reciproka/reciproka-ops
1
0
Fork 0
Code Issues 6 Pull requests Packages Projects Releases Wiki Activity

jfdic: initial deployment

Browse source
This commit is contained in:
Fiscal Velvet Poet 2021-10-07 12:13:48 +10:00
parent bf3251ec14
commit a9a5547006
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
17 changed files with 832 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
deployments/jfdic-ops.nix Normal file
View file

@ -0,0 +1,19 @@
# NixOps configuration for the jfdic-ops nodes
{
network = {
description = "jfdic-ops nodes";
enableRollback = true;
};
resources.sshKeyPairs.ssh-key = {};
defaults =
{ config, pkgs, lib, ... }:
{
system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps
};
toscano = import ../hosts/toscano.nix;
}

41
hardware/linode_vm.nix Normal file
View file

@ -0,0 +1,41 @@
# Configuration common to all JFDIC Linode VMs
{ config, pkgs, lib, ... }:
{
imports = [
# Import the NixOS Qemu guest settings
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
boot.initrd.availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "console=ttyS0,19200n8" ];
boot.loader = {
grub = {
extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
device = "nodev";
};
timeout = 10;
};
# File systems configuration for the Linode VMs
fileSystems."/" =
{ device = "/dev/sda";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/sdb";
}
];
nix.maxJobs = lib.mkDefault 4;
}

19
hosts/toscano.nix Normal file
View file

@ -0,0 +1,19 @@
# NixOps configuration for toscano
{ config, pkgs, lib, ... }:
{
imports =
[
../networks/linode.nix
../profiles/gitea.nix
../secrets/gitea.nix
];
deployment.targetHost = "45.79.236.198";
networking.hostName = "toscano";
system.stateVersion = "21.05"; # The version of NixOS originally installed
}

37
networks/linode-common.nix Normal file
View file

@ -0,0 +1,37 @@
# NixOps configuration common to Linode VMs
{ config, pkgs, lib, ... }:
{
imports =
[
../profiles/host_common.nix
../profiles/server_common.nix
];
# Ensure the right package architecture is used
nixpkgs.localSystem = {
system = "x86_64-linux";
config = "x86_64-unknown-linux-gnu";
};
# Tools that Linode support like to have install if you need them.
environment.systemPackages = with pkgs; [
inetutils
mtr
sysstat
];
# Configure firewall defaults:
networking = {
usePredictableInterfaceNames = false; # As per Linode's networking guidlines
domain = "jfdic.org";
interfaces.eth0.useDHCP = true;
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
trustedInterfaces = [ "lo" ];
};
};
}

11
networks/linode.nix Normal file
View file

@ -0,0 +1,11 @@
# NixOps configuration for the Linode VMs
{ config, pkgs, lib, ... }:
{
imports =
[
../hardware/linode_vm.nix
./linode-common.nix
];
}

19
profiles/bash.nix Normal file
View file

@ -0,0 +1,19 @@
# Configuration common to all JFDIC servers
{ config, ... }:
{
# Program defaults for all hosts
programs.bash = {
interactiveShellInit = ''
export TERM="xterm-256color"
test -r ~/.dir_colors && eval $(dircolors ~/.dir_colors)
'';
promptInit = ''
eval "$(starship init bash)"
'';
vteIntegration = true;
};
}

11
profiles/chrony.nix Normal file
View file

@ -0,0 +1,11 @@
# NixOps configuration for the hosts running a Chrony service
{ config, ... }:
{
services.chrony = {
enable = true; # Enable Chrony
};
}

90
profiles/gitea.nix Normal file
View file

@ -0,0 +1,90 @@
# NixOps configuration for the hosts running Gitea
{ config, pkgs, lib, ... }:
{
services.gitea = {
enable = true; # Enable Gitea
appName = "JFDI Collective: Gitea Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
disableRegistration = true;
domain = "source.jfdic.org"; # Domain name
rootUrl = "https://source.jfdic.org/"; # Root web URL
httpPort = 3002; # Provided unique port
settings = let
docutils =
pkgs.python37.withPackages (ps: with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in {
mailer = {
ENABLED = true;
FROM = "source@jfdic.org";
};
repository = {
DEFAULT_BRANCH = "consensus";
};
service = {
REGISTER_EMAIL_CONFIRM = true;
};
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
ui = {
DEFAULT_THEME = "gitea"; # Set the default theme
};
};
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = # Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [
{
name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."source.jfdic.org" = { # Gitea hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
};
};
security.acme = {
acceptTerms = true;
certs = {
"source.jfdic.org".email = "source@jfdic.org";
};
};
users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204
}

109
profiles/host_common.nix Normal file
View file

@ -0,0 +1,109 @@
# Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{
imports = [
../profiles/bash.nix
../profiles/chrony.nix
../profiles/neovim.nix
../profiles/logrotate.nix
../profiles/nix-direnv.nix
../profiles/starship.nix
../profiles/tmux.nix
../profiles/zsh.nix
];
# Common boot settings
boot = {
cleanTmpDir = true; # Clean /tmp on reboot
};
# Select internationalisation properties.
i18n = {
defaultLocale = "en_AU.UTF-8"; # Set the default locale
};
# Set the defaul console properties
console = {
keyMap = "us"; # Set the default console key map
font = "ter-powerline-v16Rv"; # Set the default console font
};
time.timeZone = "Etc/UTC";
documentation.nixos.enable = false; # Disable documentation, save space
# Set security options:
security.sudo.enable = true;
security.sudo.wheelNeedsPassword = false;
# Configure and install required fonts
fonts.enableDefaultFonts = true;
fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
powerline-fonts # Required for Powerline prompts
];
fonts.fontconfig.includeUserConf = false;
# Adapted from gchristensen and clever
nix = {
nixPath = [
# Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host
(let
cfg = pkgs.writeText "configuration.nix"
''
assert builtins.trace "This system is managed by NixOps." false;
{}
'';
in "nixos-config=${cfg}")
# Copy the channel version from the deploy host to the target
"nixpkgs=/run/current-system/nixpkgs"
];
gc = {
automatic = true; # Enable Nix garbage collection:
dates = "weekly";
options = "--delete-older-than 90d";
};
autoOptimiseStore = true;
extraOptions = ''
show-trace = true # Enable --show-trace by default for nix
builders-use-substitutes = true # Set builders to use caches
'';
trustedUsers = ["fiscalvelvetpoet"];
};
system.extraSystemBuilderCmds = ''
ln -sv ${pkgs.path} $out/nixpkgs
'';
environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = {
BAT_THEME="Dracula";
};
# Set the system-wide environment
environment = {
systemPackages = with pkgs; [
bat # cat clone with syntax highlighting & Git integration
byobu # text-based window manager and terminal multiplexer.
dnsutils # Bind DNS utilities
fd # A simple, fast and user-friendly alternative to find
git # Distributed version control system
htop # interactive process viewer
hwinfo # Hardware detection tool
killall # kill processes by name
lshw # Detailed information on the hardware configuration
lsof # list open files
mosh # Mobile shell (ssh replacement)
ncdu # Disk usage analyzer with an ncurses interface
nix-index # A files database for nixpkgs
ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep
];
};
# Users common across JFDIC Ops:
users.mutableUsers = false; # Remove any users not defined in here
}

11
profiles/logrotate.nix Normal file
View file

@ -0,0 +1,11 @@
# logrotate configuration for NixOS / NixOps
{ config, ... }:
{
services.logrotate = {
enable = true; # Enable the logrotate service
};
}

300
profiles/neovim.nix Normal file
View file

@ -0,0 +1,300 @@
{ pkgs, ... }:
{
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
(neovim.override {
vimAlias = true;
configure = {
packages.myPlugins = with pkgs.vimPlugins; {
start = [
airline # Lean & mean status/tabline for vim that's light as air
dracula-vim # Dracula theme for vim
fugitive # Vim Git wrapper
fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim
haskell-vim # Syntax Highlighting and Indentation for Haskell
indentLine # Display thin vertical lines at each indentation level
neocomplete-vim # Keyword completion system
nerdcommenter # Comment functions so powerful—no comment necessary
nerdtree # File system explorer
nerdtree-git-plugin # Plugin for nerdtree showing git status
supertab # Allows you to use <Tab> for all your insert completion
syntastic # Syntax checking hacks
vim-addon-nix # Scripts assisting writing .nix files
vim-autoformat # Automatically format code
vim-cue # Cue filetype plugin for Vim
vim-lastplace
vim-markdown-toc # Generate table of contents for Markdown files
vim-nix # Support for writing Nix expressions in vim
vim-numbertoggle # Toggle between relative / absolute line numbers automatically
vim-one
];
opt = [];
};
customRC = ''
" Preferred global default settings:
set nocompatible
set backspace=indent,eol,start
set number relativenumber " Enable relative line numbers by default
set cursorline " Highlight the current line number
set smartindent " Automatically insert extra level of indentation
set tabstop=4 " Default tabstop
set shiftwidth=4 " Default indent spacing
set expandtab " Expand [TABS] to spaces
packadd! dracula-vim
syntax on " Enable syntax highlighting
set t_Co=256 " Use 265 colors in vim
set background=dark " Set the default background scheme
colorscheme dracula " Set the default colour scheme
"let g:one_allow_italics = 1 " I love italic for comments
set spell spelllang=en_au " Defaul spell checking language
set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
match ErrorMsg '\s\+$' "
nnoremap <silent> <C-p> :Files<CR>
nnoremap <silent> <Leader>f :Rg<CR>
set grepprg=rg\ --vimgrep\ --smart-case\ --follow
let g:airline_powerline_fonts = 1 " Use powerline fonts
let g:airline_theme='dracula' " Set the airline theme
"call togglebg#map("<F10>") " Toggle background colour between dark|light
set laststatus=2 " Set up the status line so it's coloured and always on
" Removes trailing spaces:
function! TrimWhiteSpace()
%s/\s\+$//e
endfunction
" Trigger for numbertoggle to switch modes
nnoremap <silent> <C-n> :set relativenumber!<CR>
" Tab settings
let g:SuperTabDefaultCompletionType = 'context'
let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc']
let g:SuperTabRetainCompletionType=2
inoremap <expr><Enter> pumvisible() ? "\<C-Y>" : "\<Enter>"
inoremap <expr><TAB> pumvisible() ? "\<C-n>" : "\<TAB>"
nnoremap <silent> <Leader>RemoveTrailingWhiteSpace :call TrimWhiteSpace()<CR>
autocmd FileWritePre * :call TrimWhiteSpace()
autocmd FileAppendPre * :call TrimWhiteSpace()
autocmd FilterWritePre * :call TrimWhiteSpace()
autocmd BufWritePre * :call TrimWhiteSpace()
"autocmd BufWrite * :Autoformat
" FIXME: Currently always set to dark due to issues with Termonad Solarized theme
" Light during the day, dark during the night
let hour = strftime("%H")
if 7 <= hour && hour < 17
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
else
"set background=dark
"hi Normal ctermbg=none " Set a transparent background
"let g:airline_solarized_bg='dark' " Set the airline background
endif
" Transparent editing of gpg encrypted files.
" By Wouter Hanegraaff <wouter@blub.net>
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
" Manage ISO files
augroup iso
au!
" First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre *.iso set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.iso set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.iso set bin
autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.iso set nobin
autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.iso u
augroup END
" Use persistent history.
if !isdirectory("/tmp/.vim-undo-dir")
call mkdir("/tmp/.vim-undo-dir", "", 0700)
endif
set undodir=/tmp/.vim-undo-dir
set undofile
" JFDIC Markdown environment
function! MarkdownSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings()
autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings()
" JFDIC ReStructured Text environment
function! ReStructuredSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings()
autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings()
" JFDIC LaTeX environment:
function! LaTeXSettings()
set textwidth=79
set spell spelllang=en_au
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings()
" Settings for JFDIC Haskell environment:
function! HaskellSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings()
" Settings for JFDIC Nix environment:
function! NixSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=nix
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings()
" Settings for JFDIC Cue environment:
function! CueSettings()
set noexpandtab
set tabstop=2
set shiftwidth=2
set textwidth=79
let g:cue_fmt_on_save = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings()
" Settings for JFDIC Rust environment:
function! RustSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
let g:rustfmt_autosave = 1
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings()
" Settings for JFDIC Crystal environment:
function! CrystalSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set filetype=crystal
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings()
" Settings for JFDIC Golang environment:
function! GoSettings()
set tabstop=7
set shiftwidth=7
set noexpandtab
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()
" Settings for JFDIC Python environment:
function! PythonSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings()
" JFDIC Mutt environment
function! MuttSettings()
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings()
autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings()
" Settings for JFDIC C environment:
function! CSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings()
" Settings for JFDIC YAML environment:
function! YAMLSettings()
set tabstop=2
set shiftwidth=2
set expandtab
set textwidth=79
set spell spelllang=en_au
hi clear SpellBad " Clear any unwanted default settings
hi SpellBad cterm=underline " Set the spell checking highlight style
hi SpellBad ctermbg=NONE " Set the spell checking highlight background
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings()
autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings()
" Settings for JFDIC Bash environment:
function! BashSettings()
set tabstop=4
set shiftwidth=4
set expandtab
set textwidth=79
set spell!
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings()
'';
};
}
)];
}

29
profiles/nix-direnv.nix Normal file
View file

@ -0,0 +1,29 @@
# NixOps configuration nix-direnv
{ config, pkgs, lib, ... }:
{
nix = {
extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
};
# Set the environment
environment = {
systemPackages = with pkgs; [
direnv # A shell extension that manages your environment
nix-direnv # A fast, persistent use_nix implementation for direnv
];
pathsToLink = [
"/share/nix-direnv"
];
};
nixpkgs.overlays = [
(self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } )
];
}

21
profiles/openssh.nix Normal file
View file

@ -0,0 +1,21 @@
# SSH service configuration common to all hosts
{ config, pkgs, lib, ... }:
{
services.openssh = {
enable = true; # Enable the OpenSSH daemon.
permitRootLogin = "prohibit-password";
challengeResponseAuthentication = false;
passwordAuthentication = false;
openFirewall = true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}

19
profiles/server_common.nix Normal file
View file

@ -0,0 +1,19 @@
# Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{
imports =
[
../profiles/openssh.nix
../secrets/user-fiscalvelvetpoet.nix
../secrets/user-root.nix
];
programs.mosh = {
enable = true;
withUtempter = true;
};
}

7
profiles/starship.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
starship # A minimal, blazing fast, and extremely customizable prompt for any shell
];
}

47
profiles/tmux.nix Normal file
View file

@ -0,0 +1,47 @@
# Common configuration for Tmux users
{ config, pkgs, ... }:
{
programs = {
tmux = { # Terminal multiplexer required by byobu
enable = true;
aggressiveResize = true;
clock24 = true;
extraConfig = ''
#POWERLINE_COMMAND="/run/current-system/sw/bin/powerline"
#POWERLINE_CONFIG_COMMAND="/run/current-system/sw/bin/powerline-config"
#run-shell "/run/current-system/sw/bin/powerline-daemon -q"
#source /run/current-system/sw/share/tmux/powerline.conf
# Plugins
set -g @plugin 'tmux-plugins/tmux-resurrect'
set -g @plugin 'tmux-plugins/tmux-continuum'
set -g @plugin 'dracula/tmux'
set -g @dracula-show-battery false
set -g @dracula-show-powerline true
set -g @dracula-refresh-rate 10
# Bind home and end keys:
bind-key -n Home send Escape "OH"
bind-key -n End send Escape "OF"
'';
keyMode = "vi";
newSession = true;
shortcut = "a";
terminal = "screen-256color";
};
};
environment.systemPackages = with pkgs; [
tmuxPlugins.continuum
tmuxPlugins.dracula
tmuxPlugins.resurrect
tmuxPlugins.sensible
tmuxPlugins.tmux-fzf
tmuxPlugins.yank
];
}

42
profiles/zsh.nix Normal file
View file

@ -0,0 +1,42 @@
# Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{
# Program defaults for all hosts
programs.zsh = {
enable = true; # Also enables & installs nix-zsh-completions
autosuggestions.enable = true;
interactiveShellInit = ''
export TERM="xterm-256color"
eval "$(direnv hook zsh)"
test -r ~/.dir_colors && eval $(dircolors ~/.dir_colors)
export GPG_TTY="$(tty)"
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
if type rg &> /dev/null; then
export FZF_DEFAULT_COMMAND='rg --files'
export FZF_DEFAULT_OPTS='-m --height 50% --border'
fi
'';
ohMyZsh = {
enable = true;
plugins = [
"fzf"
"git"
];
};
promptInit = ''
eval "$(starship init zsh)"
'';
vteIntegration = true;
};
environment.systemPackages = with pkgs; [
fzf
];
users.defaultUserShell = pkgs.zsh; # Set the default shell for all users
}