||||
SSID: {essid}
|
||||
IP Address: {ipaddr}/{cidr}
|
||||
Gateway: {gwaddr}
|
||||
|
||||
{bandwidthUpBytes} / {bandwidthDownBytes}
|
||||
</small>'';
|
||||
|
||||
};
|
||||
clock = {
|
||||
format = " {:%Y-%m-%d %H:%M:%S}";
|
@ -1,10 +1,10 @@
|
||||
{ lib, pkgs, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.aws;
|
||||
cfg = config.${namespace}.programs.terminal.aws;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.aws = {
|
||||
options.${namespace}.programs.terminal.aws = {
|
||||
enable = lib.mkEnableOption "AWS";
|
||||
};
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.btop;
|
||||
cfg = config.${namespace}.programs.terminal.btop;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.btop = {
|
||||
options.${namespace}.programs.terminal.btop = {
|
||||
enable = lib.mkEnableOption "btop";
|
||||
};
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.direnv;
|
||||
cfg = config.${namespace}.programs.terminal.direnv;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.direnv = {
|
||||
options.${namespace}.programs.terminal.direnv = {
|
||||
enable = lib.mkEnableOption "direnv";
|
||||
};
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ pkgs, lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.git;
|
||||
cfg = config.${namespace}.programs.terminal.git;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.git = {
|
||||
options.${namespace}.programs.terminal.git = {
|
||||
enable = lib.mkEnableOption "Git";
|
||||
};
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ lib, pkgs, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.k9s;
|
||||
cfg = config.${namespace}.programs.terminal.k9s;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.k9s = {
|
||||
options.${namespace}.programs.terminal.k9s = {
|
||||
enable = lib.mkEnableOption "k9s";
|
||||
};
|
||||
|
@ -1,10 +1,10 @@
|
||||
{ pkgs, lib, config, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
cfg = config.${namespace}.programs.nvim;
|
||||
cfg = config.${namespace}.programs.terminal.nvim;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.nvim = {
|
||||
options.${namespace}.programs.terminal.nvim = {
|
||||
enable = lib.mkEnableOption "NeoVim";
|
||||
};
|
||||
|
41
modules/home/services/sops/default.nix
Normal file
41
modules/home/services/sops/default.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ config, lib, namespace, pkgs, ... }:
|
||||
let
|
||||
inherit (lib) mkIf types;
|
||||
inherit (lib.${namespace}) mkOpt;
|
||||
|
||||
cfg = config.${namespace}.services.sops;
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.sops = with types; {
|
||||
enable = lib.mkEnableOption "sops";
|
||||
defaultSopsFile = mkOpt path null "Default sops file.";
|
||||
sshKeyPaths = mkOpt (listOf path) [ ] "SSH Key paths to use.";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
age
|
||||
sops
|
||||
ssh-to-age
|
||||
];
|
||||
|
||||
sops = {
|
||||
inherit (cfg) defaultSopsFile;
|
||||
defaultSopsFormat = "yaml";
|
||||
|
||||
age = {
|
||||
generateKey = true;
|
||||
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
|
||||
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths;
|
||||
};
|
||||
|
||||
# TODO
|
||||
# secrets = {
|
||||
# nix = {
|
||||
# sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
|
||||
# path = "${config.home.homeDirectory}/.config/nix/nix.conf";
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
15
modules/home/services/ssh-agent/default.nix
Normal file
15
modules/home/services/ssh-agent/default.nix
Normal file
@ -0,0 +1,15 @@
|
||||
{ config, lib, namespace, ... }:
|
||||
let
|
||||
cfg = config.${namespace}.services.ssh-agent;
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.ssh-agent = {
|
||||
enable = lib.mkEnableOption "ssh-agent service";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.ssh-agent = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
27
modules/nixos/hardware/asahi/default.nix
Normal file
27
modules/nixos/hardware/asahi/default.nix
Normal file
@ -0,0 +1,27 @@
|
||||
{ config, lib, inputs, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf types;
|
||||
inherit (lib.${namespace}) mkOpt mkBoolOpt;
|
||||
|
||||
cfg = config.${namespace}.hardware.asahi;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
inputs.apple-silicon.nixosModules.default
|
||||
];
|
||||
|
||||
options.${namespace}.hardware.asahi = {
|
||||
enable = lib.mkEnableOption "support for asahi linux";
|
||||
enableGPU = mkBoolOpt false "enable gpu driver";
|
||||
firmwareDirectory = mkOpt types.path null "firmware directory";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
hardware = {
|
||||
asahi = {
|
||||
peripheralFirmwareDirectory = cfg.firmwareDirectory;
|
||||
useExperimentalGPUDriver = cfg.enableGPU;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
40
modules/nixos/hardware/opengl/default.nix
Normal file
40
modules/nixos/hardware/opengl/default.nix
Normal file
@ -0,0 +1,40 @@
|
||||
{ config, lib, pkgs, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
inherit (lib.${namespace}) mkBoolOpt;
|
||||
|
||||
cfg = config.${namespace}.hardware.opengl;
|
||||
in
|
||||
{
|
||||
options.${namespace}.hardware.opengl = {
|
||||
enable = lib.mkEnableOption "support for opengl";
|
||||
enable32Bit = mkBoolOpt false "enabel 32-bit";
|
||||
enableIntel = mkBoolOpt false "support for intel";
|
||||
enableNvidia = mkBoolOpt false "support for nvidia";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
libva-utils
|
||||
vdpauinfo
|
||||
] ++ lib.optionals cfg.enableNvidia [
|
||||
nvtopPackages.full
|
||||
];
|
||||
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = cfg.enable32Bit;
|
||||
|
||||
extraPackages = with pkgs;
|
||||
lib.optionals cfg.enableIntel [
|
||||
libvdpau-va-gl
|
||||
intel-vaapi-driver
|
||||
intel-media-driver
|
||||
intel-compute-runtime
|
||||
intel-ocl
|
||||
] ++ lib.optionals cfg.enableNvidia [
|
||||
cudatoolkit
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
76
modules/nixos/nix/default.nix
Normal file
76
modules/nixos/nix/default.nix
Normal file
@ -0,0 +1,76 @@
|
||||
{ config, lib, pkgs, namespace, host, ... }:
|
||||
let
|
||||
inherit (lib.${namespace}) mkBoolOpt mkOpt;
|
||||
|
||||
cfg = config.${namespace}.nix;
|
||||
in
|
||||
{
|
||||
options.${namespace}.nix = {
|
||||
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
|
||||
package = mkOpt lib.types.package pkgs.nixVersions.latest "Which nix package to use.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
nix =
|
||||
let
|
||||
users = [
|
||||
"root"
|
||||
"@wheel"
|
||||
"nix-builder"
|
||||
"evanreichard"
|
||||
];
|
||||
in
|
||||
{
|
||||
inherit (cfg) package;
|
||||
|
||||
buildMachines = lib.optional (host != "nixos-builder") {
|
||||
hostName = "10.0.50.130";
|
||||
systems = [ "x86_64-linux" ];
|
||||
sshUser = "root";
|
||||
speedFactor = 1;
|
||||
protocol = "ssh";
|
||||
sshKey = config.sops.secrets.reichard_ssh_key.path;
|
||||
supportedFeatures = [
|
||||
"benchmark"
|
||||
"big-parallel"
|
||||
"nixos-test"
|
||||
"kvm"
|
||||
];
|
||||
};
|
||||
|
||||
checkConfig = true;
|
||||
distributedBuilds = true;
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
# This will additionally add your inputs to the system's legacy channels
|
||||
# # Making legacy nix commands consistent as well
|
||||
nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
|
||||
|
||||
optimise.automatic = true;
|
||||
|
||||
settings = {
|
||||
allowed-users = users;
|
||||
auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
|
||||
builders-use-substitutes = true;
|
||||
experimental-features = [
|
||||
"nix-command"
|
||||
"flakes "
|
||||
];
|
||||
flake-registry = "/etc/nix/registry.json";
|
||||
http-connections = 50;
|
||||
keep-derivations = true;
|
||||
keep-going = true;
|
||||
keep-outputs = true;
|
||||
log-lines = 50;
|
||||
sandbox = true;
|
||||
trusted-users = users;
|
||||
warn-dirty = false;
|
||||
use-xdg-base-directories = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
28
modules/nixos/programs/graphical/wms/hyprland/default.nix
Normal file
28
modules/nixos/programs/graphical/wms/hyprland/default.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ config, lib, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.${namespace}.programs.graphical.wms.hyprland;
|
||||
in
|
||||
{
|
||||
options.${namespace}.programs.graphical.wms.hyprland = {
|
||||
enable = lib.mkEnableOption "Hyprland";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs = {
|
||||
hyprland = {
|
||||
enable = true;
|
||||
withUWSM = true;
|
||||
};
|
||||
};
|
||||
|
||||
reichard = {
|
||||
display-managers = {
|
||||
sddm = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
33
modules/nixos/security/sops/default.nix
Normal file
33
modules/nixos/security/sops/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ config, lib, namespace, ... }:
|
||||
let
|
||||
inherit (lib.${namespace}) mkOpt;
|
||||
|
||||
cfg = config.${namespace}.security.sops;
|
||||
in
|
||||
{
|
||||
options.${namespace}.security.sops = {
|
||||
enable = lib.mkEnableOption "sops";
|
||||
defaultSopsFile = mkOpt lib.types.path null "Default sops file.";
|
||||
sshKeyPaths = mkOpt (with lib.types; listOf path) [
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
] "SSH Key paths to use.";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
sops = {
|
||||
inherit (cfg) defaultSopsFile;
|
||||
|
||||
age = {
|
||||
inherit (cfg) sshKeyPaths;
|
||||
|
||||
keyFile = "${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt";
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"reichard_ssh_key" = {
|
||||
sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
78
modules/nixos/services/openssh/default.nix
Normal file
78
modules/nixos/services/openssh/default.nix
Normal file
@ -0,0 +1,78 @@
|
||||
{ config, format, lib, namespace, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
types
|
||||
mkDefault
|
||||
mkIf
|
||||
;
|
||||
inherit (lib.${namespace}) mkOpt;
|
||||
|
||||
cfg = config.${namespace}.services.openssh;
|
||||
|
||||
authorizedKeys = [
|
||||
# MBP-Personal NixOS
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr"
|
||||
];
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.openssh = with types; {
|
||||
enable = lib.mkEnableOption "OpenSSH support";
|
||||
authorizedKeys = mkOpt (listOf str) authorizedKeys "The public keys to apply.";
|
||||
extraConfig = mkOpt str "" "Extra configuration to apply.";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
|
||||
hostKeys = mkDefault [
|
||||
{
|
||||
bits = 4096;
|
||||
path = "/etc/ssh/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
];
|
||||
|
||||
openFirewall = true;
|
||||
ports = [ 22 ];
|
||||
|
||||
settings = {
|
||||
AuthenticationMethods = "publickey";
|
||||
ChallengeResponseAuthentication = "no";
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = if format == "install-iso" then "yes" else "no";
|
||||
PubkeyAuthentication = "yes";
|
||||
StreamLocalBindUnlink = "yes";
|
||||
UseDns = false;
|
||||
UsePAM = true;
|
||||
X11Forwarding = false;
|
||||
|
||||
KexAlgorithms = [
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group16-sha512"
|
||||
"diffie-hellman-group18-sha512"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
];
|
||||
|
||||
Macs = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
];
|
||||
};
|
||||
|
||||
startWhenNeeded = true;
|
||||
};
|
||||
|
||||
programs.ssh = {
|
||||
startAgent = lib.mkDefault true;
|
||||
inherit (cfg) extraConfig;
|
||||
};
|
||||
|
||||
reichard = {
|
||||
user.extraOptions.openssh.authorizedKeys.keys = cfg.authorizedKeys;
|
||||
};
|
||||
};
|
||||
}
|
43
modules/nixos/system/boot/default.nix
Normal file
43
modules/nixos/system/boot/default.nix
Normal file
@ -0,0 +1,43 @@
|
||||
{ config, lib, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.${namespace}.system.boot;
|
||||
in
|
||||
{
|
||||
options.${namespace}.system.boot = {
|
||||
enable = lib.mkEnableOption "booting";
|
||||
silentBoot = lib.mkEnableOption "silent boot";
|
||||
showNotch = lib.mkEnableOption "show macOS notch";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
boot = {
|
||||
kernelParams = lib.optionals cfg.silentBoot [
|
||||
"quiet"
|
||||
"loglevel=3"
|
||||
"udev.log_level=3"
|
||||
"rd.udev.log_level=3"
|
||||
"systemd.show_status=auto"
|
||||
"rd.systemd.show_status=auto"
|
||||
"vt.global_cursor_default=0"
|
||||
] ++ lib.optionals cfg.showNotch [
|
||||
"apple_dcp.show_notch=1"
|
||||
];
|
||||
|
||||
loader = {
|
||||
efi = {
|
||||
canTouchEfiVariables = false;
|
||||
};
|
||||
|
||||
systemd-boot = {
|
||||
enable = true;
|
||||
configurationLimit = 20;
|
||||
editor = false;
|
||||
};
|
||||
|
||||
timeout = 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
33
modules/nixos/system/networking/default.nix
Normal file
33
modules/nixos/system/networking/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ config, lib, pkgs, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf mkForce;
|
||||
inherit (lib.${namespace}) mkBoolOpt;
|
||||
|
||||
cfg = config.${namespace}.system.networking;
|
||||
in
|
||||
{
|
||||
options.${namespace}.system.networking = {
|
||||
enable = lib.mkEnableOption "networking support";
|
||||
enableIWD = mkBoolOpt false "enable iwd";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
mtr
|
||||
tcpdump
|
||||
traceroute
|
||||
];
|
||||
|
||||
reichard.user.extraGroups = [ "network" ];
|
||||
|
||||
networking = {
|
||||
firewall.enable = true;
|
||||
usePredictableInterfaceNames = mkForce true;
|
||||
} // (lib.optionalAttrs cfg.enableIWD) {
|
||||
wireless.iwd = {
|
||||
enable = true;
|
||||
settings.General.EnableNetworkConfiguration = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
26
modules/nixos/system/networking/networkmanager/default.nix
Normal file
26
modules/nixos/system/networking/networkmanager/default.nix
Normal file
@ -0,0 +1,26 @@
|
||||
{ config, lib, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.${namespace}.system.networking;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
reichard.user.extraGroups = [ "networkmanager" ];
|
||||
|
||||
networking.networkmanager = {
|
||||
enable = true;
|
||||
|
||||
connectionConfig = {
|
||||
"connection.mdns" = "2";
|
||||
};
|
||||
|
||||
# unmanaged = [
|
||||
# "interface-name:br-*"
|
||||
# "interface-name:rndis*"
|
||||
# ]
|
||||
# ++ lib.optionals config.${namespace}.virtualisation.podman.enable [ "interface-name:docker*" ]
|
||||
# ++ lib.optionals config.${namespace}.virtualisation.kvm.enable [ "interface-name:virbr*" ];
|
||||
};
|
||||
};
|
||||
}
|
32
modules/nixos/system/time/default.nix
Normal file
32
modules/nixos/system/time/default.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ config, lib, pkgs, namespace, ... }:
|
||||
let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.${namespace}.system.time;
|
||||
in
|
||||
{
|
||||
options.${namespace}.system.time = {
|
||||
enable = lib.mkEnableOption "time related settings";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.openntpd ];
|
||||
|
||||
networking.timeServers = [
|
||||
"0.nixos.pool.ntp.org"
|
||||
"1.nixos.pool.ntp.org"
|
||||
"2.nixos.pool.ntp.org"
|
||||
"3.nixos.pool.ntp.org"
|
||||
];
|
||||
|
||||
services.openntpd = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
listen on 127.0.0.1
|
||||
listen on ::1
|
||||
'';
|
||||
};
|
||||
|
||||
time.timeZone = "America/New_York";
|
||||
};
|
||||
}
|
35
modules/nixos/user/default.nix
Normal file
35
modules/nixos/user/default.nix
Normal file
@ -0,0 +1,35 @@
|
||||
{ config, lib, pkgs, namespace, ... }:
|
||||
let
|
||||
inherit (lib) types;
|
||||
inherit (lib.${namespace}) mkOpt;
|
||||
|
||||
cfg = config.${namespace}.user;
|
||||
in
|
||||
{
|
||||
options.${namespace}.user = with types; {
|
||||
email = mkOpt str "evan@reichard.io" "The email of the user.";
|
||||
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
|
||||
extraOptions = mkOpt attrs { } "Extra options passed to <option>users.users.<name></option>.";
|
||||
fullName = mkOpt str "Evan Reichard" "The full name of the user.";
|
||||
initialPassword =
|
||||
mkOpt str "password"
|
||||
"The initial password to use when the user is first created.";
|
||||
name = mkOpt str "evanreichard" "The name to use for the user account.";
|
||||
};
|
||||
|
||||
config = {
|
||||
users.users.${cfg.name} = {
|
||||
inherit (cfg) name initialPassword;
|
||||
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
] ++ cfg.extraGroups;
|
||||
|
||||
group = "users";
|
||||
home = "/home/${cfg.name}";
|
||||
isNormalUser = true;
|
||||
shell = pkgs.bashInteractive;
|
||||
uid = 1000;
|
||||
} // cfg.extraOptions;
|
||||
};
|
||||
}
|
21
secrets/default.yaml
Normal file
21
secrets/default.yaml
Normal file
@ -0,0 +1,21 @@
|
||||
reichard_ssh_key: ENC[AES256_GCM,data:IS2/bjFWiqLKDxmg0ucKOMzJWqlMbrUw72qLy7hZaJ5O9pPmEFDtQY7gMV1jZZhmlTr6Ay5LthLNe+38/5lttVOQ/B4EtZHSPlPyFKgvUkVtAjTSSjpxI+Md5lsUHgjP3uL+C6qHPzPeBrm0xtdsUo4GBCwhSuKQCNlUAmX6xy4i5/NI2RD6DGRKF17fKpsKj/6XZlbrKQXcDDmnXQdsMw9f1grBQpacCJ/qwUVM3zojuGd0Ei3mGvMq26ralmDUKwu5dsI3PDJWDNF4+B6Wk7NlBRJDna2lRQDNEA8x7wOV3EpaTFpluKmABTxgEmxx8ZbB+9zlLiG6m09iSU86QQLRLQGP7VuejBYLmvxlydrLaxzlZaVDWrYtFEBWSlaC+jkbanOpcVp0QQVBdJRGg3XEP4NidIAbGVv+Ejz9i3o2ayTuMUKShLKv2NoxUE5lCNX2TDp/pZw4UYW/J2d3WXqpQ2KaWdahqBai2JcYk1Otn3ia0X+T1i1dXDitT45AEI/n4z/gKeGWSDiLJ62uJejSuNXBk879SLQf,iv:wziTYwyTQXKRFrUP4HohZtXnp7sk+vLbJiQd0PLKg1o=,tag:irpzHqh3kocNGKQIeo+kRA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SnA3M2F0cXZjOGlFSTJw
|
||||
aE9BNGJsQ1JzelFoQk4yMGlpN2dkVUR4ZUNvCmljSDhsVU4rUnowV2dIdlhZYnMy
|
||||
aXo2OGZRd21PYk81ZE9pV05XSmpVOEEKLS0tIGhGNkVmTnVYRENEYlBxZXJTaExt
|
||||
SC91WFNocEN2K1NFK2dBUHYwZTQrVFkKKb3AlaRX96vJwEmxNNAThTlO9ZwtD1tv
|
||||
c6aBELEbmJFdHOcIJITzmS3YOssDOgTL2TbcSFu8mdAQYsRvxC96HA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-30T15:06:18Z"
|
||||
mac: ENC[AES256_GCM,data:ZqN6MbVcPst/zvr4KNl5AygtC8Icb1BELHg5o6rDOOb6qmB2d75Vk59ve8EiBosMhPdYAXaTCViRLxeWoG3WzEWK0bYAUBI27UBgYqaUTLXTDhohihtAwwWD37S2wFslHWddl5PngbTho8n+uMwyaeBdj53h4GbvQPC2Ji95D5A=,iv:boTLI3IXdQoBfPEqkay9jkm85AFahcNOmBBPwWbJaEw=,tag:Hic4+9Uuh8I2KokfdsZIsg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
@ -1,66 +1,57 @@
|
||||
{ inputs, lib, pkgs, ... }:
|
||||
{ namespace, lib, ... }:
|
||||
let
|
||||
inherit (lib.${namespace}) enabled;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
inputs.apple-silicon.nixosModules.default
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# Generic Config
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
time.timeZone = "America/New_York";
|
||||
# System Config
|
||||
reichard = {
|
||||
nix = enabled;
|
||||
|
||||
# Enable SSDM
|
||||
reichardnix = {
|
||||
display-managers.sddm = {
|
||||
enable = true;
|
||||
system = {
|
||||
time = enabled;
|
||||
boot = {
|
||||
enable = true;
|
||||
showNotch = true;
|
||||
};
|
||||
networking = {
|
||||
enable = true;
|
||||
enableIWD = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Boot Loader Config
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = false;
|
||||
hardware = {
|
||||
opengl = enabled;
|
||||
asahi = {
|
||||
enable = true;
|
||||
enableGPU = true;
|
||||
firmwareDirectory = ./firmware;
|
||||
};
|
||||
};
|
||||
kernelParams = [ "apple_dcp.show_notch=1" ];
|
||||
};
|
||||
|
||||
# Networking Config
|
||||
networking = {
|
||||
firewall.enable = true;
|
||||
networkmanager.enable = true;
|
||||
networkmanager.wifi.backend = "iwd";
|
||||
useDHCP = lib.mkDefault true;
|
||||
wireless.iwd.enable = true;
|
||||
security = {
|
||||
sops = {
|
||||
enable = true;
|
||||
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
graphical = {
|
||||
wms.hyprland = enabled;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Hardware Config
|
||||
hardware = {
|
||||
asahi = {
|
||||
peripheralFirmwareDirectory = ./firmware;
|
||||
useExperimentalGPUDriver = true;
|
||||
};
|
||||
|
||||
graphics.enable = true;
|
||||
bluetooth.enable = true;
|
||||
bluetooth.powerOnBoot = true;
|
||||
};
|
||||
|
||||
# HyprLand Config
|
||||
programs.hyprland = {
|
||||
enable = true;
|
||||
withUWSM = true;
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
ghostty
|
||||
htop
|
||||
tmux
|
||||
vim
|
||||
wget
|
||||
];
|
||||
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
189
systems/x86_64-linux/rke2-server/default.nix
Normal file
189
systems/x86_64-linux/rke2-server/default.nix
Normal file
@ -0,0 +1,189 @@
|
||||
{ pkgs, lib, modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
config = {
|
||||
# Basic System
|
||||
system.stateVersion = "24.11";
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
time.timeZone = "UTC";
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/nixos";
|
||||
fsType = "ext4";
|
||||
autoResize = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
# Xen
|
||||
"xen_blkfront"
|
||||
"xen_netfront"
|
||||
];
|
||||
kernelModules = [ "xen_netfront" "xen_blkfront" ];
|
||||
supportedFilesystems = [ "ext4" "xenfs" ];
|
||||
};
|
||||
kernelModules = [
|
||||
# Xen VM Requirements
|
||||
"xen_netfront"
|
||||
"xen_blkfront"
|
||||
"xenfs"
|
||||
|
||||
# iSCSI
|
||||
"iscsi_tcp"
|
||||
];
|
||||
};
|
||||
|
||||
# Add Intel Arc A310 GPU Drivers
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
libvdpau-va-gl
|
||||
intel-vaapi-driver
|
||||
intel-media-driver
|
||||
intel-compute-runtime
|
||||
intel-ocl
|
||||
];
|
||||
};
|
||||
|
||||
# Network Configuration
|
||||
networking = {
|
||||
hostName = lib.mkForce "";
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
|
||||
firewall = {
|
||||
enable = true;
|
||||
|
||||
allowedTCPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
6443 # Kubernetes API
|
||||
9345 # RKE2 supervisor API
|
||||
2379 # etcd Client Port
|
||||
2380 # etcd Peer Port
|
||||
2381 # etcd Metrics Port
|
||||
10250 # kubelet metrics
|
||||
9099 # Canal CNI health checks
|
||||
];
|
||||
|
||||
allowedUDPPorts = [
|
||||
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
|
||||
8472 # Canal CNI with VXLAN
|
||||
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
|
||||
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
|
||||
];
|
||||
|
||||
# Allow Multicast
|
||||
extraCommands = ''
|
||||
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
# Enable Xen Guest Utilities
|
||||
xe-guest-utilities.enable = true;
|
||||
|
||||
# Enable iSCSI
|
||||
openiscsi = {
|
||||
enable = true;
|
||||
name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
|
||||
};
|
||||
|
||||
# Cloud Init
|
||||
cloud-init = {
|
||||
enable = true;
|
||||
network.enable = true;
|
||||
settings = {
|
||||
datasource_list = [ "NoCloud" ];
|
||||
preserve_hostname = false;
|
||||
system_info.distro = "nixos";
|
||||
system_info.network.renderers = [ "networkd" ];
|
||||
};
|
||||
};
|
||||
|
||||
# Enable SSH
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable RKE2
|
||||
rke2 = {
|
||||
enable = true;
|
||||
disable = [ "rke2-ingress-nginx" ];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
# RKE2 - Wait Cloud Init
|
||||
rke2-server = {
|
||||
after = [ "cloud-final.service" ];
|
||||
requires = [ "cloud-final.service" ];
|
||||
};
|
||||
|
||||
# Runtime iSCSI Initiator Setup
|
||||
iscsi-initiator-setup = {
|
||||
description = "Setup iSCSI Initiator Name";
|
||||
requires = [ "cloud-final.service" ];
|
||||
before = [ "iscsid.service" ];
|
||||
after = [ "cloud-final.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
path = [ pkgs.hostname pkgs.util-linux ];
|
||||
script = ''
|
||||
mkdir -p /run/iscsi
|
||||
echo "InitiatorName=iqn.2025.org.nixos:$(hostname)" > /run/iscsi/initiatorname.iscsi
|
||||
mount --bind /run/iscsi/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# User Authorized Keys
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
|
||||
];
|
||||
hashedPassword = null;
|
||||
};
|
||||
|
||||
# Add Symlinks Expected by Democratic
|
||||
system.activationScripts = {
|
||||
iscsi-initiator = ''
|
||||
mkdir -p /usr/bin
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
|
||||
ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
|
||||
'';
|
||||
};
|
||||
|
||||
# System Packages
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
htop
|
||||
intel-gpu-tools
|
||||
k9s
|
||||
kubectl
|
||||
kubernetes-helm
|
||||
nfs-utils
|
||||
openiscsi
|
||||
tmux
|
||||
vim
|
||||
];
|
||||
|
||||
# Don't Manage - Runtime Generation
|
||||
etc."iscsi/initiatorname.iscsi".enable = false;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user