irl/nix-configs
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: irl:main
Branches Tags
irl:main
abel:fix/check
abel:main
..
compare: abel:fix/check
Branches Tags
abel:fix/check
abel:main
irl:main

1 commit
main ... fix/check

Author SHA1 Message Date
Abel Luck
4adf4688ec Use only supported systems, use home config at top level 
fixes nix flake check
 2025-06-06 12:08:49 +02:00
22 changed files with 156 additions and 1052 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.sops.yaml
View file

@ -1,13 +0,0 @@
keys:
- &users:
- &irl age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq
- &hosts:
- &homeserver age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *irl
- *homeserver

126
darwin/common.nix
View file

@ -1,126 +0,0 @@
{
pkgs,
lib,
nix-darwin,
...
}:
{
environment.systemPackages = with pkgs; [
home-manager
jetbrains.clion
jetbrains.idea-ultimate
jetbrains.pycharm-professional
jetbrains.webstorm
];
environment.darwinConfig = "/Users/irl/.config/nix-configs";
nix = {
package = pkgs.nix;
settings = {
"extra-experimental-features" = [
"nix-command"
"flakes"
];
};
};
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"clion"
"idea-ultimate"
"pycharm-professional"
"webstorm"
];
homebrew = {
enable = true;
onActivation = {
autoUpdate = true;
cleanup = "zap";
};
brews = [
"libfido2"
"mas"
"openssh"
"theseal/ssh-askpass/ssh-askpass"
];
casks = [
"affinity-designer"
"affinity-photo"
"affinity-publisher"
"audacity"
"discord"
"element"
"fantastical"
"firefox"
"ghostty"
"notion"
"obsidian"
"tor-browser"
"vlc"
];
masApps = {
"Things" = 904280696;
};
taps = [
"theseal/ssh-askpass"
];
};
programs = {
# TODO: rewrite in fish maybe
zsh.shellInit = ''
export SSH_ASKPASS=/opt/homebrew/bin/ssh-askpass
export SSH_ASKPASS_REQUIRE=force
checkSSHAgent() {
if [ "$1" = "-k" ] ; then
pkill -9 ssh-agent
fi
ssh_agent_conf="$HOME/.ssh/agent"
if [ -e "$ssh_agent_conf" ] ; then
. "$ssh_agent_conf"
fi
if ! ps aux | awk '{print $2}' | grep -q "$SSH_AGENT_PID" \
|| ! [ -e "$ssh_agent_conf" ] \
|| [ -z "$SSH_AGENT_PID" ] ; \
then
ssh-agent -s | grep -v echo > "$ssh_agent_conf"
. "$ssh_agent_conf"
fi
}
checkSSHAgent
'';
};
system = {
defaults.NSGlobalDomain = {
"com.apple.swipescrolldirection" = false;
};
primaryUser = "irl";
stateVersion = 6;
};
users.users = {
irl = {
description = "irl";
home = "/Users/irl";
name = "irl";
# This is the macOS zsh, not from nix!
# My home-manager configuration contains some zshrc to automatically
# start fish for interactive shells where the parent process is not
# already fish.
shell = "/bin/zsh";
};
};
}

7
darwin/irl-mac-mini.nix
View file

@ -1,7 +0,0 @@
{
lib,
...
}:
{
networking.hostName = "irl-mac-mini";
}

173
flake.lock generated
View file

@ -1,62 +1,5 @@
{
"nodes": {
"apple-silicon": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1748659443,
"narHash": "sha256-dav2hzyCmXZ3n6lEZrfZBG51+g6PUhkzRl3d6Ypd9x0=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "3ddc251d2acce5019b0fa770e224d068610a34e4",
"type": "github"
},
"original": {
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@ -82,11 +25,11 @@
]
},
"locked": {
"lastModified": 1751569544,
"narHash": "sha256-iWjzNHaSU+pm4TS/vzkzgBdbTwkyHy8Jc6PlcrgdgyU=",
"lastModified": 1749131129,
"narHash": "sha256-tJ+93i7N4QttM75bE8T09LlSU3Mv6Dfi9WaVBvlWilo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "28639e6470ef597fe9f5efc4c6594306859d62ed",
"rev": "13a45ede6c17b5e923dfc18a40a3f646436f4809",
"type": "github"
},
"original": {
@ -95,34 +38,13 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"type": "github"
},
"original": {
"owner": "nix-darwin",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1751571573,
"narHash": "sha256-vyhLXk2EsyTSxZ8cETmAAUF/fp8hQ3lZ6fUC0p6+LsY=",
"lastModified": 1749145035,
"narHash": "sha256-7hU9TqHpz3BhcgoP3J/udnvZ3QCurGEBD+ERhvKbJEE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e50e2a177e0aaa0fd02c10fa365252f91b50cbf4",
"rev": "a537c74d1071ca48aa835f731998094a4058a6f3",
"type": "github"
},
"original": {
@ -131,71 +53,11 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1751571902,
"narHash": "sha256-5EimK/KBs+UHVC3d9L1oagFWIzOlU2lOq0eI5kOTTWI=",
"owner": "nix-community",
"repo": "NUR",
"rev": "b19bd45d58ab88e1700cc3032139676fae7f3ea1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"root": {
"inputs": {
"apple-silicon": "apple-silicon",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs",
"nur": "nur",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1750119275,
"narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
"type": "github"
},
"original": {
"owner": "mic92",
"repo": "sops-nix",
"type": "github"
"nixpkgs": "nixpkgs"
}
},
"systems": {
@ -212,27 +74,6 @@
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

107
flake.nix
View file

@ -1,51 +1,32 @@
{
description = "I have no idea what I'm doing";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs";
apple-silicon = {
url = "github:tpwrules/nixos-apple-silicon";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:nix-darwin/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:mic92/sops-nix";
inputs.nix.follows = "nixpkgs";
};
# nur = {
# url = "github:nix-community/NUR";
# inputs.nixpkgs.follows = "nixpkgs";
# };
};
outputs =
{
apple-silicon,
nixpkgs,
flake-utils,
home-manager,
nix-darwin,
nixpkgs,
nur,
self,
sops-nix,
}@inputs:
...
}:
let
outputs = inputs.self;
overlays = [
apple-silicon.overlays.apple-silicon-overlay
nur.overlays.default
];
supportedSystems = [
"x86_64-linux"
"aarch64-darwin"
"aarch64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{
nixosConfigurations = {
@ -57,58 +38,28 @@
./nixos/hosts/laptop/hardware-configuration.nix
];
};
homeserver = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
./nixos/common.nix
./nixos/hosts/homeserver/default.nix
./nixos/hosts/homeserver/hardware-configuration.nix
apple-silicon.nixosModules.apple-silicon-support
];
specialArgs = inputs;
};
};
homeManagerModules = import ./modules/home-manager;
homeConfigurations =
{
role = [
"desktop"
"minimal"
"server"
];
system = supportedSystems;
homeConfigurations = nixpkgs.lib.foldl' (
acc: system:
acc
// {
"irl-${system}" = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs { inherit system; };
modules = [ ./home/irl.nix ];
};
"irl-gui-${system}" = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs { inherit system; };
modules = [
./home/irl.nix
{
irl.gui-packages = true;
}
];
};
}
|> nixpkgs.lib.cartesianProduct
|> nixpkgs.lib.foldl' (
c: e:
c
// {
"irl-${e.role}-${e.system}" = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
inherit overlays;
system = e.system;
};
extraSpecialArgs = {
inherit outputs;
};
modules = [
./home-manager/irl.nix
{ role = "${e.role}"; }
];
};
}
) { };
) { } supportedSystems;
}
// flake-utils.lib.eachSystem supportedSystems (system: {
formatter = nixpkgs.legacyPackages.${system}.nixfmt-tree;
})
// {
darwinConfigurations."irl-mac-mini" = nix-darwin.lib.darwinSystem {
system = "aarch64-darwin";
modules = [
./darwin/common.nix
./darwin/irl-mac-mini.nix
];
};
};
formatter = nixpkgs.legacyPackages.${system}.nixfmt-rfc-style;
});
}

62
home-manager/irl.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
outputs,
pkgs,
...
}:
{
imports = builtins.attrValues outputs.homeManagerModules;
options.role = lib.mkOption {
description = "Home role to set up";
default = "minimal";
type =
with lib.types;
enum [
"desktop"
"minimal"
"server"
];
};
config = {
feature.cli.enable = builtins.elem config.role [
"desktop"
"minimal"
"server"
];
feature.firefox.enable = config.role == "desktop";
feature.git.enable = builtins.elem config.role [
"desktop"
"server"
];
feature.ops.enable = config.role == "desktop";
feature.tmux.enable = builtins.elem config.role [
"desktop"
"server"
];
feature.vim.enable = builtins.elem config.role [
"desktop"
"minimal"
"server"
];
home.username = "irl";
home.homeDirectory =
if lib.strings.hasSuffix "darwin" pkgs.system then "/Users/irl" else "/home/irl";
home.file.".config/nix/nix.conf".text = ''
experimental-features = nix-command flakes pipe-operators
'';
home.packages = with pkgs; [
neofetch
];
home.shellAliases = {
hms = "home-manager switch --flake ~/.config/nix-configs#irl-${config.role}-${pkgs.system}";
drs = "sudo darwin-rebuild switch --flake ~/.config/nix-configs";
};
home.stateVersion = "25.05";
programs.home-manager.enable = true;
};
}

100
home/irl.nix Normal file
View file

@ -0,0 +1,100 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.irl;
in
{
options.irl.gui-packages = lib.mkEnableOption "GUI packages managed by home-manager";
config = {
home.username = "irl";
home.homeDirectory = "/home/irl";
home.stateVersion = "25.05";
home.packages = with pkgs; [
fish
neofetch
starship
tree
];
home.shellAliases = {
hms =
"home-manager switch --flake ~/.config/nix-configs#irl" + (if cfg.gui-packages then "-gui" else "");
};
programs.bash = {
enable = true;
initExtra = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
programs.firefox = lib.mkIf cfg.gui-packages {
enable = true;
profiles.irl = {
extensions = {
# packages = with pkgs.nur.repos.rycee.firefox-addons; [
# bitwarden
# kagi-search
# privacy-badger
# ];
};
};
};
programs.fish.enable = true;
programs.fzf = {
enable = true;
enableFishIntegration = true;
};
programs.git = {
delta.enable = true;
enable = true;
extraConfig = {
diff = {
algorithm = "histogram";
};
init = {
defaultBranch = "main";
};
rebase = {
autosquash = true;
autostash = true;
};
url = {
"git@github.com:".pushInsteadOf = "https://github.com/";
"git@gitlab.com:".pushInsteadOf = "https://gitlab.com/";
"git@guardianproject.dev:".pushInsteadOf = "https://guardianproject.dev/";
};
user = {
name = "irl";
email = "iain@learmonth.me";
};
};
};
programs.home-manager.enable = true;
programs.neovim = {
defaultEditor = true;
enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
plugins = with pkgs.vimPlugins; [
bufferline-nvim
nvim-treesitter.withAllGrammars
];
};
programs.starship = {
enable = true;
enableFishIntegration = true;
enableInteractive = true;
enableTransience = true;
};
programs.zellij.enable = true;
};
}

70
modules/home-manager/cli/cli.nix
View file

@ -1,70 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.feature.cli;
in
{
options.feature.cli = {
enable = lib.mkEnableOption "Set up the CLI";
};
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
starship
tree
];
programs.fish = {
enable = true;
functions.fish_greeting = "";
shellInitLast = lib.mkIf (lib.strings.hasSuffix "darwin" pkgs.system) ''
eval $(/opt/homebrew/bin/brew shellenv)
'';
};
programs.fzf = {
enable = true;
enableFishIntegration = true;
};
programs.zsh = lib.mkIf (lib.strings.hasSuffix "darwin" pkgs.system) {
enable = true;
# zsh is a POSIX compliant shell and a safe default, but if it's an interactive
# shell and fish is not in the parent processes (i.e. I'm not deliberately starting
# zsh to use interactively from fish) then just launch fish.
initContent = ''
[[ $- == *i* ]] || return
is_parent_fish() {
local ppid=$$
while [[ $ppid -ne 1 ]]; do
local ppname=$(ps -p $ppid -o comm=)
if [[ "$ppname" == *fish* ]]; then
return 1
fi
ppid=$(ps -o ppid= -p $ppid)
done
return 0
}
if is_parent_fish
then
exec fish -l
fi
'';
};
programs.starship = {
enable = true;
enableFishIntegration = true;
enableInteractive = true;
enableTransience = true;
settings = builtins.fromTOML (builtins.readFile ./starship.toml);
};
};
}

13
modules/home-manager/cli/starship.toml
View file

@ -1,13 +0,0 @@
"$schema" = 'https://starship.rs/config-schema.json'
command_timeout = 800
[shell]
disabled = false
format = '[$indicator]($style)'
fish_indicator = ''
zsh_indicator = 'z'
[sudo]
disabled = false

8
modules/home-manager/default.nix
View file

@ -1,8 +0,0 @@
{
cli = import ./cli/cli.nix;
firefox = import ./firefox/firefox.nix;
git = import ./git/git.nix;
ops = import ./ops/ops.nix;
tmux = import ./tmux/tmux.nix;
vim = import ./vim/vim.nix;
}

57
modules/home-manager/firefox/firefox.nix
View file

@ -1,57 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.feature.firefox;
in
{
options.feature.firefox = {
enable = lib.mkEnableOption "Set up firefox";
};
config = lib.mkIf cfg.enable {
programs.firefox = {
enable = true;
# Firefox is expected to be installed as a system package
package = null;
profiles.irl = {
extensions = {
force = true;
packages = with pkgs.nur.repos.rycee.firefox-addons; [
bitwarden
granted
kagi-search
multi-account-containers
privacy-badger
recap
rsf-censorship-detector
];
};
settings = {
"browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredCheckboxes" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.search.suggest.enabled.private" = false;
"datareporting.policy.firstRunURL" = "https://irl.xyz/";
"extensions.autoDisableScope" = 0;
"extensions.pocket.enabled" = false;
"identity.fxaccounts.enabled" = false;
};
userContent = ''
/* It's a dot not an interpunct */
.govuk-logo-dot {
fill: #fff !important;
transform: translate(0, 14.5px);
}
'';
};
};
};
}

41
modules/home-manager/git/git.nix
View file

@ -1,41 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.feature.git;
in
{
options.feature.git.enable = lib.mkEnableOption "Set up git";
config = {
programs.git = {
delta.enable = true;
enable = true;
extraConfig = {
diff = {
algorithm = "histogram";
};
init = {
defaultBranch = "main";
};
rebase = {
autosquash = true;
autostash = true;
};
url = {
"git@github.com:".pushInsteadOf = "https://github.com/";
"git@gitlab.com:".pushInsteadOf = "https://gitlab.com/";
"git@guardianproject.dev:".pushInsteadOf = "https://guardianproject.dev/";
};
user = {
name = "irl";
email = "iain@learmonth.me";
};
};
};
};
}

22
modules/home-manager/ops/ops.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.feature.ops;
in
{
options.feature.ops = {
enable = lib.mkEnableOption "Setup DevOps tools";
};
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
age
awscli2
opentofu
];
};
}

11
modules/home-manager/tmux/tmux.conf
View file

@ -1,11 +0,0 @@
set -g default-terminal "tmux-256color"
# Configure the catppuccin plugin
set -g @catppuccin_flavor "mocha"
set -g @catppuccin_window_status_style "rounded"
# Make the status line pretty and add some modules
set -g status-right-length 100
set -g status-left-length 100
set -g status-left ""
set -g status-right "#{E:@catppuccin_status_application}"

25
modules/home-manager/tmux/tmux.nix
View file

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.feature.tmux;
in
{
options.feature.tmux = {
enable = lib.mkEnableOption "Set up tmux";
};
config = lib.mkIf cfg.enable {
programs.tmux = {
enable = true;
baseIndex = 1;
plugins = with pkgs.tmuxPlugins; [
catppuccin
];
extraConfig = builtins.readFile ./tmux.conf;
};
};
}

97
modules/home-manager/vim/init.lua
View file

@ -1,97 +0,0 @@
-- Global settings
vim.g.loaded_netrw = 1
vim.g.loaded_netrwPlugin = 1
vim.g.mapleader = " "
vim.opt.termguicolors = true
vim.opt.tabstop = 2
vim.opt.softtabstop = 2
vim.opt.shiftwidth = 2
vim.opt.expandtab = true
vim.opt.number = true
vim.opt.relativenumber = true
vim.opt.scrolloff = 8
vim.opt.colorcolumn = "+1,+2"
vim.opt.cursorline = true
vim.opt.signcolumn = 'yes'
vim.cmd.colorscheme "catppuccin-mocha"
-- Custom bindings for buffer navigation
vim.keymap.set("n", "<leader>n", "<cmd>bn<CR>")
vim.keymap.set("n", "<leader>p", "<cmd>bp<CR>")
vim.keymap.set("n", "<Esc>", "<cmd>nohlsearch<CR>")
-- Bufferline (tabs)
require("bufferline").setup {}
-- Lualine (status line)
require("lualine").setup {
options = {
section_separators = { left = '', right = '' }
}
}
-- Telescope (anything search)
vim.keymap.set("n", "<leader>b", "<cmd>Telescope buffers<CR>")
vim.keymap.set("n", "<leader>f", "<cmd>Telescope find_files<CR>")
vim.keymap.set("n", "<leader>g", "<cmd>Telescope git_files<CR>")
-- Tree (file manager)
require("nvim-tree").setup()
vim.keymap.set("n", "<leader>t", "<cmd>NvimTreeToggle<CR>", { noremap = true, silent = true })
-- lspconfig (LSPs)
vim.lsp.enable("lua_ls")
vim.lsp.enable("nil_ls")
vim.lsp.enable("pyright")
vim.lsp.enable("rust_analyzer")
vim.keymap.set("n", "<leader>o", vim.lsp.buf.format)
vim.api.nvim_create_autocmd('LspAttach', {
desc = 'LSP actions',
callback = function()
local bufmap = function(mode, lhs, rhs)
local opts = { buffer = true }
vim.keymap.set(mode, lhs, rhs, opts)
end
-- Displays hover information about the symbol under the cursor
bufmap('n', 'K', vim.lsp.buf.hover)
-- Jump to the definition
bufmap('n', 'gd', vim.lsp.buf.definition)
-- Jump to declaration
bufmap('n', 'gD', vim.lsp.buf.declaration)
-- Lists all the implementations for the symbol under the cursor
bufmap('n', 'gi', vim.lsp.buf.implementation)
-- Jumps to the definition of the type symbol
bufmap('n', 'go', vim.lsp.buf.type_definition)
-- Lists all the references
bufmap('n', 'gr', vim.lsp.buf.references)
-- Displays a function's signature information
bufmap('n', '<C-k>', vim.lsp.buf.signature_help)
-- Renames all references to the symbol under the cursor
bufmap('n', '<leader>R', vim.lsp.buf.rename)
-- Show diagnostics in a floating window
bufmap('n', 'gl', vim.diagnostic.open_float)
-- Move to the previous diagnostic
bufmap('n', '[d', vim.diagnostic.goto_prev)
-- Move to the next diagnostic
bufmap('n', ']d', vim.diagnostic.goto_next)
end
})

43
modules/home-manager/vim/vim.nix
View file

@ -1,43 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.feature.vim;
in
{
options.feature.vim = {
enable = lib.mkEnableOption "Set up neovim";
};
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
fzf
lua-language-server
nil
pyright
ripgrep
rust-analyzer
];
programs.neovim = {
defaultEditor = true;
enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
plugins = with pkgs.vimPlugins; [
bufferline-nvim
catppuccin-nvim
lualine-nvim
nvim-tree-lua
nvim-lspconfig
telescope-nvim
nvim-web-devicons
];
extraLuaConfig = builtins.readFile ./init.lua;
};
};
}

48
nixos/common.nix
View file

@ -1,30 +1,8 @@
{
pkgs,
config,
sops-nix,
...
}:
{ ... }:
{
imports = [
sops-nix.nixosModules.sops
];
nix.settings.experimental-features = "nix-command flakes";
sops = {
defaultSopsFile = ../secrets.yaml;
validateSopsFiles = false;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets.irl-password.neededForUsers = true;
};
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
@ -40,28 +18,4 @@
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
users.mutableUsers = false;
users.users.irl = {
isNormalUser = true;
description = "irl";
hashedPasswordFile = config.sops.secrets.irl-password.path;
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJpoCJEax0XTNK6qfYfZV60euSwoc0RQ0bwFDQGMWYQnAAAABHNzaDo="
];
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
curl
home-manager
neovim
wget
];
}

87
nixos/hosts/homeserver/default.nix
View file

@ -1,87 +0,0 @@
{
config,
lib,
pkgs,
apple-silicon,
...
}:
{
nixpkgs.overlays = [ apple-silicon.overlays.apple-silicon-overlay ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
hardware.asahi.useExperimentalGPUDriver = true;
hardware.asahi.extractPeripheralFirmware = true;
networking.hostName = "homeserver";
networking.networkmanager.enable = true;
fileSystems."/mnt/data" = {
device = "172.16.0.1:/volume1/data";
fsType = "nfs";
options = [
"noauto"
"x-systemd.automount"
"x-systemd.idle-timeout=600"
];
};
users.groups.media = { };
users.users.media = {
group = "media";
isNormalUser = true;
};
services.xserver.xkb.layout = "us";
services.audiobookshelf = {
enable = true;
group = "media";
host = "0.0.0.0";
openFirewall = true;
port = 8000;
user = "media";
};
services.avahi = {
enable = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
allowInterfaces = [
"end0"
"enp2s0u2"
];
};
services.calibre-server = {
enable = true;
extraFlags = [ "--enable-local-write" ];
group = "media";
libraries = [ "/srv/books" ];
openFirewall = true;
port = 8585;
user = "media";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ ];
system.stateVersion = "25.11";
}

53
nixos/hosts/homeserver/hardware-configuration.nix
View file

@ -1,53 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"usb_storage"
"usbhid"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/d82c7bbb-e496-414c-a96b-4b4ca457bdfd";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3B58-1BF7";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ ];
networking.interfaces = {
end0.useDHCP = lib.mkDefault true;
enp2s0u2.ipv4.addresses = [
{
address = "172.16.0.2";
prefixLength = 24;
}
];
};
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

20
nixos/hosts/laptop/default.nix
View file

@ -32,10 +32,28 @@
pulse.enable = true;
};
users.users.irl = {
isNormalUser = true;
description = "irl";
extraGroups = [
"networkmanager"
"wheel"
];
};
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
curl
home-manager
neovim
wget
];
hardware.gpgSmartcards.enable = true;
programs.gnupg.agent = {
enable = true;
# enableSSHSupport = true;
enableSSHSupport = true;
};
system.stateVersion = "25.05";

25
secrets.yaml
View file

@ -1,25 +0,0 @@
irl-password: ENC[AES256_GCM,data:8DcPiZ9Ui40MaOaPJ5XmZI3M7XDqLtBqJKLEUnolMYuNoa6dDBF/IicokQO6zvNVw0G2DPVQwbKzgEaWtvnj+5rXm+QbyEVIKw==,iv:+qsf6VzsMzAj6A5B6TCQ/ZaYDt0EiZYwQ7gZg0sw2TM=,tag:3Xi5bSJ7rYEUUVIDuynHag==,type:str]
sops:
age:
- recipient: age1uhp600xemepn27l0vxnt7hmuvk53wmw5peh9d3wy4ma2apsympmqxm8jxq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZmJkMlpoN2RRUEVVUCtS
cVl4T0grTit5TGtGUEM2MTlBRnQ2OWlWaEVrClErVm5uRzQySzNDM3J6dDFQY2U0
cjlVS1NpTzdBQzgvSHJndmlxMWRmbUkKLS0tIHBtTkhSU1BTZHhMaXdZT0xiWWZD
ZXlLNjAzSVkxZWtDRjlUMHV5bnJXK3MKNGKAW7iq/Qfo1dAt3Zxjzu+PsjdtaYPG
a5Zvnazkm2dmuajldII/+xk4r/JewBZmeWdd37n2lUpbSisgcw0X5A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y9v37jc3kxuygw042qrsvseac5krhh3skp88ewlqlja00uslpyss62e4nd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQTcxWkphbngrK3RMaEZF
UHU4ZURiVmNZdDhoR1l5YWVDZ1YvdlZWbndJCnRZd0tmR2lXcnA0V0dRaDZzZkg5
YitPd01mbFc1VHVyTDl3Sk9UTGptclEKLS0tIEtWb0VNZWFLUmNZRDh3S0N4WmN0
SlVKUDZWVEp2YmR4V3ArRW1GR1lXeTAKRJoawuTKrgrz6qeOSTmYLXO6n66QNPLA
C5UI4yB0WLeRxdqxU84a3rS2ZjgTh22RR0WwRe6siOaKOdS1G96DXw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-13T17:56:08Z"
mac: ENC[AES256_GCM,data:YjTPJ69gNE3MOxUq8X1H4ucqiJxIwRFBBLz0pu6nJgx64XDKe96qeiy7NLAnyJuzOgXpZxb6bm+ecf4E288Bq5NyqpWyrICXC37mSMMXTIoi+HZMHk/GYOAezfCHCBzJBKlJjTZhmslF1zu/4jGtUf/VTOCm+WTPDTUjVkzvwJ8=,iv:vsiDWLir7b/DmOgJFs9iuNxJxJAipdriP/XSPbm4MKU=,tag:aBXeQdetTepLNj/kl45McQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2