john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john/dendritic:6bb73959c638436f1bcd5393c9445c61b090ee7c
Branches Tags
john/dendritic:main john/dendritic:omen john/dendritic:wrappers john/dendritic:forgejo
...
compare: john/dendritic:main
Branches Tags
john/dendritic:omen john/dendritic:wrappers john/dendritic:main john/dendritic:forgejo

10 Commits
6bb73959c6 ... main

Author SHA1 Message Date
John Lancaster b7f5474893 commented out my-neovim because it's in jsl-zsh 2026-06-10 08:56:50 -05:00
John Lancaster 1667e362aa gpu stuff for zed on x11 2026-06-10 08:56:04 -05:00
John Lancaster cd5a49c4a6 commented out mtls for john-pc 2026-06-10 08:54:08 -05:00
John Lancaster 244c60d9cd moved yazi to shell-tools 2026-06-10 08:53:21 -05:00
John Lancaster f2254e5dc7 added yazi 2026-06-10 08:53:21 -05:00
John Lancaster a337ce6f2c kde updates 2026-06-09 09:06:21 -05:00
John Lancaster 278796f47c again 2026-06-03 19:43:50 -05:00
John Lancaster 1ab00f286e obsolete 2026-06-03 19:43:39 -05:00
John Lancaster 771813a064 fixed double description 2026-06-03 19:43:21 -05:00
John Lancaster 722cb78737 gnome 50 update 2026-06-03 19:43:07 -05:00
11 changed files with 206 additions and 98 deletions
Expand all files Collapse all files
modules/features/gnome.nix
-1
View File
@@ -4,7 +4,6 @@
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
displayManager.gdm = { displayManager.gdm = {
enable = true; enable = true;
wayland = true;
banner = "Welcome to John's NixOS implementation"; banner = "Welcome to John's NixOS implementation";
}; };
udev.packages = [ udev.packages = [
modules/features/mtls.nix
+6 -3
View File
@@ -125,7 +125,6 @@ in
inherit (cfg) certDir keyFile certFile bundleFile; inherit (cfg) certDir keyFile certFile bundleFile;
inherit (cfg.renew) user group reloadUnits postCommands; inherit (cfg.renew) user group reloadUnits postCommands;
systemd = { systemd = {
description = "Renew the mTLS certificate when Smallstep marks it ready";
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
@@ -233,7 +232,7 @@ in
]; ];
# Create the systemd service files for the user. # Create the systemd service files for the user.
xdg.dataFile = lib.mkIf cfg.renew.enable { xdg.configFile = lib.mkIf cfg.renew.enable {
"systemd/user/mtls-renew.service".source = "systemd/user/mtls-renew.service".source =
"${mtlsRenewWrapper.outputs.systemd-user}/systemd/user/mtls-renew.service"; "${mtlsRenewWrapper.outputs.systemd-user}/systemd/user/mtls-renew.service";
"systemd/user/mtls-renew.timer".source = "systemd/user/mtls-renew.timer".source =
@@ -251,7 +250,11 @@ in
if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$XDG_RUNTIME_DIR/systemd/private" ]; then if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$XDG_RUNTIME_DIR/systemd/private" ]; then
if [ "${lib.boolToString (cfg.enable && cfg.renew.enable)}" = "true" ]; then if [ "${lib.boolToString (cfg.enable && cfg.renew.enable)}" = "true" ]; then
run ${pkgs.systemd}/bin/systemctl --user daemon-reload run ${pkgs.systemd}/bin/systemctl --user daemon-reload
if ${pkgs.systemd}/bin/systemctl --user cat mtls-renew.timer >/dev/null 2>&1; then
run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer
else
verboseEcho "mtls-renew.timer unit file is not available; skipping enable"
fi
else else
run ${pkgs.systemd}/bin/systemctl --user disable --now mtls-renew.timer || true run ${pkgs.systemd}/bin/systemctl --user disable --now mtls-renew.timer || true
run ${pkgs.systemd}/bin/systemctl --user daemon-reload || true run ${pkgs.systemd}/bin/systemctl --user daemon-reload || true
@@ -426,7 +429,7 @@ in
config.pkgs.step-cli config.pkgs.step-cli
]; ];
systemd = { systemd = {
description = "Automatic mTLS renewal service"; description = "Renew the mTLS certificate when Smallstep marks it ready";
documentation = [ documentation = [
"https://smallstep.com/docs/step-ca/certificate-authority-server-production" "https://smallstep.com/docs/step-ca/certificate-authority-server-production"
]; ];
modules/features/shell-tools.nix
+26 -6
View File
@@ -1,6 +1,9 @@
# This module provides all the shell options # This module provides all the shell options
{ self, inputs, ... }: { { self, inputs, ... }:
flake.modules.homeManager.shell-tools = { config, pkgs, ... }: { {
flake.modules.homeManager.shell-tools =
{ config, pkgs, ... }:
{
imports = with inputs.self.modules.homeManager; [ imports = with inputs.self.modules.homeManager; [
# bash # bash
zsh zsh
@@ -17,11 +20,19 @@
home.shell.enableShellIntegration = true; home.shell.enableShellIntegration = true;
}; };
perSystem = { system, pkgs, self', ... }: { perSystem =
{
system,
pkgs,
self',
...
}:
{
packages.shell-tools = inputs.wrappers.lib.wrapPackage { packages.shell-tools = inputs.wrappers.lib.wrapPackage {
inherit pkgs; inherit pkgs;
# binName = "show-tools"; # binName = "show-tools";
package = (pkgs.symlinkJoin { package = (
pkgs.symlinkJoin {
name = "show-tools"; name = "show-tools";
meta.mainProgram = "show-tools"; meta.mainProgram = "show-tools";
paths = with pkgs; [ paths = with pkgs; [
@@ -32,8 +43,10 @@
wget wget
curl curl
dig dig
bat
self'.packages.gdu self'.packages.gdu
self'.packages.my-eza self'.packages.my-eza
self'.packages.yazi
hostname hostname
iproute2 iproute2
direnv direnv
@@ -51,13 +64,20 @@
''; '';
}) })
]; ];
}); }
);
}; };
packages.gdu = inputs.wrappers.lib.wrapPackage { packages.gdu = inputs.wrappers.lib.wrapPackage {
inherit pkgs; inherit pkgs;
package = pkgs.gdu; package = pkgs.gdu;
args = [ "-x" "--si" "--collapse-path" "--mouse" "$@" ]; args = [
"-x"
"--si"
"--collapse-path"
"--mouse"
"$@"
];
}; };
}; };
} }
modules/hosts/john-kde/default.nix
+70
View File
@@ -0,0 +1,70 @@
{ withSystem, self, inputs, ... }:
let
username = "john";
hostname = "omen";
in
{
flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
let
selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
flakeDir = "${config.xdg.configHome}/home-manager";
in
{
imports = with inputs.self.modules.homeManager; [
rebuild
john
# mtls
# restic
docker
desktop
step-client
# mysops
# myPackage
# myStepClient
];
# TODO: make this more restrictive, rather than allowing all unfree packages
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
targets.genericLinux.enable = true;
home.username = "${username}";
home.homeDirectory = "/home/${username}";
home.packages = with pkgs; [
selfPkgs.jsl-zsh
selfPkgs.my-neovim
selfPkgs.ssh-certs
# selfPkgs.step-bootstrap
# selfPkgs.wg-platform
# self'.packages.myWrappedPackage
# (inputs.self.wrappers.test-push.apply {
# inherit pkgs flakeDir;
# host = testHost;
# target = testTarget;
# }).wrapper
];
homeManagerFlakeDir = flakeDir;
docker.enable = true;
ssh = {
certificates.enable = true;
knownHosts = [
"fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
];
matchSets = {
certs = true;
appdaemon = true;
homelab = true;
dev = true;
tailscale = true;
};
};
};
flake.homeConfigurations."john@omen" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs'.nixpkgs.legacyPackages;
modules = [ inputs.self.modules.homeManager."${hostname}" ]; # Uses the module defined above
});
}
modules/hosts/john-p14s/configuration.nix
-1
View File
@@ -123,7 +123,6 @@
my-vscode.enable = true; my-vscode.enable = true;
mysops.hostSecretFile = "${flakeDir}/modules/hosts/john-p14s/secrets.yaml"; mysops.hostSecretFile = "${flakeDir}/modules/hosts/john-p14s/secrets.yaml";
homeManagerFlakeDir = "${flakeDir}"; homeManagerFlakeDir = "${flakeDir}";
shell.program = "zsh";
home.packages = with pkgs; [ home.packages = with pkgs; [
bash bash
discord discord
modules/hosts/john-pc/default.nix
+12 -12
View File
@@ -39,7 +39,7 @@ in
home.homeDirectory = "/home/${username}"; home.homeDirectory = "/home/${username}";
home.packages = with pkgs; [ home.packages = with pkgs; [
selfPkgs.jsl-zsh selfPkgs.jsl-zsh
selfPkgs.my-neovim # selfPkgs.my-neovim
selfPkgs.ssh-certs selfPkgs.ssh-certs
# selfPkgs.step-bootstrap # selfPkgs.step-bootstrap
# selfPkgs.wg-platform # selfPkgs.wg-platform
@@ -91,17 +91,17 @@ in
"/home/john/john-nas" "/home/john/john-nas"
]; ];
}; };
mtls = { # mtls = {
enable = true; # enable = true;
subject = hostname; # subject = hostname;
san = [ # san = [
"${hostname}" # "${hostname}"
"192.168.1.85" # "192.168.1.85"
"spiffe://john-stream.com/ubuntu" # "spiffe://john-stream.com/ubuntu"
]; # ];
lifetime = "1h"; # lifetime = "1h";
renew.onCalendar = "*:1/10"; # renew.onCalendar = "*:1/10";
}; # };
}; };
flake.homeConfigurations."john@john-pc-ubuntu" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }: flake.homeConfigurations."john@john-pc-ubuntu" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
modules/programs/onepassword.nix
-1
View File
@@ -5,6 +5,5 @@
[[ssh-keys]] [[ssh-keys]]
vault = "Private" vault = "Private"
''; '';
programs.ssh.matchBlocks."*".identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
}; };
} }
modules/programs/yazi.nix
+11
View File
@@ -0,0 +1,11 @@
{ self, inputs, ... }: {
# https://github.com/Lassulus/wrappers/blob/main/modules/yazi/module.nix
perSystem = { system, pkgs, lib, ... }: {
packages.yazi = (inputs.wrappers.wrapperModules.yazi.apply {
inherit pkgs;
settings = {
mgr.ratio = [ 1 4 3 ];
};
}).wrapper;
};
}
modules/programs/zed-editor.nix
+31 -25
View File
@@ -1,33 +1,39 @@
{ self, inputs, ... }: { self, ... }:
let let
packageName = "zed-editor"; packageName = "zed-editor";
vulkanIcd = "/usr/share/vulkan/icd.d/nvidia_icd.json";
zedWrapper = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: { eglVendor = "/usr/share/glvnd/egl_vendor.d/10_nvidia.json";
options = {
text-to-say = lib.mkOption {
type = lib.types.str;
description = "Text for the ascii cow to say.";
};
};
config = {
binName = "my-pkg";
package = config.pkgs.cowsay;
args = [ config.text-to-say ];
};
});
in in
{ {
perSystem = { system, pkgs, lib, ... }: { perSystem = { pkgs, ... }: {
packages."${packageName}" = (zedWrapper.apply { packages."${packageName}" = pkgs.symlinkJoin {
inherit pkgs; name = "zed-editor-host-gpu";
text-to-say = "Hello from wrapped module!"; paths = [ pkgs.zed-editor ];
}).wrapper; nativeBuildInputs = [ pkgs.makeWrapper ];
meta = pkgs.zed-editor.meta // {
mainProgram = "zeditor";
};
postBuild = ''
for exe in $out/bin/*; do
wrapProgram "$exe" \
--unset WAYLAND_DISPLAY \
--unset GDK_BACKEND \
--set VK_DRIVER_FILES ${vulkanIcd} \
--set VK_ICD_FILENAMES ${vulkanIcd} \
--set __EGL_VENDOR_LIBRARY_FILENAMES ${eglVendor} \
--set __GLX_VENDOR_LIBRARY_NAME nvidia
done
'';
};
}; };
flake.modules.homeManager."${packageName}" = { config, pkgs, lib, ... }: { flake.modules.homeManager.zed-editor = { pkgs, ... }: {
home.packages = [ home.packages = [ pkgs.vulkan-tools ];
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}."${packageName}"
]; programs.zed-editor = {
enable = true;
package = self.packages.${pkgs.stdenv.hostPlatform.system}."${packageName}";
installRemoteServer = true;
};
}; };
} }
modules/programs/zsh.nix
+1 -1
View File
@@ -140,9 +140,9 @@ in
extraPackages = with pkgs; [ extraPackages = with pkgs; [
lazygit lazygit
lazydocker lazydocker
devenv
self'.packages.shell-tools self'.packages.shell-tools
self'.packages.neovim-min self'.packages.neovim-min
devenv
]; ];
}).wrapper; }).wrapper;
}; };
modules/services/ssh.nix
+1
View File
@@ -135,6 +135,7 @@ in
"*" = lib.mkMerge [ "*" = lib.mkMerge [
{ {
user = "john"; user = "john";
identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
compression = false; compression = false;
serverAliveInterval = 0; serverAliveInterval = 0;