basic users and wireguard setup
This commit is contained in:
parent
cd9946699d
commit
5001614445
|
@ -0,0 +1,3 @@
|
||||||
|
This document exists to inform users that Sky Hearn has not been served with a secret government subpoena in any of their hardware, their software, or their services.
|
||||||
|
|
||||||
|
2024-03-03
|
Binary file not shown.
|
@ -8,6 +8,7 @@
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./users.nix
|
||||||
<home-manager/nixos>
|
<home-manager/nixos>
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -15,318 +16,84 @@
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
# amdgpu stuffs
|
# use network manager and set hostname
|
||||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
networking.networkmanager.enable = true;
|
||||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
networking.hostName = "rackserver";
|
||||||
|
|
||||||
# opengl support
|
|
||||||
hardware.opengl.enable = true;
|
|
||||||
# opengl packages
|
|
||||||
hardware.opengl.extraPackages = with pkgs; [
|
|
||||||
rocm-opencl-icd
|
|
||||||
rocm-opencl-runtime
|
|
||||||
vaapiVdpau
|
|
||||||
libvdpau-va-gl
|
|
||||||
];
|
|
||||||
hardware.opengl.driSupport = true;
|
|
||||||
|
|
||||||
networking.hostName = "sky-laptop"; # Define your hostname.
|
# wireguard server setup
|
||||||
# Pick only one of the below networking options.
|
|
||||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|
||||||
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
|
||||||
|
|
||||||
# Set your time zone.
|
# enable NAT
|
||||||
time.timeZone = "America/Los_Angeles";
|
networking.nat.enable = true;
|
||||||
|
networking.nat.externalInterface = "eth0";
|
||||||
# Configure network proxy if necessary
|
networking.nat.internalInterfaces = [ "wg0" ];
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
networking.firewall = {
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
allowedUDPPorts = [ 51820 ];
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
console = {
|
|
||||||
font = "Lat2-Terminus16";
|
|
||||||
#keyMap = "us";
|
|
||||||
useXkbConfig = true; # use xkb.options in tty.
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the X11 windowing system
|
networking.wireguard.interfaces = {
|
||||||
services.xserver.enable = true;
|
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||||
services.xserver.displayManager.sessionCommands = ''
|
wg0 = {
|
||||||
slstatus &
|
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||||
nitrogen --restore &
|
ips = [ "10.100.0.1/24" ];
|
||||||
clipcatd &
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Configure keymap in X11
|
# The port that WireGuard listens to. Must be accessible by the client.
|
||||||
services.xserver.xkb.layout = "us";
|
listenPort = 51820;
|
||||||
# services.xserver.xkb.options = "eurosign:e,caps:escape";
|
|
||||||
|
|
||||||
# Enable CUPS to print documents.
|
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
||||||
# services.printing.enable = true;
|
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
|
||||||
|
postSetup = ''
|
||||||
# Enable sound.
|
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
|
||||||
sound.enable = true;
|
|
||||||
hardware.pulseaudio.enable = true;
|
|
||||||
|
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
|
||||||
services.xserver.libinput.enable = true;
|
|
||||||
|
|
||||||
# Enable dwm
|
|
||||||
services.xserver.windowManager.dwm.package = pkgs.dwm.overrideAttrs {
|
|
||||||
src = ./dwm;
|
|
||||||
};
|
|
||||||
services.xserver.windowManager.dwm.enable = true;
|
|
||||||
|
|
||||||
# Sky User
|
|
||||||
users.users.sky.isNormalUser = true;
|
|
||||||
users.users.sky.extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
|
||||||
builtins.elem (lib.getName pkg) [
|
|
||||||
"obsidian"
|
|
||||||
];
|
|
||||||
|
|
||||||
nixpkgs.config.permittedInsecurePackages =
|
|
||||||
lib.optional (pkgs.obsidian.version == "1.4.16") "electron-25.9.0";
|
|
||||||
|
|
||||||
home-manager.useGlobalPkgs = true;
|
|
||||||
# Home Manager for Sky
|
|
||||||
home-manager.users.sky = {pkgs, ...}: {
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
obsidian
|
|
||||||
(callPackage (./rolldice/default.nix) {})
|
|
||||||
clang-tools
|
|
||||||
rclone
|
|
||||||
trash-cli
|
|
||||||
mumble
|
|
||||||
nheko
|
|
||||||
zim
|
|
||||||
moonlight-embedded
|
|
||||||
nitrogen
|
|
||||||
firefox-bin
|
|
||||||
neofetch
|
|
||||||
ncpamixer
|
|
||||||
tree
|
|
||||||
xclip
|
|
||||||
grpc
|
|
||||||
clipcat
|
|
||||||
keepassxc
|
|
||||||
jellyfin-media-player
|
|
||||||
];
|
|
||||||
|
|
||||||
services.picom = {
|
|
||||||
enable = true;
|
|
||||||
vSync = true;
|
|
||||||
backend = "glx";
|
|
||||||
inactiveOpacity = 0.9;
|
|
||||||
settings = {
|
|
||||||
blur = {
|
|
||||||
method = "dual-kawase";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.bash = {
|
|
||||||
enable = true;
|
|
||||||
shellAliases = {
|
|
||||||
nv = "nvim";
|
|
||||||
ccm = "clipcat-menu";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.git = {
|
|
||||||
enable = true;
|
|
||||||
userName = "Sky Hearn";
|
|
||||||
userEmail = "sky.hearn@pm.me";
|
|
||||||
signing = {
|
|
||||||
key = "DAB485883AE426EC";
|
|
||||||
signByDefault = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.neovim = {
|
|
||||||
enable = true;
|
|
||||||
defaultEditor = true;
|
|
||||||
extraConfig = ''
|
|
||||||
set shiftwidth=2 smarttab
|
|
||||||
set expandtab
|
|
||||||
set tabstop=8 softtabstop=0
|
|
||||||
'';
|
'';
|
||||||
extraPackages = with pkgs; [
|
|
||||||
# Use the project flake's language server to prevent version mismatches
|
|
||||||
# clang_12
|
|
||||||
# rust-analyzer
|
|
||||||
];
|
|
||||||
plugins = with pkgs.vimPlugins; [
|
|
||||||
{
|
|
||||||
plugin = gruvbox-nvim;
|
|
||||||
type = "viml";
|
|
||||||
# Better performance is off until I can figure out a way to make the cache outside the nix store
|
|
||||||
config = ''
|
|
||||||
if has('termguicolors')
|
|
||||||
set termguicolors
|
|
||||||
endif
|
|
||||||
colorscheme gruvbox
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
plugin = lualine-nvim;
|
|
||||||
type = "lua";
|
|
||||||
config = ''
|
|
||||||
require'lualine'.setup {
|
|
||||||
options = {
|
|
||||||
theme = 'gruvbox'
|
|
||||||
},
|
|
||||||
sections = {
|
|
||||||
lualine_c = {'lsp_progress'}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
plugin = lsp-status-nvim;
|
|
||||||
type = "lua";
|
|
||||||
config = ''
|
|
||||||
require'lsp-status'.register_progress()
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
plugin = nvim-lspconfig;
|
|
||||||
type = "lua";
|
|
||||||
config = ''
|
|
||||||
-- Mappings.
|
|
||||||
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
|
|
||||||
local opts = { noremap=true, silent=true }
|
|
||||||
vim.keymap.set('n', '<space>e', vim.diagnostic.open_float, opts)
|
|
||||||
vim.keymap.set('n', '[d', vim.diagnostic.goto_prev, opts)
|
|
||||||
vim.keymap.set('n', ']d', vim.diagnostic.goto_next, opts)
|
|
||||||
vim.keymap.set('n', '<space>q', vim.diagnostic.setloclist, opts)
|
|
||||||
|
|
||||||
-- Use an on_attach function to only map the following keys
|
# This undoes the above command
|
||||||
-- after the language server attaches to the current buffer
|
postShutdown = ''
|
||||||
local on_attach = function(client, bufnr)
|
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
|
||||||
-- Set up status tracking
|
|
||||||
require'lsp-status'.on_attach(client)
|
|
||||||
-- Enable completion triggered by <c-x><c-o>
|
|
||||||
vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc')
|
|
||||||
|
|
||||||
-- Mappings.
|
|
||||||
-- See `:help vim.lsp.*` for documentation on any of the below functions
|
|
||||||
local bufopts = { noremap=true, silent=true, buffer=bufnr }
|
|
||||||
vim.keymap.set('n', 'gD', vim.lsp.buf.declaration, bufopts)
|
|
||||||
vim.keymap.set('n', 'gd', vim.lsp.buf.definition, bufopts)
|
|
||||||
vim.keymap.set('n', 'K', vim.lsp.buf.hover, bufopts)
|
|
||||||
vim.keymap.set('n', 'gi', vim.lsp.buf.implementation, bufopts)
|
|
||||||
vim.keymap.set('n', '<C-k>', vim.lsp.buf.signature_help, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>wa', vim.lsp.buf.add_workspace_folder, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>wr', vim.lsp.buf.remove_workspace_folder, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>wl', function()
|
|
||||||
print(vim.inspect(vim.lsp.buf.list_workspace_folders()))
|
|
||||||
end, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>D', vim.lsp.buf.type_definition, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>rn', vim.lsp.buf.rename, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>ca', vim.lsp.buf.code_action, bufopts)
|
|
||||||
vim.keymap.set('n', 'gr', vim.lsp.buf.references, bufopts)
|
|
||||||
vim.keymap.set('n', '<space>f', function() vim.lsp.buf.format { async = true } end, bufopts)
|
|
||||||
end
|
|
||||||
|
|
||||||
local lsp_flags = {
|
|
||||||
-- This is the default in Nvim 0.7+
|
|
||||||
debounce_text_changes = 150,
|
|
||||||
}
|
|
||||||
|
|
||||||
local servers = { 'clangd', 'rust_analyzer' }
|
|
||||||
|
|
||||||
for _, lsp in ipairs(servers) do
|
|
||||||
require'lspconfig'[lsp].setup(
|
|
||||||
vim.tbl_extend('keep',
|
|
||||||
require('coq').lsp_ensure_capabilities({
|
|
||||||
on_attach = on_attach,
|
|
||||||
flags = lsp_flags
|
|
||||||
}) or {},
|
|
||||||
require'lsp-status'.capabilities
|
|
||||||
)
|
|
||||||
)
|
|
||||||
end
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# Path to the private key file.
|
||||||
|
#
|
||||||
|
# Note: The private key can also be included inline via the privateKey option,
|
||||||
|
# but this makes the private key world-readable; thus, using privateKeyFile is
|
||||||
|
# recommended.
|
||||||
|
privateKeyFile = "path to private key file";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
# List of allowed peers.
|
||||||
|
{ # Nub
|
||||||
|
# Public key of the peer (not a file path).
|
||||||
|
publicKey = "{}";
|
||||||
|
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
|
||||||
|
allowedIPs = [ "10.100.0.2/32" ];
|
||||||
}
|
}
|
||||||
{
|
{ # Ku
|
||||||
plugin = coq_nvim;
|
publicKey = "{}";
|
||||||
type = "lua";
|
allowedIPs = [ "10.100.0.3/32" ];
|
||||||
config = ''
|
|
||||||
vim.g.coq_settings = { auto_start = 'shut-up', xdg = true }
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
{
|
{ # Sky Laptop
|
||||||
plugin = nvim-treesitter.withAllGrammars;
|
publicKey = "{}";
|
||||||
type = "lua";
|
allowedIPs = [ "10.100.0.4/32" ];
|
||||||
config = ''
|
|
||||||
require'nvim-treesitter.configs'.setup {
|
|
||||||
-- TODO: Make this use stdpath("data")
|
|
||||||
-- parser_install_dir = "~/.local/share/nvim/site",
|
|
||||||
-- ensure_installed = { "nix", "help", "rust", "c", "lua" },
|
|
||||||
-- auto_install = true,
|
|
||||||
highlight = {
|
|
||||||
enable = true
|
|
||||||
},
|
|
||||||
incremental_selection = {
|
|
||||||
enable = true,
|
|
||||||
keymaps = {
|
|
||||||
init_selection = "gnn", -- set to `false` to disable one of the mappings
|
|
||||||
node_incremental = "grn",
|
|
||||||
scope_incremental = "grc",
|
|
||||||
node_decremental = "grm",
|
|
||||||
}
|
}
|
||||||
},
|
{ # Sky Desktop
|
||||||
indent = {
|
publicKey = "{}";
|
||||||
enable = true
|
allowedIPs = [ "10.100.0.5/32" ];
|
||||||
},
|
|
||||||
}
|
|
||||||
vim.cmd([[
|
|
||||||
set foldmethod=expr
|
|
||||||
set foldexpr=nvim_treesitter#foldexpr()
|
|
||||||
set nofoldenable
|
|
||||||
]])
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
plugin = telescope-nvim;
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
home.stateVersion = "23.11";
|
|
||||||
};
|
};
|
||||||
# List packages installed in system profile. To search, run:
|
|
||||||
# $ nix search wget
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
pulseaudio
|
|
||||||
bash
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
acpi
|
|
||||||
dmenu
|
|
||||||
dunst
|
|
||||||
libnotify
|
|
||||||
(pkgs.st.overrideAttrs (_: {
|
|
||||||
src = ./st;
|
|
||||||
})
|
|
||||||
)
|
|
||||||
(pkgs.slstatus.overrideAttrs (_: {
|
|
||||||
src = ./slstatus;
|
|
||||||
})
|
|
||||||
)
|
|
||||||
libva-utils
|
|
||||||
];
|
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
|
||||||
# started in user sessions.
|
|
||||||
programs.mtr.enable = true;
|
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh.enable = true;
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
# Forbid root login through SSH.
|
||||||
|
PermitRootLogin = "no";
|
||||||
|
# key authentication
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
@ -356,5 +123,4 @@ clipcatd &
|
||||||
#
|
#
|
||||||
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
{ config, lib, pkgs, ...};
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
<home-manager/nixos>
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.sky.isNormalUser = true;
|
||||||
|
users.users.ku.isNormalUser = true;
|
||||||
|
users.users.nub.isNormalUser = true;
|
||||||
|
|
||||||
|
users.groups.wheel.members=["sky"];
|
||||||
|
|
||||||
|
home-manager.users.sky = { pkgs, ... }: {
|
||||||
|
home.packages = [ ];
|
||||||
|
programs.bash.enable = true;
|
||||||
|
|
||||||
|
# The state version is required and should stay at the version you
|
||||||
|
# originally installed.
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.users.ku = { pkgs, ... }: {
|
||||||
|
home.packages = [ ];
|
||||||
|
programs.bash.enable = true;
|
||||||
|
|
||||||
|
# The state version is required and should stay at the version you
|
||||||
|
# originally installed.
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.users.nub = { pkgs, ... }: {
|
||||||
|
home.packages = [ ]; # TODO: Copy ku's nvconfig
|
||||||
|
programs.bash.enable = true;
|
||||||
|
|
||||||
|
# The state version is required and should stay at the version you
|
||||||
|
# originally installed.
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager.users.wg = { pkgs, ... }: {
|
||||||
|
home.packages = [ ];
|
||||||
|
programs.bash.enable = true;
|
||||||
|
|
||||||
|
# The state version is required and should stay at the version you
|
||||||
|
# originally installed.
|
||||||
|
home.stateVersion = "23.11";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue