commit fec0c2a09fa514429323d5afc050e98fe8e0933a Author: Eclypsed Date: Sat Sep 13 02:38:36 2025 -0400 First commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3cb44c3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +# ---> Nix +# Ignore build outputs from performing a nix-build or `nix build` command +result +result-* + +# Ignore automatically generated direnv output +.direnv + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..61bc59b --- /dev/null +++ b/flake.lock @@ -0,0 +1,305 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "owner": "ryantm", + "repo": "agenix", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1751685974, + "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", + "ref": "refs/heads/main", + "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", + "revCount": 92, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757698511, + "narHash": "sha256-UqHHGydF/q3jfYXCpvYLA0TWtvByOp1NwOKCUjhYmPs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a3fcc92180c7462082cd849498369591dfb20855", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "mnw": { + "locked": { + "lastModified": 1756659871, + "narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=", + "owner": "Gerg-L", + "repo": "mnw", + "rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16", + "type": "github" + }, + "original": { + "owner": "Gerg-L", + "repo": "mnw", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757705205, + "narHash": "sha256-8xB4M6tCmaSaAAb72plJK3H8EH/yfOMnUWzIWKg521g=", + "owner": "nix-community", + "repo": "NUR", + "rev": "338f8cc3d30bb635459c5198e676eb123b1ff4fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nvf": { + "inputs": { + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", + "mnw": "mnw", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1757397598, + "narHash": "sha256-v/FANUOWyeWlWCD61HDLSNO9nHnQALAtvLf2VtE1+WU=", + "owner": "notashelf", + "repo": "nvf", + "rev": "c7944a48a3c61cb3ca08ac2dc8b8de124d15dcb8", + "type": "github" + }, + "original": { + "owner": "notashelf", + "repo": "nvf", + "type": "github" + } + }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756632588, + "narHash": "sha256-ydam6eggXf3ZwRutyCABwSbMAlX+5lW6w1SVZQ+kfSo=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "d47428e5390d6a5a8f764808a4db15929347cd77", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "home-manager": "home-manager_2", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "nur": "nur", + "nvf": "nvf", + "plasma-manager": "plasma-manager" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..228d19c --- /dev/null +++ b/flake.nix @@ -0,0 +1,51 @@ +{ + description = "System Configuration Flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + nixos-hardware.url = "github:NixOS/nixos-hardware"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nvf = { + url = "github:notashelf/nvf"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; + }; + + outputs = { nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + host = "vanta"; + in + { + nixosConfigurations.${host} = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs host; }; + modules = [ + ./modules/system + ./hosts/${host} + ]; + }; + }; +} diff --git a/hosts/vanta/default.nix b/hosts/vanta/default.nix new file mode 100644 index 0000000..be8b088 --- /dev/null +++ b/hosts/vanta/default.nix @@ -0,0 +1,10 @@ +{ + inputs, + ... +}: +{ + imports = [ + inputs.nixos-hardware.nixosModules.framework-12th-gen-intel + ./hardware-configuration.nix + ]; +} diff --git a/hosts/vanta/hardware-configuration.nix b/hosts/vanta/hardware-configuration.nix new file mode 100644 index 0000000..f2ccdd8 --- /dev/null +++ b/hosts/vanta/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/1df00fd1-f531-49b9-9dc6-6d17ca39b67a"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EE0E-CAE4"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/fbacd982-b161-447c-a34a-7b44bc063a08"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..c2c43cb --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,14 @@ +{ + ... +}: +{ + imports = [ + ./firefox.nix + ./git.nix + ./nvf.nix + ./packages.nix + ./plasma.nix + # ./vscode.nix + ./zsh.nix + ]; +} diff --git a/modules/home/firefox.nix b/modules/home/firefox.nix new file mode 100644 index 0000000..139cd18 --- /dev/null +++ b/modules/home/firefox.nix @@ -0,0 +1,118 @@ +{ + config, + pkgs, + ... +}: +{ + programs.firefox = { + enable = true; + languagePacks = [ "en-US" ]; + nativeMessagingHosts = with pkgs; [ + kdePackages.plasma-browser-integration + ]; + policies = { + DefaultDownloadDirectory = config.xdg.userDirs.download; + DisableFirefoxAccounts = true; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableProfileImport = true; + DisableProfileRefresh = true; + DisableTelemetry = true; + DontCheckDefaultBrowser = true; + EnableTrackingProtection = { + Value = true; # Tracking protection is enabled by default in both the regular browser and private browsing + Locked = true; # Whether or not a user can change tracking protection + Cryptomining = true; # Block cryptomining scripts + Fingerprinting = true; # Block fingerprinting scripts + EmailTracking = true; # Block email tracking pixels and scripts + }; + FirefoxHome = { + Search = true; + TopSites = true; + SponsoredTopSites = false; + Highlights = false; + Pocket = false; + Stories = false; + SponsoredPocket = false; + SponsoredStories = false; + Snippets = true; + Locked = true; + }; + FirefoxSuggest = { + WebSuggestions = true; + SponsoredSuggestions = false; + ImproveSuggest = false; + Locked = true; + }; + Homepage = { + URL = "http://100.78.212.35:30054"; + Locked = true; + StartPage = "homepage"; + }; + OfferToSaveLogins = false; + OverrideFirstRunPage = ""; + PasswordManagerEnabled = false; + PopupBlocking = { + Default = false; + Locked = true; + }; + PrimaryPassword = false; + SearchBar = "unified"; + ShowHomeButton = true; + SkipTermsOfUse = true; + }; + profiles.eclypse = { + name = "Eclypse"; + isDefault = true; + extensions = { + force = true; + packages = with pkgs.nur.repos.rycee.firefox-addons; [ + ublock-origin + bitwarden + plasma-integration + ]; + settings = { + "uBlock0@raymondhill.net".settings = { + selectedFilterLists = [ + "ublock-filters" + "ublock-badware" + "ublock-privacy" + "ublock-unbreak" + "ublock-quick-fixes" + ]; + }; + }; + }; + search = { + default = "google"; + engines = { + nix-packages = { + name = "Nix Packages"; + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "channel"; + value = "unstable"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@np" ]; + }; + }; + }; + settings = { + # Auto-enable extensions + "extensions.autoDisableScopes" = 0; + }; + }; + }; +} diff --git a/modules/home/git.nix b/modules/home/git.nix new file mode 100644 index 0000000..0ffd68e --- /dev/null +++ b/modules/home/git.nix @@ -0,0 +1,15 @@ +{ + ... +}: +{ + programs.git = { + enable = true; + userName = "Eclypsed"; + userEmail = "Ec1ypsed@proton.me"; + extraConfig = { + init = { + defaultBranch = "main"; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/home/nvf.nix b/modules/home/nvf.nix new file mode 100644 index 0000000..0dccde4 --- /dev/null +++ b/modules/home/nvf.nix @@ -0,0 +1,125 @@ +{ + inputs, + pkgs, + host, + ... +}: +{ + imports = [ + inputs.nvf.homeManagerModules.default + ]; + + programs.nvf = { + enable = true; + settings = { + vim = { + viAlias = false; + vimAlias = true; + + options = { + wrap = false; + }; + + lsp = { + enable = true; + formatOnSave = true; + inlayHints.enable = true; + }; + + treesitter = { + enable = true; + indent.enable = true; + }; + + statusline.lualine.enable = true; + telescope.enable = true; + autocomplete.blink-cmp.enable = true; + + # Auto-close (, ", `, etc. + mini.pairs = { + enable = true; + }; + + # File explorer + filetree.neo-tree = { + enable = true; + }; + + # Formatting files + formatter.conform-nvim = { + enable = true; + setupOpts = { + + }; + }; + + binds = { + whichKey.enable = true; + }; + + keymaps = [ + { + key = ""; + mode = [ "n" ]; + silent = true; + action = "Neotree toggle"; + } + ]; + + theme = { + enable = true; + name = "catppuccin"; + style = "mocha"; + }; + + languages = { + enableTreesitter = true; + enableFormat = true; + + nix = { + enable = true; + format = { + enable = true; + package = pkgs.nixfmt; + type = "nixfmt"; + }; + lsp = { + enable = true; + package = pkgs.nixd; + server = "nixd"; + options = { + nixos = { + expr = "(builtins.getFlake (builtins.toString ./.)).nixosConfigurations.${host}.options"; + }; + home-manager = { + expr = "(builtins.getFlake (builtins.toString ./.)).nixosConfigurations.${host}.options.home-manager.users.type.getSubOptions []"; + }; + }; + }; + treesitter.enable = true; + }; + + python = { + enable = true; + dap = { + enable = true; + debugger = "debugpy"; + }; + format = { + enable = true; + type = "black-and-isort"; + }; + lsp = { + enable = true; + }; + treesitter.enable = true; + }; + }; + + utility = { + sleuth.enable = true; + }; + }; + }; + }; +} diff --git a/modules/home/packages.nix b/modules/home/packages.nix new file mode 100644 index 0000000..7ddc3c6 --- /dev/null +++ b/modules/home/packages.nix @@ -0,0 +1,25 @@ +{ + pkgs, + ... +}: +{ + home.packages = with pkgs; [ + zoom-us + devenv + discord + sqlitebrowser + drawio + + # Libre Office + libreoffice-qt + hunspell + hunspellDicts.en_US + + # KDE + kdePackages.kate + + # CD Stuff + picard + heybrochecklog + ]; +} diff --git a/modules/home/plasma.nix b/modules/home/plasma.nix new file mode 100644 index 0000000..0a0b95b --- /dev/null +++ b/modules/home/plasma.nix @@ -0,0 +1,45 @@ +{ + inputs, + ... +}: +{ + imports = [ + inputs.plasma-manager.homeModules.plasma-manager + ]; + + programs = { + plasma = { + enable = true; + + kscreenlocker = { + appearance = { + wallpaper = ../../wallpapers/lanterns_of_twilight.png; + }; + }; + + workspace = { + lookAndFeel = "org.kde.breezedark.desktop"; + wallpaper = ../../wallpapers/lanterns_of_twilight.png; + wallpaperFillMode = "preserveAspectCrop"; + }; + }; + + konsole = { + enable = true; + defaultProfile = "Jade"; + profiles = { + jade = { + name = "Jade"; + font = { + name = "FiraCode"; + }; + extraConfig = { + Appearance = { + WordMode = true; + }; + }; + }; + }; + }; + }; +} diff --git a/modules/home/vscode.nix b/modules/home/vscode.nix new file mode 100644 index 0000000..f68f215 --- /dev/null +++ b/modules/home/vscode.nix @@ -0,0 +1,65 @@ +{ + pkgs, +# pkgs-stable, + ... +}: +# let +# ms-python-stable = pkgs-stable.vscode-extensions.ms-python; +# in +{ + programs.vscode = { + enable = true; + package = pkgs.vscode-fhs; + profiles = { + default = { + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + extensions = with pkgs.vscode-extensions; [ + # General + pkief.material-icon-theme + ritwickdey.liveserver + aaron-bond.better-comments + yzane.markdown-pdf + + # Nix + bbenoist.nix + jnoortheen.nix-ide + + # Python + # ms-python-stable.python + # ms-python-stable.vscode-pylance + # ms-python-stable.debugpy + # ms-python-stable.black-formatter + # ms-python-stable.isort + # ms-python.python # Currently broken, need to manually install + # ms-python.black-formatter + # ms-python.isort + + # Rust + rust-lang.rust-analyzer + + # Typescript / WebDev + esbenp.prettier-vscode + yoavbls.pretty-ts-errors + svelte.svelte-vscode + ]; + userSettings = { + # General + "workbench.iconTheme" = "material-icon-theme"; + + # Python + "[python]" = { + "editor.defaultFormatter" = "ms-python.black-formatter"; + "editor.formatOnSave" = true; + "editor.codeActionsOnSave" = { + "source.organizeImports" = "explicit"; + }; + }; + "isort.args" = [ "--profile" "black" ]; + "python.analysis.typeCheckingMode" = "strict"; + "python.languageServer" = "Pylance"; + }; + }; + }; + }; +} diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix new file mode 100644 index 0000000..ea17b7b --- /dev/null +++ b/modules/home/zsh.nix @@ -0,0 +1,29 @@ +{ + pkgs, + ... +}: +{ + programs = { + direnv = { + enable = true; + enableZshIntegration = true; + }; + kitty = { + enable = true; + enableGitIntegration = true; + font = { + name = "FiraCode Nerd Font"; + package = pkgs.nerd-fonts.fira-code; + }; + shellIntegration = { + enableZshIntegration = true; + }; + }; + zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + }; + }; +} diff --git a/modules/overlays/default.nix b/modules/overlays/default.nix new file mode 100644 index 0000000..f22daba --- /dev/null +++ b/modules/overlays/default.nix @@ -0,0 +1,8 @@ +{ + ... +}: +{ + nixpkgs.overlays = [ + (import ./heybrochecklog.nix) + ]; +} \ No newline at end of file diff --git a/modules/overlays/heybrochecklog.nix b/modules/overlays/heybrochecklog.nix new file mode 100644 index 0000000..c09a41b --- /dev/null +++ b/modules/overlays/heybrochecklog.nix @@ -0,0 +1,45 @@ +self: super: with super.python3Packages; +let + pprp = buildPythonPackage rec { + pname = "pprp"; + version = "0.2.7"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-2ednecxSsJONvH9XJ6GV3ExgdcPrUEAlYRpZt2Nrkw0="; + }; + + format = "setuptools"; + doCheck = false; + }; +in +{ + heybrochecklog = buildPythonApplication { + pname = "heybrochecklog"; + version = "1.4.7"; + + src = super.fetchurl { + url = "https://github.com/doujincafe/hbcl/releases/download/v1.4.7/heybrochecklog-1.4.7.tar.gz"; + sha256 = "sha256-nCJJvzw/BoCEGDIX62zZr1ZI/b0W5nnFOZlMw4Btcnw="; + }; + + format = "pyproject"; + doCheck = false; + + nativeBuildInputs = [ + poetry-core + ]; + + propagatedBuildInputs = [ + faust-cchardet + chardet + pprp + ]; + + postPatch = '' + substituteInPlace pyproject.toml \ + --replace 'poetry.masonry.api' 'poetry.core.masonry.api' \ + --replace 'poetry>=' 'poetry-core>=' + ''; + }; +} diff --git a/modules/system/agenix.nix b/modules/system/agenix.nix new file mode 100644 index 0000000..526f435 --- /dev/null +++ b/modules/system/agenix.nix @@ -0,0 +1,20 @@ +{ + inputs, + pkgs, + ... +}: +{ + imports = [ + inputs.agenix.nixosModules.default + ]; + + environment.systemPackages = [ + inputs.agenix.packages.${pkgs.system}.default # CLI Tool + ]; + + age.secrets = { + tailscale-auth.file = ../../secrets/tailscale-auth.age; + eclypsecloud-eclypse.file = ../../secrets/eclypsecloud-eclypse.age; + eclypse-password.file = ../../secrets/eclypse-password.age; + }; +} diff --git a/modules/system/boot.nix b/modules/system/boot.nix new file mode 100644 index 0000000..99afb5d --- /dev/null +++ b/modules/system/boot.nix @@ -0,0 +1,14 @@ +{ + ... +}: +{ + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + efi.canTouchEfiVariables = true; + }; + }; +} diff --git a/modules/system/default.nix b/modules/system/default.nix new file mode 100644 index 0000000..33a4ad6 --- /dev/null +++ b/modules/system/default.nix @@ -0,0 +1,18 @@ +{ + ... +}: +{ + imports = [ + ./agenix.nix + ./boot.nix + ./fileSystems.nix + ./fonts.nix + ./network.nix + ./packages.nix + ./security.nix + ./services.nix + ./system.nix + ./tailscale.nix + ./user.nix + ]; +} diff --git a/modules/system/fileSystems.nix b/modules/system/fileSystems.nix new file mode 100644 index 0000000..82769ba --- /dev/null +++ b/modules/system/fileSystems.nix @@ -0,0 +1,40 @@ +{ + pkgs, + config, + ... +}: +let + automount_opts = [ + "x-systemd.automount" + "x-systemd.idle-timeout=60" + "x-systemd.device-timeout=5s" + "x-systemd.mount-timeout=5s" + "noauto" + "user" + "users" + ]; +in +{ + fileSystems = { + "/mnt/EclypseCloud" = { + device = "//100.78.212.35/EclypseCloud"; + fsType = "cifs"; + options = [ + "credentials=${config.age.secrets.eclypsecloud-eclypse.path}" + "uid=${toString config.users.users.eclypse.uid}" + "rw" + ] ++ automount_opts; + }; + "/mnt/Music" = { + device = "//100.78.212.35/music"; + fsType = "cifs"; + options = [ + "credentials=${config.age.secrets.eclypsecloud-eclypse.path}" + "uid=${toString config.users.users.eclypse.uid}" + "rw" + ] ++ automount_opts; + }; + }; + + environment.systemPackages = with pkgs; [ cifs-utils ]; +} \ No newline at end of file diff --git a/modules/system/fonts.nix b/modules/system/fonts.nix new file mode 100644 index 0000000..dfabe9d --- /dev/null +++ b/modules/system/fonts.nix @@ -0,0 +1,13 @@ +{ + pkgs, + ... +}: +{ + fonts = { + enableDefaultPackages = true; + fontconfig.enable = true; + packages = with pkgs; [ + fira-code + ]; + }; +} diff --git a/modules/system/network.nix b/modules/system/network.nix new file mode 100644 index 0000000..b1e8679 --- /dev/null +++ b/modules/system/network.nix @@ -0,0 +1,23 @@ +{ + host, + ... +}: +{ + networking = { + hostName = "${host}"; # Define your hostname + + # Pick only one of the below networking options. + # wireless.enable = true; # Enables wireless support via wpa_supplicant. + networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Open ports in the firewall. + # firewall.allowedTCPPorts = [ ... ]; + # firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # firewall.enable = false; + }; +} diff --git a/modules/system/packages.nix b/modules/system/packages.nix new file mode 100644 index 0000000..603beba --- /dev/null +++ b/modules/system/packages.nix @@ -0,0 +1,48 @@ +{ + inputs, + pkgs, + ... +}: +{ + imports = [ + inputs.nur.modules.nixos.default # Adds the NUR overlay + ../overlays + ]; + + programs = { + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # mtr.enable = true; + # gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + zsh.enable = true; + }; + + nixpkgs = { + # ? For some reason, doing config.allowUnfree does not work + # ? Maybe becuase it's not an explicit option? + # ? https://search.nixos.org/options?channel=25.05&show=nixpkgs.config&query=nixpkgs.config + config = { + allowUnfree = true; + }; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment = { + pathsToLink = [ "/share/zsh" ]; + systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + git + # (catppuccin-sddm.override { + # flavor = "mocha"; + # accent = "pink"; + # font = "FiraCode"; + # background = "${../../wallpapers/lanterns_of_twilight.png}"; + # loginBackground = true; + # }) + ]; + }; +} diff --git a/modules/system/security.nix b/modules/system/security.nix new file mode 100644 index 0000000..638fe3f --- /dev/null +++ b/modules/system/security.nix @@ -0,0 +1,8 @@ +{ + ... +}: +{ + security = { + rtkit.enable = true; + }; +} \ No newline at end of file diff --git a/modules/system/services.nix b/modules/system/services.nix new file mode 100644 index 0000000..287dcbe --- /dev/null +++ b/modules/system/services.nix @@ -0,0 +1,56 @@ +{ + ... +}: +{ + services = { + xserver = { + # Enable the X11 windowing system. + # You can disable this if you're only using the Wayland session. + enable = true; + + # Configure keymap in X11 + xkb = { + layout = "us"; + variant = ""; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # libinput.enable = true; + }; + + # Enable the KDE Plasma Desktop Environment. + displayManager.sddm = { + enable = true; + # theme = "catppuccin-mocha-pink"; + }; + desktopManager.plasma6.enable = true; + + # Enable CUPS to print documents. + printing.enable = true; + + # Enable sound with pipewire. + pulseaudio.enable = false; + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + # jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + # media-session.enable = true; + }; + + # Enable the OpenSSH daemon. (Look into Fail2Ban in the future) + openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "prohibit-password"; + AllowUsers = [ "eclypse" ]; + }; + }; + }; +} diff --git a/modules/system/system.nix b/modules/system/system.nix new file mode 100644 index 0000000..720b214 --- /dev/null +++ b/modules/system/system.nix @@ -0,0 +1,70 @@ +{ + inputs, + ... +}: +{ + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + substituters = [ + "https://cache.nixos.org" + "https://nix-community.cachix.org" + "https://devenv.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" + ]; + }; + }; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + }; + + # Select internationalisation properties. + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix new file mode 100644 index 0000000..d92e15e --- /dev/null +++ b/modules/system/tailscale.nix @@ -0,0 +1,31 @@ +{ + config, + pkgs, + ... +}: +{ + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; + authKeyFile = config.age.secrets.tailscale-auth.path; + + # * Only applied if `authKeyFile` is specified + extraUpFlags = [ + "--ssh" + "--accept-routes=true" + ]; + extraSetFlags = [ + "--operator=eclypse" + ]; + }; + + # Taildrop + systemd.user.services.taildrop = { + description = "Taildrop File Receiver Service"; + wantedBy = [ "default.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.tailscale}/bin/tailscale file get --verbose --loop $HOME/Downloads/'"; + }; + }; +} diff --git a/modules/system/user.nix b/modules/system/user.nix new file mode 100644 index 0000000..633ada4 --- /dev/null +++ b/modules/system/user.nix @@ -0,0 +1,41 @@ +{ + inputs, + pkgs, + host, + config, + ... +}: +{ + imports = [ inputs.home-manager.nixosModules.home-manager ]; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + extraSpecialArgs = { inherit inputs host; }; + + users.eclypse = { + imports = [ ../home ]; + home = { + username = "eclypse"; + homeDirectory = "/home/eclypse"; + stateVersion = "25.05"; + }; + programs.home-manager.enable = true; + }; + + backupFileExtension = "backup3"; + }; + + users.mutableUsers = false; + users.users.eclypse = { + isNormalUser = true; + uid = 1000; + description = "Eclypse"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + hashedPasswordFile = config.age.secrets.eclypse-password.path; + shell = pkgs.zsh; + }; +} diff --git a/secrets/eclypse-password.age b/secrets/eclypse-password.age new file mode 100644 index 0000000..54a2a6c --- /dev/null +++ b/secrets/eclypse-password.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 7p4RPw wZdiee1a8rqdaNA8EVLUJIEue1ldgrk3HgVGhmHpnTQ +8VLt5rSvqN+HAHS9JL6hYSj7xVrTtZAcrn5C12it+Fw +--- 9oiyRlMDS7PrUyP4SmkgcMZz+/BENDBn9XN+3216OXY +%v*|M3gg%;F"s 7Uj_HD^*BnK' v~` +דM30mS*u;*V2,pa${G2PsH9aߟXs"=Nh sX \ No newline at end of file diff --git a/secrets/eclypsecloud-eclypse.age b/secrets/eclypsecloud-eclypse.age new file mode 100644 index 0000000..1a70592 --- /dev/null +++ b/secrets/eclypsecloud-eclypse.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 7p4RPw dVTohhNu/jjHSNyhw7irzffqzJJFvW0TbkhSmKKrhS8 +zTc4HaFO3hSYVLM35KwEGUcu2R+JGHIN758FpKKxL5U +--- EhTyT6CYdKjAC9yN0kCxx5yW4o27DJteu8YCbVF2Ln4 +ܬ}Pl',QLג5PSMs <₼zyQ o t[a0Uz?R"&ߨCl \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..514f5e7 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,19 @@ +# This file is NOT imported into the nix configuration, it is just for the agenix CLI +let + # System public ssh keys (/etc/ssh/) + vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP"; +in +{ + # Tailscale auth key need to be up to date with a valid auth key in the tailscale + # dashboard. Single-use keys expire after a single machine connects, and even + # reusable keys expire after 90 days. + # Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key` + # Note: Only devices with the below public keys are allowed to edit tailscale-auth.age + "tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet; + + # Devices that can connect to EclypseCloud with the eclypse user. + "eclypsecloud-eclypse.age".publicKeys = [ vanta ]; + + # Devices that have the eclypse user + "eclypse-password.age".publicKeys = [ vanta ]; +} diff --git a/secrets/tailscale-auth.age b/secrets/tailscale-auth.age new file mode 100644 index 0000000..cd6d951 --- /dev/null +++ b/secrets/tailscale-auth.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 7p4RPw 7GuZj43+NoyPXf//ZLM99vossbJXOpDQSkBi3w51Wl8 +FTMjlyml+T87LQffffY2AJL5IhTAJF2QlfFvhvZpvOs +--- iONf8B3bUxXtCiv0EAv5QO0ZyhE5A6YfRbcxUr/awFg +TwJ`~B +;lOh{2?PF>@moc~X3@.gھeKV7zphSد6.WO@F  \ No newline at end of file diff --git a/wallpapers/lanterns_of_twilight.png b/wallpapers/lanterns_of_twilight.png new file mode 100644 index 0000000..47f4707 Binary files /dev/null and b/wallpapers/lanterns_of_twilight.png differ