diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..84f7963 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +modules/system/secrets/** filter=git-crypt diff=git-crypt diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..08d3c07 --- /dev/null +++ b/flake.lock @@ -0,0 +1,101 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739841949, + "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", + "owner": "nix-community", + "repo": "disko", + "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1739758141, + "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c618e28f70257593de75a7044438efc1c1fc0791", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.11", + "type": "indirect" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "impermanence": "impermanence", + "nixpkgs": "nixpkgs", + "unstable": "unstable" + } + }, + "unstable": { + "locked": { + "lastModified": 1739736696, + "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3b2d960 --- /dev/null +++ b/flake.nix @@ -0,0 +1,35 @@ +{ + inputs = { + # System inputs + nixpkgs.url = "nixpkgs/nixos-24.11"; + unstable.url = "nixpkgs/nixos-unstable"; + impermanence.url = "github:nix-community/impermanence"; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # Home inputs + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { + self, + nixpkgs, + unstable, + impermanence, + disko, + home-manager, + ... + }@inputs: + { + nixosConfigurations.rubble = nixpkgs.lib.nixosSystem { + modules = [ ./host ]; + specialArgs = inputs; + }; + }; +} diff --git a/host/default.nix b/host/default.nix new file mode 100644 index 0000000..9ace3ed --- /dev/null +++ b/host/default.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + imports = [ + ./disko + ./hardware + ../modules/system + ]; + + networking = { + hostName = "rubble"; + hostId = "e0b1fcef"; + }; + + system = { + extlinux.enable = true; + wireless.enable = true; + stateVersion = "24.11"; + }; +} diff --git a/host/disko/default.nix b/host/disko/default.nix new file mode 100644 index 0000000..4022bcc --- /dev/null +++ b/host/disko/default.nix @@ -0,0 +1,90 @@ +{ config, disko, ... }: +{ + imports = [ disko.nixosModules.disko ]; + + disko.devices = { + disk = { + "${config.networking.hostName}" = { + type = "disk"; + device = "/dev/mmcblk1"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "${config.networking.hostName}-disk"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "lvm_pv"; + vg = "${config.networking.hostName}"; + }; + }; + }; + }; + }; + }; + }; + + lvm_vg = { + "${config.networking.hostName}" = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/prev" = { + mountpoint = "/prev"; + mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + + # Impermanence + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/persist/.snapshots" = { }; + "/persist/home/${config.sysusers.main}" = { }; + "/persist/home/${config.sysusers.main}/.snapshots" = { }; + }; + }; + }; + swap = { + size = "4G"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + + # Needed for impermanence + fileSystems."/persist".neededForBoot = true; +} diff --git a/host/hardware/default.nix b/host/hardware/default.nix new file mode 100644 index 0000000..baab64a --- /dev/null +++ b/host/hardware/default.nix @@ -0,0 +1,8 @@ +{ config, lib, modulesPath, ... }: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.kernelModules = [ "ahci" "dm-snapshot" "mmc_core" "pcie_rockchip_host" "phy_rockchip_pcie" "rockchip_dfi" "rockchip_thermal" "rtc_rk808" "rockchip_saradc" "uas" "fusb302" ]; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/host/id_ed25519.pub b/host/id_ed25519.pub new file mode 100644 index 0000000..075c2ce --- /dev/null +++ b/host/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4oyz5yAvmVZDdr3NL2AmlnCA6Z17b2Vj0FXj07DFiv diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..2f87054 --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,10 @@ +{ lib, ... }: +{ + imports = [ + ./programs + ./settings + ./user + ]; + + config.home.stateVersion = "24.11"; +} diff --git a/modules/home/programs/btop/default.nix b/modules/home/programs/btop/default.nix new file mode 100644 index 0000000..3b478a3 --- /dev/null +++ b/modules/home/programs/btop/default.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + programs.btop = { + enable = true; + settings = { + vim_keys = true; + rounded_corners = false; + theme_background = false; + }; + }; +} diff --git a/modules/home/programs/default.nix b/modules/home/programs/default.nix new file mode 100644 index 0000000..8d9da02 --- /dev/null +++ b/modules/home/programs/default.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + imports = [ + ./btop + ./eza + ./fastfetch + ./git + ./headless + ./neovim + ./nh + ./nix-index + ./ranger + ./tmux + ./zsh + ]; +} diff --git a/modules/home/programs/eza/default.nix b/modules/home/programs/eza/default.nix new file mode 100644 index 0000000..6f8bc0b --- /dev/null +++ b/modules/home/programs/eza/default.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + programs.eza = { + enable = true; + git = true; + icons = "auto"; + colors = "always"; + extraOptions = [ "--group-directories-first" ]; + }; +} diff --git a/modules/home/programs/fastfetch/config.jsonc b/modules/home/programs/fastfetch/config.jsonc new file mode 100644 index 0000000..cf59c49 --- /dev/null +++ b/modules/home/programs/fastfetch/config.jsonc @@ -0,0 +1,97 @@ +{ + "$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json", + "logo": { + "source": "xenia", + "color": { + "1": "1;97", + "2": "red", + "3": "yellow" + } + }, + "display": { + "separator": " \u001b[33m ", + "color": "red" + }, + "modules": [ + { + "type": "custom", + "format": "\u001b[1m—————————————————————————————————————" + }, + { + "type": "host", + "key": "󰌢 " + }, + { + "type": "cpu", + "key": " " + }, + { + "type": "gpu", + "key": "󰢮 " + }, + { + "type": "disk", + "folders": "/", + "key": " " + }, + { + "type": "memory", + "format": "{/1}{-}{/}{/2}{-}{/}{} / {}", + "key": " " + }, + { + "type": "display", + "compactType": "original", + "key": "󰍹 " + }, + + { + "type": "custom", + "format": "\u001b[1m—————————————————————————————————————" + }, + { + "type": "os", + "format": "{3} {12}", + "key": "󰍛 " + }, + { + "type": "kernel", + "format": "{1} {2}", + "key": " " + }, + { + "type": "wm", + "key": " " + }, + { + "type": "shell", + "key": " " + }, + { + "type": "terminal", + "key": " " + }, + { + "type": "packages", + "key": "󰆧 " + }, + { + "type": "uptime", + "key": "󰅐 " + }, + { + "type": "command", + "text": "date -d @$(stat -c %W /persist) '+%a %b %d %r %Z %Y'", + "key": "󰶡 " + }, + + { + "type": "custom", + "format": "\u001b[1m—————————————————————————————————————" + }, + { + "type": "custom", + "format": "\u001b[90m󰮯 \u001b[31m󰊠 \u001b[32m󰊠 \u001b[33m󰊠 \u001b[34m󰊠 \u001b[35m󰊠 \u001b[36m󰊠 \u001b[37m󰊠" + } + ] +} diff --git a/modules/home/programs/fastfetch/default.nix b/modules/home/programs/fastfetch/default.nix new file mode 100644 index 0000000..b44f625 --- /dev/null +++ b/modules/home/programs/fastfetch/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ ./small ]; + + programs.fastfetch.enable = true; + xdg.configFile."fastfetch/config.jsonc".source = ./config.jsonc; +} diff --git a/modules/home/programs/fastfetch/small/default.nix b/modules/home/programs/fastfetch/small/default.nix new file mode 100644 index 0000000..d48f134 --- /dev/null +++ b/modules/home/programs/fastfetch/small/default.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ (pkgs.writeScriptBin "pfetch" "fastfetch --config ~/.config/fastfetch/small.jsonc") ]; + xdg.configFile."fastfetch/small.jsonc".source = ./small.jsonc; +} diff --git a/modules/home/programs/fastfetch/small/small.jsonc b/modules/home/programs/fastfetch/small/small.jsonc new file mode 100644 index 0000000..37d5040 --- /dev/null +++ b/modules/home/programs/fastfetch/small/small.jsonc @@ -0,0 +1,34 @@ +{ + "logo": { + "type": "small" + }, + "modules": [ + { + "type": "os", + "format": "{3} {12}", + "key": "󰍛 " + }, + { + "type": "host", + "key": "󰌢 " + }, + { + "type": "kernel", + "format": "{1} {2}", + "key": " " + }, + { + "type": "uptime", + "key": "󰅐 " + }, + { + "type": "packages", + "key": "󰆧 " + }, + { + "type": "memory", + "format": "{/1}{-}{/}{/2}{-}{/}{} / {}", + "key": " " + } + ] +} diff --git a/modules/home/programs/git/default.nix b/modules/home/programs/git/default.nix new file mode 100644 index 0000000..5ec022a --- /dev/null +++ b/modules/home/programs/git/default.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + programs.git = { + enable = true; + userName = "Jimbo"; + userEmail = "jimbo@nixfox.ca"; + }; + + programs.lazygit.enable = true; + + home.packages = with pkgs; [ + gnupg + git-crypt + ]; +} diff --git a/modules/home/programs/headless/default.nix b/modules/home/programs/headless/default.nix new file mode 100644 index 0000000..ecdc584 --- /dev/null +++ b/modules/home/programs/headless/default.nix @@ -0,0 +1,8 @@ +{ lib, pkgs, ... }: +{ + home.packages = with pkgs; [ + dua + p7zip + vimv + ]; +} diff --git a/modules/home/programs/neovim/default.nix b/modules/home/programs/neovim/default.nix new file mode 100644 index 0000000..5168e1a --- /dev/null +++ b/modules/home/programs/neovim/default.nix @@ -0,0 +1,112 @@ +{ config, pkgs, ... }: +{ + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + plugins = with pkgs.vimPlugins; [ + # Vim theme + vim-airline + vim-airline-themes + + # Internal clipboard + vim-vsnip + cmp-vsnip + + # Autocomplete manager + lspkind-nvim + + # Autocomplete plugins + cmp-nvim-lsp + cmp-buffer + cmp-path + cmp-cmdline + nvim-cmp + + # Hex color visualizer and color theme + nvim-colorizer-lua + vim-monokai-pro + + # Discord RPC + vimsence + + # Nerdtree + nerdtree + vim-nerdtree-syntax-highlight + + # Misc languages + kdl-vim + ]; + extraConfig = '' + lua <'] = cmp.mapping.scroll_docs(-4), + [''] = cmp.mapping.scroll_docs(4), + [''] = cmp.mapping.complete(), + [''] = cmp.mapping.abort(), + [''] = cmp.mapping.confirm({ select = true }), -- Accept currently selected item. Set `select` to `false` to only confirm explicitly selected items. + }), + sources = cmp.config.sources({ + { name = 'nvim_lsp' }, + { name = 'vsnip' } + }, { + { name = 'buffer' }, + }) + }) + + -- Use buffer source for '/' and '?' + cmp.setup.cmdline({ '/', '?' }, { + mapping = cmp.mapping.preset.cmdline(), + sources = { + { name = 'buffer' } + } + }) + + -- Use cmdline & path source for ':' + cmp.setup.cmdline(':', { + mapping = cmp.mapping.preset.cmdline(), + sources = cmp.config.sources({ + { name = 'path' } + }, { + { name = 'cmdline' } + }) + }) + EOF + + colorscheme monokai_pro + let g:airline_theme='onedark' + let g:airline#extensions#tabline#enabled = 1 + hi Normal guibg=none ctermbg=235 + hi Visual guibg=#202020 ctermbg=238 + hi Pmenu guibg=#202020 ctermbg=238 + hi EndOfBuffer guibg=none ctermbg=235 + hi LineNr guibg=none ctermbg=none + lua require'colorizer'.setup() + + set nu rnu + set termguicolors + set mouse=a + + set undofile + set undodir=$HOME/.local/share/nvim/undo + set undolevels=100 + set undoreload=10000 + + nmap :bnext + nmap :bprev + nmap :bd + nmap :NERDTreeToggleVCS + ''; + }; +} diff --git a/modules/home/programs/nh/default.nix b/modules/home/programs/nh/default.nix new file mode 100644 index 0000000..c1fe0a0 --- /dev/null +++ b/modules/home/programs/nh/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + programs.nh = { + enable = true; + flake = "/etc/nixos"; + }; +} diff --git a/modules/home/programs/nix-index/default.nix b/modules/home/programs/nix-index/default.nix new file mode 100644 index 0000000..3cbafd7 --- /dev/null +++ b/modules/home/programs/nix-index/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + programs.nix-index.enable = true; +} diff --git a/modules/home/programs/ranger/default.nix b/modules/home/programs/ranger/default.nix new file mode 100644 index 0000000..b1d4b85 --- /dev/null +++ b/modules/home/programs/ranger/default.nix @@ -0,0 +1,122 @@ +{ pkgs, config, ... }: +{ + programs.ranger = { + enable = true; + settings = { + preview_images = true; + preview_images_method = "sixel"; + dirname_in_tabs = true; + autosave_bookmarks = false; + show_hidden = true; + wrap_scroll = true; + column_ratios = "2,2,4"; + hidden_filter = ''^\.|\.(?:pyc|pyo|bak|swp)$|^lost\+found$|^__(py)?cache__$''; + }; + rifle = [ + # Media + { + condition = ''mime ^image, has imv, X, flag f''; + command = ''imv -- "$@"''; + } + { + condition = ''mime ^video, terminal, has mpv''; + command = ''mpv -- "$@"''; + } + { + condition = ''mime ^video, terminal, has mpv''; + command = ''mpv --video-rotate=270 -- "$@"''; + } + { + condition = ''mime ^audio|ogg$, terminal, has mpv''; + command = ''mpv --no-audio-display -- "$@"''; + } + { + condition = ''mime ^audio|ogg$, terminal, has mpv''; + command = ''mpv --shuffle --no-audio-display -- "$@"''; + } + { + condition = ''ext x?html?|pdf, has firefox, X, flag f''; + command = ''firefox -- "$@"''; + } + { + condition = ''ext pptx?|od[dfgpst]|docx?|sxc|xlsx?|xlt|xlw|gnm|gnumeric, has libreoffice, X, flag f''; + command = ''libreoffice "$@"''; + } + + # Scripts + { + condition = ''sh''; + command = ''sh -- "$1"''; + } + { + condition = ''py''; + command = ''python -- "$1"''; + } + { + condition = ''pl''; + command = ''perl -- "$1"''; + } + { + condition = ''js''; + command = ''node -- "$1"''; + } + { + condition = ''php''; + command = ''php -- "$1"''; + } + + # Misc + { + condition = ''ext exe|msi''; + command = ''wine "$1"''; + } + { + condition = ''ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz|iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip|zst, has 7z''; + command = ''7z x -- "$@"''; + } + { + condition = ''label open, has xdg-open''; + command = ''vim -- "$@"''; + } + ]; + plugins = [ + { + name = "devicons2"; + src = builtins.fetchGit { + url = "https://github.com/cdump/ranger-devicons2"; + rev = "94bdcc19218681debb252475fd9d11cfd274d9b1"; + }; + } + ]; + extraConfig = '' + default_linemode devicons2 + ''; + }; + + # Ranger's bookmarks and necessary tools + home = { + file = { + ".local/share/ranger/bookmarks".text = '' + # Local files + h:/home/${config.home.username}/ + k:/home/${config.home.username}/Keepers + j:/home/${config.home.username}/Downloads + v:/home/${config.home.username}/Videos + c:/home/${config.home.username}/.config + l:/home/${config.home.username}/.local + d:/mnt + n:/etc/nixos + + # Remote files + J:/home/${config.home.username}/KittyNFS + K:/home/${config.home.username}/KittyNFS/Files + V:/home/${config.home.username}/KittyNFS/Media + M:/home/${config.home.username}/KittyNFS/Music + ''; + }; + packages = with pkgs; [ + imagemagick + poppler_utils + ]; + }; +} diff --git a/modules/home/programs/tmux/default.nix b/modules/home/programs/tmux/default.nix new file mode 100644 index 0000000..338fa76 --- /dev/null +++ b/modules/home/programs/tmux/default.nix @@ -0,0 +1,24 @@ +{ ... }: +{ + programs.tmux = { + enable = true; + keyMode = "vi"; + mouse = true; + terminal = "st-256color"; + historyLimit = 4096; + baseIndex = 1; + extraConfig = '' + set -g status on + set -g status-left "" + set -g status-position bottom + set -g status-right "#[bg=brightblack]#[fg=dark_purple] #T " + set -g status-style "bg=black" + + set -g set-titles on + set -g set-titles-string "#T" + + setw -g window-status-format "#[bg=brightmagenta]#[fg=black] #I #[bg=brightblack]#[fg=white] #W " + setw -g window-status-current-format "#[bg=brightmagenta]#[fg=black] #I #[bg=white]#[fg=black] #W " + ''; + }; +} diff --git a/modules/home/programs/zsh/default.nix b/modules/home/programs/zsh/default.nix new file mode 100644 index 0000000..15ed467 --- /dev/null +++ b/modules/home/programs/zsh/default.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: +{ + programs.zsh = { + enable = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + oh-my-zsh = { + enable = true; + theme = "agnoster"; + plugins = [ + "git" + "history" + ]; + }; + initExtra = '' + pfetch + source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh + source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh + setopt HIST_IGNORE_SPACE + setopt RM_STAR_WAIT + ''; + }; +} diff --git a/modules/home/settings/default.nix b/modules/home/settings/default.nix new file mode 100644 index 0000000..b47f347 --- /dev/null +++ b/modules/home/settings/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./aliases + ./nix + ]; +} diff --git a/modules/home/settings/nix/default.nix b/modules/home/settings/nix/default.nix new file mode 100644 index 0000000..b35802a --- /dev/null +++ b/modules/home/settings/nix/default.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, unstable, ... }: +{ + nix = { + package = lib.mkForce pkgs.nix; + settings.experimental-features = [ + "nix-command" + "flakes" + ]; + registry.unstable.flake = unstable; + }; + + _module.args.pkgsUnstable = import unstable { + inherit (pkgs.stdenv.hostPlatform) system; + inherit (config.nixpkgs) config; + }; +} diff --git a/modules/home/user/default.nix b/modules/home/user/default.nix new file mode 100644 index 0000000..d00fca0 --- /dev/null +++ b/modules/home/user/default.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + home = { + username = "jimbo"; + homeDirectory = "/home/${config.home.username}"; + sessionVariables = { + EDITOR = "nvim"; + MANPAGER = "nvim +Man!"; + LIBVIRT_DEFAULT_URI = "qemu:///system"; + HISTCONTROL = "ignoreboth"; + NIXPKGS_ALLOW_UNFREE = 1; + }; + }; +} diff --git a/modules/system/accounts/users/custom/jules/default.nix b/modules/system/accounts/users/custom/jules/default.nix new file mode 100644 index 0000000..fe5fbf9 --- /dev/null +++ b/modules/system/accounts/users/custom/jules/default.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: +{ + options.sysusers = lib.mkOption { + type = lib.types.attrs; + }; + + config = { + sysusers.main = "jimbo"; + + users.users."${config.sysusers.main}" = { + hashedPassword = config.secrets.mainAccPass; + isNormalUser = true; + openssh.authorizedKeys.keyFiles = [ + ../../../../../../hosts/tower/id_ed25519.pub + + ../../../../../../hosts/envy/id_ed25519.pub + ../../../../../../hosts/redmond/id_ed25519.pub + + ../../../../../../hosts/kitty/id_ed25519.pub + ../../../../../../hosts/midas/id_ed25519.pub + ../../../../../../hosts/prophet/id_ed25519.pub + ../../../../../../hosts/rubble/id_ed25519.pub + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" + ]; + extraGroups = [ + "wheel" + "audio" + "video" + "input" + "disk" + "dialout" + "rtkit" + "kvm" + "libvirtd" + "qemu-libvirtd" + "nginx" + "minecraft" + "nfsShare" + ]; + uid = 1000; + shell = pkgs.zsh; + }; + + home-manager.users."${config.sysusers.main}" = import ../../../../../home; + }; +} diff --git a/modules/system/accounts/users/custom/main/default.nix b/modules/system/accounts/users/custom/main/default.nix new file mode 100644 index 0000000..d81968a --- /dev/null +++ b/modules/system/accounts/users/custom/main/default.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: +{ + options.sysusers = lib.mkOption { + type = lib.types.attrs; + }; + + config = { + sysusers.main = "jimbo"; + + users.users."${config.sysusers.main}" = { + hashedPassword = config.secrets.mainAccPass; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFGHaxdTeC1xnTx2BY5LLR5LxhdSkmYoWuOeEuRIz0k" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" + ]; + extraGroups = [ + "wheel" + "audio" + "video" + "input" + "disk" + "dialout" + "rtkit" + "kvm" + "libvirtd" + "qemu-libvirtd" + "nginx" + "nfsShare" + ]; + uid = 1000; + shell = pkgs.zsh; + }; + + home-manager.users."${config.sysusers.main}" = import ../../../../../home; + }; +} diff --git a/modules/system/default.nix b/modules/system/default.nix new file mode 100644 index 0000000..c3270fb --- /dev/null +++ b/modules/system/default.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + imports = [ + ./accounts + ./devices + ./programs + ./secrets + ./services + ./settings + ]; + + options.system = with lib; { + desktop.enable = lib.mkEnableOption "Enable desktop apps and services"; + server.enable = lib.mkEnableOption "Enable server apps and services"; + }; +} diff --git a/modules/system/devices/boot/default.nix b/modules/system/devices/boot/default.nix new file mode 100644 index 0000000..d3280e4 --- /dev/null +++ b/modules/system/devices/boot/default.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + imports = [ + ./extlinux + ./services + ]; + + boot.kernel.sysctl = { + "vm.max_map_count" = 2147483642; + "kernel.sysrq" = 1; + }; +} diff --git a/modules/system/devices/default.nix b/modules/system/devices/default.nix new file mode 100644 index 0000000..d4feeb6 --- /dev/null +++ b/modules/system/devices/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./boot + ./disks + ./networking + ]; +} diff --git a/modules/system/devices/networking/default.nix b/modules/system/devices/networking/default.nix new file mode 100644 index 0000000..5aafa71 --- /dev/null +++ b/modules/system/devices/networking/default.nix @@ -0,0 +1,24 @@ +{ config, ... }: +{ + imports = [ ./wireless ]; + + networking = { + wireless.enable = false; + dhcpcd.enable = true; + nftables.enable = true; + firewall.allowPing = false; + useNetworkd = true; + nameservers = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = config.networking.nameservers; + dnsovertls = "true"; + }; +} diff --git a/modules/system/programs/default.nix b/modules/system/programs/default.nix new file mode 100644 index 0000000..ea129d9 --- /dev/null +++ b/modules/system/programs/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./git + ./home-manager + ./shells + ]; +} diff --git a/modules/system/programs/home-manager/default.nix b/modules/system/programs/home-manager/default.nix new file mode 100644 index 0000000..ebd8e39 --- /dev/null +++ b/modules/system/programs/home-manager/default.nix @@ -0,0 +1,12 @@ +{ unstable, ... }: +{ + home-manager = { + useUserPackages = true; + backupFileExtension = "bak"; + extraSpecialArgs = { + inherit + unstable + ; + }; + }; +} diff --git a/modules/system/programs/shells/default.nix b/modules/system/programs/shells/default.nix new file mode 100644 index 0000000..eb9dde4 --- /dev/null +++ b/modules/system/programs/shells/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + programs.fish.enable = true; + users.defaultUserShell = pkgs.fish; + + programs.zsh.enable = true; +} diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix new file mode 100644 index 0000000..e3a32ce Binary files /dev/null and b/modules/system/secrets/default.nix differ diff --git a/modules/system/services/general/default.nix b/modules/system/services/general/default.nix new file mode 100644 index 0000000..dd7e347 --- /dev/null +++ b/modules/system/services/general/default.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + imports = [ + ./earlyoom + ./libvirtd + ./snowflake + ./ssh + ./tlp + ./userborn + ]; +} diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix new file mode 100644 index 0000000..a69c3e4 --- /dev/null +++ b/modules/system/services/server/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + imports = [ + ./cfdyndns + ./fileserver + ./forgejo + ./mysql + ./socialserver + ./transmission + ./vaultwarden + ./webserver + ]; +} diff --git a/modules/system/services/server/webserver/nginx/default.nix b/modules/system/services/server/webserver/nginx/default.nix new file mode 100644 index 0000000..1019882 --- /dev/null +++ b/modules/system/services/server/webserver/nginx/default.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: +{ + imports = [ + ./rtmp + ./virtualhosts + ]; + + config = lib.mkIf config.system.server.enable { + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + }; + + environment.persistence."/persist".directories = [ "/var/www" ]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + }; +} diff --git a/modules/system/settings/default.nix b/modules/system/settings/default.nix new file mode 100644 index 0000000..666a961 --- /dev/null +++ b/modules/system/settings/default.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + imports = [ + ./minimal + ./nix + ./security + ./timezone + ]; +} diff --git a/modules/system/settings/security/default.nix b/modules/system/settings/security/default.nix new file mode 100644 index 0000000..17b2a7d --- /dev/null +++ b/modules/system/settings/security/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./apparmor + ./privilege + ]; +}