xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

start to use home manager as NixOS module

Browse source
This commit is contained in:
xinyangli 2023-04-23 01:42:40 +08:00
parent 71b20209b2
commit 37a8487bdb
21 changed files with 523 additions and 308 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitattributes vendored
View file

@ -1,2 +1,2 @@
machines/laptop/secret.nix filter=git-crypt diff=git-crypt machines/calcite/secret.nix filter=git-crypt diff=git-crypt
machines/clash.nix filter=git-crypt diff=git-crypt machines/clash.nix filter=git-crypt diff=git-crypt

14
.sops.yaml
View file

@ -1,19 +1,17 @@
keys: keys:
- &xin age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49 - &xin age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
- &host-laptop age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn - &host-laptop age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
creation_rules: creation_rules:
- path_regex: secrets/laptop/[^/]+\.yaml$ - path_regex: machines/calcite/secrets.yaml
key_groups: key_groups:
- age: - age:
- *xin - *xin
- *host-laptop - *host-laptop
- path_regex: machines/laptop/secrets.yaml - path_regex: machines/secrets.yaml
key_groups: key_groups:
- age: - age:
- *xin - *xin
- *host-laptop - path_regex: home/xin/secrets.yaml
- path_regex: secrets/common/[^/]+\.yaml$ key_groups:
kay_groups:
- age: - age:
- *xin - *xin
- *host-laptop

203
flake.lock
View file

@ -1,6 +1,37 @@
{ {
"nodes": { "nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1638122382, "lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
@ -15,45 +46,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils-plus": {
"inputs": {
"flake-utils": [
"nur-xddxdd",
"flake-utils"
]
},
"locked": {
"lastModified": 1657226504,
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681037374,
"narHash": "sha256-XL6X3VGbEFJZDUouv2xpKg2Aljzu/etPLv5e1FPt1q0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "033b9f258ca96a10e543d4442071f614dc3f8412",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -61,11 +53,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1681468923, "lastModified": 1682072616,
"narHash": "sha256-+X2oO4juRVhQRs002mn8km6PODccIRiz09c2K1xtSpY=", "narHash": "sha256-sR5RL3LACGuq5oePcAoJ/e1S3vitKQQSNACMYmqIE1E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "17198cf5ae27af5b647c7dac58d935a7d0dbd189", "rev": "47d6c3f65234230d37f1cf7d3d6b5575ec80fe0c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -74,19 +66,39 @@
"type": "github" "type": "github"
} }
}, },
"nix-vscode-extensions": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1682125871,
"narHash": "sha256-b5z2R7qRe5lIn7UYFrVokFy9r3RoyrrYKqgJH/r9B34=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "abda642f7216d43b1c61cc864eb571df78d96464",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"type": "github"
}
},
"nixos-cn": { "nixos-cn": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1681522588, "lastModified": 1682040433,
"narHash": "sha256-GG2C4OEAIEE6rIeU+ba6YN2hZe2neZ5HF6acEwncsqU=", "narHash": "sha256-5RxsRpH7pidvRu9Fcejt5Akl+aMnduSlaIrureT0Qz8=",
"owner": "nixos-cn", "owner": "nixos-cn",
"repo": "flakes", "repo": "flakes",
"rev": "fc7cb10f00b69c97fab945400f480dac06496ff2", "rev": "1f8ff8330186b40b61d7f16d7d78d656b9e06399",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -113,15 +125,15 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1681303793, "lastModified": 1675763311,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "narHash": "sha256-bz0Q2H3mxsF1CUfk26Sl9Uzi8/HFjGFD/moZHz1HebU=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fe2ecaf706a5907b5e54d979fbde4924d84b65fc", "rev": "fab09085df1b60d6a0870c8a89ce26d5a4a708c2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@ -129,11 +141,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1681349002, "lastModified": 1681932375,
"narHash": "sha256-9Ckc2WvSwuYrPfk3ZXgPasM1ir/cgs6UV0EpIWyPGZE=", "narHash": "sha256-tSXbYmpnKSSWpzOrs27ie8X3I0yqKA6AuCzCYNtwbCU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2b1bba76a13ed39c7abc0a6e8f74f9e168cf3c7c", "rev": "3d302c67ab8647327dba84fbdb443cdbf0e82744",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -145,11 +157,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1681005198, "lastModified": 1681613598,
"narHash": "sha256-5LrnBeXR7Hv8OXh6eany7br4qBW+ZNl4LKf1CJu9zbg=", "narHash": "sha256-Ogkoma0ytYcDoMR2N7CZFABPo+i0NNo26dPngru9tPc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e45cc0138829ad86e7ff17a76acf2d05e781e30a", "rev": "1040ce5f652b586da95dfd80d48a745e107b9eac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -161,11 +173,27 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1680942619, "lastModified": 1681920287,
"narHash": "sha256-kpCW1IegAZfEjCVJW7IPN/hEtRL/9dxaFFYiHS5qVAk=", "narHash": "sha256-+/d6XQQfhhXVfqfLROJoqj3TuG38CAeoT6jO1g9r1k0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645bc49f34fa8eff95479f0345ff57e55b53437e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1681571934,
"narHash": "sha256-Q3B3HTqhTahhPCT53ahK1FPktOXlEWmudSttd9CWGbE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6f95dd4fd050daf017cae2dfeb1cea1ec0e4c1a1", "rev": "29176972b4be60f7d3eb3101f696c99f2e6ada57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -177,11 +205,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1681527005, "lastModified": 1682066678,
"narHash": "sha256-BMO3rnCA8kr5Cq/URyU25j1eSL3HygUT1rd7vniwfKE=", "narHash": "sha256-uMHlSn+i49GW4AwjNQh+gN1Hv3IyaXIwWCicHd/wo4g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "ace101967ecf693fad5387d671b09435b23fd9dc", "rev": "c2778754ec284fade289ce5c4ac82ffb48b2b97a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -190,51 +218,29 @@
"type": "github" "type": "github"
} }
}, },
"nur-xddxdd": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1681369018,
"narHash": "sha256-bqwKQX4G4DgxEalw8h0zlG0B/GQzOk5djQBpmFz0zzs=",
"owner": "xddxdd",
"repo": "nur-packages",
"rev": "eb318d24ebdcf6efd8af91a54cd932ed3ed86f78",
"type": "github"
},
"original": {
"owner": "xddxdd",
"repo": "nur-packages",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-cn": "nixos-cn", "nixos-cn": "nixos-cn",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nur": "nur", "nur": "nur",
"nur-xddxdd": "nur-xddxdd",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1681209176, "lastModified": 1681821695,
"narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=", "narHash": "sha256-uwyBGo/9IALi97AfMuzkJroQQhV6hkybaZVdw6pRNG4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "00d5fd73756d424de5263b92235563bc06f2c6e1", "rev": "5698b06b0731a2c15ff8c2351644427f8ad33993",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -242,21 +248,6 @@
"repo": "sops-nix", "repo": "sops-nix",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

42
flake.nix
View file

@ -10,10 +10,6 @@
}; };
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
nur-xddxdd = {
url = "github:xddxdd/nur-packages";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
@ -24,35 +20,52 @@
}; };
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
}; };
outputs = { self, ... }@inputs: outputs = { self, ... }@inputs:
with inputs; with inputs;
let let
mkHome = user: host: home-manager.nixosModules.home-manager { mkHome = user: host: { config, system, ... }: {
extraSpecialArgs = { inherit inputs; }; imports = [
home-manager.users.${user} = import ./home/${user}/${host}; {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.xin = import ./home/${user}/${host};
home-manager.extraSpecialArgs = { inherit inputs system; };
}
];
};
mkNixos = { system, modules, specialArgs ? {}}: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = specialArgs // { inherit inputs system; };
modules = [
home-manager.nixosModules.home-manager
nur.nixosModules.nur
sops-nix.nixosModules.sops
] ++ modules;
}; };
in in
{ {
nixosModules = import ./modules/nixos; nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager; homeManagerModules = import ./modules/home-manager;
nixosConfigurations.xin-laptop = nixpkgs.lib.nixosSystem { nixosConfigurations.calcite = mkNixos {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
machines/laptop/configuration.nix nixos-hardware.nixosModules.asus-zephyrus-ga401
nur.nixosModules.nur machines/calcite/configuration.nix
sops-nix.nixosModules.sops (mkHome "xin" "calcite")
]; ];
specialArgs = inputs;
}; };
nixosConfigurations.rpi4 = nixpkgs.lib.nixosSystem {
nixosConfigurations.rpi4 = mkNixos {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
machines/rpi4/configuration.nix
nixos-hardware.nixosModules.raspberry-pi-4 nixos-hardware.nixosModules.raspberry-pi-4
machines/rpi4/configuration.nix
]; ];
}; };
@ -66,7 +79,6 @@
nixpkgs.config.allowUnsupportedSystem = true; nixpkgs.config.allowUnsupportedSystem = true;
nixpkgs.hostPlatform.system = "aarch64-linux"; nixpkgs.hostPlatform.system = "aarch64-linux";
nixpkgs.buildPlatform.system = "x86_64-linux"; nixpkgs.buildPlatform.system = "x86_64-linux";
# ... extra configs as above
} }
]; ];
}).config.system.build.sdImage; }).config.system.build.sdImage;

15
home/xin/alacritty.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, ... }: {
programs.alacritty = {
enable = true;
settings = {
shell = {
program = config.programs.zellij.package + "/bin/zellij";
};
font.size = 10.0;
window = {
resize_increments = true;
dynamic_padding = true;
};
};
};
}

34
home/xin/calcite/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, pkgs, ... }:
{
imports = [
../common
../vscode.nix
../alacritty.nix
];
home.username = "xin";
home.homeDirectory = "/home/xin";
home.stateVersion = "23.05";
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
accounts.email.accounts.gmail = {
primary = true;
address = "lixinyang411@gmail.com";
flavor = "gmail.com";
};
accounts.email.accounts.whu = {
address = "lixinyang411@whu.edu.cn";
};
accounts.email.accounts.foxmail = {
address = "lixinyang411@foxmail.com";
};
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-rime ];
};
}

21
home/xin/common/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }: {
imports = [
./fish.nix
./git.nix
./zellij.nix
];
home.packages = with pkgs; [
dig
du-dust # du + rust
zoxide # autojumper
man-pages
tree
wget
tmux
ffmpeg
tealdeer
neofetch
rclone
clash
];
}

19
home/xin/common/fish.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, ... }: {
programs.fish = {
enable = true;
plugins = with pkgs; [
{
name = "pisces";
src = fishPlugins.pisces.src;
}
{
name = "done";
src = fishPlugins.done.src;
}
{
name = "hydro";
src = fishPlugins.hydro.src;
}
];
};
}

13
home/xin/common/git.nix Normal file
View file

@ -0,0 +1,13 @@
{
programs.git = {
enable = true;
delta.enable = true;
userName = "Xinyang Li";
userEmail = "lixinyang411@gmail.com";
aliases = {
graph = "log --all --oneline --graph --decorate";
s = "status";
d = "diff";
};
};
}

29
home/xin/common/zellij.nix Normal file
View file

@ -0,0 +1,29 @@
{
programs.zellij = {
enable = true;
settings = {
on_force_close = "quit";
default_shell = "fish";
keybinds = {
unbind = [
"Ctrl p"
"Ctrl n"
];
};
theme = "dracula";
themes.dracula = {
fg = [ 248 248 242 ];
bg = [ 40 42 54 ];
black = [ 0 0 0 ];
red = [ 255 85 85 ];
green = [ 80 250 123 ];
yellow = [ 241 250 140 ];
blue = [ 98 114 164 ];
magenta = [ 255 121 198 ];
cyan = [ 139 233 253 ];
white = [ 255 255 255 ];
orange = [ 255 184 108 ];
};
};
};
}

15
home/xin/laptop/default.nix
View file

@ -1,15 +0,0 @@
{
home.username = "xin";
home.homeDirectory = "/home/xin";
accounts = {
gmail = {
};
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}

128
home/xin/vscode.nix Normal file
View file

@ -0,0 +1,128 @@
{ config, pkgs, inputs, system, ... }:
{
programs.vscode = {
enable = true;
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
mutableExtensionsDir = false;
extensions = with inputs.nix-vscode-extensions.extensions.${system}.vscode-marketplace; [
arrterian.nix-env-selector
bbenoist.nix
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
vscodevim.vim
github.vscode-pull-request-github
eamodio.gitlens
gruntfuggly.todo-tree # todo highlight
# Language support
# Python
ms-python.python
# Markdown
davidanson.vscode-markdownlint
# C/C++
ms-vscode.cmake-tools
llvm-vs-code-extensions.vscode-clangd
# Nix
jnoortheen.nix-ide
# Latex
james-yu.latex-workshop
# Rust
rust-lang.rust-analyzer
ms-vscode-remote.remote-ssh-edit
];
userSettings = {
"workbench.colorTheme" = "Default Dark+";
"terminal.integrated.sendKeybindingsToShell" = true;
"extensions.ignoreRecommendations" = true;
"files.autoSave" = "afterDelay";
"editor.inlineSuggest.enabled" = true;
"editor.rulers" = [
80
];
"editor.mouseWheelZoom" = true;
"git.autofetch" = true;
"window.zoomLevel" = -1;
"nix.enableLanguageServer" = true;
"latex-workshop.latex.autoBuild.run" = "never";
"latex-workshop.latex.tools" = [
{
"name" = "xelatex";
"command" = "xelatex";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"-pdf"
"%DOCFILE%"
];
}
{
"name" = "pdflatex";
"command" = "pdflatex";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"%DOCFILE%"
];
}
{
"name" = "bibtex";
"command" = "bibtex";
"args" = [
"%DOCFILE%"
];
}
];
"latex-workshop.latex.recipes" = [
{
"name" = "xelatex";
"tools" = [
"xelatex"
];
}
{
"name" = "pdflatex";
"tools" = [
"pdflatex"
];
}
{
"name" = "xe->bib->xe->xe";
"tools" = [
"xelatex"
"bibtex"
"xelatex"
"xelatex"
];
}
{
"name" = "pdf->bib->pdf->pdf";
"tools" = [
"pdflatex"
"bibtex"
"pdflatex"
"pdflatex"
];
}
];
"[latex]" = {
"editor.formatonpaste" = false;
"editor.suggestselection" = "recentlyusedbyprefix";
"editor.wordwrap" = "bounded";
"editor.wordwrapcolumn" = 100;
"editor.unicodehighlight.allowedlocales" = {
"_os" = true;
"_vscode" = true;
"zh-hans" = true;
"zh-hant" = true;
};
};
};
};
}

149
machines/laptop/configuration.nix → machines/calcite/configuration.nix
View file

@ -1,19 +1,13 @@
# Edit this configuration file to define what should be installed on { config, pkgs, ... }:
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, nixos-cn, nur, nur-xddxdd, ... }:
{ {
imports = imports =
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../clash.nix ./network.nix
../vscode.nix
# ../dnscrypt.nix
./secret.nix
../sops.nix ../sops.nix
../clash.nix
]; ];
# Bootloader. # Bootloader.
@ -22,25 +16,16 @@
boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.efiSysMountPoint = "/boot/efi";
# boot.kernelPackages = pkgs.linuxPackages_latest; # boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ]; boot.kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" ];
boot.supportedFilesystems = [ "ntfs" ];
networking.hostName = "xin-laptop"; # Define your hostname. networking.hostName = "calcite";
# Enable networking programs.vim.defaultEditor = true;
networking = {
nameservers = [ "127.0.0.1" "::1" ];
networkmanager = {
enable = true;
};
resolvconf.useLocalResolver = true;
};
# Keep this even if enabled in home manager
sops = { programs.fish.enable = true;
defaultSopsFile = ./secrets.yaml; environment.shells = [ pkgs.fish ];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; users.defaultUserShell = pkgs.fish;
age.keyFile = "/var/lib/sops-nix/keys.txt";
age.generateKey = true;
};
# Setup wireguard # Setup wireguard
# Set your time zone. # Set your time zone.
@ -49,12 +34,6 @@
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8"; i18n.defaultLocale = "en_US.utf8";
# Chinese Input Method
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-rime ];
};
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "zh_CN.utf8"; LC_ADDRESS = "zh_CN.utf8";
LC_IDENTIFICATION = "zh_CN.utf8"; LC_IDENTIFICATION = "zh_CN.utf8";
@ -115,6 +94,10 @@
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
# For wechat-uos
"electron-19.0.7"
];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -125,38 +108,16 @@
wineWowPackages.waylandFull wineWowPackages.waylandFull
faudio faudio
man-pages
# ==== CLI tools ==== # # ==== CLI tools ==== #
rust-analyzer rust-analyzer
leetcode-cli
tree
wget
tmux
ffmpeg
tealdeer
neofetch
rclone
clash
# tesseract5 # ocr # tesseract5 # ocr
ocrmypdf # pdfocr ocrmypdf # pdfocr
grc grc
fishPlugins.pisces
fishPlugins.bass
fishPlugins.done
hyperfine # benchmarking tool
grex # generate regex from example
delta # diff viewer
zoxide # autojumper
du-dust # du + rust
alacritty # terminal emulator
zellij # modern multiplexer
# ==== Development ==== # # ==== Development ==== #
# VCS # VCS
git
git-crypt git-crypt
jetbrains.jdk # patch jetbrain runtime java jetbrains.jdk # patch jetbrain runtime java
@ -205,15 +166,13 @@
vlc vlc
obs-studio obs-studio
spotify spotify
netease-cloud-music-gtk
digikam digikam
# IM # IM
tdesktop tdesktop
qq qq
nur-xddxdd.packages."x86_64-linux".wechat-uos-bin config.nur.repos.xddxdd.wechat-uos
# nixos-cn.legacyPackages.${system}.wechat-uos
# Mail # Mail
thunderbird thunderbird
@ -235,100 +194,30 @@
virt-manager virt-manager
]; ];
# use vim for editor
programs.vim = {
defaultEditor = true;
};
# use fish as default shell
environment.shells = [ pkgs.fish ];
users.defaultUserShell = pkgs.fish;
programs.fish = {
enable = true;
};
programs.wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
# Add gsconnect, open firewall
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = true;
}; };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable: system.stateVersion = "22.05";
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# services.gnome.gnome-remote-desktop.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
networking.firewall.allowedUDPPorts = [ 41641 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
# Use mirror for binary cache # Use mirror for binary cache
nix.settings.substituters = [ nix.settings.substituters = [
"https://mirrors.ustc.edu.cn/nix-channels/store" "https://mirrors.ustc.edu.cn/nix-channels/store"
# "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
# MTP support # MTP support
services.gvfs.enable = true; services.gvfs.enable = true;
# Enable Tailscale
services.tailscale.enable = true;
services.tailscale.useRoutingFeatures = "both";
# Setup Nvidia driver
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl = {
enable = true;
# driSupport = true;
};
hardware.nvidia.modesetting.enable = true;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
# hardware.nvidia.open = true;
hardware.nvidia.prime = {
offload.enable = true;
offload.enableOffloadCmd = true;
nvidiaBusId = "PCI:1:0:0";
amdgpuBusId = "PCI:4:0:0";
};
# Fonts # Fonts
fonts = { fonts = {
fonts = with pkgs; [ fonts = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" ]; })
noto-fonts noto-fonts
noto-fonts-emoji noto-fonts-emoji
liberation_ttf liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease mplus-outline-fonts.githubRelease
dina-font dina-font
proggyfonts proggyfonts
@ -345,7 +234,7 @@
defaultFonts = { defaultFonts = {
serif = [ "Noto Serif CJK SC" "Ubuntu" ]; serif = [ "Noto Serif CJK SC" "Ubuntu" ];
sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ]; sansSerif = [ "Noto Sans CJK SC" "Ubuntu" ];
monospace = [ "FiraCode" "Ubuntu" ]; monospace = [ "FiraCode NerdFont Mono" "Ubuntu" ];
}; };
}; };
}; };

13
machines/laptop/hardware-configuration.nix → machines/calcite/hardware-configuration.nix
View file

@ -14,17 +14,24 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/73ff3986-ff55-4e9b-a857-9fc3878ea94f"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot/efi" = fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/5A85-9129"; { device = "/dev/disk/by-label/EFIBOOT";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/media/data" =
{
device = "/dev/disk/by-label/WINDATA";
fsType = "ntfs3";
options = [ "rw" "uid=1000" ];
};
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/ccf8e837-d9c6-4e59-a36d-6bbd4836d11a"; } [ { device = "/dev/disk/by-label/NIXSWAP"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

37
machines/calcite/network.nix Normal file
View file

@ -0,0 +1,37 @@
{ pkgs, ...}:
{
# Enable networking
networking = {
nameservers = [ "127.0.0.1" "::1" ];
networkmanager = {
enable = true;
};
resolvconf.useLocalResolver = true;
};
# Enable Tailscale
services.tailscale.enable = true;
# services.tailscale.useRoutingFeatures = "both";
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
networking.firewall.allowedUDPPorts = [ 41641 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
programs.steam.remotePlay.openFirewall = true;
# Add gsconnect, open firewall
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
programs.wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
# services.gnome.gnome-remote-desktop.enable = true;
}

30
machines/calcite/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL
N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv
blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi
OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5
gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD
WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO
ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk
eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1
67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-22T15:22:58Z"
mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

BIN
machines/clash.nix
View file

Binary file not shown.

BIN
machines/laptop/secret.nix
View file

Binary file not shown.

30
machines/laptop/secrets.yaml
View file

@ -1,30 +0,0 @@
gmail: ENC[AES256_GCM,data:CajGtLth9OWLc4OHvRB2WIf9h8Fz4A==,iv:8VpGHDn06sDsTwsIVSHf9teRLNWx3hmQJ7Qml5ovjoo=,tag:dVIgRQ9LjSWSe/6QdCVUyA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n359y6qkgzypu0lkcy66pfpneskul35xyhrzz3qumjsmeyp2wsuqq0df49
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNmR1LzJkZUxHcnRsV0Nj
RVRJZ3lZWmhzWFkyM3M5ZHZyZGo5OG0xZmpJCkVEd0VmNVNDejlDY0pYcmNHMjB0
a1d0UDVQRFFCUUxFMXh2UlBGc0RRZk0KLS0tIFpJRVIvM1Q3NG02ZEk2MEdsYmkz
YU9zMzJCcDVtRGdOWXNSMGpCcUNneDgKUDVNx2OjyOSRzMqhmFkBx3do4VrNO/fw
tFk4EzayyNoRAd5Ch/XfAccGwLceNhvMPZYxcB0hZljZM5u3g3JPtQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age179ldmg92wqsspgujc70hujfgttw0ljxkh7g86w8rqzywx0f7psysrk0cfn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLVFg0OEFSMHJYTjZxNUM0
ZmY0NUU0c3pNK1d4ak0wcmYrRTN1TEcyakZRCnBLNzNxNm5YWk9kNzZqL0dHMkhG
UXA1bDY4QVg2K3d6eVBpWG1ybHN2VDAKLS0tIFJpSTk4cFZKeTVkd09sN3NmQzc1
eXNvMElBbnkxaEVJZ1hRZnZDUmp0WE0KmjdpdtWkxNgwcm3GuGAhO2p8rH/UyGSW
iJMXAD/FIbbB9e50oSVixg5PFZuqL6ryxFDrj8UgUZozBVXFrlZfBw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-16T05:37:57Z"
mac: ENC[AES256_GCM,data:XX17bbc+hGPcsfg7t3S93X22fpydT0N+P8DTpLB4SkVi9anRbNTrldJkIxKNuN3LXKZmdON/BO6x4TMe+wh45yAW1Ds8OD6VTr6IdXYIvvYC5IKt27qd30Cqbed0Q4LSq9mZ97YiRCyxVsNSf+n4rJV+Ufc24LS35Kb3qR5Pia8=,iv:T5BPf9fCLroreDqHGBrWyI1fFYNTWtYx557AnMReQnU=,tag:8qC/yN/erx4mDDO949oppA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

30
machines/secrets.yaml Normal file
View file

@ -0,0 +1,30 @@
clash_subscription_link: ENC[AES256_GCM,data:HKHMCu6FAhXroM+j33coUhJybw2P0k4c+2NyVoLkHRtxyWc2qDmwLfyaYfU9hkBdE60eZ6t5ewNFnMFe78DatVTcwPXGznY=,iv:0yP9LG8lUdjKiize6z5LjY3NsGmKST4H2aMvOZoUXyo=,tag:vcBk7seKuaSpEw8PXmM05A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRXoxNVJzZERQTFdDNWlL
N2s2ajdCVzFFZWlSY1dndWhCL0RuMnk3aVdJCjJaQUJ2a1VPanArN2YxMy9vSEYv
blBISEZQL3UvNnRFN0ozZ3hzbEcvaDQKLS0tIEYydmF2bHBwQWdTSFFQQ29ROGxi
OFo3K3N6VWsyRnphblVsM2pHZnljUncKWLyzuKl+8WXtvlPtsaYG4PyGYNmPFdG5
gxlMsQvaUrGReCs9M3EeS0KKvl9INzOP33KCiwrIAfq1PygP1xF1QQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZHpMa0NiYzJSa0Jyd3dD
WUFzenY3dEYzRjBxbVk4NWFGUnp0N0oySjE4CllEMlRXSmR6cWR0QlMrOWJGdEhO
ZzkwaFRRMVdjcVhLaEpMcFhxMTVxcTQKLS0tIEY3eER1d3B0NGtsdk9RaENscTBk
eHg2UVZRRkdVWm5PdW1MSzhVTGlpc3cKnZj4fil9mysiJJcDK4SLo+I0TcUtgww1
67W3wpd2y+ofIEP/qBSTVU4PYJ+ZsYDr1hy+6qJ7r4rgQ9wzLiWBog==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-22T15:22:58Z"
mac: ENC[AES256_GCM,data:3LtivTLt04ADulz9XkMxcpgAY6it+hWFuXZVI9AOuFVQCgGE41fpH0RUKgJ4kIpr5kvbe4wVLQ6OTFqBcAkPnBBPCCg/Npzo7sWbGOiBEyK3aEk2uGsmZHqpDexHS5VJvSY0iePD+Qb/LNxjBo4KLWGNj+frKnpGALV0Qn6yzIE=,iv:alylpWLPhIIL4piaVFpjHbXJY4nz0pcUIFN5TvVcj74=,tag:HaSjcpwRMZ06UjXoDwEmyg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

7
machines/sops.nix
View file

@ -1,2 +1,9 @@
{ ... }:
{ {
sops = {
defaultSopsFile = ./secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# age.keyFile = "/var/lib/sops-nix/keys.txt";
# age.generateKey = true;
};
} }