diff --git a/.gitattributes b/.gitattributes index e8965a2..3be7bb1 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,2 @@ -machines/laptop/secret.nix filter=git-crypt diff=git-crypt +machines/calcite/secret.nix filter=git-crypt diff=git-crypt machines/clash.nix filter=git-crypt diff=git-crypt diff --git a/.sops.yaml b/.sops.yaml index e989cd5..f3ae717 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,19 +1,17 @@ keys: - - &xin age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49 - - &host-laptop age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn + - &xin age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c + - &host-laptop age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa creation_rules: - - path_regex: secrets/laptop/[^/]+\.yaml$ + - path_regex: machines/calcite/secrets.yaml key_groups: - age: - *xin - *host-laptop - - path_regex: machines/laptop/secrets.yaml + - path_regex: machines/secrets.yaml key_groups: - age: - *xin - - *host-laptop - - path_regex: secrets/common/[^/]+\.yaml$ - kay_groups: + - path_regex: home/xin/secrets.yaml + key_groups: - age: - *xin - - *host-laptop diff --git a/flake.lock b/flake.lock index 5961158..b94fa32 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,37 @@ { "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1638122382, "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", @@ -15,45 +46,6 @@ "type": "github" } }, - "flake-utils-plus": { - "inputs": { - "flake-utils": [ - "nur-xddxdd", - "flake-utils" - ] - }, - "locked": { - "lastModified": 1657226504, - "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1681037374, - "narHash": "sha256-XL6X3VGbEFJZDUouv2xpKg2Aljzu/etPLv5e1FPt1q0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "033b9f258ca96a10e543d4442071f614dc3f8412", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -61,11 +53,11 @@ ] }, "locked": { - "lastModified": 1681468923, - "narHash": "sha256-+X2oO4juRVhQRs002mn8km6PODccIRiz09c2K1xtSpY=", + "lastModified": 1682072616, + "narHash": "sha256-sR5RL3LACGuq5oePcAoJ/e1S3vitKQQSNACMYmqIE1E=", "owner": "nix-community", "repo": "home-manager", - "rev": "17198cf5ae27af5b647c7dac58d935a7d0dbd189", + "rev": "47d6c3f65234230d37f1cf7d3d6b5575ec80fe0c", "type": "github" }, "original": { @@ -74,19 +66,39 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1682125871, + "narHash": "sha256-b5z2R7qRe5lIn7UYFrVokFy9r3RoyrrYKqgJH/r9B34=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "abda642f7216d43b1c61cc864eb571df78d96464", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-cn": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1681522588, - "narHash": "sha256-GG2C4OEAIEE6rIeU+ba6YN2hZe2neZ5HF6acEwncsqU=", + "lastModified": 1682040433, + "narHash": "sha256-5RxsRpH7pidvRu9Fcejt5Akl+aMnduSlaIrureT0Qz8=", "owner": "nixos-cn", "repo": "flakes", - "rev": "fc7cb10f00b69c97fab945400f480dac06496ff2", + "rev": "1f8ff8330186b40b61d7f16d7d78d656b9e06399", "type": "github" }, "original": { @@ -113,15 +125,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1681303793, - "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", - "owner": "nixos", + "lastModified": 1675763311, + "narHash": "sha256-bz0Q2H3mxsF1CUfk26Sl9Uzi8/HFjGFD/moZHz1HebU=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe2ecaf706a5907b5e54d979fbde4924d84b65fc", + "rev": "fab09085df1b60d6a0870c8a89ce26d5a4a708c2", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -129,11 +141,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1681349002, - "narHash": "sha256-9Ckc2WvSwuYrPfk3ZXgPasM1ir/cgs6UV0EpIWyPGZE=", + "lastModified": 1681932375, + "narHash": "sha256-tSXbYmpnKSSWpzOrs27ie8X3I0yqKA6AuCzCYNtwbCU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2b1bba76a13ed39c7abc0a6e8f74f9e168cf3c7c", + "rev": "3d302c67ab8647327dba84fbdb443cdbf0e82744", "type": "github" }, "original": { @@ -145,11 +157,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1681005198, - "narHash": "sha256-5LrnBeXR7Hv8OXh6eany7br4qBW+ZNl4LKf1CJu9zbg=", + "lastModified": 1681613598, + "narHash": "sha256-Ogkoma0ytYcDoMR2N7CZFABPo+i0NNo26dPngru9tPc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e45cc0138829ad86e7ff17a76acf2d05e781e30a", + "rev": "1040ce5f652b586da95dfd80d48a745e107b9eac", "type": "github" }, "original": { @@ -161,11 +173,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1680942619, - "narHash": "sha256-kpCW1IegAZfEjCVJW7IPN/hEtRL/9dxaFFYiHS5qVAk=", + "lastModified": 1681920287, + "narHash": "sha256-+/d6XQQfhhXVfqfLROJoqj3TuG38CAeoT6jO1g9r1k0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "645bc49f34fa8eff95479f0345ff57e55b53437e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1681571934, + "narHash": "sha256-Q3B3HTqhTahhPCT53ahK1FPktOXlEWmudSttd9CWGbE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6f95dd4fd050daf017cae2dfeb1cea1ec0e4c1a1", + "rev": "29176972b4be60f7d3eb3101f696c99f2e6ada57", "type": "github" }, "original": { @@ -177,11 +205,11 @@ }, "nur": { "locked": { - "lastModified": 1681527005, - "narHash": "sha256-BMO3rnCA8kr5Cq/URyU25j1eSL3HygUT1rd7vniwfKE=", + "lastModified": 1682066678, + "narHash": "sha256-uMHlSn+i49GW4AwjNQh+gN1Hv3IyaXIwWCicHd/wo4g=", "owner": "nix-community", "repo": "NUR", - "rev": "ace101967ecf693fad5387d671b09435b23fd9dc", + "rev": "c2778754ec284fade289ce5c4ac82ffb48b2b97a", "type": "github" }, "original": { @@ -190,51 +218,29 @@ "type": "github" } }, - "nur-xddxdd": { - "inputs": { - "flake-utils": "flake-utils_2", - "flake-utils-plus": "flake-utils-plus", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1681369018, - "narHash": "sha256-bqwKQX4G4DgxEalw8h0zlG0B/GQzOk5djQBpmFz0zzs=", - "owner": "xddxdd", - "repo": "nur-packages", - "rev": "eb318d24ebdcf6efd8af91a54cd932ed3ed86f78", - "type": "github" - }, - "original": { - "owner": "xddxdd", - "repo": "nur-packages", - "type": "github" - } - }, "root": { "inputs": { "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-cn": "nixos-cn", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", - "nur-xddxdd": "nur-xddxdd", "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1681209176, - "narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=", + "lastModified": 1681821695, + "narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "00d5fd73756d424de5263b92235563bc06f2c6e1", + "rev": "5698b06b0731a2c15ff8c2351644427f8ad33993", "type": "github" }, "original": { @@ -242,21 +248,6 @@ "repo": "sops-nix", "type": "github" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 10d3a93..788ebd0 100644 --- a/flake.nix +++ b/flake.nix @@ -10,10 +10,6 @@ }; nur.url = "github:nix-community/NUR"; - nur-xddxdd = { - url = "github:xddxdd/nur-packages"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; @@ -24,35 +20,52 @@ }; sops-nix.url = "github:Mic92/sops-nix"; + + nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; }; outputs = { self, ... }@inputs: with inputs; let - mkHome = user: host: home-manager.nixosModules.home-manager { - extraSpecialArgs = { inherit inputs; }; - home-manager.users.${user} = import ./home/${user}/${host}; + mkHome = user: host: { config, system, ... }: { + imports = [ + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.xin = import ./home/${user}/${host}; + home-manager.extraSpecialArgs = { inherit inputs system; }; + } + ]; + }; + mkNixos = { system, modules, specialArgs ? {}}: nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = specialArgs // { inherit inputs system; }; + modules = [ + home-manager.nixosModules.home-manager + nur.nixosModules.nur + sops-nix.nixosModules.sops + ] ++ modules; }; in { nixosModules = import ./modules/nixos; homeManagerModules = import ./modules/home-manager; - nixosConfigurations.xin-laptop = nixpkgs.lib.nixosSystem { + nixosConfigurations.calcite = mkNixos { system = "x86_64-linux"; modules = [ - machines/laptop/configuration.nix - nur.nixosModules.nur - sops-nix.nixosModules.sops + nixos-hardware.nixosModules.asus-zephyrus-ga401 + machines/calcite/configuration.nix + (mkHome "xin" "calcite") ]; - specialArgs = inputs; }; - nixosConfigurations.rpi4 = nixpkgs.lib.nixosSystem { + + nixosConfigurations.rpi4 = mkNixos { system = "aarch64-linux"; modules = [ - machines/rpi4/configuration.nix nixos-hardware.nixosModules.raspberry-pi-4 + machines/rpi4/configuration.nix ]; }; @@ -66,7 +79,6 @@ nixpkgs.config.allowUnsupportedSystem = true; nixpkgs.hostPlatform.system = "aarch64-linux"; nixpkgs.buildPlatform.system = "x86_64-linux"; - # ... extra configs as above } ]; }).config.system.build.sdImage; diff --git a/home/xin/alacritty.nix b/home/xin/alacritty.nix new file mode 100644 index 0000000..a4feed5 --- /dev/null +++ b/home/xin/alacritty.nix @@ -0,0 +1,15 @@ +{ config, ... }: { + programs.alacritty = { + enable = true; + settings = { + shell = { + program = config.programs.zellij.package + "/bin/zellij"; + }; + font.size = 10.0; + window = { + resize_increments = true; + dynamic_padding = true; + }; + }; + }; +} \ No newline at end of file diff --git a/home/xin/calcite/default.nix b/home/xin/calcite/default.nix new file mode 100644 index 0000000..f2085ac --- /dev/null +++ b/home/xin/calcite/default.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: +{ + imports = [ + ../common + ../vscode.nix + ../alacritty.nix + ]; + + home.username = "xin"; + home.homeDirectory = "/home/xin"; + home.stateVersion = "23.05"; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + accounts.email.accounts.gmail = { + primary = true; + address = "lixinyang411@gmail.com"; + flavor = "gmail.com"; + }; + + accounts.email.accounts.whu = { + address = "lixinyang411@whu.edu.cn"; + }; + + accounts.email.accounts.foxmail = { + address = "lixinyang411@foxmail.com"; + }; + + i18n.inputMethod = { + enabled = "fcitx5"; + fcitx5.addons = with pkgs; [ fcitx5-rime ]; + }; +} diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix new file mode 100644 index 0000000..73ba97a --- /dev/null +++ b/home/xin/common/default.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: { + imports = [ + ./fish.nix + ./git.nix + ./zellij.nix + ]; + home.packages = with pkgs; [ + dig + du-dust # du + rust + zoxide # autojumper + man-pages + tree + wget + tmux + ffmpeg + tealdeer + neofetch + rclone + clash + ]; +} \ No newline at end of file diff --git a/home/xin/common/fish.nix b/home/xin/common/fish.nix new file mode 100644 index 0000000..3502f1d --- /dev/null +++ b/home/xin/common/fish.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: { + programs.fish = { + enable = true; + plugins = with pkgs; [ + { + name = "pisces"; + src = fishPlugins.pisces.src; + } + { + name = "done"; + src = fishPlugins.done.src; + } + { + name = "hydro"; + src = fishPlugins.hydro.src; + } + ]; + }; +} diff --git a/home/xin/common/git.nix b/home/xin/common/git.nix new file mode 100644 index 0000000..98c2e84 --- /dev/null +++ b/home/xin/common/git.nix @@ -0,0 +1,13 @@ +{ + programs.git = { + enable = true; + delta.enable = true; + userName = "Xinyang Li"; + userEmail = "lixinyang411@gmail.com"; + aliases = { + graph = "log --all --oneline --graph --decorate"; + s = "status"; + d = "diff"; + }; + }; +} \ No newline at end of file diff --git a/home/xin/common/zellij.nix b/home/xin/common/zellij.nix new file mode 100644 index 0000000..c994139 --- /dev/null +++ b/home/xin/common/zellij.nix @@ -0,0 +1,29 @@ +{ + programs.zellij = { + enable = true; + settings = { + on_force_close = "quit"; + default_shell = "fish"; + keybinds = { + unbind = [ + "Ctrl p" + "Ctrl n" + ]; + }; + theme = "dracula"; + themes.dracula = { + fg = [ 248 248 242 ]; + bg = [ 40 42 54 ]; + black = [ 0 0 0 ]; + red = [ 255 85 85 ]; + green = [ 80 250 123 ]; + yellow = [ 241 250 140 ]; + blue = [ 98 114 164 ]; + magenta = [ 255 121 198 ]; + cyan = [ 139 233 253 ]; + white = [ 255 255 255 ]; + orange = [ 255 184 108 ]; + }; + }; + }; +} \ No newline at end of file diff --git a/home/xin/laptop/default.nix b/home/xin/laptop/default.nix deleted file mode 100644 index 5b2d754..0000000 --- a/home/xin/laptop/default.nix +++ /dev/null @@ -1,15 +0,0 @@ - -{ - home.username = "xin"; - home.homeDirectory = "/home/xin"; - - accounts = { - gmail = { - - }; - - }; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; -} \ No newline at end of file diff --git a/home/xin/vscode.nix b/home/xin/vscode.nix new file mode 100644 index 0000000..2f05702 --- /dev/null +++ b/home/xin/vscode.nix @@ -0,0 +1,128 @@ +{ config, pkgs, inputs, system, ... }: +{ + programs.vscode = { + enable = true; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; + extensions = with inputs.nix-vscode-extensions.extensions.${system}.vscode-marketplace; [ + arrterian.nix-env-selector + + bbenoist.nix + ms-azuretools.vscode-docker + ms-vscode-remote.remote-ssh + vscodevim.vim + github.vscode-pull-request-github + eamodio.gitlens + gruntfuggly.todo-tree # todo highlight + + # Language support + # Python + ms-python.python + # Markdown + davidanson.vscode-markdownlint + # C/C++ + ms-vscode.cmake-tools + llvm-vs-code-extensions.vscode-clangd + # Nix + jnoortheen.nix-ide + # Latex + james-yu.latex-workshop + # Rust + rust-lang.rust-analyzer + + ms-vscode-remote.remote-ssh-edit + ]; + userSettings = { + "workbench.colorTheme" = "Default Dark+"; + "terminal.integrated.sendKeybindingsToShell" = true; + "extensions.ignoreRecommendations" = true; + "files.autoSave" = "afterDelay"; + "editor.inlineSuggest.enabled" = true; + "editor.rulers" = [ + 80 + ]; + "editor.mouseWheelZoom" = true; + "git.autofetch" = true; + "window.zoomLevel" = -1; + + "nix.enableLanguageServer" = true; + + "latex-workshop.latex.autoBuild.run" = "never"; + "latex-workshop.latex.tools" = [ + { + "name" = "xelatex"; + "command" = "xelatex"; + "args" = [ + "-synctex=1" + "-interaction=nonstopmode" + "-file-line-error" + "-pdf" + "%DOCFILE%" + ]; + } + { + "name" = "pdflatex"; + "command" = "pdflatex"; + "args" = [ + "-synctex=1" + "-interaction=nonstopmode" + "-file-line-error" + "%DOCFILE%" + ]; + } + { + "name" = "bibtex"; + "command" = "bibtex"; + "args" = [ + "%DOCFILE%" + ]; + } + ]; + "latex-workshop.latex.recipes" = [ + { + "name" = "xelatex"; + "tools" = [ + "xelatex" + ]; + } + { + "name" = "pdflatex"; + "tools" = [ + "pdflatex" + ]; + } + { + "name" = "xe->bib->xe->xe"; + "tools" = [ + "xelatex" + "bibtex" + "xelatex" + "xelatex" + ]; + } + { + "name" = "pdf->bib->pdf->pdf"; + "tools" = [ + "pdflatex" + "bibtex" + "pdflatex" + "pdflatex" + ]; + } + ]; + "[latex]" = { + "editor.formatonpaste" = false; + "editor.suggestselection" = "recentlyusedbyprefix"; + "editor.wordwrap" = "bounded"; + "editor.wordwrapcolumn" = 100; + "editor.unicodehighlight.allowedlocales" = { + "_os" = true; + "_vscode" = true; + "zh-hans" = true; + "zh-hant" = true; + }; + }; + }; + }; +} diff --git a/machines/laptop/configuration.nix b/machines/calcite/configuration.nix similarity index 58% rename from machines/laptop/configuration.nix rename to machines/calcite/configuration.nix index e3df24b..b7e615f 100644 --- a/machines/laptop/configuration.nix +++ b/machines/calcite/configuration.nix @@ -1,19 +1,13 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, nixos-cn, nur, nur-xddxdd, ... }: +{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../clash.nix - ../vscode.nix - # ../dnscrypt.nix - ./secret.nix + ./network.nix ../sops.nix + ../clash.nix ]; # Bootloader. @@ -22,25 +16,16 @@ boot.loader.efi.efiSysMountPoint = "/boot/efi"; # boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ]; + boot.supportedFilesystems = [ "ntfs" ]; - networking.hostName = "xin-laptop"; # Define your hostname. + networking.hostName = "calcite"; - # Enable networking - networking = { - nameservers = [ "127.0.0.1" "::1" ]; - networkmanager = { - enable = true; - }; - resolvconf.useLocalResolver = true; - }; + programs.vim.defaultEditor = true; - - sops = { - defaultSopsFile = ./secrets.yaml; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - age.keyFile = "/var/lib/sops-nix/keys.txt"; - age.generateKey = true; - }; + # Keep this even if enabled in home manager + programs.fish.enable = true; + environment.shells = [ pkgs.fish ]; + users.defaultUserShell = pkgs.fish; # Setup wireguard # Set your time zone. @@ -49,12 +34,6 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.utf8"; - # Chinese Input Method - i18n.inputMethod = { - enabled = "fcitx5"; - fcitx5.addons = with pkgs; [ fcitx5-rime ]; - }; - i18n.extraLocaleSettings = { LC_ADDRESS = "zh_CN.utf8"; LC_IDENTIFICATION = "zh_CN.utf8"; @@ -115,6 +94,10 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; + nixpkgs.config.permittedInsecurePackages = [ + # For wechat-uos + "electron-19.0.7" + ]; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ @@ -125,38 +108,16 @@ wineWowPackages.waylandFull faudio - man-pages # ==== CLI tools ==== # rust-analyzer - leetcode-cli - tree - wget - tmux - ffmpeg - tealdeer - neofetch - rclone - clash # tesseract5 # ocr ocrmypdf # pdfocr grc - fishPlugins.pisces - fishPlugins.bass - fishPlugins.done - - hyperfine # benchmarking tool - grex # generate regex from example - delta # diff viewer - zoxide # autojumper - du-dust # du + rust - alacritty # terminal emulator - zellij # modern multiplexer # ==== Development ==== # # VCS - git git-crypt jetbrains.jdk # patch jetbrain runtime java @@ -205,15 +166,13 @@ vlc obs-studio spotify - netease-cloud-music-gtk digikam # IM tdesktop qq - nur-xddxdd.packages."x86_64-linux".wechat-uos-bin - # nixos-cn.legacyPackages.${system}.wechat-uos + config.nur.repos.xddxdd.wechat-uos # Mail thunderbird @@ -235,100 +194,30 @@ virt-manager ]; - # use vim for editor - programs.vim = { - defaultEditor = true; - }; - - # use fish as default shell - environment.shells = [ pkgs.fish ]; - users.defaultUserShell = pkgs.fish; - programs.fish = { - enable = true; - }; - - programs.wireshark = { - enable = true; - package = pkgs.wireshark-qt; - }; - - # Add gsconnect, open firewall - programs.kdeconnect = { - enable = true; - package = pkgs.gnomeExtensions.gsconnect; - }; programs.steam = { enable = true; - remotePlay.openFirewall = true; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # services.gnome.gnome-remote-desktop.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - networking.firewall.allowedUDPPorts = [ 41641 ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? + system.stateVersion = "22.05"; # Use mirror for binary cache nix.settings.substituters = [ "https://mirrors.ustc.edu.cn/nix-channels/store" - # "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" + "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # MTP support services.gvfs.enable = true; - # Enable Tailscale - services.tailscale.enable = true; - services.tailscale.useRoutingFeatures = "both"; - - # Setup Nvidia driver - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.opengl = { - enable = true; - # driSupport = true; - }; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; - # hardware.nvidia.open = true; - hardware.nvidia.prime = { - offload.enable = true; - offload.enableOffloadCmd = true; - nvidiaBusId = "PCI:1:0:0"; - amdgpuBusId = "PCI:4:0:0"; - }; - # Fonts fonts = { fonts = with pkgs; [ + (nerdfonts.override { fonts = [ "FiraCode" ]; }) noto-fonts noto-fonts-emoji liberation_ttf - fira-code - fira-code-symbols mplus-outline-fonts.githubRelease dina-font proggyfonts @@ -345,7 +234,7 @@ defaultFonts = { serif = [ "Noto Serif CJK SC" "Ubuntu" ]; sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ]; - monospace = [ "FiraCode" "Ubuntu" ]; + monospace = [ "FiraCode NerdFont Mono" "Ubuntu" ]; }; }; }; diff --git a/machines/laptop/hardware-configuration.nix b/machines/calcite/hardware-configuration.nix similarity index 83% rename from machines/laptop/hardware-configuration.nix rename to machines/calcite/hardware-configuration.nix index 6c5f7e1..4baf3c7 100644 --- a/machines/laptop/hardware-configuration.nix +++ b/machines/calcite/hardware-configuration.nix @@ -14,17 +14,24 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/73ff3986-ff55-4e9b-a857-9fc3878ea94f"; + { device = "/dev/disk/by-label/NIXROOT"; fsType = "ext4"; }; fileSystems."/boot/efi" = - { device = "/dev/disk/by-uuid/5A85-9129"; + { device = "/dev/disk/by-label/EFIBOOT"; fsType = "vfat"; }; + fileSystems."/media/data" = + { + device = "/dev/disk/by-label/WINDATA"; + fsType = "ntfs3"; + options = [ "rw" "uid=1000" ]; + }; + swapDevices = - [ { device = "/dev/disk/by-uuid/ccf8e837-d9c6-4e59-a36d-6bbd4836d11a"; } + [ { device = "/dev/disk/by-label/NIXSWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix new file mode 100644 index 0000000..f77ead5 --- /dev/null +++ b/machines/calcite/network.nix @@ -0,0 +1,37 @@ +{ pkgs, ...}: + +{ + # Enable networking + networking = { + nameservers = [ "127.0.0.1" "::1" ]; + networkmanager = { + enable = true; + }; + resolvconf.useLocalResolver = true; + }; + + # Enable Tailscale + services.tailscale.enable = true; + # services.tailscale.useRoutingFeatures = "both"; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + networking.firewall.allowedUDPPorts = [ 41641 ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + programs.steam.remotePlay.openFirewall = true; + + # Add gsconnect, open firewall + programs.kdeconnect = { + enable = true; + package = pkgs.gnomeExtensions.gsconnect; + }; + + programs.wireshark = { + enable = true; + package = pkgs.wireshark-qt; + }; + + # services.gnome.gnome-remote-desktop.enable = true; +} \ No newline at end of file diff --git a/machines/calcite/secrets.yaml b/machines/calcite/secrets.yaml new file mode 100644 index 0000000..ae8271c --- /dev/null +++ b/machines/calcite/secrets.yaml @@ -0,0 +1,30 @@ +clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL + N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv + blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi + OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5 + gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD + WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO + ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk + eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1 + 67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-22T15:22:58Z" + mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/machines/clash.nix b/machines/clash.nix index db254ce..5001a80 100644 Binary files a/machines/clash.nix and b/machines/clash.nix differ diff --git a/machines/laptop/secret.nix b/machines/laptop/secret.nix deleted file mode 100644 index 06f9d06..0000000 Binary files a/machines/laptop/secret.nix and /dev/null differ diff --git a/machines/laptop/secrets.yaml b/machines/laptop/secrets.yaml deleted file mode 100644 index 26181d2..0000000 --- a/machines/laptop/secrets.yaml +++ /dev/null @@ -1,30 +0,0 @@ -gmail: ENC[AES256_GCM,data:CajGtLth9OWLc4OHvRB2WIf9h8Fz4A==,iv:8VpGHDn06sDsTwsIVSHf9teRLNWx3hmQJ7Qml5ovjoo=,tag:dVIgRQ9LjSWSe/6QdCVUyA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNmR1LzJkZUxHcnRsV0Nj - RVRJZ3lZWmhzWFkyM3M5ZHZyZGo5OG0xZmpJCkVEd0VmNVNDejlDY0pYcmNHMjB0 - a1d0UDVQRFFCUUxFMXh2UlBGc0RRZk0KLS0tIFpJRVIvM1Q3NG02ZEk2MEdsYmkz - YU9zMzJCcDVtRGdOWXNSMGpCcUNneDgKUDVNx2OjyOSRzMqhmFkBx3do4VrNO/fw - tFk4EzayyNoRAd5Ch/XfAccGwLceNhvMPZYxcB0hZljZM5u3g3JPtQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVFg0OEFSMHJYTjZxNUM0 - ZmY0NUU0c3pNK1d4ak0wcmYrRTN1TEcyakZRCnBLNzNxNm5YWk9kNzZqL0dHMkhG - UXA1bDY4QVg2K3d6eVBpWG1ybHN2VDAKLS0tIFJpSTk4cFZKeTVkd09sN3NmQzc1 - eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW - iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-16T05:37:57Z" - mac: ENC[AES256_GCM,data:XX17bbc+hGPcsfg7t3S93X22fpydT0N+P8DTpLB4SkVi9anRbNTrldJkIxKNuN3LXKZmdON/BO6x4TMe+wh45yAW1Ds8OD6VTr6IdXYIvvYC5IKt27qd30Cqbed0Q4LSq9mZ97YiRCyxVsNSf+n4rJV+Ufc24LS35Kb3qR5Pia8=,iv:T5BPf9fCLroreDqHGBrWyI1fFYNTWtYx557AnMReQnU=,tag:8qC/yN/erx4mDDO949oppA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/machines/secrets.yaml b/machines/secrets.yaml new file mode 100644 index 0000000..ae8271c --- /dev/null +++ b/machines/secrets.yaml @@ -0,0 +1,30 @@ +clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL + N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv + blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi + OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5 + gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD + WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO + ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk + eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1 + 67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-04-22T15:22:58Z" + mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/machines/sops.nix b/machines/sops.nix index 7a73a41..5c6a079 100644 --- a/machines/sops.nix +++ b/machines/sops.nix @@ -1,2 +1,9 @@ +{ ... }: { + sops = { + defaultSopsFile = ./secrets.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # age.keyFile = "/var/lib/sops-nix/keys.txt"; + # age.generateKey = true; + }; } \ No newline at end of file