diff --git a/flake.in.nix b/flake.in.nix index e8cbed2..abcaf61 100644 --- a/flake.in.nix +++ b/flake.in.nix @@ -88,7 +88,8 @@ git nvfetcher statix - (writeScriptBin "build" "nix fmt && flake switch") + + (writeScriptBin "build" "nix fmt && ${snowfallorg.flake}/bin/flake switch") (writeScriptBin "up" "nix flake update") ]; }; diff --git a/homes/x86_64-linux/marshall@polaris-nix/default.nix b/homes/x86_64-linux/marshall@polaris-nix/default.nix new file mode 100644 index 0000000..8bbaa21 --- /dev/null +++ b/homes/x86_64-linux/marshall@polaris-nix/default.nix @@ -0,0 +1,62 @@ +{ + inputs, + pkgs, + ... +}: +with pkgs; { + imports = with inputs; [ + catppuccin.homeManagerModules.catppuccin + nix-index-database.hmModules.nix-index + ]; + + nixpkgs = { + config.allowUnfree = true; + }; + + home = { + homeDirectory = "/home/marshall"; + username = "marshall"; + + packages = + [ + alejandra + bun + grc + kitty + macchina + wl-clipboard + xclip + zed-editor + ] + ++ (with inputs; [ + nixvim.packages.${pkgs.system}.default + ]); + }; + + programs = { + gpg.enable = true; + skim.enable = true; + tealdeer.enable = true; + + atuin = { + enable = true; + settings = { + inline_height = 20; + show_preview = true; + style = "compact"; + }; + }; + + git = { + signing.key = "91B1F40056A01DDF"; + }; + }; + + services = { + cliphist.enable = true; + }; + + systemd.user.startServices = "sd-switch"; + + home.stateVersion = "23.11"; +} diff --git a/secrets/mailer_passwd.age b/secrets/mailer_passwd.age new file mode 100644 index 0000000..1f7999e --- /dev/null +++ b/secrets/mailer_passwd.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 Rnre+g 2qc+9205o7uT68Fo6ZmJWdOC8TkIvfNVFiuEop4crH8 +eCywuzUaNYQ6+23DBlnhK7FExAvFWDrjzcOi7sIMDzY +-> ssh-ed25519 TwwU0w fMO1xuxh/nEE2mhscChrxnz7ZKv7LJQgivORxH/QLSk +U4acV2ubZaVtpLceEjW3/J7q3YENNeD55vLsivCA/Pw +--- /4REYNdKs9m2g1OtlLcPDhOJFZs9atAP/fW6UyNeXa8 +0!b(}ׄG$2t!wr>/]o'TvPt@?Дf U 0΋O5 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f64fbce..d217e68 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,4 +3,6 @@ let system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJe8dn/plNp53zGSzHTZjjrQbo94WWMZf7508agyIwQQ agenix"; in { "passwd.age".publicKeys = [marshall system]; + "mailer_passwd.age".publicKeys = [marshall system]; + "token.age".publicKeys = [marshall system]; } diff --git a/secrets/token.age b/secrets/token.age new file mode 100644 index 0000000..148795d Binary files /dev/null and b/secrets/token.age differ diff --git a/systems/x86_64-linux/polaris-nix/default.nix b/systems/x86_64-linux/polaris-nix/default.nix new file mode 100644 index 0000000..fe7ad42 --- /dev/null +++ b/systems/x86_64-linux/polaris-nix/default.nix @@ -0,0 +1,307 @@ +{ + inputs, + lib, + config, + pkgs, + system, + ... +}: { + imports = [./hardware.nix]; + + nixpkgs.config.allowUnfree = true; + system.stateVersion = "23.11"; + time.timeZone = "America/New_York"; + + age = { + secrets.token.file = ../../../secrets/token.age; + secrets.mailer_passwd.file = ../../../secrets/mailer_passwd.age; + identityPaths = ["/root/.ssh/id_ed25519"]; + }; + + nix = { + nixPath = ["nixpkgs=flake:nixpkgs"]; + registry = + (lib.mapAttrs (_: flake: {inherit flake;})) + ((lib.filterAttrs (_: lib.isType "flake")) inputs); + + settings = { + auto-optimise-store = true; + experimental-features = "nix-command flakes"; + warn-dirty = false; + trusted-users = ["marshall"]; + + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + "https://nyx.chaotic.cx/" + "https://cuda-maintainers.cachix.org" + ]; + + trusted-substituters = [ + "cache.nixos.org" + "nix-community.cachix.org" + "nyx.chaotic.cx" + "cuda-maintainers.cachix.org" + ]; + + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + "conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=" + ]; + }; + }; + + environment = { + localBinInPath = true; + + sessionVariables.FLAKE = "/home/marshall/nix-config"; + + systemPackages = [ + pkgs.miniupnpc + inputs.agenix.packages.${system}.default + ]; + + etc = + lib.mapAttrs' + (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) + config.nix.registry; + }; + + fonts.packages = with pkgs; [ + inter + maple-mono-SC-NF + nerdfonts + ]; + + boot = { + kernelPackages = pkgs.linuxPackages_xanmod_latest; + supportedFilesystems = ["ntfs"]; + + binfmt = { + emulatedSystems = ["aarch64-linux"]; + + registrations.appimage = { + wrapInterpreterInShell = false; + interpreter = "${pkgs.appimage-run}/bin/appimage-run"; + recognitionType = "magic"; + offset = 0; + mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; + magicOrExtension = ''\x7fELF....AI\x02''; + }; + }; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + hardware = { + pulseaudio.enable = false; + + bluetooth = { + enable = true; + powerOnBoot = true; + }; + + opengl = { + enable = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + libGL + libGLU + ]; + }; + }; + + networking = { + hostName = "polaris-nix"; + networkmanager.enable = true; + firewall.enable = false; + }; + + security = { + pam.services.gdm.enableGnomeKeyring = true; + rtkit.enable = true; + + sudo.extraConfig = '' + Defaults lecture = never + ''; + }; + + programs = { + fish.enable = true; + ssh.startAgent = true; + }; + + services = { + eternal-terminal.enable = true; + tailscale.enable = true; + xe-guest-utilities.enable = true; + + forgejo = let + forgejoDomain = "git.pupbrained.xyz"; + in { + enable = true; + user = "git"; + group = "git"; + lfs.enable = true; + secrets.mailer.PASSWD = config.age.secrets.mailer_passwd.path; + settings = { + log.LEVEL = "Debug"; + DEFAULT.APP_NAME = "MarGit"; + + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + + database = { + SQLITE_JOURNAL_MODE = "WAL"; + LOG_SQL = false; + }; + + federation.ENABLED = true; + + mailer = { + ENABLED = true; + SMTP_ADDR = "email-smtp.us-east-2.amazonaws.com"; + FROM = "noreply@git.pupbrained.xyz"; + USER = "AKIAVIRH7PRQXI3FCBZ4"; + SEND_AS_PLAIN_TEXT = true; + }; + + metrics = { + ENABLED = true; + ENABLED_ISSUE_BY_REPOSITORY = true; + ENABLED_ISSUE_BY_LABEL = true; + }; + + oauth2_client = { + ACCOUNT_LINKING = "login"; + USERNAME = "nickname"; + ENABLE_AUTO_REGISTRATION = false; + REGISTER_EMAIL_CONFIRM = false; + UPDATE_AVATAR = true; + }; + + packages.ENABLED = true; + + repository = { + DEFAULT_PRIVATE = "private"; + ENABLE_PUSH_CREATE_USER = true; + ENABLE_PUSH_CREATE_ORG = true; + }; + + server = { + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = 6610; + DOMAIN = forgejoDomain; + ROOT_URL = "https://${forgejoDomain}/"; + SSH_USER = "git"; + SSH_DOMAIN = "ssh.pupbrained.xyz"; + }; + + service = { + DISABLE_REGISTRATION = false; + SHOW_REGISTRATION_BUTTON = true; + REGISTER_EMAIL_CONFIRM = false; + ENABLE_NOTIFY_MAIL = true; + }; + + session.COOKIE_SECURE = true; + + ui = { + DEFAULT_THEME = "forgejo-auto"; + }; + + "ui.meta".AUTHOR = "MarGit"; + }; + }; + + matrix-conduit = { + enable = true; + package = pkgs.conduwuit_git; + settings.global.database_backend = "rocksdb"; + settings.global.allow_registration = true; + settings.global.address = "0.0.0.0"; + settings.global.server_name = "pupbrained.xyz"; + settings.global.registration_token = "blehh"; + }; + + openssh = { + enable = true; + + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + pipewire = { + enable = true; + pulse.enable = true; + + alsa = { + enable = true; + support32Bit = true; + }; + }; + + xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + layout = "us"; + xkbVariant = ""; + }; + }; + + systemd.services.cloudflared = { + description = "Point traffic to tunnel subdomain"; + wantedBy = ["default.target"]; + serviceConfig = { + EnvironmentFile = config.age.secrets.token.path; + Type = "oneshot"; + ExecStart = "${lib.getExe pkgs.cloudflared} tunnel --no-autoupdate run"; + }; + }; + + users.users.marshall = { + isNormalUser = true; + shell = pkgs.fish; + extraGroups = ["wheel" "libvirtd" "kvm"]; + }; + + users.groups.git = {}; + + users.users.git = { + isSystemUser = true; + useDefaultShell = true; + group = "git"; + home = config.services.forgejo.stateDir; + }; + + i18n = { + defaultLocale = "en_US.UTF-8"; + + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + }; +} diff --git a/systems/x86_64-linux/polaris-nix/hardware.nix b/systems/x86_64-linux/polaris-nix/hardware.nix new file mode 100644 index 0000000..bb640e4 --- /dev/null +++ b/systems/x86_64-linux/polaris-nix/hardware.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{lib, ...}: { + imports = []; + + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/64079eb2-d3e3-47b7-a889-d5b2fee4fa82"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/BC12-6397"; + fsType = "vfat"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/d36507db-7392-4852-9b2a-12d2a476cd31";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enX0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +}