toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changes for better user vs admin separation

Browse source 
Added haze for cesar NOT done yet
This commit is contained in:
Chris Toph 2025-01-13 23:17:46 -05:00
parent 9d8df5c2d0
commit 42e161b1fb
15 changed files with 584 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
common/home/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, hostName, ... }:
{
pkgs,
hostName,
user,
...
}:
{
# Module imports
imports = [
@ -8,8 +13,8 @@
];
home = {
username = "toph";
homeDirectory = "/home/toph";
username = user;
homeDirectory = "/home/${user}";
stateVersion = "24.05";
sessionVariables = {
HOSTNAME = hostName;

101
flake.nix
View file

@ -19,6 +19,8 @@
...
}:
let
admin = "toph";
user = "toph";
ARM = "aarch64-linux"; # ARM systems
X86 = "x86_64-linux"; # x86_64 systems
lib = nixpkgs.lib;
@ -32,7 +34,7 @@
in
lib.nixosSystem {
specialArgs = {
inherit hostName;
inherit admin hostName;
};
system = ARM;
modules = [
@ -48,7 +50,7 @@
in
lib.nixosSystem {
specialArgs = {
inherit hostName;
inherit admin hostName;
};
system = X86;
modules = [
@ -64,7 +66,7 @@
in
lib.nixosSystem {
specialArgs = {
inherit hostName;
inherit admin hostName;
};
system = X86;
modules = [
@ -80,7 +82,7 @@
in
lib.nixosSystem {
specialArgs = {
inherit hostName;
inherit admin hostName;
};
system = X86;
modules = [
@ -96,7 +98,7 @@
in
lib.nixosSystem {
specialArgs = {
inherit hostName;
inherit admin hostName;
};
system = X86;
modules = [
@ -112,7 +114,24 @@
in
lib.nixosSystem {
specialArgs = {
inherit hostName;
inherit admin hostName;
};
system = X86;
modules = [
./nix
default
];
};
haze =
let
user = "cesar";
hostName = "haze";
default = ./. + "/host/${hostName}";
in
lib.nixosSystem {
specialArgs = {
inherit admin user hostName;
};
system = X86;
modules = [
@ -135,7 +154,7 @@
};
in
{
"toph@caenus" =
"${admin}@caenus" =
let
hostName = "caenus";
pkgs = armPkgs;
@ -144,12 +163,12 @@
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit hostName;
inherit admin user hostName;
};
modules = [ home ];
};
"toph@cloud" =
"${admin}@cloud" =
let
hostName = "cloud";
pkgs = x86Pkgs;
@ -158,12 +177,12 @@
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit hostName;
inherit admin user hostName;
};
modules = [ home ];
};
"toph@komodo" =
"${admin}@komodo" =
let
hostName = "komodo";
pkgs = x86Pkgs;
@ -172,12 +191,12 @@
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit hostName;
inherit admin user hostName;
};
modules = [ home ];
};
"toph@nix" =
"${admin}@nix" =
let
hostName = "nix";
pkgs = x86Pkgs;
@ -186,12 +205,12 @@
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit hostName;
inherit admin user hostName;
};
modules = [ home ];
};
"toph@proxy" =
"${admin}@proxy" =
let
hostName = "proxy";
pkgs = x86Pkgs;
@ -200,12 +219,12 @@
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit hostName;
inherit admin user hostName;
};
modules = [ home ];
};
"toph@rune" =
"${admin}@rune" =
let
hostName = "rune";
pkgs = x86Pkgs;
@ -215,7 +234,53 @@
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit hostName zen;
inherit
admin
user
hostName
zen
;
};
modules = [ home ];
};
"${admin}@haze" =
let
user = "cesar";
hostName = "haze";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
zen = zen-browser.packages."${X86}".beta;
in
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
admin
user
hostName
zen
;
};
modules = [ home ];
};
"cesar@haze" =
let
hostName = "haze";
pkgs = x86Pkgs;
home = ./. + "/host/${hostName}/home";
zen = zen-browser.packages."${X86}".beta;
in
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = {
inherit
admin
user
hostName
zen
;
};
modules = [ home ];
};

26
host/cloud/hardware.nix
View file

@ -1,3 +1,7 @@
{
admin,
...
}:
{
# for sshfs
programs.fuse.userAllowOther = true;
@ -6,19 +10,33 @@
"/pool" = {
fsType = "fuse.mergerfs";
device = "/mnt/data*";
options = ["direct_io" "defaults" "allow_other" "minfreespace=50G" "fsname=mergerfs" "category.create=mfs" "nonempty"];
options = [
"direct_io"
"defaults"
"allow_other"
"minfreespace=50G"
"fsname=mergerfs"
"category.create=mfs"
"nonempty"
];
};
"/home/toph/git" = {
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = ["bind" "nofail"];
options = [
"bind"
"nofail"
];
};
"/var/lib/nextcloud" = {
fsType = "none";
device = "/pool/NextCloud";
options = ["bind" "nofail"];
options = [
"bind"
"nofail"
];
};
};
}

81
host/haze/default.nix Normal file
View file

@ -0,0 +1,81 @@
{
modulesPath,
config,
pkgs,
hostName,
user,
...
}:
{
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Modules
./modules/steam
./modules/gnome
];
## USERS ##
users.mutableUsers = false;
users.users."${user}" = {
isNormalUser = true;
createHome = true;
description = "${user}";
homeMode = "750";
home = "/home/${user}";
password = "198913";
extraGroups = [
"networkmanager"
"wheel"
"i2c"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
};
## NETWORKING ##
networking.networkmanager.enable = true;
## ENVIORMENT & PACKAGES ##
environment.systemPackages = with pkgs; [
ddcutil
git
micro
nixfmt-rfc-style
openssh
ranger
sshfs
wezterm
wget
];
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
programs.java = {
enable = true;
package = pkgs.jdk;
};
environment.variables = {
HOSTNAME = hostName;
GTK_THEME = "Gruvbox-Dark";
};
}

80
host/haze/hardware.nix Normal file
View file

@ -0,0 +1,80 @@
{
config,
lib,
pkgs,
modulesPath,
admin,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
# Bootloader
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelModules = [
"kvm-amd"
"i2c-dev"
];
# for ddcutil to work
hardware.i2c.enable = true;
services.udev.extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
programs.fuse.userAllowOther = true;
fileSystems = {
# "/" = {
# device = "/dev/disk/by-uuid/28a9ac4d-1e87-4731-9c06-916711d83cb2";
# fsType = "ext4";
# };
# "/boot" = {
# device = "/dev/disk/by-uuid/B182-E50E";
# fsType = "vfat";
# options = [
# "fmask=0077"
# "dmask=0077"
# ];
# };
"/pool" = {
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/81b6fa27-af94-41d4-9070-8754087a4c26"; } ];
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

43
host/haze/home/default.nix Normal file
View file

@ -0,0 +1,43 @@
{
pkgs,
zen,
config,
...
}:
{
# Module imports
imports = [
# Common Modules
../../../common/home
# ../../../common/git
../../../common/vscode
# Modules
../modules/gnome/home.nix
];
# Enables app shorcuts
targets.genericLinux.enable = true;
xdg.mime.enable = true;
xdg.systemDirs.data = [ "${config.home.homeDirectory}/.nix-profile/share/applications" ];
home.packages = with pkgs; [
chafa
fastfetch
fish
fishPlugins.grc
fishPlugins.tide
grc
inspector
monocraft
nerd-fonts.fira-code
nodejs_22
pnpm
prettierd
prismlauncher
spotify
telegram-desktop
vesktop
zen
];
}

56
host/haze/modules/gnome/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ pkgs, ... }:
{
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
# Configure keymap in X11
xkb = {
layout = "us";
variant = "";
};
};
services.udev.packages = with pkgs; [ gnome-settings-daemon ];
environment.systemPackages = with pkgs; [
gnome-tweaks
gnomeExtensions.appindicator
gnomeExtensions.blur-my-shell
gnomeExtensions.clipboard-indicator
gnomeExtensions.dash-to-panel
gnomeExtensions.tiling-shell
gnomeExtensions.vitals
];
environment.gnome.excludePackages = (
with pkgs;
[
atomix # puzzle game
epiphany # web browser
evince # document viewer
gedit # text editor
gnome-maps
gnome-music
gnome-photos
gnome-tour
gnomeExtensions.applications-menu
gnomeExtensions.launch-new-instance
gnomeExtensions.light-style
gnomeExtensions.places-status-indicator
gnomeExtensions.status-icons
gnomeExtensions.system-monitor
gnomeExtensions.window-list
gnomeExtensions.windownavigator
gnomeExtensions.control-monitor-brightness-and-volume-with-ddcutil
hitori # sudoku game
iagno # go game
tali # poker game
yelp
]
);
}

147
host/haze/modules/gnome/home.nix Normal file
View file

@ -0,0 +1,147 @@
{
pkgs,
config,
lib,
...
}:
{
home.packages = with pkgs; [
gruvbox-gtk-theme
papirus-icon-theme
numix-cursor-theme
];
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
theme = {
name = "Gruvbox-Dark";
package = pkgs.gruvbox-gtk-theme;
};
cursorTheme = {
name = "Numix-Cursor";
package = pkgs.numix-cursor-theme;
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
};
dconf = {
enable = true;
settings = {
"org/gnome/shell" = {
favorite-apps = [
"org.gnome.Nautilus.desktop"
"org.wezfurlong.wezterm.desktop"
"zen.desktop"
"spotify.desktop"
"vesktop.desktop"
"org.telegram.desktop.desktop"
"code.desktop"
"Marvel Rivals.desktop"
"steam.desktop"
];
disable-user-extensions = false;
enabled-extensions = with pkgs.gnomeExtensions; [
appindicator.extensionUuid
blur-my-shell.extensionUuid
clipboard-indicator.extensionUuid
dash-to-panel.extensionUuid
native-window-placement.extensionUuid
screenshot-window-sizer.extensionUuid
tiling-shell.extensionUuid
user-themes.extensionUuid
vitals.extensionUuid
control-monitor-brightness-and-volume-with-ddcutil.extensionUuid
];
};
## Fix some annoying keybindings
"org/gnome/desktop/wm/keybindings" = {
close = [ "<Super>q" ];
switch-to-workspace-up = [ "" ];
switch-to-workspace-down = [ "" ];
shift-overview-up = [ "" ];
shift-overview-down = [ "" ];
toggle-application-view = [ "" ];
toggle-message-tray = [ "<Super>a" ];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings" = {
custom0 = "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
name = "Terminal";
command = "wezterm";
binding = "<Super>t";
};
"org/gnome/desktop/peripherals/mouse" = {
speed = 0.0;
natural-scroll = false;
accel-profile = "flat";
};
"org/gnome/desktop/input-sources/xkb-options" = {
xkb-options = [
"compose:menu"
"lv3:ralt_switch"
"terminate:ctrl_alt_bksp"
];
};
"org/gnome/shell/extensions/clipboard-indicator" = {
toggle-menu = [ "<Super>v" ];
cache-size = 120;
history-size = 40;
pinned-on-bottom = true;
};
"org/gnome/shell/extensions/blur-my-shell/panel" = {
static-blur = false;
sigma = 50;
};
"org/gnome/shell/extensions/dash-to-panel" = {
appicon-margin = 6;
appicon-padding = 8;
dot-position = "TOP";
dot-style-focused = "DASHES";
dot-style-unfocused = "DASHES";
multi-monitors = false;
panel-positions = builtins.toJSON {
"0" = "TOP";
"1" = "TOP";
};
scroll-icon-action = "CYCLE_WINDOWS";
scroll-panel-action = "SWITCH_WORKSPACE";
trans-panel-opacity = "0.40";
trans-use-custom-opacity = true;
tray-padding = 8;
};
"org/gnome/shell/extensions/user-theme" = {
name = "Gruvbox-Dark";
};
};
};
}

8
host/haze/modules/steam/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
programs.steam = {
enable = true;
# remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
# localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
}

15
host/komodo/hardware.nix
View file

@ -1,23 +1,30 @@
{
admin,
...
}:
{
programs.fuse.userAllowOther = true;
fileSystems = {
"/pool" = {
device = "toph@104.40.4.24:/pool";
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/toph/.ssh/pve"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/toph/git" = {
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = ["bind" "nofail"];
options = [
"bind"
"nofail"
];
};
};
}

13
host/komodo/modules/komodo/default.nix
View file

@ -1,5 +1,10 @@
# Auto-generated using compose2nix v0.3.1.
{ pkgs, lib, ... }:
{
pkgs,
lib,
admin,
...
}:
{
# Runtime
@ -42,7 +47,7 @@
"PERIPHERY_SSL_ENABLED" = "true";
};
environmentFiles = [
"/home/toph/git/dotfiles/host/komodo/modules/komodo/komodo.env"
"/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
];
volumes = [
"/mnt/DockerStorage/komodo/cache:/repo-cache:rw"
@ -93,7 +98,7 @@
"MONGO_INITDB_ROOT_USERNAME" = "admin";
};
environmentFiles = [
"/home/toph/git/dotfiles/host/komodo/modules/komodo/komodo.env"
"/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
];
volumes = [
"/mnt/DockerStorage/komodo/mongo/config:/data/configdb:rw"
@ -170,7 +175,7 @@
"PERIPHERY_STACK_DIR" = "/mnt/DockerStorage/komodo/stacks";
};
environmentFiles = [
"/home/toph/git/dotfiles/host/komodo/modules/komodo/komodo.env"
"/home/${admin}/git/dotfiles/host/komodo/modules/komodo/komodo.env"
];
volumes = [
"/proc:/proc:rw"

15
host/nix/hardware.nix
View file

@ -1,23 +1,30 @@
{
admin,
...
}:
{
programs.fuse.userAllowOther = true;
fileSystems = {
"/pool" = {
device = "toph@104.40.4.24:/pool";
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/toph/.ssh/pve"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/toph/git" = {
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = ["bind" "nofail"];
options = [
"bind"
"nofail"
];
};
};
}

15
host/proxy/hardware.nix
View file

@ -1,23 +1,30 @@
{
admin,
...
}:
{
programs.fuse.userAllowOther = true;
fileSystems = {
"/pool" = {
device = "toph@104.40.4.24:/pool";
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/toph/.ssh/pve"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/toph/git" = {
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = ["bind" "nofail"];
options = [
"bind"
"nofail"
];
};
};
}

7
host/rune/hardware.nix
View file

@ -3,6 +3,7 @@
lib,
pkgs,
modulesPath,
admin,
...
}:
{
@ -51,18 +52,18 @@
};
"/pool" = {
device = "toph@104.40.4.24:/pool";
device = "${admin}@104.40.4.24:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/toph/.ssh/pve"
"identityfile=/home/${admin}/.ssh/pve"
];
};
"/home/toph/git" = {
"/home/${admin}/git" = {
fsType = "none";
device = "/pool/git";
options = [

12
nix/default.nix
View file

@ -1,14 +1,15 @@
{
modulesPath,
admin,
config,
pkgs,
hostName,
modulesPath,
pkgs,
...
}:
let
admin = "toph";
# admin = "toph";
password = "[REDACTED]";
timeZone = "America/New_York";
defaultLocale = "en_US.UTF-8";
@ -35,10 +36,11 @@ in
users.users."${admin}" = {
isNormalUser = true;
createHome = true;
description = "Toph";
description = "Admin";
homeMode = "750";
home = "/home/${admin}";
password = password;
uid = 1000;
extraGroups = [
"networkmanager"
"wheel"
@ -83,7 +85,7 @@ in
## NIXOS ##
systemd.tmpfiles.rules = [
"d /home/toph/git 0750 toph users -"
"d /home/${admin}/git 0750 ${admin} users -"
];
# Allow unfree packages