make it snow!

This commit is contained in:
Peder Bergebakken Sundt 2023-02-25 04:39:30 +01:00
parent 9b599adc07
commit 71ac683efa
14 changed files with 475 additions and 360 deletions

2
.gitignore vendored
View File

@ -1 +1,3 @@
result
/configuration.nix
/hardware-configuration.nix

65
base.nix Normal file
View File

@ -0,0 +1,65 @@
{ config, pkgs, lib, ... }:
{
imports = [
./cachix.nix
(if builtins.pathExists ./hardware-configuration.nix
then ./hardware-configuration.nix # results of hardware scan
else {}
)
];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
nix.settings.trusted-users = [ "root" ];
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
#nix.optimize.automatic = true; # periodic optimization
nix.gc.automatic = true;
nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 30d";
# TODO: can i make this non-string?
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# TODO: only if x86_64?
services.thermald.enable = true;
# Bootloader
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; # TODO: host-specific
boot.loader.grub.useOSProber = true;
# firewall
services.fail2ban.enable = config.services.openssh.enable;
networking.firewall.enable = true; # default
# Time zone and internationalisation properties.
time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8";
console.keyMap = "no";
services.xserver.layout = "no";
services.xserver.xkbVariant = "";
# System fonts
# Nice to have when X-forwading on headless machines
# TODO: move?
fonts.fonts = with pkgs; [
noto-fonts # includes Cousine
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
dejavu_fonts
];
}

View File

@ -1,340 +1,6 @@
{ config, pkgs, lib, ... }:
{
#nixpkgs.overlays = overlays;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.allowUnfree = true;
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
# TODO: can i make this non-string?
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# TODO: move to pbsds home
programs.ssh.extraConfig = ''
Host *.ntnu.no *.pvv.org
User pederbs
'';
# deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
nix.settings.auto-optimise-store = true;
#nix.optimize.automatic = true; # periodic optimization
nix.gc.automatic = true;
nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 30d";
imports = [
./cachix.nix
(if builtins.pathExists ./hardware-configuration.nix
then ./hardware-configuration.nix # results of hardware scan
else {}
)
./profiles/web
./profiles/web/index
./profiles/web/cinny
./profiles/web/element
./profiles/web/flexget
./profiles/web/gitea
./profiles/web/hydra
./profiles/web/invidious
./profiles/web/jellyfin
./profiles/web/libreddit
./profiles/web/mattermost
./profiles/web/navidrome
./profiles/web/netdata
./profiles/web/nitter
./profiles/web/ntopng
./profiles/web/owncast
./profiles/web/paperless
./profiles/web/polaris
./profiles/web/resilio
./profiles/web/roundcube
./profiles/web/thelounge
./profiles/web/vaultwarden
./profiles/web/webdav-zotero
#./profiles/web/convos
#./profiles/web/cryptpad
#./profiles/web/galene
#./profiles/web/graphana
#./profiles/web/hedgedoc
#./profiles/web/home-assistant
#./profiles/web/jitsi-meet
#./profiles/web/kukkee
#./profiles/web/matrix-synapse
#./profiles/web/shlink
#./profiles/web/sourcegraph
./profiles/web/pdoc
./profiles/web/linktree-pbsds
./profiles/web/refleksjon-no
./profiles/web/roroslyd-no
#./profiles/web/trivial-gradios
#./profiles/web/censordodge
#./profiles/web/openspeedtest
./profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
./profiles/code-remote
./profiles/remote-builders #
./profiles/nfs/reidun.nix # NFS mounts
./profiles/autossh-reverse-tunnels
#./profiles/xrdp
./users
#./users/pbsds
./users/all.nix
import = [
./base.nix
./hosts/noximilien.nix
];
# TODO: remove? Move to where relevant
nixpkgs.overlays = [
/** /
(final: prev: {
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
})
/**/
];
# Allow unstable packages.
nixpkgs.config.packageOverrides = pkgs: {
unstable = import <nixos-unstable> {
config = config.nixpkgs.config;
};
# TODO: nur
};
# enable opengl (headless)
hardware.opengl.enable = true;
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
# run/build weird binaries
boot.binfmt.emulatedSystems = [
"wasm32-wasi"
"wasm64-wasi"
"x86_64-windows"
"aarch64-linux"
"riscv64-linux"
#"x86_64-darwin"
#"aarch64-darwin"
];
services.thermald.enable = true;
# Bootloader
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
# Virtualization
virtualisation.podman.enable = true;
# TODO: are these default since 22.11?
virtualisation.podman.dockerCompat = true; # alias docker to podman
virtualisation.oci-containers.backend = "podman";
# Networking
networking = {
# Enable networking
networkmanager.enable = true;
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
#iwd.enable = true
hostName = "noximilien"; # Define your hostname.
domain = "pbsds.net";
interfaces.eno1.ipv4.addresses = [
{ address = "192.168.1.9"; prefixLength = 24; }
];
nameservers = [
"192.168.1.254"
"8.8.8.8"
];
defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
#useDHCP = true;
};
# firewall
services.fail2ban.enable = true;
networking.firewall.enable = true; # default
#networking.firewall.allowedTCPPorts = [ ... ];
#networking.firewall.allowedUDPPorts = [ ... ];
# Time zone and internationalisation properties.
time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_MEASUREMENT = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_MONETARY = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_NAME = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_NUMERIC = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_PAPER = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_TELEPHONE = "nb_NO.utf8";
i18n.extraLocaleSettings.LC_TIME = "nb_NO.utf8";
console.keyMap = "no";
services.xserver.layout = "no";
services.xserver.xkbVariant = "";
# Installed system packages
# $ nix search FOOBAR
# TODO: prune this, make home-manager deal with the majority
environment.systemPackages = with pkgs; [
lsof
lshw
htop
file
tmux
#parallel # already provided by moreutils
pwgen
git
nmap
rsync
bind.dnsutils
graphviz
dialog
cowsay
gnused
gnumake
coreutils-full
moreutils
binutils
diffutils
findutils
usbutils
bash-completion
curl
wget
strace
killall
zip
unrar
unzip
atool
p7zip
bzip2
gzip
atool
micro
aspell
aspellDicts.en
aspellDicts.nb
vimv
dos2unix
#rmate # TODO: add to nixpkgs
pandoc
cargo
cargo-edit
sqlite
#sshuttle
visidata
weston
cage
vimix-gtk-themes
flat-remix-icon-theme
xclip
feh
sshfs
glances
zenith
fzf
tealdeer # tldr
entr
axel aria
bat
xe # xargs alternative
sd # sed alternative
fd # find alternative
silver-searcher # `ag`
ripgrep
jq
yq
htmlq
sysz
du-dust # du alternative
ncdu # Disk usage analyzer with an ncurses interface
gh
hub
cachix
nix-output-monitor
nix-prefetch
nix-top
#nix-index
nix-tree
nixfmt
alejandra
];
# TODO: somehow make this root only?
# TODO: zsh
programs.bash.shellInit = ''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
# TODO: make this root only?
programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
environment.variables."EDITOR" = "micro";
# TODO: remove? Move?
programs.dconf.enable = true;
# System fonts
# Nice to have when X-forwading on headless machines
fonts.fonts = with pkgs; [
noto-fonts # includes Cousine
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
dejavu_fonts
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
#programs.mtr.enable = true;
#programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
#};
# OpenSSH
services.openssh.enable = true;
services.openssh.forwardX11 = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

81
flake.lock generated Normal file
View File

@ -0,0 +1,81 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1677276957,
"narHash": "sha256-/vhdNhQj2CWgqdfD2KLEZWDleOfen0t2EiaGiyivnJU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "664945b3e09b4551c4e63e16efebd493cf5eac74",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677249740,
"narHash": "sha256-1Pt/IeBLGAfr5KNankKociYxF6eIo6KfMOQLCY+CBjE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "38f87b67bc320feeedeeb4e6912a3905f176b9ab",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"unstable": "unstable"
}
},
"unstable": {
"locked": {
"lastModified": 1677268764,
"narHash": "sha256-2LvGFFqkFLTyC8/CzMAkOgYGQPLZ6SyRJCDfIDqbVhM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5798b8c569396eca709a18d5391d4e18fc5124db",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

52
flake.nix Normal file
View File

@ -0,0 +1,52 @@
{
description = "pbsds' nix system/home profile flake";
# TODO: NUR
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
inputs.unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
inputs.home-manager.url = "github:nix-community/home-manager";
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
# temp stuff
inputs.pbsds-polaris-pr = "github:pbsds/nixpkgs/polaris-14";
outputs = { self, nixpkgs, unstable, home-manager, ... }@inputs:
let
systems = [
"x86_64-linux"
"aarch64-linux"
#"riscv64-linux"
];
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
nixosOverrides = {
disabledModules = [ "services/misc/polaris.nix" ];
imports = [ inputs.pbsds-polaris-14 + "/nixos/modules/services/misc/polaris.nix" ];
nixpkgs.overlays = [(final: prev: {
polaris = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris) { };
polaris-web = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris/web.nix) { };
})];
};
mkConfig = system: modules: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit unstable inputs; };
modules = modules ++ [ ./base.nix nixosOverrides ({
# This makes commandline tools like 'nix run nixpkgs#hello'
# and 'nix-shell -p hello' use the same channel the system was built with
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.registry.unstable.flake = inputs.unstable;
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"unstable=${inputs.unstable}"
];
})];
};
in {
nixosConfigurations.noximilien = mkConfig "x86_64-linux" [ ./hosts/noximilien.nix ];
homeConfigurations = forAllSystems (system: {
pbsds = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
modules = [ ./users/pbsds/home ];
};
});
};
}

View File

@ -0,0 +1,9 @@
{ config, pkgs, lib, ... }:
{
# enable opengl (headless)
hardware.opengl.enable = true;
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
}

0
hosts/asgaut.nix Normal file
View File

233
hosts/noximilien.nix Normal file
View File

@ -0,0 +1,233 @@
{ config, pkgs, lib, ... }:
{
imports = [
../users
../users/pbsds
../users/jornane
#../users/all.nix # TODO: does not work?
../hardware/opengl-intel.nix
../profiles/web
../profiles/web/index
../profiles/web/cinny
../profiles/web/element
../profiles/web/flexget
../profiles/web/gitea
../profiles/web/hydra
../profiles/web/invidious
../profiles/web/jellyfin
../profiles/web/libreddit
../profiles/web/mattermost
../profiles/web/navidrome
../profiles/web/netdata
../profiles/web/nitter
../profiles/web/ntopng
../profiles/web/owncast
../profiles/web/paperless
../profiles/web/polaris
../profiles/web/resilio
../profiles/web/roundcube
../profiles/web/thelounge
../profiles/web/vaultwarden
../profiles/web/webdav-zotero
#../profiles/web/convos
#../profiles/web/cryptpad
#../profiles/web/galene
#../profiles/web/graphana
#../profiles/web/hedgedoc
#../profiles/web/home-assistant
#../profiles/web/jitsi-meet
#../profiles/web/kukkee
#../profiles/web/matrix-synapse
#../profiles/web/shlink
#../profiles/web/sourcegraph
../profiles/web/pdoc
../profiles/web/linktree-pbsds
../profiles/web/refleksjon-no
../profiles/web/roroslyd-no
#../profiles/web/trivial-gradios
#../profiles/web/censordodge
#../profiles/web/openspeedtest
../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
../profiles/code-remote
../profiles/remote-builders #
../profiles/nfs/reidun.nix # NFS mounts
../profiles/autossh-reverse-tunnels
#../profiles/xrdp
];
# TODO: remove? Move to where relevant=
nixpkgs.overlays = [
/** /
(final: prev: {
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
})
/**/
];
# run/build weird binaries
boot.binfmt.emulatedSystems = [
"wasm32-wasi"
"wasm64-wasi"
"x86_64-windows"
"aarch64-linux"
"riscv64-linux"
#"x86_64-darwin"
#"aarch64-darwin"
];
services.thermald.enable = true;
# Virtualization
virtualisation.podman.enable = true;
# TODO: are these default since 22.11?
virtualisation.podman.dockerCompat = true; # alias docker to podman
virtualisation.oci-containers.backend = "podman";
# Networking
networking.networkmanager.enable = true;
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
#networking.iwd.enable = true
networking.hostName = "noximilien";
networking.domain = "pbsds.net";
networking.interfaces.eno1.ipv4.addresses = [
{ address = "192.168.1.9"; prefixLength = 24; }
];
networking.nameservers = [
"192.168.1.254"
"8.8.8.8"
"1.1.1.1"
];
networking.defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
#networking.useDHCP = true;
#TODO: avahi?
# Installed system packages
# TODO: prune this, make home-manager deal with the majority
environment.systemPackages = with pkgs; [
lsof
lshw
htop
file
tmux
#parallel # already provided by moreutils
pwgen
git
nmap
rsync
bind.dnsutils
graphviz
dialog
cowsay
gnused
gnumake
coreutils-full
moreutils
binutils
diffutils
findutils
usbutils
bash-completion
curl
wget
strace
killall
zip
unrar
unzip
atool
p7zip
bzip2
gzip
atool
micro
aspell aspellDicts.en aspellDicts.nb
vimv
dos2unix
#rmate # TODO: add to nixpkgs
pandoc
cargo
cargo-edit
sqlite
#sshuttle
visidata
weston
cage
vimix-gtk-themes
flat-remix-icon-theme
xclip
feh
sshfs
glances
zenith
tealdeer # tldr
entr
axel aria
bat
xe # xargs alternative
sd # sed alternative
fd # find alternative
silver-searcher # `ag`
ripgrep
jq
yq
htmlq
sysz
du-dust # du alternative
ncdu # Disk usage analyzer with an ncurses interface
gh
hub
cachix
nix-output-monitor
nix-prefetch
nix-top
#nix-index
nix-tree
nix-diff
nixfmt
alejandra
];
# TODO: remove? Move?
programs.dconf.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
#programs.mtr.enable = true;
#programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
#};
# OpenSSH
services.openssh.enable = true;
services.openssh.forwardX11 = true;
# TODO: should not be system-wide
#programs.ssh.extraConfig = ''
# Host *.ntnu.no *.pvv.org
# User pederbs
#'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, mkDomain, ... }:
{ config, pkgs, lib, unstable, mkDomain, ... }:
{
# Invidious
# An open source alternative front-end to YouTube
@ -6,8 +6,9 @@
/**/
imports = [
({ disabledModules = [ "services/web-apps/invidious.nix" ]; })
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
({ services.invidious.package = pkgs.unstable.invidious; })
#<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
(unstable + "/nixos/modules/services/web-apps/invidious.nix")
({ services.invidious.package = unstable.invidious; })
];
/**/

View File

@ -1,12 +1,13 @@
{ config, pkgs, lib, mkDomain, ... }:
{ config, pkgs, lib, unstable, mkDomain, ... }:
{
# Jellyfin
/**/
imports = [
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
({ services.jellyfin.package = pkgs.unstable.jellyfin; })
#<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
(unstable + "/nixos/modules/services/misc/jellyfin.nix")
({ services.jellyfin.package = unstable.jellyfin; })
];
/**/

View File

@ -3,21 +3,6 @@
# Polaris
# Self-host your music collection, and access it from any computer and mobile device
/**/
disabledModules = [
"services/misc/polaris.nix"
];
imports = [
/home/pbsds/repos/nixpkgs/polaris-14/nixos/modules/services/misc/polaris.nix
];
nixpkgs.overlays = [
(final: prev: {
polaris = prev.callPackage /home/pbsds/repos/nixpkgs/polaris-14/pkgs/servers/polaris { };
polaris-web = prev.callPackage /home/pbsds/repos/nixpkgs/polaris-14/pkgs/servers/polaris/web.nix { };
})
];
/**/
services.polaris = {
enable = true;

View File

@ -5,5 +5,6 @@ let
imports = lib.mapAttrsToList to-import (lib.filterAttrs filter-users (builtins.readDir ./.));
in
{
# TODO: does not work?
inherit imports;
}

View File

@ -1,6 +1,9 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, lib, inputs, ... }:
{
imports = [ <home-manager/nixos> ];
#imports = [ <home-manager/nixos> ];
imports = [ inputs.home-manager.nixosModule ];
home-manager.useGlobalPkgs = true; # brrr
#home-manager.useUserPackages = true # needed if VM
# When adding a new user accounts: Don't forget to set a password with passwd!
}

View File

@ -1,5 +1,21 @@
{ config, pkgs, lib, ... }:
{
# system-wide shit
environment.systemPackages = with pkgs; [
fzf
];
# TODO: fzf for zsh
programs.bash.shellInit = ''
source "$(${pkgs.fzf}/bin/fzf-share)/key-bindings.bash"
source "$(${pkgs.fzf}/bin/fzf-share)/completion.bash"
'';
programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
environment.variables."EDITOR" = "micro";
# user and home-manager
#nix.trusted-users = [ "pbsds" ];
home-manager.users.pbsds = import ./home;
users.groups.pbsds.gid = 1001;
users.users.pbsds = {