From e6ed60548397627bf10f561f9438201dbba0a36e Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 21 Apr 2024 02:15:42 +0300 Subject: 2024-04-21 --- modules/profiles/default.nix | 62 ++++++++++++++++++ modules/profiles/dev/containers.nix | 71 ++++++++++++++++++++ modules/profiles/dev/default.nix | 94 +++++++++++++++++++++++++++ modules/profiles/dev/gdbinit | 41 ++++++++++++ modules/profiles/dev/ghci.conf | 35 ++++++++++ modules/profiles/dev/pystartup.py | 121 ++++++++++++++++++++++++++++++++++ modules/profiles/dev/sql.nix | 105 ++++++++++++++++++++++++++++++ modules/profiles/email.nix | 125 ++++++++++++++++++++++++++++++++++++ modules/profiles/headful.nix | 124 +++++++++++++++++++++++++++++++++++ modules/profiles/headless.nix | 61 ++++++++++++++++++ 10 files changed, 839 insertions(+) create mode 100644 modules/profiles/default.nix create mode 100644 modules/profiles/dev/containers.nix create mode 100644 modules/profiles/dev/default.nix create mode 100644 modules/profiles/dev/gdbinit create mode 100644 modules/profiles/dev/ghci.conf create mode 100644 modules/profiles/dev/pystartup.py create mode 100644 modules/profiles/dev/sql.nix create mode 100644 modules/profiles/email.nix create mode 100644 modules/profiles/headful.nix create mode 100644 modules/profiles/headless.nix (limited to 'modules/profiles') diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix new file mode 100644 index 0000000..e3002b0 --- /dev/null +++ b/modules/profiles/default.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.default; +in +{ + imports = attrValues (modulesIn ./.); + + options.nixfiles.modules.profiles.default.enable = + mkEnableOption "The most default profile of them all." + // { + default = true; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !(with this; isHeadless && isHeadful); + message = '' + The configuration cannot be both "headful" and "headless" at the same + time. + ''; + } + ]; + + ark.directories = [ "/var/log" ]; + + nixfiles.modules = { + bat.enable = true; + eza.enable = true; + htop.enable = true; + tmux.enable = true; + vim.enable = true; + }; + + programs.less = { + enable = true; + envVariables.LESSHISTFILE = "-"; + }; + + time.timeZone = "Europe/Moscow"; + + environment.systemPackages = with pkgs; [ + cryptsetup + file + lshw + lsof + pciutils + psmisc + sysstat + tree + usbutils + util-linux + ]; + }; +} diff --git a/modules/profiles/dev/containers.nix b/modules/profiles/dev/containers.nix new file mode 100644 index 0000000..f75a26b --- /dev/null +++ b/modules/profiles/dev/containers.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.dev.containers; +in +{ + options.nixfiles.modules.profiles.dev.containers.enable = + mkEnableOption "Tools for working with containers and container orchestration" + // { + default = config.nixfiles.modules.profiles.dev.enable; + }; + + config = mkIf cfg.enable { + nixfiles.modules = { + common.shell.aliases = { + h = "helm"; + k = "kubectl"; + kns = "kubens"; + ktx = "kubectx"; + b = "buildah"; + }; + podman.enable = true; + }; + + hm = { + home = { + sessionVariables = { + MINIKUBE_HOME = "${config.dirs.config}/minikube"; + MINIKUBE_IN_STYLE = "false"; + WERF_DEV = "true"; + WERF_INSECURE_REGISTRY = "true"; + WERF_LOG_DEBUG = "true"; + WERF_LOG_PRETTY = "false"; + WERF_LOG_VERBOSE = "true"; + WERF_SYNCHRONIZATION = ":local"; + WERF_TELEMETRY = "false"; + }; + + packages = with pkgs; [ + buildah + k9s + kubectl + kubectl-doctor + kubectl-images + kubectl-tree + kubectx + kubelogin-oidc + kubent + kubernetes-helm + kubespy + minikube + skopeo + stern + telepresence2 + werf + ]; + }; + + xdg.dataFile."minikube/config/config.json".text = generators.toJSON { } { + config.Rootless = true; + driver = "podman"; + container-runtime = "cri-o"; + }; + }; + }; +} diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix new file mode 100644 index 0000000..eab447c --- /dev/null +++ b/modules/profiles/dev/default.nix @@ -0,0 +1,94 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.dev; +in +{ + imports = attrValues (modulesIn ./.); + + options.nixfiles.modules.profiles.dev.enable = mkEnableOption "Catch-all profile for stuff related to software development and etc."; + + config = mkIf cfg.enable { + nixfiles.modules = { + bat.enable = true; + curl.enable = true; + direnv.enable = true; + editorconfig.enable = true; + git.client.enable = true; + nmap.enable = true; + wget.enable = true; + }; + + hm = { + home = { + sessionVariables = rec { + CABAL_DIR = "${config.dirs.data}/cabal"; + CABAL_CONFIG = pkgs.writeText "cabal-config" '' + repository hackage.haskell.org + url: https://hackage.haskell.org/ + secure: True + + jobs: $ncpus + + remote-repo-cache: ${CABAL_DIR}/packages + + world-file: ${CABAL_DIR}/world + + logs-dir: ${CABAL_DIR}/logs + build-summary: ${CABAL_DIR}/logs/build.log + + installdir: ${CABAL_DIR}/bin + extra-prog-path: ${CABAL_DIR}/bin + ''; + STACK_ROOT = "${config.dirs.data}/stack"; + + RUSTUP_HOME = "${config.dirs.data}/rustup"; + CARGO_HOME = "${config.dirs.data}/cargo"; + + GOPATH = "${config.dirs.data}/go"; + GORE_HOME = "${config.dirs.data}/gore"; + + PYTHONSTARTUP = ./pystartup.py; + }; + + packages = with pkgs; [ + age + htmlq + httpie + hydra-check + jq + logcli + nix-update + nixpkgs-review + sops + yq + ]; + + language = { + collate = "C"; + messages = "C"; + }; + }; + + xdg.configFile = { + "gdb/gdbinit".source = ./gdbinit; + "ghc/ghci.conf".source = ./ghci.conf; + }; + }; + + programs.wireshark = { + enable = true; + package = pkgs.wireshark; + }; + + my.extraGroups = [ + "kvm" + "wireshark" + ]; + }; +} diff --git a/modules/profiles/dev/gdbinit b/modules/profiles/dev/gdbinit new file mode 100644 index 0000000..e266236 --- /dev/null +++ b/modules/profiles/dev/gdbinit @@ -0,0 +1,41 @@ +set confirm off +set verbose off +set editing off + +set history expansion on + +set height 0 +set width 0 + +handle SIGALRM nostop print nopass +handle SIGBUS stop print nopass +handle SIGPIPE nostop print nopass +handle SIGSEGV stop print nopass + +set print address on +set print elements 0 +set print object on +set print pretty on +set print repeats 0 +set print static-members on +set print vtbl on + +set output-radix 10 + +set demangle-style gnu-v3 + +set disassembly-flavor intel + +alias iv=info variables + +alias da=disassemble + +define fs + finish + step +end + +define btc + backtrace + continue +end diff --git a/modules/profiles/dev/ghci.conf b/modules/profiles/dev/ghci.conf new file mode 100644 index 0000000..d672167 --- /dev/null +++ b/modules/profiles/dev/ghci.conf @@ -0,0 +1,35 @@ +:set -XBinaryLiterals +:set -XFlexibleContexts +:set -XNoMonomorphismRestriction + +:seti -XConstraintKinds +:seti -XDataKinds +:seti -XDeriveFunctor +:seti -XFlexibleInstances +:seti -XFunctionalDependencies +:seti -XGADTs +:seti -XLambdaCase +:seti -XMagicHash +:seti -XMultiParamTypeClasses +:seti -XMultiWayIf +:seti -XOverloadedLabels +:seti -XPackageImports +:seti -XPolyKinds +:seti -XRankNTypes +:seti -XScopedTypeVariables +:seti -XStandaloneDeriving +:seti -XTupleSections +:seti -XTypeFamilies +:seti -XTypeOperators +:seti -XUndecidableInstances + +:set +c +:set +m +:set +r +:set +s +:set +t + +:set prompt "\ESC[1;34m>\ESC[m\STX " +:set prompt-cont "\ESC[1;94m|\ESC[m\STX " + +:def hoogle \x -> pure (":!hoogle --color --count=10 \"" ++ x ++ "\"") diff --git a/modules/profiles/dev/pystartup.py b/modules/profiles/dev/pystartup.py new file mode 100644 index 0000000..adde66c --- /dev/null +++ b/modules/profiles/dev/pystartup.py @@ -0,0 +1,121 @@ +import atexit +import os +import readline +import rlcompleter +import sys +from code import InteractiveConsole +from tempfile import mkstemp + +readline.parse_and_bind("tab: complete") + + +class TermColors(dict): + color_templates = ( + ("Normal", "0"), + ("Black", "0;30"), + ("Red", "0;31"), + ("Green", "0;32"), + ("Brown", "0;33"), + ("Blue", "0;34"), + ("Purple", "0;35"), + ("Cyan", "0;36"), + ("LightGray", "0;37"), + ("DarkGray", "1;30"), + ("LightRed", "1;31"), + ("LightGreen", "1;32"), + ("Yellow", "1;33"), + ("LightBlue", "1;34"), + ("LightPurple", "1;35"), + ("LightCyan", "1;36"), + ("White", "1;37"), + ) + color_base = "\001\033[%sm\002" + + def __init__(self): + self.update(dict([(k, self.color_base % v) for k, v in self.color_templates])) + + +class Completer(object): + def save_history(self): + import readline + + readline.write_history_file(self.python_histfile) + + def __init__(self): + self.python_dir = os.path.expanduser("%s/python" % os.environ["XDG_DATA_HOME"]) + + if not os.path.exists(self.python_dir): + os.mkdir(self.python_dir) + + self.python_histfile = os.path.expanduser("%s/history" % self.python_dir) + + if os.path.exists(self.python_histfile): + readline.read_history_file(self.python_histfile) + + readline.set_history_length(1000) + atexit.register(self.save_history) + + +def DisplayHook(value): + if value is not None: + try: + import __builtin__ + + __builtin__._ = value + except ImportError: + __builtins__._ = value + + import pprint + + pprint.pprint(value) + del pprint + + +class EditableBufferInteractiveConsole(InteractiveConsole): + def __init__(self, *args, **kwargs): + self.last_buffer = [] + InteractiveConsole.__init__(self, *args, **kwargs) + + def runsource(self, source, *args): + self.last_buffer = [source.encode("utf-8")] + return InteractiveConsole.runsource(self, source, *args) + + def raw_input(self, *args): + line = InteractiveConsole.raw_input(self, *args) + + if line == EDIT_CMD: + tmp_fd, tmp_file = mkstemp(".py") + + os.write(tmp_fd, b"\n".join(self.last_buffer)) + os.close(tmp_fd) + + os.system("%s %s" % (EDITOR, tmp_file)) + + line = open(tmp_file).read() + + os.unlink(tmp_file) + tmp_file = "" + + lines = line.split("\n") + + for i in range(len(lines) - 1): + self.push(lines[i]) + + line = lines[-1] + return line + + +TC = TermColors() +ps1 = "%sλ%s %s>%s " +sys.ps1 = ps1 % (TC["Blue"], TC["Normal"], TC["White"], TC["Normal"]) +ps2 = " %s…%s %s>%s " +sys.ps2 = ps2 % (TC["Blue"], TC["Normal"], TC["White"], TC["Normal"]) +sys.displayhook = DisplayHook + +C = Completer() +EDITOR = os.environ.get("EDITOR", "vim") +EDIT_CMD = ":e" +C = EditableBufferInteractiveConsole(locals=locals()) +C.interact(banner="") + +sys.exit() diff --git a/modules/profiles/dev/sql.nix b/modules/profiles/dev/sql.nix new file mode 100644 index 0000000..c2d4894 --- /dev/null +++ b/modules/profiles/dev/sql.nix @@ -0,0 +1,105 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.dev.sql; +in +{ + options.nixfiles.modules.profiles.dev.sql.enable = + mkEnableOption "SQL stuff and database management tools" + // { + default = config.nixfiles.modules.profiles.dev.enable; + }; + + config = mkIf cfg.enable { + hm = { + home.packages = with pkgs; [ + pgcli + litecli + ]; + + xdg = + let + mainSection = { + destructive_warning = "True"; + enable_pager = "True"; + keyword_casing = "auto"; + less_chatty = "True"; + log_file = "/dev/null"; + log_level = "CRITICAL"; + multi_line = "False"; + syntax_style = "default"; + table_format = "fancy_grid"; + }; + + colorsSection = with config.colors.withHashtag; { + "arg-toolbar" = "noinherit bold"; + "arg-toolbar.text" = "nobold"; + "bottom-toolbar" = "bg:${base01} ${base06}"; + "bottom-toolbar.off" = "bg:${base01} ${base02}"; + "bottom-toolbar.on" = "bg:${base01} ${base07}"; + "bottom-toolbar.transaction.failed" = "bg:${base01} ${base08} bold"; + "bottom-toolbar.transaction.valid" = "bg:${base01} ${base0B} bold"; + "completion-menu.completion" = "bg:${base01} ${base06}"; + "completion-menu.completion.current" = "bg:${base06} ${base01}"; + "completion-menu.meta.completion" = "bg:${base01} ${base13}"; + "completion-menu.meta.completion.current" = "bg:${base09} ${base01}"; + "completion-menu.multi-column-meta" = "bg:${base09} ${base01}"; + "scrollbar" = "bg:${base01}"; + "scrollbar.arrow" = "bg:${base01}"; + "search" = "bg:${base17} ${base07}"; + "search-toolbar" = "noinherit bold"; + "search-toolbar.text" = "nobold"; + "search.current" = "bg:${base14} ${base07}"; + "selected" = "bg:${base0D} ${base07}"; + "system-toolbar" = "noinherit bold"; + }; + + mkCliConfig = + { name, custom }: + { + "${name}/config" = { + text = generators.toINI { } { + main = mainSection // custom; + colors = mapAttrs (_: v: "'${v}'") colorsSection; + }; + }; + }; + in + { + configFile = mkMerge ( + map mkCliConfig [ + { + name = "pgcli"; + custom = { + prompt = "'\\u@\\h:\\d> '"; + multi_line_mode = "psql"; + on_error = "STOP"; + auto_expand = "True"; + expand = "True"; + keyring = "False"; + vi = "True"; + casing_file = "/dev/null"; + history_file = "/dev/null"; + }; + } + { + name = "litecli"; + custom = { + prompt = "'\\d> '"; + prompt_continuation = "'-> '"; + auto_vertical_output = "True"; + key_bindings = "vi"; + audit_log = "/dev/null"; + }; + } + ] + ); + }; + }; + }; +} diff --git a/modules/profiles/email.nix b/modules/profiles/email.nix new file mode 100644 index 0000000..b2ef02f --- /dev/null +++ b/modules/profiles/email.nix @@ -0,0 +1,125 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.email; +in +{ + options.nixfiles.modules.profiles.email.enable = mkEnableOption "Local Email management" // { + default = this.isHeadful; + }; + + config = mkIf cfg.enable { + nixfiles.modules.gnupg.enable = true; + + hm = { + accounts.email = { + maildirBasePath = "${config.my.home}/doc/mail"; + + accounts = + let + mkAccount = + attrs: + mkMerge [ + { + mbsync = { + enable = true; + create = "both"; + expunge = "both"; + patterns = [ "*" ]; + }; + msmtp.enable = true; + mu.enable = true; + thunderbird = { + enable = true; + settings = id: { + "mail.identity.id_${id}.compose_html" = false; + "mail.identity.id_${id}.reply_on_top" = 0; + }; + }; + } + attrs + ]; + + getPassword = + { + path, + line ? 0, + }: + assert (builtins.isInt line); + concatStringsSep " " ( + [ + (getExe config.hm.programs.password-store.package) + "show" + path + ] + ++ optionals (line > 0) [ + "|" + (getExe pkgs.gnused) + "-e" + "'${toString line}!d'" + ] + ); + in + { + shire = mkAccount rec { + address = my.email; + aliases = [ + address + "frodo@rohan.net" + "azahi@shire.net" + ]; + realName = my.fullname; + gpg = { + inherit (my.pgp) key; + signByDefault = false; + encryptByDefault = false; + }; + + primary = true; + + imap = { + host = "shire.net"; + port = 993; + tls.enable = true; + }; + smtp = { + host = "shire.net"; + port = 465; + tls.enable = true; + }; + userName = "azahi@shire.net"; + passwordCommand = getPassword { path = "email/shire.net/azahi"; }; + }; + + yahoo = mkAccount rec { + address = "admin@yahoo.com"; + aliases = [ + address + "admin@yahoo.com" + ]; + realName = "Firstname Lastname"; + + flavor = "yahoo.com"; + userName = "admin@yahoo.com"; + passwordCommand = getPassword { + path = "email/yahoo.com/admin"; + line = 2; + }; + }; + }; + }; + + programs = { + mbsync.enable = true; + msmtp.enable = true; + mu.enable = true; + }; + }; + }; +} diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix new file mode 100644 index 0000000..20363bc --- /dev/null +++ b/modules/profiles/headful.nix @@ -0,0 +1,124 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.headful; +in +{ + options.nixfiles.modules.profiles.headful.enable = mkEnableOption "headful profile" // { + default = this.isHeadful; + }; + + config = mkIf cfg.enable { + nixfiles.modules = { + profiles.dev.enable = true; + + alacritty.enable = mkDefault true; + aria2.enable = true; + chromium.enable = true; + dwm.enable = mkDefault false; + emacs.enable = true; + firefox.enable = true; + foot.enable = mkDefault true; + kde.enable = mkDefault true; + mpv.enable = true; + nullmailer.enable = true; + openssh.client.enable = true; + password-store.enable = true; + sound.enable = true; + thunderbird.enable = true; + vscode.enable = true; + wayland.enable = mkDefault true; + x11.enable = mkDefault true; + xmonad.enable = mkDefault false; + zathura.enable = true; + }; + + hm = { + home = { + file.".digrc".text = '' + +answer + +multiline + +recurse + ''; + + packages = with pkgs; [ + calibre + element-desktop + fd + imv + libreoffice-fresh + mumble + ripgrep + sd + telegram-desktop + tldr + tor-browser-bundle-bin + ]; + }; + + programs.bash.shellAliases.open = "xdg-open"; + }; + + boot = { + kernelPackages = mkDefault pkgs.linuxPackages_latest; + + kernelParams = [ + # https://wiki.archlinux.org/title/improving_performance#Watchdogs + "nowatchdog" + "kernel.nmi_watchdog=0" + # A security risk I'm willing to take for a reason[1]. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + "mitigations=off" + ]; + + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + }; + }; + + hardware.opengl = { + enable = true; + driSupport = true; + }; + + programs = { + dconf.enable = true; + iftop.enable = true; + mtr.enable = true; + }; + + services = { + upower.enable = true; + psd.enable = true; + }; + + environment.systemPackages = with pkgs; [ + arping + dnsutils + inetutils + ldns + lm_sensors + socat + tcpdump + ]; + + my.extraGroups = [ + "audio" + "input" + "render" + "video" + ]; + }; +} diff --git a/modules/profiles/headless.nix b/modules/profiles/headless.nix new file mode 100644 index 0000000..7733f3e --- /dev/null +++ b/modules/profiles/headless.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.profiles.headless; +in +{ + options.nixfiles.modules.profiles.headless.enable = mkEnableOption "headless profile" // { + default = this.isHeadless; + }; + + config = mkIf cfg.enable { + nixfiles.modules = { + openssh.server.enable = true; + endlessh-go.enable = true; + + fail2ban.enable = true; + + node-exporter.enable = true; + promtail.enable = false; # FIXME High RAM usage. + }; + + hm.home.file = { + ".hushlogin".text = ""; + ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; + }; + + # Pin version to prevent any surprises. Try keeping this up-to-date[1] with + # the latest LTS release + hardened patches (just in case). + # + # [1]: https://kernel.org + boot.kernelPackages = pkgs.linuxPackages_6_6_hardened; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + optimise = { + automatic = true; + dates = [ "daily" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + alacritty.terminfo + foot.terminfo + ]; + + services.udisks2.enable = false; + + xdg.sounds.enable = false; + }; +} -- cgit v1.2.3