From ad9776469424ae8b8f3708f129330b65c1b2088d Mon Sep 17 00:00:00 2001 From: Jo Date: Mon, 23 Dec 2024 18:30:07 +0100 Subject: [PATCH 1/5] feat: add cachix configuration --- flake.lock | 67 +++++++------------ flake.nix | 15 +++++ .../nixos/archetypes/workstation/default.nix | 6 ++ modules/nixos/tools/cachix/default.nix | 17 +++++ 4 files changed, 63 insertions(+), 42 deletions(-) create mode 100644 modules/nixos/tools/cachix/default.nix diff --git a/flake.lock b/flake.lock index bc285a9..7affb4d 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "catppuccin": { "locked": { - "lastModified": 1731232837, - "narHash": "sha256-0aIwr/RC/oe7rYkfJb47xjdEQDSNcqpFGsEa+EPlDEs=", + "lastModified": 1734734291, + "narHash": "sha256-CFX4diEQHKvZYjnhf7TLg20m3ge1O4vqgplsk/Kuaek=", "owner": "catppuccin", "repo": "nix", - "rev": "32359bf226fe874d3b7a0a5753d291a4da9616fe", + "rev": "1e4c3803b8da874ff75224ec8512cb173036bbd8", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "hardware": { "locked": { - "lastModified": 1731403644, - "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f6581f1c3b137086e42a08a906bdada63045f991", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { @@ -91,11 +91,11 @@ ] }, "locked": { - "lastModified": 1731235328, - "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "lastModified": 1734944412, + "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "60bb110917844d354f3c18e05450606a435d2d10", + "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", "type": "github" }, "original": { @@ -122,11 +122,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731245184, - "narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=", + "lastModified": 1734820311, + "narHash": "sha256-YsLK4ZiGY5CZmmgzsfU76OHVUTDeZJgirKzNO+et0UQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "aebe249544837ce42588aa4b2e7972222ba12e8f", + "rev": "7e4a1594489d41bf8e16046b28e14a0e264c9baa", "type": "github" }, "original": { @@ -136,29 +136,13 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -189,11 +173,11 @@ ] }, "locked": { - "lastModified": 1730136121, - "narHash": "sha256-tfVayj13Zw+zzOKrmJhnvBod7Hdb9ixBR6/4GUlyMA0=", + "lastModified": 1732544274, + "narHash": "sha256-qvzLIxuqukl0nxpXHEh5+iw1BLeLxYOwRC0+7cFUbPo=", "owner": "snowfallorg", "repo": "lib", - "rev": "dd348182c1a010993e68004eada86cf0341fe2c4", + "rev": "cfeacd055545ab5de0ecfd41e09324dcd8fb2bbb", "type": "github" }, "original": { @@ -206,15 +190,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1731364708, - "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c91d52db103e757fc25b58998b0576ae702d659", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { @@ -243,11 +226,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1734038753, - "narHash": "sha256-v2NetNrFvObcTx5Gw0MV9leJQr0KfCLtbpC4gZaq+Tc=", + "lastModified": 1734657663, + "narHash": "sha256-1Et05foPKYyWAHUftrrzWgfddnd0r0sm2WCuNeVDDkA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "b2a4aeaad1cdb4a0d8901313d6388a8b4bf2c59d", + "rev": "f5181bde713d1aa5c8d95d00f4f47cd937d2b3e8", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ea0c4c0..50737cf 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,21 @@ }; }; + nixConfig = { + extra-substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org" + "https://devenv.cachix.org" + "https://shopware.cachix.org" + ]; + extra-trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" + "shopware.cachix.org-1:IDifwLVQaaDU2qhlPkJsWJp/Pq0PfzHPIB90hBOhL3k=" + ]; + }; + outputs = inputs: inputs.snowfall-lib.mkFlake { inherit inputs; # Providing flake inputs to Snowfall Lib. diff --git a/modules/nixos/archetypes/workstation/default.nix b/modules/nixos/archetypes/workstation/default.nix index 8bf0eac..2993636 100644 --- a/modules/nixos/archetypes/workstation/default.nix +++ b/modules/nixos/archetypes/workstation/default.nix @@ -12,6 +12,7 @@ in { config = mkIf cfg.enable { environment.sessionVariables = { MOZ_ENABLE_WAYLAND = "1"; # Firefox native Wayland support + NIXOS_OZONE_WL = "1"; # Native Wayland in Chromium and Electron based applications }; # Enable modules @@ -20,6 +21,7 @@ in { nix = { enable = true; # Standard Nix configuration use-lix = true; + use-nixld = true; }; grub.enable = true; # Bootloader grub networking.enable = true; # Networkmanager configuration @@ -32,6 +34,10 @@ in { locale.enable = true; # Locale settings }; + tools = { + cachix.enable = true; + }; + desktop.gnome.enable = true; }; }; diff --git a/modules/nixos/tools/cachix/default.nix b/modules/nixos/tools/cachix/default.nix new file mode 100644 index 0000000..14012db --- /dev/null +++ b/modules/nixos/tools/cachix/default.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + namespace, + config, + ... +}: with lib; with lib.${namespace}; +let + cfg = config.${namespace}.tools.cachix; +in { + options.${namespace}.tools.cachix = { enable = mkEnableOption "Enable the cachix binary cache service on your system."; }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ cachix ]; + }; +} + From 9ada1f7c6793179092b11060e58391c95a1d277f Mon Sep 17 00:00:00 2001 From: Jo Date: Mon, 23 Dec 2024 18:30:21 +0100 Subject: [PATCH 2/5] feat: add youtube-music package --- homes/x86_64-linux/jo@puzzlevision/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/homes/x86_64-linux/jo@puzzlevision/default.nix b/homes/x86_64-linux/jo@puzzlevision/default.nix index 262875e..89d6597 100644 --- a/homes/x86_64-linux/jo@puzzlevision/default.nix +++ b/homes/x86_64-linux/jo@puzzlevision/default.nix @@ -38,12 +38,12 @@ steam g4music bitwarden-desktop + youtube-music ### Development avra avrdude jetbrains.phpstorm - jetbrains.pycharm-community git nodejs_22 bun @@ -54,10 +54,6 @@ zed-editor bruno - ### Rust development specific - rustup - gcc - ### Work teams-for-linux enpass From d06c14e32d7e2a72fc24a3045e521cb14b9e6e5e Mon Sep 17 00:00:00 2001 From: Jo Date: Mon, 23 Dec 2024 18:31:35 +0100 Subject: [PATCH 3/5] refactor: move gnome extension config to new home-manager module --- .../jo@puzzlevision/apps/gnome.nix | 29 -------------- modules/home/desktop/gnome/default.nix | 40 +++++++++++++++++++ 2 files changed, 40 insertions(+), 29 deletions(-) create mode 100644 modules/home/desktop/gnome/default.nix diff --git a/homes/x86_64-linux/jo@puzzlevision/apps/gnome.nix b/homes/x86_64-linux/jo@puzzlevision/apps/gnome.nix index 45e567b..a7e3078 100644 --- a/homes/x86_64-linux/jo@puzzlevision/apps/gnome.nix +++ b/homes/x86_64-linux/jo@puzzlevision/apps/gnome.nix @@ -2,37 +2,8 @@ pkgs, ... }: { - home.packages = with pkgs.gnomeExtensions; [ - dash-to-dock - user-themes - blur-my-shell - appindicator - unite - color-picker - clipboard-history - ]; - # Use `dconf watch /` to track stateful changes you are doing, then set them here. dconf.settings = { - "org/gnome/shell" = { - favorite-apps = [ - "org.gnome.Nautilus.desktop" - "obsidian.desktop" - "zen.desktop" - "phpstorm.desktop" - ]; - - enabled-extensions = [ - pkgs.gnomeExtensions.unite.extensionUuid - pkgs.gnomeExtensions.color-picker.extensionUuid - pkgs.gnomeExtensions.clipboard-history.extensionUuid - pkgs.gnomeExtensions.blur-my-shell.extensionUuid - pkgs.gnomeExtensions.user-themes.extensionUuid - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - pkgs.gnomeExtensions.appindicator.extensionUuid - ]; - }; - "org/gnome/desktop/wm/preferences" = { workspace-names = [ "Main" ]; }; diff --git a/modules/home/desktop/gnome/default.nix b/modules/home/desktop/gnome/default.nix new file mode 100644 index 0000000..0a965be --- /dev/null +++ b/modules/home/desktop/gnome/default.nix @@ -0,0 +1,40 @@ +{ + lib, + pkgs, + host, + config, + osConfig, + namespace, + ... +}: with lib; with lib.${namespace}; +let + cfg = config.${host}.desktop.gnome; +in +{ + options.${host}.desktop.gnome = with types; { + extensions = mkOption { + type = listOf package; + default = with pkgs.gnomeExtensions; [ dash-to-dock user-themes blur-my-shell appindicator unite color-picker clipboard-history ]; + example = [ dash-to-dock blur-my-shell ]; + description = "Specify gnome extensions to install."; + }; + favorite-apps = mkOption { + type = listOf string; + default = ["org.gnome.Nautilus.desktop" "obsidian.desktop" "zen.desktop" "dev.zed.Zed.desktop"]; + example = ["org.gnome.Nautilus.desktop" "obsidian.desktop"]; + description = "Specify your favorite apps (sorted left to right)"; + }; + }; + + config = mkIf osConfig.${namespace}.desktop.gnome.enable { + home.packages = cfg.extensions; + + dconf.settings = { + "org/gnome/shell" = { + favorite-apps = cfg.favorite-apps; + enabled-extensions = forEach cfg.extensions (x: x.extensionUuid); + disabled-extensions = []; # Make sure none of our extensions are disabled on system rebuild + }; + }; + }; +} From 27829eb0fc6f3174f2670e7c4fe0cfdb8c7ee51a Mon Sep 17 00:00:00 2001 From: Jo Date: Mon, 23 Dec 2024 18:33:51 +0100 Subject: [PATCH 4/5] feat: update yubikey configuration --- modules/nixos/security/yubikey/default.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/nixos/security/yubikey/default.nix b/modules/nixos/security/yubikey/default.nix index 4ae1cf8..d4c8cd3 100644 --- a/modules/nixos/security/yubikey/default.nix +++ b/modules/nixos/security/yubikey/default.nix @@ -7,7 +7,7 @@ }: with lib; with lib.${namespace}; let cfg = config.${namespace}.security.yubikey; -in +in { options.${namespace}.security.yubikey = with types; { enable = mkEnableOption "Enable the Yubikey as a security device."; @@ -17,6 +17,7 @@ in example = [ "123456" "1234567" ]; description = "Register additional Yubikey IDs."; }; + enable-agent = mkEnableOption "Enable the Yubikey agent"; }; config = mkIf cfg.enable { @@ -34,5 +35,16 @@ in login.u2fAuth = true; sudo.u2fAuth = true; }; + + services.yubikey-agent.enable = cfg.enable-agent; + + programs.ssh.extraConfig = mkIf cfg.enable-agent '' + Host * + IdentityAgent /usr/local/var/run/yubikey-agent.sock + ''; + + environment.sessionVariables = mkIf cfg.enable-agent { + SSH_AUTH_SOCK = "/usr/local/var/run/yubikey-agent.sock"; + }; }; -} \ No newline at end of file +} From 673421dec3f62fdd72f9461f4b6688ff6d4f7d7f Mon Sep 17 00:00:00 2001 From: Jo Date: Mon, 23 Dec 2024 18:34:44 +0100 Subject: [PATCH 5/5] feat: add Monocraft font, set trusted users and enable yubikey agent --- modules/nixos/common/fonts/default.nix | 2 +- systems/x86_64-linux/puzzlevision/default.nix | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/modules/nixos/common/fonts/default.nix b/modules/nixos/common/fonts/default.nix index 7c7a9d7..3284cc9 100644 --- a/modules/nixos/common/fonts/default.nix +++ b/modules/nixos/common/fonts/default.nix @@ -12,7 +12,7 @@ in { enable = mkEnableOption "Enable system font management"; fonts = mkOption { type = listOf package; - default = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji nerdfonts ]; + default = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji nerd-fonts.bigblue-terminal nerd-fonts.zed-mono monocraft ]; example = [ noto-fonts noto-fonts-emoji ]; description = "Install additional font packages"; }; diff --git a/systems/x86_64-linux/puzzlevision/default.nix b/systems/x86_64-linux/puzzlevision/default.nix index 609ce1f..741689d 100644 --- a/systems/x86_64-linux/puzzlevision/default.nix +++ b/systems/x86_64-linux/puzzlevision/default.nix @@ -52,12 +52,18 @@ # Set system configuration puzzlevision = { archetypes.workstation.enable = true; - security.yubikey.enable = true; + security.yubikey = { + enable = true; + enable-agent = true; + }; }; # Enable flatpak support. services.flatpak.enable = true; + # Set trusted users (Primarily used for cachix) + nix.settings.trusted-users = [ "root" "jo" ]; + # Configure users. snowfallorg.users.jo.admin = true; users.users.jo.isNormalUser = true;