Chandler Swift
862c5d6785
b92cad188c
git: warn on signing format default change
The default value for programs.git.signing.format changed in 25.05
from an implicit "openpgp" to null. Keep the existing gated
mkOptionDefault behavior so the signing block only materializes when
other signing settings are in use, but route the versioned value and
static docs text through the shared state-version helper.
Add a focused current-state-version test that covers a non-empty
signing configuration with no explicit format, alongside the existing
legacy implicit-openpgp and explicit-format tests.
277 lines
7.3 KiB
Nix
277 lines
7.3 KiB
Nix
{ config, pkgs, ... }:
|
||
|
||
{
|
||
imports =
|
||
[
|
||
./hardware-configuration.nix
|
||
(import "${builtins.fetchTarball https://github.com/nix-community/home-manager/archive/master.tar.gz}/nixos")
|
||
];
|
||
|
||
# https://discourse.nixos.org/t/github-strategies-for-configuration-nix/1983/14
|
||
nix.nixPath = [
|
||
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
|
||
"nixos-config=/home/chandler/projects/machine-config/${config.networking.hostName}/configuration.nix"
|
||
"/nix/var/nix/profiles/per-user/root/channels"
|
||
];
|
||
|
||
services.spice-vdagentd.enable = true;
|
||
services.qemuGuest.enable = true;
|
||
|
||
# Bootloader.
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
|
||
# Use latest kernel.
|
||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||
|
||
nixpkgs.overlays = [
|
||
(final: prev: {
|
||
spice-vdagent = prev.spice-vdagent.overrideAttrs ( old: rec {
|
||
version = "0.22.1";
|
||
src = prev.fetchurl {
|
||
url = "https://www.spice-space.org/download/releases/spice-vdagent-${version}.tar.bz2";
|
||
hash = "sha256-k7DRWspHYsx9N5sXmnEBFJ267WK3IRL/+ys+kLEWh6A=";
|
||
};
|
||
});
|
||
})
|
||
];
|
||
|
||
networking.hostName = "sam"; # Define your hostname.
|
||
|
||
# Enable networking
|
||
networking.networkmanager.enable = true;
|
||
|
||
# Set your time zone.
|
||
time.timeZone = "America/Chicago";
|
||
|
||
# Select internationalisation properties.
|
||
i18n.defaultLocale = "en_US.UTF-8";
|
||
|
||
i18n.extraLocaleSettings = {
|
||
LC_ADDRESS = "en_US.UTF-8";
|
||
LC_IDENTIFICATION = "en_US.UTF-8";
|
||
LC_MEASUREMENT = "en_US.UTF-8";
|
||
LC_MONETARY = "en_US.UTF-8";
|
||
LC_NAME = "en_US.UTF-8";
|
||
LC_NUMERIC = "en_US.UTF-8";
|
||
LC_PAPER = "en_US.UTF-8";
|
||
LC_TELEPHONE = "en_US.UTF-8";
|
||
LC_TIME = "en_US.UTF-8";
|
||
};
|
||
|
||
services.displayManager.sddm.enable = true;
|
||
services.displayManager.sddm.wayland.enable = true;
|
||
services.desktopManager.plasma6.enable = true;
|
||
|
||
# Enable sound with pipewire.
|
||
services.pulseaudio.enable = false;
|
||
security.rtkit.enable = true;
|
||
services.pipewire = {
|
||
enable = true;
|
||
alsa.enable = true;
|
||
alsa.support32Bit = true;
|
||
pulse.enable = true;
|
||
};
|
||
|
||
security.sudo.wheelNeedsPassword = false;
|
||
users.groups.users.gid = 100;
|
||
users.users.chandler = {
|
||
uid = 1000;
|
||
isNormalUser = true;
|
||
description = "Chandler Swift";
|
||
extraGroups = [ "networkmanager" "wheel" "docker"];
|
||
};
|
||
home-manager.users.chandler = { pkgs, ... }: {
|
||
home.packages = with pkgs; [
|
||
# applications
|
||
gimp3
|
||
inkscape
|
||
kdePackages.kate
|
||
libreoffice-qt
|
||
zed-editor
|
||
|
||
# command line applications
|
||
(azure-cli.withExtensions [
|
||
# azure-cli.extensions.automation
|
||
azure-cli.extensions.azure-devops
|
||
azure-cli.extensions.bastion
|
||
# azure-cli.extensions.fleet
|
||
# azure-cli.extensions.interactive
|
||
# azure-cli.extensions.log-analytics
|
||
azure-cli.extensions.resource-graph
|
||
# azure-cli.extensions.serial-console
|
||
azure-cli.extensions.ssh
|
||
])
|
||
iperf
|
||
units
|
||
|
||
# command line utilities
|
||
alsa-utils
|
||
dig
|
||
file
|
||
ffmpeg
|
||
git-absorb
|
||
gh
|
||
hyperfine
|
||
imagemagick
|
||
jujutsu
|
||
killall
|
||
kubectl
|
||
openconnect
|
||
pv
|
||
ripgrep
|
||
unzip
|
||
wl-clipboard
|
||
|
||
# ✨ AI ✨
|
||
ollama
|
||
|
||
# compilers/language utils
|
||
cargo
|
||
rustc
|
||
|
||
clang
|
||
|
||
go-tools
|
||
gopls
|
||
|
||
];
|
||
|
||
programs.bash = {
|
||
enable = true;
|
||
historyControl = [ "ignoredups" "ignorespace" ];
|
||
initExtra = ''
|
||
# https://kubernetes.io/docs/reference/kubectl/quick-reference/#bash
|
||
source <(kubectl completion bash)
|
||
k() {
|
||
if [[ -t 1 ]]; then # stdout is a terminal
|
||
tput dim # Konsole's default theme requires some adjustment
|
||
printf "$ kubectl --context %q" "$(kubectl config current-context 2>/dev/null)"
|
||
printf " %q" "$@"
|
||
echo
|
||
tput sgr0
|
||
fi
|
||
kubectl "$@"
|
||
}
|
||
complete -o default -F __start_kubectl k
|
||
'';
|
||
};
|
||
|
||
programs.go = {
|
||
enable = true;
|
||
env.GOPATH = [ "/home/chandler/.local/share/go" ];
|
||
};
|
||
|
||
programs.direnv = {
|
||
enable = true;
|
||
enableBashIntegration = true;
|
||
nix-direnv.enable = true;
|
||
};
|
||
|
||
programs.git = {
|
||
enable = true;
|
||
lfs.enable = true;
|
||
signing.format = "openpgp";
|
||
# TODO: delta or diff-so-fancy or difftastic
|
||
settings = {
|
||
user.name = "Chandler Swift";
|
||
help.autoCorrect = "prompt";
|
||
init.defaultBranch = "main";
|
||
diff.wsErrorHighlight = "all";
|
||
pull.ff = "only";
|
||
url."ssh://git@github.com/ChandlerSwift/".insteadOf = "gh:";
|
||
url."ssh://forgejo@bert/chandlerswift/".insteadOf = "forgejo:";
|
||
push.autoSetupRemote = true;
|
||
rebase.autosquash = true;
|
||
rebase.autostash = true;
|
||
fetch.parallel = 0; # "some reasonable default"
|
||
fetch.prune = true;
|
||
merge.conflictstyle = "diff3";
|
||
};
|
||
ignores = [
|
||
"*.kate-swp"
|
||
"*.swp"
|
||
"*~"
|
||
"\\#*\\#"
|
||
"venv"
|
||
".direnv"
|
||
];
|
||
includes = [
|
||
{
|
||
condition = "gitdir:/home/chandler/work/";
|
||
contents.user.email = "chandler.swift@pearson.com";
|
||
}
|
||
{
|
||
condition = "gitdir:/home/chandler/projects/";
|
||
contents.user.email = "chandler+pearson@chandlerswift.com";
|
||
}
|
||
{
|
||
condition = "gitdir:/home/chandler/work/github-vue/";
|
||
contents.core.sshCommand = "ssh -i ~/.ssh/github-vue";
|
||
}
|
||
{
|
||
condition = "gitdir:/home/chandler/projects/machine-config/";
|
||
contents.core.sshCommand = "ssh -i ~/.ssh/machine-config-deploy-key";
|
||
}
|
||
];
|
||
hooks = {
|
||
pre-commit = ../git-pre-commit-hook;
|
||
};
|
||
signing.signByDefault = true;
|
||
signing.key = null; # "let GnuPG decide what signing key to use depending on commit's author"
|
||
};
|
||
|
||
programs.ssh = {
|
||
enable = true;
|
||
matchBlocks."*".addKeysToAgent = "yes";
|
||
matchBlocks."ssh.dev.azure.com".extraOptions.WarnWeakCrypto = "no-pq-kex";
|
||
includes = [
|
||
"config.d/*"
|
||
];
|
||
};
|
||
|
||
programs.firefox.enable = true;
|
||
|
||
programs.chromium = {
|
||
enable = true;
|
||
extensions = [
|
||
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # ublock origin
|
||
];
|
||
};
|
||
|
||
programs.atuin = {
|
||
enable = true;
|
||
flags = [
|
||
"--disable-up-arrow"
|
||
];
|
||
};
|
||
|
||
home.stateVersion = "25.05";
|
||
};
|
||
|
||
services.displayManager.autoLogin.enable = true;
|
||
services.displayManager.autoLogin.user = "chandler";
|
||
|
||
virtualisation.docker.enable = true;
|
||
|
||
environment.systemPackages = with pkgs; [
|
||
git
|
||
];
|
||
|
||
# Some programs need SUID wrappers, can be configured further or are
|
||
# started in user sessions.
|
||
# programs.mtr.enable = true;
|
||
programs.gnupg.agent = {
|
||
enable = true;
|
||
# enableSSHSupport = true;
|
||
};
|
||
|
||
# This value determines the NixOS release from which the default
|
||
# settings for stateful data, like file locations and database versions
|
||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||
# this value at the release version of the first install of this system.
|
||
# Before changing this value read the documentation for this option
|
||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||
system.stateVersion = "25.05"; # Did you read the comment?
|
||
|
||
}
|