diff --git a/flake.lock b/flake.lock index b71344d..64f354e 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,43 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -84,6 +121,37 @@ "type": "github" } }, + "git-hooks-nix": { + "inputs": { + "flake-compat": [ + "nix" + ], + "gitignore": [ + "nix" + ], + "nixpkgs": [ + "nix", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -91,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747875884, - "narHash": "sha256-tdVx4kghhdy62LKuTnwE2RytOe8o88tah/yhpyuL0D4=", + "lastModified": 1748227609, + "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "owner": "nix-community", "repo": "home-manager", - "rev": "f9186c64fcc6ee5f0114547acf9e814c806a640b", + "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "type": "github" }, "original": { @@ -104,6 +172,28 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "git-hooks-nix": "git-hooks-nix", + "nixpkgs": "nixpkgs", + "nixpkgs-23-11": "nixpkgs-23-11", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1748188105, + "narHash": "sha256-skPu7lTZrTr6gShsN47IGPUX4+Y0CbI2gl8tG3Dh7hM=", + "owner": "NixOS", + "repo": "nix", + "rev": "543cee1c9272238f9402e5643402b99f952415c3", + "type": "github" + }, + "original": { + "id": "nix", + "type": "indirect" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -111,11 +201,11 @@ ] }, "locked": { - "lastModified": 1747820204, - "narHash": "sha256-oY/mH8K1LOd+YbO58sw9ORtOdTxy3rR9lvTzOJKVUtA=", + "lastModified": 1748149228, + "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e2676937faf868111dcea6a4a9cf4b6549907c9d", + "rev": "a9939228f661df370c4094fe85f683e45d761dbe", "type": "github" }, "original": { @@ -127,11 +217,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { @@ -141,6 +231,38 @@ "type": "github" } }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1741992157, @@ -173,13 +295,30 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "ghostty": "ghostty", "home-manager": "home-manager", + "nix": "nix", "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" } }, "systems": { diff --git a/flake.nix b/flake.nix index 58621df..21579dd 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,4 @@ -{ + { description = "thegeneralist's config flake"; inputs = { @@ -20,14 +20,22 @@ ghostty = { url = "github:ghostty-org/ghostty"; }; + # wrapper-manager = { + # url = "github:viperML/wrapper-manager"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + #nix.url = "github:DeterminateSystems/nix-src"; }; - outputs = inputs@{ self, nixpkgs, ... }: let + outputs = inputs@{ self, nixpkgs, nix-darwin, nix, ... }: let inherit (builtins) readDir; - inherit (nixpkgs.lib) attrsToList const groupBy listToAttrs mapAttrs; + inherit (nixpkgs.lib) attrsToList const groupBy listToAttrs mapAttrs last mkOption splitString; + #nix.enable = false; + + lib = nixpkgs.lib // nix-darwin.lib; targetHost = readDir ./hosts - |> mapAttrs (name: const <| import ./hosts/${name} nixpkgs.lib inputs self) + |> mapAttrs (name: const <| import ./hosts/${name} lib inputs self) |> attrsToList |> groupBy (host: if host.name == "thegeneralist" then diff --git a/hosts/thegeneralist-mbp/configuration.nix b/hosts/thegeneralist-mbp/configuration.nix index 6c1f167..7b1aad1 100644 --- a/hosts/thegeneralist-mbp/configuration.nix +++ b/hosts/thegeneralist-mbp/configuration.nix @@ -5,28 +5,24 @@ { self, config, pkgs, lib, inputs, ... }: { - imports = - [ - ./hardware-configuration.nix - inputs.agenix.darwinModules.default - # inputs.home-manager.darwinModules.default - ]; - - # age.secrets.hostkey.file = ./hostkey.age; - # services.openssh.hostKeys = [{ - # type = "ed25519"; - # path = config.age.secrets.hostkey.path; - # }]; + imports = [ ./hardware-configuration.nix ]; users.users.thegeneralist = { name = "thegeneralist"; home = "/Users/thegeneralist"; - shell = pkgs.nushell; + shell = pkgs.zsh; # openssh.authorizedKeys.keys = let # inherit (import ../../keys.nix) thegeneralist; # in [ thegeneralist ]; }; + # home-manager = { + # extraSpecialArgs = { inherit inputs; }; + # users = { + # thegeneralist = import (self + /modules/home); + # }; + # }; + # home-manager.users.thegeneralist.home = { # stateVersion = "24.11"; # homeDirectory = "/Users/thegeneralist"; diff --git a/hosts/thegeneralist-mbp/default.nix b/hosts/thegeneralist-mbp/default.nix index 0c5c014..e454746 100644 --- a/hosts/thegeneralist-mbp/default.nix +++ b/hosts/thegeneralist-mbp/default.nix @@ -1,6 +1,22 @@ -lib: inputs: self: lib.nixosSystem { +lib: inputs: self: lib.darwinSystem { specialArgs = inputs // { inherit inputs; inherit self; }; modules = [ + # Extensions: nixosModules, darwinModules, overlays + ({ pkgs, lib, inputs, ... }: let + inherit (lib) attrValues hasAttrByPath getAttrFromPath filter; + + collect = packagePath: (attrValues inputs) + |> filter (hasAttrByPath packagePath) + |> map (getAttrFromPath packagePath); + + modules = collect [ "darwinModules" "default" ]; + # todo + extensions = { + nixpkgs.overlays = collect [ "overlays" "default" ]; + imports = modules; + }; + in extensions) + ./configuration.nix # Modules @@ -11,16 +27,5 @@ lib: inputs: self: lib.nixosSystem { in { imports = commonModules ++ darwinModules; }) - - # Overlays - ({ pkgs, lib, ... }: let - inherit (lib) attrValues hasAttrByPath getAttrFromPath filter; - packagePath = [ "overlays" "default" ]; - overlays = (attrValues inputs) - |> filter (hasAttrByPath packagePath) - |> map (getAttrFromPath packagePath); - in { - nixpkgs.overlays = overlays; - }) ]; } diff --git a/hosts/thegeneralist-mbp/hostkey.age b/hosts/thegeneralist-mbp/hostkey.age deleted file mode 100644 index 093a311..0000000 Binary files a/hosts/thegeneralist-mbp/hostkey.age and /dev/null differ diff --git a/hosts/thegeneralist/configuration.nix b/hosts/thegeneralist/configuration.nix index 94915ab..d3451a9 100644 --- a/hosts/thegeneralist/configuration.nix +++ b/hosts/thegeneralist/configuration.nix @@ -5,18 +5,7 @@ { self, config, pkgs, lib, inputs, ... }: { - imports = - [ - ./hardware-configuration.nix - inputs.agenix.nixosModules.default - inputs.home-manager.nixosModules.default - ]; - - age.secrets.hostkey.file = ./hostkey.age; - services.openssh.hostKeys = [{ - type = "ed25519"; - path = config.age.secrets.hostkey.path; - }]; + imports = [ ./hardware-configuration.nix ]; users.users.thegeneralist = { isNormalUser = true; @@ -36,6 +25,12 @@ }; }; + age.secrets.hostkey.file = ./hostkey.age; + services.openssh.hostKeys = [{ + type = "ed25519"; + path = config.age.secrets.hostkey.path; + }]; + # Some programs services.libinput.enable = true; programs.firefox.enable = true; diff --git a/hosts/thegeneralist/default.nix b/hosts/thegeneralist/default.nix index 3b54984..aef3ca8 100644 --- a/hosts/thegeneralist/default.nix +++ b/hosts/thegeneralist/default.nix @@ -1,21 +1,30 @@ lib: inputs: self: lib.nixosSystem { specialArgs = inputs // { inherit inputs; inherit self; }; modules = [ - ./configuration.nix - ({ pkgs, ... }: let - inherit (lib) filter hasSuffix; - modules = lib.filesystem.listFilesRecursive ../../modules/linux |> filter (hasSuffix ".nix"); - in { - imports = modules; - }) + # Extensions: nixosModules, darwinModules, overlays ({ pkgs, lib, ... }: let inherit (lib) attrValues hasAttrByPath getAttrFromPath filter; - packagePath = [ "overlays" "default" ]; - overlays = (attrValues inputs) + + collect = packagePath: (attrValues inputs) |> filter (hasAttrByPath packagePath) |> map (getAttrFromPath packagePath); + + modules = collect [ "nixosModules" "default" ]; + extensions = modules // { + nixpkgs.overlays = collect [ "overlays" "default" ]; + imports = modules; + }; + in extensions) + + ./configuration.nix + + # Modules + ({ pkgs, ... }: let + inherit (lib) filter hasSuffix; + commonModules = lib.filesystem.listFilesRecursive ../../modules/common |> filter (hasSuffix ".nix"); + linuxModules = lib.filesystem.listFilesRecursive ../../modules/linux |> filter (hasSuffix ".nix"); in { - nixpkgs.overlays = overlays; + imports = commonModules ++ linuxModules; }) ]; } diff --git a/modules/linux/agenix.nix b/modules/common/agenix.nix similarity index 72% rename from modules/linux/agenix.nix rename to modules/common/agenix.nix index fbff72a..ad41979 100644 --- a/modules/linux/agenix.nix +++ b/modules/common/agenix.nix @@ -4,6 +4,6 @@ ]; age.identityPaths = [ - "/home/thegeneralist/.ssh/id_ed25519" + "~/.ssh/id_ed25519" ]; } diff --git a/modules/common/custom-options.nix b/modules/common/custom-options.nix new file mode 100644 index 0000000..05b94b1 --- /dev/null +++ b/modules/common/custom-options.nix @@ -0,0 +1,11 @@ +{ lib, pkgs, ... }: + +{ + options = { + onLinux = lib.mkOption { + type = lib.types.bool; + default = pkgs.stdenv.isLinux; + description = "Whether the system is running on Linux"; + }; + }; +} diff --git a/modules/common/default.nix b/modules/common/default.nix deleted file mode 100644 index 0967ef4..0000000 --- a/modules/common/default.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/modules/common/dns-options.nix b/modules/common/dns-options.nix new file mode 100644 index 0000000..e6e71b3 --- /dev/null +++ b/modules/common/dns-options.nix @@ -0,0 +1,13 @@ +{ lib, options, ... }: let + inherit (lib) mkOption; +in { + options.dnsServers = mkOption { + default = [ + "45.90.28.0#365fed.dns.nextdns.io" + "2a07:a8c0::#365fed.dns.nextdns.io" + "45.90.30.0#365fed.dns.nextdns.io" + "2a07:a8c1::#365fed.dns.nextdns.io" + "100.100.100.100#shorthair-wall.ts.net" + ]; + }; +} diff --git a/modules/common/ghostty.nix b/modules/common/ghostty.nix new file mode 100644 index 0000000..30a6db0 --- /dev/null +++ b/modules/common/ghostty.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: { + # environment.variables = { + # TERMINAL = "ghostty"; + # }; + # + # home-manager.sharedModules = [{ + # programs.ghostty = { + # enable = true; + # package = pkgs.ghostty; + # + # clearDefaultKeybinds = false; + # settings = { + # theme = "tokyonight"; + # font-family = "JetBrainsMono NL NFM Medium"; + # font-size = 16; + # + # shell-integration-features = "no-cursor"; + # + # cursor-style = "block"; + # background-opacity = 1; + # + # background-blur-radius = 0; + # + # gtk-titlebar = false; + # mouse-hide-while-typing = true; + # }; + # }; + # }]; +} diff --git a/modules/linux/git.nix b/modules/common/git.nix similarity index 100% rename from modules/linux/git.nix rename to modules/common/git.nix diff --git a/modules/common/home-manager.nix b/modules/common/home-manager.nix new file mode 100644 index 0000000..3eca196 --- /dev/null +++ b/modules/common/home-manager.nix @@ -0,0 +1,6 @@ +{ + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; +} diff --git a/modules/linux/neovim.nix b/modules/common/neovim.nix similarity index 64% rename from modules/linux/neovim.nix rename to modules/common/neovim.nix index 0dabc89..ef97d93 100644 --- a/modules/linux/neovim.nix +++ b/modules/common/neovim.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: { +{ pkgs, options, lib, ... }: { environment.variables.EDITOR = "nvim"; home-manager.sharedModules = [{ @@ -27,15 +27,18 @@ #llvmPackages_20.clangWithLibcAndBasicRtAndLibcxx ]; - home.file.".config/i3status" = { - source = ../home/dotfiles/i3status; - force = true; - recursive = true; + home.file = lib.mkIf options.onLinux { + ".config/i3status" = { + source = ../home/dotfiles/i3status; + force = true; + recursive = true; + }; }; - }]; - programs.npm.npmrc = '' - prefix=~/.npm-packages - color=true - ''; + # TODO: this + # programs.npm.npmrc = '' + # prefix=~/.npm-packages + # color=true + # ''; + }]; } diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..0a97149 --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, ...}: { + # todo: gc + # todo: cache + environment.systemPackages = with pkgs; [ + nh + ]; + + lib.debug.traceVal = pkgs.nh; + + nix.settings.experimental-features = [ + "flakes" + "nix-command" + "pipe-operators" + ]; + + home-manager.sharedModules = [{ + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 4d --keep 3"; + flake = "~/config"; + }; + }]; +} diff --git a/modules/linux/nushell/config.nu b/modules/common/nushell/config.nu similarity index 76% rename from modules/linux/nushell/config.nu rename to modules/common/nushell/config.nu index 2351790..6bd9afd 100644 --- a/modules/linux/nushell/config.nu +++ b/modules/common/nushell/config.nu @@ -1,6 +1,18 @@ $env.config.buffer_editor = "/home/thegeneralist/.nix-profile/bin/nvim" $env.config.show_banner = false +$env.config = { + shell_integration: { + osc2: false + osc7: true + osc8: true + osc9_9: false + osc133: true + osc633: true + reset_application_mode: true + } +} + # Basic Aliases alias v = nvim . alias ff = fastfetch --load-config examples/10.jsonc diff --git a/modules/linux/nushell/default.nix b/modules/common/nushell/default.nix similarity index 55% rename from modules/linux/nushell/default.nix rename to modules/common/nushell/default.nix index ebc112d..7e1bc21 100644 --- a/modules/linux/nushell/default.nix +++ b/modules/common/nushell/default.nix @@ -1,11 +1,32 @@ -{ config, pkgs, lib, ... }: let - inherit (lib) readFile; +{ config, pkgs, lib, wrapper-manager, ... }: let + inherit (lib) readFile getExe mkIf optionalAttrs; in { # TODO: starship + change the zoxide src # TODO: Rust tooling - environment = { + home-manager.sharedModules = [ + (homeArgs: { + xdg = { + enable = true; + configHome = "~/.config"; + }; + programs.nushell = { + enable = true; + package = pkgs.nushell; + configFile.text = readFile ./config.nu; + envFile.text = readFile ./env.nu; + environmentVariables = config.environment.variables // homeArgs.config.home.sessionVariables; + }; + }) + ]; + + environment = optionalAttrs config.onLinux { + sessionVariables.SHELLS = getExe pkgs.nushell; + } // { + shells = mkIf (!config.onLinux) [ pkgs.nushell pkgs.zsh ]; + systemPackages = with pkgs; [ nushell + fish zoxide ripgrep jq @@ -37,13 +58,4 @@ in { rb = "nh os switch . -v -- --show-trace --verbose"; }; }; - - home-manager.sharedModules = [{ - programs.nushell = { - enable = true; - configFile.text = readFile ./config.nu; - envFile.text = readFile ./env.nu; - environmentVariables = config.environment.variables; - }; - }]; } diff --git a/modules/linux/nushell/env.nu b/modules/common/nushell/env.nu similarity index 81% rename from modules/linux/nushell/env.nu rename to modules/common/nushell/env.nu index f785e39..55b4e71 100644 --- a/modules/linux/nushell/env.nu +++ b/modules/common/nushell/env.nu @@ -1,6 +1,12 @@ - +$env.ENV_CONVERSIONS.PATH = { + from_string: {|string| + $string | split row (char esep) | path expand --no-symlink + } + to_string: {|value| + $value | path expand --no-symlink | str join (char esep) + } +} # NVM -# TODO: this # source ("/Users/thegeneralist/.nvm/" | path join "nvm.sh") # GPG TTY diff --git a/modules/common/packages.nix b/modules/common/packages.nix new file mode 100644 index 0000000..ac02d54 --- /dev/null +++ b/modules/common/packages.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, ...}: let + inherit (lib) attrValues; +in { + environment.systemPackages = attrValues { + inherit (pkgs) + wget + zsh + neovim + vim + home-manager + ; + }; +} diff --git a/modules/common/tailscale.nix b/modules/common/tailscale.nix new file mode 100644 index 0000000..5d22716 --- /dev/null +++ b/modules/common/tailscale.nix @@ -0,0 +1,7 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + }; + + networking.search = [ "shorthair-wall.ts.net" ]; +} diff --git a/modules/linux/zsh.nix b/modules/common/zsh.nix similarity index 100% rename from modules/linux/zsh.nix rename to modules/common/zsh.nix diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix deleted file mode 100644 index 8b13789..0000000 --- a/modules/darwin/default.nix +++ /dev/null @@ -1 +0,0 @@ - diff --git a/modules/darwin/dns.nix b/modules/darwin/dns.nix new file mode 100644 index 0000000..cfa53b7 --- /dev/null +++ b/modules/darwin/dns.nix @@ -0,0 +1,11 @@ +{ config, lib, ... }: { + networking.knownNetworkServices = [ + "Wi-Fi" + "Firewall" + "Thunderbolt Bridge" + ]; + + networking.dns = config.dnsServers + |> map (lib.splitString "#") + |> map lib.head; +} diff --git a/modules/darwin/ssh.nix b/modules/darwin/ssh.nix new file mode 100644 index 0000000..b6eeca2 --- /dev/null +++ b/modules/darwin/ssh.nix @@ -0,0 +1,14 @@ +# { lib, ... }: let +# sshOptions = { +# PermitRootLogin = "no"; +# PasswordAuthentication = "no"; +# }; +# in { +# services.openssh = { +# enable = true; +# extraConfig = sshOptions +# |> lib.mapAttrsToList (name: value: "${name} ${value}") +# |> lib.concatStringsSep "\n"; +# }; +# } +{} diff --git a/modules/home/default.nix b/modules/home/default.nix index eb742af..4c97a18 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,10 +1,8 @@ -{ config, pkgs, inputs, lib, ... }: { +{ config, options, pkgs, inputs, lib, ... }: { home.username = "thegeneralist"; - home.homeDirectory = "/home/thegeneralist"; + home.homeDirectory = if options.onLinux then "/home/thegeneralist" else "/Users/thegeneralist"; home.packages = with pkgs; [ - android-tools - zip xz unzip diff --git a/modules/linux/dns.nix b/modules/linux/dns.nix new file mode 100644 index 0000000..fd51dec --- /dev/null +++ b/modules/linux/dns.nix @@ -0,0 +1,15 @@ +{ config, lib, ... }: let + inherit (lib) concatStringsSep; +in { + # TODO: add fallback & check other options + services.resolved = { + enable = true; + + extraConfig = config.dnsServers + |> map (server: "DNS=${server}") + |> concatStringsSep "\n"; + + dnssec = "true"; + dnsovertls = "true"; + }; +} diff --git a/modules/linux/ghostty.nix b/modules/linux/ghostty.nix deleted file mode 100644 index f60fdb8..0000000 --- a/modules/linux/ghostty.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, ... }: { - environment.variables = { - TERMINAL = "ghostty"; - }; - - home-manager.sharedModules = [{ - programs.ghostty = { - enable = true; - package = pkgs.ghostty; - - clearDefaultKeybinds = false; - settings = { - theme = "tokyonight"; - font-family = "JetBrainsMono NL NFM Medium"; - font-size = 16; - - shell-integration-features = "no-cursor"; - - cursor-style = "block"; - background-opacity = 1; - - background-blur-radius = 0; - - gtk-titlebar = false; - mouse-hide-while-typing = true; - }; - }; - }]; -} diff --git a/modules/linux/nix.nix b/modules/linux/nix.nix deleted file mode 100644 index 3396fa5..0000000 --- a/modules/linux/nix.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - # todo: gc - nix.settings.experimental-features = [ - "flakes" - "nix-command" - "pipe-operators" - ]; -} diff --git a/modules/linux/packages.nix b/modules/linux/packages.nix index 5615d58..bb71e74 100644 --- a/modules/linux/packages.nix +++ b/modules/linux/packages.nix @@ -1,13 +1,8 @@ -{ pkgs, lib, agenix, ...}: let +{ pkgs, lib, ...}: let inherit (lib) attrValues; in { environment.systemPackages = attrValues { inherit (pkgs) - wget - zsh - neovim - vim - home-manager protonup-qt pipewire pwvucontrol diff --git a/modules/linux/ssh.nix b/modules/linux/ssh.nix index d7156aa..cc414db 100644 --- a/modules/linux/ssh.nix +++ b/modules/linux/ssh.nix @@ -6,8 +6,4 @@ PasswordAuthentication = false; }; }; - - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 22 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; } diff --git a/modules/linux/tailscale.nix b/modules/linux/tailscale.nix index 0956059..81d5a9c 100644 --- a/modules/linux/tailscale.nix +++ b/modules/linux/tailscale.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, ...}: { age.secrets.tailscaleMarshall.file = ./tailscale-marshall.age; services.tailscale = { enable = true; @@ -11,7 +11,10 @@ authKeyFile = config.age.secrets.tailscaleMarshall.path; }; - networking.nameservers = [ "100.100.100.100" "8.8.8.8" "1.1.1.1" ]; - networking.search = [ "shorthair-wall.ts.net" ]; + networking.firewall.enable = true; networking.firewall.trustedInterfaces = [ "tailscale0" ]; + + # for SSH + networking.firewall.allowedTCPPorts = [ 22 ]; + networking.nameservers = [ "100.100.100.100" "8.8.8.8" "1.1.1.1" ]; }