andreijiroh.dev / nixops-config
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(global): implement custom NixOS options for configs

We'll start with GnuPG and agenix first before going through the rest.

Signed-off-by: ajhalili2006 <ajhalili2006@gmail.com>

ajhalili2006 81a26181 7dc24afe

+940 -947
+198 -312
flake.nix
··· 191 191 live-cd = (nixpkgs.lib.nixosSystem { 192 192 inherit system; 193 193 modules = [ 194 - ({...}: { 195 - _module.args = { 196 - inherit 197 - self 198 - nixpkgs 199 - home-manager 200 - nixos-hardware 201 - determinate 202 - vscode-server 203 - nix-ld 204 - zen-browser 205 - nix4vscode 206 - firefox-addons 207 - agenix 208 - agenix-rekey 209 - chaotic 210 - llm-agents 211 - ; 212 - }; 213 - }) 214 194 nix-ld.nixosModules.nix-ld 215 195 determinate.nixosModules.default 216 196 home-manager.nixosModules.home-manager ··· 219 199 ./hosts/live-cd/kde-plasma.nix 220 200 ]; 221 201 specialArgs = { 222 - inherit 223 - self 224 - nixpkgs 225 - home-manager 226 - nixos-hardware 227 - determinate 228 - vscode-server 229 - nix-ld 230 - zen-browser 231 - nix4vscode 232 - firefox-addons 233 - agenix 234 - agenix-rekey 235 - chaotic 236 - llm-agents 237 - ; 202 + inherit 203 + self 204 + nixpkgs 205 + home-manager 206 + nixos-hardware 207 + determinate 208 + vscode-server 209 + nix-ld 210 + flake-utils 211 + systems 212 + nixos-generators 213 + zen-browser 214 + nix4vscode 215 + firefox-addons 216 + agenix 217 + agenix-rekey 218 + chaotic 219 + llm-agents 220 + dev-pkgs 221 + ; 238 222 }; 239 223 }).config.system.build.isoImage; 240 224 }; ··· 271 255 recoverykit-amd64 = nixpkgs.lib.nixosSystem { 272 256 system = "x86_64-linux"; 273 257 modules = [ 274 - ({...}: { 275 - _module.args = { 276 - inherit 277 - self 278 - nixpkgs 279 - home-manager 280 - nixos-hardware 281 - determinate 282 - vscode-server 283 - nix-ld 284 - zen-browser 285 - nix4vscode 286 - firefox-addons 287 - agenix 288 - agenix-rekey 289 - chaotic 290 - llm-agents 291 - ; 292 - }; 293 - }) 294 258 # nix flake modules first 295 259 nix-ld.nixosModules.nix-ld 296 260 determinate.nixosModules.default ··· 305 269 306 270 specialArgs = { 307 271 inherit 308 - self 309 - nixpkgs 310 - home-manager 311 - nixos-hardware 312 - determinate 313 - vscode-server 314 - nix-ld 315 - zen-browser 316 - nix4vscode 317 - firefox-addons 318 - agenix 319 - agenix-rekey 320 - chaotic 321 - llm-agents 322 - ; 323 - }; 272 + self 273 + nixpkgs 274 + home-manager 275 + nixos-hardware 276 + determinate 277 + vscode-server 278 + nix-ld 279 + flake-utils 280 + systems 281 + nixos-generators 282 + zen-browser 283 + nix4vscode 284 + firefox-addons 285 + agenix 286 + agenix-rekey 287 + chaotic 288 + llm-agents 289 + dev-pkgs 290 + ; 324 291 }; 325 292 }; 326 293 327 294 portable-amd64-256gb = nixpkgs.lib.nixosSystem { 328 295 system = "x86_64-linux"; 329 296 modules = [ 330 - ({...}: { 331 - _module.args = { 332 - inherit 333 - self 334 - nixpkgs 335 - home-manager 336 - nixos-hardware 337 - determinate 338 - vscode-server 339 - nix-ld 340 - zen-browser 341 - nix4vscode 342 - firefox-addons 343 - agenix 344 - agenix-rekey 345 - chaotic 346 - llm-agents 347 - ; 348 - }; 349 - }) 350 297 # nix flake modules first 351 298 nix-ld.nixosModules.nix-ld 352 299 determinate.nixosModules.default ··· 359 306 ]; 360 307 361 308 specialArgs = { 362 - 363 - inherit 364 - self 365 - nixpkgs 366 - home-manager 367 - nixos-hardware 368 - determinate 369 - vscode-server 370 - nix-ld 371 - zen-browser 372 - nix4vscode 373 - firefox-addons 374 - agenix 375 - agenix-rekey 376 - chaotic 377 - llm-agents 378 - ; 379 - }; 309 + inherit 310 + self 311 + nixpkgs 312 + home-manager 313 + nixos-hardware 314 + determinate 315 + vscode-server 316 + nix-ld 317 + flake-utils 318 + systems 319 + nixos-generators 320 + zen-browser 321 + nix4vscode 322 + firefox-addons 323 + agenix 324 + agenix-rekey 325 + chaotic 326 + llm-agents 327 + dev-pkgs 328 + ; 380 329 }; 381 330 }; 382 331 383 332 lairland = nixpkgs.lib.nixosSystem { 384 333 system = "x86_64-linux"; 385 334 modules = [ 386 - ({...}: { 387 - _module.args = { 388 - inherit 389 - self 390 - nixpkgs 391 - home-manager 392 - nixos-hardware 393 - determinate 394 - vscode-server 395 - nix-ld 396 - zen-browser 397 - nix4vscode 398 - firefox-addons 399 - agenix 400 - agenix-rekey 401 - chaotic 402 - llm-agents 403 - ; 404 - }; 405 - }) 406 335 # nix flake modules first 407 336 nix-ld.nixosModules.nix-ld 408 337 determinate.nixosModules.default 409 338 home-manager.nixosModules.home-manager 339 + agenix.nixosModules.default 340 + agenix-rekey.nixosModules.default 410 341 vscode-server.nixosModules.default 411 342 chaotic.nixosModules.default 412 343 ··· 417 348 418 349 specialArgs = { 419 350 inherit 420 - self 421 - nixpkgs 422 - home-manager 423 - nixos-hardware 424 - determinate 425 - vscode-server 426 - nix-ld 427 - zen-browser 428 - nix4vscode 429 - firefox-addons 430 - agenix 431 - agenix-rekey 432 - chaotic 433 - llm-agents 434 - ; 351 + self 352 + nixpkgs 353 + home-manager 354 + nixos-hardware 355 + determinate 356 + vscode-server 357 + nix-ld 358 + flake-utils 359 + systems 360 + nixos-generators 361 + zen-browser 362 + nix4vscode 363 + firefox-addons 364 + agenix 365 + agenix-rekey 366 + chaotic 367 + llm-agents 368 + dev-pkgs 369 + ; 435 370 }; 436 371 }; 437 372 ··· 440 375 # otherwise, it fails to build with some missing dependencies 441 376 system = "x86_64-linux"; 442 377 modules = [ 443 - ({...}: { 444 - _module.args = { 445 - inherit 446 - self 447 - nixpkgs 448 - home-manager 449 - nixos-hardware 450 - determinate 451 - vscode-server 452 - nix-ld 453 - zen-browser 454 - nix4vscode 455 - firefox-addons 456 - agenix 457 - agenix-rekey 458 - chaotic 459 - llm-agents 460 - ; 461 - }; 462 - }) 463 378 nix-ld.nixosModules.nix-ld 464 379 determinate.nixosModules.default 465 380 home-manager.nixosModules.home-manager 381 + agenix.nixosModules.default 382 + agenix-rekey.nixosModules.default 466 383 vscode-server.nixosModules.default 467 384 chaotic.nixosModules.default 468 385 ./shared/meta.nix ··· 470 387 ]; 471 388 specialArgs = { 472 389 inherit 473 - self 474 - nixpkgs 475 - home-manager 476 - nixos-hardware 477 - determinate 478 - vscode-server 479 - nix-ld 480 - zen-browser 481 - nix4vscode 482 - firefox-addons 483 - agenix 484 - agenix-rekey 485 - chaotic 486 - llm-agents 487 - ; 390 + self 391 + nixpkgs 392 + home-manager 393 + nixos-hardware 394 + determinate 395 + vscode-server 396 + nix-ld 397 + flake-utils 398 + systems 399 + nixos-generators 400 + zen-browser 401 + nix4vscode 402 + firefox-addons 403 + agenix 404 + agenix-rekey 405 + chaotic 406 + llm-agents 407 + dev-pkgs 408 + ; 488 409 }; 489 410 }; 490 411 491 412 live-cd-minimal = nixpkgs.lib.nixosSystem { 492 413 system = "x86_64-linux"; 493 414 modules = [ 494 - ({...}: { 495 - _module.args = { 496 - inherit 497 - self 498 - nixpkgs 499 - home-manager 500 - nixos-hardware 501 - determinate 502 - vscode-server 503 - nix-ld 504 - zen-browser 505 - nix4vscode 506 - firefox-addons 507 - agenix 508 - agenix-rekey 509 - chaotic 510 - llm-agents 511 - ; 512 - }; 513 - }) 514 415 nix-ld.nixosModules.nix-ld 515 416 determinate.nixosModules.default 516 417 home-manager.nixosModules.home-manager ··· 520 421 ]; 521 422 specialArgs = { 522 423 inherit 523 - self 524 - nixpkgs 525 - home-manager 526 - nixos-hardware 527 - determinate 528 - vscode-server 529 - nix-ld 530 - zen-browser 531 - nix4vscode 532 - firefox-addons 533 - agenix 534 - agenix-rekey 535 - chaotic 536 - llm-agents 537 - ; 424 + self 425 + nixpkgs 426 + home-manager 427 + nixos-hardware 428 + determinate 429 + vscode-server 430 + nix-ld 431 + flake-utils 432 + systems 433 + nixos-generators 434 + zen-browser 435 + nix4vscode 436 + firefox-addons 437 + agenix 438 + agenix-rekey 439 + chaotic 440 + llm-agents 441 + dev-pkgs 442 + ; 538 443 }; 539 444 }; 540 445 541 446 live-cd-graphical = nixpkgs.lib.nixosSystem { 542 447 system = "x86_64-linux"; 543 448 modules = [ 544 - ({...}: { 545 - _module.args = { 546 - inherit 547 - self 548 - nixpkgs 549 - home-manager 550 - nixos-hardware 551 - determinate 552 - vscode-server 553 - nix-ld 554 - zen-browser 555 - nix4vscode 556 - firefox-addons 557 - agenix 558 - agenix-rekey 559 - chaotic 560 - llm-agents 561 - ; 562 - }; 563 - }) 564 449 nix-ld.nixosModules.nix-ld 565 450 determinate.nixosModules.default 566 451 home-manager.nixosModules.home-manager ··· 570 455 ]; 571 456 specialArgs = { 572 457 inherit 573 - self 574 - nixpkgs 575 - home-manager 576 - nixos-hardware 577 - determinate 578 - vscode-server 579 - nix-ld 580 - zen-browser 581 - nix4vscode 582 - firefox-addons 583 - agenix 584 - agenix-rekey 585 - chaotic 586 - llm-agents 587 - ; 458 + self 459 + nixpkgs 460 + home-manager 461 + nixos-hardware 462 + determinate 463 + vscode-server 464 + nix-ld 465 + flake-utils 466 + systems 467 + nixos-generators 468 + zen-browser 469 + nix4vscode 470 + firefox-addons 471 + agenix 472 + agenix-rekey 473 + chaotic 474 + llm-agents 475 + dev-pkgs 476 + ; 588 477 }; 589 478 }; 590 479 }; ··· 598 487 inherit lib; 599 488 pkgs = nixpkgs.legacyPackages.x86_64-linux; 600 489 extraSpecialArgs = { 601 - inherit nixpkgs 602 - home-manager 603 - nixos-hardware 604 - determinate 605 - vscode-server 606 - nix-ld 607 - flake-utils 608 - systems 609 - nixos-generators 610 - zen-browser 611 - nix4vscode 612 - firefox-addons 613 - agenix 614 - agenix-rekey 615 - chaotic 616 - llm-agents 617 - ; 490 + inherit 491 + self 492 + nixpkgs 493 + home-manager 494 + nixos-hardware 495 + determinate 496 + vscode-server 497 + nix-ld 498 + flake-utils 499 + systems 500 + nixos-generators 501 + zen-browser 502 + nix4vscode 503 + firefox-addons 504 + agenix 505 + agenix-rekey 506 + chaotic 507 + llm-agents 508 + dev-pkgs 509 + ; 618 510 }; 619 511 modules = [ 620 512 { ··· 650 542 plain = home-manager.lib.homeManagerConfiguration { 651 543 pkgs = nixpkgs.legacyPackages.x86_64-linux; 652 544 extraSpecialArgs = { 653 - inherit nixpkgs 654 - home-manager 655 - nixos-hardware 656 - determinate 657 - vscode-server 658 - nix-ld 659 - flake-utils 660 - systems 661 - nixos-generators 662 - zen-browser 663 - nix4vscode 664 - firefox-addons 665 - agenix 666 - agenix-rekey 667 - chaotic 668 - llm-agents 669 - ; 545 + inherit 546 + self 547 + nixpkgs 548 + home-manager 549 + nixos-hardware 550 + determinate 551 + vscode-server 552 + nix-ld 553 + flake-utils 554 + systems 555 + nixos-generators 556 + zen-browser 557 + nix4vscode 558 + firefox-addons 559 + agenix 560 + agenix-rekey 561 + chaotic 562 + llm-agents 563 + dev-pkgs 564 + ; 670 565 }; 671 566 modules = [ 672 567 { ··· 702 597 pkgs = nixpkgs.legacyPackages.aarch64-linux; 703 598 extraSpecialArgs = { 704 599 inherit 705 - self 706 - dev-pkgs 707 - zen-browser 708 - nix4vscode 709 - chaotic 710 - llm-agents 711 - ; 600 + self 601 + nixpkgs 602 + home-manager 603 + nixos-hardware 604 + determinate 605 + vscode-server 606 + nix-ld 607 + flake-utils 608 + systems 609 + nixos-generators 610 + zen-browser 611 + nix4vscode 612 + firefox-addons 613 + agenix 614 + agenix-rekey 615 + chaotic 616 + llm-agents 617 + dev-pkgs 618 + ; 712 619 }; 713 620 modules = [ 714 621 { ··· 766 673 cockpit = ./shared/server/cockpit.nix; 767 674 }; 768 675 }; 769 - } 770 - // flake-utils.lib.eachDefaultSystem (system: rec { 771 - pkgs = import nixpkgs { 772 - inherit system; 773 - overlays = [ agenix-rekey.overlays.default ]; 774 676 }; 775 - devShells.default = pkgs.mkShell { 776 - packages = with pkgs; [ 777 - agenix-rekey 778 - gitFull 779 - gh 780 - glab 781 - fjo 782 - nixfmt 783 - nixfmt-tree 784 - nil 785 - nixd 786 - rage 787 - ragenix 788 - ]; 789 - }; 790 - }); 791 677 }
+2 -2
hosts/lairland/cloudflared.nix
··· 6 6 }: 7 7 8 8 { 9 - systemd.services.cloudflared-remote = { 9 + config.systemd.services.cloudflared-remote = { 10 10 description = "Cloudflare Tunnel (Remote Managed) for Lairland HQ"; 11 11 wantedBy = [ "multi-user.target" ]; 12 12 after = [ "network-online.target" ]; ··· 20 20 }; 21 21 }; 22 22 23 - systemd.services.cloudflared-remote-recaptime-dev = { 23 + config.systemd.services.cloudflared-remote-recaptime-dev = { 24 24 description = "Cloudflare Tunnel (Remote Managed) for Recap Time Squad"; 25 25 wantedBy = [ "multi-user.target" ]; 26 26 after = [ "network-online.target" ];
+43 -41
hosts/lairland/configuration.nix
··· 48 48 ./users/coolify-runner.nix 49 49 ]; 50 50 51 - # Bootloader. 52 - boot.loader.systemd-boot.enable = true; 53 - boot.loader.efi.canTouchEfiVariables = true; 51 + config = { 52 + # Bootloader. 53 + boot.loader.systemd-boot.enable = true; 54 + boot.loader.efi.canTouchEfiVariables = true; 54 55 55 - # we're not using the TPM at the moment 56 - systemd.tpm2.enable = false; 57 - boot.initrd.systemd.tpm2.enable = false; 56 + # we're not using the TPM at the moment 57 + systemd.tpm2.enable = false; 58 + boot.initrd.systemd.tpm2.enable = false; 58 59 59 - # Use latest kernel. 60 - boot.kernelPackages = pkgs.linuxPackages_latest; 60 + # Use latest kernel. 61 + boot.kernelPackages = pkgs.linuxPackages_latest; 61 62 62 - networking = { 63 - hosts = hostsFile; 64 - hostName = "lairland"; 65 - networkmanager.enable = true; 66 - }; 63 + networking = { 64 + hosts = hostsFile; 65 + hostName = "lairland"; 66 + networkmanager.enable = true; 67 + }; 67 68 68 - # Configure network proxy if necessary 69 - # networking.proxy.default = "http://user:password@proxy:port/"; 70 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 69 + # Configure network proxy if necessary 70 + # networking.proxy.default = "http://user:password@proxy:port/"; 71 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 71 72 72 - # Enable CUPS to print documents. 73 - services.printing.enable = true; 73 + # Enable CUPS to print documents. 74 + services.printing.enable = true; 74 75 75 - # Some programs need SUID wrappers, can be configured further or are 76 - # started in user sessions. 77 - # programs.mtr.enable = true; 78 - # programs.gnupg.agent = { 79 - # enable = true; 80 - # enableSSHSupport = true; 81 - # }; 76 + # Some programs need SUID wrappers, can be configured further or are 77 + # started in user sessions. 78 + # programs.mtr.enable = true; 79 + # programs.gnupg.agent = { 80 + # enable = true; 81 + # enableSSHSupport = true; 82 + # }; 82 83 83 - # Used by ../../bin/coolify-compose script 84 - environment.variables = { 85 - COOLIFY_DIR = "/opt/docker-data/coolify"; 86 - }; 84 + # Used by ../../bin/coolify-compose script 85 + environment.variables = { 86 + COOLIFY_DIR = "/opt/docker-data/coolify"; 87 + }; 87 88 88 - environment.systemPackages = with pkgs; [ 89 - coolify-compose 90 - ]; 89 + environment.systemPackages = with pkgs; [ 90 + coolify-compose 91 + ]; 91 92 92 - # Docker related chores 93 - virtualisation.docker = { 94 - daemon.settings = { 95 - data-root = "/opt/docker-data/engine"; 96 - ipv6 = true; 97 - live-restore = true; 93 + # Docker related chores 94 + virtualisation.docker = { 95 + daemon.settings = { 96 + data-root = "/opt/docker-data/engine"; 97 + ipv6 = true; 98 + live-restore = true; 99 + }; 98 100 }; 99 - }; 100 101 101 - # agenix stuff 102 - age.reky.hostPubkey = with import ../../shared/ssh-keys.nix; hosts.stellapent-cier; 102 + # agenix stuff 103 + age.reky.hostPubkey = with import ../../shared/ssh-keys.nix; hosts.lairland; 104 + }; 103 105 }
+42 -40
hosts/lairland/hardware-configuration.nix
··· 8 8 [ (modulesPath + "/installer/scan/not-detected.nix") 9 9 ]; 10 10 11 - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "uas" "sd_mod" "sr_mod" ]; 12 - boot.initrd.kernelModules = [ ]; 13 - boot.kernelModules = [ "kvm-intel" ]; 14 - boot.extraModulePackages = [ ]; 11 + config = { 12 + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "uas" "sd_mod" "sr_mod" ]; 13 + boot.initrd.kernelModules = [ ]; 14 + boot.kernelModules = [ "kvm-intel" ]; 15 + boot.extraModulePackages = [ ]; 15 16 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/93d4a464-80bb-43ad-909a-61556ca2ac2e"; 18 - fsType = "ext4"; 19 - }; 17 + fileSystems."/" = 18 + { device = "/dev/disk/by-uuid/93d4a464-80bb-43ad-909a-61556ca2ac2e"; 19 + fsType = "ext4"; 20 + }; 20 21 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/1AB1-2566"; 23 - fsType = "vfat"; 24 - options = [ "fmask=0077" "dmask=0077" ]; 25 - }; 22 + fileSystems."/boot" = 23 + { device = "/dev/disk/by-uuid/1AB1-2566"; 24 + fsType = "vfat"; 25 + options = [ "fmask=0077" "dmask=0077" ]; 26 + }; 26 27 27 - fileSystems."/home" = 28 - { device = "/dev/disk/by-uuid/d9e01375-ed14-4c4d-bfaf-a7eab47dfef5"; 29 - fsType = "ext4"; 30 - }; 28 + fileSystems."/home" = 29 + { device = "/dev/disk/by-uuid/d9e01375-ed14-4c4d-bfaf-a7eab47dfef5"; 30 + fsType = "ext4"; 31 + }; 31 32 32 - # Seperate ext4 partition for local Git repo work 33 - fileSystems."/workspaces" = 34 - { device = "/dev/disk/by-uuid/3d45f467-8f59-4664-9d84-05b871c2d801"; 35 - fsType = "ext4"; 36 - }; 33 + # Seperate ext4 partition for local Git repo work 34 + fileSystems."/workspaces" = 35 + { device = "/dev/disk/by-uuid/3d45f467-8f59-4664-9d84-05b871c2d801"; 36 + fsType = "ext4"; 37 + }; 37 38 38 - # Dedicated 1TB HDD for Docker data outside of the regular /var/lib/docker path 39 - # Used for my Homelab setup to avoid filling up the main NixOS partition. 40 - fileSystems."/opt/docker-data" = 41 - { device = "/dev/disk/by-uuid/c2b43f4a-4582-4f0b-b542-c1dc0ed88673"; 42 - fsType = "ext4"; 43 - }; 39 + # Dedicated 1TB HDD for Docker data outside of the regular /var/lib/docker path 40 + # Used for my Homelab setup to avoid filling up the main NixOS partition. 41 + fileSystems."/opt/docker-data" = 42 + { device = "/dev/disk/by-uuid/c2b43f4a-4582-4f0b-b542-c1dc0ed88673"; 43 + fsType = "ext4"; 44 + }; 44 45 45 - swapDevices = [ ]; 46 + swapDevices = [ ]; 46 47 47 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 48 - # (the default) this is the recommended approach. When using systemd-networkd it's 49 - # still possible to use this option, but it's recommended to use it in conjunction 50 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 51 - networking.useDHCP = lib.mkDefault true; 52 - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 53 - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; 54 - # networking.interfaces.enp0s20f0u11.useDHCP = lib.mkDefault true; 55 - # networking.interfaces.wlp0s20f0u9.useDHCP = lib.mkDefault true; 48 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 49 + # (the default) this is the recommended approach. When using systemd-networkd it's 50 + # still possible to use this option, but it's recommended to use it in conjunction 51 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 52 + networking.useDHCP = lib.mkDefault true; 53 + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 54 + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; 55 + # networking.interfaces.enp0s20f0u11.useDHCP = lib.mkDefault true; 56 + # networking.interfaces.wlp0s20f0u9.useDHCP = lib.mkDefault true; 56 57 57 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 58 - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 58 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 59 + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 60 + }; 59 61 }
+52 -50
hosts/portable/amd64/configuration.nix
··· 38 38 ./hardware-configuration.nix 39 39 ]; 40 40 41 - # Bootloader. 42 - boot.loader.systemd-boot.enable = true; 43 - boot.loader.efi.canTouchEfiVariables = true; 41 + config = { 42 + # Bootloader. 43 + boot.loader.systemd-boot.enable = true; 44 + boot.loader.efi.canTouchEfiVariables = true; 44 45 45 - networking = { 46 - hostName = "nixos-portable"; # Define your hostname. 47 - hosts = hostsFile; 48 - networkmanager.enable = true; # manage networking via networkmanager 49 - }; 46 + networking = { 47 + hostName = "nixos-portable"; # Define your hostname. 48 + hosts = hostsFile; 49 + networkmanager.enable = true; # manage networking via networkmanager 50 + }; 50 51 51 - # Enable the X11 windowing system. 52 - # You can disable this if you're only using the Wayland session. 53 - services.xserver.enable = true; 52 + # Enable the X11 windowing system. 53 + # You can disable this if you're only using the Wayland session. 54 + services.xserver.enable = true; 54 55 55 - # Configure keymap in X11 56 - services.xserver.xkb = { 57 - layout = "us"; 58 - variant = ""; 59 - }; 56 + # Configure keymap in X11 57 + services.xserver.xkb = { 58 + layout = "us"; 59 + variant = ""; 60 + }; 60 61 61 - # Enable CUPS to print documents. 62 - services.printing.enable = true; 62 + # Enable CUPS to print documents. 63 + services.printing.enable = true; 63 64 64 - # Enable sound with pipewire. 65 - hardware.pulseaudio.enable = false; 66 - security.rtkit.enable = true; 67 - services.pipewire = { 68 - enable = true; 69 - alsa.enable = true; 70 - alsa.support32Bit = true; 71 - pulse.enable = true; 72 - # If you want to use JACK applications, uncomment this 73 - #jack.enable = true; 65 + # Enable sound with pipewire. 66 + hardware.pulseaudio.enable = false; 67 + security.rtkit.enable = true; 68 + services.pipewire = { 69 + enable = true; 70 + alsa.enable = true; 71 + alsa.support32Bit = true; 72 + pulse.enable = true; 73 + # If you want to use JACK applications, uncomment this 74 + #jack.enable = true; 74 75 75 - # use the example session manager (no others are packaged yet so this is enabled by default, 76 - # no need to redefine it in your config for now) 77 - #media-session.enable = true; 78 - }; 76 + # use the example session manager (no others are packaged yet so this is enabled by default, 77 + # no need to redefine it in your config for now) 78 + #media-session.enable = true; 79 + }; 79 80 80 - # Enable touchpad support (enabled default in most desktopManager). 81 - # services.xserver.libinput.enable = true; 81 + # Enable touchpad support (enabled default in most desktopManager). 82 + # services.xserver.libinput.enable = true; 83 + 84 + # prep for home-manager 85 + home-manager = { 86 + #enable = true; 87 + useGlobalPkgs = true; 88 + users.ajhalili2006 = baseHmConfig // { 89 + home.username = "ajhalili2006"; 90 + home.homeDirectory = "/home/ajhalili2006"; 91 + home.stateVersion = "26.05"; 92 + }; 93 + }; 82 94 83 - # prep for home-manager 84 - home-manager = { 85 - #enable = true; 86 - useGlobalPkgs = true; 87 - users.ajhalili2006 = baseHmConfig // { 88 - home.username = "ajhalili2006"; 89 - home.homeDirectory = "/home/ajhalili2006"; 90 - home.stateVersion = "26.05"; 95 + # Define a user account. Don't forget to set a password with ‘passwd’. 96 + users.users.ajhalili2006 = { 97 + isNormalUser = true; 98 + description = "Andrei Jiroh Halili"; 99 + extraGroups = [ "networkmanager" "wheel" ]; 91 100 }; 92 - }; 93 101 94 - # Define a user account. Don't forget to set a password with ‘passwd’. 95 - users.users.ajhalili2006 = { 96 - isNormalUser = true; 97 - description = "Andrei Jiroh Halili"; 98 - extraGroups = [ "networkmanager" "wheel" ]; 102 + system.nixos.tags = [ "portable-configs" "portable-amd64" ]; 99 103 }; 100 - 101 - system.nixos.tags = [ "portable-configs" "portable-amd64" ]; 102 104 }
+26 -24
hosts/portable/amd64/hardware-configuration.nix
··· 8 8 [ (modulesPath + "/installer/scan/not-detected.nix") 9 9 ]; 10 10 11 - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" "sr_mod" ]; 12 - boot.initrd.kernelModules = [ ]; 13 - boot.kernelModules = [ "kvm-intel" ]; 14 - boot.extraModulePackages = [ ]; 11 + config = { 12 + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" "sr_mod" ]; 13 + boot.initrd.kernelModules = [ ]; 14 + boot.kernelModules = [ "kvm-intel" ]; 15 + boot.extraModulePackages = [ ]; 15 16 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/1bd4d52f-cbbb-4cbd-8e85-888135f14dd1"; 18 - fsType = "ext4"; 19 - }; 17 + fileSystems."/" = 18 + { device = "/dev/disk/by-uuid/1bd4d52f-cbbb-4cbd-8e85-888135f14dd1"; 19 + fsType = "ext4"; 20 + }; 20 21 21 - boot.initrd.luks.devices."luks-48e44d93-65c7-4189-97c8-48c35a8bee28".device = "/dev/disk/by-uuid/48e44d93-65c7-4189-97c8-48c35a8bee28"; 22 + boot.initrd.luks.devices."luks-48e44d93-65c7-4189-97c8-48c35a8bee28".device = "/dev/disk/by-uuid/48e44d93-65c7-4189-97c8-48c35a8bee28"; 22 23 23 - fileSystems."/boot" = 24 - { device = "/dev/disk/by-uuid/5A58-F8B1"; 25 - fsType = "vfat"; 26 - options = [ "fmask=0077" "dmask=0077" ]; 27 - }; 24 + fileSystems."/boot" = 25 + { device = "/dev/disk/by-uuid/5A58-F8B1"; 26 + fsType = "vfat"; 27 + options = [ "fmask=0077" "dmask=0077" ]; 28 + }; 28 29 29 - swapDevices = [ ]; 30 + swapDevices = [ ]; 30 31 31 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 32 - # (the default) this is the recommended approach. When using systemd-networkd it's 33 - # still possible to use this option, but it's recommended to use it in conjunction 34 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 35 - networking.useDHCP = lib.mkDefault true; 36 - # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; 37 - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; 32 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 33 + # (the default) this is the recommended approach. When using systemd-networkd it's 34 + # still possible to use this option, but it's recommended to use it in conjunction 35 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 36 + networking.useDHCP = lib.mkDefault true; 37 + # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; 38 + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; 38 39 39 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 40 - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 40 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 41 + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 42 + }; 41 43 }
+27 -22
shared/1password.nix
··· 5 5 ... 6 6 }: 7 7 { 8 - programs._1password.enable = true; 9 - programs._1password-gui = { 10 - enable = true; 11 - # Certain features, including CLI integration and system authentication support, 12 - # require enabling PolKit integration on some desktop environments (e.g. Plasma). 13 - polkitPolicyOwners = [ 14 - "gildedguy" 15 - "ajhalili2006" 16 - "MFHellscapes" 17 - "halilifam" 18 - ]; 19 - }; 8 + imports = [ 9 + ../options.nix 10 + ]; 11 + config = { 12 + programs._1password.enable = true; 13 + programs._1password-gui = { 14 + enable = true; 15 + # Certain features, including CLI integration and system authentication support, 16 + # require enabling PolKit integration on some desktop environments (e.g. Plasma). 17 + polkitPolicyOwners = [ 18 + "gildedguy" 19 + "ajhalili2006" 20 + "MFHellscapes" 21 + "halilifam" 22 + ]; 23 + }; 20 24 21 25 22 - # HACK: Allow zen-browser and vivaldi to be used with 1Password 23 - environment.etc = { 24 - "1password/custom_allowed_browsers" = { 25 - text = '' 26 - .zen-wrapped 27 - zen 28 - vivaldi-bin 29 - vivaldi 30 - ''; 31 - mode = "0755"; 26 + # HACK: Allow zen-browser and vivaldi to be used with 1Password 27 + environment.etc = { 28 + "1password/custom_allowed_browsers" = { 29 + text = '' 30 + .zen-wrapped 31 + zen 32 + vivaldi-bin 33 + vivaldi 34 + ''; 35 + mode = "0755"; 36 + }; 32 37 }; 33 38 }; 34 39 }
+16 -13
shared/agenix.nix
··· 3 3 { lib, pkgs, config, self, agenix-rekey, agenix, ... }: 4 4 5 5 let 6 - pubkeys = import ../shared/ssh-keys.nix; 6 + cfg = config.nixops-config.secretOps.agenix; 7 7 8 8 # the you do you part 9 + pubkeys = import ../shared/ssh-keys.nix; 9 10 main = pubkeys.personal.y2022; 10 11 work = pubkeys.work.recaptime-dev.crew; 11 12 hackclub_yk = pubkeys.fido2Keys.hackclub_yubikey; ··· 16 17 agenix-rekey.nixosModules.default 17 18 ]; 18 19 19 - age.rekey = { 20 - # Master identity - private key used for decryption (must exist on machine running rekey) 21 - masterIdentities = [ 22 - main 23 - work 24 - hackclub_yk.main 25 - ]; 20 + config = { 21 + age.rekey = { 22 + # Master identity - private key used for decryption (must exist on machine running rekey) 23 + masterIdentities = [ 24 + main 25 + work 26 + hackclub_yk.main 27 + ]; 26 28 27 - # Store rekeyed secrets locally per-host 28 - storageMode = "local"; 29 - localStorageDir = lib.mkDefault (self + "/secrets/rekeyed/${config.networking.hostName}"); 29 + # Store rekeyed secrets locally per-host 30 + storageMode = "local"; 31 + localStorageDir = lib.mkDefault (self + "/secrets/rekeyed/${config.networking.hostName}"); 30 32 31 - # Host pubkey must be set per-host in configurations/nixos/<host>/default.nix: 32 - # age.rekey.hostPubkey = "ssh-ed25519 AAAA..."; 33 + # Host pubkey must be set per-host in configurations/nixos/<host>/default.nix: 34 + # age.rekey.hostPubkey = "ssh-ed25519 AAAA..."; 35 + }; 33 36 }; 34 37 }
+2 -2
shared/appimages.nix
··· 1 - { ... }: 1 + { config, ... }: 2 2 3 3 { 4 4 # AppImages supprot via binfmt_misc 5 - programs.appimage = { 5 + config.programs.appimage = { 6 6 enable = true; 7 7 binfmt = true; 8 8 };
+16 -14
shared/desktop/base.nix
··· 1 - { pkgs, ... }: 1 + { pkgs, config, ... }: 2 2 3 3 { 4 4 imports = [ ··· 12 12 13 13 # List packages installed in system profile. To search, run: 14 14 # $ nix search wget 15 - environment.systemPackages = with pkgs; [ 16 - thunderbird 15 + config = { 16 + environment.systemPackages = with pkgs; [ 17 + thunderbird 17 18 18 - libreoffice-qt6-fresh 19 - hunspell 20 - hunspellDicts.en_US 19 + libreoffice-qt6-fresh 20 + hunspell 21 + hunspellDicts.en_US 21 22 22 - # android tools 23 - android-tools 24 - adbtuifm 23 + # android tools 24 + android-tools 25 + adbtuifm 25 26 26 - # workaround: https://discourse.nixos.org/t/need-help-with-resolving-missing-dependencies-for-auto-patchelf-on-termius/69722/2?u=ajhalili2006 27 - (pkgs.termius.overrideAttrs (oldAttrs: { 28 - buildInputs = oldAttrs.buildInputs or [ ] ++ [ pkgs.sqlite ]; 29 - })) 30 - ]; 27 + # workaround: https://discourse.nixos.org/t/need-help-with-resolving-missing-dependencies-for-auto-patchelf-on-termius/69722/2?u=ajhalili2006 28 + (pkgs.termius.overrideAttrs (oldAttrs: { 29 + buildInputs = oldAttrs.buildInputs or [ ] ++ [ pkgs.sqlite ]; 30 + })) 31 + ]; 32 + }; 31 33 }
+12 -10
shared/desktop/browsers.nix
··· 1 - { pkgs, ... }: 1 + { pkgs, config, lib, ... }: 2 2 3 3 { 4 - imports = [ 5 - ./firefox.nix # firefox and friends go here 6 - ]; 4 + config = { 5 + imports = [ 6 + ./firefox.nix # firefox and friends go here 7 + ]; 7 8 8 - environment.systemPackages = with pkgs; [ 9 - google-chrome 10 - # Commented out MS Edge due to sync issues with M365 school accounts atm 11 - #microsoft-edge 12 - vivaldi 13 - ]; 9 + environment.systemPackages = with pkgs; [ 10 + google-chrome 11 + # Commented out MS Edge due to sync issues with M365 school accounts atm 12 + #microsoft-edge 13 + vivaldi 14 + ]; 15 + }; 14 16 }
+1 -1
shared/desktop/firefox.nix
··· 1 - { pkgs, zen-browser, ... }: 1 + { pkgs, zen-browser, config, lib, ... }: 2 2 3 3 { 4 4 programs.firefox = {
+12 -11
shared/flatpak.nix
··· 1 - # Nix configuration related to flatpaks 1 + { pkgs, config, ... }: 2 2 3 - { pkgs, ... }: 3 + # Nix configurations for flatpaks 4 4 5 5 { 6 6 # enable both flatpak and the builder 7 - services.flatpak.enable = true; 8 - environment.systemPackages = [ pkgs.flatpak-builder ]; 7 + config = { 8 + services.flatpak.enable = true; 9 + environment.systemPackages = [ pkgs.flatpak-builder ]; 9 10 10 - systemd.services.flatpak-repo = { 11 - wantedBy = [ "multi-user.target" ]; 12 - path = [ pkgs.flatpak ]; 13 - script = '' 14 - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo 15 - ''; 11 + systemd.services.flatpak-repo = { 12 + wantedBy = [ "multi-user.target" ]; 13 + path = [ pkgs.flatpak ]; 14 + script = '' 15 + flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo 16 + ''; 17 + }; 16 18 }; 17 - 18 19 }
+18 -15
shared/gnupg.nix
··· 1 - { pkgs, lib, ... }: 1 + { pkgs, lib, config, ... }: 2 2 3 + let 4 + cfg = config.nixops-config.secretOps.gnupg; 5 + in 3 6 { 4 - # enable gpg-agent with SSH support 5 - programs.gnupg.agent = { 6 - enable = true; 7 - enableSSHSupport = true; 8 - enableBrowserSocket = true; 9 - pinentryPackage = lib.mkDefault pkgs.pinentry-curses; 7 + config = lib.mkIf cfg.enable { 8 + programs.gnupg.agent = { 9 + agent = true; 10 + enableSSHSupport = cfg.sshAgentIntegration; 11 + pinentryPackage = cfg.pinentryPkg; 12 + }; 13 + 14 + environment.systemPackages = with pkgs; [ 15 + gnupg 16 + gpgme 17 + gpgme.dev 18 + pinentry-tty 19 + cfg.pinentryPkg 20 + ]; 10 21 }; 11 - 12 - environment.systemPackages = with pkgs; [ 13 - gnupg 14 - gpgme 15 - gpgme.dev 16 - pinentry-tty 17 - pinentry-curses 18 - ]; 19 22 }
+28 -23
shared/locale.nix
··· 1 1 { config, pkgs, lib, ... }: 2 2 3 + let 4 + cfg = config.nixops-config.meta; 5 + in 3 6 { 4 - # Set your time zone. 5 - time = { 6 - timeZone = "Asia/Manila"; 7 - # since we're no longer being taken ahold by Windows 11 slavery in terms of hw clock 8 - # confusion, we can set this to false to use UTC. 9 - hardwareClockInLocalTime = false; 10 - }; 7 + config = { 8 + # Set your time zone. 9 + time = { 10 + timeZone = "Asia/Manila"; 11 + # since we're no longer being taken ahold by Windows 11 slavery in terms of hw clock 12 + # confusion, we can set this to false to use UTC. 13 + hardwareClockInLocalTime = false; 14 + }; 11 15 12 - # Select internationalisation properties. 13 - i18n = { 14 - defaultLocale = "en_PH.UTF-8"; 15 - extraLocaleSettings = { 16 - LC_ADDRESS = "en_PH.UTF-8"; 17 - LC_IDENTIFICATION = "en_PH.UTF-8"; 18 - LC_MEASUREMENT = "en_PH.UTF-8"; 19 - LC_MONETARY = "en_PH.UTF-8"; 20 - LC_NAME = "en_PH.UTF-8"; 21 - LC_NUMERIC = "en_PH.UTF-8"; 22 - LC_PAPER = "en_PH.UTF-8"; 23 - LC_TELEPHONE = "en_PH.UTF-8"; 24 - LC_TIME = "en_PH.UTF-8"; 16 + # Select internationalisation properties. 17 + i18n = { 18 + defaultLocale = "en_PH.UTF-8"; 19 + extraLocaleSettings = { 20 + LC_ADDRESS = "en_PH.UTF-8"; 21 + LC_IDENTIFICATION = "en_PH.UTF-8"; 22 + LC_MEASUREMENT = "en_PH.UTF-8"; 23 + LC_MONETARY = "en_PH.UTF-8"; 24 + LC_NAME = "en_PH.UTF-8"; 25 + LC_NUMERIC = "en_PH.UTF-8"; 26 + LC_PAPER = "en_PH.UTF-8"; 27 + LC_TELEPHONE = "en_PH.UTF-8"; 28 + LC_TIME = "en_PH.UTF-8"; 29 + }; 30 + supportedLocales = [ 31 + "all" # bless anyone here 32 + ]; 25 33 }; 26 - supportedLocales = [ 27 - "all" # bless anyone here 28 - ]; 29 34 }; 30 35 }
+1
shared/meta.nix
··· 9 9 { 10 10 # import configs first 11 11 imports = [ 12 + ./options.nix 12 13 # import shared configs 13 14 ./1password.nix 14 15 ./nix.nix
+21 -19
shared/networking.nix
··· 6 6 }: 7 7 8 8 { 9 - # Do a lot of systemd-resolved related chores 10 - networking.nameservers = [ 11 - "45.90.28.0#c393f6.dns.nextdns.io" 12 - "45.90.30.0#c393f6.dns.nextdns.io" 13 - ]; 14 - 15 - # systemd-resolved related settings 16 - services.resolved.enable = true; 17 - boot.initrd.services.resolved.enable = true; 18 - services.resolved.settings.Resolve = { 19 - DNSSEC = "false"; # https://superuser.com/a/1493674 20 - # Commented this out since Tailscale do thee heavy work for MagicDNS 21 - #domains = [ "~." "fawn-cod.ts.net" ]; 22 - # Use Cloudflare DNS resolver as fallback if things go wrong. 23 - FallbackDNS = [ 24 - "172.64.36.1#y24o2ptvff.cloudflare-gateway.com" 9 + config = { 10 + # Do a lot of systemd-resolved related chores 11 + networking.nameservers = [ 12 + "45.90.28.0#c393f6.dns.nextdns.io" 13 + "45.90.30.0#c393f6.dns.nextdns.io" 25 14 ]; 26 - DNSOverTLS = "true"; 27 - }; 28 15 29 - networking.networkmanager.wifi.powersave = false; 16 + # systemd-resolved related settings 17 + services.resolved.enable = true; 18 + boot.initrd.services.resolved.enable = true; 19 + services.resolved.settings.Resolve = { 20 + DNSSEC = "false"; # https://superuser.com/a/1493674 21 + # Commented this out since Tailscale do thee heavy work for MagicDNS 22 + #domains = [ "~." "fawn-cod.ts.net" ]; 23 + # Use Cloudflare DNS resolver as fallback if things go wrong. 24 + FallbackDNS = [ 25 + "172.64.36.1#y24o2ptvff.cloudflare-gateway.com" 26 + ]; 27 + DNSOverTLS = "true"; 28 + }; 29 + 30 + networking.networkmanager.wifi.powersave = false; 31 + }; 30 32 }
+111 -109
shared/nix.nix
··· 14 14 { 15 15 # Adopted from https://fnordig.de/til/nix/home-manager-allow-unfree.html, 16 16 # but we'll also enable it system-wide too. 17 - nixpkgs = { 18 - config = { 19 - allowUnfree = true; 20 - # https://github.com/nix-community/home-manager/issues/2942 21 - allowUnfreePredicate = (_: true); 17 + config = { 18 + nixpkgs = { 19 + config = { 20 + allowUnfree = true; 21 + # https://github.com/nix-community/home-manager/issues/2942 22 + allowUnfreePredicate = (_: true); 23 + }; 24 + overlays = [ 25 + self.overlays.default 26 + nix4vscode.overlays.default 27 + llm-agents.overlays.default 28 + ]; 22 29 }; 23 - overlays = [ 24 - self.overlays.default 25 - nix4vscode.overlays.default 26 - llm-agents.overlays.default 27 - ]; 28 - }; 29 30 30 - nix = { 31 - gc = { 32 - automatic = true; 33 - dates = [ "weekly" ]; 34 - randomizedDelaySec = "30min"; 35 - }; 36 - settings = { 37 - # See https://nix.dev/manual/nix/latest/development/experimental-features 38 - # for latest supported feature flags. 39 - experimental-features = [ 40 - "nix-command" 41 - "flakes" 31 + nix = { 32 + gc = { 33 + automatic = true; 34 + dates = [ "weekly" ]; 35 + randomizedDelaySec = "30min"; 36 + }; 37 + settings = { 38 + # See https://nix.dev/manual/nix/latest/development/experimental-features 39 + # for latest supported feature flags. 40 + experimental-features = [ 41 + "nix-command" 42 + "flakes" 42 43 43 - "auto-allocate-uids" 44 - "blake3-hashes" 45 - "ca-derivations" 46 - "cgroups" 47 - "configurable-impure-env" 48 - #"daemon-trust-override" 49 - "dynamic-derivations" 50 - "external-builders" 51 - "fetch-closure" 52 - "fetch-tree" 53 - "git-hashing" 54 - "impure-derivations" 55 - "local-overlay-store" 56 - "mounted-ssh-store" 57 - "no-url-literals" 58 - "pipe-operators" 59 - "read-only-local-store" 60 - #"recursive-nix" 61 - "verified-fetches" 62 - ]; 44 + "auto-allocate-uids" 45 + "blake3-hashes" 46 + "ca-derivations" 47 + "cgroups" 48 + "configurable-impure-env" 49 + #"daemon-trust-override" 50 + "dynamic-derivations" 51 + "external-builders" 52 + "fetch-closure" 53 + "fetch-tree" 54 + "git-hashing" 55 + "impure-derivations" 56 + "local-overlay-store" 57 + "mounted-ssh-store" 58 + "no-url-literals" 59 + "pipe-operators" 60 + "read-only-local-store" 61 + #"recursive-nix" 62 + "verified-fetches" 63 + ]; 63 64 64 - trusted-users = [ 65 - "@wheel" 66 - "root" 67 - "gildedguy" 68 - "ajhalili2006" 69 - "nixos" 70 - ]; 65 + trusted-users = [ 66 + "@wheel" 67 + "root" 68 + "gildedguy" 69 + "ajhalili2006" 70 + "nixos" 71 + ]; 71 72 72 - # just sync with trusted-users, but w/o root 73 - allowed-users = [ 74 - "@wheel" 75 - "gildedguy" 76 - "ajhalili2006" 77 - "nixos" 78 - ]; 73 + # just sync with trusted-users, but w/o root 74 + allowed-users = [ 75 + "@wheel" 76 + "gildedguy" 77 + "ajhalili2006" 78 + "nixos" 79 + ]; 79 80 80 - trusted-public-keys = [ 81 - # cache.nixos.org 82 - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 81 + trusted-public-keys = [ 82 + # cache.nixos.org 83 + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 83 84 84 - # cache.flakehub.com 85 - "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" 86 - "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" 87 - "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" 88 - "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" 89 - "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" 90 - "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" 91 - "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" 92 - "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" 85 + # cache.flakehub.com 86 + "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" 87 + "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" 88 + "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" 89 + "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" 90 + "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" 91 + "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" 92 + "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" 93 + "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" 93 94 94 - # nix-community 95 - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 95 + # nix-community 96 + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 96 97 97 - # devenv.sh 98 - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" 98 + # devenv.sh 99 + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" 99 100 100 - # my caches for nixos and nixpkgs related builds (including devenvs) 101 - "ajhalili2006-nixos-builds.cachix.org-1:fA8HXvGR1i792D+CxL2iW/TQzUcyoW7zPUmC9Q4mQLg=" 101 + # my caches for nixos and nixpkgs related builds (including devenvs) 102 + "ajhalili2006-nixos-builds.cachix.org-1:fA8HXvGR1i792D+CxL2iW/TQzUcyoW7zPUmC9Q4mQLg=" 102 103 103 - # the main cache itself 104 - "andreijiroh-dev.cachix.org-1:7Jd0STdBOLiNu5fiA+AKwcMqQD2PA1j9zLDGyDkuyBo=" 104 + # the main cache itself 105 + "andreijiroh-dev.cachix.org-1:7Jd0STdBOLiNu5fiA+AKwcMqQD2PA1j9zLDGyDkuyBo=" 105 106 106 - # recaptime.dev cache 107 - "recaptime-dev.cachix.org-1:b0UBO1zONf6ceTIoR06AKhgid4ZOl5kxB/gOIdZ9J6g=" 107 + # recaptime.dev cache 108 + "recaptime-dev.cachix.org-1:b0UBO1zONf6ceTIoR06AKhgid4ZOl5kxB/gOIdZ9J6g=" 108 109 109 - # numtide 110 - "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" 111 - ]; 110 + # numtide 111 + "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" 112 + ]; 112 113 113 - # also list them all too 114 - trusted-substituters = [ 115 - "https://cache.nixos.org" 116 - "https://cache.flakehub.com" 117 - "https://nix-community.cachix.org" 118 - "https://devenv.cachix.org" 119 - "https://andreijiroh-dev.cachix.org" 120 - "https://ajhalili2006-nixos-builds.cachix.org" 121 - "https://recaptime-dev.cachix.org" 122 - "https://cache.numtide.com" 123 - ]; 114 + # also list them all too 115 + trusted-substituters = [ 116 + "https://cache.nixos.org" 117 + "https://cache.flakehub.com" 118 + "https://nix-community.cachix.org" 119 + "https://devenv.cachix.org" 120 + "https://andreijiroh-dev.cachix.org" 121 + "https://ajhalili2006-nixos-builds.cachix.org" 122 + "https://recaptime-dev.cachix.org" 123 + "https://cache.numtide.com" 124 + ]; 125 + }; 124 126 }; 125 - }; 126 127 127 - # Needed since Determinate Nix manages the main config file for system. 128 - # Commented out for a while to test if it's really needed. 129 - #environment.etc."nix/nix.custom.conf" = { 130 - # source = ../misc/nix/nix.custom.conf; 131 - # mode = "0644"; 132 - #}; 128 + # Needed since Determinate Nix manages the main config file for system. 129 + # Commented out for a while to test if it's really needed. 130 + #environment.etc."nix/nix.custom.conf" = { 131 + # source = ../misc/nix/nix.custom.conf; 132 + # mode = "0644"; 133 + #}; 133 134 134 - # This value determines the NixOS release from which the default 135 - # settings for stateful data, like file locations and database versions 136 - # on your system were taken. It‘s perfectly fine and recommended to leave 137 - # this value at the release version of the first install of this system. 138 - # Before changing this value read the documentation for this option 139 - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 140 - # TODO: Always bump this to next point release once the current value is 141 - # officially released to stable after reading the changelog. 142 - system.stateVersion = "26.05"; # Did you read the comment? 135 + # This value determines the NixOS release from which the default 136 + # settings for stateful data, like file locations and database versions 137 + # on your system were taken. It‘s perfectly fine and recommended to leave 138 + # this value at the release version of the first install of this system. 139 + # Before changing this value read the documentation for this option 140 + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 141 + # TODO: Always bump this to next point release once the current value is 142 + # officially released to stable after reading the changelog. 143 + system.stateVersion = "26.05"; # Did you read the comment? 144 + }; 143 145 }
+32 -30
shared/nixbuild.net.nix
··· 1 - { ... }: 1 + { config, lib, ... }: 2 2 { 3 - programs.ssh.extraConfig = '' 4 - Host eu.nixbuild.net 5 - PubkeyAcceptedKeyTypes ssh-ed25519 6 - ServerAliveInterval 60 7 - IPQoS throughput 8 - IdentityFile /path/to/your/private/key 9 - ''; 3 + config = { 4 + programs.ssh.extraConfig = '' 5 + Host eu.nixbuild.net 6 + PubkeyAcceptedKeyTypes ssh-ed25519 7 + ServerAliveInterval 60 8 + IPQoS throughput 9 + IdentityFile /path/to/your/private/key 10 + ''; 10 11 11 - programs.ssh.knownHosts = { 12 - nixbuild = { 13 - hostNames = [ "eu.nixbuild.net" ]; 14 - publicKey = with import ./ssh-keys.nix; hosts.nixbuilds-net; 12 + programs.ssh.knownHosts = { 13 + nixbuild = { 14 + hostNames = [ "eu.nixbuild.net" ]; 15 + publicKey = with import ./ssh-keys.nix; hosts.nixbuilds-net; 16 + }; 15 17 }; 16 - }; 17 18 18 - nix = { 19 - distributedBuilds = true; 20 - buildMachines = [ 21 - { 22 - hostName = "eu.nixbuild.net"; 23 - system = "x86_64-linux"; 24 - maxJobs = 100; 25 - supportedFeatures = [ "benchmark" "big-parallel" ]; 26 - } 27 - { 28 - hostName = "eu.nixbuild.net"; 29 - system = "arm64-linux"; 30 - maxJobs = 100; 31 - supportedFeatures = [ "benchmark" "big-parallel" ]; 32 - } 33 - ]; 34 - }; 19 + nix = { 20 + distributedBuilds = true; 21 + buildMachines = [ 22 + { 23 + hostName = "eu.nixbuild.net"; 24 + system = "x86_64-linux"; 25 + maxJobs = 100; 26 + supportedFeatures = [ "benchmark" "big-parallel" ]; 27 + } 28 + { 29 + hostName = "eu.nixbuild.net"; 30 + system = "arm64-linux"; 31 + maxJobs = 100; 32 + supportedFeatures = [ "benchmark" "big-parallel" ]; 33 + } 34 + ]; 35 + }; 36 + }; 35 37 }
+8
shared/options.nix
··· 1 + { lib, config, pkgs, options, ... }: 2 + 3 + { 4 + imports = [ 5 + ./options/agenix.nix 6 + ./options/gnupg.nix 7 + ]; 8 + }
+14
shared/options/agenix.nix
··· 1 + { lib, config, options, pkgs, ... }: 2 + 3 + { 4 + imports = [ 5 + ../options.nix 6 + ]; 7 + options.nixops-config.secretOps.agenix = { 8 + enable = lib.mkOption { 9 + description = "Enable agenix and agenix-reky for this NixOS or home-manager config. Requires `rekey.hostPubkey` to be set."; 10 + default = false; 11 + type = lib.types.bool; 12 + }; 13 + }; 14 + }
+16
shared/options/gnupg.nix
··· 1 + { lib, config, options, pkgs, ... }: 2 + 3 + { 4 + options.nixops-config.secretOps.gnupg = { 5 + enable = lib.mkEnableOption "Enable GnuPG with gpg-agent"; 6 + pinentryPkg = lib.mkOption { 7 + type = lib.types.package; 8 + default = pkgs.pinentry-curses; 9 + description = '' 10 + The pinentry package to use for password prompts. 11 + Defaults to curses for terminal-based password entry. 12 + ''; 13 + }; 14 + sshAgentIntegration = lib.mkEnableOption "When set to true, "; 15 + }; 16 + }
+14 -6
shared/server/cockpit.nix
··· 1 1 { pkgs, ... }: 2 2 3 3 { 4 - services.cockpit = { 5 - enable = true; 6 - package = pkgs.cockpit; 7 - #allowed-origins = []; 8 - }; 4 + config = { 5 + services.cockpit = { 6 + enable = true; 7 + package = pkgs.cockpit; 8 + #allowed-origins = []; 9 + plugins = with pkgs; [ 10 + cockpit-files 11 + cockpit-podman 12 + cockpit-machines 13 + cockpit-zfs 14 + ]; 15 + }; 9 16 10 - system.nixos.tags = [ "cockpit" ]; 17 + system.nixos.tags = [ "cockpit" ]; 18 + }; 11 19 }
+71 -69
shared/server/devenv.nix
··· 1 1 { pkgs, ... }: 2 2 3 3 { 4 - environment.defaultPackages = with pkgs; [ 5 - # nix utils 6 - direnv 7 - cachix 8 - devbox 9 - nixfmt 10 - nixfmt-tree 11 - nil 12 - nixd 4 + config = { 5 + environment.defaultPackages = with pkgs; [ 6 + # nix utils 7 + direnv 8 + cachix 9 + devbox 10 + nixfmt 11 + nixfmt-tree 12 + nil 13 + nixd 13 14 14 - # tmux and friendos 15 - byobu 16 - tmux 17 - htop 18 - btop 15 + # tmux and friendos 16 + byobu 17 + tmux 18 + htop 19 + btop 19 20 20 - # git tools 21 - gitFull 22 - gh 23 - glab 24 - fjo 21 + # git tools 22 + gitFull 23 + gh 24 + glab 25 + fjo 25 26 26 - # infraops 27 - cloudflared 28 - opentofu 29 - tofu-ls 30 - tfmigrate 27 + # infraops 28 + cloudflared 29 + opentofu 30 + tofu-ls 31 + tfmigrate 31 32 32 - # other utils 33 - wakatime-cli 34 - doppler 35 - #dotenvx 33 + # other utils 34 + wakatime-cli 35 + doppler 36 + #dotenvx 36 37 37 - # genai tools 38 - llm-agents.gemini-cli 39 - llm-agents.copilot-cli 40 - llm-agents.amp 41 - llm-agents.agent-deck 42 - llm-agents.backlog-md 43 - llm-agents.coderabbit-cli 44 - ]; 38 + # genai tools 39 + llm-agents.gemini-cli 40 + llm-agents.copilot-cli 41 + llm-agents.amp 42 + llm-agents.agent-deck 43 + llm-agents.backlog-md 44 + llm-agents.coderabbit-cli 45 + ]; 45 46 46 - virtualisation = { 47 - # containers 48 - podman = { 49 - enable = true; 50 - package = pkgs.podman; 51 - extraPackages = with pkgs; [ 52 - gvisor 53 - podman-compose 54 - ]; 55 - }; 56 - docker = { 57 - enable = true; 58 - enableOnBoot = true; 59 - daemon = { 60 - settings = { 61 - dns = [ 62 - "1.1.1.1" 63 - "1.0.0.1" 64 - ]; 65 - ipv6 = true; 47 + virtualisation = { 48 + # containers 49 + podman = { 50 + enable = true; 51 + package = pkgs.podman; 52 + extraPackages = with pkgs; [ 53 + gvisor 54 + podman-compose 55 + ]; 56 + }; 57 + docker = { 58 + enable = true; 59 + enableOnBoot = true; 60 + daemon = { 61 + settings = { 62 + dns = [ 63 + "1.1.1.1" 64 + "1.0.0.1" 65 + ]; 66 + ipv6 = true; 67 + }; 66 68 }; 67 69 }; 68 - }; 69 70 70 - # libvirtd 71 - libvirtd = { 72 - enable = true; 71 + # libvirtd 72 + libvirtd = { 73 + enable = true; 74 + }; 73 75 }; 74 - }; 75 76 76 - programs.virt-manager.enable = true; 77 - services.qemuGuest.enable = true; 78 - services.spice-vdagentd.enable = true; 77 + programs.virt-manager.enable = true; 78 + services.qemuGuest.enable = true; 79 + services.spice-vdagentd.enable = true; 79 80 80 - # enable direnv integration for shells 81 - programs.direnv.enable = true; 81 + # enable direnv integration for shells 82 + programs.direnv.enable = true; 82 83 83 - system.nixos.tags = [ 84 - "devtools" 85 - ]; 84 + system.nixos.tags = [ 85 + "devtools" 86 + ]; 87 + }; 86 88 }
+20 -18
shared/server/firewall.nix
··· 1 1 { config, pkgs, lib, ... }: 2 2 3 3 { 4 - networking.firewall.allowedTCPPortRanges = [ 5 - { from = 3000; to = 3999; } 6 - { from = 8000; to = 8999; } 7 - ]; 8 - networking.firewall.allowedUDPPortRanges = [ 9 - { from = 3000; to = 3999; } 10 - { from = 8000; to = 8999; } 11 - ]; 12 - networking.firewall.allowedTCPPorts = [ 13 - 22 14 - 80 15 - 443 16 - ]; 17 - networking.firewall.allowedUDPPorts = [ 18 - 22 19 - 80 20 - 443 21 - ]; 4 + config = { 5 + networking.firewall.allowedTCPPortRanges = [ 6 + { from = 3000; to = 3999; } 7 + { from = 8000; to = 8999; } 8 + ]; 9 + networking.firewall.allowedUDPPortRanges = [ 10 + { from = 3000; to = 3999; } 11 + { from = 8000; to = 8999; } 12 + ]; 13 + networking.firewall.allowedTCPPorts = [ 14 + 22 15 + 80 16 + 443 17 + ]; 18 + networking.firewall.allowedUDPPorts = [ 19 + 22 20 + 80 21 + 443 22 + ]; 23 + }; 22 24 }
+26 -21
shared/server/ssh.nix
··· 9 9 }: 10 10 11 11 { 12 - services.openssh = { 13 - enable = true; 14 - settings = { 15 - # Disable password authentication over SSH and require SSH keys 16 - PermitRootLogin = "prohibit-password"; 17 - PasswordAuthentication = false; 12 + imports = [ 13 + ../options.nix 14 + ]; 15 + config = { 16 + services.openssh = { 17 + enable = true; 18 + settings = { 19 + # Disable password authentication over SSH and require SSH keys 20 + PermitRootLogin = "prohibit-password"; 21 + PasswordAuthentication = false; 18 22 19 - # Allow port and X11 forwarding 20 - AllowTcpForwarding = true; 21 - X11Forwarding = true; 23 + # Allow port and X11 forwarding 24 + AllowTcpForwarding = true; 25 + X11Forwarding = true; 22 26 23 - Macs = [ 24 - "hmac-sha2-512-etm@openssh.com" 25 - "hmac-sha2-256-etm@openssh.com" 26 - "umac-128-etm@openssh.com" 27 - "hmac-sha2-256" # required for Cloudflare Access SSH via Browser Rendering 28 - ]; 27 + Macs = [ 28 + "hmac-sha2-512-etm@openssh.com" 29 + "hmac-sha2-256-etm@openssh.com" 30 + "umac-128-etm@openssh.com" 31 + "hmac-sha2-256" # required for Cloudflare Access SSH via Browser Rendering 32 + ]; 33 + }; 34 + startAgent = true; 29 35 }; 30 - }; 31 36 32 - programs.mosh.enable = true; 37 + programs.mosh.enable = true; 33 38 34 - # disable hibernation and hybrid sleep 35 - systemd.targets.hibernate.enable = false; 36 - systemd.targets.hybrid-sleep.enable = false; 37 - 39 + # disable hibernation and hybrid sleep 40 + systemd.targets.hibernate.enable = false; 41 + systemd.targets.hybrid-sleep.enable = false; 42 + }; 38 43 }
+12 -10
shared/server/tailscale.nix
··· 5 5 { config, pkgs, lib, ... }: 6 6 7 7 { 8 - services.tailscale = { 9 - enable = true; 10 - useRoutingFeatures = "both"; 11 - openFirewall = true; 12 - disableTaildrop = false; 13 - extraDaemonFlags = [ 14 - "--verbose=3" 15 - ]; 16 - }; 8 + config = { 9 + services.tailscale = { 10 + enable = true; 11 + useRoutingFeatures = "both"; 12 + openFirewall = true; 13 + disableTaildrop = false; 14 + extraDaemonFlags = [ 15 + "--verbose=3" 16 + ]; 17 + }; 17 18 18 - system.nixos.tags = [ "tailnet" ]; 19 + system.nixos.tags = [ "tailnet" ]; 20 + }; 19 21 }
+2 -2
shared/shells/bash.nix
··· 1 1 { pkgs, ... }: 2 2 3 3 { 4 - programs = { 5 - bash = { 4 + config = { 5 + programs.bash = { 6 6 completion = { 7 7 enable = true; 8 8 package = pkgs.bash-completion;
+33 -31
shared/shells/custom-prompts.nix
··· 1 1 { pkgs, ... }: 2 2 3 3 { 4 - programs.starship = { 5 - package = pkgs.starship; 6 - enable = true; 7 - presets = [ 8 - "nerd-font-symbols" 9 - "bracketed-segments" 10 - "no-runtime-versions" 11 - ]; 12 - settings = { 13 - scan_timeout = 5000; 14 - command_timeout = 15000; 15 - directory = { 16 - truncation_length = 4; 17 - truncation_symbol = ".../"; 18 - }; 19 - direnv = { 20 - disabled = false; 21 - allowed_msg = "allowed"; 22 - not_allowed_msg = "pending"; 23 - denied_msg = "blocked"; 24 - loaded_msg = "loaded"; 25 - #not_loaded_msg = "unloaded"; 4 + config = { 5 + programs.starship = { 6 + package = pkgs.starship; 7 + enable = true; 8 + presets = [ 9 + "nerd-font-symbols" 10 + "bracketed-segments" 11 + "no-runtime-versions" 12 + ]; 13 + settings = { 14 + scan_timeout = 5000; 15 + command_timeout = 15000; 16 + directory = { 17 + truncation_length = 4; 18 + truncation_symbol = ".../"; 19 + }; 20 + direnv = { 21 + disabled = false; 22 + allowed_msg = "allowed"; 23 + not_allowed_msg = "pending"; 24 + denied_msg = "blocked"; 25 + loaded_msg = "loaded"; 26 + #not_loaded_msg = "unloaded"; 27 + }; 26 28 }; 27 29 }; 28 - }; 29 - 30 - # enable ble.sh integration for starship 31 - programs.bash.blesh.enable = true; 30 + 31 + # enable ble.sh integration for starship 32 + programs.bash.blesh.enable = true; 32 33 33 - # additional packages for use in shells (e.g. ble.sh) 34 - environment.systemPackages = with pkgs; [ 35 - blesh 36 - starship 37 - ]; 34 + # additional packages for use in shells (e.g. ble.sh) 35 + environment.systemPackages = with pkgs; [ 36 + blesh 37 + starship 38 + ]; 39 + }; 38 40 }
+2
shared/systemd.nix
··· 23 23 extraBin = { 24 24 bash = "${pkgs.bash}/bin/bash"; 25 25 utils = "${pkgs.busybox}/bin/busybox"; 26 + umount = "${pkgs.util-linux}/bin/umount"; 27 + nano = "${pkgs.nano}/bin/nano"; 26 28 }; 27 29 }; 28 30 boot.initrd.network.ssh.enable = true;
+50 -47
shared/vscode/main.nix
··· 14 14 { 15 15 imports = [ 16 16 ./server.nix 17 + ../options.nix 17 18 ]; 18 19 19 - programs.vscode = { 20 - package = pkgs.vscode; 21 - enable = true; 22 - extensions = 23 - forVscode [ 24 - # themeing 25 - "GitHub.github-vscode-theme" 26 - "PKief.material-icon-theme" 27 - "PKief.material-product-icons" 28 - "SpaceBox.monospace-idx-theme" 20 + config = { 21 + programs.vscode = { 22 + package = pkgs.vscode; 23 + enable = true; 24 + extensions = 25 + forVscode [ 26 + # themeing 27 + "GitHub.github-vscode-theme" 28 + "PKief.material-icon-theme" 29 + "PKief.material-product-icons" 30 + "SpaceBox.monospace-idx-theme" 29 31 30 - # tooling 31 - "mkhl.direnv" 32 - "github.vscode-github-actions" 33 - "ms-vscode-remote.remote-ssh-edit" 34 - "ms-azuretools.vscode-containers" 35 - "GitHub.copilot-chat" 36 - "wdhongtw.gpg-indicator" 37 - "WakaTime.vscode-wakatime" 38 - "ms-vscode.remote-repositories" 39 - "GitHub.remotehub" 32 + # tooling 33 + "mkhl.direnv" 34 + "github.vscode-github-actions" 35 + "ms-vscode-remote.remote-ssh-edit" 36 + "ms-azuretools.vscode-containers" 37 + "GitHub.copilot-chat" 38 + "wdhongtw.gpg-indicator" 39 + "WakaTime.vscode-wakatime" 40 + "ms-vscode.remote-repositories" 41 + "GitHub.remotehub" 40 42 41 - # languages: formatting, code highlighting, etc. 42 - "bbenoist.Nix" 43 - "arrterian.nix-env-selector" 44 - "brettm12345.nixfmt-vscode" 45 - "tamasfe.even-better-toml" 46 - "bierner.emojisense" 47 - "redhat.vscode-yaml" 48 - "mads-hartmann.bash-ide-vscode" 49 - "yzhang.markdown-all-in-one" 50 - "bierner.markdown-checkbox" 51 - "bierner.markdown-emoji" 52 - "bierner.markdown-footnotes" 53 - "yahyabatulu.vscode-markdown-alert" 54 - "bierner.markdown-preview-github-styles" 55 - "bierner.markdown-mermaid" 56 - "bierner.markdown-yaml-preamble" 57 - "DavidAnson.vscode-markdownlint" 58 - "timonwong.shellcheck" 59 - "exiasr.hadolint" 60 - ] 61 - ++ forVscodePrerelease [ 62 - # tooling 63 - "eamodio.gitlens" 64 - "ms-vscode.remote-server" 65 - "ms-vscode-remote.remote-ssh" 66 - "GitHub.vscode-pull-request-github" 67 - ]; 43 + # languages: formatting, code highlighting, etc. 44 + "bbenoist.Nix" 45 + "arrterian.nix-env-selector" 46 + "brettm12345.nixfmt-vscode" 47 + "tamasfe.even-better-toml" 48 + "bierner.emojisense" 49 + "redhat.vscode-yaml" 50 + "mads-hartmann.bash-ide-vscode" 51 + "yzhang.markdown-all-in-one" 52 + "bierner.markdown-checkbox" 53 + "bierner.markdown-emoji" 54 + "bierner.markdown-footnotes" 55 + "yahyabatulu.vscode-markdown-alert" 56 + "bierner.markdown-preview-github-styles" 57 + "bierner.markdown-mermaid" 58 + "bierner.markdown-yaml-preamble" 59 + "DavidAnson.vscode-markdownlint" 60 + "timonwong.shellcheck" 61 + "exiasr.hadolint" 62 + ] 63 + ++ forVscodePrerelease [ 64 + # tooling 65 + "eamodio.gitlens" 66 + "ms-vscode.remote-server" 67 + "ms-vscode-remote.remote-ssh" 68 + "GitHub.vscode-pull-request-github" 69 + ]; 70 + }; 68 71 }; 69 72 }
+12 -5
shared/vscode/server.nix
··· 6 6 }: 7 7 8 8 { 9 - services.vscode-server.enable = true; 10 - services.vscode-server.installPath = [ 11 - "$HOME/.vscode-server" 12 - "$HOME/.vscode-server-oss" 13 - "$HOME/.vscode-server-insiders" 9 + imports = [ 10 + ../options.nix 14 11 ]; 12 + config = { 13 + services.vscode-server = { 14 + enable = true; 15 + installPath = [ 16 + "$HOME/.vscode-server" 17 + "$HOME/.vscode-server-oss" 18 + "$HOME/.vscode-server-insiders" 19 + ]; 20 + }; 21 + }; 15 22 }