From fb13b01ffd80b0e8ba33d5a4e8e9e2f3bec45dea Mon Sep 17 00:00:00 2001 From: irl Date: Fri, 6 Jun 2025 11:08:48 +0100 Subject: [PATCH 01/37] feat: don't use gpg-agent for ssh --- nixos/hosts/laptop/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/hosts/laptop/default.nix b/nixos/hosts/laptop/default.nix index f81eb56..21e6574 100644 --- a/nixos/hosts/laptop/default.nix +++ b/nixos/hosts/laptop/default.nix @@ -53,7 +53,7 @@ hardware.gpgSmartcards.enable = true; programs.gnupg.agent = { enable = true; - enableSSHSupport = true; + # enableSSHSupport = true; }; system.stateVersion = "25.05"; From 4bb4ec3db45c03bf25fd4da591f2829851c95739 Mon Sep 17 00:00:00 2001 From: irl Date: Fri, 6 Jun 2025 11:09:23 +0100 Subject: [PATCH 02/37] feat: get firefox extensions from nur --- flake.lock | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 23 +++++++++++++----- home/irl.nix | 14 +++++++---- 3 files changed, 92 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8f53cb4..25e4a8a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -53,11 +74,34 @@ "type": "github" } }, + "nur": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1749201010, + "narHash": "sha256-haiPLogZwEFQTrIarZD92LUK7ScIcMbtEzPlcC988Qk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "17efc5275a8f21e2b48f39ecade74cdaff3ba411", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "root": { "inputs": { "flake-utils": "flake-utils", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "nur": "nur" } }, "systems": { @@ -74,6 +118,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index abb88e1..b11dd26 100644 --- a/flake.nix +++ b/flake.nix @@ -8,16 +8,17 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - # nur = { - # url = "github:nix-community/NUR"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { nixpkgs, flake-utils, home-manager, + nur, ... }: { @@ -36,11 +37,21 @@ formatter = nixpkgs.legacyPackages.${system}.nixfmt-rfc-style; packages.homeConfigurations = { irl = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { inherit system; }; + pkgs = import nixpkgs { + inherit system; + overlays = [ + nur.overlay + ]; + }; modules = [ ./home/irl.nix ]; }; irl-gui = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { inherit system; }; + pkgs = import nixpkgs { + inherit system; + overlays = [ + nur.overlay + ]; + }; modules = [ ./home/irl.nix { diff --git a/home/irl.nix b/home/irl.nix index a0470d3..8da7d4d 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -39,11 +39,15 @@ in enable = true; profiles.irl = { extensions = { - # packages = with pkgs.nur.repos.rycee.firefox-addons; [ - # bitwarden - # kagi-search - # privacy-badger - # ]; + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + kagi-search + privacy-badger + ]; + }; + settings = { + "extensions.autoDisableScope" = 0; }; }; }; From 1cd9bccbbbabbf44f22cdbb3cac7310d16965451 Mon Sep 17 00:00:00 2001 From: Abel Luck Date: Fri, 6 Jun 2025 12:08:49 +0200 Subject: [PATCH 03/37] feat: use only supported systems, use home config at top level fixes nix flake check --- flake.nix | 60 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/flake.nix b/flake.nix index b11dd26..8f88899 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,14 @@ nur, ... }: + let + supportedSystems = [ + "x86_64-linux" + "aarch64-darwin" + "aarch64-linux" + ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + in { nixosConfigurations = { laptop = nixpkgs.lib.nixosSystem { @@ -32,33 +40,33 @@ ]; }; }; + homeConfigurations = nixpkgs.lib.foldl' ( + acc: system: + acc + // { + "irl-${system}" = home-manager.lib.homeManagerConfiguration { + pkgs = import nixpkgs { + inherit system; + overlays = [ nur.overlay ]; + }; + modules = [ ./home/irl.nix ]; + }; + "irl-gui-${system}" = home-manager.lib.homeManagerConfiguration { + pkgs = import nixpkgs { + inherit system; + overlays = [ nur.overlay ]; + }; + modules = [ + ./home/irl.nix + { + irl.gui-packages = true; + } + ]; + }; + } + ) { } supportedSystems; } - // flake-utils.lib.eachSystem flake-utils.lib.allSystems (system: { + // flake-utils.lib.eachSystem supportedSystems (system: { formatter = nixpkgs.legacyPackages.${system}.nixfmt-rfc-style; - packages.homeConfigurations = { - irl = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { - inherit system; - overlays = [ - nur.overlay - ]; - }; - modules = [ ./home/irl.nix ]; - }; - irl-gui = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { - inherit system; - overlays = [ - nur.overlay - ]; - }; - modules = [ - ./home/irl.nix - { - irl.gui-packages = true; - } - ]; - }; - }; }); } From 6e8d58e5ac0294e87b9ed68e1914d8a8632af09d Mon Sep 17 00:00:00 2001 From: irl Date: Sat, 7 Jun 2025 13:50:57 +0100 Subject: [PATCH 04/37] feat: use new nur overlay nur.overlay -> nur.overlays.default --- flake.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 8f88899..52bd761 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,9 @@ "aarch64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + overlays = [ + nur.overlays.default + ]; in { nixosConfigurations = { @@ -46,15 +49,13 @@ // { "irl-${system}" = home-manager.lib.homeManagerConfiguration { pkgs = import nixpkgs { - inherit system; - overlays = [ nur.overlay ]; + inherit system overlays; }; modules = [ ./home/irl.nix ]; }; "irl-gui-${system}" = home-manager.lib.homeManagerConfiguration { pkgs = import nixpkgs { - inherit system; - overlays = [ nur.overlay ]; + inherit system overlays; }; modules = [ ./home/irl.nix From f655c56b2221005ca2dab1cd918b4650a7e7d630 Mon Sep 17 00:00:00 2001 From: irl Date: Sat, 7 Jun 2025 13:52:26 +0100 Subject: [PATCH 05/37] feat: use /Users/irl for home on darwin --- home/irl.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/irl.nix b/home/irl.nix index 8da7d4d..0b301ea 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -13,7 +13,8 @@ in config = { home.username = "irl"; - home.homeDirectory = "/home/irl"; + home.homeDirectory = + if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; home.stateVersion = "25.05"; home.packages = with pkgs; [ fish From c03c84015473e9661c10bdaab9147ce34f5969c4 Mon Sep 17 00:00:00 2001 From: irl Date: Sat, 7 Jun 2025 14:32:45 +0100 Subject: [PATCH 06/37] fix: use new per-system target for hms alias --- home/irl.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home/irl.nix b/home/irl.nix index 0b301ea..0ec4a87 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -24,7 +24,9 @@ in ]; home.shellAliases = { hms = - "home-manager switch --flake ~/.config/nix-configs#irl" + (if cfg.gui-packages then "-gui" else ""); + "home-manager switch --flake ~/.config/nix-configs#irl" + + (if cfg.gui-packages then "-gui" else "") + + "-${pkgs.system}"; }; programs.bash = { enable = true; From 3b810aebc06397534153deb04bd49a1ddfc32d5a Mon Sep 17 00:00:00 2001 From: irl Date: Sat, 7 Jun 2025 15:44:01 +0100 Subject: [PATCH 07/37] feat: adding rust lsp to neovim --- home/irl.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/home/irl.nix b/home/irl.nix index 0ec4a87..dde5137 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -19,6 +19,7 @@ in home.packages = with pkgs; [ fish neofetch + rust-analyzer starship tree ]; @@ -93,8 +94,47 @@ in vimdiffAlias = true; plugins = with pkgs.vimPlugins; [ bufferline-nvim + nvim-lspconfig nvim-treesitter.withAllGrammars ]; + extraLuaConfig = '' + vim.lsp.config('rust_analyzer', { + settings = { + ['rust-analyzer'] = {}, + }, + }) + vim.api.nvim_create_autocmd('LspAttach', { + group = vim.api.nvim_create_augroup('my.lsp', {}), + callback = function(args) + local client = assert(vim.lsp.get_client_by_id(args.data.client_id)) + if client:supports_method('textDocument/implementation') then + -- Create a keymap for vim.lsp.buf.implementation ... + end + + -- Enable auto-completion. Note: Use CTRL-Y to select an item. |complete_CTRL-Y| + if client:supports_method('textDocument/completion') then + -- Optional: trigger autocompletion on EVERY keypress. May be slow! + -- local chars = {}; for i = 32, 126 do table.insert(chars, string.char(i)) end + -- client.server_capabilities.completionProvider.triggerCharacters = chars + + vim.lsp.completion.enable(true, client.id, args.buf, {autotrigger = true}) + end + + -- Auto-format ("lint") on save. + -- Usually not needed if server supports "textDocument/willSaveWaitUntil". + if not client:supports_method('textDocument/willSaveWaitUntil') + and client:supports_method('textDocument/formatting') then + vim.api.nvim_create_autocmd('BufWritePre', { + group = vim.api.nvim_create_augroup('my.lsp', {clear=false}), + buffer = args.buf, + callback = function() + vim.lsp.buf.format({ bufnr = args.buf, id = client.id, timeout_ms = 1000 }) + end, + }) + end + end, + }) + ''; }; programs.starship = { enable = true; From 0c28afc6c5f392b086efdfd76565d4a6d9e94bee Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 10 Jun 2025 21:40:49 +0100 Subject: [PATCH 08/37] feat: move users and base packages to common.nix --- nixos/common.nix | 20 +++++++++++++++++++- nixos/hosts/laptop/default.nix | 18 ------------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nixos/common.nix b/nixos/common.nix index fac3781..1a7869c 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { nix.settings.experimental-features = "nix-command flakes"; @@ -18,4 +18,22 @@ LC_TELEPHONE = "en_GB.UTF-8"; LC_TIME = "en_GB.UTF-8"; }; + + users.users.irl = { + isNormalUser = true; + description = "irl"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + }; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = with pkgs; [ + curl + home-manager + neovim + wget + ]; } diff --git a/nixos/hosts/laptop/default.nix b/nixos/hosts/laptop/default.nix index 21e6574..6c87681 100644 --- a/nixos/hosts/laptop/default.nix +++ b/nixos/hosts/laptop/default.nix @@ -32,24 +32,6 @@ pulse.enable = true; }; - users.users.irl = { - isNormalUser = true; - description = "irl"; - extraGroups = [ - "networkmanager" - "wheel" - ]; - }; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = with pkgs; [ - curl - home-manager - neovim - wget - ]; - hardware.gpgSmartcards.enable = true; programs.gnupg.agent = { enable = true; From f2712b48227599d378ffea8eb43b5a36b49e7a13 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 10 Jun 2025 21:45:02 +0100 Subject: [PATCH 09/37] feat: new host homeserver --- flake.lock | 37 ++++++++++++++ flake.nix | 18 ++++++- nixos/hosts/homeserver/default.nix | 29 +++++++++++ .../homeserver/hardware-configuration.nix | 51 +++++++++++++++++++ 4 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 nixos/hosts/homeserver/default.nix create mode 100644 nixos/hosts/homeserver/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index 25e4a8a..042f8d1 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,41 @@ { "nodes": { + "apple-silicon": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748659443, + "narHash": "sha256-dav2hzyCmXZ3n6lEZrfZBG51+g6PUhkzRl3d6Ypd9x0=", + "owner": "tpwrules", + "repo": "nixos-apple-silicon", + "rev": "3ddc251d2acce5019b0fa770e224d068610a34e4", + "type": "github" + }, + "original": { + "owner": "tpwrules", + "repo": "nixos-apple-silicon", + "type": "github" + } + }, + "flake-compat": { + "locked": { + "lastModified": 1688025799, + "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -98,6 +134,7 @@ }, "root": { "inputs": { + "apple-silicon": "apple-silicon", "flake-utils": "flake-utils", "home-manager": "home-manager", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 52bd761..9caea5f 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,10 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs"; + apple-silicon = { + url = "github:tpwrules/nixos-apple-silicon"; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-utils.url = "github:numtide/flake-utils"; home-manager = { url = "github:nix-community/home-manager"; @@ -16,11 +20,12 @@ outputs = { nixpkgs, + apple-silicon, flake-utils, home-manager, nur, ... - }: + }@inputs: let supportedSystems = [ "x86_64-linux" @@ -29,6 +34,7 @@ ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; overlays = [ + apple-silicon.overlays.apple-silicon-overlay nur.overlays.default ]; in @@ -42,6 +48,16 @@ ./nixos/hosts/laptop/hardware-configuration.nix ]; }; + homeserver = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./nixos/common.nix + ./nixos/hosts/homeserver/default.nix + ./nixos/hosts/homeserver/hardware-configuration.nix + apple-silicon.nixosModules.apple-silicon-support + ]; + specialArgs = inputs; + }; }; homeConfigurations = nixpkgs.lib.foldl' ( acc: system: diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix new file mode 100644 index 0000000..9c2b076 --- /dev/null +++ b/nixos/hosts/homeserver/default.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + pkgs, + apple-silicon, + ... +}: + +{ + nixpkgs.overlays = [ apple-silicon.overlays.apple-silicon-overlay ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = false; + + hardware.asahi.useExperimentalGPUDriver = true; + hardware.asahi.extractPeripheralFirmware = true; + + networking.hostName = "homeserver"; + networking.networkmanager.enable = true; + + services.xserver.xkb.layout = "us"; + + services.openssh.enable = true; + + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedUDPPorts = [ ]; + + system.stateVersion = "25.11"; +} diff --git a/nixos/hosts/homeserver/hardware-configuration.nix b/nixos/hosts/homeserver/hardware-configuration.nix new file mode 100644 index 0000000..aef56ac --- /dev/null +++ b/nixos/hosts/homeserver/hardware-configuration.nix @@ -0,0 +1,51 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "usb_storage" + "usbhid" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/d82c7bbb-e496-414c-a96b-4b4ca457bdfd"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/3B58-1BF7"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} From 916b2f83aead528100a76826313239469df1ddc5 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 10 Jun 2025 22:31:01 +0100 Subject: [PATCH 10/37] feat: enable ssh agent in home manager --- home/irl.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/irl.nix b/home/irl.nix index dde5137..45a0460 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -143,5 +143,6 @@ in enableTransience = true; }; programs.zellij.enable = true; + services.ssh-agent.enable = true; }; } From d3efa331f214692122fd024d4972cf6152178959 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 10 Jun 2025 22:41:38 +0100 Subject: [PATCH 11/37] feat: install irl's ssh key --- nixos/common.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/common.nix b/nixos/common.nix index 1a7869c..d3cae09 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -26,6 +26,9 @@ "networkmanager" "wheel" ]; + openssh.authorizedKeys.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJpoCJEax0XTNK6qfYfZV60euSwoc0RQ0bwFDQGMWYQnAAAABHNzaDo=" + ]; }; nixpkgs.config.allowUnfree = true; From 3bb3600c6bac9a58db8100e748fa19694fdfc359 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 10 Jun 2025 22:45:06 +0100 Subject: [PATCH 12/37] feat: disallow passwords for ssh --- nixos/hosts/homeserver/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index 9c2b076..efcb458 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -20,7 +20,12 @@ services.xserver.xkb.layout = "us"; - services.openssh.enable = true; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; + }; networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ ]; From 59901d65b976d4a998802d49bb8afd4ece32152c Mon Sep 17 00:00:00 2001 From: irl Date: Fri, 13 Jun 2025 10:56:42 +0100 Subject: [PATCH 13/37] feat: enable avahi to publish local name on homeserver --- nixos/hosts/homeserver/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index efcb458..30d460e 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -20,6 +20,15 @@ services.xserver.xkb.layout = "us"; + services.avahi = { + enable = true; + publish = { + enable = true; + addresses = true; + workstation = true; + }; + }; + services.openssh = { enable = true; settings.PasswordAuthentication = false; From b40c4d8d5796d1682355a93b3bce6390cd328493 Mon Sep 17 00:00:00 2001 From: irl Date: Fri, 13 Jun 2025 18:28:36 +0100 Subject: [PATCH 14/37] feat: add age to home packages --- home/irl.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/irl.nix b/home/irl.nix index 45a0460..fe7490e 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -17,6 +17,7 @@ in if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; home.stateVersion = "25.05"; home.packages = with pkgs; [ + age fish neofetch rust-analyzer From 6224c55ab445dbcc7cdc88238349dbcda39e6da3 Mon Sep 17 00:00:00 2001 From: irl Date: Fri, 13 Jun 2025 18:57:19 +0100 Subject: [PATCH 15/37] feat: set irl's password --- .sops.yaml | 13 +++++++++++++ flake.lock | 37 ++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++++ nixos/common.nix | 27 ++++++++++++++++++++++++++- secrets.yaml | 25 +++++++++++++++++++++++++ 5 files changed, 105 insertions(+), 2 deletions(-) create mode 100644 .sops.yaml create mode 100644 secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..b9340d2 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,13 @@ +keys: + - &users: + - &irl age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq + - &hosts: + - &homeserver age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *irl + - *homeserver + + diff --git a/flake.lock b/flake.lock index 042f8d1..6331e3b 100644 --- a/flake.lock +++ b/flake.lock @@ -110,6 +110,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": "flake-parts", @@ -138,7 +154,26 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "nur": "nur" + "nur": "nur", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", + "owner": "mic92", + "repo": "sops-nix", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", + "type": "github" + }, + "original": { + "owner": "mic92", + "repo": "sops-nix", + "type": "github" } }, "systems": { diff --git a/flake.nix b/flake.nix index 9caea5f..aa859b4 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; }; + sops-nix = { + url = "github:mic92/sops-nix"; + inputs.nix.follows = "nixpkgs"; + }; }; outputs = { @@ -24,6 +28,7 @@ flake-utils, home-manager, nur, + sops-nix, ... }@inputs: let diff --git a/nixos/common.nix b/nixos/common.nix index d3cae09..f670c0e 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,8 +1,30 @@ -{ pkgs, ... }: +{ + pkgs, + config, + sops-nix, + ... +}: { + imports = [ + sops-nix.nixosModules.sops + ]; + nix.settings.experimental-features = "nix-command flakes"; + sops = { + defaultSopsFile = ../secrets.yaml; + validateSopsFiles = false; + + age = { + sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + keyFile = "/var/lib/sops-nix/key.txt"; + generateKey = true; + }; + + secrets.irl-password.neededForUsers = true; + }; + time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; @@ -19,9 +41,12 @@ LC_TIME = "en_GB.UTF-8"; }; + users.mutableUsers = false; + users.users.irl = { isNormalUser = true; description = "irl"; + hashedPasswordFile = config.sops.secrets.irl-password.path; extraGroups = [ "networkmanager" "wheel" diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..57d61a2 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,25 @@ +irl-password: ENC[AES256_GCM,data:8DcPiZ9Ui40MaOaPJ5XmZI3M7XDqLtBqJKLEUnolMYuNoa6dDBF/IicokQO6zvNVw0G2DPVQwbKzgEaWtvnj+5rXm+QbyEVIKw==,iv:+qsf6VzsMzAj6A5B6TCQ/ZaYDt0EiZYwQ7gZg0sw2TM=,tag:3Xi5bSJ7rYEUUVIDuynHag==,type:str] +sops: + age: + - recipient: age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZmJkMlpoN2RRUEVVUCtS + cVl4T0grTit5TGtGUEM2MTlBRnQ2OWlWaEVrClErVm5uRzQySzNDM3J6dDFQY2U0 + cjlVS1NpTzdBQzgvSHJndmlxMWRmbUkKLS0tIHBtTkhSU1BTZHhMaXdZT0xiWWZD + ZXlLNjAzSVkxZWtDRjlUMHV5bnJXK3MKNGKAW7iq/Qfo1dAt3Zxjzu+PsjdtaYPG + a5Zvnazkm2dmuajldII/+xk4r/JewBZmeWdd37n2lUpbSisgcw0X5A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQTcxWkphbngrK3RMaEZF + UHU4ZURiVmNZdDhoR1l5YWVDZ1YvdlZWbndJCnRZd0tmR2lXcnA0V0dRaDZzZkg5 + YitPd01mbFc1VHVyTDl3Sk9UTGptclEKLS0tIEtWb0VNZWFLUmNZRDh3S0N4WmN0 + SlVKUDZWVEp2YmR4V3ArRW1GR1lXeTAKRJoawuTKrgrz6qeOSTmYLXO6n66QNPLA + C5UI4yB0WLeRxdqxU84a3rS2ZjgTh22RR0WwRe6siOaKOdS1G96DXw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-13T17:56:08Z" + mac: ENC[AES256_GCM,data:YjTPJ69gNE3MOxUq8X1H4ucqiJxIwRFBBLz0pu6nJgx64XDKe96qeiy7NLAnyJuzOgXpZxb6bm+ecf4E288Bq5NyqpWyrICXC37mSMMXTIoi+HZMHk/GYOAezfCHCBzJBKlJjTZhmslF1zu/4jGtUf/VTOCm+WTPDTUjVkzvwJ8=,iv:vsiDWLir7b/DmOgJFs9iuNxJxJAipdriP/XSPbm4MKU=,tag:aBXeQdetTepLNj/kl45McQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From 1e31fc3725c95f9bc69c208c788ca22dfd7dd53f Mon Sep 17 00:00:00 2001 From: irl Date: Fri, 13 Jun 2025 20:19:23 +0100 Subject: [PATCH 16/37] feat: adds audiobookshelf and calibre-server --- nixos/hosts/homeserver/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index 30d460e..76e28e9 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -18,8 +18,23 @@ networking.hostName = "homeserver"; networking.networkmanager.enable = true; + users.groups.media = { }; + users.users.media = { + group = "media"; + isNormalUser = true; + }; + services.xserver.xkb.layout = "us"; + services.audiobookshelf = { + enable = true; + group = "media"; + host = "0.0.0.0"; + openFirewall = true; + port = 8000; + user = "media"; + }; + services.avahi = { enable = true; publish = { @@ -29,6 +44,16 @@ }; }; + services.calibre-server = { + enable = true; + extraFlags = [ "--enable-local-write" ]; + group = "media"; + libraries = [ "/srv/books" ]; + openFirewall = true; + port = 8585; + user = "media"; + }; + services.openssh = { enable = true; settings.PasswordAuthentication = false; From b226969b390e968b54b3dc5dd9ed13192ab7671d Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 16 Jun 2025 21:35:02 +0100 Subject: [PATCH 17/37] feat: add tailscale to homeserver --- nixos/hosts/homeserver/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index 76e28e9..e1c2a20 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -61,6 +61,11 @@ settings.PermitRootLogin = "no"; }; + services.tailscale = { + enable = true; + useRoutingFeatures = "server"; + }; + networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedUDPPorts = [ ]; From b5a483f88d7ceb8be362f02460bd800978807804 Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 16 Jun 2025 21:36:15 +0100 Subject: [PATCH 18/37] feat: ptp link to synology and mount nfs volume --- nixos/hosts/homeserver/default.nix | 14 ++++++++++++++ .../hosts/homeserver/hardware-configuration.nix | 16 +++++++++------- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/nixos/hosts/homeserver/default.nix b/nixos/hosts/homeserver/default.nix index e1c2a20..fd75c8d 100644 --- a/nixos/hosts/homeserver/default.nix +++ b/nixos/hosts/homeserver/default.nix @@ -18,6 +18,16 @@ networking.hostName = "homeserver"; networking.networkmanager.enable = true; + fileSystems."/mnt/data" = { + device = "172.16.0.1:/volume1/data"; + fsType = "nfs"; + options = [ + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=600" + ]; + }; + users.groups.media = { }; users.users.media = { group = "media"; @@ -42,6 +52,10 @@ addresses = true; workstation = true; }; + allowInterfaces = [ + "end0" + "enp2s0u2" + ]; }; services.calibre-server = { diff --git a/nixos/hosts/homeserver/hardware-configuration.nix b/nixos/hosts/homeserver/hardware-configuration.nix index aef56ac..8693644 100644 --- a/nixos/hosts/homeserver/hardware-configuration.nix +++ b/nixos/hosts/homeserver/hardware-configuration.nix @@ -39,13 +39,15 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + networking.interfaces = { + end0.useDHCP = lib.mkDefault true; + enp2s0u2.ipv4.addresses = [ + { + address = "172.16.0.2"; + prefixLength = 24; + } + ]; + }; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } From 89fa2eea02afc4cc46f3694dea51ee1f5773e3dc Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:23:14 +0100 Subject: [PATCH 19/37] feat: more useful nvim --- home/irl.nix | 46 ++++++++-------------------------------------- 1 file changed, 8 insertions(+), 38 deletions(-) diff --git a/home/irl.nix b/home/irl.nix index fe7490e..1f40356 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -20,6 +20,7 @@ in age fish neofetch + nil rust-analyzer starship tree @@ -95,46 +96,15 @@ in vimdiffAlias = true; plugins = with pkgs.vimPlugins; [ bufferline-nvim - nvim-lspconfig - nvim-treesitter.withAllGrammars + lualine-nvim + nvim-lspconfig + nvim-web-devicons ]; extraLuaConfig = '' - vim.lsp.config('rust_analyzer', { - settings = { - ['rust-analyzer'] = {}, - }, - }) - vim.api.nvim_create_autocmd('LspAttach', { - group = vim.api.nvim_create_augroup('my.lsp', {}), - callback = function(args) - local client = assert(vim.lsp.get_client_by_id(args.data.client_id)) - if client:supports_method('textDocument/implementation') then - -- Create a keymap for vim.lsp.buf.implementation ... - end - - -- Enable auto-completion. Note: Use CTRL-Y to select an item. |complete_CTRL-Y| - if client:supports_method('textDocument/completion') then - -- Optional: trigger autocompletion on EVERY keypress. May be slow! - -- local chars = {}; for i = 32, 126 do table.insert(chars, string.char(i)) end - -- client.server_capabilities.completionProvider.triggerCharacters = chars - - vim.lsp.completion.enable(true, client.id, args.buf, {autotrigger = true}) - end - - -- Auto-format ("lint") on save. - -- Usually not needed if server supports "textDocument/willSaveWaitUntil". - if not client:supports_method('textDocument/willSaveWaitUntil') - and client:supports_method('textDocument/formatting') then - vim.api.nvim_create_autocmd('BufWritePre', { - group = vim.api.nvim_create_augroup('my.lsp', {clear=false}), - buffer = args.buf, - callback = function() - vim.lsp.buf.format({ bufnr = args.buf, id = client.id, timeout_ms = 1000 }) - end, - }) - end - end, - }) + vim.opt.termguicolors = true + require("bufferline").setup{} + require('lualine').setup{} + vim.lsp.enable("nil") ''; }; programs.starship = { From a3c711254996790ed0d5e630d1962948b47aab15 Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:26:07 +0100 Subject: [PATCH 20/37] feat: install element-desktop --- home/irl.nix | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/home/irl.nix b/home/irl.nix index 1f40356..d784587 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -16,15 +16,20 @@ in home.homeDirectory = if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; home.stateVersion = "25.05"; - home.packages = with pkgs; [ - age - fish - neofetch - nil - rust-analyzer - starship - tree - ]; + home.packages = + with pkgs; + [ + age + fish + neofetch + nil + rust-analyzer + starship + tree + ] + ++ lib.optionals cfg.gui-packages [ + element-desktop + ]; home.shellAliases = { hms = "home-manager switch --flake ~/.config/nix-configs#irl" From ea6e162cabfc2b391db53f0e3dbdf246775e7020 Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:26:21 +0100 Subject: [PATCH 21/37] feat: recap firefox extension --- home/irl.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/irl.nix b/home/irl.nix index d784587..0ad3fd3 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -55,6 +55,7 @@ in bitwarden kagi-search privacy-badger + recap ]; }; settings = { From 005ffbf6a635288571a8e5edd4e1268f800ae41f Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:28:53 +0100 Subject: [PATCH 22/37] lint: fmt nvim config --- home/irl.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/home/irl.nix b/home/irl.nix index 0ad3fd3..b57ea23 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -102,15 +102,15 @@ in vimdiffAlias = true; plugins = with pkgs.vimPlugins; [ bufferline-nvim - lualine-nvim - nvim-lspconfig - nvim-web-devicons + lualine-nvim + nvim-lspconfig + nvim-web-devicons ]; extraLuaConfig = '' vim.opt.termguicolors = true require("bufferline").setup{} - require('lualine').setup{} - vim.lsp.enable("nil") + require('lualine').setup{} + vim.lsp.enable("nil") ''; }; programs.starship = { From 6befd7d922abbc7e5d3ef3d3a6eeb70ad674f466 Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:29:07 +0100 Subject: [PATCH 23/37] lint: remove unused config --- home/irl.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/home/irl.nix b/home/irl.nix index b57ea23..274f0f6 100644 --- a/home/irl.nix +++ b/home/irl.nix @@ -119,7 +119,5 @@ in enableInteractive = true; enableTransience = true; }; - programs.zellij.enable = true; - services.ssh-agent.enable = true; }; } From 0e8d08d0c5f301bedfc48c72ad6e0ec1c5c59d45 Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:31:06 +0100 Subject: [PATCH 24/37] feat: initial darwin config --- darwin/common.nix | 63 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 darwin/common.nix diff --git a/darwin/common.nix b/darwin/common.nix new file mode 100644 index 0000000..db6675c --- /dev/null +++ b/darwin/common.nix @@ -0,0 +1,63 @@ +{ + pkgs, + lib, + nix-darwin, + ... +}: +{ + environment.systemPackages = with pkgs; [ + discord + home-manager + jetbrains.clion + jetbrains.idea-ultimate + jetbrains.pycharm-professional + jetbrains.webstorm + ]; + + environment.darwinConfig = "/Users/irl/.config/nix-configs"; + + nix = { + package = pkgs.nix; + settings = { + "extra-experimental-features" = [ + "nix-command" + "flakes" + ]; + }; + }; + + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "clion" + "discord" + "idea-ultimate" + "pycharm-professional" + "webstorm" + ]; + + homebrew = { + enable = true; + + casks = [ + "affinity-designer" + "affinity-photo" + "affinity-publisher" + "fantastical" + "ghostty" + "notion" + "obsidian" + "tor-browser" + "vlc" + ]; + + masApps = { + "Things" = 904280696; + }; + }; + + system = { + primaryUser = "irl"; + stateVersion = 6; + }; +} From ed0b0480e68f083901c73663c330d5f812d11fa1 Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:33:22 +0100 Subject: [PATCH 25/37] feat: switch formatter to nixfmt-tree --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index aa859b4..315b0c5 100644 --- a/flake.nix +++ b/flake.nix @@ -89,6 +89,6 @@ ) { } supportedSystems; } // flake-utils.lib.eachSystem supportedSystems (system: { - formatter = nixpkgs.legacyPackages.${system}.nixfmt-rfc-style; + formatter = nixpkgs.legacyPackages.${system}.nixfmt-tree; }); } From 442c9051ba1f7c05f71af8be92ff0dc843398158 Mon Sep 17 00:00:00 2001 From: irl Date: Thu, 3 Jul 2025 21:33:50 +0100 Subject: [PATCH 26/37] feat: add darwin config to flake --- flake.lock | 46 ++++++++++++++++++++++++++++++++++------------ flake.nix | 21 ++++++++++++++++++--- 2 files changed, 52 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 6331e3b..5f70800 100644 --- a/flake.lock +++ b/flake.lock @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1749131129, - "narHash": "sha256-tJ+93i7N4QttM75bE8T09LlSU3Mv6Dfi9WaVBvlWilo=", + "lastModified": 1751569544, + "narHash": "sha256-iWjzNHaSU+pm4TS/vzkzgBdbTwkyHy8Jc6PlcrgdgyU=", "owner": "nix-community", "repo": "home-manager", - "rev": "13a45ede6c17b5e923dfc18a40a3f646436f4809", + "rev": "28639e6470ef597fe9f5efc4c6594306859d62ed", "type": "github" }, "original": { @@ -95,13 +95,34 @@ "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "nix-darwin", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "type": "github" + }, + "original": { + "owner": "nix-darwin", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1749145035, - "narHash": "sha256-7hU9TqHpz3BhcgoP3J/udnvZ3QCurGEBD+ERhvKbJEE=", + "lastModified": 1751571573, + "narHash": "sha256-vyhLXk2EsyTSxZ8cETmAAUF/fp8hQ3lZ6fUC0p6+LsY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a537c74d1071ca48aa835f731998094a4058a6f3", + "rev": "e50e2a177e0aaa0fd02c10fa365252f91b50cbf4", "type": "github" }, "original": { @@ -135,11 +156,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1749201010, - "narHash": "sha256-haiPLogZwEFQTrIarZD92LUK7ScIcMbtEzPlcC988Qk=", + "lastModified": 1751571902, + "narHash": "sha256-5EimK/KBs+UHVC3d9L1oagFWIzOlU2lOq0eI5kOTTWI=", "owner": "nix-community", "repo": "NUR", - "rev": "17efc5275a8f21e2b48f39ecade74cdaff3ba411", + "rev": "b19bd45d58ab88e1700cc3032139676fae7f3ea1", "type": "github" }, "original": { @@ -153,6 +174,7 @@ "apple-silicon": "apple-silicon", "flake-utils": "flake-utils", "home-manager": "home-manager", + "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs", "nur": "nur", "sops-nix": "sops-nix" @@ -163,11 +185,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1749592509, - "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "mic92", "repo": "sops-nix", - "rev": "50754dfaa0e24e313c626900d44ef431f3210138", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 315b0c5..7f4f41c 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,10 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-darwin = { + url = "github:nix-darwin/nix-darwin/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nur = { url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; @@ -23,13 +27,14 @@ }; outputs = { + self, nixpkgs, apple-silicon, flake-utils, home-manager, + nix-darwin, nur, sops-nix, - ... }@inputs: let supportedSystems = [ @@ -72,7 +77,9 @@ pkgs = import nixpkgs { inherit system overlays; }; - modules = [ ./home/irl.nix ]; + modules = [ + ./home/irl.nix + ]; }; "irl-gui-${system}" = home-manager.lib.homeManagerConfiguration { pkgs = import nixpkgs { @@ -90,5 +97,13 @@ } // flake-utils.lib.eachSystem supportedSystems (system: { formatter = nixpkgs.legacyPackages.${system}.nixfmt-tree; - }); + }) + // { + darwinConfigurations."irl-mac-mini" = nix-darwin.lib.darwinSystem { + system = "aarch64-darwin"; + modules = [ + ./darwin/common.nix + ]; + }; + }; } From fca82b60ce2dd1e4bf6e4d6d76f7ddf7cc190121 Mon Sep 17 00:00:00 2001 From: irl Date: Sun, 6 Jul 2025 21:49:22 +0100 Subject: [PATCH 27/37] feat: refactor home-manager configs --- flake.nix | 52 +++++----- home-manager/irl.nix | 40 ++++++++ home/irl.nix | 123 ----------------------- modules/home-manager/cli/cli.nix | 70 +++++++++++++ modules/home-manager/cli/starship.toml | 9 ++ modules/home-manager/default.nix | 8 ++ modules/home-manager/firefox/firefox.nix | 47 +++++++++ modules/home-manager/git/git.nix | 41 ++++++++ modules/home-manager/ops/ops.nix | 22 ++++ modules/home-manager/tmux/tmux.conf | 0 modules/home-manager/tmux/tmux.nix | 25 +++++ modules/home-manager/vim/init.lua | 29 ++++++ modules/home-manager/vim/vim.nix | 39 +++++++ 13 files changed, 355 insertions(+), 150 deletions(-) create mode 100644 home-manager/irl.nix delete mode 100644 home/irl.nix create mode 100644 modules/home-manager/cli/cli.nix create mode 100644 modules/home-manager/cli/starship.toml create mode 100644 modules/home-manager/default.nix create mode 100644 modules/home-manager/firefox/firefox.nix create mode 100644 modules/home-manager/git/git.nix create mode 100644 modules/home-manager/ops/ops.nix create mode 100644 modules/home-manager/tmux/tmux.conf create mode 100644 modules/home-manager/tmux/tmux.nix create mode 100644 modules/home-manager/vim/init.lua create mode 100644 modules/home-manager/vim/vim.nix diff --git a/flake.nix b/flake.nix index 7f4f41c..9688c4b 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,5 @@ { description = "I have no idea what I'm doing"; - inputs = { nixpkgs.url = "github:nixos/nixpkgs"; apple-silicon = { @@ -27,26 +26,31 @@ }; outputs = { - self, - nixpkgs, apple-silicon, flake-utils, home-manager, nix-darwin, + nixpkgs, nur, + self, sops-nix, }@inputs: let + homeRoles = [ + "desktop" + "minimal" + "server" + ]; + outputs = inputs.self; + overlays = [ + apple-silicon.overlays.apple-silicon-overlay + nur.overlays.default + ]; supportedSystems = [ "x86_64-linux" "aarch64-darwin" "aarch64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - overlays = [ - apple-silicon.overlays.apple-silicon-overlay - nur.overlays.default - ]; in { nixosConfigurations = { @@ -69,31 +73,24 @@ specialArgs = inputs; }; }; - homeConfigurations = nixpkgs.lib.foldl' ( - acc: system: - acc - // { - "irl-${system}" = home-manager.lib.homeManagerConfiguration { + homeManagerModules = import ./modules/home-manager; + homeConfigurations = nixpkgs.lib.foldl' (c: e: + c // { + "irl-${e.role}-${e.system}" = home-manager.lib.homeManagerConfiguration { pkgs = import nixpkgs { - inherit system overlays; + inherit overlays; + system = e.system; + }; + extraSpecialArgs = { + inherit outputs; }; modules = [ - ./home/irl.nix - ]; - }; - "irl-gui-${system}" = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { - inherit system overlays; - }; - modules = [ - ./home/irl.nix - { - irl.gui-packages = true; - } + ./home-manager/irl.nix + { role = "${e.role}"; } ]; }; } - ) { } supportedSystems; + ) { } (nixpkgs.lib.cartesianProduct { role = homeRoles; system = supportedSystems; }); } // flake-utils.lib.eachSystem supportedSystems (system: { formatter = nixpkgs.legacyPackages.${system}.nixfmt-tree; @@ -103,6 +100,7 @@ system = "aarch64-darwin"; modules = [ ./darwin/common.nix + ./darwin/irl-mac-mini.nix ]; }; }; diff --git a/home-manager/irl.nix b/home-manager/irl.nix new file mode 100644 index 0000000..4e31fe9 --- /dev/null +++ b/home-manager/irl.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + outputs, + pkgs, + ... +}: +{ + imports = builtins.attrValues outputs.homeManagerModules; + + options.role = lib.mkOption { + description = "Home role to set up"; + default = "minimal"; + type = with lib.types; enum ["desktop" "minimal" "server"]; + }; + + config = { + feature.cli.enable = builtins.elem config.role ["desktop" "minimal" "server"]; + feature.firefox.enable = config.role == "desktop"; + feature.git.enable = builtins.elem config.role ["desktop" "server"]; + feature.ops.enable = config.role == "desktop"; + feature.tmux.enable = builtins.elem config.role ["desktop" "server"]; + feature.vim.enable = builtins.elem config.role ["desktop" "minimal" "server"]; + + home.username = "irl"; + home.homeDirectory = + if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; + home.packages = with pkgs; [ + neofetch + ]; + home.shellAliases = { + hms = + "home-manager switch --flake ~/.config/nix-configs#irl-${config.role}-${pkgs.system}"; + drs = "sudo darwin-rebuild switch --flake ~/.config/nix-configs"; + }; + home.stateVersion = "25.05"; + + programs.home-manager.enable = true; + }; +} diff --git a/home/irl.nix b/home/irl.nix deleted file mode 100644 index 274f0f6..0000000 --- a/home/irl.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - cfg = config.irl; -in -{ - options.irl.gui-packages = lib.mkEnableOption "GUI packages managed by home-manager"; - - config = { - home.username = "irl"; - home.homeDirectory = - if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; - home.stateVersion = "25.05"; - home.packages = - with pkgs; - [ - age - fish - neofetch - nil - rust-analyzer - starship - tree - ] - ++ lib.optionals cfg.gui-packages [ - element-desktop - ]; - home.shellAliases = { - hms = - "home-manager switch --flake ~/.config/nix-configs#irl" - + (if cfg.gui-packages then "-gui" else "") - + "-${pkgs.system}"; - }; - programs.bash = { - enable = true; - initExtra = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; - programs.firefox = lib.mkIf cfg.gui-packages { - enable = true; - profiles.irl = { - extensions = { - force = true; - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - bitwarden - kagi-search - privacy-badger - recap - ]; - }; - settings = { - "extensions.autoDisableScope" = 0; - }; - }; - }; - programs.fish.enable = true; - programs.fzf = { - enable = true; - enableFishIntegration = true; - }; - programs.git = { - delta.enable = true; - enable = true; - extraConfig = { - diff = { - algorithm = "histogram"; - }; - init = { - defaultBranch = "main"; - }; - rebase = { - autosquash = true; - autostash = true; - }; - url = { - "git@github.com:".pushInsteadOf = "https://github.com/"; - "git@gitlab.com:".pushInsteadOf = "https://gitlab.com/"; - "git@guardianproject.dev:".pushInsteadOf = "https://guardianproject.dev/"; - }; - user = { - name = "irl"; - email = "iain@learmonth.me"; - }; - }; - }; - programs.home-manager.enable = true; - programs.neovim = { - defaultEditor = true; - enable = true; - viAlias = true; - vimAlias = true; - vimdiffAlias = true; - plugins = with pkgs.vimPlugins; [ - bufferline-nvim - lualine-nvim - nvim-lspconfig - nvim-web-devicons - ]; - extraLuaConfig = '' - vim.opt.termguicolors = true - require("bufferline").setup{} - require('lualine').setup{} - vim.lsp.enable("nil") - ''; - }; - programs.starship = { - enable = true; - enableFishIntegration = true; - enableInteractive = true; - enableTransience = true; - }; - }; -} diff --git a/modules/home-manager/cli/cli.nix b/modules/home-manager/cli/cli.nix new file mode 100644 index 0000000..d472f21 --- /dev/null +++ b/modules/home-manager/cli/cli.nix @@ -0,0 +1,70 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.feature.cli; +in +{ + options.feature.cli = { + enable = lib.mkEnableOption "Set up the CLI"; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + starship + tree + ]; + + programs.fish = { + enable = true; + functions.fish_greeting = ""; + shellInitLast = lib.mkIf (lib.strings.hasSuffix "darwin" pkgs.system) '' + eval $(/opt/homebrew/bin/brew shellenv) + ''; + }; + + programs.fzf = { + enable = true; + enableFishIntegration = true; + }; + + programs.zsh = lib.mkIf (lib.strings.hasSuffix "darwin" pkgs.system) { + enable = true; + + # zsh is a POSIX compliant shell and a safe default, but if it's an interactive + # shell and fish is not in the parent processes (i.e. I'm not deliberately starting + # zsh to use interactively from fish) then just launch fish. + initContent = '' + [[ $- == *i* ]] || return + + is_parent_fish() { + local ppid=$$ + while [[ $ppid -ne 1 ]]; do + local ppname=$(ps -p $ppid -o comm=) + if [[ "$ppname" == *fish* ]]; then + return 1 + fi + ppid=$(ps -o ppid= -p $ppid) + done + return 0 + } + + if is_parent_fish + then + exec fish -l + fi + ''; + }; + + programs.starship = { + enable = true; + enableFishIntegration = true; + enableInteractive = true; + enableTransience = true; + settings = builtins.fromTOML (builtins.readFile ./starship.toml); + }; + }; +} diff --git a/modules/home-manager/cli/starship.toml b/modules/home-manager/cli/starship.toml new file mode 100644 index 0000000..9f58605 --- /dev/null +++ b/modules/home-manager/cli/starship.toml @@ -0,0 +1,9 @@ +[shell] +disabled = false +format = '[$indicator]($style)' +fish_indicator = '' +zsh_indicator = 'z' + +[sudo] +disabled = false + diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..dca2898 --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,8 @@ +{ + cli = import ./cli/cli.nix; + firefox = import ./firefox/firefox.nix; + git = import ./git/git.nix; + ops = import ./ops/ops.nix; + tmux = import ./tmux/tmux.nix; + vim = import ./vim/vim.nix; +} diff --git a/modules/home-manager/firefox/firefox.nix b/modules/home-manager/firefox/firefox.nix new file mode 100644 index 0000000..f71e876 --- /dev/null +++ b/modules/home-manager/firefox/firefox.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.feature.firefox; +in +{ + options.feature.firefox = { + enable = lib.mkEnableOption "Set up firefox"; + }; + + config = lib.mkIf cfg.enable { + programs.firefox = { + enable = true; + + # Firefox is expected to be installed as a system package + package = null; + + profiles.irl = { + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + kagi-search + privacy-badger + recap + ]; + }; + settings = { + "browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled" = false; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredCheckboxes" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.search.suggest.enabled.private" = false; + "datareporting.policy.firstRunURL" = "https://irl.xyz/"; + "extensions.autoDisableScope" = 0; + "extensions.pocket.enabled" = false; + "identity.fxaccounts.enabled" = false; + }; + }; + }; + }; +} diff --git a/modules/home-manager/git/git.nix b/modules/home-manager/git/git.nix new file mode 100644 index 0000000..dca5e91 --- /dev/null +++ b/modules/home-manager/git/git.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.feature.git; +in +{ + options.feature.git.enable = lib.mkEnableOption "Set up git"; + + config = { + programs.git = { + delta.enable = true; + enable = true; + extraConfig = { + diff = { + algorithm = "histogram"; + }; + init = { + defaultBranch = "main"; + }; + rebase = { + autosquash = true; + autostash = true; + }; + url = { + "git@github.com:".pushInsteadOf = "https://github.com/"; + "git@gitlab.com:".pushInsteadOf = "https://gitlab.com/"; + "git@guardianproject.dev:".pushInsteadOf = "https://guardianproject.dev/"; + }; + user = { + name = "irl"; + email = "iain@learmonth.me"; + }; + }; + }; + }; +} diff --git a/modules/home-manager/ops/ops.nix b/modules/home-manager/ops/ops.nix new file mode 100644 index 0000000..b6eb711 --- /dev/null +++ b/modules/home-manager/ops/ops.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.feature.ops; +in +{ + options.feature.ops = { + enable = lib.mkEnableOption "Setup DevOps tools"; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + age + awscli2 + opentofu + ]; + }; +} diff --git a/modules/home-manager/tmux/tmux.conf b/modules/home-manager/tmux/tmux.conf new file mode 100644 index 0000000..e69de29 diff --git a/modules/home-manager/tmux/tmux.nix b/modules/home-manager/tmux/tmux.nix new file mode 100644 index 0000000..8f5bdfe --- /dev/null +++ b/modules/home-manager/tmux/tmux.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.feature.tmux; +in +{ + options.feature.tmux = { + enable = lib.mkEnableOption "Set up tmux"; + }; + + config = lib.mkIf cfg.enable { + programs.tmux = { + enable = true; + baseIndex = 1; + plugins = with pkgs.tmuxPlugins; [ + catppuccin + ]; + extraConfig = builtins.readFile ./tmux.conf; + }; + }; +} diff --git a/modules/home-manager/vim/init.lua b/modules/home-manager/vim/init.lua new file mode 100644 index 0000000..e6283c7 --- /dev/null +++ b/modules/home-manager/vim/init.lua @@ -0,0 +1,29 @@ +-- Global settings +vim.g.loaded_netrw = 1 +vim.g.loaded_netrwPlugin = 1 +vim.g.mapleader = " " + +vim.opt.termguicolors = true +vim.opt.expandtab = true + +vim.cmd.colorscheme "catppuccin" + +-- Custom bindings +vim.keymap.set("n", "n", "bn", { noremap = true, silent = true }) +vim.keymap.set("n", "p", "bp", { noremap = true, silent = true }) + +-- Bufferline (tabs) +require("bufferline").setup{} + +-- Lualine (status line) +require("lualine").setup{} + +-- Telescope (anything search) +vim.keymap.set("n", "b", "Telescope buffers", { noremap = true, silent = true }) +vim.keymap.set("n", "f", "Telescope find_files", { noremap = true, silent = true }) + +-- lspconfig (LSPs) +vim.lsp.enable("nil") +vim.lsp.enable("pyright") +vim.lsp.enable("rust-analyzer") + diff --git a/modules/home-manager/vim/vim.nix b/modules/home-manager/vim/vim.nix new file mode 100644 index 0000000..20a34a9 --- /dev/null +++ b/modules/home-manager/vim/vim.nix @@ -0,0 +1,39 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.feature.vim; +in +{ + options.feature.vim = { + enable = lib.mkEnableOption "Set up neovim"; + }; + + config = lib.mkIf cfg.enable { + home.packages = with pkgs; [ + nil + pyright + rust-analyzer + ]; + + programs.neovim = { + defaultEditor = true; + enable = true; + viAlias = true; + vimAlias = true; + vimdiffAlias = true; + plugins = with pkgs.vimPlugins; [ + bufferline-nvim + catppuccin-nvim + lualine-nvim + nvim-lspconfig + telescope-nvim + nvim-web-devicons + ]; + extraLuaConfig = builtins.readFile ./init.lua; + }; + }; +} From c4ad7204927e968a6350e2ec4c54d7b1ae7ffb56 Mon Sep 17 00:00:00 2001 From: irl Date: Sun, 6 Jul 2025 22:54:49 +0100 Subject: [PATCH 28/37] feat: darwin system apps and sk ssh keys working --- darwin/common.nix | 67 +++++++++++++++++++++++++++++++++++++++-- darwin/irl-mac-mini.nix | 7 +++++ 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 darwin/irl-mac-mini.nix diff --git a/darwin/common.nix b/darwin/common.nix index db6675c..6e1a75a 100644 --- a/darwin/common.nix +++ b/darwin/common.nix @@ -6,7 +6,6 @@ }: { environment.systemPackages = with pkgs; [ - discord home-manager jetbrains.clion jetbrains.idea-ultimate @@ -30,7 +29,6 @@ pkg: builtins.elem (lib.getName pkg) [ "clion" - "discord" "idea-ultimate" "pycharm-professional" "webstorm" @@ -39,11 +37,27 @@ homebrew = { enable = true; + onActivation = { + autoUpdate = true; + cleanup = "zap"; + }; + + brews = [ + "libfido2" + "mas" + "openssh" + "theseal/ssh-askpass/ssh-askpass" + ]; + casks = [ "affinity-designer" "affinity-photo" "affinity-publisher" + "audacity" + "discord" + "element" "fantastical" + "firefox" "ghostty" "notion" "obsidian" @@ -54,10 +68,59 @@ masApps = { "Things" = 904280696; }; + + taps = [ + "theseal/ssh-askpass" + ]; + }; + + programs = { + # TODO: rewrite in fish maybe + zsh.shellInit = '' + export SSH_ASKPASS=/opt/homebrew/bin/ssh-askpass + export SSH_ASKPASS_REQUIRE=force + + checkSSHAgent() { + if [ "$1" = "-k" ] ; then + pkill -9 ssh-agent + fi + + ssh_agent_conf="$HOME/.ssh/agent" + if [ -e "$ssh_agent_conf" ] ; then + . "$ssh_agent_conf" + fi + if ! ps aux | awk '{print $2}' | grep -q "$SSH_AGENT_PID" \ + || ! [ -e "$ssh_agent_conf" ] \ + || [ -z "$SSH_AGENT_PID" ] ; \ + then + ssh-agent -s | grep -v echo > "$ssh_agent_conf" + . "$ssh_agent_conf" + fi + } + + checkSSHAgent + ''; }; system = { + defaults.NSGlobalDomain = { + "com.apple.swipescrolldirection" = false; + }; primaryUser = "irl"; stateVersion = 6; }; + + users.users = { + irl = { + description = "irl"; + home = "/Users/irl"; + name = "irl"; + + # This is the macOS zsh, not from nix! + # My home-manager configuration contains some zshrc to automatically + # start fish for interactive shells where the parent process is not + # already fish. + shell = "/bin/zsh"; + }; + }; } diff --git a/darwin/irl-mac-mini.nix b/darwin/irl-mac-mini.nix new file mode 100644 index 0000000..1601199 --- /dev/null +++ b/darwin/irl-mac-mini.nix @@ -0,0 +1,7 @@ +{ + lib, + ... +}: +{ + networking.hostName = "irl-mac-mini"; +} From 034f2717ddcbbd62a15d7944ea6435e99883faa6 Mon Sep 17 00:00:00 2001 From: irl Date: Sun, 6 Jul 2025 23:02:31 +0100 Subject: [PATCH 29/37] feat: more firefox extensions --- modules/home-manager/firefox/firefox.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home-manager/firefox/firefox.nix b/modules/home-manager/firefox/firefox.nix index f71e876..9ca5892 100644 --- a/modules/home-manager/firefox/firefox.nix +++ b/modules/home-manager/firefox/firefox.nix @@ -24,9 +24,12 @@ in force = true; packages = with pkgs.nur.repos.rycee.firefox-addons; [ bitwarden + granted kagi-search + multi-account-containers privacy-badger recap + rsf-censorship-detector ]; }; settings = { From de5a9787f6aaf60e5c9339570ecde9181474742e Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 7 Jul 2025 14:36:00 +0100 Subject: [PATCH 30/37] feat: add timeout i needed for some reason --- modules/home-manager/cli/starship.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home-manager/cli/starship.toml b/modules/home-manager/cli/starship.toml index 9f58605..ddef1df 100644 --- a/modules/home-manager/cli/starship.toml +++ b/modules/home-manager/cli/starship.toml @@ -1,3 +1,7 @@ +"$schema" = 'https://starship.rs/config-schema.json' + +command_timeout = 800 + [shell] disabled = false format = '[$indicator]($style)' From 671533f47c032d05f50a970726521e8cfa3a92c5 Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 7 Jul 2025 14:36:56 +0100 Subject: [PATCH 31/37] feat: use pipes to create homeConfigurations --- flake.nix | 49 +++++++++++++++++++++++++------------------- home-manager/irl.nix | 36 +++++++++++++++++++++++++------- 2 files changed, 57 insertions(+), 28 deletions(-) diff --git a/flake.nix b/flake.nix index 9688c4b..1000b92 100644 --- a/flake.nix +++ b/flake.nix @@ -36,11 +36,6 @@ sops-nix, }@inputs: let - homeRoles = [ - "desktop" - "minimal" - "server" - ]; outputs = inputs.self; overlays = [ apple-silicon.overlays.apple-silicon-overlay @@ -74,23 +69,35 @@ }; }; homeManagerModules = import ./modules/home-manager; - homeConfigurations = nixpkgs.lib.foldl' (c: e: - c // { - "irl-${e.role}-${e.system}" = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { - inherit overlays; - system = e.system; - }; - extraSpecialArgs = { - inherit outputs; - }; - modules = [ - ./home-manager/irl.nix - { role = "${e.role}"; } - ]; - }; + homeConfigurations = + { + role = [ + "desktop" + "minimal" + "server" + ]; + system = supportedSystems; } - ) { } (nixpkgs.lib.cartesianProduct { role = homeRoles; system = supportedSystems; }); + |> nixpkgs.lib.cartesianProduct + |> nixpkgs.lib.foldl' ( + c: e: + c + // { + "irl-${e.role}-${e.system}" = home-manager.lib.homeManagerConfiguration { + pkgs = import nixpkgs { + inherit overlays; + system = e.system; + }; + extraSpecialArgs = { + inherit outputs; + }; + modules = [ + ./home-manager/irl.nix + { role = "${e.role}"; } + ]; + }; + } + ) { }; } // flake-utils.lib.eachSystem supportedSystems (system: { formatter = nixpkgs.legacyPackages.${system}.nixfmt-tree; diff --git a/home-manager/irl.nix b/home-manager/irl.nix index 4e31fe9..5447f03 100644 --- a/home-manager/irl.nix +++ b/home-manager/irl.nix @@ -11,26 +11,48 @@ options.role = lib.mkOption { description = "Home role to set up"; default = "minimal"; - type = with lib.types; enum ["desktop" "minimal" "server"]; + type = + with lib.types; + enum [ + "desktop" + "minimal" + "server" + ]; }; config = { - feature.cli.enable = builtins.elem config.role ["desktop" "minimal" "server"]; + feature.cli.enable = builtins.elem config.role [ + "desktop" + "minimal" + "server" + ]; feature.firefox.enable = config.role == "desktop"; - feature.git.enable = builtins.elem config.role ["desktop" "server"]; + feature.git.enable = builtins.elem config.role [ + "desktop" + "server" + ]; feature.ops.enable = config.role == "desktop"; - feature.tmux.enable = builtins.elem config.role ["desktop" "server"]; - feature.vim.enable = builtins.elem config.role ["desktop" "minimal" "server"]; + feature.tmux.enable = builtins.elem config.role [ + "desktop" + "server" + ]; + feature.vim.enable = builtins.elem config.role [ + "desktop" + "minimal" + "server" + ]; home.username = "irl"; home.homeDirectory = if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl"; + home.file.".config/nix/nix.conf".text = '' + experimental-features = nix-command flakes pipe-operators + ''; home.packages = with pkgs; [ neofetch ]; home.shellAliases = { - hms = - "home-manager switch --flake ~/.config/nix-configs#irl-${config.role}-${pkgs.system}"; + hms = "home-manager switch --flake ~/.config/nix-configs#irl-${config.role}-${pkgs.system}"; drs = "sudo darwin-rebuild switch --flake ~/.config/nix-configs"; }; home.stateVersion = "25.05"; From 784a2b72ed56f5e572510644c2631e1710f1354f Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 7 Jul 2025 21:55:13 +0100 Subject: [PATCH 32/37] feat: vim lsp setup --- modules/home-manager/vim/init.lua | 67 +++++++++++++++++++++++++++++-- modules/home-manager/vim/vim.nix | 2 + 2 files changed, 65 insertions(+), 4 deletions(-) diff --git a/modules/home-manager/vim/init.lua b/modules/home-manager/vim/init.lua index e6283c7..14d71f1 100644 --- a/modules/home-manager/vim/init.lua +++ b/modules/home-manager/vim/init.lua @@ -4,11 +4,19 @@ vim.g.loaded_netrwPlugin = 1 vim.g.mapleader = " " vim.opt.termguicolors = true + +vim.opt.tabstop = 4 +vim.opt.softtabstop = 4 +vim.opt.shiftwidth = 4 vim.opt.expandtab = true -vim.cmd.colorscheme "catppuccin" +vim.opt.number = true +vim.opt.relativenumber = true +vim.opt.scrolloff = 8 --- Custom bindings +vim.cmd.colorscheme "catppuccin-mocha" + +-- Custom bindings for buffer navigation vim.keymap.set("n", "n", "bn", { noremap = true, silent = true }) vim.keymap.set("n", "p", "bp", { noremap = true, silent = true }) @@ -21,9 +29,60 @@ require("lualine").setup{} -- Telescope (anything search) vim.keymap.set("n", "b", "Telescope buffers", { noremap = true, silent = true }) vim.keymap.set("n", "f", "Telescope find_files", { noremap = true, silent = true }) +vim.keymap.set("n", "g", "Telescope git_files", { noremap = true, silent = true }) + +-- Tree (file manager) +require("nvim-tree").setup() +vim.keymap.set("n", "t", "NvimTreeToggle", { noremap = true, silent = true }) -- lspconfig (LSPs) -vim.lsp.enable("nil") +vim.lsp.enable("lua_ls") +vim.lsp.enable("nil_ls") vim.lsp.enable("pyright") -vim.lsp.enable("rust-analyzer") +vim.lsp.enable("rust_analyzer") + +vim.keymap.set("n", "o", vim.lsp.buf.format) + +vim.api.nvim_create_autocmd('LspAttach', { + desc = 'LSP actions', + callback = function() + local bufmap = function(mode, lhs, rhs) + local opts = {buffer = true} + vim.keymap.set(mode, lhs, rhs, opts) + end + + -- Displays hover information about the symbol under the cursor + bufmap('n', 'K', vim.lsp.buf.hover) + + -- Jump to the definition + bufmap('n', 'gd', vim.lsp.buf.definition) + + -- Jump to declaration + bufmap('n', 'gD', vim.lsp.buf.declaration) + + -- Lists all the implementations for the symbol under the cursor + bufmap('n', 'gi', vim.lsp.buf.implementation) + + -- Jumps to the definition of the type symbol + bufmap('n', 'go', vim.lsp.buf.type_definition) + + -- Lists all the references + bufmap('n', 'gr', vim.lsp.buf.references) + + -- Displays a function's signature information + bufmap('n', '', vim.lsp.buf.signature_help) + + -- Renames all references to the symbol under the cursor + bufmap('n', 'R', vim.lsp.buf.rename) + + -- Show diagnostics in a floating window + bufmap('n', 'gl', vim.diagnostic.open_float) + + -- Move to the previous diagnostic + bufmap('n', '[d', vim.diagnostic.goto_prev) + + -- Move to the next diagnostic + bufmap('n', ']d', vim.diagnostic.goto_next) + end +}) diff --git a/modules/home-manager/vim/vim.nix b/modules/home-manager/vim/vim.nix index 20a34a9..deaef85 100644 --- a/modules/home-manager/vim/vim.nix +++ b/modules/home-manager/vim/vim.nix @@ -14,6 +14,7 @@ in config = lib.mkIf cfg.enable { home.packages = with pkgs; [ + lua-language-server nil pyright rust-analyzer @@ -29,6 +30,7 @@ in bufferline-nvim catppuccin-nvim lualine-nvim + nvim-tree-lua nvim-lspconfig telescope-nvim nvim-web-devicons From 87219d0a5afc060bf4b3fb553075faa4fdcb2ea5 Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 7 Jul 2025 22:24:58 +0100 Subject: [PATCH 33/37] feat: more vim --- modules/home-manager/vim/init.lua | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/modules/home-manager/vim/init.lua b/modules/home-manager/vim/init.lua index 14d71f1..cab8b97 100644 --- a/modules/home-manager/vim/init.lua +++ b/modules/home-manager/vim/init.lua @@ -5,20 +5,26 @@ vim.g.mapleader = " " vim.opt.termguicolors = true -vim.opt.tabstop = 4 -vim.opt.softtabstop = 4 -vim.opt.shiftwidth = 4 +vim.opt.tabstop = 2 +vim.opt.softtabstop = 2 +vim.opt.shiftwidth = 2 vim.opt.expandtab = true vim.opt.number = true vim.opt.relativenumber = true vim.opt.scrolloff = 8 +vim.opt.colorcolumn = "+1,+2" +vim.opt.cursorline = true +vim.opt.signcolumn = 'yes' + vim.cmd.colorscheme "catppuccin-mocha" -- Custom bindings for buffer navigation -vim.keymap.set("n", "n", "bn", { noremap = true, silent = true }) -vim.keymap.set("n", "p", "bp", { noremap = true, silent = true }) +vim.keymap.set("n", "n", "bn") +vim.keymap.set("n", "p", "bp") + +vim.keymap.set("n", "", "nohlsearch") -- Bufferline (tabs) require("bufferline").setup{} @@ -27,9 +33,9 @@ require("bufferline").setup{} require("lualine").setup{} -- Telescope (anything search) -vim.keymap.set("n", "b", "Telescope buffers", { noremap = true, silent = true }) -vim.keymap.set("n", "f", "Telescope find_files", { noremap = true, silent = true }) -vim.keymap.set("n", "g", "Telescope git_files", { noremap = true, silent = true }) +vim.keymap.set("n", "b", "Telescope buffers") +vim.keymap.set("n", "f", "Telescope find_files") +vim.keymap.set("n", "g", "Telescope git_files") -- Tree (file manager) require("nvim-tree").setup() From 6c4495ba952abe3e6d6f4390f9d8288bc1897d10 Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 7 Jul 2025 23:57:15 +0100 Subject: [PATCH 34/37] feat: rounded tmux and vim status --- modules/home-manager/tmux/tmux.conf | 11 +++++++++++ modules/home-manager/vim/init.lua | 13 ++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/modules/home-manager/tmux/tmux.conf b/modules/home-manager/tmux/tmux.conf index e69de29..abb7510 100644 --- a/modules/home-manager/tmux/tmux.conf +++ b/modules/home-manager/tmux/tmux.conf @@ -0,0 +1,11 @@ +set -g default-terminal "tmux-256color" + +# Configure the catppuccin plugin +set -g @catppuccin_flavor "mocha" +set -g @catppuccin_window_status_style "rounded" + +# Make the status line pretty and add some modules +set -g status-right-length 100 +set -g status-left-length 100 +set -g status-left "" +set -g status-right "#{E:@catppuccin_status_application}" diff --git a/modules/home-manager/vim/init.lua b/modules/home-manager/vim/init.lua index cab8b97..c7f480c 100644 --- a/modules/home-manager/vim/init.lua +++ b/modules/home-manager/vim/init.lua @@ -27,10 +27,14 @@ vim.keymap.set("n", "p", "bp") vim.keymap.set("n", "", "nohlsearch") -- Bufferline (tabs) -require("bufferline").setup{} +require("bufferline").setup {} -- Lualine (status line) -require("lualine").setup{} +require("lualine").setup { + options = { + section_separators = { left = '', right = '' } + } +} -- Telescope (anything search) vim.keymap.set("n", "b", "Telescope buffers") @@ -53,7 +57,7 @@ vim.api.nvim_create_autocmd('LspAttach', { desc = 'LSP actions', callback = function() local bufmap = function(mode, lhs, rhs) - local opts = {buffer = true} + local opts = { buffer = true } vim.keymap.set(mode, lhs, rhs, opts) end @@ -72,7 +76,7 @@ vim.api.nvim_create_autocmd('LspAttach', { -- Jumps to the definition of the type symbol bufmap('n', 'go', vim.lsp.buf.type_definition) - -- Lists all the references + -- Lists all the references bufmap('n', 'gr', vim.lsp.buf.references) -- Displays a function's signature information @@ -91,4 +95,3 @@ vim.api.nvim_create_autocmd('LspAttach', { bufmap('n', ']d', vim.diagnostic.goto_next) end }) - From a83114d967e852acbb9b039e8d43dda3de452912 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 8 Jul 2025 14:18:05 +0100 Subject: [PATCH 35/37] feat: fix gov.uk --- modules/home-manager/firefox/firefox.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home-manager/firefox/firefox.nix b/modules/home-manager/firefox/firefox.nix index 9ca5892..c6d2371 100644 --- a/modules/home-manager/firefox/firefox.nix +++ b/modules/home-manager/firefox/firefox.nix @@ -44,6 +44,13 @@ in "extensions.pocket.enabled" = false; "identity.fxaccounts.enabled" = false; }; + userContent = '' + /* It's a dot not an interpunct */ + .govuk-logo-dot { + fill: #fff !important; + transform: translate(0, 14.5px); + } + '' }; }; }; From 3ca5f55ffaa7b9bf6c6b47dd0020e972488a708d Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 8 Jul 2025 14:21:13 +0100 Subject: [PATCH 36/37] fix: semicolon --- modules/home-manager/firefox/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home-manager/firefox/firefox.nix b/modules/home-manager/firefox/firefox.nix index c6d2371..550bce1 100644 --- a/modules/home-manager/firefox/firefox.nix +++ b/modules/home-manager/firefox/firefox.nix @@ -50,7 +50,7 @@ in fill: #fff !important; transform: translate(0, 14.5px); } - '' + ''; }; }; }; From 7f9169af386791be81ef086502d3b5e010533728 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 8 Jul 2025 14:21:31 +0100 Subject: [PATCH 37/37] feat: add ripgrep and fzf for nvim deps --- modules/home-manager/vim/vim.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager/vim/vim.nix b/modules/home-manager/vim/vim.nix index deaef85..d758db3 100644 --- a/modules/home-manager/vim/vim.nix +++ b/modules/home-manager/vim/vim.nix @@ -14,9 +14,11 @@ in config = lib.mkIf cfg.enable { home.packages = with pkgs; [ + fzf lua-language-server nil pyright + ripgrep rust-analyzer ];