215 lines
6.0 KiB
Nix
215 lines
6.0 KiB
Nix
{ config, lib, pkgs, pkgs-unstable, ... }:
|
||
let rhelmot = config.rhelmot;
|
||
in {
|
||
options.rhelmot = {
|
||
globalPythonPackages = lib.mkOption {
|
||
type = with lib.types; listOf (functionTo (listOf package));
|
||
default = [];
|
||
description = "python packages (p: with p; [ x ]) to include in the global python environment";
|
||
};
|
||
globalKakounePlugins = lib.mkOption {
|
||
type = with lib.types; listOf package;
|
||
default = [];
|
||
description = "kakoune packages to include in the global editor";
|
||
};
|
||
};
|
||
imports = [ ./overlays/packages.nix ./configuration-cross.nix ];
|
||
config = {
|
||
nixpkgs.config.allowUnfree = true;
|
||
|
||
nix.settings.extra-experimental-features = "nix-command flakes pipe-operator";
|
||
nix.settings.trusted-users = [ "audrey" ];
|
||
nix.settings.max-jobs = 1;
|
||
nix.settings.cores = 0;
|
||
nix.settings.secret-key-files = [ "/var/lib/nix/binary-cache-key" ];
|
||
nix.settings.trusted-public-keys = builtins.filter (f: f != "") <| lib.strings.splitString "\n" <| builtins.readFile ./keys/nix;
|
||
nix.package = pkgs.lixPackageSets.stable.lix;
|
||
|
||
# Select internationalisation properties.
|
||
i18n.defaultLocale = "en_US.UTF-8";
|
||
|
||
# Configure keymap in X11
|
||
services.xserver.xkb.layout = "us";
|
||
services.xserver.xkb.options = "caps:escape";
|
||
|
||
users.defaultUserShell = pkgs.zsh;
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users.audrey = {
|
||
uid = 1000;
|
||
description = "Audrey Dutcher";
|
||
isNormalUser = true;
|
||
extraGroups = [ "wheel" "docker" "video" "networkmanager" ];
|
||
openssh.authorizedKeys.keyFiles = [ ./keys/ssh ];
|
||
};
|
||
|
||
environment.systemPackages = with pkgs; [
|
||
man-pages
|
||
man-pages-posix
|
||
bat
|
||
gnumake
|
||
wget
|
||
ripgrep
|
||
fd
|
||
curl
|
||
btop
|
||
file
|
||
nettools
|
||
psmisc
|
||
patchelf
|
||
gdb
|
||
kubectl
|
||
p7zip
|
||
unzip
|
||
foremost
|
||
binwalk
|
||
jq
|
||
nix-index
|
||
openssl
|
||
wireguard-tools
|
||
cached-nix-shell
|
||
tcpdump
|
||
editorconfig-core-c
|
||
pkgs-unstable.kakoune-lsp
|
||
(pkgs-unstable.kakoune.override { plugins = rhelmot.globalKakounePlugins; })
|
||
(python3.withPackages (p: lib.concatMap (pl: pl p) rhelmot.globalPythonPackages))
|
||
];
|
||
|
||
rhelmot.globalKakounePlugins = with pkgs-unstable.kakounePlugins; [
|
||
kak-fzf
|
||
smarttab-kak
|
||
];
|
||
|
||
rhelmot.globalPythonPackages = [ (p: with p; [
|
||
virtualenvwrapper
|
||
pylint
|
||
pytest
|
||
ipdb
|
||
ipython
|
||
nclib
|
||
pyyaml
|
||
snakeviz
|
||
requests
|
||
pysocks
|
||
aiohttp
|
||
]) ];
|
||
|
||
documentation.dev.enable = true;
|
||
|
||
programs = {
|
||
zsh = {
|
||
enable = true;
|
||
enableCompletion = true;
|
||
syntaxHighlighting.enable = true;
|
||
vteIntegration = true;
|
||
histSize = 10000;
|
||
promptInit = ''
|
||
. ${pkgs.python3Packages.virtualenvwrapper}/bin/virtualenvwrapper.sh
|
||
'' + builtins.readFile ./dotfiles/zsh-prompt.sh;
|
||
shellInit = builtins.readFile ./dotfiles/zsh-init.sh;
|
||
shellAliases = {
|
||
ls = null;
|
||
ll = null;
|
||
l = null;
|
||
grep = "grep --color=auto";
|
||
egrep = "egrep --color=auto";
|
||
objdump = "objdump -M intel";
|
||
gits = "git status";
|
||
pag = "ps aux | grep -v grep | grep -i";
|
||
hd = "hexdump -C";
|
||
hdc = "hexdump -ve '\"\\\x\" 1/1 \"%02x\"'";
|
||
man = "MAN_POSIXLY_CORRECT=1 man";
|
||
nose = "pytest -v --capture=no --pdbcls=IPython.terminal.debugger:TerminalPdb";
|
||
mkvirtualenv = "mkvirtualenv -r /etc/venv-default.txt";
|
||
};
|
||
};
|
||
tmux = {
|
||
enable = true;
|
||
extraConfig = builtins.readFile ./dotfiles/tmux.conf;
|
||
};
|
||
direnv.enable = true;
|
||
htop.enable = true;
|
||
git = {
|
||
enable = true;
|
||
lfs.enable = true;
|
||
config = {
|
||
user.email = "audrey@rhelmot.io";
|
||
user.name = "Audrey Dutcher";
|
||
init.defaultBranch = "main";
|
||
blame.markUnblamableLines = true;
|
||
credential.helper = "store";
|
||
url."ssh://git@".insteadOf = "git://";
|
||
};
|
||
};
|
||
};
|
||
|
||
environment.etc.zinputrc.text = lib.mkForce (builtins.readFile ./dotfiles/zsh-input.sh);
|
||
|
||
environment.etc."gdb/gdbinit".source = ./dotfiles/gdb-init.gdb;
|
||
environment.etc."venv-default.txt".source = ./dotfiles/venv-default.txt;
|
||
|
||
# Enable the OpenSSH daemon.
|
||
services.openssh.enable = true;
|
||
|
||
|
||
services.sanoid = {
|
||
enable = true;
|
||
datasets."system/home" = {
|
||
autosnap = true;
|
||
autoprune = true;
|
||
recursive = true;
|
||
processChildrenOnly = false;
|
||
yearly = 0;
|
||
monthly = 2;
|
||
daily = 7;
|
||
hourly = 24;
|
||
};
|
||
datasets."system/local/var" = {
|
||
autosnap = true;
|
||
autoprune = true;
|
||
recursive = true;
|
||
processChildrenOnly = false;
|
||
yearly = 0;
|
||
monthly = 2;
|
||
daily = 7;
|
||
hourly = 24;
|
||
};
|
||
datasets."system/local/root" = {
|
||
autosnap = true;
|
||
autoprune = true;
|
||
recursive = true;
|
||
processChildrenOnly = false;
|
||
yearly = 0;
|
||
monthly = 2;
|
||
daily = 7;
|
||
hourly = 24;
|
||
};
|
||
datasets."system/var/lib_docker" = {
|
||
autosnap = false;
|
||
recursive = true;
|
||
};
|
||
};
|
||
|
||
services.syncoid = {
|
||
enable = true;
|
||
# offset 30min from sanoid to reduce I/O spikes and give sanoid a chance to snapshot before we
|
||
# back up
|
||
interval = "00/1:30";
|
||
service = {
|
||
serviceConfig = {
|
||
ExecCondition = "+${lib.getExe pkgs.condition-unmetered-network}";
|
||
};
|
||
};
|
||
sshKey = "/var/lib/syncoid/.ssh/id_ed25519";
|
||
commands."system" = {
|
||
source = "system";
|
||
target = "buser@home.rhelmot.io:main/backup/${config.networking.hostName}/system";
|
||
# xeni note - option w is weeeeeeeird but the only consequnce is a lack of encryption
|
||
#sendOptions = "w";
|
||
recursive = true;
|
||
extraArgs = ["--skip-parent" "--sshport" "2252"];
|
||
};
|
||
};
|
||
};
|
||
}
|
||
|