Root commit

README.md

@@ -0,0 +1,29 @@
+# Infrastructure
+
+Hello this is my new and improved Nix infrastructure.
+
+## General layout
+
+There are three main directories: 
+
+- `secret`, which contains secrets
+- `shared`, which contains shared config modules
+- `system`, which contains the configurations for specific machines
+
+I have some machines that don't run NixOS so I have separated the home-manager stuff (`home`)
+from the NixOS system-level stuff (`core`).
+
+For example, `thor` and `odin` are both NixOS machines, so for these machines, there is both
+a `home.nix` for the home config of my user account, and a `core.nix` containing the 
+system-level configuration of the machine.
+
+### Shared configuration
+
+NixOS and home-manager modules are used to organize the config.
+
+A lot of config is shared between machines. This is stored within the `shared/` directory,
+under either `shared/core/` for system-level NixOS modules or `shared/home/` for home-manager
+modules.
+
+There's also a shared key used by the `nix` user of each machine, for which the public key
+is in `shared/data/`. This key is used to let other machines serve as remote builders.

flake.lock

@@ -0,0 +1,133 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1684596126,
+        "narHash": "sha256-4RZZmygeEXpuBqEXGs38ZAcWjWKGwu13Iqbxub6wuJk=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "27ef11f0218d9018ebb2948d40133df2b1de622d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "jwt-tool": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1638313307,
+        "narHash": "sha256-k92mXf7H/n+gkOyStFQ+EWPXE0f7odCqqAexxAUK2jM=",
+        "owner": "MaeIsBad",
+        "repo": "jwt_tool",
+        "rev": "d2c8b3b934f91ec5fefea460deb97be31401550c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "MaeIsBad",
+        "repo": "jwt_tool",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1683286087,
+        "narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "3e313808bd2e0a0669430787fb22e43b2f4bf8bf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1684570954,
+        "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pwnix": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "jwt-tool": "jwt-tool",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "pycdc": "pycdc"
+      },
+      "locked": {
+        "lastModified": 1667669150,
+        "narHash": "sha256-woULzWmHqrpfSDCo10QhZOGa6rB+E9ZqL4cjwX6u8TA=",
+        "ref": "refs/heads/mistress",
+        "rev": "6ee2339943853341cdc07bc6505df5125a1c45c3",
+        "revCount": 5,
+        "type": "git",
+        "url": "https://im.badat.dev/bad/pwnix.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://im.badat.dev/bad/pwnix.git"
+      }
+    },
+    "pycdc": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1664922278,
+        "narHash": "sha256-whpsEjk/nnnAUH68kzZBCs7azA13B0FTUy5NuF7kQrA=",
+        "owner": "zrax",
+        "repo": "pycdc",
+        "rev": "44a730f3a889503014fec94ae6e62d8401cb75e5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zrax",
+        "repo": "pycdc",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs_2",
+        "pwnix": "pwnix"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,64 @@
+{
+
+  inputs = {
+    nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
+    home-manager.url = github:nix-community/home-manager;
+    pwnix = {
+      inputs.nixpkgs.follows = "nixpkgs";
+      url = git+https://im.badat.dev/bad/pwnix.git;
+    };
+  };
+
+  outputs = args@{ home-manager, nixpkgs, ... }: with nixpkgs; {
+  
+    # Configurations for NixOS machines.
+    nixosConfigurations = 
+      let mkUserConfig = path: {
+        imports = [ home-manager.nixosModules.home-manager ];
+        config = {
+          home-manager.users."riley" = a: lib.pipe a [
+            (import path)
+            (x: x // {
+              imports = [ ./shared/home ];
+            })
+          ];
+        };
+      }; in {
+
+        # Desktop system
+        "thor" = lib.nixosSystem {
+          system = "x86_64-linux";
+          modules = [
+            (mkUserConfig ./system/thor/home.nix)
+            ./system/thor/core.nix
+            ./shared/core
+          ];
+          specialArgs = args;
+        };
+
+        # Pinebook
+        "odin" = lib.nixosSystem {
+          system = "aarch64-linux";
+          modules = [
+            (mkUserConfig ./system/odin/home.nix)
+            ./system/odin/core.nix
+            ./shared/core
+          ];
+          specialArgs = args;
+        };
+
+      };
+
+    # Configurations for non-NixOS machines.
+    homeConfigurations = {
+      
+      "dev-lt-63" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages."x86_64-linux";
+        modules = [ ./system/dev-lt-63/home.nix ];
+      };
+
+    };
+    
+  };
+  
+}

shared/core/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+
+{
+
+  imports = [
+    ./gui/pipewire.nix
+    ./gui/sway.nix
+    ./nix.nix
+  ];
+
+  config = {
+    users.users."riley" = {
+
+      shell = pkgs.fish;
+
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+      packages = [ pkgs.helix ];
+
+    };
+
+    environment.systemPackages = (import ../env.nix pkgs);
+
+    programs.fish.enable = true;
+    services.earlyoom.enable = true;
+  };
+
+}

shared/core/gui/pipewire.nix

@@ -0,0 +1,24 @@
+{ pkgs, lib, config, ... }:
+
+let cfg = config.custom.gui.pipewire;
+
+in with lib; {
+
+  options.custom.gui.pipewire = {
+    enable = mkEnableOption "pipewire";
+  };
+
+  config = mkIf (cfg.enable) {
+
+    environment.defaultPackages = with pkgs; [
+      pavucontrol
+    ];
+
+    services.pipewire = {
+      enable = true;
+      pulse.enable = true;
+    };
+
+  };
+  
+}

shared/core/gui/sway.nix

@@ -0,0 +1,10 @@
+{ ... }: {
+  hardware.opengl.enable = true;
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm = {
+    enable = true;
+  };
+  programs.sway.enable = true;
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware.nvidia.modesetting.enable = true;
+}

shared/core/nix.nix

@@ -0,0 +1,18 @@
+{ pkgs, lib, config, nixpkgs, pwnix, ... }:
+
+let cfg = config.custom.nix;
+
+in with lib; {
+
+  options.custom.nix = {};
+
+  config = {
+    nixpkgs.config.allowUnfree = true;
+    nix.extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+    nix.registry.nixpkgs.flake = nixpkgs;
+    nix.registry.pwnix.flake = pwnix;
+  };
+
+}

shared/env.nix

@@ -0,0 +1,20 @@
+# On NixOS-managed machines these packages are installed system-wide
+
+pkgs: with pkgs; [
+  bat
+  bottom
+  coreutils
+  curl
+  exa
+  fd
+  file
+  git
+  iputils
+  jq
+  kakoune
+  moreutils
+  ripgrep
+  sd
+  skim
+  wget
+]

shared/home/default.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+
+  imports = [
+    ./fish.nix
+    ./git.nix
+    ./nix.nix
+    ./gui
+  ];
+
+}

shared/home/fish.nix

@@ -0,0 +1,32 @@
+# Shell configuration, including common tools used within the shell and
+# shell functions/aliases.
+
+{ pkgs, lib, config, ... }:
+
+let cfg = config.custom.fish;
+
+in with lib; {
+
+  options.custom.fish = with types; {
+    extraAliases = mkOption {
+      default = {};
+    };
+  };
+
+  config = {
+
+    # Configure the shell itself
+    programs.fish = {
+      enable = true;
+      shellAliases = {} // cfg.extraAliases;
+    };
+
+    # Configure useful additions to the shell
+    programs.direnv.enable   = true;
+    programs.skim.enable     = true;
+    programs.starship.enable = true;
+    programs.zoxide.enable   = true;
+
+  };
+  
+}

shared/home/git.nix

@@ -0,0 +1,30 @@
+{ pkgs, lib, config, ... }:
+
+let cfg = config.custom.git;
+
+in with lib; {
+
+  options.custom.git = {
+    name = mkOption {
+      type = types.str;
+      default = "Riley Apeldoorn";
+    };
+    mail = mkOption {
+      type = types.str;
+      default = "me@riley.lgbt";
+    };
+  };
+
+  config = {
+    programs.git = {
+      enable = true;
+      userName = cfg.name;
+      userEmail = cfg.mail;
+      extraConfig = {
+        pull.rebase = false;
+        init.defaultBranch = "mistress";
+      };
+    };
+  };
+
+}

shared/home/gui/default.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+
+  imports = [
+    ./sway.nix
+    ./term.nix
+  ];
+
+}

shared/home/gui/sway.nix

@@ -0,0 +1,26 @@
+{ pkgs, lib, config, ... }:
+
+let cfg = config.custom.gui.sway;
+
+in with lib; {
+
+  options.custom.gui.sway = {
+    enable = mkEnableOption "sway window manager";
+  };
+
+  config = mkIf (cfg.enable) {
+
+    home.packages = [];
+
+    wayland.windowManager.sway = {
+      # This is all required to get it to not die.
+      enable = true;
+      extraSessionCommands = "export WLR_NO_HARDWARE_CURSORS=1";
+      extraOptions = [ "--unsupported-gpu" ];
+
+      config.output."*".bg = "${../../data/wallpaper.jpg} fill";
+    };
+
+  };
+
+}

shared/home/gui/term.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  programs.kitty.enable = true;
+}

shared/home/nix.nix

@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+
+  nix.settings = {
+    experimental-features = [ "nix-command" "flakes" ];
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+  };
+
+}

switch.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+nixos-rebuild switch --flake path://$SCRIPT_DIR# --use-remote-sudo

system/thor/core.nix

@@ -0,0 +1,51 @@
+{ ... }: {
+
+  custom = {
+    gui.pipewire.enable = true;
+  };
+
+  system.stateVersion = "21.11";
+  home-manager.users.riley.home.stateVersion = "21.11";
+
+  networking = {
+    hostName = "thor";
+    interfaces."enp9s0".useDHCP = true;
+  };
+
+  boot = {
+    initrd.availableKernelModules = [
+      "nvme"
+      "xhci_pci"
+      "ahci"
+      "usbhid"
+      "usb_storage"
+      "sd_mod"
+    ];
+    kernelModules = [ "kvm-amd" ];
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
+    loader.systemd-boot = {
+      enable = true;
+      editor = false;
+      configurationLimit = 10;
+    };
+    loader.efi.canTouchEfiVariables = true;
+    
+    initrd.luks.devices.nixos.device = "/dev/disk/by-uuid/6bd51990-1584-422c-94bb-32ea952e5cd2";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f3cdd2ab-62ba-4d72-8a28-b3adc0ec3997";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/A6C8-03F3";
+    fsType = "vfat";
+  };
+
+  #TODO
+
+  swapDevices = [ 
+	{device = "/dev/nixos/swap";}
+   ];
+}

system/thor/home.nix

@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  custom.gui.sway.enable = true;
+}