commit 1eb25ada7226322bd770842d9f9a6d98deb668ca Author: Jan Kremer Date: Tue Jul 8 10:05:22 2025 +0200 flake: Initialise new repository diff --git a/README.md b/README.md new file mode 100644 index 0000000..60f912c --- /dev/null +++ b/README.md @@ -0,0 +1,44 @@ +# Floccus + +## Mac setup + +### Installation + +```sh +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install +git clone git@github.com:jukremer/nix-config.git ~/.confin/nix +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +nix run nix-darwin -- switch --flake ~/.config/nix +``` + +### Switch + +```sh +darwin-rebuild switch --flake ~/.config/nix +``` + +### Update + +```sh +nix flake update --commit-lock-file ~/.config/nix +``` + +## NixOS setup + +### Installation + +```sh +git clone git@github.com:jukremer/nix-config.git ~/.confin/nix +``` + +### Switch + +```sh +sudo nixos-rebuild switch --flake ~/.config/nix +``` + +### Update + +```sh +nix flake update --commit-lock-file ~/.config/nix +``` diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..48a962f --- /dev/null +++ b/flake.lock @@ -0,0 +1,151 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751513147, + "narHash": "sha256-idSXM3Y0KNf/WDDqGfthiOSQMwZYwis1JZhTkdWrr6A=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "426b405d979d893832549b95f23c13537c65d244", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "darwin": "darwin_2", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..5895370 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "floccus"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + darwin = { + url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { + nixpkgs, + darwin, + ... + }@inputs: + { + darwinConfigurations.Mac-von-Jan = darwin.lib.darwinSystem { + system = "aarch64-darwin"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/mac/configuration.nix ]; + }; + + nixosConfigurations.galanthus = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ ./hosts/galanthus/configuration.nix ]; + }; + + formatter.aarch64-darwin = nixpkgs.legacyPackages.aarch64-darwin.nixfmt-tree; + }; +} diff --git a/hosts/galanthus/configuration.nix b/hosts/galanthus/configuration.nix new file mode 100644 index 0000000..9194eef --- /dev/null +++ b/hosts/galanthus/configuration.nix @@ -0,0 +1,68 @@ +{ inputs, pkgs, ... }: +{ + imports = [ + inputs.agenix.nixosModules.default + ./hardware-configuration.nix + ../../modules/nixos + ]; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + networking = { + hostName = "galanthus"; + networkmanager.enable = true; + }; + + nix = { + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ "jan" ]; + }; + gc = { + automatic = true; + dates = "weekly"; + }; + }; + + users.users.jan = { + isNormalUser = true; + description = "Jan Kremer"; + extraGroups = [ + "networkmanager" + "wheel" + ]; + }; + + services = { + openssh.enable = true; + }; + + programs = { + git.enable = true; + + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + + environment.systemPackages = [ + pkgs.yt-dlp + pkgs.spotdl + pkgs.ffmpeg + ]; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "de_DE.UTF-8"; + + system.stateVersion = "23.11"; # Don't change! +} diff --git a/hosts/galanthus/hardware-configuration.nix b/hosts/galanthus/hardware-configuration.nix new file mode 100644 index 0000000..a14f6a4 --- /dev/null +++ b/hosts/galanthus/hardware-configuration.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ + "fuse" + "kvm-intel" + "coretemp" + ]; + extraModulePackages = [ ]; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/a5d90a39-7b34-4112-9d76-90c279ececfb"; + fsType = "ext4"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/F9B8-FABD"; + fsType = "vfat"; + }; + + ## 8 TB HDD + "/mnt/sdb1" = { + device = "/dev/disk/by-uuid/10fef994-6ff0-4896-bc34-1ca4403af3d7"; + fsType = "ext4"; + }; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 16 * 1024; # 16GB + } + ]; + + networking = { + useDHCP = lib.mkDefault true; + interfaces.eno1.wakeOnLan.enable = true; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/mac/configuration.nix b/hosts/mac/configuration.nix new file mode 100644 index 0000000..52586ea --- /dev/null +++ b/hosts/mac/configuration.nix @@ -0,0 +1,109 @@ +{ inputs, ... }: +{ + imports = [ + inputs.home-manager.darwinModules.home-manager + inputs.agenix.darwinModules.default + ../../modules/darwin + ]; + + ## Set username and home directory (required by home-manager) + users.users.jan = { + name = "jan"; + home = "/Users/jan"; + }; + networking.hostName = "Mac-von-Jan"; + + nix = { + enable = false; + ## Recommended for nixd + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "root" + "jan" + "@admin" + ]; + }; + # gc.automatic = true; + }; + + nixpkgs = { + hostPlatform = "aarch64-darwin"; + config.allowUnfree = true; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + users.jan = import ../../modules/home-manager; + extraSpecialArgs = { + inherit inputs; + }; + backupFileExtension = "backup"; + }; + + homebrew = { + enable = true; + onActivation = { + upgrade = true; + cleanup = "zap"; + }; + }; + + programs = { + zsh.enable = true; + fish.enable = true; + }; + + security.pam.services.sudo_local.touchIdAuth = true; + + system = { + primaryUser = "jan"; + defaults = { + dock = { + autohide = true; + autohide-delay = 0.0; + autohide-time-modifier = 0.0; + orientation = "left"; + mru-spaces = false; + largesize = 64; + magnification = false; + # persistent-apps = [ + # "/Applications/Safari.app" + # "/System/Applications/Mail.app" + # "/System/Applications/Calendar.app" + # "/Applications/Things3.app" + # "/Applications/Ghostty.app" + # "/Applications/Obsidian.app" + # "/System/Applications/Preview.app" + # "/Applications/NetNewsWire.app" + # "/System/Applications/Music.app" + # "/System/Applications/Books.app" + # "/System/Applications/System Settings.app" + # ]; + }; + finder = { + AppleShowAllExtensions = true; + FXPreferredViewStyle = "clmv"; + ShowPathbar = true; + _FXShowPosixPathInTitle = true; + }; + # screencapture.location = "~/Pictures/Bildschirmfotos"; + }; + keyboard = { + enableKeyMapping = true; + remapCapsLockToEscape = true; + }; + + ## Set Git commit hash for darwin-version. + configurationRevision = inputs.self.rev or inputs.self.dirtyRev or null; + + ## Used for backwards compatibility, please read the changelog before changing. + ## $ darwin-rebuild changelog + stateVersion = 4; + }; +} diff --git a/modules/darwin/apps.nix b/modules/darwin/apps.nix new file mode 100644 index 0000000..20b155a --- /dev/null +++ b/modules/darwin/apps.nix @@ -0,0 +1,14 @@ +{ + homebrew.masApps = { + "AdGuard for Safari" = 1440147259; + "Tailscale" = 1475387142; + "GarageBand" = 682658836; + "iMovie" = 408981434; + + # Work + "Keynote" = 409183694; + "Numbers" = 409203825; + "Pages" = 409201541; + "Things" = 904280696; + }; +} diff --git a/modules/darwin/casks.nix b/modules/darwin/casks.nix new file mode 100644 index 0000000..d6cbba6 --- /dev/null +++ b/modules/darwin/casks.nix @@ -0,0 +1,22 @@ +{ + homebrew.casks = [ + "glance-chamburr" + "iina" + "netnewswire" + "electrum" + "monero-wallet" + "keepassxc" + "element" + "signal" + + # Work + "visual-studio-code" + "obsidian" + "chatgpt" + "ghostty" + + # Games + "minecraft" + "modrinth" + ]; +} diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix new file mode 100644 index 0000000..18c932e --- /dev/null +++ b/modules/darwin/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./apps.nix + ./casks.nix + ./fonts.nix + ]; +} diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix new file mode 100644 index 0000000..15bc11c --- /dev/null +++ b/modules/darwin/fonts.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + fonts.packages = with pkgs; [ + atkinson-hyperlegible + jetbrains-mono + open-sans + ]; + homebrew.casks = [ + "font-chomsky" + "font-cormorant-garamond" + "font-crimson-text" + "font-new-york" + "font-sf-compact" + "font-sf-mono" + "font-sf-pro" + "font-unifrakturmaguntia" + ]; +} diff --git a/modules/home-manager/colors.nix b/modules/home-manager/colors.nix new file mode 100644 index 0000000..dffa012 --- /dev/null +++ b/modules/home-manager/colors.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + # Rosé Pine Moon (https://rosepinetheme.com) + programs = { + bat = { + config.theme = "rose-pine"; + themes.rose-pine = { + src = pkgs.fetchFromGitHub { + owner = "rose-pine"; + repo = "tm-theme"; + rev = "c4235f9a65fd180ac0f5e4396e3a86e21a0884ec"; + hash = "sha256-jji8WOKDkzAq8K+uSZAziMULI8Kh7e96cBRimGvIYKY="; + }; + file = "dist/themes/rose-pine.tmTheme"; + }; + }; + + fzf.colors = { + "fg" = "#908caa"; + "bg" = "#191724"; + "hl" = "#ebbcba"; + "fg+" = "#e0def4"; + "bg+" = "#26233a"; + "hl+" = "#ebbcba"; + "border" = "#403d52"; + "header" = "#31748f"; + "gutter" = "#191724"; + "spinner" = "#f6c177"; + "info" = "#9ccfd8"; + "pointer" = "#c4a7e7"; + "marker" = "#eb6f92"; + "prompt" = "#908caa"; + }; + + ghostty.settings.theme = "rose-pine"; + + helix.settings.theme = "rose_pine"; + }; +} diff --git a/modules/home-manager/default.nix b/modules/home-manager/default.nix new file mode 100644 index 0000000..301885c --- /dev/null +++ b/modules/home-manager/default.nix @@ -0,0 +1,89 @@ +{ + config, + pkgs, + inputs, + ... +}: +{ + imports = [ + inputs.agenix.homeManagerModules.default + ./colors.nix + ./ghostty.nix + ./git + ./helix.nix + ./packages.nix + ./shell + ]; + + home = { + username = "jan"; + homeDirectory = "/Users/jan"; + stateVersion = "24.05"; + + ## Mute login message in terminal + file.".hushlogin".text = ""; + + sessionVariables = { + DIRENV_LOG_FORMAT = ""; + LEDGER_FILE = "${config.xdg.dataHome}/ledger/2024.journal"; + OPENAI_API_KEY = "$(cat ${config.age.secrets.openai.path})"; + }; + + shellAliases = { + "yt" = "yt-dlp"; + "yta" = "yt-dlp -x"; + }; + + packages = [ inputs.agenix.packages.${pkgs.system}.default ]; + }; + + age = { + # identityPaths = [ "~/.ssh/id_ed25519" ]; + secrets."openai".file = ../secrets/openai.age; + }; + + xdg = { + enable = true; + userDirs = { + videos = "${config.home.homeDirectory}/Movies/Videos"; + }; + }; + + programs = { + home-manager.enable = true; + + gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg"; + settings = { + default-key = "20AF0A659F2B93AD918415D1A7DA689CB3B078EC"; + keyserver = "hkps://keys.openpgp.org"; + }; + }; + + pandoc.enable = true; + + ssh = { + enable = true; + addKeysToAgent = "yes"; + extraConfig = '' + UseKeychain yes + IdentityFile ~/.ssh/id_ed25519 + SetEnv TERM=xterm-256color + ''; + }; + + yt-dlp = { + enable = true; + settings = { + output = "${config.xdg.userDirs.videos}/%(title)s.%(ext)s"; + format-sort = "res:1080"; + audio-quality = 0; + sponsorblock-mark = "default"; + embed-metadata = true; + embed-thumbnail = true; + xattrs = true; + }; + }; + }; +} diff --git a/modules/home-manager/ghostty.nix b/modules/home-manager/ghostty.nix new file mode 100644 index 0000000..72ef72b --- /dev/null +++ b/modules/home-manager/ghostty.nix @@ -0,0 +1,14 @@ +{ + programs.ghostty = { + enable = true; + package = null; + enableZshIntegration = true; + settings = { + font-size = 16; + window-padding-x = 5; + window-padding-balance = true; + mouse-hide-while-typing = true; + macos-option-as-alt = "left"; + }; + }; +} diff --git a/modules/home-manager/git/default.nix b/modules/home-manager/git/default.nix new file mode 100644 index 0000000..1832c04 --- /dev/null +++ b/modules/home-manager/git/default.nix @@ -0,0 +1,68 @@ +{ + imports = [ + ./ignores.nix + ]; + + home.sessionVariables = { + GITHUB_TOKEN = "$(gh auth token)"; + }; + + programs = { + git = { + enable = true; + userName = "Jan Kremer"; + userEmail = "mail@jankremer.eu"; + lfs.enable = true; + difftastic.enable = true; + + extraConfig = { + user.signingkey = "A7DA689CB3B078EC"; + credential.helper = "osxkeychain"; + merge.conflictstyle = "zdiff3"; + commit = { + verbose = true; + gpgsign = true; + }; + branch.sort = "-committerdate"; + help.autocorrect = 10; + diff = { + algorithm = "histogram"; + colorMoved = "default"; + }; + log.date = "iso"; + rebase.autostash = true; + rerere.enabled = true; + push = { + followtags = true; + autoSetupRemote = true; + }; + }; + }; + + gh = { + enable = true; + settings.git_protocol = "ssh"; + }; + + sapling = { + enable = true; + userName = "Jan Kremer"; + userEmail = "mail@jankremer.eu"; + }; + + jujutsu = { + enable = true; + settings = { + user = { + name = "Jan Kremer"; + email = "mail@jankremer.eu"; + }; + signing = { + behavior = "own"; + backend = "gpg"; + }; + ui.default-command = "log"; + }; + }; + }; +} diff --git a/modules/home-manager/git/ignores.nix b/modules/home-manager/git/ignores.nix new file mode 100644 index 0000000..44f7f3f --- /dev/null +++ b/modules/home-manager/git/ignores.nix @@ -0,0 +1,30 @@ +{ + programs.git.ignores = [ + "*.7z" + "*.class" + "*.com" + "*.dll" + "*.dmg" + "*.exe" + "*.gz" + "*.iso" + "*.jar" + "*.log" + "*.o" + "*.pdf" + "*.rar" + "*.so" + "*.sql" + "*.sqlite" + "*.tar" + "*.zip" + ".DS_Store" + ".DS_Store?" + ".Spotlight-V100" + ".Trashes" + "._*" + ".direnv" + "Thumbs.db" + "ehthumbs.db" + ]; +} diff --git a/modules/home-manager/helix.nix b/modules/home-manager/helix.nix new file mode 100644 index 0000000..11ec095 --- /dev/null +++ b/modules/home-manager/helix.nix @@ -0,0 +1,103 @@ +{ pkgs, ... }: +{ + programs.helix = { + enable = true; + defaultEditor = true; + + extraPackages = with pkgs; [ + markdown-oxide + nixd + nixfmt-rfc-style + ]; + + settings = { + editor = { + line-number = "relative"; + cursorline = true; + color-modes = true; + mouse = true; + + end-of-line-diagnostics = "hint"; + inline-diagnostics.cursor-line = "warning"; + + cursor-shape = { + insert = "bar"; + normal = "block"; + select = "underline"; + }; + + soft-wrap.enable = true; + + statusline = { + left = [ + "mode" + "spinner" + "version-control" + "read-only-indicator" + "file-modification-indicator" + ]; + + center = [ "file-name" ]; + + right = [ + "diagnostics" + "selections" + "register" + "position" + "position-percentage" + "file-encoding" + "file-type" + ]; + + mode = { + normal = "NORMAL"; + insert = "INSERT"; + select = "SELECT"; + }; + }; + }; + + keys = { + normal = { + X = [ + "extend_line_up" + "extend_to_line_bounds" + ]; + }; + }; + }; + + languages = { + language-server = { + tinymist.command = "tinymist"; + nixd = { + command = "nixd"; + config = { + formatting.command = [ "nixfmt" ]; + nixpkgs.expr = "import (builtins.getFlake \"~/.config/nix\").inputs.nixpkgs { }"; + options = { + nixos.expr = "(builtins.getFlake \"~/.config/nix\").nixosConfigurations.galanthus.options"; + darwin.expr = "(builtins.getFlake \"~/.config/nix\").darwinConfigurations.Mac-von-Jan.options"; + home-manager.expr = "(builtins.getFlake \"~/.config/nix\").homeConfigurations.jan.options"; + }; + }; + }; + }; + + language = [ + { + name = "nix"; + language-servers = [ "nixd" ]; + formatter.command = "nixfmt"; + auto-format = true; + } + { + name = "typst"; + language-servers = [ "tinymist" ]; + formatter.command = "typstyle"; + auto-format = true; + } + ]; + }; + }; +} diff --git a/modules/home-manager/packages.nix b/modules/home-manager/packages.nix new file mode 100644 index 0000000..2695e54 --- /dev/null +++ b/modules/home-manager/packages.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + darwin.trash + curl + nh + cachix + hledger + hledger-web + ffmpeg + imagemagick + + # Work + codex + typst + hayagriva + # quarto + # R + # rPackages.reticulate + # texliveFull + plantuml + ditaa + ]; +} diff --git a/modules/home-manager/shell/bat.nix b/modules/home-manager/shell/bat.nix new file mode 100644 index 0000000..341eb90 --- /dev/null +++ b/modules/home-manager/shell/bat.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + programs.bat = { + enable = true; + extraPackages = with pkgs.bat-extras; [ batman ]; + }; + + home.shellAliases = { + "cat" = "bat"; + "man" = "batman"; + }; +} diff --git a/modules/home-manager/shell/default.nix b/modules/home-manager/shell/default.nix new file mode 100644 index 0000000..6bc0f2f --- /dev/null +++ b/modules/home-manager/shell/default.nix @@ -0,0 +1,49 @@ +{ + imports = [ + ./bat.nix + # ./fish.nix + ./starship.nix + ./zsh.nix + ]; + + home.shellAliases = { + "deploy" = + "ssh -t galanthus 'cd ~/.config/nix; git pull --rebase; sudo nixos-rebuild switch --flake ~/.config/nix'"; + "mv" = "mv -i"; + "rm" = "trash"; + "tree" = "lt"; + "zz" = "z -"; + }; + + programs = { + direnv = { + enable = true; + nix-direnv.enable = true; + config = { + warn_timeout = "1m"; + hide_env_diff = true; + }; + }; + + eza = { + enable = true; + git = true; + }; + + fzf = { + enable = true; + defaultCommand = "fd --type f --strip-cwd-prefix --hidden --follow --exclude .git"; + fileWidgetCommand = "fd --type f --strip-cwd-prefix --hidden --follow --exclude .git"; + fileWidgetOptions = [ "--preview 'bat --color=always {}'" ]; + }; + + fd.enable = true; + + ripgrep = { + enable = true; + arguments = [ "--ignore-case" ]; + }; + + zoxide.enable = true; + }; +} diff --git a/modules/home-manager/shell/fish.nix b/modules/home-manager/shell/fish.nix new file mode 100644 index 0000000..25e5816 --- /dev/null +++ b/modules/home-manager/shell/fish.nix @@ -0,0 +1,22 @@ +{ + programs.fish = { + enable = true; + + interactiveShellInit = # fish + '' + set fish_greeting + set fish_vi_key_bindings + set fish_vi_cursor + + eval $(/opt/homebrew/bin/brew shellenv fish) + ''; + + shellAbbrs = { + gs = "git status"; + gc = "git commit"; + gca = "git commit -a"; + gcaa = "git commit -a --amend"; + gco = "git checkout"; + }; + }; +} diff --git a/modules/home-manager/shell/starship.nix b/modules/home-manager/shell/starship.nix new file mode 100644 index 0000000..ede5097 --- /dev/null +++ b/modules/home-manager/shell/starship.nix @@ -0,0 +1,94 @@ +{ lib, ... }: +{ + programs.starship = { + enable = true; + enableTransience = true; + settings = { + add_newline = false; + format = lib.concatStrings [ + "$username" + "$hostname" + "$directory" + "$git_branch" + "$git_status" + "$git_metrics" + "$git_state" + "$nodejs" + "$rust" + "$golang" + "$python" + "$typst" + "$gleam" + "$fill" + "$nix_shell" + "$shell" + "$line_break" + "$character" + ]; + + fill = { + symbol = " "; + }; + + character = { + success_symbol = "[❯](green)"; + error_symbol = "[❯](red)"; + vimcmd_symbol = "[❮](blue)"; + }; + + directory = { + style = "blue"; + }; + + git_branch = { + format = "[$branch(:$remote_branch)](white) "; + }; + + git_status = { + style = "cyan"; + }; + + nodejs = { + symbol = "nodejs"; + format = "[$symbol ($version )](green)"; + }; + + rust = { + symbol = "rust"; + format = "[$symbol ($version )](red)"; + }; + + python = { + symbol = "python"; + format = "[$symbol ($version )](yellow)"; + }; + + golang = { + symbol = "go"; + format = "[$symbol ($version )](green)"; + }; + + typst = { + symbol = "typst"; + format = "[$symbol ($version )](green)"; + }; + + gleam = { + symbol = "gleam"; + format = "[$symbol ($version )](purple)"; + }; + + nix_shell = { + symbol = "nix"; + heuristic = true; + format = "[$symbol ($state $name )](red)"; + }; + + shell = { + disabled = false; + fish_indicator = "fish "; + format = "[$indicator](purple)"; + }; + }; + }; +} diff --git a/modules/home-manager/shell/zsh.nix b/modules/home-manager/shell/zsh.nix new file mode 100644 index 0000000..5a40cb0 --- /dev/null +++ b/modules/home-manager/shell/zsh.nix @@ -0,0 +1,40 @@ +{ config, ... }: +{ + programs.zsh = { + enable = true; + # enableVteIntegration = true; + dotDir = ".config/zsh"; + history = { + path = "${config.xdg.stateHome}/zsh/zsh_history"; + extended = true; + }; + autosuggestion.enable = true; + autocd = true; + syntaxHighlighting = { + enable = true; + highlighters = [ + "main" + "cursor" + "brackets" + "root" + ]; + }; + initContent = # sh + '' + eval "$(/opt/homebrew/bin/brew shellenv)" + + setopt COMPLETE_IN_WORD + setopt ALWAYS_TO_END + setopt PATH_DIRS + setopt AUTO_MENU + setopt AUTO_LIST + setopt MENU_COMPLETE + ''; + + completionInit = # sh + '' + autoload -U compinit && compinit + zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*' + ''; + }; +} diff --git a/modules/nixos/adguardhome.nix b/modules/nixos/adguardhome.nix new file mode 100644 index 0000000..d9b9e65 --- /dev/null +++ b/modules/nixos/adguardhome.nix @@ -0,0 +1,6 @@ +{ + services.adguardhome = { + enable = true; + port = 3000; + }; +} diff --git a/modules/nixos/audiobookshelf.nix b/modules/nixos/audiobookshelf.nix new file mode 100644 index 0000000..03c1422 --- /dev/null +++ b/modules/nixos/audiobookshelf.nix @@ -0,0 +1,31 @@ +{ + containers.audiobooks = { + autoStart = true; + bindMounts = { + "/var/lib/audiobookshelf" = { + hostPath = "/mnt/sdb1/media/audiobooks"; + isReadOnly = false; + }; + }; + + config = + { pkgs, ... }: + { + services = { + audiobookshelf = { + enable = true; + # port = 8000; + # host = "audiobooks.alpine-centauri.ts.net"; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..ef7d910 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,18 @@ +{ + imports = [ + # ./adguardhome.nix + ./audiobookshelf.nix + ./forgejo.nix + # ./freshrss.nix + # ./immich.nix + ./jellyfin.nix + ./mealie.nix + ./minecraft.nix + ./navidrome.nix + # ./nextcloud.nix + # ./pinchflat.nix + ./samba.nix + ./tailscale.nix + # ./vaultwarden.nix + ]; +} diff --git a/modules/nixos/forgejo.nix b/modules/nixos/forgejo.nix new file mode 100644 index 0000000..c808cad --- /dev/null +++ b/modules/nixos/forgejo.nix @@ -0,0 +1,58 @@ +{ inputs, ... }: +{ + containers.git = { + autoStart = true; + bindMounts."/etc/ssh/ssh_host_ed25519_key".hostPath = "/etc/ssh/ssh_host_ed25519_key"; + + config = { + imports = [ inputs.agenix.nixosModules.default ]; + + age = { + identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets."forgejo-runner-token" = { + file = ../secrets/forgejo-runner-token.age; + mode = "400"; + owner = "forgejo"; + }; + }; + + services = { + forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.alpine-centauri.ts.net"; + ROOT_URL = "https://git.alpine-centauri.ts.net/"; + HTTP_PORT = 3000; + }; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; + }; + }; + }; + + # gitea-actions-runner = { + # package = pkgs.forgejo-runner; + # instances.native = { + # enable = true; + # name = "native"; + # url = "https://git.alpine-centauri.ts.net"; + # tokenFile = config.age.secrets.forgejo-runner-token.path; + # labels = [ "native:host" ]; + # }; + # }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/freshrss.nix b/modules/nixos/freshrss.nix new file mode 100644 index 0000000..46d4cd4 --- /dev/null +++ b/modules/nixos/freshrss.nix @@ -0,0 +1,24 @@ +{ + containers.freshrss = { + autoStart = true; + + config = { + services = { + freshrss = { + enable = true; + language = "de"; + authType = "none"; + baseUrl = "https://freshrss.alpine-centauri.ts.net"; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/immich.nix b/modules/nixos/immich.nix new file mode 100644 index 0000000..f171dfd --- /dev/null +++ b/modules/nixos/immich.nix @@ -0,0 +1,29 @@ +{ + containers.immich = { + autoStart = true; + + bindMounts = { + "/var/lib/immich" = { + hostPath = "/mnt/sdb1/photos"; + isReadOnly = false; + }; + }; + + config = { + services = { + immich = { + enable = true; + host = "immich.alpine-centauri.ts.net"; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/jellyfin.nix b/modules/nixos/jellyfin.nix new file mode 100644 index 0000000..ff1d476 --- /dev/null +++ b/modules/nixos/jellyfin.nix @@ -0,0 +1,69 @@ +{ + containers.jellyfin = { + autoStart = true; + bindMounts = { + "/media" = { + hostPath = "/mnt/sdb1/media"; + isReadOnly = false; + }; + }; + + config = + { pkgs, ... }: + { + services = { + jellyfin = { + enable = true; # port = 8096 + openFirewall = true; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + environment.systemPackages = with pkgs; [ + jellyfin + jellyfin-web + jellyfin-ffmpeg + ]; + + ## Hardware transcoding + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver # previously vaapiIntel + vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + # vpl-gpu-rt # QSV on 11th gen or newer + intel-media-sdk # QSV up to 11th gen + ]; + }; + + ## Grab EPG data daily + systemd = { + services.epg = { + script = "${pkgs.nodejs_18}/bin/npm run --prefix /media/TV/epg/ grab -- --channels=custom.channels.xml"; + path = [ + pkgs.bash + pkgs.nodejs_18 + ]; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + startAt = "daily"; # Creates a timer + }; + timers.epg.timerConfig.Persistent = true; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/mealie.nix b/modules/nixos/mealie.nix new file mode 100644 index 0000000..2fef590 --- /dev/null +++ b/modules/nixos/mealie.nix @@ -0,0 +1,22 @@ +{ + containers.mealie = { + autoStart = true; + + config = { + services = { + mealie = { + enable = true; + port = 9000; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/minecraft.nix b/modules/nixos/minecraft.nix new file mode 100644 index 0000000..f6dec38 --- /dev/null +++ b/modules/nixos/minecraft.nix @@ -0,0 +1,36 @@ +{ lib, ... }: +{ + containers.minecraft = { + autoStart = true; + + bindMounts = { + "/var/lib/minecraft" = { + hostPath = "/mnt/sdb1/minecraft"; + isReadOnly = false; + }; + }; + + config = { + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "minecraft-server" + ]; + + services = { + minecraft-server = { + enable = true; + eula = true; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/navidrome.nix b/modules/nixos/navidrome.nix new file mode 100644 index 0000000..add8538 --- /dev/null +++ b/modules/nixos/navidrome.nix @@ -0,0 +1,31 @@ +{ + containers.music = { + autoStart = true; + bindMounts = { + "/Music" = { + hostPath = "/mnt/sdb1/media/Music"; + isReadOnly = false; + }; + }; + + config = { + services = { + navidrome = { + enable = true; + settings = { + MusicFolder = "/Music"; + port = 4533; + }; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix new file mode 100644 index 0000000..89d1cd5 --- /dev/null +++ b/modules/nixos/nextcloud.nix @@ -0,0 +1,86 @@ +{ inputs, ... }: +{ + containers.nextcloud = { + autoStart = true; + bindMounts = { + "/etc/ssh/ssh_host_ed25519_key".hostPath = "/etc/ssh/ssh_host_ed25519_key"; + "/var/lib/nextcloud/data" = { + hostPath = "/mnt/sdb1/data"; + isReadOnly = false; + }; + }; + + config = + { pkgs, config, ... }: + { + imports = [ inputs.agenix.nixosModules.default ]; + + age = { + identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + secrets."nextcloud" = { + file = ../secrets/nextcloud.age; + mode = "400"; + owner = "nextcloud"; + }; + }; + + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "nextcloud"; + https = true; + config = { + adminpassFile = config.age.secrets.nextcloud.path; + }; + settings = { + trusted_domains = [ "nextcloud.alpine-centauri.ts.net" ]; + enabledPreviewProviders = [ + "OC\\Preview\\AVI" + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\HEIC" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MKV" + "OC\\Preview\\MP3" + "OC\\Preview\\MP4" + "OC\\Preview\\MarkDown" + "OC\\Preview\\Movie" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PDF" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + ]; + }; + + database.createLocally = true; + configureRedis = true; + + maxUploadSize = "1G"; + + ## Set up non-declaratively for now + # extraAppsEnable = true; + # autoUpdateApps.enable = true; + # extraApps = { + # inherit (config.services.nextcloud.package.packages.apps) + # news + # contacts + # calendar + # tasks + # ; + # }; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/pinchflat.nix b/modules/nixos/pinchflat.nix new file mode 100644 index 0000000..09451d1 --- /dev/null +++ b/modules/nixos/pinchflat.nix @@ -0,0 +1,31 @@ +{ + virtualisation.oci-containers = { + containers = { + pinchflat = { + image = "ghcr.io/kieraneglin/pinchflat:latest"; + environment.TZ = "Europe/Berlin"; + ports = [ "127.0.0.1:8945:8945" ]; + volumes = [ + "/mnt/sdb1/media/youtube/config:/config" + "/mnt/sdb1/media/youtube/downloads:/downloads" + ]; + }; + }; + }; + + containers.youtube = { + autoStart = true; + + config = { + services = { + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/nixos/samba.nix b/modules/nixos/samba.nix new file mode 100644 index 0000000..baa38ef --- /dev/null +++ b/modules/nixos/samba.nix @@ -0,0 +1,34 @@ +{ + services.samba = { + enable = true; + + settings = { + global = { + "vfs objects" = "catia fruit streams_xattr"; + "guest account" = "jan"; + "fruit:model" = "MacPro7,1@ECOLOR=226,226,224"; + }; + + Media = { + path = "/mnt/sdb1/media"; + writeable = "yes"; + }; + + TimeMachine = { + path = "/mnt/sdb1/timemachine"; + writeable = "yes"; + "fruit:time machine" = "yes"; + }; + }; + }; + + ## Used to advertise the shares to Windows hosts + services.samba-wsdd = { + enable = true; + }; + + services.avahi = { + enable = true; + nssmdns4 = true; + }; +} diff --git a/modules/nixos/tailscale.nix b/modules/nixos/tailscale.nix new file mode 100644 index 0000000..61b954e --- /dev/null +++ b/modules/nixos/tailscale.nix @@ -0,0 +1,9 @@ +{ + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + extraUpFlags = [ "--ssh" ]; + }; + + networking.firewall.checkReversePath = "loose"; +} diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix new file mode 100644 index 0000000..a7c2f3c --- /dev/null +++ b/modules/nixos/vaultwarden.nix @@ -0,0 +1,32 @@ +{ + containers.vault = { + autoStart = true; + bindMounts = { + "/var/backup/vaultwarden" = { + hostPath = "/mnt/sdb1/vaultwarden"; + isReadOnly = false; + }; + }; + + config = { + services = { + vaultwarden = { + enable = true; + backupDir = "/var/backup/vaultwarden"; + dbBackend = "postgresql"; + config = { + # SIGNUPS_ALLOWED = false; + }; + }; + + tailscale = { + enable = true; + useRoutingFeatures = "server"; + interfaceName = "userspace-networking"; + }; + }; + + system.stateVersion = "24.05"; + }; + }; +} diff --git a/modules/secrets/forgejo-runner-token.age b/modules/secrets/forgejo-runner-token.age new file mode 100644 index 0000000..3562c66 Binary files /dev/null and b/modules/secrets/forgejo-runner-token.age differ diff --git a/modules/secrets/nextcloud.age b/modules/secrets/nextcloud.age new file mode 100644 index 0000000..c04493b --- /dev/null +++ b/modules/secrets/nextcloud.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 2otpcg 3veZJ75b0D5gej3P4fHkM8yGzVH5ldkGOCYBkdztoSw +KXDhfvj/wfpMXqQ1MspymfJBBqRJktcSngIkEBDSUu4 +-> ssh-ed25519 40YjXQ L1yJYjyAmCi7W05BAVeFZi3mSCzBNU0/hqm2prEV/wI +J6lFx4DD+Lj4tjsBntIlzuvZfqTQ3P7xzNZs0vcZBko +--- 0uC4zy+Xahwt3nuFJyNyHVCIPcgwxVX8cXo0ivwQUaU +Q㲱!RGE)c@ n ڠnzhkr \ No newline at end of file diff --git a/modules/secrets/openai.age b/modules/secrets/openai.age new file mode 100644 index 0000000..4de676f Binary files /dev/null and b/modules/secrets/openai.age differ diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix new file mode 100644 index 0000000..573449e --- /dev/null +++ b/modules/secrets/secrets.nix @@ -0,0 +1,13 @@ +let + Mac-von-Jan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE"; + galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u"; + all = [ + Mac-von-Jan + galanthus + ]; +in +{ + "nextcloud.age".publicKeys = all; + "forgejo-runner-token.age".publicKeys = all; + "openai.age".publicKeys = all; +}