envs/home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: envs:7f087bc39e64786652e38702081a7cce01c69d03
Branches Tags
envs:main envs:improvements
...
compare: envs:improvements
Branches Tags
envs:main envs:improvements

3 Commits
7f087bc39e ... improvemen

Author SHA1 Message Date
Morten Olsen
20548f94cd add argocd 2025-12-16 20:26:49 +01:00
Morten Olsen
8cd490ad3b added zen browser 2025-12-16 20:22:35 +01:00
Morten Olsen
4ca7376a20 improved system setup 2025-12-16 19:58:34 +01:00
11 changed files with 262 additions and 294 deletions
Expand all files Collapse all files

26
flake.lock generated
View File

@@ -60,7 +60,31 @@
"inputs": { "inputs": {
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"zen-browser": "zen-browser"
}
},
"zen-browser": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1765895443,
"narHash": "sha256-yftYGV0skUwV5neT1BJrs7RRbXPKozQTzC7d9c7kEFs=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "bc7dfff92cb7919dfb213ea78c11ea0a4d265a56",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
} }
} }
}, },

10
flake.nix
View File

@@ -16,6 +16,16 @@
url = "github:LnL7/nix-darwin"; url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zen-browser = {
url = "github:0xc000022070/zen-browser-flake";
inputs = {
# IMPORTANT: we're using "libgbm" and is only available in unstable so ensure
# to have it up-to-date or simply don't specify the nixpkgs input
nixpkgs.follows = "nixpkgs";
home-manager.follows = "home-manager";
};
};
}; };
outputs = { outputs = {

3
home/default.nix
View File

@@ -7,10 +7,13 @@
pkgs, pkgs,
lib, lib,
username, username,
inputs,
... ...
}: { }: {
# Import shared modules # Import shared modules
imports = [ imports = [
inputs.zen-browser.homeModules.beta
# Shell configuration (zsh, starship, atuin, direnv, zoxide, fzf, pyenv) # Shell configuration (zsh, starship, atuin, direnv, zoxide, fzf, pyenv)
../modules/home/shell.nix ../modules/home/shell.nix

4
home/personal.nix
View File

@@ -70,6 +70,10 @@
username = "morten"; username = "morten";
passwordFile = "/Users/alice/Library/Application Support/jellyfin-tui/pass"; passwordFile = "/Users/alice/Library/Application Support/jellyfin-tui/pass";
}; };
zen-browser = {
enable = true;
};
}; };
# Personal-only packages # Personal-only packages

128
hosts/personal/default.nix
View File

@@ -11,136 +11,10 @@
}: { }: {
# Import darwin modules # Import darwin modules
imports = [ imports = [
../../modules/darwin/system.nix
../../modules/darwin/homebrew.nix ../../modules/darwin/homebrew.nix
]; ];
# Nix configuration
nix = {
settings = {
# Enable flakes and new nix command
experimental-features = ["nix-command" "flakes"];
# Avoid unwanted garbage collection when using nix-direnv
keep-outputs = true;
keep-derivations = true;
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
system = {
primaryUser = username;
keyboard = {
enableKeyMapping = true;
remapCapsLockToControl = true;
};
startup.chime = false;
defaults = {
spaces.spans-displays = false;
loginwindow = {
GuestEnabled = false;
DisableConsoleAccess = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 0.0;
orientation = "bottom";
dashboard-in-overlay = true;
largesize = 85;
tilesize = 50;
magnification = true;
launchanim = false;
mru-spaces = false;
show-recents = false;
show-process-indicators = false;
static-only = true;
};
finder = {
AppleShowAllExtensions = true;
AppleShowAllFiles = true;
CreateDesktop = false;
FXDefaultSearchScope = "SCcf"; # current folder
QuitMenuItem = true;
};
NSGlobalDomain = {
NSAutomaticSpellingCorrectionEnabled = false;
NSAutomaticCapitalizationEnabled = false;
NSAutomaticPeriodSubstitutionEnabled = false;
NSAutomaticDashSubstitutionEnabled = false;
NSAutomaticQuoteSubstitutionEnabled = false;
NSAutomaticWindowAnimationsEnabled = false;
NSDocumentSaveNewDocumentsToCloud = false;
ApplePressAndHoldEnabled = false;
KeyRepeat = 2;
InitialKeyRepeat = 10;
# Enable subpixel font rendering on non-Apple LCDs
# Reference: https://github.com/kevinSuttle/macOS-Defaults/issues/17#issuecomment-266633501
AppleFontSmoothing = 2;
# Finder: show all filename extensions
AppleShowAllExtensions = true;
};
CustomUserPreferences = {
LaunchServices = {
# Whether to enable quarantine for downloaded applications
LSQuarantine = false;
};
trackpad = {
Clicking = true;
TrackpadRightClick = true;
};
"com.apple.systempreferences" = {
# Disable Resume system-wide
NSQuitAlwaysKeepsWindows = false;
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.AdLib" = {
# Don't fucking track me...
allowApplePersonalizedAdvertising = false;
};
"com.apple.BluetoothAudioAgent" = {
# Increase sound quality for Bluetooth headphones/headsets
"Apple Bitpool Min (editable)" = -40;
};
"com.apple.dashboard" = {
# Disable Dashboard
mcx-disabled = true;
};
alf = {
# Enables Firewall
globalstate = 1;
# Enable logging of requests
loggingenabled = 1;
# Drops incoming requests via ICMP such as ping requests
stealthenabled = 1;
};
};
};
};
users.users.${username} = {
name = username;
home = "/Users/${username}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFaIAP/ZJ7+7jeR44e1yIJjfQAB6MN351LDKJAXVF62P"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAzuPy7D/54GxMq9Zhz0CUjaDnEQ6RkQ/yqVYl7U55k"
];
};
# System-level programs # System-level programs
programs = { programs = {

129
hosts/work/default.nix
View File

@@ -11,137 +11,10 @@
}: { }: {
# Import darwin modules # Import darwin modules
imports = [ imports = [
../../modules/darwin/system.nix
../../modules/darwin/homebrew.nix ../../modules/darwin/homebrew.nix
]; ];
# Nix configuration
nix = {
settings = {
# Enable flakes and new nix command
experimental-features = ["nix-command" "flakes"];
# Avoid unwanted garbage collection when using nix-direnv
keep-outputs = true;
keep-derivations = true;
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
system = {
primaryUser = username;
keyboard = {
enableKeyMapping = true;
remapCapsLockToControl = true;
};
startup.chime = false;
defaults = {
spaces.spans-displays = false;
loginwindow = {
GuestEnabled = false;
DisableConsoleAccess = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 0.0;
orientation = "bottom";
dashboard-in-overlay = true;
largesize = 85;
tilesize = 50;
magnification = true;
launchanim = false;
mru-spaces = false;
show-recents = false;
show-process-indicators = false;
static-only = true;
};
finder = {
AppleShowAllExtensions = true;
AppleShowAllFiles = true;
CreateDesktop = false;
FXDefaultSearchScope = "SCcf"; # current folder
QuitMenuItem = true;
};
NSGlobalDomain = {
NSAutomaticSpellingCorrectionEnabled = false;
NSAutomaticCapitalizationEnabled = false;
NSAutomaticPeriodSubstitutionEnabled = false;
NSAutomaticDashSubstitutionEnabled = false;
NSAutomaticQuoteSubstitutionEnabled = false;
NSAutomaticWindowAnimationsEnabled = false;
NSDocumentSaveNewDocumentsToCloud = false;
ApplePressAndHoldEnabled = false;
KeyRepeat = 2;
InitialKeyRepeat = 10;
# Enable subpixel font rendering on non-Apple LCDs
# Reference: https://github.com/kevinSuttle/macOS-Defaults/issues/17#issuecomment-266633501
AppleFontSmoothing = 2;
# Finder: show all filename extensions
AppleShowAllExtensions = true;
};
CustomUserPreferences = {
LaunchServices = {
# Whether to enable quarantine for downloaded applications
LSQuarantine = false;
};
trackpad = {
Clicking = true;
TrackpadRightClick = true;
};
"com.apple.systempreferences" = {
# Disable Resume system-wide
NSQuitAlwaysKeepsWindows = false;
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.AdLib" = {
# Don't fucking track me...
allowApplePersonalizedAdvertising = false;
};
"com.apple.BluetoothAudioAgent" = {
# Increase sound quality for Bluetooth headphones/headsets
"Apple Bitpool Min (editable)" = -40;
};
"com.apple.dashboard" = {
# Disable Dashboard
mcx-disabled = true;
};
alf = {
# Enables Firewall
globalstate = 1;
# Enable logging of requests
loggingenabled = 1;
# Drops incoming requests via ICMP such as ping requests
stealthenabled = 1;
};
};
};
};
users.users.${username} = {
name = username;
home = "/Users/${username}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFaIAP/ZJ7+7jeR44e1yIJjfQAB6MN351LDKJAXVF62P"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAzuPy7D/54GxMq9Zhz0CUjaDnEQ6RkQ/yqVYl7U55k"
];
};
# System-level programs # System-level programs
programs = { programs = {
# Enable zsh as it's the default macOS shell # Enable zsh as it's the default macOS shell

140
modules/darwin/system.nix Normal file
View File

@@ -0,0 +1,140 @@
# It sets up system-level configuration and integrates with home-manager.
{
config,
pkgs,
lib,
username,
...
}: {
# Nix configuration
nix = {
settings = {
# Enable flakes and new nix command
experimental-features = ["nix-command" "flakes"];
# Avoid unwanted garbage collection when using nix-direnv
keep-outputs = true;
keep-derivations = true;
};
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
system = {
primaryUser = username;
keyboard = {
enableKeyMapping = true;
remapCapsLockToControl = true;
};
startup.chime = false;
defaults = {
spaces.spans-displays = false;
loginwindow = {
GuestEnabled = false;
DisableConsoleAccess = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 0.0;
orientation = "bottom";
dashboard-in-overlay = true;
largesize = 85;
tilesize = 50;
magnification = true;
launchanim = false;
mru-spaces = false;
show-recents = false;
show-process-indicators = false;
static-only = true;
};
finder = {
AppleShowAllExtensions = true;
AppleShowAllFiles = true;
CreateDesktop = false;
FXDefaultSearchScope = "SCcf"; # current folder
QuitMenuItem = true;
};
NSGlobalDomain = {
NSAutomaticSpellingCorrectionEnabled = false;
NSAutomaticCapitalizationEnabled = false;
NSAutomaticPeriodSubstitutionEnabled = false;
NSAutomaticDashSubstitutionEnabled = false;
NSAutomaticQuoteSubstitutionEnabled = false;
NSAutomaticWindowAnimationsEnabled = false;
NSDocumentSaveNewDocumentsToCloud = false;
ApplePressAndHoldEnabled = false;
KeyRepeat = 2;
InitialKeyRepeat = 10;
# Enable subpixel font rendering on non-Apple LCDs
# Reference: https://github.com/kevinSuttle/macOS-Defaults/issues/17#issuecomment-266633501
AppleFontSmoothing = 2;
# Finder: show all filename extensions
AppleShowAllExtensions = true;
};
CustomUserPreferences = {
LaunchServices = {
# Whether to enable quarantine for downloaded applications
LSQuarantine = false;
};
trackpad = {
Clicking = true;
TrackpadRightClick = true;
};
"com.apple.systempreferences" = {
# Disable Resume system-wide
NSQuitAlwaysKeepsWindows = false;
};
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screensaver" = {
# Require password immediately after sleep or screen saver begins
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.AdLib" = {
# Don't fucking track me...
allowApplePersonalizedAdvertising = false;
};
"com.apple.BluetoothAudioAgent" = {
# Increase sound quality for Bluetooth headphones/headsets
"Apple Bitpool Min (editable)" = -40;
};
"com.apple.dashboard" = {
# Disable Dashboard
mcx-disabled = true;
};
alf = {
# Enables Firewall
globalstate = 1;
# Enable logging of requests
loggingenabled = 1;
# Drops incoming requests via ICMP such as ping requests
stealthenabled = 1;
};
};
};
};
users.users.${username} = {
name = username;
home = "/Users/${username}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFaIAP/ZJ7+7jeR44e1yIJjfQAB6MN351LDKJAXVF62P"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAzuPy7D/54GxMq9Zhz0CUjaDnEQ6RkQ/yqVYl7U55k"
];
};
# Used for backwards compatibility, read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
}

44
modules/home/apps.nix
View File

@@ -21,6 +21,15 @@ in {
}; };
}; };
zen-browser = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable Zen Browser configuration (macOS only)";
};
};
jellyfin-tui = { jellyfin-tui = {
enable = lib.mkOption { enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@@ -55,6 +64,41 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.zen-browser = lib.mkIf cfg.zen-browser.enable {
enable = true;
policies = let
mkExtensionSettings = builtins.mapAttrs (_: pluginId: {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/${pluginId}/latest.xpi";
installation_mode = "force_installed";
});
in {
AutofillAddressEnabled = true;
AutofillCreditCardEnabled = false;
DisableAppUpdate = true;
DisableFeedbackCommands = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DontCheckDefaultBrowser = true;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
ExtensionSettings = mkExtensionSettings {
"78272b6fa58f4a1abaac99321d503a20@proton.me" = "proton-pass";
"{d7742d87-e61d-4b78-b8a1-b469842139fa}" = "vimium-ff";
"readeck@readeck.com" = "readeck";
"@testpilot-containers" = "multi-account-containers";
"uBlock0@raymondhill.net" = "ublock-origin";
};
};
};
# Aerospace window manager configuration (macOS) # Aerospace window manager configuration (macOS)
# Placed at ~/.aerospace.toml # Placed at ~/.aerospace.toml
home.file = lib.mkMerge [ home.file = lib.mkMerge [

30
modules/home/git.nix
View File

@@ -80,18 +80,26 @@ in {
programs.git = { programs.git = {
enable = true; enable = true;
# User configuration
userName = cfg.userName;
userEmail = cfg.userEmail;
# Signing configuration with 1Password # Signing configuration with 1Password
signing = { signing = {
key = cfg.signingKey; key = cfg.signingKey;
signByDefault = true; signByDefault = true;
}; };
# Extra configuration # Conditional includes for project-specific configurations
extraConfig = { includes = map (inc: {
condition = inc.condition;
path = inc.path;
}) cfg.includes;
# All git settings using the new unified settings option
settings = {
# User configuration
user = {
name = cfg.userName;
email = cfg.userEmail;
};
# Core settings (pager is set by programs.delta) # Core settings (pager is set by programs.delta)
core = { core = {
hooksPath = "/dev/null"; hooksPath = "/dev/null";
@@ -144,10 +152,9 @@ in {
"difftool \"nvimdiff\"" = { "difftool \"nvimdiff\"" = {
cmd = "nvim -d \"$LOCAL\" \"$REMOTE\""; cmd = "nvim -d \"$LOCAL\" \"$REMOTE\"";
}; };
};
# Aliases # Aliases
aliases = { alias = {
graph = "log --graph --color --pretty=format:\"%C(yellow)%H%C(green)%d%C(reset)%n%x20%cd%n%x20%cn%C(blue)%x20(%ce)%x20%C(cyan)[gpg:%GK%x20%G?]%C(reset)%n%x20%s%n\""; graph = "log --graph --color --pretty=format:\"%C(yellow)%H%C(green)%d%C(reset)%n%x20%cd%n%x20%cn%C(blue)%x20(%ce)%x20%C(cyan)[gpg:%GK%x20%G?]%C(reset)%n%x20%s%n\"";
ll = "log --oneline"; ll = "log --oneline";
st = "status -sb"; st = "status -sb";
@@ -161,12 +168,7 @@ in {
undo = "reset HEAD~1 --mixed"; undo = "reset HEAD~1 --mixed";
unstage = "reset HEAD --"; unstage = "reset HEAD --";
}; };
};
# Conditional includes for project-specific configurations
includes = map (inc: {
condition = inc.condition;
path = inc.path;
}) cfg.includes;
}; };
}; };
} }

3
modules/home/packages.nix
View File

@@ -30,6 +30,7 @@
duf # A better df alternative duf # A better df alternative
hyperfine # A command-line benchmarking tool. hyperfine # A command-line benchmarking tool.
choose # A human-friendly and fast alternative to cut and (sometimes) awk choose # A human-friendly and fast alternative to cut and (sometimes) awk
coreutils
yazi # File manager yazi # File manager
# ======================================================================== # ========================================================================
@@ -88,6 +89,8 @@
k9s # Kubernetes TUI k9s # Kubernetes TUI
istioctl # Istio service mesh CLI istioctl # Istio service mesh CLI
fluxcd # GitOps toolkit fluxcd # GitOps toolkit
popeye #
argocd
# ======================================================================== # ========================================================================
# Infrastructure and Cloud Tools # Infrastructure and Cloud Tools

9
modules/home/shell.nix
View File

@@ -69,9 +69,6 @@
"--color=fg:#cdd6f4,header:#f38ba8,info:#cba6f7,pointer:#f5e0dc" "--color=fg:#cdd6f4,header:#f38ba8,info:#cba6f7,pointer:#f5e0dc"
"--color=marker:#f5e0dc,fg+:#cdd6f4,prompt:#cba6f7,hl+:#f38ba8" "--color=marker:#f5e0dc,fg+:#cdd6f4,prompt:#cba6f7,hl+:#f38ba8"
]; ];
# NVM directory
NVM_DIR = "$HOME/.nvm";
}; };
# Shell aliases (migrated from 01-env.sh and 01-nvim.sh) # Shell aliases (migrated from 01-env.sh and 01-nvim.sh)
@@ -237,12 +234,6 @@
enableZshIntegration = true; enableZshIntegration = true;
}; };
# ==========================================================================
# NVM - Node Version Manager
# ==========================================================================
# NVM is installed via Homebrew and sourced in the shell
# This allows managing multiple Node.js versions per project
# ========================================================================== # ==========================================================================
# Pyenv - Python version management # Pyenv - Python version management
# ========================================================================== # ==========================================================================