├── .github ├── dependabot.yml └── workflows │ └── nix.yml ├── .gitignore ├── README.md ├── flake.lock ├── flake.nix ├── home ├── default.nix ├── hosts │ ├── darwin │ │ └── default.nix │ └── linux │ │ └── default.nix └── programs │ ├── bash.nix │ ├── git.nix │ ├── gpg.nix │ └── starship.nix └── hosts ├── base └── configuration.nix ├── darwin └── configuration.nix └── linux ├── configuration.nix ├── desktops └── minimal-gnome.nix ├── disable-sleep-on-ssh.nix └── system76 ├── configuration.nix └── hardware-configuration.nix /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | schedule: 6 | # Check for updates to GitHub Actions every week 7 | interval: "weekly" 8 | reviewers: 9 | - jessfraz 10 | -------------------------------------------------------------------------------- /.github/workflows/nix.yml: -------------------------------------------------------------------------------- 1 | name: Test Nix Flake 2 | 3 | on: 4 | push: 5 | branches: [main] 6 | pull_request: 7 | workflow_dispatch: 8 | 9 | concurrency: 10 | group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} 11 | cancel-in-progress: true 12 | jobs: 13 | nix-flake-check: 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@v4 17 | with: 18 | submodules: recursive 19 | 20 | - uses: cachix/install-nix-action@v31 21 | with: 22 | nix_path: nixpkgs=channel:nixos-unstable 23 | 24 | - name: nix flake check for all platforms 25 | run: | 26 | nix flake check --all-systems 27 | 28 | nix-build-linux: 29 | runs-on: ubuntu-latest 30 | steps: 31 | - uses: actions/checkout@v4 32 | with: 33 | submodules: recursive 34 | 35 | - uses: cachix/install-nix-action@v31 36 | with: 37 | nix_path: nixpkgs=channel:nixos-unstable 38 | 39 | - name: nix build . for x86_64-linux 40 | run: nix build . 41 | 42 | nix-build-macos: 43 | runs-on: macos-latest 44 | steps: 45 | - uses: actions/checkout@v4 46 | with: 47 | submodules: recursive 48 | 49 | - uses: cachix/install-nix-action@v31 50 | with: 51 | nix_path: nixpkgs=channel:nixos-unstable 52 | 53 | - name: nix build . for x86_64-darwin 54 | run: nix build . 55 | 56 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | result 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # global-nix 2 | 3 | Global nix configuration for my desktop and laptops. 4 | 5 | These are just mine. They are imperfect in so many ways, but they work. I tried not to use a lot of plugins and just the raw Nix language. I like flakes. I get some people don't but I do :) sue me. 6 | 7 | # Installation 8 | 9 | > **NOTE:** Don't actually install these configs on your machine. My username is hard coded places!! 10 | 11 | Refer to the instructions in [github.com/DeterminateSystems/nix-installer](https://github.com/DeterminateSystems/nix-installer). Do the vanilla install on MacOS so that we can use the `darwin-rebuild` command. 12 | 13 | ## MacOS 14 | 15 | 1. `nix build .#darwinConfigurations.macinator.system` 16 | 2. `./result/sw/bin/darwin-rebuild switch --flake .#macinator` 17 | 18 | **OR** 19 | 20 | If nix is already installed, you can just do: 21 | 22 | `darwin-rebuild switch --flake .#macinator` 23 | 24 | ## Linux 25 | 26 | `nixos-rebuild switch --flake .#system76` 27 | 28 | 29 | ## Shared 30 | 31 | To cleanup the world run `nix store gc` 32 | 33 | 34 | # My personal opinon on how to get started. 35 | 36 | Don't start here. Start with a flake that just installs some packages on your host. Drink a bit of that koolaid, install more things, uninstall things. Make flakes in specific repos to use `nix develop` devShells or package binaries in a repo. THEN, if you are thinking this is neat and want to go deeper, start looking into nixOS and darwin-nix for configuring your machines. This was how I went about it. 37 | 38 | The reason I mention this is THERE IS A LOT OF CONTENT ON NIX out there and SO MANY different ways to do things. If you start with a big goal its too much information overhead all at once. _First_, dip your toes into just flakes. (Of course some people will say fuck flakes but I like them, personally. This is the type of information overhead and opinions I'm talking about). 39 | 40 | ## Other tips 41 | 42 | - Claude and OpenAI are decent at Nix files. But you have to know what to ask for or else they will fuck it all up. It's almost better to be like "deep research X nix specific thing and tell me your findings". This will eliminate the overhead (all us nerds do) of learning something new and going super deep on blogs. 43 | 44 | - Use the links below to the module sources. I found this the best way to get the current options for specific modules. 45 | 46 | ## Helpful Links 47 | 48 | - [NixOS Module Source](https://github.com/NixOS/nixpkgs/tree/master/nixos/modules) 49 | - [Home Manager Module Source](https://github.com/nix-community/home-manager/tree/master/modules) 50 | - [nix-darwin Module Source](https://github.com/nix-darwin/nix-darwin/tree/master/modules) 51 | - [Nix lang visual 'splainer](https://zaynetro.com/explainix) 52 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "alejandra": { 4 | "inputs": { 5 | "fenix": "fenix", 6 | "flakeCompat": "flakeCompat", 7 | "nixpkgs": [ 8 | "dotvim", 9 | "nixpkgs" 10 | ] 11 | }, 12 | "locked": { 13 | "lastModified": 1744324181, 14 | "narHash": "sha256-Oi1n2ncF4/AWeY6X55o2FddIRICokbciqFYK64XorYk=", 15 | "owner": "kamadorueda", 16 | "repo": "alejandra", 17 | "rev": "3e2a85506627062313e131bf8a85315f3387c8e0", 18 | "type": "github" 19 | }, 20 | "original": { 21 | "owner": "kamadorueda", 22 | "ref": "4.0.0", 23 | "repo": "alejandra", 24 | "type": "github" 25 | } 26 | }, 27 | "dotfiles": { 28 | "inputs": { 29 | "home-manager": "home-manager", 30 | "nixpkgs": [ 31 | "nixpkgs" 32 | ], 33 | "unstable": "unstable" 34 | }, 35 | "locked": { 36 | "lastModified": 1744393337, 37 | "narHash": "sha256-HVIL+tbv0COQkMNRXSJu7UTyeABKoZ6HwJq7HH5LAJw=", 38 | "owner": "jessfraz", 39 | "repo": "dotfiles", 40 | "rev": "6729a78856887fc0ff4067a2da325ebbf07a4cba", 41 | "type": "github" 42 | }, 43 | "original": { 44 | "owner": "jessfraz", 45 | "repo": "dotfiles", 46 | "type": "github" 47 | } 48 | }, 49 | "dotvim": { 50 | "inputs": { 51 | "alejandra": "alejandra", 52 | "fenix": "fenix_2", 53 | "home-manager": "home-manager_2", 54 | "modeling-app": "modeling-app", 55 | "neovim-nightly": "neovim-nightly", 56 | "nixpkgs": [ 57 | "nixpkgs" 58 | ] 59 | }, 60 | "locked": { 61 | "lastModified": 1747329618, 62 | "narHash": "sha256-o/v3VAY+aiESHSqlEOT0nZi4wxWhV1nOt2R4EkPQuyY=", 63 | "ref": "refs/heads/main", 64 | "rev": "10fcb574bf2e4aee07da0eb947ce09edf1f3ba1a", 65 | "revCount": 771, 66 | "type": "git", 67 | "url": "https://github.com/jessfraz/.vim" 68 | }, 69 | "original": { 70 | "type": "git", 71 | "url": "https://github.com/jessfraz/.vim" 72 | } 73 | }, 74 | "fenix": { 75 | "inputs": { 76 | "nixpkgs": [ 77 | "dotvim", 78 | "alejandra", 79 | "nixpkgs" 80 | ], 81 | "rust-analyzer-src": "rust-analyzer-src" 82 | }, 83 | "locked": { 84 | "lastModified": 1730615655, 85 | "narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=", 86 | "owner": "nix-community", 87 | "repo": "fenix", 88 | "rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c", 89 | "type": "github" 90 | }, 91 | "original": { 92 | "owner": "nix-community", 93 | "repo": "fenix", 94 | "type": "github" 95 | } 96 | }, 97 | "fenix_2": { 98 | "inputs": { 99 | "nixpkgs": [ 100 | "dotvim", 101 | "nixpkgs" 102 | ], 103 | "rust-analyzer-src": "rust-analyzer-src_2" 104 | }, 105 | "locked": { 106 | "lastModified": 1747291057, 107 | "narHash": "sha256-9Wir6aLJAeJKqdoQUiwfKdBn7SyNXTJGRSscRyVOo2Y=", 108 | "owner": "nix-community", 109 | "repo": "fenix", 110 | "rev": "76ffc1b7b3ec8078fe01794628b6abff35cbda8f", 111 | "type": "github" 112 | }, 113 | "original": { 114 | "owner": "nix-community", 115 | "repo": "fenix", 116 | "type": "github" 117 | } 118 | }, 119 | "fenix_3": { 120 | "inputs": { 121 | "nixpkgs": [ 122 | "nixpkgs" 123 | ], 124 | "rust-analyzer-src": "rust-analyzer-src_3" 125 | }, 126 | "locked": { 127 | "lastModified": 1747291057, 128 | "narHash": "sha256-9Wir6aLJAeJKqdoQUiwfKdBn7SyNXTJGRSscRyVOo2Y=", 129 | "owner": "nix-community", 130 | "repo": "fenix", 131 | "rev": "76ffc1b7b3ec8078fe01794628b6abff35cbda8f", 132 | "type": "github" 133 | }, 134 | "original": { 135 | "owner": "nix-community", 136 | "repo": "fenix", 137 | "type": "github" 138 | } 139 | }, 140 | "flake-compat": { 141 | "flake": false, 142 | "locked": { 143 | "lastModified": 1747046372, 144 | "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", 145 | "owner": "edolstra", 146 | "repo": "flake-compat", 147 | "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", 148 | "type": "github" 149 | }, 150 | "original": { 151 | "owner": "edolstra", 152 | "repo": "flake-compat", 153 | "type": "github" 154 | } 155 | }, 156 | "flake-compat_2": { 157 | "flake": false, 158 | "locked": { 159 | "lastModified": 1696426674, 160 | "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 161 | "owner": "edolstra", 162 | "repo": "flake-compat", 163 | "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 164 | "type": "github" 165 | }, 166 | "original": { 167 | "owner": "edolstra", 168 | "repo": "flake-compat", 169 | "type": "github" 170 | } 171 | }, 172 | "flake-compat_3": { 173 | "flake": false, 174 | "locked": { 175 | "lastModified": 1733328505, 176 | "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", 177 | "owner": "edolstra", 178 | "repo": "flake-compat", 179 | "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", 180 | "type": "github" 181 | }, 182 | "original": { 183 | "owner": "edolstra", 184 | "repo": "flake-compat", 185 | "type": "github" 186 | } 187 | }, 188 | "flake-parts": { 189 | "inputs": { 190 | "nixpkgs-lib": [ 191 | "dotvim", 192 | "neovim-nightly", 193 | "nixpkgs" 194 | ] 195 | }, 196 | "locked": { 197 | "lastModified": 1743550720, 198 | "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", 199 | "owner": "hercules-ci", 200 | "repo": "flake-parts", 201 | "rev": "c621e8422220273271f52058f618c94e405bb0f5", 202 | "type": "github" 203 | }, 204 | "original": { 205 | "owner": "hercules-ci", 206 | "repo": "flake-parts", 207 | "type": "github" 208 | } 209 | }, 210 | "flake-parts_2": { 211 | "inputs": { 212 | "nixpkgs-lib": [ 213 | "dotvim", 214 | "neovim-nightly", 215 | "hercules-ci-effects", 216 | "nixpkgs" 217 | ] 218 | }, 219 | "locked": { 220 | "lastModified": 1743550720, 221 | "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", 222 | "owner": "hercules-ci", 223 | "repo": "flake-parts", 224 | "rev": "c621e8422220273271f52058f618c94e405bb0f5", 225 | "type": "github" 226 | }, 227 | "original": { 228 | "id": "flake-parts", 229 | "type": "indirect" 230 | } 231 | }, 232 | "flake-utils": { 233 | "inputs": { 234 | "systems": "systems" 235 | }, 236 | "locked": { 237 | "lastModified": 1731533236, 238 | "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 239 | "owner": "numtide", 240 | "repo": "flake-utils", 241 | "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 242 | "type": "github" 243 | }, 244 | "original": { 245 | "owner": "numtide", 246 | "repo": "flake-utils", 247 | "type": "github" 248 | } 249 | }, 250 | "flakeCompat": { 251 | "flake": false, 252 | "locked": { 253 | "lastModified": 1696426674, 254 | "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 255 | "owner": "edolstra", 256 | "repo": "flake-compat", 257 | "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 258 | "type": "github" 259 | }, 260 | "original": { 261 | "owner": "edolstra", 262 | "repo": "flake-compat", 263 | "type": "github" 264 | } 265 | }, 266 | "ghostty": { 267 | "inputs": { 268 | "flake-compat": "flake-compat_3", 269 | "flake-utils": "flake-utils", 270 | "nixpkgs-stable": "nixpkgs-stable", 271 | "nixpkgs-unstable": "nixpkgs-unstable", 272 | "zig": "zig", 273 | "zon2nix": "zon2nix" 274 | }, 275 | "locked": { 276 | "lastModified": 1747321779, 277 | "narHash": "sha256-JsjX1pRudVKlmNwry1q4p/0ff2uFinEChQazptvJeWg=", 278 | "owner": "ghostty-org", 279 | "repo": "ghostty", 280 | "rev": "9ff43cd345f8e97141c693aaf1ceb86ea3287125", 281 | "type": "github" 282 | }, 283 | "original": { 284 | "owner": "ghostty-org", 285 | "repo": "ghostty", 286 | "type": "github" 287 | } 288 | }, 289 | "git-hooks": { 290 | "inputs": { 291 | "flake-compat": "flake-compat_2", 292 | "gitignore": "gitignore", 293 | "nixpkgs": [ 294 | "dotvim", 295 | "neovim-nightly", 296 | "nixpkgs" 297 | ] 298 | }, 299 | "locked": { 300 | "lastModified": 1746537231, 301 | "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", 302 | "owner": "cachix", 303 | "repo": "git-hooks.nix", 304 | "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", 305 | "type": "github" 306 | }, 307 | "original": { 308 | "owner": "cachix", 309 | "repo": "git-hooks.nix", 310 | "type": "github" 311 | } 312 | }, 313 | "gitignore": { 314 | "inputs": { 315 | "nixpkgs": [ 316 | "dotvim", 317 | "neovim-nightly", 318 | "git-hooks", 319 | "nixpkgs" 320 | ] 321 | }, 322 | "locked": { 323 | "lastModified": 1709087332, 324 | "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 325 | "owner": "hercules-ci", 326 | "repo": "gitignore.nix", 327 | "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 328 | "type": "github" 329 | }, 330 | "original": { 331 | "owner": "hercules-ci", 332 | "repo": "gitignore.nix", 333 | "type": "github" 334 | } 335 | }, 336 | "hercules-ci-effects": { 337 | "inputs": { 338 | "flake-parts": "flake-parts_2", 339 | "nixpkgs": [ 340 | "dotvim", 341 | "neovim-nightly", 342 | "nixpkgs" 343 | ] 344 | }, 345 | "locked": { 346 | "lastModified": 1744693102, 347 | "narHash": "sha256-1Z4WPGVky4w3lrhrgs89OKsLzPdtkbi1bPLNFWsoLfY=", 348 | "owner": "hercules-ci", 349 | "repo": "hercules-ci-effects", 350 | "rev": "5b6cec51c9ec095a0d3fd4c8eeb53eb5c59ae33e", 351 | "type": "github" 352 | }, 353 | "original": { 354 | "owner": "hercules-ci", 355 | "repo": "hercules-ci-effects", 356 | "type": "github" 357 | } 358 | }, 359 | "home-manager": { 360 | "inputs": { 361 | "nixpkgs": [ 362 | "dotfiles", 363 | "unstable" 364 | ] 365 | }, 366 | "locked": { 367 | "lastModified": 1744316889, 368 | "narHash": "sha256-qS0BhvsL9J7gt4cOpBZdzT0EqylGPKyKnU9v/6SJvFI=", 369 | "owner": "nix-community", 370 | "repo": "home-manager", 371 | "rev": "543caa313abe45b56520efdaa35d379703f79e3a", 372 | "type": "github" 373 | }, 374 | "original": { 375 | "owner": "nix-community", 376 | "repo": "home-manager", 377 | "type": "github" 378 | } 379 | }, 380 | "home-manager_2": { 381 | "inputs": { 382 | "nixpkgs": [ 383 | "dotvim", 384 | "nixpkgs" 385 | ] 386 | }, 387 | "locked": { 388 | "lastModified": 1747279714, 389 | "narHash": "sha256-UdxlE8yyrKiGq3bgGyJ78AdFwh+fuRAruKtyFY5Zq5I=", 390 | "owner": "nix-community", 391 | "repo": "home-manager", 392 | "rev": "954615c510c9faa3ee7fb6607ff72e55905e69f2", 393 | "type": "github" 394 | }, 395 | "original": { 396 | "owner": "nix-community", 397 | "repo": "home-manager", 398 | "type": "github" 399 | } 400 | }, 401 | "home-manager_3": { 402 | "inputs": { 403 | "nixpkgs": [ 404 | "nixpkgs" 405 | ] 406 | }, 407 | "locked": { 408 | "lastModified": 1747279714, 409 | "narHash": "sha256-UdxlE8yyrKiGq3bgGyJ78AdFwh+fuRAruKtyFY5Zq5I=", 410 | "owner": "nix-community", 411 | "repo": "home-manager", 412 | "rev": "954615c510c9faa3ee7fb6607ff72e55905e69f2", 413 | "type": "github" 414 | }, 415 | "original": { 416 | "owner": "nix-community", 417 | "repo": "home-manager", 418 | "type": "github" 419 | } 420 | }, 421 | "modeling-app": { 422 | "inputs": { 423 | "naersk": "naersk", 424 | "nixpkgs": [ 425 | "dotvim", 426 | "nixpkgs" 427 | ], 428 | "rust-overlay": "rust-overlay" 429 | }, 430 | "locked": { 431 | "lastModified": 1747329479, 432 | "narHash": "sha256-Q3FlOseGwJkh9lQSVPqDKL7vB1AONVEIMDeg2HTEEv8=", 433 | "owner": "kittycad", 434 | "repo": "modeling-app", 435 | "rev": "8587eb5feaab1ccb38a7fc98efbfa7e5d8ae4969", 436 | "type": "github" 437 | }, 438 | "original": { 439 | "owner": "kittycad", 440 | "repo": "modeling-app", 441 | "type": "github" 442 | } 443 | }, 444 | "naersk": { 445 | "inputs": { 446 | "nixpkgs": "nixpkgs" 447 | }, 448 | "locked": { 449 | "lastModified": 1745925850, 450 | "narHash": "sha256-cyAAMal0aPrlb1NgzMxZqeN1mAJ2pJseDhm2m6Um8T0=", 451 | "owner": "nix-community", 452 | "repo": "naersk", 453 | "rev": "38bc60bbc157ae266d4a0c96671c6c742ee17a5f", 454 | "type": "github" 455 | }, 456 | "original": { 457 | "owner": "nix-community", 458 | "repo": "naersk", 459 | "type": "github" 460 | } 461 | }, 462 | "naersk_2": { 463 | "inputs": { 464 | "nixpkgs": "nixpkgs_4" 465 | }, 466 | "locked": { 467 | "lastModified": 1745925850, 468 | "narHash": "sha256-cyAAMal0aPrlb1NgzMxZqeN1mAJ2pJseDhm2m6Um8T0=", 469 | "owner": "nix-community", 470 | "repo": "naersk", 471 | "rev": "38bc60bbc157ae266d4a0c96671c6c742ee17a5f", 472 | "type": "github" 473 | }, 474 | "original": { 475 | "owner": "nix-community", 476 | "repo": "naersk", 477 | "type": "github" 478 | } 479 | }, 480 | "neovim-nightly": { 481 | "inputs": { 482 | "flake-compat": "flake-compat", 483 | "flake-parts": "flake-parts", 484 | "git-hooks": "git-hooks", 485 | "hercules-ci-effects": "hercules-ci-effects", 486 | "neovim-src": "neovim-src", 487 | "nixpkgs": [ 488 | "dotvim", 489 | "nixpkgs" 490 | ], 491 | "treefmt-nix": "treefmt-nix" 492 | }, 493 | "locked": { 494 | "lastModified": 1747307340, 495 | "narHash": "sha256-C/4b+z/LlfqnyxTO1FC5Y7G4DoO7AhioKfkLT8B7hE8=", 496 | "owner": "nix-community", 497 | "repo": "neovim-nightly-overlay", 498 | "rev": "d4caa71cb7a8217a971dc8d3fcb3b5bd968fe49d", 499 | "type": "github" 500 | }, 501 | "original": { 502 | "owner": "nix-community", 503 | "repo": "neovim-nightly-overlay", 504 | "type": "github" 505 | } 506 | }, 507 | "neovim-src": { 508 | "flake": false, 509 | "locked": { 510 | "lastModified": 1747229802, 511 | "narHash": "sha256-/pBsN0OqJiOcuJEjJmmSCJO8qb2nLpvgKQJrfmDBSUA=", 512 | "owner": "neovim", 513 | "repo": "neovim", 514 | "rev": "d25eb246efc5d8886c72c2e3f0107decf79f625d", 515 | "type": "github" 516 | }, 517 | "original": { 518 | "owner": "neovim", 519 | "repo": "neovim", 520 | "type": "github" 521 | } 522 | }, 523 | "nix-darwin": { 524 | "inputs": { 525 | "nixpkgs": [ 526 | "nixpkgs" 527 | ] 528 | }, 529 | "locked": { 530 | "lastModified": 1747297701, 531 | "narHash": "sha256-R8mFJL3lREsJNDqPHbsn03imKoH2ocpzgT2kKWsWYBM=", 532 | "owner": "LnL7", 533 | "repo": "nix-darwin", 534 | "rev": "b6fff20c692d684d250a39453ed1853dd44c96ab", 535 | "type": "github" 536 | }, 537 | "original": { 538 | "owner": "LnL7", 539 | "repo": "nix-darwin", 540 | "type": "github" 541 | } 542 | }, 543 | "nixpkgs": { 544 | "locked": { 545 | "lastModified": 1745998881, 546 | "narHash": "sha256-vonyYAKJSlsX4n9GCsS0pHxR6yCrfqBIuGvANlkwG6U=", 547 | "owner": "NixOS", 548 | "repo": "nixpkgs", 549 | "rev": "423d2df5b04b4ee7688c3d71396e872afa236a89", 550 | "type": "github" 551 | }, 552 | "original": { 553 | "owner": "NixOS", 554 | "ref": "nixpkgs-unstable", 555 | "repo": "nixpkgs", 556 | "type": "github" 557 | } 558 | }, 559 | "nixpkgs-stable": { 560 | "locked": { 561 | "lastModified": 1741992157, 562 | "narHash": "sha256-nlIfTsTrMSksEJc1f7YexXiPVuzD1gOfeN1ggwZyUoc=", 563 | "owner": "nixos", 564 | "repo": "nixpkgs", 565 | "rev": "da4b122f63095ca1199bd4d526f9e26426697689", 566 | "type": "github" 567 | }, 568 | "original": { 569 | "owner": "nixos", 570 | "ref": "release-24.11", 571 | "repo": "nixpkgs", 572 | "type": "github" 573 | } 574 | }, 575 | "nixpkgs-unstable": { 576 | "locked": { 577 | "lastModified": 1741865919, 578 | "narHash": "sha256-4thdbnP6dlbdq+qZWTsm4ffAwoS8Tiq1YResB+RP6WE=", 579 | "owner": "nixos", 580 | "repo": "nixpkgs", 581 | "rev": "573c650e8a14b2faa0041645ab18aed7e60f0c9a", 582 | "type": "github" 583 | }, 584 | "original": { 585 | "owner": "nixos", 586 | "ref": "nixpkgs-unstable", 587 | "repo": "nixpkgs", 588 | "type": "github" 589 | } 590 | }, 591 | "nixpkgs_2": { 592 | "locked": { 593 | "lastModified": 1744536153, 594 | "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", 595 | "owner": "NixOS", 596 | "repo": "nixpkgs", 597 | "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", 598 | "type": "github" 599 | }, 600 | "original": { 601 | "owner": "NixOS", 602 | "ref": "nixpkgs-unstable", 603 | "repo": "nixpkgs", 604 | "type": "github" 605 | } 606 | }, 607 | "nixpkgs_3": { 608 | "locked": { 609 | "lastModified": 1747179050, 610 | "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", 611 | "owner": "NixOS", 612 | "repo": "nixpkgs", 613 | "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", 614 | "type": "github" 615 | }, 616 | "original": { 617 | "id": "nixpkgs", 618 | "ref": "nixos-unstable", 619 | "type": "indirect" 620 | } 621 | }, 622 | "nixpkgs_4": { 623 | "locked": { 624 | "lastModified": 1745998881, 625 | "narHash": "sha256-vonyYAKJSlsX4n9GCsS0pHxR6yCrfqBIuGvANlkwG6U=", 626 | "owner": "NixOS", 627 | "repo": "nixpkgs", 628 | "rev": "423d2df5b04b4ee7688c3d71396e872afa236a89", 629 | "type": "github" 630 | }, 631 | "original": { 632 | "owner": "NixOS", 633 | "ref": "nixpkgs-unstable", 634 | "repo": "nixpkgs", 635 | "type": "github" 636 | } 637 | }, 638 | "nixpkgs_5": { 639 | "locked": { 640 | "lastModified": 1744536153, 641 | "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", 642 | "owner": "NixOS", 643 | "repo": "nixpkgs", 644 | "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", 645 | "type": "github" 646 | }, 647 | "original": { 648 | "owner": "NixOS", 649 | "ref": "nixpkgs-unstable", 650 | "repo": "nixpkgs", 651 | "type": "github" 652 | } 653 | }, 654 | "root": { 655 | "inputs": { 656 | "dotfiles": "dotfiles", 657 | "dotvim": "dotvim", 658 | "fenix": "fenix_3", 659 | "ghostty": "ghostty", 660 | "home-manager": "home-manager_3", 661 | "nix-darwin": "nix-darwin", 662 | "nixpkgs": "nixpkgs_3", 663 | "zoo-cli": "zoo-cli" 664 | } 665 | }, 666 | "rust-analyzer-src": { 667 | "flake": false, 668 | "locked": { 669 | "lastModified": 1730555913, 670 | "narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=", 671 | "owner": "rust-lang", 672 | "repo": "rust-analyzer", 673 | "rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9", 674 | "type": "github" 675 | }, 676 | "original": { 677 | "owner": "rust-lang", 678 | "ref": "nightly", 679 | "repo": "rust-analyzer", 680 | "type": "github" 681 | } 682 | }, 683 | "rust-analyzer-src_2": { 684 | "flake": false, 685 | "locked": { 686 | "lastModified": 1746889290, 687 | "narHash": "sha256-h3LQYZgyv2l3U7r+mcsrEOGRldaK0zJFwAAva4hV/6g=", 688 | "owner": "rust-lang", 689 | "repo": "rust-analyzer", 690 | "rev": "2bafe9d96c6734aacfd49e115f6cf61e7adc68bc", 691 | "type": "github" 692 | }, 693 | "original": { 694 | "owner": "rust-lang", 695 | "ref": "nightly", 696 | "repo": "rust-analyzer", 697 | "type": "github" 698 | } 699 | }, 700 | "rust-analyzer-src_3": { 701 | "flake": false, 702 | "locked": { 703 | "lastModified": 1746889290, 704 | "narHash": "sha256-h3LQYZgyv2l3U7r+mcsrEOGRldaK0zJFwAAva4hV/6g=", 705 | "owner": "rust-lang", 706 | "repo": "rust-analyzer", 707 | "rev": "2bafe9d96c6734aacfd49e115f6cf61e7adc68bc", 708 | "type": "github" 709 | }, 710 | "original": { 711 | "owner": "rust-lang", 712 | "ref": "nightly", 713 | "repo": "rust-analyzer", 714 | "type": "github" 715 | } 716 | }, 717 | "rust-overlay": { 718 | "inputs": { 719 | "nixpkgs": "nixpkgs_2" 720 | }, 721 | "locked": { 722 | "lastModified": 1745980514, 723 | "narHash": "sha256-CITAeiuXGjDvT5iZBXr6vKVWQwsUQLJUMFO91bfJFC4=", 724 | "owner": "oxalica", 725 | "repo": "rust-overlay", 726 | "rev": "7fbdae44b0f40ea432e46fd152ad8be0f8f41ad6", 727 | "type": "github" 728 | }, 729 | "original": { 730 | "owner": "oxalica", 731 | "repo": "rust-overlay", 732 | "type": "github" 733 | } 734 | }, 735 | "rust-overlay_2": { 736 | "inputs": { 737 | "nixpkgs": "nixpkgs_5" 738 | }, 739 | "locked": { 740 | "lastModified": 1744803954, 741 | "narHash": "sha256-f+gE6JtLhPzyDWOCEHbN/S30GEGHMtXEt41+Va7wzEU=", 742 | "owner": "oxalica", 743 | "repo": "rust-overlay", 744 | "rev": "c564fb830c7d5b3e4fde5ea829a62f0e41e43a20", 745 | "type": "github" 746 | }, 747 | "original": { 748 | "owner": "oxalica", 749 | "repo": "rust-overlay", 750 | "type": "github" 751 | } 752 | }, 753 | "systems": { 754 | "locked": { 755 | "lastModified": 1681028828, 756 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 757 | "owner": "nix-systems", 758 | "repo": "default", 759 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 760 | "type": "github" 761 | }, 762 | "original": { 763 | "owner": "nix-systems", 764 | "repo": "default", 765 | "type": "github" 766 | } 767 | }, 768 | "treefmt-nix": { 769 | "inputs": { 770 | "nixpkgs": [ 771 | "dotvim", 772 | "neovim-nightly", 773 | "nixpkgs" 774 | ] 775 | }, 776 | "locked": { 777 | "lastModified": 1746989248, 778 | "narHash": "sha256-uoQ21EWsAhyskNo8QxrTVZGjG/dV4x5NM1oSgrmNDJY=", 779 | "owner": "numtide", 780 | "repo": "treefmt-nix", 781 | "rev": "708ec80ca82e2bbafa93402ccb66a35ff87900c5", 782 | "type": "github" 783 | }, 784 | "original": { 785 | "owner": "numtide", 786 | "repo": "treefmt-nix", 787 | "type": "github" 788 | } 789 | }, 790 | "unstable": { 791 | "locked": { 792 | "lastModified": 1744098102, 793 | "narHash": "sha256-tzCdyIJj9AjysC3OuKA+tMD/kDEDAF9mICPDU7ix0JA=", 794 | "owner": "NixOS", 795 | "repo": "nixpkgs", 796 | "rev": "c8cd81426f45942bb2906d5ed2fe21d2f19d95b7", 797 | "type": "github" 798 | }, 799 | "original": { 800 | "id": "nixpkgs", 801 | "ref": "nixos-unstable", 802 | "type": "indirect" 803 | } 804 | }, 805 | "zig": { 806 | "inputs": { 807 | "flake-compat": [ 808 | "ghostty" 809 | ], 810 | "flake-utils": [ 811 | "ghostty", 812 | "flake-utils" 813 | ], 814 | "nixpkgs": [ 815 | "ghostty", 816 | "nixpkgs-stable" 817 | ] 818 | }, 819 | "locked": { 820 | "lastModified": 1741825901, 821 | "narHash": "sha256-aeopo+aXg5I2IksOPFN79usw7AeimH1+tjfuMzJHFdk=", 822 | "owner": "mitchellh", 823 | "repo": "zig-overlay", 824 | "rev": "0b14285e283f5a747f372fb2931835dd937c4383", 825 | "type": "github" 826 | }, 827 | "original": { 828 | "owner": "mitchellh", 829 | "repo": "zig-overlay", 830 | "type": "github" 831 | } 832 | }, 833 | "zon2nix": { 834 | "inputs": { 835 | "flake-utils": [ 836 | "ghostty", 837 | "flake-utils" 838 | ], 839 | "nixpkgs": [ 840 | "ghostty", 841 | "nixpkgs-unstable" 842 | ] 843 | }, 844 | "locked": { 845 | "lastModified": 1742104771, 846 | "narHash": "sha256-LhidlyEA9MP8jGe1rEnyjGFCzLLgCdDpYeWggibayr0=", 847 | "owner": "jcollie", 848 | "repo": "zon2nix", 849 | "rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613", 850 | "type": "github" 851 | }, 852 | "original": { 853 | "owner": "jcollie", 854 | "ref": "56c159be489cc6c0e73c3930bd908ddc6fe89613", 855 | "repo": "zon2nix", 856 | "type": "github" 857 | } 858 | }, 859 | "zoo-cli": { 860 | "inputs": { 861 | "naersk": "naersk_2", 862 | "nixpkgs": [ 863 | "nixpkgs" 864 | ], 865 | "rust-overlay": "rust-overlay_2" 866 | }, 867 | "locked": { 868 | "lastModified": 1747325259, 869 | "narHash": "sha256-qDhujDgyUm5Adm+BoiSykxSVk7DKKTzFz+cl43te76o=", 870 | "owner": "kittycad", 871 | "repo": "cli", 872 | "rev": "3bb014555ccaad99b06fe687d00c0694b0391091", 873 | "type": "github" 874 | }, 875 | "original": { 876 | "owner": "kittycad", 877 | "repo": "cli", 878 | "type": "github" 879 | } 880 | } 881 | }, 882 | "root": "root", 883 | "version": 7 884 | } 885 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "Desktop and laptop configuration for NixOS and macOS"; 3 | 4 | inputs = { 5 | nixpkgs.url = "nixpkgs/nixos-unstable"; 6 | 7 | home-manager = { 8 | url = "github:nix-community/home-manager"; 9 | inputs.nixpkgs.follows = "nixpkgs"; 10 | }; 11 | 12 | nix-darwin = { 13 | url = "github:LnL7/nix-darwin"; 14 | inputs.nixpkgs.follows = "nixpkgs"; 15 | }; 16 | 17 | # rust, see https://github.com/nix-community/fenix#usage 18 | fenix = { 19 | url = "github:nix-community/fenix"; 20 | inputs.nixpkgs.follows = "nixpkgs"; 21 | }; 22 | 23 | ghostty = { 24 | url = "github:ghostty-org/ghostty"; 25 | }; 26 | 27 | dotfiles = { 28 | url = "github:jessfraz/dotfiles"; 29 | inputs.nixpkgs.follows = "nixpkgs"; 30 | }; 31 | 32 | dotvim = { 33 | url = "git+https://github.com/jessfraz/.vim"; 34 | inputs.nixpkgs.follows = "nixpkgs"; 35 | }; 36 | 37 | zoo-cli = { 38 | url = "github:kittycad/cli"; 39 | inputs.nixpkgs.follows = "nixpkgs"; 40 | }; 41 | }; 42 | 43 | outputs = { 44 | self, 45 | nixpkgs, 46 | home-manager, 47 | nix-darwin, 48 | fenix, 49 | ghostty, 50 | dotfiles, 51 | dotvim, 52 | zoo-cli, 53 | } @ inputs: let 54 | # Define the systems we want to support 55 | supportedSystems = ["aarch64-darwin" "x86_64-linux"]; 56 | 57 | # Helper function to generate attributes for each system 58 | forAllSystems = f: 59 | builtins.listToAttrs (map (system: { 60 | name = system; 61 | value = f system; 62 | }) 63 | supportedSystems); 64 | 65 | # Create packages for each system 66 | mkPackages = system: let 67 | # Apply allowUnfree to all package sets 68 | pkgs = import nixpkgs { 69 | inherit system; 70 | config = { 71 | allowUnfree = true; 72 | }; 73 | }; 74 | fenixPkgs = fenix.packages.${system}; 75 | zooCli = zoo-cli.packages.${pkgs.system}.zoo; 76 | 77 | # Common packages for all systems 78 | commonPackages = with pkgs; [ 79 | _1password-cli 80 | bash 81 | bash-completion 82 | claude-code 83 | coreutils 84 | curl 85 | (fenixPkgs.complete.withComponents [ 86 | "cargo" 87 | "clippy" 88 | "rust-src" 89 | "rustc" 90 | "rustfmt" 91 | ]) 92 | findutils 93 | git 94 | git-lfs 95 | gnumake 96 | gnupg 97 | gnused 98 | jq 99 | just 100 | nodejs 101 | pinentry-tty 102 | silver-searcher 103 | starship 104 | tree 105 | uv 106 | watch 107 | yarn 108 | zooCli 109 | ]; 110 | 111 | # System-specific packages 112 | systemSpecificPackages = 113 | if pkgs.stdenv.isLinux 114 | then 115 | # Linux-specific packages 116 | with pkgs; [ 117 | _1password-gui 118 | google-chrome 119 | pinentry-tty 120 | tailscale 121 | xclip 122 | ] 123 | else 124 | # macOS-specific packages 125 | with pkgs; [ 126 | # Add macOS-specific packages here 127 | pinentry_mac 128 | ]; 129 | in 130 | pkgs.buildEnv { 131 | name = "home-packages"; 132 | paths = commonPackages ++ (builtins.filter (p: p != null) systemSpecificPackages); 133 | }; 134 | in { 135 | # Generate packages for all supported systems 136 | packages = forAllSystems (system: { 137 | default = mkPackages system; 138 | }); 139 | 140 | # NixOS configurations 141 | nixosConfigurations = { 142 | system76 = nixpkgs.lib.nixosSystem { 143 | specialArgs = {inherit inputs;}; 144 | system = "x86_64-linux"; # or aarch64-linux if you're on ARM 145 | modules = [ 146 | ./hosts/base/configuration.nix 147 | ./hosts/linux/configuration.nix 148 | ./hosts/linux/system76/configuration.nix 149 | home-manager.nixosModules.home-manager 150 | { 151 | home-manager.useGlobalPkgs = true; 152 | home-manager.useUserPackages = true; 153 | home-manager.extraSpecialArgs = {inherit inputs;}; 154 | home-manager.users.jessfraz.imports = [ 155 | dotfiles.homeManagerModules.default 156 | dotvim.homeManagerModules.default 157 | ./home/default.nix 158 | ./home/hosts/linux/default.nix 159 | ]; 160 | } 161 | ]; 162 | }; 163 | }; 164 | 165 | # macOS configurations 166 | darwinConfigurations = { 167 | macinator = nix-darwin.lib.darwinSystem { 168 | specialArgs = {inherit inputs;}; 169 | system = "aarch64-darwin"; 170 | modules = [ 171 | ./hosts/base/configuration.nix 172 | ./hosts/darwin/configuration.nix 173 | home-manager.darwinModules.home-manager 174 | { 175 | home-manager.useGlobalPkgs = true; 176 | home-manager.useUserPackages = true; 177 | home-manager.extraSpecialArgs = {inherit inputs;}; 178 | home-manager.users.jessfraz.imports = [ 179 | dotfiles.homeManagerModules.default 180 | dotvim.homeManagerModules.default 181 | ./home/default.nix 182 | ./home/hosts/darwin/default.nix 183 | ]; 184 | } 185 | ]; 186 | }; 187 | }; 188 | }; 189 | } 190 | -------------------------------------------------------------------------------- /home/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | inputs, 5 | ... 6 | }: let 7 | homeDir = 8 | if pkgs.stdenv.isLinux 9 | then "/home/jessfraz" 10 | else "/Users/jessfraz"; 11 | ghosttyPkg = 12 | if pkgs.stdenv.isLinux 13 | then inputs.ghostty.packages.${pkgs.stdenv.system}.default 14 | else null; # We install on our own on macOS 15 | in { 16 | imports = [ 17 | ./programs/bash.nix 18 | ./programs/git.nix 19 | ./programs/gpg.nix 20 | ./programs/starship.nix 21 | ]; 22 | 23 | home = { 24 | username = "jessfraz"; 25 | homeDirectory = lib.mkForce homeDir; 26 | 27 | # This value determines the Home Manager release that your configuration is 28 | # compatible with. This helps avoid breakage when a new Home Manager release 29 | # introduces backwards incompatible changes. 30 | # 31 | # You should not change this value, even if you update Home Manager. If you do 32 | # want to update the value, then make sure to first check the Home Manager 33 | # release notes. 34 | stateVersion = "25.05"; # Please read the comment before changing. 35 | }; 36 | 37 | programs = { 38 | home-manager = { 39 | # Let Home Manager install and manage itself. 40 | enable = true; 41 | }; 42 | 43 | man = { 44 | enable = true; 45 | }; 46 | 47 | ssh = { 48 | enable = true; 49 | addKeysToAgent = "yes"; 50 | }; 51 | 52 | ghostty = { 53 | enable = true; 54 | 55 | package = ghosttyPkg; 56 | 57 | settings = { 58 | command = "/etc/profiles/per-user/jessfraz/bin/bash"; 59 | font-family = "Hack Nerd Font Mono"; 60 | theme = "Ayu Mirage"; 61 | macos-titlebar-style = "tabs"; 62 | background-opacity = 0.9; 63 | background-blur-radius = 20; 64 | }; 65 | 66 | enableBashIntegration = true; 67 | }; 68 | }; 69 | 70 | fonts.fontconfig.enable = true; 71 | } 72 | -------------------------------------------------------------------------------- /home/hosts/darwin/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | # Fix for https://github.com/nix-community/home-manager/issues/5997 3 | programs.bash.initExtra = '' 4 | gpgconf --launch gpg-agent 5 | ''; 6 | programs.bash.sessionVariables = { 7 | SSH_AUTH_SOCK = "$(gpgconf --list-dirs agent-ssh-socket)"; 8 | }; 9 | 10 | targets.darwin.defaults = { 11 | NSGlobalDomain = { 12 | # Always show file extensions in Finder. 13 | AppleShowAllFiles = true; 14 | }; 15 | 16 | "com.apple.desktopservices" = { 17 | # Avoid creating .DS_Store files on network or USB volumes 18 | DSDontWriteNetworkStores = true; 19 | DSDontWriteUSBStores = true; 20 | }; 21 | 22 | "com.apple.dock" = { 23 | autohide = true; 24 | orientation = "bottom"; 25 | tilesize = 44; 26 | }; 27 | 28 | "com.apple.finder" = { 29 | # Show hidden files in Finder. 30 | AppleShowAllFiles = true; 31 | # Automatically delete items from trash after 30 days. 32 | FXRemoveOldTrashItems = true; 33 | # Show the path bar at the bottom of a Finder window. 34 | ShowPathbar = true; 35 | # Show the status bar at the bottom of a Finder window. 36 | ShowStatusBar = true; 37 | }; 38 | 39 | "com.apple.controlcenter" = { 40 | # Show battery percentage in menu bar. 41 | BatteryShowPercentage = true; 42 | }; 43 | 44 | "com.apple.menuextra.clock" = { 45 | # Show 24-hour clock in menu bar. 46 | Show24Hour = true; 47 | }; 48 | 49 | "com.apple.Safari" = { 50 | AutoFillPasswords = false; # Use 1Password for passwords. 51 | IncludeDevelopMenu = true; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /home/hosts/linux/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [ 3 | ]; 4 | 5 | home.packages = with pkgs; [ 6 | #egl-wayland 7 | ]; 8 | 9 | home.pointerCursor = { 10 | package = pkgs.vanilla-dmz; 11 | name = "Vanilla-DMZ"; 12 | gtk.enable = true; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /home/programs/bash.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: let 2 | netRcContents = '' 3 | cat <<-EOF > ~/.netrc 4 | machine github.com 5 | login jessfraz 6 | password $GITHUB_TOKEN 7 | 8 | machine api.github.com 9 | login jessfraz 10 | password $GITHUB_TOKEN 11 | EOF 12 | ''; 13 | in { 14 | programs.bash = { 15 | enable = true; 16 | 17 | enableCompletion = true; 18 | 19 | shellOptions = [ 20 | # check the window size after each command and, if necessary, 21 | # update the values of LINES and COLUMNS. 22 | "checkwinsize" 23 | # Case-insensitive globbing (used in pathname expansion) 24 | "nocaseglob" 25 | # Append to the Bash history file, rather than overwriting it 26 | "histappend" 27 | # Autocorrect typos in path names when using `cd` 28 | "cdspell" 29 | # `**/qux` will enter `./foo/bar/baz/qux` 30 | "autocd" 31 | # * Recursive globbing, e.g. `echo **/*.txt` 32 | "extglob" 33 | "globstar" 34 | # Warn if closing shell with running jobs. 35 | "checkjobs" 36 | ]; 37 | 38 | historySize = 50000000; 39 | historyFileSize = 50000000; 40 | historyControl = ["ignoredups"]; 41 | historyIgnore = ["exit"]; 42 | 43 | # Load the other bash dotfiles we have. 44 | bashrcExtra = '' 45 | source ${config.home.homeDirectory}/.nixbash 46 | 47 | function fetch-github-token() { 48 | export GITHUB_TOKEN=$(op --account my.1password.com item get "GitHub Personal Access Token" --fields token --reveal) 49 | 50 | # Add the token to our .netrc file 51 | ${netRcContents} 52 | 53 | chmod 600 ~/.netrc 54 | 55 | # Add the token to our ~/.config/nix/nix.conf 56 | mkdir -p ~/.config/nix 57 | echo "access-tokens = github.com=$GITHUB_TOKEN" > ~/.config/nix/nix.conf 58 | } 59 | alias fetch-gh-token="fetch-github-token" 60 | 61 | function fetch-openai-key() { 62 | export OPENAI_API_KEY=$(op --account my.1password.com item get "openai.com" --fields apikey --reveal) 63 | } 64 | 65 | function fetch-anthropic-key() { 66 | export ANTHROPIC_API_KEY=$(op --account my.1password.com item get "claude.ai" --fields apikey --reveal) 67 | } 68 | 69 | function fetch-google-ai-key() { 70 | export GOOGLE_API_KEY=$(op --account my.1password.com item get "Google AI Studio" --fields credential --reveal) 71 | } 72 | 73 | function fetch-deepseek-key() { 74 | export DEEPSEEK_API_KEY=$(op --account my.1password.com item get "deepseek.com" --fields apikey --reveal) 75 | } 76 | 77 | function fetch-grok-key() { 78 | export GROK_API_KEY=$(op --account my.1password.com item get "grok x.ai" --fields credential --reveal) 79 | } 80 | 81 | function fetch-kc-token() { 82 | export KITTYCAD_TOKEN=$(op --account kittycadinc.1password.com item get --vault Employee "KittyCAD Token" --fields credential --reveal) 83 | export KITTYCAD_API_TOKEN=$KITTYCAD_TOKEN 84 | export ZOO_TEST_TOKEN=$KITTYCAD_API_TOKEN 85 | export KITTYCAD_DEV_TOKEN=$(op --account kittycadinc.1password.com item get --vault Employee "KittyCAD Dev Token" --fields credential --reveal) 86 | } 87 | alias fetch-zoo-token="fetch-kc-token" 88 | alias fetch-kittycad-token="fetch-kc-token" 89 | 90 | function fetch-stripe-key() { 91 | export STRIPE_API_KEY=$(op --account kittycadinc.1password.com item get "stripe prod zoo" --fields credential --reveal) 92 | } 93 | 94 | function fetch-hoops-license() { 95 | export HOOPS_LICENSE=$(op --account kittycadinc.1password.com item get "Hoops Licence" --fields "new license key" --reveal) 96 | } 97 | 98 | function fetch-kio-license() { 99 | export KERNEL_IO_LICENSE=$(op --account kittycadinc.1password.com item get "3D_KERNEL_IO_LICENSE" --fields "license key" --reveal) 100 | } 101 | 102 | function fetch-cockroach-license() { 103 | export COCKROACHDB_ENTERPRISE_LICENSE=$(op --account kittycadinc.1password.com item get "CockroachDB Dev License" --fields "license key" --reveal) 104 | mkdir -p "${config.home.homeDirectory}/.cockroach" 105 | echo "$(op --account kittycadinc.1password.com item get "CockroachDB Dev License" --fields "certificate" --reveal)" > "${config.home.homeDirectory}/.cockroach/ca.crt" 106 | # Trim " from the file 107 | sed -i 's/^"//;s/"$//' ${config.home.homeDirectory}/.cockroach/ca.crt 108 | export DATABASE_ROOT_CERT_PATH="${config.home.homeDirectory}/.cockroach/ca.crt" 109 | } 110 | 111 | function vault-login() { 112 | export VAULT_ADDR="http://vault.hawk-dinosaur.ts.net" 113 | export GITHUB_VAULT_TOKEN=$(op --account kittycadinc.1password.com item get --vault Employee "GitHub Token Vault" --fields credential --reveal) 114 | echo $GITHUB_VAULT_TOKEN | vault login -method=github token=- 115 | } 116 | ''; 117 | 118 | # Fix for https://github.com/nix-community/home-manager/issues/5997 119 | initExtra = '' 120 | gpgconf --launch gpg-agent 121 | ''; 122 | sessionVariables = { 123 | SSH_AUTH_SOCK = "$(gpgconf --list-dirs agent-ssh-socket)"; 124 | }; 125 | }; 126 | } 127 | -------------------------------------------------------------------------------- /home/programs/git.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.git = { 3 | enable = true; 4 | 5 | userName = "Jess Frazelle"; 6 | userEmail = "github@jessfraz.com"; 7 | signing = { 8 | key = "18F3685C0022BFF3"; 9 | signByDefault = true; 10 | }; 11 | 12 | extraConfig = { 13 | github.user = "jessfraz"; 14 | init.defaultBranch = "main"; 15 | pull.rebase = true; 16 | 17 | apply.whitespace = "fix"; 18 | 19 | core = { 20 | excludesfile = "~/.gitignore"; 21 | attributesfile = "~/.gitattributes"; 22 | whitespace = "space-before-tab,-indent-with-non-tab,trailing-space"; 23 | trustctime = false; 24 | editor = "nvim"; 25 | }; 26 | 27 | color = { 28 | ui = "auto"; 29 | branch = { 30 | current = "yellow reverse"; 31 | local = "yellow"; 32 | remote = "green"; 33 | }; 34 | diff = { 35 | meta = "yellow bold"; 36 | frag = "magenta bold"; 37 | old = "red"; 38 | new = "green"; 39 | }; 40 | status = { 41 | added = "yellow"; 42 | changed = "green"; 43 | untracked = "cyan"; 44 | }; 45 | }; 46 | 47 | diff.renames = "copies"; 48 | 49 | help.autocorrect = 1; 50 | 51 | merge.log = true; 52 | 53 | push = { 54 | default = "simple"; 55 | autoSetupRemote = true; 56 | }; 57 | 58 | url = { 59 | "git@github.com:github" = { 60 | insteadOf = [ 61 | "https://github.com/github" 62 | "github:github" 63 | "git://github.com/github" 64 | ]; 65 | }; 66 | "git@github.com:" = { 67 | pushInsteadOf = [ 68 | "https://github.com/" 69 | "github:" 70 | "git://github.com/" 71 | ]; 72 | }; 73 | "git://github.com/" = { 74 | insteadOf = "github:"; 75 | }; 76 | "git@gist.github.com:" = { 77 | insteadOf = "gst:"; 78 | pushInsteadOf = [ 79 | "gist:" 80 | "git://gist.github.com/" 81 | ]; 82 | }; 83 | "git://gist.github.com/" = { 84 | insteadOf = "gist:"; 85 | }; 86 | }; 87 | 88 | filter.lfs = { 89 | clean = "git-lfs clean -- %f"; 90 | smudge = "git-lfs smudge -- %f"; 91 | process = "git-lfs filter-process"; 92 | required = true; 93 | }; 94 | }; 95 | 96 | aliases = { 97 | # View abbreviated SHA, description, and history graph of the latest 20 commits 98 | l = "log --pretty=oneline -n 20 --graph --abbrev-commit"; 99 | 100 | # View the current working tree status using the short format 101 | s = "status -s"; 102 | 103 | # Show the diff between the latest commit and the current state 104 | d = "!\"git diff-index --quiet HEAD -- || clear; git --no-pager diff --patch-with-stat\""; 105 | 106 | # `git di $number` shows the diff between the state `$number` revisions ago and the current state 107 | di = "!\"d() { git diff --patch-with-stat HEAD~$1; }; git diff-index --quiet HEAD -- || clear; d\""; 108 | 109 | # Pull in remote changes for the current repository and all its submodules 110 | p = "!\"git pull; git submodule foreach git pull origin master\""; 111 | 112 | # Checkout a pull request from origin (of a github repository) 113 | pr = "!\"pr() { git fetch origin pull/$1/head:pr-$1; git checkout pr-$1; }; pr\""; 114 | 115 | # Clone a repository including all submodules 116 | c = "clone --recursive"; 117 | 118 | # Commit all changes 119 | ca = "!git add -A && git commit -av"; 120 | 121 | # Switch to a branch, creating it if necessary 122 | go = "!f() { git checkout -b \"$1\" 2> /dev/null || git checkout \"$1\"; }; f"; 123 | 124 | # Color graph log view 125 | graph = "log --graph --color --pretty=format:\"%C(yellow)%H%C(green)%d%C(reset)%n%x20%cd%n%x20%cn%x20(%ce)%n%x20%s%n\""; 126 | 127 | # Show verbose output about tags, branches or remotes 128 | tags = "tag -l"; 129 | branches = "branch -a"; 130 | remotes = "remote -v"; 131 | 132 | # Amend the currently staged files to the latest commit 133 | amend = "commit --amend --reuse-message=HEAD"; 134 | 135 | # Credit an author on the latest commit 136 | credit = "!f() { git commit --amend --author \"$1 <$2>\" -C HEAD; }; f"; 137 | 138 | # Interactive rebase with the given number of latest commits 139 | reb = "!r() { git rebase -i HEAD~$1; }; r"; 140 | 141 | # Find branches containing commit 142 | fb = "!f() { git branch -a --contains $1; }; f"; 143 | 144 | # Find tags containing commit 145 | ft = "!f() { git describe --always --contains $1; }; f"; 146 | 147 | # Find commits by source code 148 | fc = "!f() { git log --pretty=format:'%C(yellow)%h\t%Cblue%ad %Creset%s%Cgreen [%cn] %Cred%d' --decorate --date=short -S$1; }; f"; 149 | 150 | # Find commits by commit message 151 | fm = "!f() { git log --pretty=format:'%C(yellow)%h\t%Cblue%ad %Creset%s%Cgreen [%cn] %Cred%d' --decorate --date=short --grep=$1; }; f"; 152 | 153 | # Remove branches that have already been merged with master 154 | # a.k.a. 'delete merged' 155 | dm = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d; git remote -v update -p"; 156 | 157 | # List contributors with number of commits 158 | contributors = "shortlog --summary --numbered"; 159 | 160 | lg = "log --color --decorate --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an (%G?)>%Creset' --abbrev-commit"; 161 | 162 | mdiff = "!f() { git stash | head -1 | grep -q 'No local changes to save'; x=$?; git merge --no-commit $1 &>/dev/null; git add -u &>/dev/null; git diff --staged; git reset --hard &>/dev/null; test $x -ne 0 && git stash pop &>/dev/null; }; f"; 163 | 164 | # Codereview aliases 165 | change = "codereview change"; 166 | gofmt = "codereview gofmt"; 167 | mail = "codereview mail"; 168 | pending = "codereview pending"; 169 | submit = "codereview submit"; 170 | sync = "codereview sync"; 171 | 172 | # from seth vargo 173 | unreleased = "!f() { git fetch --tags && git diff $(git tag | tail -n 1); }; f"; 174 | up = "!git pull origin master && git remote prune origin && git submodule update --init --recursive"; 175 | undo = "!git reset HEAD~1 --mixed"; 176 | top = "!git log --format=format:%an | sort | uniq -c | sort -r | head -n 20"; 177 | 178 | # from trevor bramble 179 | alias = "!git config -l | grep ^alias | cut -c 7- | sort"; 180 | 181 | # from myles borins - github workflow helpers 182 | patchit = "!f() { echo $1.patch | sed s_pull/[0-9]*/commits_commit_ | xargs curl -L | git am --whitespace=fix; }; f"; 183 | patchit-please = "!f() { echo $1.patch | sed s_pull/[0-9]*/commits_commit_ | xargs curl -L | git am -3 --whitespace=fix; }; f"; 184 | }; 185 | }; 186 | } 187 | -------------------------------------------------------------------------------- /home/programs/gpg.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: let 6 | pinentryPkg = 7 | if pkgs.stdenv.isLinux 8 | then pkgs.pinentry-tty 9 | else pkgs.pinentry_mac; 10 | in { 11 | programs.gpg = { 12 | enable = true; 13 | 14 | homedir = "${config.home.homeDirectory}/.gnupg"; 15 | 16 | settings = { 17 | default-key = "0x18F3685C0022BFF3"; 18 | # Disable inclusion of the version string in ASCII armored output 19 | no-emit-version = true; 20 | # Disable comment string in clear text signatures and ASCII armored messages 21 | no-comments = true; 22 | # Display long key IDs 23 | keyid-format = "0xlong"; 24 | # List all keys (or the specified ones) along with their fingerprints 25 | with-fingerprint = true; 26 | # Display the calculated validity of user IDs during key listings 27 | list-options = "show-uid-validity"; 28 | verify-options = "show-uid-validity"; 29 | 30 | # Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to 31 | # the agent before it asks for a passphrase. 32 | use-agent = true; 33 | 34 | charset = "utf-8"; 35 | fixed-list-mode = true; 36 | 37 | personal-cipher-preferences = "AES256 AES192 AES CAST5"; 38 | # list of personal digest preferences. When multiple ciphers are supported by 39 | # all recipients, choose the strongest one 40 | personal-digest-preferences = "SHA512 SHA384 SHA256 SHA224"; 41 | # message digest algorithm used when signing a key 42 | cert-digest-algo = "SHA512"; 43 | s2k-cipher-algo = "AES256"; 44 | s2k-digest-algo = "SHA512"; 45 | # This preference list is used for new keys and becomes the default for 46 | # "setpref" in the edit menu 47 | default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; 48 | }; 49 | 50 | scdaemonSettings = { 51 | disable-ccid = true; 52 | }; 53 | }; 54 | 55 | services.gpg-agent = { 56 | enable = true; 57 | enableSshSupport = true; 58 | pinentry = { 59 | package = pinentryPkg; 60 | }; 61 | 62 | defaultCacheTtl = 60; 63 | maxCacheTtl = 120; 64 | 65 | enableBashIntegration = true; 66 | 67 | verbose = true; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /home/programs/starship.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | programs.starship = { 3 | enable = true; 4 | settings = { 5 | # Main format string 6 | format = lib.concatStrings [ 7 | "$username" 8 | "$hostname" 9 | "$localip" 10 | "$shlvl" 11 | "$singularity" 12 | "$kubernetes" 13 | "$directory" 14 | "$vcsh" 15 | "$fossil_branch" 16 | "$fossil_metrics" 17 | "$git_branch" 18 | "$git_commit" 19 | "$git_state" 20 | "$git_metrics" 21 | "$git_status" 22 | "$hg_branch" 23 | "$pijul_channel" 24 | "$docker_context" 25 | "$package" 26 | "$c" 27 | "$cmake" 28 | "$cobol" 29 | "$daml" 30 | "$dart" 31 | "$deno" 32 | "$dotnet" 33 | "$elixir" 34 | "$elm" 35 | "$erlang" 36 | "$fennel" 37 | "$gleam" 38 | "$golang" 39 | "$guix_shell" 40 | "$haskell" 41 | "$haxe" 42 | "$helm" 43 | "$java" 44 | "$julia" 45 | "$kotlin" 46 | "$gradle" 47 | "$lua" 48 | "$nim" 49 | "$nodejs" 50 | "$ocaml" 51 | "$opa" 52 | "$perl" 53 | "$php" 54 | "$pulumi" 55 | "$purescript" 56 | "$python" 57 | "$quarto" 58 | "$raku" 59 | "$rlang" 60 | "$red" 61 | "$ruby" 62 | "$rust" 63 | "$scala" 64 | "$solidity" 65 | "$swift" 66 | "$terraform" 67 | "$typst" 68 | "$vlang" 69 | "$vagrant" 70 | "$zig" 71 | "$buf" 72 | "$nix_shell" 73 | "$conda" 74 | "$meson" 75 | "$spack" 76 | "$memory_usage" 77 | "$aws" 78 | "$gcloud" 79 | "$openstack" 80 | "$azure" 81 | "$nats" 82 | "$direnv" 83 | "$env_var" 84 | "$crystal" 85 | "$custom" 86 | "$sudo" 87 | "$cmd_duration" 88 | "$line_break" 89 | "$jobs" 90 | "$battery" 91 | "$time" 92 | "$status" 93 | "$os" 94 | "$container" 95 | "$shell" 96 | "$character" 97 | ]; 98 | 99 | # Add newline between prompts 100 | add_newline = true; 101 | 102 | # Character module configuration 103 | character = { 104 | success_symbol = "[\\$](bold white)"; 105 | }; 106 | 107 | # Directory module configuration 108 | directory = { 109 | style = "bold green"; 110 | }; 111 | 112 | # Hostname module configuration 113 | hostname = { 114 | ssh_only = false; 115 | disabled = false; 116 | style = "bold cyan"; 117 | }; 118 | 119 | # Package module configuration 120 | package = { 121 | disabled = true; 122 | }; 123 | 124 | # Username module configuration 125 | username = { 126 | disabled = false; 127 | show_always = true; 128 | style_user = "bold blue"; 129 | format = "[$user]($style) at "; 130 | }; 131 | }; 132 | }; 133 | } 134 | -------------------------------------------------------------------------------- /hosts/base/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | inputs, 5 | ... 6 | }: let 7 | homeDir = 8 | if pkgs.stdenv.isLinux 9 | then "/home/jessfraz" 10 | else "/Users/jessfraz"; 11 | in { 12 | users.users.jessfraz = { 13 | description = "Jessie Frazelle"; 14 | shell = pkgs.bash; 15 | home = homeDir; 16 | }; 17 | 18 | nix = { 19 | enable = true; 20 | optimise = { 21 | automatic = true; 22 | }; 23 | settings = { 24 | experimental-features = ["nix-command" "flakes"]; 25 | trusted-users = ["jessfraz"]; 26 | }; 27 | package = pkgs.nixVersions.stable; 28 | }; 29 | 30 | environment = { 31 | systemPackages = [inputs.self.packages.${pkgs.system}.default]; 32 | }; 33 | 34 | fonts.packages = with pkgs; [ 35 | nerd-fonts.hack 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/darwin/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | inputs, 5 | ... 6 | }: let 7 | hostname = "macinator"; 8 | in { 9 | nix.gc = { 10 | automatic = true; 11 | interval = { 12 | Day = 5; 13 | }; 14 | options = "--delete-older-than 1w"; 15 | }; 16 | 17 | networking = { 18 | hostName = hostname; 19 | computerName = hostname; 20 | }; 21 | 22 | # Add ability to used TouchID for sudo authentication. 23 | security = { 24 | pam = { 25 | services = { 26 | sudo_local = { 27 | enable = true; 28 | touchIdAuth = true; 29 | }; 30 | }; 31 | }; 32 | }; 33 | 34 | # MacOS system preferences. 35 | system.defaults = { 36 | NSGlobalDomain = { 37 | # Whether to always show hidden files. 38 | AppleShowAllFiles = true; 39 | # Whether to automatically switch between light and dark mode. 40 | AppleInterfaceStyleSwitchesAutomatically = true; 41 | # Show all the file extensions. 42 | AppleShowAllExtensions = true; 43 | }; 44 | 45 | SoftwareUpdate = { 46 | AutomaticallyInstallMacOSUpdates = true; 47 | }; 48 | 49 | menuExtraClock = { 50 | Show24Hour = true; 51 | }; 52 | 53 | controlcenter = { 54 | # Show battery percentage in menu bar. 55 | BatteryShowPercentage = true; 56 | }; 57 | 58 | dock = { 59 | # Auto-hide the Dock. 60 | autohide = true; 61 | # Enable highlight hover effect for the grid view of a stack in the Dock. 62 | mouse-over-hilite-stack = true; 63 | 64 | orientation = "bottom"; 65 | show-recents = false; 66 | tilesize = 44; 67 | # Magnify icon on hover. 68 | magnification = true; 69 | # Magnified icon size on hover. 70 | largesize = 48; 71 | 72 | # Enable spring loading for all Dock items. 73 | enable-spring-load-actions-on-all-items = true; 74 | 75 | # Set the minimize/maximize window effect. 76 | mineffect = "genie"; 77 | }; 78 | 79 | finder = { 80 | # Whether to always show hidden files. 81 | AppleShowAllFiles = true; 82 | # Show status bar at bottom of finder windows with item/disk space stats. 83 | ShowStatusBar = true; 84 | # Show path breadcrumbs in finder windows. 85 | ShowPathbar = true; 86 | # Remove items in the trash after 30 days. 87 | FXRemoveOldTrashItems = true; 88 | # Whether to always show file extensions. 89 | AppleShowAllExtensions = true; # show all file extensions 90 | # Whether to show external disks on desktop. 91 | ShowExternalHardDrivesOnDesktop = true; 92 | # Whether to show removable media (CDs, DVDs and iPods) on desktop. 93 | ShowRemovableMediaOnDesktop = true; 94 | # Whether to show connected servers on desktop. 95 | ShowMountedServersOnDesktop = true; 96 | 97 | # Whether to show the full POSIX filepath in the window title. 98 | _FXShowPosixPathInTitle = true; 99 | 100 | # Whether to show warnings when change the file extension of files. 101 | FXEnableExtensionChangeWarning = true; 102 | }; 103 | 104 | loginwindow = { 105 | # Disable the guest user account. 106 | GuestEnabled = false; 107 | }; 108 | 109 | smb = { 110 | NetBIOSName = hostname; 111 | ServerDescription = hostname; 112 | }; 113 | }; 114 | 115 | # Used for backwards compatibility, please read the changelog before changing. 116 | # $ darwin-rebuild changelog 117 | system.stateVersion = 6; 118 | } 119 | -------------------------------------------------------------------------------- /hosts/linux/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | inputs, 5 | ... 6 | }: { 7 | imports = [ 8 | ./disable-sleep-on-ssh.nix 9 | ]; 10 | 11 | nixpkgs.config = { 12 | allowUnfree = true; 13 | nvidia.acceptLicense = true; 14 | }; 15 | 16 | networking = { 17 | networkmanager = { 18 | enable = true; 19 | }; 20 | 21 | nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"]; 22 | 23 | firewall = { 24 | allowedTCPPorts = [ 25 | 8585 # running machine-api locally 26 | ]; 27 | allowedUDPPorts = [ 28 | 5353 # mDNS allow for machine-api 29 | ]; 30 | }; 31 | }; 32 | 33 | users.groups.plugdev = {}; 34 | users.users.jessfraz = { 35 | isNormalUser = true; 36 | extraGroups = ["audio" "docker" "networkmanager" "wheel" "libvirtd" "plugdev" "onepassword-cli" "onepassword"]; 37 | }; 38 | 39 | boot = { 40 | # Bootloader. 41 | loader = { 42 | efi.canTouchEfiVariables = true; 43 | }; 44 | }; 45 | 46 | # Set your time zone. 47 | time = { 48 | timeZone = "America/Los_Angeles"; 49 | }; 50 | 51 | # Select internationalisation properties. 52 | i18n = { 53 | defaultLocale = "en_US.UTF-8"; 54 | 55 | extraLocaleSettings = { 56 | LC_ADDRESS = "en_US.UTF-8"; 57 | LC_IDENTIFICATION = "en_US.UTF-8"; 58 | LC_MEASUREMENT = "en_US.UTF-8"; 59 | LC_MONETARY = "en_US.UTF-8"; 60 | LC_NAME = "en_US.UTF-8"; 61 | LC_NUMERIC = "en_US.UTF-8"; 62 | LC_PAPER = "en_US.UTF-8"; 63 | LC_TELEPHONE = "en_US.UTF-8"; 64 | LC_TIME = "en_US.UTF-8"; 65 | }; 66 | }; 67 | 68 | fonts = { 69 | packages = with pkgs; [ 70 | noto-fonts 71 | noto-fonts-cjk-sans 72 | noto-fonts-emoji 73 | font-awesome 74 | source-han-sans 75 | source-han-sans-japanese 76 | source-han-serif-japanese 77 | ]; 78 | fontconfig.defaultFonts = { 79 | serif = ["Noto Serif" "Source Han Serif"]; 80 | sansSerif = ["Noto Sans" "Source Han Sans"]; 81 | }; 82 | }; 83 | 84 | nix.gc = { 85 | automatic = true; 86 | dates = "weekly"; 87 | options = "--delete-older-than 1w"; 88 | }; 89 | 90 | environment = { 91 | systemPackages = with pkgs; [ 92 | # Auth with 1Password 93 | polkit_gnome 94 | ]; 95 | }; 96 | 97 | programs = { 98 | _1password-gui = { 99 | enable = true; 100 | 101 | polkitPolicyOwners = ["jessfraz"]; 102 | package = pkgs._1password-gui; 103 | }; 104 | 105 | # 1Password CLI 106 | _1password = { 107 | enable = true; 108 | 109 | package = pkgs._1password-cli; 110 | }; 111 | 112 | chromium = { 113 | enable = true; 114 | }; 115 | }; 116 | 117 | services = { 118 | tailscale = { 119 | enable = true; 120 | 121 | extraUpFlags = ["--ssh"]; 122 | }; 123 | 124 | openssh = { 125 | enable = true; 126 | settings = { 127 | PasswordAuthentication = false; 128 | KbdInteractiveAuthentication = false; 129 | }; 130 | }; 131 | }; 132 | } 133 | -------------------------------------------------------------------------------- /hosts/linux/desktops/minimal-gnome.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | # Enable the X11 windowing system. 7 | services = { 8 | xserver = { 9 | enable = true; 10 | 11 | videoDrivers = ["nvidia"]; 12 | 13 | # Enable the GNOME Desktop Environment. 14 | displayManager = { 15 | gdm = { 16 | enable = true; 17 | }; 18 | }; 19 | desktopManager = { 20 | gnome = { 21 | enable = true; 22 | }; 23 | xterm = { 24 | enable = false; 25 | }; 26 | }; 27 | 28 | # Configure keymap in X11 29 | xkb = { 30 | layout = "us"; 31 | variant = ""; 32 | }; 33 | 34 | excludePackages = [pkgs.xterm]; 35 | 36 | # Enable touchpad support (enabled default in most desktopManager). 37 | # libinput.enable = true; 38 | }; 39 | 40 | printing = { 41 | # Enable CUPS to print documents. 42 | enable = false; 43 | }; 44 | 45 | # Enable sound with pipewire. 46 | pulseaudio = { 47 | enable = false; 48 | }; 49 | pipewire = { 50 | enable = true; 51 | alsa.enable = true; 52 | alsa.support32Bit = true; 53 | pulse.enable = true; 54 | # If you want to use JACK applications, uncomment this 55 | #jack.enable = true; 56 | 57 | # use the example session manager (no others are packaged yet so this is enabled by default, 58 | # no need to redefine it in your config for now) 59 | #media-session.enable = true; 60 | }; 61 | }; 62 | 63 | # Remove stupid gnome packages. 64 | environment = { 65 | gnome.excludePackages = with pkgs; [ 66 | baobab # disk usage analyzer 67 | cheese # photo booth 68 | eog # image viewer 69 | epiphany # web browser 70 | gedit # text editor 71 | simple-scan # document scanner 72 | totem # video player 73 | yelp # help viewer 74 | evince # document viewer 75 | file-roller # archive manager 76 | geary # email client 77 | seahorse # password manager 78 | 79 | # these should be self explanatory 80 | gnome-calculator 81 | gnome-calendar 82 | gnome-characters 83 | gnome-clocks 84 | gnome-connections 85 | gnome-contacts 86 | gnome-font-viewer 87 | gnome-logs 88 | gnome-maps 89 | gnome-music 90 | gnome-photos 91 | gnome-screenshot 92 | gnome-system-monitor 93 | gnome-tour 94 | gnome-weather 95 | gnome-disk-utility 96 | ]; 97 | }; 98 | } 99 | -------------------------------------------------------------------------------- /hosts/linux/disable-sleep-on-ssh.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | systemd.sleep.extraConfig = '' 3 | AllowSuspend=no 4 | AllowHibernation=no 5 | AllowHybridSleep=no 6 | AllowSuspendThenHibernate=no 7 | ''; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/linux/system76/configuration.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | imports = [ 7 | # Include the results of the hardware scan. 8 | ./hardware-configuration.nix 9 | 10 | # Desktop configurations. 11 | ../desktops/minimal-gnome.nix 12 | ]; 13 | 14 | boot = { 15 | kernelPackages = pkgs.linuxPackages; 16 | initrd.kernelModules = ["nvidia"]; 17 | kernelParams = ["nvidia-drm.fbdev=1"]; 18 | extraModprobeConfig = '' 19 | options nvidia_uvm uvm_disable_hmm=1 20 | ''; 21 | #blacklistedKernelModules = ["i915"]; 22 | loader.systemd-boot.enable = true; 23 | }; 24 | 25 | networking = { 26 | hostName = "system76"; 27 | }; 28 | 29 | # Load nvidia driver for Xorg and Wayland 30 | services.xserver.videoDrivers = ["nvidia"]; 31 | 32 | environment.sessionVariables = { 33 | LIBVA_DRIVER_NAME = "nvidia"; 34 | GBM_BACKEND = "nvidia-drm"; 35 | NVD_BACKEND = "direct"; 36 | __GLX_VENDOR_LIBRARY_NAME = "nvidia"; 37 | VK_DRIVER_FILES = "/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json"; 38 | }; 39 | 40 | # Enable graphics 41 | hardware = { 42 | system76 = { 43 | enableAll = true; 44 | }; 45 | graphics = { 46 | enable = true; 47 | enable32Bit = true; 48 | extraPackages = [ 49 | # pkgs.intel-media-driver 50 | pkgs.nvidia-vaapi-driver 51 | ]; 52 | }; 53 | 54 | nvidia-container-toolkit = { 55 | enable = false; 56 | }; 57 | 58 | nvidia = { 59 | # Modesetting is required. 60 | modesetting.enable = true; 61 | 62 | # Nvidia power management. Experimental, and can cause sleep/suspend to fail. 63 | powerManagement.enable = true; 64 | 65 | # Fine-grained power management. Turns off GPU when not in use. 66 | # Experimental and only works on modern Nvidia GPUs (Turing or newer). 67 | powerManagement.finegrained = true; 68 | 69 | # open source driver, it doesn't suck? 70 | open = true; 71 | 72 | # forceFullCompositionPipeline = true; 73 | 74 | # Enable the Nvidia settings menu, 75 | # accessible via `nvidia-settings`. 76 | #nvidiaSettings = true; 77 | package = config.boot.kernelPackages.nvidiaPackages.beta; 78 | # package = config.boot.kernelPackages.nvidiaPackages.mkDriver { 79 | # version = "535.171.04"; 80 | # sha256_64bit = "sha256-6PFkO0vJXYrNZaRHB4SpfazkZC8UkjZGYSDbKqlCQ3o="; 81 | # settingsSha256 = "sha256-/+op7FyDk6JH+Oau3dGtawCUtoDdOnfxEXBgYVfufTA="; 82 | # persistencedSha256 = "sha256-P90qWA1yObhQQl3sKTWw+uUq7S9ZZcCzKnx/jHbfclo="; 83 | # }; 84 | 85 | # package = let 86 | # rcu_patch = pkgs.fetchpatch { 87 | # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; 88 | # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; 89 | # }; 90 | # in config.boot.kernelPackages.nvidiaPackages.mkDriver { 91 | # version = "550.40.07"; 92 | # sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0="; 93 | # sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4="; 94 | # openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I="; 95 | # settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs="; 96 | # persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870="; 97 | # patches = [ rcu_patch ]; 98 | # }; 99 | 100 | prime = { 101 | # offload = { 102 | # enable = false; 103 | # enableOffloadCmd = false; 104 | # }; 105 | 106 | reverseSync = { 107 | enable = true; 108 | }; 109 | intelBusId = "PCI:0:2:0"; 110 | nvidiaBusId = "PCI:1:0:0"; 111 | }; 112 | }; 113 | }; 114 | 115 | security = { 116 | rtkit = { 117 | enable = true; 118 | }; 119 | }; 120 | 121 | # This value determines the NixOS release from which the default 122 | # settings for stateful data, like file locations and database versions 123 | # on your system were taken. It‘s perfectly fine and recommended to leave 124 | # this value at the release version of the first install of this system. 125 | # Before changing this value read the documentation for this option 126 | # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 127 | system.stateVersion = "24.11"; # Did you read the comment? 128 | } 129 | -------------------------------------------------------------------------------- /hosts/linux/system76/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { 5 | config, 6 | lib, 7 | pkgs, 8 | modulesPath, 9 | ... 10 | }: { 11 | imports = [ 12 | (modulesPath + "/installer/scan/not-detected.nix") 13 | ]; 14 | 15 | boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "sdhci_pci"]; 16 | boot.initrd.kernelModules = []; 17 | boot.kernelModules = ["kvm-intel"]; 18 | boot.extraModulePackages = []; 19 | 20 | fileSystems."/" = { 21 | device = "/dev/disk/by-uuid/3807d0c9-acdb-4778-a011-6f20cd766643"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | boot.initrd.luks.devices."luks-141c4d58-4b26-40d1-b9d9-04b1bf42c32a".device = "/dev/disk/by-uuid/141c4d58-4b26-40d1-b9d9-04b1bf42c32a"; 26 | 27 | fileSystems."/boot" = { 28 | device = "/dev/disk/by-uuid/6B13-6807"; 29 | fsType = "vfat"; 30 | options = ["fmask=0077" "dmask=0077"]; 31 | }; 32 | 33 | swapDevices = []; 34 | 35 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 36 | # (the default) this is the recommended approach. When using systemd-networkd it's 37 | # still possible to use this option, but it's recommended to use it in conjunction 38 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 39 | networking.useDHCP = lib.mkDefault true; 40 | # networking.interfaces.eno0.useDHCP = lib.mkDefault true; 41 | # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; 42 | 43 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 44 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 45 | } 46 | --------------------------------------------------------------------------------