diff options
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/lib/mkSystem.nix | 50 | ||||
| -rw-r--r-- | nix/machines/darwin-shared.nix | 91 | ||||
| -rw-r--r-- | nix/machines/hardware/vm-aarch64-utm.nix | 33 | ||||
| -rw-r--r-- | nix/machines/macbook-air-m2.nix | 13 | ||||
| -rw-r--r-- | nix/machines/macbook-pro-intel.nix | 8 | ||||
| -rw-r--r-- | nix/machines/vm-aarch64.nix | 16 | ||||
| -rw-r--r-- | nix/machines/vm-shared.nix | 51 | ||||
| -rw-r--r-- | nix/users/fcuny/darwin.nix | 8 | ||||
| -rw-r--r-- | nix/users/fcuny/home-manager.nix | 256 | ||||
| -rw-r--r-- | nix/users/fcuny/nixos.nix | 20 |
10 files changed, 546 insertions, 0 deletions
diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix new file mode 100644 index 0000000..dbacac6 --- /dev/null +++ b/nix/lib/mkSystem.nix @@ -0,0 +1,50 @@ +# This function creates a NixOS system based on our VM setup for a +# particular architecture. +{ nixpkgs, inputs }: + +name: +{ system, user, darwin ? false, }: + +let + # The config files for this system. + machineConfig = ../machines/${name}.nix; + userOSConfig = ../users/${user}/${if darwin then "darwin" else "nixos"}.nix; + userHMConfig = ../users/${user}/home-manager.nix; + + # NixOS vs nix-darwin functionst + systemFunc = + if darwin then inputs.darwin.lib.darwinSystem else nixpkgs.lib.nixosSystem; + home-manager = + if darwin then + inputs.home-manager.darwinModules + else + inputs.home-manager.nixosModules; +in +systemFunc rec { + inherit system; + + modules = [ + # Allow unfree packages. + { nixpkgs.config.allowUnfree = true; } + + machineConfig + userOSConfig + home-manager.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.${user} = import userHMConfig { inputs = inputs; }; + } + + # We expose some extra arguments so that our modules can parameterize + # better based on these values. + { + config._module.args = { + currentSystem = system; + currentSystemName = name; + currentSystemUser = user; + inputs = inputs; + }; + } + ]; +} diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix new file mode 100644 index 0000000..6c727f8 --- /dev/null +++ b/nix/machines/darwin-shared.nix @@ -0,0 +1,91 @@ +{ pkgs, ... }: { + nix = { + package = pkgs.nixVersions.stable; + + gc = { + user = "root"; + automatic = true; + interval = [{ + Hour = 7; + Minute = 0; + Weekday = 0; + }]; + options = "--delete-older-than 7d"; + }; + + settings = { + trusted-users = [ "@admin" "fcuny" ]; + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + system.defaults = { + dock = { + autohide = true; + orientation = "left"; + showhidden = false; + show-recents = false; + mru-spaces = false; # don’t rearrange spaces based on the most recent use + }; + finder.AppleShowAllExtensions = true; + screencapture.location = "~/Documents/screenshots"; + SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true; + }; + + fonts.packages = with pkgs; [ + emacs-all-the-icons-fonts + google-fonts + roboto + source-code-pro + source-serif-pro + source-sans-pro + go-font + ]; + + system.keyboard = { + enableKeyMapping = true; + remapCapsLockToControl = true; + }; + + # Touch ID for sudo auth + security.pam.enableSudoTouchIdAuth = true; + + services.nix-daemon.enable = true; + + system.defaults.CustomUserPreferences = { + "com.apple.desktopservices" = { + # Avoid creating .DS_Store files on network or USB volumes + DSDontWriteNetworkStores = true; + DSDontWriteUSBStores = true; + }; + }; + + programs.fish.enable = true; + programs.fish.shellInit = '' + # Nix + if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' + end + # End Nix + ''; + + # Required for homebrew on aarch64 + environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ]; + + homebrew = { + enable = true; + onActivation.autoUpdate = true; + onActivation.upgrade = true; + + casks = [ + "1password-cli" + "docker" + "element" + "emacs" + "iterm2" + "transmission" + "vlc" + "wireshark" + ]; + }; +} diff --git a/nix/machines/hardware/vm-aarch64-utm.nix b/nix/machines/hardware/vm-aarch64-utm.nix new file mode 100644 index 0000000..084cc74 --- /dev/null +++ b/nix/machines/hardware/vm-aarch64-utm.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ lib, modulesPath, ... }: { + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/nix/machines/macbook-air-m2.nix b/nix/machines/macbook-air-m2.nix new file mode 100644 index 0000000..9b0265a --- /dev/null +++ b/nix/machines/macbook-air-m2.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + imports = [ ./darwin-shared.nix ]; + + system.stateVersion = 5; + + networking.hostName = "mba-fcuny"; + + programs.fish.enable = true; + environment.shells = [ pkgs.fish ]; + + # brew packages I only want to get installed on this machine + homebrew.casks = [ "zoom" ]; +} diff --git a/nix/machines/macbook-pro-intel.nix b/nix/machines/macbook-pro-intel.nix new file mode 100644 index 0000000..07b464e --- /dev/null +++ b/nix/machines/macbook-pro-intel.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: { + imports = [ ./darwin-shared.nix ]; + + system.stateVersion = 5; + + programs.fish.enable = true; + environment.shells = [ pkgs.fish ]; +} diff --git a/nix/machines/vm-aarch64.nix b/nix/machines/vm-aarch64.nix new file mode 100644 index 0000000..8e84ed5 --- /dev/null +++ b/nix/machines/vm-aarch64.nix @@ -0,0 +1,16 @@ +{ ... }: { + imports = [ ./hardware/vm-aarch64-utm.nix ./vm-shared.nix ]; + + # Interface is this on my M1 + networking.interfaces.enp0s10.useDHCP = true; + + # Qemu + services.spice-vdagentd.enable = true; + + # For now, we need this since hardware acceleration does not work. + environment.variables.LIBGL_ALWAYS_SOFTWARE = "1"; + + # Lots of stuff that uses aarch64 that claims doesn't work, but actually works. + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnsupportedSystem = true; +} diff --git a/nix/machines/vm-shared.nix b/nix/machines/vm-shared.nix new file mode 100644 index 0000000..04eedf0 --- /dev/null +++ b/nix/machines/vm-shared.nix @@ -0,0 +1,51 @@ +{ pkgs, ... }: { + boot.kernelPackages = pkgs.linuxPackages_latest; + + nix = { + package = pkgs.nixVersions.latest; + extraOptions = '' + experimental-features = nix-command flakes + keep-outputs = true + keep-derivations = true + ''; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "dev"; + + time.timeZone = "America/Los_Angeles"; + + # Don't require password for sudo + security.sudo.wheelNeedsPassword = false; + + # Virtualization settings + virtualisation.docker.enable = true; + + # Select internationalisation properties. + i18n = { defaultLocale = "en_US.UTF-8"; }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.mutableUsers = false; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ curl git ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = true; + services.openssh.settings.PermitRootLogin = "no"; + + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/nix/users/fcuny/darwin.nix b/nix/users/fcuny/darwin.nix new file mode 100644 index 0000000..b56a67d --- /dev/null +++ b/nix/users/fcuny/darwin.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: { + # The user should already exist, but we need to set this up so Nix knows + # what our home directory is (https://github.com/LnL7/nix-darwin/issues/423). + users.users.fcuny = { + home = "/Users/fcuny"; + shell = pkgs.fish; + }; +} diff --git a/nix/users/fcuny/home-manager.nix b/nix/users/fcuny/home-manager.nix new file mode 100644 index 0000000..6c3342b --- /dev/null +++ b/nix/users/fcuny/home-manager.nix @@ -0,0 +1,256 @@ +{ ... }: + +{ config, lib, pkgs, ... }: { + home.stateVersion = "23.05"; + + xdg.enable = true; + + home.packages = with pkgs; [ + # go + go-tools + golangci-lint + gopls + delve + + # docker + dive # explore layers in docker images + + # shell + shellcheck + + # git + gitAndTools.pre-commit + git-credential-manager + gh + + # shell utils + coreutils + direnv + dust + procs + ripgrep + tree + wget + + # network + bandwhich + + # data manipulation + jless + jq + yq + + # encryption + age + + # media + mpv + ffmpeg + + # dicts + aspell + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + + # nix + nil + nix-direnv + nixd + nixfmt-classic + nixpkgs-fmt + nil # nix lsp + + # k8s + kind # k8s in docker + kubebuilder # generate controller + kubectl + kubernetes-helm # deploy applications + kubie # kubeconfig browser https://github.com/sbstp/kubie + kubelogin-oidc # OIDC plugin + k9s # object explorer + + # hashicorp + boundary + nomad-pack + tfswitch + ]; + + programs.go = { + enable = true; + goPath = ".local/share/pkg.go"; + goBin = ".local/bin.go"; + goPrivate = [ "github.rbx.com/*" "github.com/fcuny/*" "git.fcuny.net/*" ]; + }; + + # an alternative to ls + programs.eza = { + enable = true; + icons = "never"; + enableFishIntegration = false; + extraOptions = [ + "--group-directories-first" + "--no-quotes" + "--git-ignore" + "--icons=never" + ]; + }; + + # an alternative to find + programs.fd = { + enable = true; + hidden = true; + ignores = [ ".git/" ".direnv/" ]; + }; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + enableZshIntegration = true; + config = { + global.disable_stdin = true; + global.strict_env = true; + }; + }; + + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting "" + ''; + + shellAbbrs = { ncg = "nix-collect-garbage -d"; }; + shellAliases = { + c = "clear"; + ls = "eza -l -L=1 --git --color=always --group-directories-first"; + la = "eza -la --git --color=always --group-directories-first"; + ll = "eza -la -L=1 --git --color=always --group-directories-first"; + lt = "eza -aT -L=2 --git --color=always --group-directories-first"; + }; + }; + + programs.git = { + enable = true; + userName = "Franck Cuny"; + userEmail = "franck@fcuny.net"; + + aliases = { amend = "commit --amend"; }; + + includes = [ + { + condition = "hasconfig:remote.*.url:git@github.rbx.com:**"; + path = pkgs.writeText "finsitGitConfig" + (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + } + { + condition = "hasconfig:remote.*.url:git@github.com:Roblox/**"; + path = pkgs.writeText "finsitGitConfig" + (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + } + ]; + + extraConfig = { + core.whitespace = "trailing-space,space-before-tab"; + color.ui = "true"; + + # abort if the remote branch does not match the local one + push.default = "simple"; + + # https://adamj.eu/tech/2024/01/18/git-improve-diff-histogram/ + diff.algorithm = "histogram"; + + init.defaultBranch = "main"; + + pull.rebase = true; + rebase = { + # Automatically create a temporary stash entry before the + # operation begins, and apply it after the operation ends. + autoStash = true; + # Print a warning if some commits are removed + missingCommitsCheck = "warn"; + }; + + branch.autosetuprebase = "remote"; + branch.sort = "authordate"; + + url = { + "ssh://git@github.rbx.com/" = { + insteadOf = "https://github.rbx.com/"; + }; + }; + }; + }; + + programs.ssh = { + enable = true; + forwardAgent = true; + serverAliveInterval = 60; + controlMaster = "auto"; + controlPersist = "30m"; + extraConfig = '' + IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock" + ''; + matchBlocks = { + "personal" = { + hostname = "github.com"; + user = "git"; + forwardAgent = false; + extraOptions = { preferredAuthentications = "publickey"; }; + }; + "github.com" = { + hostname = "github.com"; + user = "git"; + forwardAgent = false; + extraOptions = { preferredAuthentications = "publickey"; }; + }; + "github.rbx.com" = { + hostname = "github.rbx.com"; + user = "git"; + forwardAgent = false; + extraOptions = { preferredAuthentications = "publickey"; }; + }; + }; + }; + + home.sessionPath = [ config.home.sessionVariables.GOBIN ]; + + home.sessionVariables = with config.xdg; { + ASPELL_CONF = "conf ${config.xdg.configHome}/aspell/config;"; + EDITOR = "emacsclient -a="; + HOMEBREW_NO_AUTO_UPDATE = 1; + IPYTHONDIR = "${cacheHome}/ipython"; + LESS = "-FRSXM"; + LESSCHARSET = "utf-8"; + MYPY_CACHE_DIR = "${cacheHome}/mypy"; + PAGER = "less"; + PIP_LOG = "${cacheHome}/pip/pip.log"; + PYLINTHOME = "${cacheHome}/pylint"; + PYTHON_EGG_CACHE = "${cacheHome}/python-eggs"; + SHELL = "${pkgs.fish}/bin/fish"; + VISUAL = "emacsclient -a="; + }; + + # Generate ssh agent config for 1Password + # I want both my personal and work keys + home.file.".config/1Password/ssh/agent.toml".text = '' + [[ssh-keys]] + account = "my.1password.com" + + [[ssh-keys]] + account = "roblox.1password.com" + item = "GitHub ssh key" + vault = "Private" + ''; + + home.file.kubie = { + target = ".kube/kubie.yaml"; + text = '' + shell: fish + configs: + include: + - ~/.kube/rksconfig + prompt: + fish_use_rprompt: true + ''; + }; +} diff --git a/nix/users/fcuny/nixos.nix b/nix/users/fcuny/nixos.nix new file mode 100644 index 0000000..662c0b1 --- /dev/null +++ b/nix/users/fcuny/nixos.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: { + # https://github.com/nix-community/home-manager/pull/2408 + environment.pathsToLink = [ "/share/fish" ]; + + # Add ~/.local/bin to PATH + environment.localBinInPath = true; + + # we're using fish as our shell + programs.fish.enable = true; + + users.users.fcuny = { + isNormalUser = true; + home = "/home/fcuny"; + extraGroups = [ "docker" "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + }; +} |