etwas/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

style: follow statix's advisories

Browse source
This commit is contained in:
EinEtwas 2024-10-27 09:25:21 +01:00
parent c2e9df3771
commit 17a5f552a5
Signed by: etwas
SSH key fingerprint: SHA256:bHhIeAdn/2k9jmOs6+u6ox98VYmoHUN3HfnpV2w8Ws0
11 changed files with 247 additions and 187 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
flake.nix
View file

@ -32,25 +32,38 @@
}; };
}; };
outputs = { self, nixpkgs, nixos-hardware, agenix, spicetify-nix, nix-index-database, lix-module, ... } @ inputs: { outputs =
nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem { {
specialArgs = { self,
inherit inputs; nixpkgs,
inherit spicetify-nix; nixos-hardware,
inherit agenix; agenix,
spicetify-nix,
nix-index-database,
lix-module,
...
}@inputs:
{
nixosConfigurations.rhea-laptop = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
inherit spicetify-nix;
inherit agenix;
};
system = "x86_64-linux";
# List all Modules to load
modules = [
nixos-hardware.nixosModules.framework-13-7040-amd
lix-module.nixosModules.default
nix-index-database.nixosModules.nix-index
agenix.nixosModules.default
./modules
./home
];
}; };
system = "x86_64-linux"; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
# List all Modules to load
modules = [
nixos-hardware.nixosModules.framework-13-7040-amd
lix-module.nixosModules.default
nix-index-database.nixosModules.nix-index
agenix.nixosModules.default
./modules
./home
];
}; };
};
} }

11
home/default.nix
View file

@ -23,11 +23,12 @@
users.rhea = { users.rhea = {
# The home.stateVersion option does not have a default and must be set # The home.stateVersion option does not have a default and must be set
home.stateVersion = "24.05"; home = {
# Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; stateVersion = "24.05";
# inherit ./hyprland.nix; username = "rhea";
home.username = "rhea"; homeDirectory = "/home/rhea";
home.homeDirectory = "/home/rhea"; };
programs.home-manager.enable = true; programs.home-manager.enable = true;
catppuccin = { catppuccin = {

2
home/essentials/default.nix
View file

@ -1,4 +1,4 @@
{ age, config, ... }: { {
imports = [ imports = [
./git.nix ./git.nix
./keyring.nix ./keyring.nix

181
home/essentials/zsh.nix
View file

@ -1,109 +1,114 @@
{ {
programs.nix-index-database.comma.enable = true; programs = {
nix-index-database.comma.enable = true;
programs.zsh = { zsh = {
enable = true;
autocd = true;
shellAliases = {
os-update = "nh os switch /home/rhea/nix-config/";
os-upgrade = "cd ~/nix-config && nix flake update && nh os switch /home/rhea/nix-config/";
light-off = "echo -n \"{\\\"id\\\":1,\\\"method\\\":\\\"setState\\\",\\\"params\\\":{\\\"state\\\":false}}\" | nc -u -w 1 192.168.178.28 38899";
clr = "clear";
power-saver = "powerprofilesctl set power-saver";
power-balanced = "powerprofilesctl set balanced";
power-performance = "powerprofilesctl set performance";
};
autosuggestion = {
enable = true;
strategy = [ "history" "completion" ];
};
history = {
append = true;
expireDuplicatesFirst = true;
size = 2500;
};
syntaxHighlighting = {
enable = true; enable = true;
highlighters = [ autocd = true;
"brackets" shellAliases = {
]; os-update = "nh os switch /home/rhea/nix-config/";
os-upgrade = "cd ~/nix-config && nix flake update && nh os switch /home/rhea/nix-config/";
light-off = "echo -n \"{\\\"id\\\":1,\\\"method\\\":\\\"setState\\\",\\\"params\\\":{\\\"state\\\":false}}\" | nc -u -w 1 192.168.178.28 38899";
clr = "clear";
power-saver = "powerprofilesctl set power-saver";
power-balanced = "powerprofilesctl set balanced";
power-performance = "powerprofilesctl set performance";
};
autosuggestion = {
enable = true;
strategy = [
"history"
"completion"
];
};
history = {
append = true;
expireDuplicatesFirst = true;
size = 2500;
};
syntaxHighlighting = {
enable = true;
highlighters = [
"brackets"
];
};
oh-my-zsh = {
enable = true;
plugins = [
"git"
"sudo"
"virtualenv"
"safe-paste"
"timer"
"z"
];
theme = "agnoster";
};
}; };
oh-my-zsh = { starship = {
enable = true; enable = true;
enableZshIntegration = true;
enableBashIntegration = true;
plugins = [ settings = {
"git" add_newline = false;
"sudo" command_timeout = 1000;
"virtualenv"
"safe-paste"
"timer"
"z"
];
theme = "agnoster"; right_format = "$time";
};
};
programs.starship = { character = {
enable = true; success_symbol = "[](bold green)";
enableZshIntegration = true; error_symbol = "[](bold red)";
enableBashIntegration = true; vicmd_symbol = "[](bold yellow)";
};
settings = { username = {
add_newline = false; show_always = true;
command_timeout = 1000; format = ''\[[$user]($style)'';
};
right_format = "$time"; hostname = {
ssh_only = false;
format = ''@[$ssh_symbol$hostname]($style)\]'';
};
character = { directory = {
success_symbol = "[](bold green)"; truncation_length = 6;
error_symbol = "[](bold red)"; format = ''\[[$path]($style)[$read_only]($read_only_style)\]'';
vicmd_symbol = "[](bold yellow)"; read_only = " ";
}; };
username = { git_branch = {
show_always = true; symbol = " ";
format = ''\[[$user]($style)''; format = ''\[[$symbol$branch]($style)\]'';
}; };
hostname = { git_status = {
ssh_only = false; format = ''([\[$all_status$ahead_behind\]]($style))'';
format = ''@[$ssh_symbol$hostname]($style)\]''; };
};
directory = { nix_shell = {
truncation_length = 6; symbol = "󱄅 ";
format = ''\[[$path]($style)[$read_only]($read_only_style)\]''; format = ''\[[$symbol$state(\($name\))]($style)\]'';
read_only = " "; };
};
git_branch = { cmd_duration = {
symbol = " "; format = ''\[[󰅐 $duration]($style)\]'';
format = ''\[[$symbol$branch]($style)\]''; };
};
git_status = { time = {
format = ''([\[$all_status$ahead_behind\]]($style))''; disabled = false;
}; format = ''\[[$time]($style)\]'';
};
nix_shell = {
symbol = "󱄅 ";
format = ''\[[$symbol$state(\($name\))]($style)\]'';
};
cmd_duration = {
format = ''\[[󰅐 $duration]($style)\]'';
};
time = {
disabled = false;
format = ''\[[$time]($style)\]'';
}; };
}; };
}; };

10
home/misc_pkgs/default.nix
View file

@ -1,4 +1,12 @@
{ agenix, config, inputs, pkgs, spicetify-nix, ... }: { {
agenix,
config,
inputs,
pkgs,
spicetify-nix,
...
}:
{
imports = [ imports = [
./packages.nix ./packages.nix
./spicetify.nix ./spicetify.nix

14
modules/essentials/bootloader.nix
View file

@ -1,5 +1,11 @@
{ pkgs, ... }: { { pkgs, ... }:
boot.loader.systemd-boot.enable = true; {
boot.loader.efi.canTouchEfiVariables = true; boot = {
boot.kernelPackages = pkgs.linuxPackages_latest; loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelPackages = pkgs.linuxPackages_latest;
};
} }

21
modules/essentials/environment.nix
View file

@ -1,19 +1,22 @@
{ pkgs, ... }: { { pkgs, ... }:
{
programs.zsh.enable = true; programs.zsh.enable = true;
environment.pathsToLink = [ "/share/zsh" ]; environment = {
pathsToLink = [ "/share/zsh" ];
environment.sessionVariables = { sessionVariables = {
NIXOS_OZONE_WL = "1"; NIXOS_OZONE_WL = "1";
};
systemPackages = with pkgs; [
fprintd
polkit_gnome
];
}; };
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
nerdfonts nerdfonts
jetbrains-mono jetbrains-mono
]; ];
environment.systemPackages = with pkgs; [
fprintd
polkit_gnome
];
} }

64
modules/essentials/hardware_config.nix
View file

@ -1,34 +1,50 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/nix-root";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
]; ];
};
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/nix-root";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[{ device = "/dev/disk/by-label/swap"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

16
modules/misc_hardware/networking.nix
View file

@ -1,14 +1,16 @@
{ config, ... }: { config, ... }:
{ {
networking.hostName = "rhea-laptop"; networking = {
hostName = "rhea-laptop";
# Enable networking # Enable networking
networking.networkmanager.enable = true; networkmanager.enable = true;
networking.networkmanager.wifi.powersave = true; networkmanager.wifi.powersave = true;
networking.wireguard.enable = true; wireguard.enable = true;
networking.firewall = { firewall = {
allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
};
}; };
} }

58
modules/utils/agenix.nix
View file

@ -1,39 +1,43 @@
{ config, ... }: { config, ... }:
{ {
# TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ]; age = {
identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
age.secrets.access-tokens-github.file = ../../secrets/gh_argstr.age; secrets = {
access-tokens-github.file = ../../secrets/gh_argstr.age;
age.secrets.fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age; fbda-wg-privkey.file = ../../secrets/fbda_wg_priv_key.age;
age.secrets.fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age; fbda-wg-psk.file = ../../secrets/fbda_wg_psk.age;
age.secrets.obvps-id = { obvps-id = {
file = ../../secrets/1bvps.age; file = ../../secrets/1bvps.age;
path = "/home/rhea/.ssh/id_1bvps"; path = "/home/rhea/.ssh/id_1bvps";
owner = "rhea"; owner = "rhea";
symlink = false; symlink = false;
}; };
age.secrets.gh_etwas = { gh_etwas = {
file = ../../secrets/gh_token.age; file = ../../secrets/gh_token.age;
path = "/home/rhea/.ssh/id_gh_etwas"; path = "/home/rhea/.ssh/id_gh_etwas";
owner = "rhea"; owner = "rhea";
symlink = false; symlink = false;
}; };
age.secrets.gcd_etwas = { gcd_etwas = {
file = ../../secrets/gcd_etwas.age; file = ../../secrets/gcd_etwas.age;
path = "/home/rhea/.ssh/id_gcd_etwas"; path = "/home/rhea/.ssh/id_gcd_etwas";
owner = "rhea"; owner = "rhea";
symlink = false; symlink = false;
}; };
age.secrets.etwas_sign_key = { etwas_sign_key = {
file = ../../secrets/sign_etwas.age; file = ../../secrets/sign_etwas.age;
path = "/home/rhea/.ssh/etwas_sign_key"; path = "/home/rhea/.ssh/etwas_sign_key";
owner = "rhea"; owner = "rhea";
symlink = false; symlink = false;
};
};
}; };
nix.extraOptions = '' nix.extraOptions = ''

8
modules/utils/auth.nix
View file

@ -2,9 +2,11 @@
{ {
services.fprintd.enable = true; services.fprintd.enable = true;
security.pam.services.login.fprintAuth = true; security.pam.services = {
security.pam.services.sudo.fprintAuth = true; login.fprintAuth = true;
security.pam.services.greetd.enableGnomeKeyring = true; sudo.fprintAuth = true;
greetd.enableGnomeKeyring = true;
};
services.greetd = { services.greetd = {
enable = true; enable = true;