Compare commits

...

10 Commits

29 changed files with 714 additions and 998 deletions

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
build.log
flake.lock

View File

@ -15,6 +15,8 @@ sudo nixos-rebuild switch --flake ".#<hostname>" --update-input nixpkgs --commit
## How to install new system with flake ## How to install new system with flake
### Method 1
1. Boot into live NixOS disk and run the following commands: 1. Boot into live NixOS disk and run the following commands:
``` ```
sudo su sudo su
@ -28,6 +30,31 @@ sudo rm -r /etc/nixos/configuration.nix
``` ```
3. Move build to desired location. 3. Move build to desired location.
### Method 2
1. Boot into live NixOS disk
2. Install NixOS
3. Add the following changes:
```/etc/nixos/configuration.nix
environment.systemPackages = with pkgs; [
git
];
services.openssh.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
```
4. Run the following command:
```
sudo nixos-rebuild switch
```
5. Grab the IP address with the following command:
```
ip addr
```
6. Copy a flake repo from the host machine:
```
rsync -avz <repo directory> <user>@<ip addr>:
```
## Nix commands to remember ## Nix commands to remember
``` ```
@ -35,20 +62,4 @@ nix flake update
nix run nixpkgs#<package> nix run nixpkgs#<package>
``` ```
## Resources [Resources](https://pinboard.in/u:iiogama/t:nix/)
- [Zero To Nix](https://zero-to-nix.com)
- [The Cute World's NixOS Guide](https://thiscute.world/en/posts/nixos-and-flake-basics/)
- [NixOS Wiki](https://nixos.wiki/)
- [The Nix Hour YouTube Playlist](https://www.youtube.com/playlist?list=PLyzwHTVJlRc8yjlx4VR4LU5A5O44og9in)
- [Nixology YouTube Playlist](https://www.youtube.com/playlist?list=PLRGI9KQ3_HP_OFRG6R-p4iFgMSK1t5BHs)
- [Nixcloud](https://nixcloud.io)
## Todo
- [ ] Create additional host configurations
- [ ] Implement the Impermanence module
- [ ] Create specific software installations (i.e. gui, gaming, kali-collection, etc)
- [ ] Implement [Agenix](https://nixos.wiki/wiki/Agenix) or Sopsnix
- [ ] Implement [Stylix](https://danth.github.io/stylix/)
- [ ] Implement [MicroVM.nix](https://github.com/astro/microvm.nix)

719
build.log
View File

@ -1,719 +0,0 @@
warning: Git tree '/home/ii/Software/git/nix/confix' is dirty
Using saved setting for 'experimental-features = nix-command flakes' from ~/.local/share/nix/trusted-settings.json.
building the system configuration...
warning: Git tree '/home/ii/Software/git/nix/confix' is dirty
Using saved setting for 'experimental-features = nix-command flakes' from ~/.local/share/nix/trusted-settings.json.
trace: warning: optionsDocBook is deprecated since 23.11 and will be removed in 24.05
trace: warning: optionsDocBook is deprecated since 23.11 and will be removed in 24.05
trace: warning: optionsDocBook is deprecated since 23.11 and will be removed in 24.05
error:
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:846:24:
845| let f = attrPath:
846| zipAttrsWith (n: values:
| ^
847| let here = attrPath ++ [n]; in
… while calling 'g'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:629:19:
628| g =
629| name: value:
| ^
630| if isAttrs value && cond value
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:632:20:
631| then recurse (path ++ [name]) value
632| else f (path ++ [name]) value;
| ^
633| in mapAttrs g;
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:242:72:
241| # For definitions that have an associated option
242| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
243|
… while evaluating the option `system.build.toplevel':
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:822:28:
821| # Process mkMerge and mkIf properties.
822| defs' = concatMap (m:
| ^
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating definitions from `/nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/top-level.nix':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:823:137:
822| defs' = concatMap (m:
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
824| ) defs;
… while calling 'dischargeProperties'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:894:25:
893| */
894| dischargeProperties = def:
| ^
895| if def._type or "" == "merge" then
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/top-level.nix:71:12:
70| # Replace runtime dependencies
71| system = foldr ({ oldDependency, newDependency }: drv:
| ^
72| pkgs.replaceDependency { inherit oldDependency newDependency drv; }
… while calling 'foldr'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/lists.nix:53:20:
52| */
53| foldr = op: nul: list:
| ^
54| let
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/lists.nix:60:8:
59| else op (elemAt list n) (fold' (n + 1));
60| in fold' 0;
| ^
61|
… while calling 'fold''
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/lists.nix:56:15:
55| len = length list;
56| fold' = n:
| ^
57| if n == len
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/top-level.nix:68:10:
67| then throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failedAssertions)}"
68| else showWarnings config.warnings baseSystem;
| ^
69|
… while calling 'showWarnings'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/trivial.nix:414:28:
413|
414| showWarnings = warnings: res: lib.foldr (w: x: warn w x) res warnings;
| ^
415|
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/trivial.nix:414:33:
413|
414| showWarnings = warnings: res: lib.foldr (w: x: warn w x) res warnings;
| ^
415|
… while calling 'foldr'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/lists.nix:53:20:
52| */
53| foldr = op: nul: list:
| ^
54| let
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/lists.nix:60:8:
59| else op (elemAt list n) (fold' (n + 1));
60| in fold' 0;
| ^
61|
… while calling 'fold''
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/lists.nix:56:15:
55| len = length list;
56| fold' = n:
| ^
57| if n == len
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/top-level.nix:48:16:
47| # makes it bootable. See `activatable-system.nix`.
48| baseSystem = pkgs.stdenvNoCC.mkDerivation ({
| ^
49| name = "nixos-system-${config.system.name}-${config.system.nixos.label}";
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/pkgs/stdenv/generic/make-derivation.nix:548:3:
547| in
548| fnOrAttrs:
| ^
549| if builtins.isFunction fnOrAttrs
… while calling 'g'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:629:19:
628| g =
629| name: value:
| ^
630| if isAttrs value && cond value
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:632:20:
631| then recurse (path ++ [name]) value
632| else f (path ++ [name]) value;
| ^
633| in mapAttrs g;
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:242:72:
241| # For definitions that have an associated option
242| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
243|
… while evaluating the option `system.systemBuilderArgs':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:844:59:
843| if isDefined then
844| if all (def: type.check def.value) defsFinal then type.merge loc defsFinal
| ^
845| else let allInvalid = filter (def: ! type.check def.value) defsFinal;
… while calling 'merge'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/types.nix:540:20:
539| check = isAttrs;
540| merge = loc: defs:
| ^
541| mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/types.nix:541:35:
540| merge = loc: defs:
541| mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
| ^
542| (mergeDefinitions (loc ++ [name]) elemType defs).optionalValue
… while calling 'filterAttrs'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:309:5:
308| # The attribute set to filter
309| set:
| ^
310| listToAttrs (concatMap (name: let v = set.${name}; in if pred name v then [(nameValuePair name v)] else []) (attrNames set));
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:310:29:
309| set:
310| listToAttrs (concatMap (name: let v = set.${name}; in if pred name v then [(nameValuePair name v)] else []) (attrNames set));
| ^
311|
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:310:62:
309| set:
310| listToAttrs (concatMap (name: let v = set.${name}; in if pred name v then [(nameValuePair name v)] else []) (attrNames set));
| ^
311|
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/types.nix:541:51:
540| merge = loc: defs:
541| mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
| ^
542| (mergeDefinitions (loc ++ [name]) elemType defs).optionalValue
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/types.nix:541:86:
540| merge = loc: defs:
541| mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
| ^
542| (mergeDefinitions (loc ++ [name]) elemType defs).optionalValue
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:822:28:
821| # Process mkMerge and mkIf properties.
822| defs' = concatMap (m:
| ^
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating definitions from `/nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/activatable-system.nix':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:823:137:
822| defs' = concatMap (m:
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
824| ) defs;
… while calling 'dischargeProperties'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:894:25:
893| */
894| dischargeProperties = def:
| ^
895| if def._type or "" == "merge" then
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/activation-script.nix:137:18:
136| apply = set: set // {
137| script = systemActivationScript set false;
| ^
138| };
… while calling 'systemActivationScript'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/activation-script.nix:20:33:
19|
20| systemActivationScript = set: onlyDry: let
| ^
21| set' = mapAttrs (_: v: if isString v then (noDepEntry v) // { supportsDryActivation = false; } else v) set;
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/activation/activation-script.nix:49:9:
48|
49| ${textClosureMap id (withDrySnippets) (attrNames withDrySnippets)}
| ^
50|
… while calling 'textClosureMap'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings-with-deps.nix:75:35:
74|
75| textClosureMap = f: predefined: names:
| ^
76| concatStringsSep "\n" (map f (textClosureList predefined names));
… while calling 'id'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/trivial.nix:14:5:
13| # The value to return
14| x: x;
| ^
15|
… while calling 'g'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:629:19:
628| g =
629| name: value:
| ^
630| if isAttrs value && cond value
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:632:20:
631| then recurse (path ++ [name]) value
632| else f (path ++ [name]) value;
| ^
633| in mapAttrs g;
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:242:72:
241| # For definitions that have an associated option
242| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
243|
… while evaluating the option `system.activationScripts.etc.text':
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:822:28:
821| # Process mkMerge and mkIf properties.
822| defs' = concatMap (m:
| ^
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating definitions from `/nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/etc/etc-activation.nix':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:823:137:
822| defs' = concatMap (m:
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
824| ) defs;
… while calling 'dischargeProperties'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:894:25:
893| */
894| dischargeProperties = def:
| ^
895| if def._type or "" == "merge" then
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:846:24:
845| let f = attrPath:
846| zipAttrsWith (n: values:
| ^
847| let here = attrPath ++ [n]; in
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/types.nix:565:29:
564| merge = loc: defs:
565| zipAttrsWith (name: defs:
| ^
566| let merged = mergeDefinitions (loc ++ [name]) elemType defs;
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:822:28:
821| # Process mkMerge and mkIf properties.
822| defs' = concatMap (m:
| ^
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating definitions from `/nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/etc/etc.nix':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:823:137:
822| defs' = concatMap (m:
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
824| ) defs;
… while calling 'dischargeProperties'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:894:25:
893| */
894| dischargeProperties = def:
| ^
895| if def._type or "" == "merge" then
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:88:39:
87| then value
88| else { ${elemAt attrPath n} = atDepth (n + 1); };
| ^
89| in atDepth 0;
… while calling 'atDepth'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:85:17:
84| len = length attrPath;
85| atDepth = n:
| ^
86| if n == len
… while evaluating derivation 'etc'
whose name attribute is located at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/pkgs/stdenv/generic/make-derivation.nix:300:7
… while evaluating attribute 'buildCommand' of derivation 'etc'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/pkgs/build-support/trivial-builders/default.nix:87:14:
86| enableParallelBuilding = true;
87| inherit buildCommand name;
| ^
88| passAsFile = [ "buildCommand" ]
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/etc/etc.nix:54:7:
53| mkdir -p "$out/etc"
54| ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
| ^
55| "makeEtcEntry"
… while calling 'concatMapStringsSep'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:117:5:
116| # List of input strings
117| list: concatStringsSep sep (map f list);
| ^
118|
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/etc/etc.nix:54:33:
53| mkdir -p "$out/etc"
54| ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
| ^
55| "makeEtcEntry"
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/etc/etc.nix:54:43:
53| mkdir -p "$out/etc"
54| ${concatMapStringsSep "\n" (etcEntry: escapeShellArgs [
| ^
55| "makeEtcEntry"
… while calling 'concatMapStringsSep'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:117:5:
116| # List of input strings
117| list: concatStringsSep sep (map f list);
| ^
118|
… while calling 'escapeShellArg'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:429:20:
428| */
429| escapeShellArg = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
| ^
430|
… while calling 'g'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:629:19:
628| g =
629| name: value:
| ^
630| if isAttrs value && cond value
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:632:20:
631| then recurse (path ++ [name]) value
632| else f (path ++ [name]) value;
| ^
633| in mapAttrs g;
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:242:72:
241| # For definitions that have an associated option
242| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
243|
… while evaluating the option `environment.etc."iproute2/bpf_pinning".source':
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:822:28:
821| # Process mkMerge and mkIf properties.
822| defs' = concatMap (m:
| ^
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating definitions from `/nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/system/etc/etc.nix':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:823:137:
822| defs' = concatMap (m:
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
824| ) defs;
… while calling 'dischargeProperties'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:894:25:
893| */
894| dischargeProperties = def:
| ^
895| if def._type or "" == "merge" then
… while calling 'g'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:629:19:
628| g =
629| name: value:
| ^
630| if isAttrs value && cond value
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/attrsets.nix:632:20:
631| then recurse (path ++ [name]) value
632| else f (path ++ [name]) value;
| ^
633| in mapAttrs g;
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:242:72:
241| # For definitions that have an associated option
242| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
243|
… while evaluating the option `environment.etc."iproute2/bpf_pinning".text':
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:822:28:
821| # Process mkMerge and mkIf properties.
822| defs' = concatMap (m:
| ^
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
… while evaluating definitions from `/nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/config/iproute2.nix':
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:823:137:
822| defs' = concatMap (m:
823| map (value: { inherit (m) file; inherit value; }) (builtins.addErrorContext "while evaluating definitions from `${m.file}':" (dischargeProperties m.value))
| ^
824| ) defs;
… while calling 'dischargeProperties'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/modules.nix:894:25:
893| */
894| dischargeProperties = def:
| ^
895| if def._type or "" == "merge" then
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/nixos/modules/config/iproute2.nix:21:70:
20| config = mkIf cfg.enable {
21| environment.etc."iproute2/bpf_pinning" = { mode = "0644"; text = fileContents "${pkgs.iproute2}/etc/iproute2/bpf_pinning"; };
| ^
22| environment.etc."iproute2/ematch_map" = { mode = "0644"; text = fileContents "${pkgs.iproute2}/etc/iproute2/ematch_map"; };
… while calling 'fileContents'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:1139:18:
1138| */
1139| fileContents = file: removeSuffix "\n" (readFile file);
| ^
1140|
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:1139:24:
1138| */
1139| fileContents = file: removeSuffix "\n" (readFile file);
| ^
1140|
… while calling 'removeSuffix'
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:653:5:
652| # Input string
653| str:
| ^
654| # Before 23.05, paths would be copied to the store before converting them
… from call site
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/strings.nix:656:5:
655| # to strings and comparing. This was surprising and confusing.
656| warnIf
| ^
657| (isPath suffix)
… while calling anonymous lambda
at /nix/store/z1nvpjx9vd4151vx2krxzmx2p1a36pf9-source/lib/trivial.nix:357:50:
356| */
357| warnIf = cond: msg: if cond then warn msg else x: x;
| ^
358|
error: getting status of '/nix/store/fijy0dlyk5b06ay7nxg88lr7bp13hpjb-iproute2-6.5.0/etc': No such file or directory

View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695738267, "lastModified": 1701728041,
"narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=", "narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486", "rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -22,11 +22,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1698611440, "lastModified": 1701718080,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=", "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735", "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -40,6 +40,11 @@
"*~" "*~"
"*.swp" "*.swp"
]; ];
extraConfig = {
global = {
init.defaultbranch = "main";
};
};
}; };
programs.neovim = { programs.neovim = {
enable = true; enable = true;
@ -54,8 +59,11 @@
set relativenumber set relativenumber
set splitbelow set splitbelow
set splitright set splitright
set tabstop=4 set tabstop=2
set shiftwidth=4 set shiftwidth=2
if filereadable(expand(".vim-project"))
source .vim-project
endif
''; '';
}; };
programs.lf = { programs.lf = {
@ -70,6 +78,7 @@
}; };
}; };
programs.tmux = { programs.tmux = {
enable = true;
baseIndex = 1; baseIndex = 1;
clock24 = true; clock24 = true;
keyMode = "vi"; keyMode = "vi";
@ -110,6 +119,10 @@
bind -n C-j select-pane -D bind -n C-j select-pane -D
bind -n C-k select-pane -U bind -n C-k select-pane -U
bind -n C-l select-pane -R bind -n C-l select-pane -R
bind -n M-h select-pane -L
bind -n M-j select-pane -D
bind -n M-k select-pane -U
bind -n M-l select-pane -R
# Set status bar postition # Set status bar postition
set -g status-position top set -g status-position top

View File

@ -4,11 +4,14 @@ set -o vi
unset HISTFILE unset HISTFILE
# Functions # Functions
function search() {
surfraw $(surfraw -elvi | fzf | awk '{print $1;}')
}
function mkcd { function mkcd {
mkdir -p $1 mkdir -p $1
cd $1 cd $1
} }
function ukr () { function ukr() {
read -rsp "Password: " PASS read -rsp "Password: " PASS
export $(echo -n "$PASS" | gnome-keyring-daemon --replace --unlock) export $(echo -n "$PASS" | gnome-keyring-daemon --replace --unlock)
unset PASS unset PASS

View File

@ -1,31 +0,0 @@
#! /bin/sh
bspc monitor DP-1 -d 1 2 3 4 5
bspc monitor DP-2 -d 6 7 8 9 0
bspc config border_width 1
bspc config focus_follows_pointer true
bspc config pointer_follows_focus false
bspc config top_padding 0
bspc config window_gap 24
bspc config split_ratio 0.55
bspc config borderless_monocle false
bspc config gapless_monocle false
bspc config focused_border_color '#bd93f9'
bspc config normal_border_color '#282a36'
bspc config presel_feedback_color '#282a36'
bspc rule -a Wrapper-2.0 \
state=floating border=off focus=on
bspc rule -a mpv \
state=floating sticky=on follow=off focus=on \
rectangle=640x360+1920+1080
bspc rule -a "*:Toolkit:Picture-in-Picture" \
state=floating sticky=on follow=off focus=on \
rectangle=640x360+1920+1080
bspc rule -a discord:discord: desktop='2'
bspc rule -a Signal:signal: desktop='2'
bspc rule -a steam:steamwebhelper: desktop='9'
bspc rule -a trayer:panel: border=off manage=off
bspc rule -a xdragon:Xdragon state=floating sticky=on

View File

@ -1,3 +1,4 @@
nick = iiogama nick = iiogama
real = iiogama real = iiogama
host = irc.libera.chat host = irc.libera.chat
join = #nixos

View File

@ -8,11 +8,11 @@ super + Return
# terminal emulator with tmux session menu # terminal emulator with tmux session menu
super + shift + Return super + shift + Return
st -e tmux st -e "iitmux"
# program launcher # program launcher
super + @space super + @space
iixm iixmenu
# screenshot shortcut # screenshot shortcut
super + shift + s super + shift + s
@ -23,26 +23,21 @@ super + v
clipmenu clipmenu
# volume controls # volume controls
super + shift + comma super + shift + bracket{left,right}
notify-desktop "Volume is now $(amixer sset Master 5%- | awk -F '[][]' '/Right:/ \{ print $2 \}')" notify-desktop "Volume is now $(amixer sset Master 5%{-,+} | awk -F '[][]' '/Right:/ \{ print $2 \}')"
super + shift + period
notify-desktop "Volume is now $(amixer sset Master 5%+ | awk -F '[][]' '/Right:/ \{ print $2 \}')"
# make sxhkd reload its configuration files: # make sxhkd reload its configuration files:
super + shift + r super + r
pkill -USR1 -x sxhkd; notify-desktop "sxhkd config reloaded" pkill -USR1 -x sxhkd; notify-desktop "sxhkd config reloaded"
# super + shift + r
# bspwm hotkeys bspc wm -r; notify-desktop "bspwm config reloaded"
#
# quit/restart bspwm
super + alt + {q,r}
bspc {quit,wm -r}
# close and kill # close and kill
super + {_,shift + }w super + w
bspc node -{c,k} bspc node -c
super + q
test "$(printf 'Yes\nNo\n' | dmenu -i -p 'Kill node? ')" = "Yes" && bspc node -k
# alternate between the tiled and monocle layout # alternate between the tiled and monocle layout
super + z super + z
@ -61,8 +56,10 @@ super + g
# #
# set the window state # set the window state
super + {t,shift + t,f,shift + f} super + {t,shift + t,f}
bspc node -t {\~tiled,\~pseudo_tiled,\~fullscreen,\~floating} bspc node -t {\~tiled,\~pseudo_tiled,\~floating}
F11
bspc node -t \~fullscreen
# set the node flags # set the node flags
super + ctrl + {m,x,y,z} super + ctrl + {m,x,y,z}

View File

@ -3,15 +3,14 @@ test -z "$DBUS_SESSION_BUS_ADDRESS" && eval $(dbus-launch --exit-with-session --
systemctl --user import-environment DISPLAY XAUTHORITY systemctl --user import-environment DISPLAY XAUTHORITY
command -v dbus-update-activation-environment >/dev/null 2>&1 && dbus-update-activation-environment DISPLAY XAUTHORITY command -v dbus-update-activation-environment >/dev/null 2>&1 && dbus-update-activation-environment DISPLAY XAUTHORITY
xrdb ~/.Xresources & xrdb ~/.Xresources &
hsetroot -solid "#282a36" & xrandr --output DP-1 --primary --mode 2560x1440 --pos 0x560 --rotate normal --rate "164.99" --output DP-2 --mode 2560x1440 --pos 2560x0 --rotate left --rate "164.99" --output DP-3 --off --output HDMI-1 --off --output HDMI-1-2 --off &
picom & picom &
hsetroot -solid "#282a36" &
xbanish & xbanish &
dunst & dunst &
clipmenud & clipmenud &
trayer --edge bottom --align right --margin 0 --widthtype request --SetDockType true --transparent true --alpha 255 & trayer --edge bottom --align right --margin 0 --widthtype request --SetDockType true --transparent true --alpha 255 &
nm-applet & nm-applet &
#pa-applet &
mullvad-gui & mullvad-gui &
sxhkd & sxhkd &
xrandr --output DP-1 --primary --mode 2560x1440 --rotate normal --rate "164.99" --output DP-2 --mode 2560x1440 --rotate normal --rate "164.99" --right-of DP-1 &
exec bspwm exec bspwm

View File

@ -1,5 +1,5 @@
# GUI home.nix # GUI home.nix
{ config, lib, pkgs, inputs, user, ... }: { config, lib, pkgs, inputs, user, ... }:
{ {
xresources.properties = { xresources.properties = {
"*.foreground" = "#f8f8f2"; "*.foreground" = "#f8f8f2";
@ -40,13 +40,51 @@
target = ".xinitrc"; target = ".xinitrc";
}; };
}; };
xdg.configFile = { xsession.windowManager.bspwm = {
"bspwm" = { enable = true;
source = ./dots/bspwm; rules = {
target = "bspwm"; "Wrapper-2.0" = {
recursive = true; state = "floating";
executable = true; border = false;
focus = true;
};
"mpv" = {
state = "floating";
sticky = true;
follow = false;
focus = true;
};
"*:Toolkit:Picture-in-Picture" = {
state = "floating";
sticky = true;
follow = false;
focus = true;
};
"trayer:panel:" = {
border = false;
manage = false;
};
"xdragon:Xdragon:" = {
state = "floating";
sticky = true;
};
}; };
settings = {
automatic_scheme = "alternate";
split_ratio = 0.60;
focus_follows_pointer = true;
pointer_follows_focus = false;
border_width = 1;
top_padding = 0;
window_gap = 24;
borderless_monocle = false;
gapless_monocle = false;
focused_border_color = "#bd93f9";
normal_border_color = "#282a36";
presel_feedback_color = "#282a36";
};
};
xdg.configFile = {
"dunst" = { "dunst" = {
source = ./dots/dunst; source = ./dots/dunst;
target = "dunst"; target = "dunst";
@ -77,63 +115,4 @@
name = "Comic Mono"; name = "Comic Mono";
}; };
}; };
programs = {
hexchat = {
enable = true;
channels = {
darkscience = {
autojoin = [
"#darkscience"
];
nickname = "${user.long}";
userName = "${user.long}";
servers = [
"irc.darkscience.net"
];
};
libera = {
autojoin = [
"#nixos"
];
loginMethod = "sasl";
nickname = "${user.long}";
servers = [
"irc.libera.chat"
];
userName = "${user.long}";
};
sdf = {
autojoin = [
"#anonradio"
"#sdf"
];
nickname = "${user.long}";
userName = "${user.long}";
servers = [
"irc.sdf.org"
];
};
tilde = {
autojoin = [
"#ascii.town"
];
nickname = "${user.long}";
userName = "${user.long}";
servers = [
"irc.tilde.chat"
];
};
};
};
};
#home.packages = with pkgs; [
# (dmenu.overrideAttrs (oldAttrs: rec {
# configFile = writeText "config.def.h" (builtins.readFile ../patches/dmenu/config.h);
# postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
# }))
# (st.overrideAttrs (oldAttrs: rec {
# configFile = writeText "config.def.h" (builtins.readFile ../patches/st/config.h);
# postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
# }))
#];
} }

View File

@ -17,32 +17,21 @@ in
efi.efiSysMountPoint = "/boot/efi"; efi.efiSysMountPoint = "/boot/efi";
timeout = 2; timeout = 2;
}; };
# Hardware-configuration edits
kernel.sysctl."net.ipv4.ip_forward" = 1;
# Clean /tmp at boot
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
}; };
networking = { networking = {
hostName = "${hostname}"; # Define your hostname. hostName = "${hostname}";
firewall = { firewall = {
# To disable the firewall altogether:
# enable = false;
allowedTCPPorts = [ 445 139 ]; allowedTCPPorts = [ 445 139 ];
allowedUDPPorts = [ 137 138 ]; allowedUDPPorts = [ 137 138 ];
}; };
# Proxy configuration
# proxy = {
# default = "http://user:password@proxy:port/";
# noProxy = "127.0.0.1,localhost,internal.domain";
# };
}; };
users.users.${user.name} = { environment = {
extraGroups = [ "libvirtd" "transmission" "davfs2" ]; systemPackages = with pkgs; [
packages = [ virtiofsd
]; ];
}; };
virtualisation.libvirtd.enable = true;
services = { services = {
davfs2 = { davfs2 = {
enable = true; enable = true;
@ -59,63 +48,35 @@ in
enable = true; enable = true;
mountOnMedia = true; mountOnMedia = true;
}; };
# Enable automatic login for the user. borgbackup = {
# getty.autologinUser = "${user.name}"; jobs."daily" = {
}; paths = [
"/home"
virtualisation.libvirtd.enable = true; "/var"
];
# Borg backup configuration exclude = [
services.borgbackup.jobs."daily" = { "/home/*/go/bin"
paths = [ "/home/*/go/pkg"
"/home" ];
]; repo = "/mnt/archive/buckwheat";
exclude = [ encryption = {
"/home/*/go/bin" mode = "repokey-blake2";
"/home/*/go/pkg" passCommand = "cat /root/borgbackup/passphrase";
]; };
repo = "/mnt/daily/buckwheat"; compression = "auto,lzma";
encryption = { startAt = "daily";
mode = "repokey-blake2"; prune.keep = {
passCommand = "cat /root/borgbackup/passphrase"; within = "30d";
}; };
compression = "auto,lzma"; };
startAt = "daily";
prune.keep = {
within = "7d";
}; };
}; };
services.borgbackup.jobs."weekly" = { programs.virt-manager.enable = true;
paths = [ users.users.${user.name} = {
"/home" extraGroups = [ "davfs2" "libvirtd" "transmission" ];
packages = with pkgs; [
mixxx
polychromatic
]; ];
exclude = [
"/home/*/go/bin"
"/home/*/go/pkg"
];
repo = "/mnt/weekly/buckwheat";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
compression = "auto,lzma";
startAt = "weekly";
}; };
#services.borgbackup.jobs."borgbase" = {
# paths = [
# "/home"
# ];
# exclude = [
# "/home/*/go/bin"
# "/home/*/go/pkg"
# ];
# repo = "<repo_hash>.repo.borgbase.com:repo";
# encryption = {
# mode = "repokey-blake2";
# passCommand = "cat /root/borgbackup/passphrase";
# };
# environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
# compression = "auto,lzma";
# startAt = "daily";
#};
} }

View File

@ -1,50 +1,32 @@
# Buckwheat hardware-configuration.nix # Buckwheat hardware-configuration.nix
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "uas" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "uas" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/c9833e85-0ea9-45a9-b65d-039c8c4f71f3"; device = "/dev/disk/by-uuid/c9833e85-0ea9-45a9-b65d-039c8c4f71f3";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot/efi" = { fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/5E0D-1487"; device = "/dev/disk/by-uuid/5E0D-1487";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = {
fileSystems."/mnt/daily" = { device = "/dev/disk/by-uuid/eab792a7-ffd3-4963-9b9a-fd0c7dd63cf8";
device = "/dev/disk/by-uuid/bfdd61f6-2d26-4140-94ac-e60c21636dde";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/mnt/archive" = {
fileSystems."/mnt/weekly" = { device = "/dev/disk/by-uuid/9c89ad29-6fba-47b7-b239-09e7ed7eb49f";
device = "/dev/disk/by-uuid/56f7fd65-bf5d-4ce6-830a-ea8fbf6610af";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/mnt/videos" = {
device = "/dev/disk/by-uuid/e1f9cf9a-4147-4849-83e2-4baa342b6400";
fsType = "ext4";
};
#fileSystems."/media" =
# { device = "/mnt/videos";
# fsType = "none";
# options = [ "bind" ];
# };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
@ -57,7 +39,6 @@
# networking.interfaces.virbr3.useDHCP = lib.mkDefault true; # networking.interfaces.virbr3.useDHCP = lib.mkDefault true;
# networking.interfaces.wg-mullvad.useDHCP = lib.mkDefault true; # networking.interfaces.wg-mullvad.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true; # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

View File

@ -1,10 +1,32 @@
# Buckwheat home.nix # Buckwheat home.nix
{ config, lib, pkgs, inputs, user, ... }: { config, lib, pkgs, inputs, user, ... }:
{ {
home.packages = with pkgs; [ xsession.windowManager.bspwm = {
mixxx monitors = {
virt-manager DP-1 = [
]; "1"
"2"
"3"
"4"
"5"
];
DP-2 = [
"6"
"7"
"8"
"9"
"0"
];
};
rules = {
"mpv" = {
rectangle = "640x360+1920+1080";
};
"*:Toolkit:Picture-in-Picture" = {
rectangle = "640x360+1920+1080";
};
};
};
services = { services = {
udiskie = { udiskie = {
enable = true; enable = true;
@ -20,4 +42,35 @@
}; };
}; };
}; };
systemd.user.services = {
cmus-library-refresh = {
Unit = {
Description = "cmus library refresh to add any new songs";
};
Service = {
Type = "oneshot";
ExecStart = toString (
pkgs.writeShellScript "cmus-library-refresh" ''
set -eou pipefail
${pkgs.bash}/bin/bash "/home/${user.name}/.local/bin/cmus_library_refresh.sh";
''
);
};
Install.WantedBy = [ "default.target" ];
};
};
systemd.user.timers = {
cmus_library_refresh = {
Unit = {
Description = "cmus library refresh to add any new songs";
Documentation = [ "man:cmus-remote(1)" ];
};
Timer = {
Unit = "cmus_library_refresh";
OnBootSec = "5m";
OnUnitActiveSec = "1h";
};
Install.WantedBy = [ "timers.target" ];
};
};
} }

View File

@ -7,8 +7,10 @@
modules = [ modules = [
../nixos/all.nix ../nixos/all.nix
../nixos/cli.nix ../nixos/cli.nix
../nixos/chat.nix
../nixos/gui.nix ../nixos/gui.nix
../nixos/gaming.nix ../nixos/gaming.nix
../nixos/office.nix
./buckwheat/configuration.nix ./buckwheat/configuration.nix
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
@ -25,4 +27,50 @@
} }
]; ];
}; };
fireweed = lib.nixosSystem {
inherit system;
specialArgs = { inherit user inputs; };
modules = [
../nixos/all.nix
../nixos/cli.nix
../nixos/gui.nix
../nixos/office.nix
../nixos/pentest.nix
./fireweed/configuration.nix
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user.name} = {
imports = [
../home-manager/all.nix
../home-manager/cli.nix
../home-manager/gui.nix
./fireweed/home.nix
];
};
}
];
};
vm = lib.nixosSystem {
inherit system;
specialArgs = { inherit user inputs; };
modules = [
../nixos/all.nix
../nixos/cli.nix
./vm/configuration.nix
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user.name} = {
imports = [
../home-manager/all.nix
../home-manager/cli.nix
./vm/home.nix
];
};
}
];
};
} }

View File

@ -0,0 +1,61 @@
# Fireweed configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
let
hostname="fireweed";
in
{
imports = [
./hardware-configuration.nix
];
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
timeout = 2;
};
# Hardware-configuration edits
kernel.sysctl."net.ipv4.ip_forward" = 1;
# Clean /tmp at boot
tmp.cleanOnBoot = true;
};
networking = {
hostName = "${hostname}"; # Define your hostname.
firewall = {
# To disable the firewall altogether:
# enable = false;
allowedTCPPorts = [ 445 139 ];
allowedUDPPorts = [ 137 138 ];
};
# Proxy configuration
# proxy = {
# default = "http://user:password@proxy:port/";
# noProxy = "127.0.0.1,localhost,internal.domain";
# };
};
users.users.${user.name} = {
extraGroups = [ "davfs2" ];
packages = with pkgs; [
];
};
services = {
davfs2 = {
enable = true;
};
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
udisks2 = {
enable = true;
mountOnMedia = true;
};
# Enable automatic login for the user.
# getty.autologinUser = "${user.name}";
};
}

View File

@ -0,0 +1,64 @@
# Fireweed hardware-configuration.nix
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "uas" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/c9833e85-0ea9-45a9-b65d-039c8c4f71f3";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/5E0D-1487";
fsType = "vfat";
};
fileSystems."/mnt/daily" = {
device = "/dev/disk/by-uuid/bfdd61f6-2d26-4140-94ac-e60c21636dde";
fsType = "ext4";
};
fileSystems."/mnt/weekly" = {
device = "/dev/disk/by-uuid/56f7fd65-bf5d-4ce6-830a-ea8fbf6610af";
fsType = "ext4";
};
fileSystems."/mnt/videos" = {
device = "/dev/disk/by-uuid/e1f9cf9a-4147-4849-83e2-4baa342b6400";
fsType = "ext4";
};
#fileSystems."/media" =
# { device = "/mnt/videos";
# fsType = "none";
# options = [ "bind" ];
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
# networking.interfaces.virbr1.useDHCP = lib.mkDefault true;
# networking.interfaces.virbr2.useDHCP = lib.mkDefault true;
# networking.interfaces.virbr3.useDHCP = lib.mkDefault true;
# networking.interfaces.wg-mullvad.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/fireweed/home.nix Normal file
View File

@ -0,0 +1,19 @@
# Fireweed home.nix
{ config, lib, pkgs, inputs, user, ... }:
{
services = {
udiskie = {
enable = true;
automount = true;
notify = true;
settings = {
program_options = {
udisks_version = 2;
};
icon_names.media = [
"media-optical"
];
};
};
};
}

View File

@ -0,0 +1,47 @@
# NixOS VM configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
let
hostname="nixos";
in
{
imports = [
./hardware-configuration.nix
];
boot = {
loader.grub = {
enable = true;
device = "/dev/vda";
useOSProber = true;
};
# Hardware-configuration edits
kernel.sysctl."net.ipv4.ip_forward" = 1;
# Clean /tmp at boot
tmp.cleanOnBoot = true;
};
networking = {
hostName = "${hostname}"; # Define your hostname.
firewall = {
# To disable the firewall altogether:
# enable = false;
allowedTCPPorts = [ 445 139 ];
allowedUDPPorts = [ 137 138 ];
};
# Proxy configuration
# proxy = {
# default = "http://user:password@proxy:port/";
# noProxy = "127.0.0.1,localhost,internal.domain";
# };
};
users.users.${user.name} = {
extraGroups = [
];
packages = with pkgs; [
];
};
services = {
# Enable automatic login for the user.
getty.autologinUser = "${user.name}";
};
}

123
hosts/vm/configuration.nix_ Normal file
View File

@ -0,0 +1,123 @@
# Buckwheat configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
let
hostname="buckwheat";
in
{
imports = [
./hardware-configuration.nix
];
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 10;
};
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
timeout = 2;
};
# Hardware-configuration edits
kernel.sysctl."net.ipv4.ip_forward" = 1;
# Clean /tmp at boot
tmp.cleanOnBoot = true;
};
networking = {
hostName = "${hostname}"; # Define your hostname.
firewall = {
# To disable the firewall altogether:
# enable = false;
allowedTCPPorts = [ 445 139 ];
allowedUDPPorts = [ 137 138 ];
};
# Proxy configuration
# proxy = {
# default = "http://user:password@proxy:port/";
# noProxy = "127.0.0.1,localhost,internal.domain";
# };
};
users.users.${user.name} = {
extraGroups = [ "davfs2" "libvirtd" "transmission" ];
packages = with pkgs; [
mixxx
virt-manager
];
};
services = {
davfs2 = {
enable = true;
};
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
transmission = {
enable = true;
openFirewall = true;
};
udisks2 = {
enable = true;
mountOnMedia = true;
};
# Enable automatic login for the user.
# getty.autologinUser = "${user.name}";
};
virtualisation.libvirtd.enable = true;
# Borg backup configuration
services.borgbackup.jobs."daily" = {
paths = [
"/home"
];
exclude = [
"/home/*/go/bin"
"/home/*/go/pkg"
];
repo = "/mnt/daily/buckwheat";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
within = "7d";
};
};
services.borgbackup.jobs."weekly" = {
paths = [
"/home"
];
exclude = [
"/home/*/go/bin"
"/home/*/go/pkg"
];
repo = "/mnt/weekly/buckwheat";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
compression = "auto,lzma";
startAt = "weekly";
};
#services.borgbackup.jobs."borgbase" = {
# paths = [
# "/home"
# ];
# exclude = [
# "/home/*/go/bin"
# "/home/*/go/pkg"
# ];
# repo = "<repo_hash>.repo.borgbase.com:repo";
# encryption = {
# mode = "repokey-blake2";
# passCommand = "cat /root/borgbackup/passphrase";
# };
# environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
# compression = "auto,lzma";
# startAt = "daily";
#};
}

View File

@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3df45abe-2951-4346-a792-f03ce89e16bb";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

6
hosts/vm/home.nix Normal file
View File

@ -0,0 +1,6 @@
# NixOS VM home.nix
{ config, lib, pkgs, inputs, user, ... }:
{
services = {
};
}

View File

@ -49,6 +49,7 @@
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
}; };
allowSFTP = false; # Don't set this if you need sftp allowSFTP = false; # Don't set this if you need sftp
extraConfig = '' extraConfig = ''
@ -110,11 +111,17 @@
]; ];
}; };
system = { system = {
autoUpgrade = { #autoUpgrade = {
enable = true; # enable = true;
allowReboot = false; # allowReboot = false;
channel = "https://channels.nixos.org/nixos-unstable"; # channel = "https://channels.nixos.org/nixos-unstable";
}; # flake = "<git repo url>";
# flags = [
# "--update-input"
# "nixpkgs"
# "--commit-lockfile"
# ];
#};
stateVersion = "22.11"; stateVersion = "22.11";
}; };
} }

11
nixos/chat.nix Normal file
View File

@ -0,0 +1,11 @@
# Office packages configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
{
users.users.${user.name}.packages = with pkgs; [
catgirl
discord
halloy
profanity
signal-desktop
];
}

View File

@ -69,10 +69,9 @@
}; };
users.users.${user.name}.packages = with pkgs; [ users.users.${user.name}.packages = with pkgs; [
btfs btfs
catgirl
cava cava
cifs-utils cifs-utils
#cmus cmus
curlie curlie
dig dig
dogdns dogdns
@ -82,9 +81,11 @@
fq fq
fx fx
gitui gitui
glow
gpg-tui gpg-tui
gping gping
gron gron
gum
hexyl hexyl
htmlq htmlq
hugo hugo
@ -93,18 +94,18 @@
jo jo
john john
jq jq
ledger
lynis lynis
mdp mdp
mediainfo mediainfo
nb nb
nom
oed oed
pandoc
pdfgrep pdfgrep
profanity phetch
recutils recutils
surfraw shellcheck
ssss ssss
surfraw
tut tut
unrar unrar
unzip unzip

View File

@ -58,6 +58,22 @@
slock.enable = true; slock.enable = true;
}; };
users.users.${user.name}.packages = with pkgs; [ users.users.${user.name}.packages = with pkgs; [
ani-cli
bashmount
feh
glib
lagrange
librewolf
mangal
mpv
mullvad-browser
mupdf
#onionshare-gui
scrot
tor-browser-bundle-bin
urlview
];
environment.systemPackages = with pkgs; [
(dmenu.overrideAttrs (oldAttrs: rec { (dmenu.overrideAttrs (oldAttrs: rec {
configFile = writeText "config.def.h" (builtins.readFile ./patches/dmenu/config.h); configFile = writeText "config.def.h" (builtins.readFile ./patches/dmenu/config.h);
postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h"; postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
@ -66,32 +82,11 @@
configFile = writeText "config.def.h" (builtins.readFile ./patches/st/config.h); configFile = writeText "config.def.h" (builtins.readFile ./patches/st/config.h);
postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h"; postPatch = "${oldAttrs.postPatch}\n cp ${configFile} config.def.h";
})) }))
ani-cli
bashmount
discord
feh
glib
lagrange
libreoffice
mangal
mpv
mullvad-browser
mupdf
#onionshare-gui
scrot
signal-desktop
surf
tabbed
tor-browser-bundle-bin
urlview
];
environment.systemPackages = with pkgs; [
clipmenu clipmenu
dunst dunst
hsetroot hsetroot
networkmanagerapplet networkmanagerapplet
notify-desktop notify-desktop
#pa_applet
sxhkd sxhkd
trayer trayer
xbanish xbanish

12
nixos/office.nix Normal file
View File

@ -0,0 +1,12 @@
# Office packages configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
{
users.users.${user.name}.packages = with pkgs; [
claws-mail
ledger
libreoffice
pandoc
pdftk
#sc-im
];
}

35
nixos/server_defense.nix Normal file
View File

@ -0,0 +1,35 @@
# All configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
{
services = {
openssh = {
enable = true;
ports = [
22
8282
];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
allowSFTP = false; # Don't set this if you need sftp
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
endlessh = {
enable = true;
openFirewall = true;
port = 22;
extraOptions = [
"-6"
"-d 9000"
"-v"
];
};
}
}

6
todo.md Normal file
View File

@ -0,0 +1,6 @@
- [ ] Create additional host configurations
- [ ] Implement the Impermanence module
- [ ] Implement [Agenix](https://nixos.wiki/wiki/Agenix) or Sopsnix
- [ ] Implement [Stylix](https://danth.github.io/stylix/)
- [ ] Implement [MicroVM.nix](https://github.com/astro/microvm.nix)
- [ ] Figure out urlview and yank conflict with tmux plugins