chase/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of https://git.traphouse.cathoderaytube.net/chase/nix-config

Browse Source
This commit is contained in:
chase
2025-06-17 02:07:10 -04:00
parent 3b64c033f1 65fd7498d7
commit cac7ef8482
12 changed files with 193 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@@ -4,6 +4,7 @@ keys:
- &hosts:
- &anzu age1wdjujpvc2zd0g592a9gqa7qzz4pcans8m0tyq3m6eq9np9a3lg2s8kxf3h
- &ichigo age1hpcyetyl0yrwxy0geem6z2u2kwl4hmckur7pnaaxwaylf8ata9vsv8j3wh
- &kuromi age1culqt965xgweu5h6menrppf7eatq7at04z0n52t365f0nvlv043su5t2yl
creation_rules:
- path_regex: secrets.yaml$
key_groups:
@@ -11,3 +12,4 @@ creation_rules:
- *chase
- *anzu
- *ichigo
- *kuromi

30
flake.lock generated
View File

@@ -191,11 +191,11 @@
]
},
"locked": {
"lastModified": 1749526396,
"narHash": "sha256-UL9F76abAk87llXOrcQRjhd5OaOclUd6MIltsqcUZmo=",
"lastModified": 1749779443,
"narHash": "sha256-r6YTIMprNCYcJcA4oZ0x1wPaHPPHUxb8CnyEeMkhGks=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "427c96044f11a5da50faf6adaf38c9fa47e6d044",
"rev": "18f3a0d21c3739a242aafa17c04c5238bbab5a41",
"type": "github"
},
"original": {
@@ -300,11 +300,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1749540031,
"narHash": "sha256-11k6hq/4Tao2PNBFQpSNTlFFKmKGswL17caKuZIE0sM=",
"lastModified": 1749767250,
"narHash": "sha256-oWFxMzPIcp3ys4K0JXuAMPwGZcDqrKLSVgP4SPeP7cY=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "6bdb1f413e4c592f73d91bef33dfb202503ef7ab",
"rev": "d14f81e6ac3debd57f8e3e70ead5bb52606a8c90",
"type": "github"
},
"original": {
@@ -545,11 +545,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1749494155,
"narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=",
"lastModified": 1749727998,
"narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88331c17ba434359491e8d5889cce872464052c2",
"rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd",
"type": "github"
},
"original": {
@@ -600,11 +600,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1749581904,
"narHash": "sha256-QAzSbQuxaqM33WoOGCvwKlpuGPoN1RLAJOllz/Kli0I=",
"lastModified": 1749793929,
"narHash": "sha256-DKPE3shWebs9tBgfUsfFvJ2AHQtstHjp4h1CN6s7qa0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "7f891b80637b9dc6b4254714e9cb6b435be31f86",
"rev": "6e15f4990e4c32382a927b68a6533ec254c60bbe",
"type": "github"
},
"original": {
@@ -728,11 +728,11 @@
]
},
"locked": {
"lastModified": 1747603214,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
"lastModified": 1749592509,
"narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
"rev": "50754dfaa0e24e313c626900d44ef431f3210138",
"type": "github"
},
"original": {

4
flake.nix
View File

@@ -123,8 +123,8 @@
};
kuromi = mkNixOSConfigurations {
host = hosts.kuromi;
nixpkgs = inputs.nixpkgs;
home-manager = inputs.home-manager;
nixpkgs = inputs.nixpkgs-stable;
home-manager = inputs.home-manager-stable;
modules = [];
};
};

49
home/base.nix
View File

@@ -1,5 +1,6 @@
{
config,
lib,
pkgs,
...
}: {
@@ -44,24 +45,46 @@
flavor = "mocha";
};
programs.bash = {
# programs.bash = {
# enable = true;
# enableCompletion = true;
# historyIgnore = [
# "ls"
# "ls -a"
# "ls -l"
# "ls -la"
# "cd"
# "exit"
# ];
# };
programs.zsh = {
enable = true;
enableCompletion = true;
bashrcExtra = ''
export SSH_AUTH_SOCK=/home/chase/.bitwarden-ssh-agent.sock
'';
historyIgnore = [
"ls"
"ls -a"
"ls -l"
"ls -la"
"cd"
autosuggestion.enable = true;
history = {
append = true;
extended = true;
ignoreDups = true;
ignorePatterns = [
"ls *"
"cd *"
"gs"
"exit"
];
};
syntaxHighlighting.enable = true;
};
programs.bat.enable = true;
programs.btop.enable = true;
programs.emacs = {
enable = true;
package = lib.mkDefault pkgs.emacs-nox;
};
programs.fastfetch = {
enable = true;
settings = {
@@ -134,13 +157,10 @@
'';
};
# programs.senpai.enable = true;
# programs.sm64ex.enable = true;
programs.starship = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
settings = {
line_break = {
disabled = true;
@@ -166,6 +186,7 @@
programs.yazi = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
programs.yt-dlp = {

5
home/desktop.nix
View File

@@ -109,7 +109,10 @@
programs.kitty = {
enable = true;
enableGitIntegration = true;
shellIntegration.enableBashIntegration = true;
shellIntegration = {
enableBashIntegration = true;
enableZshIntegration = true;
};
font = {
name = "BlexMono Nerd Font";
size = 11;

6
home/emacs/early-init.el
View File

@@ -50,9 +50,9 @@
(setq frame-inhibit-implied-resize t)
;; no bars
(menu-bar-mode -1)
(tool-bar-mode -1)
(scroll-bar-mode -1)
;;(menu-bar-mode -1)
;;(tool-bar-mode -1)
;;(scroll-bar-mode -1)
;; no startup screen
(setq inhibit-startup-screen t)

23
home/emacs/init.el
View File

@@ -21,6 +21,12 @@
(add-to-list 'find-file-not-found-functions #'er-auto-create-missing-dirs)
;; no bars
(add-hook 'window-setup-hook (lambda ()
(menu-bar-mode -1)
(tool-bar-mode -1)
(scroll-bar-mode -1)))
;; set repos and bootstrap use-package
;; (require 'package)
@@ -57,7 +63,7 @@
(setq use-package-always-demand t
use-package-compute-statistics t)
(require 'bind-key)
(use-package bind-key)
(use-package diminish)
@@ -281,8 +287,8 @@
(prog-mode . yas-minor-mode)
:config
(setq yas-snippet-dirs
'("~/.config/emacs/snippets" ;; personal
"~/.config/emacs/work"))) ;; keep em separated
'((expand-file-name "snippets/" user-emacs-directory) ;; personal
(expand-file-name "work/" user-emacs-directory)))) ;; keep em separated
;; nix
(use-package nix-ts-mode
@@ -397,7 +403,11 @@
;; agenda
(require 'find-lisp)
(unless (file-exists-p "~/Documents/org")
(make-directory "~/Documents/org" t))
(setq org-directory "~/Documents/org")
(unless (file-exists-p (expand-file-name "gtd/" org-directory))
(make-directory (expand-file-name "gtd/" org-directory) t))
(setq chase/org-agenda-directory
(expand-file-name "gtd/" org-directory))
(setq org-agenda-files
@@ -456,9 +466,6 @@
(use-package org-roam
:after org
:custom
(org-roam-directory
(expand-file-name "roam/" org-directory))
:bind
(("C-c n l" . org-roam-buffer-toggle)
("C-c n f" . org-roam-node-find)
@@ -468,6 +475,10 @@
;; Dailies
("C-c n j" . org-roam-dailies-capture-today))
:config
(unless (file-exists-p (expand-file-name "roam/" org-directory))
(make-directory (expand-file-name "roam/" org-directory) t))
(setq org-roam-directory
(expand-file-name "roam/" org-directory))
(require 'org-roam-protocol)
(require 'org-roam-export)
(org-roam-db-autosync-mode)

2
hosts/kuromi/configuration.nix
View File

@@ -9,7 +9,7 @@
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../nixos/desktop.nix
../../nixos/base.nix
];
networking.hostName = "kuromi";

3
hosts/kuromi/home.nix
View File

@@ -4,8 +4,7 @@
...
}: {
imports = [
../../home/desktop.nix
../../home/plasma.nix
../../home/base.nix
];
home.stateVersion = "25.05";

142
nixos/base.nix
View File

@@ -6,30 +6,31 @@
...
}: {
# Bootloader.
boot.loader.systemd-boot = {
boot.loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
enable = true;
configurationLimit = 10;
};
boot.loader.efi.canTouchEfiVariables = true;
};
# Garbage collection
nix.gc = {
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 1w";
};
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
settings = {
auto-optimise-store = true;
download-buffer-size = 524288000;
experimental-features = ["nix-command" "flakes"];
};
};
# Optimize store
nix.settings.auto-optimise-store = true;
# Allow power management
powerManagement.enable = true;
# Firmware updates
services.fwupd.enable = true;
# Enable networking
networking.networkmanager.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Set your time zone.
time.timeZone = "America/New_York";
@@ -49,29 +50,26 @@
LC_TIME = "C.UTF-8";
};
# Configure keymap
console.keyMap = lib.mkDefault "jp106";
services.xserver.xkb = {
layout = lib.mkDefault "jp";
model = lib.mkDefault "jp106";
};
# Allow power management
powerManagement.enable = true;
# Enable networking
networking.networkmanager.enable = true;
# Catppuccin
catppuccin = {
enable = true;
flavor = "mocha";
};
# Configure keymap
console.keyMap = "jp106";
services.xserver.xkb = {
layout = lib.mkDefault "jp";
model = "jp106";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable Flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Android debug tools
programs.adb.enable = true;
@@ -80,6 +78,15 @@
blesh.enable = true;
};
# zsh config
programs.zsh = {
enable = true;
enableCompletion = true;
enableBashCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
};
# Define a user account
users.users.chase = {
isNormalUser = true;
@@ -95,6 +102,10 @@
"video"
"wheel"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSQX+s8Krl312DcnUtoEWOA2silcUnt5URtyVZz8Yek"
];
shell = pkgs.zsh;
};
# Install git and enable cache
@@ -129,6 +140,13 @@
vimAlias = true;
};
# ssh agent
programs.gnupg.agent.enable = true;
programs.ssh = {
enableAskPassword = false;
};
sops = {
defaultSopsFile = ../secrets.yaml;
validateSopsFiles = false;
@@ -163,41 +181,12 @@
qemu
rustup
sbctl
sops
usbutils
wget
yubikey-manager
];
nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
# ssh agent
# programs.mtr.enable = true;
programs.gnupg.agent.enable = true;
programs.ssh = {
enableAskPassword = false;
};
services.fstrim.enable = lib.mkDefault true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.pcscd.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
];
services.yubikey-agent.enable = true;
security.pam = lib.optionalAttrs pkgs.stdenv.isLinux {
sshAgentAuth.enable = true;
u2f = {
@@ -220,4 +209,35 @@
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
services.fstrim.enable = lib.mkDefault true;
# Firmware updates
services.fwupd.enable = true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.pcscd.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
services.udev = {
packages = with pkgs; [
yubikey-personalization
];
extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="04b8", ATTRS{idProduct}=="0202", MODE="0666", GROUP="dialout"
'';
};
services.yubikey-agent.enable = true;
}

1
nixos/desktop.nix
View File

@@ -119,6 +119,7 @@
winDecStyles = ["classic"];
})
firefoxpwa
qpwgraph
yubioath-flutter
];

39
secrets.yaml
View File

@@ -5,29 +5,38 @@ sops:
- recipient: age19uwxm2gynhjl9m90gckrkh76m9hjut44ak6d8969y4swhz8ypyeqvfcaas
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaKzlYVzI5U04xbU05L28z
ZGQvTG15T0t5dmgvbitxS204anBpMVROaGtvCkdJQlVmeGpCcjEyRlJRaWN6WEJv
eVJ2N0RmS2ZxMGNLTHd5bUxFY2ZmdEUKLS0tIGEvM2wzZE5yd3dvSk5KRGpQbU5C
dmh3d3RPbS9WSmF2bm12VHhwNUZ4SUEK0+efCtnuIIhotR92BNaEPyq5bGwadClp
pEf2CRhTaSGiPHK+VRDy1X+pW+q9Jxu5Z7jesjGLdH8ypW5lpYjc3Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvT1pKc1VrVllURWozOXd1
NURBT1haRlBkeHB3eTVabmhWMEI0a1JySDFjCkU3Ry9QaEpRTllaZlRZUllJOUtF
U0ZtOFJRbmEwYnFwK1JRNkJQQXlVVnMKLS0tIGRBZTloenV2YkhGMllUSEx5UGlk
emcvaGhuRStCRFBPY29UdmhPeUhqWDQKkabWErK0qtwVnWza7UfhmX9yfIZJC1XV
MOsdxHryfilLFHhzOI2UGM2dzKlukNvHwAuJmoRkwjIj8Ugj1sU3nA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wdjujpvc2zd0g592a9gqa7qzz4pcans8m0tyq3m6eq9np9a3lg2s8kxf3h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NGdjbm43T2NaK3krWmtB
eHJMK0xyZVFGWndabmJ5aDJiRm05dlJRUlJBClZJY2Zmc0xHUXFFbHJ0dEhDN1Zh
SVppL0pWRm9VbFBtempIRHQzOXR2dzgKLS0tIExxTFJMV2NBajdWNkRKSmR4YUFj
MVFubkgwWFJ2cEtWUVJCc2JvWU9NSGcKcsGs3q55cJ4dp1mdo7KOQWqF98uPsZOF
zFm7oJh6LwbHJarz2m3mlUGBded4ndYrsyJbh2NjHyfUvz2XZgZRkg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbDBPVUFTcERIaEh4ZHp3
aW1GQXlVQThyeDdVYzNYNHlqcFRIYVNpa2xNCmpMeml4REpsRDl1SU1pSm92SU1V
OXNhUklhTGxRMTRTV3dlbENsTVlXTVEKLS0tICtzU3ZteFNCOEo3NmVwNE1ydHVM
dFpJMXowc3h1MHdBYVZLc0Y5bXZoTUkKFs67JKeHhZiK2tAu7Poh4Fou5QYm8HXK
r09HeCuiIfxjRuT1t8nRvRALdzOG6xNuPULs6aCdjpa/d0EvnXyw+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hpcyetyl0yrwxy0geem6z2u2kwl4hmckur7pnaaxwaylf8ata9vsv8j3wh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWGNlNmdhVlRXRlN3OXo4
dEVTL01uenhEY1VVMkRveGQrQXQ2TXlvSWpZCnRoVjI2TDRpbE1FVVNMTytMb3A2
cjN0T2UyYm9idmg5dkdFUWp1a3ZHQXcKLS0tIFpnYS8veEVGMkFkMzlibHRUUUxF
TVpjTzArTkRGVFhHdzVHdWNSYm5EZjAK6iwQI8usDMhdHdphcJeoxeeidcbto1d0
NFId4dYlrplJmkI7Og8bIxLqnaEw7enIsTz49LjLdKPRDfQB+PkEJw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb3oyWFBvdXIxRkNtL0xs
aGNzQ0RERXB3TGFUOVBTQm5wOUlodkZiMXlvClFXR1Z0ZHpFa2RyUlYzL01Bb2RN
UGZNREVqRU9ZRVhMQ3VMYUNKcUI4WTgKLS0tIDB5RmkzSTdwSTVUQjJMbklxeFM5
M0s3QmI4MzNiVy8yNGE2TG01Z1paOWcKIGj+ofrO443CiK1n3J291KwnKqmG99+M
1mYfFrvpx/yVTzt2Pk5ioTC+hzDWUHy1gR8vQTVTjGkhU8cBCzNR/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1culqt965xgweu5h6menrppf7eatq7at04z0n52t365f0nvlv043su5t2yl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWOVQ2ZzhZT0pqZjIzQXp1
dzBuVEcyYS9MSW8vdnFPT2p4NzJBZ3g2K0c4CmpqSC9XRFBsdUJsM1phckQ4aW5D
RFZmTFJMSkR5VE9idzJMZGZzajFBWFEKLS0tIElnTXg5aUNQVE5qOGlxd00zY0NX
ZGRES0oyeGZSRHBQU0RQNzNZd1VBZTAKhRXixVaTXhZrTmntLGaC9WIm/Ylm3tp7
xQxZA8n5PRtqENa5Cj3jqJQS2gmwy5kixO9U6IHzMWntBE7zr/hKrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-08T19:43:47Z"
mac: ENC[AES256_GCM,data:9YpgBrJwWhz2utNPldpIU/ylaN2QfkSj1LvWa8sISSnuXvsBsZ8a+oNzuGDd5+Q1pSYtoiBt6viqZn65wp8x+kb9ZMJdsWoZZG2U1b3rHUsadOYarvwMVDoQ5TZFFjEOyzyCgT7ln6v1rfAKwL5LJ3Kjv6SRIb9dK51sDsVijhQ=,iv:yTlxgZoOdB7pu5iZKP+q1cXbDsTT5HgsWo4tkix8948=,tag:qJbiq+Fayx5L9V7to1ijvQ==,type:str]