artem/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: artem:static
Branches Tags
artem:master artem:static
...
compare: artem:76061f491954f19dbcbc5584d25d6f324dba8e93
Branches Tags
artem:master artem:static

18 Commits
static ... 76061f4919

Author SHA1 Message Date
Artem Sheremet
76061f4919 gemini-cli -> antigravity-cli 2026-05-25 08:20:48 +00:00
Artem Sheremet
159daf0630 Move from legacyPackages to proper import 2026-05-25 08:17:19 +00:00
Artem Sheremet
82419c57ad Move allowUnfree to all of homes 
Eventually for antigravity-cli
 2026-05-25 08:10:12 +00:00
Artem Sheremet
6df89b4b06 Allow access to KVM 2026-05-25 07:52:24 +00:00
Artem Sheremet
3fabad4344 nix flake update 2026-05-23 17:58:29 +00:00
Artem Sheremet
616a81d29d nix flake update 
```
Version changes:
[U.]  #1  gemini-cli   0.40.1 -> 0.41.2
[U.]  #2  libgit2      1.9.2-lib -> 1.9.3-lib
[U.]  #3  nodejs       22.22.2 -> 22.22.3
[U.]  #4  nodejs-slim  22.22.2, 22.22.2-corepack, 22.22.2-npm -> 22.22.3, 22.22.3-corepack, 22.22.3-npm
[U.]  #5  vscode       1.116.0 -> 1.119.0
```
 2026-05-17 16:31:54 +02:00
Artem Sheremet
5a1da34702 iTerm scrollback 1k -> 1M 2026-05-17 16:14:35 +02:00
Artem Sheremet
8b813e6345 Periodic nix-collect-garbage on darwin 2026-05-17 11:06:48 +02:00
Artem Sheremet
080cd5b1cc Fix undefined variable when deployed in NixOS 2026-05-15 19:55:18 +00:00
Artem Sheremet
28a2a91d93 Remove redundant variable 2026-05-15 15:39:00 +00:00
Artem Sheremet
f878110e49 Move common into imports 
This follows the same pattern as modules
 2026-05-15 15:36:11 +00:00
Artem Sheremet
a57b0f2fef Sprinkle a bit of standard library in home config 2026-05-15 15:25:52 +00:00
Artem Sheremet
0160a8aa80 Add nvd (version diff) 2026-05-15 15:15:27 +00:00
Artem Sheremet
3b688fd5a2 Mark all known signers as allowed 2026-05-15 13:31:40 +00:00
Artem Sheremet
0ee7266b3d Populate allowedSignersFile 2026-05-15 13:05:41 +00:00
Artem Sheremet
ecb0dc092e Migrate .gitconfig to home-manager 2026-05-15 12:55:42 +00:00
Artem Sheremet
97248c0da3 Use identities from fw_nix 2026-05-15 12:24:03 +00:00
Artem Sheremet
7819928be2 Hint for where to look up system setting values 2026-05-14 19:25:32 +02:00
10 changed files with 209 additions and 113 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -6,3 +6,6 @@ result
# nix pre-commit autogenerated by devShell
/.pre-commit-config.yaml
# agy sessions
.antigravitycli

57
flake.lock generated
View File

@@ -3,16 +3,16 @@
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1778146321,
"narHash": "sha256-HeBwuJmuBioZHyZqDOcf7W/xsMFupSD583v6I5Cl7a8=",
"lastModified": 1778427648,
"narHash": "sha256-pt9KaDGsMyYWB9JeHs4XGHs870f1lOZe3vx9LpVIhUE=",
"owner": "Homebrew",
"repo": "brew",
"rev": "af835384ac574f76025adb38b292b04cecee1f1f",
"rev": "6f293daa9f9f5832e13b497976335e90509886d7",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "5.1.10",
"ref": "5.1.11",
"repo": "brew",
"type": "github"
}
@@ -24,11 +24,11 @@
]
},
"locked": {
"lastModified": 1777780666,
"narHash": "sha256-8wURyQMdDkGUarSTKOGdCuFfYiwa3HbzwscUfn3STDE=",
"lastModified": 1779036909,
"narHash": "sha256-zXcwYQGCT6pzinK+1dBB2ekTVtfxGZAapb3Evdcu4fY=",
"owner": "nix-darwin",
"repo": "nix-darwin",
"rev": "8c62fba0854ba15c8917aed18894dbccb48a3777",
"rev": "56c666e108467d87d13508936aade6d567f2a501",
"type": "github"
},
"original": {
@@ -96,11 +96,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1778705491,
"narHash": "sha256-LOZbixhLsv2QbUbqH+I06eRMAI7FBDDkGoMWH523OkE=",
"lastModified": 1779558945,
"narHash": "sha256-G9CDHTBQvOglYRistiZ2nHvyupowPIGwn0cOFlvzo10=",
"ref": "refs/heads/main",
"rev": "b6fb4221bd5f54bc427de84230e0c95952399c21",
"revCount": 25,
"rev": "438bd6ee8fb77d3f3de364913e58b8dd5ef8d982",
"revCount": 33,
"type": "git",
"url": "https://github.com/futureware-tech/nix.git"
},
@@ -204,11 +204,11 @@
]
},
"locked": {
"lastModified": 1778503501,
"narHash": "sha256-08L/X4/do7nET4rzidJ76eV/1r+mB7DchVpdPypsghc=",
"lastModified": 1779678629,
"narHash": "sha256-gHcIFg0mm+KFsg7iZQt67kni3+qR5U3PhEC9P7vKlZ4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "85ba629c79449badf4338117c27f0ee92b4b9f1a",
"rev": "612bbe3b405ad5f71d7bf9edecc04b678a061652",
"type": "github"
},
"original": {
@@ -237,11 +237,11 @@
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1778332591,
"narHash": "sha256-ctJ3ADtugrnbMfMBobA645gCqXVIyHnsCNMkVaIuSiM=",
"lastModified": 1778851564,
"narHash": "sha256-p8wzcnpB2Iys+QzAKM9/Eyw/pUyqCO3sw/NCnDH4dTE=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "7d0038b5bb60568ec41f5f4ef5067cd221ca7c0d",
"rev": "b3a87b4793205cc111f3c61e25e018ffac3b8039",
"type": "github"
},
"original": {
@@ -252,11 +252,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"lastModified": 1779508470,
"narHash": "sha256-Ap9KJX+5xHIn3bPIpfNgT6MEXdAECECwo4/rmlQD74M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"rev": "29916453413845e54a65b8a1cf996842300cd299",
"type": "github"
},
"original": {
@@ -266,6 +266,22 @@
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1779694939,
"narHash": "sha256-Ly4j75O8ICaSQx3uxPnwk2x7PMF0XQvn5r0c3yBA7FI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f9d8b65950353691ab56561e7c73d2e1063d810b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darwin": "darwin",
@@ -275,6 +291,7 @@
"jail-nix": "jail-nix",
"nix-homebrew": "nix-homebrew",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
"systems": "systems_2",
"vscode-server": "vscode-server"
}

80
flake.nix
View File

@@ -3,6 +3,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
systems.url = "github:nix-systems/default";
home-manager = {
url = "github:nix-community/home-manager";
@@ -32,6 +33,7 @@
{
self,
nixpkgs,
nixpkgs-master,
systems,
home-manager,
vscode-server,
@@ -39,14 +41,18 @@
...
}@inputs:
let
trustedSSHKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxRBsFGa8OFbviYDGSAKLgfm/K2XUxvCo+31FW37yab artem"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPAtIXXHm58julnr7S0xzBTM1jN5JkKxOL4JpuWDOa2jAAAABHNzaDo= office-dock-usb-a"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHY1xx0huqV6Mcc2WngYDabITeNUbGamJ8//206MxxVTAAAABHNzaDo= keychain-usb-c"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHzY2eOz+JdaKOpIgZbF5FsZzQy0l8vPJjAQdTpBFGsoAAAABHNzaDo= safe"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJg7zQ4H0LQeQcILZBwCzQ+MYKtCgKm7HPe9oFeoyprKZXAvpm+HDHtaYdU39JF9f+nvRztzXuMhgETAQMAQCkc= fingerprint@macbook"
];
eachSystem = nixpkgs.lib.genAttrs (import systems);
overlay-master = _: prev: {
inherit
(import nixpkgs-master {
system = prev.stdenv.hostPlatform.system;
config = {
allowUnfree = true;
};
})
antigravity-cli
;
};
in
{
checks = eachSystem (system: {
@@ -71,9 +77,13 @@
};
homeConfigurations."artem@deimos" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [ overlay-master ];
};
extraSpecialArgs.primaryUser = "artem";
modules = [
inputs.fw_nix.nixosModules.identities
vscode-server.homeModules.default
self.homeModules.linux-headless
./hosts/deimos/home.nix
@@ -81,12 +91,15 @@
};
homeConfigurations."artem@mars" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-darwin;
pkgs = import nixpkgs {
system = "x86_64-darwin";
overlays = [ overlay-master ];
};
extraSpecialArgs = {
primaryUser = "artem";
inherit trustedSSHKeys;
};
modules = [
inputs.fw_nix.nixosModules.identities
self.homeModules.mac-portable
./hosts/mars/home.nix
];
@@ -96,36 +109,41 @@
system = "x86_64-darwin";
specialArgs.primaryUser = "artem";
modules = [
inputs.fw_nix.nixosModules.identities
self.darwinModules.mac-portable
inputs.fw_nix.nixosModules.tools
inputs.fw_nix.nixosModules.nix-gc
inputs.fw_nix.nixosModules.nix-settings
inputs.fw_nix.nixosModules.tools
inputs.fw_nix.nixosModules.futureware
inputs.nix-homebrew.darwinModules.nix-homebrew
./hosts/mars/darwin.nix
(_: {
nixpkgs.overlays = [ overlay-master ];
})
];
};
nixosConfigurations.deimos =
let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit trustedSSHKeys;
inherit (inputs) jail-nix;
};
modules = [
self.nixosModules.linux-headless
self.nixosModules.linux-lxc
inputs.fw_nix.nixosModules.nix-gc
inputs.fw_nix.nixosModules.nix-settings
inputs.fw_nix.nixosModules.tools
inputs.fw_nix.nixosModules.sshd
inputs.fw_nix.nixosModules.futureware
./hosts/deimos/nixos.nix
];
nixosConfigurations.deimos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
primaryUser = "artem";
inherit (inputs) jail-nix;
};
modules = [
inputs.fw_nix.nixosModules.identities
self.nixosModules.linux-headless
self.nixosModules.linux-lxc
inputs.fw_nix.nixosModules.nix-gc
inputs.fw_nix.nixosModules.nix-settings
inputs.fw_nix.nixosModules.tools
inputs.fw_nix.nixosModules.sshd
inputs.fw_nix.nixosModules.futureware
./hosts/deimos/nixos.nix
(_: {
nixpkgs.overlays = [ overlay-master ];
})
];
};
devShells = eachSystem (
system:

22
hosts/common/home.nix Normal file
View File

@@ -0,0 +1,22 @@
{
identities,
primaryUser,
...
}:
let
user = identities.users.${primaryUser};
in
{
programs.git = {
signing = {
# Will be available on remote machines via SSH agent (Secretive).
key = "key::" + user.sign."sign@mars".publicKey;
signByDefault = true;
};
settings.user = {
name = "Artem Sheremet";
inherit (user) email;
};
};
}

29
hosts/deimos/home.nix
View File

@@ -1,5 +1,18 @@
_: {
home.homeDirectory = "/home/artem";
{
config,
lib,
pkgs,
...
}:
let
utils = import "${pkgs.path}/nixos/lib/utils.nix" { inherit lib pkgs config; };
haremote-path = "${config.home.homeDirectory}/src/haremote";
haremote-unit = utils.escapeSystemdPath haremote-path;
in
{
imports = [
../common/home.nix
];
services.vscode-server.enable = true;
services.vscode-server.installPath = [
@@ -7,17 +20,17 @@ _: {
"$HOME/.antigravity-server"
];
systemd.user.mounts.home-artem-src-haremote = {
systemd.user.mounts."${haremote-unit}" = {
Unit = {
Description = "Mount ~/src/haremote";
Description = "Mount ${haremote-path}";
After = [ "network-online.target" ];
Wants = [ "network-online.target" ];
};
Mount = {
What = "root@homeassistant.home.arpa:/homeassistant";
Where = "/home/artem/src/haremote";
Where = haremote-path;
Type = "fuse.sshfs";
Options = "reconnect,ServerAliveInterval=15,uid=1000,gid=1000,IdentityAgent=/home/artem/.ssh/ssh_auth_sock";
Options = "reconnect,ServerAliveInterval=15,uid=1000,gid=1000,IdentityAgent=${config.home.homeDirectory}/.ssh/ssh_auth_sock";
};
Install = {
WantedBy = [ "default.target" ];
@@ -26,8 +39,8 @@ _: {
programs.zsh.loginExtra = ''
if [ -n "$SSH_AUTH_SOCK" ]; then
mkdir -p ~/src/haremote
[ -z "$(ls -A ~/src/haremote 2>/dev/null)" ] && systemctl --user restart home-artem-src-haremote.mount
mkdir -p ${haremote-path}
[ -z "$(ls -A ${haremote-path} 2>/dev/null)" ] && systemctl --user restart ${haremote-unit}.mount
fi
'';
}

12
hosts/deimos/nixos.nix
View File

@@ -1,6 +1,7 @@
{
pkgs,
trustedSSHKeys,
identities,
primaryUser,
jail-nix,
...
}:
@@ -8,14 +9,15 @@ let
jail = jail-nix.lib.init pkgs;
in
{
users.users.artem = {
users.users.${primaryUser} = {
uid = 1000;
isNormalUser = true;
extraGroups = [
"wheel"
"docker"
"kvm"
];
openssh.authorizedKeys.keys = trustedSSHKeys;
openssh.authorizedKeys.keys = identities.getAccessKeys { user = primaryUser; };
shell = pkgs.zsh;
linger = true; # Keep sshfs mounted even on logout.
};
@@ -29,8 +31,8 @@ in
home-assistant-cli
yt-dlp
# jailed-gemini --yolo
(jail "jailed-gemini" pkgs.gemini-cli (
# jailed-agy --yolo
(jail "jailed-agy" pkgs.antigravity-cli (
with jail.combinators;
[
network

13
hosts/mars/home.nix
View File

@@ -2,10 +2,15 @@
pkgs,
lib,
config,
trustedSSHKeys,
identities,
primaryUser,
...
}:
{
imports = [
../common/home.nix
];
home.packages = with pkgs; [
dosbox-staging # dosbox appears broken on darwin
@@ -19,7 +24,11 @@
home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
run install -m 0600 -D \
${pkgs.writeText "keys" (builtins.concatStringsSep "\n" trustedSSHKeys)} \
${
pkgs.writeText "keys" (
builtins.concatStringsSep "\n" (identities.getAccessKeys { user = primaryUser; })
)
} \
${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
'';

45
legacy/.gitconfig
View File

@@ -1,45 +0,0 @@
[color]
ui = auto
[alias]
co = checkout
st = status
di = diff -w --no-prefix
df = diff
dc = diff --cached
ci = commit
br = branch
lg = log -p --decorate=full --show-signature
lol = log --graph --decorate=full --pretty=oneline --abbrev-commit
lola = log --graph --decorate=full --pretty=oneline --abbrev-commit --all
ls = ls-files
# Show files ignored by git:
ign = ls-files -o -i --exclude-standard
[apply]
whitespace = nowarn
[push]
default = tracking
[rebase]
stat = yes
[format]
pretty = fuller
[fetch]
prune = yes
[credential "https://source.developers.google.com"]
helper = gcloud.sh
[core]
autocrlf = input
[branch]
# 0 times I wanted this when doing "git checkout".
autoSetupMerge = false
# Set up new branches in a way that "git pull" does a rebase by default.
autoSetupRebase = always
# Commit signing, currently using ssh@mars -- to be switched to sign@mars after 2026-05-15
[gpg]
format = ssh
[commit]
gpgsign = true
[user]
signingkey = key::ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNwSX/Ib6kNzgRKqWfcb3HsAQQo++Gt9KeXSvP6NDk6YQPjDsi+//IiBovgLjQ34El+x8l8y3aYhfIGlCyX7aOM= sign@mars
name = Artem Sheremet
email = dot.doom@gmail.com

54
modules/home/common.nix
View File

@@ -1,24 +1,76 @@
{
pkgs,
lib,
identities,
primaryUser,
...
}:
{
home.username = primaryUser;
nixpkgs.config.allowUnfree = true;
home.packages = with pkgs; [
stow
wget
gemini-cli
antigravity-cli
silver-searcher
yubikey-manager
];
home.activation.stowLegacy = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
if [ -d "$HOME/dotfiles/legacy" ]; then
run ${pkgs.stow}/bin/stow -d $HOME/dotfiles -t $HOME legacy
fi
'';
home.activation.report-changes = lib.hm.dag.entryAnywhere ''
# oldGenPath can be undefined with home-manager used as part of NixOS config
if [ -n "''${oldGenPath+x}" ]; then
${pkgs.nvd}/bin/nvd diff $oldGenPath $newGenPath
fi
'';
programs.git = {
enable = true;
settings = {
alias = {
co = "checkout";
st = "status";
di = "diff -w --no-prefix";
df = "diff";
dc = "diff --cached";
ci = "commit";
br = "branch";
lg = "log -p --decorate=full --show-signature";
lol = "log --graph --decorate=full --pretty=oneline --abbrev-commit";
lola = "log --graph --decorate=full --pretty=oneline --abbrev-commit --all";
ls = "ls-files";
# Show files ignored by git:
ign = "ls-files -o -i --exclude-standard";
};
color.ui = "auto";
apply.whitespace = "nowarn";
push.default = "tracking";
rebase.stat = "yes";
format.pretty = "fuller";
fetch.prune = "yes";
core.autocrlf = "input";
branch = {
# 0 times I wanted this when doing "git checkout".
autoSetupMerge = false;
# Set up new branches in a way that "git pull" does a rebase by default.
autoSetupRebase = "always";
};
gpg.format = "ssh";
gpg.ssh.allowedSignersFile = "${pkgs.writeText "allowed_signers" (
lib.concatStringsSep "\n" (identities.getSigningEntries { })
)}";
credential."https://source.developers.google.com".helper = "gcloud.sh";
};
};
programs.zsh = {
enable = true;
initContent = ''

7
modules/home/mac-portable.nix
View File

@@ -47,6 +47,7 @@
Columns = 160;
Rows = 45;
"Scrollback Lines" = 1000000;
# For tmux selection and moving borders.
"Mouse Reporting" = true;
@@ -73,6 +74,10 @@
export SSH_AUTH_SOCK=~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
'';
nixpkgs.config.allowUnfree = true;
# TODO: defaults read NSGlobalDomain
# https://nix-darwin.github.io/nix-darwin/manual/index.html
# -> set system.defaults.NSGlobalDomain
# or system.defaults.CustomSystemPreferences
programs.vscode.enable = true;
}