-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup
More file actions
executable file
·330 lines (267 loc) · 11.2 KB
/
setup
File metadata and controls
executable file
·330 lines (267 loc) · 11.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
#!/usr/bin/env bash
DOTFILES="$HOME/.dotfiles"
# Override sudo when running as root
if [ "$EUID" -eq 0 ]; then
sudo() {
"$@"
}
fi
host() {
local name="${1:-$(hostname)}"
if [ ! -f "$DOTFILES/nix/home/hosts/$name.nix" ]; then
echo "No config for '$name'. Available: $(ls "$DOTFILES/nix/home/hosts/" | sed 's/\.nix$//' | tr '\n' ' ')"
return 1
fi
# --- Set NIX_HOST (only needed when hostname doesn't match flake config name) ---
if [ "$name" != "$(hostname)" ]; then
touch ~/.local_exports
if grep -q 'NIX_HOST=' ~/.local_exports 2>/dev/null; then
sed -i "s/export NIX_HOST=.*/export NIX_HOST=\"$name\"/" ~/.local_exports
else
echo "export NIX_HOST=\"$name\"" >> ~/.local_exports
fi
echo "NIX_HOST=$name (overrides hostname '$(hostname)')"
else
echo "Hostname matches config name, no NIX_HOST override needed"
fi
# --- NixOS: done here, use nswitch ---
if [ -f /etc/NIXOS ]; then
echo "Done (NixOS). Run nswitch to apply."
return
fi
# --- Non-NixOS: install Nix + first HM switch ---
mkdir -p ~/applications
link nix/nix.conf ~/.config/nix/nix.conf
sudo apt-get update
sudo apt-get install -y \
build-essential \
curl \
gcc
sudo mkdir -p /usr/local/bin
sudo ln -sf ~/bin/* /usr/local/bin/
if ! command -v nix &> /dev/null; then
sh <(curl -L https://nixos.org/nix/install) --daemon --yes
echo "Nix installed. Restart your shell, then re-run: ./setup host $name"
return
fi
if ! grep -q 'min-free' /etc/nix/nix.conf 2>/dev/null; then
echo -e '\nmin-free = 16106127360\nmax-free = 32212254720' | sudo tee -a /etc/nix/nix.conf
fi
if ! grep -q 'trusted-users' /etc/nix/nix.conf 2>/dev/null; then
echo "trusted-users = $USER" | sudo tee -a /etc/nix/nix.conf
fi
sudo systemctl restart nix-daemon
touch ~/.zshrc
nix run home-manager/master -- switch --flake ~/.dotfiles#"$NIX_HOST"
if [ ! -f /etc/NIXOS ]; then
grep -qxF "$HOME/.nix-profile/bin/zsh" /etc/shells || echo "$HOME/.nix-profile/bin/zsh" | sudo tee -a /etc/shells
sudo chsh -s "$HOME/.nix-profile/bin/zsh" "$USER"
fi
}
gpu() {
local script="$HOME/.nix-profile/bin/non-nixos-gpu-setup"
if [ -x "$script" ]; then
sudo "$script"
else
echo "non-nixos-gpu-setup not found. Run hmswitch first."
fi
}
ubuntu() {
sudo apt-get update
# System-level packages not available via Nix/HM
sudo apt-get install -y \
firejail \
libfuse2 \
ubuntu-drivers-common
if ! command -v tailscale &> /dev/null; then
curl -fsSL https://tailscale.com/install.sh | sh
fi
# NVIDIA drivers (auto-detects correct version)
sudo ubuntu-drivers install
# Codecs, fonts, restricted formats
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | sudo debconf-set-selections
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ubuntu-restricted-extras
# Enable unprivileged user namespaces for Electron app sandboxing
# Ubuntu 23.10+ uses AppArmor to restrict userns per-app; disable that restriction
if [ ! -f /etc/sysctl.d/60-apparmor-namespace.conf ]; then
echo 'kernel.apparmor_restrict_unprivileged_userns=0' | sudo tee /etc/sysctl.d/60-apparmor-namespace.conf
sudo sysctl --system
fi
# Disable screenshot sound
if [ -f "/usr/share/sounds/freedesktop/stereo/camera-shutter.oga" ]; then
sudo mv /usr/share/sounds/freedesktop/stereo/camera-shutter.oga /usr/share/sounds/freedesktop/stereo/camera-shutter-disabled.oga
fi
# Remove bloat (brltty grabs USB serial devices)
sudo apt-get remove -y orca brltty
# Remove system Firefox install script so HM Firefox takes precedence
if [ -d /usr/lib/firefox ]; then
sudo mv /usr/lib/firefox /usr/lib/firefox.bak
echo "Moved /usr/lib/firefox → /usr/lib/firefox.bak (HM Firefox takes priority)"
fi
# btop from source for GPU support (nixpkgs btop-cuda can't see system NVIDIA drivers)
# Must use system compiler — Nix's c++ produces binaries with Nix's ld-linux,
# which can't dlopen system libs like libnvidia-ml.so at runtime.
if ! command -v btop &> /dev/null; then
git clone --depth 1 https://github.com/aristocratos/btop.git /tmp/btop
make -C /tmp/btop CXX=/usr/bin/g++ -j"$(nproc)"
sudo make -C /tmp/btop install
rm -rf /tmp/btop
fi
# https://github.com/ahkohd/oyo
cargo install oyo
# Keep systemd user timers alive after logout (backups, etc.)
loginctl enable-linger "$USER"
echo "Run './setup gpu' after reboot to set up Nix GPU driver symlinks."
}
# todo https://github.com/nix-community/nix-on-droid-app
android() {
# https://android.stackexchange.com/a/185949
pkg update && pkg upgrade
pkg install python gh fastfetch git-lfs zsh vim htop
git lfs install
ln -sf ~/storage/shared/repos ~/repos # can't do it the other way round without root
obsidian_vault mobile shallow
git config --global --add safe.directory ~/storage/shared/repos/obsidian/knowledge-base
chsh -s zsh # set zsh as default shell
# TODO: fuzzy_finder function was removed, fzf now via nix
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "source ~/.dotfiles/zsh/android" >> ~/.zshrc
}
docker() {
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh ./get-docker.sh
sudo usermod -a -G docker $USER
rm get-docker.sh
echo "Reboot to apply changes"
}
nvidia_container_toolkit() {
# Enables Docker containers to use NVIDIA GPUs (--runtime=nvidia / --gpus all)
# Requires: NVIDIA drivers installed, Docker installed
if ! command -v nvidia-smi &> /dev/null; then
echo "Error: NVIDIA drivers not installed (nvidia-smi not found)"
return 1
fi
if ! command -v docker &> /dev/null; then
echo "Error: Docker not installed"
return 1
fi
echo "Installing NVIDIA Container Toolkit..."
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | \
sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg --yes
curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
sudo apt-get update
sudo apt-get install -y nvidia-container-toolkit
sudo nvidia-ctk runtime configure --runtime=docker
sudo systemctl restart docker
echo "Verifying GPU access in container..."
docker run --rm --gpus all nvidia/cuda:12.6.3-base-ubuntu24.04 nvidia-smi
}
get_vibetyper() {
# Speech-to-text app. Auto-updates and creates its own desktop entries on launch.
wget -O "$HOME/applications/VibeTyper.AppImage" "https://cdn.vibetyper.com/releases/linux/VibeTyper.AppImage"
chmod +x "$HOME/applications/VibeTyper.AppImage"
}
act() {
# local github actions runner
curl -s https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo zsh
}
get_veracrypt() {
# encrypted volumes
yes | sudo add-apt-repository ppa:unit193/encryption
sudo apt-get update
sudo apt-get install -y veracrypt
}
get_claude() {
curl -fsSL https://claude.ai/install.sh | bash
mkdir -p ~/.claude/plugins
rm -rf ~/.claude/settings.json ~/.claude/CLAUDE.md ~/.claude/commands ~/.claude/output-styles ~/.claude/mcp.json
ln -sf "$DOTFILES/claude/settings.json" ~/.claude/settings.json
ln -sf "$DOTFILES/claude/CLAUDE.md" ~/.claude/CLAUDE.md
ln -sf "$DOTFILES/claude/commands" ~/.claude/commands
ln -sf "$DOTFILES/claude/output-styles" ~/.claude/output-styles
ln -sf "$DOTFILES/claude/mcp.json" ~/.claude/mcp.json
claude plugin marketplace add https://github.com/wakatime/claude-code-wakatime.git 2>/dev/null || true
claude plugin marketplace add anthropics/claude-plugins-official 2>/dev/null || true
claude plugin marketplace add MaxWolf-01/agents 2>/dev/null || true
claude plugin i claude-code-wakatime@wakatime 2>/dev/null || true
claude plugin i mx@MaxWolf-01 2>/dev/null || true
}
secrets() {
local key_plain="$HOME/.local/secrets/age-key.txt"
local key_enc="$HOME/.local/secrets/age-key.txt.enc"
local key_tmpfs="/run/user/$(id -u)/age-key.txt"
if ! [ -d ~/.dotfiles/secrets ]; then
gh repo clone MaxWolf-01/secrets ~/.dotfiles/secrets -- --depth 1
fi
if [ ! -f "$key_plain" ]; then
mkdir -p "$(dirname "$key_plain")"
echo "Age key not found at $key_plain"
echo "Generate a new key with: age-keygen -o $key_plain"
echo "Or place your existing key there, then run './setup secrets' again"
echo ""
echo "To encrypt at rest (recommended when no FDE):"
echo " age -p -o $key_enc $key_plain && rm $key_plain"
echo " The login hook in secrets/zshrc will decrypt to tmpfs on each login."
return 1
fi
git -C ~/.dotfiles/secrets pull
export SOPS_AGE_KEY_FILE="$key_plain"
if [ ! -f ~/.ssh/id_ed25519 ]; then
sops -d ~/.dotfiles/secrets/passwords/id_ed25519 > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keygen -y -f ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.pub
echo "SSH key decrypted to ~/.ssh/id_ed25519"
ssh-add ~/.ssh/id_ed25519
fi
sops -d ~/.dotfiles/secrets/api_keys/wakatime.cfg > ~/.wakatime.cfg
}
obsidian_vault() {
# TODO use separate repositories / find a better solution for differing settings...
local platform=${1:-desktop} # Default to desktop if no argument provided
local depth=${2:-full} # Default to full clone if no depth specified
local depth_arg=""
if [ "$depth" = "shallow" ]; then
depth_arg="--depth 1"
fi
path=~/repos/obsidian
if [ "$platform" = "mobile" ]; then
path=~/storage/shared/obsidian
fi
mkdir -pv "$path" && cd "$path" || exit
if [ -d "knowledge-base" ]; then
echo "knowledge-base already exists"
return
fi
git clone $depth_arg git@github.com:MaxWolf-01/knowledge-base.git
cd knowledge-base || exit
git clone $depth_arg git@github.com:MaxWolf-01/.obsidian
cd .obsidian && ./switch_platform.sh "$platform" || exit
ln -sf ~/.dotfiles/vim/obsidian "$path/knowledge-base/.obsidian.vimrc"
ln -sf ~/.dotfiles/git/hooks/check_question_mark_in_filename "$path/knowledge-base/.git/hooks/pre-commit"
# Set up pre-push hook for local Quartz sync
if [ "$platform" = "desktop" ]; then
ln -sf ~/.dotfiles/git/hooks/quartz-sync-pre-push "$path/knowledge-base/.git/hooks/pre-push"
echo "Pre-push hook for Quartz sync installed"
fi
}
sshkeys() {
ssh-keygen -t ed25519 -C "69987866+MaxWolf-01@users.noreply.github.com"
find ~/.ssh/ -type f -exec chmod 600 {} \; && find ~/.ssh/ -type d -exec chmod 700 {} \; && find ~/.ssh/ -type f -name "*.pub" -exec chmod 644 {} \;
ssh-add ~/.ssh/id_ed25519
cat ~/.ssh/id_ed25519.pub
echo "Put your public key on github -> settings -> SSH and GPG keys"
}
nvidia_mps() {
sudo ln -sf "$DOTFILES/systemd/nvidia-mps.service" /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now nvidia-mps
}
# Check if the first argument is the name of a function
if declare -f "$1" > /dev/null; then
# Call the function with the rest of the arguments
"$@"
else
echo "$1 is not a function"
fi