diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..c214cff --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,51 @@ +{ + "cSpell.words": [ + "alsa", + "bantime", + "btop", + "cachix", + "cgroupdriver", + "Compat", + "dialout", + "dotfiles", + "extest", + "gamemode", + "gamescope", + "hwloc", + "iperf", + "libglvnd", + "libmysqlclient", + "libsodium", + "libssh", + "libvirtd", + "lynis", + "mangohud", + "maxretry", + "maxtime", + "ncdu", + "neofetch", + "networkmanager", + "nixos", + "nixpkgs", + "nmap", + "overalljails", + "pciutils", + "pipewire", + "pkgs", + "plugdev", + "pulseaudio", + "ripgrep", + "rtkit", + "rycee", + "smartmontools", + "stdenv", + "substituters", + "uaccess", + "usbutils", + "virtualisation", + "wireshark", + "zerotier", + "zoxide", + "zstd" + ] +} diff --git a/README.md b/README.md index 27ef622..96bf7ed 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# dotfiles \ No newline at end of file +# dotfiles diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..57043ac --- /dev/null +++ b/flake.lock @@ -0,0 +1,161 @@ +{ + "nodes": { + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1725783932, + "narHash": "sha256-ZrDE5yqkgiv0F34w1QFz1oZnNnReW0PEA6vjO6gx4Uc=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "58ac93a2ade218ea5e4dae38246030c7342b1eb4", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725781935, + "narHash": "sha256-o6LRtdpgBTzev9n243Ktu3rn0/qsv0frFyJwU6vJsdE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ec4c6928bbacc89cf10e9c959a7a47cbaad95344", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1725716377, + "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "firefox-addons": "firefox-addons", + "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable", + "sops-nix": "sops-nix", + "systems": "systems" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725765163, + "narHash": "sha256-rfd2c47iVSFI6bRYy5l8wRijRBaYDeU7dM8XCDUGqlA=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "b68757cd2c3fa66d6ccaa0d046ce42a9324e0070", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..44fb51e --- /dev/null +++ b/flake.nix @@ -0,0 +1,72 @@ +{ + description = "My NixOS/home-manager configuration."; + + nixConfig = { + extra-substituters = [ + "https://cache.nixos.org/?priority=1&want-mass-query=true" + "https://nix-community.cachix.org/?priority=10&want-mass-query=true" + ]; + extra-trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" + ]; + }; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; + systems.url = "github:nix-systems/default-linux"; + + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; + }; + + }; + + outputs = { + self, + nixpkgs, + home-manager, + systems, + ... + } @ inputs: let + inherit (self) outputs; + lib = nixpkgs.lib // home-manager.lib; + forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); + pkgsFor = lib.genAttrs (import systems) ( + system: + import nixpkgs { + inherit system; + config.allowUnfree = true; + } + ); + in { + inherit lib; + overlays = import ./overlays {inherit inputs outputs;}; + + devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;}); + formatter = forEachSystem (pkgs: pkgs.alejandra); + + nixosConfigurations = { + bob = lib.nixosSystem { + modules = [./systems/bob]; + specialArgs = {inherit inputs outputs;}; + }; + }; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..5b3ea11 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,9 @@ +{inputs, ...}: { + # When applied, the stable nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.stable' + stable = final: _prev: { + stable = import inputs.nixpkgs-stable { + system = final.system; + config.allowUnfree = true; + }; + }; +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d9b159e --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +{pkgs ? import {}, ...}: { + default = pkgs.mkShell { + NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations"; + nativeBuildInputs = with pkgs; [ + nix + home-manager + git + + ssh-to-age + gnupg + age + ]; + }; +} diff --git a/systems/bob/default.nix b/systems/bob/default.nix new file mode 100644 index 0000000..945f5fc --- /dev/null +++ b/systems/bob/default.nix @@ -0,0 +1,104 @@ +{ + inputs, + ... +}: +{ + imports = [ + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + ../../users/richie + ../common/global + ../common/optional/desktop.nix + ../common/optional/steam.nix + ../common/optional/syncthing_base.nix + ../common/optional/systemd-boot.nix + ../common/optional/zerotier.nix + ./hardware.nix + ./nvidia.nix + ]; + + networking = { + hostName = "bob"; + networkmanager.enable = true; + hostId = "7c678a41"; + }; + + hardware = { + pulseaudio.enable = false; + bluetooth = { + enable = true; + powerOnBoot = true; + }; + }; + + security.rtkit.enable = true; + + services = { + + displayManager.sddm.enable = true; + + openssh.ports = [ 262 ]; + + printing.enable = true; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + syncthing.settings.folders = { + "notes" = { + id = "l62ul-lpweo"; # cspell:disable-line + path = "/home/richie/notes"; + devices = [ + "phone" + "jeeves" + "rhapsody-in-green" + ]; + fsWatcherEnabled = true; + }; + "books" = { + id = "6uppx-vadmy"; # cspell:disable-line + path = "/home/richie/books"; + devices = [ + "phone" + "jeeves" + "rhapsody-in-green" + ]; + fsWatcherEnabled = true; + }; + "important" = { + id = "4ckma-gtshs"; # cspell:disable-line + path = "/home/richie/important"; + devices = [ + "phone" + "jeeves" + "rhapsody-in-green" + ]; + fsWatcherEnabled = true; + }; + "music" = { + id = "vprc5-3azqc"; # cspell:disable-line + path = "/home/richie/music"; + devices = [ + "phone" + "jeeves" + "rhapsody-in-green" + ]; + fsWatcherEnabled = true; + }; + "projects" = { + id = "vyma6-lqqrz"; # cspell:disable-line + path = "/home/richie/projects"; + devices = [ + "jeeves" + "rhapsody-in-green" + ]; + fsWatcherEnabled = true; + }; + }; + }; + + system.stateVersion = "24.05"; +} diff --git a/systems/bob/hardware.nix b/systems/bob/hardware.nix new file mode 100644 index 0000000..c7cc676 --- /dev/null +++ b/systems/bob/hardware.nix @@ -0,0 +1,65 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ ]; + luks.devices = { + "luks-root-pool-nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2".device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2"; + }; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = lib.mkDefault { + device = "root_pool/root"; + fsType = "zfs"; + }; + + "/home" = { + device = "root_pool/home"; + fsType = "zfs"; + }; + + "/var" = { + device = "root_pool/var"; + fsType = "zfs"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/609D-FF29"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + }; + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/systems/bob/nvidia.nix b/systems/bob/nvidia.nix new file mode 100644 index 0000000..2970577 --- /dev/null +++ b/systems/bob/nvidia.nix @@ -0,0 +1,13 @@ +{ config, ... }: +{ + services.xserver.videoDrivers = [ "nvidia" ]; + hardware = { + nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.production; + nvidiaSettings = true; + }; + nvidia-container-toolkit.enable = true; + }; +} diff --git a/systems/common/docker_templates/file_server/sites/000-default.conf b/systems/common/docker_templates/file_server/sites/000-default.conf new file mode 100644 index 0000000..06c715a --- /dev/null +++ b/systems/common/docker_templates/file_server/sites/000-default.conf @@ -0,0 +1,17 @@ + + ServerAdmin admin@domain.com + + DocumentRoot /data/ + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog ${APACHE_LOG_DIR}/error.log + + # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/access.log combined + \ No newline at end of file diff --git a/systems/common/global/default.nix b/systems/common/global/default.nix new file mode 100644 index 0000000..3cd16d1 --- /dev/null +++ b/systems/common/global/default.nix @@ -0,0 +1,38 @@ +{ + lib, + inputs, + outputs, + ... +}: +{ + imports = [ + inputs.home-manager.nixosModules.home-manager + ./docker.nix + ./fail2ban.nix + ./libs.nix + ./locale.nix + ./nh.nix + ./nix.nix + ./programs.nix + ./ssh.nix + ]; + + security.auditd.enable = lib.mkDefault true; + + programs = { + zsh.enable = true; + fish.enable = true; + }; + + users.mutableUsers = lib.mkDefault true; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = {inherit inputs outputs;}; + }; + + nixpkgs.config.allowUnfree = true; + + hardware.enableRedistributableFirmware = true; +} diff --git a/systems/common/global/docker.nix b/systems/common/global/docker.nix new file mode 100644 index 0000000..86a33d2 --- /dev/null +++ b/systems/common/global/docker.nix @@ -0,0 +1,28 @@ +{ lib, ... }: +{ + users = { + users.docker-service = { + isSystemUser = true; + group = "docker-service"; + extraGroups = [ "docker" ]; + uid = 600; + }; + groups.docker-service = { + gid = 600; + }; + }; + + virtualisation.docker = { + enable = lib.mkDefault true; + logDriver = "local"; + storageDriver = "overlay2"; + daemon.settings = { + experimental = true; + exec-opts = [ "native.cgroupdriver=systemd" ]; + log-opts = { + max-size = "10m"; + max-file = "5"; + }; + }; + }; +} diff --git a/systems/common/global/fail2ban.nix b/systems/common/global/fail2ban.nix new file mode 100644 index 0000000..12ad61c --- /dev/null +++ b/systems/common/global/fail2ban.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +{ + services.fail2ban = { + enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true); + maxretry = 5; + bantime = "24h"; + bantime-increment = { + enable = true; + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; + overalljails = true; + }; + }; +} diff --git a/systems/common/global/libs.nix b/systems/common/global/libs.nix new file mode 100644 index 0000000..ed3c5a2 --- /dev/null +++ b/systems/common/global/libs.nix @@ -0,0 +1,26 @@ +{ lib, pkgs, ... }: +{ + programs.nix-ld = { + enable = lib.mkDefault true; + libraries = with pkgs; [ + acl + attr + bzip2 + curl + glib + libglvnd + libmysqlclient + libsodium + libssh + libxml2 + openssl + stdenv.cc.cc + systemd + util-linux + xz + zlib + zlib-ng + zstd + ]; + }; +} diff --git a/systems/common/global/locale.nix b/systems/common/global/locale.nix new file mode 100644 index 0000000..275417d --- /dev/null +++ b/systems/common/global/locale.nix @@ -0,0 +1,21 @@ +{ lib, ... }: +{ + time.timeZone = lib.mkDefault "America/New_York"; + console.keyMap = lib.mkDefault "us"; + + i18n = { + defaultLocale = lib.mkDefault "en_US.utf8"; + supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ]; + extraLocaleSettings = lib.mkDefault { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + }; +} diff --git a/systems/common/global/nh.nix b/systems/common/global/nh.nix new file mode 100644 index 0000000..8a4cea6 --- /dev/null +++ b/systems/common/global/nh.nix @@ -0,0 +1,10 @@ +{ + programs.nh = { + enable = true; + clean = { + enable = true; + dates = "weekly"; + extraArgs = "--keep-since 7d --keep 3"; + }; + }; +} diff --git a/systems/common/global/nix.nix b/systems/common/global/nix.nix new file mode 100644 index 0000000..16be1cc --- /dev/null +++ b/systems/common/global/nix.nix @@ -0,0 +1,28 @@ +{ + inputs, + lib, + ... +}: let + flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs; +in { + nix = { + settings = { + trusted-users = [ + "root" + "@wheel" + ]; + auto-optimise-store = lib.mkDefault true; + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + ]; + warn-dirty = false; + flake-registry = ""; # disable global flake registries + }; + + # Add each flake input as a registry and nix_path + registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs; + nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; +} diff --git a/systems/common/global/programs.nix b/systems/common/global/programs.nix new file mode 100644 index 0000000..1dd00e3 --- /dev/null +++ b/systems/common/global/programs.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + git + python312 + ]; +} diff --git a/systems/common/global/ssh.nix b/systems/common/global/ssh.nix new file mode 100644 index 0000000..f3bc8e3 --- /dev/null +++ b/systems/common/global/ssh.nix @@ -0,0 +1,71 @@ +{ lib, ... }: +{ + services.openssh = { + enable = lib.mkDefault true; + extraConfig = "StreamLocalBindUnlink yes"; + + hostKeys = [ + { + bits = 4096; + path = "/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + } + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/etc/ssh/ssh_host_ecdsa_key"; + type = "ecdsa"; + } + ]; + + settings = { + AllowAgentForwarding = "no"; + AllowTcpForwarding = lib.mkDefault "yes"; + ChallengeResponseAuthentication = "no"; + ClientAliveCountMax = lib.mkDefault 2; + Compression = "NO"; + IgnoreRhosts = "yes"; + LogLevel = lib.mkDefault "VERBOSE"; + MaxAuthTries = 3; + MaxSessions = lib.mkDefault 2; + PasswordAuthentication = false; + PermitEmptyPasswords = "no"; + PermitRootLogin = lib.mkForce "no"; + TcpKeepAlive = "no"; + X11Forwarding = lib.mkDefault false; + KexAlgorithms = [ + "curve25519-sha256@libssh.org" + "diffie-hellman-group-exchange-sha256" + ]; + + Ciphers = [ + "chacha20-poly1305@openssh.com" + "aes256-gcm@openssh.com" + "aes128-gcm@openssh.com" + "aes256-ctr" + "aes192-ctr" + "aes128-ctr" + ]; + + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + "hmac-sha2-512" + "hmac-sha2-256" + "umac-128@openssh.com" + ]; + }; + }; + + services = { + endlessh-go = { + enable = lib.mkDefault true; + port = 22; + }; + }; + + networking.firewall.allowedTCPPorts = [ 22 ]; +} diff --git a/systems/common/optional/desktop.nix b/systems/common/optional/desktop.nix new file mode 100644 index 0000000..6b14bbb --- /dev/null +++ b/systems/common/optional/desktop.nix @@ -0,0 +1,12 @@ +{ + services = { + desktopManager.plasma6.enable = true; + xserver = { + enable = true; + xkb = { + layout = "us"; + variant = ""; + }; + }; + }; +} diff --git a/systems/common/optional/libvirt.nix b/systems/common/optional/libvirt.nix new file mode 100644 index 0000000..d2a12b8 --- /dev/null +++ b/systems/common/optional/libvirt.nix @@ -0,0 +1,7 @@ +{ + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + programs.dconf.enable = true; +} diff --git a/systems/common/optional/steam.nix b/systems/common/optional/steam.nix new file mode 100644 index 0000000..b59c08a --- /dev/null +++ b/systems/common/optional/steam.nix @@ -0,0 +1,17 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [mangohud steam-run]; + hardware.steam-hardware.enable = true; + + programs = { + gamemode.enable = true; + steam = { + enable = true; + gamescopeSession.enable = true; + remotePlay.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + extraCompatPackages = with pkgs; [proton-ge-bin]; + extest.enable = true; + }; + }; +} diff --git a/systems/common/optional/syncthing_base.nix b/systems/common/optional/syncthing_base.nix new file mode 100644 index 0000000..bd1e78e --- /dev/null +++ b/systems/common/optional/syncthing_base.nix @@ -0,0 +1,18 @@ +{ + services.syncthing = { + enable = true; + user = "richie"; + overrideDevices = true; + overrideFolders = true; + dataDir = "/home/richie/Syncthing"; + configDir = "/home/richie/.config/syncthing"; + settings = { + devices = { + phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line + jeeves.id = "7YQ4UEW-OPQEBH4-6YKJH4B-ZCE3SAX-5EIK5JL-WJDIWUA-WA2N3D5-MNK6GAV"; # cspell:disable-line + rhapsody-in-green.id = "INKUNKN-KILXGL5-2TQ5JTH-ORJOLOM-WYD2PYO-YRDLQIX-3AKZFWT-ZN7OJAE"; # cspell:disable-line + bob.id = "YP6UYKF-KFZ3FG3-5XM3XM3-5Q24AZS-LZK67PN-LAERKU2-K4WMYBH-N57ZBA5"; # cspell:disable-line + }; + }; + }; +} diff --git a/systems/common/optional/systemd-boot.nix b/systems/common/optional/systemd-boot.nix new file mode 100644 index 0000000..fca6970 --- /dev/null +++ b/systems/common/optional/systemd-boot.nix @@ -0,0 +1,6 @@ +{ + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; +} diff --git a/systems/common/optional/update.nix b/systems/common/optional/update.nix new file mode 100644 index 0000000..3a0e630 --- /dev/null +++ b/systems/common/optional/update.nix @@ -0,0 +1,19 @@ +{ lib, ... }: +{ + services.autopull = { + enable = lib.mkDefault true; + repo.dotfiles = { + enable = lib.mkDefault true; + ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy"; + path = lib.mkDefault /root/dotfiles; + }; + }; + + system.autoUpgrade = { + enable = lib.mkDefault true; + flags = [ "--accept-flake-config" ]; + randomizedDelaySec = "1h"; + persistent = true; + flake = "github:RAD-Development/nix-dotfiles"; + }; +} diff --git a/systems/common/optional/zerotier.nix b/systems/common/optional/zerotier.nix new file mode 100644 index 0000000..dabac6b --- /dev/null +++ b/systems/common/optional/zerotier.nix @@ -0,0 +1,6 @@ +{ + services.zerotierone = { + enable = true; + joinNetworks = [ "e4da7455b2ae64ca" ]; + }; +} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..67868f7 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + pkgs, + name, + publicKeys ? [ ], + defaultShell ? "zsh", +}: + +{ + inherit name; + isNormalUser = true; + shell = lib.mkIf config.programs.${defaultShell}.enable pkgs.${defaultShell}; + hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null; + openssh.authorizedKeys.keys = publicKeys; + extraGroups = [ + "wheel" + "media" + (lib.mkIf config.networking.networkmanager.enable "networkmanager") + (lib.mkIf config.programs.adb.enable "adbusers") + (lib.mkIf config.programs.wireshark.enable "wireshark") + (lib.mkIf config.virtualisation.docker.enable "docker") + (lib.mkIf (with config.services.locate; (enable && package == pkgs.plocate)) "plocate") + "libvirtd" + "dialout" + "plugdev" + "uaccess" + ]; +} diff --git a/users/richie/default.nix b/users/richie/default.nix new file mode 100644 index 0000000..2018564 --- /dev/null +++ b/users/richie/default.nix @@ -0,0 +1,32 @@ +{ + pkgs, + config, + ... +}: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in { + users.users.richie = { + isNormalUser = true; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPtuYhiJHRTYhNaDmTcJOqJASk7D8mIn6u3F1IN5AFJ bob" # cspell:disable-line + ]; + extraGroups = + [ + "audio" + "video" + "wheel" + ] + ++ ifTheyExist [ + "dialout" + "docker" + "libvirtd" + "networkmanager" + "plugdev" + "uaccess" + "wireshark" + ]; + }; + + home-manager.users.richie = import ./systems/${config.networking.hostName}.nix; +} diff --git a/users/richie/home/cli/default.nix b/users/richie/home/cli/default.nix new file mode 100644 index 0000000..fe4bda2 --- /dev/null +++ b/users/richie/home/cli/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./git.nix + ./zsh.nix + ./direnv.nix + ]; + + programs.starship.enable = true; +} diff --git a/users/richie/home/cli/direnv.nix b/users/richie/home/cli/direnv.nix new file mode 100644 index 0000000..75129d9 --- /dev/null +++ b/users/richie/home/cli/direnv.nix @@ -0,0 +1,8 @@ +{ + + programs.direnv = { + enable = true; + enableZshIntegration = true; + nix-direnv.enable = true; + }; +} diff --git a/users/richie/home/cli/git.nix b/users/richie/home/cli/git.nix new file mode 100644 index 0000000..405f1c9 --- /dev/null +++ b/users/richie/home/cli/git.nix @@ -0,0 +1,7 @@ +{ + programs.git = { + enable = true; + userEmail = "Richie@tmmworkshop.com"; + userName = "Richie Cahill"; + }; +} diff --git a/users/richie/home/cli/zsh.nix b/users/richie/home/cli/zsh.nix new file mode 100644 index 0000000..dbca1af --- /dev/null +++ b/users/richie/home/cli/zsh.nix @@ -0,0 +1,33 @@ +{ + programs.zsh = { + enable = true; + syntaxHighlighting.enable = true; + history.size = 10000; + oh-my-zsh = { + enable = true; + plugins = [ + "git" + "docker" + "docker-compose" + "colored-man-pages" + "rust" + "systemd" + "tmux" + "ufw" + "z" + ]; + }; + shellAliases = { + "sgc" = "sudo git -C /root/dotfiles"; + + ## Utilities + "lrt" = "eza --icons -lsnew"; + "ls" = "eza"; + "ll" = "eza --long --group"; + "la" = "eza --all"; + + "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'"; + "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/projects/dotfiles#$HOST"; + }; + }; +} diff --git a/users/richie/home/global.nix b/users/richie/home/global.nix new file mode 100644 index 0000000..4ca1a39 --- /dev/null +++ b/users/richie/home/global.nix @@ -0,0 +1,37 @@ +{ + lib, + pkgs, + config, + ... +}: { + imports = [ + ./cli + ./programs.nix + ./ssh_config.nix + ]; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + ]; + }; + }; + + programs = { + home-manager.enable = true; + git.enable = true; + }; + + home = { + username = lib.mkDefault "richie"; + homeDirectory = lib.mkDefault "/home/${config.home.username}"; + stateVersion = lib.mkDefault "24.05"; + sessionVariables = { + FLAKE = "$HOME/Projects/dotfiles"; + }; + }; +} diff --git a/users/richie/home/gui/default.nix b/users/richie/home/gui/default.nix new file mode 100644 index 0000000..f980bf2 --- /dev/null +++ b/users/richie/home/gui/default.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +{ + imports = [ + ./firefox.nix + ./vscode + ]; + + home.packages = with pkgs; [ + beeper + candy-icons + nemo + nemo-fileroller + discord-canary + gimp + gparted + mediainfo + obs-studio + obsidian + proxychains + sweet-nova + util-linux + vlc + zoom-us + prusa-slicer + ]; +} diff --git a/users/richie/home/gui/firefox.nix b/users/richie/home/gui/firefox.nix new file mode 100644 index 0000000..350ae33 --- /dev/null +++ b/users/richie/home/gui/firefox.nix @@ -0,0 +1,296 @@ +{ + pkgs, + inputs, + ... +}: +{ + programs.firefox = { + enable = true; + profiles.richie = { + extensions = with inputs.firefox-addons.packages.x86_64-linux; [ + bitwarden + darkreader + dearrow + fastforwardteam + return-youtube-dislikes + sponsorblock + ublock-origin + ]; + search.engines = { + "Nix Options" = { + urls = [ + { + template = "https://search.nixos.org/options"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "channel"; + value = "unstable"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@o" ]; + }; + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "channel"; + value = "unstable"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@n" ]; + }; + }; + search.force = true; + settings = { + # SECTION: FASTFOX + # GENERAL + "content.notify.interval" = 100000; + + # GFX + "gfx.canvas.accelerated.cache-items" = 4096; + "gfx.canvas.accelerated.cache-size" = 512; + "gfx.content.skia-font-cache-size" = 20; + + # DISK CACHE + "browser.cache.jsbc_compression_level" = 3; + + # MEDIA CACHE + "media.memory_cache_max_size" = 65536; + "media.cache_readahead_limit" = 7200; + "media.cache_resume_threshold" = 3600; + + # IMAGE CACHE + "image.mem.decode_bytes_at_a_time" = 32768; + + # NETWORK + "network.buffer.cache.size" = 262144; + "network.buffer.cache.count" = 128; + "network.http.max-connections" = 1800; + "network.http.max-persistent-connections-per-server" = 10; + "network.http.max-urgent-start-excessive-connections-per-host" = 5; + "network.http.pacing.requests.enabled" = false; + "network.dnsCacheExpiration" = 3600; + "network.dns.max_high_priority_threads" = 8; + "network.ssl_tokens_cache_capacity" = 10240; + + # SPECULATIVE LOADING + "network.dns.disablePrefetch" = true; + "network.prefetch-next" = false; + "network.predictor.enabled" = false; + + # EXPERIMENTAL + "layout.css.grid-template-masonry-value.enabled" = true; + "dom.enable_web_task_scheduling" = true; + "layout.css.has-selector.enabled" = true; + "dom.security.sanitizer.enabled" = true; + + # SECTION: SECUREFOX + # TRACKING PROTECTION + "browser.contentblocking.category" = "strict"; + "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; + "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com"; + "network.cookie.sameSite.noneRequiresSecure" = true; + "browser.download.start_downloads_in_tmp_dir" = true; + "browser.helperApps.deleteTempFileOnExit" = true; + "browser.uitour.enabled" = false; + "privacy.globalprivacycontrol.enabled" = true; + + # OCSP & CERTS / HPKP + "security.OCSP.enabled" = 0; + "security.remote_settings.crlite_filters.enabled" = true; + "security.pki.crlite_mode" = 2; + + # SSL / TLS + "security.ssl.treat_unsafe_negotiation_as_broken" = true; + "browser.xul.error_pages.expert_bad_cert" = true; + "security.tls.enable_0rtt_data" = false; + + # DISK AVOIDANCE + "browser.privatebrowsing.forceMediaMemoryCache" = true; + "browser.sessionstore.interval" = 60000; + + # SHUTDOWN & SANITIZING + "privacy.history.custom" = true; + + # SEARCH / URL BAR + "browser.search.separatePrivateDefault.ui.enabled" = true; + "browser.urlbar.update2.engineAliasRefresh" = true; + # PREF: restore search engine suggestions + "browser.search.suggest.enabled" = true; + "browser.urlbar.suggest.quicksuggest.sponsored" = false; + "browser.urlbar.suggest.quicksuggest.nonsponsored" = false; + "browser.formfill.enable" = false; + "security.insecure_connection_text.enabled" = true; + "security.insecure_connection_text.pbmode.enabled" = true; + "network.IDN_show_punycode" = true; + + # HTTPS-FIRST POLICY + "dom.security.https_first" = true; + "dom.security.https_first_schemeless" = true; + + # PASSWORDS + "signon.formlessCapture.enabled" = false; + "signon.rememberSignons" = false; + "signon.privateBrowsingCapture.enabled" = false; + "network.auth.subresource-http-auth-allow" = 1; + "editor.truncate_user_pastes" = false; + + # MIXED CONTENT + CROSS-SITE + "security.mixed_content.block_display_content" = true; + "security.mixed_content.upgrade_display_content" = true; + "security.mixed_content.upgrade_display_content.image" = true; + "pdfjs.enableScripting" = false; + "extensions.postDownloadThirdPartyPrompt" = false; + + # HEADERS / REFERERS + "network.http.referer.XOriginTrimmingPolicy" = 2; + + # CONTAINERS + "privacy.userContext.ui.enabled" = true; + + # WEBRTC + "media.peerconnection.ice.proxy_only_if_behind_proxy" = true; + "media.peerconnection.ice.default_address_only" = true; + + # SAFE BROWSING + "browser.safebrowsing.downloads.remote.enabled" = false; + + # MOZILLA + # PREF: allow websites to ask you to receive site notifications + "permissions.default.desktop-notification" = 0; # allow websites to ask + # PREF: allow websites to ask you for your location + "permissions.default.geo" = 0; + "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"; + "permissions.manager.defaultsUrl" = ""; + "webchannel.allowObject.urlWhitelist" = ""; + + # TELEMETRY + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.server" = "data:,"; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.updatePing.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.coverage.opt-out" = true; + "toolkit.coverage.opt-out" = true; + "toolkit.coverage.endpoint.base" = ""; + "browser.ping-centre.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + + # EXPERIMENTS + "app.shield.optoutstudies.enabled" = false; + "app.normandy.enabled" = false; + "app.normandy.api_url" = ""; + + # CRASH REPORTS + "breakpad.reportURL" = ""; + "browser.tabs.crashReporting.sendReport" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # DETECTION + "captivedetect.canonicalURL" = ""; + "network.captive-portal-service.enabled" = false; + "network.connectivity-service.enabled" = false; + + # SECTION: PESKYFOX + # MOZILLA UI + "browser.privatebrowsing.vpnpromourl" = ""; + "extensions.getAddons.showPane" = false; + "extensions.htmlaboutaddons.recommendations.enabled" = false; + "browser.discovery.enabled" = false; + "browser.shell.checkDefaultBrowser" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; + "browser.preferences.moreFromMozilla" = false; + "browser.tabs.tabmanager.enabled" = false; + "browser.aboutConfig.showWarning" = false; + "browser.aboutwelcome.enabled" = false; + + # THEME ADJUSTMENTS + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + "browser.compactmode.show" = true; + "browser.display.focus_ring_on_anything" = true; + "browser.display.focus_ring_style" = 0; + "browser.display.focus_ring_width" = 0; + "layout.css.prefers-color-scheme.content-override" = 2; + + # COOKIE BANNER HANDLING + "cookiebanners.service.mode" = 1; + "cookiebanners.service.mode.privateBrowsing" = 1; + + # FULLSCREEN NOTICE + "full-screen-api.transition-duration.enter" = "0 0"; + "full-screen-api.transition-duration.leave" = "0 0"; + "full-screen-api.warning.delay" = -1; + "full-screen-api.warning.timeout" = 0; + + # URL BAR + "browser.urlbar.suggest.calculator" = true; + "browser.urlbar.unitConversion.enabled" = true; + "browser.urlbar.trending.featureGate" = false; + + # NEW TAB PAGE + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + + # POCKET + "extensions.pocket.enabled" = false; + + # DOWNLOADS + "browser.download.always_ask_before_handling_new_types" = true; + "browser.download.manager.addToRecentDocs" = false; + + # PDF + "browser.download.open_pdf_attachments_inline" = true; + + # TAB BEHAVIOR + "browser.bookmarks.openInTabClosesMenu" = false; + "browser.menu.showViewImageInfo" = true; + "findbar.highlightAll" = true; + "layout.word_select.eat_space_to_next_word" = false; + + # SECTION: MY OVERRIDES + "browser.startup.homepage" = "https://google.com"; + "identity.fxaccounts.enabled" = false; + + # SECTION SMOOTHFOX + # OPTION: SHARPEN SCROLLING * + "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX + "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5 + "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50 + "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25 + "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4 + }; + }; + }; +} diff --git a/users/richie/home/gui/vscode/default.nix b/users/richie/home/gui/vscode/default.nix new file mode 100644 index 0000000..68b71b7 --- /dev/null +++ b/users/richie/home/gui/vscode/default.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +let + vscode_dir = "/home/richie/projects/nix-dotfiles/users/richie/home/gui/vscode"; +in +{ + # mutable symlinks to key binds and settings + xdg.configFile."Code/User/settings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json"; + xdg.configFile."Code/User/keybindings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json"; + + home.packages = with pkgs; [ nil ]; + + programs.vscode = { + enable = true; + package = pkgs.vscode; + mutableExtensionsDir = true; + }; +} diff --git a/users/richie/home/gui/vscode/extension_manager.py b/users/richie/home/gui/vscode/extension_manager.py new file mode 100644 index 0000000..8a4162c --- /dev/null +++ b/users/richie/home/gui/vscode/extension_manager.py @@ -0,0 +1,68 @@ +from subprocess import run + + +def get_installed_extensions(): + process = run("code --list-extensions".split(), check=True, capture_output=True) + return set(process.stdout.decode("utf-8").strip().split("\n")) + + +def main(): + print("starting vscode extension manager") + + extensions = { + # vscode + "ms-azuretools.vscode-docker", + "ms-vscode-remote.remote-containers", + "ms-vscode-remote.remote-ssh-edit", + "ms-vscode-remote.remote-ssh", + "ms-vscode.hexeditor", + "ms-vscode.remote-explorer", + "ms-vsliveshare.vsliveshare", + "oderwat.indent-rainbow", + "usernamehw.errorlens", + # git + "codezombiech.gitignore", + "eamodio.gitlens", + "gitHub.vscode-github-actions", + # python + "charliermarsh.ruff", + "ms-python.python", + "ms-python.vscode-pylance", + "ms-python.debugpy", + # rust + "rust-lang.rust-analyzer", + # MD + "davidanson.vscode-markdownlint", + "yzhang.markdown-all-in-one", + # configs + "redhat.vscode-yaml", + "tamasfe.even-better-toml", + # shell + "timonwong.shellcheck", + "foxundermoon.shell-format", + # nix + "jnoortheen.nix-ide", + # database + "mtxr.sqltools-driver-pg", + "mtxr.sqltools", + # other + "esbenp.prettier-vscode", + "mechatroner.rainbow-csv", + "streetsidesoftware.code-spell-checker", + "supermaven.supermaven", + } + + installed_extensions = get_installed_extensions() + + missing_extensions = extensions.difference(installed_extensions) + for extension in missing_extensions: + run(f"code --install-extension {extension} --force".split(), check=True) + + if extra_extensions := installed_extensions.difference(extensions): + print(f"Extra extensions installed: {extra_extensions}") + + print("vscode extension manager finished") + + +if __name__ == "__main__": + main() diff --git a/users/richie/home/gui/vscode/keybindings.json b/users/richie/home/gui/vscode/keybindings.json new file mode 100644 index 0000000..091d316 --- /dev/null +++ b/users/richie/home/gui/vscode/keybindings.json @@ -0,0 +1,20 @@ +[ + { + "key": "shift+alt+f", + "command": "editor.action.formatDocument", + "when": "editorHasDocumentFormattingProvider && editorTextFocus && !editorReadonly && !inCompositeEditor" + }, + { + "key": "alt+a d", + "command": "cSpell.addWordToWorkspaceSettings" + }, + { + "key": "ctrl+shift+`", + "command": "workbench.action.createTerminalEditor" + }, + { + "key": "ctrl+shift+`", + "command": "-workbench.action.terminal.new", + "when": "terminalProcessSupported || terminalWebExtensionContributedProfile" + } +] diff --git a/users/richie/home/gui/vscode/settings.json b/users/richie/home/gui/vscode/settings.json new file mode 100644 index 0000000..1591c55 --- /dev/null +++ b/users/richie/home/gui/vscode/settings.json @@ -0,0 +1,57 @@ +{ + // vscode settings + "diffEditor.ignoreTrimWhitespace": false, + "editor.formatOnSave": true, + "editor.minimap.renderCharacters": false, + "editor.minimap.showSlider": "always", + "explorer.confirmDelete": false, + "explorer.confirmDragAndDrop": false, + "explorer.confirmPasteNative": false, + "files.autoSave": "afterDelay", + "git.autofetch": true, + "git.confirmSync": false, + "git.fetchOnPull": true, + "git.pruneOnFetch": true, + "terminal.integrated.scrollback": 10000, + "update.mode": "none", + "workbench.colorTheme": "Default Dark+", + + // turns off all sounds and announcements + "accessibility.signals.terminalCommandFailed": { + "sound": "off", + "announcement": "off" + }, + "accessibility.signals.terminalQuickFix": { + "sound": "off", + "announcement": "off" + }, + "accessibility.signals.terminalBell": { + "sound": "off", + "announcement": "off" + }, + + // formatters + "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, + "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, + "[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, + "[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" }, + "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" }, + "[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" }, + + // spell check + "cSpell.enabled": true, + "cSpell.language": "en,en-US", + "cSpell.enableFiletypes": ["bat", "csv", "nix", "toml"], + "cSpell.userWords": ["Cahill", "syncthing"], + + // nix + "nix.enableLanguageServer": true, + "nix.serverPath": "nil", + + // force the use of rust-analyzer from dev shell + "rust-analyzer.server.path": "rust-analyzer", + "redhat.telemetry.enabled": true, + "gitlens.plusFeatures.enabled": false, + // new + "hediet.vscode-drawio.resizeImages": null +} diff --git a/users/richie/home/programs.nix b/users/richie/home/programs.nix new file mode 100644 index 0000000..2c3d44c --- /dev/null +++ b/users/richie/home/programs.nix @@ -0,0 +1,47 @@ +{ pkgs, inputs, ... }: +{ + home.packages = with pkgs; [ + # cli + bat + btop + eza + git + gnupg + ncdu + neofetch + rar + ripgrep + sops + starship + tmux + zoxide + # system info + hwloc + lynis + pciutils + smartmontools + usbutils + # networking + iperf3 + nmap + wget + # python + poetry + python312 + ruff + # Rust packages + trunk + wasm-pack + cargo-watch + cargo-generate + cargo-audit + cargo-update + # nix + nix-init + nix-output-monitor + nix-prefetch + nix-tree + nixpkgs-fmt + # inputs.system_tools.packages.x86_64-linux.default + ]; +} diff --git a/users/richie/home/ssh_config.nix b/users/richie/home/ssh_config.nix new file mode 100644 index 0000000..b74279e --- /dev/null +++ b/users/richie/home/ssh_config.nix @@ -0,0 +1,35 @@ +{ + programs.ssh = { + enable = true; + + matchBlocks = { + jeeves = { + hostname = "192.168.90.40"; + user = "richie"; + identityFile = "~/.ssh/id_ed25519"; + port = 629; + dynamicForwards = [ { port = 9050; } ]; + }; + jeevesjr = { + hostname = "192.168.90.35"; + user = "richie"; + identityFile = "~/.ssh/id_ed25519"; + port = 352; + dynamicForwards = [ { port = 9050; } ]; + }; + bob = { + hostname = "192.168.90.25"; + user = "richie"; + identityFile = "~/.ssh/id_ed25519"; + port = 262; + dynamicForwards = [ { port = 9050; } ]; + }; + rhapsody-in-green = { + hostname = "192.168.90.221"; + user = "richie"; + identityFile = "~/.ssh/id_ed25519"; + port = 922; + }; + }; + }; +} diff --git a/users/richie/systems/bob.nix b/users/richie/systems/bob.nix new file mode 100644 index 0000000..b1d9590 --- /dev/null +++ b/users/richie/systems/bob.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ../home/global.nix + ../home/gui + ]; +}