145 lines
3.6 KiB
Nix
145 lines
3.6 KiB
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
config,
|
|
system,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
with pkgs;
|
|
let
|
|
unstable = inputs.nixos-unstable.legacyPackages.${system};
|
|
in
|
|
{
|
|
imports = [ ./modules/llm.nix ];
|
|
|
|
schmittlauch.packages = {
|
|
graphics = true;
|
|
multimedia = true;
|
|
nixHelpers = true;
|
|
devTools = true;
|
|
pythonTools = true;
|
|
};
|
|
|
|
home.packages = [
|
|
wireshark # on NixOS systems enabled via system config
|
|
_1password-cli
|
|
rectangle
|
|
# also TODO: color schemes nix-darwin
|
|
];
|
|
|
|
# pinning theme is necessary until iTerm 3.5, because despite the dark terminal background, bat detects light mode and adapts theme
|
|
programs.bat.config.theme = "Visual Studio Dark+";
|
|
|
|
programs.ssh = {
|
|
enable = true;
|
|
# defaults in bottom match block "*"
|
|
# TODO: common config for desktop as well
|
|
serverAliveInterval = 10;
|
|
serverAliveCountMax = 2; # 2 strikes and you're out
|
|
# ssh host config
|
|
matchBlocks = {
|
|
|
|
# early catchall to enforce agent socket usage. **NOT** the place for fallback defaults.
|
|
"*" = {
|
|
extraOptions = {
|
|
IdentityAgent = "\"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
|
|
};
|
|
};
|
|
|
|
"hydra01" = lib.hm.dag.entryAfter [ "*" ] {
|
|
hostname = "hydra01.access.whq.gocept.net";
|
|
user = "os";
|
|
};
|
|
"fcio-whq-jump" = lib.hm.dag.entryAfter [ "*" ] {
|
|
hostname = "vpn-whq.services.fcio.net";
|
|
extraOptions = {
|
|
LogLevel = "Verbose";
|
|
AddressFamily = "inet";
|
|
ControlMaster = "auto";
|
|
# not too long, due to the frequent keepalives
|
|
ControlPersist = "1h";
|
|
};
|
|
|
|
};
|
|
"fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] {
|
|
# multiplexer, e.g. to avoid rate limiting on jumphost usage
|
|
hostname = "vpn-rzob.services.fcio.net";
|
|
extraOptions = {
|
|
LogLevel = "Verbose";
|
|
AddressFamily = "inet";
|
|
ControlMaster = "auto";
|
|
# not too long, due to the frequent keepalives
|
|
ControlPersist = "1h";
|
|
};
|
|
|
|
};
|
|
};
|
|
};
|
|
|
|
programs.git =
|
|
let
|
|
contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
|
|
in
|
|
{
|
|
includes = [
|
|
{
|
|
condition = "gitdir:~/src/schmittlauch/";
|
|
contents = {
|
|
user = {
|
|
inherit (contacts.schmittlauch) name email;
|
|
};
|
|
};
|
|
}
|
|
]
|
|
# set default name for several other common locations
|
|
++ map (dir: {
|
|
condition = "gitdir:${dir}";
|
|
contents = {
|
|
user = {
|
|
inherit (contacts.work) name email;
|
|
};
|
|
};
|
|
}) [ "~/" ];
|
|
};
|
|
|
|
# some extra shell scripts
|
|
programs.zsh.initContent = lib.mkAfter (
|
|
import ./scripts/reporsync.nix { inherit pkgs lib; }
|
|
+ import ./scripts/ssh-loop-fc.nix { inherit pkgs lib; }
|
|
);
|
|
|
|
# separate proxied browser using the DHCP-supplied DNS for accessing captive portals
|
|
programs.captive-browser = {
|
|
enable = true;
|
|
interface = "en0";
|
|
};
|
|
launchd.agents.hydra_proxy = {
|
|
enable = true;
|
|
config = {
|
|
ProgramArguments = [
|
|
"${lib.getExe pkgs.autossh}"
|
|
"-M"
|
|
"0"
|
|
"-D"
|
|
"1080"
|
|
"-oServerAliveInterval=30"
|
|
"-oControlMaster=no"
|
|
"-N"
|
|
"vpn-whq.services.fcio.net"
|
|
];
|
|
# TODO: consider socket activation instead
|
|
KeepAlive = true;
|
|
ThrottleInterval = 60;
|
|
};
|
|
};
|
|
nixpkgs.config.allowUnfreePredicate =
|
|
pkg:
|
|
builtins.elem (lib.getName pkg) [
|
|
"1password-cli"
|
|
"claude-code"
|
|
]; # nixpkgs.config merging is unfortunately broken
|
|
|
|
home.stateVersion = "22.05";
|
|
}
|