evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evan:4717886bcc44762b04c640f14439461db8e0282f
Branches Tags
evan:master
evan:snowfall
..
compare: evan:cddaa01e9913b123f65c5dc8429ec8ad987c3276
Branches Tags
evan:master
evan:snowfall

No commits in common. "4717886bcc44762b04c640f14439461db8e0282f" and "cddaa01e9913b123f65c5dc8429ec8ad987c3276" have entirely different histories.
4717886bcc ... cddaa01e99

15 changed files with 79 additions and 169 deletions
Show Stats Expand all files Collapse all files

19
homes/aarch64-linux/evanreichard@mbp-nixos/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, config, namespace, osConfig, ... }:
{ lib, config, namespace, osConfig, ... }:
let
inherit (lib.${namespace}) enabled;
in
@ -11,7 +11,6 @@ in
services = {
ssh-agent = enabled;
fusuma = enabled;
sops = {
enable = true;
defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
@ -41,22 +40,6 @@ in
};
};
dconf = {
settings = {
"org/gnome/desktop/interface" = {
cursor-theme = "catppuccin-macchiato-mauve-cursors";
};
};
};
home.pointerCursor = {
x11.enable = true;
gtk.enable = true;
package = pkgs.catppuccin-cursors.macchiatoMauve;
name = "catppuccin-macchiato-mauve-cursors";
size = 64;
};
# Kubernetes Secrets
sops.secrets = lib.mkIf osConfig.${namespace}.security.sops.enable {
rke2_kubeconfig = {

4
modules/home/programs/graphical/ghostty/config/ghostty.conf
View File

@ -16,8 +16,8 @@ keybind = ctrl+left=goto_split:left
keybind = ctrl+right=goto_split:right
keybind = ctrl+up=goto_split:up
keybind = ctrl+down=goto_split:down
keybind = ctrl+]=goto_split:next
keybind = ctrl+[=goto_split:previous
keybind = ctrl+]=next_tab
keybind = ctrl+[=previous_tab
# Keybindings - Navigation - Tabs
keybind = ctrl+1=goto_tab:1

5
modules/home/programs/graphical/wms/hyprland/config/hyprland.conf
View File

@ -163,11 +163,10 @@ input {
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
scroll_factor = 0.2
disable_while_typing = true
scroll_factor = 0.2
disable_while_typing = true
natural_scroll = true
clickfinger_behavior = true
tap-to-click = false
}
}

35
modules/home/services/fusuma/default.nix
View File

@ -1,35 +0,0 @@
{ config, pkgs, lib, namespace, ... }:
let
cfg = config.${namespace}.services.fusuma;
in
{
options.${namespace}.services.fusuma = {
enable = lib.mkEnableOption "Fusuma";
};
config = lib.mkIf cfg.enable {
services.fusuma = {
enable = true;
extraPackages = with pkgs; [ ydotool deterministic-uname uutils-coreutils-noprefix ];
settings = {
swipe = {
"3" = {
begin = {
command = "ydotool click 40";
interval = 0.00;
};
update = {
command = "ydotool mousemove -- $move_x, $move_y";
interval = 0.01;
accel = 1.00;
# accel = 1.70;
};
end = {
command = "ydotool click 80";
};
};
};
};
};
};
}

3
modules/home/user/default.nix
View File

@ -5,7 +5,6 @@ let
mkIf
mkDefault
mkMerge
mkEnableOption
;
inherit (lib.${namespace}) mkOpt;
@ -21,7 +20,7 @@ let
in
{
options.${namespace}.user = {
enable = mkEnableOption "Whether to configure the user account.";
enable = mkOpt types.bool false "Whether to configure the user account.";
email = mkOpt types.str "evan@reichard.io" "The email of the user.";
fullName = mkOpt types.str "Evan Reichard" "The full name of the user.";
home = mkOpt (types.nullOr types.str) home-directory "The user's home directory.";

10
modules/nixos/display-managers/sddm/default.nix
View File

@ -14,6 +14,11 @@ in
catppuccin-sddm
];
environment.sessionVariables = {
QT_SCREEN_SCALE_FACTORS = "2";
QT_FONT_DPI = "192";
};
services = {
displayManager = {
sddm = {
@ -24,10 +29,5 @@ in
};
};
};
environment.sessionVariables = {
QT_SCREEN_SCALE_FACTORS = "2";
QT_FONT_DPI = "192";
};
};
}

2
modules/nixos/hardware/opengl/default.nix
View File

@ -1,6 +1,6 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf;
inherit (lib) mkIf mkForce;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.hardware.opengl;

27
modules/nixos/services/avahi/default.nix
View File

@ -1,27 +0,0 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.services.avahi;
in
{
options.${namespace}.services.avahi = {
enable = lib.mkEnableOption "Avahi";
};
config = mkIf cfg.enable {
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
};
}

4
modules/nixos/services/openiscsi/default.nix
View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, namespace, host, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkOpt mkBoolOpt;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.services.openiscsi;
in
@ -9,7 +9,7 @@ in
options.${namespace}.services.openiscsi = {
enable = lib.mkEnableOption "Open iSCSI support";
name = mkOpt types.str "iqn.2025.reichard.io:${host}" "iSCSI name";
symlink = mkBoolOpt false "Create a symlink to the iSCSI binaries";
symlink = mkOpt types.bool false "Create a symlink to the iSCSI binaries";
};
config = mkIf cfg.enable {

21
modules/nixos/services/rke2/default.nix
View File

@ -1,7 +1,7 @@
{ config, lib, namespace, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkOpt mkBoolOpt;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.services.rke2;
in
@ -9,7 +9,6 @@ in
options.${namespace}.services.rke2 = with types; {
enable = lib.mkEnableOption "Enable RKE2";
disable = mkOpt (listOf str) [ ] "Disable services";
openFirewall = mkBoolOpt true "Open firewall";
};
config = mkIf cfg.enable {
@ -17,23 +16,5 @@ in
enable = true;
disable = cfg.disable;
};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
10250 # kubelet metrics
9099 # Canal CNI health checks
];
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
];
};
}

19
modules/nixos/services/ydotool/default.nix
View File

@ -1,19 +0,0 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.services.ydotool;
in
{
options.${namespace}.services.ydotool = {
enable = lib.mkEnableOption "ydotool";
};
config = mkIf cfg.enable {
reichard.user.extraGroups = [ "input" ];
programs.ydotool = {
enable = true;
group = "input";
};
};
}

15
modules/nixos/system/networking/default.nix
View File

@ -1,16 +1,14 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkDefault mkEnableOption;
inherit (lib.${namespace}) mkBoolOpt enabled;
inherit (lib) mkIf mkForce;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.system.networking;
in
{
options.${namespace}.system.networking = {
enable = mkEnableOption "Enable Networking";
enableIWD = mkEnableOption "Enable IWD";
useDHCP = mkBoolOpt true "Use DHCP";
useNetworkd = mkBoolOpt false "Use networkd";
enable = lib.mkEnableOption "networking support";
enableIWD = mkBoolOpt false "enable iwd";
};
config = mkIf cfg.enable {
@ -23,9 +21,8 @@ in
reichard.user.extraGroups = [ "network" ];
networking = {
firewall = enabled;
useDHCP = mkDefault cfg.useDHCP;
useNetworkd = cfg.useNetworkd;
firewall.enable = true;
usePredictableInterfaceNames = mkForce true;
} // (lib.optionalAttrs cfg.enableIWD) {
wireless.iwd = {
enable = true;

5
modules/nixos/user/default.nix
View File

@ -21,9 +21,12 @@ in
users.users.${cfg.name} = {
inherit (cfg) name initialPassword;
extraGroups = [
"wheel"
] ++ cfg.extraGroups;
group = "users";
home = "/home/${cfg.name}";
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
isNormalUser = true;
shell = pkgs.bashInteractive;
uid = 1000;

18
systems/aarch64-linux/mbp-nixos/default.nix
View File

@ -7,9 +7,6 @@ in
./hardware-configuration.nix
];
system.stateVersion = "24.11";
time.timeZone = "America/New_York";
# System Config
reichard = {
nix = enabled;
@ -18,7 +15,6 @@ in
boot = {
enable = true;
showNotch = true;
silentBoot = true;
};
networking = {
enable = true;
@ -35,11 +31,6 @@ in
};
};
services = {
avahi = enabled;
ydotool = enabled;
};
security = {
sops = {
enable = true;
@ -54,4 +45,13 @@ in
};
};
};
# Hardware Config
hardware = {
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
time.timeZone = "America/New_York";
system.stateVersion = "24.11";
}

61
systems/x86_64-vmware/rke2-node/default.nix
View File

@ -8,16 +8,6 @@ in
];
config = {
# Basic System
system.stateVersion = "24.11";
time.timeZone = "UTC";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
autoResize = true;
};
reichard = {
nix = enabled;
@ -26,15 +16,9 @@ in
enable = true;
xenGuest = true;
};
networking = {
enable = true;
useDHCP = false;
useNetworkd = true;
};
};
services = {
avahi = enabled;
openssh = enabled;
cloud-init = enabled;
rke2 = {
@ -55,6 +39,50 @@ in
};
};
# Basic System
system.stateVersion = "24.11";
time.timeZone = "UTC";
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
autoResize = true;
};
# Network Configuration
networking = {
hostName = lib.mkForce "";
useNetworkd = true;
useDHCP = false;
firewall = {
enable = true;
allowedTCPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
9345 # RKE2 supervisor API
2379 # etcd Client Port
2380 # etcd Peer Port
2381 # etcd Metrics Port
10250 # kubelet metrics
9099 # Canal CNI health checks
];
allowedUDPPorts = [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
# 51820 # Canal CNI with WireGuard IPv4 (if using encryption)
# 51821 # Canal CNI with WireGuard IPv6 (if using encryption)
];
# Allow Multicast
extraCommands = ''
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
'';
};
};
systemd.services = {
# RKE2 - Wait Cloud Init
rke2-server = {
@ -84,6 +112,7 @@ in
};
};
# System Packages
environment = {
systemPackages = with pkgs; [
htop