unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

yeah

Browse Source 
Signed-off-by: unexplrd <unexplrd@linerds.us>
This commit is contained in:
unexplrd
2025-03-25 00:22:39 +02:00
parent 98039c2ea0
commit 8464dc0084
11 changed files with 59 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
hosts/dunamis/catppuccin.nix
View File

@ -1,9 +0,0 @@
{inputs, ...}: {
imports = with inputs; [
catppuccin.nixosModules.catppuccin
];
catppuccin = {
enable = true;
flavor = "latte";
};
}

9
hosts/dunamis/configuration.nix
View File

@ -1,5 +1,6 @@
{ {
pkgs, pkgs,
config,
inputs, inputs,
... ...
}: { }: {
@ -12,7 +13,6 @@
./programs.nix ./programs.nix
./stylix.nix ./stylix.nix
# ./stylix-light.nix # ./stylix-light.nix
# ./catppuccin.nix
./disko.nix ./disko.nix
./users.nix ./users.nix
./sops.nix ./sops.nix
@ -26,6 +26,13 @@
channel.enable = false; channel.enable = false;
settings.experimental-features = ["nix-command" "flakes"]; settings.experimental-features = ["nix-command" "flakes"];
daemonCPUSchedPolicy = "idle"; daemonCPUSchedPolicy = "idle";
sshServe.enable = true;
sshServe.keys = let
s = inputs.mysecrets;
in [
(builtins.readFile
"${s}/ssh/id_ed25519_sarien_user.pub")
];
}; };
system.stateVersion = "25.05"; system.stateVersion = "25.05";

21
hosts/dunamis/hardware.nix
View File

@ -27,6 +27,27 @@
]; ];
}; };
}; };
boot.kernelParams = [
"mitigations=auto"
"spectre_v2=on"
"spectre_bhi=on"
"spec_store_bypass_disable=on"
"tsx=off"
"kvm.nx_huge_pages=force"
"nosmt=force"
"l1d_flush=on"
"spec_rstack_overflow=safe-ret"
"gather_data_sampling=force"
"reg_file_data_sampling=on"
"module.sig_enforce=1"
"lockdown=confidentiality"
"intel_iommu=on"
"amd_iommu=force_isolation"
"efi=disable_early_pci_dma"
"iommu=force"
"iommu.passthrough=0"
"iommu.strict=1"
];
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;

13
hosts/dunamis/users.nix
View File

@ -9,7 +9,7 @@
in { in {
nix.settings.trusted-users = [ nix.settings.trusted-users = [
"user" "user"
"remotebuild" "nix-ssh"
]; ];
users.mutableUsers = false; users.mutableUsers = false;
users.users = { users.users = {
@ -23,16 +23,5 @@ in {
"${secrets}/ssh/id_ed25519_eldrid_user.pub" "${secrets}/ssh/id_ed25519_eldrid_user.pub"
]; ];
}; };
remotebuild = {
isNormalUser = true;
createHome = false;
group = "remotebuild";
openssh.authorizedKeys.keyFiles = [
"${secrets}/ssh/id_ed25519_sarien_user.pub"
"${secrets}/ssh/id_ed25519_eldrid_user.pub"
"${secrets}/ssh/id_ed25519_eldrid_rmbuild.pub"
];
}; };
};
users.groups.remotebuild = {};
} }

9
hosts/dunamis/users/user/catppuccin.nix
View File

@ -1,9 +0,0 @@
{inputs, ...}: {
imports = with inputs; [
catppuccin.homeManagerModules.catppuccin
];
catppuccin = {
enable = true;
flavor = "latte";
};
}

28
hosts/dunamis/users/user/flatpak.nix
View File

@ -22,24 +22,23 @@
"com.obsproject.Studio" "com.obsproject.Studio"
"com.bitwarden.desktop" "com.bitwarden.desktop"
"com.github.tchx84.Flatseal" "com.github.tchx84.Flatseal"
"de.haeckerfelix.Fragments"
"org.qbittorrent.qBittorrent" "org.qbittorrent.qBittorrent"
# "com.transmissionbt.Transmission" # "com.transmissionbt.Transmission"
"com.usebottles.bottles" "com.usebottles.bottles"
"com.logseq.Logseq" "com.logseq.Logseq"
"org.octave.Octave" "org.octave.Octave"
"io.github.martchus.syncthingtray"
# chatting # chatting
"org.signal.Signal" "org.signal.Signal"
"im.riot.Riot" "im.riot.Riot"
"org.telegram.desktop" "org.telegram.desktop"
"io.github.spacingbat3.webcord" "io.github.spacingbat3.webcord"
# "dev.vencord.Vesktop"
"org.mozilla.Thunderbird" "org.mozilla.Thunderbird"
# media # media
"org.atheme.audacious" "io.bassi.Amberol"
"io.freetubeapp.FreeTube" "io.freetubeapp.FreeTube"
#"io.github.celluloid_player.Celluloid" #"io.github.celluloid_player.Celluloid"
# "io.mpv.Mpv" # "io.mpv.Mpv"
@ -62,38 +61,29 @@
Context = { Context = {
sockets = ["wayland" "!x11" "!fallback-x11"]; sockets = ["wayland" "!x11" "!fallback-x11"];
filesystems = [ filesystems = [
"!host"
"!home"
"!~/.ssh"
"xdg-run/pipewire-0" "xdg-run/pipewire-0"
"xdg-config/gtk-3.0:ro" "xdg-config/gtk-3.0:ro"
"xdg-config/gtk-4.0:ro" "xdg-config/gtk-4.0:ro"
# "~/.local/share/fonts:ro"
"~/.local/share/icons:ro" "~/.local/share/icons:ro"
# "~/.nix-profile/share/icons:ro"
# "~/.nix-profile/share/fonts:ro"
"/nix/store:ro" "/nix/store:ro"
]; ];
}; };
Environment = { Environment = {
XCURSOR_PATH = "/run/host/user-share/icons:/run/host/share/icons";
ELECTRON_OZONE_PLATFORM_HINT = "wayland"; ELECTRON_OZONE_PLATFORM_HINT = "wayland";
#GTK_THEME = "adw-gtk3";
}; };
}; };
"io.github.martchus.syncthingtray".Context.filesystems = ["/storage/games/heroic/Factorio/game/saves"];
"org.octave.Octave".Context.sockets = ["x11"];
"org.octave.Octave".Environment = {QT_QPA_PLATFORM = "xcb";};
"com.valvesoftware.Steam" = { "com.valvesoftware.Steam" = {
Context = { Context = {
sockets = ["x11" "wayland"]; sockets = ["x11" "wayland"];
filesystems = ["/storage/games/steam"]; filesystems = ["/storage/games/steam"];
}; };
Environment = { Environment.STEAM_FORCE_DESKTOPUI_SCALING = "1.3";
STEAM_FORCE_DESKTOPUI_SCALING = "1.3";
};
}; };
"org.signal.Signal" = { "org.signal.Signal" = {
Environment = { Environment.SIGNAL_PASSWORD_STORE = "gnome-libsecret";
SIGNAL_PASSWORD_STORE = "gnome-libsecret";
};
}; };
"net.lutris.Lutris".Context = { "net.lutris.Lutris".Context = {
sockets = ["x11" "wayland"]; sockets = ["x11" "wayland"];
@ -104,9 +94,7 @@
filesystems = ["/storage/games/heroic" "~/games/heroic"]; filesystems = ["/storage/games/heroic" "~/games/heroic"];
}; };
"com.usebottles.Bottles" = { "com.usebottles.Bottles" = {
Context = { Context.sockets = ["x11" "wayland"];
sockets = ["x11" "wayland"];
};
}; };
}; };
}; };

1
hosts/dunamis/users/user/home-configuration.nix
View File

@ -5,7 +5,6 @@
self.homeModules.programs self.homeModules.programs
./programs.nix ./programs.nix
./flatpak.nix ./flatpak.nix
# ./sops.nix
]; ];
desktop = { desktop = {
niri.enable = true; niri.enable = true;

26
hosts/dunamis/users/user/sops.nix
View File

@ -1,26 +0,0 @@
{inputs, ...}: let
secretsPath = builtins.toString inputs.mysecrets;
in {
# imports = with inputs; [
# sops-nix.homeManagerModules.sops
# ];
# sops = {
# age.keyFile = "/var/lib/sops-nix/key.txt";
# defaultSopsFile = "${secretsPath}/secrets.yaml";
# validateSopsFiles = false;
# secrets = {
# "ssh/private/dunamis-user" = {
# path = "/home/user/.ssh/id_ed25519";
# };
# };
home.file."id_ed25519_pub" = {
source = "${secretsPath}/ssh/user/id_dunamis_ed25519.pub";
target = ".ssh/id_ed25519.pub";
};
home.file."id_uni_ed25519_pub" = {
source = "${secretsPath}/ssh/user/id_uni_ed25519.pub";
target = ".ssh/id_uni_ed25519.pub";
};
}

2
hosts/sarien/configuration.nix
View File

@ -33,7 +33,7 @@
buildMachines = [ buildMachines = [
{ {
hostName = "dunamis"; hostName = "dunamis";
sshUser = "user"; sshUser = "nix-ssh";
system = "x86_64-linux"; system = "x86_64-linux";
sshKey = config.sops.secrets."ssh-sarien-user".path; sshKey = config.sops.secrets."ssh-sarien-user".path;
supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"]; supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];

26
modules/home/programs/editor/helix.nix
View File

@ -17,10 +17,14 @@ in {
defaultEditor = true; defaultEditor = true;
settings = { settings = {
editor = { editor = {
line-number = "relative";
bufferline = "multiple"; bufferline = "multiple";
cursorline = true; cursorline = true;
lsp.display-messages = true; inline-diagnostics.cursor-line = "warning";
line-number = "relative";
lsp = {
display-messages = true;
display-inlay-hints = true;
};
cursor-shape = { cursor-shape = {
insert = "bar"; insert = "bar";
normal = "block"; normal = "block";
@ -60,9 +64,9 @@ in {
language-server = with lib; { language-server = with lib; {
clangd.command = "${pkgs.clang-tools}/bin/clangd"; clangd.command = "${pkgs.clang-tools}/bin/clangd";
markdown-oxide.command = getExe pkgs.markdown-oxide; markdown-oxide.command = getExe pkgs.markdown-oxide;
nil.command = getExe pkgs.nil; # nil.command = getExe pkgs.nil;
nixd.command = getExe pkgs.nixd; nixd.command = getExe pkgs.nixd;
rust-analyzer.command = getExe pkgs.rust-analyzer; # rust-analyzer.command = getExe pkgs.rust-analyzer;
# texlab.command = getExe pkgs.texlab; # texlab.command = getExe pkgs.texlab;
tinymist.command = getExe pkgs.tinymist; tinymist.command = getExe pkgs.tinymist;
}; };
@ -70,7 +74,7 @@ in {
{ {
name = "nix"; name = "nix";
auto-format = true; auto-format = true;
formatter.command = "${pkgs.alejandra}/bin/alejandra"; formatter.command = lib.getExe pkgs.alejandra;
language-servers = ["nixd"]; language-servers = ["nixd"];
} }
# { # {
@ -101,12 +105,12 @@ in {
auto-format = true; auto-format = true;
formatter.command = "${pkgs.clang-tools}/bin/clang-format"; formatter.command = "${pkgs.clang-tools}/bin/clang-format";
} }
{ # {
name = "rust"; # name = "rust";
auto-format = true; # auto-format = true;
language-servers = ["rust-analyzer"]; # language-servers = ["rust-analyzer"];
formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; # formatter.command = lib.getExe pkgs.rustfmt;
} # }
]; ];
}; };
}; };

7
modules/home/programs/shell/fish.nix
View File

@ -24,8 +24,11 @@ in {
direnv.enable = true; direnv.enable = true;
direnv.silent = true; direnv.silent = true;
nix-your-shell.enable = true; nix-your-shell.enable = true;
keychain.enable = true; keychain = {
keychain.extraFlags = ["--quiet" "--noask"]; enable = true;
# extraFlags = ["--quiet" "--noask"];
keys = ["id_ed25519"];
};
fish = { fish = {
enable = true; enable = true;
shellAliases = { shellAliases = {