mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initial release

Browse source
This commit is contained in:
Lauren Lagarde 2025-03-03 23:07:58 -06:00
commit 8fbb25bbac
53 changed files with 1648 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
result
*.swp

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "users/lauren_lagarde/home-manager"]
path = users/lauren_lagarde/home-manager
url = https://git.mlaga97.space/mlaga97/home-manager.git

1
apply.sh Normal file
View file

@ -0,0 +1 @@
nix build -L .?submodules=1#$HOSTNAME

1
build_iso.sh Normal file
View file

@ -0,0 +1 @@
nix build -L .?submodules=1#packages.x86_64-linux.$1

1
clear_secrets.sh Normal file
View file

@ -0,0 +1 @@
rm -rf ./secrets

78
example_flake.nix Normal file
View file

@ -0,0 +1,78 @@
{
description = "Lauren's Example Stub Flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager/release-24.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
# Extras
waveforms.url = "github:liff/waveforms-flake";
};
outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, nixos-generators, waveforms, ... }@inputs: let
system = "x86_64-linux";
timezone = "America/Chicago";
locale = "en_US.UTF-8";
unstable = nixpkgs-unstable.legacyPackages.${system};
iso_modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
{ isoImage.squashfsCompression = "zstd"; }
];
# Look into: https://git.sr.ht/~magic_rb/dotfiles/tree/master/item/nixos/systems/gooseberry
pi_modules = [{
# Disabling the whole `profiles/base.nix` module, which is responsible
# for adding ZFS and a bunch of other unnecessary programs:
disabledModules = [
"profiles/base.nix"
];
}];
# TODO: Surely a better way, no?
inherited_modules = [
{ time.timeZone = timezone; }
home-manager.nixosModules.home-manager
waveforms.nixosModule
];
in {
nixosConfigurations = {
ll-nixos-headless = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = iso_modules ++ [
./nixos/systems/ll-nixos-headless.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
};
packages.aarch64-linux = {
ll-nixos-headless-pi-sdcard = nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "sd-aarch64";
modules = pi_modules ++ [
./nixos/systems/ll-nixos-headless.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
};
packages.x86_64-linux = {
ll-nixos-headless-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
./nixos/systems/ll-nixos-headless.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
};
};
}

45
features/base.nix Normal file
View file

@ -0,0 +1,45 @@
{ pkgs, ... }: {
users.mutableUsers = false;
nixpkgs.config.allowUnfree = true;
services.smartd.enable = true;
boot.supportedFilesystems = [ "zfs" "ntfs" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.channel.enable = false;
# TODO: ????
networking.wireless.enable = false;
# Basic Services
services.uptimed.enable = true;
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
# Basic Utilities
environment.systemPackages = with pkgs; [
# Basic Utilities
bc pv killall unzip unrar-wrapper unar
# System Monitoring / TUI QoL Tools
btop iotop tmux byobu
# Security / Cryptography
ssss gnupg pwgen qrencode diceware
# Applications
vim_configurable
# asdf
git ffmpeg restic rclone nixos-generators
# samba libvirt tinc_pre
# File Systems
nfs-utils cifs-utils exfatprogs
];
}

23
features/br0.nix Normal file
View file

@ -0,0 +1,23 @@
{ ... }: {
networking.useNetworkd = true;
systemd.network = {
enable = true;
netdevs."20-br0".netdevConfig = {
Kind = "bridge";
Name = "br0";
};
networks = {
"40-br0" = {
matchConfig.Name = "br0";
bridgeConfig = {};
linkConfig = {
RequiredForOnline = "routable";
};
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
};
};
};
}

3
features/docker.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
virtualisation.docker.enable = true;
}

21
features/dockge.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }: {
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers = {
dockge = {
image = "louislam/dockge";
ports = [
"5001:5001"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"/opt/stacks/dockge/data:/app/data"
"/root/.docker/:/root/.docker"
"/opt/stacks:/opt/stacks"
];
environment = {
DOCKGE_STACKS_DIR = "/opt/stacks";
};
};
};
}

44
features/embedded.nix Normal file
View file

@ -0,0 +1,44 @@
{ pkgs, unstable, ... }: {
nixpkgs.config.allowUnfree = true;
nixpkgs.config.segger-jlink.acceptLicense = true;
# TODO: whygodwhy.jpg
nixpkgs.config.permittedInsecurePackages = [ "segger-jlink-qt4-796s" ];
environment.systemPackages = with pkgs; [
unstable.platformio # https://github.com/NixOS/nixpkgs/commit/0ba947ba44fc17c7cc94be2374dbfb939900cecd
segger-jlink
arduino-ide
stm32cubemx
avrdude
esptool
stlink
stlink-gui
(kicad-small.override { addons=[kicadAddons.kikit kicadAddons.kikit-library]; })
kikit
screen
prusa-slicer
esphome
librecad
pulseview
sigrok-cli
];
services.udev.packages = with pkgs; [
platformio
platformio-core
openocd
stlink
esptool
avrdude
];
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTR{idVendor}="1a86", ATTR{idProduct}=="8010", MODE="0666"
SUBSYSTEM=="usb", ATTR{idVendor}="4348", ATTR{idProduct}=="55e0", MODE="0666"
SUBSYSTEM=="usb", ATTR{idVendor}="1a86", ATTR{idProduct}=="8012", MODE="0666"
'';
}

13
features/factorio.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
(factorio.override {
username = "";
token = "";
releaseType = "alpha";
version = "1.1.107";
# nix-prefetch-url "file:///run/media/lauren_lagarde/Lauren%20USB/Applications/factorio/factorio_alpha_x64_1.1.107.tar.xz" --name factorio_alpha_x64-1.1.107.tar.xz
})
];
}

67
features/headless.nix Normal file
View file

@ -0,0 +1,67 @@
{ config, lib, pkgs, callPackage, ... }: {
##############################################################################
##############################################################################
##############################################################################
# Packages
environment.systemPackages = with pkgs; [
# Basic Utilities
bc pv killall unzip unrar-wrapper unar
# System Monitoring / TUI QoL Tools
btop iotop tmux byobu
# Backup Tools
restic rclone
# Networking Utilities
dig tinc_pre traceroute wireguard-tools iperf3
# Security / Cryptography
(pass.withExtensions (ext: with ext; [ pass-otp pass-update ]))
ssss gnupg pwgen qrencode diceware
# NixOS Helpers
nixos-generators nix-index nix-search-cli
# Applications
vim_configurable
# File Systems
nfs-utils cifs-utils exfatprogs
# Multimedia Utilities
ffmpeg imagemagick
# Services
podman-compose
units usbutils pciutils
];
##############################################################################
##############################################################################
##############################################################################
# Services
# TODO: Split this out further
services.uptimed.enable = true;
services.openssh = {
enable = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
};
};
# TODO: Attempt to use podman
virtualisation.docker.enable = true;
virtualisation.containers.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = false;
defaultNetwork.settings.dns_enabled = true;
};
}

71
features/i3.nix Normal file
View file

@ -0,0 +1,71 @@
{ pkgs, lib, unstable, ... }: {
hardware.graphics.enable32Bit = true;
##############################################################################
##############################################################################
##############################################################################
# Display Server Config
services.xserver = {
enable = true;
desktopManager = {
xterm.enable = false;
gnome.enable = true;
};
windowManager.i3.enable = true;
};
services.displayManager = {
defaultSession = "none+i3";
};
##############################################################################
##############################################################################
##############################################################################
# Packages
programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [
# Polybar
siji
polybar
font-awesome
font-awesome_5
networkmanagerapplet
# Apps
gnome-terminal
chromium
qtpass
unstable.yt-dlp
rofi
i3status
i3lock
i3blocks
nemo-with-extensions
dunst
pinentry-qt
brightnessctl
openscad-unstable
shutter
pavucontrol
arandr
blueman
sublime-merge
libreoffice
gparted
loupe
gthumb
vlc
mpv
ledger
xorg.xkill
sound-juicer
];
}

16
features/intelgpu.nix Normal file
View file

@ -0,0 +1,16 @@
{ pkgs, ... }: {
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
libvdpau-va-gl
];
};
environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
}

3
features/libvirt.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
virtualisation.libvirtd.enable = true;
}

36
features/nvidia.nix Normal file
View file

@ -0,0 +1,36 @@
# https://community.frame.work/t/egpu-gtx-1060-6gb-working-great-on-nixos-on-the-12th-gen-framework/40919
{ config, ... }: {
# Enable OpenGL
hardware.graphics.enable = true;
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

40
features/persistent_docker.nix Normal file
View file

@ -0,0 +1,40 @@
{ pkgs, lib, ... }: {
systemd.mounts = [
{
type = "ext4";
options = "rw";
what = "/dev/vda";
where = "/persistent";
}
];
systemd.automounts = [
{
wantedBy = [ "multi-user.target" ];
where = "/persistent";
}
];
virtualisation.docker.daemon.settings = {
data-root = "/persistent/docker-root";
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers = {
dockge = {
image = "louislam/dockge";
ports = [
"5001:5001"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"/persistent/stacks/dockge/data:/app/data"
"/root/.docker/:/root/.docker"
"/persistent/stacks:/persistent/stacks"
];
environment = {
DOCKGE_STACKS_DIR = "/persistent/stacks";
};
};
};
}

10
features/printing.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }: {
services.printing.enable = true;
services.printing.drivers = with pkgs; [ brlaser hplipWithPlugin ];
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
}

12
features/rtl-sdr.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, unstable, ... }: {
hardware.rtl-sdr.enable = true;
users.users.lauren_lagarde.extraGroups = [ "plugdev" ];
services.udev.packages = [ pkgs.rtl-sdr ];
environment.systemPackages = with pkgs; [
gnuradio
soapyrtlsdr
gqrx
];
}

13
features/stronghold-binary-cache.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }: {
nix.settings = {
substituters = [
"http://nix-cache.stronghold.mlaga97.space"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-cache.stronghold.mlaga97.space:RR2S/XWXGjACgAeN30qWCgG1wySOyTGtup8Os3yrdQw="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}

10
features/virtualbox.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }: {
virtualisation.libvirtd.enable = false;
virtualisation.virtualbox = {
host = {
enable = true;
enableExtensionPack = true;
};
};
}

17
features/yubikey.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, lib, ... }: {
environment.systemPackages = with pkgs; [
yubikey-personalization
];
services.udev.packages = with pkgs; [
yubikey-personalization
];
services.pcscd.enable = true;
programs.ssh.startAgent = false;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}

255
flake.lock generated Normal file
View file

@ -0,0 +1,255 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1736864502,
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.11.0",
"repo": "disko",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1735344290,
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732605668,
"narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
"rev": "f19bd752910bbe3a861c9cad269bd078689d50fe",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
}
},
"nixlib": {
"locked": {
"lastModified": 1711241261,
"narHash": "sha256-knrTvpl81yGFHIpm1SsLDApe0thFkw1cl3ISAMPmP/0=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b2a1eeef8c185f6bd27432b053ff09d773244cbc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729472750,
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1736241350,
"narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1723175592,
"narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1735531152,
"narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1,
"narHash": "sha256-QJFvxzBCZHVjWApIe4KaxC3gRd5d1QgDT3xJNetMwVE=",
"path": "/nix/store/n9acswl48815yv56dqwszbm2s80rlf7r-nixos-24.05.20240531.805a384/nixos",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"lix-module": "lix-module",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"waveforms": "waveforms"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"waveforms": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1722915115,
"narHash": "sha256-kkH01G1ViT7N/0gNQVcsPMxyrhn+rPFGeGHK3w2Xryo=",
"owner": "liff",
"repo": "waveforms-flake",
"rev": "49ef7864932c4428b628791cd7cfccc694717ee8",
"type": "github"
},
"original": {
"owner": "liff",
"repo": "waveforms-flake",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

271
flake.nix Normal file
View file

@ -0,0 +1,271 @@
# https://nix.dev/
# https://github.com/barrucadu/nixfiles/tree/master
# https://bitbucket.org/bzz/nixos/src/master/configuration.nix
# https://grahamc.com/blog/erase-your-darlings/
# https://github.com/Misterio77/nix-starter-configs
## Build System
# sudo rm -rf /etc/nixos/ && sudo cp ./ /etc/nixos/ && sudo nixos-rebuild switch
## Build Iso
# nix build -L .#packages.x86_64-linux.ll-nixos-full-iso
## Update Packages
# nix flake update
## Clean up nix-store
# nix-store --delete ...
## Encrypted Home Directory
# https://github.com/nix-community/home-manager/issues/3415
## Declarative Disk Partioning
# https://github.com/nix-community/disko
# https://github.com/nix-community/nixos-anywhere-examples/blob/main/configuration.nix
{
description = "Lauren's System Flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-generators.url = "github:nix-community/nixos-generators/7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565";
nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
lix-module.inputs.nixpkgs.follows = "nixpkgs";
# Extras
waveforms.url = "github:liff/waveforms-flake";
disko.url = "github:nix-community/disko/v1.11.0";
};
outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, nixos-generators, disko, waveforms, lix-module, ... }@inputs: let
system = "x86_64-linux";
timezone = "America/Chicago";
locale = "en_US.UTF-8";
stateVersion = "24.11";
unstable = nixpkgs-unstable.legacyPackages.${system};
iso_modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
{ isoImage.squashfsCompression = "zstd"; }
];
# Look into: https://git.sr.ht/~magic_rb/dotfiles/tree/master/item/nixos/systems/gooseberry
pi_modules = [{
# Disabling the whole `profiles/base.nix` module, which is responsible
# for adding ZFS and a bunch of other unnecessary programs:
disabledModules = [
"profiles/base.nix"
];
# Allows for remote deployment via
# nixos-rebuild -L switch --flake .?submodules=1#HOSTNAME --target-host USER@HOSTNAME
nix.settings.require-sigs = false;
}];
# TODO: Surely a better way, no?
inherited_modules = [
{
time.timeZone = timezone;
system.stateVersion = stateVersion;
}
lix-module.nixosModules.default
home-manager.nixosModules.home-manager
waveforms.nixosModule
disko.nixosModules.default
];
in {
nixosConfigurations = {
ll-nixos-headless = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-nixos-headless"; }
./systems/ll-nixos-headless.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
ll-nixos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-nixos"; }
./systems/ll-nixos-full.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
ll-latitude-e5591 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = iso_modules ++ [
{
networking.hostName = "ll-latitude-e5591";
networking.hostId = "f55542ee";
}
./systems/ll-latitude-e5591.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
ll-nixos-headless-pi = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = pi_modules ++ [
{
networking.hostName = "ll-nixos-headless-pi";
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
"/boot/firmware" = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
};
};
}
./systems/ll-nixos-headless.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
# Real Systems
bastion-in-training = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./systems/bastion/bastion-in-training.nix ] ++ inherited_modules;
};
bastion = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./systems/bastion/bastion-actual.nix ] ++ inherited_modules;
};
stronghold = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{
networking.hostName = "stronghold";
networking.hostId = "c581a1cd";
}
./systems/vm-docker-base.nix
] ++ inherited_modules;
};
};
packages.aarch64-linux = {
ll-nixos-headless-pi-sdcard = nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "sd-aarch64";
modules = pi_modules ++ [
{ networking.hostName = "ll-nixos-headless-pi"; }
./systems/ll-nixos-headless.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
token-pi-sdcard = nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "sd-aarch64";
modules = pi_modules ++ [
{ networking.hostName = "token-pi"; }
./systems/ll-nixos-headless.nix
] ++ inherited_modules;
specialArgs = { unstable = unstable; };
};
};
packages.x86_64-linux = {
##########################################################################
##########################################################################
##########################################################################
# Personal Live Disks
ll-nixos-headless-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-nixos-headless"; }
./systems/ll-nixos-headless.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
ll-nixos-base-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-nixos-base"; }
./systems/ll-nixos-base.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
ll-nixos-full-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-nixos"; }
./systems/ll-nixos-full.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
ll-latitude-e5591-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-latitude-e5591"; }
./systems/ll-latitude-e5591.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
##########################################################################
##########################################################################
##########################################################################
# Systems
ll-nixos-factorio-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "ll-nixos-factorio"; }
./systems/ll-nixos-factorio.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
vm-docker-dhcp-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = ""; }
./systems/vm-docker-dhcp.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
living-room-nixos-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux";
modules = iso_modules ++ [
{ networking.hostName = "living-room-nixos-iso"; }
./systems/ll-nixos-full.nix
] ++ inherited_modules;
format = "install-iso";
specialArgs = { unstable = unstable; };
};
default = self.packages.x86_64-linux.ll-nixos-full-iso;
};
};
}

1
pop_secrets.sh Normal file
View file

@ -0,0 +1 @@
cat secrets.tar.zst.gpg | gpg -d | tar --zstd -xv

1
push_secrets.sh Normal file
View file

@ -0,0 +1 @@
tar -c secrets/ | zstd | gpg --encrypt --compress-algo none --recipient mlaga97@gmail.com > secrets.tar.zst.gpg

BIN
secrets.tar.zst.gpg Normal file
View file

Binary file not shown.

117
systems/bastion/bastion-actual.nix Normal file
View file

@ -0,0 +1,117 @@
{ pkgs, ... }: {
networking.hostName = "bastion";
networking.hostId = "0d13f99b";
# WARNING: BUILT-IN ETHERNET HARDWARE IS BORKED!!!
# https://xcp-ng.org/docs/networking.html#intel-i218-i219-slow-speed
# https://serverfault.com/questions/581265/disable-tcp-checksum-offloading-on-kvm-virtual-network
imports = [
./bastion_base.nix
../../features/intelgpu.nix
../../tweaks/powersave.nix
];
boot.loader.grub.mirroredBoots = [
{
devices = [ "nodev" ];
path = "/boot0";
}
{
devices = [ "nodev" ];
path = "/boot1";
}
];
fileSystems = {
"/boot0" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNG0MA07159M-part1";
fsType = "vfat";
options = [ "nofail" ];
};
"/boot1" = {
device = "/dev/disk/by-id/ata-PNY_CS900_1TB_SSD_PNY244624111201023FB-part1";
fsType = "vfat";
options = [ "nofail" ];
};
"/exports/Frigate" = {
device = "bastion-frigate";
fsType = "zfs";
};
"/exports/MyBook" = {
device = "MyBook/root";
fsType = "zfs";
options = [ "nofail" ];
};
};
##############################################################################
##############################################################################
##############################################################################
# Networking
systemd.network.networks = {
"30-eno1" = {
matchConfig.Name = "eno1";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
};
"30-enp0s20f0u8" = {
matchConfig.Name = "enp0s20f0u8";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
};
"90-tinc" = {
matchConfig.Name = "tinc.mlaga97spa";
address = [ "10.86.84.105/32" ];
routes = [ { Destination = "10.86.84.0/24"; } ];
};
};
services.tinc.networks.mlaga97space = {
name = "bastion";
ed25519PrivateKeyFile = "/root/tinc/mlaga97space_ed25519_key.priv";
chroot = false;
settings.ConnectTo = [ "fortress" "citadel" ];
};
##############################################################################
##############################################################################
##############################################################################
# Services
hardware.coral.pcie.enable = true;
services.apcupsd = {
enable = true;
configText = ''
UPSTYPE usb
NISIP 0.0.0.0
BATTERYLEVEL 5
MINUTES 3
'';
};
# TODO: Put scripts into version control
services.cron = {
enable = true;
mailto = "";
systemCronJobs = [
# Sync Restic from Archive to MyBook daily at 0600
"0 6 * * * root /home/lauren_lagarde/bin/SyncRestic > /dev/null"
# Copy footage from Frigate to MyBook and clear up space on both every 10 minutes
"*/10 * * * * root /home/lauren_lagarde/bin/MaintainFrigate > /dev/null"
# Grab a still photo from all cameras once per minute
"* * * * * root /home/lauren_lagarde/bin/GetAllCameraImages > /dev/null"
# TODO: Automatically Collate Camera Images Monthly
];
};
}

43
systems/bastion/bastion-in-training.nix Normal file
View file

@ -0,0 +1,43 @@
{ ... }: {
networking.hostName = "bastion-in-training";
networking.hostId = "c3e44236";
imports = [
./bastion_base.nix
];
boot.zfs.devNodes = "/dev/vda2";
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.loader.grub.mirroredBoots = [
{
devices = [ "nodev" ];
path = "/boot0";
}
{
devices = [ "nodev" ];
path = "/boot1";
}
];
fileSystems = {
"/boot0" = {
device = "/dev/vda1";
fsType = "vfat";
options = [ "nofail" ];
};
"/boot1" = {
device = "/dev/vdb1";
fsType = "vfat";
options = [ "nofail" ];
};
};
systemd.network.networks = {
"30-enp1s0" = {
matchConfig.Name = "enp1s0";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
};
};
}

127
systems/bastion/bastion_base.nix Normal file
View file

@ -0,0 +1,127 @@
{ pkgs, ... }: {
imports = [
# Base Config
../../features/base.nix
../../features/headless.nix
# Features
../../features/br0.nix
../../features/dockge.nix
../../features/docker.nix
../../features/libvirt.nix
# Tweaks
../../tweaks/zfs.nix
../../tweaks/zram.nix
../../tweaks/disable_firewall.nix
../../tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../secrets/dotspace.nix
# Users
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
];
##############################################################################
##############################################################################
##############################################################################
# Bootloader / Kernel
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
zfsSupport = true;
efiSupport = true;
};
##############################################################################
##############################################################################
##############################################################################
# Local Filesystems
fileSystems = {
"/" = {
device = "bastion-root/root";
fsType = "zfs";
};
};
##############################################################################
##############################################################################
##############################################################################
# Services
services.cron = {
enable = true;
mailto = "";
systemCronJobs = [
"* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats > /dev/null"
];
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
Frigate = {
path = "/exports/Frigate";
comment = "NVR Local Storage";
writable = "yes";
browseable = "yes";
"force user" = "nobody";
"force group" = "users";
"create mask" = "775";
"force create mode" = "775";
"security mask" = "775";
"force security mode" = "775";
"directory mask" = "2775";
"force directory mode" = "2775";
"directory security mask" = "2775";
"force directory security mode" = "2775";
};
MyBook = {
path = "/exports/MyBook";
comment = "External Storage";
writable = "yes";
browseable = "yes";
"force user" = "nobody";
"force group" = "users";
"create mask" = "775";
"force create mode" = "775";
"security mask" = "775";
"force security mode" = "775";
"directory mask" = "2775";
"force directory mode" = "2775";
"directory security mask" = "2775";
"force directory security mode" = "2775";
};
};
};
##############################################################################
##############################################################################
##############################################################################
# System Users
users.users = {
bastion = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialHashedPassword = "$y$j9T$WThHVbTQdHbv4mI0m4EjK/$LA.4Uf95jD/rJpLVf0kbfH0wFBj4FHCimV6xiDfLOD/";
};
dotspace = {
isNormalUser = true;
shell = pkgs.shadow;
initialHashedPassword = "$y$j9T$cH1b/0aafCTaHyWigarb70$bS6WFrbYV4xUZwVtqDCepydOhEol1DqmokBfkGmvRcA";
};
};
}

14
systems/living-room-nixos.nix Normal file
View file

@ -0,0 +1,14 @@
{ ... }: {
imports = [
../ll-nixos-full.nix
];
# Fix issue with HDMI passthrough
home-manager.users.lauren_lagarde = {
xsession.windowManager.i3 = {
config.startup = [
{ command = "xrandr --output HDMI-1 --mode 1920x1080 --rate 60 --primary"; }
];
};
};
}

12
systems/ll-latitude-e5591.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }: {
imports = [
./ll-nixos-full.nix
../features/intelgpu.nix
];
hardware.enableRedistributableFirmware = true;
boot.kernelParams = [
"i915.enable_guc=2"
];
}

22
systems/ll-nixos-base.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }: {
imports = [
./ll-nixos-headless.nix
# i3wm
../features/i3.nix
../features/yubikey.nix
../tweaks/bluetooth.nix
../tweaks/intel_igpu_screen_tearing.nix
# Lauren
../users/lauren_lagarde/i3.nix
../users/lauren_lagarde/autologin.nix
];
home-manager.users.lauren_lagarde = {
imports = [
../users/lauren_lagarde/home-manager/monitor_configs.nix
../users/lauren_lagarde/home-manager/secrets/dotspace_gui.nix
];
};
}

8
systems/ll-nixos-factorio.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }: {
imports = [
./ll-nixos-base.nix
# Additional Features
../features/factorio.nix
];
}

11
systems/ll-nixos-full.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }: {
imports = [
./ll-nixos-base.nix
# Additional Features
../features/rtl-sdr.nix
../features/printing.nix
../features/embedded.nix
../features/virtualbox.nix
];
}

28
systems/ll-nixos-headless.nix Normal file
View file

@ -0,0 +1,28 @@
{ ... }: {
imports = [
# Core
../features/base.nix
../tweaks/zram.nix
../tweaks/disable_nixos_user.nix
../tweaks/systemd-resolved_nonsense.nix
# Headless
../features/headless.nix
../tweaks/zfs.nix
# Lauren
../users/lauren_lagarde/lauren_lagarde.nix
{
home-manager.users.lauren_lagarde = {
imports = [
../users/lauren_lagarde/home-manager/lauren_lagarde.nix
];
};
}
# Dotspace
../features/stronghold-binary-cache.nix
../secrets/dotspace.nix
../users/lauren_lagarde/dotspace.nix
];
}

78
systems/vm-docker-base.nix Normal file
View file

@ -0,0 +1,78 @@
# cd; rm nixos-config; tar -xvf /Parlor/Lauren/nixos-config.tar.zst; cd nixos-config/nixos/; sudo nix run 'github:nix-community/disko/latest#disko-install' -- --flake .#TARGET_HOSTNAME --disk vda /dev/vda
{ ... }: {
imports = [
./ll-nixos-headless.nix
../features/docker.nix
../features/dockge.nix
../tweaks/disable_firewall.nix
];
##############################################################################
##############################################################################
##############################################################################
# Bootloader / Kernel
# UEFI Boot
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
# Libvirt Guest Kernel Modules
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
##############################################################################
##############################################################################
##############################################################################
# Disk Layout
# https://github.com/nix-community/disko/issues/528
disko.devices = {
disk = {
vda = {
type = "disk";
device = "/dev/vda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

9
systems/vm-docker-dhcp.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }: {
imports = [
./ll-nixos-headless.nix
# Additional Features
../features/persistent_docker.nix
../tweaks/disable-firewall.nix
];
}

25
tweaks/bluetooth.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs, lib, ... }: {
hardware.enableRedistributableFirmware = true;
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
settings.General = {
Enable = "Source,Sink,Media,Socket";
Experimental = true;
};
};
# PipeWire appears to have marginally less shitty bluetooth support
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
jack.enable = true;
};
}

3
tweaks/disable_firewall.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
networking.firewall.enable = false;
}

12
tweaks/disable_nixos_user.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }: {
services.getty.autologinUser = lib.mkForce null;
users.groups.nixos = {};
users.users.nixos.group = "nixos";
users.users.nixos.isSystemUser = lib.mkForce true;
users.users.nixos.isNormalUser = lib.mkForce false;
users.users.nixos.initialHashedPassword = lib.mkForce "!";
# Disable root as well
users.users.root.initialHashedPassword = lib.mkForce "!";
}

6
tweaks/intel_igpu_screen_tearing.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }: {
# Fix screen tearing on Intel iGPU
# TODO: I think this is still broken
services.picom.enable = true;
services.picom.vSync = true;
}

3
tweaks/powersave.nix Normal file
View file

@ -0,0 +1,3 @@
{ ... }: {
powerManagement.cpuFreqGovernor = "powersave";
}

4
tweaks/systemd-resolved_nonsense.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }: {
# I...this is dumb...
services.resolved.extraConfig = "ResolveUnicastSingleLabel=yes";
}

16
tweaks/zfs.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, ... }: {
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.devNodes = "/dev/disk/by-id/";
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.interval = "weekly";
boot.extraModprobeConfig = ''
# Under low-write conditions, wait up to 30 seconds before committing data to disk
options zfs zfs_txg_timeout=30
# Stupid silent data corruption bug (https://github.com/openzfs/zfs/issues/15933)
options zfs zfs_bclone_enabled=0
options zfs zfs_dmu_offset_next_sync=0
'';
}

7
tweaks/zram.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 200;
};
}

11
users/ashley_funkhouser/ashley_funkhouser.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }: {
users.users.ashley_funkhouser = {
isNormalUser = true;
description = "Ashley Funkhouser";
extraGroups = [ "wheel" "libvirtd" ];
initialHashedPassword = "$y$j9T$b.JgT15KeFXOjWQ0gJ7Ae0$n1KSyoAa8E.zI.4WZ6ze.Sk0RqXayZRrZK2319C77W/";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwgQE831tqVEbb5bhLH9XkhmiIxTJ4YlL0Yjha2MJ0uoXfC7y+twp2fJB0FjmXvrU5li2mAes5DVakq0RqG5MtkbGSFN9/lJPuis+k6OzTTihe3PGTkRqaC6JWAs5Db7yHlaq0a+qLpniXPH/9/W/IqjRB67EPvfPkZ7VefjeEkJ1aPSoobws8DJUGum5PAg1oLTGwgirGMSlpWNOCxt8h3dynjrRLbUG4afU/FvbQDy27J0ODIN5CPDj8ZiTgz1s0KsA702dXz8UiioDp8ES9gOOfLqye50lga3UuK47jNJXelwmIAvCdPj1LKpy4HvmdIH8F4CsCqwkzbF1/s55quWvf/olhcWofayKcjP6Vbs8k3M6cshjcXPKBbr2FnpznHZCPSDq0Htk6a/YfFGh3Jy96x5PJW29deKJ9pjEvTufWDBhU6Uqd/80QGpGg/VBNiMot5qPrcdKM3kN7aPxU1mlbF9ICG/T0E7mSGEQHYqKd2LGfbielvobE/pdPbErjTRzl9KeqYiN9NA8Um5r8KDj8w/E9oF6DMpqulFA9fdMYtMTeEVPXxt6c7S1+VzOkfSbRt/p5Ql5FF294f6lvN01gbbJrGrfAstXmyPKGmJ/OSYrTEX7hhpaDJytW9KgzAebdkP2C5CQnwyJHaTDr1dEDSieoB0JgRFMWuvBNUQ== ajfunk27@gmail.com"
];
};
}

6
users/lauren_lagarde/autologin.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }: {
services.displayManager = {
autoLogin.enable = true;
autoLogin.user = "lauren_lagarde";
};
}

7
users/lauren_lagarde/dotspace.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, unstable, ... }: {
home-manager.users.lauren_lagarde = {
imports = [
./home-manager/secrets/dotspace.nix
];
};
}

1
users/lauren_lagarde/home-manager Submodule

@ -0,0 +1 @@
Subproject commit 97cde8a8e73f1623a390397b060e5e4b7ffa61ba

9
users/lauren_lagarde/i3.nix Normal file
View file

@ -0,0 +1,9 @@
{ home-manager, unstable, ... }: {
home-manager.extraSpecialArgs = {
inherit unstable;
};
home-manager.users.lauren_lagarde.imports = [
./home-manager/i3.nix
];
}

11
users/lauren_lagarde/lauren_lagarde.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs, ... }: {
users.users.lauren_lagarde = {
isNormalUser = true;
description = "Lauren Lagarde";
extraGroups = [ "docker" "wheel" "libvirtd" "disks" ];
initialHashedPassword = "$y$j9T$KqTFvSj9TYmRXugVbiSgj.$RbvxcGlY/DbLFioa64ntY5RO4Ym0CMswhegeQj5qHyD";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
];
};
}