diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..c52fa13
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,7 @@
+keys:
+ - &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
+creation_rules:
+ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+ key_groups:
+ - age:
+ - *admin_reichard
diff --git a/TODO.md b/TODO.md
new file mode 100644
index 0000000..51385f0
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,8 @@
+- Nix Builder
+
+ - Keys
+ - User
+ - Etc
+
+- SSH
+ - Known Hosts
diff --git a/flake.lock b/flake.lock
index a2d4fae..f4cf1cb 100755
--- a/flake.lock
+++ b/flake.lock
@@ -244,7 +244,8 @@
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
- "snowfall-lib": "snowfall-lib"
+ "snowfall-lib": "snowfall-lib",
+ "sops-nix": "sops-nix"
}
},
"rust-overlay": {
@@ -285,6 +286,26 @@
"type": "github"
}
},
+ "sops-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1743305778,
+ "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=",
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "rev": "8e873886bbfc32163fe027b8676c75637b7da114",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "type": "github"
+ }
+ },
"systems": {
"locked": {
"lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index 3356343..b8d3028 100755
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,6 @@
};
apple-silicon = {
url = "github:tpwrules/nixos-apple-silicon/releasep2-2024-12-25";
- # ref = "releasep2-2024-12-25";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
@@ -25,6 +24,10 @@
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
+ sops-nix = {
+ url = "github:Mic92/sops-nix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
};
outputs = inputs:
@@ -33,12 +36,53 @@
src = ./.;
snowfall = {
+ namespace = "reichard";
meta = {
- name = "reichardnix";
- title = "ReichardNix";
+ title = "Reichard";
+ name = "reichard";
};
+ };
- namespace = "reichardnix";
+ homes.modules = with inputs; [
+ sops-nix.homeManagerModules.sops
+ ];
+
+ systems.modules = {
+ nixos = with inputs; [
+ sops-nix.nixosModules.sops
+ ];
+ };
+
+ outputs-builder = channels: {
+ # Define packages using nixos-generators
+ packages.x86_64-linux = {
+ # VMware image
+ vmware-image = inputs.nixos-generators.nixosGenerate {
+ system = "x86_64-linux";
+ format = "vmware";
+ modules = [
+ # Your VMware configuration
+ ./hosts/vmware-image.nix
+ ];
+ };
+
+ # Keep your other images
+ rke2-image = inputs.nixos-generators.nixosGenerate {
+ system = "x86_64-linux";
+ format = "vmware";
+ modules = [
+ ./hosts/rke2-image.nix
+ ];
+ };
+
+ usb-image = inputs.nixos-generators.nixosGenerate {
+ system = "x86_64-linux";
+ format = "raw-efi";
+ modules = [
+ ./hosts/usb-image.nix
+ ];
+ };
+ };
};
};
}
diff --git a/homes/aarch64-darwin/evanreichard@MBP-Personal/default.nix b/homes/aarch64-darwin/evanreichard@MBP-Personal/default.nix
index 561aa31..749b44a 100755
--- a/homes/aarch64-darwin/evanreichard@MBP-Personal/default.nix
+++ b/homes/aarch64-darwin/evanreichard@MBP-Personal/default.nix
@@ -1,20 +1,36 @@
-{ pkgs, ... }:
+{ pkgs, lib, config, namespace, ... }:
+let
+ inherit (lib.${namespace}) enabled;
+in
{
- reichardnix = {
- programs.btop.enable = true;
- programs.direnv.enable = true;
- programs.ghostty.enable = true;
- programs.git.enable = true;
- programs.k9s.enable = true;
- programs.nvim.enable = true;
+ reichard = {
+ user = {
+ enable = true;
+ inherit (config.snowfallorg.user) name;
+ };
- programs.hyprland.enable = false;
- programs.aws.enable = false;
+ services = {
+ ssh-agent = enabled;
+ };
+
+ programs = {
+ graphical = {
+ ghostty = enabled;
+ };
+
+ terminal = {
+ btop = enabled;
+ direnv = enabled;
+ git = enabled;
+ k9s = enabled;
+ nvim = enabled;
+ };
+ };
};
# Global Packages
- programs.jq.enable = true;
- programs.pandoc.enable = true;
+ programs.jq = enabled;
+ programs.pandoc = enabled;
home.packages = with pkgs; [
android-tools
imagemagick
@@ -31,7 +47,5 @@
.mode column
'';
- # Enable Home Manager & Self Manage
home.stateVersion = "24.11";
- programs.home-manager.enable = true;
}
diff --git a/homes/aarch64-darwin/evanreichard@MBP-Work/default.nix b/homes/aarch64-darwin/evanreichard@MBP-Work/default.nix
index 3fc2de9..19cf40c 100755
--- a/homes/aarch64-darwin/evanreichard@MBP-Work/default.nix
+++ b/homes/aarch64-darwin/evanreichard@MBP-Work/default.nix
@@ -1,75 +1,52 @@
-{ pkgs, ... }:
+{ pkgs, lib, config, namespace, ... }:
let
- inherit (pkgs.lib) mkForce;
- inherit (pkgs.stdenv) isLinux;
+ inherit (lib.${namespace}) enabled;
in
{
- reichardnix = {
- programs.nvim.enable = true;
+ reichard = {
+ user = {
+ enable = true;
+ inherit (config.snowfallorg.user) name;
+ };
+
+ services = {
+ ssh-agent = enabled;
+ };
+
+ programs = {
+ graphical = {
+ ghostty = enabled;
+ };
+
+ terminal = {
+ btop = enabled;
+ direnv = enabled;
+ git = enabled;
+ k9s = enabled;
+ nvim = enabled;
+ aws = enabled;
+ };
+ };
};
- # Home Manager Config
- home.stateVersion = "24.11";
- home.username = "evanreichard";
- home.homeDirectory = mkForce (if isLinux then "/home/evanreichard" else "/Users/evanreichard");
- programs.home-manager.enable = true;
-
# Global Packages
- # home.packages = with pkgs; [
- # (nerdfonts.override { fonts = [ "Meslo" ]; })
- # # ghostty - Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
- # android-tools
- # awscli2
- # bashInteractive
- # cw
- # fastfetch
- # gitAndTools.gh
- # google-cloud-sdk
- # imagemagick
- # kubectl
- # kubernetes-helm
- # mosh
- # pre-commit
- # python311
- # ssm-session-manager-plugin
- # texliveSmall # Pandoc PDF Dep
- # thefuck
- # tldr
- # ]
- # ++ optionals isLinux [
- # ghostty
- # hyprpaper
- # firefox
- # ]
- # ++ optionals isDarwin [ ];
+ programs.jq = enabled;
+ programs.pandoc = enabled;
+ home.packages = with pkgs; [
+ android-tools
+ imagemagick
+ mosh
+ python311
+ texliveSmall # Pandoc PDF Dep
+ google-cloud-sdk
+ tldr
+ ];
- # # GitHub CLI
- # programs.gh = {
- # enable = true;
- # settings = {
- # git_protocol = "ssh";
- # };
- # };
+ # SQLite Configuration
+ home.file.".sqliterc".text = ''
+ .headers on
+ .mode column
+ '';
- # # Misc Programs
- # programs.jq.enable = true;
- # programs.k9s.enable = true;
- # programs.pandoc.enable = true;
-
- # # Enable Flakes & Commands
- # nix = {
- # package = mkForce pkgs.nix;
- # settings = {
- # experimental-features = "nix-command flakes";
- # };
- # };
-
- # # SQLite Configuration
- # home.file.".sqliterc".text = ''
- # .headers on
- # .mode column
- # '';
-
- # # Darwin Spotlight Indexing Hack
- # disabledModules = [ "targets/darwin/linkapps.nix" ];
+ home.stateVersion = "24.11";
}
diff --git a/homes/aarch64-linux/evanreichard@mbp-nixos/default.nix b/homes/aarch64-linux/evanreichard@mbp-nixos/default.nix
index c75e8e4..b8eb2e4 100755
--- a/homes/aarch64-linux/evanreichard@mbp-nixos/default.nix
+++ b/homes/aarch64-linux/evanreichard@mbp-nixos/default.nix
@@ -1,31 +1,47 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, namespace, ... }:
+let
+ inherit (lib.${namespace}) enabled;
+in
{
- reichardnix = {
+ reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
- programs = {
- browsers.firefox = {
+ services = {
+ ssh-agent = enabled;
+ sops = {
enable = true;
- gpuAcceleration = true;
- hardwareDecoding = true;
+ defaultSopsFile = lib.snowfall.fs.get-file "secrets/mbp-nixos/default.yaml";
+ sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
+ };
+ };
+
+ programs = {
+ graphical = {
+ wms.hyprland = enabled;
+ ghostty = enabled;
+ browsers.firefox = {
+ enable = true;
+ gpuAcceleration = true;
+ hardwareDecoding = true;
+ };
};
- btop.enable = true;
- direnv.enable = true;
- ghostty.enable = true;
- git.enable = true;
- hyprland.enable = true;
- k9s.enable = true;
- nvim.enable = true;
+ terminal = {
+ btop = enabled;
+ direnv = enabled;
+ git = enabled;
+ k9s = enabled;
+ nvim = enabled;
+ };
};
};
# Global Packages
- programs.jq.enable = true;
- programs.pandoc.enable = true;
+ programs.jq = enabled;
+ programs.pandoc = enabled;
home.packages = with pkgs; [
android-tools
imagemagick
diff --git a/hosts/rke2-image.nix b/hosts/rke2-image.nix
new file mode 100644
index 0000000..62a7818
--- /dev/null
+++ b/hosts/rke2-image.nix
@@ -0,0 +1,189 @@
+{ pkgs, lib, modulesPath, ... }:
+{
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+ config = {
+ # Basic System
+ system.stateVersion = "24.11";
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ time.timeZone = "UTC";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ autoResize = true;
+ };
+
+ boot = {
+ initrd = {
+ availableKernelModules = [
+ # Xen
+ "xen_blkfront"
+ "xen_netfront"
+ ];
+ kernelModules = [ "xen_netfront" "xen_blkfront" ];
+ supportedFilesystems = [ "ext4" "xenfs" ];
+ };
+ kernelModules = [
+ # Xen VM Requirements
+ "xen_netfront"
+ "xen_blkfront"
+ "xenfs"
+
+ # iSCSI
+ "iscsi_tcp"
+ ];
+ };
+
+ # Add Intel Arc A310 GPU Drivers
+ nixpkgs.config.allowUnfree = true;
+ hardware.enableRedistributableFirmware = true;
+ hardware.graphics = {
+ enable = true;
+ extraPackages = with pkgs; [
+ libvdpau-va-gl
+ intel-vaapi-driver
+ intel-media-driver
+ intel-compute-runtime
+ intel-ocl
+ ];
+ };
+
+ # Network Configuration
+ networking = {
+ hostName = lib.mkForce "";
+ useNetworkd = true;
+ useDHCP = false;
+
+ firewall = {
+ enable = true;
+
+ allowedTCPPorts = [
+ # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
+ 6443 # Kubernetes API
+ 9345 # RKE2 supervisor API
+ 2379 # etcd Client Port
+ 2380 # etcd Peer Port
+ 2381 # etcd Metrics Port
+ 10250 # kubelet metrics
+ 9099 # Canal CNI health checks
+ ];
+
+ allowedUDPPorts = [
+ # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
+ 8472 # Canal CNI with VXLAN
+ # 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
+ # 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
+ ];
+
+ # Allow Multicast
+ extraCommands = ''
+ iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
+ '';
+ };
+ };
+
+ services = {
+ # Enable Xen Guest Utilities
+ xe-guest-utilities.enable = true;
+
+ # Enable iSCSI
+ openiscsi = {
+ enable = true;
+ name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
+ };
+
+ # Cloud Init
+ cloud-init = {
+ enable = true;
+ network.enable = true;
+ settings = {
+ datasource_list = [ "NoCloud" ];
+ preserve_hostname = false;
+ system_info.distro = "nixos";
+ system_info.network.renderers = [ "networkd" ];
+ };
+ };
+
+ # Enable SSH
+ openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = false;
+ PermitRootLogin = "prohibit-password";
+ };
+ };
+
+ # Enable RKE2
+ rke2 = {
+ enable = true;
+ disable = [ "rke2-ingress-nginx" ];
+ };
+ };
+
+ systemd.services = {
+ # RKE2 - Wait Cloud Init
+ rke2-server = {
+ after = [ "cloud-final.service" ];
+ requires = [ "cloud-final.service" ];
+ };
+
+ # Runtime iSCSI Initiator Setup
+ iscsi-initiator-setup = {
+ description = "Setup iSCSI Initiator Name";
+ requires = [ "cloud-final.service" ];
+ before = [ "iscsid.service" ];
+ after = [ "cloud-final.service" ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+
+ path = [ pkgs.hostname pkgs.util-linux ];
+ script = ''
+ mkdir -p /run/iscsi
+ echo "InitiatorName=iqn.2025.org.nixos:$(hostname)" > /run/iscsi/initiatorname.iscsi
+ mount --bind /run/iscsi/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
+ '';
+ };
+ };
+
+ # User Authorized Keys
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
+ ];
+ hashedPassword = null;
+ };
+
+ # Add Symlinks Expected by Democratic
+ system.activationScripts = {
+ iscsi-initiator = ''
+ mkdir -p /usr/bin
+ ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
+ ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
+ '';
+ };
+
+ # System Packages
+ environment = {
+ systemPackages = with pkgs; [
+ htop
+ intel-gpu-tools
+ k9s
+ kubectl
+ kubernetes-helm
+ nfs-utils
+ openiscsi
+ tmux
+ vim
+ ];
+
+ # Don't Manage - Runtime Generation
+ etc."iscsi/initiatorname.iscsi".enable = false;
+ };
+ };
+}
diff --git a/lib/module/default.nix b/lib/module/default.nix
index e3ad401..952d7d7 100644
--- a/lib/module/default.nix
+++ b/lib/module/default.nix
@@ -7,6 +7,13 @@ rec {
type: default: description:
mkOption { inherit type default description; };
-
mkBoolOpt = mkOpt types.bool;
+
+ enabled = {
+ enable = true;
+ };
+
+ disabled = {
+ enable = false;
+ };
}
diff --git a/modules/home/programs/browsers/firefox/default.nix b/modules/home/programs/graphical/browsers/firefox/default.nix
similarity index 96%
rename from modules/home/programs/browsers/firefox/default.nix
rename to modules/home/programs/graphical/browsers/firefox/default.nix
index fa8348f..365be75 100644
--- a/modules/home/programs/browsers/firefox/default.nix
+++ b/modules/home/programs/graphical/browsers/firefox/default.nix
@@ -8,12 +8,12 @@ let
;
inherit (lib.${namespace}) mkBoolOpt mkOpt;
- cfg = config.${namespace}.programs.browsers.firefox;
+ cfg = config.${namespace}.programs.graphical.browsers.firefox;
in
{
imports = lib.snowfall.fs.get-non-default-nix-files ./.;
- options.${namespace}.programs.browsers.firefox = with types; {
+ options.${namespace}.programs.graphical.browsers.firefox = with types; {
enable = lib.mkEnableOption "Firefox";
extraConfig = mkOpt str "" "Extra configuration for the user profile JS file.";
diff --git a/modules/home/programs/ghostty/config/fastfetch.jsonc b/modules/home/programs/graphical/ghostty/config/fastfetch.jsonc
similarity index 100%
rename from modules/home/programs/ghostty/config/fastfetch.jsonc
rename to modules/home/programs/graphical/ghostty/config/fastfetch.jsonc
diff --git a/modules/home/programs/ghostty/config/ghostty.conf b/modules/home/programs/graphical/ghostty/config/ghostty.conf
similarity index 100%
rename from modules/home/programs/ghostty/config/ghostty.conf
rename to modules/home/programs/graphical/ghostty/config/ghostty.conf
diff --git a/modules/home/programs/ghostty/default.nix b/modules/home/programs/graphical/ghostty/default.nix
similarity index 86%
rename from modules/home/programs/ghostty/default.nix
rename to modules/home/programs/graphical/ghostty/default.nix
index 6d025aa..59aa419 100755
--- a/modules/home/programs/ghostty/default.nix
+++ b/modules/home/programs/graphical/ghostty/default.nix
@@ -1,11 +1,12 @@
{ pkgs, lib, config, namespace, ... }:
let
- inherit (lib) mkIf;
- cfg = config.${namespace}.programs.ghostty;
+ inherit (pkgs.stdenv) isLinux;
+ inherit (lib) mkIf mkEnableOption optionals;
+ cfg = config.${namespace}.programs.graphical.ghostty;
in
{
- options.${namespace}.programs.ghostty = {
- enable = lib.mkEnableOption "Ghostty";
+ options.${namespace}.programs.graphical.ghostty = {
+ enable = mkEnableOption "Ghostty";
};
config = mkIf cfg.enable {
@@ -53,12 +54,13 @@ in
};
home.packages = with pkgs; [
- # Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
- # ghostty
thefuck
fastfetch
bashInteractive
(nerdfonts.override { fonts = [ "Meslo" ]; })
+ ] ++ optionals isLinux [
+ # Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
+ ghostty
];
home.file.".config/fastfetch/config.jsonc".text = builtins.readFile ./config/fastfetch.jsonc;
diff --git a/modules/home/programs/hyprland/config/hyprland.conf b/modules/home/programs/graphical/wms/hyprland/config/hyprland.conf
similarity index 99%
rename from modules/home/programs/hyprland/config/hyprland.conf
rename to modules/home/programs/graphical/wms/hyprland/config/hyprland.conf
index 2f2edde..99b73f5 100755
--- a/modules/home/programs/hyprland/config/hyprland.conf
+++ b/modules/home/programs/graphical/wms/hyprland/config/hyprland.conf
@@ -49,7 +49,7 @@ env = HYPRCURSOR_SIZE,24
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 5
- gaps_out = 20
+ gaps_out = 12
border_size = 2
diff --git a/modules/home/programs/hyprland/config/waybar-style.css b/modules/home/programs/graphical/wms/hyprland/config/waybar-style.css
similarity index 80%
rename from modules/home/programs/hyprland/config/waybar-style.css
rename to modules/home/programs/graphical/wms/hyprland/config/waybar-style.css
index 6bdf0ea..3043686 100644
--- a/modules/home/programs/hyprland/config/waybar-style.css
+++ b/modules/home/programs/graphical/wms/hyprland/config/waybar-style.css
@@ -38,32 +38,31 @@
color: @text;
}
+/* Icon Only Sizes */
+#network,
+#backlight,
+#battery {
+ font-size: 18px;
+}
+
/* Node Styles */
#workspaces,
#window,
#cpu,
#memory,
-#battery,
-#backlight,
#pulseaudio,
#network,
+#backlight,
+#battery,
#clock {
- margin-top: 0.75rem;
- padding: 0px 0.5rem;
+ margin-top: 1rem;
+ padding: 0.2px 1rem;
background-color: @surface0;
}
#workspaces {
- margin-left: 1rem;
- border-radius: 1rem;
padding: 0px;
- background-color: @surface0;
-}
-
-#window {
- background: transparent;
- margin-left: 0.5rem;
- margin-right: 8rem; /* Notch */
+ margin-left: 1rem;
}
#workspaces button {
@@ -74,30 +73,38 @@
#workspaces button.active {
color: @sky;
background-color: @surface2;
- border-radius: 1rem;
}
#workspaces button:hover {
color: @sapphire;
- border-radius: 1rem;
}
-#clock {
- color: @blue;
- border-radius: 0px 1rem 1rem 0px;
- margin-right: 1rem;
+#window {
+ background: transparent;
+ margin-left: 0.5rem;
+ margin-right: 8rem; /* Notch */
}
#memory {
color: @blue;
- border-radius: 0px 1rem 1rem 0px;
- margin-right: 0.5rem;
+}
+
+#pulseaudio {
+ color: @maroon;
}
#network {
color: @mauve;
}
+#cpu {
+ color: @peach;
+}
+
+#backlight {
+ color: @yellow;
+}
+
#battery {
color: @green;
}
@@ -110,13 +117,25 @@
color: @red;
}
-#backlight {
- color: @yellow;
+#clock {
+ color: @blue;
+ margin-right: 1rem;
}
-#pulseaudio,
-#cpu {
- color: @maroon;
- border-radius: 1rem 0px 0px 1rem;
- margin-left: 0.5rem;
+/* Left Border Radius */
+#clock,
+#network,
+#cpu,
+#workspaces {
+ border-top-left-radius: 1rem;
+ border-bottom-left-radius: 1rem;
+}
+
+/* Right Border Radius */
+#pulseaudio,
+#clock,
+#battery,
+#workspaces {
+ border-top-right-radius: 1rem;
+ border-bottom-right-radius: 1rem;
}
diff --git a/modules/home/programs/hyprland/config/wofi-style.css b/modules/home/programs/graphical/wms/hyprland/config/wofi-style.css
similarity index 100%
rename from modules/home/programs/hyprland/config/wofi-style.css
rename to modules/home/programs/graphical/wms/hyprland/config/wofi-style.css
diff --git a/modules/home/programs/hyprland/config/wofi.conf b/modules/home/programs/graphical/wms/hyprland/config/wofi.conf
similarity index 100%
rename from modules/home/programs/hyprland/config/wofi.conf
rename to modules/home/programs/graphical/wms/hyprland/config/wofi.conf
diff --git a/modules/home/programs/hyprland/default.nix b/modules/home/programs/graphical/wms/hyprland/default.nix
similarity index 60%
rename from modules/home/programs/hyprland/default.nix
rename to modules/home/programs/graphical/wms/hyprland/default.nix
index 17edc09..2e577d2 100755
--- a/modules/home/programs/hyprland/default.nix
+++ b/modules/home/programs/graphical/wms/hyprland/default.nix
@@ -1,17 +1,16 @@
{ lib, pkgs, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.hyprland;
+ cfg = config.${namespace}.programs.graphical.wms.hyprland;
in
{
- options.${namespace}.programs.hyprland = {
+ options.${namespace}.programs.graphical.wms.hyprland = {
enable = lib.mkEnableOption "Hyprland";
};
config = mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
- # systemd.enable = false;
extraConfig = builtins.readFile ./config/hyprland.conf;
};
@@ -36,9 +35,9 @@ in
"memory"
"tray"
"pulseaudio"
+ "network"
"backlight"
"battery"
- "network"
"clock"
];
"hyprland/window" = { format = "{}"; };
@@ -48,10 +47,33 @@ in
all-outputs = true;
on-click = "activate";
};
- battery = { format = " {}%"; };
+ battery = {
+ states = {
+ warning = 30;
+ critical = 15;
+ };
+ format = "{icon}";
+ format-charging = "";
+ format-plugged = "";
+ format-alt = "{icon}";
+ format-icons = [
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ];
+ };
cpu = {
interval = 10;
- format = " {}%";
+ format = " {}%";
max-length = 10;
on-click = "";
};
@@ -61,9 +83,24 @@ in
format-alt = " {used:0.1f}G";
max-length = 10;
};
+ # backlight = {
+ # format = " {}%";
+ # device = "acpi_video0";
+ # };
+
backlight = {
- format = " {}%";
- device = "acpi_video0";
+ format = "{icon}";
+ format-icons = [
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ""
+ ];
+ on-scroll-up = "brightnessctl s 1%-";
+ on-scroll-down = "brightnessctl s +1%";
};
tray = {
icon-size = 13;
@@ -71,8 +108,29 @@ in
spacing = 10;
};
network = {
- format = " {essid}";
- format-disconnected = " disconnected";
+ interval = 1;
+ format-wifi = "";
+ format-ethernet = "";
+ format-linked = "";
+ format-disconnected = "";
+ on-click-right = "${pkgs.networkmanagerapplet}/bin/nm-connection-editor";
+ # tooltip-format = ''
+ # Network Details
+ # Interface: {ifname}
+ # IP: {ipaddr}/{cidr}
+ # Gateway: {gwaddr}
+ # {bandwidthUpBytes}\n {bandwidthDownBytes}'';
+ tooltip-format = ''
+ Network Details
+
+ Interface: {ifname}
+ SSID: {essid}
+ IP Address: {ipaddr}/{cidr}
+ Gateway: {gwaddr}
+
+ {bandwidthUpBytes} / {bandwidthDownBytes}
+ '';
+
};
clock = {
format = " {:%Y-%m-%d %H:%M:%S}";
diff --git a/modules/home/programs/aws/default.nix b/modules/home/programs/terminal/aws/default.nix
similarity index 71%
rename from modules/home/programs/aws/default.nix
rename to modules/home/programs/terminal/aws/default.nix
index f273b04..ce22376 100755
--- a/modules/home/programs/aws/default.nix
+++ b/modules/home/programs/terminal/aws/default.nix
@@ -1,10 +1,10 @@
{ lib, pkgs, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.aws;
+ cfg = config.${namespace}.programs.terminal.aws;
in
{
- options.${namespace}.programs.aws = {
+ options.${namespace}.programs.terminal.aws = {
enable = lib.mkEnableOption "AWS";
};
diff --git a/modules/home/programs/btop/config/btop.conf b/modules/home/programs/terminal/btop/config/btop.conf
similarity index 100%
rename from modules/home/programs/btop/config/btop.conf
rename to modules/home/programs/terminal/btop/config/btop.conf
diff --git a/modules/home/programs/btop/config/catppuccin_mocha.theme b/modules/home/programs/terminal/btop/config/catppuccin_mocha.theme
similarity index 100%
rename from modules/home/programs/btop/config/catppuccin_mocha.theme
rename to modules/home/programs/terminal/btop/config/catppuccin_mocha.theme
diff --git a/modules/home/programs/btop/default.nix b/modules/home/programs/terminal/btop/default.nix
similarity index 79%
rename from modules/home/programs/btop/default.nix
rename to modules/home/programs/terminal/btop/default.nix
index b82591e..a43a5ec 100755
--- a/modules/home/programs/btop/default.nix
+++ b/modules/home/programs/terminal/btop/default.nix
@@ -1,10 +1,10 @@
{ lib, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.btop;
+ cfg = config.${namespace}.programs.terminal.btop;
in
{
- options.${namespace}.programs.btop = {
+ options.${namespace}.programs.terminal.btop = {
enable = lib.mkEnableOption "btop";
};
diff --git a/modules/home/programs/direnv/default.nix b/modules/home/programs/terminal/direnv/default.nix
similarity index 68%
rename from modules/home/programs/direnv/default.nix
rename to modules/home/programs/terminal/direnv/default.nix
index b2b75ea..93ade8b 100755
--- a/modules/home/programs/direnv/default.nix
+++ b/modules/home/programs/terminal/direnv/default.nix
@@ -1,10 +1,10 @@
{ lib, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.direnv;
+ cfg = config.${namespace}.programs.terminal.direnv;
in
{
- options.${namespace}.programs.direnv = {
+ options.${namespace}.programs.terminal.direnv = {
enable = lib.mkEnableOption "direnv";
};
diff --git a/modules/home/programs/git/config/.gitignore b/modules/home/programs/terminal/git/config/.gitignore
similarity index 100%
rename from modules/home/programs/git/config/.gitignore
rename to modules/home/programs/terminal/git/config/.gitignore
diff --git a/modules/home/programs/git/config/personal b/modules/home/programs/terminal/git/config/personal
similarity index 100%
rename from modules/home/programs/git/config/personal
rename to modules/home/programs/terminal/git/config/personal
diff --git a/modules/home/programs/git/config/work b/modules/home/programs/terminal/git/config/work
similarity index 100%
rename from modules/home/programs/git/config/work
rename to modules/home/programs/terminal/git/config/work
diff --git a/modules/home/programs/git/default.nix b/modules/home/programs/terminal/git/default.nix
similarity index 95%
rename from modules/home/programs/git/default.nix
rename to modules/home/programs/terminal/git/default.nix
index 9f38275..edac2e8 100755
--- a/modules/home/programs/git/default.nix
+++ b/modules/home/programs/terminal/git/default.nix
@@ -1,10 +1,10 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.git;
+ cfg = config.${namespace}.programs.terminal.git;
in
{
- options.${namespace}.programs.git = {
+ options.${namespace}.programs.terminal.git = {
enable = lib.mkEnableOption "Git";
};
diff --git a/modules/home/programs/k9s/default.nix b/modules/home/programs/terminal/k9s/default.nix
similarity index 72%
rename from modules/home/programs/k9s/default.nix
rename to modules/home/programs/terminal/k9s/default.nix
index 7b06682..f167e28 100755
--- a/modules/home/programs/k9s/default.nix
+++ b/modules/home/programs/terminal/k9s/default.nix
@@ -1,10 +1,10 @@
{ lib, pkgs, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.k9s;
+ cfg = config.${namespace}.programs.terminal.k9s;
in
{
- options.${namespace}.programs.k9s = {
+ options.${namespace}.programs.terminal.k9s = {
enable = lib.mkEnableOption "k9s";
};
diff --git a/modules/home/programs/nvim/config/lua/.luarc.json b/modules/home/programs/terminal/nvim/config/lua/.luarc.json
similarity index 100%
rename from modules/home/programs/nvim/config/lua/.luarc.json
rename to modules/home/programs/terminal/nvim/config/lua/.luarc.json
diff --git a/modules/home/programs/nvim/config/lua/aerial-config.lua b/modules/home/programs/terminal/nvim/config/lua/aerial-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/aerial-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/aerial-config.lua
diff --git a/modules/home/programs/nvim/config/lua/autopairs-config.lua b/modules/home/programs/terminal/nvim/config/lua/autopairs-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/autopairs-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/autopairs-config.lua
diff --git a/modules/home/programs/nvim/config/lua/base.lua b/modules/home/programs/terminal/nvim/config/lua/base.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/base.lua
rename to modules/home/programs/terminal/nvim/config/lua/base.lua
diff --git a/modules/home/programs/nvim/config/lua/cmp-config.lua b/modules/home/programs/terminal/nvim/config/lua/cmp-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/cmp-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/cmp-config.lua
diff --git a/modules/home/programs/nvim/config/lua/comment-config.lua b/modules/home/programs/terminal/nvim/config/lua/comment-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/comment-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/comment-config.lua
diff --git a/modules/home/programs/nvim/config/lua/dap-config.lua b/modules/home/programs/terminal/nvim/config/lua/dap-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/dap-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/dap-config.lua
diff --git a/modules/home/programs/nvim/config/lua/diffview-config.lua b/modules/home/programs/terminal/nvim/config/lua/diffview-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/diffview-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/diffview-config.lua
diff --git a/modules/home/programs/nvim/config/lua/git-ref.lua b/modules/home/programs/terminal/nvim/config/lua/git-ref.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/git-ref.lua
rename to modules/home/programs/terminal/nvim/config/lua/git-ref.lua
diff --git a/modules/home/programs/nvim/config/lua/git-signs.lua b/modules/home/programs/terminal/nvim/config/lua/git-signs.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/git-signs.lua
rename to modules/home/programs/terminal/nvim/config/lua/git-signs.lua
diff --git a/modules/home/programs/nvim/config/lua/init.lua b/modules/home/programs/terminal/nvim/config/lua/init.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/init.lua
rename to modules/home/programs/terminal/nvim/config/lua/init.lua
diff --git a/modules/home/programs/nvim/config/lua/leap-config.lua b/modules/home/programs/terminal/nvim/config/lua/leap-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/leap-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/leap-config.lua
diff --git a/modules/home/programs/nvim/config/lua/llm.lua b/modules/home/programs/terminal/nvim/config/lua/llm.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/llm.lua
rename to modules/home/programs/terminal/nvim/config/lua/llm.lua
diff --git a/modules/home/programs/nvim/config/lua/lsp-config.lua b/modules/home/programs/terminal/nvim/config/lua/lsp-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/lsp-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/lsp-config.lua
diff --git a/modules/home/programs/nvim/config/lua/lsp-lines-config.lua b/modules/home/programs/terminal/nvim/config/lua/lsp-lines-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/lsp-lines-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/lsp-lines-config.lua
diff --git a/modules/home/programs/nvim/config/lua/lualine-config.lua b/modules/home/programs/terminal/nvim/config/lua/lualine-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/lualine-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/lualine-config.lua
diff --git a/modules/home/programs/nvim/config/lua/neotree-config.lua b/modules/home/programs/terminal/nvim/config/lua/neotree-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/neotree-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/neotree-config.lua
diff --git a/modules/home/programs/nvim/config/lua/noice-config.lua b/modules/home/programs/terminal/nvim/config/lua/noice-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/noice-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/noice-config.lua
diff --git a/modules/home/programs/nvim/config/lua/numb-config.lua b/modules/home/programs/terminal/nvim/config/lua/numb-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/numb-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/numb-config.lua
diff --git a/modules/home/programs/nvim/config/lua/silicon-config.lua b/modules/home/programs/terminal/nvim/config/lua/silicon-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/silicon-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/silicon-config.lua
diff --git a/modules/home/programs/nvim/config/lua/telescope-config.lua b/modules/home/programs/terminal/nvim/config/lua/telescope-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/telescope-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/telescope-config.lua
diff --git a/modules/home/programs/nvim/config/lua/toggleterm-config.lua b/modules/home/programs/terminal/nvim/config/lua/toggleterm-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/toggleterm-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/toggleterm-config.lua
diff --git a/modules/home/programs/nvim/config/lua/ts-config.lua b/modules/home/programs/terminal/nvim/config/lua/ts-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/ts-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/ts-config.lua
diff --git a/modules/home/programs/nvim/config/lua/weird-chars.lua b/modules/home/programs/terminal/nvim/config/lua/weird-chars.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/weird-chars.lua
rename to modules/home/programs/terminal/nvim/config/lua/weird-chars.lua
diff --git a/modules/home/programs/nvim/config/lua/which-key-config.lua b/modules/home/programs/terminal/nvim/config/lua/which-key-config.lua
similarity index 100%
rename from modules/home/programs/nvim/config/lua/which-key-config.lua
rename to modules/home/programs/terminal/nvim/config/lua/which-key-config.lua
diff --git a/modules/home/programs/nvim/default.nix b/modules/home/programs/terminal/nvim/default.nix
similarity index 98%
rename from modules/home/programs/nvim/default.nix
rename to modules/home/programs/terminal/nvim/default.nix
index e8de836..b1705f8 100755
--- a/modules/home/programs/nvim/default.nix
+++ b/modules/home/programs/terminal/nvim/default.nix
@@ -1,10 +1,10 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf;
- cfg = config.${namespace}.programs.nvim;
+ cfg = config.${namespace}.programs.terminal.nvim;
in
{
- options.${namespace}.programs.nvim = {
+ options.${namespace}.programs.terminal.nvim = {
enable = lib.mkEnableOption "NeoVim";
};
diff --git a/modules/home/services/sops/default.nix b/modules/home/services/sops/default.nix
new file mode 100644
index 0000000..4b4b12b
--- /dev/null
+++ b/modules/home/services/sops/default.nix
@@ -0,0 +1,41 @@
+{ config, lib, namespace, pkgs, ... }:
+let
+ inherit (lib) mkIf types;
+ inherit (lib.${namespace}) mkOpt;
+
+ cfg = config.${namespace}.services.sops;
+in
+{
+ options.${namespace}.services.sops = with types; {
+ enable = lib.mkEnableOption "sops";
+ defaultSopsFile = mkOpt path null "Default sops file.";
+ sshKeyPaths = mkOpt (listOf path) [ ] "SSH Key paths to use.";
+ };
+
+ config = mkIf cfg.enable {
+ home.packages = with pkgs; [
+ age
+ sops
+ ssh-to-age
+ ];
+
+ sops = {
+ inherit (cfg) defaultSopsFile;
+ defaultSopsFormat = "yaml";
+
+ age = {
+ generateKey = true;
+ keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
+ sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths;
+ };
+
+ # TODO
+ # secrets = {
+ # nix = {
+ # sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
+ # path = "${config.home.homeDirectory}/.config/nix/nix.conf";
+ # };
+ # };
+ };
+ };
+}
diff --git a/modules/home/services/ssh-agent/default.nix b/modules/home/services/ssh-agent/default.nix
new file mode 100644
index 0000000..7957968
--- /dev/null
+++ b/modules/home/services/ssh-agent/default.nix
@@ -0,0 +1,15 @@
+{ config, lib, namespace, ... }:
+let
+ cfg = config.${namespace}.services.ssh-agent;
+in
+{
+ options.${namespace}.services.ssh-agent = {
+ enable = lib.mkEnableOption "ssh-agent service";
+ };
+
+ config = lib.mkIf cfg.enable {
+ services.ssh-agent = {
+ enable = true;
+ };
+ };
+}
diff --git a/modules/nixos/hardware/asahi/default.nix b/modules/nixos/hardware/asahi/default.nix
new file mode 100644
index 0000000..1f82cba
--- /dev/null
+++ b/modules/nixos/hardware/asahi/default.nix
@@ -0,0 +1,27 @@
+{ config, lib, inputs, namespace, ... }:
+let
+ inherit (lib) mkIf types;
+ inherit (lib.${namespace}) mkOpt mkBoolOpt;
+
+ cfg = config.${namespace}.hardware.asahi;
+in
+{
+ imports = [
+ inputs.apple-silicon.nixosModules.default
+ ];
+
+ options.${namespace}.hardware.asahi = {
+ enable = lib.mkEnableOption "support for asahi linux";
+ enableGPU = mkBoolOpt false "enable gpu driver";
+ firmwareDirectory = mkOpt types.path null "firmware directory";
+ };
+
+ config = mkIf cfg.enable {
+ hardware = {
+ asahi = {
+ peripheralFirmwareDirectory = cfg.firmwareDirectory;
+ useExperimentalGPUDriver = cfg.enableGPU;
+ };
+ };
+ };
+}
diff --git a/modules/nixos/hardware/opengl/default.nix b/modules/nixos/hardware/opengl/default.nix
new file mode 100644
index 0000000..7735192
--- /dev/null
+++ b/modules/nixos/hardware/opengl/default.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+ inherit (lib) mkIf;
+ inherit (lib.${namespace}) mkBoolOpt;
+
+ cfg = config.${namespace}.hardware.opengl;
+in
+{
+ options.${namespace}.hardware.opengl = {
+ enable = lib.mkEnableOption "support for opengl";
+ enable32Bit = mkBoolOpt false "enabel 32-bit";
+ enableIntel = mkBoolOpt false "support for intel";
+ enableNvidia = mkBoolOpt false "support for nvidia";
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ libva-utils
+ vdpauinfo
+ ] ++ lib.optionals cfg.enableNvidia [
+ nvtopPackages.full
+ ];
+
+ hardware.graphics = {
+ enable = true;
+ enable32Bit = cfg.enable32Bit;
+
+ extraPackages = with pkgs;
+ lib.optionals cfg.enableIntel [
+ libvdpau-va-gl
+ intel-vaapi-driver
+ intel-media-driver
+ intel-compute-runtime
+ intel-ocl
+ ] ++ lib.optionals cfg.enableNvidia [
+ cudatoolkit
+ ];
+ };
+ };
+}
diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix
new file mode 100644
index 0000000..8e5d92f
--- /dev/null
+++ b/modules/nixos/nix/default.nix
@@ -0,0 +1,76 @@
+{ config, lib, pkgs, namespace, host, ... }:
+let
+ inherit (lib.${namespace}) mkBoolOpt mkOpt;
+
+ cfg = config.${namespace}.nix;
+in
+{
+ options.${namespace}.nix = {
+ enable = mkBoolOpt true "Whether or not to manage nix configuration.";
+ package = mkOpt lib.types.package pkgs.nixVersions.latest "Which nix package to use.";
+ };
+
+ config = lib.mkIf cfg.enable {
+ nix =
+ let
+ users = [
+ "root"
+ "@wheel"
+ "nix-builder"
+ "evanreichard"
+ ];
+ in
+ {
+ inherit (cfg) package;
+
+ buildMachines = lib.optional (host != "nixos-builder") {
+ hostName = "10.0.50.130";
+ systems = [ "x86_64-linux" ];
+ sshUser = "root";
+ speedFactor = 1;
+ protocol = "ssh";
+ sshKey = config.sops.secrets.reichard_ssh_key.path;
+ supportedFeatures = [
+ "benchmark"
+ "big-parallel"
+ "nixos-test"
+ "kvm"
+ ];
+ };
+
+ checkConfig = true;
+ distributedBuilds = true;
+
+ gc = {
+ automatic = true;
+ options = "--delete-older-than 7d";
+ };
+
+ # This will additionally add your inputs to the system's legacy channels
+ # # Making legacy nix commands consistent as well
+ nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
+
+ optimise.automatic = true;
+
+ settings = {
+ allowed-users = users;
+ auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
+ builders-use-substitutes = true;
+ experimental-features = [
+ "nix-command"
+ "flakes "
+ ];
+ flake-registry = "/etc/nix/registry.json";
+ http-connections = 50;
+ keep-derivations = true;
+ keep-going = true;
+ keep-outputs = true;
+ log-lines = 50;
+ sandbox = true;
+ trusted-users = users;
+ warn-dirty = false;
+ use-xdg-base-directories = true;
+ };
+ };
+ };
+}
diff --git a/modules/nixos/programs/graphical/wms/hyprland/default.nix b/modules/nixos/programs/graphical/wms/hyprland/default.nix
new file mode 100644
index 0000000..8020f27
--- /dev/null
+++ b/modules/nixos/programs/graphical/wms/hyprland/default.nix
@@ -0,0 +1,28 @@
+{ config, lib, namespace, ... }:
+let
+ inherit (lib) mkIf;
+
+ cfg = config.${namespace}.programs.graphical.wms.hyprland;
+in
+{
+ options.${namespace}.programs.graphical.wms.hyprland = {
+ enable = lib.mkEnableOption "Hyprland";
+ };
+
+ config = mkIf cfg.enable {
+ programs = {
+ hyprland = {
+ enable = true;
+ withUWSM = true;
+ };
+ };
+
+ reichard = {
+ display-managers = {
+ sddm = {
+ enable = true;
+ };
+ };
+ };
+ };
+}
diff --git a/modules/nixos/security/sops/default.nix b/modules/nixos/security/sops/default.nix
new file mode 100644
index 0000000..d7d1885
--- /dev/null
+++ b/modules/nixos/security/sops/default.nix
@@ -0,0 +1,33 @@
+{ config, lib, namespace, ... }:
+let
+ inherit (lib.${namespace}) mkOpt;
+
+ cfg = config.${namespace}.security.sops;
+in
+{
+ options.${namespace}.security.sops = {
+ enable = lib.mkEnableOption "sops";
+ defaultSopsFile = mkOpt lib.types.path null "Default sops file.";
+ sshKeyPaths = mkOpt (with lib.types; listOf path) [
+ "/etc/ssh/ssh_host_ed25519_key"
+ ] "SSH Key paths to use.";
+ };
+
+ config = lib.mkIf cfg.enable {
+ sops = {
+ inherit (cfg) defaultSopsFile;
+
+ age = {
+ inherit (cfg) sshKeyPaths;
+
+ keyFile = "${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt";
+ };
+ };
+
+ sops.secrets = {
+ "reichard_ssh_key" = {
+ sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
+ };
+ };
+ };
+}
diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix
new file mode 100644
index 0000000..b46bbb6
--- /dev/null
+++ b/modules/nixos/services/openssh/default.nix
@@ -0,0 +1,78 @@
+{ config, format, lib, namespace, ... }:
+let
+ inherit (lib)
+ types
+ mkDefault
+ mkIf
+ ;
+ inherit (lib.${namespace}) mkOpt;
+
+ cfg = config.${namespace}.services.openssh;
+
+ authorizedKeys = [
+ # MBP-Personal NixOS
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr"
+ ];
+in
+{
+ options.${namespace}.services.openssh = with types; {
+ enable = lib.mkEnableOption "OpenSSH support";
+ authorizedKeys = mkOpt (listOf str) authorizedKeys "The public keys to apply.";
+ extraConfig = mkOpt str "" "Extra configuration to apply.";
+ };
+
+ config = mkIf cfg.enable {
+ services.openssh = {
+ enable = true;
+
+ hostKeys = mkDefault [
+ {
+ bits = 4096;
+ path = "/etc/ssh/ssh_host_ed25519_key";
+ type = "ed25519";
+ }
+ ];
+
+ openFirewall = true;
+ ports = [ 22 ];
+
+ settings = {
+ AuthenticationMethods = "publickey";
+ ChallengeResponseAuthentication = "no";
+ PasswordAuthentication = false;
+ PermitRootLogin = if format == "install-iso" then "yes" else "no";
+ PubkeyAuthentication = "yes";
+ StreamLocalBindUnlink = "yes";
+ UseDns = false;
+ UsePAM = true;
+ X11Forwarding = false;
+
+ KexAlgorithms = [
+ "curve25519-sha256"
+ "curve25519-sha256@libssh.org"
+ "diffie-hellman-group16-sha512"
+ "diffie-hellman-group18-sha512"
+ "diffie-hellman-group-exchange-sha256"
+ "sntrup761x25519-sha512@openssh.com"
+ ];
+
+ Macs = [
+ "hmac-sha2-512-etm@openssh.com"
+ "hmac-sha2-256-etm@openssh.com"
+ "umac-128-etm@openssh.com"
+ ];
+ };
+
+ startWhenNeeded = true;
+ };
+
+ programs.ssh = {
+ startAgent = lib.mkDefault true;
+ inherit (cfg) extraConfig;
+ };
+
+ reichard = {
+ user.extraOptions.openssh.authorizedKeys.keys = cfg.authorizedKeys;
+ };
+ };
+}
diff --git a/modules/nixos/system/boot/default.nix b/modules/nixos/system/boot/default.nix
new file mode 100644
index 0000000..849937e
--- /dev/null
+++ b/modules/nixos/system/boot/default.nix
@@ -0,0 +1,43 @@
+{ config, lib, namespace, ... }:
+let
+ inherit (lib) mkIf;
+
+ cfg = config.${namespace}.system.boot;
+in
+{
+ options.${namespace}.system.boot = {
+ enable = lib.mkEnableOption "booting";
+ silentBoot = lib.mkEnableOption "silent boot";
+ showNotch = lib.mkEnableOption "show macOS notch";
+ };
+
+ config = mkIf cfg.enable {
+ boot = {
+ kernelParams = lib.optionals cfg.silentBoot [
+ "quiet"
+ "loglevel=3"
+ "udev.log_level=3"
+ "rd.udev.log_level=3"
+ "systemd.show_status=auto"
+ "rd.systemd.show_status=auto"
+ "vt.global_cursor_default=0"
+ ] ++ lib.optionals cfg.showNotch [
+ "apple_dcp.show_notch=1"
+ ];
+
+ loader = {
+ efi = {
+ canTouchEfiVariables = false;
+ };
+
+ systemd-boot = {
+ enable = true;
+ configurationLimit = 20;
+ editor = false;
+ };
+
+ timeout = 1;
+ };
+ };
+ };
+}
diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking/default.nix
new file mode 100644
index 0000000..339eb00
--- /dev/null
+++ b/modules/nixos/system/networking/default.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+ inherit (lib) mkIf mkForce;
+ inherit (lib.${namespace}) mkBoolOpt;
+
+ cfg = config.${namespace}.system.networking;
+in
+{
+ options.${namespace}.system.networking = {
+ enable = lib.mkEnableOption "networking support";
+ enableIWD = mkBoolOpt false "enable iwd";
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ mtr
+ tcpdump
+ traceroute
+ ];
+
+ reichard.user.extraGroups = [ "network" ];
+
+ networking = {
+ firewall.enable = true;
+ usePredictableInterfaceNames = mkForce true;
+ } // (lib.optionalAttrs cfg.enableIWD) {
+ wireless.iwd = {
+ enable = true;
+ settings.General.EnableNetworkConfiguration = true;
+ };
+ };
+ };
+}
diff --git a/modules/nixos/system/networking/networkmanager/default.nix b/modules/nixos/system/networking/networkmanager/default.nix
new file mode 100644
index 0000000..57253e2
--- /dev/null
+++ b/modules/nixos/system/networking/networkmanager/default.nix
@@ -0,0 +1,26 @@
+{ config, lib, namespace, ... }:
+let
+ inherit (lib) mkIf;
+
+ cfg = config.${namespace}.system.networking;
+in
+{
+ config = mkIf cfg.enable {
+ reichard.user.extraGroups = [ "networkmanager" ];
+
+ networking.networkmanager = {
+ enable = true;
+
+ connectionConfig = {
+ "connection.mdns" = "2";
+ };
+
+ # unmanaged = [
+ # "interface-name:br-*"
+ # "interface-name:rndis*"
+ # ]
+ # ++ lib.optionals config.${namespace}.virtualisation.podman.enable [ "interface-name:docker*" ]
+ # ++ lib.optionals config.${namespace}.virtualisation.kvm.enable [ "interface-name:virbr*" ];
+ };
+ };
+}
diff --git a/modules/nixos/system/time/default.nix b/modules/nixos/system/time/default.nix
new file mode 100644
index 0000000..6c6387a
--- /dev/null
+++ b/modules/nixos/system/time/default.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+ inherit (lib) mkIf;
+
+ cfg = config.${namespace}.system.time;
+in
+{
+ options.${namespace}.system.time = {
+ enable = lib.mkEnableOption "time related settings";
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = [ pkgs.openntpd ];
+
+ networking.timeServers = [
+ "0.nixos.pool.ntp.org"
+ "1.nixos.pool.ntp.org"
+ "2.nixos.pool.ntp.org"
+ "3.nixos.pool.ntp.org"
+ ];
+
+ services.openntpd = {
+ enable = true;
+ extraConfig = ''
+ listen on 127.0.0.1
+ listen on ::1
+ '';
+ };
+
+ time.timeZone = "America/New_York";
+ };
+}
diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix
new file mode 100644
index 0000000..88f0d19
--- /dev/null
+++ b/modules/nixos/user/default.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, namespace, ... }:
+let
+ inherit (lib) types;
+ inherit (lib.${namespace}) mkOpt;
+
+ cfg = config.${namespace}.user;
+in
+{
+ options.${namespace}.user = with types; {
+ email = mkOpt str "evan@reichard.io" "The email of the user.";
+ extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
+ extraOptions = mkOpt attrs { } "Extra options passed to .";
+ fullName = mkOpt str "Evan Reichard" "The full name of the user.";
+ initialPassword =
+ mkOpt str "password"
+ "The initial password to use when the user is first created.";
+ name = mkOpt str "evanreichard" "The name to use for the user account.";
+ };
+
+ config = {
+ users.users.${cfg.name} = {
+ inherit (cfg) name initialPassword;
+
+ extraGroups = [
+ "wheel"
+ ] ++ cfg.extraGroups;
+
+ group = "users";
+ home = "/home/${cfg.name}";
+ isNormalUser = true;
+ shell = pkgs.bashInteractive;
+ uid = 1000;
+ } // cfg.extraOptions;
+ };
+}
diff --git a/secrets/default.yaml b/secrets/default.yaml
new file mode 100644
index 0000000..6504171
--- /dev/null
+++ b/secrets/default.yaml
@@ -0,0 +1,21 @@
+reichard_ssh_key: ENC[AES256_GCM,data:IS2/bjFWiqLKDxmg0ucKOMzJWqlMbrUw72qLy7hZaJ5O9pPmEFDtQY7gMV1jZZhmlTr6Ay5LthLNe+38/5lttVOQ/B4EtZHSPlPyFKgvUkVtAjTSSjpxI+Md5lsUHgjP3uL+C6qHPzPeBrm0xtdsUo4GBCwhSuKQCNlUAmX6xy4i5/NI2RD6DGRKF17fKpsKj/6XZlbrKQXcDDmnXQdsMw9f1grBQpacCJ/qwUVM3zojuGd0Ei3mGvMq26ralmDUKwu5dsI3PDJWDNF4+B6Wk7NlBRJDna2lRQDNEA8x7wOV3EpaTFpluKmABTxgEmxx8ZbB+9zlLiG6m09iSU86QQLRLQGP7VuejBYLmvxlydrLaxzlZaVDWrYtFEBWSlaC+jkbanOpcVp0QQVBdJRGg3XEP4NidIAbGVv+Ejz9i3o2ayTuMUKShLKv2NoxUE5lCNX2TDp/pZw4UYW/J2d3WXqpQ2KaWdahqBai2JcYk1Otn3ia0X+T1i1dXDitT45AEI/n4z/gKeGWSDiLJ62uJejSuNXBk879SLQf,iv:wziTYwyTQXKRFrUP4HohZtXnp7sk+vLbJiQd0PLKg1o=,tag:irpzHqh3kocNGKQIeo+kRA==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SnA3M2F0cXZjOGlFSTJw
+ aE9BNGJsQ1JzelFoQk4yMGlpN2dkVUR4ZUNvCmljSDhsVU4rUnowV2dIdlhZYnMy
+ aXo2OGZRd21PYk81ZE9pV05XSmpVOEEKLS0tIGhGNkVmTnVYRENEYlBxZXJTaExt
+ SC91WFNocEN2K1NFK2dBUHYwZTQrVFkKKb3AlaRX96vJwEmxNNAThTlO9ZwtD1tv
+ c6aBELEbmJFdHOcIJITzmS3YOssDOgTL2TbcSFu8mdAQYsRvxC96HA==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-03-30T15:06:18Z"
+ mac: ENC[AES256_GCM,data:ZqN6MbVcPst/zvr4KNl5AygtC8Icb1BELHg5o6rDOOb6qmB2d75Vk59ve8EiBosMhPdYAXaTCViRLxeWoG3WzEWK0bYAUBI27UBgYqaUTLXTDhohihtAwwWD37S2wFslHWddl5PngbTho8n+uMwyaeBdj53h4GbvQPC2Ji95D5A=,iv:boTLI3IXdQoBfPEqkay9jkm85AFahcNOmBBPwWbJaEw=,tag:Hic4+9Uuh8I2KokfdsZIsg==,type:str]
+ pgp: []
+ unencrypted_suffix: _unencrypted
+ version: 3.9.4
diff --git a/systems/aarch64-linux/mbp-nixos/default.nix b/systems/aarch64-linux/mbp-nixos/default.nix
index 0d9238a..f4f2f75 100755
--- a/systems/aarch64-linux/mbp-nixos/default.nix
+++ b/systems/aarch64-linux/mbp-nixos/default.nix
@@ -1,66 +1,57 @@
-{ inputs, lib, pkgs, ... }:
+{ namespace, lib, ... }:
+let
+ inherit (lib.${namespace}) enabled;
+in
{
imports = [
- inputs.apple-silicon.nixosModules.default
./hardware-configuration.nix
];
- # Generic Config
- nix.settings.experimental-features = [ "nix-command" "flakes" ];
- nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
- time.timeZone = "America/New_York";
+ # System Config
+ reichard = {
+ nix = enabled;
- # Enable SSDM
- reichardnix = {
- display-managers.sddm = {
- enable = true;
+ system = {
+ time = enabled;
+ boot = {
+ enable = true;
+ showNotch = true;
+ };
+ networking = {
+ enable = true;
+ enableIWD = true;
+ };
};
- };
- # Boot Loader Config
- boot = {
- loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = false;
+ hardware = {
+ opengl = enabled;
+ asahi = {
+ enable = true;
+ enableGPU = true;
+ firmwareDirectory = ./firmware;
+ };
};
- kernelParams = [ "apple_dcp.show_notch=1" ];
- };
- # Networking Config
- networking = {
- firewall.enable = true;
- networkmanager.enable = true;
- networkmanager.wifi.backend = "iwd";
- useDHCP = lib.mkDefault true;
- wireless.iwd.enable = true;
+ security = {
+ sops = {
+ enable = true;
+ sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
+ };
+ };
+
+ programs = {
+ graphical = {
+ wms.hyprland = enabled;
+ };
+ };
};
# Hardware Config
hardware = {
- asahi = {
- peripheralFirmwareDirectory = ./firmware;
- useExperimentalGPUDriver = true;
- };
-
- graphics.enable = true;
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
- # HyprLand Config
- programs.hyprland = {
- enable = true;
- withUWSM = true;
- };
-
- # System Packages
- environment.systemPackages = with pkgs; [
- ghostty
- htop
- tmux
- vim
- wget
- ];
-
system.stateVersion = "24.11";
}
diff --git a/systems/x86_64-linux/rke2-server/default.nix b/systems/x86_64-linux/rke2-server/default.nix
new file mode 100644
index 0000000..62a7818
--- /dev/null
+++ b/systems/x86_64-linux/rke2-server/default.nix
@@ -0,0 +1,189 @@
+{ pkgs, lib, modulesPath, ... }:
+{
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+ config = {
+ # Basic System
+ system.stateVersion = "24.11";
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ time.timeZone = "UTC";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-label/nixos";
+ fsType = "ext4";
+ autoResize = true;
+ };
+
+ boot = {
+ initrd = {
+ availableKernelModules = [
+ # Xen
+ "xen_blkfront"
+ "xen_netfront"
+ ];
+ kernelModules = [ "xen_netfront" "xen_blkfront" ];
+ supportedFilesystems = [ "ext4" "xenfs" ];
+ };
+ kernelModules = [
+ # Xen VM Requirements
+ "xen_netfront"
+ "xen_blkfront"
+ "xenfs"
+
+ # iSCSI
+ "iscsi_tcp"
+ ];
+ };
+
+ # Add Intel Arc A310 GPU Drivers
+ nixpkgs.config.allowUnfree = true;
+ hardware.enableRedistributableFirmware = true;
+ hardware.graphics = {
+ enable = true;
+ extraPackages = with pkgs; [
+ libvdpau-va-gl
+ intel-vaapi-driver
+ intel-media-driver
+ intel-compute-runtime
+ intel-ocl
+ ];
+ };
+
+ # Network Configuration
+ networking = {
+ hostName = lib.mkForce "";
+ useNetworkd = true;
+ useDHCP = false;
+
+ firewall = {
+ enable = true;
+
+ allowedTCPPorts = [
+ # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
+ 6443 # Kubernetes API
+ 9345 # RKE2 supervisor API
+ 2379 # etcd Client Port
+ 2380 # etcd Peer Port
+ 2381 # etcd Metrics Port
+ 10250 # kubelet metrics
+ 9099 # Canal CNI health checks
+ ];
+
+ allowedUDPPorts = [
+ # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
+ 8472 # Canal CNI with VXLAN
+ # 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
+ # 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
+ ];
+
+ # Allow Multicast
+ extraCommands = ''
+ iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
+ '';
+ };
+ };
+
+ services = {
+ # Enable Xen Guest Utilities
+ xe-guest-utilities.enable = true;
+
+ # Enable iSCSI
+ openiscsi = {
+ enable = true;
+ name = "iqn.2025.placeholder:initiator"; # Overridden @ Runtime
+ };
+
+ # Cloud Init
+ cloud-init = {
+ enable = true;
+ network.enable = true;
+ settings = {
+ datasource_list = [ "NoCloud" ];
+ preserve_hostname = false;
+ system_info.distro = "nixos";
+ system_info.network.renderers = [ "networkd" ];
+ };
+ };
+
+ # Enable SSH
+ openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = false;
+ PermitRootLogin = "prohibit-password";
+ };
+ };
+
+ # Enable RKE2
+ rke2 = {
+ enable = true;
+ disable = [ "rke2-ingress-nginx" ];
+ };
+ };
+
+ systemd.services = {
+ # RKE2 - Wait Cloud Init
+ rke2-server = {
+ after = [ "cloud-final.service" ];
+ requires = [ "cloud-final.service" ];
+ };
+
+ # Runtime iSCSI Initiator Setup
+ iscsi-initiator-setup = {
+ description = "Setup iSCSI Initiator Name";
+ requires = [ "cloud-final.service" ];
+ before = [ "iscsid.service" ];
+ after = [ "cloud-final.service" ];
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+
+ path = [ pkgs.hostname pkgs.util-linux ];
+ script = ''
+ mkdir -p /run/iscsi
+ echo "InitiatorName=iqn.2025.org.nixos:$(hostname)" > /run/iscsi/initiatorname.iscsi
+ mount --bind /run/iscsi/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
+ '';
+ };
+ };
+
+ # User Authorized Keys
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIe1n9l9pVF5+kjWJCOt3AvBVf1HOSZkEDZxCWVPSIkr evan@reichard"
+ ];
+ hashedPassword = null;
+ };
+
+ # Add Symlinks Expected by Democratic
+ system.activationScripts = {
+ iscsi-initiator = ''
+ mkdir -p /usr/bin
+ ln -sf ${pkgs.openiscsi}/bin/iscsiadm /usr/bin/iscsiadm
+ ln -sf ${pkgs.openiscsi}/bin/iscsid /usr/bin/iscsid
+ '';
+ };
+
+ # System Packages
+ environment = {
+ systemPackages = with pkgs; [
+ htop
+ intel-gpu-tools
+ k9s
+ kubectl
+ kubernetes-helm
+ nfs-utils
+ openiscsi
+ tmux
+ vim
+ ];
+
+ # Don't Manage - Runtime Generation
+ etc."iscsi/initiatorname.iscsi".enable = false;
+ };
+ };
+}