evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: evan:master
Branches Tags
evan:master
evan:snowfall
..
compare: evan:snowfall
Branches Tags
evan:master
evan:snowfall

8 Commits
master ... snowfall

Author SHA1 Message Date
Evan Reichard
559ef8c17d remove ff sponsored 2025-04-19 21:12:13 -04:00
Evan Reichard
036f162264 fix sops 2025-04-19 21:08:21 -04:00
Evan Reichard
00070837c2 fix bindings 2025-04-19 20:37:58 -04:00
Evan Reichard
e84f6e7cb4 again 2025-04-19 20:35:52 -04:00
Evan Reichard
914f8e8d30 more 2025-04-19 20:35:22 -04:00
Evan Reichard
fb1b69153b thinkpad conf 2025-04-19 20:09:49 -04:00
Evan Reichard
cf82afea4b utility 2025-04-10 20:01:05 -04:00
Evan Reichard
4d04f2600f snowfall migration 2025-04-10 17:40:56 -04:00
53 changed files with 363 additions and 1102 deletions
Show Stats Expand all files Collapse all files

7
.sops.yaml
View File

@ -3,8 +3,6 @@ keys:
- &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w - &admin_reichard age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
# lin-va-mbp-personal@evanreichard - SSH Derived # lin-va-mbp-personal@evanreichard - SSH Derived
- &user_lin-va-mbp-personal age17ayje4uv2mhwehhp9jr3u9l0ds07396kt7ef40sufx89vm7cgfjq6d5d4y - &user_lin-va-mbp-personal age17ayje4uv2mhwehhp9jr3u9l0ds07396kt7ef40sufx89vm7cgfjq6d5d4y
# mac-va-mbp-personal@evanreichard - SSH Derived
- &user_mac-va-mbp-personal age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
@ -15,8 +13,3 @@ creation_rules:
- age: - age:
- *admin_reichard - *admin_reichard
- *user_lin-va-mbp-personal - *user_lin-va-mbp-personal
- path_regex: secrets/mac-va-mbp-personal/evanreichard/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *admin_reichard
- *user_mac-va-mbp-personal

98
README.md
View File

@ -2,79 +2,65 @@
This repository contains the configuration for multiple machines, as well as my home / IDE config (home-manager). This repository contains the configuration for multiple machines, as well as my home / IDE config (home-manager).
```bash ### NixOS
# Install NixOS
./bootstrap.sh install --name lin-va-nix-builder
# Remote Image Build (NixOS Builder)
./bootstrap.sh image --name lin-va-rke2 --remote
# Home Manager Install
home-manager switch --flake .#evanreichard@mac-va-mbp-personal
# Update Flake
nix flake update
```
## Manual
```bash ```bash
# Install NixOS
sudo nixos-rebuild switch --flake .#lin-va-mbp-personal sudo nixos-rebuild switch --flake .#lin-va-mbp-personal
# Install NixOS (Remote)
nix run github:nix-community/nixos-anywhere -- --flake .#lin-cloud-kube1 --target-host \<USER\>@\<IP\>
# Build Image
nix build .#vmwareConfigurations.lin-va-rke2
``` ```
## Nix Darwin ### NixOS Generators
```bash ```bash
# Install Nix Without Determinate nix build .#vmwareConfigurations.rke2-node
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
# Switch Nix Darwin
sudo nix run nix-darwin#darwin-rebuild -- switch --flake .#mac-va-mbp-personal
sudo darwin-rebuild switch --flake .#mac-va-mbp-personal
``` ```
## Clean Garbage ### Home Manager
NOTE: This will remove previous generations
```bash ```bash
sudo nix-collect-garbage --delete-old home-manager switch --flake .#evanreichard@MBP-Personal
nix-collect-garbage --delete-old
``` ```
## Home Manager ### NixOS Hosts
#### Copy Config
```bash ```bash
# Update System Channels rsync -av --exclude='.git' . root@HOST:/etc/nixos
sudo nix-channel --add https://nixos.org/channels/nixpkgs-25.05-darwin nixpkgs
sudo nix-channel --update
# Update Home Manager
nix-channel --add https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz home-manager
nix-channel --update
# Link Repo
ln -s /Users/evanreichard/Development/git/personal/nix/home-manager ~/.config/home-manager
# Build Home Manager
home-manager switch
``` ```
### OS Update #### Partition Drives
`/etc/bashrc` may get overridden. To properly load Nix, prepend the following:
```bash ```bash
# Nix # Validate Disk
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then ls -l /dev/disk/by-id
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi # Partition Disk
# End Nix # WARNING: This will destroy all data on the disk(s)
sudo nix \
--experimental-features "nix-command flakes" \
run github:nix-community/disko -- \
--mode disko \
--flake /etc/nixos#HOST_CONFIG
```
#### Install NixOS
```bash
# Install
sudo nixos-install --flake /etc/nixos#HOST_CONFIG
# Reboot
sudo reboot
```
#### Copy Config Back to Host
```bash
rsync -av --exclude='.git' . root@HOST:/etc/nixos
```
#### Rebuild NixOS
```bash
sudo nixos-rebuild switch
``` ```

44
bootstrap.sh
View File

@ -31,13 +31,13 @@ function cmd_image() {
# Validate Config Exists # Validate Config Exists
if ! nix eval --json --impure \ if ! nix eval --json --impure \
".#vmwareConfigurations" \ ".#qcowConfigurations" \
--apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then --apply "s: builtins.hasAttr \"$name\" s" 2>/dev/null | grep -q "true"; then
echo "Error: NixOS Generator Config '$name' not found" echo "Error: NixOS Generator Config '$name' not found"
exit 1 exit 1
fi fi
build_args=(".#vmwareConfigurations.$name") build_args=(".#qcowConfigurations.$name")
if [ "$remote" = true ]; then if [ "$remote" = true ]; then
build_args+=("-j0") build_args+=("-j0")
fi fi
@ -51,9 +51,8 @@ function cmd_image() {
} }
function cmd_install() { function cmd_install() {
local usage="Usage: $0 install --name <system-name> [--remote <user@remote-host>]" local usage="Usage: $0 install --name <system-name>"
local name="" local name=""
local remote=""
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
@ -61,10 +60,6 @@ function cmd_install() {
name="$2" name="$2"
shift 2 shift 2
;; ;;
--remote)
remote="$2"
shift 2
;;
*) *)
echo "$usage" echo "$usage"
exit 1 exit 1
@ -92,18 +87,6 @@ function cmd_install() {
exit 1 exit 1
fi fi
# Remote or Local
if [ -n "$remote" ]; then
cmd_install_remote "$name" "$remote"
else
cmd_install_local "$name" "$disk_id"
fi
}
function cmd_install_local(){
local name="$1"
local disk_id="$2"
# Validate Disk Exists # Validate Disk Exists
if [ ! -e "$disk_id" ]; then if [ ! -e "$disk_id" ]; then
echo "Error: Disk $disk_id not found on system" echo "Error: Disk $disk_id not found on system"
@ -150,27 +133,6 @@ function cmd_install_local(){
sudo reboot sudo reboot
} }
function cmd_install_remote(){
local name="$1"
local remote="$2"
# Prompt Install
read -p "This will completely wipe and install NixOS on $remote with configuration $name. Continue? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Operation Cancelled"
exit 1
fi
# Install NixOS
echo "Installing $name to remote host: $remote"
if ! nix run github:nix-community/nixos-anywhere -- --flake ".#$name" --target-host "$remote"; then
echo "Error: Remote NixOS installation failed"
exit 1
fi
echo "Successfully installed $name to remote host: $remote"
}
case "$1" in case "$1" in
image) image)
shift shift

128
flake.lock generated
View File

@ -23,37 +23,16 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1749744770,
"narHash": "sha256-MEM9XXHgBF/Cyv1RES1t6gqAX7/tvayBC1r/KPyK1ls=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "536f951efb1ccda9b968e3c9dee39fbeb6d3fdeb",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "nix-darwin-25.05",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1756733629, "lastModified": 1743598667,
"narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,17 +43,18 @@
}, },
"firefox-addons": { "firefox-addons": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1756699417, "lastModified": 1743861198,
"narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", "narHash": "sha256-PzbPHoSI5U1juWd01Spf3ST7ylR9mQ84v5p7NksBplY=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "007b803d1eff595d25e7886e83054dbd038bf029", "rev": "7408ed5bbc9009741094f4dd4cc1abec79e79e7e",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -116,6 +96,40 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1629284811,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_2"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
@ -133,25 +147,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -159,16 +154,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756679287, "lastModified": 1743808813,
"narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.05", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -196,11 +191,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1751903740, "lastModified": 1742568034,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb", "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,11 +206,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1752596105, "lastModified": 1743259260,
"narHash": "sha256-lFNVsu/mHLq3q11MuGkMhUUoSXEdQjCHvpReaGP1S2k=", "narHash": "sha256-ArWLUgRm1tKHiqlhnymyVqi5kLNCK5ghvm06mfCl4QY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dab3a6e781554f965bde3def0aa2fda4eb8f1708", "rev": "eb0e0f21f15c559d2ac7633dc81d079d1caf5f5f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -227,11 +222,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1756542300, "lastModified": 1744098102,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -243,16 +238,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1756617294, "lastModified": 1743813633,
"narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=", "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b4c2c57c31e68544982226d07e4719a2d86302a8", "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -260,7 +255,6 @@
"root": { "root": {
"inputs": { "inputs": {
"apple-silicon": "apple-silicon", "apple-silicon": "apple-silicon",
"darwin": "darwin",
"disko": "disko", "disko": "disko",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -316,11 +310,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754988908, "lastModified": 1743910657,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "rev": "523f58a4faff6c67f5f685bed33a7721e984c304",
"type": "github" "type": "github"
}, },
"original": { "original": {

12
flake.nix
View File

@ -2,7 +2,7 @@
description = "NixOS Hosts"; description = "NixOS Hosts";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
snowfall-lib = { snowfall-lib = {
@ -10,7 +10,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
apple-silicon = { apple-silicon = {
@ -29,10 +29,6 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
darwin = {
url = "github:nix-darwin/nix-darwin/nix-darwin-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = inputs: outputs = inputs:
@ -64,10 +60,6 @@
disko.nixosModules.disko disko.nixosModules.disko
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
darwin = with inputs; [
home-manager.darwinModules.home-manager
sops-nix.darwinModules.sops
];
}; };
}; };
} }

6
homes/aarch64-darwin/evanreichard@mac-va-mbp-personal/default.nix
View File

@ -1,9 +1,9 @@
{ lib, pkgs, config, namespace, ... }: { lib, config, namespace, ... }:
let let
inherit (lib.${namespace}) enabled; inherit (lib.${namespace}) enabled;
in in
{ {
home.stateVersion = "25.05"; home.stateVersion = "24.11";
reichard = { reichard = {
user = { user = {
@ -49,8 +49,6 @@ in
# tldr # tldr
# ]; # ];
home.packages = with pkgs; [ fastfetch ];
# SQLite Configuration # SQLite Configuration
home.file.".sqliterc".text = '' home.file.".sqliterc".text = ''
.headers on .headers on

4
homes/aarch64-darwin/evanreichard@mac-va-mbp-work/default.nix
View File

@ -3,7 +3,7 @@ let
inherit (lib.${namespace}) enabled; inherit (lib.${namespace}) enabled;
in in
{ {
home.stateVersion = "25.05"; home.stateVersion = "24.11";
reichard = { reichard = {
user = { user = {
@ -43,7 +43,7 @@ in
android-tools android-tools
imagemagick imagemagick
mosh mosh
python312 python311
texliveSmall # Pandoc PDF Dep texliveSmall # Pandoc PDF Dep
google-cloud-sdk google-cloud-sdk
tldr tldr

2
homes/aarch64-linux/evanreichard@lin-va-mbp-personal/default.nix
View File

@ -3,7 +3,7 @@ let
inherit (lib.${namespace}) enabled; inherit (lib.${namespace}) enabled;
in in
{ {
home.stateVersion = "25.05"; home.stateVersion = "24.11";
reichard = { reichard = {
user = { user = {

11
homes/x86_64-linux/evanreichard@lin-va-thinkpad/default.nix
View File

@ -3,7 +3,7 @@ let
inherit (lib.${namespace}) enabled; inherit (lib.${namespace}) enabled;
in in
{ {
home.stateVersion = "25.05"; home.stateVersion = "24.11";
reichard = { reichard = {
user = { user = {
@ -26,10 +26,7 @@ in
graphical = { graphical = {
wms.hyprland = enabled; wms.hyprland = enabled;
ghostty = enabled; ghostty = enabled;
gimp = enabled;
wireshark = enabled;
ghidra = enabled; ghidra = enabled;
remmina = enabled;
browsers.firefox = { browsers.firefox = {
enable = true; enable = true;
gpuAcceleration = true; gpuAcceleration = true;
@ -47,9 +44,9 @@ in
}; };
}; };
home.packages = with pkgs; [ # home.packages = with pkgs; [
jellyfin-media-player # catppuccin-gtk
]; # ];
dconf = { dconf = {
settings = { settings = {

8
modules/darwin/default.nix
View File

@ -1,8 +0,0 @@
{
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
};
}

102
modules/darwin/nix/default.nix
View File

@ -1,102 +0,0 @@
{ config, lib, pkgs, inputs, namespace, host, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkBoolOpt mkOpt;
cfg = config.${namespace}.nix;
in
{
options.${namespace}.nix = {
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
package = mkOpt types.package pkgs.nixVersions.latest "Which nix package to use.";
};
config = mkIf cfg.enable {
nix =
let
mappedRegistry = lib.pipe inputs [
(lib.filterAttrs (_: lib.isType "flake"))
(lib.mapAttrs (_: flake: { inherit flake; }))
(x: x // {
nixpkgs.flake = if pkgs.stdenv.hostPlatform.isLinux then inputs.nixpkgs else inputs.nixpkgs-unstable;
})
(x: if pkgs.stdenv.hostPlatform.isDarwin then lib.removeAttrs x [ "nixpkgs-unstable" ] else x)
];
users = [
"root"
"@wheel"
"nix-builder"
"evanreichard"
];
in
{
inherit (cfg) package;
buildMachines = lib.optional (config.${namespace}.security.sops.enable && host != "nixos-builder") {
hostName = "10.0.50.130";
systems = [ "x86_64-linux" ];
sshUser = "evanreichard";
protocol = "ssh";
sshKey = config.sops.secrets.builder_ssh_key.path;
supportedFeatures = [
"benchmark"
"big-parallel"
"nixos-test"
"kvm"
];
};
checkConfig = true;
distributedBuilds = true;
optimise.automatic = true;
registry = lib.mkForce mappedRegistry;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
settings = {
connect-timeout = 5;
allowed-users = users;
max-jobs = "auto";
auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
builders-use-substitutes = true;
experimental-features = [
"nix-command"
"flakes "
];
flake-registry = "/etc/nix/registry.json";
http-connections = 50;
keep-derivations = true;
keep-going = true;
keep-outputs = true;
log-lines = 50;
sandbox = true;
trusted-users = users;
warn-dirty = false;
use-xdg-base-directories = true;
substituters = [
"https://anyrun.cachix.org"
"https://cache.nixos.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://nixpkgs-wayland.cachix.org"
"https://numtide.cachix.org"
];
trusted-public-keys = [
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
];
};
};
};
}

31
modules/darwin/security/sops/default.nix
View File

@ -1,31 +0,0 @@
{ config, lib, namespace, ... }:
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.security.sops;
in
{
options.${namespace}.security.sops = {
enable = lib.mkEnableOption "sops";
defaultSopsFile = mkOpt lib.types.path null "Default sops file.";
sshKeyPaths = mkOpt (with lib.types; listOf path) [
"/etc/ssh/ssh_host_ed25519_key"
] "SSH Key paths to use.";
};
config = lib.mkIf cfg.enable {
sops = {
inherit (cfg) defaultSopsFile;
age = {
inherit (cfg) sshKeyPaths;
keyFile = "${config.users.users.${config.${namespace}.user.name}.home}/.config/sops/age/keys.txt";
};
};
sops.secrets.builder_ssh_key = {
sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
};
};
}

20
modules/darwin/services/openssh/default.nix
View File

@ -1,20 +0,0 @@
{ config, namespace, lib, ... }:
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.security.sops;
in
{
options.${namespace}.services.openssh = with lib.types; {
enable = lib.mkEnableOption "OpenSSH support";
authorizedKeys = mkOpt (listOf str) [ ] "The public keys to apply.";
extraConfig = mkOpt str "" "Extra configuration to apply.";
port = mkOpt port 2222 "The port to listen on (in addition to 22).";
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
};
};
}

23
modules/darwin/user/default.nix
View File

@ -1,23 +0,0 @@
{ config, lib, namespace, pkgs, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.user;
in
{
options.${namespace}.user = with types; {
name = mkOpt str "evanreichard" "The name to use for the user account.";
email = mkOpt str "evan@reichard.io" "The email of the user.";
fullName = mkOpt str "Evan Reichard" "The full name of the user.";
uid = mkOpt (types.nullOr types.int) 501 "The uid for the user account.";
};
config = {
users.users.${cfg.name} = {
uid = mkIf (cfg.uid != null) cfg.uid;
shell = pkgs.bashInteractive;
home = "/Users/${cfg.name}";
};
};
}

2
modules/home/programs/graphical/browsers/firefox/default.nix
View File

@ -53,7 +53,7 @@ in
settings = mkOpt attrs { } "Settings to apply to the profile."; settings = mkOpt attrs { } "Settings to apply to the profile.";
extensions.packages = mkOpt (with lib.types; listOf package) extensions = mkOpt (with lib.types; listOf package)
(with pkgs.firefox-addons; [ (with pkgs.firefox-addons; [
bitwarden bitwarden
darkreader darkreader

8
modules/home/programs/graphical/ghostty/default.nix
View File

@ -16,14 +16,8 @@ in
grep = "grep --color"; grep = "grep --color";
ssh = "TERM=xterm-256color ssh"; ssh = "TERM=xterm-256color ssh";
flush_dns = "sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder"; flush_dns = "sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder";
hs = "kubectl exec -n headscale $(kubectl get pod -n headscale -o name) -- headscale";
}; };
profileExtra = '' profileExtra = ''
# Source Nix daemon
# if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
# . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
# fi
SHELL="$BASH" SHELL="$BASH"
PATH=~/.bin:$PATH PATH=~/.bin:$PATH
bind "set show-mode-in-prompt on" bind "set show-mode-in-prompt on"
@ -65,7 +59,7 @@ in
thefuck thefuck
fastfetch fastfetch
bashInteractive bashInteractive
nerd-fonts.meslo-lg (nerdfonts.override { fonts = [ "Meslo" ]; })
] ++ optionals isLinux [ ] ++ optionals isLinux [
# Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788 # Pending Darwin @ https://github.com/NixOS/nixpkgs/pull/369788
ghostty ghostty

17
modules/home/programs/graphical/gimp/default.nix
View File

@ -1,17 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.gimp;
in
{
options.${namespace}.programs.graphical.gimp = {
enable = mkEnableOption "GIMP";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
gimp-with-plugins
];
};
}

17
modules/home/programs/graphical/remmina/default.nix
View File

@ -1,17 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.remmina;
in
{
options.${namespace}.programs.graphical.remmina = {
enable = mkEnableOption "Remmina";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
remmina
];
};
}

17
modules/home/programs/graphical/wireshark/default.nix
View File

@ -1,17 +0,0 @@
{ pkgs, lib, config, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.programs.graphical.wireshark;
in
{
options.${namespace}.programs.graphical.wireshark = {
enable = mkEnableOption "Wireshark";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
wireshark
];
};
}

4
modules/home/programs/graphical/wms/hyprland/default.nix
View File

@ -39,8 +39,8 @@ in
"$mainMod, Q, killactive" "$mainMod, Q, killactive"
"$mainMod, M, exit" "$mainMod, M, exit"
"$mainMod, V, togglefloating" "$mainMod, V, togglefloating"
"$mainMod, P, pin" "$mainMod, P, pseudo" # dwindle
"$mainMod, J, togglesplit" "$mainMod, J, togglesplit" # dwindle
"$mainMod, S, togglespecialworkspace, magic" "$mainMod, S, togglespecialworkspace, magic"
"$mainMod SHIFT, S, movetoworkspace, special:magic" "$mainMod SHIFT, S, movetoworkspace, special:magic"

1
modules/home/programs/terminal/nvim/config/lua/avante-config.lua
View File

@ -1 +0,0 @@
require("avante").setup()

2
modules/home/programs/terminal/nvim/config/lua/base.lua
View File

@ -20,7 +20,7 @@ vim.g.loaded_netrwPlugin = 1
vim.opt.termguicolors = true vim.opt.termguicolors = true
-- Synchronize with system clipboard -- Synchronize with system clipboard
vim.opt.clipboard:append("unnamedplus") vim.opt.clipboard = "unnamed"
-- Always show the signcolumn -- Always show the signcolumn
vim.opt.signcolumn = "yes" vim.opt.signcolumn = "yes"

2
modules/home/programs/terminal/nvim/config/lua/git-ref.lua
View File

@ -1,4 +1,4 @@
local function get_git_info() function get_git_info()
local abs_path = vim.fn.expand("%:p") local abs_path = vim.fn.expand("%:p")
local git_root = vim.fn.systemlist( local git_root = vim.fn.systemlist(
"git -C " .. vim.fn.escape(vim.fn.fnamemodify(abs_path, ":h"), " ") .. " rev-parse --show-toplevel" "git -C " .. vim.fn.escape(vim.fn.fnamemodify(abs_path, ":h"), " ") .. " rev-parse --show-toplevel"

30
modules/home/programs/terminal/nvim/config/lua/git-signs.lua
View File

@ -1,18 +1,16 @@
require("gitsigns").setup({ require('gitsigns').setup {
current_line_blame = true, on_attach = function(bufnr)
current_line_blame_opts = { delay = 0 }, local gitsigns = require('gitsigns')
on_attach = function(bufnr)
local gitsigns = require("gitsigns")
local function map(mode, l, r, opts) local function map(mode, l, r, opts)
opts = opts or {} opts = opts or {}
opts.buffer = bufnr opts.buffer = bufnr
vim.keymap.set(mode, l, r, opts) vim.keymap.set(mode, l, r, opts)
end end
map("n", "<leader>gb", gitsigns.toggle_current_line_blame) map('n', '<leader>gb', gitsigns.toggle_current_line_blame)
map("n", "<leader>gB", function() map('n', '<leader>gB', function()
gitsigns.blame_line({ full = true }) gitsigns.blame_line {full = true}
end) end)
end, end
}) }

6
modules/home/programs/terminal/nvim/config/lua/init.lua
View File

@ -1,25 +1,23 @@
require("base") require("base")
require("aerial-config") require("aerial-config")
require("autopairs-config") require("autopairs-config")
require("avante-config")
require("cmp-config") require("cmp-config")
require("comment-config") require("comment-config")
require("dap-config") require("dap-config")
require("diffview-config") require("diffview-config")
require("git-ref") require("git-ref")
require("git-signs") require("git-signs")
require("leap-config")
require("llm") require("llm")
require("leap-config")
require("lsp-config") require("lsp-config")
require("lsp-lines-config") require("lsp-lines-config")
require("lualine-config") require("lualine-config")
require("neotree-config") require("neotree-config")
require("noice-config") require("noice-config")
require("numb-config") require("numb-config")
require("octo-config")
require("silicon-config") require("silicon-config")
require("telescope-config") require("telescope-config")
require("toggleterm-config") require("toggleterm-config")
require("ts-config") require("ts-config")
require("weird-chars")
require("which-key-config") require("which-key-config")
require("weird-chars")

2
modules/home/programs/terminal/nvim/config/lua/llm.lua
View File

@ -1,6 +1,6 @@
-- Configure LLama LLM -- Configure LLama LLM
vim.g.llama_config = { vim.g.llama_config = {
endpoint = "http://10.0.50.120:8012/infill", endpoint = "http://10.0.50.120:8080/infill",
api_key = "", api_key = "",
n_prefix = 256, n_prefix = 256,
n_suffix = 64, n_suffix = 64,

33
modules/home/programs/terminal/nvim/config/lua/lsp-config.lua
View File

@ -23,7 +23,7 @@ local nvim_lsp = require("lspconfig")
local on_attach = function(client, bufnr) local on_attach = function(client, bufnr)
local bufopts = { noremap = true, silent = true, buffer = bufnr } local bufopts = { noremap = true, silent = true, buffer = bufnr }
if client:supports_method("textDocument/formatting") then if client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr }) vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", { vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup, group = augroup,
@ -80,7 +80,6 @@ nvim_lsp.pyright.setup({
on_attach = on_attach, on_attach = on_attach,
flags = lsp_flags, flags = lsp_flags,
capabilities = capabilities, capabilities = capabilities,
filetypes = { "starlark", "python" },
}) })
-- HTML LSP Configuration -- HTML LSP Configuration
@ -184,9 +183,9 @@ nvim_lsp.golangci_lint_ls.setup({
}) })
------------------------------------------------------ ------------------------------------------------------
--------------------- None-LS LSP -------------------- --------------------- Null-LS LSP --------------------
------------------------------------------------------ ------------------------------------------------------
local none_ls = require("null-ls") local null_ls = require("null-ls")
local eslintFiles = { local eslintFiles = {
".eslintrc", ".eslintrc",
@ -203,33 +202,29 @@ local eslintFiles = {
"eslint.config.cts", "eslint.config.cts",
} }
local has_eslint_in_parents = function(fname) has_eslint_in_parents = function(fname)
local root_file = nvim_lsp.util.insert_package_json(eslintFiles, "eslintConfig", fname) root_file = nvim_lsp.util.insert_package_json(eslintFiles, "eslintConfig", fname)
return nvim_lsp.util.root_pattern(unpack(root_file))(fname) return nvim_lsp.util.root_pattern(unpack(root_file))(fname)
end end
none_ls.setup({ null_ls.setup({
sources = { sources = {
-- Prettier Formatting -- Prettier Formatting
none_ls.builtins.formatting.prettier, null_ls.builtins.formatting.prettier,
none_ls.builtins.formatting.prettier.with({ filetypes = { "template" } }), null_ls.builtins.formatting.prettier.with({ filetypes = { "template" } }),
require("none-ls.diagnostics.eslint_d").with({ require("none-ls.diagnostics.eslint_d").with({
condition = function(utils) condition = function(utils)
return has_eslint_in_parents(vim.fn.getcwd()) return has_eslint_in_parents(vim.fn.getcwd())
end, end,
}), }),
none_ls.builtins.completion.spell, null_ls.builtins.completion.spell,
none_ls.builtins.formatting.nixpkgs_fmt, null_ls.builtins.formatting.nixpkgs_fmt,
none_ls.builtins.formatting.stylua, null_ls.builtins.formatting.stylua,
none_ls.builtins.diagnostics.sqlfluff, null_ls.builtins.diagnostics.sqlfluff,
none_ls.builtins.formatting.sqlfluff, null_ls.builtins.formatting.sqlfluff,
require("none-ls.formatting.autopep8").with({
filetypes = { "starlark", "python" },
extra_args = { "--max-line-length", "100" },
}),
}, },
on_attach = function(client, bufnr) on_attach = function(client, bufnr)
if client:supports_method("textDocument/formatting") then if client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr }) vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", { vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup, group = augroup,

5
modules/home/programs/terminal/nvim/config/lua/lsp-lines-config.lua
View File

@ -1,5 +1,2 @@
require("lsp_lines").setup() require("lsp_lines").setup()
vim.diagnostic.config({ vim.diagnostic.config({virtual_text = false})
virtual_text = false,
virtual_lines = true,
})

30
modules/home/programs/terminal/nvim/config/lua/octo-config.lua
View File

@ -1,30 +0,0 @@
require("octo").setup()
vim.keymap.set("n", "<leader>rs", "<cmd>Octo review start<cr>")
vim.keymap.set("n", "<leader>rd", "<cmd>Octo review discard<cr>")
vim.keymap.set("n", "<leader>rr", "<cmd>Octo review resume<cr>")
vim.keymap.set("n", "<leader>re", "<cmd>Octo review submit<cr>")
vim.keymap.set("n", "<leader>rca", "<cmd>Octo review comments<cr>")
vim.keymap.set("n", "<leader>rcs", "<cmd>Octo comment suggest<cr>")
vim.keymap.set("n", "<leader>rcc", "<cmd>Octo comment add<cr>")
vim.keymap.set("n", "<leader>rcr", "<cmd>Octo comment reply<cr>")
vim.keymap.set("n", "<leader>pd", "<cmd>Octo pr diff<cr>")
vim.keymap.set("n", "<leader>pc", "<cmd>Octo pr changes<cr>")
-- vim.api.nvim_create_autocmd("FileType", {
-- pattern = "octo",
-- callback = function()
-- vim.keymap.set("n", "<leader>rs", "<cmd>Octo review start<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rd", "<cmd>Octo review discard<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rr", "<cmd>Octo review resume<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>re", "<cmd>Octo review submit<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rca", "<cmd>Octo review comments<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rcs", "<cmd>Octo comment suggest<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rcc", "<cmd>Octo comment add<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>rcr", "<cmd>Octo comment reply<cr>", { buffer = true })
--
-- vim.keymap.set("n", "<leader>pd", "<cmd>Octo pr diff<cr>", { buffer = true })
-- vim.keymap.set("n", "<leader>pc", "<cmd>Octo pr changes<cr>", { buffer = true })
-- end,
-- })

37
modules/home/programs/terminal/nvim/config/lua/telescope-config.lua
View File

@ -1,23 +1,20 @@
require("telescope").setup({ require('telescope').setup {
extensions = { extensions = {
fzf = { fzf = {
fuzzy = true, fuzzy = true,
override_generic_sorter = true, override_generic_sorter = true,
override_file_sorter = true, override_file_sorter = true,
case_mode = "smart_case", case_mode = "smart_case"
}, }
}, }
}) }
require("telescope").load_extension("fzf") require('telescope').load_extension('fzf')
require("telescope").load_extension("ui-select") require("telescope").load_extension("ui-select")
require("telescope").load_extension("undo")
local builtin = require("telescope.builtin") local builtin = require('telescope.builtin')
vim.keymap.set("n", "<leader>ff", builtin.find_files) vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
vim.keymap.set("n", "<leader>fg", builtin.live_grep) vim.keymap.set('n', '<leader>fg', builtin.live_grep, {})
vim.keymap.set("n", "<leader>fb", builtin.buffers) vim.keymap.set('n', '<leader>fb', builtin.buffers, {})
vim.keymap.set("n", "<leader>fh", builtin.help_tags) vim.keymap.set('n', '<leader>fh', builtin.help_tags, {})
vim.keymap.set("n", "<leader>fj", builtin.jumplist) vim.keymap.set('n', '<leader>fj', builtin.jumplist, {})
vim.keymap.set("n", "<leader>fu", "<cmd>Telescope undo<cr>")
vim.keymap.set("n", "<leader>fp", "<cmd>Octo pr list<cr>")

7
modules/home/programs/terminal/nvim/config/lua/ts-config.lua
View File

@ -1,4 +1,3 @@
require("nvim-treesitter.configs").setup({ require'nvim-treesitter.configs'.setup {
highlight = { enable = true, additional_vim_regex_highlighting = false }, highlight = {enable = true, additional_vim_regex_highlighting = false}
}) }
vim.treesitter.language.register("markdown", "octo")

1
modules/home/programs/terminal/nvim/config/lua/which-key-config.lua
View File

@ -16,7 +16,6 @@ wk.add({
{ "<leader>fg", "<cmd>Telescope live_grep<cr>", desc = "Live Grep" }, { "<leader>fg", "<cmd>Telescope live_grep<cr>", desc = "Live Grep" },
{ "<leader>fh", "<cmd>Telescope help_tags<cr>", desc = "Help Tags" }, { "<leader>fh", "<cmd>Telescope help_tags<cr>", desc = "Help Tags" },
{ "<leader>fj", "<cmd>Telescope jumplist<cr>", desc = "Jump List" }, { "<leader>fj", "<cmd>Telescope jumplist<cr>", desc = "Jump List" },
{ "<leader>fp", "<cmd>Octo pr list<cr>", desc = "PR List" },
{ "<leader>g", group = "DiffView" }, { "<leader>g", group = "DiffView" },
{ "<leader>gB", desc = "Git Blame Full" }, { "<leader>gB", desc = "Git Blame Full" },
{ "<leader>gH", "<cmd>DiffviewFileHistory --range=origin..HEAD<cr>", desc = "Diff History - Main" }, { "<leader>gH", "<cmd>DiffviewFileHistory --range=origin..HEAD<cr>", desc = "Diff History - Main" },

13
modules/home/programs/terminal/nvim/default.nix
View File

@ -34,7 +34,6 @@ in
# ------------------- # -------------------
# ----- Helpers ----- # ----- Helpers -----
# ------------------- # -------------------
avante-nvim # Avante
aerial-nvim # Code Outline aerial-nvim # Code Outline
comment-nvim # Code Comments comment-nvim # Code Comments
diffview-nvim # Diff View diffview-nvim # Diff View
@ -48,11 +47,9 @@ in
telescope-fzf-native-nvim # Faster Telescope telescope-fzf-native-nvim # Faster Telescope
telescope-nvim # Fuzzy Finder telescope-nvim # Fuzzy Finder
telescope-ui-select-nvim # UI telescope-ui-select-nvim # UI
telescope-undo-nvim # Undo Tree
toggleterm-nvim # Terminal Helper toggleterm-nvim # Terminal Helper
vim-nix # Nix Helpers vim-nix # Nix Helpers
which-key-nvim # Shortcut Helper which-key-nvim # Shortcut Helper
octo-nvim # Git Octo
# ------------------ # ------------------
# --- Theme / UI --- # --- Theme / UI ---
@ -84,14 +81,13 @@ in
( (
pkgs.vimUtils.buildVimPlugin { pkgs.vimUtils.buildVimPlugin {
pname = "none-ls-extras.nvim"; pname = "none-ls-extras.nvim";
version = "2025-06-18"; version = "2024-06-11";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "nvimtools"; owner = "nvimtools";
repo = "none-ls-extras.nvim"; repo = "none-ls-extras.nvim";
rev = "924fe88a9983c7d90dbb31fc4e3129a583ea0a90"; rev = "336e84b9e43c0effb735b08798ffac382920053b";
sha256 = "sha256-OJHg2+h3zvlK7LJ8kY6f7et0w6emnxfcDbjD1YyWRTw="; sha256 = "sha256-UtU4oWSRTKdEoMz3w8Pk95sROuo3LEwxSDAm169wxwk=";
}; };
doCheck = false;
meta.homepage = "https://github.com/nvimtools/none-ls-extras.nvim/"; meta.homepage = "https://github.com/nvimtools/none-ls-extras.nvim/";
} }
) )
@ -109,7 +105,6 @@ in
rev = "5ca462bee0a39b058786bc7fbeb5d16ea49f3a23"; rev = "5ca462bee0a39b058786bc7fbeb5d16ea49f3a23";
sha256 = "0vlp645d5mmii513v72jca931miyrhkvhwb9bfzhix1199zx7vi2"; sha256 = "0vlp645d5mmii513v72jca931miyrhkvhwb9bfzhix1199zx7vi2";
}; };
doCheck = false;
meta.homepage = "https://github.com/mhanberg/silicon.lua/"; meta.homepage = "https://github.com/mhanberg/silicon.lua/";
} }
) )
@ -147,6 +142,7 @@ in
meta.homepage = "https://github.com/ggml-org/llama.vim/"; meta.homepage = "https://github.com/ggml-org/llama.vim/";
} }
) )
]; ];
extraPackages = with pkgs; [ extraPackages = with pkgs; [
@ -169,7 +165,6 @@ in
nodePackages.vscode-langservers-extracted nodePackages.vscode-langservers-extracted
pyright pyright
eslint_d eslint_d
python312Packages.autopep8
# Formatters # Formatters
luaformatter luaformatter

8
modules/home/services/sops/default.nix
View File

@ -28,6 +28,14 @@ in
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths; sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ] ++ cfg.sshKeyPaths;
}; };
# TODO
# secrets = {
# nix = {
# sopsFile = lib.snowfall.fs.get-file "secrets/default.yaml";
# path = "${config.home.homeDirectory}/.config/nix/nix.conf";
# };
# };
}; };
}; };
} }

11
modules/nixos/hardware/opengl/default.nix
View File

@ -14,8 +14,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.xserver.videoDrivers = mkIf cfg.enableNvidia [ "nvidia" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
libva-utils libva-utils
vdpauinfo vdpauinfo
@ -25,15 +23,6 @@ in
intel-gpu-tools intel-gpu-tools
]; ];
# Enable Nvidia Hardware
hardware.nvidia = mkIf cfg.enableNvidia {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
powerManagement.enable = true;
open = false;
nvidiaSettings = true;
};
# Add Intel Arc / Nvidia Drivers # Add Intel Arc / Nvidia Drivers
hardware.enableRedistributableFirmware = mkIf cfg.enableIntel (mkForce true); hardware.enableRedistributableFirmware = mkIf cfg.enableIntel (mkForce true);
hardware.graphics = { hardware.graphics = {

6
modules/nixos/programs/graphical/wms/hyprland/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, namespace, ... }: { config, lib, namespace, ... }:
let let
inherit (lib) mkIf; inherit (lib) mkIf;
@ -17,10 +17,6 @@ in
}; };
}; };
environment.systemPackages = with pkgs; [
wl-clipboard
];
reichard = { reichard = {
display-managers = { display-managers = {
sddm = { sddm = {

108
modules/nixos/services/llama-cpp/default.nix
View File

@ -1,108 +0,0 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) types mkIf mkEnableOption;
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.services.llama-cpp;
modelDir = "/models";
availableModels = {
"qwen2.5-coder-7b-q8_0.gguf" = {
url = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/qwen2.5-coder-7b-q8_0.gguf?download=true";
flag = "--fim-qwen-7b-default";
};
"qwen2.5-coder-3b-q8_0.gguf" = {
url = "https://huggingface.co/ggml-org/Qwen2.5-Coder-3B-Q8_0-GGUF/resolve/main/qwen2.5-coder-3b-q8_0.gguf?download=true";
flag = "--fim-qwen-3b-default";
};
};
in
{
options.${namespace}.services.llama-cpp = with types; {
enable = mkEnableOption "llama-cpp support";
modelName = mkOpt str "qwen2.5-coder-3b-q8_0.gguf" "model to use";
};
config =
let
modelPath = "${modelDir}/${cfg.modelName}";
in
mkIf cfg.enable {
assertions = [
{
assertion = availableModels ? ${cfg.modelName};
message = "Invalid model '${cfg.modelName}'. Available models: ${lib.concatStringsSep ", " (lib.attrNames availableModels)}";
}
];
systemd.services = {
# LLama Download Model
download-model = {
description = "Download Model";
wantedBy = [ "multi-user.target" ];
before = [ "llama-cpp.service" ];
path = [ pkgs.curl pkgs.coreutils ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "root";
Group = "root";
};
script =
let
modelURL = availableModels.${cfg.modelName}.url;
in
''
set -euo pipefail
if [ ! -f "${modelPath}" ]; then
mkdir -p "${modelDir}"
# Add -f flag to follow redirects and -L for location
# Add --fail flag to exit with error on HTTP errors
# Add -C - to resume interrupted downloads
curl -f -L -C - \
-H "Accept: application/octet-stream" \
--retry 3 \
--retry-delay 5 \
--max-time 1800 \
"${modelURL}" \
-o "${modelPath}.tmp" && \
mv "${modelPath}.tmp" "${modelPath}"
fi
'';
};
# Setup LLama API Service
llama-cpp = {
after = [ "download-model.service" ];
requires = [ "download-model.service" ];
};
};
services.llama-cpp = {
enable = true;
host = "0.0.0.0";
port = 8012;
openFirewall = true;
model = "${modelPath}";
package = (pkgs.llama-cpp.override {
cudaSupport = true;
}).overrideAttrs (oldAttrs: {
cmakeFlags = oldAttrs.cmakeFlags ++ [
"-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1"
"-DCMAKE_CUDA_ARCHITECTURES=61" # GTX-1070
# Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
"-DLLAMA_FMA=OFF"
"-DLLAMA_AVX2=OFF"
"-DLLAMA_AVX512=OFF"
"-DGGML_FMA=OFF"
"-DGGML_AVX2=OFF"
"-DGGML_AVX512=OFF"
];
});
extraFlags = [ availableModels.${cfg.modelName}.flag ];
};
};
}

2
modules/nixos/services/openssh/default.nix
View File

@ -12,8 +12,6 @@ let
authorizedKeys = [ authorizedKeys = [
# evanreichard@lin-va-mbp-personal # evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad # evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
]; ];

14
modules/nixos/services/rke2/default.nix
View File

@ -9,7 +9,7 @@ in
options.${namespace}.services.rke2 = with types; { options.${namespace}.services.rke2 = with types; {
enable = lib.mkEnableOption "Enable RKE2"; enable = lib.mkEnableOption "Enable RKE2";
disable = mkOpt (listOf str) [ ] "Disable services"; disable = mkOpt (listOf str) [ ] "Disable services";
openFirewall = mkBoolOpt false "Open firewall"; openFirewall = mkBoolOpt true "Open firewall";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -18,10 +18,6 @@ in
disable = cfg.disable; disable = cfg.disable;
}; };
# NOTE: Tailscale & K8s Calico conflict due to FWMask. You need to update the DaemonSet Env with:
# - name: FELIX_IPTABLESMARKMASK
# value: "0xff00ff00"
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
6443 # Kubernetes API 6443 # Kubernetes API
@ -36,6 +32,8 @@ in
7946 # memberlist 7946 # memberlist
]; ];
environment.systemPackages = with pkgs; [ nfs-utils ];
networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [
# RKE2 Ports - https://docs.rke2.io/install/requirements#networking # RKE2 Ports - https://docs.rke2.io/install/requirements#networking
8472 # Canal CNI with VXLAN 8472 # Canal CNI with VXLAN
@ -51,11 +49,5 @@ in
after = [ "cloud-final.service" ]; after = [ "cloud-final.service" ];
requires = [ "cloud-final.service" ]; requires = [ "cloud-final.service" ];
}; };
environment.systemPackages = with pkgs; [
k9s
kubectl
nfs-utils
];
}; };
} }

32
modules/nixos/services/rtl-tcp/default.nix
View File

@ -1,32 +0,0 @@
{ config, pkgs, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.services.rtl-tcp;
in
{
options.${namespace}.services.rtl-tcp = {
enable = mkEnableOption "RTL-TCP support";
openFirewall = mkBoolOpt true "Open firewall";
};
config = mkIf cfg.enable {
hardware.rtl-sdr.enable = true;
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 1234 ];
# RTL-SDR TCP Server Service
systemd.services.rtl-tcp = {
description = "RTL-SDR TCP Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.rtl-sdr}/bin/rtl_tcp -a 0.0.0.0 -f 1090000000 -s 2400000";
Restart = "on-failure";
RestartSec = "10s";
User = "root";
Group = "root";
};
};
};
}

27
modules/nixos/services/tailscale/default.nix
View File

@ -1,27 +0,0 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.tailscale;
in
{
options.${namespace}.services.tailscale = {
enable = mkEnableOption "enable tailscale service";
enableRouting = mkEnableOption "enable tailscale routing";
};
config = mkIf cfg.enable {
services.tailscale = {
enable = true;
useRoutingFeatures = if cfg.enableRouting then "server" else "client";
};
boot.kernel.sysctl = mkIf cfg.enableRouting {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
# NOTE: Tailscale & K8s Calico conflict due to FWMask. You need to update the DaemonSet Env with:
# - name: FELIX_IPTABLESMARKMASK
# value: "0xff00ff00"
};
}

21
modules/nixos/system/boot/default.nix
View File

@ -1,29 +1,18 @@
{ config, lib, namespace, ... }: { config, lib, namespace, ... }:
let let
inherit (lib) mkIf mkDefault; inherit (lib) mkIf mkDefault;
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.system.boot; cfg = config.${namespace}.system.boot;
in in
{ {
options.${namespace}.system.boot = { options.${namespace}.system.boot = {
enable = lib.mkEnableOption "Enable Boot"; enable = lib.mkEnableOption "Enable Boot";
enableGrub = mkBoolOpt true "Enable GRUB"; xenGuest = lib.mkEnableOption "Enable Xen Guest";
enableSystemd = mkBoolOpt false "Enable systemd";
xenGuest = lib.mkEnableOption "Xen guest support";
showNotch = lib.mkEnableOption "Show macOS Notch"; showNotch = lib.mkEnableOption "Show macOS Notch";
silentBoot = lib.mkEnableOption "Silent Boot"; silentBoot = lib.mkEnableOption "Silent Boot";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.enableGrub && cfg.enableSystemd);
message = "Cannot enable both GRUB and systemd-boot";
}
];
services.xe-guest-utilities.enable = mkIf cfg.xenGuest true; services.xe-guest-utilities.enable = mkIf cfg.xenGuest true;
boot = { boot = {
@ -44,18 +33,12 @@ in
canTouchEfiVariables = false; canTouchEfiVariables = false;
}; };
systemd-boot = mkIf cfg.enableSystemd { systemd-boot = {
enable = true; enable = true;
configurationLimit = 20; configurationLimit = 20;
editor = false; editor = false;
}; };
grub = mkIf cfg.enableGrub {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
timeout = mkDefault 1; timeout = mkDefault 1;
}; };

44
modules/nixos/system/disk/default.nix
View File

@ -21,18 +21,21 @@ in
type = "gpt"; type = "gpt";
partitions = { partitions = {
boot = { boot = {
name = "boot"; size = "512M";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00"; type = "EF00";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
}; };
}; };
swap = { swap = {
@ -43,33 +46,6 @@ in
resumeDevice = true; resumeDevice = true;
}; };
}; };
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
}; };
}; };
}; };

26
secrets/mac-va-mbp-personal/evanreichard/default.yaml
View File

@ -1,26 +0,0 @@
builder_ssh_key: ENC[AES256_GCM,data:1cYuaFJke/8GyqxPKp2zH/uARvW6Bqx6AsB16U8f3WkDpnxO6kym19MpDyQUBEjJ9Bj3RiBkSSL96jBv4YZfq+1cN8D6E14faKoYF5FZy5o1C+aTl+4L9zbrQIl/QDFh42qcJ6cYsOSjbEJv8kvZQBV7l+LNo8ZX07f76Kld3boouJJMMZWa9oaZgEifTxN4yDOPXTXNjCO3blGnsm+V3FPkba+EUASL9WH6+XLU2oW1Bc/sydOTiKGRJcs5eyqYvKi3evtxUUyqgdPVtUHNTsh6/B5kDLWFavfEfchPHT0LHIuqGJwGBglTp/NJThAoo5vNFAFIAUw9QWlY4alHhsi2L5g49r3s6i+3fGeyGCTP61uffY9HgF7nOdkTVMsRXacKh9fwgdsZAepcU+kJ3LJSdOaa4hUtCsZpFHUe4jA0kTHI1/V+7ak+iw92gNZTLKsCjIOzWFvEBVSXLctPdxQ8ezvF9ekvw5mkAwO7QYonlrQ3MUY/8b1DDOdjmfSwEyrLruew2KajFhm8/NM/2BOwcO/y+DbX2MSe5x0sx4HN79E=,iv:V25Tc7bOxc4wl5lf6gZOstN1InaCb3sfpCHMl65iwn8=,tag:mBFZcX2G3vpAOMw7V12d6w==,type:str]
rke2_kubeconfig: ENC[AES256_GCM,data:oTOBktUE71QNJXqy8l5hhYKF3mSQlLxXE7rjsctyJi4nIk4bhKACGdYkB8B37Ws9QHm5h9tAn9J/ehbWyBwsOFQIhX7S0kov8/HPlatbY3aJ+PiHO5GWRkJjbq+GZrJgdGeOCSRlA5C4lOy9cYbCqbsgfp42cNxOPhOQUyqFNCmsWJvBiJDuQX3Sqk2QoDtfTayho/v5IiJ9Xjms6m1ng98uXmANHK2wFAv4IZ2+7j14jy5RRKylTtjooJxTalSzdODV4wufHOLqFRCeGs9U4A/SEbRWacssdTWOp/wkaumruEpbuRaX33EwFzAxnawD0T/PBA1w9MfrXoz7bYaQ8S0fpWQHTr7xj79yrlJslBvTp/SzC+7LlpdsOtJr/2LpbzwFowMFPOGg0XJUWlkevIIObBuEYyAnlytxlys+2UNx+szOuUsUDTdZlEtTyJT+Xp8WjFlXkHsi66s+rDxDvUcMG6oLy3IYiYA4D7Q65aDgiy87kDmdfItf5koEEpHU2wV20EtAP2mRZ8UNYnDHd3ZV1L2gLXHGMA/sa0Tn0l4fhfr+6K0niQ9RaZxrVfqyChCw4bSCyZZFajZXcEDXsQB5UKsnMmZ3p5ZtRe/mqKydAz/xQc8mZPYFWwXN3uWgOWLRraRib0thg/PQzsbGNrKxoqc0sY3JbUSBcyhtz2x7b0Sj+g8ibtySmSEM1DrcYFdLG/QHbg8MaSOIIlZDDan2SJ0vAd432hI9BBIxj3L0EOfVBkbzEdtuuW7SSCG650X2u4Rd0Kkjc7HoB6pafJTWx2QZ/CMKIZFiHfMJ1zRyxco7SwZzsTRZ1Y0W7qgnssKpqtRNwCfRTdDM/6aZ1HorNP2NombuyGmfvD/EZSt4xxsOZIgioqfghbcsTCFZQPUvfBSZvJ5KBXS8qacBmsUxMLRMyzSbq0mM/S9Rz8oUxN587K7pLTNNiwFsQ9mXlGgh//rzhdAfzQZF/uuMrjqYgxt3iOAT3Nd34RbZ8YK31SRf6lFy7b+hafS1FFVUnW8jnC57eo2wNpHFBNA1y60dokx9P1dzZUVVYK5iCK+QFkUweD9WSo0al09E3By2pQxZ1OS9UOcTxFbpP/WakD57/tkOvmGIirqrexVecDcODelGXhCVeXb8zJQDz2PdXz3M4G0zIV2JcgJDjJy91Rx56vxRQv0/mvPfjexm9gQcTWOpIeUOBGRCfMXMh0g0AANHxDheRa9WzYQ10uDE3DsyMT53+FGW73PyPBk5MzRY/RQXjTEVbhO/e8Km7KOuhRxpohcLHCugEFMqjsW/c5b6GU24s3n69XPxMWtdtMmnf1FaGGufuOXyYd2s1vQqi+542x41HYnXiT6OQwsFttnlbwfrosl9qgSSgsfwXNv7qHQUBDg1KczwlPBZ3cMA/rQUqHL2N4vEp00JoJFjBTbWrin2FCOBafQmpKPv9j/nqiJROr3I93bSaodk0rFOUDWV3Sp/YepeuYb6wY+lMgysg4jDuJxEYQytFfNI2SBd7g4Xh6vBW/GS1/JdaHhh/Ub5/Cqa0Pxl5fBjV1HQIaM8mXi+V90zRVqzKm9vl9wXjXzAk8QvWRiW5ruP3IsMl5myL1KBuFIgZNPkbv8Nap3XDgmO2IvM6gWI3LHW81cgS6dDcsuC2C9zr291MAlYQiaotqQ33u0ga/y8DTXB3mcLTPLpkWWRY+Cc+qVAuD3LwCvd2StUhxUNwDbwVaxtuSk+uWMx1PCPPwHDVB3sm93wbnKrvj0TMHdkh0im+KzSplaMAsCgKJj1YO3Yhjg+E9CwIaYEDKcCE8FNqioSzzaXABQgpa4zUWkWC+D4iD/kSS3Z+BgB0VCytB705SMbmHmAlWnNayFgQLx3xo/TkgF51jEghj2w2gPyTM8gLqq8kvpXnDx95nhfStRu3KZCuCZKadrv0V5mSCCSzw0STDKZjfwYHHMWOnf41UDG7M9+vWHdtZdnJjLvw8gIqmLl0fkw75jFXYXQaNj4vh6MNSp7ABA8wY5Ala/EckHjx9R88czgyvHTLfVOiFgIiOLvldSYmDlaMcyPTVH7JSTiSoZ7aUwNROQE0/C9GyvZH8MGN9Iy6YQAUQYf5jjesoe3dPJf66GmeCKKlAcO1aK91XXow+pWrYJBZilhXJgPNTKltP2ObDLeJ/30KYF7Gee9GvtJaKzBGjYFZZz9nj8ixIBymS+M7N65U8Sw+/37qCnkSDe6VgkMoXXijaPgfToR4yb6FdZOqRlvynbyC+lSO44l2S1CkKbUxrqzZX2pQ6iB1eJdaHmIBYawVg7tJOO3snPXYMiMAgmojrH1BUUpbQRRvG4BTrUOES4N+2etytiZ7N4GEDzshosVaf9NeFBWRGC58siec/BtKwo7HGcsc0zDvcq8MFJ6rEUDbuZuWn3+CvxC9fi4+CzDP3j3K9lOUiXJ6vxv+1eImFMVgQUiV4g2M/JMTv6+Ix8U9dHoaNVjQlnL1NZRo92C/T2WRx42V97hJOe81CXqRLY8mW30MXat7KK+n92bNsWTKZrNsKnzVb+i1YwMAiwG1bw0OCcmfVojozZ4wjUNkFJI2K0v0CCvwVIl9yUKMkCvo+I1m2ZInOXRme2HK82YFg6JxitlQvovdlUndN1Lo4PhaxbW3BNwJSn81FxJ4yh+d34eawZlsQ4l+er2CyWrXSOvQnK1F8UwDB5xgPb8TBj5FD4IZM+op2LPQiaPQZ7bShzpN20W413lBvauirbD8EaZqt2QExmDnYHs1EMcj10bvu7IyKwZTlBqOa/LpyUH/imY4DTB0aYHby+xnLX7760S0sJfKuJ7omQ4QBgz+NSZ/aFfPicugkPsCZI0lS9WCcczvHgbFRzB6YQ5uJEoK5o5SdVTpYWUBvuLbJ6IOKNKWxlBcrsj4aPm+AAsxRc9cHPbrCns6y01K2wCYCL5nzK7jnneQiR4edtfnwMlUoo3c6/vzwiof4EVVrN29QxVsIA/9yqk375mKlI/l7/eOf083Kbad215wvZ+0U7cgI0oaaVvapj3Ni3e3Es8XUIQCua5HRE6d4M6A7P+Ye1Wkt+8oTpKJzd9Hn/ITwCYVssdpMSwF2ARHgmTtq+sacvkR9gojG/LAJMUwA48Sc4M5rn+5vTCRTvuKXDFphLSUwNzqd58YENC/HJjZS8+co+BN7AaafrybfA0QQrXkY7f+elsAFmNfho+taMpkfQZCmmgfoHPVPYR0pxkV1czCymm5lTjgkC7e4ydngcyJSrUzrXrWREkEcEdXoSRt1/JHABKRbvRuTbuUlah1xS1pvffosnA7KJL+aTLErkWwww3WUPMRrvmhVlWZqHGqE8lCRyMUPny7li3I2IB+aHFXepYwZSMMQPIOIiE19Oz7MsaIrMknqfTtdc58McEPGUPKiVO8x+nfRQPY45jFF60XtiK+yemYDicUGMSkWdtVLXgDCD+KAJz5YzBl5YbnPD9L1X9pB8P0vEpnKC6X+GGiaPflVGiNAKRTUyVv8CJ+Yh+KEfJw8og/P6d/7dSKheBeAdaliigZ9qG8xfyY0jE++xedaxIcOBObBu6j70j+Tpp5bUPN25FyVR2GqG4xz5YbuhnrRjhA6lAh0nppPlP+Oz/j9pPvPaDGESLZ/WM6MWru7R8DrHePBtulRvhvwUsmrjosPXuCNGU4sd1MFh6kNyyJH3W1quy3IopUij0Amu40mmd8XEzsN2nmT2Eh3NCd/r/2yj/t+xwxNcQZ+bfxeMFOiEfX5RU2paKNrRIDUEbgR1rS8A3PEUPTxwTP10IuY+IMToCSgZkVIq7UjXg0Bx9QdwvXcN74ADwkD0Un5+jLf4mo43QacwnBLpm24XqDzO09vKOzA9XU5fdC6AJ4mqAJ5J/XU8bC1RWiSCul6NekoJAPVgMlpWTPCAdSrWeYoE0d7lVkl+g+nEIS4sb,iv:mC5XSWReVzjwheF1IzCzp34JRvL/vJipyaKhptkH+cU=,tag:SDoNiaWaPKzruj+HPv5jbw==,type:str]
sops:
age:
- recipient: age1sac93wpnjcv62s7583jv6a4yspndh6k0r25g3qx3k7gq748uvafst6nz4w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVWFObG51K2lTYlZidXBU
aW55RnpkVDExbVBkNDl4NkV3MFNkNThjbWdZCklhWkVSaWpPSE1VY09iWGlPVE9Q
bW1SY05jK3BwcDIwSHdMZjJHdWQyQkkKLS0tIHZYS2c2U2xtQ1QxajlKeWpmNXZW
bmdpcTl2NjRWM3F3Q2RHbk1rTEFvZEkKWag1nmqFZMRjwFtIo6oqs+9UI/Mer5bK
Ax7P7uwoZdiMN2g84W1pNTjj6GktFn3jrBaE+MxY6NUBr02apkRYZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dccte7xtwswgef089nd80dutp96xnezx5lrqnneh9cusegsnda8sj3dj6c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5cURST1FTbVk4RGZTaitF
MEt3Z2U0a004Zmo0VG1BN29DUnBLNGxPMEJFCkcyL1JrMkZsSTM5WCtZSldSeGZw
SmdpV3AxRDJyVW1WMXBuclhBSDkvTXcKLS0tIDZsU2pBbEFHNkdqWW1CZW1hdVN3
eW9OdlJmS21IVDNVNk9OMjZBT21PUTAK+lpsdEp2uvg8nFWu/hPtK0+Ahi5J//5d
NB6JJ7lwRWKy2NppFf9sy20Y1Z0Z5Ui40nbnURRzYgtsqbKBveUDcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-29T23:30:28Z"
mac: ENC[AES256_GCM,data:x3dnanNbIX0fippbbFqOSR9ptZGdAwWuyn7hf3z6i43rk8Nk9p9EVqmE4/Guz2QY2tG/cph/5/nwX4UCO4ixAdB7pAWZa6lI1JdFzMBfW1IGeXOLyprDt6xdFnCVXjy64HgNWiVOPUS4+olxNZ0LPmCof7odqn+Axj+icFK3N34=,iv:OyFac4TxnKXwJ0l7LcJTqVyl11gIpw8fvEAEQTrEBc0=,tag:zMOGwIwAZmel+4EIqy9/tQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

20
systems/aarch64-darwin/mac-va-mbp-personal/default.nix
View File

@ -1,20 +0,0 @@
{ namespace, lib, ... }:
let
inherit (lib.${namespace}) enabled;
in
{
system.stateVersion = 6;
# System Config
reichard = {
nix = enabled;
security = {
sops = {
enable = true;
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.snowfall.fs.get-file "secrets/mac-va-mbp-personal/default.yaml";
};
};
};
}

60
systems/aarch64-linux/lin-o1-node1/default.nix
View File

@ -1,60 +0,0 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
};
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

60
systems/aarch64-linux/lin-o1-node2/default.nix
View File

@ -1,60 +0,0 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
};
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

2
systems/aarch64-linux/lin-va-mbp-personal/default.nix
View File

@ -7,7 +7,7 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
system.stateVersion = "25.05"; system.stateVersion = "24.11";
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
# System Config # System Config

73
systems/x86_64-linux/lin-cloud-kube1/default.nix
View File

@ -1,73 +0,0 @@
{ namespace, config, pkgs, lib, modulesPath, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
system.stateVersion = "25.05";
time.timeZone = "UTC";
networking.firewall.allowedTCPPorts = [ 443 ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
reichard = {
nix = enabled;
system = {
disk = {
enable = true;
diskPath = "/dev/sda";
};
networking = {
enable = true;
useStatic = {
interface = "enp3s0";
address = "23.29.118.42";
defaultGateway = "23.29.118.1";
nameservers = [ "1.1.1.1" ];
};
};
};
services = {
openssh = enabled;
tailscale = {
enable = true;
enableRouting = true;
};
rke2 = {
enable = true;
openFirewall = false;
disable = [ "rke2-ingress-nginx" ];
};
};
};
users.users.${cfg.name} = {
openssh = {
authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
];
};
};
environment.systemPackages = with pkgs; [
btop
tmux
vim
];
}

6
systems/x86_64-linux/lin-va-nix-builder/default.nix
View File

@ -4,7 +4,7 @@ let
in in
{ {
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
system.stateVersion = "25.05"; system.stateVersion = "24.11";
reichard = { reichard = {
system = { system = {
@ -33,8 +33,6 @@ in
authorizedKeys = [ authorizedKeys = [
# evanreichard@lin-va-mbp-personal # evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad # evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
# NixOS Builder # NixOS Builder
@ -49,8 +47,6 @@ in
authorizedKeys.keys = [ authorizedKeys.keys = [
# evanreichard@lin-va-mbp-personal # evanreichard@lin-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY"
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV"
# evanreichard@lin-va-thinkpad # evanreichard@lin-va-thinkpad
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz"
# NixOS Builder # NixOS Builder

207
systems/x86_64-linux/lin-va-office/default.nix
View File

@ -1,70 +1,175 @@
{ namespace, pkgs, config, lib, ... }: { config, pkgs, ... }:
let
inherit (lib.${namespace}) enabled;
cfg = config.${namespace}.user;
in
{
system.stateVersion = "25.05";
time.timeZone = "America/New_York";
let
cuda-llama = (pkgs.llama-cpp.override {
cudaSupport = true;
}).overrideAttrs (oldAttrs: {
cmakeFlags = oldAttrs.cmakeFlags ++ [
"-DGGML_CUDA_ENABLE_UNIFIED_MEMORY=1"
# Disable CPU Instructions - Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
"-DLLAMA_FMA=OFF"
"-DLLAMA_AVX2=OFF"
"-DLLAMA_AVX512=OFF"
"-DGGML_FMA=OFF"
"-DGGML_AVX2=OFF"
"-DGGML_AVX512=OFF"
];
});
# Define Model Vars
modelDir = "/models";
# 7B
# modelName = "qwen2.5-coder-7b-q8_0.gguf";
# modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-7B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
# 3B
modelName = "qwen2.5-coder-3b-q8_0.gguf";
modelUrl = "https://huggingface.co/ggml-org/Qwen2.5-Coder-3B-Q8_0-GGUF/resolve/main/${modelName}?download=true";
modelPath = "${modelDir}/${modelName}";
in
{
# Allow Nvidia & CUDA
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
# System Config # Enable Graphics
reichard = { hardware.graphics = {
nix = enabled; enable = true;
enable32Bit = true;
extraPackages = [ pkgs.cudatoolkit ];
};
system = { # Load Nvidia Driver Module
boot = { services.xserver.videoDrivers = [ "nvidia" ];
enable = true;
silentBoot = true; # Nvidia Package Configuration
}; hardware.nvidia = {
disk = { package = config.boot.kernelPackages.nvidiaPackages.stable;
enable = true; modesetting.enable = true;
diskPath = "/dev/sda"; powerManagement.enable = true;
}; open = false;
networking = { nvidiaSettings = true;
enable = true; };
useStatic = {
interface = "enp5s0"; # Networking Configuration
address = "10.0.50.120"; networking.firewall = {
defaultGateway = "10.0.50.254"; enable = true;
nameservers = [ "10.0.20.20" ]; allowedTCPPorts = [
}; 1234 # RTL-TCP
8080 # LLama API
];
};
# RTL-SDR
hardware.rtl-sdr.enable = true;
systemd.services = {
# LLama Download Model
download-model = {
description = "Download Model";
wantedBy = [ "multi-user.target" ];
before = [ "llama-cpp.service" ];
path = [ pkgs.curl pkgs.coreutils ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "root";
Group = "root";
}; };
script = ''
set -euo pipefail
if [ ! -f "${modelPath}" ]; then
mkdir -p "${modelDir}"
# Add -f flag to follow redirects and -L for location
# Add --fail flag to exit with error on HTTP errors
# Add -C - to resume interrupted downloads
curl -f -L -C - \
-H "Accept: application/octet-stream" \
--retry 3 \
--retry-delay 5 \
--max-time 1800 \
"${modelUrl}" \
-o "${modelPath}.tmp" && \
mv "${modelPath}.tmp" "${modelPath}"
fi
'';
}; };
hardware = { # RTL-SDR TCP Server Service
opengl = { rtl-tcp = {
enable = true; description = "RTL-SDR TCP Server";
enableNvidia = true; after = [ "network.target" ];
}; wantedBy = [ "multi-user.target" ];
};
services = { serviceConfig = {
openssh = enabled; ExecStart = "${pkgs.rtl-sdr}/bin/rtl_tcp -a 0.0.0.0 -f 1090000000 -s 2400000";
llama-cpp = enabled; Restart = "on-failure";
rtl-tcp = enabled; RestartSec = "10s";
User = "root";
Group = "root";
};
}; };
}; };
users.users.${cfg.name} = { # Setup LLama API Service
openssh = { systemd.services.llama-cpp = {
authorizedKeys.keys = [ after = [ "download-model.service" ];
# evanreichard@lin-va-mbp-personal requires = [ "download-model.service" ];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJoyXQOv9cAjGUHrUcvsW7vY9W0PmuPMQSI9AMZvNY" };
# evanreichard@mac-va-mbp-personal
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWj6rd6uDtHj/gGozgIEgxho/vBKebgN5Kce/N6vQWV" # Enable LLama API
# evanreichard@lin-va-thinkpad services.llama-cpp = {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5JQr/6WJMIHhR434nK95FrDmf2ApW2Ahd2+cBKwDz" enable = true;
]; host = "0.0.0.0";
}; package = cuda-llama;
model = modelPath;
port = 8080;
openFirewall = true;
# 7B
# extraFlags = [
# "-ngl"
# "99"
# "-fa"
# "-ub"
# "512"
# "-b"
# "512"
# "-dt"
# "0.1"
# "--ctx-size"
# "4096"
# "--cache-reuse"
# "256"
# ];
# 3B
extraFlags = [
"-ngl"
"99"
"-fa"
"-ub"
"1024"
"-b"
"1024"
"--ctx-size"
"0"
"--cache-reuse"
"256"
];
}; };
# System Packages # System Packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
btop htop
git nvtopPackages.full
rtl-sdr
tmux tmux
vim vim
wget
]; ];
} }

5
systems/x86_64-linux/lin-va-thinkpad/default.nix
View File

@ -3,12 +3,9 @@ let
inherit (lib.${namespace}) enabled; inherit (lib.${namespace}) enabled;
in in
{ {
system.stateVersion = "25.05"; system.stateVersion = "24.11";
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.bluetooth.enable = true;
hardware.amdgpu.initrd.enable = lib.mkDefault true;
services.xserver.videoDrivers = [ "modesetting" ];
# System Config # System Config
reichard = { reichard = {

3
systems/x86_64-vmware/lin-va-rke2/default.nix → systems/x86_64-qcow/lin-va-rke2/default.nix
View File

@ -9,7 +9,7 @@ in
config = { config = {
# Basic System # Basic System
system.stateVersion = "25.05"; system.stateVersion = "24.11";
time.timeZone = "UTC"; time.timeZone = "UTC";
reichard = { reichard = {
@ -33,7 +33,6 @@ in
cloud-init = enabled; cloud-init = enabled;
rke2 = { rke2 = {
enable = true; enable = true;
openFirewall = true;
disable = [ "rke2-ingress-nginx" ]; disable = [ "rke2-ingress-nginx" ];
}; };
openiscsi = { openiscsi = {