├── apps ├── aarch64-linux ├── x86_64-darwin │ ├── clean │ ├── build │ ├── build-switch │ ├── check-keys │ ├── create-keys │ └── copy-keys ├── aarch64-darwin │ ├── clean │ ├── build │ ├── rollback │ ├── build-switch │ ├── check-keys │ ├── create-keys │ └── copy-keys ├── x86_64-linux │ ├── clean │ ├── create-keys │ ├── build-switch-emacs │ ├── check-keys │ ├── build-switch │ ├── install │ ├── copy-keys │ └── install-with-secrets └── README.md ├── templates ├── starter │ ├── apps │ │ ├── aarch64-linux │ │ ├── aarch64-darwin │ │ │ ├── clean │ │ │ ├── build │ │ │ ├── rollback │ │ │ └── build-switch │ │ ├── x86_64-darwin │ │ │ ├── clean │ │ │ ├── build │ │ │ ├── build-switch │ │ │ ├── check-keys │ │ │ ├── create-keys │ │ │ └── copy-keys │ │ └── x86_64-linux │ │ │ ├── clean │ │ │ └── build-switch │ ├── modules │ │ ├── nixos │ │ │ ├── config │ │ │ │ ├── login-wallpaper.png │ │ │ │ ├── rofi │ │ │ │ │ ├── colors.rasi │ │ │ │ │ ├── confirm.rasi │ │ │ │ │ ├── message.rasi │ │ │ │ │ ├── launcher.rasi │ │ │ │ │ ├── styles.rasi │ │ │ │ │ ├── powermenu.rasi │ │ │ │ │ └── networkmenu.rasi │ │ │ │ └── polybar │ │ │ │ │ ├── colors.ini │ │ │ │ │ └── user_modules.ini │ │ │ ├── disk-config.nix │ │ │ ├── packages.nix │ │ │ ├── home-manager.nix │ │ │ └── README.md │ │ ├── darwin │ │ │ ├── packages.nix │ │ │ ├── README.md │ │ │ ├── casks.nix │ │ │ ├── files.nix │ │ │ ├── dock │ │ │ │ └── default.nix │ │ │ └── home-manager.nix │ │ └── shared │ │ │ ├── README.md │ │ │ ├── files.nix │ │ │ ├── default.nix │ │ │ └── packages.nix │ ├── overlays │ │ ├── README.md │ │ └── 10-feather-font.nix │ ├── hosts │ │ └── darwin │ │ │ └── default.nix │ └── flake.nix └── starter-with-secrets │ ├── apps │ ├── aarch64-linux │ ├── aarch64-darwin │ │ ├── clean │ │ ├── build │ │ ├── rollback │ │ ├── build-switch │ │ ├── check-keys │ │ ├── create-keys │ │ └── copy-keys │ ├── x86_64-darwin │ │ ├── clean │ │ ├── build │ │ ├── build-switch │ │ ├── check-keys │ │ ├── create-keys │ │ └── copy-keys │ └── x86_64-linux │ │ ├── clean │ │ └── build-switch │ ├── modules │ ├── nixos │ │ ├── config │ │ │ ├── login-wallpaper.png │ │ │ ├── rofi │ │ │ │ ├── colors.rasi │ │ │ │ ├── confirm.rasi │ │ │ │ ├── message.rasi │ │ │ │ ├── launcher.rasi │ │ │ │ ├── styles.rasi │ │ │ │ ├── powermenu.rasi │ │ │ │ └── networkmenu.rasi │ │ │ └── polybar │ │ │ │ ├── colors.ini │ │ │ │ └── user_modules.ini │ │ ├── disk-config.nix │ │ ├── secrets.nix │ │ ├── packages.nix │ │ ├── home-manager.nix │ │ └── README.md │ ├── darwin │ │ ├── packages.nix │ │ ├── README.md │ │ ├── casks.nix │ │ ├── files.nix │ │ ├── secrets.nix │ │ ├── dock │ │ │ └── default.nix │ │ └── home-manager.nix │ └── shared │ │ ├── README.md │ │ ├── files.nix │ │ ├── default.nix │ │ └── packages.nix │ ├── overlays │ ├── README.md │ └── 10-feather-font.nix │ ├── hosts │ └── darwin │ │ └── default.nix │ └── flake.nix ├── .gitignore ├── hosts ├── nixos │ ├── firmware │ │ └── edid │ │ │ └── PG278Q.bin │ └── garfield │ │ └── hardware-configuration.nix └── darwin │ └── default.nix ├── .github ├── dependabot.yml └── workflows │ ├── build.yml │ ├── lint.yml │ ├── update-flake-lock.yml │ └── build-template.yml ├── modules ├── shared │ ├── fonts.nix │ ├── cachix │ │ └── default.nix │ ├── README.md │ ├── default.nix │ ├── emacs.nix │ ├── files.nix │ └── packages.nix ├── darwin │ ├── packages.nix │ ├── README.md │ ├── casks.nix │ ├── secrets.nix │ ├── files.nix │ ├── dock │ │ └── default.nix │ └── home-manager.nix └── nixos │ ├── README.md │ ├── secrets.nix │ ├── files.nix │ ├── garfield-packages.nix │ └── packages.nix ├── overlays ├── phpstorm.nix ├── linear-cli.nix ├── cider-appimage.nix ├── obsidian-appimage.nix ├── tableplus-appimage.nix ├── wowup-appimage.nix ├── playwright.nix └── README.md ├── systemd ├── bitcoin-noobs-news.timer ├── bitcoin-noobs-crypto.timer ├── bitcoin-noobs-news.service └── bitcoin-noobs-crypto.service └── LICENSE /apps/aarch64-linux: -------------------------------------------------------------------------------- 1 | x86_64-linux -------------------------------------------------------------------------------- /templates/starter/apps/aarch64-linux: -------------------------------------------------------------------------------- 1 | x86_64-linux -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-linux: -------------------------------------------------------------------------------- 1 | x86_64-linux -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | \#* 2 | *.swp 3 | result 4 | .DS_Store 5 | .claude 6 | CLAUDE.md 7 | -------------------------------------------------------------------------------- /hosts/nixos/firmware/edid/PG278Q.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dustinlyons/nixos-config/HEAD/hosts/nixos/firmware/edid/PG278Q.bin -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | interval: "weekly" -------------------------------------------------------------------------------- /templates/starter/modules/nixos/config/login-wallpaper.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dustinlyons/nixos-config/HEAD/templates/starter/modules/nixos/config/login-wallpaper.png -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/config/login-wallpaper.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dustinlyons/nixos-config/HEAD/templates/starter-with-secrets/modules/nixos/config/login-wallpaper.png -------------------------------------------------------------------------------- /templates/starter/modules/darwin/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; 4 | let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in 5 | shared-packages ++ [ 6 | dockutil 7 | ] 8 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/darwin/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; 4 | let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in 5 | shared-packages ++ [ 6 | dockutil 7 | ] 8 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/config/rofi/colors.rasi: -------------------------------------------------------------------------------- 1 | /* colors */ 2 | 3 | * { 4 | al: #00000000; 5 | bg: #1F1F1FFF; 6 | bga: #546e7a33; 7 | bar: #FFFFFFFF; 8 | fg: #FFFFFFFF; 9 | ac: #546e7aFF; 10 | } 11 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/config/rofi/colors.rasi: -------------------------------------------------------------------------------- 1 | /* colors */ 2 | 3 | * { 4 | al: #00000000; 5 | bg: #1F1F1FFF; 6 | bga: #546e7a33; 7 | bar: #FFFFFFFF; 8 | fg: #FFFFFFFF; 9 | ac: #546e7aFF; 10 | } 11 | -------------------------------------------------------------------------------- /modules/shared/fonts.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | with pkgs; [ 4 | dejavu_fonts 5 | emacs-all-the-icons-fonts 6 | font-awesome 7 | hack-font 8 | jetbrains-mono 9 | meslo-lgs-nf 10 | noto-fonts 11 | noto-fonts-color-emoji 12 | ] 13 | -------------------------------------------------------------------------------- /overlays/phpstorm.nix: -------------------------------------------------------------------------------- 1 | (final: prev: { 2 | jetbrains = prev.jetbrains // { 3 | phpstorm = prev.jetbrains.phpstorm.override { 4 | # Force using stock JDK (skip building JetBrains runtime) 5 | jdk = prev.jdk21; 6 | }; 7 | }; 8 | }) 9 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/config/polybar/colors.ini: -------------------------------------------------------------------------------- 1 | [color] 2 | 3 | background = #1F1F1F 4 | foreground = #FFFFFF 5 | foreground-alt = #8F8F8F 6 | module-fg = #FFFFFF 7 | primary = #546e7a 8 | secondary = #E53935 9 | alternate = #7cb342 10 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/config/polybar/colors.ini: -------------------------------------------------------------------------------- 1 | [color] 2 | 3 | background = #1F1F1F 4 | foreground = #FFFFFF 5 | foreground-alt = #8F8F8F 6 | module-fg = #FFFFFF 7 | primary = #546e7a 8 | secondary = #E53935 9 | alternate = #7cb342 10 | -------------------------------------------------------------------------------- /modules/darwin/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; 4 | let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in 5 | shared-packages ++ [ 6 | # D 7 | dockutil # Manage icons in the dock 8 | 9 | # F 10 | fswatch # File change monitor 11 | ] 12 | -------------------------------------------------------------------------------- /systemd/bitcoin-noobs-news.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Run Bitcoin Noobs News Article Generator Daily 3 | Requires=bitcoin-noobs-news.service 4 | 5 | [Timer] 6 | OnCalendar=weekly 7 | RandomizedDelaySec=3600 8 | Persistent=true 9 | 10 | [Install] 11 | WantedBy=timers.target -------------------------------------------------------------------------------- /systemd/bitcoin-noobs-crypto.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Run Bitcoin Noobs Crypto Article Generator Daily 3 | Requires=bitcoin-noobs-crypto.service 4 | 5 | [Timer] 6 | OnCalendar=daily 7 | RandomizedDelaySec=3600 8 | Persistent=true 9 | 10 | [Install] 11 | WantedBy=timers.target -------------------------------------------------------------------------------- /templates/starter/overlays/README.md: -------------------------------------------------------------------------------- 1 | # Overlays 2 | 3 | Files in this directory run automatically as part of each build. Some common ways I've used overlays in the past: 4 | * Applying patches 5 | * Downloading different versions of files (locking to a version or trying a fork) 6 | * Workarounds and stuff I need to run temporarily 7 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/overlays/README.md: -------------------------------------------------------------------------------- 1 | # Overlays 2 | 3 | Files in this directory run automatically as part of each build. Some common ways I've used overlays in the past: 4 | * Applying patches 5 | * Downloading different versions of files (locking to a version or trying a fork) 6 | * Workarounds and stuff I need to run temporarily 7 | -------------------------------------------------------------------------------- /modules/shared/cachix/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, ... }: 2 | { 3 | nix.settings = { 4 | substituters = [ 5 | "https://nix-community.cachix.org" 6 | "https://cache.nixos.org/" 7 | ]; 8 | trusted-public-keys = [ 9 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 10 | ]; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /apps/x86_64-darwin/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | sudo nix-collect-garbage --delete-older-than 7d 12 | 13 | echo -e "${GREEN}Cleanup complete!${NC}" -------------------------------------------------------------------------------- /apps/aarch64-darwin/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | sudo nix-collect-garbage --delete-older-than 7d 12 | 13 | echo -e "${GREEN}Cleanup complete!${NC}" -------------------------------------------------------------------------------- /templates/starter/apps/aarch64-darwin/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | sudo nix-collect-garbage --delete-older-than 7d 12 | 13 | echo -e "${GREEN}Cleanup complete!${NC}" -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-darwin/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | sudo nix-collect-garbage --delete-older-than 7d 12 | 13 | echo -e "${GREEN}Cleanup complete!${NC}" -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | sudo nix-collect-garbage --delete-older-than 7d 12 | 13 | echo -e "${GREEN}Cleanup complete!${NC}" -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-darwin/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | sudo nix-collect-garbage --delete-older-than 7d 12 | 13 | echo -e "${GREEN}Cleanup complete!${NC}" -------------------------------------------------------------------------------- /overlays/linear-cli.nix: -------------------------------------------------------------------------------- 1 | # Linear CLI overlay - wrapper using npx 2 | final: prev: { 3 | linear-cli = prev.writeShellScriptBin "linear" '' 4 | # Linear CLI wrapper using npx 5 | # Uses evangodon's linear-cli package 6 | 7 | export PATH="${prev.nodejs_20}/bin:$PATH" 8 | 9 | # Run using npx with cache 10 | exec ${prev.nodejs_20}/bin/npx --yes @egcli/lr "$@" 11 | ''; 12 | } -------------------------------------------------------------------------------- /templates/starter/modules/darwin/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Layout 3 | ``` 4 | . 5 | ├── dock # MacOS dock configuration 6 | ├── casks.nix # List of homebrew casks 7 | ├── default.nix # Defines module, system-level config 8 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 9 | ├── home-manager.nix # Defines user programs 10 | ├── packages.nix # List of packages to install for MacOS 11 | ``` 12 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: Build Starter Template 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'templates/starter/**' 9 | pull_request: 10 | branches: 11 | - main 12 | paths: 13 | - 'templates/starter/**' 14 | 15 | jobs: 16 | build-starter-template: 17 | uses: ./.github/workflows/build-template.yml 18 | with: 19 | template: 'starter' 20 | arch: 'x86_64-linux' 21 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/darwin/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Layout 3 | ``` 4 | . 5 | ├── dock # MacOS dock configuration 6 | ├── casks.nix # List of homebrew casks 7 | ├── default.nix # Defines module, system-level config 8 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 9 | ├── home-manager.nix # Defines user programs 10 | ├── packages.nix # List of packages to install for MacOS 11 | ``` 12 | -------------------------------------------------------------------------------- /modules/darwin/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Layout 3 | ``` 4 | . 5 | ├── dock # MacOS dock configuration 6 | ├── casks.nix # List of homebrew casks 7 | ├── default.nix # Defines module, system-level config 8 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 9 | ├── home-manager.nix # Defines user programs 10 | ├── packages.nix # List of packages to install for MacOS 11 | ├── secrets.nix # Age-encrypted secrets with agenix 12 | ``` 13 | -------------------------------------------------------------------------------- /modules/nixos/README.md: -------------------------------------------------------------------------------- 1 | ## Layout 2 | ``` 3 | . 4 | ├── config # Config files not written in Nix 5 | ├── default.nix # Defines module, system-level config, 6 | ├── disk-config.nix # Disks, partitions, and filesystems 7 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 8 | ├── home-manager.nix # Defines user programs 9 | ├── packages.nix # List of packages to install for NixOS 10 | ├── secrets.nix # Age-encrypted secrets with agenix 11 | ``` 12 | -------------------------------------------------------------------------------- /systemd/bitcoin-noobs-news.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Bitcoin Noobs News Article Generator 3 | After=network.target 4 | 5 | [Service] 6 | Type=oneshot 7 | User=dustin 8 | Group=dustin 9 | WorkingDirectory=/home/dustin/src/bitcoin-noobs 10 | Environment=HOME=/home/dustin 11 | Environment=USER=dustin 12 | ExecStart=/usr/bin/python3 /home/dustin/src/bitcoin-noobs/article_generator.py news --auto-discover --skip-review 13 | StandardOutput=journal 14 | StandardError=journal 15 | 16 | [Install] 17 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /apps/aarch64-darwin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="aarch64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Cleaning up...${NC}" 17 | unlink ./result 18 | 19 | echo "${GREEN}Switch to new generation complete!${NC}" 20 | -------------------------------------------------------------------------------- /apps/x86_64-darwin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="x86_64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Cleaning up...${NC}" 17 | unlink ./result 18 | 19 | echo "${GREEN}Switch to new generation complete!${NC}" 20 | -------------------------------------------------------------------------------- /systemd/bitcoin-noobs-crypto.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Bitcoin Noobs Crypto Article Generator 3 | After=network.target 4 | 5 | [Service] 6 | Type=oneshot 7 | User=dustin 8 | Group=dustin 9 | WorkingDirectory=/home/dustin/src/bitcoin-noobs 10 | Environment=HOME=/home/dustin 11 | Environment=USER=dustin 12 | ExecStart=/usr/bin/python3 /home/dustin/src/bitcoin-noobs/article_generator.py crypto --count 10 --skip-review --skip-integration 13 | StandardOutput=journal 14 | StandardError=journal 15 | 16 | [Install] 17 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-darwin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="x86_64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Cleaning up...${NC}" 17 | unlink ./result 18 | 19 | echo "${GREEN}Switch to new generation complete!${NC}" 20 | -------------------------------------------------------------------------------- /templates/starter/apps/aarch64-darwin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="aarch64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Cleaning up...${NC}" 17 | unlink ./result 18 | 19 | echo "${GREEN}Switch to new generation complete!${NC}" 20 | -------------------------------------------------------------------------------- /modules/darwin/casks.nix: -------------------------------------------------------------------------------- 1 | _: 2 | 3 | [ 4 | # Development Tools 5 | "claude" 6 | "insomnia" 7 | "tableplus" 8 | "ngrok" 9 | "postico" 10 | "visual-studio-code" 11 | "wireshark-app" 12 | 13 | # Communication Tools 14 | "discord" 15 | "loom" 16 | "slack" 17 | "telegram" 18 | "zoom" 19 | 20 | # Utility Tools 21 | "appcleaner" 22 | "syncthing-app" 23 | 24 | # Entertainment Tools 25 | "steam" 26 | "vlc" 27 | 28 | # Productivity Tools 29 | "raycast" 30 | "asana" 31 | 32 | # Browsers 33 | "google-chrome" 34 | ] 35 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="aarch64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Cleaning up...${NC}" 17 | unlink ./result 18 | 19 | echo "${GREEN}Switch to new generation complete!${NC}" 20 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-darwin/build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="x86_64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Cleaning up...${NC}" 17 | unlink ./result 18 | 19 | echo "${GREEN}Switch to new generation complete!${NC}" 20 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/config/rofi/confirm.rasi: -------------------------------------------------------------------------------- 1 | /* Confirm Dialog */ 2 | 3 | @import "colors.rasi" 4 | 5 | * { 6 | background-color: @bg; 7 | text-color: @fg; 8 | font: "Iosevka Nerd Font 10"; 9 | } 10 | 11 | window { 12 | width: 225px; 13 | padding: 25px; 14 | border: 0px 0px 2px 0px; 15 | border-radius: 0px; 16 | border-color: @ac; 17 | location: center; 18 | y-offset: -2em; 19 | } 20 | 21 | entry { 22 | expand: true; 23 | text-color: @ac; 24 | } 25 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/config/rofi/message.rasi: -------------------------------------------------------------------------------- 1 | /* Confirm Dialog */ 2 | 3 | @import "colors.rasi" 4 | 5 | * { 6 | background-color: @bg; 7 | text-color: @fg; 8 | font: "Iosevka Nerd Font 10"; 9 | } 10 | 11 | window { 12 | width: 320px; 13 | padding: 25px; 14 | border: 0px 0px 2px 0px; 15 | border-radius: 0px; 16 | border-color: @ac; 17 | location: center; 18 | y-offset: -2em; 19 | } 20 | 21 | entry { 22 | expand: true; 23 | text-color: @ac; 24 | } 25 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/config/rofi/confirm.rasi: -------------------------------------------------------------------------------- 1 | /* Confirm Dialog */ 2 | 3 | @import "colors.rasi" 4 | 5 | * { 6 | background-color: @bg; 7 | text-color: @fg; 8 | font: "Iosevka Nerd Font 10"; 9 | } 10 | 11 | window { 12 | width: 225px; 13 | padding: 25px; 14 | border: 0px 0px 2px 0px; 15 | border-radius: 0px; 16 | border-color: @ac; 17 | location: center; 18 | y-offset: -2em; 19 | } 20 | 21 | entry { 22 | expand: true; 23 | text-color: @ac; 24 | } 25 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/config/rofi/message.rasi: -------------------------------------------------------------------------------- 1 | /* Confirm Dialog */ 2 | 3 | @import "colors.rasi" 4 | 5 | * { 6 | background-color: @bg; 7 | text-color: @fg; 8 | font: "Iosevka Nerd Font 10"; 9 | } 10 | 11 | window { 12 | width: 320px; 13 | padding: 25px; 14 | border: 0px 0px 2px 0px; 15 | border-radius: 0px; 16 | border-color: @ac; 17 | location: center; 18 | y-offset: -2em; 19 | } 20 | 21 | entry { 22 | expand: true; 23 | text-color: @ac; 24 | } 25 | -------------------------------------------------------------------------------- /templates/starter/modules/darwin/casks.nix: -------------------------------------------------------------------------------- 1 | _: 2 | 3 | [ 4 | # Development Tools 5 | "homebrew/cask/docker" 6 | "visual-studio-code" 7 | "iterm2" 8 | "postman" 9 | "cursor" 10 | 11 | # Productivity Tools 12 | "raycast" 13 | 14 | # Browsers 15 | "google-chrome" 16 | 17 | # Communication Tools - Examples (uncomment as needed) 18 | # "discord" 19 | # "notion" 20 | # "slack" 21 | # "telegram" 22 | # "zoom" 23 | 24 | # Utility Tools - Examples (uncomment as needed) 25 | # "syncthing" 26 | # "1password" 27 | # "rectangle" 28 | 29 | # Entertainment Tools - Examples (uncomment as needed) 30 | # "spotify" 31 | # "vlc" 32 | ] -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/darwin/casks.nix: -------------------------------------------------------------------------------- 1 | _: 2 | 3 | [ 4 | # Development Tools 5 | "homebrew/cask/docker" 6 | "visual-studio-code" 7 | "iterm2" 8 | "postman" 9 | "cursor" 10 | 11 | # Productivity Tools 12 | "raycast" 13 | 14 | # Browsers 15 | "google-chrome" 16 | 17 | # Communication Tools - Examples (uncomment as needed) 18 | # "discord" 19 | # "notion" 20 | # "slack" 21 | # "telegram" 22 | # "zoom" 23 | 24 | # Utility Tools - Examples (uncomment as needed) 25 | # "syncthing" 26 | # "1password" 27 | # "rectangle" 28 | 29 | # Entertainment Tools - Examples (uncomment as needed) 30 | # "spotify" 31 | # "vlc" 32 | ] -------------------------------------------------------------------------------- /modules/shared/README.md: -------------------------------------------------------------------------------- 1 | ## Shared 2 | Much of the code running on MacOS or NixOS is actually found here. 3 | 4 | This configuration gets imported by both modules. Some configuration examples include `git`, `zsh`, `vim`, and `tmux`. 5 | 6 | ## Layout 7 | ``` 8 | . 9 | ├── config # Config files not written in Nix 10 | ├── cachix # Defines cachix, a global cache for builds 11 | ├── default.nix # Defines how we import overlays 12 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 13 | ├── home-manager.nix # The goods; most all shared config lives here 14 | ├── packages.nix # List of packages to share 15 | 16 | ``` 17 | -------------------------------------------------------------------------------- /apps/x86_64-linux/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations and boot files...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | echo -e "${YELLOW}Removing old system generations...${NC}" 12 | sudo nix-collect-garbage --delete-older-than 7d 13 | 14 | # Clean up boot partition by reinstalling bootloader 15 | echo -e "${YELLOW}Cleaning up boot partition...${NC}" 16 | sudo nixos-rebuild boot --flake .#aarch64-linux --install-bootloader 17 | 18 | echo -e "${GREEN}Cleanup complete!${NC}" 19 | echo -e "${YELLOW}Boot partition status:${NC}" 20 | df -h /boot -------------------------------------------------------------------------------- /apps/README.md: -------------------------------------------------------------------------------- 1 | # Apps 2 | The [apps](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-run#apps) in this directory are Nix [installables](https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix?search=#installables), created using the [`mkApp`](https://github.com/dustinlyons/nixos-config/blob/main/flake.nix#L49) function declared within my `flake.nix` file. 3 | 4 | These Nix commands are tailored for different systems, including Linux (`x86_64-linux`, `aarch64-linux`) and Darwin (`aarch64-darwin`, `x86_64-darwin`). 5 | 6 | They execute with `nix run` and are referenced as part of the step-by-step instructions found in the [README](https://github.com/dustinlyons/nixos-config/blob/main/README.md). 7 | -------------------------------------------------------------------------------- /templates/starter/modules/shared/README.md: -------------------------------------------------------------------------------- 1 | ## Shared 2 | Much of the code running on MacOS or NixOS is actually found here. 3 | 4 | This configuration gets imported by both modules. Some configuration examples include `git`, `zsh`, `vim`, and `tmux`. 5 | 6 | ## Layout 7 | ``` 8 | . 9 | ├── config # Config files not written in Nix 10 | ├── cachix # Defines cachix, a global cache for builds 11 | ├── default.nix # Defines how we import overlays 12 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 13 | ├── home-manager.nix # The goods; most all shared config lives here 14 | ├── packages.nix # List of packages to share 15 | 16 | ``` 17 | -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-linux/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations and boot files...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | echo -e "${YELLOW}Removing old system generations...${NC}" 12 | sudo nix-collect-garbage --delete-older-than 7d 13 | 14 | # Clean up boot partition by reinstalling bootloader 15 | echo -e "${YELLOW}Cleaning up boot partition...${NC}" 16 | sudo nixos-rebuild boot --flake .#aarch64-linux --install-bootloader 17 | 18 | echo -e "${GREEN}Cleanup complete!${NC}" 19 | echo -e "${YELLOW}Boot partition status:${NC}" 20 | df -h /boot -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/shared/README.md: -------------------------------------------------------------------------------- 1 | ## Shared 2 | Much of the code running on MacOS or NixOS is actually found here. 3 | 4 | This configuration gets imported by both modules. Some configuration examples include `git`, `zsh`, `vim`, and `tmux`. 5 | 6 | ## Layout 7 | ``` 8 | . 9 | ├── config # Config files not written in Nix 10 | ├── cachix # Defines cachix, a global cache for builds 11 | ├── default.nix # Defines how we import overlays 12 | ├── files.nix # Non-Nix, static configuration files (now immutable!) 13 | ├── home-manager.nix # The goods; most all shared config lives here 14 | ├── packages.nix # List of packages to share 15 | 16 | ``` 17 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-linux/clean: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | echo -e "${YELLOW}Cleaning up old system generations and boot files...${NC}" 9 | 10 | # Clean up old generations (older than 7 days) 11 | echo -e "${YELLOW}Removing old system generations...${NC}" 12 | sudo nix-collect-garbage --delete-older-than 7d 13 | 14 | # Clean up boot partition by reinstalling bootloader 15 | echo -e "${YELLOW}Cleaning up boot partition...${NC}" 16 | sudo nixos-rebuild boot --flake .#aarch64-linux --install-bootloader 17 | 18 | echo -e "${GREEN}Cleanup complete!${NC}" 19 | echo -e "${YELLOW}Boot partition status:${NC}" 20 | df -h /boot -------------------------------------------------------------------------------- /templates/starter/modules/shared/files.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | 3 | { 4 | # Initializes Emacs with org-mode so we can tangle the main config 5 | ".emacs.d/init.el" = { 6 | text = builtins.readFile ../shared/config/emacs/init.el; 7 | }; 8 | 9 | # IMPORTANT: The Emacs configuration expects a config.org file at ~/.config/emacs/config.org 10 | # You can either: 11 | # 1. Copy the provided config.org to ~/.config/emacs/config.org 12 | # 2. Set EMACS_CONFIG_ORG environment variable to point to your config.org location 13 | # 3. Uncomment below to have Nix manage the file: 14 | # 15 | # ".config/emacs/config.org" = { 16 | # text = builtins.readFile ../shared/config/emacs/config.org; 17 | # }; 18 | } 19 | -------------------------------------------------------------------------------- /apps/aarch64-darwin/rollback: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | FLAKE="Dustins-MBP" 9 | 10 | echo "${YELLOW}Available generations:${NC}" 11 | /run/current-system/sw/bin/darwin-rebuild --list-generations 12 | 13 | echo "${YELLOW}Enter the generation number for rollback:${NC}" 14 | read GEN_NUM 15 | 16 | if [ -z "$GEN_NUM" ]; then 17 | echo "${RED}No generation number entered. Aborting rollback.${NC}" 18 | exit 1 19 | fi 20 | 21 | echo "${YELLOW}Rolling back to generation $GEN_NUM...${NC}" 22 | /run/current-system/sw/bin/darwin-rebuild switch --flake .#$FLAKE --switch-generation $GEN_NUM 23 | 24 | echo "${GREEN}Rollback to generation $GEN_NUM complete!${NC}" 25 | -------------------------------------------------------------------------------- /templates/starter/apps/aarch64-darwin/rollback: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | FLAKE="macos" 9 | 10 | echo "${YELLOW}Available generations:${NC}" 11 | /run/current-system/sw/bin/darwin-rebuild --list-generations 12 | 13 | echo "${YELLOW}Enter the generation number for rollback:${NC}" 14 | read GEN_NUM 15 | 16 | if [ -z "$GEN_NUM" ]; then 17 | echo "${RED}No generation number entered. Aborting rollback.${NC}" 18 | exit 1 19 | fi 20 | 21 | echo "${YELLOW}Rolling back to generation $GEN_NUM...${NC}" 22 | /run/current-system/sw/bin/darwin-rebuild switch --flake .#$FLAKE --switch-generation $GEN_NUM 23 | 24 | echo "${GREEN}Rollback to generation $GEN_NUM complete!${NC}" 25 | -------------------------------------------------------------------------------- /apps/aarch64-darwin/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="aarch64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Switching to new generation...${NC}" 17 | # See https://github.com/nix-darwin/nix-darwin/issues/1457 on why we need sudo 18 | sudo ./result/sw/bin/darwin-rebuild switch --flake .#${SYSTEM_TYPE} $@ 19 | 20 | echo "${YELLOW}Cleaning up...${NC}" 21 | unlink ./result 22 | 23 | echo "${GREEN}Switch to new generation complete!${NC}" 24 | -------------------------------------------------------------------------------- /apps/x86_64-darwin/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="x86_64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Switching to new generation...${NC}" 17 | 18 | # See https://github.com/nix-darwin/nix-darwin/issues/1457 on why we need sudo 19 | sudo ./result/sw/bin/darwin-rebuild switch --flake .#${SYSTEM_TYPE} $@ 20 | 21 | echo "${YELLOW}Cleaning up...${NC}" 22 | unlink ./result 23 | 24 | echo "${GREEN}Switch to new generation complete!${NC}" 25 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/rollback: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | FLAKE="macos" 9 | 10 | echo "${YELLOW}Available generations:${NC}" 11 | /run/current-system/sw/bin/darwin-rebuild --list-generations 12 | 13 | echo "${YELLOW}Enter the generation number for rollback:${NC}" 14 | read GEN_NUM 15 | 16 | if [ -z "$GEN_NUM" ]; then 17 | echo "${RED}No generation number entered. Aborting rollback.${NC}" 18 | exit 1 19 | fi 20 | 21 | echo "${YELLOW}Rolling back to generation $GEN_NUM...${NC}" 22 | /run/current-system/sw/bin/darwin-rebuild switch --flake .#$FLAKE --switch-generation $GEN_NUM 23 | 24 | echo "${GREEN}Rollback to generation $GEN_NUM complete!${NC}" 25 | -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-darwin/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="x86_64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Switching to new generation...${NC}" 17 | # See https://github.com/nix-darwin/nix-darwin/issues/1457 on why we need sudo 18 | sudo ./result/sw/bin/darwin-rebuild switch --flake .#${SYSTEM_TYPE} $@ 19 | 20 | echo "${YELLOW}Cleaning up...${NC}" 21 | unlink ./result 22 | 23 | echo "${GREEN}Switch to new generation complete!${NC}" 24 | -------------------------------------------------------------------------------- /templates/starter/apps/aarch64-darwin/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="aarch64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Switching to new generation...${NC}" 17 | # See https://github.com/nix-darwin/nix-darwin/issues/1457 on why we need sudo 18 | sudo ./result/sw/bin/darwin-rebuild switch --flake .#${SYSTEM_TYPE} $@ 19 | 20 | echo "${YELLOW}Cleaning up...${NC}" 21 | unlink ./result 22 | 23 | echo "${GREEN}Switch to new generation complete!${NC}" 24 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="aarch64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Switching to new generation...${NC}" 17 | # See https://github.com/nix-darwin/nix-darwin/issues/1457 on why we need sudo 18 | sudo ./result/sw/bin/darwin-rebuild switch --flake .#${SYSTEM_TYPE} $@ 19 | 20 | echo "${YELLOW}Cleaning up...${NC}" 21 | unlink ./result 22 | 23 | echo "${GREEN}Switch to new generation complete!${NC}" 24 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-darwin/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | GREEN='\033[1;32m' 4 | YELLOW='\033[1;33m' 5 | RED='\033[1;31m' 6 | NC='\033[0m' 7 | 8 | SYSTEM_TYPE="x86_64-darwin" 9 | FLAKE_SYSTEM="darwinConfigurations.${SYSTEM_TYPE}.system" 10 | 11 | export NIXPKGS_ALLOW_UNFREE=1 12 | 13 | echo "${YELLOW}Starting build...${NC}" 14 | nix --extra-experimental-features 'nix-command flakes' build .#$FLAKE_SYSTEM $@ 15 | 16 | echo "${YELLOW}Switching to new generation...${NC}" 17 | # See https://github.com/nix-darwin/nix-darwin/issues/1457 on why we need sudo 18 | sudo ./result/sw/bin/darwin-rebuild switch --flake .#${SYSTEM_TYPE} $@ 19 | 20 | echo "${YELLOW}Cleaning up...${NC}" 21 | unlink ./result 22 | 23 | echo "${GREEN}Switch to new generation complete!${NC}" 24 | -------------------------------------------------------------------------------- /apps/x86_64-linux/create-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | # We're assuming this is being run as root in the NixOS installer 9 | export SSH_DIR=/root/.ssh 10 | 11 | setup_ssh_directory() { 12 | mkdir -p ${SSH_DIR} 13 | } 14 | 15 | generate_keys() { 16 | ssh-keygen -t ed25519 -f "${SSH_DIR}/id_ed25519" -N "" 17 | ssh-keygen -t ed25519 -f "${SSH_DIR}/id_ed25519_agenix" -N "" 18 | chmod 600 ${SSH_DIR}/id_ed25519{,_agenix}{,.pub} 19 | } 20 | 21 | setup_ssh_directory 22 | generate_keys 23 | 24 | echo -e "${GREEN}New SSH keys have been generated.${NC}" 25 | echo -e "${GREEN}1) Add the id_ed25519 key to Github.${NC}" 26 | cat "${SSH_DIR}/id_ed25519.pub" 27 | echo -e "${GREEN}2) Create a private nix-secrets repo in Github, even if it's empty.${NC}" 28 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/shared/files.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | 3 | # let 4 | # githubPublicKey = "ssh-ed25519 AAAA..."; 5 | # in 6 | { 7 | 8 | # ".ssh/id_github.pub" = { 9 | # text = githubPublicKey; 10 | # }; 11 | 12 | # Initializes Emacs with org-mode so we can tangle the main config 13 | ".emacs.d/init.el" = { 14 | text = builtins.readFile ../shared/config/emacs/init.el; 15 | }; 16 | 17 | # IMPORTANT: The Emacs configuration expects a config.org file at ~/.config/emacs/config.org 18 | # You can either: 19 | # 1. Copy the provided config.org to ~/.config/emacs/config.org 20 | # 2. Set EMACS_CONFIG_ORG environment variable to point to your config.org location 21 | # 3. Uncomment below to have Nix manage the file: 22 | # 23 | # ".config/emacs/config.org" = { 24 | # text = builtins.readFile ../shared/config/emacs/config.org; 25 | # }; 26 | } 27 | -------------------------------------------------------------------------------- /templates/starter/modules/shared/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | let 4 | emacsOverlaySha256 = "11p1c1l04zrn8dd5w8zyzlv172z05dwi9avbckav4d5fk043m754"; 5 | in 6 | { 7 | 8 | nixpkgs = { 9 | config = { 10 | allowUnfree = true; 11 | allowBroken = true; 12 | allowInsecure = false; 13 | allowUnsupportedSystem = true; 14 | }; 15 | 16 | overlays = 17 | # Apply each overlay found in the /overlays directory 18 | let path = ../../overlays; in with builtins; 19 | map (n: import (path + ("/" + n))) 20 | (filter (n: match ".*\\.nix" n != null || 21 | pathExists (path + ("/" + n + "/default.nix"))) 22 | (attrNames (readDir path))) 23 | 24 | ++ [(import (builtins.fetchTarball { 25 | url = "https://github.com/dustinlyons/emacs-overlay/archive/refs/heads/master.tar.gz"; 26 | sha256 = emacsOverlaySha256; 27 | }))]; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/shared/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | let 4 | emacsOverlaySha256 = "11p1c1l04zrn8dd5w8zyzlv172z05dwi9avbckav4d5fk043m754"; 5 | in 6 | { 7 | 8 | nixpkgs = { 9 | config = { 10 | allowUnfree = true; 11 | allowBroken = true; 12 | allowInsecure = false; 13 | allowUnsupportedSystem = true; 14 | }; 15 | 16 | overlays = 17 | # Apply each overlay found in the /overlays directory 18 | let path = ../../overlays; in with builtins; 19 | map (n: import (path + ("/" + n))) 20 | (filter (n: match ".*\\.nix" n != null || 21 | pathExists (path + ("/" + n + "/default.nix"))) 22 | (attrNames (readDir path))) 23 | 24 | ++ [(import (builtins.fetchTarball { 25 | url = "https://github.com/dustinlyons/emacs-overlay/archive/refs/heads/master.tar.gz"; 26 | sha256 = emacsOverlaySha256; 27 | }))]; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/disk-config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | # This formats the disk with the ext4 filesystem 3 | # Other examples found here: https://github.com/nix-community/disko/tree/master/example 4 | disko.devices = { 5 | disk = { 6 | vdb = { 7 | device = "/dev/%DISK%"; 8 | type = "disk"; 9 | content = { 10 | type = "gpt"; 11 | partitions = { 12 | ESP = { 13 | type = "EF00"; 14 | size = "100M"; 15 | content = { 16 | type = "filesystem"; 17 | format = "vfat"; 18 | mountpoint = "/boot"; 19 | }; 20 | }; 21 | root = { 22 | size = "100%"; 23 | content = { 24 | type = "filesystem"; 25 | format = "ext4"; 26 | mountpoint = "/"; 27 | }; 28 | }; 29 | }; 30 | }; 31 | }; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/disk-config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | # This formats the disk with the ext4 filesystem 3 | # Other examples found here: https://github.com/nix-community/disko/tree/master/example 4 | disko.devices = { 5 | disk = { 6 | vdb = { 7 | device = "/dev/%DISK%"; 8 | type = "disk"; 9 | content = { 10 | type = "gpt"; 11 | partitions = { 12 | ESP = { 13 | type = "EF00"; 14 | size = "100M"; 15 | content = { 16 | type = "filesystem"; 17 | format = "vfat"; 18 | mountpoint = "/boot"; 19 | }; 20 | }; 21 | root = { 22 | size = "100%"; 23 | content = { 24 | type = "filesystem"; 25 | format = "ext4"; 26 | mountpoint = "/"; 27 | }; 28 | }; 29 | }; 30 | }; 31 | }; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /apps/x86_64-linux/build-switch-emacs: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | SYSTEM=$(uname -m) 9 | 10 | case "$SYSTEM" in 11 | x86_64) 12 | FLAKE_TARGET="x86_64-linux" 13 | ;; 14 | aarch64) 15 | FLAKE_TARGET="aarch64-linux" 16 | ;; 17 | *) 18 | echo -e "${RED}Unsupported architecture: $SYSTEM${NC}" 19 | exit 1 20 | ;; 21 | esac 22 | 23 | echo -e "${YELLOW}Starting build and switch...${NC}" 24 | 25 | # We pass SSH from user to root so root can download secrets from our private Github 26 | sudo /run/current-system/sw/bin/nixos-rebuild switch --flake .#$FLAKE_TARGET $@ 27 | 28 | echo -e "${GREEN}Switch to new generation complete!${NC}" 29 | 30 | echo -e "${YELLOW}Restarting Emacs daemon...${NC}" 31 | 32 | # Kill the Emacs daemon using emacsclient 33 | emacsclient -e "(kill-emacs)" 2>/dev/null || true 34 | echo -e "${GREEN}Emacs daemon restarted.${NC}" 35 | 36 | echo -e "${GREEN}Build, switch, and Emacs restart complete!${NC}" -------------------------------------------------------------------------------- /templates/starter/overlays/10-feather-font.nix: -------------------------------------------------------------------------------- 1 | self: super: with super; { 2 | feather-font = let 3 | version = "1.0"; 4 | pname = "feather-font"; 5 | in stdenv.mkDerivation { 6 | name = "${pname}-${version}"; 7 | 8 | src = fetchzip { 9 | url = "https://github.com/dustinlyons/feather-font/archive/refs/tags/${version}.zip"; 10 | sha256 = "sha256-Zsz8/qn7XAG6BVp4XdqooEqioFRV7bLH0bQkHZvFbsg="; 11 | }; 12 | 13 | buildInputs = [ unzip ]; 14 | phases = [ "unpackPhase" "installPhase" ]; 15 | 16 | installPhase = '' 17 | mkdir -p $out/share/fonts/truetype 18 | cp $src/feather.ttf $out/share/fonts/truetype/ 19 | ''; 20 | 21 | meta = with lib; { 22 | homepage = "https://www.feathericons.com/"; 23 | description = "Set of font icons from the open source collection Feather Icons"; 24 | license = licenses.mit; 25 | maintainers = [ maintainers.dlyons ]; 26 | platforms = [ platforms.x86_64-linux platforms.x86_64-darwin ]; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/overlays/10-feather-font.nix: -------------------------------------------------------------------------------- 1 | self: super: with super; { 2 | 3 | feather-font = let 4 | version = "1.0"; 5 | pname = "feather-font"; 6 | in stdenv.mkDerivation { 7 | name = "${pname}-${version}"; 8 | 9 | src = fetchzip { 10 | url = "https://github.com/dustinlyons/feather-font/archive/refs/tags/${version}.zip"; 11 | sha256 = "sha256-Zsz8/qn7XAG6BVp4XdqooEqioFRV7bLH0bQkHZvFbsg="; 12 | }; 13 | 14 | buildInputs = [ unzip ]; 15 | phases = [ "unpackPhase" "installPhase" ]; 16 | 17 | installPhase = '' 18 | mkdir -p $out/share/fonts/truetype 19 | cp $src/feather.ttf $out/share/fonts/truetype/ 20 | ''; 21 | 22 | meta = with lib; { 23 | homepage = "https://www.feathericons.com/"; 24 | description = "Set of font icons from the open source collection Feather Icons"; 25 | license = licenses.mit; 26 | maintainers = [ maintainers.dlyons ]; 27 | platforms = [ platforms.x86_64-linux platforms.x86_64-darwin ]; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/secrets.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, agenix, secrets, ... }: 2 | 3 | let user = "%USER%"; in 4 | { 5 | age.identityPaths = [ 6 | "/home/${user}/.ssh/id_ed25519" 7 | ]; 8 | 9 | # Your secrets go here 10 | # 11 | # Note: the installWithSecrets command you ran to boostrap the machine actually copies over 12 | # a Github key pair. However, if you want to store the keypair in your nix-secrets repo 13 | # instead, you can reference the age files and specify the symlink path here. Then add your 14 | # public key in shared/files.nix. 15 | # 16 | # If you change the key name, you'll need to update the SSH configuration in shared/home-manager.nix 17 | # so Github reads it correctly. 18 | 19 | # 20 | # age.secrets."github-ssh-key" = { 21 | # symlink = false; 22 | # path = "/home/${user}/.ssh/id_github"; 23 | # file = "${secrets}/github-ssh-key.age"; 24 | # mode = "600"; 25 | # owner = "${user}"; 26 | # group = "wheel"; 27 | # }; 28 | 29 | } 30 | -------------------------------------------------------------------------------- /templates/starter/modules/darwin/files.nix: -------------------------------------------------------------------------------- 1 | { user, config, pkgs, ... }: 2 | 3 | let 4 | xdg_configHome = "${config.users.users.${user}.home}/.config"; 5 | xdg_dataHome = "${config.users.users.${user}.home}/.local/share"; 6 | xdg_stateHome = "${config.users.users.${user}.home}/.local/state"; in 7 | { 8 | 9 | # Raycast script so that "Run Emacs" is available and uses Emacs daemon 10 | "${xdg_dataHome}/bin/emacsclient" = { 11 | executable = true; 12 | text = '' 13 | #!/bin/zsh 14 | # 15 | # Required parameters: 16 | # @raycast.schemaVersion 1 17 | # @raycast.title Run Emacs 18 | # @raycast.mode silent 19 | # 20 | # Optional parameters: 21 | # @raycast.packageName Emacs 22 | # @raycast.icon ${xdg_dataHome}/img/icons/Emacs.icns 23 | # @raycast.iconDark ${xdg_dataHome}/img/icons/Emacs.icns 24 | 25 | if [[ $1 = "-t" ]]; then 26 | # Terminal mode 27 | ${pkgs.emacs}/bin/emacsclient -t $@ 28 | else 29 | # GUI mode 30 | ${pkgs.emacs}/bin/emacsclient -c -n $@ 31 | fi 32 | ''; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/darwin/files.nix: -------------------------------------------------------------------------------- 1 | { user, config, pkgs, ... }: 2 | 3 | let 4 | xdg_configHome = "${config.users.users.${user}.home}/.config"; 5 | xdg_dataHome = "${config.users.users.${user}.home}/.local/share"; 6 | xdg_stateHome = "${config.users.users.${user}.home}/.local/state"; in 7 | { 8 | 9 | # Raycast script so that "Run Emacs" is available and uses Emacs daemon 10 | "${xdg_dataHome}/bin/emacsclient" = { 11 | executable = true; 12 | text = '' 13 | #!/bin/zsh 14 | # 15 | # Required parameters: 16 | # @raycast.schemaVersion 1 17 | # @raycast.title Run Emacs 18 | # @raycast.mode silent 19 | # 20 | # Optional parameters: 21 | # @raycast.packageName Emacs 22 | # @raycast.icon ${xdg_dataHome}/img/icons/Emacs.icns 23 | # @raycast.iconDark ${xdg_dataHome}/img/icons/Emacs.icns 24 | 25 | if [[ $1 = "-t" ]]; then 26 | # Terminal mode 27 | ${pkgs.emacs}/bin/emacsclient -t $@ 28 | else 29 | # GUI mode 30 | ${pkgs.emacs}/bin/emacsclient -c -n $@ 31 | fi 32 | ''; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /apps/aarch64-darwin/check-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | lint_keys() { 12 | if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 13 | echo -e "${GREEN}All SSH keys are present.${NC}" 14 | else 15 | echo -e "${RED}Some SSH keys are missing.${NC}" 16 | if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then 17 | echo -e "${RED}Missing: id_ed25519${NC}" 18 | fi 19 | if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then 20 | echo -e "${RED}Missing: id_ed25519.pub${NC}" 21 | fi 22 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then 23 | echo -e "${RED}Missing: id_ed25519_agenix${NC}" 24 | fi 25 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 26 | echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" 27 | fi 28 | echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}" 29 | exit 1 30 | fi 31 | } 32 | 33 | lint_keys 34 | -------------------------------------------------------------------------------- /apps/x86_64-darwin/check-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | lint_keys() { 12 | if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 13 | echo -e "${GREEN}All SSH keys are present.${NC}" 14 | else 15 | echo -e "${RED}Some SSH keys are missing.${NC}" 16 | if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then 17 | echo -e "${RED}Missing: id_ed25519${NC}" 18 | fi 19 | if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then 20 | echo -e "${RED}Missing: id_ed25519.pub${NC}" 21 | fi 22 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then 23 | echo -e "${RED}Missing: id_ed25519_agenix${NC}" 24 | fi 25 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 26 | echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" 27 | fi 28 | echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}" 29 | exit 1 30 | fi 31 | } 32 | 33 | lint_keys 34 | -------------------------------------------------------------------------------- /templates/starter/modules/shared/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; [ 4 | # General packages for development and system management 5 | alacritty 6 | bash-completion 7 | bat 8 | btop 9 | coreutils 10 | killall 11 | openssh 12 | sqlite 13 | wget 14 | zip 15 | 16 | # Encryption and security tools 17 | age 18 | gnupg 19 | 20 | # Cloud-related tools and SDKs 21 | docker 22 | docker-compose 23 | 24 | # Media-related packages 25 | emacs-all-the-icons-fonts 26 | dejavu_fonts 27 | fd 28 | font-awesome 29 | hack-font 30 | noto-fonts 31 | noto-fonts-color-emoji 32 | meslo-lgs-nf 33 | 34 | # Node.js development tools 35 | nodejs_24 36 | 37 | # Text and terminal utilities 38 | htop 39 | jetbrains-mono 40 | jq 41 | ripgrep 42 | tree 43 | tmux 44 | unzip 45 | zsh-powerlevel10k 46 | 47 | # Development tools 48 | curl 49 | gh 50 | terraform 51 | kubectl 52 | awscli2 53 | lazygit 54 | fzf 55 | direnv 56 | 57 | # Programming languages and runtimes 58 | go 59 | rustc 60 | cargo 61 | openjdk 62 | 63 | # Python packages 64 | python3 65 | virtualenv 66 | ] 67 | -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-darwin/check-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | lint_keys() { 12 | if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 13 | echo -e "${GREEN}All SSH keys are present.${NC}" 14 | else 15 | echo -e "${RED}Some SSH keys are missing.${NC}" 16 | if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then 17 | echo -e "${RED}Missing: id_ed25519${NC}" 18 | fi 19 | if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then 20 | echo -e "${RED}Missing: id_ed25519.pub${NC}" 21 | fi 22 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then 23 | echo -e "${RED}Missing: id_ed25519_agenix${NC}" 24 | fi 25 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 26 | echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" 27 | fi 28 | echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}" 29 | exit 1 30 | fi 31 | } 32 | 33 | lint_keys 34 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-darwin/check-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | lint_keys() { 12 | if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 13 | echo -e "${GREEN}All SSH keys are present.${NC}" 14 | else 15 | echo -e "${RED}Some SSH keys are missing.${NC}" 16 | if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then 17 | echo -e "${RED}Missing: id_ed25519${NC}" 18 | fi 19 | if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then 20 | echo -e "${RED}Missing: id_ed25519.pub${NC}" 21 | fi 22 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then 23 | echo -e "${RED}Missing: id_ed25519_agenix${NC}" 24 | fi 25 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 26 | echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" 27 | fi 28 | echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}" 29 | exit 1 30 | fi 31 | } 32 | 33 | lint_keys 34 | -------------------------------------------------------------------------------- /apps/x86_64-linux/check-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | # We're assuming this is being run as root in the NixOS installer 9 | export SSH_DIR=/root/.ssh 10 | 11 | check_keys() { 12 | if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 13 | echo -e "${GREEN}All SSH keys are present.${NC}" 14 | else 15 | echo -e "${RED}Some SSH keys are missing.${NC}" 16 | if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then 17 | echo -e "${RED}Missing: id_ed25519${NC}" 18 | fi 19 | if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then 20 | echo -e "${RED}Missing: id_ed25519.pub${NC}" 21 | fi 22 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then 23 | echo -e "${RED}Missing: id_ed25519_agenix${NC}" 24 | fi 25 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 26 | echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" 27 | fi 28 | echo -e "${GREEN}Run the createKeys script to generate the missing keys.${NC}" 29 | exit 1 30 | fi 31 | } 32 | 33 | check_keys 34 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/check-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | lint_keys() { 12 | if [[ -f "${SSH_DIR}/id_ed25519" && -f "${SSH_DIR}/id_ed25519.pub" && -f "${SSH_DIR}/id_ed25519_agenix" && -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 13 | echo -e "${GREEN}All SSH keys are present.${NC}" 14 | else 15 | echo -e "${RED}Some SSH keys are missing.${NC}" 16 | if [[ ! -f "${SSH_DIR}/id_ed25519" ]]; then 17 | echo -e "${RED}Missing: id_ed25519${NC}" 18 | fi 19 | if [[ ! -f "${SSH_DIR}/id_ed25519.pub" ]]; then 20 | echo -e "${RED}Missing: id_ed25519.pub${NC}" 21 | fi 22 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix" ]]; then 23 | echo -e "${RED}Missing: id_ed25519_agenix${NC}" 24 | fi 25 | if [[ ! -f "${SSH_DIR}/id_ed25519_agenix.pub" ]]; then 26 | echo -e "${RED}Missing: id_ed25519_agenix.pub${NC}" 27 | fi 28 | echo -e "${GREEN}Run the createKeys command to generate the missing keys.${NC}" 29 | exit 1 30 | fi 31 | } 32 | 33 | lint_keys 34 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/shared/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; [ 4 | # General packages for development and system management 5 | alacritty 6 | bash-completion 7 | bat 8 | btop 9 | coreutils 10 | killall 11 | openssh 12 | sqlite 13 | wget 14 | zip 15 | 16 | # Encryption and security tools 17 | age 18 | age-plugin-yubikey 19 | gnupg 20 | libfido2 21 | 22 | # Cloud-related tools and SDKs 23 | docker 24 | docker-compose 25 | 26 | # Media-related packages 27 | emacs-all-the-icons-fonts 28 | dejavu_fonts 29 | ffmpeg 30 | fd 31 | font-awesome 32 | hack-font 33 | noto-fonts 34 | noto-fonts-color-emoji 35 | meslo-lgs-nf 36 | 37 | # Node.js development tools 38 | nodejs_24 39 | 40 | # Text and terminal utilities 41 | htop 42 | jetbrains-mono 43 | jq 44 | ripgrep 45 | tree 46 | tmux 47 | unrar 48 | unzip 49 | zsh-powerlevel10k 50 | 51 | # Development tools 52 | curl 53 | gh 54 | terraform 55 | kubectl 56 | awscli2 57 | lazygit 58 | fzf 59 | direnv 60 | 61 | # Programming languages and runtimes 62 | go 63 | rustc 64 | cargo 65 | openjdk 66 | 67 | # Python packages 68 | python3 69 | virtualenv 70 | ] 71 | -------------------------------------------------------------------------------- /.github/workflows/lint.yml: -------------------------------------------------------------------------------- 1 | name: Statix Lint 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths-ignore: 8 | - '.github/**' 9 | - 'README.md' 10 | pull_request: 11 | branches: 12 | - main 13 | paths-ignore: 14 | - '.github/**' 15 | - 'README.md' 16 | 17 | jobs: 18 | lint: 19 | runs-on: ubuntu-latest 20 | outputs: 21 | lint-success: ${{ steps.build-result.outputs.success }} 22 | steps: 23 | - name: Checkout repository 24 | uses: actions/checkout@v4 25 | 26 | - name: Install Nix 27 | uses: DeterminateSystems/nix-installer-action@main 28 | 29 | - name: Run statix linter 30 | run: | 31 | echo "Linting Flake..." 32 | if nix run --extra-experimental-features 'nix-command flakes' nixpkgs#statix -- check .; then 33 | echo "success=true" >> $GITHUB_ENV 34 | else 35 | echo "Lint failed, listing flake.lock for debugging:" 36 | cat flake.lock 37 | echo "success=false" >> $GITHUB_ENV 38 | exit 1 39 | fi 40 | 41 | - name: Determine lint result 42 | id: build-result 43 | run: echo "success=${{ env.success }}" >> $GITHUB_OUTPUT 44 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; 4 | let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in 5 | shared-packages ++ [ 6 | 7 | # Security and authentication 8 | yubikey-agent 9 | 10 | # App and package management 11 | appimage-run 12 | gnumake 13 | cmake 14 | home-manager 15 | 16 | # Media and design tools 17 | fontconfig 18 | 19 | # Productivity tools 20 | 21 | # Audio tools 22 | pavucontrol # Pulse audio controls 23 | 24 | # Testing and development tools 25 | rofi 26 | rofi-calc 27 | libtool # for Emacs vterm 28 | 29 | # Screenshot and recording tools 30 | flameshot 31 | 32 | # Text and terminal utilities 33 | tree 34 | unixtools.ifconfig 35 | unixtools.netstat 36 | xclip # For the org-download package in Emacs 37 | xorg.xwininfo # Provides a cursor to click and learn about windows 38 | xorg.xrandr 39 | 40 | # File and system utilities 41 | inotify-tools # inotifywait, inotifywatch - For file system events 42 | libnotify 43 | pcmanfm # File browser 44 | sqlite 45 | xdg-utils 46 | 47 | # Other utilities 48 | google-chrome 49 | 50 | # PDF viewer 51 | zathura 52 | 53 | # Development tools 54 | firefox 55 | 56 | # Music and entertainment 57 | ] 58 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/darwin/secrets.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, agenix, secrets, ... }: 2 | 3 | let user = "%USER%"; in 4 | { 5 | age.identityPaths = [ 6 | "/Users/${user}/.ssh/id_ed25519" 7 | ]; 8 | 9 | # Your secrets go here 10 | # 11 | # Note: the installWithSecrets command you ran to boostrap the machine actually copies over 12 | # a Github key pair. However, if you want to store the keypair in your nix-secrets repo 13 | # instead, you can reference the age files and specify the symlink path here. Then add your 14 | # public key in shared/files.nix. 15 | # 16 | # If you change the key name, you'll need to update the SSH configuration in shared/home-manager.nix 17 | # so Github reads it correctly. 18 | 19 | # 20 | # age.secrets."github-ssh-key" = { 21 | # symlink = true; 22 | # path = "/Users/${user}/.ssh/id_github"; 23 | # file = "${secrets}/github-ssh-key.age"; 24 | # mode = "600"; 25 | # owner = "${user}"; 26 | # group = "staff"; 27 | # }; 28 | 29 | # age.secrets."github-signing-key" = { 30 | # symlink = false; 31 | # path = "/Users/${user}/.ssh/pgp_github.key"; 32 | # file = "${secrets}/github-signing-key.age"; 33 | # mode = "600"; 34 | # owner = "${user}"; 35 | # }; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/modules/nixos/packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | with pkgs; 4 | let shared-packages = import ../shared/packages.nix { inherit pkgs; }; in 5 | shared-packages ++ [ 6 | 7 | # Security and authentication 8 | yubikey-agent 9 | keepassxc 10 | 11 | # App and package management 12 | appimage-run 13 | gnumake 14 | cmake 15 | home-manager 16 | 17 | # Media and design tools 18 | fontconfig 19 | 20 | # Productivity tools 21 | 22 | # Audio tools 23 | pavucontrol # Pulse audio controls 24 | 25 | # Testing and development tools 26 | rofi 27 | rofi-calc 28 | libtool # for Emacs vterm 29 | 30 | # Screenshot and recording tools 31 | flameshot 32 | 33 | # Text and terminal utilities 34 | tree 35 | unixtools.ifconfig 36 | unixtools.netstat 37 | xclip # For the org-download package in Emacs 38 | xorg.xwininfo # Provides a cursor to click and learn about windows 39 | xorg.xrandr 40 | 41 | # File and system utilities 42 | inotify-tools # inotifywait, inotifywatch - For file system events 43 | libnotify 44 | pcmanfm # File browser 45 | sqlite 46 | xdg-utils 47 | 48 | # Other utilities 49 | google-chrome 50 | 51 | # PDF viewer 52 | zathura 53 | 54 | # Development tools 55 | firefox 56 | 57 | # Music and entertainment 58 | ] 59 | -------------------------------------------------------------------------------- /overlays/cider-appimage.nix: -------------------------------------------------------------------------------- 1 | self: super: with super; { 2 | cider-appimage = appimageTools.wrapType2 rec { 3 | pname = "cider"; 4 | version = "3.1.2"; 5 | 6 | src = ./cider-v3.1.2-linux-x64.AppImage; 7 | 8 | nativeBuildInputs = [ makeWrapper ]; 9 | 10 | extraInstallCommands = 11 | let 12 | contents = appimageTools.extract { 13 | inherit version src; 14 | pname = "Cider"; 15 | }; 16 | in 17 | '' 18 | wrapProgram $out/bin/${pname} \ 19 | --add-flags "--ozone-platform=wayland --enable-features=UseOzonePlatform,WaylandWindowDecorations" \ 20 | --add-flags "--no-sandbox --disable-gpu-sandbox" 21 | 22 | if [ -f ${contents}/Cider.desktop ]; then 23 | install -m 444 -D ${contents}/Cider.desktop $out/share/applications/${pname}.desktop 24 | substituteInPlace $out/share/applications/${pname}.desktop \ 25 | --replace-warn 'Exec=Cider' 'Exec=${pname}' 26 | fi 27 | ''; 28 | 29 | meta = with lib; { 30 | description = "A new cross-platform Apple Music experience built on Electron and Vue.js"; 31 | homepage = "https://cider.sh"; 32 | license = licenses.unfree; 33 | mainProgram = "cider"; 34 | platforms = platforms.linux; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /overlays/obsidian-appimage.nix: -------------------------------------------------------------------------------- 1 | self: super: with super; { 2 | obsidian-appimage = appimageTools.wrapType2 rec { 3 | pname = "obsidian"; 4 | version = "1.9.14"; 5 | 6 | src = ./obsidian-v1.9.14-linux-x64.AppImage; 7 | 8 | nativeBuildInputs = [ makeWrapper ]; 9 | 10 | extraInstallCommands = 11 | let 12 | contents = appimageTools.extract { 13 | inherit version src; 14 | pname = "Obsidian"; 15 | }; 16 | in 17 | '' 18 | wrapProgram $out/bin/${pname} \ 19 | --add-flags "--ozone-platform=wayland --enable-features=UseOzonePlatform,WaylandWindowDecorations" \ 20 | --add-flags "--no-sandbox --disable-gpu-sandbox" 21 | 22 | if [ -f ${contents}/Obsidian.desktop ]; then 23 | install -m 444 -D ${contents}/Obsidian.desktop $out/share/applications/${pname}.desktop 24 | substituteInPlace $out/share/applications/${pname}.desktop \ 25 | --replace-warn 'Exec=Obsidian' 'Exec=${pname}' 26 | fi 27 | ''; 28 | 29 | meta = with lib; { 30 | description = "A cross-platform note taking application"; 31 | homepage = "https://obsidian.md"; 32 | license = licenses.unfree; 33 | mainProgram = "obsidian"; 34 | platforms = platforms.linux; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/nixos/secrets.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, agenix, secrets, ... }: 2 | 3 | let user = "dustin"; in 4 | { 5 | age = { 6 | identityPaths = [ 7 | "/home/${user}/.ssh/id_ed25519" 8 | ]; 9 | 10 | secrets = { 11 | "syncthing-cert" = { 12 | symlink = true; 13 | path = "/home/${user}/.config/syncthing/cert.pem"; 14 | file = "${secrets}/felix-syncthing-cert.age"; 15 | mode = "600"; 16 | owner = "${user}"; 17 | group = "users"; 18 | }; 19 | 20 | "syncthing-key" = { 21 | symlink = true; 22 | path = "/home/{$user}/.config/syncthing/key.pem"; 23 | file = "${secrets}/felix-syncthing-key.age"; 24 | mode = "600"; 25 | owner = "${user}"; 26 | group = "users"; 27 | }; 28 | 29 | "github-ssh-key" = { 30 | symlink = false; 31 | path = "/home/${user}/.ssh/id_github"; 32 | file = "${secrets}/github-ssh-key.age"; 33 | mode = "600"; 34 | owner = "${user}"; 35 | group = "wheel"; 36 | }; 37 | 38 | "github-signing-key" = { 39 | symlink = false; 40 | path = "/home/${user}/.ssh/pgp_github.key"; 41 | file = "${secrets}/github-signing-key.age"; 42 | mode = "600"; 43 | owner = "${user}"; 44 | group = "wheel"; 45 | }; 46 | }; 47 | }; 48 | 49 | } 50 | -------------------------------------------------------------------------------- /apps/x86_64-darwin/create-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | setup_ssh_directory() { 12 | mkdir -p ${SSH_DIR} 13 | } 14 | 15 | prompt_for_key_generation() { 16 | local key_name=$1 17 | if [[ -f "${SSH_DIR}/${key_name}" ]]; then 18 | echo -e "${RED}Existing SSH key found for ${key_name}.${NC}" 19 | cat "${SSH_DIR}/${key_name}.pub" 20 | read -p "Do you want to replace it? (y/n) " -n 1 -r 21 | echo 22 | if [[ $REPLY =~ ^[Yy]$ ]]; then 23 | return 0 # Indicate key should be replaced 24 | else 25 | return 1 # Indicate key should be kept 26 | fi 27 | fi 28 | return 0 # Indicate no key exists, so it should be created 29 | } 30 | 31 | generate_key() { 32 | local key_name=$1 33 | if prompt_for_key_generation "$key_name"; then 34 | ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N "" 35 | chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub} 36 | else 37 | echo -e "${GREEN}Kept existing ${key_name}.${NC}" 38 | fi 39 | } 40 | 41 | setup_ssh_directory 42 | generate_key "id_ed25519" 43 | generate_key "id_ed25519_agenix" 44 | 45 | echo -e "${GREEN}SSH key setup complete.${NC}" 46 | echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}" 47 | -------------------------------------------------------------------------------- /apps/aarch64-darwin/create-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | setup_ssh_directory() { 12 | mkdir -p ${SSH_DIR} 13 | } 14 | 15 | prompt_for_key_generation() { 16 | local key_name=$1 17 | if [[ -f "${SSH_DIR}/${key_name}" ]]; then 18 | echo -e "${RED}Existing SSH key found for ${key_name}.${NC}" 19 | cat "${SSH_DIR}/${key_name}.pub" 20 | read -p "Do you want to replace it? (y/n) " -n 1 -r 21 | echo 22 | if [[ $REPLY =~ ^[Yy]$ ]]; then 23 | return 0 # Indicate key should be replaced 24 | else 25 | return 1 # Indicate key should be kept 26 | fi 27 | fi 28 | return 0 # Indicate no key exists, so it should be created 29 | } 30 | 31 | generate_key() { 32 | local key_name=$1 33 | if prompt_for_key_generation "$key_name"; then 34 | ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N "" 35 | chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub} 36 | else 37 | echo -e "${GREEN}Kept existing ${key_name}.${NC}" 38 | fi 39 | } 40 | 41 | setup_ssh_directory 42 | generate_key "id_ed25519" 43 | generate_key "id_ed25519_agenix" 44 | 45 | echo -e "${GREEN}SSH key setup complete.${NC}" 46 | echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}" 47 | -------------------------------------------------------------------------------- /modules/nixos/files.nix: -------------------------------------------------------------------------------- 1 | { user, ... }: 2 | 3 | let 4 | home = builtins.getEnv "HOME"; 5 | xdg_configHome = "${home}/.config"; 6 | xdg_dataHome = "${home}/.local/share"; 7 | xdg_stateHome = "${home}/.local/state"; in 8 | { 9 | "${home}/.npmrc" = { 10 | text = '' 11 | prefix=/home/dustin/.npm-packages 12 | ''; 13 | }; 14 | 15 | "${xdg_configHome}/swappy/config" = { 16 | text = '' 17 | [Default] 18 | save_dir=$HOME/Pictures/Screenshots 19 | save_filename_format=screenshot-%Y%m%d-%H%M%S.png 20 | ''; 21 | }; 22 | 23 | "${xdg_dataHome}/applications/cheatsheet-viewer.desktop" = { 24 | text = '' 25 | [Desktop Entry] 26 | Name=Cheatsheet Viewer 27 | Comment=View programming cheatsheets 28 | Exec=cheatsheet-viewer 29 | Type=Application 30 | Icon=accessories-text-editor 31 | Categories=Utility;Documentation; 32 | ''; 33 | }; 34 | 35 | "${xdg_configHome}/kwinrulesrc" = { 36 | text = '' 37 | [General] 38 | count=1 39 | rules=fa8dd962-e5d7-4a39-9bea-190a62f25ce2 40 | 41 | [fa8dd962-e5d7-4a39-9bea-190a62f25ce2] 42 | Description=Cheatsheet Viewer Position and Size 43 | position=2351,0 44 | positionrule=3 45 | size=988,1100 46 | sizerule=2 47 | types=1 48 | wmclass=alacritty cheatsheet-viewer 49 | wmclasscomplete=true 50 | wmclassmatch=1 51 | ''; 52 | }; 53 | 54 | } 55 | -------------------------------------------------------------------------------- /modules/darwin/secrets.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, agenix, secrets, ... }: 2 | 3 | let user = "dustin"; in 4 | { 5 | age = { 6 | identityPaths = [ 7 | "/Users/${user}/.ssh/id_ed25519" 8 | ]; 9 | 10 | secrets = { 11 | "syncthing-cert" = { 12 | symlink = true; 13 | path = "/Users/${user}/Library/Application Support/Syncthing/cert.pem"; 14 | file = "${secrets}/darwin-syncthing-cert.age"; 15 | mode = "644"; 16 | owner = "${user}"; 17 | group = "staff"; 18 | }; 19 | 20 | "syncthing-key" = { 21 | symlink = true; 22 | path = "/Users/${user}/Library/Application Support/Syncthing/key.pem"; 23 | file = "${secrets}/darwin-syncthing-key.age"; 24 | mode = "600"; 25 | owner = "${user}"; 26 | group = "staff"; 27 | }; 28 | 29 | "github-ssh-key" = { 30 | symlink = true; 31 | path = "/Users/${user}/.ssh/id_github"; 32 | file = "${secrets}/github-ssh-key.age"; 33 | mode = "600"; 34 | owner = "${user}"; 35 | group = "staff"; 36 | }; 37 | 38 | "github-signing-key" = { 39 | symlink = false; 40 | path = "/Users/${user}/.ssh/pgp_github.key"; 41 | file = "${secrets}/github-signing-key.age"; 42 | mode = "600"; 43 | owner = "${user}"; 44 | }; 45 | }; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /modules/nixos/garfield-packages.nix: -------------------------------------------------------------------------------- 1 | { pkgs }: 2 | 3 | let 4 | shared-packages = import ../shared/packages.nix { inherit pkgs; }; 5 | in 6 | 7 | # NixOS-specific packages for garfield (without gaming/AMD packages) 8 | shared-packages ++ (with pkgs; [ 9 | 10 | audacity # Audio editor 11 | 12 | brightnessctl # Control screen brightness 13 | 14 | _1password-gui # Password manager 15 | 16 | cliphist # Clipboard history manager for Wayland 17 | 18 | dconf # Configuration system (required for some GNOME apps) 19 | 20 | firefox # Web browser 21 | 22 | discord # Voice and text chat 23 | 24 | xclip # Manage clipboard from command line 25 | 26 | wine # Windows compatibility layer 27 | 28 | glow # Terminal markdown viewer 29 | 30 | imagemagick # Image manipulation toolkit 31 | 32 | iotop # I/O monitoring 33 | 34 | kdePackages.kate # Text editor 35 | kdePackages.spectacle # Screenshot utility 36 | kdePackages.kdialog # Dialog boxes 37 | 38 | mpv # Video player 39 | 40 | obsidian # Note-taking app 41 | kdePackages.okular # PDF viewer 42 | 43 | rofi # Application launcher (includes Wayland support) 44 | 45 | signal-desktop # Secure messaging 46 | telegram-desktop # Telegram client 47 | 48 | unzip # Archive extraction 49 | wl-clipboard # Wayland clipboard utilities 50 | 51 | vscode # Code editor 52 | 53 | wget # Download tool 54 | ]) 55 | -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-darwin/create-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | setup_ssh_directory() { 12 | mkdir -p ${SSH_DIR} 13 | } 14 | 15 | prompt_for_key_generation() { 16 | local key_name=$1 17 | if [[ -f "${SSH_DIR}/${key_name}" ]]; then 18 | echo -e "${RED}Existing SSH key found for ${key_name}.${NC}" 19 | cat "${SSH_DIR}/${key_name}.pub" 20 | read -p "Do you want to replace it? (y/n) " -n 1 -r 21 | echo 22 | if [[ $REPLY =~ ^[Yy]$ ]]; then 23 | return 0 # Indicate key should be replaced 24 | else 25 | return 1 # Indicate key should be kept 26 | fi 27 | fi 28 | return 0 # Indicate no key exists, so it should be created 29 | } 30 | 31 | generate_key() { 32 | local key_name=$1 33 | if prompt_for_key_generation "$key_name"; then 34 | ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N "" 35 | chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub} 36 | else 37 | echo -e "${GREEN}Kept existing ${key_name}.${NC}" 38 | fi 39 | } 40 | 41 | setup_ssh_directory 42 | generate_key "id_ed25519" 43 | generate_key "id_ed25519_agenix" 44 | 45 | echo -e "${GREEN}SSH key setup complete.${NC}" 46 | echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}" 47 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/create-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | setup_ssh_directory() { 12 | mkdir -p ${SSH_DIR} 13 | } 14 | 15 | prompt_for_key_generation() { 16 | local key_name=$1 17 | if [[ -f "${SSH_DIR}/${key_name}" ]]; then 18 | echo -e "${RED}Existing SSH key found for ${key_name}.${NC}" 19 | cat "${SSH_DIR}/${key_name}.pub" 20 | read -p "Do you want to replace it? (y/n) " -n 1 -r 21 | echo 22 | if [[ $REPLY =~ ^[Yy]$ ]]; then 23 | return 0 # Indicate key should be replaced 24 | else 25 | return 1 # Indicate key should be kept 26 | fi 27 | fi 28 | return 0 # Indicate no key exists, so it should be created 29 | } 30 | 31 | generate_key() { 32 | local key_name=$1 33 | if prompt_for_key_generation "$key_name"; then 34 | ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N "" 35 | chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub} 36 | else 37 | echo -e "${GREEN}Kept existing ${key_name}.${NC}" 38 | fi 39 | } 40 | 41 | setup_ssh_directory 42 | generate_key "id_ed25519" 43 | generate_key "id_ed25519_agenix" 44 | 45 | echo -e "${GREEN}SSH key setup complete.${NC}" 46 | echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}" 47 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-darwin/create-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | setup_ssh_directory() { 12 | mkdir -p ${SSH_DIR} 13 | } 14 | 15 | prompt_for_key_generation() { 16 | local key_name=$1 17 | if [[ -f "${SSH_DIR}/${key_name}" ]]; then 18 | echo -e "${RED}Existing SSH key found for ${key_name}.${NC}" 19 | cat "${SSH_DIR}/${key_name}.pub" 20 | read -p "Do you want to replace it? (y/n) " -n 1 -r 21 | echo 22 | if [[ $REPLY =~ ^[Yy]$ ]]; then 23 | return 0 # Indicate key should be replaced 24 | else 25 | return 1 # Indicate key should be kept 26 | fi 27 | fi 28 | return 0 # Indicate no key exists, so it should be created 29 | } 30 | 31 | generate_key() { 32 | local key_name=$1 33 | if prompt_for_key_generation "$key_name"; then 34 | ssh-keygen -t ed25519 -f "${SSH_DIR}/${key_name}" -N "" 35 | chown ${username}:staff "${SSH_DIR}/${key_name}"{,.pub} 36 | else 37 | echo -e "${GREEN}Kept existing ${key_name}.${NC}" 38 | fi 39 | } 40 | 41 | setup_ssh_directory 42 | generate_key "id_ed25519" 43 | generate_key "id_ed25519_agenix" 44 | 45 | echo -e "${GREEN}SSH key setup complete.${NC}" 46 | echo -e "${GREEN}Remember to add the necessary keys to Github or other services as required.${NC}" 47 | -------------------------------------------------------------------------------- /apps/x86_64-linux/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | RED='\033[1;31m' 4 | GREEN='\033[1;32m' 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | # Parse arguments for --host parameter 9 | HOST="" 10 | OTHER_ARGS="" 11 | 12 | while [ $# -gt 0 ]; do 13 | case "$1" in 14 | --host=*) 15 | HOST="${1#*=}" 16 | shift 17 | ;; 18 | --host) 19 | HOST="$2" 20 | shift 2 21 | ;; 22 | *) 23 | OTHER_ARGS="$OTHER_ARGS $1" 24 | shift 25 | ;; 26 | esac 27 | done 28 | 29 | # If host is specified, use it directly 30 | if [ -n "$HOST" ]; then 31 | FLAKE_TARGET="$HOST" 32 | echo -e "${YELLOW}Building for named host: $HOST${NC}" 33 | else 34 | # Default behavior: detect system architecture 35 | SYSTEM=$(uname -m) 36 | 37 | case "$SYSTEM" in 38 | x86_64) 39 | FLAKE_TARGET="x86_64-linux" 40 | ;; 41 | aarch64) 42 | FLAKE_TARGET="aarch64-linux" 43 | ;; 44 | *) 45 | echo -e "${RED}Unsupported architecture: $SYSTEM${NC}" 46 | exit 1 47 | ;; 48 | esac 49 | echo -e "${YELLOW}Building for platform: $FLAKE_TARGET${NC}" 50 | fi 51 | 52 | echo -e "${YELLOW}Starting...${NC}" 53 | 54 | # We pass SSH from user to root so root can download secrets from our private Github 55 | sudo /run/current-system/sw/bin/nixos-rebuild switch --flake .#$FLAKE_TARGET $OTHER_ARGS 56 | 57 | echo -e "${GREEN}Switch to new generation complete!${NC}" 58 | -------------------------------------------------------------------------------- /modules/shared/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | let 4 | emacsOverlaySha256 = "11p1c1l04zrn8dd5w8zyzlv172z05dwi9avbckav4d5fk043m754"; 5 | 6 | # Shared Emacs package configuration 7 | myEmacs = import ./emacs.nix { inherit pkgs; }; 8 | in 9 | { 10 | 11 | nixpkgs = { 12 | config = { 13 | allowUnfree = true; 14 | #cudaSupport = true; 15 | #cudaCapabilities = ["8.0"]; 16 | allowBroken = true; 17 | allowInsecure = false; 18 | allowUnsupportedSystem = true; 19 | }; 20 | 21 | overlays = 22 | # Apply each overlay found in the /overlays directory 23 | let 24 | path = ../../overlays; 25 | hostname = config.networking.hostName or ""; 26 | excludeForHost = { 27 | "garfield" = [ "cider-appimage.nix" ]; 28 | }; 29 | excludedFiles = excludeForHost.${hostname} or []; 30 | in with builtins; 31 | map (n: import (path + ("/" + n))) 32 | (filter (n: 33 | (match ".*\\.nix" n != null || 34 | pathExists (path + ("/" + n + "/default.nix"))) 35 | && !(elem n excludedFiles)) 36 | (attrNames (readDir path))) 37 | 38 | ++ [(import (builtins.fetchTarball { 39 | url = "https://github.com/dustinlyons/emacs-overlay/archive/refs/heads/master.tar.gz"; 40 | sha256 = emacsOverlaySha256; 41 | }))]; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /overlays/tableplus-appimage.nix: -------------------------------------------------------------------------------- 1 | self: super: with super; { 2 | tableplus-appimage = appimageTools.wrapType2 rec { 3 | pname = "tableplus"; 4 | version = "latest"; 5 | 6 | src = fetchurl { 7 | url = "https://tableplus.com/release/linux/x64/TablePlus-x64.AppImage"; 8 | hash = "sha256-mZkfbZfChLnlwYojWcBorZkYgZr7GXlEyL8iguGaaqU="; 9 | }; 10 | 11 | nativeBuildInputs = [ makeWrapper ]; 12 | 13 | extraInstallCommands = 14 | let 15 | contents = appimageTools.extract { 16 | inherit version src; 17 | pname = "TablePlus"; 18 | }; 19 | in 20 | '' 21 | # TablePlus needs access to system libraries 22 | wrapProgram $out/bin/${pname} \ 23 | --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ gnutls ]}" 24 | 25 | if [ -f ${contents}/tableplus-appimage.desktop ]; then 26 | install -m 444 -D ${contents}/tableplus-appimage.desktop $out/share/applications/${pname}.desktop 27 | substituteInPlace $out/share/applications/${pname}.desktop \ 28 | --replace-warn 'Exec=tableplus-appimage' 'Exec=${pname}' 29 | fi 30 | ''; 31 | 32 | meta = with lib; { 33 | description = "Modern, native, and friendly GUI tool for relational databases"; 34 | homepage = "https://tableplus.com"; 35 | license = licenses.unfree; 36 | mainProgram = "tableplus"; 37 | platforms = platforms.linux; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /overlays/wowup-appimage.nix: -------------------------------------------------------------------------------- 1 | self: super: with super; { 2 | wowup-appimage = appimageTools.wrapType2 rec { 3 | pname = "wowup"; 4 | version = "2.21.0-beta.3"; 5 | 6 | src = fetchurl { 7 | url = "https://github.com/WowUp/WowUp.CF/releases/download/v2.21.0-beta.3/WowUp-CF-2.21.0-beta.3.AppImage"; 8 | hash = "sha256-6UN5YMahrmKBxIjMDyWz2MNLJTxYxnuhR/Y2CYf+eZE="; 9 | }; 10 | 11 | nativeBuildInputs = [ makeWrapper ]; 12 | 13 | extraInstallCommands = 14 | let 15 | contents = appimageTools.extract { 16 | inherit version src; 17 | pname = "WowUp"; 18 | }; 19 | in 20 | '' 21 | wrapProgram $out/bin/${pname} \ 22 | --add-flags "--disable-gpu-sandbox --disable-features=UseOzonePlatform" \ 23 | --set ELECTRON_OZONE_PLATFORM_HINT "" \ 24 | --unset WAYLAND_DISPLAY 25 | 26 | if [ -f ${contents}/wowup.desktop ]; then 27 | install -m 444 -D ${contents}/wowup.desktop $out/share/applications/${pname}.desktop 28 | substituteInPlace $out/share/applications/${pname}.desktop \ 29 | --replace-warn 'Exec=wowup' 'Exec=${pname}' 30 | fi 31 | ''; 32 | 33 | meta = with lib; { 34 | description = "WowUp is the community trusted World of Warcraft addon updater"; 35 | homepage = "https://wowup.io"; 36 | license = licenses.gpl3; 37 | mainProgram = "wowup"; 38 | platforms = platforms.linux; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-linux/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | VERSION=1.0 4 | 5 | RED='\033[1;31m' 6 | GREEN='\033[1;32m' 7 | YELLOW='\033[1;33m' 8 | NC='\033[0m' 9 | 10 | # Parse arguments for --host parameter 11 | HOST="" 12 | OTHER_ARGS="" 13 | 14 | while [ $# -gt 0 ]; do 15 | case "$1" in 16 | --host=*) 17 | HOST="${1#*=}" 18 | shift 19 | ;; 20 | --host) 21 | HOST="$2" 22 | shift 2 23 | ;; 24 | *) 25 | OTHER_ARGS="$OTHER_ARGS $1" 26 | shift 27 | ;; 28 | esac 29 | done 30 | 31 | # If host is specified, use it directly 32 | if [ -n "$HOST" ]; then 33 | FLAKE_TARGET="$HOST" 34 | echo -e "${YELLOW}Building for named host: $HOST${NC}" 35 | else 36 | # Default behavior: detect system architecture 37 | SYSTEM=$(uname -m) 38 | 39 | case "$SYSTEM" in 40 | x86_64) 41 | FLAKE_TARGET="x86_64-linux" 42 | ;; 43 | aarch64) 44 | FLAKE_TARGET="aarch64-linux" 45 | ;; 46 | *) 47 | echo -e "${RED}Unsupported architecture: $SYSTEM${NC}" 48 | exit 1 49 | ;; 50 | esac 51 | echo -e "${YELLOW}Building for platform: $FLAKE_TARGET${NC}" 52 | fi 53 | 54 | echo -e "${YELLOW}Starting...${NC}" 55 | 56 | # We pass SSH from user to root so root can download secrets from our private Github 57 | sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK /run/current-system/sw/bin/nixos-rebuild switch --flake .#$FLAKE_TARGET $OTHER_ARGS 58 | 59 | echo -e "${GREEN}Switch to new generation complete!${NC}" 60 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-linux/build-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | VERSION=1.0 4 | 5 | RED='\033[1;31m' 6 | GREEN='\033[1;32m' 7 | YELLOW='\033[1;33m' 8 | NC='\033[0m' 9 | 10 | # Parse arguments for --host parameter 11 | HOST="" 12 | OTHER_ARGS="" 13 | 14 | while [ $# -gt 0 ]; do 15 | case "$1" in 16 | --host=*) 17 | HOST="${1#*=}" 18 | shift 19 | ;; 20 | --host) 21 | HOST="$2" 22 | shift 2 23 | ;; 24 | *) 25 | OTHER_ARGS="$OTHER_ARGS $1" 26 | shift 27 | ;; 28 | esac 29 | done 30 | 31 | # If host is specified, use it directly 32 | if [ -n "$HOST" ]; then 33 | FLAKE_TARGET="$HOST" 34 | echo -e "${YELLOW}Building for named host: $HOST${NC}" 35 | else 36 | # Default behavior: detect system architecture 37 | SYSTEM=$(uname -m) 38 | 39 | case "$SYSTEM" in 40 | x86_64) 41 | FLAKE_TARGET="x86_64-linux" 42 | ;; 43 | aarch64) 44 | FLAKE_TARGET="aarch64-linux" 45 | ;; 46 | *) 47 | echo -e "${RED}Unsupported architecture: $SYSTEM${NC}" 48 | exit 1 49 | ;; 50 | esac 51 | echo -e "${YELLOW}Building for platform: $FLAKE_TARGET${NC}" 52 | fi 53 | 54 | echo -e "${YELLOW}Starting...${NC}" 55 | 56 | # We pass SSH from user to root so root can download secrets from our private Github 57 | sudo SSH_AUTH_SOCK=$SSH_AUTH_SOCK /run/current-system/sw/bin/nixos-rebuild switch --flake .#$FLAKE_TARGET $OTHER_ARGS 58 | 59 | echo -e "${GREEN}Switch to new generation complete!${NC}" 60 | -------------------------------------------------------------------------------- /overlays/playwright.nix: -------------------------------------------------------------------------------- 1 | # Playwright browser dependencies overlay 2 | final: prev: 3 | let 4 | playwrightLibs = with prev; [ 5 | glib 6 | gtk3 7 | nss 8 | nspr 9 | dbus 10 | at-spi2-atk 11 | at-spi2-core 12 | cups 13 | libdrm 14 | mesa 15 | xorg.libX11 16 | xorg.libXcomposite 17 | xorg.libXdamage 18 | xorg.libXext 19 | xorg.libXfixes 20 | xorg.libXrandr 21 | xorg.libxcb 22 | cairo 23 | pango 24 | expat 25 | libxkbcommon 26 | systemd 27 | alsa-lib 28 | freetype 29 | fontconfig 30 | gdk-pixbuf 31 | libnotify 32 | liberation_ttf 33 | ]; 34 | in 35 | { 36 | playwright-deps = prev.buildEnv { 37 | name = "playwright-deps"; 38 | paths = with prev; [ 39 | chromium 40 | ] ++ playwrightLibs; 41 | }; 42 | 43 | playwright-wrapper = prev.writeScriptBin "playwright-wrapper" '' 44 | #!${prev.bash}/bin/bash 45 | # Playwright wrapper script for cron jobs and system-wide usage 46 | 47 | # Playwright configuration 48 | export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 49 | export PLAYWRIGHT_SKIP_VALIDATE_HOST_REQUIREMENTS=true 50 | export PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH="${prev.chromium}/bin/chromium" 51 | export PLAYWRIGHT_BROWSERS_PATH=0 52 | export PLAYWRIGHT_SKIP_BROWSER_GC=1 53 | 54 | # Set up library path 55 | export LD_LIBRARY_PATH="${prev.lib.makeLibraryPath playwrightLibs}:$LD_LIBRARY_PATH" 56 | 57 | # Execute the command passed to this wrapper 58 | exec "$@" 59 | ''; 60 | } -------------------------------------------------------------------------------- /hosts/nixos/garfield/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by 'nixos-generate-config' 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, modulesPath, ... }: 5 | 6 | { 7 | imports = 8 | [ (modulesPath + "/installer/scan/not-detected.nix") 9 | ]; 10 | 11 | boot = { 12 | initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; 13 | initrd.kernelModules = [ ]; 14 | kernelModules = [ ]; 15 | extraModulePackages = [ ]; 16 | }; 17 | 18 | fileSystems."/" = 19 | { device = "/dev/disk/by-uuid/e194a154-b519-45c6-a875-efdd1704bdfe"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | fileSystems."/boot" = 24 | { device = "/dev/disk/by-uuid/5133-A18D"; 25 | fsType = "vfat"; 26 | options = [ "fmask=0077" "dmask=0077" ]; 27 | }; 28 | 29 | swapDevices = [ ]; 30 | 31 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 32 | # (the default) this is the recommended approach. When using systemd-networkd it's 33 | # still possible to use this option, but it's recommended to use it in conjunction 34 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 35 | networking.useDHCP = lib.mkDefault true; 36 | # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 37 | 38 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 39 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 40 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2021, Dustin Lyons 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /modules/darwin/files.nix: -------------------------------------------------------------------------------- 1 | { user, config, pkgs, ... }: 2 | 3 | let 4 | xdg_configHome = "${config.users.users.${user}.home}/.config"; 5 | xdg_dataHome = "${config.users.users.${user}.home}/.local/share"; 6 | xdg_stateHome = "${config.users.users.${user}.home}/.local/state"; in 7 | { 8 | 9 | # Raycast script so that "Run Emacs" is available and uses Emacs daemon 10 | "${xdg_dataHome}/bin/emacsclient" = { 11 | executable = true; 12 | text = '' 13 | #!/bin/zsh 14 | # 15 | # Required parameters: 16 | # @raycast.schemaVersion 1 17 | # @raycast.title Run Emacs 18 | # @raycast.mode silent 19 | # 20 | # Optional parameters: 21 | # @raycast.packageName Emacs 22 | # @raycast.icon ${xdg_dataHome}/img/icons/Emacs.icns 23 | # @raycast.iconDark ${xdg_dataHome}/img/icons/Emacs.icns 24 | 25 | if [[ $1 = "-t" ]]; then 26 | # Terminal mode 27 | ${pkgs.emacs}/bin/emacsclient -t $@ 28 | else 29 | # GUI mode 30 | ${pkgs.emacs}/bin/emacsclient -c -n $@ 31 | fi 32 | ''; 33 | }; 34 | 35 | # Script to import Drafts into Emacs org-roam 36 | "${xdg_dataHome}/bin/import-drafts" = { 37 | executable = true; 38 | text = '' 39 | #!/bin/sh 40 | 41 | for f in ${xdg_stateHome}/drafts/* 42 | do 43 | if [[ ! "$f" =~ "done" ]]; then 44 | echo "Importing $f" 45 | filename="$(head -c 10 $f)" 46 | output="${xdg_dataHome}/org-roam/daily/$filename.org" 47 | echo '\n' >> "$output" 48 | tail -n +3 $f >> "$output" 49 | mv $f done 50 | fi 51 | done 52 | ''; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /apps/aarch64-darwin/copy-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | handle_no_usb() { 12 | echo -e ${RED}No USB drive found or mounted.${NC}" 13 | echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}" 14 | exit 1 15 | } 16 | 17 | mount_usb() { 18 | MOUNT_PATH="" 19 | for dev in $(diskutil list | grep -o 'disk[0-9]'); do 20 | MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)" 21 | if [ -n "${MOUNT_PATH}" ]; then 22 | echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}" 23 | break 24 | fi 25 | done 26 | 27 | if [ -z "${MOUNT_PATH}" ]; then 28 | echo -e "${RED}No USB drive found.${NC}" 29 | fi 30 | } 31 | 32 | copy_keys() { 33 | if [ -n "${MOUNT_PATH}" ]; then 34 | cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR} 35 | cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR} 36 | chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 37 | else 38 | echo -e "${RED}No USB drive found. Aborting.${NC}" 39 | exit 1 40 | fi 41 | } 42 | 43 | setup_ssh_directory() { 44 | mkdir -p ${SSH_DIR} 45 | } 46 | 47 | set_keys() { 48 | cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub 49 | cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519 50 | chmod 600 ${SSH_DIR}/id_ed25519 51 | chmod 644 ${SSH_DIR}/id_ed25519.pub 52 | } 53 | 54 | change_ownership() { 55 | chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub} 56 | chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 57 | } 58 | 59 | setup_ssh_directory 60 | mount_usb 61 | 62 | if [ -z "${MOUNT_PATH}" ]; then 63 | handle_no_usb 64 | else 65 | copy_keys 66 | set_keys 67 | change_ownership 68 | fi 69 | -------------------------------------------------------------------------------- /apps/x86_64-darwin/copy-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | handle_no_usb() { 12 | echo -e ${RED}No USB drive found or mounted.${NC}" 13 | echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}" 14 | exit 1 15 | } 16 | 17 | mount_usb() { 18 | MOUNT_PATH="" 19 | for dev in $(diskutil list | grep -o 'disk[0-9]'); do 20 | MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)" 21 | if [ -n "${MOUNT_PATH}" ]; then 22 | echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}" 23 | break 24 | fi 25 | done 26 | 27 | if [ -z "${MOUNT_PATH}" ]; then 28 | echo -e "${RED}No USB drive found.${NC}" 29 | fi 30 | } 31 | 32 | copy_keys() { 33 | if [ -n "${MOUNT_PATH}" ]; then 34 | cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR} 35 | cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR} 36 | chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 37 | else 38 | echo -e "${RED}No USB drive found. Aborting.${NC}" 39 | exit 1 40 | fi 41 | } 42 | 43 | setup_ssh_directory() { 44 | mkdir -p ${SSH_DIR} 45 | } 46 | 47 | set_keys() { 48 | cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub 49 | cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519 50 | chmod 600 ${SSH_DIR}/id_ed25519 51 | chmod 644 ${SSH_DIR}/id_ed25519.pub 52 | } 53 | 54 | change_ownership() { 55 | chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub} 56 | chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 57 | } 58 | 59 | setup_ssh_directory 60 | mount_usb 61 | 62 | if [ -z "${MOUNT_PATH}" ]; then 63 | handle_no_usb 64 | else 65 | copy_keys 66 | set_keys 67 | change_ownership 68 | fi 69 | -------------------------------------------------------------------------------- /templates/starter/apps/x86_64-darwin/copy-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | handle_no_usb() { 12 | echo -e ${RED}No USB drive found or mounted.${NC}" 13 | echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}" 14 | exit 1 15 | } 16 | 17 | mount_usb() { 18 | MOUNT_PATH="" 19 | for dev in $(diskutil list | grep -o 'disk[0-9]'); do 20 | MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)" 21 | if [ -n "${MOUNT_PATH}" ]; then 22 | echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}" 23 | break 24 | fi 25 | done 26 | 27 | if [ -z "${MOUNT_PATH}" ]; then 28 | echo -e "${RED}No USB drive found.${NC}" 29 | fi 30 | } 31 | 32 | copy_keys() { 33 | if [ -n "${MOUNT_PATH}" ]; then 34 | cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR} 35 | cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR} 36 | chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 37 | else 38 | echo -e "${RED}No USB drive found. Aborting.${NC}" 39 | exit 1 40 | fi 41 | } 42 | 43 | setup_ssh_directory() { 44 | mkdir -p ${SSH_DIR} 45 | } 46 | 47 | set_keys() { 48 | cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub 49 | cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519 50 | chmod 600 ${SSH_DIR}/id_ed25519 51 | chmod 644 ${SSH_DIR}/id_ed25519.pub 52 | } 53 | 54 | change_ownership() { 55 | chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub} 56 | chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 57 | } 58 | 59 | setup_ssh_directory 60 | mount_usb 61 | 62 | if [ -z "${MOUNT_PATH}" ]; then 63 | handle_no_usb 64 | else 65 | copy_keys 66 | set_keys 67 | change_ownership 68 | fi 69 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/aarch64-darwin/copy-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | handle_no_usb() { 12 | echo -e ${RED}No USB drive found or mounted.${NC}" 13 | echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}" 14 | exit 1 15 | } 16 | 17 | mount_usb() { 18 | MOUNT_PATH="" 19 | for dev in $(diskutil list | grep -o 'disk[0-9]'); do 20 | MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)" 21 | if [ -n "${MOUNT_PATH}" ]; then 22 | echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}" 23 | break 24 | fi 25 | done 26 | 27 | if [ -z "${MOUNT_PATH}" ]; then 28 | echo -e "${RED}No USB drive found.${NC}" 29 | fi 30 | } 31 | 32 | copy_keys() { 33 | if [ -n "${MOUNT_PATH}" ]; then 34 | cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR} 35 | cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR} 36 | chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 37 | else 38 | echo -e "${RED}No USB drive found. Aborting.${NC}" 39 | exit 1 40 | fi 41 | } 42 | 43 | setup_ssh_directory() { 44 | mkdir -p ${SSH_DIR} 45 | } 46 | 47 | set_keys() { 48 | cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub 49 | cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519 50 | chmod 600 ${SSH_DIR}/id_ed25519 51 | chmod 644 ${SSH_DIR}/id_ed25519.pub 52 | } 53 | 54 | change_ownership() { 55 | chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub} 56 | chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 57 | } 58 | 59 | setup_ssh_directory 60 | mount_usb 61 | 62 | if [ -z "${MOUNT_PATH}" ]; then 63 | handle_no_usb 64 | else 65 | copy_keys 66 | set_keys 67 | change_ownership 68 | fi 69 | -------------------------------------------------------------------------------- /templates/starter-with-secrets/apps/x86_64-darwin/copy-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | RED='\033[0;31m' 5 | GREEN='\033[0;32m' 6 | NC='\033[0m' 7 | 8 | username=${USER} 9 | export SSH_DIR=/Users/${username}/.ssh 10 | 11 | handle_no_usb() { 12 | echo -e ${RED}No USB drive found or mounted.${NC}" 13 | echo -e ${GREEN}If you have not yet set up your keys, run the script to generate new SSH keys.${NC}" 14 | exit 1 15 | } 16 | 17 | mount_usb() { 18 | MOUNT_PATH="" 19 | for dev in $(diskutil list | grep -o 'disk[0-9]'); do 20 | MOUNT_PATH="$(diskutil info /dev/${dev} | grep \"Mount Point\" | awk -F: '{print $2}' | xargs)" 21 | if [ -n "${MOUNT_PATH}" ]; then 22 | echo -e "${GREEN}USB drive found at ${MOUNT_PATH}.${NC}" 23 | break 24 | fi 25 | done 26 | 27 | if [ -z "${MOUNT_PATH}" ]; then 28 | echo -e "${RED}No USB drive found.${NC}" 29 | fi 30 | } 31 | 32 | copy_keys() { 33 | if [ -n "${MOUNT_PATH}" ]; then 34 | cp "${MOUNT_PATH}/id_ed25519_agenix.pub" ${SSH_DIR} 35 | cp "${MOUNT_PATH}/id_ed25519_agenix" ${SSH_DIR} 36 | chmod 600 ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 37 | else 38 | echo -e "${RED}No USB drive found. Aborting.${NC}" 39 | exit 1 40 | fi 41 | } 42 | 43 | setup_ssh_directory() { 44 | mkdir -p ${SSH_DIR} 45 | } 46 | 47 | set_keys() { 48 | cp ${MOUNT_PATH}/id_ed25519_github.pub ${SSH_DIR}/id_ed25519.pub 49 | cp ${MOUNT_PATH}/id_ed25519_github ${SSH_DIR}/id_ed25519 50 | chmod 600 ${SSH_DIR}/id_ed25519 51 | chmod 644 ${SSH_DIR}/id_ed25519.pub 52 | } 53 | 54 | change_ownership() { 55 | chown ${username}:staff ${SSH_DIR}/id_ed25519{,.pub} 56 | chown ${username}:staff ${SSH_DIR}/id_ed25519_{agenix,agenix.pub} 57 | } 58 | 59 | setup_ssh_directory 60 | mount_usb 61 | 62 | if [ -z "${MOUNT_PATH}" ]; then 63 | handle_no_usb 64 | else 65 | copy_keys 66 | set_keys 67 | change_ownership 68 | fi 69 | -------------------------------------------------------------------------------- /apps/x86_64-linux/install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -exu 3 | 4 | check_installer() { 5 | if [ -e /etc/NIXOS ]; then 6 | echo -e "\e[1;32mRunning in the NixOS installer environment.\e[0m" 7 | else 8 | echo -e "\e[1;31mNot running in the NixOS installer environment.\e[0m" 9 | exit 1 10 | fi 11 | } 12 | 13 | cleanup() { 14 | rm -rf nixos-config-main.zip nixos-config-main nixos-config 15 | } 16 | 17 | download_config() { 18 | curl -LJ0 https://github.com/dustinlyons/nixos-config/archive/main.zip -o nixos-config-main.zip 19 | unzip nixos-config-main.zip 20 | mv nixos-config-main/templates/starter nixos-config 21 | cd nixos-config 22 | } 23 | 24 | run_apply() { 25 | ./apps/x86_64-linux/apply 26 | if [ ! -f /tmp/username.txt ]; then 27 | echo -e "\e[1;31mError: /tmp/username.txt does not exist.\e[0m" 28 | exit 1 29 | fi 30 | export USERNAME=$(cat /tmp/username.txt) 31 | } 32 | 33 | run_disko() { 34 | sudo nix run --extra-experimental-features nix-command --extra-experimental-features flakes \ 35 | github:nix-community/disko -- --mode zap_create_mount ./modules/nixos/disk-config.nix 36 | } 37 | 38 | setup_files() { 39 | sudo mkdir -p /mnt/etc/nixos 40 | sudo cp -r * /mnt/etc/nixos 41 | cd /mnt/etc/nixos 42 | } 43 | 44 | install_nixos() { 45 | ARCH=$(uname -m) 46 | 47 | case "$ARCH" in 48 | x86_64) 49 | FLAKE_TARGET="x86_64-linux" 50 | ;; 51 | aarch64) 52 | FLAKE_TARGET="aarch64-linux" 53 | ;; 54 | *) 55 | echo -e "${RED}Unsupported architecture: $ARCH${CLEAR}" 56 | exit 1 57 | ;; 58 | esac 59 | 60 | sudo nixos-install --flake .#$FLAKE_TARGET $@ 61 | sudo chmod -R 775 /mnt/etc/nixos 62 | } 63 | 64 | prompt_reboot() { 65 | read -p "Do you want to reboot now? (y/yes) " choice 66 | case "$choice" in 67 | y|Y|yes|YES ) echo -e "\e[1;32mRebooting...\e[0m" && sudo reboot;; 68 | * ) echo -e "\e[1;33mReboot skipped.\e[0m";; 69 | esac 70 | } 71 | 72 | cleanup 73 | check_installer 74 | download_config 75 | run_apply 76 | run_disko 77 | setup_files 78 | install_nixos 79 | cleanup 80 | prompt_reboot 81 | -------------------------------------------------------------------------------- /apps/x86_64-linux/copy-keys: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | unmount_usb() { 5 | if mountpoint -q /mnt/usb; then 6 | sudo umount /mnt/usb 7 | echo -e "\e[0;32mUSB drive unmounted.\e[0m" 8 | fi 9 | } 10 | 11 | mount_usb() { 12 | if mountpoint -q /mnt/usb; then 13 | echo -e "\e[0;32mUSB drive already mounted.\e[0m" 14 | else 15 | device_found=false 16 | for dev in sda sdb sdc sdd sde sdf sdg sdh sdi sdj sdk sdl; do 17 | if sudo blkid /dev/$dev | grep -iq 'TYPE="vfat"'; then 18 | device_found=true 19 | mkdir -p /mnt/usb 20 | sudo mount /dev/$dev /mnt/usb && { echo -e "\e[0;32mUSB drive mounted successfully on /dev/$dev.\e[0m"; break; } || echo -e "\e[0;31mFailed to mount /dev/$dev.\e[0m" 21 | fi 22 | done 23 | if [ "$device_found" = false ]; then 24 | echo -e "\e[0;31mNo USB devices found.\e[0m" 25 | fi 26 | fi 27 | } 28 | 29 | setup_ssh_directory() { 30 | export SSH_DIR=/root/.ssh 31 | mkdir -p $SSH_DIR 32 | } 33 | 34 | check_file_exists() { 35 | if [[ ! -f $1 ]]; then 36 | echo -e "\e[0;31mError: File $1 does not exist.\e[0m" 37 | exit 1 38 | fi 39 | } 40 | 41 | copy_keys() { 42 | check_file_exists "/mnt/usb/id_ed25519_agenix.pub" 43 | check_file_exists "/mnt/usb/id_ed25519_agenix" 44 | cp /mnt/usb/id_ed25519_agenix.pub $SSH_DIR 45 | cp /mnt/usb/id_ed25519_agenix $SSH_DIR 46 | chmod 600 $SSH_DIR/id_ed25519_{agenix,agenix.pub} 47 | echo -e "\e[0;32mKeys copied successfully.\e[0m" 48 | } 49 | 50 | set_keys() { 51 | check_file_exists "/mnt/usb/id_ed25519_github.pub" 52 | check_file_exists "/mnt/usb/id_ed25519_github" 53 | cp /mnt/usb/id_ed25519_github.pub $SSH_DIR/id_ed25519.pub 54 | cp /mnt/usb/id_ed25519_github $SSH_DIR/id_ed25519 55 | chmod 600 $SSH_DIR/id_ed25519 56 | chmod 644 $SSH_DIR/id_ed25519.pub 57 | } 58 | 59 | change_ownership() { 60 | chown nixos:wheel $SSH_DIR/id_ed25519{,.pub} 61 | chown nixos:wheel $SSH_DIR/id_ed25519_{agenix,agenix.pub} 62 | } 63 | 64 | trap unmount_usb EXIT 65 | 66 | setup_ssh_directory 67 | mount_usb 68 | copy_keys 69 | set_keys 70 | change_ownership 71 | unmount_usb 72 | -------------------------------------------------------------------------------- /templates/starter/modules/nixos/config/polybar/user_modules.ini: -------------------------------------------------------------------------------- 1 | ;; ┌──────────────────────────────────────────────────────────────────────────────-----┐ 2 | ;; │░█▀█░█▀█░█░░░█░█░█▀▄░█▀█░█▀▄░░░░░░░░░█░█░█▀▀░█▀▀░█▀▄░░░█▄█░█▀█░█▀▄░█░█░█░░░█▀▀░█▀▀ │ 3 | ;; │░█▀▀░█░█░█░░░░█░░█▀▄░█▀█░█▀▄░░░░▀░░░░█░█░▀▀█░█▀▀░█▀▄░░░█░█░█░█░█░█░█░█░█░░░█▀▀░▀▀█ │ 4 | ;; │░▀░░░▀▀▀░▀▀▀░░▀░░▀▀░░▀░▀░▀░▀░░░░▀░░░░▀▀▀░▀▀▀░▀▀▀░▀░▀░░░▀░▀░▀▀▀░▀▀░░▀▀▀░▀▀▀░▀▀▀░▀▀▀ │ 5 | ;; │░Created░By░Aditya░Shakya░@adi1090x░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░│ 6 | ;; └──────────────────────────────────────────────────────────────────────────────-----┘ 7 | 8 | ;; _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ 9 | 10 | [module/updates] 11 | type = custom/script 12 | 13 | ; Available tokens: 14 | ; %counter% 15 | ; Command to be executed (using "/usr/bin/env sh -c [command]") 16 | exec = @packages@ 17 | 18 | ; Conditional command that, if defined, needs to exit successfully 19 | ; before the main exec command is invoked. 20 | ; Default: "" 21 | ;;exec-if = "" 22 | 23 | ; Will the script output continous content? 24 | ; Default: false 25 | tail = true 26 | 27 | ; Seconds to sleep between updates 28 | ; Default: 2 (0 if `tail = true`) 29 | interval = 0 30 | 31 | ; Available tags: 32 | ; - deprecated 33 | ;