sceleton frim Misterio77

flake.nix

@@ -1,88 +1,62 @@
 {
-  description = "A somewhat huge home-manager configuration using Nix Flakes.";
+  description = "pfke nix config";
 
   inputs = {
-    # Flake inputs
+    # Go back to nixos-unstable after PR 238700 is merged
-    agenix.url = "github:ryantm/agenix";
+    # https://nixpk.gs/pr-tracker.html?pr=238700
-    flake-parts.url = "github:hercules-ci/flake-parts";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
-    home.url = "github:nix-community/home-manager";
+    # You can access packages and modules from different nixpkgs revs
+    # at the same time. Here's an working example:
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
 
-    # Nixpkgs branches
+    hardware.url = "github:nixos/nixos-hardware";
-    master.url = "github:nixos/nixpkgs/master";
+    nix-colors.url = "github:misterio77/nix-colors";
-    stable.url = "github:nixos/nixpkgs/nixos-23.05";
-    unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
 
-    # Default Nixpkgs for packages and modules
+    # Home manager
-    nixpkgs.follows = "master";
+    home-manager = {
-
+      url = "github:nix-community/home-manager";
-    # Minimize duplicate instances of inputs
+      inputs.nixpkgs.follows = "nixpkgs";
-    agenix.inputs.nixpkgs.follows = "nixpkgs";
+    };
-    home.inputs.nixpkgs.follows = "nixpkgs";
-    nix.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, home, nixpkgs, flake-parts, ... }@inputs:
+  outputs = { self, nixpkgs, home-manager, ... }@inputs:
     let
-      config = {
+      inherit (self) outputs;
-        allowBroken = false;
+      lib = nixpkgs.lib // home-manager.lib;
-        allowUnfree = true;
+      systems = [ "aarch64-linux" "i686-linux" "x86_64-linux" ];
-        allowUnfreePredicate = _: true;
+      forEachSystem = f: lib.genAttrs systems (sys: f pkgs.${sys});
-        tarball-ttl = 0;
+      pkgsFor = nixpkgs.legacyPackages;
-
+    in
-        # WTF: don't do this kids...
+    {
-        # replaceStdenv = { pkgs }: pkgs.optimizedV3Stdenv;
+      inherit lib;
-
+      nixosModules = import ./modules/nixos;
-        /*
+      homeManagerModules = import ./modules/home-manager;
-          NOTE: experimental option, disable if you don't know what this does
+      templates = import ./templates;
-          See https://github.com/NixOS/rfcs/pull/62 for more information.
-          */
-        contentAddressedByDefault = false;
-      };
 
-      importNixFiles = path: with nixpkgs.lib; map import (__filter (hasSuffix "nix") (filesystem.listFilesRecursive path));
+      overlays = import ./overlays { inherit inputs outputs; };
+      hydraJobs = import ./hydra.nix { inherit inputs outputs; };
 
-      overlays = with inputs; [
+      packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
-        (final: prev:
+      devShells = forEachSystem (pkgs: import ./shell.nix { inherit pkgs; });
-          let inherit (final) system; in
+      formatter = forEachSystem (pkgs: pkgs.nixpkgs-fmt);
-          {
-            /*
-                Nixpkgs branches, replace when https://github.com/NixOS/nixpkgs/pull/160061 is live.
-                One can access these branches like so:
-                `pkgs.stable.mpd'
-                `pkgs.master.linuxPackages_xanmod'
-            */
-            master = import master { inherit config system; };
-            unstable = import unstable { inherit config system; };
-            stable = import stable { inherit config system; };
-          })
 
-        # Overlays provided by inputs
+      wallpapers = import ./home/misterio/wallpapers;
-        inputs.nixpkgs-f2k.overlays.stdenvs
-      ]
-      # Overlays from ./overlays directory
-      ++ (importNixFiles ./overlays);
-    in
-    flake-parts.lib.mkFlake { inherit inputs; } {
-      flake = {
-        homeConfigurations = {
-          devvie = import ./users/devvie {
-            inherit config nixpkgs home overlays inputs;
-          };
 
-          #omni = import ./users/omni {
+      nixosConfigurations = {
-          #  inherit config nixpkgs home overlays inputs;
+        # Main desktop
-          #};
+        atlas =  lib.nixosSystem {
+          modules = [ ./hosts/atlas ];
+          specialArgs = { inherit inputs outputs; };
         };
+        # ...
       };
 
-      systems = [ "x86_64-linux" ];
+      homeConfigurations = {
-
+        "hblobner@devvie" = lib.homeManagerConfiguration {
-      perSystem = { system, ... }: {
+          modules = [ ./users/hblober@devvie.nix ];
-        formatter = inputs.nixpkgs-fmt.defaultPackage.${system};
+          pkgs = pkgsFor.x86_64-linux;
+          extraSpecialArgs = { inherit inputs outputs; };
         };
       };
-
-  nixConfig = {
-    commit-lockfile-summary = "flake: bump inputs";
     };
 }

users/devvie/default.nix

@@ -1,36 +0,0 @@
-{ config, nixpkgs, home, overlays, inputs }:
-
-# See https://github.com/nix-community/home-manager/blob/master/flake.nix#L44 for reference.
-let
-  system = "x86_64-linux";
-in
-home.lib.homeManagerConfiguration {
-  modules = [
-    {
-      nixpkgs = { inherit config overlays; };
-
-      home = rec {
-        username = "hblobner";
-        homeDirectory = "/home/${username}";
-
-        /*
-          NOTE: DO NOT CHANGE THIS IF YOU DON'T KNOW WHAT YOU'RE DOING.
-
-          Only change this if you are ABSOLUTELY 100% SURE that you don't have stateful data.
-        */
-        stateVersion = "21.11";
-      };
-    }
-
-    # Extra home-manager modules that aren't upstream
-
-    # Shared configuration across all users
-    ../shared/home.nix
-
-    # Particular configuration for the user
-    ./home.nix
-  ];
-
-  # Extra arguments passed to home.nix
-  extraSpecialArgs = { inherit inputs system; };
-}

users/devvie/home.nix

@@ -1,24 +0,0 @@
-{ config, inputs, lib, pkgs, system, ... }:
-
-/*
-  home-manager configuration
-  Useful links:
-  - Home Manager Manual: https://rycee.gitlab.io/home-manager/
-  - Appendix A. Configuration Options: https://rycee.gitlab.io/home-manager/options.html
-*/
-{
-  home = {
-    packages =
-      in
-      lib.attrValues {
-        inherit (pkgs)
-          fd
-          neovim
-          ripgrep
-          tmux
-          zsh
-      };
-
-    sessionVariables.EDITOR = "nvim";
-  };
-}

users/features/cli/bat.nix

@@ -0,0 +1,6 @@
+{
+  programs.bat = {
+    enable = true;
+    config.theme = "base16";
+  };
+}

users/features/cli/default.nix

@@ -0,0 +1,36 @@
+{ pkgs, ... }: {
+  imports = [
+    ./bat.nix
+    ./direnv.nix
+    ./gh.nix
+    ./git.nix
+    ./gpg.nix
+    ./nix-index.nix
+    ./pfetch.nix
+    ./ranger.nix
+    ./screen.nix
+    ./shellcolor.nix
+    ./ssh.nix
+    ./starship.nix
+  ];
+  home.packages = with pkgs; [
+    comma # Install and run programs by sticking a , before them
+    distrobox # Nice escape hatch, integrates docker images with my environment
+
+    bc # Calculator
+    bottom # System viewer
+    ncdu # TUI disk usage
+    exa # Better ls
+    ripgrep # Better grep
+    fd # Better find
+    httpie # Better curl
+    diffsitter # Better diff
+    jq # JSON pretty printer and manipulator
+    trekscii # Cute startrek cli printer
+
+    nil # Nix LSP
+    nixfmt # Nix formatter
+
+    ltex-ls # Spell checking LSP
+  ];
+}

users/features/cli/direnv.nix

@@ -0,0 +1,6 @@
+{
+  programs.direnv = {
+    enable = true;
+    nix-direnv.enable = true;
+  };
+}

users/features/cli/gh.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+{
+  programs.gh = {
+    enable = true;
+    extensions = with pkgs; [ gh-markdown-preview ];
+    settings = {
+      git_protocol = "ssh";
+      prompt = "enabled";
+    };
+  };
+  home.persistence = {
+    "/persist/home/${config.home.username}".directories = [ ".config/gh" ];
+  };
+}

users/features/cli/git.nix

@@ -0,0 +1,51 @@
+{ pkgs, lib, config, ... }:
+let
+  ssh = "${pkgs.openssh}/bin/ssh";
+
+  git-m7 = pkgs.writeShellScriptBin "git-m7" ''
+    repo="$(git remote -v | grep git@m7.rs | head -1 | cut -d ':' -f2 | cut -d ' ' -f1)"
+    # Add a .git suffix if it's missing
+    if [[ "$repo" != *".git" ]]; then
+      repo="$repo.git"
+    fi
+
+    if [ "$1" == "init" ]; then
+      if [ "$2" == "" ]; then
+        echo "You must specify a name for the repo"
+        exit 1
+      fi
+      ${ssh} -A git@m7.rs << EOF
+        git init --bare "$2.git"
+        git -C "$2.git" branch -m main
+    EOF
+      git remote add origin git@m7.rs:"$2.git"
+    elif [ "$1" == "ls" ]; then
+      ${ssh} -A git@m7.rs ls
+    else
+      ${ssh} -A git@m7.rs git -C "/srv/git/$repo" $@
+    fi
+  '';
+in
+{
+  home.packages = [ git-m7 ];
+  programs.git = {
+    enable = true;
+    package = pkgs.gitAndTools.gitFull;
+    aliases = {
+      pushall = "!git remote | xargs -L1 git push --all";
+      graph = "log --decorate --oneline --graph";
+      add-nowhitespace = "!git diff -U0 -w --no-color | git apply --cached --ignore-whitespace --unidiff-zero -";
+    };
+    userName = "Gabriel Fontes";
+    userEmail = "hi@m7.rs";
+    extraConfig = {
+      feature.manyFiles = true;
+      init.defaultBranch = "main";
+      user.signing.key = "CE707A2C17FAAC97907FF8EF2E54EA7BFE630916";
+      commit.gpgSign = true;
+      gpg.program = "${config.programs.gpg.package}/bin/gpg2";
+    };
+    lfs.enable = true;
+    ignores = [ ".direnv" "result" ];
+  };
+}

users/features/cli/gpg-commands.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+let
+  ssh = "${pkgs.openssh}/bin/ssh";
+  gpg-connect-agent = "${pkgs.gnupg}/bin/gpg-connect-agent";
+in
+{
+  isUnlocked = "${pkgs.procps}/bin/pgrep 'gpg-agent' &> /dev/null && ${gpg-connect-agent} 'scd getinfo card_list' /bye | ${pkgs.gnugrep}/bin/grep SERIALNO -q";
+  unlock = "${ssh} -T localhost -o StrictHostKeyChecking=no exit";
+}

users/features/cli/gpg.nix

@@ -0,0 +1,66 @@
+{ pkgs, config, lib, ... }:
+let
+  pinentry =
+    if config.gtk.enable then {
+      packages = [ pkgs.pinentry-gnome pkgs.gcr ];
+      name = "gnome3";
+    } else {
+      packages = [ pkgs.pinentry-curses ];
+      name = "curses";
+    };
+in
+{
+  home.packages = pinentry.packages;
+
+  services.gpg-agent = {
+    enable = true;
+    enableSshSupport = true;
+    sshKeys = [ "149F16412997785363112F3DBD713BC91D51B831" ];
+    pinentryFlavor = pinentry.name;
+    enableExtraSocket = true;
+  };
+
+  programs =
+    let
+      fixGpg = ''
+        gpgconf --launch gpg-agent
+      '';
+    in
+    {
+      # Start gpg-agent if it's not running or tunneled in
+      # SSH does not start it automatically, so this is needed to avoid having to use a gpg command at startup
+      # https://www.gnupg.org/faq/whats-new-in-2.1.html#autostart
+      bash.profileExtra = fixGpg;
+      fish.loginShellInit = fixGpg;
+      zsh.loginExtra = fixGpg;
+
+      gpg = {
+        enable = true;
+        settings = {
+          trust-model = "tofu+pgp";
+        };
+        publicKeys = [{
+          source = ../../pgp.asc;
+          trust = 5;
+        }];
+      };
+    };
+
+  systemd.user.services = {
+    # Link /run/user/$UID/gnupg to ~/.gnupg-sockets
+    # So that SSH config does not have to know the UID
+    link-gnupg-sockets = {
+      Unit = {
+        Description = "link gnupg sockets from /run to /home";
+      };
+      Service = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.coreutils}/bin/ln -Tfs /run/user/%U/gnupg %h/.gnupg-sockets";
+        ExecStop = "${pkgs.coreutils}/bin/rm $HOME/.gnupg-sockets";
+        RemainAfterExit = true;
+      };
+      Install.WantedBy = [ "default.target" ];
+    };
+  };
+}
+# vim: filetype=nix

users/features/cli/nix-index.nix

@@ -0,0 +1,35 @@
+{ pkgs, ... }:
+let
+  update-script = pkgs.writeShellApplication {
+    name = "fetch-nix-index-database";
+    runtimeInputs = with pkgs; [ wget coreutils ];
+    text = ''
+      filename="index-x86_64-linux"
+      mkdir -p ~/.cache/nix-index
+      cd ~/.cache/nix-index
+      wget -N "https://github.com/Mic92/nix-index-database/releases/latest/download/$filename"
+      ln -f "$filename" files
+    '';
+  };
+in
+{
+  programs.nix-index.enable = true;
+
+  systemd.user.services.nix-index-database-sync = {
+    Unit = { Description = "fetch mic92/nix-index-database"; };
+    Service = {
+      Type = "oneshot";
+      ExecStart = "${update-script}/bin/fetch-nix-index-database";
+      Restart = "on-failure";
+      RestartSec = "5m";
+    };
+  };
+  systemd.user.timers.nix-index-database-sync = {
+    Unit = { Description = "Automatic github:mic92/nix-index-database fetching"; };
+    Timer = {
+      OnBootSec = "10m";
+      OnUnitActiveSec = "24h";
+    };
+    Install = { WantedBy = [ "timers.target" ]; };
+  };
+}

users/features/cli/pfetch.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  home = {
+    packages = with pkgs; [ pfetch ];
+    sessionVariables.PF_INFO =
+      "ascii title os kernel uptime shell term desktop scheme palette";
+  };
+}

users/features/cli/ranger.nix

@@ -0,0 +1,3 @@
+{ pkgs, ... }: {
+  home.packages = with pkgs; [ ranger ];
+}

users/features/cli/screen.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }: {
+  home.packages = [ pkgs.screen ];
+  home.file.".screenrc".text = ''
+    startup_message off
+    defbce on
+    setenv TERM xterm-256color
+  '';
+}

users/features/cli/shellcolor.nix

@@ -0,0 +1,25 @@
+{ config, ... }:
+let inherit (config.colorscheme) colors;
+in {
+  programs.shellcolor = {
+    enable = true;
+    settings = {
+      base00 = "${colors.base00}";
+      base01 = "${colors.base01}";
+      base02 = "${colors.base02}";
+      base03 = "${colors.base03}";
+      base04 = "${colors.base04}";
+      base05 = "${colors.base05}";
+      base06 = "${colors.base06}";
+      base07 = "${colors.base07}";
+      base08 = "${colors.base08}";
+      base09 = "${colors.base09}";
+      base0A = "${colors.base0A}";
+      base0B = "${colors.base0B}";
+      base0C = "${colors.base0C}";
+      base0D = "${colors.base0D}";
+      base0E = "${colors.base0E}";
+      base0F = "${colors.base0F}";
+    };
+  };
+}

users/features/cli/ssh.nix

@@ -0,0 +1,27 @@
+{ outputs, lib, ... }:
+let
+  hostnames = builtins.attrNames outputs.nixosConfigurations;
+in
+{
+  programs.ssh = {
+    enable = true;
+    matchBlocks = {
+      net = {
+        host = builtins.concatStringsSep " " hostnames;
+        forwardAgent = true;
+        remoteForwards = [{
+          bind.address = ''/%d/.gnupg-sockets/S.gpg-agent'';
+          host.address = ''/%d/.gnupg-sockets/S.gpg-agent.extra'';
+        }];
+      };
+      trusted = lib.hm.dag.entryBefore [ "net" ] {
+        host = "m7.rs *.m7.rs *.ts.m7.rs";
+        forwardAgent = true;
+      };
+    };
+  };
+
+  home.persistence = {
+    "/persist/home/${config.home.username}".directories = [ ".ssh" ];
+  };
+}

users/features/cli/starship.nix

@@ -0,0 +1,133 @@
+{ pkgs, ... }:
+let
+  nix-inspect = pkgs.writeShellScriptBin "nix-inspect" ''
+    read -ra EXCLUDED <<< "$@"
+    EXCLUDED+=(''${NIX_INSPECT_EXCLUDE[@]:-})
+
+    IFS=":" read -ra PATHS <<< "$PATH"
+
+    read -ra PROGRAMS <<< \
+      "$(printf "%s\n" "''${PATHS[@]}" | ${pkgs.gnugrep}/bin/grep "\/nix\/store" | ${pkgs.gnugrep}/bin/grep -v "\-man" | ${pkgs.perl}/bin/perl -pe 's/^\/nix\/store\/\w{32}-([^\/]*)\/bin$/\1/' | ${pkgs.findutils}/bin/xargs)"
+
+    for to_remove in "''${EXCLUDED[@]}"; do
+        to_remove_full="$(printf "%s\n" "''${PROGRAMS[@]}" | grep "$to_remove" )"
+        PROGRAMS=("''${PROGRAMS[@]/$to_remove_full}")
+    done
+
+    read -ra PROGRAMS <<< "''${PROGRAMS[@]}"
+    echo "''${PROGRAMS[@]}"
+  '';
+in
+{
+  programs.starship = {
+    enable = true;
+    settings = {
+      format =
+        let
+          git = "$git_branch$git_commit$git_state$git_status";
+          cloud = "$aws$gcloud$openstack";
+        in
+        ''
+          $username$hostname($shlvl)($cmd_duration) $fill ($nix_shell)$custom
+          $directory(${git})(- ${cloud}) $fill $time
+          $jobs$character
+        '';
+
+      fill = {
+        symbol = " ";
+        disabled = false;
+      };
+
+      # Core
+      username = {
+        format = "[$user]($style)";
+        show_always = true;
+      };
+      hostname = {
+        format = "[@$hostname]($style) ";
+        ssh_only = false;
+        style = "bold green";
+      };
+      shlvl = {
+        format = "[$shlvl]($style) ";
+        style = "bold cyan";
+        threshold = 2;
+        repeat = true;
+        disabled = false;
+      };
+      cmd_duration = {
+        format = "took [$duration]($style) ";
+      };
+
+      directory = {
+        format = "[$path]($style)( [$read_only]($read_only_style)) ";
+      };
+      nix_shell = {
+        format = "[($name \\(develop\\) <- )$symbol]($style) ";
+        impure_msg = "";
+        symbol = " ";
+        style = "bold red";
+      };
+      custom = {
+        nix_inspect = {
+          disabled = false;
+          when = "test -z $IN_NIX_SHELL";
+          command = "${nix-inspect}/bin/nix-inspect kitty imagemagick ncurses user-environment";
+          format = "[($output <- )$symbol]($style) ";
+          symbol = " ";
+          style = "bold blue";
+        };
+      };
+
+      character = {
+        error_symbol = "[~~>](bold red)";
+        success_symbol = "[->>](bold green)";
+        vimcmd_symbol = "[<<-](bold yellow)";
+        vimcmd_visual_symbol = "[<<-](bold cyan)";
+        vimcmd_replace_symbol = "[<<-](bold purple)";
+        vimcmd_replace_one_symbol = "[<<-](bold purple)";
+      };
+
+      time = {
+        format = "\\\[[$time]($style)\\\]";
+        disabled = false;
+      };
+
+      # Cloud
+      gcloud = {
+        format = "on [$symbol$active(/$project)(\\($region\\))]($style)";
+      };
+      aws = {
+        format = "on [$symbol$profile(\\($region\\))]($style)";
+      };
+
+      # Icon changes only \/
+      aws.symbol = "  ";
+      conda.symbol = " ";
+      dart.symbol = " ";
+      directory.read_only = " ";
+      docker_context.symbol = " ";
+      elixir.symbol = " ";
+      elm.symbol = " ";
+      gcloud.symbol = " ";
+      git_branch.symbol = " ";
+      golang.symbol = " ";
+      hg_branch.symbol = " ";
+      java.symbol = " ";
+      julia.symbol = " ";
+      memory_usage.symbol = "󰍛 ";
+      nim.symbol = "󰆥 ";
+      nodejs.symbol = " ";
+      package.symbol = "󰏗 ";
+      perl.symbol = " ";
+      php.symbol = " ";
+      python.symbol = " ";
+      ruby.symbol = " ";
+      rust.symbol = " ";
+      scala.symbol = " ";
+      shlvl.symbol = "";
+      swift.symbol = "󰛥 ";
+      terraform.symbol = "󱁢";
+    };
+  };
+}

users/features/pass/default.nix

@@ -0,0 +1,17 @@
+{ pkgs, config, ... }: {
+  programs.password-store = {
+    enable = true;
+    settings = { PASSWORD_STORE_DIR = "$HOME/.password-store"; };
+    package = pkgs.pass.withExtensions (p: [ p.pass-otp ]);
+  };
+
+  services.pass-secret-service = {
+    enable = true;
+    storePath = "${config.home.homeDirectory}/.password-store";
+    extraArgs = [ "-e${config.programs.password-store.package}/bin/pass" ];
+  };
+
+  home.persistence = {
+    "/persist/home/misterio".directories = [ ".password-store" ];
+  };
+}

users/features/productivity/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    # Pass feature is required
+    ../pass
+  ];
+}

users/global/default.nix

@@ -0,0 +1,58 @@
+{ inputs, lib, pkgs, config, outputs, ... }:
+let
+  inherit (inputs.nix-colors) colorSchemes;
+  inherit (inputs.nix-colors.lib-contrib { inherit pkgs; }) colorschemeFromPicture nixWallpaperFromScheme;
+in
+{
+  imports = [
+    inputs.impermanence.nixosModules.home-manager.impermanence
+    inputs.nix-colors.homeManagerModule
+    ../features/cli
+    ../features/nvim
+    ../features/helix
+  ] ++ (builtins.attrValues outputs.homeManagerModules);
+
+  nixpkgs = {
+    overlays = builtins.attrValues outputs.overlays;
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = (_: true);
+    };
+  };
+
+  nix = {
+    package = lib.mkDefault pkgs.nix;
+    settings = {
+      experimental-features = [ "nix-command" "flakes" "repl-flake" ];
+      warn-dirty = false;
+    };
+  };
+
+  programs = {
+    home-manager.enable = true;
+    git.enable = true;
+  };
+
+  home = {
+    homeDirectory = lib.mkDefault "/home/${config.home.username}";
+    stateVersion = lib.mkDefault "22.05";
+    sessionPath = [ "$HOME/.local/bin" ];
+
+    persistence = {
+      "/persist/home/${config.home.username}" = {
+        directories = [
+          "Documents"
+          "Downloads"
+          "Pictures"
+          "Videos"
+          ".local/bin"
+        ];
+        allowOther = true;
+      };
+    };
+  };
+
+  colorscheme = lib.mkDefault colorSchemes.dracula;
+  home.file.".colorscheme".text = config.colorscheme.slug;
+}
+

users/hblobner@devvie.nix

@@ -0,0 +1,14 @@
+{ inputs, ... }: {
+  imports = [
+    ./global
+    ./features/cli
+    ./features/productivity
+    ./features/pass
+  ];
+
+  home = {
+    username = lib.mkDefault "hblobner";
+  };
+
+  colorscheme = inputs.nix-colors.colorSchemes.catppuccin-macchiato;
+}