├── .github └── workflows │ └── update_inputs.yaml ├── .gitignore ├── devShells └── default.nix ├── flake.lock ├── flake.nix ├── home ├── default.nix └── modules │ ├── bash.nix │ ├── chromium.nix │ ├── cli.nix │ ├── default.nix │ ├── direnv.nix │ ├── emacs │ ├── default.nix │ └── init.el │ ├── email.nix │ ├── firefox.nix │ ├── git.nix │ ├── gui.nix │ └── vscodium.nix ├── hosts ├── capivaras │ ├── default.nix │ ├── forgejo.nix │ ├── hardware-configuration.nix │ └── networking.nix ├── davila │ ├── default.nix │ └── hardware-configuration.nix ├── default.nix ├── magnus │ ├── default.nix │ └── hardware-configuration.nix └── node │ ├── default.nix │ └── hardware-configuration.nix ├── modules ├── apprise.nix ├── common │ ├── autoUpgrade.nix │ ├── nix.nix │ ├── openssh.nix │ └── user.nix └── default.nix ├── overlays └── default.nix ├── pkgs └── default.nix ├── secrets ├── appriseconfig.age ├── secrets.nix └── services │ └── forgejo │ ├── mailer.age │ └── runner-token.age └── templates ├── default.nix ├── devenv └── flake.nix ├── dotnet ├── .editorconfig ├── .gitignore ├── Directory.Build.props └── flake.nix ├── go ├── .gitignore └── flake.nix └── vm ├── configuration.nix └── flake.nix /.github/workflows/update_inputs.yaml: -------------------------------------------------------------------------------- 1 | name: Update Nix Flake 2 | 3 | run-name: "Update Nix Flake" 4 | 5 | on: 6 | workflow_dispatch: 7 | schedule: 8 | # run every thursday 9 | - cron: '0 0 * * 4' 10 | 11 | jobs: 12 | update: 13 | runs-on: ubuntu-latest 14 | 15 | permissions: 16 | # Give the default GITHUB_TOKEN write permission to commit and push the 17 | # added or changed files to the repository. 18 | contents: write 19 | 20 | steps: 21 | - uses: actions/checkout@v4 22 | with: 23 | ref: ${{ github.head_ref }} 24 | token: ${{ secrets.GITHUB_TOKEN }} 25 | - name: Install Nix 26 | uses: DeterminateSystems/nix-installer-action@main 27 | - name: Run nix flake update 28 | run: nix flake update 29 | - uses: stefanzweifel/git-auto-commit-action@v5 30 | with: 31 | commit_message: "chore: nix flake update" 32 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .idea 3 | *.log 4 | tmp/ 5 | result 6 | -------------------------------------------------------------------------------- /devShells/default.nix: -------------------------------------------------------------------------------- 1 | { inputs }: 2 | 3 | let 4 | 5 | inherit (inputs) 6 | nixpkgs 7 | stable 8 | devenv; 9 | 10 | # System types to support. 11 | supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ]; 12 | 13 | # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. 14 | forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 15 | 16 | # Nixpkgs instantiated for supported system types. 17 | nixpkgsFor = nixpkgs: forAllSystems (system: import nixpkgs { 18 | inherit system; 19 | config.allowUnfree = true; 20 | }); 21 | in 22 | forAllSystems (system: 23 | let 24 | pkgs = (nixpkgsFor stable)."${system}"; 25 | in 26 | { 27 | java = devenv.lib.mkShell { 28 | inherit inputs pkgs; 29 | modules = [ 30 | ({ pkgs, lib, ... }: { 31 | languages = { 32 | java.enable = true; 33 | java.jdk.package = pkgs.jdk17_headless; 34 | java.maven.enable = true; 35 | }; 36 | }) 37 | ]; 38 | }; 39 | 40 | web = devenv.lib.mkShell { 41 | inherit inputs pkgs; 42 | modules = [ 43 | ({ pkgs, lib, ... }: { 44 | packages = [ pkgs.graphite-cli ]; 45 | languages = { 46 | javascript.enable = true; 47 | javascript.package = pkgs.nodejs_22; 48 | javascript.yarn.enable = true; 49 | }; 50 | }) 51 | ]; 52 | }; 53 | }) 54 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "agenix": { 4 | "inputs": { 5 | "darwin": "darwin", 6 | "home-manager": "home-manager", 7 | "nixpkgs": [ 8 | "nixpkgs" 9 | ], 10 | "systems": "systems" 11 | }, 12 | "locked": { 13 | "lastModified": 1747575206, 14 | "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", 15 | "owner": "ryantm", 16 | "repo": "agenix", 17 | "rev": "4835b1dc898959d8547a871ef484930675cb47f1", 18 | "type": "github" 19 | }, 20 | "original": { 21 | "owner": "ryantm", 22 | "repo": "agenix", 23 | "type": "github" 24 | } 25 | }, 26 | "cachix": { 27 | "inputs": { 28 | "devenv": [ 29 | "devenv" 30 | ], 31 | "flake-compat": [ 32 | "devenv" 33 | ], 34 | "git-hooks": [ 35 | "devenv" 36 | ], 37 | "nixpkgs": "nixpkgs" 38 | }, 39 | "locked": { 40 | "lastModified": 1744206633, 41 | "narHash": "sha256-pb5aYkE8FOoa4n123slgHiOf1UbNSnKe5pEZC+xXD5g=", 42 | "owner": "cachix", 43 | "repo": "cachix", 44 | "rev": "8a60090640b96f9df95d1ab99e5763a586be1404", 45 | "type": "github" 46 | }, 47 | "original": { 48 | "owner": "cachix", 49 | "ref": "latest", 50 | "repo": "cachix", 51 | "type": "github" 52 | } 53 | }, 54 | "darwin": { 55 | "inputs": { 56 | "nixpkgs": [ 57 | "agenix", 58 | "nixpkgs" 59 | ] 60 | }, 61 | "locked": { 62 | "lastModified": 1744478979, 63 | "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 64 | "owner": "lnl7", 65 | "repo": "nix-darwin", 66 | "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 67 | "type": "github" 68 | }, 69 | "original": { 70 | "owner": "lnl7", 71 | "ref": "master", 72 | "repo": "nix-darwin", 73 | "type": "github" 74 | } 75 | }, 76 | "devenv": { 77 | "inputs": { 78 | "cachix": "cachix", 79 | "flake-compat": "flake-compat", 80 | "git-hooks": "git-hooks", 81 | "nix": "nix", 82 | "nixpkgs": [ 83 | "stable" 84 | ] 85 | }, 86 | "locked": { 87 | "lastModified": 1748361913, 88 | "narHash": "sha256-G9owTVKaNAmahDwYb/c54rbLTCUZpowhIJ07IvwFrFg=", 89 | "owner": "cachix", 90 | "repo": "devenv", 91 | "rev": "b510085f1ca92779782d1e3de631b2292a30edb2", 92 | "type": "github" 93 | }, 94 | "original": { 95 | "owner": "cachix", 96 | "repo": "devenv", 97 | "type": "github" 98 | } 99 | }, 100 | "extra-container": { 101 | "inputs": { 102 | "flake-utils": [ 103 | "nixBitcoin", 104 | "flake-utils" 105 | ], 106 | "nixpkgs": [ 107 | "nixBitcoin", 108 | "nixpkgs" 109 | ] 110 | }, 111 | "locked": { 112 | "lastModified": 1734005403, 113 | "narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=", 114 | "owner": "erikarvstedt", 115 | "repo": "extra-container", 116 | "rev": "f4de6c329b306a9d3a9798a30e060c166f781baa", 117 | "type": "github" 118 | }, 119 | "original": { 120 | "owner": "erikarvstedt", 121 | "ref": "0.13", 122 | "repo": "extra-container", 123 | "type": "github" 124 | } 125 | }, 126 | "flake-compat": { 127 | "flake": false, 128 | "locked": { 129 | "lastModified": 1733328505, 130 | "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", 131 | "owner": "edolstra", 132 | "repo": "flake-compat", 133 | "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", 134 | "type": "github" 135 | }, 136 | "original": { 137 | "owner": "edolstra", 138 | "repo": "flake-compat", 139 | "type": "github" 140 | } 141 | }, 142 | "flake-parts": { 143 | "inputs": { 144 | "nixpkgs-lib": [ 145 | "devenv", 146 | "nix", 147 | "nixpkgs" 148 | ] 149 | }, 150 | "locked": { 151 | "lastModified": 1712014858, 152 | "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", 153 | "owner": "hercules-ci", 154 | "repo": "flake-parts", 155 | "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", 156 | "type": "github" 157 | }, 158 | "original": { 159 | "owner": "hercules-ci", 160 | "repo": "flake-parts", 161 | "type": "github" 162 | } 163 | }, 164 | "flake-parts_2": { 165 | "inputs": { 166 | "nixpkgs-lib": [ 167 | "nur", 168 | "nixpkgs" 169 | ] 170 | }, 171 | "locked": { 172 | "lastModified": 1733312601, 173 | "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", 174 | "owner": "hercules-ci", 175 | "repo": "flake-parts", 176 | "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", 177 | "type": "github" 178 | }, 179 | "original": { 180 | "owner": "hercules-ci", 181 | "repo": "flake-parts", 182 | "type": "github" 183 | } 184 | }, 185 | "flake-utils": { 186 | "inputs": { 187 | "systems": "systems_2" 188 | }, 189 | "locked": { 190 | "lastModified": 1731533236, 191 | "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 192 | "owner": "numtide", 193 | "repo": "flake-utils", 194 | "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 195 | "type": "github" 196 | }, 197 | "original": { 198 | "owner": "numtide", 199 | "repo": "flake-utils", 200 | "type": "github" 201 | } 202 | }, 203 | "git-hooks": { 204 | "inputs": { 205 | "flake-compat": [ 206 | "devenv" 207 | ], 208 | "gitignore": "gitignore", 209 | "nixpkgs": [ 210 | "devenv", 211 | "nixpkgs" 212 | ] 213 | }, 214 | "locked": { 215 | "lastModified": 1746537231, 216 | "narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", 217 | "owner": "cachix", 218 | "repo": "git-hooks.nix", 219 | "rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", 220 | "type": "github" 221 | }, 222 | "original": { 223 | "owner": "cachix", 224 | "repo": "git-hooks.nix", 225 | "type": "github" 226 | } 227 | }, 228 | "gitignore": { 229 | "inputs": { 230 | "nixpkgs": [ 231 | "devenv", 232 | "git-hooks", 233 | "nixpkgs" 234 | ] 235 | }, 236 | "locked": { 237 | "lastModified": 1709087332, 238 | "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 239 | "owner": "hercules-ci", 240 | "repo": "gitignore.nix", 241 | "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 242 | "type": "github" 243 | }, 244 | "original": { 245 | "owner": "hercules-ci", 246 | "repo": "gitignore.nix", 247 | "type": "github" 248 | } 249 | }, 250 | "hardware": { 251 | "locked": { 252 | "lastModified": 1747900541, 253 | "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", 254 | "owner": "nixos", 255 | "repo": "nixos-hardware", 256 | "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", 257 | "type": "github" 258 | }, 259 | "original": { 260 | "owner": "nixos", 261 | "repo": "nixos-hardware", 262 | "type": "github" 263 | } 264 | }, 265 | "home-manager": { 266 | "inputs": { 267 | "nixpkgs": [ 268 | "agenix", 269 | "nixpkgs" 270 | ] 271 | }, 272 | "locked": { 273 | "lastModified": 1745494811, 274 | "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", 275 | "owner": "nix-community", 276 | "repo": "home-manager", 277 | "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", 278 | "type": "github" 279 | }, 280 | "original": { 281 | "owner": "nix-community", 282 | "repo": "home-manager", 283 | "type": "github" 284 | } 285 | }, 286 | "homeManager": { 287 | "inputs": { 288 | "nixpkgs": [ 289 | "nixpkgs" 290 | ] 291 | }, 292 | "locked": { 293 | "lastModified": 1748529677, 294 | "narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=", 295 | "owner": "nix-community", 296 | "repo": "home-manager", 297 | "rev": "da282034f4d30e787b8a10722431e8b650a907ef", 298 | "type": "github" 299 | }, 300 | "original": { 301 | "owner": "nix-community", 302 | "repo": "home-manager", 303 | "type": "github" 304 | } 305 | }, 306 | "libgit2": { 307 | "flake": false, 308 | "locked": { 309 | "lastModified": 1697646580, 310 | "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", 311 | "owner": "libgit2", 312 | "repo": "libgit2", 313 | "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", 314 | "type": "github" 315 | }, 316 | "original": { 317 | "owner": "libgit2", 318 | "repo": "libgit2", 319 | "type": "github" 320 | } 321 | }, 322 | "nix": { 323 | "inputs": { 324 | "flake-compat": [ 325 | "devenv" 326 | ], 327 | "flake-parts": "flake-parts", 328 | "libgit2": "libgit2", 329 | "nixpkgs": "nixpkgs_2", 330 | "nixpkgs-23-11": [ 331 | "devenv" 332 | ], 333 | "nixpkgs-regression": [ 334 | "devenv" 335 | ], 336 | "pre-commit-hooks": [ 337 | "devenv" 338 | ] 339 | }, 340 | "locked": { 341 | "lastModified": 1745930071, 342 | "narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=", 343 | "owner": "domenkozar", 344 | "repo": "nix", 345 | "rev": "b455edf3505f1bf0172b39a735caef94687d0d9c", 346 | "type": "github" 347 | }, 348 | "original": { 349 | "owner": "domenkozar", 350 | "ref": "devenv-2.24", 351 | "repo": "nix", 352 | "type": "github" 353 | } 354 | }, 355 | "nixBitcoin": { 356 | "inputs": { 357 | "extra-container": "extra-container", 358 | "flake-utils": "flake-utils", 359 | "nixpkgs": "nixpkgs_3", 360 | "nixpkgs-unstable": "nixpkgs-unstable" 361 | }, 362 | "locked": { 363 | "lastModified": 1748187031, 364 | "narHash": "sha256-F4zdOfeg0xjEnvFjlHvoMmdmh/FxK1qIsZyscnGDgA0=", 365 | "owner": "fort-nix", 366 | "repo": "nix-bitcoin", 367 | "rev": "a06d1d8118865af14a9187e7d1a7a141dd89af74", 368 | "type": "github" 369 | }, 370 | "original": { 371 | "owner": "fort-nix", 372 | "repo": "nix-bitcoin", 373 | "type": "github" 374 | } 375 | }, 376 | "nixpkgs": { 377 | "locked": { 378 | "lastModified": 1733212471, 379 | "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", 380 | "owner": "NixOS", 381 | "repo": "nixpkgs", 382 | "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", 383 | "type": "github" 384 | }, 385 | "original": { 386 | "owner": "NixOS", 387 | "ref": "nixos-unstable", 388 | "repo": "nixpkgs", 389 | "type": "github" 390 | } 391 | }, 392 | "nixpkgs-unstable": { 393 | "locked": { 394 | "lastModified": 1747958103, 395 | "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", 396 | "owner": "NixOS", 397 | "repo": "nixpkgs", 398 | "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1", 399 | "type": "github" 400 | }, 401 | "original": { 402 | "owner": "NixOS", 403 | "ref": "nixpkgs-unstable", 404 | "repo": "nixpkgs", 405 | "type": "github" 406 | } 407 | }, 408 | "nixpkgs_2": { 409 | "locked": { 410 | "lastModified": 1717432640, 411 | "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", 412 | "owner": "NixOS", 413 | "repo": "nixpkgs", 414 | "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", 415 | "type": "github" 416 | }, 417 | "original": { 418 | "owner": "NixOS", 419 | "ref": "release-24.05", 420 | "repo": "nixpkgs", 421 | "type": "github" 422 | } 423 | }, 424 | "nixpkgs_3": { 425 | "locked": { 426 | "lastModified": 1748037224, 427 | "narHash": "sha256-92vihpZr6dwEMV6g98M5kHZIttrWahb9iRPBm1atcPk=", 428 | "owner": "NixOS", 429 | "repo": "nixpkgs", 430 | "rev": "f09dede81861f3a83f7f06641ead34f02f37597f", 431 | "type": "github" 432 | }, 433 | "original": { 434 | "owner": "NixOS", 435 | "ref": "nixos-24.11", 436 | "repo": "nixpkgs", 437 | "type": "github" 438 | } 439 | }, 440 | "nixpkgs_4": { 441 | "locked": { 442 | "lastModified": 1748370509, 443 | "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", 444 | "owner": "nixos", 445 | "repo": "nixpkgs", 446 | "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", 447 | "type": "github" 448 | }, 449 | "original": { 450 | "owner": "nixos", 451 | "ref": "nixos-unstable", 452 | "repo": "nixpkgs", 453 | "type": "github" 454 | } 455 | }, 456 | "nixpkgs_5": { 457 | "locked": { 458 | "lastModified": 1748370509, 459 | "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", 460 | "owner": "nixos", 461 | "repo": "nixpkgs", 462 | "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", 463 | "type": "github" 464 | }, 465 | "original": { 466 | "owner": "nixos", 467 | "ref": "nixos-unstable", 468 | "repo": "nixpkgs", 469 | "type": "github" 470 | } 471 | }, 472 | "nur": { 473 | "inputs": { 474 | "flake-parts": "flake-parts_2", 475 | "nixpkgs": "nixpkgs_5", 476 | "treefmt-nix": "treefmt-nix" 477 | }, 478 | "locked": { 479 | "lastModified": 1748546897, 480 | "narHash": "sha256-QPNS/aBGSEi3B5dyiGNa8MJ6m0owpjE3+sAVrXihFTI=", 481 | "owner": "nix-community", 482 | "repo": "nur", 483 | "rev": "469458c163856f0499c2069802a06f3bcfa7d8e1", 484 | "type": "github" 485 | }, 486 | "original": { 487 | "owner": "nix-community", 488 | "repo": "nur", 489 | "type": "github" 490 | } 491 | }, 492 | "root": { 493 | "inputs": { 494 | "agenix": "agenix", 495 | "devenv": "devenv", 496 | "hardware": "hardware", 497 | "homeManager": "homeManager", 498 | "nixBitcoin": "nixBitcoin", 499 | "nixpkgs": "nixpkgs_4", 500 | "nur": "nur", 501 | "small": "small", 502 | "stable": "stable" 503 | } 504 | }, 505 | "small": { 506 | "locked": { 507 | "lastModified": 1748542759, 508 | "narHash": "sha256-Lkx8TmccNv4NZRACcwhK4etGlxjQzCSzLGvAEiXabXM=", 509 | "owner": "nixos", 510 | "repo": "nixpkgs", 511 | "rev": "7f8ad4ffb25cbd66a69326d442c1b5d9fcbb1945", 512 | "type": "github" 513 | }, 514 | "original": { 515 | "owner": "nixos", 516 | "ref": "nixos-unstable-small", 517 | "repo": "nixpkgs", 518 | "type": "github" 519 | } 520 | }, 521 | "stable": { 522 | "locked": { 523 | "lastModified": 1748302896, 524 | "narHash": "sha256-ixMT0a8mM091vSswlTORZj93WQAJsRNmEvqLL+qwTFM=", 525 | "owner": "nixos", 526 | "repo": "nixpkgs", 527 | "rev": "7848cd8c982f7740edf76ddb3b43d234cb80fc4d", 528 | "type": "github" 529 | }, 530 | "original": { 531 | "owner": "nixos", 532 | "ref": "nixos-25.05", 533 | "repo": "nixpkgs", 534 | "type": "github" 535 | } 536 | }, 537 | "systems": { 538 | "locked": { 539 | "lastModified": 1681028828, 540 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 541 | "owner": "nix-systems", 542 | "repo": "default", 543 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 544 | "type": "github" 545 | }, 546 | "original": { 547 | "owner": "nix-systems", 548 | "repo": "default", 549 | "type": "github" 550 | } 551 | }, 552 | "systems_2": { 553 | "locked": { 554 | "lastModified": 1681028828, 555 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 556 | "owner": "nix-systems", 557 | "repo": "default", 558 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 559 | "type": "github" 560 | }, 561 | "original": { 562 | "owner": "nix-systems", 563 | "repo": "default", 564 | "type": "github" 565 | } 566 | }, 567 | "treefmt-nix": { 568 | "inputs": { 569 | "nixpkgs": [ 570 | "nur", 571 | "nixpkgs" 572 | ] 573 | }, 574 | "locked": { 575 | "lastModified": 1733222881, 576 | "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", 577 | "owner": "numtide", 578 | "repo": "treefmt-nix", 579 | "rev": "49717b5af6f80172275d47a418c9719a31a78b53", 580 | "type": "github" 581 | }, 582 | "original": { 583 | "owner": "numtide", 584 | "repo": "treefmt-nix", 585 | "type": "github" 586 | } 587 | } 588 | }, 589 | "root": "root", 590 | "version": 7 591 | } 592 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "My Nix configuration"; 3 | 4 | inputs = { 5 | nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 6 | small.url = "github:nixos/nixpkgs/nixos-unstable-small"; 7 | stable.url = "github:nixos/nixpkgs/nixos-25.05"; 8 | 9 | devenv = { 10 | url = "github:cachix/devenv"; 11 | inputs.nixpkgs.follows = "stable"; 12 | }; 13 | 14 | homeManager = { 15 | url = "github:nix-community/home-manager"; 16 | inputs.nixpkgs.follows = "nixpkgs"; 17 | }; 18 | 19 | agenix = { 20 | url = "github:ryantm/agenix"; 21 | inputs.nixpkgs.follows = "nixpkgs"; 22 | }; 23 | 24 | nixBitcoin.url = "github:fort-nix/nix-bitcoin"; 25 | 26 | hardware.url = "github:nixos/nixos-hardware"; 27 | nur.url = "github:nix-community/nur"; 28 | }; 29 | 30 | outputs = { self, ... }@inputs: 31 | let 32 | inherit (self) outputs; 33 | forAllSystems = inputs.nixpkgs.lib.genAttrs [ 34 | "aarch64-linux" 35 | "x86_64-linux" 36 | "aarch64-darwin" 37 | "x86_64-darwin" 38 | ]; 39 | in 40 | { 41 | packages = forAllSystems 42 | (system: 43 | let pkgs = import inputs.nixpkgs { inherit system; }; 44 | in import ./pkgs { inherit pkgs; }); 45 | 46 | overlays = import ./overlays { inherit (inputs) nixpkgs small; }; 47 | homeConfigurations = import ./home { inherit inputs self; }; 48 | nixosConfigurations = import ./hosts { inherit inputs outputs; }; 49 | nixosModules = import ./modules; 50 | templates = import ./templates; 51 | devShells = import ./devShells { inherit inputs; }; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /home/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, self, ... }: 2 | 3 | { 4 | mini = inputs.homeManager.lib.homeManagerConfiguration { 5 | pkgs = import inputs.nixpkgs { 6 | system = "aarch64-darwin"; 7 | overlays = [ 8 | inputs.nur.overlays.default 9 | self.overlays.modifications 10 | ]; 11 | config = { 12 | allowUnfree = true; 13 | }; 14 | }; 15 | 16 | modules = [ 17 | ({ pkgs, ... }: { 18 | home = { 19 | username = "victor"; 20 | homeDirectory = "/Users/victor"; 21 | 22 | packages = [ pkgs.graphite-cli ]; 23 | stateVersion = "24.11"; 24 | }; 25 | 26 | programs.direnv.enableZshIntegration = true; 27 | }) 28 | 29 | ./modules/vscodium.nix 30 | ./modules/emacs 31 | ./modules/cli.nix 32 | ./modules/direnv.nix 33 | (import ./modules/git.nix { userName = "Victor Freire"; userEmail = "victor@theformfactory.co"; }) 34 | ]; 35 | }; 36 | 37 | victor = inputs.homeManager.lib.homeManagerConfiguration { 38 | pkgs = import inputs.nixpkgs { 39 | system = "x86_64-linux"; 40 | overlays = [ 41 | inputs.nur.overlays.default 42 | self.overlays.modifications 43 | ]; 44 | config = { 45 | allowUnfree = true; 46 | }; 47 | }; 48 | modules = [ 49 | inputs.agenix.homeManagerModules.age 50 | ] 51 | ++ [ 52 | ./modules 53 | ./modules/bash.nix 54 | ./modules/chromium.nix 55 | ./modules/cli.nix 56 | ./modules/direnv.nix 57 | ./modules/emacs 58 | # ./modules/email.nix 59 | # ./modules/firefox.nix 60 | (import ./modules/git.nix { userName = "Victor Freire"; userEmail = "victor@freire.dev.br"; }) 61 | ./modules/gui.nix 62 | ./modules/vscodium.nix 63 | ]; 64 | 65 | extraSpecialArgs = { 66 | inherit inputs; 67 | }; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /home/modules/bash.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.bash = { 3 | enable = true; 4 | historySize = 10000; 5 | shellOptions = [ 6 | # Append to history file rather than replacing it. 7 | "histappend" 8 | 9 | # check the window size after each command and, if 10 | # necessary, update the values of LINES and COLUMNS. 11 | "checkwinsize" 12 | 13 | # Extended globbing. 14 | "extglob" 15 | "globstar" 16 | 17 | # Warn if closing shell with running jobs. 18 | "checkjobs" 19 | ]; 20 | 21 | historyControl = [ 22 | "erasedups" 23 | "ignoredups" 24 | "ignorespace" 25 | ]; 26 | 27 | shellAliases = { 28 | ls = "ls --color=auto"; 29 | ll = "ls -l"; 30 | la = "ls -A"; 31 | lt = "ls --human-readable --size -1 -S --classify"; 32 | l = "ls -CF"; 33 | grep = "grep --color=auto"; 34 | ".." = "cd .."; 35 | mknote = ''echo -e "---\ntitle:\ndate: $(date -u -Iseconds)\n---" > $(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1).md''; 36 | }; 37 | 38 | bashrcExtra = 39 | '' 40 | # Source global definitions 41 | if [ -f /etc/bashrc ]; then 42 | . /etc/bashrc 43 | fi 44 | 45 | # User specific environment 46 | if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]; then 47 | PATH="$HOME/.local/bin:$HOME/bin:$PATH" 48 | fi 49 | export PATH 50 | 51 | # User specific aliases and functions 52 | if [ -d ~/.bashrc.d ]; then 53 | for rc in ~/.bashrc.d/*; do 54 | if [ -f "$rc" ]; then 55 | . "$rc" 56 | fi 57 | done 58 | fi 59 | unset rc 60 | 61 | # colored GCC warnings and errors 62 | export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' 63 | 64 | if ! shopt -oq posix; then 65 | if [ -f /usr/share/bash-completion/bash_completion ]; then 66 | . /usr/share/bash-completion/bash_completion 67 | elif [ -f /etc/bash_completion ]; then 68 | . /etc/bash_completion 69 | fi 70 | fi 71 | ''; 72 | 73 | profileExtra = '' 74 | # Get the aliases and functions 75 | if [ -f ~/.bashrc ]; then 76 | . ~/.bashrc 77 | fi 78 | 79 | # useful for showing icons on non-NixOS systems 80 | export XDG_DATA_DIRS=$HOME/.nix-profile/share:$XDG_DATA_DIRS 81 | 82 | [ -d "$HOME/.local/bin" ] && export PATH=$PATH:$HOME/.local/bin 83 | [ -d "$HOME/go/bin" ] && export PATH=$PATH:$HOME/go/bin 84 | ''; 85 | }; 86 | } 87 | -------------------------------------------------------------------------------- /home/modules/chromium.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | 3 | { 4 | programs.chromium = { 5 | enable = true; 6 | extensions = [ 7 | # ublock origin 8 | "cjpalhdlnbpafiamejdnhcphjbkeiagm" 9 | 10 | # bitwarden 11 | "nngceckbapebfimnlniiiahkandclblb" 12 | 13 | # privacy badger 14 | "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" 15 | ]; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /home/modules/cli.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | let 4 | inherit (pkgs) callPackage; 5 | in 6 | { 7 | programs = { 8 | aria2.enable = true; 9 | bat.enable = true; 10 | jq.enable = true; 11 | }; 12 | 13 | home.packages = with pkgs; [ 14 | aria2 15 | bat 16 | entr 17 | fd 18 | fzf 19 | gcc 20 | htop 21 | hut 22 | jq 23 | ncdu 24 | nixpkgs-fmt 25 | ripgrep 26 | wget 27 | 28 | # lsp 29 | nil 30 | ]; 31 | 32 | programs.fzf.enable = true; 33 | home.sessionVariables = { 34 | EDITOR = "emacs -nw"; 35 | FZF_DEFAULT_OPTS = ''--prompt \" λ \"''; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /home/modules/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, inputs, ... }: 2 | 3 | let 4 | inherit (inputs) nixpkgs; 5 | in 6 | { 7 | imports = [ ]; 8 | 9 | fonts.fontconfig.enable = true; 10 | 11 | age.identityPaths = [ 12 | "${config.home.homeDirectory}/.ssh/id_ed25519" 13 | ]; 14 | 15 | nix = { 16 | package = pkgs.nixVersions.latest; 17 | registry.nixpkgs.flake = nixpkgs; 18 | extraOptions = '' 19 | experimental-features = nix-command flakes 20 | ''; 21 | }; 22 | 23 | home = { 24 | username = "victor"; 25 | homeDirectory = "/home/victor"; 26 | stateVersion = "22.11"; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /home/modules/direnv.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | programs.direnv = { 5 | enable = true; 6 | nix-direnv.enable = true; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/modules/emacs/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, pkgs, ... }: 2 | 3 | let 4 | emacsConfig = pkgs.writeTextDir "config/init.el" '' 5 | (load "${./init.el}") 6 | ''; 7 | 8 | customEmacs = pkgs.emacs.override { 9 | withGTK3 = true; 10 | withTreeSitter = true; 11 | }; 12 | in 13 | { 14 | programs.emacs = { 15 | enable = true; 16 | package = customEmacs; 17 | extraPackages = epkgs: with epkgs; [ 18 | consult 19 | corfu 20 | corfu-terminal 21 | citeproc 22 | direnv 23 | editorconfig 24 | eglot 25 | eglot-fsharp 26 | forge 27 | fsharp-mode 28 | magit 29 | magit-todos 30 | marginalia 31 | nix-mode 32 | orderless 33 | sml-mode 34 | switch-window 35 | treemacs 36 | treemacs-projectile 37 | typescript-mode 38 | vertico 39 | which-key 40 | 41 | # org 42 | org-contrib 43 | org-drill 44 | org-super-agenda 45 | ox-hugo 46 | 47 | # treesitter 48 | treesit-grammars.with-all-grammars 49 | ]; 50 | }; 51 | 52 | # this is needed because `programs.emacs.extraConfig` is appended to 53 | # `default.nix`, so some things can't run there 54 | home.file.".emacs.d/init.el".source = ./init.el; 55 | } 56 | -------------------------------------------------------------------------------- /home/modules/emacs/init.el: -------------------------------------------------------------------------------- 1 | ;; -*- lexical-binding: t; -*- 2 | 3 | ;; disable impure packages 4 | (setq package-archives nil 5 | package-enable-at-startup nil) 6 | 7 | ;; eval use-package as fast as possible 8 | (eval-when-compile 9 | (require 'use-package)) 10 | 11 | ;; always ensure that use-package will download the needed packages 12 | (setq use-package-always-ensure nil) 13 | 14 | ;; ensure bind-key is available 15 | (use-package bind-key) 16 | 17 | (use-package emacs 18 | :init 19 | ;; xdg directories 20 | (setq user-emacs-config-directory (concat (getenv "HOME") "/.config/emacs") 21 | user-emacs-data-directory (concat (getenv "HOME") "/.local/share/emacs") 22 | user-emacs-cache-directory (concat (getenv "HOME") "/.cache/emacs")) 23 | 24 | ;; set font 25 | (set-face-attribute 'default nil :font "JetBrains Mono") 26 | 27 | ;; remove useless welcome screen 28 | (setq inhibit-startup-screen t 29 | inhibit-splash-screen t 30 | inhibit-startup-message t) 31 | 32 | ;; remove ring bell sound and activate visual bell 33 | (setq ring-bell-function 'ignore 34 | visible-bell t) 35 | 36 | ;; Use 80 columns to keep things readable with split windows. 37 | (setq whitespace-style '(trailing lines space-before-tab) 38 | whitespace-line-column 80 39 | default-fill-column 80) 40 | 41 | ;; Use utf-8 by default 42 | (prefer-coding-system 'utf-8) 43 | (set-default-coding-systems 'utf-8) 44 | (set-terminal-coding-system 'utf-8) 45 | (set-keyboard-coding-system 'utf-8) 46 | 47 | ;; Consider a period followed by a single space to be end of 48 | ;; sentence. 49 | (setq sentence-end-double-space nil) 50 | 51 | ;; Show stray whitespaces. 52 | (setq-default show-trailing-whitespace t 53 | indicate-empty-lines t) 54 | 55 | ;; Automatically add a new whiteline at the end of the file while saving 56 | (setq require-final-newline t) 57 | 58 | ;; Use ~y~ and ~n~ instead of long ~yes~ and ~no~ 59 | (defalias 'yes-or-no-p 'y-or-n-p) 60 | 61 | ;; remove scratch initial message 62 | (setq initial-scratch-message nil) 63 | 64 | ;; case-insensitive completion and search 65 | (setq case-fold-search t 66 | completion-ignore-case t 67 | read-file-name-completion-ignore-case t 68 | read-buffer-completion-ignore-case t) 69 | 70 | ;; backup and lock files 71 | ;; Instead of littering the current project's directory, we can use 72 | ;; the xdg variables we defined to improve things up. 73 | (let ((backup-dir (concat user-emacs-data-directory "/backup/"))) 74 | (unless (file-directory-p backup-dir) 75 | (mkdir backup-dir t)) 76 | 77 | (setq auto-save-file-name-transforms `((".*" ,backup-dir t)) 78 | backup-directory-alist `(("." . ,backup-dir)) 79 | create-lockfiles nil 80 | backup-by-copying t)) 81 | 82 | :config 83 | ;; ui 84 | (menu-bar-mode 0) 85 | (tool-bar-mode 0) 86 | (scroll-bar-mode 0) 87 | 88 | (column-number-mode) 89 | (display-time) 90 | 91 | ;; theme 92 | (load-theme 'modus-vivendi t) 93 | (setq modus-themes-region '(accented) 94 | modus-themes-org-blocks 'gray-background 95 | modus-themes-fringes 'subtle 96 | modus-themes-italic-constructs t 97 | modus-themes-bold-constructs t 98 | modus-themes-syntax '(green-strings) 99 | modus-themes-hl-line '(intense) 100 | modus-themes-paren-match '(intense) 101 | modus-themes-mode-line '(moody borderless) 102 | modus-themes-headings (quote ((1 . (overline variable-pitch 1.4)) 103 | (2 . (overline variable-pitch 1.25)) 104 | (3 . (overline 1.1)) 105 | (t . (monochrome))))) 106 | 107 | ;; smoother scrolling 108 | (pixel-scroll-precision-mode) 109 | 110 | :hook 111 | ((prog-mode . display-line-numbers-mode) 112 | (org-mode . display-line-numbers-mode) 113 | 114 | ;; colors in compilation-mode 115 | (compilation-filter . ansi-color-compilation-filter)) 116 | 117 | :mode 118 | (("\\.go\\'" . go-ts-mode) 119 | ("/go\\.mod\\'" . go-mod-ts-mode) 120 | ("\\.ya?ml$" . yaml-ts-mode) 121 | ("\\.rs$" . rust-ts-mode) 122 | ("\\.toml$" . toml-ts-mode))) 123 | 124 | (use-package windmove 125 | :bind 126 | (("C-c " . 'windmove-left) 127 | ("C-c " . 'windmove-right) 128 | ("C-c " . 'windmove-up) 129 | ("C-c " . 'windmove-down))) 130 | 131 | (use-package which-key 132 | :config 133 | (setq which-key-idle-delay 0.5) 134 | (which-key-mode)) 135 | 136 | (use-package corfu 137 | :init 138 | (setq tab-always-indent 'complete 139 | completion-cycle-threshold nil) 140 | 141 | :custom 142 | (corfu-auto t) 143 | (corfu-auto-prefix 2) 144 | (corfu-auto-delay 0.25) 145 | (corfu-popupinfo-delay corfu-auto-delay) 146 | (corfu-min-width 40) 147 | (corfu-max-width 80) 148 | (corfu-count 14) 149 | (corfu-scroll-margin 4) 150 | (corfu-cycle t) 151 | (corfu-quit-at-boundary nil) 152 | (corfu-preselect-first t) 153 | (corfu-popupinfo-mode) 154 | :hook 155 | '((prog-mode . corfu-mode) 156 | (shell-mode . corfu-mode) 157 | (eshell-mode . corfu-mode)) 158 | 159 | :config 160 | (use-package corfu-terminal :defer t) 161 | (unless (display-graphic-p) 162 | (corfu-terminal-mode +1)) 163 | (global-corfu-mode) 164 | (corfu-popupinfo-mode)) 165 | 166 | (use-package consult 167 | :hook ((completion-list-mode . consult-preview-at-point-mode)) 168 | :init 169 | (setq register-preview-delay 0.5 170 | register-preview-function #'consult-register-format) 171 | 172 | (advice-add #'register-preview :override #'consult-register-window) 173 | (advice-add #'project-find-regexp :override #'consult-ripgrep) 174 | (setq xref-show-xrefs-function #'consult-xref 175 | xref-show-definitions-function #'consult-xref) 176 | 177 | :bind 178 | (("C-s" . consult-line)) 179 | 180 | :config 181 | (consult-customize 182 | consult-theme :preview-key '(:debounce 0.2 any) 183 | consult-ripgrep consult-git-grep consult-grep 184 | consult-bookmark consult-recent-file consult-xref 185 | consult--source-bookmark consult--source-file-register 186 | consult--source-recent-file consult--source-project-recent-file 187 | ;; :preview-key (kbd "M-.") 188 | :preview-key '(:debounce 0.4 any)) 189 | 190 | (setq consult-narrow-key "<")) 191 | 192 | (use-package vertico 193 | :init 194 | (vertico-mode)) 195 | 196 | (use-package marginalia 197 | :defer t 198 | :bind 199 | (("M-A" . marginalia-cycle) 200 | :map minibuffer-local-map 201 | ("M-A" . marginalia-cycle)) 202 | 203 | :init 204 | (marginalia-mode)) 205 | 206 | (use-package magit 207 | :defer t 208 | :config 209 | (use-package forge :defer t) 210 | (use-package magit-todos 211 | :defer t 212 | :hook (magit-mode . magit-todos-mode)) 213 | 214 | ;; makes magit fullscreen and restore the windows when closing 215 | (setq magit-display-buffer-function 'magit-display-buffer-fullframe-status-topleft-v1 216 | magit-bury-buffer-function 'magit-restore-window-configuration)) 217 | 218 | (use-package orderless 219 | :custom 220 | (completion-styles '(orderless basic)) 221 | (completion-category-overrides '((file (styles basic partial-completion))))) 222 | 223 | (use-package eglot 224 | :hook ((go-ts-mode . eglot-ensure) 225 | (fsharp-mode . eglot-ensure) 226 | (rust-ts-mode . eglot-ensure) 227 | (typescript-mode . eglot-ensure) 228 | (nix-mode . eglot-ensure) 229 | (sml-mode . eglot-ensure) 230 | (eglot-managed-mode . (lambda () 231 | ;; Show flymake diagnostics first. 232 | (setq eldoc-documentation-functions 233 | (cons #'flymake-eldoc-function 234 | (remove #'flymake-eldoc-function eldoc-documentation-functions))) 235 | ;; Show all eldoc feedback. 236 | (setq eldoc-documentation-strategy #'eldoc-documentation-compose)))) 237 | :bind (:map eglot-mode-map 238 | ("C-c l a" . eglot-code-actions) 239 | ("C-c l r" . eglot-rename) 240 | ("C-c l h" . eldoc) 241 | ("C-c l f" . eglot-format) 242 | ("C-c l F" . eglot-format-buffer) 243 | ("C-c l d" . xref-find-definitions-at-mouse) 244 | ;; sometimes ionide acts up 245 | ("C-c l R" . eglot-reconnect)) 246 | :config 247 | (use-package eglot-fsharp :defer t) 248 | (use-package typescript-mode :defer t) 249 | (require 'eglot-fsharp) 250 | (add-to-list 'eglot-server-programs '((rust-ts-mode) "rust-analyzer")) 251 | (add-to-list 'eglot-server-programs '((sml-mode) "millet-ls")) 252 | (add-to-list 'eglot-server-programs 253 | '((javascript-mode typescript-ts-mode) "typescript-language-server" "--stdio")) 254 | (add-to-list 'eglot-server-programs '(nix-mode . ("nil"))) 255 | (add-to-list 'eglot-server-programs '((fsharp-mode) "fsautocomplete"))) 256 | 257 | (use-package org 258 | :ensure org-contrib 259 | :defines org-element-use-cache 260 | :config 261 | (use-package citeproc) 262 | (use-package ox-hugo :defer t) 263 | (use-package org-drill 264 | :defer t 265 | :config 266 | (setq org-drill-spaced-repetition-algorithm 'sm2)) 267 | 268 | (use-package org-super-agenda 269 | :after org-agenda 270 | :config (org-super-agenda-mode)) 271 | 272 | ;; add items to structure template list 273 | (add-to-list 'org-structure-template-alist '("d" . "description")) 274 | 275 | (setq org-directory "~/org" 276 | org-log-done 'time 277 | 278 | org-element-use-cache nil 279 | org-startup-indented t 280 | 281 | ;; use the language's major mode indentation 282 | org-src-tab-acts-natively t 283 | 284 | ;; configure reference file 285 | org-cite-global-bibliography (list (concat org-directory "/references.bib")) 286 | 287 | ;; configure cite export 288 | org-cite-export-processors '((latex biblatex) 289 | (moderncv basic) 290 | (md csl) 291 | (html csl) 292 | (t csl)) 293 | 294 | ;; set source block indentation to 0 295 | org-edit-src-content-indentation 0 296 | 297 | ;; todo keywords to cycle through 298 | org-todo-keywords '((sequence "TODO(t)" "NEXT(n)" "WAIT(w)" "IDEA(i)" "|" "DONE(d)")) 299 | 300 | ;; todo file used on org-capture for org-agenda 301 | +org-capture-todo-file (concat org-directory "/todo.org") 302 | 303 | ;; org-drill file used for SRS 304 | +org-capture-drill-file (concat org-directory "/drill.org") 305 | org-capture-templates `(("p" "Personal") 306 | ("pt" "Personal todo" entry 307 | (file+headline +org-capture-todo-file "Personal") 308 | "* TODO %? :personal:\n" :prepend t) 309 | ("pi" "Personal idea" entry 310 | (file+headline +org-capture-todo-file "Personal") 311 | "* IDEA %? \n" :prepend t) 312 | ("pn" "Personal note" entry 313 | (file+headline +org-capture-todo-file "Personal") 314 | "* TODO %? :personal:\n%i\n%a" :prepend t) 315 | ("w" "Work") 316 | ("wt" "Work todo" entry 317 | (file+headline +org-capture-todo-file "Work") 318 | "* TODO %? :work:\n%i\n" :prepend t) 319 | ("wn" "Work note" entry 320 | (file+headline +org-capture-todo-file "Work") 321 | "* TODO %? :work:\n%i\n%a" :prepend t) 322 | ("d" "Drill") 323 | ("dd" "Drill simple" entry 324 | (file +org-capture-drill-file) 325 | "* Item :drill:\n%?\n") 326 | ("dc" "Drill cloze 2" entry 327 | (file +org-capture-drill-file) 328 | ,(concat "* Item :drill:\n" 329 | ":PROPERTIES:\n" 330 | ":drill_card_type: hide2cloze\n\n" 331 | ":END:\n" 332 | "%?\n"))) 333 | 334 | ;; org-agenda 335 | org-agenda-files (list org-directory) 336 | org-agenda-skip-scheduled-if-done t 337 | org-agenda-skip-deadline-if-done t 338 | org-agenda-include-deadlines t 339 | org-agenda-block-separator nil 340 | org-agenda-tags-column 100 ;; from testing this seems to be a good value 341 | org-agenda-compact-blocks t 342 | org-agenda-custom-commands 343 | '(("o" "Overview" 344 | ((agenda "" ((org-agenda-span 'day) 345 | (org-super-agenda-groups 346 | '((:name "Today" 347 | :time-grid t 348 | :date today 349 | :todo "TODAY" 350 | :scheduled today 351 | :order 1))))) 352 | (alltodo "" ((org-agenda-overriding-header "") 353 | (org-super-agenda-groups 354 | '((:name "Important" :tag "Important" :priority "A" :order 6) 355 | (:name "Due Today" :deadline today :order 2) 356 | (:name "Due Soon" :deadline future :order 8) 357 | (:name "Overdue" :deadline past :face error :order 7) 358 | 359 | (:name "To read" :tag "read" :order 30) 360 | (:name "Waiting" :todo "WAIT" :order 20) 361 | (:name "Work" :tag "work" :order 32) 362 | (:name "Personal" :tag "personal" :order 14) 363 | (:name "Future Ideas" :todo "IDEA" :order 32))))))))) 364 | :hook 365 | ((org-capture-mode . org-align-all-tags)) 366 | 367 | :bind 368 | (("C-c c" . 'org-capture) 369 | ("C-c a" . 'org-agenda))) 370 | 371 | (use-package fsharp-mode :defer t) 372 | (use-package sml-mode 373 | :defer t 374 | :mode ("\\.\\(sml\\|sig\\)\\'" . sml-mode)) 375 | 376 | (use-package nix-mode 377 | :defer t 378 | :mode "\\.nix\\'" 379 | :config 380 | (setq nix-nixfmt-bin "nixpkgs-fmt")) 381 | 382 | (use-package direnv 383 | :config (direnv-mode) 384 | :custom (direnv-always-show-summary nil)) 385 | 386 | (use-package markdown 387 | :defer t 388 | :custom 389 | (markdown-fontify-code-block-natively t)) 390 | 391 | (use-package editorconfig 392 | :config 393 | (editorconfig-mode 1)) 394 | 395 | (use-package treemacs 396 | :defer t 397 | :config 398 | (use-package treemacs-projectile :defer t) 399 | (setq treemacs-no-png-images t) 400 | (treemacs-git-mode 'extended)) 401 | 402 | (use-package treesit 403 | :preface 404 | (dolist (mapping '((python-mode . python-ts-mode) 405 | (css-mode . css-ts-mode) 406 | (typescript-mode . tsx-ts-mode) 407 | (rust-mode . rust-ts-mode) 408 | (go-mode . go-ts-mode) 409 | (js-mode . js-ts-mode) 410 | (json-mode . json-ts-mode) 411 | (toml-mode . toml-ts-mode) 412 | (css-mode . css-ts-mode) 413 | (java-mode . java-ts-mode) 414 | (yaml-mode . yaml-ts-mode))) 415 | (add-to-list 'major-mode-remap-alist mapping))) 416 | 417 | (use-package switch-window 418 | :config 419 | (setq switch-window-shortcut-style 'qwerty) 420 | :bind (("C-x o" . switch-window))) 421 | 422 | (use-package proced 423 | :custom 424 | (proced-auto-update-flag t) 425 | (proced-auto-update-interval 3) 426 | (proced-enable-color-flag t) 427 | (proced-show-remote-processes t)) 428 | 429 | ;; my functions 430 | (defun my/slugify-hugo-heading () 431 | "Gets the current heading title, slugifies it and sets the 432 | `EXPORT_FILE_NAME` and `EXPORT_HUGO_SLUG` properties with its 433 | value." 434 | (interactive) 435 | (let* ((title (org-entry-get nil "ITEM")) 436 | (slug (org-hugo-slug title))) 437 | (org-entry-put nil "EXPORT_FILE_NAME" slug) 438 | (org-entry-put nil "EXPORT_HUGO_SLUG" slug) 439 | (message "Successfully added '%s' slug." slug))) 440 | -------------------------------------------------------------------------------- /home/modules/email.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | let 4 | notmuch = "${pkgs.notmuch}/bin/notmuch"; 5 | in 6 | { 7 | age.secrets.mailbox.file = ../../secrets/mailbox.age; 8 | 9 | services.mbsync.enable = true; 10 | 11 | programs = { 12 | mbsync.enable = true; 13 | msmtp.enable = true; 14 | notmuch = { 15 | enable = true; 16 | new.tags = [ "unread" "inbox" ]; 17 | hooks = { 18 | preNew = "mbsync --all"; 19 | postNew = '' 20 | ${notmuch} tag +uber -- tag:unread and from:noreply@uber.com 21 | ${notmuch} tag +nixos -- tag:unread and from:discourse@discourse.nixos.org 22 | ${notmuch} tag +github -- tag:unread and from:notifications@github.com 23 | ${notmuch} tag +sourcehut -- tag:unread and from:*@sr.ht or to:*@lists.sr.ht 24 | ''; 25 | }; 26 | }; 27 | }; 28 | 29 | accounts.email = { 30 | maildirBasePath = "${config.xdg.dataHome}/Maildir"; 31 | accounts.personal = rec { 32 | realName = "Victor Freire"; 33 | address = "victor@freire.dev.br"; 34 | userName = address; 35 | primary = true; 36 | 37 | imap.host = "imap.mailbox.org"; 38 | smtp.host = "smtp.mailbox.org"; 39 | passwordCommand = "cat ${config.age.secrets.mailbox.path}"; 40 | 41 | notmuch.enable = true; 42 | msmtp.enable = true; 43 | mbsync = { 44 | enable = true; 45 | create = "maildir"; 46 | }; 47 | 48 | signature = { 49 | text = '' 50 | -- 51 | ${realName} 52 | ''; 53 | showSignature = "append"; 54 | }; 55 | }; 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /home/modules/firefox.nix: -------------------------------------------------------------------------------- 1 | { config, inputs, pkgs, ... }: 2 | 3 | { 4 | programs.firefox = { 5 | enable = true; 6 | profiles."victor" = { 7 | isDefault = true; 8 | settings = { 9 | # https://wiki.archlinux.org/title/Firefox#Hardware_video_acceleration 10 | "gfx.webrender.all" = true; 11 | "browser.quitShortcut.disabled" = true; 12 | "media.ffmpeg.vaapi.enabled" = true; 13 | "media.ffvpx.enabled" = true; 14 | "media.navigator.mediadatadecoder_vpx_enabled" = true; 15 | 16 | # Disable what's new toolbar 17 | "browser.messaging-system.whatsNewPanel.enabled" = false; 18 | # No Pocket 19 | "extensions.pocket.enabled" = false; 20 | # No Firefox Sync 21 | "identity.fxaccounts.enabled" = false; 22 | # No recommended extensions 23 | "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; 24 | # No recommended features 25 | "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; 26 | # Don't show bookmarks toolbar 27 | "browser.toolbars.bookmarks.visibility" = "never"; 28 | }; 29 | }; 30 | extensions = with pkgs.nur.repos.rycee.firefox-addons; [ 31 | bitwarden 32 | multi-account-containers 33 | privacy-badger 34 | ublock-origin 35 | ]; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /home/modules/git.nix: -------------------------------------------------------------------------------- 1 | { userName, userEmail }: 2 | 3 | { config, pkgs, ... }: 4 | 5 | { 6 | programs.git = { 7 | enable = true; 8 | package = pkgs.gitFull; 9 | 10 | userName = userName; 11 | userEmail = userEmail; 12 | 13 | ignores = [ 14 | # nix 15 | "result" 16 | 17 | # direnv/devenv 18 | ".envrc" 19 | ".direnv" 20 | ".devenv" 21 | ".pre-commit-config.yaml" 22 | 23 | # jetbrains 24 | ".idea" 25 | 26 | # vscode 27 | ".vscode" 28 | ]; 29 | 30 | aliases = { 31 | ca = "commit --amend"; 32 | cm = "commit -m"; 33 | co = "checkout"; 34 | cu = ''!f(){ git stash && git checkout $1 && git fetch --all --prune && git pull origin $1; };f''; 35 | df = "diff"; 36 | hist = "log --graph --pretty=format:'%Cred%h%Creset %s%C(yellow)%d%Creset %Cgreen(%cr)%Creset [%an]' --abbrev-commit --date=relative"; 37 | ri = "rebase --interactive --autosquash"; 38 | squash-all = ''!f(){ git reset $(git commit-tree HEAD^{tree} -m "''${1:-A new start}");};f''; 39 | st = "status --short --branch"; 40 | }; 41 | 42 | delta = { 43 | enable = true; 44 | options = { 45 | features = "side-by-side line-numbers decorations"; 46 | delta = { 47 | navigate = true; 48 | }; 49 | line-numbers = { 50 | line-numbers-minus-style = 124; 51 | line-numbers-plus-style = 28; 52 | }; 53 | }; 54 | }; 55 | extraConfig = { 56 | rerere.enabled = true; 57 | merge = { 58 | conflictstyle = "diff3"; 59 | }; 60 | github = { 61 | user = "ratsclub"; 62 | }; 63 | }; 64 | }; 65 | } 66 | -------------------------------------------------------------------------------- /home/modules/gui.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | home.packages = with pkgs; [ 5 | jetbrains.rider 6 | jetbrains.pycharm-professional 7 | jetbrains.goland 8 | jetbrains.rust-rover 9 | jetbrains.idea-ultimate 10 | jetbrains.webstorm 11 | jetbrains.datagrip 12 | 13 | signal-desktop 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /home/modules/vscodium.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | let 4 | inherit (pkgs) 5 | nixpkgs-fmt 6 | nil 7 | rust-analyzer 8 | ; 9 | in 10 | { 11 | programs.vscode = { 12 | enable = true; 13 | package = pkgs.vscodium; 14 | profiles.default = { 15 | userSettings = { 16 | "update.mode" = "none"; 17 | 18 | "editor.formatOnSave" = false; 19 | "editor.linkedEditing" = true; 20 | "editor.rulers" = [ 80 120 ]; 21 | 22 | # excluded files 23 | "files.exclude" = { 24 | # removes these from the search 25 | "**/.direnv" = true; 26 | "**/.devenv" = true; 27 | }; 28 | 29 | "workbench.tree.indent" = 15; 30 | "workbench.colorTheme" = "Default Dark Modern"; 31 | 32 | "terminal.integrated.tabs.enabled" = true; 33 | 34 | "window.titleBarStyle" = "custom"; 35 | "window.zoomLevel" = 0; 36 | 37 | # F# 38 | "FSharp.inlayHints.enabled" = false; 39 | "FSharp.inlayHints.typeAnnotations" = false; 40 | "FSharp.inlayHints.parameterNames" = false; 41 | "FSharp.addFsiWatcher" = true; 42 | "FSharp.FSIExtraInteractiveParameters" = [ "--readline" ]; 43 | "FSharp.FSIExtraSharedParameters" = [ "--readline" ]; 44 | "FSharp.saveOnSendLastSelection" = false; 45 | 46 | # HTML 47 | "[html]" = { 48 | "editor.defaultFormatter" = "esbenp.prettier-vscode"; 49 | }; 50 | 51 | # Nix 52 | "nix" = { 53 | "enableLanguageServer" = true; 54 | "formatterPath" = "${nixpkgs-fmt}/bin/nixpkgs-fmt"; 55 | "serverPath" = "${nil}/bin/nil"; 56 | }; 57 | "[nix]" = { 58 | "editor.insertSpaces" = true; 59 | "editor.tabSize" = 2; 60 | }; 61 | 62 | # Python 63 | "[python]" = { 64 | "editor.formatOnSave" = true; 65 | "editor.defaultFormatter" = "charliermarsh.ruff"; 66 | }; 67 | 68 | # Rust 69 | "rust-analyzer.server.path" = "${rust-analyzer}/bin/rust-analyzer"; 70 | }; 71 | 72 | extensions = with pkgs.vscode-extensions; [ 73 | # .NET 74 | ionide.ionide-fsharp 75 | ms-dotnettools.csharp 76 | 77 | # Angular 78 | angular.ng-template 79 | 80 | # Deno 81 | denoland.vscode-deno 82 | 83 | # Nix 84 | jnoortheen.nix-ide 85 | 86 | # Go 87 | golang.go 88 | 89 | # Python 90 | ms-python.python 91 | ms-toolsai.jupyter 92 | ms-pyright.pyright 93 | charliermarsh.ruff 94 | 95 | # Rust 96 | rust-lang.rust-analyzer 97 | 98 | # SML 99 | azdavis.millet 100 | 101 | # Markdown 102 | yzhang.markdown-all-in-one 103 | 104 | # Misc 105 | eamodio.gitlens 106 | editorconfig.editorconfig 107 | esbenp.prettier-vscode 108 | gruntfuggly.todo-tree 109 | mkhl.direnv 110 | ]; 111 | }; 112 | }; 113 | 114 | programs.vscode.profiles.default.userSettings.editor.fontFamily = "Jetbrains Mono"; 115 | home.packages = with pkgs; [ jetbrains-mono ]; 116 | } 117 | -------------------------------------------------------------------------------- /hosts/capivaras/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, inputs, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | ./hardware-configuration.nix 6 | ./networking.nix 7 | 8 | ./forgejo.nix 9 | 10 | ../../modules/common/autoUpgrade.nix 11 | ../../modules/common/nix.nix 12 | ../../modules/common/openssh.nix 13 | ../../modules/common/user.nix 14 | ]; 15 | 16 | age.secrets = { 17 | appriseconfig.file = ../../secrets/appriseconfig.age; 18 | }; 19 | 20 | boot.tmp.cleanOnBoot = true; 21 | zramSwap.enable = true; 22 | 23 | networking = { 24 | domain = "dev"; 25 | hostName = "capivaras"; 26 | firewall.allowedTCPPorts = [ 22 80 443 ]; 27 | }; 28 | 29 | security.acme.defaults.email = "victor@freire.dev.br"; 30 | security.acme.acceptTerms = true; 31 | 32 | services.caddy.enable = true; 33 | 34 | services.tailscale.enable = true; 35 | 36 | services.postgresql.enable = true; 37 | services.postgresql.package = pkgs.postgresql_16; 38 | services.postgresqlBackup.enable = true; 39 | 40 | system.stateVersion = "23.11"; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/capivaras/forgejo.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | let 4 | fqdn = config.networking.fqdn; 5 | cfg = config.services.forgejo; 6 | srv = cfg.settings.server; 7 | in 8 | { 9 | age.secrets = { 10 | forgejo-mailer.file = ../../secrets/services/forgejo/mailer.age; 11 | forgejo-mailer.owner = config.services.forgejo.user; 12 | forgejo-mailer.group = config.services.forgejo.group; 13 | }; 14 | 15 | services.caddy = { 16 | virtualHosts."${srv.DOMAIN}".extraConfig = '' 17 | reverse_proxy localhost:${builtins.toString srv.HTTP_PORT} 18 | ''; 19 | }; 20 | 21 | services.postgresql = { 22 | ensureDatabases = [ cfg.database.name ]; 23 | ensureUsers = [ 24 | { 25 | name = cfg.database.user; 26 | ensureDBOwnership = true; 27 | } 28 | ]; 29 | }; 30 | 31 | services.forgejo = { 32 | enable = true; 33 | package = pkgs.forgejo; 34 | database.type = "postgres"; 35 | 36 | dump.enable = true; 37 | dump.interval = "daily"; 38 | 39 | settings = { 40 | DEFAULT.APP_NAME = "capivaras.dev code forge"; 41 | 42 | actions.ENABLED = true; 43 | actions.ARTIFACT_RETENTION_DAYS = 30; 44 | 45 | service.DISABLE_REGISTRATION = true; 46 | service.ENABLE_NOTIFY_MAIL = true; 47 | service.DEFAULT_KEEP_EMAIL_PRIVATE = true; 48 | 49 | server.HTTP_ADDR = "127.0.0.1"; 50 | server.DOMAIN = "code.${fqdn}"; 51 | server.ROOT_URL = "https://${srv.DOMAIN}"; 52 | server.LANDING_PAGE = "/explore/repos"; 53 | 54 | mailer.ENABLED = true; 55 | mailer.SMTP_ADDR = "smtp.purelymail.com"; 56 | mailer.SMTP_PORT = 587; 57 | mailer.PROTOCOL = "smtp+starttls"; 58 | mailer.FROM = "noreply@${srv.DOMAIN}"; 59 | mailer.USER = "noreply@${srv.DOMAIN}"; 60 | }; 61 | mailerPasswordFile = config.age.secrets.forgejo-mailer.path; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /hosts/capivaras/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { modulesPath, ... }: 2 | { 3 | imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; 4 | boot.loader.grub = { 5 | efiSupport = true; 6 | efiInstallAsRemovable = true; 7 | device = "nodev"; 8 | }; 9 | fileSystems."/boot" = { device = "/dev/disk/by-uuid/4008-148E"; fsType = "vfat"; }; 10 | boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; 11 | boot.initrd.kernelModules = [ "nvme" ]; 12 | fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; 13 | 14 | } 15 | -------------------------------------------------------------------------------- /hosts/capivaras/networking.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: { 2 | # This file was populated at runtime with the networking 3 | # details gathered from the active system. 4 | networking = { 5 | nameservers = [ 6 | "8.8.8.8" 7 | ]; 8 | defaultGateway = "172.31.1.1"; 9 | defaultGateway6 = { 10 | address = "fe80::1"; 11 | interface = "eth0"; 12 | }; 13 | dhcpcd.enable = false; 14 | usePredictableInterfaceNames = lib.mkForce false; 15 | interfaces = { 16 | eth0 = { 17 | ipv4.addresses = [ 18 | { address = "188.245.177.130"; prefixLength = 32; } 19 | ]; 20 | ipv6.addresses = [ 21 | { address = "2a01:4f8:1c1b:cfa6::1"; prefixLength = 64; } 22 | { address = "fe80::9400:3ff:fec8:1348"; prefixLength = 64; } 23 | ]; 24 | ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; 25 | ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; 26 | }; 27 | 28 | }; 29 | }; 30 | services.udev.extraRules = '' 31 | ATTR{address}=="96:00:03:c8:13:48", NAME="eth0" 32 | 33 | ''; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/davila/default.nix: -------------------------------------------------------------------------------- 1 | # Edit this configuration file to define what should be installed on 2 | # your system. Help is available in the configuration.nix(5) man page, on 3 | # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 | 5 | { config, inputs, pkgs, ... }: 6 | 7 | let 8 | capivarasdevCfg = inputs.self.nixosConfigurations.capivaras.config; 9 | in 10 | { 11 | imports = 12 | [ 13 | # Include the results of the hardware scan. 14 | ./hardware-configuration.nix 15 | 16 | ../../modules/common/autoUpgrade.nix 17 | ../../modules/common/nix.nix 18 | ../../modules/common/openssh.nix 19 | ../../modules/common/user.nix 20 | ]; 21 | 22 | boot.loader.grub.enable = true; 23 | boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only 24 | 25 | networking.hostName = "davila"; 26 | networking.networkmanager.enable = true; 27 | 28 | time.timeZone = "America/Sao_Paulo"; 29 | 30 | virtualisation.docker = { 31 | enable = true; 32 | autoPrune.enable = true; 33 | autoPrune.dates = "weekly"; 34 | }; 35 | 36 | age.secrets = { 37 | forgejo-runner-token.file = ../../secrets/services/forgejo/runner-token.age; 38 | }; 39 | 40 | services.gitea-actions-runner = { 41 | package = pkgs.forgejo-runner; 42 | instances.capivarasdev = { 43 | enable = true; 44 | name = "Global Docker Forgejo Actions Runner"; 45 | url = capivarasdevCfg.services.forgejo.settings.server.ROOT_URL; 46 | tokenFile = config.age.secrets.forgejo-runner-token.path; 47 | labels = [ 48 | "nix:host" 49 | "docker:docker://node:current-bookworm" 50 | "ubuntu-latest:docker://node:current-bookworm" 51 | ]; 52 | hostPackages = with pkgs; [ 53 | # default ones 54 | bash 55 | coreutils 56 | curl 57 | gawk 58 | git 59 | gnused 60 | nodejs 61 | wget 62 | 63 | # useful to have in path 64 | jq 65 | which 66 | dpkg 67 | zip 68 | git-lfs 69 | 70 | # used in deployments 71 | nix 72 | openssh 73 | sudo 74 | ]; 75 | }; 76 | }; 77 | 78 | services.tailscale.enable = true; 79 | 80 | system.stateVersion = "24.05"; 81 | } 82 | -------------------------------------------------------------------------------- /hosts/davila/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, modulesPath, ... }: 5 | 6 | { 7 | imports = [ ]; 8 | 9 | boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; 10 | boot.initrd.kernelModules = [ ]; 11 | boot.kernelModules = [ ]; 12 | boot.extraModulePackages = [ ]; 13 | 14 | fileSystems."/" = 15 | { 16 | device = "/dev/disk/by-uuid/3f6db64a-1d00-4449-9aff-c1c0458f9435"; 17 | fsType = "ext4"; 18 | }; 19 | 20 | swapDevices = 21 | [{ device = "/dev/disk/by-uuid/9d12edb9-fe02-4d97-87f8-4ac9776769f8"; }]; 22 | 23 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 24 | # (the default) this is the recommended approach. When using systemd-networkd it's 25 | # still possible to use this option, but it's recommended to use it in conjunction 26 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 27 | networking.useDHCP = lib.mkDefault true; 28 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; 29 | 30 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 31 | virtualisation.hypervGuest.enable = true; 32 | } 33 | -------------------------------------------------------------------------------- /hosts/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, outputs, ... }: 2 | 3 | let 4 | inherit (inputs) 5 | nixpkgs 6 | stable 7 | small 8 | ; 9 | 10 | mkPkgs = { nixpkgs, system, overlay, ... }: 11 | import nixpkgs { 12 | inherit system; 13 | overlays = [ 14 | outputs.overlays.default 15 | overlay 16 | ]; 17 | config.allowUnfree = true; 18 | }; 19 | in 20 | { 21 | magnus = nixpkgs.lib.nixosSystem rec { 22 | system = "aarch64-linux"; 23 | pkgs = mkPkgs { 24 | inherit nixpkgs system; 25 | }; 26 | modules = [ ./magnus ]; 27 | specialArgs = { inherit inputs; }; 28 | }; 29 | 30 | capivaras = stable.lib.nixosSystem rec { 31 | system = "aarch64-linux"; 32 | pkgs = mkPkgs { 33 | inherit system; 34 | 35 | nixpkgs = stable; 36 | 37 | # TODO: until v9 reaches nixpkgs stable 38 | overlay = (final: prev: { 39 | forgejo = small.legacyPackages.${system}.forgejo; 40 | forgejo-runner = small.legacyPackages.${system}.forgejo-runner; 41 | }); 42 | }; 43 | modules = [ 44 | ./capivaras 45 | inputs.agenix.nixosModules.default 46 | ]; 47 | specialArgs = { inherit inputs; }; 48 | }; 49 | 50 | node = stable.lib.nixosSystem rec { 51 | system = "x86_64-linux"; 52 | pkgs = mkPkgs { 53 | inherit system; 54 | overlay = final: prev: {}; 55 | nixpkgs = stable; 56 | }; 57 | 58 | modules = [ 59 | ./node 60 | inputs.nixBitcoin.nixosModules.default 61 | inputs.agenix.nixosModules.default 62 | ]; 63 | specialArgs = { inherit inputs; }; 64 | }; 65 | 66 | davila = stable.lib.nixosSystem rec { 67 | system = "x86_64-linux"; 68 | pkgs = mkPkgs { 69 | inherit system; 70 | 71 | nixpkgs = stable; 72 | 73 | # TODO: until v9 reaches nixpkgs stable 74 | overlay = (final: prev: { 75 | forgejo = small.legacyPackages.${system}.forgejo; 76 | forgejo-runner = small.legacyPackages.${system}.forgejo-runner; 77 | }); 78 | }; 79 | modules = [ 80 | ./davila 81 | inputs.agenix.nixosModules.default 82 | ]; 83 | specialArgs = { inherit inputs; }; 84 | }; 85 | } 86 | -------------------------------------------------------------------------------- /hosts/magnus/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, inputs, pkgs, ... }: 2 | 3 | let 4 | user = "victor"; 5 | in 6 | { 7 | imports = [ 8 | ./hardware-configuration.nix 9 | 10 | ../../modules/common/autoUpgrade.nix 11 | ../../modules/common/nix.nix 12 | ../../modules/common/user.nix 13 | ]; 14 | 15 | networking = { 16 | domain = "gluer.org"; 17 | hostName = "magnus"; 18 | 19 | firewall.allowedTCPPorts = [ 80 443 ]; 20 | 21 | nameservers = [ "8.8.8.8" ]; 22 | defaultGateway = "172.31.1.1"; 23 | defaultGateway6 = { 24 | address = "fe80::1"; 25 | interface = "eth0"; 26 | }; 27 | dhcpcd.enable = false; 28 | usePredictableInterfaceNames = lib.mkForce false; 29 | interfaces = { 30 | eth0 = { 31 | ipv4.addresses = [ 32 | { address = "128.140.88.168"; prefixLength = 32; } 33 | ]; 34 | ipv6.addresses = [ 35 | { address = "2a01:4f8:c010:819a::1"; prefixLength = 64; } 36 | { address = "fe80::9400:2ff:fe2d:de13"; prefixLength = 64; } 37 | ]; 38 | ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; 39 | ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; 40 | }; 41 | 42 | }; 43 | }; 44 | services.udev.extraRules = '' 45 | ATTR{address}=="96:00:02:2d:de:13", NAME="eth0" 46 | ''; 47 | 48 | systemd.tmpfiles.rules = [ 49 | # create the websites directories 50 | "d /var/lib/www/${config.networking.domain} 770 ${user} nginx - -" 51 | ]; 52 | services.nginx = { 53 | enable = true; 54 | virtualHosts = 55 | { 56 | "${config.networking.domain}" = { 57 | enableACME = true; 58 | forceSSL = true; 59 | root = "/var/lib/www/${config.networking.domain}"; 60 | }; 61 | "glorifiedgluer.com" = { 62 | enableACME = true; 63 | forceSSL = true; 64 | globalRedirect = config.networking.domain; 65 | }; 66 | }; 67 | }; 68 | 69 | security.acme.defaults.email = "victor@freire.dev.br"; 70 | security.acme.acceptTerms = true; 71 | 72 | services.tailscale.enable = true; 73 | 74 | boot.tmp.cleanOnBoot = true; 75 | zramSwap.enable = true; 76 | 77 | services.openssh = { 78 | enable = true; 79 | settings = { 80 | PasswordAuthentication = false; 81 | }; 82 | }; 83 | 84 | system.stateVersion = "23.11"; 85 | } 86 | -------------------------------------------------------------------------------- /hosts/magnus/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | { modulesPath, ... }: 2 | { 3 | imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; 4 | boot.loader.grub = { 5 | efiSupport = true; 6 | efiInstallAsRemovable = true; 7 | device = "nodev"; 8 | }; 9 | fileSystems."/boot" = { device = "/dev/disk/by-uuid/AC27-D9D6"; fsType = "vfat"; }; 10 | boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; 11 | boot.initrd.kernelModules = [ "nvme" ]; 12 | fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; 13 | 14 | } 15 | -------------------------------------------------------------------------------- /hosts/node/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, inputs, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | ./hardware-configuration.nix 6 | 7 | ../../modules/common/autoUpgrade.nix 8 | ../../modules/common/nix.nix 9 | ../../modules/common/openssh.nix 10 | ../../modules/common/user.nix 11 | ]; 12 | 13 | boot.loader.grub.enable = true; 14 | boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only 15 | 16 | networking.hostName = "node"; 17 | networking.networkmanager.enable = true; 18 | 19 | time.timeZone = "America/Sao_Paulo"; 20 | 21 | networking.firewall.enable = true; 22 | 23 | nix-bitcoin.security.dbusHideProcessInformation = true; 24 | nix-bitcoin.generateSecrets = true; 25 | 26 | # Use doas instead of sudo 27 | security.doas.enable = true; 28 | security.sudo.enable = false; 29 | environment.shellAliases.sudo = "doas"; 30 | 31 | environment.systemPackages = with pkgs; [ 32 | jq 33 | ]; 34 | 35 | services.bitcoind = { 36 | enable = true; 37 | listen = true; 38 | dbCache = 1000; 39 | }; 40 | 41 | services.liquidd = { 42 | # Enable `validatepegin` to verify that a transaction sending BTC into 43 | # Liquid exists on Bitcoin. Without it, a malicious liquid federation can 44 | # make the node accept a sidechain that is not fully backed. 45 | validatepegin = true; 46 | listen = true; 47 | }; 48 | 49 | nix-bitcoin.nodeinfo.enable = true; 50 | 51 | services.backups.frequency = "daily"; 52 | 53 | # operator 54 | nix-bitcoin.operator.enable = true; 55 | nix-bitcoin.operator.name = "victor"; 56 | } 57 | -------------------------------------------------------------------------------- /hosts/node/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 | # and may be overwritten by future invocations. Please make changes 3 | # to /etc/nixos/configuration.nix instead. 4 | { config, lib, pkgs, modulesPath, ... }: 5 | 6 | { 7 | imports = [ ]; 8 | 9 | boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; 10 | boot.initrd.kernelModules = [ ]; 11 | boot.kernelModules = [ ]; 12 | boot.extraModulePackages = [ ]; 13 | 14 | fileSystems."/" = 15 | { 16 | device = "/dev/disk/by-uuid/f1c0e3cc-3411-41a2-aa4f-c254a70a0333"; 17 | fsType = "ext4"; 18 | }; 19 | 20 | swapDevices = 21 | [{ device = "/dev/disk/by-uuid/00ce8df5-7e87-4524-abf6-67ad0f0941cc"; }]; 22 | 23 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 24 | # (the default) this is the recommended approach. When using systemd-networkd it's 25 | # still possible to use this option, but it's recommended to use it in conjunction 26 | # with explicit per-interface declarations with `networking.interfaces..useDHCP`. 27 | networking.useDHCP = lib.mkDefault true; 28 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; 29 | 30 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 31 | virtualisation.hypervGuest.enable = true; 32 | } 33 | -------------------------------------------------------------------------------- /modules/apprise.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | 5 | let 6 | cfg = config.systemd.apprise; 7 | 8 | checkConditions = pkgs.writeScript "checkConditions" '' 9 | #!/bin/sh 10 | STATUS=$(systemctl status --full "$1") 11 | 12 | case "$STATUS" in 13 | *"activating (auto-restart) (Result: timeout)"*) exit 1 ;; 14 | *) exit 0 ;; 15 | esac 16 | ''; 17 | 18 | apprise = pkgs.writeScript "apprise" 19 | '' 20 | #! ${pkgs.runtimeShell} 21 | 22 | apprise -vv \ 23 | -t "Status of service $2" \ 24 | -b "$(systemctl status --full $2)" \ 25 | --config=${cfg.configFile} 26 | ''; 27 | in 28 | 29 | { 30 | options = { 31 | systemd.services = mkOption { 32 | type = with types; attrsOf ( 33 | submodule { 34 | config.onFailure = [ "apprise@%n.service" ]; 35 | } 36 | ); 37 | }; 38 | 39 | systemd.apprise = { 40 | enable = mkOption { 41 | default = false; 42 | type = types.bool; 43 | description = "Enable Apprise systemd notifications."; 44 | }; 45 | 46 | configFile = mkOption { 47 | type = types.nullOr types.path; 48 | default = null; 49 | description = "The Apprise configuration file."; 50 | }; 51 | }; 52 | }; 53 | 54 | config = mkIf cfg.enable { 55 | systemd.services."apprise@" = { 56 | description = "Sends a status notification via apprise on service failures."; 57 | onFailure = mkForce [ ]; 58 | unitConfig = { 59 | StartLimitIntervalSec = "5m"; 60 | StartLimitBurst = 1; 61 | }; 62 | path = [ pkgs.apprise ]; 63 | serviceConfig = { 64 | ExecCondition = "${checkConditions} %i"; 65 | ExecStart = "${apprise} %i"; 66 | Type = "oneshot"; 67 | }; 68 | }; 69 | }; 70 | } 71 | -------------------------------------------------------------------------------- /modules/common/autoUpgrade.nix: -------------------------------------------------------------------------------- 1 | { 2 | programs.git.enable = true; 3 | 4 | system.autoUpgrade = { 5 | enable = true; 6 | flake = "github:ratsclub/dotfiles"; 7 | dates = "daily"; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /modules/common/nix.nix: -------------------------------------------------------------------------------- 1 | { config, inputs, pkgs, ... }: 2 | 3 | { 4 | nix = { 5 | package = pkgs.nix; 6 | 7 | gc = { 8 | automatic = true; 9 | options = "--delete-older-than 1w"; 10 | }; 11 | 12 | settings = { 13 | experimental-features = "nix-command flakes"; 14 | auto-optimise-store = true; 15 | trusted-users = [ "root" "@wheel" ]; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /modules/common/openssh.nix: -------------------------------------------------------------------------------- 1 | { 2 | services.openssh = { 3 | enable = true; 4 | settings.PasswordAuthentication = false; 5 | settings.PermitRootLogin = "no"; 6 | # Automatically remove stale sockets 7 | settings.StreamLocalBindUnlink = "yes"; 8 | # Allow forwarding ports to everywhere 9 | settings.GatewayPorts = "clientspecified"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /modules/common/user.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | keys = [ 5 | # TODO: redo my ssh keys 6 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIEpBZXIOn5Eeq2peV4gH3jSf2fqinRnTPHd1NHlscLZ" 7 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8w7K7WeGfbdcTOM2lfXhEWKI+pNgFzNOwM8HkTIABz" 8 | 9 | # yubikeys 10 | "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDWji4AKnNF0O1Y4BZqP5fbkFwuzSt0CS8qEY+fwsXGOAAAABHNzaDo=" 11 | "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIijs6xqu+aad4tMclFUDZFHTBoi7W/W+At6ouKvX7DdAAAABHNzaDo=" 12 | ]; 13 | in 14 | { 15 | users.users = { 16 | root.openssh.authorizedKeys.keys = keys; 17 | 18 | victor = { 19 | isNormalUser = true; 20 | initialPassword = "changeme"; 21 | extraGroups = [ 22 | "wheel" 23 | "video" 24 | "audio" 25 | "networkmanager" 26 | "podman" 27 | "libvirtd" 28 | ]; 29 | 30 | openssh.authorizedKeys.keys = keys; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /modules/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | apprise = ./apprise.nix; 3 | } 4 | -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | { nixpkgs, small }: 2 | 3 | let 4 | _smallPkgs = system: import small { 5 | inherit system; 6 | config.allowUnfree = true; 7 | }; 8 | in 9 | { 10 | default = final: _prev: import ../pkgs { pkgs = final; }; 11 | modifications = final: prev: { }; 12 | } 13 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: { } 2 | -------------------------------------------------------------------------------- /secrets/appriseconfig.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ratsclub/dotfiles/056ea5b9a2d0facb5dfd03e0049d9b32c2a23ed4/secrets/appriseconfig.age -------------------------------------------------------------------------------- /secrets/secrets.nix: -------------------------------------------------------------------------------- 1 | let 2 | users = [ 3 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcM1qHIUVmhRC0jY8Tzvu6SdTn+68cM7ArPw3AwD/LN" 4 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImly9yO1lUBeqsAgWYDHOYj8hYUg/zyvGb5X/qRsMNB" 5 | 6 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIey4LP6XkLhU8kBxCu0zW+LriyMu0xFyuftv29fkxKS root@capivaras" 7 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzo6voZSXCw5wiAYI6s+zKb2JBkWK/E1ocEqOo9RHmb root@davilla" 8 | ]; 9 | in 10 | { 11 | "services/forgejo/mailer.age".publicKeys = users; 12 | "services/forgejo/runner-token.age".publicKeys = users; 13 | "appriseconfig.age".publicKeys = users; 14 | } 15 | -------------------------------------------------------------------------------- /secrets/services/forgejo/mailer.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ratsclub/dotfiles/056ea5b9a2d0facb5dfd03e0049d9b32c2a23ed4/secrets/services/forgejo/mailer.age -------------------------------------------------------------------------------- /secrets/services/forgejo/runner-token.age: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ratsclub/dotfiles/056ea5b9a2d0facb5dfd03e0049d9b32c2a23ed4/secrets/services/forgejo/runner-token.age -------------------------------------------------------------------------------- /templates/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | dotnet = { 3 | description = ".NET project template"; 4 | path = ./dotnet; 5 | }; 6 | 7 | go = { 8 | description = "Go project template"; 9 | path = ./go; 10 | }; 11 | 12 | vm = { 13 | description = "NixOS Virtual Machine template"; 14 | path = ./vm; 15 | }; 16 | 17 | devenv = { 18 | description = "devenv empty template"; 19 | path = ./devenv; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /templates/devenv/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = { 3 | nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; 4 | devenv.url = "github:cachix/devenv"; 5 | }; 6 | 7 | outputs = { self, nixpkgs, devenv, ... } @ inputs: 8 | let 9 | forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed; 10 | in 11 | { 12 | devShells = forAllSystems (system: 13 | let 14 | pkgs = nixpkgs.legacyPackages.${system}; 15 | in 16 | { 17 | default = devenv.lib.mkShell { 18 | inherit inputs pkgs; 19 | modules = [ 20 | ({ pkgs, ... }: { 21 | # configure options here 22 | }) 23 | ]; 24 | }; 25 | }); 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /templates/dotnet/.editorconfig: -------------------------------------------------------------------------------- 1 | # Default settings: 2 | # A newline ending every file 3 | # Use 4 spaces as indentation 4 | [*] 5 | insert_final_newline = true 6 | indent_style = space 7 | indent_size = 4 8 | trim_trailing_whitespace = true 9 | end_of_line = lf 10 | 11 | [*.{fs,fsi,fsx,config}] 12 | # https://fsprojects.github.io/fantomas/docs/end-users/Configuration.html 13 | charset = utf-8 14 | trim_trailing_whitespace = true 15 | max_line_length = 100 16 | fsharp_multiline_bracket_style = stroustrup 17 | fsharp_keep_max_number_of_blank_lines = 2 18 | fsharp_max_array_or_list_number_of_items = 1 19 | fsharp_array_or_list_multiline_formatter = number_of_items 20 | fsharp_max_infix_operator_expression = 10 21 | fsharp_multi_line_lambda_closing_newline = true 22 | 23 | # Visual Studio Solution Files 24 | [*.sln] 25 | indent_style = tab 26 | 27 | # XML project files 28 | [*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,projitems,shproj,sfproj}] 29 | indent_size = 2 30 | 31 | # XML config files 32 | [*.{props,targets,ruleset,config,nuspec,resx,vsixmanifest,vsct}] 33 | indent_size = 2 34 | 35 | # Markdown Files 36 | [*.{md,mdx}] 37 | trim_trailing_whitespace = false 38 | -------------------------------------------------------------------------------- /templates/dotnet/.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.*~ 3 | project.lock.json 4 | .DS_Store 5 | *.pyc 6 | nupkg/ 7 | 8 | # Visual Studio Code 9 | .vscode 10 | 11 | # Rider 12 | .idea 13 | 14 | # User-specific files 15 | *.suo 16 | *.user 17 | *.userosscache 18 | *.sln.docstates 19 | 20 | # Build results 21 | [Dd]ebug/ 22 | [Dd]ebugPublic/ 23 | [Rr]elease/ 24 | [Rr]eleases/ 25 | x64/ 26 | x86/ 27 | build/ 28 | bld/ 29 | [Bb]in/ 30 | [Oo]bj/ 31 | [Oo]ut/ 32 | msbuild.log 33 | msbuild.err 34 | msbuild.wrn 35 | 36 | # Visual Studio 2015 37 | .vs/ 38 | -------------------------------------------------------------------------------- /templates/dotnet/Directory.Build.props: -------------------------------------------------------------------------------- 1 | 2 | 3 | true 4 | true 5 | true 6 | 7 | 8 | -------------------------------------------------------------------------------- /templates/dotnet/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = { 3 | nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; 4 | devenv.url = "github:cachix/devenv"; 5 | }; 6 | 7 | outputs = { self, nixpkgs, devenv, ... } @ inputs: 8 | let 9 | systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; 10 | forAllSystems = f: builtins.listToAttrs (map (name: { inherit name; value = f name; }) systems); 11 | in 12 | { 13 | devShells = forAllSystems (system: 14 | let 15 | pkgs = nixpkgs.legacyPackages.${system}; 16 | in 17 | { 18 | default = devenv.lib.mkShell { 19 | inherit inputs pkgs; 20 | modules = [ 21 | ({ pkgs, ... }: 22 | let 23 | inherit (pkgs) dotnetCorePackages; 24 | dotnet = (with dotnetCorePackages; combinePackages [ 25 | sdk_6_0 26 | sdk_7_0 27 | sdk_8_0 28 | ]); 29 | in 30 | { 31 | languages.dotnet = { 32 | enable = true; 33 | package = dotnet; 34 | }; 35 | }) 36 | ]; 37 | }; 38 | }); 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /templates/go/.gitignore: -------------------------------------------------------------------------------- 1 | # If you prefer the allow list template instead of the deny list, see community template: 2 | # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore 3 | # 4 | # Binaries for programs and plugins 5 | *.exe 6 | *.exe~ 7 | *.dll 8 | *.so 9 | *.dylib 10 | 11 | # Test binary, built with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Dependency directories (remove the comment below to include it) 18 | # vendor/ 19 | 20 | # Go workspace file 21 | go.work 22 | 23 | # direnv/devenv 24 | .direnv 25 | .devenv 26 | .envrc 27 | -------------------------------------------------------------------------------- /templates/go/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = { 3 | nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; 4 | devenv.url = "github:cachix/devenv"; 5 | }; 6 | 7 | outputs = { self, nixpkgs, devenv, ... } @ inputs: 8 | let 9 | forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed; 10 | in 11 | { 12 | devShells = forAllSystems (system: 13 | let 14 | pkgs = nixpkgs.legacyPackages.${system}; 15 | in 16 | { 17 | default = devenv.lib.mkShell { 18 | inherit inputs pkgs; 19 | modules = [ 20 | ({ pkgs, ... }: { 21 | languages.go.enable = true; 22 | }) 23 | ]; 24 | }; 25 | }); 26 | }; 27 | } 28 | 29 | -------------------------------------------------------------------------------- /templates/vm/configuration.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: { 2 | # customize kernel version 3 | boot.kernelPackages = pkgs.linuxPackages_5_15; 4 | 5 | users.users = { 6 | admin = { 7 | isNormalUser = true; 8 | extraGroups = [ "wheel" ]; 9 | password = "admin"; 10 | group = "admin"; 11 | }; 12 | }; 13 | 14 | virtualisation.vmVariant = { 15 | # following configuration is added only when building VM with build-vm 16 | virtualisation = { 17 | memorySize = 2048; # Use 2048MiB memory. 18 | cores = 4; 19 | graphics = false; 20 | }; 21 | }; 22 | 23 | services.openssh = { 24 | enable = true; 25 | settings.PasswordAuthentication = true; 26 | }; 27 | 28 | networking.firewall.allowedTCPPorts = [ 22 ]; 29 | environment.systemPackages = with pkgs; [ 30 | htop 31 | ]; 32 | 33 | # update this if needed 34 | system.stateVersion = "23.05"; 35 | } 36 | -------------------------------------------------------------------------------- /templates/vm/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = { 3 | unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; 4 | stable.url = "github:NixOS/nixpkgs/nixos-23.05"; 5 | }; 6 | 7 | outputs = { self, unstable, stable, ... }: 8 | let 9 | # change the system if needed 10 | system = "x86_64-linux"; 11 | 12 | vmOverlay = final: prev: { }; 13 | 14 | unstablePkgs = import unstable { 15 | inherit system; 16 | overlays = [ vmOverlay ]; 17 | }; 18 | 19 | stablePkgs = import stable { 20 | inherit system; 21 | overlays = [ vmOverlay ]; 22 | }; 23 | in 24 | { 25 | # `test` is a hostname for our machine 26 | # run: 27 | # 1. `nix shell nixpkgs#nixos-rebuild` 28 | # 2. `nixos-rebuild build-vm --flake .#test` 29 | nixosConfigurations.test = 30 | # change `unstable` to `stable` if needed 31 | unstable.lib.nixosSystem { 32 | inherit system; 33 | 34 | # change this to `stablePkgs` or `unstablePkgs` if needed 35 | pkgs = unstablePkgs; 36 | 37 | modules = [ 38 | ./configuration.nix 39 | ]; 40 | }; 41 | }; 42 | } 43 | --------------------------------------------------------------------------------