diff --git a/flake.lock b/flake.lock index 99aab77..1498ff4 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,135 @@ { "nodes": { + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1689633990, + "narHash": "sha256-iwvQg2Vx0IIDWZaKo8Xmzxlv1YPHg+Kp/QSv8dRv0RY=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "dddf2e1c04845d43c89a8e9e37d574519649a404", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-alacritty": { + "flake": false, + "locked": { + "lastModified": 1674275109, + "narHash": "sha256-Adwx9yP70I6mJrjjODOgZJjt4OPPe8gJu7UuBboXO4M=", + "owner": "aarowill", + "repo": "base16-alacritty", + "rev": "63d8ae5dfefe5db825dd4c699d0cdc2fc2c3eaf7", + "type": "github" + }, + "original": { + "owner": "aarowill", + "repo": "base16-alacritty", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-foot": { + "flake": false, + "locked": { + "lastModified": 1696725948, + "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "owner": "tinted-theming", + "repo": "base16-foot", + "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-foot", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1696727917, + "narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-kitty": { + "flake": false, + "locked": { + "lastModified": 1665001328, + "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", + "owner": "kdrag0n", + "repo": "base16-kitty", + "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", + "type": "github" + }, + "original": { + "owner": "kdrag0n", + "repo": "base16-kitty", + "type": "github" + } + }, + "base16-tmux": { + "flake": false, + "locked": { + "lastModified": 1696725902, + "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "owner": "tinted-theming", + "repo": "base16-tmux", + "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-tmux", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1663659192, + "narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=", + "owner": "chriskempson", + "repo": "base16-vim", + "rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d", + "type": "github" + }, + "original": { + "owner": "chriskempson", + "repo": "base16-vim", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -20,6 +150,38 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1689549921, + "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +202,27 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700847865, + "narHash": "sha256-uWaOIemGl9LF813MW0AEgCBpKwFo2t1Wv3BZc6e5Frw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "8cedd63eede4c22deb192f1721dd67e7460e1ebe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1700392353, @@ -72,12 +255,57 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1700856099, + "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "stylix": "stylix" + } + }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-alacritty": "base16-alacritty", + "base16-fish": "base16-fish", + "base16-foot": "base16-foot", + "base16-helix": "base16-helix", + "base16-kitty": "base16-kitty", + "base16-tmux": "base16-tmux", + "base16-vim": "base16-vim", + "flake-compat": "flake-compat", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1701532764, + "narHash": "sha256-Jrizp/nITbul2HBIraQRDw5lyJnzTsj0K9wZUFYX2gg=", + "owner": "danth", + "repo": "stylix", + "rev": "17a452c5d58bb90057d49c7e3e613b5e6dc1c0f4", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 793d6cc..27ccc40 100644 --- a/flake.nix +++ b/flake.nix @@ -4,13 +4,18 @@ experimental-features = [ "nix-command" "flakes" ]; }; inputs = { + # System nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - home-manager.url = "github:nix-community/home-manager"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; + # Home Manager + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + # Theming + stylix.url = "github:danth/stylix"; }; outputs = inputs@{ self, nixpkgs, home-manager, ... }: @@ -20,19 +25,6 @@ in { nixosConfigurations = { - /* nixos-test = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/nixos-test - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = inputs; - home-manager.users.panotaka = import ./home; - } - ]; - };*/ Equinox = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -54,6 +46,10 @@ ]; }; } + # Commenting out for now. Stylix seems to be broken. + /* inputs.stylix.nixosModules.stylix + ./themes/targets/all.nix + ./themes/sandstone-forest */ ]; }; }; diff --git a/home/default.nix b/home/default.nix index f9b215b..ba7690b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -15,7 +15,7 @@ # You can update Home Manager without changing this value. See # the Home Manager release notes for a list of state version # changes in each release. - stateVersion = "23.05"; + stateVersion = "23.11"; }; # Let Home Manager install and manage itself. diff --git a/home/desktop/common.nix b/home/desktop/common.nix index 27c69a3..c20d24b 100644 --- a/home/desktop/common.nix +++ b/home/desktop/common.nix @@ -3,5 +3,13 @@ # Work-specific programs teams-for-linux + # Creative tools + blender + inkscape + + # Productivity tools + libreoffice-qt + hunspell + hunspellDicts.en_CA ]; } diff --git a/home/shell/default.nix b/home/shell/default.nix index 5b90b5d..b5d171f 100644 --- a/home/shell/default.nix +++ b/home/shell/default.nix @@ -1,19 +1,19 @@ { config, ... }: { imports = [ - ./nushell - ./zsh - ./fish - ./common.nix - ./starship.nix - ./git.nix - ./eza.nix ./atuin.nix ./autojump.nix ./bat.nix + ./common.nix ./direnv.nix - ./tldr.nix + ./eza.nix + ./fish + ./git.nix + ./nushell ./rmtrash.nix + ./starship.nix + ./tldr.nix + ./zsh ]; } diff --git a/home/shell/fish/default.nix b/home/shell/fish/default.nix index f666d4f..d83b77a 100644 --- a/home/shell/fish/default.nix +++ b/home/shell/fish/default.nix @@ -3,6 +3,11 @@ , ... }: { + home.packages = with pkgs; [ + grc + ]; + + programs.fish = { enable = true; diff --git a/home/shell/starship.nix b/home/shell/starship.nix index 08863d3..19dcd99 100644 --- a/home/shell/starship.nix +++ b/home/shell/starship.nix @@ -4,73 +4,280 @@ enable = true; settings = { add_newline = false; - format = lib.concatStrings [ - "[](blue)" - "[$username:$hostname](bold white bg:blue)" - "[](bg:#769ff0 fg:blue)" - "$directory" - "[](fg:#769ff0 bg:#394260)" - "$git_branch" - "$git_status" - "[](fg:#394260 bg:#212736)" - "[](fg:#212736 bg:#1d2230)" - "$time" - "[ ](fg:#1d2230)" - " $character" - ]; - command_timeout = 5000; - - # Disable the blank line at the start of the prompt - # add_newline = false - - # You can also replace your username with a neat symbol like  to save some space - username = { - show_always = true; - format = "$user"; + character = { + success_symbol = "[>](bold green)"; + error_symbol = "[x](bold red)"; + vimcmd_symbol = "[<](bold green)"; }; - hostname = { - ssh_only = false; - format = "$hostname"; - disabled = false; + git_commit = { + tag_symbol = " tag "; + }; + + git_status = { + ahead = ">"; + behind = "<"; + diverged = "<>"; + renamed = "r"; + deleted = "x"; + }; + + aws = { + symbol = "aws "; + }; + + azure = { + symbol = "az "; + }; + + bun = { + symbol = "bun "; + }; + + c = { + symbol = "C "; + }; + + cobol = { + symbol = "cobol "; + }; + + conda = { + symbol = "conda "; + }; + + crystal = { + symbol = "cr "; + }; + + cmake = { + symbol = "cmake "; + }; + + daml = { + symbol = "daml "; + }; + + dart = { + symbol = "dart "; + }; + + deno = { + symbol = "deno "; + }; + + dotnet = { + symbol = ".NET "; }; directory = { - style = "fg:#e3e5e5 bg:#769ff0"; - format = "[ $path ]($style)"; - truncation_length = 3; - truncation_symbol = "…/"; + read_only = " ro"; }; - # Here is how you can shorten some long paths by text replacement - # similar to mapped_locations in Oh My Posh: - directory.substitutions = { - "Documents" = "󰈙 "; - "Downloads" = " "; - "Music" = " "; - "Pictures" = " "; + docker_context = { + symbol = "docker "; }; - # Keep in mind that the order matters. For ezample: - # "Important Documents" = "  " - # will not be replaced, because "Documents" was already substituted before. - # So either put "Important Documents" before "Documents" or use the substituted version: - # "Important  " = "  " + + elixir = { + symbol = "exs "; + }; + + elm = { + symbol = "elm "; + }; + + fennel = { + symbol = "fnl "; + }; + + fossil_branch = { + symbol = "fossil "; + }; + + gcloud = { + symbol = "gcp "; + }; + git_branch = { - symbol = ""; - style = "bg:#4C566A"; - format = "[ $symbol $branch ]($style)"; + symbol = "git "; }; - git_status = { - style = "bg:#394260"; - format = - "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; + + golang = { + symbol = "go "; }; - time = { - disabled = false; - time_format = "%R"; - style = "bg:#33658A"; - format = "[ $time ]($style)"; + + gradle = { + symbol = "gradle "; }; + + guix_shell = { + symbol = "guix "; + }; + + hg_branch = { + symbol = "hg "; + }; + + java = { + symbol = "java "; + }; + + julia = { + symbol = "jl "; + }; + + kotlin = { + symbol = "kt "; + }; + + lua = { + symbol = "lua "; + }; + + nodejs = { + symbol = "nodejs "; + }; + + memory_usage = { + symbol = "memory "; + }; + + meson = { + symbol = "meson "; + }; + + nim = { + symbol = "nim "; + }; + + nix_shell = { + symbol = "nix "; + }; + + ocaml = { + symbol = "ml "; + }; + + opa = { + symbol = "opa "; + }; + + os.symbols = { + Alpaquita = "alq "; + Alpine = "alp "; + Amazon = "amz "; + Android = "andr "; + Arch = "rch "; + Artix = "atx "; + CentOS = "cent "; + Debian = "deb "; + DragonFly = "dfbsd "; + Emscripten = "emsc "; + EndeavourOS = "ndev "; + Fedora = "fed "; + FreeBSD = "fbsd "; + Garuda = "garu "; + Gentoo = "gent "; + HardenedBSD = "hbsd "; + Illumos = "lum "; + Linux = "lnx "; + Mabox = "mbox "; + Macos = "mac "; + Manjaro = "mjo "; + Mariner = "mrn "; + MidnightBSD = "mid "; + Mint = "mint "; + NetBSD = "nbsd "; + NixOS = "nix "; + OpenBSD = "obsd "; + OpenCloudOS = "ocos "; + openEuler = "oeul "; + openSUSE = "osuse "; + OracleLinux = "orac "; + Pop = "pop "; + Raspbian = "rasp "; + Redhat = "rhl "; + RedHatEnterprise = "rhel "; + Redox = "redox "; + Solus = "sol "; + SUSE = "suse "; + Ubuntu = "ubnt "; + Unknown = "unk "; + Windows = "win "; + }; + + package = { + symbol = "pkg "; + }; + + perl = { + symbol = "pl "; + }; + + php = { + symbol = "php "; + }; + + pijul_channel = { + symbol = "pijul "; + }; + + pulumi = { + symbol = "pulumi "; + }; + + purescript = { + symbol = "purs "; + }; + + python = { + symbol = "py "; + }; + + raku = { + symbol = "raku "; + }; + + ruby = { + symbol = "rb "; + }; + + rust = { + symbol = "rs "; + }; + + scala = { + symbol = "scala "; + }; + + spack = { + symbol = "spack "; + }; + + solidity = { + symbol = "solidity "; + }; + + status = { + symbol = "x = {(bold red) "; + }; + + sudo = { + symbol = "sudo "; + }; + + swift = { + symbol = "swift "; + }; + + terraform = { + symbol = "terraform "; + }; + + zig = { + symbol = "zig "; + }; + }; }; } diff --git a/hosts/Equinox/default.nix b/hosts/Equinox/default.nix index ac0dce5..f0a666b 100644 --- a/hosts/Equinox/default.nix +++ b/hosts/Equinox/default.nix @@ -7,7 +7,7 @@ in # System version - system.stateVersion = "23.05"; + system.stateVersion = "23.11"; imports = [ @@ -20,6 +20,7 @@ in # Import system configuration ../../modules/system.nix + ../../modules/harden.nix ../../modules/kde.nix ]; diff --git a/hosts/nixos-test/default.nix b/hosts/nixos-test/default.nix deleted file mode 100644 index 43e09c7..0000000 --- a/hosts/nixos-test/default.nix +++ /dev/null @@ -1,53 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ - ../../modules/system.nix - ../../modules/i3.nix - - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Bootloader. - boot.loader = { - # efi = { - # canTouchEfiVariables = true; - # efiSysMountPoint = "/boot/efi"; # ← use the same mount point here. - # }; - grub = { - enable = true; - device = "/dev/sda"; # "nodev" - efiSupport = false; - useOSProber = true; - #efiInstallAsRemovable = true; # in case canTouchEfiVariables doesn't work for your system - }; - }; - - networking.hostName = "nixos-test"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - networking.defaultGateway = "192.168.5.201"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} - - diff --git a/hosts/nixos-test/hardware-configuration.nix b/hosts/nixos-test/hardware-configuration.nix deleted file mode 100644 index a53d800..0000000 --- a/hosts/nixos-test/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/b779eb19-e43d-4f07-a91f-eb08bd8e1202"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/modules/harden.nix b/modules/harden.nix new file mode 100644 index 0000000..0d9c819 --- /dev/null +++ b/modules/harden.nix @@ -0,0 +1,23 @@ +{ + networking.firewall.enable = true; + + security.sudo.execWheelOnly = true; + + security.sudo.wheelNeedsPassword = true; + + security.auditd.enable = true; + security.audit.enable = true; + + services = { + openssh = { + enable = true; + settings.PermitRootLogin = "no"; # distributed-build.nix requires it + settings.PasswordAuthentication = false; + allowSFTP = false; + }; + fail2ban = { + enable = true; + }; + }; + nix.settings.allowed-users = [ "root" "@users" ]; +} diff --git a/modules/system.nix b/modules/system.nix index 47dc61b..8720c76 100644 --- a/modules/system.nix +++ b/modules/system.nix @@ -1,15 +1,9 @@ { config, pkgs, ... }: { - # Enable CUPS to print documents. services.printing.enable = true; - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - networking.firewall.enable = false; - # Enable the OpenSSH daemon. services.openssh = { enable = true; @@ -24,15 +18,19 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; + # Add system packages environment.systemPackages = with pkgs; [ - git ]; + # Enable fish shell + programs.fish.enable = true; + # Define a user account. Don't forget to set a password with ‘passwd’. users.users.panotaka = { isNormalUser = true; description = "panotaka"; extraGroups = [ "networkmanager" "wheel" ]; + shell = pkgs.fish; openssh.authorizedKeys.keys = [ ]; }; diff --git a/themes/sandstone-forest/default.nix b/themes/sandstone-forest/default.nix new file mode 100644 index 0000000..1904283 --- /dev/null +++ b/themes/sandstone-forest/default.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: + +{ + stylix.image = ./wallpaper.jpg; + stylix.polarity = "dark"; + + stylix.fonts = { + serif = { + package = pkgs.dejavu_fonts; + name = "DejaVu Serif"; + }; + + sansSerif = { + package = pkgs.dejavu_fonts; + name = "DejaVu Sans"; + }; + + monospace = { + package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }; + name = "JetBrainsMono Nerd Font"; + }; + + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; +} diff --git a/themes/sandstone-forest/wallpaper.jpg b/themes/sandstone-forest/wallpaper.jpg new file mode 100644 index 0000000..43a721b Binary files /dev/null and b/themes/sandstone-forest/wallpaper.jpg differ diff --git a/themes/targets/all.nix b/themes/targets/all.nix new file mode 100644 index 0000000..85e786e --- /dev/null +++ b/themes/targets/all.nix @@ -0,0 +1,3 @@ +{ + stylix.autoEnable = true; +}