Simon Gardling
d00ff42e8e
new site-config.nix holds values previously duplicated across hosts:
domain, old_domain, contact_email, timezone, binary_cache (url + pubkey),
dns_servers, lan (cidr + gateway), hosts.{muffin,yarn} (ip/alias/ssh_host_key),
ssh_keys.{laptop,desktop,ci_deploy}.
threaded through specialArgs on all three hosts + home-manager extraSpecialArgs +
homeConfigurations.primary + serverLib. service-configs.nix now takes
{ site_config } as a function arg and drops its https namespace; per-service
domains (gitea/matrix/ntfy/mollysocket/livekit/firefox-sync/grafana) are
derived from site_config.domain. ~15 service files and 6 vm tests migrated.
breakage fixes rolled in:
- home/progs/zen/dark-reader.nix: 5 stale *.gardling.com entries in
disabledFor rewritten to *.sigkill.computer (caddy 301s the old names so
these never fired and the new sigkill urls were getting dark-reader applied)
- modules/desktop-common.nix: drop unused hugepagesz=1G/hugepages=3
kernelParams (no consumer on mreow or yarn; xmrig on muffin still reserves
its own via services/monero/xmrig.nix)
verification: muffin toplevel is bit-identical to pre-refactor baseline.
mreow/yarn toplevels differ only in boot.json kernelParams + darkreader
storage.js (nix-diff verified). deployGuardTest and fail2banVaultwardenTest
(latter exercises site_config.domain via bitwarden.nix) pass.
104 lines
2.2 KiB
Nix
104 lines
2.2 KiB
Nix
# Shared terminal-tools profile.
|
|
#
|
|
# The set of CLI tooling I want available on every machine I use:
|
|
# - mreow + yarn pick this up via home/profiles/no-gui.nix
|
|
# - muffin picks this up via hosts/muffin/home.nix
|
|
# - any non-NixOS machine picks it up via the homeConfigurations output in flake.nix
|
|
#
|
|
# Scope is intentionally narrow: the daily-driver shell (fish + helix + modern
|
|
# CLI replacements + git). No language toolchains, no hardware-specific admin
|
|
# tools, no GUI-adjacent utilities — those belong in profiles layered on top.
|
|
{
|
|
lib,
|
|
site_config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
../progs/fish.nix
|
|
../progs/helix.nix
|
|
];
|
|
|
|
home.packages = with pkgs; [
|
|
# modern CLI replacements for POSIX basics
|
|
eza # ls
|
|
bat # cat
|
|
delta # diff viewer (also wired into git below)
|
|
dust # du
|
|
duf # df
|
|
gping # ping, with a graph
|
|
ripgrep # grep, respects .gitignore
|
|
fd # find
|
|
tldr # man, simpler
|
|
|
|
# system / process tools
|
|
htop
|
|
bottom
|
|
lsof
|
|
file
|
|
killall
|
|
unzip
|
|
tmux
|
|
wget
|
|
|
|
# network
|
|
dig
|
|
mtr
|
|
|
|
# text / data
|
|
jq
|
|
hexyl
|
|
tinyxxd
|
|
b3sum
|
|
typos
|
|
|
|
# media (handy from a shell, lightweight enough to be universal)
|
|
imagemagick
|
|
|
|
# universal dev-adjacent
|
|
git-crypt
|
|
hyperfine
|
|
|
|
# nix
|
|
nixfmt-tree
|
|
|
|
# shell greeter (invoked from fish's interactiveShellInit)
|
|
pfetch-rs
|
|
];
|
|
|
|
# Git: mechanical config + identity lives here so `git` works out of the box
|
|
# on every machine. Signing is opt-in via lib.mkDefault so machines without
|
|
# my GPG key can override `signing.signByDefault = false` without fighting
|
|
# priority.
|
|
programs.git = {
|
|
enable = true;
|
|
package = pkgs.git;
|
|
|
|
lfs.enable = true;
|
|
|
|
ignores = [ ".sisyphus" ];
|
|
|
|
settings = {
|
|
init.defaultBranch = "main";
|
|
push.autoSetupRemote = true;
|
|
user = {
|
|
name = "Simon Gardling";
|
|
email = site_config.contact_email;
|
|
};
|
|
};
|
|
|
|
signing = {
|
|
format = "openpgp";
|
|
key = lib.mkDefault "9AB28AC10ECE533D";
|
|
signByDefault = lib.mkDefault true;
|
|
};
|
|
};
|
|
|
|
# Pretty diff viewer, wired into git.
|
|
programs.delta = {
|
|
enable = true;
|
|
enableGitIntegration = true;
|
|
};
|
|
}
|