Compare commits
1 commit
1f585246c2
...
5bed67ac95
Author | SHA1 | Date | |
---|---|---|---|
5bed67ac95 |
14 changed files with 113 additions and 166 deletions
44
flake.lock
44
flake.lock
|
@ -85,11 +85,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731235328,
|
"lastModified": 1730633670,
|
||||||
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -101,11 +101,11 @@
|
||||||
},
|
},
|
||||||
"impermanence": {
|
"impermanence": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731242966,
|
"lastModified": 1730403150,
|
||||||
"narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
|
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "impermanence",
|
"repo": "impermanence",
|
||||||
"rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
|
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -121,11 +121,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731209121,
|
"lastModified": 1730604744,
|
||||||
"narHash": "sha256-BF7FBh1hIYPDihdUlImHGsQzaJZVLLfYqfDx41wjuF0=",
|
"narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "896019f04b22ce5db4c0ee4f89978694f44345c3",
|
"rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -136,11 +136,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731403644,
|
"lastModified": 1730537918,
|
||||||
"narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=",
|
"narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "f6581f1c3b137086e42a08a906bdada63045f991",
|
"rev": "f6e0cd5c47d150c4718199084e5764f968f1b560",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -152,11 +152,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731239293,
|
"lastModified": 1730327045,
|
||||||
"narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=",
|
"narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9256f7c71a195ebe7a218043d9f93390d49e6884",
|
"rev": "080166c15633801df010977d9d7474b4a6c549d7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -183,11 +183,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731139594,
|
"lastModified": 1730531603,
|
||||||
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
|
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
|
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -214,11 +214,11 @@
|
||||||
},
|
},
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731452589,
|
"lastModified": 1728945400,
|
||||||
"narHash": "sha256-GpAaJ+WcJd1BMmQmO4QoCnvXz4s2WWl8AOyRMRRKa24=",
|
"narHash": "sha256-q68NlsyYSNzHol9xHA/PBbBc/o/oKQWtftJe7eTDq18=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "a250fcf99ece2ae6e92713d9cf8b24c98a579320",
|
"rev": "179e97132af1fd8fae92a1692e0dfa31fb663ce3",
|
||||||
"revCount": 47,
|
"revCount": 46,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
|
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -53,22 +53,12 @@
|
||||||
# Enable ACME ACL on all zones
|
# Enable ACME ACL on all zones
|
||||||
acl = ["acme"];
|
acl = ["acme"];
|
||||||
# Enable automatic DNSSEC signing on all zones. The KSK must be
|
# Enable automatic DNSSEC signing on all zones. The KSK must be
|
||||||
# configured in the parent zone through the registrar. Either the
|
# configured in the parent zone. Use the following command to get the
|
||||||
# DNSKEY or DS, depending on registrar:
|
# required record(s):
|
||||||
#
|
|
||||||
# > sudo keymgr caspervk.net dnskey
|
|
||||||
# [<zone> <record-type> <key-type> <protocol> <algorithm-type> <public-key>]
|
|
||||||
#
|
|
||||||
# OR
|
|
||||||
#
|
|
||||||
# > sudo keymgr caspervk.net ds
|
# > sudo keymgr caspervk.net ds
|
||||||
# [<zone> <record-type> <key-tag> <algorithm-type> <digest-type> <digest>]
|
# [<zone> <record-type> <key-tag> <algorithm-type> <digest-type> <digest>]
|
||||||
#
|
|
||||||
# https://knot.readthedocs.io/en/master/configuration.html#automatic-dnssec-signing
|
# https://knot.readthedocs.io/en/master/configuration.html#automatic-dnssec-signing
|
||||||
#
|
# DNSSEC can be validated using https://dnsviz.net.
|
||||||
# DNSSEC can be validated using:
|
|
||||||
# - https://dnssec-debugger.verisignlabs.com
|
|
||||||
# - https://dnsviz.net
|
|
||||||
dnssec-signing = "on";
|
dnssec-signing = "on";
|
||||||
dnssec-policy = "default";
|
dnssec-policy = "default";
|
||||||
# Knot overwrites the zonefiles with auto-generated DNSSEC records by
|
# Knot overwrites the zonefiles with auto-generated DNSSEC records by
|
||||||
|
|
|
@ -12,8 +12,10 @@
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
efi.canTouchEfiVariables = true;
|
grub = {
|
||||||
systemd-boot.enable = true;
|
enable = true;
|
||||||
|
device = "/dev/vda";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
initrd.luks.devices.crypted.device = "/dev/disk/by-label/crypted";
|
initrd.luks.devices.crypted.device = "/dev/disk/by-label/crypted";
|
||||||
};
|
};
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
|
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
|
||||||
boot.initrd.kernelModules = ["dm-snapshot"];
|
boot.initrd.kernelModules = ["dm-snapshot"];
|
||||||
boot.kernelModules = [];
|
boot.kernelModules = [];
|
||||||
boot.extraModulePackages = [];
|
boot.extraModulePackages = [];
|
||||||
|
@ -37,18 +37,5 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# Enable hot-adding memory. Otherwise, the machine will be left with 1GB of
|
|
||||||
# memory only.
|
|
||||||
# https://pve.proxmox.com/wiki/Hotplug_(qemu_disk,nic,cpu,memory)
|
|
||||||
# Nix code inspired by (this isn't hyperv):
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/hyperv-guest.nix
|
|
||||||
services.udev.packages = lib.singleton (pkgs.writeTextFile {
|
|
||||||
name = "proxmox-memory-hotadd-udev-rules";
|
|
||||||
destination = "/etc/udev/rules.d/80-hotplug-mem.rules";
|
|
||||||
text = ''
|
|
||||||
SUBSYSTEM=="memory", ACTION=="add", TEST=="state", ATTR{state}=="offline", ATTR{state}="online"
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,20 +6,23 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# The NixOS firewall enables stateful connection tracking by default, which
|
|
||||||
# can be bad for performance.
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/2e88dbad29664f78b4c7f89f9b54d2dd2faef8e6/nixos/modules/services/networking/firewall-iptables.nix#L139
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
networks."10-lan" = {
|
networks."10-lan" = {
|
||||||
matchConfig.Name = "enp0s18";
|
# IPv4 settings are from `sudo dhcpcd --test`.
|
||||||
|
# IPv6 settings are from https://www.ssdvps.dk/knowledgebase/18/IPv6-Gateway.html.
|
||||||
|
matchConfig.Name = "ens3";
|
||||||
address = [
|
address = [
|
||||||
"185.231.102.51/24"
|
"91.210.59.57/25"
|
||||||
"2a0c:5700:3133:650:b0ea:eeff:fedb:1f7b/64"
|
"2a12:bec4:11d3:de9f::1/64"
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{routeConfig = {Gateway = "185.231.102.1";};}
|
{routeConfig = {Gateway = "91.210.59.1";};}
|
||||||
|
{
|
||||||
|
routeConfig = {
|
||||||
|
Gateway = "2a12:bec4:11d3::1";
|
||||||
|
GatewayOnLink = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,15 +1,11 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
secrets,
|
|
||||||
...
|
...
|
||||||
}: let
|
}: {
|
||||||
mkTorConfig = {
|
services.tor = {
|
||||||
orPort,
|
|
||||||
controlPort,
|
|
||||||
dirPort,
|
|
||||||
}: {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
relay = {
|
relay = {
|
||||||
enable = true;
|
enable = true;
|
||||||
role = "exit";
|
role = "exit";
|
||||||
|
@ -19,16 +15,16 @@
|
||||||
ContactInfo = "admin@caspervk.net";
|
ContactInfo = "admin@caspervk.net";
|
||||||
ORPort = [
|
ORPort = [
|
||||||
{
|
{
|
||||||
addr = "185.231.102.51";
|
addr = "91.210.59.57";
|
||||||
port = orPort;
|
port = 443;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
addr = "[2a0c:5700:3133:650:b0ea:eeff:fedb:1f7b]";
|
addr = "[2a12:bec4:11d3:de9f::1]";
|
||||||
port = orPort;
|
port = 443;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ControlPort = controlPort; # for nyx, localhost only
|
ControlPort = 9051; # for nyx
|
||||||
DirPort = dirPort;
|
DirPort = 80;
|
||||||
DirPortFrontPage = builtins.toFile "tor-exit-notice.html" (builtins.readFile ./tor-exit-notice.html);
|
DirPortFrontPage = builtins.toFile "tor-exit-notice.html" (builtins.readFile ./tor-exit-notice.html);
|
||||||
ExitRelay = true;
|
ExitRelay = true;
|
||||||
IPv6Exit = true;
|
IPv6Exit = true;
|
||||||
|
@ -37,49 +33,8 @@
|
||||||
"reject *:25"
|
"reject *:25"
|
||||||
"accept *:*"
|
"accept *:*"
|
||||||
];
|
];
|
||||||
# https://support.torproject.org/relay-operators/multiple-relays/
|
|
||||||
MyFamily = builtins.concatStringsSep "," [
|
|
||||||
"1B9D2C9E0EFE2C6BD23D62B2FCD145886AD242D1" # instance 1
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
|
||||||
containers.tor-1 = {
|
|
||||||
autoStart = true;
|
|
||||||
# TODO: what does ephemeral mean?
|
|
||||||
ephemeral = true;
|
|
||||||
bindMounts = {
|
|
||||||
# https://support.torproject.org/relay-operators/upgrade-or-move/
|
|
||||||
"/var/lib/tor/keys/ed25519_master_id_secret_key".hostPath = config.age.secrets.tor-1-ed25519-master-id-secret-key.path;
|
|
||||||
"/var/lib/tor/keys/secret_id_key".hostPath = config.age.secrets.tor-1-secret-id-key.path;
|
|
||||||
};
|
|
||||||
config = {config, ...}: {
|
|
||||||
services.tor = mkTorConfig {
|
|
||||||
orPort = 443;
|
|
||||||
controlPort = 9051;
|
|
||||||
dirPort = 80;
|
|
||||||
};
|
|
||||||
system.stateVersion = config.system.stateVersion;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
nyx # Command-line monitor for Tor
|
|
||||||
];
|
|
||||||
|
|
||||||
age.secrets.tor-ed25519-master-id-secret-key = {
|
|
||||||
file = "${secrets}/secrets/tor-1-ed25519-master-id-secret-key.age";
|
|
||||||
mode = "400";
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets.tor-secret-id-key = {
|
|
||||||
file = "${secrets}/secrets/tor-1-secret-id-key.age";
|
|
||||||
mode = "400";
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
# https://support.torproject.org/relay-operators/#relay-operators_relay-bridge-overloaded
|
# https://support.torproject.org/relay-operators/#relay-operators_relay-bridge-overloaded
|
||||||
# https://lists.torproject.org/pipermail/tor-talk/2012-August/025296.html
|
# https://lists.torproject.org/pipermail/tor-talk/2012-August/025296.html
|
||||||
|
@ -141,4 +96,19 @@ in {
|
||||||
# Disable RFC1323 timestamps (TODO: why?)
|
# Disable RFC1323 timestamps (TODO: why?)
|
||||||
"net.ipv4.tcp_timestamps" = 0;
|
"net.ipv4.tcp_timestamps" = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
nyx # Command-line monitor for Tor
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.persistence."/nix/persist" = {
|
||||||
|
directories = [
|
||||||
|
{
|
||||||
|
directory = "/var/lib/tor";
|
||||||
|
user = "tor";
|
||||||
|
group = "tor";
|
||||||
|
mode = "0700";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,24 @@
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
|
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
|
||||||
boot.initrd.kernelModules = ["dm-snapshot"];
|
boot.initrd.kernelModules = ["dm-snapshot"];
|
||||||
|
|
||||||
|
# https://wiki.nixos.org/wiki/Remote_disk_unlocking
|
||||||
|
# > ssh -o HostKeyAlias=tor-initrd root@tor
|
||||||
|
boot.initrd.network = {
|
||||||
|
enable = true;
|
||||||
|
# Clear initrd network configuration before stage 2
|
||||||
|
flushBeforeStage2 = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
authorizedKeys = config.users.users.caspervk.openssh.authorizedKeys.keys;
|
||||||
|
# NOTE: the key is stored insecurely in the global Nix store and
|
||||||
|
# unencrypted boot partition, which is why we use a separate key.
|
||||||
|
# > sudo ssh-keygen -t ed25519 -N "" -f /nix/persist/initrd-ssh_host_ed25519_key
|
||||||
|
hostKeys = ["/nix/persist/initrd-ssh_host_ed25519_key"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
boot.kernelParams = ["ip=192.168.0.95::192.168.0.1"];
|
||||||
|
|
||||||
boot.kernelModules = ["kvm-intel"];
|
boot.kernelModules = ["kvm-intel"];
|
||||||
boot.extraModulePackages = [];
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./agenix.nix
|
./agenix.nix
|
||||||
|
./docker.nix
|
||||||
./fish.nix
|
./fish.nix
|
||||||
./git.nix
|
./git.nix
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
|
|
|
@ -2,25 +2,34 @@
|
||||||
# NixOS default packages:
|
# NixOS default packages:
|
||||||
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/system-path.nix
|
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/system-path.nix
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
ascii
|
||||||
bandwhich
|
bandwhich
|
||||||
bat
|
bat
|
||||||
binutils
|
binutils
|
||||||
|
black
|
||||||
|
clang
|
||||||
dnsutils
|
dnsutils
|
||||||
fd
|
fd
|
||||||
file
|
file
|
||||||
fzf
|
fzf
|
||||||
|
gcc
|
||||||
git
|
git
|
||||||
|
gnumake
|
||||||
htop
|
htop
|
||||||
iputils
|
iputils
|
||||||
jq
|
jq
|
||||||
lsof
|
lsof
|
||||||
|
magic-wormhole-rs
|
||||||
mtr
|
mtr
|
||||||
ncdu
|
ncdu
|
||||||
ntp
|
ntp
|
||||||
openssl
|
openssl
|
||||||
pciutils
|
pciutils
|
||||||
|
postgresql
|
||||||
progress
|
progress
|
||||||
|
pwgen
|
||||||
python3
|
python3
|
||||||
|
python310
|
||||||
python311
|
python311
|
||||||
python312
|
python312
|
||||||
socat
|
socat
|
||||||
|
@ -34,6 +43,6 @@
|
||||||
wget
|
wget
|
||||||
whois
|
whois
|
||||||
wireguard-tools
|
wireguard-tools
|
||||||
yq-go
|
yq
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,8 +12,6 @@
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB/qr63FB0ZqOe/iZGwIKNHD8a1Ud/mXVjQPmpIG7pM caspervk@omega"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB/qr63FB0ZqOe/iZGwIKNHD8a1Ud/mXVjQPmpIG7pM caspervk@omega"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII71DKQziktCkyMAmL25QKRK6nG2uJDkQXioIZp5JkMZ caspervk@zeta"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII71DKQziktCkyMAmL25QKRK6nG2uJDkQXioIZp5JkMZ caspervk@zeta"
|
||||||
# TODO: remove
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICA1+3EYBguNE+6uJgWZixTKBGr6CpstlU6Drtf8w0As caspervk@mu"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -22,7 +20,8 @@
|
||||||
"alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc";
|
"alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc";
|
||||||
"delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe9RpnO1/QRU81kjtEsWN66xfP5Y/qf5EQZ6wdM/XCT";
|
"delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe9RpnO1/QRU81kjtEsWN66xfP5Y/qf5EQZ6wdM/XCT";
|
||||||
"sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
|
"sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
|
||||||
"tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOov/Qrjo7y86SO+qUdBC84NZdVsax/nksq9Vmmr1Uq";
|
"tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
|
||||||
|
"tor-initrd".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
|
||||||
"git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
|
"git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -256,6 +256,10 @@
|
||||||
highlight = {
|
highlight = {
|
||||||
enable = true,
|
enable = true,
|
||||||
},
|
},
|
||||||
|
-- Indentation based on treesitter
|
||||||
|
indent = {
|
||||||
|
enable = true,
|
||||||
|
},
|
||||||
})
|
})
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
@ -483,7 +487,7 @@
|
||||||
anchor_bias = "above",
|
anchor_bias = "above",
|
||||||
-- Keep open until leaving insert mode.
|
-- Keep open until leaving insert mode.
|
||||||
-- Default: { CursorMoved, CursorMovedI, InsertCharPre }.
|
-- Default: { CursorMoved, CursorMovedI, InsertCharPre }.
|
||||||
close_events = {"CursorMoved"},
|
close_events = { "CursorMoved", },
|
||||||
-- Make floating window unfocusable. Allows updating parameter
|
-- Make floating window unfocusable. Allows updating parameter
|
||||||
-- highlight with another <C-s> rather than focusing the window.
|
-- highlight with another <C-s> rather than focusing the window.
|
||||||
focusable = false,
|
focusable = false,
|
||||||
|
@ -498,6 +502,7 @@
|
||||||
vim.keymap.set("n", "gD", vim.lsp.buf.declaration)
|
vim.keymap.set("n", "gD", vim.lsp.buf.declaration)
|
||||||
vim.keymap.set("n", "gy", vim.lsp.buf.type_definition)
|
vim.keymap.set("n", "gy", vim.lsp.buf.type_definition)
|
||||||
vim.keymap.set("n", "gI", ts.lsp_implementations)
|
vim.keymap.set("n", "gI", ts.lsp_implementations)
|
||||||
|
vim.keymap.set("n", "<Leader>gq", vim.lsp.buf.format)
|
||||||
|
|
||||||
-- TODO: This becomes default in newer neovim?
|
-- TODO: This becomes default in newer neovim?
|
||||||
vim.keymap.set("n", "gra", vim.lsp.buf.code_action)
|
vim.keymap.set("n", "gra", vim.lsp.buf.code_action)
|
||||||
|
@ -520,6 +525,13 @@
|
||||||
-- https://github.com/nix-community/nixd
|
-- https://github.com/nix-community/nixd
|
||||||
lspconfig.nixd.setup({
|
lspconfig.nixd.setup({
|
||||||
capabilities = capabilities,
|
capabilities = capabilities,
|
||||||
|
settings = {
|
||||||
|
nixd = {
|
||||||
|
formatting = {
|
||||||
|
command = {"${pkgs.alejandra}/bin/alejandra"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
})
|
})
|
||||||
|
|
||||||
-- https://docs.basedpyright.com
|
-- https://docs.basedpyright.com
|
||||||
|
@ -675,40 +687,6 @@
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
||||||
# Lightweight yet powerful formatter plugin for Neovim.
|
|
||||||
# https://github.com/stevearc/conform.nvim
|
|
||||||
{
|
|
||||||
plugin = conform-nvim;
|
|
||||||
type = "lua";
|
|
||||||
config =
|
|
||||||
# lua
|
|
||||||
''
|
|
||||||
-- TODO: injected language formatting (treesitter code blocks)
|
|
||||||
local conform = require("conform")
|
|
||||||
conform.setup({
|
|
||||||
formatters_by_ft = {
|
|
||||||
-- Use conform built-ins on all ("*") filetypes
|
|
||||||
["*"] = {"trim_newlines", "trim_whitespace"},
|
|
||||||
css = {"prettier"},
|
|
||||||
graphql = {"prettier"},
|
|
||||||
html = {"prettier"},
|
|
||||||
javascript = {"prettier"},
|
|
||||||
json = {"prettier"},
|
|
||||||
markdown = {"prettier"},
|
|
||||||
nix = {"alejandra"},
|
|
||||||
-- Ruff follows the project's pyproject.toml/ruff.toml
|
|
||||||
python = {"ruff_fix", "ruff_organize_imports", "ruff_format"},
|
|
||||||
terraform = {"tofu_fmt"},
|
|
||||||
toml = {"taplo"},
|
|
||||||
typescript = {"prettier"},
|
|
||||||
yaml = {"prettier"},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
vim.o.formatexpr = "v:lua.require'conform'.formatexpr()"
|
|
||||||
vim.keymap.set("n", "<Leader>gq", conform.format)
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
||||||
# Indentation guides.
|
# Indentation guides.
|
||||||
# https://github.com/lukas-reineke/indent-blankline.nvim
|
# https://github.com/lukas-reineke/indent-blankline.nvim
|
||||||
{
|
{
|
||||||
|
@ -905,14 +883,9 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
extraPackages = [
|
extraPackages = [
|
||||||
nixpkgs-unstable.legacyPackages.${pkgs.system}.basedpyright # lsp
|
nixpkgs-unstable.legacyPackages.${pkgs.system}.basedpyright
|
||||||
nixpkgs-unstable.legacyPackages.${pkgs.system}.ruff # lsp/conform
|
pkgs.nixd
|
||||||
pkgs.alejandra # conform
|
pkgs.yaml-language-server
|
||||||
pkgs.nixd # lsp
|
|
||||||
pkgs.nodePackages.prettier # conform
|
|
||||||
pkgs.opentofu # conform
|
|
||||||
pkgs.taplo # conform
|
|
||||||
pkgs.yaml-language-server # lsp
|
|
||||||
];
|
];
|
||||||
extraLuaPackages = ps: [];
|
extraLuaPackages = ps: [];
|
||||||
extraPython3Packages = ps: [];
|
extraPython3Packages = ps: [];
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./clipman.nix
|
./clipman.nix
|
||||||
./docker.nix
|
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./foot.nix
|
./foot.nix
|
||||||
./gammastep.nix
|
./gammastep.nix
|
||||||
|
|
|
@ -8,13 +8,11 @@
|
||||||
# Packages useful on a desktop computer which don't require their own module
|
# Packages useful on a desktop computer which don't require their own module
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ascii
|
|
||||||
aspell
|
aspell
|
||||||
aspellDicts.da
|
aspellDicts.da
|
||||||
aspellDicts.en
|
aspellDicts.en
|
||||||
aspellDicts.en-computers
|
aspellDicts.en-computers
|
||||||
aspellDicts.en-science
|
aspellDicts.en-science
|
||||||
black
|
|
||||||
element-desktop
|
element-desktop
|
||||||
firefox-wayland
|
firefox-wayland
|
||||||
gimp
|
gimp
|
||||||
|
@ -32,8 +30,6 @@
|
||||||
libreoffice
|
libreoffice
|
||||||
mpv
|
mpv
|
||||||
mumble
|
mumble
|
||||||
postgresql
|
|
||||||
pwgen
|
|
||||||
spotify
|
spotify
|
||||||
thunderbird
|
thunderbird
|
||||||
tor-browser-bundle-bin
|
tor-browser-bundle-bin
|
||||||
|
|
Loading…
Reference in a new issue