Compare commits
8 Commits
771813a064
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
 John Lancaster
|
b7f5474893 | ||
|
John Lancaster
|
1667e362aa | ||
|
John Lancaster
|
cd5a49c4a6 | ||
|
John Lancaster
|
244c60d9cd | ||
|
John Lancaster
|
f2254e5dc7 | ||
|
John Lancaster
|
a337ce6f2c | ||
|
John Lancaster
|
278796f47c | ||
|
John Lancaster
|
1ab00f286e |
@@ -232,7 +232,7 @@ in
|
||||
];
|
||||
|
||||
# Create the systemd service files for the user.
|
||||
xdg.dataFile = lib.mkIf cfg.renew.enable {
|
||||
xdg.configFile = lib.mkIf cfg.renew.enable {
|
||||
"systemd/user/mtls-renew.service".source =
|
||||
"${mtlsRenewWrapper.outputs.systemd-user}/systemd/user/mtls-renew.service";
|
||||
"systemd/user/mtls-renew.timer".source =
|
||||
@@ -250,7 +250,11 @@ in
|
||||
if [ -n "$XDG_RUNTIME_DIR" ] && [ -S "$XDG_RUNTIME_DIR/systemd/private" ]; then
|
||||
if [ "${lib.boolToString (cfg.enable && cfg.renew.enable)}" = "true" ]; then
|
||||
run ${pkgs.systemd}/bin/systemctl --user daemon-reload
|
||||
if ${pkgs.systemd}/bin/systemctl --user cat mtls-renew.timer >/dev/null 2>&1; then
|
||||
run ${pkgs.systemd}/bin/systemctl --user enable --now mtls-renew.timer
|
||||
else
|
||||
verboseEcho "mtls-renew.timer unit file is not available; skipping enable"
|
||||
fi
|
||||
else
|
||||
run ${pkgs.systemd}/bin/systemctl --user disable --now mtls-renew.timer || true
|
||||
run ${pkgs.systemd}/bin/systemctl --user daemon-reload || true
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
# This module provides all the shell options
|
||||
{ self, inputs, ... }: {
|
||||
flake.modules.homeManager.shell-tools = { config, pkgs, ... }: {
|
||||
{ self, inputs, ... }:
|
||||
{
|
||||
flake.modules.homeManager.shell-tools =
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = with inputs.self.modules.homeManager; [
|
||||
# bash
|
||||
zsh
|
||||
@@ -17,11 +20,19 @@
|
||||
home.shell.enableShellIntegration = true;
|
||||
};
|
||||
|
||||
perSystem = { system, pkgs, self', ... }: {
|
||||
perSystem =
|
||||
{
|
||||
system,
|
||||
pkgs,
|
||||
self',
|
||||
...
|
||||
}:
|
||||
{
|
||||
packages.shell-tools = inputs.wrappers.lib.wrapPackage {
|
||||
inherit pkgs;
|
||||
# binName = "show-tools";
|
||||
package = (pkgs.symlinkJoin {
|
||||
package = (
|
||||
pkgs.symlinkJoin {
|
||||
name = "show-tools";
|
||||
meta.mainProgram = "show-tools";
|
||||
paths = with pkgs; [
|
||||
@@ -32,8 +43,10 @@
|
||||
wget
|
||||
curl
|
||||
dig
|
||||
bat
|
||||
self'.packages.gdu
|
||||
self'.packages.my-eza
|
||||
self'.packages.yazi
|
||||
hostname
|
||||
iproute2
|
||||
direnv
|
||||
@@ -51,13 +64,20 @@
|
||||
'';
|
||||
})
|
||||
];
|
||||
});
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
packages.gdu = inputs.wrappers.lib.wrapPackage {
|
||||
inherit pkgs;
|
||||
package = pkgs.gdu;
|
||||
args = [ "-x" "--si" "--collapse-path" "--mouse" "$@" ];
|
||||
args = [
|
||||
"-x"
|
||||
"--si"
|
||||
"--collapse-path"
|
||||
"--mouse"
|
||||
"$@"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -0,0 +1,70 @@
|
||||
{ withSystem, self, inputs, ... }:
|
||||
let
|
||||
username = "john";
|
||||
hostname = "omen";
|
||||
in
|
||||
{
|
||||
flake.modules.homeManager."${hostname}" = { config, pkgs, lib, ... }:
|
||||
let
|
||||
selfPkgs = inputs.self.packages.${pkgs.stdenv.hostPlatform.system};
|
||||
flakeDir = "${config.xdg.configHome}/home-manager";
|
||||
in
|
||||
{
|
||||
imports = with inputs.self.modules.homeManager; [
|
||||
rebuild
|
||||
john
|
||||
# mtls
|
||||
# restic
|
||||
docker
|
||||
desktop
|
||||
step-client
|
||||
# mysops
|
||||
# myPackage
|
||||
# myStepClient
|
||||
];
|
||||
# TODO: make this more restrictive, rather than allowing all unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
|
||||
|
||||
targets.genericLinux.enable = true;
|
||||
|
||||
home.username = "${username}";
|
||||
home.homeDirectory = "/home/${username}";
|
||||
home.packages = with pkgs; [
|
||||
selfPkgs.jsl-zsh
|
||||
selfPkgs.my-neovim
|
||||
selfPkgs.ssh-certs
|
||||
# selfPkgs.step-bootstrap
|
||||
# selfPkgs.wg-platform
|
||||
# self'.packages.myWrappedPackage
|
||||
# (inputs.self.wrappers.test-push.apply {
|
||||
# inherit pkgs flakeDir;
|
||||
# host = testHost;
|
||||
# target = testTarget;
|
||||
# }).wrapper
|
||||
];
|
||||
|
||||
homeManagerFlakeDir = flakeDir;
|
||||
docker.enable = true;
|
||||
|
||||
ssh = {
|
||||
certificates.enable = true;
|
||||
knownHosts = [
|
||||
"fded:fb16:653e:25da:be24:11ff:fea0:753f ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9ZqiWPrCwHjxFCiu0lT4rlQs7KyMapxKJQQ5PJP1eh"
|
||||
];
|
||||
matchSets = {
|
||||
certs = true;
|
||||
appdaemon = true;
|
||||
homelab = true;
|
||||
dev = true;
|
||||
tailscale = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
flake.homeConfigurations."john@omen" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
|
||||
inputs.home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = inputs'.nixpkgs.legacyPackages;
|
||||
modules = [ inputs.self.modules.homeManager."${hostname}" ]; # Uses the module defined above
|
||||
});
|
||||
}
|
||||
@@ -123,7 +123,6 @@
|
||||
my-vscode.enable = true;
|
||||
mysops.hostSecretFile = "${flakeDir}/modules/hosts/john-p14s/secrets.yaml";
|
||||
homeManagerFlakeDir = "${flakeDir}";
|
||||
shell.program = "zsh";
|
||||
home.packages = with pkgs; [
|
||||
bash
|
||||
discord
|
||||
|
||||
@@ -39,7 +39,7 @@ in
|
||||
home.homeDirectory = "/home/${username}";
|
||||
home.packages = with pkgs; [
|
||||
selfPkgs.jsl-zsh
|
||||
selfPkgs.my-neovim
|
||||
# selfPkgs.my-neovim
|
||||
selfPkgs.ssh-certs
|
||||
# selfPkgs.step-bootstrap
|
||||
# selfPkgs.wg-platform
|
||||
@@ -91,17 +91,17 @@ in
|
||||
"/home/john/john-nas"
|
||||
];
|
||||
};
|
||||
mtls = {
|
||||
enable = true;
|
||||
subject = hostname;
|
||||
san = [
|
||||
"${hostname}"
|
||||
"192.168.1.85"
|
||||
"spiffe://john-stream.com/ubuntu"
|
||||
];
|
||||
lifetime = "1h";
|
||||
renew.onCalendar = "*:1/10";
|
||||
};
|
||||
# mtls = {
|
||||
# enable = true;
|
||||
# subject = hostname;
|
||||
# san = [
|
||||
# "${hostname}"
|
||||
# "192.168.1.85"
|
||||
# "spiffe://john-stream.com/ubuntu"
|
||||
# ];
|
||||
# lifetime = "1h";
|
||||
# renew.onCalendar = "*:1/10";
|
||||
# };
|
||||
};
|
||||
|
||||
flake.homeConfigurations."john@john-pc-ubuntu" = withSystem "x86_64-linux" (ctx@{ system, inputs', ... }:
|
||||
|
||||
@@ -5,6 +5,5 @@
|
||||
[[ssh-keys]]
|
||||
vault = "Private"
|
||||
'';
|
||||
programs.ssh.matchBlocks."*".identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
{ self, inputs, ... }: {
|
||||
# https://github.com/Lassulus/wrappers/blob/main/modules/yazi/module.nix
|
||||
perSystem = { system, pkgs, lib, ... }: {
|
||||
packages.yazi = (inputs.wrappers.wrapperModules.yazi.apply {
|
||||
inherit pkgs;
|
||||
settings = {
|
||||
mgr.ratio = [ 1 4 3 ];
|
||||
};
|
||||
}).wrapper;
|
||||
};
|
||||
}
|
||||
@@ -1,33 +1,39 @@
|
||||
{ self, inputs, ... }:
|
||||
{ self, ... }:
|
||||
let
|
||||
packageName = "zed-editor";
|
||||
|
||||
zedWrapper = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: {
|
||||
options = {
|
||||
text-to-say = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Text for the ascii cow to say.";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
binName = "my-pkg";
|
||||
package = config.pkgs.cowsay;
|
||||
args = [ config.text-to-say ];
|
||||
};
|
||||
});
|
||||
vulkanIcd = "/usr/share/vulkan/icd.d/nvidia_icd.json";
|
||||
eglVendor = "/usr/share/glvnd/egl_vendor.d/10_nvidia.json";
|
||||
in
|
||||
{
|
||||
perSystem = { system, pkgs, lib, ... }: {
|
||||
packages."${packageName}" = (zedWrapper.apply {
|
||||
inherit pkgs;
|
||||
text-to-say = "Hello from wrapped module!";
|
||||
}).wrapper;
|
||||
perSystem = { pkgs, ... }: {
|
||||
packages."${packageName}" = pkgs.symlinkJoin {
|
||||
name = "zed-editor-host-gpu";
|
||||
paths = [ pkgs.zed-editor ];
|
||||
nativeBuildInputs = [ pkgs.makeWrapper ];
|
||||
meta = pkgs.zed-editor.meta // {
|
||||
mainProgram = "zeditor";
|
||||
};
|
||||
postBuild = ''
|
||||
for exe in $out/bin/*; do
|
||||
wrapProgram "$exe" \
|
||||
--unset WAYLAND_DISPLAY \
|
||||
--unset GDK_BACKEND \
|
||||
--set VK_DRIVER_FILES ${vulkanIcd} \
|
||||
--set VK_ICD_FILENAMES ${vulkanIcd} \
|
||||
--set __EGL_VENDOR_LIBRARY_FILENAMES ${eglVendor} \
|
||||
--set __GLX_VENDOR_LIBRARY_NAME nvidia
|
||||
done
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
flake.modules.homeManager."${packageName}" = { config, pkgs, lib, ... }: {
|
||||
home.packages = [
|
||||
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}."${packageName}"
|
||||
];
|
||||
flake.modules.homeManager.zed-editor = { pkgs, ... }: {
|
||||
home.packages = [ pkgs.vulkan-tools ];
|
||||
|
||||
programs.zed-editor = {
|
||||
enable = true;
|
||||
package = self.packages.${pkgs.stdenv.hostPlatform.system}."${packageName}";
|
||||
installRemoteServer = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -140,9 +140,9 @@ in
|
||||
extraPackages = with pkgs; [
|
||||
lazygit
|
||||
lazydocker
|
||||
devenv
|
||||
self'.packages.shell-tools
|
||||
self'.packages.neovim-min
|
||||
devenv
|
||||
];
|
||||
}).wrapper;
|
||||
};
|
||||
|
||||
@@ -135,6 +135,7 @@ in
|
||||
"*" = lib.mkMerge [
|
||||
{
|
||||
user = "john";
|
||||
identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
|
||||
|
||||
compression = false;
|
||||
serverAliveInterval = 0;
|
||||
|
||||
Reference in New Issue
Block a user