muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2026-03-08 03:25:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of codeberg.org:muon/home

Browse source
This commit is contained in:
muon 2026-01-23 13:45:30 +00:00
commit 9b6d4728fc
17 changed files with 856 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.sops.yaml
View file

@ -3,6 +3,7 @@ keys:
- &muho age1v4s4hg7u3vjjkarvrk7v6ev7w3wja2r5xm7f4t06culw3fuq7qns8sfju7
- &mups age1n7qz2w3hkf7fcdv92kxw9k6uef487na2tlc87486rcjwj8lyfuws5q46gn
- &murk age1mgjhkqy9x27gv2t2xvq46dxcajkr9c8zes7rr3dj0ac7md2j6vas43dftp
- &musk age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
creation_rules:
- path_regex: modules/nixos/sops/secrets.ya?ml$
@ -12,6 +13,7 @@ creation_rules:
- *muho
- *mups
- *murk
- *musk
- path_regex: modules/home/sops/secrets.ya?ml$
key_groups:
@ -20,3 +22,4 @@ creation_rules:
- *muho
- *mups
- *murk
- *musk

54
flake.lock generated
View file

@ -233,11 +233,11 @@
]
},
"locked": {
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"lastModified": 1768912518,
"narHash": "sha256-FJlof1jnbLIT5RbKxef/NV6RzcOj1GoMzXE4FcBFg5Y=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"rev": "9c5f8aceb6ef620e881f50fe65cb4a2c6b1e8527",
"type": "github"
},
"original": {
@ -254,11 +254,11 @@
]
},
"locked": {
"lastModified": 1747978958,
"narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=",
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7419250703fd5eb50e99bdfb07a86671939103ea",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github"
},
"original": {
@ -275,11 +275,11 @@
]
},
"locked": {
"lastModified": 1767104570,
"narHash": "sha256-GKgwu5//R+cLdKysZjGqvUEEOGXXLdt93sNXeb2M/Lk=",
"lastModified": 1768434960,
"narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e4e78a2cbeaddd07ab7238971b16468cc1d14daf",
"rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
"type": "github"
},
"original": {
@ -294,11 +294,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1767822991,
"narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=",
"lastModified": 1768835187,
"narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5",
"rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395",
"type": "github"
},
"original": {
@ -350,11 +350,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1768475717,
"narHash": "sha256-185VOlWF4K9gzwr7M56ArjqDt6beN/5TxCYLEyVPOcs=",
"lastModified": 1768904356,
"narHash": "sha256-TIG8J+Or8nOydy8TztvtIshnprlf1q6XDIJnopLtMlA=",
"owner": "thiagokokada",
"repo": "nix-alien",
"rev": "a579610c67dc946f39c2a64656699eb29eb2ffb5",
"rev": "d95b25a4dd6da2a1dfeaaf66163d0a281a8270e9",
"type": "github"
},
"original": {
@ -422,11 +422,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1748026106,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=",
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "063f43f2dbdef86376cc29ad646c45c46e93234c",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
@ -573,11 +573,11 @@
]
},
"locked": {
"lastModified": 1768481291,
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"type": "github"
},
"original": {
@ -626,11 +626,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1768603455,
"narHash": "sha256-ih6dYNhX1oSg0emfSAvf3iRcgsJtMmS6RUaoCX8kNoU=",
"lastModified": 1768744881,
"narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=",
"owner": "danth",
"repo": "stylix",
"rev": "590e5c68c4d5e8c766420473c0185d75113f653b",
"rev": "06684f00cfbee14da96fd4307b966884de272d3a",
"type": "github"
},
"original": {
@ -794,11 +794,11 @@
]
},
"locked": {
"lastModified": 1768638486,
"narHash": "sha256-+LC0wOiliUXbIj6zT2hCoOQ0zn33BD2NxGoy0QqP3Eo=",
"lastModified": 1768857659,
"narHash": "sha256-93pj/A2s26CUZwvCpN0CL6a1NhLpYVzidzc/Vk2GKCI=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "76bbc35c59419b8b0616fb779ce5600e85edab11",
"rev": "3a42efe341d068f13ffb961ed832474128b844f3",
"type": "github"
},
"original": {

3
flake.nix
View file

@ -67,6 +67,9 @@
# work
murk = utils.mkHost ./hosts/murk/configuration.nix;
# work desktop
musk = utils.mkHost ./hosts/musk/configuration.nix;
# lenovo
muvo = utils.mkHost ./hosts/muvo/configuration.nix;

2
hosts/murk/home.nix
View file

@ -19,10 +19,12 @@ in {
mods.terminal.emulator.enable = true;
mods.terminal.development.enable = true;
mods.terminal.tools.enable = true;
mods.terminal.hr.enable = true;
mods.desktop.development.enable = true;
mods.desktop.productivity.enable = false;
mods.zen.enable = true;
mods.obsidian.enable = true;
mods.theme.slideshow = true;
home.packages = with pkgs;
[

117
hosts/musk/configuration.nix Normal file
View file

@ -0,0 +1,117 @@
{
config,
lib,
pkgs,
inputs,
system,
sources,
modulesPath,
...
}: let
cfg = config.mods;
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEio+Y5wBVD1wILaH2R3wV10FvVjiqy/4gGBWHOITTB muon@muon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKevYmkH7xvYoquBjnYZ7PJiVqf+GOh9fxAJBN6wZGBB gin4@hi.is"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmAOd9VbhyJeibt6Vrb101MNTk5W8+rh94Djv/C+pyu muon@muho"
];
in {
# Hardware
imports = [
./hardware-configuration.nix
"${
builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.12.0.tar.gz";
sha256 = "0wbx518d2x54yn4xh98cgm65wvj0gpy6nia6ra7ns4j63hx14fkq";
}
}/module.nix"
./disk-config.nix
# (inputs.nixpkgs
# + "/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix")
];
environment.systemPackages = with inputs.nix-alien.packages.${system}; [
nix-alien
pkgs.libratbag
pkgs.piper
pkgs.libpq
pkgs.qmk
pkgs.jq
pkgs.wireguard-tools
pkgs.opencode
];
boot.binfmt = {
emulatedSystems = ["aarch64-linux"];
preferStaticEmulators = true; # Make it work with Docker
};
# System
mods.user.name = "muon";
networking.hostName = "musk";
networking.hostId = "a2309091";
mods.home.file = ./home.nix;
nix.settings.trusted-users = ["root" "muon"];
users.users.muon.extraGroups = ["docker"];
# Modules
mods.desktop.enable = true;
mods.boot.enable = true;
mods.theme.enable = true;
mods.theme.scheme = "woodland";
mods.theme.wallpaper = ./wallpaper.png;
services.xserver.windowManager.i3.enable = true;
# mods.desktop.wayland.enable = true;
mods.impermanence.enable = true;
virtualisation.docker.enable = true;
users.users.muon.openssh.authorizedKeys.keys = keys;
users.users.root.openssh.authorizedKeys.keys = keys;
# Persist
environment.persistence."/persist" = {
directories = ["/etc/NetworkManager" "/var/lib/NetworkManager"];
};
# Hardware preferences
environment.variables = {
WINIT_HIDPI_FACTOR = "1";
WINIT_X11_SCALE_FACTOR = "1";
};
## Monitors
mods.monitors = {
primary = {
name = "DP-1";
config = {
enable = true;
mode = "2560x1440";
position = "0x0";
rate = "60.00";
dpi = 72;
};
};
right = {
name = "HDMI-1";
config = {
enable = true;
mode = "2560x1440";
position = "2560x0";
rate = "60.00";
dpi = 72;
};
};
};
## Mouse
services.libinput.mouse.accelProfile = "flat";
## Keyboard
hardware.keyboard.qmk.enable = true;
# Version of first install
system.stateVersion = "23.05";
}

72
hosts/musk/disk-config.nix Normal file
View file

@ -0,0 +1,72 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
# settings = {
# allowDiscards = true;
# keyFile = "/tmp/secret.key";
# };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/log" = {
mountpoint = "/var/log";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/swap";
swap.swapfile.size = "4G";
};
};
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = true;
fileSystems."/var/log".neededForBoot = true;
}

18
hosts/musk/hardware-configuration.nix Normal file
View file

@ -0,0 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

83
hosts/musk/home.nix Normal file
View file

@ -0,0 +1,83 @@
{
pkgs,
lib,
config,
osConfig,
inputs,
...
}: let
cfg = osConfig.mods;
in {
# Modules
mods.xdg.enable = true;
mods.i3.enable = true;
# mods.hyprland.enable = true;
mods.terminal.zsh.enable = true;
mods.terminal.emulator.enable = true;
mods.terminal.development.enable = true;
mods.terminal.tools.enable = true;
mods.terminal.hr.enable = true;
mods.desktop.development.enable = true;
mods.desktop.productivity.enable = false;
mods.zen.enable = true;
home.packages = with pkgs;
[
thunderbird
pulseaudio
pavucontrol
alsa-utils
rustdesk-flutter
# tools
docker
fish
devenv
dbeaver-bin
ruff
just
go
rainfrog
tealdeer
gh
(callPackage ./packages/mender-cli.nix {})
]
# Non-free </3
++ [google-cloud-sdk google-cloud-sql-proxy];
# Hardware preferences
## Monitors
xsession.windowManager.i3.config.workspaceOutputAssign = [
{
workspace = "1";
output = "${cfg.monitors.primary.name}";
}
{
workspace = "2";
output = "${cfg.monitors.right.name}";
}
];
services.autorandr.enable = true;
programs.autorandr = {
enable = true;
hooks.postswitch = {
"notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
"set-wallpaper" = ''
${lib.getExe pkgs.feh} --bg-fill --nofehbg ${./wallpaper.png}
'';
};
profiles.default = {
fingerprint = {
"${cfg.monitors.right.name}" = "00ffffffffffff0030aef465010101011e1e0103803c22782a31d5a65453a0240a5054bfcf00d1c0d100b300a9c09500818081c08100e973006aa0a034504220680055502100001a565e00a0a0a029503020350055502100001a000000fd00304b0f6e1e000a202020202020000000fc00513237712d31300a202020202001ff020329f04b10050403021f1413121101230907078301000067030c001000183c681a00000101304b00023a801871382d40582c450055502100001e662156aa51001e30468f330055502100001eab22a0a050841a303020360055502100001a7c2e90a0601a1e403020360055502100001a000000000000000000000000000026";
"${cfg.monitors.primary.name}" = "00ffffffffffff0005e30427b11a0000321f0104a53c22783be445a554529e260d5054bfef00d1c0b30095008180814081c001010101565e00a0a0a029503020350055502100001e000000ff005141424d434841303036383333000000fc00513237563447350a2020202020000000fd00304b72721e010a2020202020200163020318f14b0103051404131f120211902309070783010000a073006aa0a029500820350055502100001a2a4480a0703827403020350055502100001a023a801871382d40582c450055502100001ef03c00d051a0355060883a0055502100001c000000000000000000000000000000000000000000000000000000000000005f";
};
config = {
"${cfg.monitors.primary.name}" = cfg.monitors.primary.config;
"${cfg.monitors.right.name}" = cfg.monitors.right.config;
};
};
};
# Version of first install
home.stateVersion = "23.05";
}

54
hosts/musk/packages/mender-cli.nix Normal file
View file

@ -0,0 +1,54 @@
{
lib,
stdenv,
buildGoModule,
fetchFromGitHub,
makeWrapper,
installShellFiles,
xz,
go,
}:
buildGoModule rec {
pname = "mender-cli";
version = "1.12.0";
src = fetchFromGitHub {
owner = "mendersoftware";
repo = "mender-cli";
rev = version;
sha256 = "sha256-Pf87wTHXcFlnYsgx7ieiIJ9PWJFPUkFJYTkKJKmMFEQ=";
};
vendorHash = "sha256-MqyBa+wsbuXqtM4DL/QGBUWuEYlG8BRxIXq7O1LJUyM=";
nativeBuildInputs = [
makeWrapper
installShellFiles
];
buildInputs = [
xz
];
allowGoReference = true;
postFixup = ''
wrapProgram "$out/bin/mender-cli" \
--prefix PATH : ${go}/bin
'';
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
installShellCompletion --cmd mender-cli \
--bash <($out/bin/mender-cli completion bash) \
--fish <($out/bin/mender-cli completion fish) \
--zsh <($out/bin/mender-cli completion zsh) \
'';
meta = {
description = "Mender CLI tool to simplify integration between the Mender server and cloud services like continuous integration (CI)/build automation";
mainProgram = "mender-cli";
homepage = "https://github.com/mendersoftware/mender-cli/";
changelog = "https://github.com/mendersoftware/mender-cli/releases/tag/${version}";
license = lib.licenses.asl20;
};
}

BIN
hosts/musk/wallpaper.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 19 MiB

9
modules/home/desktop/zen.nix
View file

@ -125,15 +125,6 @@ with lib; {
};
pinsForce = true;
pins = {
"GitHub" = {
id = "48e8a119-5a14-4826-9545-91c8e8dd3bf6";
workspace = spaces."Work".id;
url = "https://github.com";
position = 101;
isEssential = false;
};
};
containersForce = true;
containers = {

2
modules/home/sops/default.nix
View file

@ -17,5 +17,7 @@ in
secrets.atuin-auth = {};
secrets.hr-password = {};
secrets.sops-key = {};
secrets.google-db-test = {};
secrets.google-db-prod = {};
};
}

8
modules/home/sops/secrets.yaml
View file

@ -2,6 +2,8 @@ zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2s
atuin-auth: ENC[AES256_GCM,data:LDkiXWIwxor8Ro383gonJCyqu+nyxS7DrI2J8uo4Cqu2X61rBUlnpNR6YirUZS/lYAnWYJhZM7sR0G7ZNh9EgQ==,iv:UEs2KW8ImMnaQrSLrIGbVXEq86QiVPAPNIXBZpa3jFI=,tag:N0rhnPbasFzkoI3CJ9CV+Q==,type:str]
hr-password: ENC[AES256_GCM,data:QZuzAnTJ2KgPnffHvdCWrJEM5d/FXxhX3dA1,iv:FgDw6aXDY0jCpJiYc9WOobR96TXNtnvN7neJu8drxMM=,tag:YT82wryVy3V+41w0YbMOrA==,type:str]
sops-key: ENC[AES256_GCM,data:msX0EJqJauteOBICUsLcVgqNxqGcqvD+Xi/B2EhUX2OAoyBH5oDae8XWlQCi2RdOm4NtnrSTnG8FRQXfkXO+tne0VEfYTCjeVtU=,iv:qxpvofr56Ey17xcPpju/mQgiz+0cOYED5caAHs3myXw=,tag:oDFXh0rlc0tmV2IUJ1ezBQ==,type:str]
google-db-test: ENC[AES256_GCM,data:ZMm/BF/k+XnZZkHMDSV/fk3ds0LAOHAmag==,iv:tmfJ7ju5yAO6Oco3jXYNyqzJr7cgshyd/SkjfYnEl6U=,tag:jMD2N6TsgbRwefhJ/XYhtg==,type:str]
google-db-prod: ENC[AES256_GCM,data:fIPL9XKk9sAmpVsQBubSVbh3DlEEKadG9g==,iv:R34zkCIUDlk5/wg8eU8RZIanGayL+nX+7ZhyVmbcQC0=,tag:lu24b28742O46fjUaw2UBA==,type:str]
sops:
age:
- recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
@ -40,7 +42,7 @@ sops:
a0V1N2VjUDE4Z3R5MGxMQVNmOVp0bVUK9cppJW33tKFOSvbIn/2Dga8k7/McaTpK
m7M+83guMzNoOlpJ/WYU1BaePcM974AgjVR0WD/v+xGBvGKubKHqtw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-04T07:58:56Z"
mac: ENC[AES256_GCM,data:aJw3KK4GMj5/Q06v1C5rdSerdO21cNxpTIJYoxmfhBKudzD7lSL6l+d47kWoB0U4J5jtbs9obWz2MH3CvyPBapjJaSFnYEXk1JuGihf8GK3QrqLAt+dmF2ZD1FBLpQELripueneyHkzT32180hpXGnppNlgOuATlIMSPosvlpVI=,iv:SpGAyTqqbpuxcLkMq7VnLQUoR6oW0ERgnyPaqVHpaN8=,tag:OSNGT8/5E+PRhoR8dIyaSA==,type:str]
lastmodified: "2026-01-21T14:37:21Z"
mac: ENC[AES256_GCM,data:bxr3U1Ig0qjuOcxHeOlOrXO0xtZs0vKTuXn8GE1dJGCFDjVgakbIwiW6+2WNYUbIpipCAwdecgb0jBngwt3zKGS4PMzapUXxl7RoCr5DWCh6kSD4CCUH4v8guuy0k8SMQXDO3CdbUd/5/asIPfxlvEESCQL54X2OJlt5xpE7PsU=,iv:m/lrHHFYXFKCVEOK462II8bcFvw7k4rKEuMOHHmzT/8=,tag:jgEQso2bAShLJERsOHhrKw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

1
modules/home/terminal/default.nix
View file

@ -9,6 +9,7 @@
./development.nix
./tools.nix
./yazi.nix
./hr
./helix
./nvim
./zellij

58
modules/home/terminal/hr/default.nix Normal file
View file

@ -0,0 +1,58 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.mods.terminal;
test-port = "5436";
prod-port = "5437";
in {
options.mods.terminal.hr.enable = lib.mkEnableOption "Hefring (Work Tooling)";
config = lib.mkIf cfg.hr.enable {
programs.starship.settings.custom.project_id = {
command = "if echo \"$PROJECT_ID\" | grep -q \"prod\"; then printf \"\\033[1;33m \\033[1;34m$PROJECT_ID\\033[0m\"; else printf \"\\033[1;34m$PROJECT_ID\\033[0m\"; fi";
when = "test -n \"$PROJECT_ID\"";
format = "on $output ";
};
programs.zsh.initExtra =
''
export MK2_TEST_SQL_INSTANCE_USER=gijs
export MK2_TEST_SQL_INSTANCE_PASSWORD="$(cat ${config.sops.secrets.google-db-test.path})"
export MK2_TEST_SQL_INSTANCE_PORT=${test-port}
export MK2_TEST_SQL_INSTANCE_HOST=localhost
export MK2_PROD_SQL_INSTANCE_USER=gijs
export MK2_PROD_SQL_INSTANCE_PASSWORD="$(cat ${config.sops.secrets.google-db-prod.path})"
export MK2_PROD_SQL_INSTANCE_HOST=localhost
export MK2_PROD_SQL_INSTANCE_PORT=${prod-port}
''
+ builtins.readFile ./hr.sh;
systemd.user.services = let
proxy-service = name: port: {
"google-db-proxy-${name}" = {
Unit = {
Description = "Google Cloud SQL Proxy (${name})";
After = ["network.target"];
};
Service = {
Type = "simple";
Environment = [
"GOOGLE_APPLICATION_CREDENTIALS=${config.home.homeDirectory}/.config/gcloud/application_default_credentials.json"
];
ExecStart = "${pkgs.google-cloud-sql-proxy}/bin/cloud-sql-proxy mk2-${name}:europe-west1:mk2-${name}-sql-instance -p ${port}";
Restart = "always";
};
Install = {
WantedBy = ["default.target"];
};
};
};
in
proxy-service "test" test-port
// proxy-service "prod" prod-port;
};
}

394
modules/home/terminal/hr/hr.sh Normal file
View file

@ -0,0 +1,394 @@
# Set default PROJECT_ID if not already set
if [[ -z "$PROJECT_ID" ]]; then
export PROJECT_ID="mk2-test"
fi
_hr_usage() {
echo "Usage: hr <command>"
echo "Commands:"
echo " switch Switch PROJECT_ID between mk2-test and mk2-prod"
echo " call Call a Cloud Run service route"
echo " cf Call a Cloud Function"
echo " init py Initialize a python devenv environment (git-ignored)"
echo " freeze Freeze dependencies to requirements.txt"
}
_hr_init_devenv() {
if [ -f .gitignore ]; then
cp .gitignore .gitignore.bak
fi
if command -v devenv >/dev/null; then
devenv init
echo "Direnv allowed"
else
echo "Error: devenv not found in path."
return 1
fi
if [ -f .gitignore.bak ]; then
mv .gitignore.bak .gitignore
elif [ -f .gitignore ]; then
rm .gitignore
fi
}
_hr_add_ignores() {
if git rev-parse --git-dir >/dev/null 2>&1; then
EXCLUDE_FILE=$(git rev-parse --git-path info/exclude)
mkdir -p "$(dirname "$EXCLUDE_FILE")"
for file in "$@"; do
if ! grep -Fxq "$file" "$EXCLUDE_FILE" 2>/dev/null; then
echo "$file" >>"$EXCLUDE_FILE"
echo "Added $file to local git exclude ($EXCLUDE_FILE)"
fi
done
else
echo "Warning: Not a git repository. Skipping git ignore setup."
fi
}
_hr_py_files() {
cat <<EOF >devenv.nix
{pkgs, ...}: {
packages = [ pkgs.google-cloud-sdk ];
languages.python = {
enable = true;
venv.enable = true;
uv = {
enable = true;
sync.enable = false;
};
};
# We use the named index "google" defined in uv.toml
env.UV_INDEX_GOOGLE_USERNAME = "oauth2accesstoken";
env.PROJECT_ID = "mk2-test";
enterShell = ''
if ! gcloud auth print-access-token >/dev/null 2>&1; then
echo "⚠️ gcloud not authenticated. Run 'gcloud auth login' to access Google Artifact Registry."
else
export UV_INDEX_GOOGLE_PASSWORD=\$(gcloud auth print-access-token)
fi
uv sync
'';
}
EOF
cat <<EOF >uv.toml
[[index]]
name = "google"
url = "https://europe-west1-python.pkg.dev/mk2-prod/python-packages/simple/"
EOF
}
_hr_rs_files() {
cat <<EOF >devenv.nix
{pkgs, ...}: {
languages.rust = {
enable = true;
channel = "stable";
};
}
EOF
cat <<EOF >devenv.yaml
inputs:
rust-overlay:
url: github:oxalica/rust-overlay
inputs:
nixpkgs:
follows: nixpkgs
EOF
}
_hr_cpp_files() {
cat <<EOF >devenv.nix
{ pkgs, ... }:
let
# Use glibc-compatible static openssl to match system libs
staticOpenSSL = pkgs.openssl.override { static = true; };
# Shim to satisfy CMake looking for "ssl.a"
compatOpenSSL = pkgs.runCommand "openssl-compat" {} ''
mkdir -p \$out/lib
ln -s \${staticOpenSSL.out}/lib/libssl.a \$out/lib/ssl.a
ln -s \${staticOpenSSL.out}/lib/libcrypto.a \$out/lib/crypto.a
'';
in {
packages = [
pkgs.cmake
pkgs.clang-tools
pkgs.pkg-config
pkgs.mosquitto
staticOpenSSL
compatOpenSSL
];
# Explicitly add lib paths so linker finds -lssl AND ssl.a
env.LIBRARY_PATH = "\${staticOpenSSL.out}/lib:\${compatOpenSSL}/lib";
env.CPATH = "\${staticOpenSSL.dev}/include";
languages.cplusplus.enable = true;
}
EOF
}
_hr_init_base() {
local name="$1"
local func="$2"
shift 2
local ignores=("$@")
echo "Initializing $name devenv..."
# 1. Init devenv
_hr_init_devenv
# 2. Replace devenv.nix
"$func"
# 3. Add to local git exclude
IGNORES=(
".devenv*"
".direnv"
"devenv.nix"
"devenv.yaml"
"devenv.lock"
".envrc"
"${ignores[@]}"
)
_hr_add_ignores "${IGNORES[@]}"
direnv allow
}
_hr_init_py() {
IGNORES=(
"uv.lock"
"uv.toml"
)
_hr_init_base "Python" _hr_py_files "${IGNORES[@]}"
}
_hr_init_rs() {
_hr_init_base "Rust" _hr_rs_files
}
_hr_init_cpp() {
_hr_init_base "C++" _hr_cpp_files
mkdir -p build &&
cd build &&
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_BUILD_TYPE=Release .. &&
make -j$(nproc) &&
cp compile_commands.json ..
}
_hr_freeze() {
local extra_index_url="https://europe-west1-python.pkg.dev/mk2-prod/python-packages/simple/"
# Install the auth plugin and keyring CLI
uv pip install keyrings.google-artifactregistry-auth==1.1.2 keyring
# Install project dependencies using the subprocess keyring provider
uv pip install --no-cache -e ".[test]" --extra-index-url "${extra_index_url}" --keyring-provider subprocess
# Generate requirements.txt
echo "--extra-index-url ${extra_index_url}" >requirements.txt
uv pip freeze --exclude-editable >>requirements.txt
}
_hr_add_json_field() {
local json="$1"
local key="$2"
local value="$3"
local jq_opt="--arg"
# Check if explicit boolean
if [[ "$value" == "true" || "$value" == "false" ]]; then
jq_opt="--argjson"
# Check if number (integer or float, no leading zeros unless just 0)
elif [[ "$value" =~ ^-?(0|[1-9][0-9]*)(\.[0-9]+)?$ ]]; then
jq_opt="--argjson"
# Check if object or array
elif [[ "$value" == "["* || "$value" == "{"* ]]; then
if echo "$value" | jq empty >/dev/null 2>&1; then
jq_opt="--argjson"
else
# Warn to stderr, but proceed as string
echo "Warning: Value for '$key' looks like JSON but is invalid. Treating as string." >&2
fi
fi
# Apply the value at the path defined by the key (dot-notation supported)
# paths like items.0.id are converted to ["items", 0, "id"]
echo "$json" | jq --arg k "$key" $jq_opt v "$value" \
'setpath($k | split(".") | map(if test("^[0-9]+$") then tonumber else . end); $v)'
}
_hr_call() {
local route_arg="$1"
shift
if [[ -z "$route_arg" ]]; then
echo "Usage: hr call <route-name>[/path] <options>"
return 1
fi
local service_name
local url_path
if [[ "$route_arg" == */* ]]; then
service_name="${route_arg%%/*}"
url_path="/${route_arg#*/}"
else
service_name="$route_arg"
url_path=""
fi
local project_number
if [[ "$PROJECT_ID" == "mk2-prod" ]]; then
project_number="1013087376822"
else
project_number="322048751601"
fi
if ! command -v jq >/dev/null; then
echo "Error: jq is required but not installed."
return 1
fi
local json_payload="{}"
while [[ $# -gt 0 ]]; do
if [[ "$1" == -* ]]; then
local key="${1#-}"
if [[ -z "$2" || "$2" == -* ]]; then
echo "Error: Missing value for option $key"
return 1
fi
local value="$2"
json_payload=$(_hr_add_json_field "$json_payload" "$key" "$value")
shift 2
else
echo "Error: Unexpected argument '$1'"
return 1
fi
done
local url="https://${service_name}-${project_number}.europe-west1.run.app${url_path}"
echo "Calling $url..."
echo "$json_payload"
curl "$url" \
-H "Authorization: bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: application/json" \
-d "$json_payload"
}
_hr_cf() {
local function_name="$1"
shift
if [[ -z "$function_name" ]]; then
echo "Usage: hr cf <function-name> <options>"
return 1
fi
if ! command -v jq >/dev/null; then
echo "Error: jq is required but not installed."
return 1
fi
local json_payload="{}"
while [[ $# -gt 0 ]]; do
if [[ "$1" == -* ]]; then
local key="${1#-}"
if [[ -z "$2" || "$2" == -* ]]; then
echo "Error: Missing value for option $key"
return 1
fi
local value="$2"
json_payload=$(_hr_add_json_field "$json_payload" "$key" "$value")
shift 2
else
echo "Error: Unexpected argument '$1'"
return 1
fi
done
local url="https://europe-west1-${PROJECT_ID}.cloudfunctions.net/${function_name}"
echo "Calling $url..."
echo "$json_payload"
curl "$url" \
-H "Authorization: bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: application/json" \
-d "$json_payload"
}
hr() {
if [[ $# -eq 0 ]]; then
_hr_usage
return 1
fi
local command="$1"
shift
if [[ "$command" == "switch" ]]; then
if [[ -z "$1" ]]; then
# Toggle between test and prod
if [[ "$PROJECT_ID" == "mk2-test" ]]; then
export PROJECT_ID="mk2-prod"
echo "Switched PROJECT_ID to mk2-prod"
else
export PROJECT_ID="mk2-test"
echo "Switched PROJECT_ID to mk2-test"
fi
elif [[ "$1" == "test" ]]; then
export PROJECT_ID="mk2-test"
echo "Set PROJECT_ID to mk2-test"
elif [[ "$1" == "prod" ]]; then
export PROJECT_ID="mk2-prod"
echo "Set PROJECT_ID to mk2-prod"
else
echo "Usage: hr switch [test|prod]"
return 1
fi
return 0
fi
# Run original logic in a subshell to preserve set -e behavior without affecting current shell
(
set -e
# Restore arguments for processing
set -- "$command" "$@"
if [ "$1" = "init" ] && [ "$2" = "py" ]; then
_hr_init_py
elif [ "$1" = "init" ] && [ "$2" = "rs" ]; then
_hr_init_rs
elif [ "$1" = "init" ] && [ "$2" = "cpp" ]; then
_hr_init_cpp
elif [ "$1" = "freeze" ]; then
_hr_freeze
elif [ "$1" = "call" ]; then
shift
_hr_call "$@"
elif [ "$1" = "cf" ]; then
shift
_hr_cf "$@"
else
_hr_usage
exit 1
fi
)
}

18
modules/home/terminal/nvim/default.nix
View file

@ -1,9 +1,22 @@
{
pkgs,
lib,
config,
inputs,
...
}: {
}: let
d2-vim = pkgs.vimUtils.buildVimPlugin {
pname = "d2-vim";
version = "0.1.0";
src = pkgs.fetchFromGitHub {
owner = "terrastruct";
repo = "d2-vim";
rev = "cb3eb7fcb1a2d45c4304bf2e91077d787b724a39";
hash = "sha256-HmDQfOIoSV93wqRe7O4FPuHEmAxwoP1+Ut+sKhB62jA=";
fetchSubmodules = true;
};
};
in {
options.mods.nvim.enable =
lib.mkEnableOption "enables nvim";
@ -13,6 +26,7 @@
];
config = lib.mkIf config.mods.nvim.enable {
home.packages = [pkgs.d2];
programs.nvf = {
enable = true;
settings = {
@ -70,6 +84,8 @@
};
};
startPlugins = [d2-vim];
treesitter = {
enable = true;
context.enable = true;