initial omen config

README.md

@@ -12,6 +12,10 @@ home-manager switch --flake .#desktop
 nix flake show --all-systems
 ```
 
+```shell
+nix run nixpkgs#nh home switch -- --configuration john@john-pc-ubuntu .
+```
+
 ## Layout
 
 - Everything under `./modules` gets auto-imported by `import-tree`

modules/features/mtls.nix

@@ -232,7 +232,7 @@ in
         ];
 
         # Create the systemd service files for the user.
-        xdg.dataFile = lib.mkIf cfg.renew.enable {
+        xdg.configFile = lib.mkIf cfg.renew.enable {
           "systemd/user/mtls-renew.service".source =
             "${mtlsRenewWrapper.outputs.systemd-user}/systemd/user/mtls-renew.service";
           "systemd/user/mtls-renew.timer".source =
@@ -250,7 +250,11 @@ in
           if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$XDG_RUNTIME_DIR/systemd/private" ]; then
             if [ "${lib.boolToString (cfg.enable && cfg.renew.enable)}" = "true" ]; then
               run ${pkgs.systemd}/bin/systemctl --user daemon-reload
-              run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer
+              if ${pkgs.systemd}/bin/systemctl --user cat mtls-renew.timer >/dev/null 2>&1; then
+                run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer
+              else
+                verboseEcho "mtls-renew.timer unit file is not available; skipping enable"
+              fi
             else
               run ${pkgs.systemd}/bin/systemctl --user disable --now mtls-renew.timer || true
               run ${pkgs.systemd}/bin/systemctl --user daemon-reload || true

modules/features/niri.nix

@@ -0,0 +1,31 @@
+{ self, inputs, ... }: {
+  flake.nixosModules.niri = { pkgs, lib, ... }: {
+    programs.niri = {
+      enable = true;
+      package = self.packages.${pkgs.stdenv.hostPlatform.system}.myNiri;
+    };
+  };
+
+  perSystem = { pkgs, lib, self', ... }: {
+    packages.myNiri = inputs.wrapper-modules.wrappers.niri.wrap {
+      inherit pkgs;
+      settings = {
+        spawn-at-startup = [
+          (lib.getExe self'.packages.myNoctalia)
+        ];
+
+        xwayland-satellite.path = lib.getExe pkgs.xwayland-satellite;
+
+        input.keyboard.xkb.layout = "us,ua";
+
+        layout.gaps = 5;
+
+        binds = {
+          "Mod+Return".spawn-sh = lib.getExe pkgs.kitty;
+          "Mod+Q".close-window = null;
+          "Mod+S".spawn-sh = "${lib.getExe self'.packages.myNoctalia} ipc call launcher toggle";
+        };
+      };
+    };
+  };
+}

modules/features/noctalia.nix

@@ -0,0 +1,10 @@
+{ self, inputs, ... }: {
+  perSystem = { pkgs, ... }: {
+    packages.myNoctalia = inputs.wrapper-modules.wrappers.noctalia-shell.wrap {
+      inherit pkgs; # THIS PART IS VERY IMPORTAINT, I FORGOT IT IN THE VIDEO!!!
+      settings =
+        (builtins.fromJSON
+          (builtins.readFile ./noctalia.json)).settings;
+    };
+  };
+}

modules/features/shell-tools.nix

@@ -1,63 +1,83 @@
 # This module provides all the shell options
-{ self, inputs, ... }: {
+{ self, inputs, ... }:
-  flake.modules.homeManager.shell-tools = { config, pkgs, ... }: {
+{
-    imports = with inputs.self.modules.homeManager; [
+  flake.modules.homeManager.shell-tools =
-      # bash
+    { config, pkgs, ... }:
-      zsh
+    {
-      files
+      imports = with inputs.self.modules.homeManager; [
-    ];
+        # bash
+        zsh
+        files
+      ];
 
-    home.packages = with pkgs; [
+      home.packages = with pkgs; [
-      btop
+        btop
-      uv
+        uv
-      xclip
+        xclip
-      inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.shell-tools
+        inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.shell-tools
-    ];
+      ];
 
-    home.shell.enableShellIntegration = true;
+      home.shell.enableShellIntegration = true;
-  };
+    };
 
-  perSystem = { system, pkgs, self', ... }: {
+  perSystem =
-    packages.shell-tools = inputs.wrappers.lib.wrapPackage { 
+    {
-      inherit pkgs;
+      system,
-      # binName = "show-tools";
+      pkgs,
-      package = (pkgs.symlinkJoin {
+      self',
-        name = "show-tools";
+      ...
-        meta.mainProgram = "show-tools";
+    }:
-        paths = with pkgs; [
+    {
-          nh
+      packages.shell-tools = inputs.wrappers.lib.wrapPackage {
-          ripgrep
+        inherit pkgs;
-          fd
+        # binName = "show-tools";
-          jq
+        package = (
-          wget
+          pkgs.symlinkJoin {
-          curl
-          dig
-          self'.packages.gdu
-          self'.packages.my-eza
-          hostname
-          iproute2
-          direnv
-          (writeShellApplication {
             name = "show-tools";
-            text = ''
+            meta.mainProgram = "show-tools";
-              IFS=':' read -r -a path_dirs <<< "''${PATH:-}"
+            paths = with pkgs; [
+              nh
+              ripgrep
+              fd
+              jq
+              wget
+              curl
+              dig
+              bat
+              self'.packages.gdu
+              self'.packages.my-eza
+              self'.packages.yazi
+              hostname
+              iproute2
+              direnv
+              (writeShellApplication {
+                name = "show-tools";
+                text = ''
+                  IFS=':' read -r -a path_dirs <<< "''${PATH:-}"
 
-              for dir in "''${path_dirs[@]}"; do
+                  for dir in "''${path_dirs[@]}"; do
-                [[ "$dir" == */bin ]] || continue
+                    [[ "$dir" == */bin ]] || continue
-                [[ -d "$dir" ]] || continue
+                    [[ -d "$dir" ]] || continue
 
-                printf '%s\n' "$dir"/*
+                    printf '%s\n' "$dir"/*
-              done
+                  done
-            '';
+                '';
-          })
+              })
+            ];
+          }
+        );
+      };
+
+      packages.gdu = inputs.wrappers.lib.wrapPackage {
+        inherit pkgs;
+        package = pkgs.gdu;
+        args = [
+          "-x"
+          "--si"
+          "--collapse-path"
+          "--mouse"
+          "$@"
         ];
-      });
+      };
     };
-
-    packages.gdu = inputs.wrappers.lib.wrapPackage {
-      inherit pkgs;
-      package = pkgs.gdu;
-      args = [ "-x" "--si" "--collapse-path" "--mouse" "$@" ];
-    };
-  };
 }

modules/hosts/john-kde/default.nix

@@ -0,0 +1,70 @@
+{ withSystem, self, inputs, ... }:
+let
+  username = "john";
+  hostname = "omen";
+in
+{
+  flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
+  let
+    selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
+    flakeDir = "${config.xdg.configHome}/home-manager";
+  in
+  {
+    imports = with inputs.self.modules.homeManager; [
+      rebuild
+      john
+      # mtls
+      # restic
+      docker
+      desktop
+      step-client
+      # mysops
+      # myPackage
+      # myStepClient
+    ];
+    # TODO: make this more restrictive, rather than allowing all unfree packages
+    nixpkgs.config.allowUnfree = true;
+    nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
+
+    targets.genericLinux.enable = true;
+
+    home.username = "${username}";
+    home.homeDirectory = "/home/${username}";
+    home.packages = with pkgs; [
+      selfPkgs.jsl-zsh
+      selfPkgs.my-neovim
+      selfPkgs.ssh-certs
+      # selfPkgs.step-bootstrap
+      # selfPkgs.wg-platform
+      # self'.packages.myWrappedPackage
+      # (inputs.self.wrappers.test-push.apply {
+      #   inherit pkgs flakeDir;
+      #   host = testHost;
+      #   target = testTarget;
+      # }).wrapper
+    ];
+
+    homeManagerFlakeDir = flakeDir;
+    docker.enable = true;
+
+    ssh = {
+      certificates.enable = true;
+      knownHosts = [
+        "fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
+      ];
+      matchSets = {
+        certs = true;
+        appdaemon = true;
+        homelab = true;
+        dev = true;
+        tailscale = true;
+      };
+    };
+  };
+
+  flake.homeConfigurations."john@omen" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
+    inputs.home-manager.lib.homeManagerConfiguration {
+      pkgs = inputs'.nixpkgs.legacyPackages;
+      modules = [ inputs.self.modules.homeManager."${hostname}" ]; # Uses the module defined above
+  });
+}

modules/hosts/john-p14s/configuration.nix

@@ -123,7 +123,6 @@
           my-vscode.enable = true;
           mysops.hostSecretFile = "${flakeDir}/modules/hosts/john-p14s/secrets.yaml";
           homeManagerFlakeDir = "${flakeDir}";
-          shell.program = "zsh";
           home.packages = with pkgs; [
             bash
             discord

modules/hosts/john-pc/default.nix

@@ -39,7 +39,7 @@ in
     home.homeDirectory = "/home/${username}";
     home.packages = with pkgs; [
       selfPkgs.jsl-zsh
-      selfPkgs.my-neovim
+      # selfPkgs.my-neovim
       selfPkgs.ssh-certs
       # selfPkgs.step-bootstrap
       # selfPkgs.wg-platform
@@ -91,17 +91,17 @@ in
         "/home/john/john-nas"
       ];
     };
-    mtls = {
+    # mtls = {
-      enable = true;
+    #   enable = true;
-      subject = hostname;
+    #   subject = hostname;
-      san = [
+    #   san = [
-        "${hostname}"
+    #     "${hostname}"
-        "192.168.1.85"
+    #     "192.168.1.85"
-        "spiffe://john-stream.com/ubuntu"
+    #     "spiffe://john-stream.com/ubuntu"
-      ];
+    #   ];
-      lifetime = "1h";
+    #   lifetime = "1h";
-      renew.onCalendar = "*:1/10";
+    #   renew.onCalendar = "*:1/10";
-    };
+    # };
   };
 
   flake.homeConfigurations."john@john-pc-ubuntu" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:

modules/hosts/omen-nixos/configuration.nix

@@ -0,0 +1,128 @@
+{ self, inputs, ... }: {
+
+  flake.nixosModules.omen = { pkgs, lib, ... }: {
+    # import any other modules from here
+    imports = [
+      self.nixosModules.omenHardware
+      self.nixosModules.niri
+    ];
+
+    # Use the systemd-boot EFI boot loader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
+    # Use latest kernel.
+    boot.kernelPackages = pkgs.linuxPackages_latest;
+
+    networking.hostName = "nixos-omen"; # Define your hostname.
+
+    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+    # Configure network connections interactively with nmcli or nmtui.
+    networking.networkmanager.enable = true;
+
+    # Set your time zone.
+    time.timeZone = "US/Central";
+
+    # Configure network proxy if necessary
+    # networking.proxy.default = "http://user:password@proxy:port/";
+    # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+    # Select internationalisation properties.
+    # i18n.defaultLocale = "en_US.UTF-8";
+    # console = {
+    #   font = "Lat2-Terminus16";
+    #   keyMap = "us";
+    #   useXkbConfig = true; # use xkb.options in tty.
+    # };
+
+    # Enable the X11 windowing system.
+    # services.xserver.enable = true;
+
+
+    
+
+    # Configure keymap in X11
+    # services.xserver.xkb.layout = "us";
+    # services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+    # Enable CUPS to print documents.
+    # services.printing.enable = true;
+
+    # Enable sound.
+    # services.pulseaudio.enable = true;
+    # OR
+    # services.pipewire = {
+    #   enable = true;
+    #   pulse.enable = true;
+    # };
+
+    # Enable touchpad support (enabled default in most desktopManager).
+    # services.libinput.enable = true;
+
+    # Define a user account. Don't forget to set a password with ‘passwd’.
+    # users.users.alice = {
+    #   isNormalUser = true;
+    #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    #   packages = with pkgs; [
+    #     tree
+    #   ];
+    # };
+
+    # programs.firefox.enable = true;
+
+    # List packages installed in system profile.
+    # You can use https://search.nixos.org/ to find more packages (and options).
+    environment.systemPackages = with pkgs; [
+    #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+      wget
+      micro
+      nh
+    ];
+
+    # Some programs need SUID wrappers, can be configured further or are
+    # started in user sessions.
+    # programs.mtr.enable = true;
+    # programs.gnupg.agent = {
+    #   enable = true;
+    #   enableSSHSupport = true;
+    # };
+
+    # List services that you want to enable:
+
+    # Enable the OpenSSH daemon.
+    services.openssh.enable = true;
+
+    # Open ports in the firewall.
+    # networking.firewall.allowedTCPPorts = [ ... ];
+    # networking.firewall.allowedUDPPorts = [ ... ];
+    # Or disable the firewall altogether.
+    # networking.firewall.enable = false;
+
+    # Copy the NixOS configuration file and link it from the resulting system
+    # (/run/current-system/configuration.nix). This is useful in case you
+    # accidentally delete configuration.nix.
+    # system.copySystemConfiguration = true;
+
+    # This option defines the first version of NixOS you have installed on this particular machine,
+    # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+    #
+    # Most users should NEVER change this value after the initial install, for any reason,
+    # even if you've upgraded your system to a new NixOS release.
+    #
+    # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+    # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+    # to actually do that.
+    #
+    # This value being lower than the current NixOS release does NOT mean your system is
+    # out of date, out of support, or vulnerable.
+    #
+    # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+    # and migrated your data accordingly.
+    #
+    # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+    system.stateVersion = "26.05"; # Did you read the comment?
+    # ...
+  };
+
+}

modules/hosts/omen-nixos/default.nix

@@ -0,0 +1,7 @@
+{ self, inputs, ... }: {
+  flake.nixosConfigurations.omen = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      self.nixosModules.omen
+    ];
+  };
+}

modules/hosts/omen-nixos/hardware.nix

@@ -0,0 +1,28 @@
+{ self, inputs, ... }: {
+  flake.nixosModules.omenHardware = { config, lib, pkgs, modulesPath, ... }: {
+    imports = [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+    boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = [ "kvm-amd" ];
+    boot.extraModulePackages = [ ];
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-uuid/35f77d1a-346c-4c52-83b2-7d25e2ac9fe1";
+        fsType = "ext4";
+      };
+      "/mnt/shared" = {
+        device = "/dev/disk/by-uuid/216e8dca-170d-4377-bf1a-69b574e1778c";
+        fsType = "ext4";
+      };
+    };
+
+    swapDevices = [ ];
+
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+    hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  };
+}

modules/programs/onepassword.nix

@@ -5,6 +5,5 @@
       [[ssh-keys]]
       vault = "Private"
     '';
-    programs.ssh.matchBlocks."*".identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
   };
 }

modules/programs/yazi.nix

@@ -0,0 +1,11 @@
+{ self, inputs, ... }: {
+  # https://github.com/Lassulus/wrappers/blob/main/modules/yazi/module.nix
+  perSystem = { system, pkgs, lib, ... }: {
+    packages.yazi = (inputs.wrappers.wrapperModules.yazi.apply {
+      inherit pkgs;
+      settings = {
+        mgr.ratio = [ 1 4 3 ];
+      };
+    }).wrapper;
+  };
+}

modules/programs/zed-editor.nix

@@ -1,33 +1,39 @@
-{ self, inputs, ... }:
+{ self, ... }:
 let
   packageName = "zed-editor";
-
+  vulkanIcd = "/usr/share/vulkan/icd.d/nvidia_icd.json";
-  zedWrapper = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: { 
+  eglVendor = "/usr/share/glvnd/egl_vendor.d/10_nvidia.json";
-    options = { 
-      text-to-say = lib.mkOption {
-        type = lib.types.str;
-        description = "Text for the ascii cow to say.";
-      };
-    };
-
-    config = {
-      binName = "my-pkg"; 
-      package = config.pkgs.cowsay; 
-      args = [ config.text-to-say ]; 
-    };
-  });
 in
 {
-  perSystem = { system, pkgs, lib, ... }: {
+  perSystem = { pkgs, ... }: {
-    packages."${packageName}" = (zedWrapper.apply { 
+    packages."${packageName}" = pkgs.symlinkJoin {
-      inherit pkgs; 
+      name = "zed-editor-host-gpu";
-      text-to-say = "Hello from wrapped module!"; 
+      paths = [ pkgs.zed-editor ];
-    }).wrapper;
+      nativeBuildInputs = [ pkgs.makeWrapper ];
+      meta = pkgs.zed-editor.meta // {
+        mainProgram = "zeditor";
+      };
+      postBuild = ''
+        for exe in $out/bin/*; do
+          wrapProgram "$exe" \
+            --unset WAYLAND_DISPLAY \
+            --unset GDK_BACKEND \
+            --set VK_DRIVER_FILES ${vulkanIcd} \
+            --set VK_ICD_FILENAMES ${vulkanIcd} \
+            --set __EGL_VENDOR_LIBRARY_FILENAMES ${eglVendor} \
+            --set __GLX_VENDOR_LIBRARY_NAME nvidia
+        done
+      '';
+    };
   };
 
-  flake.modules.homeManager."${packageName}" = { config, pkgs, lib, ... }: { 
+  flake.modules.homeManager.zed-editor = { pkgs, ... }: {
-    home.packages = [
+    home.packages = [ pkgs.vulkan-tools ];
-      inputs.self.packages.${pkgs.stdenv.hostPlatform.system}."${packageName}" 
+
-    ];
+    programs.zed-editor = {
+      enable = true;
+      package = self.packages.${pkgs.stdenv.hostPlatform.system}."${packageName}";
+      installRemoteServer = true;
+    };
   };
 }

modules/programs/zsh.nix

@@ -140,9 +140,9 @@ in
         extraPackages = with pkgs; [
           lazygit
           lazydocker
+          devenv
           self'.packages.shell-tools
           self'.packages.neovim-min
-          devenv
         ];
       }).wrapper;
   };

modules/services/ssh.nix

@@ -135,6 +135,7 @@ in
             "*" = lib.mkMerge [
               {
                 user = "john";
+                identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
 
                 compression = false;
                 serverAliveInterval = 0;