C3C/nix-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: C3C:fd85753fcf251a1b8dcea7ce90534b3f1635b6bf
Branches Tags
C3C:main
...
compare: C3C:3363f0b90d5aa1b84158d622a0e1061ee6c7ec72
Branches Tags
C3C:main

7 Commits
fd85753fcf ... 3363f0b90d

Author SHA1 Message Date
Lukas Cech
3363f0b90d Remove unused input 2025-01-13 14:39:57 +01:00
Lukas Cech
ef2dc5c216 Implement aws-cli configuration 2025-01-13 14:39:45 +01:00
Lukas Cech
301125ae94 Move starship configuration to common 2025-01-13 10:30:02 +01:00
Lukas Cech
bccd720ab6 Add alias for veracode 2025-01-13 10:29:44 +01:00
Lukas Cech
4a8dd40f6f Add more configuration for darwin 2025-01-13 10:29:29 +01:00
Lukas Cech
f6a3669fb4 Add docker cli to mac using colima 2025-01-13 10:29:02 +01:00
Lukas Cech
e0956a2c52 Add hammerspoon 2025-01-13 10:28:44 +01:00
7 changed files with 413 additions and 90 deletions
Show Stats Expand all files Collapse all files

35
darwin/common.nix
View File

@ -73,6 +73,12 @@ in
# $ darwin-rebuild changelog # $ darwin-rebuild changelog
system.stateVersion = 5; system.stateVersion = 5;
system.activationScripts.postUserActivation.text = ''
# activateSettings -u will reload the settings from the database and apply them to the current session,
# so we do not need to logout and login again to make the changes take effect.
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u
'';
system.defaults = { system.defaults = {
dock = { dock = {
autohide = true; autohide = true;
@ -105,6 +111,31 @@ in
NSGlobalDomain = { NSGlobalDomain = {
AppleShowScrollBars = "WhenScrolling"; AppleShowScrollBars = "WhenScrolling";
AppleScrollerPagingBehavior = true; AppleScrollerPagingBehavior = true;
"com.apple.swipescrolldirection" = false;
NSAutomaticCapitalizationEnabled = false; # disable auto capitalization
NSAutomaticDashSubstitutionEnabled = false; # disable auto dash substitution
NSAutomaticPeriodSubstitutionEnabled = false; # disable auto period substitution
NSAutomaticQuoteSubstitutionEnabled = false; # disable auto quote substitution
NSAutomaticSpellingCorrectionEnabled = false; # disable auto spelling correction
NSNavPanelExpandedStateForSaveMode = true; # expand save panel by default
};
# Customize settings that not supported by nix-darwin directly
# see the source code of this project to get more undocumented options:
# https://github.com/rgcr/m-cli
#
# All custom entries can be found by running `defaults read` command.
# or `defaults read xxx` to read a specific domain.
CustomUserPreferences = {
"com.apple.desktopservices" = {
# Avoid creating .DS_Store files on network or USB volumes
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.screencapture" = {
location = "~/Pictures/Screenshots";
type = "png";
};
}; };
}; };
@ -116,8 +147,8 @@ in
distributedBuilds = true; distributedBuilds = true;
gc = { gc = {
automatic = true; automatic = lib.mkDefault true;
options = "--delete-older-than 7d"; options = lib.mkDefault "--delete-older-than 7d";
}; };
settings = { settings = {
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";

12
flake.nix
View File

@ -29,6 +29,11 @@
"aarch64-linux" "aarch64-linux"
"aarch64-darwin" "aarch64-darwin"
]; ];
# Add overlay for custom packages
overlay = final: prev: {
hammerspoon = final.callPackage ./modules/hammerspoon.nix { };
};
in in
{ {
lib = { lib = {
@ -85,6 +90,13 @@
self = self; self = self;
}; };
modules = [ modules = [
# Add our overlay to the system configuration
(
{ ... }:
{
nixpkgs.overlays = [ overlay ];
}
)
mac-app-util.darwinModules.default mac-app-util.darwinModules.default
./darwin/common.nix ./darwin/common.nix
./darwin/lcech-mac-veracode.nix ./darwin/lcech-mac-veracode.nix

43
home-manager/becky-dingleberry.nix
View File

@ -201,49 +201,6 @@ in
# enable = true; # enable = true;
# }; # };
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
format = lib.concatStrings [
"$username"
"$hostname"
"$directory"
"$character"
];
right_format = lib.concatStrings [
"$git_branch"
"$git_commit"
"$git_state"
"$git_metrics"
"$git_status"
"($cmd_duration)"
];
scan_timeout = 25;
add_newline = false;
continuation_prompt = "[ ](dimmed white)";
follow_symlinks = false;
directory = {
truncate_to_repo = false;
truncation_length = 20;
truncation_symbol = "/";
};
cmd_duration = {
min_time = 100;
show_milliseconds = true;
format = "took [$duration]($style) ";
style = "bold yellow";
};
character = {
success_symbol = "";
error_symbol = "";
};
};
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;

45
home-manager/common.nix
View File

@ -41,7 +41,7 @@ in
{ } { }
); );
initExtra = '' initExtra = lib.mkBefore ''
for file in ${zshSourceCommon}/*.zsh; do for file in ${zshSourceCommon}/*.zsh; do
source "$file" source "$file"
done done
@ -52,4 +52,47 @@ in
bindkey '^[[1;3D' backward-word bindkey '^[[1;3D' backward-word
''; '';
}; };
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
format = lib.concatStrings [
"$username"
"$hostname"
"$directory"
"$character"
];
right_format = lib.concatStrings [
"$git_branch"
"$git_commit"
"$git_state"
"$git_metrics"
"$git_status"
"($cmd_duration)"
];
scan_timeout = 25;
add_newline = false;
continuation_prompt = "[ ](dimmed white)";
follow_symlinks = false;
directory = {
truncate_to_repo = false;
truncation_length = 20;
truncation_symbol = "/";
};
cmd_duration = {
min_time = 100;
show_milliseconds = true;
format = "took [$duration]($style) ";
style = "bold yellow";
};
character = {
success_symbol = "[](bold green)";
error_symbol = "[](bold red)";
};
};
};
} }

62
home-manager/lcech-mac-veracode.nix
View File

@ -8,8 +8,15 @@ let
homedir = "/Users/${username}"; homedir = "/Users/${username}";
zshSourceDirs = [ ]; zshSourceDirs = [ ];
in in
{ {
imports = [
(import ./veracode/aws-cli.nix {
inherit homedir lib;
})
];
home.username = username; home.username = username;
home.homeDirectory = homedir; home.homeDirectory = homedir;
@ -18,11 +25,14 @@ in
home.packages = with pkgs; [ home.packages = with pkgs; [
awscli2 awscli2
hammerspoon
k9s k9s
kubectl kubectl
nixd nixd
pstree pstree
watch watch
colima
docker
]; ];
# ghostty marked as broken as of 2025-01-05 in nix, using homebrew and custom config # ghostty marked as broken as of 2025-01-05 in nix, using homebrew and custom config
@ -35,6 +45,11 @@ in
window-height = 9999 window-height = 9999
''; '';
}; };
"${homedir}/.hammerspoon/init.lua" = {
text = ''
'';
};
}; };
programs.direnv = { programs.direnv = {
@ -138,54 +153,13 @@ in
enableZshIntegration = true; enableZshIntegration = true;
}; };
programs.starship = {
enable = true;
enableZshIntegration = true;
settings = {
format = lib.concatStrings [
"$username"
"$hostname"
"$directory"
"$character"
];
right_format = lib.concatStrings [
"$git_branch"
"$git_commit"
"$git_state"
"$git_metrics"
"$git_status"
"($cmd_duration)"
];
scan_timeout = 25;
add_newline = false;
continuation_prompt = "[ ](dimmed white)";
follow_symlinks = false;
directory = {
truncate_to_repo = false;
truncation_length = 20;
truncation_symbol = "/";
};
cmd_duration = {
min_time = 100;
show_milliseconds = true;
format = "took [$duration]($style) ";
style = "bold yellow";
};
character = {
success_symbol = "";
error_symbol = "";
};
};
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
dirHashes = { dirHashes = {
mac = "${homedir}/storage/.macshare"; mac = "${homedir}/storage/.macshare";
nix = "${homedir}/.config/nix"; nix = "${homedir}/.config/nix";
vc = "${homedir}/projects/veracode";
}; };
initExtra = '' initExtra = ''
@ -199,8 +173,8 @@ in
autoload -U +X bashcompinit && bashcompinit autoload -U +X bashcompinit && bashcompinit
source <(kubectl completion zsh) source <(${pkgs.kubectl}/bin/kubectl completion zsh)
complete -C '/usr/local/bin/aws_completer' aws complete -C '${pkgs.awscli2}/bin/aws_completer' aws
''; '';
}; };

265
home-manager/veracode/aws-cli.nix Normal file
View File

@ -0,0 +1,265 @@
{
lib,
homedir,
...
}:
let
accounts = {
eu = {
"905326657474" = {
name = "log-archive";
role = "EngineerAdmin-Veracode-EU-All";
};
"864021117189" = {
name = "security";
role = "EngineerAdmin-Veracode-EU-All";
};
"296441839393" = {
name = "shared-services";
role = "EngineerAdmin-Veracode-EU-All";
};
"714966795542" = {
name = "veracode-eu-devops";
role = "EngineerAdmin-Veracode-EU-All";
};
"359955634867" = {
name = "veracode-eu-master";
role = "ReadOnly";
};
"675053010029" = {
name = "veracode-eu-networking";
role = "EngineerAdmin-Veracode-EU-All";
};
"377019361040" = {
name = "veracode-eu-platform-nonprod";
role = "EngineerAdmin-Veracode-EU-All";
};
"962291324749" = {
name = "veracode-eu-platform-prod";
role = "EngineerAdmin-Veracode-EU-All";
};
"090139405064" = {
name = "veracode-status-eu";
role = "EngineerAdmin-Veracode-EU-All";
};
};
us = {
"339712784947" = {
name = "aws-corp-it-prod";
role = "EngineerAdmin";
};
"077230771307" = {
name = "aws-syseng";
role = "EngineerAdmin";
};
"854207236867" = {
name = "devops";
role = "EngineerAdmin";
};
"419928441445" = {
name = "hunter2";
role = "EngineerAdmin";
};
"201152413784" = {
name = "hunter2-nonprod";
role = "EngineerAdmin";
};
"234742391591" = {
name = "logging";
role = "EngineerAdmin";
};
"373670440571" = {
name = "mars-archive";
role = "EngineerAdmin";
};
"389203956472" = {
name = "mvsa-dev";
role = "EngineerAdmin";
};
"120705294404" = {
name = "networking";
role = "EngineerAdmin";
};
"540592891828" = {
name = "repo-tools-nonprod";
role = "EngineerAdmin";
};
"199128305162" = {
name = "security";
role = "EngineerAdmin";
};
"205744758777" = {
name = "shared-services";
role = "EngineerAdmin";
};
"502262283075" = {
name = "staticengine-ci";
role = "EngineerAdmin";
};
"593005598611" = {
name = "Veracode Marketplace Sales Account";
role = "EngineerAdmin";
};
"544286724460" = {
name = "veracode-api-security-dev";
role = "EngineerAdmin";
};
"426703640137" = {
name = "veracode-cmk-production";
role = "EngineerAdmin";
};
"227890167531" = {
name = "veracode-cmk-staging";
role = "EngineerAdmin";
};
"833309876439" = {
name = "veracode-datalake-nonprod";
role = "EngineerAdmin";
};
"231215122795" = {
name = "veracode-datalake-prod";
role = "EngineerAdmin";
};
"556105087578" = {
name = "veracode-devops-sandbox";
role = "EngineerAdmin";
};
"419934374614" = {
name = "veracode-dynamic-nonprod";
role = "EngineerAdmin";
};
"743424160468" = {
name = "veracode-dynamic-prod";
role = "EngineerAdmin";
};
"026090546337" = {
name = "veracode-extcmk-c01";
role = "EngineerAdmin";
};
"026090544016" = {
name = "veracode-extcmk-dev";
role = "EngineerAdmin";
};
"527791905507" = {
name = "veracode-gov-production";
role = "EngineerAdmin";
};
"241823169104" = {
name = "veracode-gov-security";
role = "EngineerAdmin";
};
"337544356528" = {
name = "veracode-gov-staging";
role = "EngineerAdmin";
};
"125763904786" = {
name = "veracode-l2-support";
role = "EngineerAdmin";
};
"361598275817" = {
name = "veracode-laputa-sandbox";
role = "EngineerAdmin";
};
"165970187232" = {
name = "veracode-lz-data-dr";
role = "EngineerAdmin";
};
"135394645105" = {
name = "veracode-lz-data-nonprod";
role = "EngineerAdmin";
};
"041513053014" = {
name = "veracode-lz-data-prod";
role = "EngineerAdmin";
};
"341176679750" = {
name = "veracode-lz-futureville";
role = "EngineerAdmin";
};
"011479462201" = {
name = "veracode-lz-master";
role = "ReadOnly";
};
"900979254221" = {
name = "veracode-lz-static-non-prod";
role = "EngineerAdmin";
};
"867871251596" = {
name = "veracode-lz-static-prod";
role = "EngineerAdmin";
};
"621415697837" = {
name = "veracode-pac-lz-nonproduction";
role = "EngineerAdmin";
};
"677563424528" = {
name = "veracode-pac-lz-production";
role = "EngineerAdmin";
};
"055143528572" = {
name = "veracode-platform-nonprod";
role = "EngineerAdmin";
};
"432322876094" = {
name = "veracode-platform-prod";
role = "EngineerAdmin";
};
"772788280252" = {
name = "veracode-sca-nonprod";
role = "EngineerAdmin";
};
"978530908597" = {
name = "veracode-sca-prod";
role = "EngineerAdmin";
};
"129575015961" = {
name = "veracode-sky-github";
role = "EngineerAdmin";
};
"157122231047" = {
name = "veracode-status";
role = "EngineerAdmin";
};
};
};
in
{
home.file."${homedir}/.aws/config" = {
text = ''
[default]
region = us-east-1
[sso-session veracode-us]
sso_start_url = https://d-906716ce52.awsapps.com/start/
sso_region = us-east-1
sso_registration_scopes = sso:account:access
[sso-session veracode-eu]
sso_start_url = https://d-996723c1d4.awsapps.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
[profile us-${account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-us
region = us-east-1
output = json
'') accounts.us
)}
${builtins.concatStringsSep "\n" (
lib.mapAttrsToList (id: account: ''
[profile eu-${account.name}]
sso_account_id = ${id}
sso_role_name = ${account.role}
sso_session = veracode-eu
region = eu-central-1
output = json
'') accounts.eu
)}
'';
};
}

41
modules/hammerspoon.nix Normal file
View File

@ -0,0 +1,41 @@
{
lib,
stdenvNoCC,
fetchurl,
unzip,
}:
# This cannot be built from source since Hammerspoon requires entitlements to work,
# and codesigning entitlements is unfortunately incompatible with immutability.
stdenvNoCC.mkDerivation (self: {
pname = "hammerspoon";
version = "1.0.0";
# We don't use fetchzip because that seems to unpack the .app as well.
src = fetchurl {
name = "${self.pname}-${self.version}-source.zip";
url = "https://github.com/Hammerspoon/hammerspoon/releases/download/${self.version}/Hammerspoon-${self.version}.zip";
sha256 = "sha256-XbcCtV2kfcMG6PWUjZHvhb69MV3fopQoMioK9+1+an4=";
};
nativeBuildInputs = [
# Adds unpack hook.
unzip
];
installPhase = ''
runHook preInstall
mkdir -p $out/Applications
cp -r ../Hammerspoon.app $out/Applications/
runHook postInstall
'';
meta = {
homepage = "https://www.hammerspoon.org";
description = "Staggeringly powerful macOS desktop automation with Lua";
license = lib.licenses.mit;
platforms = [
"x86_64-darwin"
"aarch64-darwin"
];
};
})