natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hosts: housekeeping

Browse Source 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2025-08-31 19:33:29 +05:30
parent cd52be2620
commit 7e4a6ac8fe
15 changed files with 32 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/common/programs/adb/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.adb.enable = true;
}

4
hosts/common/programs/dconf/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.dconf.enable = true;
}

16
hosts/common/programs/doas/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
security = {
doas = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
keepEnv = true;
persist = true;
setEnv = [ "PATH" ];
}
];
};
};
}

4
hosts/common/programs/git/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.git.enable = true;
}

9
hosts/common/programs/gnupg/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }:
{
programs.gnupg = {
agent = {
enableSSHSupport = true;
enable = true;
};
};
}

7
hosts/common/programs/neovim/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ inputs, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
(nattovim.override { nvimPackage = inputs.nvim-overlay.packages.${pkgs.system}.neovim; })
];
}

32
hosts/common/programs/nix/default.nix Normal file
View File

@@ -0,0 +1,32 @@
{ self, ... }:
{
nixpkgs = {
config = {
allowBroken = true;
allowUnfree = true;
};
overlays = [
self.overlays.default
];
};
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
settings = {
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
}

13
hosts/common/programs/zsh/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
programs.zsh = {
enable = true;
histSize = 30000;
enableBashCompletion = true;
enableCompletion = true;
autosuggestions = {
enable = true;
highlightStyle = "fg=yellow,bold";
};
};
}

21
hosts/common/security/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{
lib,
conf,
config,
...
}:
let
domain = conf.network.addresses.domain.natto;
nginx = config.services.nginx;
in
{
security = {
acme = lib.mkIf nginx.enable {
acceptTerms = true;
certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) (
lib.filterAttrs (_: v: v.enableACME) nginx.virtualHosts
);
};
pki.certificateFiles = [ ../../cert.pem ];
};
}

13
hosts/common/services/pipewire/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
services.pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
socketActivation = true;
wireplumber.enable = true;
};
}

26
hosts/common/services/xserver/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, ... }:
{
services = {
libinput = {
enable = true;
mouse = {
accelSpeed = "0";
};
touchpad = {
middleEmulation = false;
clickMethod = "buttonareas";
tapping = true;
naturalScrolling = true;
};
};
xserver = {
enable = true;
displayManager.startx.enable = true;
xkb.layout = "us";
xkb.variant = "colemak_dh";
autoRepeatDelay = 320;
autoRepeatInterval = 30;
};
};
}

112
hosts/common/vault-agent.nix Normal file
View File

@@ -0,0 +1,112 @@
#Taken from https://github.com/MagicRB/dotfiles/blob/master/nix/nixos-modules/vault-agent.nix
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.vault-agent;
json = pkgs.formats.json { };
in
{
options = {
services.vault-agent = {
enable = mkEnableOption "Vault Agent";
package = mkOption {
type = types.package;
default = pkgs.vault;
description = ''
The package used for the vault agent
'';
};
settings = mkOption {
type = json.type;
default = { };
description = ''
Settings for the agent
'';
};
secretsDir = mkOption {
type = types.nullOr types.path;
default = "/var/secrets";
description = ''
Vault secrets directory;
'';
};
userName = mkOption {
type = types.str;
default = "vault-agent";
description = "Username for the service";
};
groupName = mkOption {
type = types.str;
default = "vault-agent";
description = "Vault-Agent Group Name";
};
uid = mkOption {
type = types.int;
default = 1985;
};
gid = mkOption {
type = types.int;
default = 1985;
};
};
};
config = mkIf cfg.enable ({
users = {
users = {
"${cfg.userName}" = {
group = cfg.groupName;
uid = cfg.uid;
isSystemUser = true;
description = "Vault-Agent User";
};
};
groups = {
"${cfg.groupName}" = {
gid = cfg.gid;
};
};
};
systemd.tmpfiles.rules = mkIf (cfg.secretsDir != null) [
"d ${cfg.secretsDir} 6755 vault-agent ${cfg.groupName} 0"
];
systemd.services.vault-agent = {
description = "Vault Agent";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = (
with pkgs;
[
glibc
]
);
serviceConfig = {
User = cfg.userName;
Group = cfg.groupName;
ExecReload = "${pkgs.busybox}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/vault agent -config=${json.generate "vault.json" cfg.settings}";
KillMode = "process";
KillSignal = "SIGINT";
Restart = "on-failure";
TimeoutStopSec = "30s";
RestartSec = 2;
ConfigurationDirectory = "vault-agent";
ConfigurationDirectoryMode = "0600";
};
};
});
}

26
hosts/common/x86builder.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, ... }:
{
nix = {
extraOptions = ''
builders-use-substitutes = true
'';
buildMachines = [
{
hostName = "okina";
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
distributedBuilds = true;
};
}