upload first crack at nix

.gitignore

@@ -0,0 +1,21 @@
+# trash
+.DS_Store
+Thumbs.db
+# temp folders
+.private/
+# archive
+.archive/
+# ansible
+xanmanning.k3s*
+# terraform
+.terraform
+*.tfvars
+# sops
+.decrypted~*
+*.agekey
+*.pub
+*.key
+*.pem
+# envrc
+.envrc
+.nix

.sops.yaml

@@ -0,0 +1,25 @@
+creation_rules:
+    - path_regex: ENC[AES256_GCM,data:4UWcvR4WA4zjeA==,iv:1f8VfdbRV1cBt1lIbVU3OUSTEykGeGIHVlT2nvwdYGc=,tag:BmouRQkH6F1u1dWqP3HS7g==,type:str]
+      key_groups:
+        - age:
+            - ENC[AES256_GCM,data:g1viWMEqgLI9e+En7m+anFttJiG/wg4UJ81dxL/SxYp78ar2WzVx+c+ba2DhLX2LLNg4HBO0XguPOgECrSk=,iv:q5UrfmbfYXh1gj0ZQH9526XVcCMIzW6jWBFibAY8BmU=,tag:jM5LgZkgZSv8+hm9azIbFw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age153gpfdw58csvgxj3vn9ym2g3zx7mfhaldyz5uvvrfajne8htj3asjqrp7h
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdmpzT2Z2V2tiejBHMUVz
+            Q203eWVwOHZOczVUem9lc1dCT3ZSTkVFTUdNCmV2S2lVN3RNZGtTZEl4c2J3T3dD
+            QXhwempEQk15a1VQdUVOdDNqVzNYYlUKLS0tIGJsMXhGQ2dwL3ZtdTFIRmIvRFF2
+            c1QyajJoMVZBcXhaSXpHNHFZRS90SnMKbuTaD/DeA7ocv5UC6CTwcjwwVKVZax5P
+            AnacA8WeTDMNk2ymbXdLLq//9YsBRgDSQTboNJ3P+oVG0Vd+fsSeOQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-12T05:10:54Z"
+    mac: ENC[AES256_GCM,data:JzRjDNcI3h2XehHmkp9kiscf7ET2eHv5tHxEbfPpJYVPBUXD+yiigNQDJTWUq0C01NxA68cwJRqve+uVXBnthB2XQcVEWfGaso3LKMYEmjXTx4pTgI46YkJAdhKL9u+BmwIHJlX2dJN2eYyGvvQKzYVjgtr16oa1V5jWxpeFtUg=,iv:O0FTUr1lzNq4RN7B4CME87NYTdgXV0xgXtrp5CiUtOk=,tag:9jarvnBO4QVqtpLXe5Q0rA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.0

flake.nix

@@ -0,0 +1,77 @@
+{
+  description = "Spiceratops Nix Config";
+
+  inputs = {
+    # Nixpkgs
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    # You can access packages and modules from different nixpkgs revs
+    # at the same time. Here's an working example:
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    # Also see the 'unstable-packages' overlay at 'overlays/default.nix'.
+
+    # Home manager
+    home-manager.url = "github:nix-community/home-manager/release-24.05";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    home-manager,
+    ...
+  } @ inputs: let
+    inherit (self) outputs;
+    # Supported systems for your flake packages, shell, etc.
+    systems = [
+      "aarch64-linux"
+      "i686-linux"
+      "x86_64-linux"
+      "aarch64-darwin"
+      "x86_64-darwin"
+    ];
+    # This is a function that generates an attribute by calling a function you
+    # pass to it, with each system as an argument
+    forAllSystems = nixpkgs.lib.genAttrs systems;
+  in {
+    # Your custom packages
+    # Accessible through 'nix build', 'nix shell', etc
+    packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
+    # Formatter for your nix files, available through 'nix fmt'
+    # Other options beside 'alejandra' include 'nixpkgs-fmt'
+    formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
+
+    # Your custom packages and modifications, exported as overlays
+    overlays = import ./overlays {inherit inputs;};
+    # Reusable nixos modules you might want to export
+    # These are usually stuff you would upstream into nixpkgs
+    nixosModules = import ./modules/nixos;
+    # Reusable home-manager modules you might want to export
+    # These are usually stuff you would upstream into home-manager
+    homeManagerModules = import ./modules/home-manager;
+
+    # NixOS configuration entrypoint
+    # Available through 'nixos-rebuild --flake .#your-hostname'
+    nixosConfigurations = {
+      devbox = nixpkgs.lib.nixosSystem {
+        specialArgs = {inherit inputs outputs;};
+        modules = [
+          # > Our main nixos configuration file <
+          ./hosts/devbox/configuration.nix
+        ];
+      };
+    };
+
+    # Standalone home-manager configuration entrypoint
+    # Available through 'home-manager --flake .#your-username@your-hostname'
+    homeConfigurations = {
+      "stewart@devbox" = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
+        extraSpecialArgs = {inherit inputs outputs;};
+        modules = [
+          # > Our main home-manager configuration file <
+          ./home-manager/home.nix
+        ];
+      };
+    };
+  };
+}

home-manager/home.nix

@@ -0,0 +1,65 @@
+# This is your home-manager configuration file
+# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  # You can import other home-manager modules here
+  imports = [
+    # If you want to use modules your own flake exports (from modules/home-manager):
+    # outputs.homeManagerModules.example
+
+    # Or modules exported from other flakes (such as nix-colors):
+    # inputs.nix-colors.homeManagerModules.default
+
+    # You can also split up your configuration and import pieces of it here:
+    # ./nvim.nix
+  ];
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+      # Add overlays your own flake exports (from overlays and pkgs dir):
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.unstable-packages
+
+      # You can also add overlays exported from other flakes:
+      # neovim-nightly-overlay.overlays.default
+
+      # Or define it inline, for example:
+      # (final: prev: {
+      #   hi = final.hello.overrideAttrs (oldAttrs: {
+      #     patches = [ ./change-hello-to-hi.patch ];
+      #   });
+      # })
+    ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+  home = {
+    username = "stewart";
+    homeDirectory = "/home/stewart";
+  };
+
+  # Add stuff for your user as you see fit:
+  # programs.neovim.enable = true;
+  # home.packages = with pkgs; [ steam ];
+
+  # Enable home-manager and git
+  programs.home-manager.enable = true;
+  programs.git.enable = true;
+
+  # Nicely reload system units when changing configs
+  systemd.user.startServices = "sd-switch";
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  home.stateVersion = "23.05";
+}

hosts/devbox/configuration.nix

@@ -0,0 +1,97 @@
+# This is your system's configuration file.
+# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  # You can import other NixOS modules here
+  imports = [
+    # If you want to use modules your own flake exports (from modules/nixos):
+    # outputs.nixosModules.example
+
+    # Or modules from other flakes (such as nixos-hardware):
+    # inputs.hardware.nixosModules.common-cpu-amd
+    # inputs.hardware.nixosModules.common-ssd
+
+    # You can also split up your configuration and import pieces of it here:
+    # ./users.nix
+
+    # Import your generated (nixos-generate-config) hardware configuration
+    ./hardware-configuration.nix
+    <nixos-wsl/modules>
+  ];
+
+  nixpkgs = {
+    # You can add overlays here
+    overlays = [
+      # Add overlays your own flake exports (from overlays and pkgs dir):
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.unstable-packages
+
+      # You can also add overlays exported from other flakes:
+      # neovim-nightly-overlay.overlays.default
+
+      # Or define it inline, for example:
+      # (final: prev: {
+      #   hi = final.hello.overrideAttrs (oldAttrs: {
+      #     patches = [ ./change-hello-to-hi.patch ];
+      #   });
+      # })
+    ];
+    # Configure your nixpkgs instance
+    config = {
+      # Disable if you don't want unfree packages
+      allowUnfree = true;
+    };
+  };
+
+  nix = let
+    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
+  in {
+    settings = {
+      # Enable flakes and new 'nix' command
+      experimental-features = "nix-command flakes";
+      # Opinionated: disable global registry
+      flake-registry = "";
+      # Workaround for https://github.com/NixOS/nix/issues/9574
+      nix-path = config.nix.nixPath;
+    };
+    # Opinionated: disable channels
+    channel.enable = false;
+
+    # Opinionated: make flake registry and nix path match flake inputs
+    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
+    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
+  };
+
+  networking.hostName = "devbox";
+
+  users.users = {
+    stewart = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcbIqtYV7xyO1+sP1sCx+/Z6HYTsh+1gYG+5VF1pCW3
+      ];
+      extraGroups = ["wheel"];
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  wsl.enable = true;
+  wsl.defaultUser = "nixos";
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "23.05";
+}

hosts/devbox/hardware-configuration.nix

@@ -0,0 +1,85 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "virtio_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/mnt/wsl" =
+    { device = "none";
+      fsType = "tmpfs";
+    };
+
+  fileSystems."/usr/lib/wsl/drivers" =
+    { device = "none";
+      fsType = "9p";
+    };
+
+  fileSystems."/usr/lib/wsl/lib" =
+    { device = "none";
+      fsType = "overlay";
+    };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/0e14528b-0dad-4fe6-817c-849123ef4357";
+      fsType = "ext4";
+    };
+
+  fileSystems."/mnt/wslg" =
+    { device = "none";
+      fsType = "tmpfs";
+    };
+
+  fileSystems."/mnt/wslg/distro" =
+    { device = "";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+  fileSystems."/mnt/wslg/doc" =
+    { device = "none";
+      fsType = "overlay";
+    };
+
+  fileSystems."/mnt/wslg/.X11-unix" =
+    { device = "/mnt/wslg/.X11-unix";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+  fileSystems."/mnt/c" =
+    { device = "drvfs";
+      fsType = "9p";
+    };
+
+  fileSystems."/mnt/g" =
+    { device = "drvfs";
+      fsType = "9p";
+    };
+
+  fileSystems."/mnt/p" =
+    { device = "drvfs";
+      fsType = "9p";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/45e67d77-53a6-4e8b-8488-134ecc04e37c"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.bonding_masters.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

modules/home-manager/default.nix

@@ -0,0 +1,6 @@
+# Add your reusable home-manager modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
+# These should be stuff you would like to share with others, not your personal configurations.
+{
+  # List your module files here
+  # my-module = import ./my-module.nix;
+}

modules/nixos/default.nix

@@ -0,0 +1,6 @@
+# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
+# These should be stuff you would like to share with others, not your personal configurations.
+{
+  # List your module files here
+  # my-module = import ./my-module.nix;
+}