evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evan:6b42b3cc2269aae0e97b3656be45a21ccb6023b0
Branches Tags
evan:master evan:snowfall
...
compare: evan:master
Branches Tags
evan:master evan:snowfall

40 Commits
6b42b3cc22 ... master

Author SHA1 Message Date
Evan Reichard
c60cb58d14 chore: native lsp 2025-11-15 16:04:57 -05:00
Evan Reichard
167c1d811c chore: update flake 2025-11-10 16:23:48 -05:00
Evan Reichard
bf9e3a044b fix: determinate nix + nix darwin 2025-11-08 11:32:50 -05:00
Evan Reichard
56921235b3 fix: actually fix user shell 2025-11-08 11:28:35 -05:00
Evan Reichard
b111cf4197 chore: remove csharp_ls 2025-11-08 11:19:44 -05:00
Evan Reichard
567e8c10d2 feat(nvim): add omnisharp 2025-11-06 09:26:34 -05:00
Evan Reichard
3480837c26 add: common tools 2025-11-04 21:02:25 -05:00
Evan Reichard
ad6de45681 add: strawberry 2025-11-03 08:58:33 -05:00
Evan Reichard
e7ee14a3c1 feat: add csharp lsp 2025-11-02 18:27:34 -05:00
Evan Reichard
667df4e8e6 fix: thinkpad sleep 2025-10-31 09:26:05 -04:00
Evan Reichard
5c429b8a6b block firefox ai crap 2025-10-28 08:41:12 -04:00
Evan Reichard
4f054051e5 fix: thinkpad L14 S4 hibernate 2025-10-25 13:02:36 -04:00
Evan Reichard
318c6f6984 asahi update 2025-10-22 10:19:21 -04:00
Evan Reichard
0c2bf58cfa fix: prevent clangd from formatting proto files 2025-10-15 10:36:09 -04:00
Evan Reichard
70df72a6f5 fix: incorrect bash shell in toggleterm 2025-10-10 14:24:22 -04:00
Evan Reichard
8c417d8e56 add aws stuff 2025-10-10 10:29:17 -04:00
Evan Reichard
7ce476adb3 update libvirt & add clangd lsp 2025-10-03 13:10:09 -04:00
Evan Reichard
e173ddffc9 fix tmux over mosh copy & boot config 2025-10-01 17:55:44 -04:00
Evan Reichard
eb0c28d2f0 add qemu & battery notifs 2025-09-29 20:37:53 -04:00
Evan Reichard
2a40dc791d more 2025-09-28 18:32:02 -04:00
Evan Reichard
1098c68073 wip 2025-09-27 12:28:43 -04:00
Evan Reichard
74e6684783 add ssh key 2025-09-23 20:32:31 -04:00
Evan Reichard
5b05dffb20 enable ts 2025-09-23 20:31:07 -04:00
Evan Reichard
1d9517a37f enable mosh 2025-09-23 19:23:35 -04:00
Evan Reichard
ff62814436 update nameserver 2025-09-23 16:18:43 -04:00
Evan Reichard
be5c3e9cb8 tmux 2025-09-23 15:44:57 -04:00
Evan Reichard
bf4148dab0 split bash from ghostty 2025-09-22 19:05:18 -04:00
Evan Reichard
fbb274a50a more systems 2025-09-19 14:37:17 -04:00
Evan Reichard
9159465836 add headscale specific node 2025-09-16 16:30:56 -04:00
Evan Reichard
cff9bcaecc alias 2025-09-07 21:03:27 -04:00
Evan Reichard
2492bb8825 tailscale 2025-09-07 15:20:47 -04:00
Evan Reichard
788697561a add kubectl 2025-09-06 20:33:36 -04:00
Evan Reichard
f6dbe8ad1d mkopt systemd vs grub 2025-09-06 09:47:27 -04:00
Evan Reichard
26f32d3225 chore: added llama-cpp and migrate office 2025-09-05 22:58:00 -04:00
Evan Reichard
9433abcaf4 update nix flake, remote nix-anywhere, update readme 2025-09-03 08:12:35 -04:00
Evan Reichard
f5c4e6c9db back to vmware 2025-09-01 20:51:48 -04:00
Evan Reichard
b970f6f550 add cloud 2025-09-01 20:09:23 -04:00
Evan Reichard
93b7c6ee25 update nix 2025-09-01 15:10:31 -04:00
Evan Reichard
cc045f225b feat(nvim): add octo 2025-08-28 17:04:54 -04:00
Evan Reichard
e63dd8d5d1 add: remmina & thinkpad hardware mod 2025-07-28 16:55:28 -04:00
64 changed files with 1707 additions and 486 deletions
Expand all files Collapse all files

7
.sops.yaml
View File

@@ -3,6 +3,8 @@ keys:
- &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
# lin-va-mbp-personal@evanreichard - SSH Derived
- &user_lin-va-mbp-personal age17ayje4uv2mhwehhp9jr3u9l0ds07396kt7ef40sufx89vm7cgfjq6d5d4y
# mac-va-mbp-personal@evanreichard - SSH Derived
- &user_mac-va-mbp-personal age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
@@ -13,3 +15,8 @@ creation_rules:
- age:
- *admin_reichard
- *user_lin-va-mbp-personal
- path_regex: secrets/mac-va-mbp-personal/evanreichard/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_reichard
- *user_mac-va-mbp-personal

121
README.md
View File

@@ -2,87 +2,42 @@
This repository contains the configuration for multiple machines, as well as my home / IDE config (home-manager).
### NixOS
```bash
# Install NixOS
./bootstrap.sh install --name lin-va-nix-builder
# Remote Image Build (NixOS Builder)
./bootstrap.sh image --name lin-va-rke2 --remote
# Home Manager Install
home-manager switch --flake .#evanreichard@mac-va-mbp-personal
# Update Flake
nix flake update
```
## Manual
```bash
# Install NixOS
sudo nixos-rebuild switch --flake .#lin-va-mbp-personal
# Install NixOS (Remote)
nix run github:nix-community/nixos-anywhere -- --flake .#lin-cloud-kube1 --target-host \<USER\>@\<IP\>
# Build Image
nix build .#vmwareConfigurations.lin-va-rke2
```
### NixOS Generators
## Nix Darwin
```bash
nix build .#vmwareConfigurations.rke2-node
```
# Install Nix Without Determinate
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
### Home Manager
```bash
home-manager switch --flake .#evanreichard@MBP-Personal
```
### NixOS Hosts
#### Copy Config
```bash
rsync -av --exclude='.git' . root@HOST:/etc/nixos
```
#### Partition Drives
```bash
# Validate Disk
ls -l /dev/disk/by-id
# Partition Disk
# WARNING: This will destroy all data on the disk(s)
sudo nix \
--experimental-features "nix-command flakes" \
run github:nix-community/disko -- \
--mode disko \
--flake /etc/nixos#HOST_CONFIG
```
#### Install NixOS
```bash
# Install
sudo nixos-install --flake /etc/nixos#HOST_CONFIG
# Reboot
sudo reboot
```
#### Copy Config Back to Host
```bash
rsync -av --exclude='.git' . root@HOST:/etc/nixos
```
#### Rebuild NixOS
```bash
sudo nixos-rebuild switch
```
# Nix Home Manager Configuration - macOS
## Upgrade
```bash
# Update System Channels
sudo nix-channel --add https://nixos.org/channels/nixpkgs-24.11-darwin nixpkgs
sudo nix-channel --update
# Update Home Manager
nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz home-manager
nix-channel --update
# Link Repo
ln -s /Users/evanreichard/Development/git/personal/nix/home-manager ~/.config/home-manager
# Build Home Manager
home-manager switch
# Switch Nix Darwin
sudo nix run nix-darwin#darwin-rebuild -- switch --flake .#mac-va-mbp-personal
sudo darwin-rebuild switch --flake .#mac-va-mbp-personal
```
## Clean Garbage
@@ -94,7 +49,25 @@ sudo nix-collect-garbage --delete-old
nix-collect-garbage --delete-old
```
## OS Update
## Home Manager
```bash
# Update System Channels
sudo nix-channel --add https://nixos.org/channels/nixpkgs-25.05-darwin nixpkgs
sudo nix-channel --update
# Update Home Manager
nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz home-manager
nix-channel --update
# Link Repo
ln -s /Users/evanreichard/Development/git/personal/nix/home-manager ~/.config/home-manager
# Build Home Manager
home-manager switch
```
### OS Update
`/etc/bashrc` may get overridden. To properly load Nix, prepend the following:

44
bootstrap.sh
View File

@@ -31,13 +31,13 @@ function cmd_image() {
# Validate Config Exists
if ! nix eval --json --impure \
".#qcowConfigurations" \
".#vmwareConfigurations" \
--apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then
echo "Error: NixOS Generator Config '$name' not found"
exit 1
fi
build_args=(".#qcowConfigurations.$name")
build_args=(".#vmwareConfigurations.$name")
if [ "$remote" = true ]; then
build_args+=("-j0")
fi
@@ -51,8 +51,9 @@ function cmd_image() {
}
function cmd_install() {
local usage="Usage: $0 install --name <system-name>"
local usage="Usage: $0 install --name <system-name> [--remote <user@remote-host>]"
local name=""
local remote=""
while [[ $# -gt 0 ]]; do
case "$1" in
@@ -60,6 +61,10 @@ function cmd_install() {
name="$2"
shift 2
;;
--remote)
remote="$2"
shift 2
;;
*)
echo "$usage"
exit 1
@@ -87,6 +92,18 @@ function cmd_install() {
exit 1
fi
# Remote or Local
if [ -n "$remote" ]; then
cmd_install_remote "$name" "$remote"
else
cmd_install_local "$name" "$disk_id"
fi
}
function cmd_install_local(){
local name="$1"
local disk_id="$2"
# Validate Disk Exists
if [ ! -e "$disk_id" ]; then
echo "Error: Disk $disk_id not found on system"
@@ -133,6 +150,27 @@ function cmd_install() {
sudo reboot
}
function cmd_install_remote(){
local name="$1"
local remote="$2"
# Prompt Install
read -p "This will completely wipe and install NixOS on $remote with configuration $name. Continue? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Operation Cancelled"
exit 1
fi
# Install NixOS
echo "Installing $name to remote host: $remote"
if ! nix run github:nix-community/nixos-anywhere -- --flake ".#$name" --target-host "$remote"; then
echo "Error: Remote NixOS installation failed"
exit 1
fi
echo "Successfully installed $name to remote host: $remote"
}
case "$1" in
image)
shift

111
flake.lock generated
View File

@@ -6,33 +6,54 @@
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1738646032,
"narHash": "sha256-57BdBE9anNpIpf48EiTVLGxg4mOQ04XjHCEP0gLTsFA=",
"lastModified": 1755115705,
"narHash": "sha256-CjWlI6c1pWu+X5Qz8B6K1httNpA4eDNxf/Ozfm6Mvlw=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "e77031211944723a38bebc043e48847c36e43668",
"rev": "78b5825968dc784dae2fe71b1c76f364efe107ae",
"type": "github"
},
"original": {
"owner": "tpwrules",
"ref": "releasep2-2024-12-25",
"ref": "release-25.05",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759509947,
"narHash": "sha256-4XifSIHfpJKcCf5bZZRhj8C4aCpjNBaE3kXr02s4rHU=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "000eadb231812ad6ea6aebd7526974aaf4e79355",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "nix-darwin-25.05",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1753140376,
"narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=",
"lastModified": 1762276996,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"owner": "nix-community",
"repo": "disko",
"rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"type": "github"
},
"original": {
@@ -49,11 +70,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1753589020,
"narHash": "sha256-rFZWFBjYRXNli1rZvRLOJVKLznk3Fj/eHJJdcWB0zWE=",
"lastModified": 1762747412,
"narHash": "sha256-E9E30aYXUvRrsBG03cDnQnjGpFgfoct55BuPpAGzfEE=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "2988587ae70864239861389dbd84efdbfa9fa2c5",
"rev": "09deac38ec607361200ed0d88e77b50b00426f0f",
"type": "gitlab"
},
"original": {
@@ -65,11 +86,11 @@
},
"flake-compat": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"lastModified": 1746162366,
"narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github"
},
"original": {
@@ -138,11 +159,11 @@
]
},
"locked": {
"lastModified": 1753592768,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fc3add429f21450359369af74c2375cb34a2d204",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github"
},
"original": {
@@ -206,11 +227,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1753429684,
"narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=",
"lastModified": 1762596750,
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7fd36ee82c0275fb545775cc5e4d30542899511d",
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
"type": "github"
},
"original": {
@@ -222,11 +243,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1753345091,
"narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
"lastModified": 1762756533,
"narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
"rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
"type": "github"
},
"original": {
@@ -239,6 +260,7 @@
"root": {
"inputs": {
"apple-silicon": "apple-silicon",
"darwin": "darwin",
"disko": "disko",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
@@ -249,22 +271,6 @@
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
"flake": false,
"locked": {
"lastModified": 1686795910,
"narHash": "sha256-jDa40qRZ0GRQtP9EMZdf+uCbvzuLnJglTUI2JoHfWDc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "5c2b97c0a9bc5217fc3dfb1555aae0fb756d99f9",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_2",
@@ -294,11 +300,11 @@
]
},
"locked": {
"lastModified": 1752544651,
"narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
"lastModified": 1762659808,
"narHash": "sha256-2Kv2mANf+FRisqhpfeZ8j9firBxb23ZvEXwdcunbpGI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2c8def626f54708a9c38a5861866660395bb3461",
"rev": "524312bc62e3f34bd9231a2f66622663d3355133",
"type": "github"
},
"original": {
@@ -321,6 +327,27 @@
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"apple-silicon",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754492133,
"narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1298185c05a56bff66383a20be0b41a307f52228",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

16
flake.nix
View File

@@ -14,7 +14,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
apple-silicon = {
url = "github:tpwrules/nixos-apple-silicon/releasep2-2024-12-25";
url = "github:tpwrules/nixos-apple-silicon/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
@@ -29,6 +29,10 @@
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
darwin = {
url = "github:nix-darwin/nix-darwin/nix-darwin-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs:
@@ -51,6 +55,12 @@
];
};
outputs-builder = channels: {
devShells = {
default = import ./shells/default/default.nix { pkgs = channels.nixpkgs; };
};
};
homes.modules = with inputs; [
sops-nix.homeManagerModules.sops
];
@@ -60,6 +70,10 @@
disko.nixosModules.disko
sops-nix.nixosModules.sops
];
darwin = with inputs; [
home-manager.darwinModules.home-manager
sops-nix.darwinModules.sops
];
};
};
}

6
homes/aarch64-darwin/evanreichard@mac-va-mbp-personal/default.nix
View File

@@ -1,9 +1,9 @@
{ lib, config, namespace, ... }:
{ lib, pkgs, config, namespace, ... }:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "24.11";
home.stateVersion = "25.05";
reichard = {
user = {
@@ -49,6 +49,8 @@ in
# tldr
# ];
home.packages = with pkgs; [ fastfetch ];
# SQLite Configuration
home.file.".sqliterc".text = ''
.headers on

2
homes/aarch64-darwin/evanreichard@mac-va-mbp-work/default.nix
View File

@@ -3,7 +3,7 @@ let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "24.11";
home.stateVersion = "25.05";
reichard = {
user = {

2
homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix
View File

@@ -3,7 +3,7 @@ let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "24.11";
home.stateVersion = "25.05";
reichard = {
user = {

36
homes/x86_64-linux/evanreichard@lin-va-terminal/default.nix Executable file
View File

@@ -0,0 +1,36 @@
{ lib, config, namespace, ... }:
let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "25.05";
reichard = {
user = {
enable = true;
inherit (config.snowfallorg.user) name;
};
services = {
ssh-agent = enabled;
};
programs = {
terminal = {
bash = enabled;
tmux = enabled;
btop = enabled;
direnv = enabled;
git = enabled;
k9s = enabled;
nvim = enabled;
};
};
};
# SQLite Configuration
home.file.".sqliterc".text = ''
.headers on
.mode column
'';
}

5
homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix
View File

@@ -3,7 +3,7 @@ let
inherit (lib.${namespace}) enabled;
in
{
home.stateVersion = "24.11";
home.stateVersion = "25.05";
reichard = {
user = {
@@ -15,6 +15,7 @@ in
ssh-agent = enabled;
fusuma = enabled;
swww = enabled;
poweralertd = enabled;
sops = {
enable = true;
defaultSopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
@@ -26,9 +27,11 @@ in
graphical = {
wms.hyprland = enabled;
ghostty = enabled;
strawberry = enabled;
gimp = enabled;
wireshark = enabled;
ghidra = enabled;
remmina = enabled;
browsers.firefox = {
enable = true;
gpuAcceleration = true;

8
modules/darwin/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
};
}

103
modules/darwin/nix/default.nix Normal file
View File

@@ -0,0 +1,103 @@
{ config, lib, pkgs, inputs, namespace, host, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkBoolOpt mkOpt;
cfg = config.${namespace}.nix;
in
{
options.${namespace}.nix = {
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
usingDeterminate = mkBoolOpt false "Whether we're using determinate nix";
package = mkOpt types.package pkgs.nixVersions.latest "Which nix package to use.";
};
config = mkIf cfg.enable {
nix =
let
mappedRegistry = lib.pipe inputs [
(lib.filterAttrs (_: lib.isType "flake"))
(lib.mapAttrs (_: flake: { inherit flake; }))
(x: x // {
nixpkgs.flake = if pkgs.stdenv.hostPlatform.isLinux then inputs.nixpkgs else inputs.nixpkgs-unstable;
})
(x: if pkgs.stdenv.hostPlatform.isDarwin then lib.removeAttrs x [ "nixpkgs-unstable" ] else x)
];
users = [
"root"
"@wheel"
"nix-builder"
"evanreichard"
];
in
{
inherit (cfg) package;
buildMachines = lib.optional (config.${namespace}.security.sops.enable && host != "nixos-builder") {
hostName = "10.0.50.130";
systems = [ "x86_64-linux" ];
sshUser = "evanreichard";
protocol = "ssh";
sshKey = config.sops.secrets.builder_ssh_key.path;
supportedFeatures = [
"benchmark"
"big-parallel"
"nixos-test"
"kvm"
];
};
checkConfig = true;
distributedBuilds = true;
optimise.automatic = !cfg.usingDeterminate;
registry = lib.mkForce mappedRegistry;
gc = {
automatic = !cfg.usingDeterminate;
options = "--delete-older-than 7d";
};
settings = {
connect-timeout = 5;
allowed-users = users;
max-jobs = "auto";
auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
builders-use-substitutes = true;
experimental-features = [
"nix-command"
"flakes "
];
flake-registry = "/etc/nix/registry.json";
http-connections = 50;
keep-derivations = true;
keep-going = true;
keep-outputs = true;
log-lines = 50;
sandbox = true;
trusted-users = users;
warn-dirty = false;
use-xdg-base-directories = true;
substituters = [
"https://anyrun.cachix.org"
"https://cache.nixos.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://nixpkgs-wayland.cachix.org"
"https://numtide.cachix.org"
];
trusted-public-keys = [
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
];
};
};
};
}

31
modules/darwin/security/sops/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, lib, namespace, ... }:
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.security.sops;
in
{
options.${namespace}.security.sops = {
enable = lib.mkEnableOption "sops";
defaultSopsFile = mkOpt lib.types.path null "Default sops file.";
sshKeyPaths = mkOpt (with lib.types; listOf path) [
"/etc/ssh/ssh_host_ed25519_key"
] "SSH Key paths to use.";
};
config = lib.mkIf cfg.enable {
sops = {
inherit (cfg) defaultSopsFile;
age = {
inherit (cfg) sshKeyPaths;
keyFile = "${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt";
};
};
sops.secrets.builder_ssh_key = {
sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
};
};
}

20
modules/darwin/services/openssh/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, namespace, lib, ... }:
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.security.sops;
in
{
options.${namespace}.services.openssh = with lib.types; {
enable = lib.mkEnableOption "OpenSSH support";
authorizedKeys = mkOpt (listOf str) [ ] "The public keys to apply.";
extraConfig = mkOpt str "" "Extra configuration to apply.";
port = mkOpt port 2222 "The port to listen on (in addition to 22).";
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
};
};
}

23
modules/darwin/user/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, lib, namespace, pkgs, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.user;
in
{
options.${namespace}.user = with types; {
name = mkOpt str "evanreichard" "The name to use for the user account.";
email = mkOpt str "evan@reichard.io" "The email of the user.";
fullName = mkOpt str "Evan Reichard" "The full name of the user.";
uid = mkOpt (types.nullOr types.int) 501 "The uid for the user account.";
};
config = {
users.users.${cfg.name} = {
uid = mkIf (cfg.uid != null) cfg.uid;
shell = pkgs.bashInteractive;
home = "/Users/${cfg.name}";
};
};
}

6
modules/home/programs/graphical/browsers/firefox/default.nix
View File

@@ -38,6 +38,12 @@ in
ExtensionRecommendations = false;
SkipOnboarding = true;
};
GenerativeAI = {
Chatbot = false;
LinkPreviews = false;
TabGroups = false;
Locked = false;
};
ExtensionSettings = {
# Block All
# "*".installation_mode = "blocked";

56
modules/home/programs/graphical/ghostty/default.nix
View File

@@ -10,62 +10,14 @@ in
};
config = mkIf cfg.enable {
programs.bash = {
enable = true;
shellAliases = {
grep = "grep --color";
ssh = "TERM=xterm-256color ssh";
flush_dns = "sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder";
};
profileExtra = ''
SHELL="$BASH"
PATH=~/.bin:$PATH
bind "set show-mode-in-prompt on"
# Enable Bash
${namespace}.programs.terminal.bash.enable = true;
set -o vi || true
VISUAL=vim
EDITOR="$VISUAL"
fastfetch
eval "$(thefuck --alias)"
'';
};
programs.powerline-go = {
enable = true;
settings = {
git-mode = "compact";
theme = "gruvbox";
};
modules = [
"host"
"cwd"
"git"
"docker"
"venv"
];
};
programs.readline = {
enable = true;
extraConfig = ''
# Approximate VIM Dracula Colors
set vi-ins-mode-string \1\e[01;38;5;23;48;5;231m\2 I \1\e[38;5;231;48;5;238m\2\1\e[0m\2
set vi-cmd-mode-string \1\e[01;38;5;22;48;5;148m\2 C \1\e[38;5;148;48;5;238m\2\1\e[0m\2
'';
};
home.packages = with pkgs; [
thefuck
fastfetch
bashInteractive
nerd-fonts.meslo-lg
] ++ optionals isLinux [
# Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
# Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
home.packages = with pkgs; optionals isLinux [
ghostty
];
home.file.".config/fastfetch/config.jsonc".text = builtins.readFile ./config/fastfetch.jsonc;
home.file.".config/ghostty/config".text =
let
bashPath = "${pkgs.bashInteractive}/bin/bash";

17
modules/home/programs/graphical/remmina/default.nix Executable file
View File

@@ -0,0 +1,17 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.remmina;
in
{
options.${namespace}.programs.graphical.remmina = {
enable = mkEnableOption "Remmina";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
remmina
];
};
}

17
modules/home/programs/graphical/strawberry/default.nix Executable file
View File

@@ -0,0 +1,17 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.strawberry;
in
{
options.${namespace}.programs.graphical.strawberry = {
enable = mkEnableOption "Enable Strawberry";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
strawberry
libgpod
];
};
}

3
modules/home/programs/terminal/aws/default.nix
View File

@@ -10,8 +10,9 @@ in
config = mkIf cfg.enable {
home.packages = with pkgs; [
cw
aws-sso-util
awscli2
cw
ssm-session-manager-plugin
];
};

3
modules/home/programs/terminal/bash/config/.gitignore vendored Executable file
View File

@@ -0,0 +1,3 @@
_scratch
.direnv
.envrc

0
modules/home/programs/graphical/ghostty/config/fastfetch.jsonc → modules/home/programs/terminal/bash/config/fastfetch.jsonc
View File

69
modules/home/programs/terminal/bash/default.nix Executable file
View File

@@ -0,0 +1,69 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf optionalAttrs;
inherit (pkgs.stdenv) isLinux;
cfg = config.${namespace}.programs.terminal.bash;
in
{
options.${namespace}.programs.terminal.bash = {
enable = lib.mkEnableOption "bash";
};
config = mkIf cfg.enable {
programs.bash = {
enable = true;
shellAliases = {
grep = "grep --color";
ssh = "TERM=xterm-256color ssh";
} // optionalAttrs isLinux {
sync-watch = "watch -d grep -e Dirty: -e Writeback: /proc/meminfo";
};
profileExtra = ''
export COLORTERM=truecolor
SHELL="$BASH"
PATH=~/.bin:$PATH
bind "set show-mode-in-prompt on"
set -o vi || true
VISUAL=vim
EDITOR="$VISUAL"
fastfetch
eval "$(thefuck --alias)"
'';
};
programs.powerline-go = {
enable = true;
settings = {
git-mode = "compact";
theme = "gruvbox";
};
modules = [
"host"
"cwd"
"git"
"docker"
"venv"
];
};
programs.readline = {
enable = true;
extraConfig = ''
# Approximate VIM Dracula Colors
set vi-ins-mode-string \1\e[01;38;5;23;48;5;231m\2 I \1\e[38;5;231;48;5;238m\2\1\e[0m\2
set vi-cmd-mode-string \1\e[01;38;5;22;48;5;148m\2 C \1\e[38;5;148;48;5;238m\2\1\e[0m\2
'';
};
home.packages = with pkgs; [
thefuck
fastfetch
bashInteractive
nerd-fonts.meslo-lg
];
home.file.".config/fastfetch/config.jsonc".text = builtins.readFile ./config/fastfetch.jsonc;
};
}

3
modules/home/programs/terminal/nvim/config/lua/base.lua
View File

@@ -5,6 +5,9 @@
-- vim.cmd('colorscheme melange')
vim.cmd("colorscheme catppuccin-mocha")
-- Set User Shell
vim.o.shell = "/usr/bin/env bash"
-- Set Leader
vim.keymap.set("n", "<Space>", "<Nop>", { silent = true })
vim.g.mapleader = " "

2
modules/home/programs/terminal/nvim/config/lua/git-ref.lua
View File

@@ -1,4 +1,4 @@
function get_git_info()
local function get_git_info()
local abs_path = vim.fn.expand("%:p")
local git_root = vim.fn.systemlist(
"git -C " .. vim.fn.escape(vim.fn.fnamemodify(abs_path, ":h"), " ") .. " rev-parse --show-toplevel"

5
modules/home/programs/terminal/nvim/config/lua/init.lua
View File

@@ -8,17 +8,18 @@ require("dap-config")
require("diffview-config")
require("git-ref")
require("git-signs")
require("llm")
require("leap-config")
require("llm")
require("lsp-config")
require("lsp-lines-config")
require("lualine-config")
require("neotree-config")
require("noice-config")
require("numb-config")
require("octo-config")
require("silicon-config")
require("telescope-config")
require("toggleterm-config")
require("ts-config")
require("which-key-config")
require("weird-chars")
require("which-key-config")

2
modules/home/programs/terminal/nvim/config/lua/llm.lua
View File

@@ -1,6 +1,6 @@
-- Configure LLama LLM
vim.g.llama_config = {
endpoint = "http://10.0.50.120:8080/infill",
endpoint = "http://10.0.50.120:8012/infill",
api_key = "",
n_prefix = 256,
n_suffix = 64,

103
modules/home/programs/terminal/nvim/config/lua/lsp-config.lua
View File

@@ -8,18 +8,12 @@ vim.api.nvim_create_autocmd("FileType", {
end,
})
vim.filetype.add({
extension = {
templ = "templ",
},
})
------------------------------------------------------
-------------------- Built-in LSP --------------------
------------------------------------------------------
local nix_vars = require("nix-vars")
local nvim_lsp = require("lspconfig")
local augroup = vim.api.nvim_create_augroup("LspFormatting", { clear = false })
local on_attach = function(client, bufnr)
local bufopts = { noremap = true, silent = true, buffer = bufnr }
@@ -71,82 +65,80 @@ local organize_go_imports = function()
end
end
-- Define LSP Flags & Capabilities
local lsp_flags = { debounce_text_changes = 150 }
local capabilities = require("cmp_nvim_lsp").default_capabilities()
local default_config = {
flags = { debounce_text_changes = 150 },
capabilities = require("cmp_nvim_lsp").default_capabilities(),
on_attach = on_attach,
}
local setup_lsp = function(name, config)
local final_config = vim.tbl_deep_extend("force", default_config, config or {})
vim.lsp.config(name, final_config)
vim.lsp.enable(name)
end
-- Python LSP Configuration
nvim_lsp.pyright.setup({
on_attach = on_attach,
flags = lsp_flags,
capabilities = capabilities,
setup_lsp("pyright", {
filetypes = { "starlark", "python" },
})
-- HTML LSP Configuration
nvim_lsp.html.setup({
setup_lsp("html", {
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.vscls .. "/bin/vscode-html-language-server", "--stdio" },
filetypes = { "htm", "html" },
})
-- JSON LSP Configuration
nvim_lsp.jsonls.setup({
setup_lsp("jsonls", {
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.vscls .. "/bin/vscode-html-language-server", "--stdio" },
filetypes = { "json", "jsonc", "jsonl" },
})
-- CSS LSP Configuration
nvim_lsp.cssls.setup({
setup_lsp("cssls", {
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.vscls .. "/bin/vscode-html-language-server", "--stdio" },
filetypes = { "css" },
})
-- Typescript / Javascript LSP Configuration
nvim_lsp.ts_ls.setup({
setup_lsp("ts_ls", {
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.tsls, "--stdio" },
filetypes = { "typescript", "typescriptreact" },
})
-- Svelte LSP Configuration
nvim_lsp.svelte.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.sveltels, "--stdio" },
-- C LSP Configuration
setup_lsp("clangd", {
cmd = { nix_vars.clangd },
filetypes = { "c", "cpp", "objc", "objcpp", "cuda" },
})
-- Lua LSP Configuration
nvim_lsp.lua_ls.setup({
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
setup_lsp("lua_ls", {
cmd = { nix_vars.luals },
})
-- Templ LSP Configuration
nvim_lsp.templ.setup({
on_attach = on_attach,
flags = lsp_flags,
capabilities = capabilities,
filetypes = { "lua" },
})
-- Nix LSP Configuration
nvim_lsp.nil_ls.setup({
on_attach = on_attach,
flags = lsp_flags,
capabilities = capabilities,
setup_lsp("nil_ls", {
filetypes = { "nix" },
})
-- Omnisharp LSP Configuration
setup_lsp("omnisharp", {
enable_roslyn_analyzers = true,
enable_import_completion = true,
organize_imports_on_format = true,
enable_decompilation_support = true,
filetypes = { "cs", "vb", "csproj", "sln", "slnx", "props", "csx", "targets", "tproj", "slngen", "fproj" },
cmd = { nix_vars.omnisharp, "--languageserver", "--hostPID", tostring(vim.fn.getpid()) },
})
-- Go LSP Configuration
nvim_lsp.gopls.setup({
setup_lsp("gopls", {
on_attach = function(client, bufnr)
on_attach(client, bufnr)
vim.api.nvim_create_autocmd("BufWritePre", {
@@ -155,9 +147,8 @@ nvim_lsp.gopls.setup({
callback = organize_go_imports,
})
end,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.gopls },
filetypes = { "go" },
settings = {
gopls = {
buildFlags = { "-tags=e2e" },
@@ -166,11 +157,10 @@ nvim_lsp.gopls.setup({
})
-- Go LSP Linting
nvim_lsp.golangci_lint_ls.setup({
setup_lsp("golangci_lint_ls", {
on_attach = on_attach_no_formatting,
flags = lsp_flags,
capabilities = capabilities,
cmd = { nix_vars.golintls },
filetypes = { "go" },
init_options = {
command = {
"golangci-lint",
@@ -204,8 +194,8 @@ local eslintFiles = {
}
local has_eslint_in_parents = function(fname)
local root_file = nvim_lsp.util.insert_package_json(eslintFiles, "eslintConfig", fname)
return nvim_lsp.util.root_pattern(unpack(root_file))(fname)
local root_file = require("lspconfig").util.insert_package_json(eslintFiles, "eslintConfig", fname)
return require("lspconfig").util.root_pattern(unpack(root_file))(fname)
end
none_ls.setup({
@@ -219,8 +209,7 @@ none_ls.setup({
end,
}),
none_ls.builtins.completion.spell,
none_ls.builtins.formatting.nixpkgs_fmt,
none_ls.builtins.formatting.stylua,
none_ls.builtins.formatting.nixpkgs_fmt, -- TODO: nixd native LSP?
none_ls.builtins.diagnostics.sqlfluff,
none_ls.builtins.formatting.sqlfluff,
require("none-ls.formatting.autopep8").with({

63
modules/home/programs/terminal/nvim/config/lua/lualine-config.lua
View File

@@ -3,23 +3,28 @@ local cached_pr_status = ""
-- Read process output
local function read_output(err, data)
if err then return end
if not data then return end
cached_pr_status = data
if err then
return
end
if not data then
return
end
cached_pr_status = data
end
-- Spawn process
local function execute_command()
local stdout = vim.loop.new_pipe(false)
local stdout = vim.loop.new_pipe(false)
local spawn_opts = {
detached = true,
stdio = {nil, stdout, nil},
args = {"-c", "gh pr checks | awk -F'\t' '{ print $2 }'"}
}
local spawn_opts = {
detached = true,
stdio = { nil, stdout, nil },
args = { "-c", "gh pr checks | awk -F'\t' '{ print $2 }'" },
}
vim.loop.spawn("bash", spawn_opts,
function() stdout:read_start(read_output) end)
vim.loop.spawn("bash", spawn_opts, function()
stdout:read_start(read_output)
end)
end
-- Spawn & schedule process
@@ -28,22 +33,26 @@ vim.fn.timer_start(300000, execute_command)
-- Return status from cache
function pr_status()
--   
--    
--
-- PENDING COLOR - #d29922
-- PASS COLOR - #3fb950
-- FAIL COLOR - #f85149
return cached_pr_status:gsub("\n", ""):gsub("fail", ""):gsub("pass",
"")
:gsub("pending", ""):gsub("skipping", " "):sub(1, -2)
--   
--    
--
-- PENDING COLOR - #d29922
-- PASS COLOR - #3fb950
-- FAIL COLOR - #f85149
return cached_pr_status
:gsub("\n", "")
:gsub("fail", " ")
:gsub("pass", "")
:gsub("pending", "")
:gsub("skipping", "")
:sub(1, -2)
end
require('lualine').setup({
options = {
theme = "gruvbox_dark"
-- theme = "nord"
-- theme = "OceanicNext",
},
sections = {lualine_c = {{pr_status}}}
require("lualine").setup({
options = {
theme = "catppuccin",
-- theme = "nord"
-- theme = "OceanicNext",
},
sections = { lualine_c = { { pr_status } } },
})

30
modules/home/programs/terminal/nvim/config/lua/octo-config.lua Normal file
View File

@@ -0,0 +1,30 @@
require("octo").setup()
vim.keymap.set("n", "<leader>rs", "<cmd>Octo review start<cr>")
vim.keymap.set("n", "<leader>rd", "<cmd>Octo review discard<cr>")
vim.keymap.set("n", "<leader>rr", "<cmd>Octo review resume<cr>")
vim.keymap.set("n", "<leader>re", "<cmd>Octo review submit<cr>")
vim.keymap.set("n", "<leader>rca", "<cmd>Octo review comments<cr>")
vim.keymap.set("n", "<leader>rcs", "<cmd>Octo comment suggest<cr>")
vim.keymap.set("n", "<leader>rcc", "<cmd>Octo comment add<cr>")
vim.keymap.set("n", "<leader>rcr", "<cmd>Octo comment reply<cr>")
vim.keymap.set("n", "<leader>pd", "<cmd>Octo pr diff<cr>")
vim.keymap.set("n", "<leader>pc", "<cmd>Octo pr changes<cr>")
-- vim.api.nvim_create_autocmd("FileType", {
-- pattern = "octo",
-- callback = function()
-- vim.keymap.set("n", "<leader>rs", "<cmd>Octo review start<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rd", "<cmd>Octo review discard<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rr", "<cmd>Octo review resume<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>re", "<cmd>Octo review submit<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rca", "<cmd>Octo review comments<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rcs", "<cmd>Octo comment suggest<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rcc", "<cmd>Octo comment add<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rcr", "<cmd>Octo comment reply<cr>", { buffer = true })
--
-- vim.keymap.set("n", "<leader>pd", "<cmd>Octo pr diff<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>pc", "<cmd>Octo pr changes<cr>", { buffer = true })
-- end,
-- })

11
modules/home/programs/terminal/nvim/config/lua/telescope-config.lua
View File

@@ -14,9 +14,10 @@ require("telescope").load_extension("ui-select")
require("telescope").load_extension("undo")
local builtin = require("telescope.builtin")
vim.keymap.set("n", "<leader>ff", builtin.find_files, {})
vim.keymap.set("n", "<leader>fg", builtin.live_grep, {})
vim.keymap.set("n", "<leader>fb", builtin.buffers, {})
vim.keymap.set("n", "<leader>fh", builtin.help_tags, {})
vim.keymap.set("n", "<leader>fj", builtin.jumplist, {})
vim.keymap.set("n", "<leader>ff", builtin.find_files)
vim.keymap.set("n", "<leader>fg", builtin.live_grep)
vim.keymap.set("n", "<leader>fb", builtin.buffers)
vim.keymap.set("n", "<leader>fh", builtin.help_tags)
vim.keymap.set("n", "<leader>fj", builtin.jumplist)
vim.keymap.set("n", "<leader>fu", "<cmd>Telescope undo<cr>")
vim.keymap.set("n", "<leader>fp", "<cmd>Octo pr list<cr>")

7
modules/home/programs/terminal/nvim/config/lua/ts-config.lua
View File

@@ -1,3 +1,4 @@
require'nvim-treesitter.configs'.setup {
highlight = {enable = true, additional_vim_regex_highlighting = false}
}
require("nvim-treesitter.configs").setup({
highlight = { enable = true, additional_vim_regex_highlighting = false },
})
vim.treesitter.language.register("markdown", "octo")

1
modules/home/programs/terminal/nvim/config/lua/which-key-config.lua
View File

@@ -16,6 +16,7 @@ wk.add({
{ "<leader>fg", "<cmd>Telescope live_grep<cr>", desc = "Live Grep" },
{ "<leader>fh", "<cmd>Telescope help_tags<cr>", desc = "Help Tags" },
{ "<leader>fj", "<cmd>Telescope jumplist<cr>", desc = "Jump List" },
{ "<leader>fp", "<cmd>Octo pr list<cr>", desc = "PR List" },
{ "<leader>g", group = "DiffView" },
{ "<leader>gB", desc = "Git Blame Full" },
{ "<leader>gH", "<cmd>DiffviewFileHistory --range=origin..HEAD<cr>", desc = "Diff History - Main" },

42
modules/home/programs/terminal/nvim/default.nix
View File

@@ -52,6 +52,7 @@ in
toggleterm-nvim # Terminal Helper
vim-nix # Nix Helpers
which-key-nvim # Shortcut Helper
octo-nvim # Git Octo
# ------------------
# --- Theme / UI ---
@@ -83,12 +84,12 @@ in
(
pkgs.vimUtils.buildVimPlugin {
pname = "none-ls-extras.nvim";
version = "2025-06-18";
version = "2025-10-28";
src = pkgs.fetchFromGitHub {
owner = "nvimtools";
repo = "none-ls-extras.nvim";
rev = "924fe88a9983c7d90dbb31fc4e3129a583ea0a90";
sha256 = "sha256-OJHg2+h3zvlK7LJ8kY6f7et0w6emnxfcDbjD1YyWRTw=";
rev = "402c6b5c29f0ab57fac924b863709f37f55dc298";
sha256 = "sha256-4s/xQNWNA4dgb5gZR4Xqn6zDDWrSJNtmHOmmjmYnN/8=";
};
doCheck = false;
meta.homepage = "https://github.com/nvimtools/none-ls-extras.nvim/";
@@ -101,32 +102,15 @@ in
(
pkgs.vimUtils.buildVimPlugin {
pname = "silicon.lua";
version = "2022-12-03";
version = "2025-10-28";
src = pkgs.fetchFromGitHub {
owner = "mhanberg";
owner = "0oAstro";
repo = "silicon.lua";
rev = "5ca462bee0a39b058786bc7fbeb5d16ea49f3a23";
sha256 = "0vlp645d5mmii513v72jca931miyrhkvhwb9bfzhix1199zx7vi2";
rev = "54682647a7c1c773dc4c9ab2bc309114a3b9e96f";
sha256 = "sha256-lM7ALmYHGN5SKftfD7YBPh1gGKORbS6EMXS/ZQXDMSI=";
};
doCheck = false;
meta.homepage = "https://github.com/mhanberg/silicon.lua/";
}
)
# -------------------
# ------- LLM -------
# -------------------
(
pkgs.vimUtils.buildVimPlugin {
pname = "llm.nvim";
version = "2024-05-25";
src = pkgs.fetchFromGitHub {
owner = "David-Kunz";
repo = "gen.nvim";
rev = "bd19cf584b5b82123de977b44105e855e61e5f39";
sha256 = "sha256-0AEB6im8Jz5foYzmL6KEGSAYo48g1bkFpjlCSWT6JeE=";
};
meta.homepage = "https://github.com/David-Kunz/gen.nvim/";
meta.homepage = "https://github.com/0oAstro/silicon.lua";
}
)
@@ -136,12 +120,12 @@ in
(
pkgs.vimUtils.buildVimPlugin {
pname = "llama.vim";
version = "2025-01-23";
version = "2025-10-28";
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.vim";
rev = "143fe910b8d47a054ed464c38d8b7c17d5354468";
sha256 = "sha256-PW0HKzhSxcZiWzpDOuy98rl/X0o2nE7tMjZjwwh0qLE=";
rev = "ade8966eff57dcbe4a359dd26fb1ea97378ea03c";
sha256 = "sha256-uPqOZLWKVMimhc9eG7yM5OmhJy3mTRgKsiqKhstWs4Y=";
};
meta.homepage = "https://github.com/ggml-org/llama.vim/";
}
@@ -200,6 +184,8 @@ in
tsls = "${pkgs.nodePackages.typescript-language-server}/bin/typescript-language-server",
golintls = "${pkgs.golangci-lint-langserver}/bin/golangci-lint-langserver",
vscls = "${pkgs.nodePackages.vscode-langservers-extracted}",
clangd = "${pkgs.clang-tools}/bin/clangd",
omnisharp = "${pkgs.omnisharp-roslyn}/bin/OmniSharp",
}
return nix_vars
'';

62
modules/home/programs/terminal/tmux/default.nix Executable file
View File

@@ -0,0 +1,62 @@
{ lib, pkgs, config, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.programs.terminal.tmux;
in
{
options.${namespace}.programs.terminal.tmux = {
enable = lib.mkEnableOption "tmux";
};
config = mkIf cfg.enable {
programs.tmux = {
enable = true;
clock24 = true;
plugins = with pkgs.tmuxPlugins; [
{
plugin = catppuccin;
extraConfig = ''
set -g @catppuccin_flavor "mocha"
set -g @catppuccin_status_background "none"
# Style & Separators
set -g @catppuccin_window_status_style "basic"
set -g @catppuccin_status_left_separator ""
set -g @catppuccin_status_middle_separator ""
set -g @catppuccin_status_right_separator ""
# Window Titles
set -g @catppuccin_window_text " #W"
set -g @catppuccin_window_current_text " #W"
'';
}
cpu
yank
];
extraConfig = ''
# Misc Settings
set -g status-position top
set -g mouse on
setw -g mode-keys vi
set -ag terminal-overrides ",xterm-256color:Tc:Ms=\\E]52;c%p1%.0s;%p2%s\\7"
# Start Index 1
set -g base-index 1
setw -g pane-base-index 1
set -g renumber-windows on
# Maintain Directory
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
bind c new-window -c "#{pane_current_path}"
# Theme
set -g status-left ""
set -g status-right ""
set -ag status-right "#{E:@catppuccin_status_host}"
'';
};
};
}

17
modules/home/services/poweralertd/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.services.poweralertd;
in
{
options.${namespace}.services.poweralertd = {
enable = lib.mkEnableOption "poweralertd";
};
config = mkIf cfg.enable {
services.poweralertd = {
enable = true;
};
};
}

8
modules/home/services/sops/default.nix
View File

@@ -28,14 +28,6 @@ in
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths;
};
# TODO
# secrets = {
# nix = {
# sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
# path = "${config.home.homeDirectory}/.config/nix/nix.conf";
# };
# };
};
};
}

15
modules/nixos/hardware/battery/upower/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.hardware.battery.upower;
in
{
options.${namespace}.hardware.battery.upower = {
enable = lib.mkEnableOption "enable upower";
};
config = mkIf cfg.enable {
services.upower.enable = true;
};
}

11
modules/nixos/hardware/opengl/default.nix
View File

@@ -14,6 +14,8 @@ in
};
config = mkIf cfg.enable {
services.xserver.videoDrivers = mkIf cfg.enableNvidia [ "nvidia" ];
environment.systemPackages = with pkgs; [
libva-utils
vdpauinfo
@@ -23,6 +25,15 @@ in
intel-gpu-tools
];
# Enable Nvidia Hardware
hardware.nvidia = mkIf cfg.enableNvidia {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
open = false;
nvidiaSettings = true;
};
# Add Intel Arc / Nvidia Drivers
hardware.enableRedistributableFirmware = mkIf cfg.enableIntel (mkForce true);
hardware.graphics = {

51
modules/nixos/services/headscale/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.headscale;
inherit (lib.${namespace}) mkBoolOpt;
in
{
options.${namespace}.services.headscale = {
enable = mkEnableOption "enable headscale service";
openFirewall = mkBoolOpt false "Open firewall";
};
options.services.headscale.settings.dns.nameservers.split = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
default = { };
description = ''
Split DNS configuration mapping domains to specific nameservers.
Each key is a domain suffix, and the value is a list of nameservers
to use for that domain.
'';
example = {
"internal.company.com" = [ "10.0.0.1" "10.0.0.2" ];
"dev.local" = [ "192.168.1.1" ];
};
};
config = mkIf cfg.enable {
services.headscale = {
enable = true;
address = "0.0.0.0";
settings = {
server_url = "https://headscale.reichard.io";
dns = {
base_domain = "reichard.dev";
nameservers = {
global = [
"9.9.9.9"
];
split = {
"va.reichard.io" = [ "10.0.20.20" ];
};
};
};
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 8080 ];
};
};
}

108
modules/nixos/services/llama-cpp/default.nix Normal file
View File

@@ -0,0 +1,108 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) types mkIf mkEnableOption;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.services.llama-cpp;
modelDir = "/models";
availableModels = {
"qwen2.5-coder-7b-q8_0.gguf" = {
url = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/qwen2.5-coder-7b-q8_0.gguf?download=true";
flag = "--fim-qwen-7b-default";
};
"qwen2.5-coder-3b-q8_0.gguf" = {
url = "https://huggingface.co/ggml-org/Qwen2.5-Coder-3B-Q8_0-GGUF/resolve/main/qwen2.5-coder-3b-q8_0.gguf?download=true";
flag = "--fim-qwen-3b-default";
};
};
in
{
options.${namespace}.services.llama-cpp = with types; {
enable = mkEnableOption "llama-cpp support";
modelName = mkOpt str "qwen2.5-coder-3b-q8_0.gguf" "model to use";
};
config =
let
modelPath = "${modelDir}/${cfg.modelName}";
in
mkIf cfg.enable {
assertions = [
{
assertion = availableModels ? ${cfg.modelName};
message = "Invalid model '${cfg.modelName}'. Available models: ${lib.concatStringsSep ", " (lib.attrNames availableModels)}";
}
];
systemd.services = {
# LLama Download Model
download-model = {
description = "Download Model";
wantedBy = [ "multi-user.target" ];
before = [ "llama-cpp.service" ];
path = [ pkgs.curl pkgs.coreutils ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "root";
Group = "root";
};
script =
let
modelURL = availableModels.${cfg.modelName}.url;
in
''
set -euo pipefail
if [ ! -f "${modelPath}" ]; then
mkdir -p "${modelDir}"
# Add -f flag to follow redirects and -L for location
# Add --fail flag to exit with error on HTTP errors
# Add -C - to resume interrupted downloads
curl -f -L -C - \
-H "Accept: application/octet-stream" \
--retry 3 \
--retry-delay 5 \
--max-time 1800 \
"${modelURL}" \
-o "${modelPath}.tmp" && \
mv "${modelPath}.tmp" "${modelPath}"
fi
'';
};
# Setup LLama API Service
llama-cpp = {
after = [ "download-model.service" ];
requires = [ "download-model.service" ];
};
};
services.llama-cpp = {
enable = true;
host = "0.0.0.0";
port = 8012;
openFirewall = true;
model = "${modelPath}";
package = (pkgs.llama-cpp.override {
cudaSupport = true;
}).overrideAttrs (oldAttrs: {
cmakeFlags = oldAttrs.cmakeFlags ++ [
"-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1"
"-DCMAKE_CUDA_ARCHITECTURES=61" # GTX-1070
# Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
"-DLLAMA_FMA=OFF"
"-DLLAMA_AVX2=OFF"
"-DLLAMA_AVX512=OFF"
"-DGGML_FMA=OFF"
"-DGGML_AVX2=OFF"
"-DGGML_AVX512=OFF"
];
});
extraFlags = [ availableModels.${cfg.modelName}.flag ];
};
};
}

18
modules/nixos/services/mosh/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf;
cfg = config.${namespace}.services.mosh;
in
{
options.${namespace}.services.mosh = {
enable = lib.mkEnableOption "mosh support";
};
config = mkIf cfg.enable {
programs.mosh = {
enable = true;
openFirewall = true;
};
};
}

6
modules/nixos/services/openssh/default.nix
View File

@@ -12,8 +12,14 @@ let
authorizedKeys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
# evanreichard@mobile
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARTNbl4lgQsp7SJEng7vprL0+ChC9e6iR7o/PiC4Jme"
# evanreichard@lin-va-terminal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5e6Cty+7rX5BjIEHBTU6GnzfOxPJiHpSqin/BnsypO"
];
in
{

14
modules/nixos/services/rke2/default.nix
View File

@@ -9,7 +9,7 @@ in
options.${namespace}.services.rke2 = with types; {
enable = lib.mkEnableOption "Enable RKE2";
disable = mkOpt (listOf str) [ ] "Disable services";
openFirewall = mkBoolOpt true "Open firewall";
openFirewall = mkBoolOpt false "Open firewall";
};
config = mkIf cfg.enable {
@@ -18,6 +18,10 @@ in
disable = cfg.disable;
};
# NOTE: Tailscale & K8s Calico conflict due to FWMask. You need to update the DaemonSet Env with:
# - name: FELIX_IPTABLESMARKMASK
# value: "0xff00ff00"
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API
@@ -32,8 +36,6 @@ in
7946 # memberlist
];
environment.systemPackages = with pkgs; [ nfs-utils ];
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN
@@ -49,5 +51,11 @@ in
after = [ "cloud-final.service" ];
requires = [ "cloud-final.service" ];
};
environment.systemPackages = with pkgs; [
k9s
kubectl
nfs-utils
];
};
}

32
modules/nixos/services/rtl-tcp/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.services.rtl-tcp;
in
{
options.${namespace}.services.rtl-tcp = {
enable = mkEnableOption "RTL-TCP support";
openFirewall = mkBoolOpt true "Open firewall";
};
config = mkIf cfg.enable {
hardware.rtl-sdr.enable = true;
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 1234 ];
# RTL-SDR TCP Server Service
systemd.services.rtl-tcp = {
description = "RTL-SDR TCP Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.rtl-sdr}/bin/rtl_tcp -a 0.0.0.0 -f 1090000000 -s 2400000";
Restart = "on-failure";
RestartSec = "10s";
User = "root";
Group = "root";
};
};
};
}

20
modules/nixos/services/sunshine/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.services.sunshine;
in
{
options.${namespace}.services.sunshine = {
enable = mkEnableOption "enable sunshine service";
openFirewall = mkBoolOpt true "open firewall";
};
config = mkIf cfg.enable {
services.sunshine = {
enable = true;
openFirewall = cfg.openFirewall;
};
};
}

27
modules/nixos/services/tailscale/default.nix Normal file
View File

@@ -0,0 +1,27 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.tailscale;
in
{
options.${namespace}.services.tailscale = {
enable = mkEnableOption "enable tailscale service";
enableRouting = mkEnableOption "enable tailscale routing";
};
config = mkIf cfg.enable {
services.tailscale = {
enable = true;
useRoutingFeatures = if cfg.enableRouting then "server" else "client";
};
boot.kernel.sysctl = mkIf cfg.enableRouting {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
# NOTE: Tailscale & K8s Calico conflict due to FWMask. You need to update the DaemonSet Env with:
# - name: FELIX_IPTABLESMARKMASK
# value: "0xff00ff00"
};
}

21
modules/nixos/system/boot/default.nix
View File

@@ -1,18 +1,29 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkDefault;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.system.boot;
in
{
options.${namespace}.system.boot = {
enable = lib.mkEnableOption "Enable Boot";
xenGuest = lib.mkEnableOption "Enable Xen Guest";
enableGrub = mkBoolOpt true "Enable GRUB";
enableSystemd = mkBoolOpt false "Enable systemd";
xenGuest = lib.mkEnableOption "Xen guest support";
showNotch = lib.mkEnableOption "Show macOS Notch";
silentBoot = lib.mkEnableOption "Silent Boot";
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.enableGrub && cfg.enableSystemd);
message = "Cannot enable both GRUB and systemd-boot";
}
];
services.xe-guest-utilities.enable = mkIf cfg.xenGuest true;
boot = {
@@ -33,12 +44,18 @@ in
canTouchEfiVariables = false;
};
systemd-boot = {
systemd-boot = mkIf cfg.enableSystemd {
enable = true;
configurationLimit = 20;
editor = false;
};
grub = mkIf cfg.enableGrub {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
timeout = mkDefault 1;
};

44
modules/nixos/system/disk/default.nix
View File

@@ -20,22 +20,19 @@ in
content = {
type = "gpt";
partitions = {
bios-boot = {
name = "bios-boot";
size = "1M";
type = "EF02";
};
boot = {
size = "512M";
name = "boot";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
@@ -46,6 +43,33 @@ in
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};

59
modules/nixos/virtualisation/libvirtd/default.nix Normal file
View File

@@ -0,0 +1,59 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.virtualisation.libvirtd;
in
{
options.${namespace}.virtualisation.libvirtd = {
enable = lib.mkEnableOption "enable libvirtd";
withVirtManager = mkBoolOpt false "add virt-manager";
enableIntelIOMMU = mkBoolOpt false "enable Intel IOMMU for better device passthrough";
enableAMDIOMMU = mkBoolOpt false "enable AMD IOMMU for better device passthrough";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
win-virtio
virtiofsd
libvirt
qemu_kvm
] ++ lib.optionals cfg.withVirtManager [
virt-manager
virt-viewer
spice-gtk
];
reichard = {
user = {
extraGroups = [
"libvirtd"
];
};
};
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = false;
swtpm.enable = true;
ovmf = {
enable = true;
packages = [ pkgs.OVMFFull.fd ];
};
};
};
spiceUSBRedirection.enable = true;
};
boot.kernelParams = lib.optionals cfg.enableIntelIOMMU [
"intel_iommu=on"
] ++ lib.optionals cfg.enableAMDIOMMU [
"amd_iommu=on"
];
};
}

26
secrets/mac-va-mbp-personal/evanreichard/default.yaml Normal file
View File

@@ -0,0 +1,26 @@
builder_ssh_key: ENC[AES256_GCM,data:1cYuaFJke/8GyqxPKp2zH/uARvW6Bqx6AsB16U8f3WkDpnxO6kym19MpDyQUBEjJ9Bj3RiBkSSL96jBv4YZfq+1cN8D6E14faKoYF5FZy5o1C+aTl+4L9zbrQIl/QDFh42qcJ6cYsOSjbEJv8kvZQBV7l+LNo8ZX07f76Kld3boouJJMMZWa9oaZgEifTxN4yDOPXTXNjCO3blGnsm+V3FPkba+EUASL9WH6+XLU2oW1Bc/sydOTiKGRJcs5eyqYvKi3evtxUUyqgdPVtUHNTsh6/B5kDLWFavfEfchPHT0LHIuqGJwGBglTp/NJThAoo5vNFAFIAUw9QWlY4alHhsi2L5g49r3s6i+3fGeyGCTP61uffY9HgF7nOdkTVMsRXacKh9fwgdsZAepcU+kJ3LJSdOaa4hUtCsZpFHUe4jA0kTHI1/V+7ak+iw92gNZTLKsCjIOzWFvEBVSXLctPdxQ8ezvF9ekvw5mkAwO7QYonlrQ3MUY/8b1DDOdjmfSwEyrLruew2KajFhm8/NM/2BOwcO/y+DbX2MSe5x0sx4HN79E=,iv:V25Tc7bOxc4wl5lf6gZOstN1InaCb3sfpCHMl65iwn8=,tag:mBFZcX2G3vpAOMw7V12d6w==,type:str]
rke2_kubeconfig: ENC[AES256_GCM,data:oTOBktUE71QNJXqy8l5hhYKF3mSQlLxXE7rjsctyJi4nIk4bhKACGdYkB8B37Ws9QHm5h9tAn9J/ehbWyBwsOFQIhX7S0kov8/HPlatbY3aJ+PiHO5GWRkJjbq+GZrJgdGeOCSRlA5C4lOy9cYbCqbsgfp42cNxOPhOQUyqFNCmsWJvBiJDuQX3Sqk2QoDtfTayho/v5IiJ9Xjms6m1ng98uXmANHK2wFAv4IZ2+7j14jy5RRKylTtjooJxTalSzdODV4wufHOLqFRCeGs9U4A/SEbRWacssdTWOp/wkaumruEpbuRaX33EwFzAxnawD0T/PBA1w9MfrXoz7bYaQ8S0fpWQHTr7xj79yrlJslBvTp/SzC+7LlpdsOtJr/2LpbzwFowMFPOGg0XJUWlkevIIObBuEYyAnlytxlys+2UNx+szOuUsUDTdZlEtTyJT+Xp8WjFlXkHsi66s+rDxDvUcMG6oLy3IYiYA4D7Q65aDgiy87kDmdfItf5koEEpHU2wV20EtAP2mRZ8UNYnDHd3ZV1L2gLXHGMA/sa0Tn0l4fhfr+6K0niQ9RaZxrVfqyChCw4bSCyZZFajZXcEDXsQB5UKsnMmZ3p5ZtRe/mqKydAz/xQc8mZPYFWwXN3uWgOWLRraRib0thg/PQzsbGNrKxoqc0sY3JbUSBcyhtz2x7b0Sj+g8ibtySmSEM1DrcYFdLG/QHbg8MaSOIIlZDDan2SJ0vAd432hI9BBIxj3L0EOfVBkbzEdtuuW7SSCG650X2u4Rd0Kkjc7HoB6pafJTWx2QZ/CMKIZFiHfMJ1zRyxco7SwZzsTRZ1Y0W7qgnssKpqtRNwCfRTdDM/6aZ1HorNP2NombuyGmfvD/EZSt4xxsOZIgioqfghbcsTCFZQPUvfBSZvJ5KBXS8qacBmsUxMLRMyzSbq0mM/S9Rz8oUxN587K7pLTNNiwFsQ9mXlGgh//rzhdAfzQZF/uuMrjqYgxt3iOAT3Nd34RbZ8YK31SRf6lFy7b+hafS1FFVUnW8jnC57eo2wNpHFBNA1y60dokx9P1dzZUVVYK5iCK+QFkUweD9WSo0al09E3By2pQxZ1OS9UOcTxFbpP/WakD57/tkOvmGIirqrexVecDcODelGXhCVeXb8zJQDz2PdXz3M4G0zIV2JcgJDjJy91Rx56vxRQv0/mvPfjexm9gQcTWOpIeUOBGRCfMXMh0g0AANHxDheRa9WzYQ10uDE3DsyMT53+FGW73PyPBk5MzRY/RQXjTEVbhO/e8Km7KOuhRxpohcLHCugEFMqjsW/c5b6GU24s3n69XPxMWtdtMmnf1FaGGufuOXyYd2s1vQqi+542x41HYnXiT6OQwsFttnlbwfrosl9qgSSgsfwXNv7qHQUBDg1KczwlPBZ3cMA/rQUqHL2N4vEp00JoJFjBTbWrin2FCOBafQmpKPv9j/nqiJROr3I93bSaodk0rFOUDWV3Sp/YepeuYb6wY+lMgysg4jDuJxEYQytFfNI2SBd7g4Xh6vBW/GS1/JdaHhh/Ub5/Cqa0Pxl5fBjV1HQIaM8mXi+V90zRVqzKm9vl9wXjXzAk8QvWRiW5ruP3IsMl5myL1KBuFIgZNPkbv8Nap3XDgmO2IvM6gWI3LHW81cgS6dDcsuC2C9zr291MAlYQiaotqQ33u0ga/y8DTXB3mcLTPLpkWWRY+Cc+qVAuD3LwCvd2StUhxUNwDbwVaxtuSk+uWMx1PCPPwHDVB3sm93wbnKrvj0TMHdkh0im+KzSplaMAsCgKJj1YO3Yhjg+E9CwIaYEDKcCE8FNqioSzzaXABQgpa4zUWkWC+D4iD/kSS3Z+BgB0VCytB705SMbmHmAlWnNayFgQLx3xo/TkgF51jEghj2w2gPyTM8gLqq8kvpXnDx95nhfStRu3KZCuCZKadrv0V5mSCCSzw0STDKZjfwYHHMWOnf41UDG7M9+vWHdtZdnJjLvw8gIqmLl0fkw75jFXYXQaNj4vh6MNSp7ABA8wY5Ala/EckHjx9R88czgyvHTLfVOiFgIiOLvldSYmDlaMcyPTVH7JSTiSoZ7aUwNROQE0/C9GyvZH8MGN9Iy6YQAUQYf5jjesoe3dPJf66GmeCKKlAcO1aK91XXow+pWrYJBZilhXJgPNTKltP2ObDLeJ/30KYF7Gee9GvtJaKzBGjYFZZz9nj8ixIBymS+M7N65U8Sw+/37qCnkSDe6VgkMoXXijaPgfToR4yb6FdZOqRlvynbyC+lSO44l2S1CkKbUxrqzZX2pQ6iB1eJdaHmIBYawVg7tJOO3snPXYMiMAgmojrH1BUUpbQRRvG4BTrUOES4N+2etytiZ7N4GEDzshosVaf9NeFBWRGC58siec/BtKwo7HGcsc0zDvcq8MFJ6rEUDbuZuWn3+CvxC9fi4+CzDP3j3K9lOUiXJ6vxv+1eImFMVgQUiV4g2M/JMTv6+Ix8U9dHoaNVjQlnL1NZRo92C/T2WRx42V97hJOe81CXqRLY8mW30MXat7KK+n92bNsWTKZrNsKnzVb+i1YwMAiwG1bw0OCcmfVojozZ4wjUNkFJI2K0v0CCvwVIl9yUKMkCvo+I1m2ZInOXRme2HK82YFg6JxitlQvovdlUndN1Lo4PhaxbW3BNwJSn81FxJ4yh+d34eawZlsQ4l+er2CyWrXSOvQnK1F8UwDB5xgPb8TBj5FD4IZM+op2LPQiaPQZ7bShzpN20W413lBvauirbD8EaZqt2QExmDnYHs1EMcj10bvu7IyKwZTlBqOa/LpyUH/imY4DTB0aYHby+xnLX7760S0sJfKuJ7omQ4QBgz+NSZ/aFfPicugkPsCZI0lS9WCcczvHgbFRzB6YQ5uJEoK5o5SdVTpYWUBvuLbJ6IOKNKWxlBcrsj4aPm+AAsxRc9cHPbrCns6y01K2wCYCL5nzK7jnneQiR4edtfnwMlUoo3c6/vzwiof4EVVrN29QxVsIA/9yqk375mKlI/l7/eOf083Kbad215wvZ+0U7cgI0oaaVvapj3Ni3e3Es8XUIQCua5HRE6d4M6A7P+Ye1Wkt+8oTpKJzd9Hn/ITwCYVssdpMSwF2ARHgmTtq+sacvkR9gojG/LAJMUwA48Sc4M5rn+5vTCRTvuKXDFphLSUwNzqd58YENC/HJjZS8+co+BN7AaafrybfA0QQrXkY7f+elsAFmNfho+taMpkfQZCmmgfoHPVPYR0pxkV1czCymm5lTjgkC7e4ydngcyJSrUzrXrWREkEcEdXoSRt1/JHABKRbvRuTbuUlah1xS1pvffosnA7KJL+aTLErkWwww3WUPMRrvmhVlWZqHGqE8lCRyMUPny7li3I2IB+aHFXepYwZSMMQPIOIiE19Oz7MsaIrMknqfTtdc58McEPGUPKiVO8x+nfRQPY45jFF60XtiK+yemYDicUGMSkWdtVLXgDCD+KAJz5YzBl5YbnPD9L1X9pB8P0vEpnKC6X+GGiaPflVGiNAKRTUyVv8CJ+Yh+KEfJw8og/P6d/7dSKheBeAdaliigZ9qG8xfyY0jE++xedaxIcOBObBu6j70j+Tpp5bUPN25FyVR2GqG4xz5YbuhnrRjhA6lAh0nppPlP+Oz/j9pPvPaDGESLZ/WM6MWru7R8DrHePBtulRvhvwUsmrjosPXuCNGU4sd1MFh6kNyyJH3W1quy3IopUij0Amu40mmd8XEzsN2nmT2Eh3NCd/r/2yj/t+xwxNcQZ+bfxeMFOiEfX5RU2paKNrRIDUEbgR1rS8A3PEUPTxwTP10IuY+IMToCSgZkVIq7UjXg0Bx9QdwvXcN74ADwkD0Un5+jLf4mo43QacwnBLpm24XqDzO09vKOzA9XU5fdC6AJ4mqAJ5J/XU8bC1RWiSCul6NekoJAPVgMlpWTPCAdSrWeYoE0d7lVkl+g+nEIS4sb,iv:mC5XSWReVzjwheF1IzCzp34JRvL/vJipyaKhptkH+cU=,tag:SDoNiaWaPKzruj+HPv5jbw==,type:str]
sops:
age:
- recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVWFObG51K2lTYlZidXBU
aW55RnpkVDExbVBkNDl4NkV3MFNkNThjbWdZCklhWkVSaWpPSE1VY09iWGlPVE9Q
bW1SY05jK3BwcDIwSHdMZjJHdWQyQkkKLS0tIHZYS2c2U2xtQ1QxajlKeWpmNXZW
bmdpcTl2NjRWM3F3Q2RHbk1rTEFvZEkKWag1nmqFZMRjwFtIo6oqs+9UI/Mer5bK
Ax7P7uwoZdiMN2g84W1pNTjj6GktFn3jrBaE+MxY6NUBr02apkRYZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cURST1FTbVk4RGZTaitF
MEt3Z2U0a004Zmo0VG1BN29DUnBLNGxPMEJFCkcyL1JrMkZsSTM5WCtZSldSeGZw
SmdpV3AxRDJyVW1WMXBuclhBSDkvTXcKLS0tIDZsU2pBbEFHNkdqWW1CZW1hdVN3
eW9OdlJmS21IVDNVNk9OMjZBT21PUTAK+lpsdEp2uvg8nFWu/hPtK0+Ahi5J//5d
NB6JJ7lwRWKy2NppFf9sy20Y1Z0Z5Ui40nbnURRzYgtsqbKBveUDcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-29T23:30:28Z"
mac: ENC[AES256_GCM,data:x3dnanNbIX0fippbbFqOSR9ptZGdAwWuyn7hf3z6i43rk8Nk9p9EVqmE4/Guz2QY2tG/cph/5/nwX4UCO4ixAdB7pAWZa6lI1JdFzMBfW1IGeXOLyprDt6xdFnCVXjy64HgNWiVOPUS4+olxNZ0LPmCof7odqn+Axj+icFK3N34=,iv:OyFac4TxnKXwJ0l7LcJTqVyl11gIpw8fvEAEQTrEBc0=,tag:zMOGwIwAZmel+4EIqy9/tQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

29
shells/default/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ pkgs, ... }:
let
sync-repo = pkgs.writeShellScriptBin "sync-repo" ''
if [ -z "$1" ]; then
echo "Usage: sync-repo <ip-address>"
echo "Example: sync-repo 23.29.118.42"
exit 1
fi
rsync -av \
--exclude='.git' \
--exclude='.direnv' \
--exclude='_scratch' \
. evanreichard@$1:/etc/nixos
'';
in
pkgs.mkShell {
name = "reichard-dev";
buildInputs = with pkgs; [
rsync
sync-repo
];
shellHook = ''
echo "Use: sync-repo <ip-address> to sync repository"
'';
}

21
systems/aarch64-darwin/mac-va-mbp-personal/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{ lib, ... }:
{
system.stateVersion = 6;
nix.enable = false;
# System Config
reichard = {
nix = {
enable = true;
usingDeterminate = true;
};
security = {
sops = {
enable = true;
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.snowfall.fs.get-file "secrets/mac-va-mbp-personal/default.yaml";
};
};
};
}

62
systems/aarch64-linux/lin-o1-headscale/default.nix Executable file
View File

@@ -0,0 +1,62 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = enabled;
};
services = {
openssh = enabled;
headscale = {
enable = true;
openFirewall = true;
};
tailscale = {
enable = true;
enableRouting = true;
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

60
systems/aarch64-linux/lin-o1-node/default.nix Executable file
View File

@@ -0,0 +1,60 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
};
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

2
systems/aarch64-linux/lin-va-mbp-personal/default.nix
View File

@@ -7,7 +7,7 @@ in
./hardware-configuration.nix
];
system.stateVersion = "24.11";
system.stateVersion = "25.05";
time.timeZone = "America/New_York";
# System Config

60
systems/x86_64-linux/lin-o1-x86-node/default.nix Executable file
View File

@@ -0,0 +1,60 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
};
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

65
systems/x86_64-linux/lin-ovh-kube1/default.nix Executable file
View File

@@ -0,0 +1,65 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
networking.firewall.allowedTCPPorts = [ 443 ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = enabled;
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
rke2 = {
enable = true;
openFirewall = false;
disable = [ "rke2-ingress-nginx" ];
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

73
systems/x86_64-linux/lin-ssd-kube1/default.nix Executable file
View File

@@ -0,0 +1,73 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
networking.firewall.allowedTCPPorts = [ 443 ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
useStatic = {
interface = "enp3s0";
address = "23.29.118.42";
defaultGateway = "23.29.118.1";
nameservers = [ "1.1.1.1" ];
};
};
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
rke2 = {
enable = true;
openFirewall = false;
disable = [ "rke2-ingress-nginx" ];
};
};
};
# users.users.${cfg.name} = {
# openssh = {
# authorizedKeys.keys = [
# # evanreichard@lin-va-mbp-personal
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# # evanreichard@mac-va-mbp-personal
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# # evanreichard@lin-va-thinkpad
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
# ];
# };
# };
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

6
systems/x86_64-linux/lin-va-nix-builder/default.nix
View File

@@ -4,7 +4,7 @@ let
in
{
time.timeZone = "America/New_York";
system.stateVersion = "24.11";
system.stateVersion = "25.05";
reichard = {
system = {
@@ -33,6 +33,8 @@ in
authorizedKeys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
# NixOS Builder
@@ -47,6 +49,8 @@ in
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
# NixOS Builder

203
systems/x86_64-linux/lin-va-office/default.nix
View File

@@ -1,175 +1,70 @@
{ config, pkgs, ... }:
{ namespace, pkgs, config, lib, ... }:
let
cuda-llama = (pkgs.llama-cpp.override {
cudaSupport = true;
}).overrideAttrs (oldAttrs: {
cmakeFlags = oldAttrs.cmakeFlags ++ [
"-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1"
# Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
"-DLLAMA_FMA=OFF"
"-DLLAMA_AVX2=OFF"
"-DLLAMA_AVX512=OFF"
"-DGGML_FMA=OFF"
"-DGGML_AVX2=OFF"
"-DGGML_AVX512=OFF"
];
});
# Define Model Vars
modelDir = "/models";
# 7B
# modelName = "qwen2.5-coder-7b-q8_0.gguf";
# modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
# 3B
modelName = "qwen2.5-coder-3b-q8_0.gguf";
modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-3B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
modelPath = "${modelDir}/${modelName}";
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
# Allow Nvidia & CUDA
system.stateVersion = "25.05";
time.timeZone = "America/New_York";
nixpkgs.config.allowUnfree = true;
# Enable Graphics
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.cudatoolkit ];
};
# System Config
reichard = {
nix = enabled;
# Load Nvidia Driver Module
services.xserver.videoDrivers = [ "nvidia" ];
# Nvidia Package Configuration
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
open = false;
nvidiaSettings = true;
};
# Networking Configuration
networking.firewall = {
enable = true;
allowedTCPPorts = [
1234 # RTL-TCP
8080 # LLama API
];
};
# RTL-SDR
hardware.rtl-sdr.enable = true;
systemd.services = {
# LLama Download Model
download-model = {
description = "Download Model";
wantedBy = [ "multi-user.target" ];
before = [ "llama-cpp.service" ];
path = [ pkgs.curl pkgs.coreutils ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "root";
Group = "root";
system = {
boot = {
enable = true;
silentBoot = true;
};
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
useStatic = {
interface = "enp5s0";
address = "10.0.50.120";
defaultGateway = "10.0.50.254";
nameservers = [ "10.0.20.20" ];
};
};
script = ''
set -euo pipefail
if [ ! -f "${modelPath}" ]; then
mkdir -p "${modelDir}"
# Add -f flag to follow redirects and -L for location
# Add --fail flag to exit with error on HTTP errors
# Add -C - to resume interrupted downloads
curl -f -L -C - \
-H "Accept: application/octet-stream" \
--retry 3 \
--retry-delay 5 \
--max-time 1800 \
"${modelUrl}" \
-o "${modelPath}.tmp" && \
mv "${modelPath}.tmp" "${modelPath}"
fi
'';
};
# RTL-SDR TCP Server Service
rtl-tcp = {
description = "RTL-SDR TCP Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.rtl-sdr}/bin/rtl_tcp -a 0.0.0.0 -f 1090000000 -s 2400000";
Restart = "on-failure";
RestartSec = "10s";
User = "root";
Group = "root";
hardware = {
opengl = {
enable = true;
enableNvidia = true;
};
};
services = {
openssh = enabled;
llama-cpp = enabled;
rtl-tcp = enabled;
};
};
# Setup LLama API Service
systemd.services.llama-cpp = {
after = [ "download-model.service" ];
requires = [ "download-model.service" ];
};
# Enable LLama API
services.llama-cpp = {
enable = true;
host = "0.0.0.0";
package = cuda-llama;
model = modelPath;
port = 8080;
openFirewall = true;
# 7B
# extraFlags = [
# "-ngl"
# "99"
# "-fa"
# "-ub"
# "512"
# "-b"
# "512"
# "-dt"
# "0.1"
# "--ctx-size"
# "4096"
# "--cache-reuse"
# "256"
# ];
# 3B
extraFlags = [
"-ngl"
"99"
"-fa"
"-ub"
"1024"
"-b"
"1024"
"--ctx-size"
"0"
"--cache-reuse"
"256"
];
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
# System Packages
environment.systemPackages = with pkgs; [
htop
nvtopPackages.full
rtl-sdr
btop
git
tmux
vim
wget
];
}

48
systems/x86_64-linux/lin-va-terminal/default.nix Executable file
View File

@@ -0,0 +1,48 @@
{ namespace, lib, ... }:
let
inherit (lib.${namespace}) enabled;
in
{
system.stateVersion = "25.05";
time.timeZone = "America/New_York";
boot.supportedFilesystems = [ "nfs" ];
reichard = {
nix = enabled;
system = {
boot = {
enable = true;
enableGrub = false;
enableSystemd = true;
xenGuest = true;
};
disk = {
enable = true;
diskPath = "/dev/xvda";
};
networking = {
enable = true;
useStatic = {
interface = "enX0";
address = "10.0.50.30";
defaultGateway = "10.0.50.254";
nameservers = [ "10.0.20.20" ];
};
};
};
services = {
avahi = enabled;
mosh = enabled;
openssh = enabled;
tailscale = enabled;
};
virtualisation = {
podman = enabled;
};
};
}

47
systems/x86_64-linux/lin-va-thinkpad/default.nix
View File

@@ -1,12 +1,30 @@
{ namespace, lib, ... }:
{ namespace, pkgs, lib, ... }:
let
inherit (lib.${namespace}) enabled;
in
{
system.stateVersion = "24.11";
system.stateVersion = "25.05";
time.timeZone = "America/New_York";
hardware.enableRedistributableFirmware = true;
hardware.bluetooth.enable = true;
boot = {
supportedFilesystems = [ "nfs" ];
kernelParams = [
# Mask GPE03 (EC wakeup events) to allow hibernation without spurious CPU wakeups
"acpi_mask_gpe=0x03"
];
};
hardware = {
enableRedistributableFirmware = true;
bluetooth.enable = true;
amdgpu.initrd.enable = lib.mkDefault true;
};
services = {
xserver.videoDrivers = [ "modesetting" ];
fwupd.enable = true;
};
# System Config
reichard = {
@@ -15,6 +33,8 @@ in
system = {
boot = {
enable = true;
enableGrub = false;
enableSystemd = true;
silentBoot = true;
};
disk = {
@@ -29,15 +49,24 @@ in
hardware = {
opengl = enabled;
battery = {
upower = enabled;
};
};
services = {
tailscale = enabled;
avahi = enabled;
ydotool = enabled;
};
virtualisation = {
podman = enabled;
libvirtd = {
enable = true;
withVirtManager = true;
enableAMDIOMMU = true;
};
};
programs = {
@@ -53,4 +82,14 @@ in
};
};
};
# Additional System Packages
environment.systemPackages = with pkgs; [
dool
jq
mosh
rclone
sqlite-interactive
unzip
];
}

3
systems/x86_64-qcow/lin-va-rke2/default.nix → systems/x86_64-vmware/lin-va-rke2/default.nix
View File

@@ -9,7 +9,7 @@ in
config = {
# Basic System
system.stateVersion = "24.11";
system.stateVersion = "25.05";
time.timeZone = "UTC";
reichard = {
@@ -33,6 +33,7 @@ in
cloud-init = enabled;
rke2 = {
enable = true;
openFirewall = true;
disable = [ "rke2-ingress-nginx" ];
};
openiscsi = {