flake-parts: Almost done with yggdrasil

modules/base/fish.nix

@@ -0,0 +1,73 @@
+{
+  flake.modules = {
+    nixos.base =
+      { pkgs, ... }:
+      {
+        environment.systemPackages = with pkgs; [
+          fastfetch
+
+          fd
+          tree
+          ripgrep
+          fzf
+          eza
+
+          #optional
+          pciutils
+          usbutils
+          btop
+
+          zip
+          unzip
+          nettools
+        ];
+      };
+
+    homeManager.base =
+      { lib, pkgs, ... }:
+      {
+        catppuccin.fish.enable = true;
+
+        programs = {
+          fish = {
+            enable = true;
+            shellInit = ''
+              set -x LESS_TERMCAP_mb \e'[01;32m'
+              set -x LESS_TERMCAP_md \e'[01;32m'
+              set -x LESS_TERMCAP_me \e'[0m'
+              set -x LESS_TERMCAP_se \e'[0m'
+              set -x LESS_TERMCAP_so \e'[01;47;34m'
+              set -x LESS_TERMCAP_ue \e'[0m'
+              set -x LESS_TERMCAP_us \e'[01;36m'
+              set -x LESS -R
+              set -x GROFF_NO_SGR 1
+            '';
+            shellAliases = {
+              vim = "hx";
+              ls = "eza -lah --icons --git";
+              lss = "ls --total-size";
+              lt = "ls -T --git-ignore";
+            };
+            functions = {
+              checkHash = "nix hash to-sri --type sha256 $(nix-prefetch-url --unpack $argv)";
+              deployNixberry = "nixos-rebuild switch --flake .#nixberry --target-host nixberry --sudo --ask-sudo-password";
+              deployLoptland = "nixos-rebuild switch --flake .#loptland --target-host christophhollizeck.dev --sudo --ask-sudo-password";
+              checkPR = ''cd /home/cholli/projects/nixpkgs && ${lib.getExe pkgs.nixpkgs-review} pr $argv --post-result --systems "x86_64-linux aarch64-linux"'';
+            };
+            plugins = with pkgs.fishPlugins; [
+              {
+                name = "forgit";
+                src = forgit.src;
+              }
+            ];
+          };
+
+          zoxide = {
+            enable = true;
+            options = [ "--cmd cd" ];
+          };
+
+        };
+      };
+  };
+}

modules/base/git.nix

@@ -0,0 +1,129 @@
+topLevel: {
+  flake.modules = {
+    nixos.base =
+      { pkgs, ... }:
+      {
+        environment.systemPackages = with pkgs; [
+          git
+        ];
+
+      };
+
+    homeManager.cholli =
+      {
+        config,
+        lib,
+        ...
+      }:
+      let
+        username = topLevel.config.flake.meta.users.cholli.username;
+      in
+      {
+        programs.git = {
+          enable = true;
+          lfs.enable = true;
+          signing = {
+            key = topLevel.config.flake.meta.users.cholli.key;
+            signByDefault = true;
+          };
+          ignores = [
+            ".direnv/"
+            ".devenv/"
+            "result"
+          ];
+
+          settings = {
+            user = {
+              name = topLevel.config.flake.meta.users.cholli.name;
+              email = topLevel.config.flake.meta.users.cholli.email;
+            };
+            core = {
+              fsmonitor = true;
+            };
+            init = {
+              defaultBranch = "main";
+            };
+            pull = {
+              rebase = true;
+            };
+            push = {
+              autoSetupRemote = true;
+            };
+            rebase = {
+              autoStash = true;
+            };
+            safe = {
+              directory = "/home/${username}/projects/config";
+            };
+            maintenance = {
+              repo = [
+                "home/${username}/projects/nixpkgs"
+                "home/${username}/projects/config"
+              ];
+              strategy = "incremental";
+            };
+            lfs."https://git.christophhollizeck.dev/Daholli/nixos-config.git/info/lfs".locksverify = true;
+          };
+        };
+
+        systemd.user = {
+          services."git-maintenance@" = {
+            Unit = {
+              Description = "Optimize Git repositories data";
+            };
+            Service = {
+              Type = "oneshot";
+              ExecStart = ''"${lib.getExe config.programs.git.package}" --exec-path="${lib.getBin config.programs.git.package}/bin" -c credential.interactive=false -c core.askPass=true for-each-repo --config=maintenance.repo maintenance run --schedule=%i'';
+              LockPersonality = "yes";
+              MemoryDenyWriteExecute = "yes";
+              NoNewPrivileges = "yes";
+              RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_VSOCK";
+              RestrictNamespaces = "yes";
+              RestrictRealtime = "yes";
+              RestrictSUIDSGID = "yes";
+              SystemCallArchitectures = "native";
+              SystemCallFilter = "@system-service";
+            };
+          };
+          timers = {
+            "git-maintenance@hourly" = {
+              Unit = {
+                Description = "Optimize Git repositories data";
+              };
+              Timer = {
+                OnCalendar = "*-*-* *:00:00";
+                Persistent = true;
+              };
+              Install = {
+                WantedBy = [ "timers.target" ];
+              };
+            };
+            "git-maintenance@daily" = {
+              Unit = {
+                Description = "Optimize Git repositories data";
+              };
+              Timer = {
+                OnCalendar = "*-*-* 20:00:00";
+                Persistent = true;
+              };
+              Install = {
+                WantedBy = [ "timers.target" ];
+              };
+            };
+            "git-maintenance@weekly" = {
+              Unit = {
+                Description = "Optimize Git repositories data";
+              };
+              Timer = {
+                OnCalendar = "Sun *-*-* 20:00:00";
+                Persistent = true;
+              };
+              Install = {
+                WantedBy = [ "timers.target" ];
+              };
+            };
+          };
+        };
+      };
+  };
+}

modules/base/home.nix

@@ -1,12 +1,23 @@
 {
-  flake.modules.homeManager.base = {
-    programs.home-manager.enable = true;
+  flake.modules = {
+    nixos.base = {
+      nixpkgs.config.allowUnFree = true;
+      home-manager = {
+        backupFileExtension = "bak";
+        useUserPackages = true;
+        useGlobalPkgs = true;
+      };
+    };
 
-    services = {
-      home-manager.autoExpire = {
-        enable = true;
-        frequency = "weekly";
-        store.cleanup = true;
+    homeManager.base = {
+      programs.home-manager.enable = true;
+
+      services = {
+        home-manager.autoExpire = {
+          enable = true;
+          frequency = "weekly";
+          store.cleanup = true;
+        };
       };
     };
   };

modules/base/kitty.nix

@@ -0,0 +1,49 @@
+{
+  flake.modules = {
+    homeManager.cholli =
+      { pkgs, ... }:
+      {
+        catppuccin.kitty.enable = true;
+
+        home.packages = [
+          pkgs.kitty
+          pkgs.xfce.thunar
+        ];
+        home.sessionVariables.TERMINAL = "kitty";
+
+        home.file.".config/Thunar/uca.xml".text = ''
+          <?xml version="1.0" encoding="UTF-8"?>
+          <actions>
+          <action>
+          	<icon>kitty</icon>
+          	<name>Open Kitty here</name>
+          	<submenu></submenu>
+          	<unique-id>1726095927116900-1</unique-id>
+          	<command>${pkgs.kitty}/bin/kitty %f</command>
+          	<description>Example for a custom action</description>
+          	<range></range>
+          	<patterns>*</patterns>
+          	<startup-notify/>
+          	<directories/>
+          </action>
+          </actions>
+        '';
+
+        programs.kitty = {
+          enable = true;
+          # themeFile = "tokyo_night_night";
+          font = {
+            name = "FiraCode Nerd Font";
+            size = 15;
+          };
+          shellIntegration.enableFishIntegration = true;
+          settings = {
+            "background_opacity" = "0.90";
+            "shell" = "fish";
+            "confirm_os_window_close" = "0";
+          };
+        };
+
+      };
+  };
+}

modules/base/network/default.nix

@@ -8,14 +8,12 @@
         networkmanager = {
           enable = true;
         };
-
-        useDHCP = false;
       };
 
-      systemd = {
-        services.NetworkManager-wait-online.enable = false;
-        network.wait-online.enable = false;
-      };
+      # systemd = {
+      #   services.NetworkManager-wait-online.enable = false;
+      #   network.wait-online.enable = false;
+      # };
 
       services.resolved = {
         enable = true;

modules/base/starship.nix

@@ -0,0 +1,57 @@
+{
+  flake.modules.homeManager.cholli =
+    { ... }:
+    {
+      catppuccin.starship.enable = false;
+      programs = {
+        starship = {
+          enable = true;
+          enableTransience = true;
+          settings = {
+            character = {
+              error_symbol = "[ ](bold red)";
+            };
+            time = {
+              disabled = false;
+              time_format = "%T";
+              utc_time_offset = "+2";
+            };
+            username = {
+              style_user = "#00de00";
+              style_root = "red";
+              format = "[$user]($style) ";
+              disabled = false;
+              show_always = true;
+            };
+            hostname = {
+              ssh_only = false;
+              format = "@ [$hostname](bold yellow) ";
+              disabled = false;
+            };
+            directory = {
+              home_symbol = "󰋞 ~";
+              read_only_style = "197";
+              read_only = "  ";
+              format = "at [$path]($style)[$read_only]($read_only_style) ";
+            };
+            git_metrics = {
+              disabled = false;
+              added_style = "bold blue";
+              format = "[+$added]($added_style)/[-$deleted]($deleted_style) ";
+            };
+            git_status = {
+              format = "([$all_status$ahead_behind]($style) )";
+              ahead = "[↑$count](bold green)";
+              behind = "[↓$count](bold red)";
+              diverged = "[↕↓$ahead_count↑$behind_count](red)";
+              deleted = "[✘$count](red) ";
+              modified = "[!$count](yellow) ";
+              staged = "[+$count](green) ";
+              renamed = "[➜$count](green) ";
+              untracked = "[?$count](blue) ";
+            };
+          };
+        };
+      };
+    };
+}

modules/base/system/default.nix

@@ -40,6 +40,13 @@
             ssh-to-age
           ];
 
+          services.gnome.gnome-keyring.enable = true;
+
+          services.dbus.packages = [
+            pkgs.gnome-keyring
+            pkgs.gcr
+          ];
+
           sops = {
             defaultSopsFile = ../../../secrets/secrets.yaml;
             defaultSopsFormat = "yaml";

modules/base/system/fonts.nix

@@ -0,0 +1,22 @@
+{
+
+  flake.modules.nixos.base =
+    { pkgs, ... }:
+    {
+      environment.variables = {
+        # Enable icons in tooling since we have nerdfonts.
+        LOG_ICONS = "true";
+      };
+
+      fonts.packages = with pkgs; [
+        font-awesome
+        powerline-fonts
+        powerline-symbols
+        nerd-fonts.code-new-roman
+        nerd-fonts.fira-code
+        nerd-fonts.symbols-only
+        fira
+      ];
+
+    };
+}

modules/base/system/gpg.nix

@@ -0,0 +1,61 @@
+{
+  flake.modules = {
+    nixos.base =
+      { pkgs, ... }:
+      let
+
+        reload-yubikey = pkgs.writeShellScriptBin "reload-yubikey" ''
+          ${pkgs.gnupg}/bin/gpg-connect-agent "scd serialno" "learn --force" /bye
+        '';
+      in
+      {
+        services.pcscd.enable = true;
+        services.udev.packages = with pkgs; [ yubikey-personalization ];
+
+        environment.systemPackages = with pkgs; [
+          cryptsetup
+          paperkey
+          gnupg
+          pinentry-curses
+          pinentry-qt
+
+          yubikey-manager
+          yubioath-flutter
+          reload-yubikey
+        ];
+
+        programs = {
+          ssh.startAgent = false;
+
+          gnupg.agent = {
+            enable = true;
+            enableSSHSupport = true;
+            enableExtraSocket = true;
+          };
+        };
+
+      };
+
+    homeManager.base =
+      { inputs, pkgs, ... }:
+      let
+        gpgConf = "${inputs.gpg-base-conf}/gpg.conf";
+
+        gpgAgentConf = ''
+          enable-ssh-support
+          default-cache-ttl 60
+          max-cache-ttl 120
+          pinentry-program ${pkgs.pinentry-qt}/bin/pinentry-qt
+        '';
+      in
+      {
+        home.file = {
+          ".gnupg/.keep".text = "";
+
+          ".gnupg/gpg.conf".source = gpgConf;
+          ".gnupg/gpg-agent.conf".text = gpgAgentConf;
+          ".gnupg/scdeamon.conf".text = "disable-ccid";
+        };
+      };
+  };
+}

modules/base/system/helix.nix

@@ -18,7 +18,7 @@
 
       };
 
-    homeManager.base =
+    homeManager.cholli =
       { inputs, pkgs, ... }:
       let
         helix-pkg = inputs.helix.packages.${pkgs.system}.default;

modules/base/system/locale.nix

@@ -0,0 +1,27 @@
+{
+  flake.modules.nixos.base =
+    { lib, ... }:
+    {
+      time.timeZone = "Europe/Berlin";
+      i18n.defaultLocale = "en_US.UTF-8";
+
+      i18n.extraLocaleSettings = {
+        LANG = "en_US.UTF-8";
+        LC_ALL = "en_US.UTF-8";
+        LC_ADDRESS = "de_DE.UTF-8";
+        LC_IDENTIFICATION = "de_DE.UTF-8";
+        LC_MEASUREMENT = "de_DE.UTF-8";
+        LC_MONETARY = "de_DE.UTF-8";
+        LC_NAME = "de_DE.UTF-8";
+        LC_NUMERIC = "de_DE.UTF-8";
+        LC_PAPER = "de_DE.UTF-8";
+        LC_TELEPHONE = "de_DE.UTF-8";
+        LC_TIME = "de_DE.UTF-8";
+      };
+
+      console = {
+        keyMap = lib.mkForce "us";
+        useXkbConfig = true;
+      };
+    };
+}

modules/base/system/nixdaemon.nix

@@ -0,0 +1,61 @@
+{
+  flake.modules.nixos.base =
+    {
+      config,
+      inputs,
+      lib,
+      pkgs,
+      ...
+    }:
+    let
+      username = "cholli";
+    in
+    {
+      environment.systemPackages = with pkgs; [
+        nixfmt-rfc-style
+        nix-prefetch-git
+
+        nix-index
+        nix-output-monitor
+      ];
+
+      programs.nh = {
+        enable = true;
+        package = inputs.nh-flake.packages.${pkgs.system}.nh;
+        flake = "/home/${username}/projects/config";
+      };
+
+      nix = {
+        settings =
+          let
+            users = [
+              "root"
+              username
+            ]
+            ++ lib.optional (builtins.hasAttr "native" config.services.gitea-actions-runner) "gitea-runner"
+            ++ lib.optional config.services.hydra.enable "hydra hydra-www hydra-evaluator hydra-queue-runner";
+          in
+          {
+            experimental-features = "nix-command flakes";
+            http-connections = 50;
+            warn-dirty = false;
+            log-lines = 50;
+            sandbox = "relaxed";
+            auto-optimise-store = true;
+            trusted-users = users;
+            allowed-users = users;
+            allowed-uris = "github: https://github.com/ git+https://github.com/ gitlab: https://gitlab.com/ git+https://gitlab.com/";
+          }
+          // (lib.optionalAttrs config.programs.direnv.enable {
+            keep-outputs = true;
+            keep-derivations = true;
+          });
+
+        gc = {
+          automatic = true;
+          dates = "daily";
+          options = "--delete-older-than 7d";
+        };
+      };
+    };
+}