From 3ef1025e5543864225e6b3a1eed1fc9759e5c7cd Mon Sep 17 00:00:00 2001 From: Audrey Dutcher Date: Thu, 27 Mar 2025 23:05:35 -0700 Subject: [PATCH] holy moly okay --- configuration-desktop.nix | 2 + configuration-nixbsd.nix | 15 ++ configuration-nixos.nix | 51 ++++++ configuration.nix | 53 +----- dotfiles/nvim-init.lua | 4 +- flake.lock | 153 +++++++++++++++++- flake.nix | 28 +++- sites/chrysanthemum/configuration.nix | 4 + .../chrysanthemum/hardware-configuration.nix | 32 ++++ sites/chrysanthemum/system | 1 + sites/daisy/configuration.nix | 14 +- sites/daisy/system | 1 + sites/sunflower/system | 1 + 13 files changed, 305 insertions(+), 54 deletions(-) create mode 100644 configuration-nixbsd.nix create mode 100644 configuration-nixos.nix create mode 100644 sites/chrysanthemum/configuration.nix create mode 100644 sites/chrysanthemum/hardware-configuration.nix create mode 100644 sites/chrysanthemum/system create mode 100644 sites/daisy/system create mode 100644 sites/sunflower/system diff --git a/configuration-desktop.nix b/configuration-desktop.nix index 3c16fd7..00cc13f 100644 --- a/configuration-desktop.nix +++ b/configuration-desktop.nix @@ -39,8 +39,10 @@ dino discord element-desktop + signal-desktop slack obs-studio + foot kdePackages.plasma-thunderbolt ]; diff --git a/configuration-nixbsd.nix b/configuration-nixbsd.nix new file mode 100644 index 0000000..fdcea5a --- /dev/null +++ b/configuration-nixbsd.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +let + nixKey = "/var/lib/nix/binary-cache-key" ; +in { + init.services.nix-key-setup = { + description = "Generate a nix build signing key"; + startType = "oneshot"; + startCommand = pkgs.writeScript "nix-key-setup" '' + test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true + mkdir -p "$(dirname "${nixKey}")" + ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub + ''; + after = [ "FILESYSTEMS" ]; + }; +} diff --git a/configuration-nixos.nix b/configuration-nixos.nix new file mode 100644 index 0000000..485bb41 --- /dev/null +++ b/configuration-nixos.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: +let + nixKey = "/var/lib/nix/binary-cache-key"; + # just using the filepath interacts poorly with typechecking under diverted stores + toStore = path: pkgs.writeText (builtins.baseNameOf path) (builtins.readFile path); +in { + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.memtest86.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot"; + + systemd.services.nix-key-setup = { + description = "Generate a nix build signing key"; + script = '' + test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true + mkdir -p "$(dirname "${nixKey}")" + ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub + ''; + wantedBy = [ "multi-user.target" ]; + }; + + console = { + font = "Lat2-Terminus16"; + #keyMap = "us"; + useXkbConfig = true; # use xkb.options in tty. + }; + + environment.systemPackages = with pkgs; [ + # language servers + nil + rust-analyzer + lua-language-server + clang-tools + bash-language-server + pyright + csharp-ls + gopls + typescript-language-server + #ocamllsp + ]; + + security.pam.u2f = { + enable = true; + settings.authfile = toStore ./dotfiles/u2f-keys; + settings.cue = true; + }; + + services.fwupd.enable = true; + services.hardware.bolt.enable = true; +} diff --git a/configuration.nix b/configuration.nix index f27607f..78b793d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,40 +1,16 @@ { config, lib, pkgs, ... }: -let nixKey = "/var/lib/nix/binary-cache-key"; -# just using the filepath interacts poorly with typechecking under diverted stores -toStore = path: pkgs.writeText (builtins.baseNameOf path) (builtins.readFile path); -in { +{ imports = [ ./overlays/packages.nix ]; nixpkgs.config.allowUnfree = true; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.systemd-boot.memtest86.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot"; - nix.settings.extra-experimental-features = "nix-command flakes"; nix.settings.trusted-users = [ "audrey" ]; nix.settings.max-jobs = 1; nix.settings.cores = 0; - nix.settings.secret-key-files = [ nixKey ]; - - systemd.services.nix-key-setup = { - description = "Generate a nix build signing key"; - script = '' - test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true - mkdir -p "$(dirname "${nixKey}")" - ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub - ''; - wantedBy = [ "multi-user.target" ]; - }; + nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ]; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - #keyMap = "us"; - useXkbConfig = true; # use xkb.options in tty. - }; # Configure keymap in X11 services.xserver.xkb.layout = "us"; @@ -59,21 +35,10 @@ in { nixfmt-rfc-style file stdenv.cc + stdenv.cc.bintools # bins but not manpages included in stdenv.cc patchelf meld - # language servers - nil - rust-analyzer - lua-language-server - clang-tools - bash-language-server - pyright - csharp-ls - gopls - typescript-language-server - #ocamllsp - (python3.withPackages (p: with p; [ virtualenvwrapper pylint @@ -118,6 +83,7 @@ in { enable = true; extraConfig = builtins.readFile ./dotfiles/tmux.conf; }; + direnv.enable = true; htop.enable = true; git = { enable = true; @@ -156,6 +122,7 @@ in { rust-tools-nvim nvim-lint nvim-cmp + cmp-nvim-lsp lsp-status-nvim telescope-nvim nvim-treesitter.withAllGrammars @@ -167,21 +134,13 @@ in { }; }; }; + virt-manager.enable = true; }; environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb; environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt; - security.pam.u2f = { - enable = true; - settings.authfile = toStore ./dotfiles/u2f-keys; - settings.cue = true; - }; - # Enable the OpenSSH daemon. services.openssh.enable = true; - - services.fwupd.enable = true; - services.hardware.bolt.enable = true; } diff --git a/dotfiles/nvim-init.lua b/dotfiles/nvim-init.lua index b79d059..75fa463 100644 --- a/dotfiles/nvim-init.lua +++ b/dotfiles/nvim-init.lua @@ -287,7 +287,7 @@ if clangd == nil then end pipe = io.popen('which bash-language-server') bashls = pipe:read() -pipe = io.popen('which pyright') +pipe = io.popen('which pyright-langserver') pyright = pipe:read() pipe.close() if rust_analyzer ~= nil then @@ -304,7 +304,7 @@ if pyright ~= nil then lspconfig.pyright.setup{ on_attach = lsp_keybinds, capabilities = capabilities, - cmd = {pyright}, + cmd = {pyright, '--stdio'}, settings = { python = { analysis = { diff --git a/flake.lock b/flake.lock index ad6d107..adb9cda 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,140 @@ { "nodes": { + "flake-compat": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "lix": { + "inputs": { + "flake-compat": "flake-compat_2", + "nix2container": "nix2container", + "nixpkgs": [ + "nixbsd", + "nixpkgs" + ], + "nixpkgs-regression": [ + "nixbsd", + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1732339771, + "narHash": "sha256-/ViH3RRdFm9R9WN4szwdwMSbnDnRzNqgkFNR5dBh+Og=", + "ref": "freebsd-build", + "rev": "a26c6228c31cc66b31a75f24a95f420952a6cbb2", + "revCount": 16516, + "type": "git", + "url": "https://git.lix.systems/artemist/lix.git" + }, + "original": { + "ref": "freebsd-build", + "type": "git", + "url": "https://git.lix.systems/artemist/lix.git" + } + }, + "mini-tmpfiles": { + "inputs": { + "nixpkgs": [ + "nixbsd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473245, + "narHash": "sha256-32ekQLovnjpb1NBvt1/WCEn98khSGljX+QkS+SLSNpM=", + "owner": "nixos-bsd", + "repo": "mini-tmpfiles", + "rev": "1ff4fc98963421e0e6b099ccda721d5a1ca4c887", + "type": "github" + }, + "original": { + "owner": "nixos-bsd", + "repo": "mini-tmpfiles", + "type": "github" + } + }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1724996935, + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, + "nixbsd": { + "inputs": { + "flake-compat": "flake-compat", + "lix": "lix", + "mini-tmpfiles": "mini-tmpfiles", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1742164784, + "narHash": "sha256-WWv+t3+r6WQUqfjcYog/Gef8Kd32XdqCspx8czzoaEA=", + "owner": "nixos-bsd", + "repo": "nixbsd", + "rev": "83c61d5e3710eef856cd15273125009afb1d5ecb", + "type": "github" + }, + "original": { + "owner": "nixos-bsd", + "ref": "main", + "repo": "nixbsd", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1741684394, + "narHash": "sha256-6G65wM+dJUgt0RfzxbN08OnhdY+YiYFdEpExFvPU6yg=", + "owner": "nixos-bsd", + "repo": "nixpkgs", + "rev": "30f30c8fdf82dfcbceb0c4e1dafda15e6faaa76d", + "type": "github" + }, + "original": { + "owner": "nixos-bsd", + "ref": "nixbsd-dev-new", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1739758141, "narHash": "sha256-uq6A2L7o1/tR6VfmYhZWoVAwb3gTy7j4Jx30MIrH0rE=", @@ -16,9 +150,26 @@ "type": "github" } }, + "pre-commit-hooks": { + "flake": false, + "locked": { + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "nixbsd": "nixbsd", + "nixpkgs": "nixpkgs_2" } } }, diff --git a/flake.nix b/flake.nix index bfa7af4..9899ee4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,32 @@ { - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - outputs = { self, nixpkgs }: { + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixbsd.url = "github:nixos-bsd/nixbsd/main"; + }; + outputs = { self, nixpkgs, nixbsd, ... }: { nixosConfigurations = let sitesFiles = builtins.readDir ./sites; sitesNames = builtins.filter (name: builtins.pathExists ./sites/${name}/configuration.nix) (builtins.attrNames sitesFiles); - configurations = builtins.listToAttrs (builtins.map (name: {inherit name; value = nixpkgs.lib.nixosSystem { modules = [ ./configuration.nix ./sites/${name}/configuration.nix ]; }; }) sitesNames); + systemTypes = { + nixos = nixpkgs.lib.nixosSystem; + nixbsd = nixbsd.lib.nixbsdSystem; + }; + systemName = name: builtins.replaceStrings ["\n"] [""] (builtins.readFile ./sites/${name}/system); + configurations = builtins.listToAttrs (builtins.map (name: {inherit name; value = systemTypes.${systemName name} { modules = [ ./configuration.nix ./configuration-${systemName name}.nix ./sites/${name}/configuration.nix ]; }; }) sitesNames); in configurations; + + packages = let + forBuildSystem = platform: let + toBuildSystem = config: config.extendModules { modules = [ { nixpkgs.buildPlatform = "x86_64-linux"; } ]; }; + toToplevel = extended: { + system = extended.config.system.build.toplevel; + }; + toSystem = name: config: toToplevel (toBuildSystem config); + configurations = builtins.mapAttrs toSystem self.nixosConfigurations; + in configurations; + buildPlatforms = [ "x86_64-linux" "aarch64-linux" "x86_64-freebsd" "aarch64-freebsd" ]; + toPackagesList = platform: { name = platform; value = forBuildSystem platform; }; + packagesList = builtins.map toPackagesList buildPlatforms; + in builtins.listToAttrs packagesList; }; } diff --git a/sites/chrysanthemum/configuration.nix b/sites/chrysanthemum/configuration.nix new file mode 100644 index 0000000..da87d5e --- /dev/null +++ b/sites/chrysanthemum/configuration.nix @@ -0,0 +1,4 @@ +{ pkgs, lib, config, ... }: +{ + imports = [ ./hardware-configuration.nix ]; +} diff --git a/sites/chrysanthemum/hardware-configuration.nix b/sites/chrysanthemum/hardware-configuration.nix new file mode 100644 index 0000000..9b95bee --- /dev/null +++ b/sites/chrysanthemum/hardware-configuration.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + fileSystems."/" = + { device = "system/local/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "system/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "system/local/var"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "system/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/gpt/ESP"; + fsType = "msdos"; + }; + + swapDevices = [ "/dev/gpt/swap" ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-freebsd"; +} diff --git a/sites/chrysanthemum/system b/sites/chrysanthemum/system new file mode 100644 index 0000000..33809a4 --- /dev/null +++ b/sites/chrysanthemum/system @@ -0,0 +1 @@ +nixbsd diff --git a/sites/daisy/configuration.nix b/sites/daisy/configuration.nix index 3c40898..9261b1b 100644 --- a/sites/daisy/configuration.nix +++ b/sites/daisy/configuration.nix @@ -20,7 +20,7 @@ time.timeZone = "America/Phoenix"; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 80 443 1337 ]; + networking.firewall.allowedTCPPorts = [ 22 80 443 1337 8081 ]; networking.firewall.allowedUDPPorts = [ 1337 ]; system.stateVersion = "24.11"; @@ -35,4 +35,16 @@ '') pkgs.OVMF.fd ]; + + services.postgresql.enable = true; + services.postgresql.authentication = '' + local all all peer map=pgadmin-superuser + ''; + services.postgresql.identMap = '' + pgadmin-superuser pgadmin postgres + pgadmin-superuser postgres postgres + ''; + services.pgadmin.enable = true; + services.pgadmin.initialEmail = "audrey@rhelmot.io"; + services.pgadmin.initialPasswordFile = "/var/lib/pgadmin/initial_password_file"; } diff --git a/sites/daisy/system b/sites/daisy/system new file mode 100644 index 0000000..291c395 --- /dev/null +++ b/sites/daisy/system @@ -0,0 +1 @@ +nixos diff --git a/sites/sunflower/system b/sites/sunflower/system new file mode 100644 index 0000000..291c395 --- /dev/null +++ b/sites/sunflower/system @@ -0,0 +1 @@ +nixos