commit b11aeb6664acc6dcd1c15ed17c55bc8013c1b078 Author: Riley Apeldoorn Date: Sun May 21 19:15:04 2023 +0000 Root commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..1e5f6fa --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# Infrastructure + +Hello this is my new and improved Nix infrastructure. + +## General layout + +There are three main directories: + +- `secret`, which contains secrets +- `shared`, which contains shared config modules +- `system`, which contains the configurations for specific machines + +I have some machines that don't run NixOS so I have separated the home-manager stuff (`home`) +from the NixOS system-level stuff (`core`). + +For example, `thor` and `odin` are both NixOS machines, so for these machines, there is both +a `home.nix` for the home config of my user account, and a `core.nix` containing the +system-level configuration of the machine. + +### Shared configuration + +NixOS and home-manager modules are used to organize the config. + +A lot of config is shared between machines. This is stored within the `shared/` directory, +under either `shared/core/` for system-level NixOS modules or `shared/home/` for home-manager +modules. + +There's also a shared key used by the `nix` user of each machine, for which the public key +is in `shared/data/`. This key is used to let other machines serve as remote builders. \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..40c8408 --- /dev/null +++ b/flake.lock @@ -0,0 +1,133 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1684596126, + "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "jwt-tool": { + "flake": false, + "locked": { + "lastModified": 1638313307, + "narHash": "sha256-k92mXf7H/n+gkOyStFQ+EWPXE0f7odCqqAexxAUK2jM=", + "owner": "MaeIsBad", + "repo": "jwt_tool", + "rev": "d2c8b3b934f91ec5fefea460deb97be31401550c", + "type": "github" + }, + "original": { + "owner": "MaeIsBad", + "repo": "jwt_tool", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1683286087, + "narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3e313808bd2e0a0669430787fb22e43b2f4bf8bf", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1684570954, + "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "pwnix": { + "inputs": { + "flake-utils": "flake-utils", + "jwt-tool": "jwt-tool", + "nixpkgs": [ + "nixpkgs" + ], + "pycdc": "pycdc" + }, + "locked": { + "lastModified": 1667669150, + "narHash": "sha256-woULzWmHqrpfSDCo10QhZOGa6rB+E9ZqL4cjwX6u8TA=", + "ref": "refs/heads/mistress", + "rev": "6ee2339943853341cdc07bc6505df5125a1c45c3", + "revCount": 5, + "type": "git", + "url": "https://im.badat.dev/bad/pwnix.git" + }, + "original": { + "type": "git", + "url": "https://im.badat.dev/bad/pwnix.git" + } + }, + "pycdc": { + "flake": false, + "locked": { + "lastModified": 1664922278, + "narHash": "sha256-whpsEjk/nnnAUH68kzZBCs7azA13B0FTUy5NuF7kQrA=", + "owner": "zrax", + "repo": "pycdc", + "rev": "44a730f3a889503014fec94ae6e62d8401cb75e5", + "type": "github" + }, + "original": { + "owner": "zrax", + "repo": "pycdc", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_2", + "pwnix": "pwnix" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..486649a --- /dev/null +++ b/flake.nix @@ -0,0 +1,64 @@ +{ + + inputs = { + nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; + home-manager.url = github:nix-community/home-manager; + pwnix = { + inputs.nixpkgs.follows = "nixpkgs"; + url = git+https://im.badat.dev/bad/pwnix.git; + }; + }; + + outputs = args@{ home-manager, nixpkgs, ... }: with nixpkgs; { + + # Configurations for NixOS machines. + nixosConfigurations = + let mkUserConfig = path: { + imports = [ home-manager.nixosModules.home-manager ]; + config = { + home-manager.users."riley" = a: lib.pipe a [ + (import path) + (x: x // { + imports = [ ./shared/home ]; + }) + ]; + }; + }; in { + + # Desktop system + "thor" = lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + (mkUserConfig ./system/thor/home.nix) + ./system/thor/core.nix + ./shared/core + ]; + specialArgs = args; + }; + + # Pinebook + "odin" = lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (mkUserConfig ./system/odin/home.nix) + ./system/odin/core.nix + ./shared/core + ]; + specialArgs = args; + }; + + }; + + # Configurations for non-NixOS machines. + homeConfigurations = { + + "dev-lt-63" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages."x86_64-linux"; + modules = [ ./system/dev-lt-63/home.nix ]; + }; + + }; + + }; + +} \ No newline at end of file diff --git a/shared/core/default.nix b/shared/core/default.nix new file mode 100644 index 0000000..8b1185a --- /dev/null +++ b/shared/core/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + + imports = [ + ./gui/pipewire.nix + ./gui/sway.nix + ./nix.nix + ]; + + config = { + users.users."riley" = { + + shell = pkgs.fish; + + isNormalUser = true; + extraGroups = ["wheel"]; + packages = [ pkgs.helix ]; + + }; + + environment.systemPackages = (import ../env.nix pkgs); + + programs.fish.enable = true; + services.earlyoom.enable = true; + }; + +} diff --git a/shared/core/gui/pipewire.nix b/shared/core/gui/pipewire.nix new file mode 100644 index 0000000..20e0add --- /dev/null +++ b/shared/core/gui/pipewire.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, config, ... }: + +let cfg = config.custom.gui.pipewire; + +in with lib; { + + options.custom.gui.pipewire = { + enable = mkEnableOption "pipewire"; + }; + + config = mkIf (cfg.enable) { + + environment.defaultPackages = with pkgs; [ + pavucontrol + ]; + + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + }; + +} \ No newline at end of file diff --git a/shared/core/gui/sway.nix b/shared/core/gui/sway.nix new file mode 100644 index 0000000..4a97f8d --- /dev/null +++ b/shared/core/gui/sway.nix @@ -0,0 +1,10 @@ +{ ... }: { + hardware.opengl.enable = true; + services.xserver.enable = true; + services.xserver.displayManager.gdm = { + enable = true; + }; + programs.sway.enable = true; + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.modesetting.enable = true; +} diff --git a/shared/core/nix.nix b/shared/core/nix.nix new file mode 100644 index 0000000..7886deb --- /dev/null +++ b/shared/core/nix.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, nixpkgs, pwnix, ... }: + +let cfg = config.custom.nix; + +in with lib; { + + options.custom.nix = {}; + + config = { + nixpkgs.config.allowUnfree = true; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + nix.registry.nixpkgs.flake = nixpkgs; + nix.registry.pwnix.flake = pwnix; + }; + +} diff --git a/shared/data/nix.key.pub b/shared/data/nix.key.pub new file mode 100644 index 0000000..e69de29 diff --git a/shared/data/wallpaper.jpg b/shared/data/wallpaper.jpg new file mode 100644 index 0000000..2277a13 Binary files /dev/null and b/shared/data/wallpaper.jpg differ diff --git a/shared/env.nix b/shared/env.nix new file mode 100644 index 0000000..cc0e34c --- /dev/null +++ b/shared/env.nix @@ -0,0 +1,20 @@ +# On NixOS-managed machines these packages are installed system-wide + +pkgs: with pkgs; [ + bat + bottom + coreutils + curl + exa + fd + file + git + iputils + jq + kakoune + moreutils + ripgrep + sd + skim + wget +] \ No newline at end of file diff --git a/shared/home/default.nix b/shared/home/default.nix new file mode 100644 index 0000000..488cf49 --- /dev/null +++ b/shared/home/default.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + + imports = [ + ./fish.nix + ./git.nix + ./nix.nix + ./gui + ]; + +} \ No newline at end of file diff --git a/shared/home/fish.nix b/shared/home/fish.nix new file mode 100644 index 0000000..cf9e3b9 --- /dev/null +++ b/shared/home/fish.nix @@ -0,0 +1,32 @@ +# Shell configuration, including common tools used within the shell and +# shell functions/aliases. + +{ pkgs, lib, config, ... }: + +let cfg = config.custom.fish; + +in with lib; { + + options.custom.fish = with types; { + extraAliases = mkOption { + default = {}; + }; + }; + + config = { + + # Configure the shell itself + programs.fish = { + enable = true; + shellAliases = {} // cfg.extraAliases; + }; + + # Configure useful additions to the shell + programs.direnv.enable = true; + programs.skim.enable = true; + programs.starship.enable = true; + programs.zoxide.enable = true; + + }; + +} \ No newline at end of file diff --git a/shared/home/git.nix b/shared/home/git.nix new file mode 100644 index 0000000..bf9c1f3 --- /dev/null +++ b/shared/home/git.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, config, ... }: + +let cfg = config.custom.git; + +in with lib; { + + options.custom.git = { + name = mkOption { + type = types.str; + default = "Riley Apeldoorn"; + }; + mail = mkOption { + type = types.str; + default = "me@riley.lgbt"; + }; + }; + + config = { + programs.git = { + enable = true; + userName = cfg.name; + userEmail = cfg.mail; + extraConfig = { + pull.rebase = false; + init.defaultBranch = "mistress"; + }; + }; + }; + +} diff --git a/shared/home/gui/default.nix b/shared/home/gui/default.nix new file mode 100644 index 0000000..92ddee9 --- /dev/null +++ b/shared/home/gui/default.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + + imports = [ + ./sway.nix + ./term.nix + ]; + +} \ No newline at end of file diff --git a/shared/home/gui/sway.nix b/shared/home/gui/sway.nix new file mode 100644 index 0000000..931ae7b --- /dev/null +++ b/shared/home/gui/sway.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, ... }: + +let cfg = config.custom.gui.sway; + +in with lib; { + + options.custom.gui.sway = { + enable = mkEnableOption "sway window manager"; + }; + + config = mkIf (cfg.enable) { + + home.packages = []; + + wayland.windowManager.sway = { + # This is all required to get it to not die. + enable = true; + extraSessionCommands = "export WLR_NO_HARDWARE_CURSORS=1"; + extraOptions = [ "--unsupported-gpu" ]; + + config.output."*".bg = "${../../data/wallpaper.jpg} fill"; + }; + + }; + +} diff --git a/shared/home/gui/term.nix b/shared/home/gui/term.nix new file mode 100644 index 0000000..2515280 --- /dev/null +++ b/shared/home/gui/term.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + programs.kitty.enable = true; +} \ No newline at end of file diff --git a/shared/home/nix.nix b/shared/home/nix.nix new file mode 100644 index 0000000..3b78fd9 --- /dev/null +++ b/shared/home/nix.nix @@ -0,0 +1,13 @@ +{ ... }: + +{ + + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; + + nixpkgs.config = { + allowUnfree = true; + }; + +} \ No newline at end of file diff --git a/switch.sh b/switch.sh new file mode 100755 index 0000000..55e0fb4 --- /dev/null +++ b/switch.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +nixos-rebuild switch --flake path://$SCRIPT_DIR# --use-remote-sudo diff --git a/system/dev-lt-63/home.nix b/system/dev-lt-63/home.nix new file mode 100644 index 0000000..e69de29 diff --git a/system/odin/core.nix b/system/odin/core.nix new file mode 100644 index 0000000..e69de29 diff --git a/system/odin/home.nix b/system/odin/home.nix new file mode 100644 index 0000000..e69de29 diff --git a/system/thor/core.nix b/system/thor/core.nix new file mode 100644 index 0000000..30085c1 --- /dev/null +++ b/system/thor/core.nix @@ -0,0 +1,51 @@ +{ ... }: { + + custom = { + gui.pipewire.enable = true; + }; + + system.stateVersion = "21.11"; + home-manager.users.riley.home.stateVersion = "21.11"; + + networking = { + hostName = "thor"; + interfaces."enp9s0".useDHCP = true; + }; + + boot = { + initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ "kvm-amd" ]; + binfmt.emulatedSystems = [ "aarch64-linux" ]; + loader.systemd-boot = { + enable = true; + editor = false; + configurationLimit = 10; + }; + loader.efi.canTouchEfiVariables = true; + + initrd.luks.devices.nixos.device = "/dev/disk/by-uuid/6bd51990-1584-422c-94bb-32ea952e5cd2"; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/f3cdd2ab-62ba-4d72-8a28-b3adc0ec3997"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A6C8-03F3"; + fsType = "vfat"; + }; + + #TODO + + swapDevices = [ + {device = "/dev/nixos/swap";} + ]; +} diff --git a/system/thor/home.nix b/system/thor/home.nix new file mode 100644 index 0000000..4b1a3bb --- /dev/null +++ b/system/thor/home.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + custom.gui.sway.enable = true; +} \ No newline at end of file