synchronous/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:JakeGinesin/nix-dots

Browse Source
This commit is contained in:
JakeGinesin
2025-12-30 02:23:26 -05:00
parent 307db65758 2282e2ddfa
commit 6941000feb
28 changed files with 539 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
flake.nix
View File

@@ -36,7 +36,7 @@
system = "x86_64-linux"; system = "x86_64-linux";
# hostnames # hostnames
hosts = ["thonkpad" "rq" "yoga" "server1" "server2" "server3"]; hosts = ["thonkpad" "rq" "yoga" "server1" "server2" "server3" "store"];
baseModule = {lib, ...}: { baseModule = {lib, ...}: {
imports = [ imports = [

7
home/home.nix
View File

@@ -53,7 +53,7 @@ in {
home.sessionVariables = { home.sessionVariables = {
EDITOR = "nvim"; EDITOR = "nvim";
SHELL = "zsh"; SHELL = "/etc/profiles/per-user/synchronous/bin/zsh"; # just zsh no longer works?
HOME = "/home/synchronous"; HOME = "/home/synchronous";
# XDG_CACHE_HOME = "$HOME/.cache"; # XDG_CACHE_HOME = "$HOME/.cache";
DBUS_SESSION_BUS_ADDRESS = "unix:path=$XDG_RUNTIME_DIR/bus"; DBUS_SESSION_BUS_ADDRESS = "unix:path=$XDG_RUNTIME_DIR/bus";
@@ -120,6 +120,11 @@ in {
yq yq
semgrep semgrep
tectonic tectonic
electrum
feather
gnupg
texpresso
python313Packages.pygments
# texlive.combined.scheme-full # texlive.combined.scheme-full
# security # security

4
home/programs/firefox/default.nix
View File

@@ -210,6 +210,10 @@ in {
name = "verus github"; name = "verus github";
url = "https://github.com/verus-lang/verus"; url = "https://github.com/verus-lang/verus";
} }
{
name = "secure foundations";
url = "https://github.com/secure-foundations";
}
]; ];
} }
{ {

13
home/programs/nvim/default.nix
View File

@@ -41,10 +41,11 @@
vim-airline-themes vim-airline-themes
plenary-nvim plenary-nvim
nvim-web-devicons nvim-web-devicons
{ texpresso-vim
plugin = smear-cursor-nvim; # {
config = toLuaFile ./plugins/smear.lua; # plugin = smear-cursor-nvim;
} # config = toLuaFile ./plugins/smear.lua;
# }
# { # {
# plugin = neovide; # plugin = neovide;
# config = toLuaFile ./plugins/neovide.lua; # config = toLuaFile ./plugins/neovide.lua;
@@ -86,6 +87,10 @@
# plugin = vim-airline; # plugin = vim-airline;
# config = toLuaFile ./plugins/airline.lua; # config = toLuaFile ./plugins/airline.lua;
# } # }
{
plugin = markdown-preview-nvim;
config = toLuaFile ./plugins/markdown-preview-nvim.lua;
}
{ {
plugin = barbar-nvim; plugin = barbar-nvim;
config = toLuaFile ./plugins/barbar.lua; config = toLuaFile ./plugins/barbar.lua;

25
home/programs/nvim/init.lua
View File

@@ -165,6 +165,31 @@ vim.api.nvim_create_autocmd("FileType", {
command = "setlocal wrap" command = "setlocal wrap"
}) })
vim.api.nvim_create_augroup("vimrc", { clear = true })
-- vim.api.nvim_create_autocmd("FileType", {
-- desc = "texpresso compile",
-- group = "vimrc",
-- pattern = "tex",
-- callback = function(args)
-- -- start server on first BufWrite
-- vim.api.nvim_create_autocmd("BufWritePost", {
-- group = vim.api.nvim_create_augroup(
-- string.format("latex<buffer=%d>", args.buf),
-- { clear = true }
-- ),
-- buffer = args.buf,
-- callback = function()
-- if not vim.b.latex_started then
-- vim.cmd "TeXpresso %"
-- vim.b.latex_started = true
-- end
-- -- vim.cmd "VimtexView"
-- end,
-- })
-- end,
-- })
-- idk why i need to define it here bro -- idk why i need to define it here bro
-- local builtin = require('telescope.builtin') -- local builtin = require('telescope.builtin')
-- vim.keymap.set('n', '<leader>ff', builtin.find_files, { desc = 'Telescope find files' }) -- vim.keymap.set('n', '<leader>ff', builtin.find_files, { desc = 'Telescope find files' })

4
home/programs/nvim/plugins/markdown-preview-nvim.lua Normal file
View File

@@ -0,0 +1,4 @@
-- browser
vim.g.mkdp_browser = "firefox"
-- keybindings
vim.keymap.set("n", "<leader>m", "<plug>MarkdownPreview")

3
home/programs/nvim/plugins/smear.lua
View File

@@ -2,9 +2,10 @@ require('smear_cursor').setup({
scroll_buffer_space = false, scroll_buffer_space = false,
smear_between_buffers = false, smear_between_buffers = false,
smear_between_neighbor_lines = false, smear_between_neighbor_lines = false,
scroll_buffer_space = false,
stiffness = 0.5, stiffness = 0.5,
trailing_stiffness = 0.5, trailing_stiffness = 0.5,
matrix_pixel_threshold = 0.5, matrix_pixel_threshold = 0.5,
damping = 0.95, damping = 0.9999, -- how "bouncy" the cursor is. 1 makes the cursor freeze in the top left lmao
smear_insert_mode = false, smear_insert_mode = false,
}) })

13
home/programs/nvim/plugins/vimtex.lua
View File

@@ -7,11 +7,10 @@ vim.g.vimtex_view_method = 'zathura'
vim.g.vimtex_view_general_viewer = 'zathura' vim.g.vimtex_view_general_viewer = 'zathura'
vim.g.vimtex_view_general_options = '--unique file:@pdf#src:@line@tex' vim.g.vimtex_view_general_options = '--unique file:@pdf#src:@line@tex'
-- Set the TeX flavor and quickfix mode. -- Set the TeX flavor and quickfix mode.
vim.g.tex_flavor = 'latex' vim.g.tex_flavor = 'latex'
vim.g.vimtex_quickfix_mode = 0 -- vim.g.vimtex_quickfix_mode = 0
vim.g.vimtex_quickfix_enabled = 0 -- vim.g.vimtex_quickfix_enabled = 0
-- Compiler backend. -- Compiler backend.
-- vim.g.vimtex_compiler_method = 'latexmk' -- vim.g.vimtex_compiler_method = 'latexmk'
@@ -48,7 +47,7 @@ vim.g.maplocalleader = ','
-- vim.g.Tex_IgnoreLevel = 8 -- vim.g.Tex_IgnoreLevel = 8
-- Delete extra compilation files when a TeX buffer is deleted. -- Delete extra compilation files when a TeX buffer is deleted.
vim.api.nvim_create_autocmd("BufDelete", { -- vim.api.nvim_create_autocmd("BufDelete", {
pattern = "*.tex", -- pattern = "*.tex",
command = "silent! !latexmk -c > /dev/null 2>&1 %:p", -- command = "silent! !latexmk -c > /dev/null 2>&1 %:p",
}) -- })

162
home/programs/nvim/snippets/tex.lua
View File

@@ -171,6 +171,155 @@ ls.add_snippets("tex", {
})) }))
}) })
ls.add_snippets("tex", {
s("template-report", fmta([[
\documentclass[10pt]{article}
\usepackage{graphicx} % Required for inserting images
\usepackage[margin=1in]{geometry}
\usepackage[dvipsnames]{xcolor}
\usepackage{url}
\usepackage{amssymb}
\usepackage{amsmath}
\usepackage{amsthm}
\usepackage{fullpage}
\usepackage{listings}
\usepackage[utf8]{inputenc}
\usepackage{parskip}
\usepackage{hyperref}
\usepackage{bookmark}
\usepackage[linguistics]{forest}
\usepackage{tikz}
\usepackage{float}
\usepackage[minted,skins]{tcolorbox} % 'skins' needed for shadows
% Define a new command \rustshadowfile that replaces \rustfile
\newtcbinputlisting{\rustshadowfile}[2][]{%
listing engine=minted,
minted language=rust,
minted options={linenos, numbersep=5pt, fontsize=\footnotesize, baselinestretch=1.05},
listing file={#2}, % The file to read
enhanced, % Enable skins for shadows
drop shadow, % Add the shadow
colback=white, % Background color
colframe=black!70, % Border color
boxrule=0.5pt, % Border width
arc=2pt, % Rounded corners (optional)
listing only, % Display code only (no title bar inside box)
#1 % Pass extra options like labels
}
\newtcblisting{rustcode}[1][]{
listing engine=minted,
minted language=rust,
minted options={linenos, numbersep=5pt, fontsize=\footnotesize, baselinestretch=1.05},
enhanced,
drop shadow, % Adds the shadow
colback=white, % Background color
colframe=black!70,% Border color
boxrule=0.5pt, % Border width
arc=2pt, % Rounded corners
listing only, % Hides the internal tcolorbox title bar
#1 % Allows passing extra options
}
% \usepackage{enumitem}
% \usepackage{euler}
% \usepackage{libertine}
\usepackage{import}
\usepackage{pdfpages}
\usepackage{transparent}
\newtheoremstyle{definitionstyle}
{}
{}
{\normalfont}
{}
{\bfseries}
{:}
{0.5em}
{}
\theoremstyle{definitionstyle}
\newtheorem{definition}{Definition}[section]
\newtheorem{all}{Theorem}[section]
\newtheorem{corollary}[all]{Corollary}
\newtheorem{lemma}[all]{Lemma}
\newtheorem{exercise}[all]{Exercise}
\newtheorem{proposition}[all]{Proposition}
\newtheorem{example}[all]{Example}
\newtheorem{theorem}{Theorem}
\newcommand{\namedcomment}[3]{{\sf \scriptsize \color{#2} #1: #3}}
\newcommand{\jake}[1]{\namedcomment{jake}{red}{#1}}
\title{<>}
\author{Jake Ginesin \and <>}
\date{December 5th, 1999}
\begin{document}
\maketitle
\end{document}
]], {i(1), i(0)}, {
indent_string = ""
}))
})
ls.add_snippets("tex", {
s("beamer", fmta([[
\documentclass{beamer}
\usetheme{metropolis} % Use metropolis theme
\title{<>}
\date{\today}
\author{Jacob Ginesin}
\institute{<>}
\begin{document}
\maketitle
\section{First Section}
\begin{frame}{First Frame}
Hello, world!
\end{frame}
\end{document}
]], {i(1), i(0)}, {
indent_string = ""
}))
})
ls.add_snippets("tex", {
s("beamer", fmta([[
\documentclass{beamer}
\usetheme{metropolis} % Use metropolis theme
\title{<>}
\date{\today}
\author{Jacob Ginesin}
\institute{<>}
\begin{document}
\maketitle
\section{First Section}
\begin{frame}{First Frame}
Hello, world!
\end{frame}
\end{document}
]], {i(1), i(0)}, {
indent_string = ""
}))
})
ls.add_snippets("tex", {
s("bib", fmta([[
\bibliographystyle{plain}
\bibliography{<>}
]], {i(0)}, {
indent_string = ""
}))
})
-- ---- -- ----
@@ -461,6 +610,19 @@ ls.add_snippets("tex", {
{condition = in_mathzone} {condition = in_mathzone}
), ),
s({trig = "rustcode"},
fmta(
[[
\begin{listing}[H]
\begin{rustcode}
<>
\end{rustcode}
\end{listing}
]],
{ i(1) }
)
),
s({ s({
trig = "notin", trig = "notin",
snippetType="autosnippet", snippetType="autosnippet",

6
home/programs/sxhkd/sxhkdrc
View File

@@ -186,6 +186,12 @@ super + bracket{left,right}
super + {o} super + {o}
sh nf daily sh nf daily
super + semicolon
sh nf idk
super + {m}
sh nf misc
# open my notes without goyo and with nvimteee # open my notes without goyo and with nvimteee
super + {shift} + {o} super + {shift} + {o}
sh nf daily sh nf daily

9
home/programs/zsh/zshrc
View File

@@ -220,11 +220,20 @@ alias dnsblock-add="nvim /home/synchronous/nix-cfg/system/networking/blockers.sh
alias focus-wifi="nvim /home/synchronous/nix-cfg/system/networking/blockers.sh" alias focus-wifi="nvim /home/synchronous/nix-cfg/system/networking/blockers.sh"
alias verus-dir="cd /home/synchronous/code/verus" alias verus-dir="cd /home/synchronous/code/verus"
alias cure="cd /home/synchronous/code/cure53" alias cure="cd /home/synchronous/code/cure53"
alias scripts="cd /home/synchronous/nix-cfg/home/scripts"
alias bookmarks="vim -c '80' /home/synchronous/nix-cfg/home/programs/firefox/default.nix"
stack() { stack() {
find . -type f -exec echo -e "\n--- {} ---\n" \; -exec cat {} \; find . -type f -exec echo -e "\n--- {} ---\n" \; -exec cat {} \;
} }
stack-fast() {
rg -l . | while read -r file; do
echo -e "\n--- $file ---\n"
cat "$file"
done
}
stack-b() { stack-b() {
( (
while IFS= read -r -d '' file; do while IFS= read -r -d '' file; do

73
home/scripts/brainrot-transfer.sh Normal file
View File

@@ -0,0 +1,73 @@
# --- CONFIGURATION ---
ip=$(cat /home/synchronous/.agenix/agenix/ip-master-k3s)
SSH_TARGET="synchronous@$ip"
NAMESPACE="ingress-nginx"
POD_LABEL="app=pvc-explorer"
TARGET_DIR="/data"
# ---------------------
# 1. Check for an argument
LOCAL_PATH="$1"
if [ -z "$LOCAL_PATH" ]; then
echo "Usage: $0 <local-file-or-directory-to-copy>"
exit 1
fi
if [ ! -e "$LOCAL_PATH" ]; then
echo "Error: Local path not found: $LOCAL_PATH"
exit 1
fi
# Define a unique name for the temporary archive
TEMP_ARCHIVE="kube_cp_temp_$(date +%s).tar.gz"
# --- PART 1: Create local archive ---
echo "[Local] Creating temporary archive: $TEMP_ARCHIVE"
tar czf "$TEMP_ARCHIVE" "$LOCAL_PATH"
if [ $? -ne 0 ]; then
echo "Error: Failed to create local archive."
rm -f "$TEMP_ARCHIVE" # Clean up on failure
exit 1
fi
# --- PART 2: Copy archive to remote machine ---
echo "[Local] Copying archive to $SSH_TARGET:~/ "
scp "$TEMP_ARCHIVE" "$SSH_TARGET:~/$TEMP_ARCHIVE"
if [ $? -ne 0 ]; then
echo "Error: Failed to scp archive to remote machine."
rm -f "$TEMP_ARCHIVE" # Clean up local
exit 1
fi
# --- PART 3: Execute remote commands ---
echo "[Local] Connecting via SSH to import archive... You will be prompted for your SUDO password."
# Define the set of commands to run on the remote machine
REMOTE_CMD=$(cat <<EOF
echo "[Remote] Finding pod..."
POD_NAME=\$(sudo kubectl get pods -n "$NAMESPACE" -l "$POD_LABEL" -o jsonpath='{.items[0].metadata.name}')
if [ -z "\$POD_NAME" ]; then
echo "[Remote] Error: Pod not found with label $POD_LABEL." >&2
rm -f ~/"$TEMP_ARCHIVE" # Clean up remote archive
exit 1
fi
echo "[Remote] Found pod: \$POD_NAME"
echo "[Remote] Streaming archive from ~/$TEMP_ARCHIVE into pod..."
cat ~/"$TEMP_ARCHIVE" | sudo kubectl exec -i \$POD_NAME -n "$NAMESPACE" -- tar xzf - -C "$TARGET_DIR"
echo "[Remote] Cleaning up remote archive..."
rm ~/"$TEMP_ARCHIVE"
echo "[Remote] Transfer complete."
EOF
)
# Run the remote commands
ssh -tt "$SSH_TARGET" "$REMOTE_CMD"
# --- PART 4: Local cleanup ---
echo "[Local] Cleaning up local archive: $TEMP_ARCHIVE"
rm "$TEMP_ARCHIVE"
echo "[Local] All done."

59
home/scripts/daily.sh Normal file
View File

@@ -0,0 +1,59 @@
# get today's date
curr=$(date +%y-%m-%d)
curr_bigyear=$(date +%Y-%m-%d)
# echo "$curr"
curr_pretty=$(date "+%A, %B %d %G")
curr_onenumber=$(date +%Y%m%d)
echo "Today: $curr_pretty"
# get written journal lines
journal_len=$(wc /home/synchronous/journal/daily.md | awk '{print $1}')
journal_date_area=$(rg 25-12-03 /home/synchronous/journal/daily.md -n -o | sed 's/:/ /' | awk '{print $1}')
journal=""
if [[ $journal_date_area == "" ]]; then
journal="No writing in the journal yet today.."
else
jd_diff=$(echo "$journal_len - $journal_date_area" | bc)
journal="You've written $jd_diff journal line(s)"
fi
# get todos for today
todo_len=$(awk '!NF { print NR; exit }' /home/synchronous/journal/todo.md)
todo_len_1=$(echo "$todo_len" - 1 | bc)
todo_len_2=$(echo "$todo_len" - 2 | bc)
todos=$(head /home/synchronous/journal/todo.md -n "$todo_len_1" | tail -n "$todo_len_2")
# choose idk based on psuedorandom seeded with date
idk_len=$(wc -l /home/synchronous/journal/rest/idk.md | awk '{print $1'})
idk_date=$(date +%Y%m%d)
idk_pseudo=$(python3 -c "import math; import random; random.seed($idk_date); print( math.floor(random.random() * 10000) % $idk_len)")
idk=$(sed -n '7 p' /home/synchronous/journal/rest/idk.md | cut -c3-)
# check if there exists a .daily in home for this day
daily_date=$(stat -c "%y" /home/synchronous/.daily | awk '{print $1}')
if [[ $daily_date != $curr_bigyear ]]; then
rm /home/synchronous/.daily
touch /home/synchronous/.daily
# set idk
echo "- idk: $idk" >> /home/synchronous/.daily
else
idk_prev=$(rg idk /home/synchronous/.daily | cut -c8-) # take existing idk
if [[ $idk_prev != $idk ]]; then
idk="$idk_prev [done!]"
fi
fi
echo
# echo $idk
echo "Lore for today:"
echo "- idk: $idk"
echo "- $journal"
echo
# TODOS SETUP
echo "Todos for today ($todo_len_2 items):"
echo "$todos"

25
home/scripts/idk.sh Normal file
View File

@@ -0,0 +1,25 @@
add_idk() {
if [[ "$1" == "" ]]; then
echo "Empty entry"
exit 0
fi
fq=$(rg "$1" /home/synchronous/journal/rest/idk.md 2> /dev/null)
if [[ "$fq" != "" ]]; then
echo "Entry already present"
exit 0
fi
echo "- $1" >> /home/synchronous/journal/rest/idk.md
echo "Added entry: '$1'"
idk_len=$(wc -l /home/synchronous/journal/rest/idk.md | awk '{print $1}')
echo "You do not know $idk_len things!"
}
run_command() {
case $1 in
"add") add_idk "$2" ;;
"del") remove_idk "$2" ;;
*)
esac
}
run_command "$1" "$2"

17
home/scripts/journal/nf.sh
View File

@@ -44,6 +44,13 @@ open_daily() {
-c "lua vim.g.goyo_if = 1" &! -c "lua vim.g.goyo_if = 1" &!
} }
open_idk() {
alacritty -t "idk.md" -e nvim "$main/rest/idk.md" \
-c "Goyo | set wrap | set path+=$main_dir" \
-c "execute 'normal G'" \
-c "lua vim.g.goyo_if = 1" &!
}
open_todo() { open_todo() {
alacritty -t "todo.md" -e nvim "$main/todo.md" \ alacritty -t "todo.md" -e nvim "$main/todo.md" \
-c "execute 'lua vim.g.goyo_if = 1' | set wrap | Goyo | set path+=$main_dir" &! -c "execute 'lua vim.g.goyo_if = 1' | set wrap | Goyo | set path+=$main_dir" &!
@@ -152,14 +159,24 @@ search_by_title() {
fi fi
} }
open_misc() {
tf=$(mktemp --suffix=.md)
# sh -c keeps window open for nvim, then deletes file immediately on exit
alacritty -t "scratch" -e sh -c "nvim '$tf' \
-c 'execute \"lua vim.g.goyo_if = 1\" | Goyo | set wrap | autocmd BufEnter * let b:coc_suggest_disable=1'; \
rm '$tf'" &!
}
run_command() { run_command() {
case $1 in case $1 in
"search") search ;; "search") search ;;
"daily") open_daily ;; "daily") open_daily ;;
"todo") open_todo ;; "todo") open_todo ;;
"idk") open_idk ;;
"find") notes_find ;; "find") notes_find ;;
"tags") search_by_tags ;; "tags") search_by_tags ;;
"title") search_by_title ;; "title") search_by_title ;;
"misc") open_misc ;;
*) *)
esac esac
} }

2
home/scripts/macflip.sh
View File

@@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
newmac=$1 newmac=$1
suod ip link set wlan0 down sudo ip link set wlan0 down
sudo macchanger wlan0 --mac "$1" sudo macchanger wlan0 --mac "$1"
sudo ip link set wlan0 up sudo ip link set wlan0 up

0
home/scripts/security/sg.sh → home/scripts/security/semgrep-auto.sh
View File

2
home/scripts/security/wpcap.sh
View File

@@ -1,5 +1,3 @@
#!/bin/bash
if [[ $EUID -ne 0 ]]; then if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root." echo "This script must be run as root."
exit 1 exit 1

31
home/scripts/tex/safe-tex.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# designed to compile tex with isolation, in the case something like minted is used
set -euo pipefail
if [[ $# -lt 1 ]]; then
echo "Usage: $0 <texfile> [tectonic args...]"
exit 1
fi
TEXFILE="$1"
shift
mkdir -p ~/.cache/Tectonic
nix-shell -p bubblewrap tectonic cacert python313Packages.pygments which --run "
bwrap --ro-bind /nix /nix \
--bind \$(pwd) /workspace \
--bind ~/.cache/Tectonic ~/.cache/Tectonic \
--chdir /workspace \
--dev /dev \
--proc /proc \
--tmpfs /tmp \
--symlink \$(which bash) /bin/sh \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/hosts /etc/hosts \
--ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
--setenv SSL_CERT_FILE \"\$SSL_CERT_FILE\" \
--setenv TMPDIR /tmp \
--setenv PATH \"\$PATH\" \
tectonic -Z shell-escape '$TEXFILE' --keep-intermediates $*
"

10
hosts/meta.nix
View File

@@ -35,6 +35,16 @@
owner = "synchronous"; owner = "synchronous";
mode = "0400"; mode = "0400";
}; };
ip-master-k3s = {
file = ../secrets/ip-master-k3s.age;
owner = "synchronous";
mode = "0400";
};
ip-cmu = {
file = ../secrets/ip-cmu.age;
owner = "synchronous";
mode = "0400";
};
}; };
secretsDir = "/home/synchronous/.agenix/agenix"; secretsDir = "/home/synchronous/.agenix/agenix";
secretsMountPoint = "/home/synchronous/.agenix/agenix.d"; secretsMountPoint = "/home/synchronous/.agenix/agenix.d";

37
hosts/store/configuration.nix Normal file
View File

@@ -0,0 +1,37 @@
{
config,
pkgs,
lib,
...
}: {
imports = [
./hardware-configuration.nix
../../system/system-server.nix
../meta.nix
../../extras/ssh.nix
../../extras/k3s-node.nix
];
config = {
networking.hostName = "store"; # Define your hostname.
res = "1920x1080";
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
users.synchronous.imports = [../../home/home.nix];
};
# Bootloader.
#boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
boot.loader.grub.version = 2;
# services.logind.lidSwitchExternalPower = "ignore";
boot.loader.systemd-boot.enable = false;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.enable = true;
};
}

40
hosts/store/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/bb36a123-4dc9-4583-8571-1aa180efb00b";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/78565ab8-d7b8-476d-a6e7-46ceda4ee761";}
{device = "/dev/disk/by-uuid/c735b357-c35c-4249-bb0b-23321fe50c3d";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

5
secrets/ip-cmu.age Normal file
View File

@@ -0,0 +1,5 @@
age-encryption.org/v1
-> ssh-ed25519 1qNjsw iIlHsfHTOuuIYQREkl1jdSuHm03aLZFqDmhj2Ngx234
BgmH1kx6pxDIBpyn2qpM6vTtAcJLxKqcIMn/LT7jLsw
--- ySOiv2BxTZC2/SIcq4cUJPlSYecE15wyf8w0/LJmptM
#þï½P~dá×I:ó&6 0bG28y™Ñ*.a1hœŸÃIŸA³7Jüw!°à

BIN
secrets/ip-master-k3s.age Normal file
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@@ -6,4 +6,6 @@ in {
"tailscale-rq.age".publicKeys = [key]; "tailscale-rq.age".publicKeys = [key];
"ssh-pub.age".publicKeys = [key]; "ssh-pub.age".publicKeys = [key];
"kube.age".publicKeys = [key]; "kube.age".publicKeys = [key];
"ip-master-k3s.age".publicKeys = [key];
"ip-cmu.age".publicKeys = [key];
} }

BIN
secrets/tailscale-rq.age
View File

Binary file not shown.

BIN
secrets/zsh_remote.age
View File

Binary file not shown.

5
system/system.nix
View File

@@ -48,6 +48,11 @@
services.printing.enable = true; services.printing.enable = true;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
programs.dconf.enable = true; programs.dconf.enable = true;
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
xdg.mime.defaultApplications = { xdg.mime.defaultApplications = {
"application/pdf" = "firefox.desktop"; "application/pdf" = "firefox.desktop";