diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 072eb55..0000000 --- a/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -hosts/lithium/semi-secret-vars.nix filter=git-agecrypt diff=git-agecrypt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f2ccda5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +result +result-* +localnotes.md +*.qcow2 \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..205df23 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "git.enabled": false +} \ No newline at end of file diff --git a/README.md b/README.md index 2ec089f..e2a9b9e 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Overview -This repository maanges **multiple NixOS systems** using a shared modular configuration. +This repository manages **multiple NixOS systems** using a shared modular configuration. It's designed to be **secure, composable, and automated** using modern Nix tooling. - **Laptop ("neon")**: Portable KVM/Swiss-Army Knife diff --git a/flake.lock b/flake.lock index a50ca1f..97d3db0 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,80 @@ { "nodes": { + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1755819240, + "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1754405784, + "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, "crane": { "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "lastModified": 1754269165, + "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "owner": "ipetkov", "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "444e81206df3f7d92780680e45858e31d2f07a08", "type": "github" }, "original": { @@ -22,11 +90,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -35,14 +103,30 @@ "type": "github" } }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -51,6 +135,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1751685974, + "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", + "ref": "refs/heads/main", + "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", + "revCount": 92, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -59,11 +159,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1754091436, + "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "type": "github" }, "original": { @@ -72,6 +172,64 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -94,6 +252,23 @@ "type": "github" } }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1748186689, + "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.2", + "repo": "gnome-shell", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -101,11 +276,11 @@ ] }, "locked": { - "lastModified": 1749499854, - "narHash": "sha256-V1BgwiX8NjbRreU6LC2EzmuqFSQAHhoSeNlYJyZ40NE=", + "lastModified": 1762964643, + "narHash": "sha256-RYHN8O/Aja59XDji6WSJZPkJpYVUfpSkyH+PEupBJqM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1df816c407d3a5090c8496c9b00170af7891f021", + "rev": "827f2a23373a774a8805f84ca5344654c31f354b", "type": "github" }, "original": { @@ -126,27 +301,42 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "lastModified": 1762205063, + "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.2", + "ref": "v0.4.3", "repo": "lanzaboote", "type": "github" } }, + "mnw": { + "locked": { + "lastModified": 1758834834, + "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=", + "owner": "Gerg-L", + "repo": "mnw", + "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001", + "type": "github" + }, + "original": { + "owner": "Gerg-L", + "repo": "mnw", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -157,11 +347,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1762977756, + "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", "type": "github" }, "original": { @@ -171,19 +361,72 @@ "type": "github" } }, - "nixpkgs-stable": { + "noctalia": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "lastModified": 1764122160, + "narHash": "sha256-JZ51AW7zKgqlZp+oqt3Y7thglv23TPjgG1XiGBFWhr8=", + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "rev": "3c5dfd87db582bf9056d83f41d53b90ba08023c6", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", + "owner": "noctalia-dev", + "repo": "noctalia-shell", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nvf": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "mnw": "mnw", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1762622004, + "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=", + "owner": "notashelf", + "repo": "nvf", + "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909", + "type": "github" + }, + "original": { + "owner": "notashelf", + "repo": "nvf", "type": "github" } }, @@ -197,15 +440,14 @@ "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -214,6 +456,26 @@ "type": "github" } }, + "quickshell": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1764045583, + "narHash": "sha256-W24ReyRrhOKTKIsuAMkY5hnVlCufGoONM79sjUoyQkk=", + "owner": "outfoxxed", + "repo": "quickshell", + "rev": "e9bad67619ee9937a1bbecfc6ad3b4231d2ecdc3", + "type": "github" + }, + "original": { + "owner": "outfoxxed", + "repo": "quickshell", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", @@ -221,7 +483,11 @@ "lanzaboote": "lanzaboote", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "sops-nix": "sops-nix" + "noctalia": "noctalia", + "nvf": "nvf", + "quickshell": "quickshell", + "sops-nix": "sops-nix", + "stylix": "stylix" } }, "rust-overlay": { @@ -232,11 +498,11 @@ ] }, "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "lastModified": 1761791894, + "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "rev": "59c45eb69d9222a4362673141e00ff77842cd219", "type": "github" }, "original": { @@ -252,11 +518,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1763069729, + "narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "a2bcd1c25c1d29e22756ccae094032ab4ada2268", "type": "github" }, "original": { @@ -264,6 +530,151 @@ "repo": "sops-nix", "type": "github" } + }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_3", + "gnome-shell": "gnome-shell", + "nixpkgs": [ + "nixpkgs" + ], + "nur": "nur", + "systems": "systems_2", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1762264356, + "narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=", + "owner": "nix-community", + "repo": "stylix", + "rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "stylix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b4a67f8..8fe78ea 100644 --- a/flake.nix +++ b/flake.nix @@ -5,59 +5,118 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.3"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; - }; - # https://nix.dev/tutorials/nix-language.html#named-attribute-set-argument - outputs = inputs@{self, nixpkgs, nixos-hardware, home-manager, sops-nix, lanzaboote, disko, ...}: - let - mkSystem = (import ./lib { - inherit nixpkgs home-manager inputs; - }).mkSystem; - in - { - # NOTE: Run `nix flake show` to see what this flake has to offer. - # TODO: Enable automated formatting with something like numtide/treefmt-nix - nixosConfigurations = { - neon = mkSystem { - hostname = "neon"; - users = [ "jml" ]; - }; - lithium = mkSystem { - hostname = "lithium"; - # extraModules = [ inputs.sops-nix.nixosModules.sops ]; - users = [ - "jml" - "breakglass" - ]; - }; - titanium = mkSystem { - hostname = "titanium"; - users = [ - "jml" - ]; - extraModules = []; - }; - # `nix build .#nixosConfigurations.installIso.config.system.build.isoImage` - # https://github.com/nix-community/nixos-generators - installIso = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - ]; - specialArgs = {inherit inputs;}; - }; - }; - homeConfigurations = { - "jml" = home-manager.lib.homeManagerConfiguration { - modules = [ - ./users/jml/home.nix - ]; - }; + stylix.url = "github:nix-community/stylix"; + stylix.inputs.nixpkgs.follows = "nixpkgs"; + + #obsidian-nvim.url = "github:epwalsh/obsidian.nvim"; + nvf = { + url = "github:notashelf/nvf"; + inputs.nixpkgs.follows = "nixpkgs"; + #inputs.obsidian-nvim.follows = "obsidian-nvim"; + }; + + quickshell = { + url = "github:outfoxxed/quickshell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + noctalia = { + url = "github:noctalia-dev/noctalia-shell"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.quickshell.follows = "quickshell"; }; }; + # https://nix.dev/tutorials/nix-language.html#named-attribute-set-argument + outputs = + inputs@{ + self, + nixpkgs, + nixos-hardware, + home-manager, + sops-nix, + lanzaboote, + disko, + stylix, + nvf, + ... + }: + let + zwLib = import ./lib { + inherit nixpkgs home-manager inputs; + }; + mkSystem = zwLib.mkSystem; + mkHome = zwLib.mkHome; + mkHomeConfigs = zwLib.mkHomeConfigs; + + # NOTE: Currently these are exclusively user-profiles which use home-manager. + # Their home-manager specific declarations are at ../users/${username}/home.nix + system = "x86_64-linux"; # TODO: Improve this from only static x86 to dynamic. + homeUserProfiles = { + jml = mkHome { + inherit system; # inputs; + username = "jml"; + extraModules = [ nvf.homeManagerModules.default ]; + }; + }; + in + { + lib = { + mkSystem = mkSystem; + }; + # NOTE: Run `nix flake show` to see what this flake has to offer. + # TODO: Enable automated formatting with something like numtide/treefmt-nix + nixosConfigurations = { + neon = mkSystem { + hostname = "neon"; + users = [ "jml" ]; + }; + lithium = mkSystem { + hostname = "lithium"; + # extraModules = [ inputs.sops-nix.nixosModules.sops ]; + users = [ + "jml" + "breakglass" + ]; + }; + titanium = mkSystem { + hostname = "titanium"; + users = [ + "jml" + ]; + homeUsers = { + jml = homeUserProfiles.jml.module; + }; + #extraModules = [ (import ./overlays) ]; + # NOTE: If I'm using a home-manager configuration on a given host, + # I also need to include the relevant modules. + # TODO: Can I instead self-reference the homeConfigurations in this flake? + extraModules = [ + stylix.nixosModules.stylix + ]; + }; + cobalt = mkSystem { + hostname = "cobalt"; + users = [ "jml" ]; + }; + # `nix build .#nixosConfigurations.installIso.config.system.build.isoImage` + # https://github.com/nix-community/nixos-generators + installIso = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + ]; + specialArgs = { inherit inputs; }; + }; + }; + + # For Debugging: `home-manager build --flake .` or `nix build .#homeConfigurations."jml".activationPackage` + # `home-manager switch --flake .#jml` + # https://nix-community.github.io/home-manager/options.xhtml + homeConfigurations = mkHomeConfigs homeUserProfiles; + }; } diff --git a/git-agecrypt.toml b/git-agecrypt.toml deleted file mode 100644 index b2ff6dc..0000000 --- a/git-agecrypt.toml +++ /dev/null @@ -1,2 +0,0 @@ -[config] -"hosts/lithium/semi-secret-vars.nix" = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SVmZ3iJF/rviKhTgkZOvu1fWr6G29K4u6yaxjZn4H jay@lithium"] diff --git a/hosts/cobalt/README.md b/hosts/cobalt/README.md new file mode 100644 index 0000000..5f1169c --- /dev/null +++ b/hosts/cobalt/README.md @@ -0,0 +1,21 @@ + +Device Specific Hardware Details` +```shell +[nix-shell:~]$ lspci -nn +00:00.0 Host bridge [0600]: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers [8086:5904] (rev 02) +00:02.0 VGA compatible controller [0300]: Intel Corporation HD Graphics 620 [8086:5916] (rev 02) +00:04.0 Signal processing controller [1180]: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem [8086:1903] (rev 02) +00:14.0 USB controller [0c03]: Intel Corporation Sunrise Point-LP USB 3.0 xHCI Controller [8086:9d2f] (rev 21) +00:14.2 Signal processing controller [1180]: Intel Corporation Sunrise Point-LP Thermal subsystem [8086:9d31] (rev 21) +00:15.0 Signal processing controller [1180]: Intel Corporation Sunrise Point-LP Serial IO I2C Controller #0 [8086:9d60] (rev 21) +00:15.1 Signal processing controller [1180]: Intel Corporation Sunrise Point-LP Serial IO I2C Controller #1 [8086:9d61] (rev 21) +00:16.0 Communication controller [0780]: Intel Corporation Sunrise Point-LP CSME HECI #1 [8086:9d3a] (rev 21) +00:17.0 SATA controller [0106]: Intel Corporation Sunrise Point-LP SATA Controller [AHCI mode] [8086:9d03] (rev 21) +00:1c.0 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI Express Root Port #1 [8086:9d10] (rev f1) +00:1c.5 PCI bridge [0604]: Intel Corporation Sunrise Point-LP PCI Express Root Port #6 [8086:9d15] (rev f1) +00:1f.0 ISA bridge [0601]: Intel Corporation Sunrise Point-LP LPC Controller [8086:9d58] (rev 21) +00:1f.2 Memory controller [0580]: Intel Corporation Sunrise Point-LP PMC [8086:9d21] (rev 21) +00:1f.3 Audio device [0403]: Intel Corporation Sunrise Point-LP HD Audio [8086:9d71] (rev 21) +00:1f.4 SMBus [0c05]: Intel Corporation Sunrise Point-LP SMBus [8086:9d23] (rev 21) +02:00.0 Network controller [0280]: Intel Corporation Wireless 8260 [8086:24f3] (rev 3a) +``` diff --git a/hosts/cobalt/boot.nix b/hosts/cobalt/boot.nix new file mode 100644 index 0000000..e1f16ff --- /dev/null +++ b/hosts/cobalt/boot.nix @@ -0,0 +1,6 @@ +{}: +{ + # Default to systemd-boot + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} \ No newline at end of file diff --git a/hosts/cobalt/configuration.nix b/hosts/cobalt/configuration.nix new file mode 100644 index 0000000..79d1f95 --- /dev/null +++ b/hosts/cobalt/configuration.nix @@ -0,0 +1,26 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + networking.hostName = "cobalt"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; + + + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + fonts.packages = with pkgs; [ + nerd-fonts.fira-code + nerd-fonts.iosevka + atkinson-hyperlegible + ]; + + + system.stateVersion = "25.05"; +} diff --git a/hosts/cobalt/default.nix b/hosts/cobalt/default.nix new file mode 100644 index 0000000..d60b1f2 --- /dev/null +++ b/hosts/cobalt/default.nix @@ -0,0 +1,20 @@ +{ inputs, ... }: +{ + imports = [ + ./boot.nix + ../../modules/nixos/base.nix + ../../modules/nixos/audio.nix + #../../modules/nixos/desktop.nix + # https://github.com/NixOS/nixos-hardware/blob/master/README.md#using-nix-flakes-support + # TODO: This module doesn't exist yet. + #inputs.nixos-hardware.nixosModules.asus-zenbook-ux390u + /home/jml/Workspace/nixos-hardware/asus/zenbook/ux390ua + ./hardware-configuration.nix + ./configuration.nix + ../../modules/nixos/gaming.nix + ../../modules/nixos/desktop/xfce + #../../modules/nixos/desktop/niri + ]; + + zw.gaming.enable = true; +} diff --git a/hosts/cobalt/hardware-configuration.nix b/hosts/cobalt/hardware-configuration.nix new file mode 100644 index 0000000..da7f0e2 --- /dev/null +++ b/hosts/cobalt/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/959b3c06-58a2-45be-b2d6-275c489c31f8"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2EC2-D03D"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/0239ee2a-484b-4a17-b1e9-02fd35df851f"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1u3.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/lithium/README.md b/hosts/lithium/README.md index 1cdad59..a73e9e8 100644 --- a/hosts/lithium/README.md +++ b/hosts/lithium/README.md @@ -7,20 +7,29 @@ This is my primary homelab host/NAS, previously powered by TrueNAS Scale/k3s. Even with fully declarative Nix/Nixpkgs/NixOS at the end of the day there are still some actions that need to be taken manually. -- secrets configuration (both for SOPS and git-agecrypt semi-secrets) +- secrets configuration for `sops-nix` - kanidm user management - tailscale auth key - jellyfin configuration via web-ui -## Semi-Secrets +## Secrets and "Private Information" -`semi-secret-vars.nix` is using [git-agecrypt](https://github.com/vlaci/git-agecrypt) -and following a pattern I discovered here: - - https://github.com/nyawox/arcanum/blob/4629dfba1bc6d4dd2f4cf45724df81289230b61a/var/README.md - - https://github.com/vlaci/git-agecrypt +Originally I had used two providers of secrets, `sops-nix` and `git-agecrypt`, +and the reasoning for that was, with `git-agecrypt` I could directly encrypt an +entire `.nix` file, and use it to conceal an arbitrary amount of my nix config. +The #1 thing I was using it for was hiding details about the domain names that +power various services. I know that's not real security, and domains aren't +really private, but server logs prove that not including a domain in a GH repo +means you get dramatically fewer spurious requests. -Essentially there are some details I won't want exposed in the repository, but -I do want them available to all my nix modules. The main one being the domain. +The reason for using `git-agecrypt` against a whole nix file like that was most +importantly because it allowed me to *just use nix variables*. Compared to the +invocationss SOPS & `sops-nix` require, it can be a lot more simple for setting +values like a domain name. -While it's not really a secret in the way a password is, consider this effort a -mitigation against ddos attacks and automated requests and login attempts. +Now I'm going all in on `sops-nix` as the exclusive manager of secrets, and +maintaining a separate flake which contains private nix configuration details. +There are still issues with this, and now my overall nix config is essentially +fractured between "flake-A" and "flake-B", which gives me all the same issues +that any other software project faces with that arrangement. But I dislike +using `git-agecrypt` even more than I dislike those problems. diff --git a/hosts/lithium/boot.nix b/hosts/lithium/boot.nix new file mode 100644 index 0000000..e1f16ff --- /dev/null +++ b/hosts/lithium/boot.nix @@ -0,0 +1,6 @@ +{}: +{ + # Default to systemd-boot + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} \ No newline at end of file diff --git a/hosts/lithium/configuration.nix b/hosts/lithium/configuration.nix index 5023ef1..a18dc08 100644 --- a/hosts/lithium/configuration.nix +++ b/hosts/lithium/configuration.nix @@ -2,7 +2,6 @@ { sops.defaultSopsFile = ./secrets/common.yaml; networking.hostName = "lithium"; - networking.domain = config.vars.domain; environment.systemPackages = with pkgs; [ zfs ]; diff --git a/hosts/lithium/default.nix b/hosts/lithium/default.nix index 4a02b76..30fbf84 100644 --- a/hosts/lithium/default.nix +++ b/hosts/lithium/default.nix @@ -1,11 +1,11 @@ { inputs, ... }: { imports = [ + ./boot.nix ../../modules/nixos/base.nix inputs.sops-nix.nixosModules.sops ./hardware.nix ./configuration.nix - ./semi-secret-vars.nix ./services/caddy.nix ./services/tailscale.nix ./services/kanidm.nix diff --git a/hosts/lithium/semi-secret-vars.nix b/hosts/lithium/semi-secret-vars.nix deleted file mode 100644 index 1598e07..0000000 --- a/hosts/lithium/semi-secret-vars.nix +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 rhvgyQ 8V5ehsrqPR8s2joIfdpZRYDQpwH5BXI1GgQ/Qcb/Wg4 -ZKRZkXT0uPbXzuXLsteW31GsKzZy1deUl1GdWeQB+4U --> "f&DjVar -Lhe9DbPHOqqKQ9HDhJB2xbIkrsxFGm39Yzr1J+ZbJnWYx5FCdGCCIexmv3GJy94t - ---- qKkjS2aEWavCLldEwi4MUTlDoQuIu9tSRr5yoeZVQhs -bZ~lU"Up v$?;:Zu҅^ŊQ/MBɉf]Ξ)4PY-߅ܻ ؟l&e2OUqXMDS7E&usU#d#؂W9^k.07hs4CRIwU aʯMwiUrikb}yV>r[8s \ No newline at end of file diff --git a/hosts/lithium/services/kanidm.nix b/hosts/lithium/services/kanidm.nix index 066652f..b8b96de 100644 --- a/hosts/lithium/services/kanidm.nix +++ b/hosts/lithium/services/kanidm.nix @@ -44,7 +44,7 @@ in }; services.kanidm = { - package = pkgs.kanidmWithSecretProvisioning; + package = pkgs.kanidmWithSecretProvisioning_1_7; enableServer = true; serverSettings = { # NOTE: Required to start the server: https://kanidm.github.io/kanidm/stable/server_configuration.html diff --git a/hosts/neon/boot.nix b/hosts/neon/boot.nix new file mode 100644 index 0000000..e1f16ff --- /dev/null +++ b/hosts/neon/boot.nix @@ -0,0 +1,6 @@ +{}: +{ + # Default to systemd-boot + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} \ No newline at end of file diff --git a/hosts/neon/default.nix b/hosts/neon/default.nix index 6d3d3e0..231f6da 100644 --- a/hosts/neon/default.nix +++ b/hosts/neon/default.nix @@ -1,9 +1,10 @@ { inputs, ... }: { imports = [ + ./boot.nix ../../modules/nixos/base.nix ../../modules/nixos/audio.nix - ../../modules/nixos/desktop.nix + ../../modules/nixos/desktop # https://github.com/NixOS/nixos-hardware/blob/master/README.md#using-nix-flakes-support inputs.nixos-hardware.nixosModules.gpd-pocket-3 # override from nixos-hardware diff --git a/hosts/titanium/README.md b/hosts/titanium/README.md new file mode 100644 index 0000000..51e0057 --- /dev/null +++ b/hosts/titanium/README.md @@ -0,0 +1,20 @@ +# titanium + +This is my primary workstation / gaming pc. +It will generally be the most out of sync with the repo, as there will be a lot +of software I experiment with, which I simply forget to commit here. Everything +of importance will find it's way to this repo. + +## Non-Deterministic Post-Install Steps + +Rearrange Monitors in Gnome Display Settings + +Use a fido2 key (YubiKey) to decrypt luks +```bash +sudo -E -s systemd-cryptenroll --fido2-device=auto /dev/disk/by-partlabel/disk-main-luks +``` + +## Installing Remotely +```bash +nix run github:nix-community/nixos-anywhere -- --flake .#titanium +``` diff --git a/hosts/titanium/configuration.nix b/hosts/titanium/configuration.nix index ea4519f..45987c6 100644 --- a/hosts/titanium/configuration.nix +++ b/hosts/titanium/configuration.nix @@ -6,9 +6,12 @@ environment.systemPackages = with pkgs; [ sbctl # Secure-Boot helix nil # nice for editing '.nix' - discord + (discord.override { withVencord = true; }) signal-desktop obs-studio + halloy # IRC + gimp3 + nyxt # browser ]; # Hardware Specific programs... #programs.ryzen-monitor-ng.enable = true; @@ -16,5 +19,5 @@ services.openssh.enable = true; services.tailscale.enable = true; networking.firewall.trustedInterfaces = [ "tailscale0" ]; - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; } diff --git a/hosts/titanium/default.nix b/hosts/titanium/default.nix index 23d9076..8cece0c 100644 --- a/hosts/titanium/default.nix +++ b/hosts/titanium/default.nix @@ -1,17 +1,41 @@ -{ inputs, ... }: +{ inputs, pkgs, ... }: +let + nixpkgs = inputs.nixpkgs; +in { nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = (import (../../overlays) {inherit nixpkgs;}); imports = [ ../../modules/nixos/base.nix ../../modules/nixos/audio.nix - ../../modules/nixos/desktop.nix + ../../modules/nixos/desktop ../../modules/nixos/gaming.nix inputs.nixos-hardware.nixosModules.asus-rog-strix-x570e - #./hardware.nix + ./hardware.nix ./configuration.nix ./nvidia.nix + inputs.lanzaboote.nixosModules.lanzaboote ./secure-boot.nix inputs.disko.nixosModules.disko ./disko.nix + ./game-emulation.nix + #./meetings.nix ]; + + zw.gaming.enable = true; + + stylix = { + #enable = true; + # catppuccin-mocha + base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + # image = ./path.png; polarity = "dark"; # /etc/stylix/palette.html + # TODO: Add Atkinson Hyperlegible Next, Mono, and also a good Serif font. + # https://search.nixos.org/packages?channel=unstable&show=atkinson-hyperlegible-next&query=atkinson + # fonts = { + # serif = {}; + # sansSerif = {}; + # monospace = {}; + # emoji = {}; + # }; + }; } diff --git a/hosts/titanium/game-emulation.nix b/hosts/titanium/game-emulation.nix new file mode 100644 index 0000000..e0ba3d2 --- /dev/null +++ b/hosts/titanium/game-emulation.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, ... }: +let + retroarchWithCores = ( + pkgs.retroarch.withCores ( + cores: with cores; [ + # Multi-Emulators + mame # Atari / Nintendo / Sega / etc. + + # Sega + genesis-plus-gx # Sega Genesis + + # Nintendo + mesen # NES + bsnes # Super Nintendo + mupen64plus # Nintendo 64 - Maybe simple64 some day. + dolphin # GameCube + mgba # GameBoy / Color / Advance + #melonds # Nintendo DS + #citra # Nintendo 3DS + + + # Sony + swanstation #duckstation # PlayStation + beetle-psx-hw + pcsx2 # PlayStation 2 -- Is actually "LRPS2" + #rpcs3 # PlayStation 3 + ppsspp # PlayStation Portable + + # Commodore + vice-x64 # C64 + ] + ) + ); +in +{ + environment.systemPackages = [ + retroarchWithCores + #pkgs.retroarch-full + #pkgs.emulationstation-de + pkgs.gnome-bluetooth + ]; + + hardware.xone.enable = true; # Xbox Controller Driver + hardware.xpadneo.enable = true; # Xbox Controller Driver + hardware.enableAllFirmware = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + Experimental = true; + FastConnectable = true; + }; + Policy = { + AutoEnable = true; + }; + }; + }; +} diff --git a/hosts/titanium/hardware.nix b/hosts/titanium/hardware.nix index a2a8362..a11bb78 100644 --- a/hosts/titanium/hardware.nix +++ b/hosts/titanium/hardware.nix @@ -8,41 +8,44 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.systemd.enable = true; + #boot.initrd.luks.devices.FOO.crypttabExtraOpts = ["fido2-device=auto"]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; + # boot.blacklistedKernelModules = [ "nouveau" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51"; + { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65"; fsType = "btrfs"; options = [ "subvol=root" ]; }; - boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/0ccc4028-c27e-4259-ade9-a2b2081722cb"; + #boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/16b8ccb6-0102-4348-bb1b-d8d68bfb4d23"; + + fileSystems."/nix" = + { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; fileSystems."/.swapvol" = - { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51"; + { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65"; fsType = "btrfs"; options = [ "subvol=swap" ]; }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/219D-4579"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51"; + { #device = "/dev/disk/by-uuid/bac9b4de-d201-4008-9e97-3954417aab65"; fsType = "btrfs"; options = [ "subvol=home" ]; }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/0b3de117-c34f-4cc6-81db-5b84ea46cd51"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; + fileSystems."/boot" = + { #device = "/dev/disk/by-uuid/E076-75D6"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; }; swapDevices = [ ]; @@ -54,7 +57,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/titanium/meetings.nix b/hosts/titanium/meetings.nix new file mode 100644 index 0000000..ed827ec --- /dev/null +++ b/hosts/titanium/meetings.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + programs.zoom-us.enable = true; +} diff --git a/hosts/titanium/nvidia.nix b/hosts/titanium/nvidia.nix index 66b3fa2..af7717f 100644 --- a/hosts/titanium/nvidia.nix +++ b/hosts/titanium/nvidia.nix @@ -14,9 +14,12 @@ # https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/nvidia-x11/generic.nix#L65 nixpkgs.config.nvidia.acceptLicense = true; hardware.nvidia = { + # TODO: Consider legacy drivers. + # https://discourse.nixos.org/t/cant-use-nvidia-offload-mode/27791/8 package = config.boot.kernelPackages.nvidiaPackages.latest; modesetting.enable = true; - open = true; + # Open Source Drivers: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + open = false; nvidiaSettings = true; powerManagement.enable = false; powerManagement.finegrained = false; diff --git a/hosts/titanium/secure-boot.nix b/hosts/titanium/secure-boot.nix index 82f4d98..be6cc79 100644 --- a/hosts/titanium/secure-boot.nix +++ b/hosts/titanium/secure-boot.nix @@ -1,5 +1,4 @@ -{ pkgs, lib, inputs, ... }: { - imports = with inputs; [ lanzaboote.nixosModules.lanzaboote ]; +{ pkgs, lib, ... }: { environment.systemPackages = [ pkgs.sbctl ]; boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote.enable = true; diff --git a/lib/default.nix b/lib/default.nix index 3926ed9..f3d2ac9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,47 +1,113 @@ -{ nixpkgs, home-manager, inputs, ... }: { - # It's not really that I care about whether a system is a desktop system or - # a server system, but moreso that I care about whether a system is headless or not. - # I also care about things like if it's darwin, or wsl. - mkSystem = { - hostname, - system ? "x86_64-linux", - users ? [], - extraModules ? [] - }: - let - hostModule = import ../hosts/${hostname} { inherit inputs; }; - userModules = map (name: - import ../users/${name} { - pkgs = nixpkgs.legacyPackages.${system}; - lib = nixpkgs.lib; - } - ) users; - - homeUserNames = builtins.filter (name: - builtins.pathExists ../users/${name}/home.nix - ) users; - - homeUsers = nixpkgs.lib.listToAttrs (map (name: { - name = name; - value = import ../users/${name}/home.nix { - username = name; - pkgs = nixpkgs.legacyPackages.${system}; - lib = nixpkgs.lib; + nixpkgs, + home-manager, + inputs, + ... +}: +let + allOverlays = import (../overlays) { inherit nixpkgs; }; + getPkgs = + system: + import nixpkgs { + inherit system; + overlays = allOverlays; + }; +in +{ + mkSystem = + { + hostname, + system ? "x86_64-linux", + users ? [ ], + extraModules ? [ ], + homeUsers ? { }, + extraSpecialArgs ? { }, + }: + let + pkgs_with_overlays = import nixpkgs { + inherit system; + overlays = allOverlays; }; - }) homeUserNames); - in + hostModule = import ../hosts/${hostname} { + inherit inputs; + pkgs = pkgs_with_overlays; + }; + userModules = map ( + name: + import ../users/${name} { + pkgs = pkgs_with_overlays; + lib = nixpkgs.lib; + } + ) users; + + formattedHomeUsers = nixpkgs.lib.mapAttrs (username: moduleList: { + imports = moduleList; + }) homeUsers; + in nixpkgs.lib.nixosSystem { inherit system; - modules = [ hostModule ] - ++ userModules - ++ extraModules - ++ (if homeUserNames != [] then [ - home-manager.nixosModules.home-manager - { - home-manager.backupFileExtension = "hm-bak"; - home-manager.users = homeUsers; - } - ] else []); + modules = [ + hostModule + ] + ++ userModules + ++ extraModules + ++ ( + if homeUsers != { } then + [ + home-manager.nixosModules.home-manager + { + #home-manager.useGlobalPkgs = true; # NOTE: Incompatible with nixpkgs.{config,overlays} + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "hm-bak"; + + # Directly inject the module lists? (isn't this the problem?) + home-manager.users = formattedHomeUsers; + home-manager.extraSpecialArgs = { inherit inputs; }; + } + ] + else + [ ] + ); + specialArgs = { + inherit inputs hostname; + } + // extraSpecialArgs; }; + + getUserHomeModule = + username: pkgs: inputs: + import ../users/${username}/home.nix { + inherit username pkgs inputs; + lib = nixpkgs.lib; + }; + + /** + This function returns an attribute set { module, config }. + */ + mkHome = + { + username, + system ? "x86_64-linux", + extraModules ? [ ], + }: + let + pkgs_with_overlays = getPkgs system; + moduleList = [ + (import ../users/${username}/home.nix { + inherit inputs username; + pkgs = pkgs_with_overlays; + lib = nixpkgs.lib; + }) + ] + ++ extraModules; + in + { + module = moduleList; + config = home-manager.lib.homeManagerConfiguration { + pkgs = pkgs_with_overlays; + modules = moduleList; + }; + }; + + mkHomeConfigs = userProfiles: nixpkgs.lib.mapAttrs (username: profile: profile.config) userProfiles; } diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix index 036a5c9..d273887 100644 --- a/modules/nixos/base.nix +++ b/modules/nixos/base.nix @@ -1,18 +1,23 @@ { config, pkgs, lib, ... }: { nixpkgs.config.allowUnfree = true; + # TODO: Consider adding a randomized delay. + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; nix.settings = { + auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" ]; }; - # Default to systemd-boot - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # https://datatracker.ietf.org/doc/html/rfc8375 - networking.domain = "home.arpa"; + networking.domain = lib.mkDefault "home.arpa"; - time.timeZone = "America/Chicago"; + # TODO: Consider enabling automatic-timezoned on laptops that move between TZs + time.timeZone = lib.mkDefault "America/Chicago"; + services.automatic-timezoned.enable = lib.mkDefault false; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { @@ -73,38 +78,39 @@ ]; # Render colors # TODO: Figure out how to represent those termcap sequences properly. - #LESS_TERMCAP_mb=$'\E[1;31m' # begin bold - #LESS_TERMCAP_md=$'\E[1;36m' # begin blink - #LESS_TERMCAP_me=$'\E[0m' # reset bold/blink - #LESS_TERMCAP_so=$'\E[01;44;33m' # begin reverse video - #LESS_TERMCAP_se=$'\E[0m' # reset reverse video - #LESS_TERMCAP_us=$'\E[1;32m' # begin underline - #LESS_TERMCAP_ue=$'\E[0m' # reset underline + LESS_TERMCAP_mb="\E[1;31m"; # begin bold + LESS_TERMCAP_md="\E[1;36m"; # begin blink + LESS_TERMCAP_me="\E[0m"; # reset bold/blink + LESS_TERMCAP_so="\E[01;44;33m"; # begin reverse video + LESS_TERMCAP_se="\E[0m"; # reset reverse video + LESS_TERMCAP_us="\E[1;32m"; # begin underline + LESS_TERMCAP_ue="\E[0m"; # reset underline }; }; git.enable = true; htop.enable = true; - command-not-found.enable = false; bat.enable = true; bandwhich.enable = true; + command-not-found.enable = false; + #nix-index.enable = true; + nano.enable = false; neovim = { enable = true; defaultEditor = true; - viAlias = true; vimAlias = true; - - withRuby = true; - withPython3 = true; - withNodeJs = true; - - #configure = {}; }; }; - # Services running on all machines - services.avahi.enable = true; # zeroconf/mDNS(.local) + services.openssh.enable = lib.mkDefault false; + # services.openssh = { + # enable = true; + # settings = { + # PasswordAuthentication = false; + # PermitRootLogin = "no"; + # }; + # }; } diff --git a/modules/nixos/desktop/calibre.nix b/modules/nixos/desktop/calibre.nix new file mode 100644 index 0000000..5fa97d5 --- /dev/null +++ b/modules/nixos/desktop/calibre.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: +{ + imports = []; + + options = { + zw.calibre = { + enable = lib.mkEnableOption "Enable Calibre"; + }; + }; + + config = { + # NOTE: Without unrar support we can't open ".cbr" files. + environment.systemPackages = with pkgs; [ + calibre + ]; + + services.udisks2.enable = true; # Required for eReader Support + }; + # NOTE: Consider adding https://github.com/nydragon/calibre-plugins + # especially for DeDRM +} diff --git a/modules/nixos/desktop.nix b/modules/nixos/desktop/default.nix similarity index 66% rename from modules/nixos/desktop.nix rename to modules/nixos/desktop/default.nix index 7251a84..6c76134 100644 --- a/modules/nixos/desktop.nix +++ b/modules/nixos/desktop/default.nix @@ -1,11 +1,23 @@ { pkgs, ... }: { + imports = [ + ./calibre.nix + ../fonts.nix + ]; + + # TODO: Add options for enabling/switching between different Desktop Environments. + # options = {}; + + # NOTE: Calibre is enabled this way because it also needs udisks2 for e-readers + # Ideally I move it somewhere else anyway. + zw.calibre.enable = true; + environment.systemPackages = with pkgs; [ yubikey-personalization xdg-desktop-portal-gtk xdg-desktop-portal-hyprland xwayland - rofi-wayland + rofi waybar hyprpaper kitty # hyprland default term @@ -31,10 +43,5 @@ }; # screen sharing /w hyp services.dbus.enable = true; - - fonts.packages = with pkgs; [ - nerd-fonts.fira-code - nerd-fonts.iosevka - atkinson-hyperlegible - ]; + services.avahi.enable = true; # zeroconf/mDNS(.local) } diff --git a/modules/nixos/desktop/niri/default.nix b/modules/nixos/desktop/niri/default.nix new file mode 100644 index 0000000..e239697 --- /dev/null +++ b/modules/nixos/desktop/niri/default.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, inputs, ... }: +{ + # Opinionated Niri Setup - https://yalter.github.io/niri/Important-Software.html + # Consider: https://github.com/sodiboo/niri-flake + + # NOTE: Rather than individual components, I'm going to start with a complete desktop shell if possible. + # According to the docs there's a few options: https://yalter.github.io/niri/Getting-Started.html#desktop-environments + # LXQt, many parts of XFCE, COSMIC + `cosmic-ext-extra-sessions` + # And what I actually want to try out is one of DankMaterialShell or Noctalia + programs.niri.enable = true; + + environment.systemPackages = with pkgs; [ + inputs.noctalia.packages.${system}.default + xwayland-satellite + fuzzel + kitty + fastfetch + ]; + + services.displayManager.sessionPackages = [ pkgs.niri ]; + programs.niri.package = pkgs.niri; + + + # Notification Daemon + #services.mako.enable = true; + #services.mako.settings.default-timeout = 3000; + + # Portal - https://wiki.archlinux.org/title/XDG_Desktop_Portal#List_of_backends_and_interfaces + + # Authentication Agent (polkit) + #security.polkit.enable = lib.mkDefault true; + + # Xwayland + # https://github.com/Supreeeme/xwayland-satellite + #programs.xwayland.enable = lib.mkDefault true; + + # Screencasting - https://yalter.github.io/niri/Screencasting.html + # Needs D-Bus, pipewire, `xdg-desktop-portal-gnome`? Or a portal from the above table with screencasting support + +} \ No newline at end of file diff --git a/modules/nixos/desktop/xfce/default.nix b/modules/nixos/desktop/xfce/default.nix new file mode 100644 index 0000000..cae144b --- /dev/null +++ b/modules/nixos/desktop/xfce/default.nix @@ -0,0 +1,9 @@ +{}: +{ + services.displayManager.defaultSession = "xfce"; + services.xserver.desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + +} \ No newline at end of file diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..7d3eca8 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + fonts.packages = with pkgs; [ + nerd-fonts.fira-code + nerd-fonts.iosevka + atkinson-hyperlegible + ]; +} \ No newline at end of file diff --git a/modules/nixos/gaming.nix b/modules/nixos/gaming.nix index 68b2946..1e86c7e 100644 --- a/modules/nixos/gaming.nix +++ b/modules/nixos/gaming.nix @@ -1,17 +1,31 @@ { config, lib, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - mangohud - protonup-qt - lutris - bottles - heroic - ]; - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - protontricks.enable = true; - gamescopeSession.enable = true; + #imports = []; + options = { + zw.gaming.enable = lib.mkEnableOption "Enable Gaming"; + }; + + # https://wiki.nixos.org/wiki/Category:Gaming + config = lib.mkIf config.zw.gaming.enable { + environment.systemPackages = with pkgs; [ + mangohud + protonup-qt + lutris # TODO: Having an issue after flake update + bottles + heroic + ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + protontricks.enable = true; + gamescopeSession.enable = true; + }; + + programs.gamemode.enable = true; + programs.gamescope = { + enable = true; + capSysNice = true; + }; }; } diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..f981c72 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,40 @@ +{ nixpkgs }: + let + fixCmake = pkg: pkg.overrideAttrs (old: { + cmakeFlakes = (old.cmakeFlags or []) ++ [ + (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") + ]; + }); + cmake3Overlay = final: prev: + nixpkgs.lib.mapAttrs ( + n: pkg: + pkg.overrideAttrs (old: { + cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ]; + }) + ) { + inherit (prev) hpipm; + }; + libretroCmake3Overlay = final: prev: { + libretro = prev.libretro // { + thepowdertoy = prev.libretro.thepowdertoy.overrideAttrs(old: { + cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ]; + }); + + tic80 = prev.libretro.tic80.overrideAttrs(old: { + cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ]; + }); + + citra = prev.libretro.citra.overrideAttrs(old: { + cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ]; + }); + + dolphin = prev.libretro.dolphin.overrideAttrs(old: { + cmakeFlags = old.cmakeFlags or [ ] ++ [ (nixpkgs.lib.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.10") ]; + }); + }; + }; +in +[ + cmake3Overlay + libretroCmake3Overlay +] diff --git a/users/jml/default.nix b/users/jml/default.nix index 592e6ba..69afa40 100644 --- a/users/jml/default.nix +++ b/users/jml/default.nix @@ -1,6 +1,9 @@ { pkgs, lib, ... }: { programs.fish.enable = true; + environment.systemPackages = [ + pkgs.home-manager + ]; users.users.jml = { shell = pkgs.fish; home = diff --git a/users/jml/home.nix b/users/jml/home.nix index e6170c6..e2fa5eb 100644 --- a/users/jml/home.nix +++ b/users/jml/home.nix @@ -1,4 +1,10 @@ -{ username, pkgs, lib, ... }: +{ + username, + pkgs, + lib, + inputs, + ... +}: { nixpkgs.config.allowUnfree = true; # The following line is needed if I start using hyprland Home Manager Module @@ -10,8 +16,8 @@ sessionVariables = { EDITOR = "hx"; }; - - homeDirectory = + + homeDirectory = if pkgs.stdenv.isLinux then lib.mkDefault "/home/${username}" else if pkgs.stdenv.isDarwin then @@ -19,24 +25,26 @@ else abort "Unsupported OS"; }; - home.packages = with pkgs; [ ] - # linux only - # TODO: Add a test for linux + desktop environment - ++ (lib.optionals pkgs.stdenv.isLinux [ - cfspeedtest - helix - nil - ]) - # linux + desktop manager - #++ (lib.optionals (pkgs.stdenv.isLinux && osConfig.services.desktopManager.enabled != null) - #[ - # firefox - #]) - # darwin only - ++ (lib.optionals pkgs.stdenv.isDarwin [ - cfspeedtest - ripgrep - ]); + home.packages = + with pkgs; + [ ] + # linux only + # TODO: Add a test for linux + desktop environment + ++ (lib.optionals pkgs.stdenv.isLinux [ + cfspeedtest + helix + nil + ]) + # linux + desktop manager + #++ (lib.optionals (pkgs.stdenv.isLinux && osConfig.services.desktopManager.enabled != null) + #[ + # firefox + #]) + # darwin only + ++ (lib.optionals pkgs.stdenv.isDarwin [ + cfspeedtest + ripgrep + ]); programs = { fish.enable = true; @@ -49,7 +57,7 @@ # Matrix Chat Apps element-desktop.enable = true; - nheko.settings = true; + #nheko.settings = true; # Additions from Windows obsidian.enable = true; @@ -65,6 +73,11 @@ helix.enable = true; zoxide.enable = true; fd.enable = true; + + difftastic.enable = true; + difftastic.git.enable = true; + difftastic.git.diffToolMode = true; + mergiraf.enable = true; }; programs.starship = { @@ -100,7 +113,7 @@ Cryptomining = true; Fingerprinting = true; }; - + Homepage.StartPage = "previous-session"; FirefoxHome = { Search = true; @@ -133,34 +146,390 @@ id = 0; name = "default"; isDefault = true; - settings = { + settings = { "widget.disable-workspace-management" = true; }; search = { force = true; - default = "ddg"; # DuckDuckGo + default = "ddg"; # DuckDuckGo }; }; }; }; + # TODO: figure out how to get config.programs..enable style + # internal references inside this file. + # There's some quirks with how this is used in lib/default.nix + # TODO: Use mergiraf for conflict resolution in jj too. + programs.jujutsu = { + enable = true; + #enableFishIntegration = true; + settings = { + user = { + name = "Jay Looney"; + email = "jay.m.looney@gmail.com"; + }; + }; + }; + + # TODO: Configure Mergiraf + # https://mergiraf.org/introduction.html programs.git = { enable = true; - userName = "Jay Looney"; - userEmail = "jay.m.looney@gmail.com"; - aliases = { - ol = "log --oneline"; - }; - ignores = [ "*~" "*.swp" ]; - extraConfig = { + settings = { + user = { + name = "Jay Looney"; + email = "jay.m.looney@gmail.com"; + }; + + # Aliases Inspired by the following: + # https://joel-hanson.github.io/posts/05-useful-git-aliases-for-a-productive-workflow/ + # https://gist.github.com/mwhite/6887990 + aliases = { + la = "!git config -l | grep alias | cut -c 7-"; + s = "status -s"; + co = "checkout"; + cob = "checkout -b"; + del = "branch -D"; + ol = "log --oneline"; + + br = "branch --format='%(HEAD) %(color:yellow)%(refname:short)%(color:reset) - %(contents:subject) %(color:green)(%(committerdate:relative)) [%(authorname)]' --sort=-committerdate"; + save = "!git add -A && git commit -m 'chore: commit save point'"; + undo = "reset HEAD~1 --mixed"; + done = "!git push origin HEAD"; + lg = "!git log --pretty=format:\"%C(magenta)%h%Creset -%C(red)%d%Creset %s %C(dim green)(%cr) [%an]\" --abbrev-commit -30"; + a = "add"; + ap = "add -p"; + }; + push.default = "simple"; credential.helper = "cache --timeout=7200"; init.defaultBranch = "main"; log.decorate = "full"; log.date = "iso"; + # NOTE: Initially diff3 was for me, now it's for me and mergiraf automation. merge.conflictStyle = "diff3"; }; + # Cribbed from: https://github.com/gitattributes/gitattributes + attributes = [ + # Auto detect files and perform LF normalization + "* text=auto" + # Documents + "*.bibtex text diff=bibtex" + "*.doc diff=astextplain" + "*.DOC diff=astextplain" + "*.docx diff=astextplain" + "*.DOCX diff=astextplain" + "*.dot diff=astextplain" + "*.DOT diff=astextplain" + "*.pdf diff=astextplain" + "*.PDF diff=astextplain" + "*.rtf diff=astextplain" + "*.RTF diff=astextplain" + "*.md text diff=markdown" + "*.mdx text diff=markdown" + "*.tex text diff=tex" + "*.adoc text" + "*.textile text" + "*.mustache text" + "*.csv text eol=crlf" + "*.tab text" + "*.tsv text" + "*.txt text" + "*.sql text" + "*.epub diff=astextplain" + + # Graphics + "*.png binary" + "*.jpg binary" + "*.jpeg binary" + "*.gif binary" + "*.tif binary" + "*.tiff binary" + "*.ico binary" + # SVG treated as text by default. + "*.svg text" + # If you want to treat it as binary, + # use the following line instead. + # *.svg binary + "*.eps binary" + + # Scripts + "*.bash text eol=lf" + "*.fish text eol=lf" + "*.ksh text eol=lf" + "*.sh text eol=lf" + "*.zsh text eol=lf" + # These are explicitly windows files and should use crlf + "*.bat text eol=crlf" + "*.cmd text eol=crlf" + "*.ps1 text eol=crlf" + + # Serialisation + "*.json text" + "*.toml text" + "*.xml text" + "*.yaml text" + "*.yml text" + + # Archives + "*.7z binary" + "*.bz binary" + "*.bz2 binary" + "*.bzip2 binary" + "*.gz binary" + "*.lz binary" + "*.lzma binary" + "*.rar binary" + "*.tar binary" + "*.taz binary" + "*.tbz binary" + "*.tbz2 binary" + "*.tgz binary" + "*.tlz binary" + "*.txz binary" + "*.xz binary" + "*.Z binary" + "*.zip binary" + "*.zst binary" + + # Text files where line endings should be preserved + "*.patch -text" + + # Exclude files from exporting + ".gitattributes export-ignore" + ".gitignore export-ignore" + ".gitkeep export-ignore" + ]; + # TODO: Merge Gitignores from here: https://github.com/github/gitignore/tree/main/Global + ignores = [ + "*~" + "*.swp" + ]; + }; + + programs.emacs = { + enable = true; + # package = (pkgs.emacs30.pkgs.withPackages (epkgs: [ + # epkgs.treesit-grammars.with-grammars (grammars: [ + # grammars.tree-sitter-bash + # ]) + # epkgs.pretty-sha-path + # ])); + extraConfig = '' + (setq standard-indent 2) + ''; + }; + + # TODO: Implement support for at least + # Nix, Python, Rust, Golang + # TODO: Sort out why TF, `.nix` files tabs are cooked in neovim rn. + # It corrects things on document save, but this line for example started with an 8-long tabstop + programs.nvf = { + enable = true; + # When using the Home-Manager Module for nvf, the settings go into the following attribute set. + # https://notashelf.github.io/nvf/index.xhtml#sec-hm-flakes + settings.vim = { + viAlias = true; + vimAlias = true; + + # TODO: For some reason spellcheck is having a very difficult time getting + # a wordlist. + #spellcheck = { + # enable = true; + # programmingWordlist.enable = true; + #}; + + lsp = { + enable = true; + formatOnSave = true; + lspkind.enable = false; + lightbulb.enable = true; + lspsaga.enable = false; + trouble.enable = true; + lspSignature.enable = false; + otter-nvim.enable = true; + nvim-docs-view.enable = true; + }; + + languages = { + enableDAP = true; + enableExtraDiagnostics = true; + enableFormat = true; + enableTreesitter = true; + + nix = { + enable = true; + lsp.enable = true; + lsp.server = "nixd"; + extraDiagnostics.enable = true; + format.enable = true; + format.type = "nixfmt"; + treesitter.enable = true; + }; + markdown.enable = true; + typst.enable = true; + + assembly.enable = true; + bash.enable = true; + clang.enable = true; + + python.enable = true; + rust = { + enable = true; + # TODO: null_ls is now deprecated. + # https://github.com/NotAShelf/nvf/issues/1175 + # https://github.com/NotAShelf/nvf/blob/main/.github/CONTRIBUTING.md + crates.enable = true; + }; + go.enable = true; + zig.enable = true; + + ts.enable = true; + html.enable = true; + css.enable = true; + sql.enable = true; + }; + + visuals = { + nvim-scrollbar.enable = true; # Configurable Visual Scrollbar (Can pair with Cursor, ALE, Diagnostics, Gitsigns, and hlslens) + nvim-web-devicons.enable = true; # Nerdfont Icons for use by other plugins + nvim-cursorline.enable = true; # Highlight Words & Lines on the cursor + cinnamon-nvim.enable = true; # Smooth Scrolling for any movement command. + fidget-nvim.enable = true; # UI for Notifications & LSP Progress Messages + + highlight-undo.enable = true; # Highlight changed text after any non-insert actions + indent-blankline.enable = true; # Indentation Guides + }; + + statusline = { + lualine = { + # Fancy Status Line + enable = true; + theme = "catppuccin"; + }; + }; + + theme = { + enable = true; + name = "catppuccin"; + style = "mocha"; + transparent = false; + }; + + autopairs.nvim-autopairs.enable = true; # Pair up ", {, (, etc. + # blink-cmp is a compiled rust binary while nvim-cmp is a pure lua plugin... + autocomplete.blink-cmp.enable = true; + # Code Snippets Engine /w support for Lua, VSCode, and SnipMate snippets. + snippets.luasnip.enable = true; + + filetree.neo-tree.enable = true; # Filesystem tree sidebar... + tabline.nvimBufferline.enable = true; # Shows buffers as tabs at the top. + treesitter.context.enable = true; + binds = { + whichKey.enable = true; # Shows your available keybindings in a popup + cheatsheet.enable = true; # Searchable in-editor cheatsheet that uses Telescope + }; + telescope.enable = true; # Fuzzy Finder, central to many other plugins. + + git = { + enable = true; + gitsigns.enable = true; # Git Info in Buffers + Gutters + gitsigns.codeActions.enable = false; + neogit.enable = true; # Interactive Git + }; + + # TODO: Consider switching to `minimap-nvim` for rust-based minimap. + # codewindow may be tightly integrated with treesitter though... + minimap.codewindow.enable = true; + dashboard.alpha.enable = true; # Greeter + notify.nvim-notify.enable = true; # Fancy Configurable Notification Manager + projects.project-nvim.enable = true; + + utility = { + ccc.enable = true; # Color Picker + diffview-nvim.enable = true; + icon-picker.enable = true; + surround.enable = true; # Change Surrounding Delimiter pairs `ysiw)` + leetcode-nvim.enable = true; # Allow solving LeetCode problems directly inside neovim + multicursors.enable = true; # Edit with multiple cursors simultaneously + smart-splits.enable = true; # Split-Pane Management + undotree.enable = true; # Undo history visualizer + nvim-biscuits.enable = true; # Shows the start of a code block from the bottom + + motion = { + # NOTE: https://github.com/smoka7/hop.nvim + hop.enable = true; # EasyMotion like, allowing you to jump anywhere in the document with as few keystrokes as possible + leap.enable = true; # Jump to anywhere visible + # TODO: I sort of hate how precognition injects itself in virtual + # lines, but I do like that it can be used to give a reminder. + precognition.enable = false; # Helps with discovering motions to navigate your current buffer + }; + images.img-clip.enable = true; + }; + + # TODO: Get Obsidian Working. + notes = { + # obsidian.enable = true; # neovim fails to build with this enabled. + mind-nvim.enable = true; + todo-comments.enable = true; + }; + + terminal = { + toggleterm = { + enable = true; + lazygit.enable = true; + }; + }; + + ui = { + borders.enable = true; + noice.enable = true; + colorizer.enable = true; + modes-nvim.enable = false; # this looks terrible with catppuccin + illuminate.enable = true; + breadcrumbs = { + enable = true; + navbuddy.enable = true; + }; + smartcolumn = { + enable = true; + setupOpts.custom_colorcolumn = { + nix = "110"; + ruby = "120"; + java = "130"; + go = [ + "90" + "130" + ]; + }; + }; + fastaction.enable = true; + }; + + assistant = { + chatgpt.enable = false; + copilot = { + enable = false; + cmp.enable = true; + }; + codecompanion-nvim.enable = false; + # avante-nvim.enable = true; + }; + + session.nvim-session-manager.enable = true; # Save sessions to reopen later + gestures.gesture-nvim.enable = false; # mouse gesture support? + comments.comment-nvim.enable = true; # Fancy commenting + presence.neocord.enable = true; # Discord Rich Presence + }; }; + programs.vscode = { + enable = true; + mutableExtensionsDir = true; # mutually exclusive to programs.vscode.profiles + # profiles.default.userSettings = { + # "[nix]"."editor.tabSize" = 2; + # }; + }; # services.podman.enable = true; }