Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-17 13:08:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

bootstrapping

Browse Source
This commit is contained in:
Richie Cahill
2024-09-08 08:38:29 -04:00
parent fff6bc64a6
commit 56606d043d
42 changed files with 1562 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,51 @@
{
"cSpell.words": [
"alsa",
"bantime",
"btop",
"cachix",
"cgroupdriver",
"Compat",
"dialout",
"dotfiles",
"extest",
"gamemode",
"gamescope",
"hwloc",
"iperf",
"libglvnd",
"libmysqlclient",
"libsodium",
"libssh",
"libvirtd",
"lynis",
"mangohud",
"maxretry",
"maxtime",
"ncdu",
"neofetch",
"networkmanager",
"nixos",
"nixpkgs",
"nmap",
"overalljails",
"pciutils",
"pipewire",
"pkgs",
"plugdev",
"pulseaudio",
"ripgrep",
"rtkit",
"rycee",
"smartmontools",
"stdenv",
"substituters",
"uaccess",
"usbutils",
"virtualisation",
"wireshark",
"zerotier",
"zoxide",
"zstd"
]
}

161
flake.lock generated Normal file
View File

@@ -0,0 +1,161 @@
{
"nodes": {
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1725783932,
"narHash": "sha256-ZrDE5yqkgiv0F34w1QFz1oZnNnReW0PEA6vjO6gx4Uc=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "58ac93a2ade218ea5e4dae38246030c7342b1eb4",
"type": "gitlab"
},
"original": {
"dir": "pkgs/firefox-addons",
"owner": "rycee",
"repo": "nur-expressions",
"type": "gitlab"
}
},
"flake-utils": {
"locked": {
"lastModified": 1629284811,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725781935,
"narHash": "sha256-o6LRtdpgBTzev9n243Ktu3rn0/qsv0frFyJwU6vJsdE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ec4c6928bbacc89cf10e9c959a7a47cbaad95344",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1725716377,
"narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1725634671,
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1725407940,
"narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"sops-nix": "sops-nix",
"systems": "systems"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725765163,
"narHash": "sha256-rfd2c47iVSFI6bRYy5l8wRijRBaYDeU7dM8XCDUGqlA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "b68757cd2c3fa66d6ccaa0d046ce42a9324e0070",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

72
flake.nix Normal file
View File

@@ -0,0 +1,72 @@
{
description = "My NixOS/home-manager configuration.";
nixConfig = {
extra-substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
];
extra-trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU="
];
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
systems.url = "github:nix-systems/default-linux";
nixos-hardware.url = "github:nixos/nixos-hardware/master";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
home-manager,
systems,
...
} @ inputs: let
inherit (self) outputs;
lib = nixpkgs.lib // home-manager.lib;
forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system});
pkgsFor = lib.genAttrs (import systems) (
system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
}
);
in {
inherit lib;
overlays = import ./overlays {inherit inputs outputs;};
devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
formatter = forEachSystem (pkgs: pkgs.alejandra);
nixosConfigurations = {
bob = lib.nixosSystem {
modules = [./systems/bob];
specialArgs = {inherit inputs outputs;};
};
};
};
}

9
overlays/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{inputs, ...}: {
# When applied, the stable nixpkgs set (declared in the flake inputs) will be accessible through 'pkgs.stable'
stable = final: _prev: {
stable = import inputs.nixpkgs-stable {
system = final.system;
config.allowUnfree = true;
};
};
}

14
shell.nix Normal file
View File

@@ -0,0 +1,14 @@
{pkgs ? import <nixpkgs> {}, ...}: {
default = pkgs.mkShell {
NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
nativeBuildInputs = with pkgs; [
nix
home-manager
git
ssh-to-age
gnupg
age
];
};
}

104
systems/bob/default.nix Normal file
View File

@@ -0,0 +1,104 @@
{
inputs,
...
}:
{
imports = [
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
../../users/richie
../common/global
../common/optional/desktop.nix
../common/optional/steam.nix
../common/optional/syncthing_base.nix
../common/optional/systemd-boot.nix
../common/optional/zerotier.nix
./hardware.nix
./nvidia.nix
];
networking = {
hostName = "bob";
networkmanager.enable = true;
hostId = "7c678a41";
};
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
};
security.rtkit.enable = true;
services = {
displayManager.sddm.enable = true;
openssh.ports = [ 262 ];
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
syncthing.settings.folders = {
"notes" = {
id = "l62ul-lpweo"; # cspell:disable-line
path = "/home/richie/notes";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"books" = {
id = "6uppx-vadmy"; # cspell:disable-line
path = "/home/richie/books";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"important" = {
id = "4ckma-gtshs"; # cspell:disable-line
path = "/home/richie/important";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"music" = {
id = "vprc5-3azqc"; # cspell:disable-line
path = "/home/richie/music";
devices = [
"phone"
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
"projects" = {
id = "vyma6-lqqrz"; # cspell:disable-line
path = "/home/richie/projects";
devices = [
"jeeves"
"rhapsody-in-green"
];
fsWatcherEnabled = true;
};
};
};
system.stateVersion = "24.05";
}

65
systems/bob/hardware.nix Normal file
View File

@@ -0,0 +1,65 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
luks.devices = {
"luks-root-pool-nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2".device = "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_with_Heatsink_1TB_S73JNJ0X114418B-part2";
};
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = lib.mkDefault {
device = "root_pool/root";
fsType = "zfs";
};
"/home" = {
device = "root_pool/home";
fsType = "zfs";
};
"/var" = {
device = "root_pool/var";
fsType = "zfs";
};
"/boot" = {
device = "/dev/disk/by-uuid/609D-FF29";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
systems/bob/nvidia.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.production;
nvidiaSettings = true;
};
nvidia-container-toolkit.enable = true;
};
}

17
systems/common/docker_templates/file_server/sites/000-default.conf Normal file
View File

@@ -0,0 +1,17 @@
<VirtualHost *:80>
ServerAdmin admin@domain.com
DocumentRoot /data/
<Directory /data/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

38
systems/common/global/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{
lib,
inputs,
outputs,
...
}:
{
imports = [
inputs.home-manager.nixosModules.home-manager
./docker.nix
./fail2ban.nix
./libs.nix
./locale.nix
./nh.nix
./nix.nix
./programs.nix
./ssh.nix
];
security.auditd.enable = lib.mkDefault true;
programs = {
zsh.enable = true;
fish.enable = true;
};
users.mutableUsers = lib.mkDefault true;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs outputs;};
};
nixpkgs.config.allowUnfree = true;
hardware.enableRedistributableFirmware = true;
}

28
systems/common/global/docker.nix Normal file
View File

@@ -0,0 +1,28 @@
{ lib, ... }:
{
users = {
users.docker-service = {
isSystemUser = true;
group = "docker-service";
extraGroups = [ "docker" ];
uid = 600;
};
groups.docker-service = {
gid = 600;
};
};
virtualisation.docker = {
enable = lib.mkDefault true;
logDriver = "local";
storageDriver = "overlay2";
daemon.settings = {
experimental = true;
exec-opts = [ "native.cgroupdriver=systemd" ];
log-opts = {
max-size = "10m";
max-file = "5";
};
};
};
}

14
systems/common/global/fail2ban.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, lib, ... }:
{
services.fail2ban = {
enable = lib.mkIf config.networking.firewall.enable (lib.mkDefault true);
maxretry = 5;
bantime = "24h";
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
maxtime = "168h";
overalljails = true;
};
};
}

26
systems/common/global/libs.nix Normal file
View File

@@ -0,0 +1,26 @@
{ lib, pkgs, ... }:
{
programs.nix-ld = {
enable = lib.mkDefault true;
libraries = with pkgs; [
acl
attr
bzip2
curl
glib
libglvnd
libmysqlclient
libsodium
libssh
libxml2
openssl
stdenv.cc.cc
systemd
util-linux
xz
zlib
zlib-ng
zstd
];
};
}

21
systems/common/global/locale.nix Normal file
View File

@@ -0,0 +1,21 @@
{ lib, ... }:
{
time.timeZone = lib.mkDefault "America/New_York";
console.keyMap = lib.mkDefault "us";
i18n = {
defaultLocale = lib.mkDefault "en_US.utf8";
supportedLocales = lib.mkDefault [ "en_US.UTF-8/UTF-8" ];
extraLocaleSettings = lib.mkDefault {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

10
systems/common/global/nh.nix Normal file
View File

@@ -0,0 +1,10 @@
{
programs.nh = {
enable = true;
clean = {
enable = true;
dates = "weekly";
extraArgs = "--keep-since 7d --keep 3";
};
};
}

28
systems/common/global/nix.nix Normal file
View File

@@ -0,0 +1,28 @@
{
inputs,
lib,
...
}: let
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in {
nix = {
settings = {
trusted-users = [
"root"
"@wheel"
];
auto-optimise-store = lib.mkDefault true;
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
warn-dirty = false;
flake-registry = ""; # disable global flake registries
};
# Add each flake input as a registry and nix_path
registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
};
}

7
systems/common/global/programs.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
git
python312
];
}

71
systems/common/global/ssh.nix Normal file
View File

@@ -0,0 +1,71 @@
{ lib, ... }:
{
services.openssh = {
enable = lib.mkDefault true;
extraConfig = "StreamLocalBindUnlink yes";
hostKeys = [
{
bits = 4096;
path = "/etc/ssh/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/etc/ssh/ssh_host_ecdsa_key";
type = "ecdsa";
}
];
settings = {
AllowAgentForwarding = "no";
AllowTcpForwarding = lib.mkDefault "yes";
ChallengeResponseAuthentication = "no";
ClientAliveCountMax = lib.mkDefault 2;
Compression = "NO";
IgnoreRhosts = "yes";
LogLevel = lib.mkDefault "VERBOSE";
MaxAuthTries = 3;
MaxSessions = lib.mkDefault 2;
PasswordAuthentication = false;
PermitEmptyPasswords = "no";
PermitRootLogin = lib.mkForce "no";
TcpKeepAlive = "no";
X11Forwarding = lib.mkDefault false;
KexAlgorithms = [
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
Ciphers = [
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
"aes128-gcm@openssh.com"
"aes256-ctr"
"aes192-ctr"
"aes128-ctr"
];
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
};
};
services = {
endlessh-go = {
enable = lib.mkDefault true;
port = 22;
};
};
networking.firewall.allowedTCPPorts = [ 22 ];
}

12
systems/common/optional/desktop.nix Normal file
View File

@@ -0,0 +1,12 @@
{
services = {
desktopManager.plasma6.enable = true;
xserver = {
enable = true;
xkb = {
layout = "us";
variant = "";
};
};
};
}

7
systems/common/optional/libvirt.nix Normal file
View File

@@ -0,0 +1,7 @@
{
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
programs.dconf.enable = true;
}

17
systems/common/optional/steam.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [mangohud steam-run];
hardware.steam-hardware.enable = true;
programs = {
gamemode.enable = true;
steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
extraCompatPackages = with pkgs; [proton-ge-bin];
extest.enable = true;
};
};
}

18
systems/common/optional/syncthing_base.nix Normal file
View File

@@ -0,0 +1,18 @@
{
services.syncthing = {
enable = true;
user = "richie";
overrideDevices = true;
overrideFolders = true;
dataDir = "/home/richie/Syncthing";
configDir = "/home/richie/.config/syncthing";
settings = {
devices = {
phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line
jeeves.id = "7YQ4UEW-OPQEBH4-6YKJH4B-ZCE3SAX-5EIK5JL-WJDIWUA-WA2N3D5-MNK6GAV"; # cspell:disable-line
rhapsody-in-green.id = "INKUNKN-KILXGL5-2TQ5JTH-ORJOLOM-WYD2PYO-YRDLQIX-3AKZFWT-ZN7OJAE"; # cspell:disable-line
bob.id = "YP6UYKF-KFZ3FG3-5XM3XM3-5Q24AZS-LZK67PN-LAERKU2-K4WMYBH-N57ZBA5"; # cspell:disable-line
};
};
};
}

6
systems/common/optional/systemd-boot.nix Normal file
View File

@@ -0,0 +1,6 @@
{
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
}

19
systems/common/optional/update.nix Normal file
View File

@@ -0,0 +1,19 @@
{ lib, ... }:
{
services.autopull = {
enable = lib.mkDefault true;
repo.dotfiles = {
enable = lib.mkDefault true;
ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
path = lib.mkDefault /root/dotfiles;
};
};
system.autoUpgrade = {
enable = lib.mkDefault true;
flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h";
persistent = true;
flake = "github:RAD-Development/nix-dotfiles";
};
}

6
systems/common/optional/zerotier.nix Normal file
View File

@@ -0,0 +1,6 @@
{
services.zerotierone = {
enable = true;
joinNetworks = [ "e4da7455b2ae64ca" ];
};
}

29
users/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
lib,
config,
pkgs,
name,
publicKeys ? [ ],
defaultShell ? "zsh",
}:
{
inherit name;
isNormalUser = true;
shell = lib.mkIf config.programs.${defaultShell}.enable pkgs.${defaultShell};
hashedPasswordFile = config.sops.secrets."${name}/user-password".path or null;
openssh.authorizedKeys.keys = publicKeys;
extraGroups = [
"wheel"
"media"
(lib.mkIf config.networking.networkmanager.enable "networkmanager")
(lib.mkIf config.programs.adb.enable "adbusers")
(lib.mkIf config.programs.wireshark.enable "wireshark")
(lib.mkIf config.virtualisation.docker.enable "docker")
(lib.mkIf (with config.services.locate; (enable && package == pkgs.plocate)) "plocate")
"libvirtd"
"dialout"
"plugdev"
"uaccess"
];
}

32
users/richie/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{
pkgs,
config,
...
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
users.users.richie = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPtuYhiJHRTYhNaDmTcJOqJASk7D8mIn6u3F1IN5AFJ bob" # cspell:disable-line
];
extraGroups =
[
"audio"
"video"
"wheel"
]
++ ifTheyExist [
"dialout"
"docker"
"libvirtd"
"networkmanager"
"plugdev"
"uaccess"
"wireshark"
];
};
home-manager.users.richie = import ./systems/${config.networking.hostName}.nix;
}

9
users/richie/home/cli/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{
imports = [
./git.nix
./zsh.nix
./direnv.nix
];
programs.starship.enable = true;
}

8
users/richie/home/cli/direnv.nix Normal file
View File

@@ -0,0 +1,8 @@
{
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
}

7
users/richie/home/cli/git.nix Normal file
View File

@@ -0,0 +1,7 @@
{
programs.git = {
enable = true;
userEmail = "Richie@tmmworkshop.com";
userName = "Richie Cahill";
};
}

33
users/richie/home/cli/zsh.nix Normal file
View File

@@ -0,0 +1,33 @@
{
programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
history.size = 10000;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"docker"
"docker-compose"
"colored-man-pages"
"rust"
"systemd"
"tmux"
"ufw"
"z"
];
};
shellAliases = {
"sgc" = "sudo git -C /root/dotfiles";
## Utilities
"lrt" = "eza --icons -lsnew";
"ls" = "eza";
"ll" = "eza --long --group";
"la" = "eza --all";
"rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'";
"rebuild" = "sudo nixos-rebuild switch --flake /home/richie/projects/dotfiles#$HOST";
};
};
}

37
users/richie/home/global.nix Normal file
View File

@@ -0,0 +1,37 @@
{
lib,
pkgs,
config,
...
}: {
imports = [
./cli
./programs.nix
./ssh_config.nix
];
nix = {
package = lib.mkDefault pkgs.nix;
settings = {
experimental-features = [
"nix-command"
"flakes"
"ca-derivations"
];
};
};
programs = {
home-manager.enable = true;
git.enable = true;
};
home = {
username = lib.mkDefault "richie";
homeDirectory = lib.mkDefault "/home/${config.home.username}";
stateVersion = lib.mkDefault "24.05";
sessionVariables = {
FLAKE = "$HOME/Projects/dotfiles";
};
};
}

26
users/richie/home/gui/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ pkgs, ... }:
{
imports = [
./firefox.nix
./vscode
];
home.packages = with pkgs; [
beeper
candy-icons
nemo
nemo-fileroller
discord-canary
gimp
gparted
mediainfo
obs-studio
obsidian
proxychains
sweet-nova
util-linux
vlc
zoom-us
prusa-slicer
];
}

296
users/richie/home/gui/firefox.nix Normal file
View File

@@ -0,0 +1,296 @@
{
pkgs,
inputs,
...
}:
{
programs.firefox = {
enable = true;
profiles.richie = {
extensions = with inputs.firefox-addons.packages.x86_64-linux; [
bitwarden
darkreader
dearrow
fastforwardteam
return-youtube-dislikes
sponsorblock
ublock-origin
];
search.engines = {
"Nix Options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "type";
value = "packages";
}
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@o" ];
};
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@n" ];
};
};
search.force = true;
settings = {
# SECTION: FASTFOX
# GENERAL
"content.notify.interval" = 100000;
# GFX
"gfx.canvas.accelerated.cache-items" = 4096;
"gfx.canvas.accelerated.cache-size" = 512;
"gfx.content.skia-font-cache-size" = 20;
# DISK CACHE
"browser.cache.jsbc_compression_level" = 3;
# MEDIA CACHE
"media.memory_cache_max_size" = 65536;
"media.cache_readahead_limit" = 7200;
"media.cache_resume_threshold" = 3600;
# IMAGE CACHE
"image.mem.decode_bytes_at_a_time" = 32768;
# NETWORK
"network.buffer.cache.size" = 262144;
"network.buffer.cache.count" = 128;
"network.http.max-connections" = 1800;
"network.http.max-persistent-connections-per-server" = 10;
"network.http.max-urgent-start-excessive-connections-per-host" = 5;
"network.http.pacing.requests.enabled" = false;
"network.dnsCacheExpiration" = 3600;
"network.dns.max_high_priority_threads" = 8;
"network.ssl_tokens_cache_capacity" = 10240;
# SPECULATIVE LOADING
"network.dns.disablePrefetch" = true;
"network.prefetch-next" = false;
"network.predictor.enabled" = false;
# EXPERIMENTAL
"layout.css.grid-template-masonry-value.enabled" = true;
"dom.enable_web_task_scheduling" = true;
"layout.css.has-selector.enabled" = true;
"dom.security.sanitizer.enabled" = true;
# SECTION: SECUREFOX
# TRACKING PROTECTION
"browser.contentblocking.category" = "strict";
"urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com";
"urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com";
"network.cookie.sameSite.noneRequiresSecure" = true;
"browser.download.start_downloads_in_tmp_dir" = true;
"browser.helperApps.deleteTempFileOnExit" = true;
"browser.uitour.enabled" = false;
"privacy.globalprivacycontrol.enabled" = true;
# OCSP & CERTS / HPKP
"security.OCSP.enabled" = 0;
"security.remote_settings.crlite_filters.enabled" = true;
"security.pki.crlite_mode" = 2;
# SSL / TLS
"security.ssl.treat_unsafe_negotiation_as_broken" = true;
"browser.xul.error_pages.expert_bad_cert" = true;
"security.tls.enable_0rtt_data" = false;
# DISK AVOIDANCE
"browser.privatebrowsing.forceMediaMemoryCache" = true;
"browser.sessionstore.interval" = 60000;
# SHUTDOWN & SANITIZING
"privacy.history.custom" = true;
# SEARCH / URL BAR
"browser.search.separatePrivateDefault.ui.enabled" = true;
"browser.urlbar.update2.engineAliasRefresh" = true;
# PREF: restore search engine suggestions
"browser.search.suggest.enabled" = true;
"browser.urlbar.suggest.quicksuggest.sponsored" = false;
"browser.urlbar.suggest.quicksuggest.nonsponsored" = false;
"browser.formfill.enable" = false;
"security.insecure_connection_text.enabled" = true;
"security.insecure_connection_text.pbmode.enabled" = true;
"network.IDN_show_punycode" = true;
# HTTPS-FIRST POLICY
"dom.security.https_first" = true;
"dom.security.https_first_schemeless" = true;
# PASSWORDS
"signon.formlessCapture.enabled" = false;
"signon.rememberSignons" = false;
"signon.privateBrowsingCapture.enabled" = false;
"network.auth.subresource-http-auth-allow" = 1;
"editor.truncate_user_pastes" = false;
# MIXED CONTENT + CROSS-SITE
"security.mixed_content.block_display_content" = true;
"security.mixed_content.upgrade_display_content" = true;
"security.mixed_content.upgrade_display_content.image" = true;
"pdfjs.enableScripting" = false;
"extensions.postDownloadThirdPartyPrompt" = false;
# HEADERS / REFERERS
"network.http.referer.XOriginTrimmingPolicy" = 2;
# CONTAINERS
"privacy.userContext.ui.enabled" = true;
# WEBRTC
"media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
"media.peerconnection.ice.default_address_only" = true;
# SAFE BROWSING
"browser.safebrowsing.downloads.remote.enabled" = false;
# MOZILLA
# PREF: allow websites to ask you to receive site notifications
"permissions.default.desktop-notification" = 0; # allow websites to ask
# PREF: allow websites to ask you for your location
"permissions.default.geo" = 0;
"geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"permissions.manager.defaultsUrl" = "";
"webchannel.allowObject.urlWhitelist" = "";
# TELEMETRY
"datareporting.policy.dataSubmissionEnabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.server" = "data:,";
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.updatePing.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.coverage.opt-out" = true;
"toolkit.coverage.opt-out" = true;
"toolkit.coverage.endpoint.base" = "";
"browser.ping-centre.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
# EXPERIMENTS
"app.shield.optoutstudies.enabled" = false;
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
# CRASH REPORTS
"breakpad.reportURL" = "";
"browser.tabs.crashReporting.sendReport" = false;
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
# DETECTION
"captivedetect.canonicalURL" = "";
"network.captive-portal-service.enabled" = false;
"network.connectivity-service.enabled" = false;
# SECTION: PESKYFOX
# MOZILLA UI
"browser.privatebrowsing.vpnpromourl" = "";
"extensions.getAddons.showPane" = false;
"extensions.htmlaboutaddons.recommendations.enabled" = false;
"browser.discovery.enabled" = false;
"browser.shell.checkDefaultBrowser" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
"browser.preferences.moreFromMozilla" = false;
"browser.tabs.tabmanager.enabled" = false;
"browser.aboutConfig.showWarning" = false;
"browser.aboutwelcome.enabled" = false;
# THEME ADJUSTMENTS
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.compactmode.show" = true;
"browser.display.focus_ring_on_anything" = true;
"browser.display.focus_ring_style" = 0;
"browser.display.focus_ring_width" = 0;
"layout.css.prefers-color-scheme.content-override" = 2;
# COOKIE BANNER HANDLING
"cookiebanners.service.mode" = 1;
"cookiebanners.service.mode.privateBrowsing" = 1;
# FULLSCREEN NOTICE
"full-screen-api.transition-duration.enter" = "0 0";
"full-screen-api.transition-duration.leave" = "0 0";
"full-screen-api.warning.delay" = -1;
"full-screen-api.warning.timeout" = 0;
# URL BAR
"browser.urlbar.suggest.calculator" = true;
"browser.urlbar.unitConversion.enabled" = true;
"browser.urlbar.trending.featureGate" = false;
# NEW TAB PAGE
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
# POCKET
"extensions.pocket.enabled" = false;
# DOWNLOADS
"browser.download.always_ask_before_handling_new_types" = true;
"browser.download.manager.addToRecentDocs" = false;
# PDF
"browser.download.open_pdf_attachments_inline" = true;
# TAB BEHAVIOR
"browser.bookmarks.openInTabClosesMenu" = false;
"browser.menu.showViewImageInfo" = true;
"findbar.highlightAll" = true;
"layout.word_select.eat_space_to_next_word" = false;
# SECTION: MY OVERRIDES
"browser.startup.homepage" = "https://google.com";
"identity.fxaccounts.enabled" = false;
# SECTION SMOOTHFOX
# OPTION: SHARPEN SCROLLING *
"apz.overscroll.enabled" = true; # DEFAULT NON-LINUX
"mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5
"general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50
"general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25
"general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4
};
};
};
}

17
users/richie/home/gui/vscode/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, pkgs, ... }:
let
vscode_dir = "/home/richie/projects/nix-dotfiles/users/richie/home/gui/vscode";
in
{
# mutable symlinks to key binds and settings
xdg.configFile."Code/User/settings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json";
xdg.configFile."Code/User/keybindings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json";
home.packages = with pkgs; [ nil ];
programs.vscode = {
enable = true;
package = pkgs.vscode;
mutableExtensionsDir = true;
};
}

68
users/richie/home/gui/vscode/extension_manager.py Normal file
View File

@@ -0,0 +1,68 @@
from subprocess import run
def get_installed_extensions():
process = run("code --list-extensions".split(), check=True, capture_output=True)
return set(process.stdout.decode("utf-8").strip().split("\n"))
def main():
print("starting vscode extension manager")
extensions = {
# vscode
"ms-azuretools.vscode-docker",
"ms-vscode-remote.remote-containers",
"ms-vscode-remote.remote-ssh-edit",
"ms-vscode-remote.remote-ssh",
"ms-vscode.hexeditor",
"ms-vscode.remote-explorer",
"ms-vsliveshare.vsliveshare",
"oderwat.indent-rainbow",
"usernamehw.errorlens",
# git
"codezombiech.gitignore",
"eamodio.gitlens",
"gitHub.vscode-github-actions",
# python
"charliermarsh.ruff",
"ms-python.python",
"ms-python.vscode-pylance",
"ms-python.debugpy",
# rust
"rust-lang.rust-analyzer",
# MD
"davidanson.vscode-markdownlint",
"yzhang.markdown-all-in-one",
# configs
"redhat.vscode-yaml",
"tamasfe.even-better-toml",
# shell
"timonwong.shellcheck",
"foxundermoon.shell-format",
# nix
"jnoortheen.nix-ide",
# database
"mtxr.sqltools-driver-pg",
"mtxr.sqltools",
# other
"esbenp.prettier-vscode",
"mechatroner.rainbow-csv",
"streetsidesoftware.code-spell-checker",
"supermaven.supermaven",
}
installed_extensions = get_installed_extensions()
missing_extensions = extensions.difference(installed_extensions)
for extension in missing_extensions:
run(f"code --install-extension {extension} --force".split(), check=True)
if extra_extensions := installed_extensions.difference(extensions):
print(f"Extra extensions installed: {extra_extensions}")
print("vscode extension manager finished")
if __name__ == "__main__":
main()

20
users/richie/home/gui/vscode/keybindings.json Normal file
View File

@@ -0,0 +1,20 @@
[
{
"key": "shift+alt+f",
"command": "editor.action.formatDocument",
"when": "editorHasDocumentFormattingProvider && editorTextFocus && !editorReadonly && !inCompositeEditor"
},
{
"key": "alt+a d",
"command": "cSpell.addWordToWorkspaceSettings"
},
{
"key": "ctrl+shift+`",
"command": "workbench.action.createTerminalEditor"
},
{
"key": "ctrl+shift+`",
"command": "-workbench.action.terminal.new",
"when": "terminalProcessSupported || terminalWebExtensionContributedProfile"
}
]

57
users/richie/home/gui/vscode/settings.json Normal file
View File

@@ -0,0 +1,57 @@
{
// vscode settings
"diffEditor.ignoreTrimWhitespace": false,
"editor.formatOnSave": true,
"editor.minimap.renderCharacters": false,
"editor.minimap.showSlider": "always",
"explorer.confirmDelete": false,
"explorer.confirmDragAndDrop": false,
"explorer.confirmPasteNative": false,
"files.autoSave": "afterDelay",
"git.autofetch": true,
"git.confirmSync": false,
"git.fetchOnPull": true,
"git.pruneOnFetch": true,
"terminal.integrated.scrollback": 10000,
"update.mode": "none",
"workbench.colorTheme": "Default Dark+",
// turns off all sounds and announcements
"accessibility.signals.terminalCommandFailed": {
"sound": "off",
"announcement": "off"
},
"accessibility.signals.terminalQuickFix": {
"sound": "off",
"announcement": "off"
},
"accessibility.signals.terminalBell": {
"sound": "off",
"announcement": "off"
},
// formatters
"[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" },
"[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" },
"[python]": { "editor.defaultFormatter": "charliermarsh.ruff" },
"[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" },
// spell check
"cSpell.enabled": true,
"cSpell.language": "en,en-US",
"cSpell.enableFiletypes": ["bat", "csv", "nix", "toml"],
"cSpell.userWords": ["Cahill", "syncthing"],
// nix
"nix.enableLanguageServer": true,
"nix.serverPath": "nil",
// force the use of rust-analyzer from dev shell
"rust-analyzer.server.path": "rust-analyzer",
"redhat.telemetry.enabled": true,
"gitlens.plusFeatures.enabled": false,
// new
"hediet.vscode-drawio.resizeImages": null
}

47
users/richie/home/programs.nix Normal file
View File

@@ -0,0 +1,47 @@
{ pkgs, inputs, ... }:
{
home.packages = with pkgs; [
# cli
bat
btop
eza
git
gnupg
ncdu
neofetch
rar
ripgrep
sops
starship
tmux
zoxide
# system info
hwloc
lynis
pciutils
smartmontools
usbutils
# networking
iperf3
nmap
wget
# python
poetry
python312
ruff
# Rust packages
trunk
wasm-pack
cargo-watch
cargo-generate
cargo-audit
cargo-update
# nix
nix-init
nix-output-monitor
nix-prefetch
nix-tree
nixpkgs-fmt
# inputs.system_tools.packages.x86_64-linux.default
];
}

35
users/richie/home/ssh_config.nix Normal file
View File

@@ -0,0 +1,35 @@
{
programs.ssh = {
enable = true;
matchBlocks = {
jeeves = {
hostname = "192.168.90.40";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 629;
dynamicForwards = [ { port = 9050; } ];
};
jeevesjr = {
hostname = "192.168.90.35";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 352;
dynamicForwards = [ { port = 9050; } ];
};
bob = {
hostname = "192.168.90.25";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 262;
dynamicForwards = [ { port = 9050; } ];
};
rhapsody-in-green = {
hostname = "192.168.90.221";
user = "richie";
identityFile = "~/.ssh/id_ed25519";
port = 922;
};
};
};
}

6
users/richie/systems/bob.nix Normal file
View File

@@ -0,0 +1,6 @@
{
imports = [
../home/global.nix
../home/gui
];
}