commit f5dbb17136e8f3cc6b72a5126448339f5c477866 Author: Origami404 Date: Sat Jun 22 07:01:00 2024 +0800 flake init diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..857ca3a --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1npdfwkrrq89585wjamxxthdswwh4fmmfs5a07v70g7n6vhdhvf3sc0rv5r +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..48f5480 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,149 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, inputs, helix, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.sops-nix.nixosModules.sops + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + boot.loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + grub = { + efiSupport = true; + device = "nodev"; + }; + }; + + networking.hostName = "um790-nix"; + networking.networkmanager.enable = true; + + time.timeZone = "Asia/Shanghai"; + + nix.settings = { + extra-trusted-users = ["origami"]; + extra-substituters = [ + "https://mirror.tuna.edu.cn/nix-channels/store" + "https://cache.nixos.org" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + git + vim + wget + curl + + # Shell & Editor + fish # better shell + helix.packages."${pkgs.system}".helix + + # Archives + zip + xz + unzip + p7zip + zstd + gnutar + atool # all-in-one tar + + # Modern unix + ripgrep # better grep + jq # better cat on json + bat # better cat on everything + eza # better ls + fzf # A command-line fuzzy finder + du-dust # better du + duf # better df + fd # better find + btop # better top + procs # better ps + zoxide # better cd + scc # better cloc + + # Networking + mtr # better traceroute + iperf3 + q # better dig/nslookup + socat # better netcat + nmap + + # Misc + file + which + tree + gnused # sed + gawk # awk + gnupg + pciutils # lspci + usbutils # lsusb + neofetch + v2raya # Only for Chinese user + + # nix related + # + # it provides the command `nom` works just like `nix` + # with more details log output + nix-output-monitor + + # system call monitoring + strace # system call monitoring + ltrace # library call monitoring + lsof # list open files + + # Desktop Utils + kitty # Terminal emulator + wofi # Application runner + chromium # Web browser + dunst # Notication daemon + pipewire # Sound manager + wireplumber + waybar # Status bar + ]; + + + #programs.hyprland.enable = true; + services.xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + }; + + # Users + programs.fish.enable = true; + + users.groups.origami.gid = 1000; + users.users.origami = { + isNormalUser = true; + shell = pkgs.fish; + description = "Origami404"; + group = "origami"; + extraGroups = [ "networkmanager" "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZxRoweHoLfoaydPqhsLnc4EGgwTp7Uz1DZ2DG447B+ origami@fedora" + ]; + }; + security.sudo.wheelNeedsPassword = false; + sops.defaultSopsFile = ./secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + sops.age.keyFile = "/home/origami/.config/sops/age/keys.txt" + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + system.stateVersion = "23.11"; +} + + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..168e113 --- /dev/null +++ b/flake.lock @@ -0,0 +1,298 @@ +{ + "nodes": { + "crane": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "helix", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1688772518, + "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "helix": { + "inputs": { + "crane": "crane", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1703879161, + "narHash": "sha256-TNEsdsaCG1+PvGINrV/zw7emzwpfWiml4b77l2n5UEI=", + "owner": "helix-editor", + "repo": "helix", + "rev": "85fce2f5b6c9f35ab9d3361f3933288a28db83d4", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "repo": "helix", + "rev": "85fce2f5b6c9f35ab9d3361f3933288a28db83d4", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703367386, + "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1690272529, + "narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1718478900, + "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c884223af91820615a6146af1ae1fea25c107005", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1703900474, + "narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9dd7699928e26c3c00d5d46811f1358524081062", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1718276985, + "narHash": "sha256-u1fA0DYQYdeG+5kDm1bOoGcHtX0rtC7qs2YA2N1X++I=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3f84a279f1a6290ce154c5531378acc827836fbb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "helix": "helix", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_2", + "sops-nix": "sops-nix" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "helix", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "helix", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704075545, + "narHash": "sha256-L3zgOuVKhPjKsVLc3yTm2YJ6+BATyZBury7wnhyc8QU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a0df72e106322b67e9c6e591fe870380bd0da0d5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "helix", + "flake-utils" + ], + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1690424156, + "narHash": "sha256-Bpml+L280tHTQpwpC5/BJbU4HSvEzMvW8IZ4gAXimhE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f335a0213504c7e6481c359dc1009be9cf34432c", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1718506969, + "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b4ec369 --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Origami404's NixOS Flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + helix.url = "github:helix-editor/helix/85fce2f5b6c9f35ab9d3361f3933288a28db83d4"; + sops-nix.url = "github:Mic92/sops-nix"; + }; + + outputs = { nixpkgs, home-manager, ... }@inputs: { + nixosConfigurations = { + "um790-nix" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = inputs; + modules = [ + ./configuration.nix + #home-manager.nixosModules.home-manager { + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.users.origami = import ./home.nix; + # home-manager.extraSpecialArgs = inputs; + #} + ]; + }; + }; + }; +} + diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..5e3503c --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,53 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/1b3938f0-358f-4358-b7fb-b448b6eba56a"; + fsType = "btrfs"; + options = [ "subvol=@nixos" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/1b3938f0-358f-4358-b7fb-b448b6eba56a"; + fsType = "btrfs"; + options = [ "subvol=@nix" ]; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/1861-1CA6"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/1b3938f0-358f-4358-b7fb-b448b6eba56a"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..205f567 --- /dev/null +++ b/home.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: + +{ + home.username = "origami"; + home.homeDirectory = "/home/origami"; + + programs.home-manager.enable = true; + + programs.git = { + enable = true; + userName = "origami"; + userEmail = "Origami404@foxmail.com"; + }; + + home.packages = with pkgs;[]; + + programs.bash = { + enable = true; + enableCompletion = true; + bashrcExtra = '' + export PATH="$PATH:$HOME/bin:$HOME/.local/bin:$HOME/go/bin" + ''; + }; + + home.stateVersion = "23.11"; + +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..c55b51f --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,21 @@ +ssh-private-key: ENC[AES256_GCM,data:6FGOhPZQOJ8=,iv:RB+wxIUupe8GSzTzprH3C1naMq9XyBcEJYpWvY+8kWk=,tag:phDITUcI3+zgpJfKS/tpHQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1npdfwkrrq89585wjamxxthdswwh4fmmfs5a07v70g7n6vhdhvf3sc0rv5r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMVg5b2FTTkU2eGJ1U21B + TExGWi9RSFNqMTlXQlBKODV6RzAzWGppbHhVCmhwaHBZY0FqbmpCZkhYTFExT05t + cExOT0V3T1V5UEN2M0FTaFJLb2NDb0kKLS0tIFJrVVFVdEtzMC9PZ09MdzJSTktG + MW4wQS80V3VpWlpYMWdDYWFTMk81VEkK0bBT2NFCNd4OpMbi8jq/mnOM/1Qa3pWT + P0JVrJSJM3pfrYaLfeRbmKvTh/NwX1IygqrNZ6BqduhQs/xRsZtCQQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-21T21:50:37Z" + mac: ENC[AES256_GCM,data:ObwmSRiLU/OBTUX0k0SftiwDwmkKxVOziI2KLBR1p4wL/Me/Qp5wOzJYd83p+cBlxIpn8rjtUxbS+bz0p3mMckeTfoJjyElnn8gx/fJYLsdnXSIqcyfUOA9XWV16t7jeQj2ZW8OcTns0+O1+A1TCucvwXX4xugB2h4kzcFuZS6U=,iv:q0N7HdlWN9MltUI3N5nXU1FzTPz1oi0jl/T8YvGSP8Q=,tag:U1HkWvheOM8D0gQ/yWBJ+A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1