diff --git a/.sops.yaml b/.sops.yaml index 0ce16ed..79707f1 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml - - &host-hk-00 age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu + - &host-hk-00 age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 creation_rules: - path_regex: machines/calcite/secrets.yaml key_groups: @@ -24,14 +24,6 @@ creation_rules: - age: - *xin - *host-massicot - - path_regex: machines/dolomite/secrets/secrets.yaml - key_groups: - - age: - - *xin - - *host-sgp-00 - - *host-tok-00 - - *host-la-00 - - *host-hk-00 - path_regex: machines/dolomite/secrets/sgp-00.yaml key_groups: - age: diff --git a/flake.lock b/flake.lock index f6abc8b..be689de 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,126 @@ { "nodes": { + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1708890466, + "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "665b3c6748534eb766c777298721cece9453fdae", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-foot": { + "flake": false, + "locked": { + "lastModified": 1696725948, + "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "owner": "tinted-theming", + "repo": "base16-foot", + "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-foot", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1720809814, + "narHash": "sha256-numb3xigRGnr/deF7wdjBwVg7fpbTH7reFDkJ75AJkY=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "34f41987bec14c0f3f6b2155c19787b1f6489625", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-kitty": { + "flake": false, + "locked": { + "lastModified": 1665001328, + "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", + "owner": "kdrag0n", + "repo": "base16-kitty", + "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", + "type": "github" + }, + "original": { + "owner": "kdrag0n", + "repo": "base16-kitty", + "type": "github" + } + }, + "base16-tmux": { + "flake": false, + "locked": { + "lastModified": 1696725902, + "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "owner": "tinted-theming", + "repo": "base16-tmux", + "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-tmux", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1716150083, + "narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "type": "github" + } + }, "catppuccin": { "locked": { - "lastModified": 1731232837, - "narHash": "sha256-0aIwr/RC/oe7rYkfJb47xjdEQDSNcqpFGsEa+EPlDEs=", + "lastModified": 1730458408, + "narHash": "sha256-JQ+SphQn13bdibKUrBBBznYehXX4xJrxD1ifBp6vSWw=", "owner": "catppuccin", "repo": "nix", - "rev": "32359bf226fe874d3b7a0a5753d291a4da9616fe", + "rev": "191fbf2d81a63fad8f62f1233c0051f09b75d0ad", "type": "github" }, "original": { @@ -18,19 +132,22 @@ "colmena": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nix-github-actions": "nix-github-actions", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ], - "stable": "stable" + "stable": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1731527002, - "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", + "lastModified": 1728263678, + "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", "owner": "zhaofengli", "repo": "colmena", - "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "rev": "b0a62f234fae02a006123e661ff70e62af16106b", "type": "github" }, "original": { @@ -61,26 +178,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732221404, - "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", - "owner": "nix-community", - "repo": "disko", - "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -127,6 +224,22 @@ "type": "github" } }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -168,12 +281,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -183,24 +299,6 @@ } }, "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -218,6 +316,43 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": [ + "stylix", + "systems" + ] + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1689549921, + "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -274,6 +409,23 @@ "type": "github" } }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1713702291, + "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "46.1", + "repo": "gnome-shell", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -281,11 +433,11 @@ ] }, "locked": { - "lastModified": 1731786860, - "narHash": "sha256-130gQ5k8kZlxjBEeLpE+SvWFgSOFgQFeZlqIik7KgtQ=", + "lastModified": 1730837930, + "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1bd5616e33c0c54d7a5b37db94160635a9b27aeb", + "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", "type": "github" }, "original": { @@ -316,6 +468,27 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "ixx": { "inputs": { "flake-utils": [ @@ -390,27 +563,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "colmena", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -418,11 +570,11 @@ ] }, "locked": { - "lastModified": 1731814505, - "narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=", + "lastModified": 1730604744, + "narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132", + "rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318", "type": "github" }, "original": { @@ -442,11 +594,11 @@ ] }, "locked": { - "lastModified": 1731808759, - "narHash": "sha256-WwJqguc/5Q7HEwHlgDzDT8mtd8ZxInxZM2neJKC1oh8=", + "lastModified": 1730944043, + "narHash": "sha256-DIYTHa57pQQc9ARiMpJWYkaoiTaQPLH7Y4qK0J10Khk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5cf92678e6799ce45442dee4c9cb8094843c7cfa", + "rev": "0a959b25ff573f079ed032f88d8c988561b96a96", "type": "github" }, "original": { @@ -457,11 +609,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731797098, - "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -501,11 +653,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1731652201, - "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { @@ -517,11 +669,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -533,11 +685,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1731819057, - "narHash": "sha256-nfqKsQhFCakM+eIKGf/JWu/g56rOPoGny10EZN8q7R0=", + "lastModified": 1731119255, + "narHash": "sha256-rDHKmBBUu7XSK+68yXEI9TJVc2TaQH7SVieP9pH3h7k=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "b2644ed7258502987ad4a70cf8959bf5a26ce26d", + "rev": "ca12ccda69b37abe3ea78dab388b0bfe638eb743", "type": "github" }, "original": { @@ -547,6 +699,22 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1725194671, + "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "devshell": "devshell", @@ -575,11 +743,11 @@ }, "nur": { "locked": { - "lastModified": 1731819675, - "narHash": "sha256-GGp/rEfxRdi1BD9TlHoXxp2g9IuKDp0Jk7wYh1LacP8=", + "lastModified": 1730959878, + "narHash": "sha256-UZ6oSptjE04ooORHvvR+kiGnr/nhzWgYwGryxUkKAv0=", "owner": "nix-community", "repo": "NUR", - "rev": "59740d792bea5caa547c9bc7ce366802ecfafb7f", + "rev": "bc4d2a3b71c75d81cc247b1bf991b63f75358004", "type": "github" }, "original": { @@ -590,7 +758,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "my-nixvim", @@ -616,8 +784,7 @@ "inputs": { "catppuccin": "catppuccin", "colmena": "colmena", - "disko": "disko", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "home-manager": "home-manager", "my-nixvim": "my-nixvim", "nix-index-database": "nix-index-database", @@ -626,7 +793,8 @@ "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "stylix": "stylix" } }, "sops-nix": { @@ -637,11 +805,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1731814239, - "narHash": "sha256-TGnMXCeXS924w9W6CvRFtUCUFr8E/RK138lHxU3vcw8=", + "lastModified": 1730883027, + "narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "47fc1d8c72dbd69b32ecb2019b5b648da3dd20ce", + "rev": "c5ae1e214ff935f2d3593187a131becb289ea639", "type": "github" }, "original": { @@ -650,19 +818,33 @@ "type": "github" } }, - "stable": { + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-foot": "base16-foot", + "base16-helix": "base16-helix", + "base16-kitty": "base16-kitty", + "base16-tmux": "base16-tmux", + "base16-vim": "base16-vim", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_3", + "gnome-shell": "gnome-shell", + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_3", + "systems": "systems_3" + }, "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "lastModified": 1725416430, + "narHash": "sha256-DkF49DlcaZHV9v3m5ctQnC9qNqsEdfNhwjQArx5Q+Zw=", + "owner": "xinyangli", + "repo": "stylix", + "rev": "7aad490478518af03367dabfb5811b3f87ea93a1", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", + "owner": "xinyangli", + "repo": "stylix", "type": "github" } }, @@ -696,6 +878,21 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index a7957b4..959d920 100644 --- a/flake.nix +++ b/flake.nix @@ -34,12 +34,9 @@ colmena = { url = "github:zhaofengli/colmena"; + inputs.stable.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs"; - }; - - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; }; nix-index-database = { @@ -55,6 +52,12 @@ catppuccin = { url = "github:catppuccin/nix"; }; + + stylix = { + url = "github:xinyangli/stylix"; + # inputs.nixpkgs.follows = "nixpkgs"; + # inputs.home-manager.follows = "home-manager"; + }; }; outputs = @@ -63,73 +66,35 @@ home-manager, nixpkgs, nixos-hardware, - sops-nix, flake-utils, nur, catppuccin, my-nixvim, - nix-vscode-extensions, - colmena, - nix-index-database, - disko, ... - }: + }@inputs: let - editorOverlay = ( - final: prev: { - inherit (nix-vscode-extensions.extensions.${prev.stdenv.system}) vscode-marketplace; - inherit (self.packages.${prev.stdenv.system}) nixvim; - } - ); + nixvimOverlay = (final: prev: { nixvim = self.packages.${prev.stdenv.system}.nixvim; }); overlayModule = { ... }: { nixpkgs.overlays = [ - editorOverlay + nixvimOverlay (import ./overlays/add-pkgs.nix) ]; }; deploymentModule = { deployment.targetUser = "xin"; }; - sharedHmModules = [ - self.homeManagerModules.default - sops-nix.homeManagerModules.sops - nix-index-database.hmModules.nix-index - catppuccin.homeManagerModules.catppuccin - ]; - sharedNixosModules = [ - self.nixosModules.default - sops-nix.nixosModules.sops - ]; - nodeNixosModules = { - calcite = [ - nixos-hardware.nixosModules.asus-zephyrus-ga401 - nur.nixosModules.nur - catppuccin.nixosModules.catppuccin - machines/calcite/configuration.nix - (mkHome "xin" "calcite") - ]; - hk-00 = [ - ./machines/dolomite/claw.nix - ./machines/dolomite/common.nix - disko.nixosModules.disko - ]; - la-00 = [ - ./machines/dolomite/bandwagon.nix - ./machines/dolomite/common.nix - ]; - tok-00 = [ - ./machines/dolomite/lightsail.nix - ./machines/dolomite/common.nix - ]; - osmium = [ - ./machines/osmium - ]; - }; sharedColmenaModules = [ + self.nixosModules.default deploymentModule - ] ++ sharedNixosModules; + ]; + sharedHmModules = [ + inputs.sops-nix.homeManagerModules.sops + inputs.nix-index-database.hmModules.nix-index + catppuccin.homeManagerModules.catppuccin + self.homeManagerModules + ]; mkHome = user: host: { ... }: @@ -141,29 +106,42 @@ sharedModules = sharedHmModules; useGlobalPkgs = true; useUserPackages = true; + extraSpecialArgs = { + inherit inputs; + }; }; home-manager.users.${user} = (import ./home).${user}.${host}; } ]; }; + mkHomeConfiguration = user: host: { + name = user; + value = home-manager.lib.homeManagerConfiguration { + pkgs = import nixpkgs { system = "x86_64-linux"; }; + modules = [ + (import ./home).${user}.${host} + overlayModule + ] ++ sharedHmModules; + extraSpecialArgs = { + inherit inputs; + }; + }; + }; mkNixos = { - hostname, - system ? null, + system, + modules, + specialArgs ? { }, }: nixpkgs.lib.nixosSystem { - modules = sharedNixosModules ++ nodeNixosModules.${hostname}; - }; - # TODO: - mkColmenaHive = - { - hostname, - }: - colmena.lib.makeHive { - meta = { - # FIXME: - nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + inherit system; + specialArgs = specialArgs // { + inherit inputs system; }; + modules = [ + self.nixosModules.default + nur.nixosModules.nur + ] ++ modules; }; in { @@ -174,12 +152,16 @@ overlayModule ]; }; - homeManagerModules.default = import ./modules/home-manager; + homeManagerModules = import ./modules/home-manager; - colmenaHive = colmena.lib.makeHive { + homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ]; + + colmenaHive = inputs.colmena.lib.makeHive { meta = { - # FIXME: nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + specialArgs = { + inherit inputs; + }; }; massicot = @@ -197,7 +179,7 @@ tok-00 = { ... }: { - imports = nodeNixosModules.tok-00 ++ sharedColmenaModules; + imports = [ machines/dolomite ] ++ sharedColmenaModules; nixpkgs.system = "x86_64-linux"; networking.hostName = "tok-00"; system.stateVersion = "23.11"; @@ -211,7 +193,7 @@ la-00 = { ... }: { - imports = nodeNixosModules.la-00 ++ sharedColmenaModules; + imports = [ machines/dolomite ] ++ sharedColmenaModules; nixpkgs.system = "x86_64-linux"; networking.hostName = "la-00"; system.stateVersion = "21.05"; @@ -225,7 +207,7 @@ hk-00 = { ... }: { - imports = nodeNixosModules.hk-00 ++ sharedColmenaModules; + imports = [ machines/dolomite ] ++ sharedColmenaModules; nixpkgs.system = "x86_64-linux"; networking.hostName = "hk-00"; system.stateVersion = "24.05"; @@ -266,11 +248,12 @@ nixosConfigurations = { calcite = mkNixos { - hostname = "calcite"; - }; - - osmium = mkNixos { - hostname = "osmium"; + system = "x86_64-linux"; + modules = [ + nixos-hardware.nixosModules.asus-zephyrus-ga401 + machines/calcite/configuration.nix + (mkHome "xin" "calcite") + ]; }; } // self.colmenaHive.nodes; @@ -279,17 +262,6 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; - - mkHomeConfiguration = user: host: { - name = user; - value = home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = [ - (import ./home).${user}.${host} - overlayModule - ] ++ sharedHmModules; - }; - }; in { devShells = { @@ -297,19 +269,16 @@ packages = with pkgs; [ nix git - colmena.packages.${system}.colmena + colmena sops nix-output-monitor nil nvd nh - (python3.withPackages (ps: with ps; [ requests ])) ]; }; }; - homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ]; - packages = { nixvim = my-nixvim.packages.${system}.default; }; diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index 69d16d6..654aedc 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: let homeDirectory = "/home/xin"; in @@ -36,23 +36,13 @@ in home.packages = with pkgs; [ thunderbird remmina - qq - wechat-uos - wpsoffice - ttf-wps-fonts ]; # Theme catppuccin = { enable = true; - accent = "peach"; flavor = "mocha"; }; - # Missing from catppuccin module - services.swaync.style = pkgs.fetchurl { - url = "https://github.com/catppuccin/swaync/releases/download/v0.2.3/mocha.css"; - hash = "sha256-Hie/vDt15nGCy4XWERGy1tUIecROw17GOoasT97kIfc="; - }; xdg.enable = true; @@ -61,12 +51,6 @@ in fcitx5.addons = with pkgs; [ fcitx5-rime ]; }; - # Using wayland - home.sessionVariables = { - GTK_IM_MODULE = lib.mkForce ""; - QT_IM_MODULE = lib.mkForce ""; - }; - custom-hm = { alacritty = { enable = true; @@ -86,14 +70,6 @@ in }; neovim = { enable = true; - font = { - normal = [ - "JetbrainsMono Nerd Font" - "Noto Sans Mono CJK SC" - "Ubuntu" - ]; - size = 12.0; - }; }; vscode = { enable = true; @@ -108,7 +84,6 @@ in zellij = { enable = true; }; - gui = { niri.enable = true; waybar.enable = true; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 8ad5348..7235179 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -4,9 +4,7 @@ lib, ... }: -let - inherit (lib) mkForce getExe; -in + { imports = [ # Include the results of the hardware scan. @@ -36,11 +34,6 @@ in boot.supportedFilesystems = [ "ntfs" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - documentation = { - nixos.enable = false; - man.enable = false; - }; - security.tpm2 = { enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so @@ -50,7 +43,7 @@ in # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables tctiEnvironment.enable = true; }; - # services.gnome.gnome-keyring.enable = lib.mkForce false; + services.gnome.gnome-keyring.enable = lib.mkForce false; security.pam.services.login.enableGnomeKeyring = lib.mkForce false; services.ssh-tpm-agent.enable = true; @@ -105,51 +98,14 @@ in LC_TIME = "en_US.utf8"; }; - # ====== GUI ====== + services.displayManager = { + enable = true; + defaultSession = "niri"; + }; programs.niri.enable = true; - environment.sessionVariables.NIXOS_OZONE_WL = "1"; - security.pam.services.gtklock = { }; # Required by gtklock - catppuccin = { - enable = true; - accent = "rosewater"; - flavor = "mocha"; - }; - - xdg.portal = { - enable = true; - extraPortals = [ - pkgs.xdg-desktop-portal-gnome - pkgs.xdg-desktop-portal-gtk - ]; - configPackages = [ pkgs.niri ]; - }; - - systemd.user.services.xdg-desktop-portal-gtk.after = [ "graphical-session.target" ]; - systemd.user.services.xdg-desktop-portal-gnome.after = [ "graphical-session.target" ]; - systemd.user.services.xdg-desktop-portal-gnome.wantedBy = [ "graphical-session.target" ]; - - services.greetd = - let - niri-login-config = pkgs.writeText "niri-login-config.kdl" '' - animations { - off - } - hotkey-overlay { - skip-at-startup - } - ''; - in - { - enable = true; - vt = 1; - settings = { - default_session = { - command = "${pkgs.dbus}/bin/dbus-run-session -- ${getExe pkgs.niri} -c ${niri-login-config} -- ${getExe pkgs.greetd.gtkgreet} -l -c niri-session -s ${pkgs.magnetic-catppuccin-gtk}/share/themes/Catppuccin-GTK-Dark/gtk-3.0/gtk.css"; - }; - }; - }; + services.xserver.displayManager.gdm.enable = true; # Keyboard mapping on internal keyboard services.keyd = { @@ -164,15 +120,6 @@ in }; }; }; - "logiM720" = { - ids = [ "046d:b015" ]; - settings = { - main = { - mouse2 = "leftmeta"; - # leftalt = "mouse1"; - }; - }; - }; }; }; @@ -219,7 +166,6 @@ in services.smartd.enable = true; # Allow unfree packages - nixpkgs.system = "x86_64-linux"; nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" @@ -283,6 +229,7 @@ in # IM element-desktop tdesktop + qq # Password manager bitwarden @@ -299,6 +246,8 @@ in # Writting zotero # onlyoffice-bin + wpsoffice + zed-editor config.nur.repos.linyinfeng.wemeet @@ -351,6 +300,8 @@ in exporters.blackbox.enable = true; }; + custom.stylix.enable = false; + services.ollama = { enable = true; acceleration = "cuda"; @@ -360,6 +311,7 @@ in services.gvfs.enable = true; services.flatpak.enable = true; + xdg.portal.enable = true; # Fonts fonts = { diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index 31203ad..89e9255 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { imports = [ ]; @@ -10,6 +10,7 @@ dns = "systemd-resolved"; }; }; + systemd.services.NetworkManager-wait-online.enable = false; services.resolved = { enable = true; @@ -24,7 +25,6 @@ services.dae.enable = true; services.dae.configFile = "/var/lib/dae/config.dae"; - systemd.services.dae.after = lib.mkIf (config.networking.networkmanager.enable) [ "NetworkManager-wait-online.service" ]; custom.sing-box = { enable = false; @@ -46,13 +46,14 @@ # Use nftables to manager firewall networking.nftables.enable = true; + # Add gsconnect, open firewall + programs.kdeconnect = { + enable = true; + package = pkgs.gnomeExtensions.gsconnect; + }; + programs.wireshark = { enable = true; package = pkgs.wireshark-qt; }; - - programs.kdeconnect = { - enable = true; - package = pkgs.valent; - }; } diff --git a/machines/dolomite/bandwagon.nix b/machines/dolomite/bandwagon.nix index 803be29..91449c1 100644 --- a/machines/dolomite/bandwagon.nix +++ b/machines/dolomite/bandwagon.nix @@ -1,11 +1,21 @@ { + config, + lib, + pkgs, modulesPath, ... }: +let + cfg = config.isBandwagon; +in { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - config = { + options = { + isBandwagon = lib.mkEnableOption "Bandwagon instance"; + }; + + config = lib.mkIf cfg { boot.initrd.availableKernelModules = [ "ata_piix" "xhci_pci" diff --git a/machines/dolomite/claw.nix b/machines/dolomite/claw.nix index 84b3da9..b8cf692 100644 --- a/machines/dolomite/claw.nix +++ b/machines/dolomite/claw.nix @@ -1,14 +1,22 @@ { + config, lib, modulesPath, ... }: +let + cfg = config.isClaw; +in { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - config = { + options = { + isClaw = lib.mkEnableOption "Lightsail instance"; + }; + + config = lib.mkIf cfg { boot.initrd.availableKernelModules = [ "uhci_hcd" "virtio_blk" @@ -18,38 +26,6 @@ "xen_blkfront" "vmw_pvscsi" ]; - - disko.devices = { - disk = { - main = { - device = "/dev/vda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "xfs"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; @@ -58,6 +34,11 @@ device = "/dev/vda"; }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee"; + fsType = "ext4"; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/machines/dolomite/common.nix b/machines/dolomite/common.nix deleted file mode 100644 index 83b0e36..0000000 --- a/machines/dolomite/common.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, ... }: -{ - config = { - sops = { - secrets = { - wg_private_key = { - owner = "root"; - sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; - }; - wg_ipv6_local_addr = { - owner = "root"; - sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; - }; - "sing-box/password" = { - owner = "root"; - sopsFile = ./secrets/secrets.yaml; - }; - "sing-box/uuid" = { - owner = "root"; - sopsFile = ./secrets/secrets.yaml; - }; - }; - }; - - custom.prometheus = { - enable = true; - exporters.blackbox.enable = true; - }; - - commonSettings = { - auth.enable = true; - proxyServer.enable = true; - }; - }; - -} diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix new file mode 100644 index 0000000..32e2425 --- /dev/null +++ b/machines/dolomite/default.nix @@ -0,0 +1,182 @@ +{ config, lib, ... }: +let + awsHosts = [ "tok-00" ]; + bwgHosts = [ "la-00" ]; + clawHosts = [ "hk-00" ]; +in +{ + imports = [ + ../sops.nix + ./bandwagon.nix + ./lightsail.nix + ./claw.nix + ]; + + config = { + isBandwagon = builtins.elem config.networking.hostName bwgHosts; + isLightsail = builtins.elem config.networking.hostName awsHosts; + isClaw = builtins.elem config.networking.hostName clawHosts; + sops = { + secrets = { + wg_private_key = { + owner = "root"; + sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; + }; + wg_ipv6_local_addr = { + owner = "root"; + sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; + }; + }; + }; + boot.kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + }; + + networking.firewall.trustedInterfaces = [ "tun0" ]; + + security.acme = { + acceptTerms = true; + certs.${config.deployment.targetHost} = { + email = "me@namely.icu"; + # Avoid port conflict + listenHTTP = if config.services.caddy.enable then ":30310" else ":80"; + }; + }; + services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = '' + reverse_proxy 127.0.0.1:30310 + ''; + + networking.firewall.allowedTCPPorts = [ + 80 + 8080 + ]; + networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); + + custom.prometheus = { + enable = true; + exporters.blackbox.enable = true; + }; + + custom.kanidm-client = { + enable = true; + uri = "https://auth.xinyang.life/"; + asSSHAuth = { + enable = true; + allowedGroups = [ "linux_users" ]; + }; + sudoers = [ "xin@auth.xinyang.life" ]; + }; + + services.openssh = { + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + PermitRootLogin = lib.mkForce "no"; + GSSAPIAuthentication = "no"; + KerberosAuthentication = "no"; + }; + }; + services.fail2ban.enable = true; + programs.mosh.enable = true; + + security.sudo = { + execWheelOnly = true; + wheelNeedsPassword = false; + }; + + services.sing-box = + let + singTls = { + enabled = true; + server_name = config.deployment.targetHost; + key_path = config.security.acme.certs.${config.deployment.targetHost}.directory + "/key.pem"; + certificate_path = + config.security.acme.certs.${config.deployment.targetHost}.directory + "/cert.pem"; + }; + password = { + _secret = config.sops.secrets.singbox_password.path; + }; + uuid = { + _secret = config.sops.secrets.singbox_uuid.path; + }; + in + { + enable = true; + settings = { + inbounds = + [ + { + tag = "sg0"; + type = "trojan"; + listen = "::"; + listen_port = 8080; + users = [ + { + name = "proxy"; + password = password; + } + ]; + tls = singTls; + } + ] + ++ lib.forEach (lib.range 6311 6314) (port: { + tag = "sg" + toString (port - 6310); + type = "tuic"; + listen = "::"; + listen_port = port; + congestion_control = "bbr"; + users = [ + { + name = "proxy"; + uuid = uuid; + password = password; + } + ]; + tls = singTls; + }); + outbounds = [ + { + type = "wireguard"; + tag = "wg-out"; + private_key = { + _secret = config.sops.secrets.wg_private_key.path; + }; + local_address = [ + "172.16.0.2/32" + { _secret = config.sops.secrets.wg_ipv6_local_addr.path; } + ]; + peers = [ + { + public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="; + allowed_ips = [ + "0.0.0.0/0" + "::/0" + ]; + server = "162.159.192.1"; + server_port = 500; + } + ]; + } + { + type = "direct"; + tag = "direct"; + } + ]; + route = { + rules = [ + { + inbound = "sg0"; + outbound = "direct"; + } + { + inbound = "sg4"; + outbound = "direct"; + } + ]; + }; + }; + }; + }; + +} diff --git a/machines/dolomite/lightsail.nix b/machines/dolomite/lightsail.nix index e44fac4..230b23d 100644 --- a/machines/dolomite/lightsail.nix +++ b/machines/dolomite/lightsail.nix @@ -1,9 +1,11 @@ { config, + lib, pkgs, modulesPath, ... }: +with lib; let cfg = config.ec2; in @@ -18,7 +20,11 @@ in "${modulesPath}/virtualisation/amazon-init.nix" ]; - config = { + options = { + isLightsail = mkEnableOption "Lightsail instance"; + }; + + config = mkIf config.isLightsail { boot.loader.grub.device = "/dev/nvme0n1"; # from nixpkgs amazon-image.nix diff --git a/machines/dolomite/secrets/hk-00.yaml b/machines/dolomite/secrets/hk-00.yaml index 3236479..91d6540 100644 --- a/machines/dolomite/secrets/hk-00.yaml +++ b/machines/dolomite/secrets/hk-00.yaml @@ -1,5 +1,5 @@ -wg_private_key: ENC[AES256_GCM,data:rzWGmeKVKjSaViN7fkgwLXdD7gLwTaNd9dtTdj6POMXqjk6uYNXKhKES/d0=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:Pz8P7mq1DpGPVwgTTFmFiw==,type:str] -wg_ipv6_local_addr: ENC[AES256_GCM,data:SuRSCFKW5MM2mtDNNfa3By7hrz66Y+nw/Ij+uO0MHwklAlkydVVKi89D,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:DjZjY54Pb1AHIyyzQIlHaw==,type:str] +wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str] +wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str] sops: kms: [] gcp_kms: [] @@ -9,23 +9,23 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNXJzOHF2M3RkV2MxeThi - NzFXcHg2QVZzQXZWMlFibE10MnhiekJnSVNzCjJ4TVBXZmk1ZWk5Rjl0WUlHNWc2 - bUdHcCsraEpWb2hqVDAxaVpNdC9SOXMKLS0tIFJ2amxtTXY2VnF2NUlVYXdJZG5R - RHk3SjZIUTQ3VmJpcElmMXd3dFp1RVEKQCe/BYPU9b8aNsTV1z5VKfnesp8KT98T - iRWUz4cuNLEUbmO9H2AuoM2iVtsFmYyPRz2NlSPUMdCHR7MnAGbkFg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr + SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2 + NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n + WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M + VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ== -----END AGE ENCRYPTED FILE----- - - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu + - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY25mNU1DVnc5eHdPWlpt - a2RtMVRLa3BwRTJQbWIrREcrRGtSdHNsUnpvCkZQN1k0blBON1FLOG5SeFRRalc3 - UTUvNVV6RXpxZmUzVGJlMEVkRzVqUFEKLS0tIHpNYWdaTkMycGp3WW9VNkYrUzZD - NmhOZldZa2lQVEFQQk8zNFI3dm1QaHcKdTuNNHPE/Co4Eg5KWfIFb47w4nt6n7K4 - 7gSrkobL+aZJTGZcEjwh6LsqmxoPbU0jyVk6Lb8cv2I71p1UcF32JA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw + OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ + TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1 + TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO + 2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-22T07:15:56Z" - mac: ENC[AES256_GCM,data:fJcdcoGiqkEPOyINmCjLf+PUc46pCkjZB8q8CE1vxpgLQg+SuaYRByVTuse1xHPVj/ytBiHFHk9btEFcf4F69IyMJl7abuIakTvJctkfs1Y1/lSiDvYBi8+S6n1Oloj63osRX0XKKIabju262zb7KsA6Vyxg9hSJI54dbVRkCqg=,iv:a0dHwBQbQJm1grg9S4T6VMg8177px0sc19GWvvUJYDs=,tag:T1CivleWWnijQQDm/3xP4A==,type:str] + lastmodified: "2024-10-17T10:52:20Z" + mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/machines/dolomite/secrets/secrets.yaml b/machines/dolomite/secrets/secrets.yaml deleted file mode 100644 index 5a33087..0000000 --- a/machines/dolomite/secrets/secrets.yaml +++ /dev/null @@ -1,59 +0,0 @@ -sing-box: - password: ENC[AES256_GCM,data:YfMSwvgAu7wBEYCP9/L+FFVdd9dL1Ls3,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:/94NFyVHzPIkqn+/NzKTHQ==,type:str] - uuid: ENC[AES256_GCM,data:bDjrhciE0lttJfdL8cvGSf7/gdMRu/Fid+q0yBUqEvWH5ZSm,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:s0HwGkhqvnCQkzfbTEHUWw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc0ZvdUIzRXJhVVRuTWZ6 - dkN5OTVDR0tWSXhBZEI1U2srLzJmSnMvOXk4ClhaWk15Wng5WHJPVmtNSTM2OHpF - ZWUrcXNKV21BZ05xMkRwcnFRVkFGd0EKLS0tIGQ1c3psYmV5YXZZR1N6WjZRQndH - TW5WeXVXS2ZtRklPbEs4S1BGYVFxSncKmwg7cINY6Vk8WCWdOEk8quBn67tiieiD - 6bWyq+OQbDoAzwOdZ1Bt6q7YrTWSlrFjs8mk/YWUSFmn2g25grKABg== - -----END AGE ENCRYPTED FILE----- - - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbUhaSXdmbXJmUGtHb1lr - Sk1GSGJUMHhNQ1lET2VleXlmcDBPd3NodlNNCmRWVUNQOExWVzI0VzR3Wk0vbkp5 - NmV4NlUrbUxNbWdMNGNRdDdvbzhsSmsKLS0tIHgyVFI3REcySGRLai9lVTI2VWpn - enVSUjBoRHN3ekc2ci9oaUhqdnRiVHMKAS+KAsqqF/xm80mucgpHbky2Lw3k/kxH - iQGzhzMsNY3jY/nSARcRjWSRrugDtK5ou+rJySGCOov7U2AlulZl3A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha21uc3dQZWZTQmp0Q0pT - WEk5cy9oUm1yN2FxdDU4THIySEk2SDJrMVd3CnZ6c2VneTMwRC8vUG5sM0s1SHNx - dm9mSDdhem1CdkpPQ0dpY2pSbzN0Nk0KLS0tIEpLVGtBSEsyMnpFSk81ekRhVU84 - bTRzTS8wemRHNUJrZWJlc2l0bXFIN3MK8IB0DBkJdTU4evQO41hf/GKGvSm39bWd - CDKCn62RnWLEDlq3xRddqQnr4ogk/6D0lhxvbrN8obCq+Ev1wakAcg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbEpyNkhrZ0lldU9Bc0lr - Q21ENWFOS0UwK1gzZ1A1SjFKUkRzUTNBV0gwCnBYY0dPakZnaVJWekdlS2hUaXIx - a3J2VjhCalVPMk5qcFkzekpYR0Y2WUEKLS0tIEhYQWUxZjIvTit4R0hHMDYxZXpu - amV1YmxraDRETmdmTmU3ekhQdGlOVjAKzJGI5WomWDMSLHeJZ8Rka4rRv6AEaYnp - NgYpsDF6uhB2a270xzGDHXOUjRFUMhYiz3p+tN/RSzt00Ks/q5SyPg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRWwwSTd6cGJpZXl6ZjZk - TlJySzdxNXlNMWdjVisrZEUxQWVuNXVqb1NBCklTSkVST092MURDL0JhT1dpWGR1 - QzdJbXROM2ZIRjZUUG5FaFBUVUNHWTgKLS0tIHJycG8vUGJoOVNCcmxwVVlJQ0NO - NlBsZmpCODUwNThCc1RrUkNHMWdQeUUKRHsKHjCRmJ0L5W7Aw5LTf0jlulvBOt4u - IQWkyuw/5Co3cS9DHZ41zlFDKld/+jr1DFpATUSvSTFL+laNcwWwCQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-22T07:16:07Z" - mac: ENC[AES256_GCM,data:ldGU1of+oldDpdgGrlryUSsudUjk2FOKQ/4krY+5fOb07NRl0nvVgWBhVoHbY7JgdFO9EXxJfhLe/vkxjeQ6XxbZQkJFaXBY8MM4S8CPFdUwd2Ebr6e+aNvJR586LtZOfJ0cU8zr/DGm00zIaQParbzXPLq2fvahKgzqv84bM3Y=,iv:ZBzkMkkRRtJ9lIOdrG1fC0YayPZlT7Gsdos7ulFJjD0=,tag:3rSlPFWeVNfeyTIia0hU2w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix index e461039..ecbc6e2 100644 --- a/machines/massicot/default.nix +++ b/machines/massicot/default.nix @@ -1,10 +1,12 @@ { + inputs, pkgs, ... }: { imports = [ + inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ./networking.nix ./services.nix @@ -52,10 +54,6 @@ git ]; - # Disable docs on servers - documentation.nixos.enable = false; - documentation.man.enable = false; - system.stateVersion = "22.11"; networking = { diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index ef8323b..31cd6e6 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -73,8 +73,8 @@ systems.oauth2 = { forgejo = { displayName = "ForgeJo"; - originUrl = "https://git.xinyang.life/user/oauth2/kanidm/callback"; - originLanding = "https://git.xinyang.life/user/oauth2/kanidm"; + originUrl = "https://git.xinyang.life/"; + originLanding = "https://git.xinyang.life/user/oauth2/kandim"; allowInsecureClientDisablePkce = true; scopeMaps = { forgejo-access = [ @@ -96,8 +96,8 @@ }; gts = { displayName = "GoToSocial"; - originUrl = "https://xinyang.life/auth/callback"; - originLanding = "https://xinyang.life/auth/callback"; + originUrl = "https://xinyang.life/"; + originLanding = "https://xinyang.life/"; allowInsecureClientDisablePkce = true; scopeMaps = { gts-users = [ @@ -133,7 +133,7 @@ hedgedoc = { displayName = "HedgeDoc"; - originUrl = "https://docs.xinyang.life/auth/oauth2/callback"; + originUrl = "https://docs.xinyang.life/"; originLanding = "https://docs.xinyang.life/auth/oauth2"; allowInsecureClientDisablePkce = true; scopeMaps = { @@ -147,9 +147,9 @@ immich = { displayName = "Immich"; originUrl = [ - "https://immich.xinyang.life:8000/api/oauth/mobile-redirect" - "https://immich.xinyang.life:8000/auth/login" - "https://immich.xinyang.life:8000/user-settings" + "https://immich.xinyang.life:8000/api/oauth/mobile-redirect/" + "https://immich.xinyang.life:8000/auth/login/" + "https://immich.xinyang.life:8000/user-settings/" ]; originLanding = "https://immich.xinyang.life:8000/auth/login?autoLaunch=0"; allowInsecureClientDisablePkce = true; @@ -163,9 +163,8 @@ }; miniflux = { displayName = "Miniflux"; - originUrl = "https://rss.xinyang.life/oauth2/oidc/callback"; - - originLanding = "https://rss.xinyang.life/oauth2/oidc/redirect"; + originUrl = "https://rss.xinyang.life/"; + originLanding = "https://rss.xinyang.life/"; scopeMaps = { miniflux-users = [ "openid" @@ -176,7 +175,7 @@ }; grafana = { displayName = "Grafana"; - originUrl = "https://grafana.xinyang.life/login/generic_oauth"; + originUrl = "https://grafana.xinyang.life/"; originLanding = "https://grafana.xinyang.life/"; scopeMaps = { grafana-users = [ diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 6a43aa3..4be75c5 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -101,6 +101,7 @@ in services.matrix-conduit = { enable = true; + # package = inputs.conduit.packages.${pkgs.system}.default; package = pkgs.matrix-conduit; settings.global = { server_name = "xinyang.life"; diff --git a/machines/osmium/default.nix b/machines/osmium/default.nix deleted file mode 100644 index 823d2f0..0000000 --- a/machines/osmium/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ - pkgs, - lib, - modulesPath, - ... -}: -{ - imports = [ - (modulesPath + "/installer/sd-card/sd-image.nix") - ./sd-image-aarch64-orangepi-r1plus.nix - ]; - - config = { - system.stateVersion = "24.05"; - - nixpkgs.system = "aarch64-linux"; - - boot.tmp.useTmpfs = false; - boot.kernelModules = [ - "br_netfilter" - "bridge" - ]; - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv4.ip_nonlocal_bind" = 1; - "net.ipv6.conf.all.forwarding" = 1; - "net.ipv6.ip_nonlocal_bind" = 1; - "net.bridge.bridge-nf-call-ip6tables" = 1; - "net.bridge.bridge-nf-call-iptables" = 1; - "net.bridge.bridge-nf-call-arptables" = 1; - "fs.inotify.max_user_watches" = 524288; - "dev.i915.perf_stream_paranoid" = 0; - "net.ipv4.conf.all.rp_filter" = 0; - "vm.max_map_count" = 2000000; - "net.ipv4.conf.all.route_localnet" = 1; - "net.ipv4.conf.all.send_redirects" = 0; - "kernel.msgmnb" = 65536; - "kernel.msgmax" = 65536; - "net.ipv4.tcp_timestamps" = 0; - "net.ipv4.tcp_synack_retries" = 1; - "net.ipv4.tcp_syn_retries" = 1; - "net.ipv4.tcp_tw_recycle" = 1; - "net.ipv4.tcp_tw_reuse" = 1; - "net.ipv4.tcp_fin_timeout" = 15; - "net.ipv4.tcp_keepalive_time" = 1800; - "net.ipv4.tcp_keepalive_probes" = 3; - "net.ipv4.tcp_keepalive_intvl" = 15; - "net.ipv4.ip_local_port_range" = "2048 65535"; - "fs.file-max" = 102400; - "net.ipv4.tcp_max_tw_buckets" = 180000; - }; - - commonSettings = { - nix.enableMirrors = true; - auth.enable = true; - }; - - documentation.enable = false; - - time.timeZone = "Asia/Shanghai"; - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - - environment.systemPackages = with pkgs; [ - lsof - wget - curl - neovim - jq - iptables - ebtables - tcpdump - busybox - ethtool - socat - htop - iftop - lm_sensors - ]; - - programs.command-not-found.enable = false; - - networking = { - useDHCP = false; - hostName = "osmium"; - }; - - systemd.network = { - enable = true; - networks."lan" = { - matchConfig.Name = "enu1"; - networkConfig.DHCP = "no"; - linkConfig.RequiredForOnline = "no"; - }; - networks."wan" = { - matchConfig.Name = "end0"; - networkConfig.DHCP = "yes"; - linkConfig.RequiredForOnline = "yes"; - }; - }; - - services.dae = { - enable = true; - configFile = "/var/lib/dae/config.dae"; - }; - - services.tailscale.enable = true; - - }; -} diff --git a/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix b/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix deleted file mode 100644 index 3802760..0000000 --- a/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - modulesPath, - lib, - pkgs, - ... -}: -let -in -{ - imports = [ - (modulesPath + "/profiles/base.nix") - ]; - - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.kernelParams = [ - "earlycon" - "console=ttyS2,1500000" - "consoleblank=0" - ]; - boot.supportedFilesystems = lib.mkForce [ - "ext4" - "vfat" - "ntfs" - ]; - - sdImage = { - compressImage = false; - imageBaseName = "nixos-sd-image-orange-pi-r1-plus-lts"; - firmwarePartitionOffset = 16; - populateFirmwareCommands = '' - echo "Install U-Boot: ${pkgs.ubootOrangePiR1LtsPackage}" - dd if=${pkgs.ubootOrangePiR1LtsPackage}/idbloader.img of=$img seek=64 conv=notrunc - dd if=${pkgs.ubootOrangePiR1LtsPackage}/u-boot.itb of=$img seek=16384 conv=notrunc - ''; - populateRootCommands = '' - mkdir -p ./files/boot - ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot - ''; - }; -} diff --git a/machines/secrets.yaml b/machines/secrets.yaml index cedd676..58dc777 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -4,9 +4,8 @@ autofs-nas-secret: ENC[AES256_GCM,data:gbOizRZAvh79HlJWIWeKTk79Ux311XGL1eIswc0P2 github_public_token: ENC[AES256_GCM,data:6Gt+oJcCRHeoLK7CRndMMbszTXSEbnN0nQzsVOnl/+zB4hxbEPD5k/vkkl+cZ/qmxdxFXV0OOsYvktn44Yv1DMUE3mkB0hcAdoyPwLuYM7W3RpOoW3OktH8DRCUi6msvFp3ykpdmIl9WyjVhc/lMwTaYJQyRh1ue,iv:PJSFtJBelyc3rzd6hqjMp+ciU2Q3FTOEXsiq5F2KKTY=,tag:Y/stRg6kwyjjIFZCXS/peg==,type:str] singbox_sg_server: ENC[AES256_GCM,data:SF2ja6W4TwThwoug5x2KTA==,iv:Vx9wNTdVHkReux4YeQY+0VkC1Wqg/CRkY7frVY/3e50=,tag:7XA9KSoR0GA6FoYRhCv4BQ==,type:str] singbox_jp_server: ENC[AES256_GCM,data:S3Bs5yVMzyz6vD51GYElOM5h,iv:nXetY339YuOi2jFEb3xkPTglHRMk/quIrQL4ko+8MxY=,tag:o9d55cZuWmX4NDYexWjvYQ==,type:str] -sing-box: - password: ENC[AES256_GCM,data:xyqmoJEDI5959zHPTVelln/iThtoeDwS,iv:rLyqJsE/4JDf08RlMLLPh+MKJkba9bL0z8jx6bTEfgc=,tag:cgLHdeLIyPvLhRNaVcQ0TQ==,type:str] - uuid: ENC[AES256_GCM,data:lWBCM5wyz6BcUUHdvynkn5y166Kk15jO0EhWUDuhXXhrve5l,iv:RmDJYFnYqIEIShLn25sf4h8AO2E3+3Xa2U9Mff+Xk2w=,tag:SN0DUdwZXKO/VEnozrr5mA==,type:str] +singbox_password: ENC[AES256_GCM,data:bZ50/gG53D9fyGnQ7ky8VRdNEDhGjbFD,iv:W2HaHeSkvmS6jHSnfOJ6tD2QXuUq1A+mfZf7sEXB++E=,tag:nbr2zNCs3RAr/uidkp08ng==,type:str] +singbox_uuid: ENC[AES256_GCM,data:gYppcUvF5Aj4mBQTMy56kb9JazUM6SeiYLspqiZjbTkPOhhk,iv:+uwt/N9LpFaJK6MjoczyrZ039MDZn4kRmtEoq4OvdFU=,tag:IiBZRfFpjKB/swmJNjodyA==,type:str] grafana_cloud_api: ENC[AES256_GCM,data:eEvPAwtThK1FMhbrnmSo89+GlWZAF+LQRMLXA2C6f1vR7ZPlXJZGWzjYwDcPlnpiC737/cG14M4kZqvPGBuNub5A83rBS/+FeebvGDIF59L5PC1Ys1jWBB9YRI/L9EU0tvwTTUCvLRA9j28n7Jw7wR6mWXm63XA+OMu8/UbTwbeV/WUQn8vnwqadSUdCnNKJXMsAY+q9t/st0DPm5+aNxA==,iv:cHvbeCmLFmJPNKsl1BBYx9WJP7ZJWi+8c9yHZWc6FTs=,tag:87C+0FVvzDIowE0+QpY1zA==,type:str] private_dns_address: ENC[AES256_GCM,data:YJxNOH4hsZHResvANEqJRTANhnL4PLp/Pmi/PhgtSTbTKiJKPqudhTEkNg==,iv:8+qG5rQXAKfrykEjt9qrbtyNaBuKvi7EaIWouRqEipY=,tag:VH0w5ZbXcWFGZ9GLavm7/w==,type:str] sops: @@ -87,8 +86,8 @@ sops: NzA1cy80ZW5vUFplQzVMZ0txSmVkMUEKFUvgmJNdo9sV33gOx7LVUSCYvIqCNwaP u+XoWTfg4kp9f4KVTy/8huPsVLhZBUaf6jI10mV2z4QwaLHje4JiHw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-22T05:48:59Z" - mac: ENC[AES256_GCM,data:In/gSIYnXKbbv1lzS/nmSESCHBcBv/TtkvhzdNiIn73N4kP9aJ+1JE8Npix8zNItzk46DX+nHBk8Kwgl6uq26YtL+sMTBKh5K8Ny0H8ivlgS+olXswv3Y9h1cYD7FBHUKzbMuiJd0ppjC0ZIn20rRpb4d57rwUbvY0KstyQW4JA=,iv:DcdTAimbXXpKhhiB9rriS75+XGNOCcScqi/804+Xx6g=,tag:NHW+UViRmbUDHb0gTd9TDg==,type:str] + lastmodified: "2024-10-17T12:19:12Z" + mac: ENC[AES256_GCM,data:3Z22GxxDjR2FVZ7VnFY/QhQ1i//1WC93GIwK4d51i13OWmcb71UPmmA6O/HlvLdP6goFCj95eRMUEiiVcdKagt1ca6HsDd6bkOEXwdl//fgOHUsgx5SNtA4kVJwK2bJuUvG72aOiLq89qvNprMLslJ47YqS9WM3rudk3Wp/P+og=,iv:GMN806nsrQg0+ZS0AReamzVv2FrLGELfA6x3RLNE/II=,tag:j2Bq9xYETCSL13zHx1BztA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.0 diff --git a/machines/sops.nix b/machines/sops.nix index 869fef7..aeb99d9 100644 --- a/machines/sops.nix +++ b/machines/sops.nix @@ -1,9 +1,11 @@ { + inputs, config, lib, ... }: { + imports = [ inputs.sops-nix.nixosModules.sops ]; config = { sops = { defaultSopsFile = ./secrets.yaml; @@ -19,6 +21,12 @@ singbox_jp_server = { owner = "root"; }; + singbox_password = { + owner = "root"; + }; + singbox_uuid = { + owner = "root"; + }; private_dns_address = { owner = "root"; }; diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix index 8a58896..2fdacc1 100644 --- a/machines/weilite/default.nix +++ b/machines/weilite/default.nix @@ -1,13 +1,14 @@ { + inputs, config, pkgs, - lib, modulesPath, ... }: { imports = [ + inputs.sops-nix.nixosModules.sops (modulesPath + "/profiles/qemu-guest.nix") ./services ]; @@ -149,15 +150,6 @@ permitCertUid = "caddy"; }; - services.tailscale.derper = { - enable = true; - domain = "derper00.namely.icu"; - openFirewall = true; - verifyClients = true; - }; - # tailscale derper module use nginx for reverse proxy - services.nginx.enable = lib.mkForce false; - services.caddy = { enable = true; package = pkgs.caddy.withPlugins { @@ -173,9 +165,6 @@ ]; vendorHash = "sha256-OhOeU2+JiJyIW9WdCYq98OKckXQZ9Fn5zULz0aLsXMI="; }; - virtualHosts."derper00.namely.icu:8443".extraConfig = '' - reverse_proxy 127.0.0.1:${toString config.services.tailscale.derper.port} - ''; virtualHosts."weilite.coho-tet.ts.net:8080".extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.immich.port} ''; diff --git a/machines/weilite/services/default.nix b/machines/weilite/services/default.nix index d70e175..031018b 100644 --- a/machines/weilite/services/default.nix +++ b/machines/weilite/services/default.nix @@ -2,6 +2,5 @@ imports = [ ./ocis.nix ./restic.nix - ./media-download.nix ]; } diff --git a/machines/weilite/services/media-download.nix b/machines/weilite/services/media-download.nix deleted file mode 100644 index 36ae424..0000000 --- a/machines/weilite/services/media-download.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.jackett = { - enable = true; - openFirewall = false; - }; -} diff --git a/modules/home-manager/alacritty.nix b/modules/home-manager/alacritty.nix index 84fac8c..afe00ea 100644 --- a/modules/home-manager/alacritty.nix +++ b/modules/home-manager/alacritty.nix @@ -21,7 +21,7 @@ in "alacritty-zellij" ]; }; - font.size = 12.0; + font.size = 10.0; window = { resize_increments = true; dynamic_padding = true; diff --git a/modules/home-manager/gui/bwmountains.jpg b/modules/home-manager/gui/bwmountains.jpg deleted file mode 100755 index 41ca976..0000000 Binary files a/modules/home-manager/gui/bwmountains.jpg and /dev/null differ diff --git a/modules/home-manager/gui/default.nix b/modules/home-manager/gui/default.nix index 5528027..dae49a8 100644 --- a/modules/home-manager/gui/default.nix +++ b/modules/home-manager/gui/default.nix @@ -1,20 +1,7 @@ -{ config, lib, ... }: -let - inherit (lib) mkOption types; - cfg = config.custom-hm.gui; -in { imports = [ ./niri.nix ./fuzzel.nix - ./gtklock.nix ./waybar.nix ]; - - options.custom-hm.gui = { - wallpaper = mkOption { - type = types.path; - default = ./bwmountains.jpg; - }; - }; } diff --git a/modules/home-manager/gui/fuzzel.nix b/modules/home-manager/gui/fuzzel.nix index 3b4e880..8b27240 100644 --- a/modules/home-manager/gui/fuzzel.nix +++ b/modules/home-manager/gui/fuzzel.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, lib, ... }: let inherit (lib) mkIf mkEnableOption; cfg = config.custom-hm.gui.fuzzel; @@ -14,28 +9,6 @@ in }; config = mkIf cfg.enable { - programs.fuzzel = { - enable = true; - settings = { - main = { - fields = "filename,name,exec,generic"; - y-margin = 30; - width = 40; - font = "Ubuntu"; - use-bold = true; - line-height = 30; - }; - }; - }; - home.packages = with pkgs; [ - networkmanager_dmenu - networkmanagerapplet - ]; - xdg.configFile."networkmanager-dmenu/config.ini".text = '' - [dmenu] - dmenu_command = fuzzel --dmenu - wifi_chars = ▂▄▆█ - wifi_icons = 󰤯󰤟󰤢󰤥󰤨 - ''; + programs.fuzzel.enable = true; }; } diff --git a/modules/home-manager/gui/gtklock.nix b/modules/home-manager/gui/gtklock.nix deleted file mode 100644 index 69b3ce9..0000000 --- a/modules/home-manager/gui/gtklock.nix +++ /dev/null @@ -1,128 +0,0 @@ -# modified from https://github.com/isabelroses/dotfiles/blob/2fd4d2d0cb8254cad5ce4b089d81114e1b88ad02/modules/extra/home-manager/gtklock.nix -{ - lib, - pkgs, - config, - ... -}: -let - cfg = config.custom-hm.gui.gtklock; - - inherit (lib.modules) mkIf; - inherit (lib.options) - mkOption - mkEnableOption - mkPackageOption - literalExpression - ; - inherit (lib.strings) optionalString concatStringsSep; - inherit (lib.lists) optionals; - inherit (lib.types) - oneOf - str - path - listOf - either - package - nullOr - attrs - ; - inherit (lib.generators) toINI; - - # the main config includes two very niche options: style (which takes a path) and modules, which takes a list of module paths - # concatted by ";" - # for type checking purposes, I prefer templating the main section of the config and let the user safely choose options - # extraConfig takes an attrset, and converts it to the correct INI format - it's mostly just strings and integers, so that's fine - baseConfig = '' - [main] - ${optionalString (cfg.config.gtk-theme != "") "gtk-theme=${cfg.config.gtk-theme}"} - ${optionalString (cfg.config.style != "") "style=${cfg.config.style}"} - ${optionalString (cfg.config.modules != [ ]) "modules=${concatStringsSep ";" cfg.config.modules}"} - ''; - - finalConfig = baseConfig + optionals (cfg.extraConfig != null) (toINI { } cfg.extraConfig); -in -{ - options.custom-hm.gui.gtklock = { - enable = mkEnableOption "GTK-based lockscreen for Wayland"; - package = mkPackageOption pkgs "gtklock" { }; - - config = { - gtk-theme = mkOption { - type = str; - default = ""; - description = '' - GTK theme to use for gtklock. - ''; - example = "Adwaita-dark"; - }; - - style = mkOption { - type = oneOf [ - str - path - ]; - default = pkgs.writeText "gtklock-style.css" '' - window { - background-image: url("${config.custom-hm.gui.wallpaper}"); - background-size: cover; - background-repeat: no-repeat; - background-position: center; - } - ''; - description = '' - The css file to be used for gtklock. - ''; - example = literalExpression '' - pkgs.writeText "gtklock-style.css" ''' - window { - background-size: cover; - background-repeat: no-repeat; - background-position: center; - } - ''' - ''; - }; - - modules = mkOption { - type = listOf (either package str); - default = [ - # "${pkgs.gtklock-playerctl-module.outPath}/lib/gtklock/playerctl-module.so" - ]; - description = '' - A list of gtklock modulesto use. Can either be packages, absolute paths, or strings. - ''; - example = literalExpression '' - [ - "${pkgs.gtklock-powerbar-module.outPath}/lib/gtklock/powerbar-module.so" - "${pkgs.gtklock-playerctl-module.outPath}/lib/gtklock/playerctl-module.so" - ]; - ''; - }; - }; - - extraConfig = mkOption { - type = nullOr attrs; - default = - { - }; - description = '' - Extra configuration to append to gtklock configuration file. - Mostly used for appending module configurations. - ''; - example = literalExpression '' - countdown = { - countdown-position = "top-right"; - justify = "right"; - countdown = 20; - } - ''; - }; - }; - - config = mkIf cfg.enable { - home.packages = [ cfg.package ]; - - xdg.configFile."gtklock/config.ini".source = pkgs.writeText "gtklock-config.ini" finalConfig; - }; -} diff --git a/modules/home-manager/gui/niri.nix b/modules/home-manager/gui/niri.nix index d26bf93..a80e692 100644 --- a/modules/home-manager/gui/niri.nix +++ b/modules/home-manager/gui/niri.nix @@ -5,52 +5,38 @@ ... }: let - inherit (lib) mkIf mkEnableOption getExe; + inherit (lib) mkIf mkEnableOption; cfg = config.custom-hm.gui.niri; - wallpaper = config.custom-hm.gui.wallpaper; - xwayland-satellite = pkgs.xwayland-satellite.overrideAttrs (drv: rec { - src = pkgs.fetchFromGitHub { - owner = "Supreeeme"; - repo = "xwayland-satellite"; - rev = "3e6f892d20d918479e67d1e6c90c4be824a9d4ab"; - hash = "sha256-W1UUok7DPi4IXCYtc273FbVH1ifuCIcl+oO6CDqt8Dk="; - }; - cargoDeps = drv.cargoDeps.overrideAttrs ( - lib.const { - name = "xwayland-satellite-vendor.tar.gz"; - inherit src; - outputHash = "sha256-/nK4cVgelaMtpym18RYNafPUFnMOG4uHRpVO8bOS3ow="; - } - ); - }); + wallpaper = pkgs.fetchurl { + url = "https://github.com/NixOS/nixos-artwork/blob/master/wallpapers/nixos-wallpaper-catppuccin-mocha.png?raw=true"; + hash = "sha256-fmKFYw2gYAYFjOv4lr8IkXPtZfE1+88yKQ4vjEcax1s="; + }; in { - imports = [ - ./themes.nix - ]; - options.custom-hm.gui.niri = { enable = mkEnableOption "niri"; }; config = mkIf cfg.enable { home.packages = with pkgs; [ + xwayland-satellite cosmic-files ]; - - systemd.user.services.xwayland-satellite = { - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - Unit = { - PartOf = [ "graphical-session.target" ]; - After = [ "graphical-session.target" ]; - }; - Service = { - ExecStart = "${xwayland-satellite}/bin/xwayland-satellite"; - Restart = "on-failure"; - }; + home.pointerCursor = { + name = "Bibata-Modern-Ice"; + size = 24; + package = pkgs.bibata-cursors; + gtk.enable = true; }; + gtk = { + enable = true; + theme = { + name = "Catppuccin-GTK-Dark"; + package = pkgs.magnetic-catppuccin-gtk; + }; + gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; + }; + services.network-manager-applet.enable = true; systemd.user.services.swaybg = { Install = { @@ -66,14 +52,12 @@ in }; }; - services.swaync = { + programs.swaylock = { enable = true; - }; - - custom-hm.gui.gtklock = { - enable = true; - config = { - gtk-theme = "Catppuccin-GTK-Dark"; + settings = { + show-failed-attempts = true; + daemonize = true; + scaling = "fill"; }; }; @@ -84,18 +68,14 @@ in enable = true; timeouts = [ { - timeout = 600; - command = ''[ "$(${pkgs.tlp}/bin/tlp-stat -m)" == "battery" ] && /run/current-system/systemd/bin/systemctl suspend''; - } - { - timeout = 1200; - command = ''${getExe pkgs.niri} msg action power-off-monitors''; + timeout = 900; + command = "/run/current-system/systemd/bin/systemctl suspend"; } ]; events = [ { event = "lock"; - command = "${getExe pkgs.gtklock}"; + command = "${pkgs.swaylock}/bin/swaylock"; } { event = "before-sleep"; diff --git a/modules/home-manager/gui/themes.nix b/modules/home-manager/gui/themes.nix deleted file mode 100644 index ad0de1c..0000000 --- a/modules/home-manager/gui/themes.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: -{ - config = { - home.pointerCursor = { - name = "Bibata-Modern-Ice"; - size = 24; - package = pkgs.bibata-cursors; - gtk.enable = true; - }; - gtk = { - enable = true; - theme = { - name = "Catppuccin-GTK-Dark"; - package = pkgs.magnetic-catppuccin-gtk; - }; - gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; - }; - }; -} diff --git a/modules/home-manager/gui/waybar.css b/modules/home-manager/gui/waybar.css index eaed007..6a5da1d 100644 --- a/modules/home-manager/gui/waybar.css +++ b/modules/home-manager/gui/waybar.css @@ -49,8 +49,7 @@ window#waybar { #network, #backlight, #battery, -#tray, -#custom-notification { +#tray { margin-right: 15px; } #clock { diff --git a/modules/home-manager/gui/waybar.nix b/modules/home-manager/gui/waybar.nix index 3890a00..001e7ce 100644 --- a/modules/home-manager/gui/waybar.nix +++ b/modules/home-manager/gui/waybar.nix @@ -57,8 +57,6 @@ in "battery" "custom/separator" "tray" - "custom/separator" - "custom/notification" ]; "niri/workspaces" = { all-outputs = true; @@ -160,30 +158,16 @@ in icon-size = 18; spacing = 14; }; - - "custom/notification" = { - escape = true; - exec = "swaync-client -swb"; - exec-if = "which swaync-client"; - format = "{icon}"; - format-icons = { - dnd-inhibited-none = ""; - dnd-inhibited-notification = ""; - dnd-none = ""; - dnd-notification = ""; - inhibited-none = ""; - inhibited-notification = ""; - none = ""; - notification = ""; - }; - on-click = "swaync-client -t -sw"; - on-click-right = "swaync-client -d -sw"; - return-type = "json"; - tooltip = false; - }; }; }; systemd.enable = true; }; + + systemd.user.targets.tray = { + Unit = { + Description = "Home Manager System Tray"; + Requires = [ "graphical-session-pre.target" ]; + }; + }; }; } diff --git a/modules/home-manager/vim.nix b/modules/home-manager/vim.nix index bd41ca5..0709791 100644 --- a/modules/home-manager/vim.nix +++ b/modules/home-manager/vim.nix @@ -5,29 +5,9 @@ ... }: let - inherit (lib) - mkIf - mkEnableOption - getExe - types - attrsets - ; + inherit (lib) mkIf mkEnableOption getExe; cfg = config.custom-hm.neovim; tomlFormat = pkgs.formats.toml { }; - fontItem = - with types; - either str (submodule { - options = { - family = { - type = str; - }; - style = { - type = nullOr str; - default = null; - }; - }; - }); - fontType = types.either fontItem (types.listOf fontItem); neovideConfig = { neovim-bin = getExe pkgs.nixvim; fork = true; @@ -37,78 +17,6 @@ in { options.custom-hm.neovim = { enable = mkEnableOption "neovim configurations"; - font = { - # Required options - normal = lib.mkOption { - type = fontType; - description = '' - The normal font description. Can be: - - A table with "family" (required) and "style" (optional). - - A string indicating the font family. - - An array of strings or tables as described above. - ''; - }; - - size = lib.mkOption { - type = lib.types.float; - description = "Required font size."; - }; - - # Optional options - bold = lib.mkOption { - type = types.nullOr fontType; - default = null; - description = '' - Optional bold font description. Can be: - - A table with "family" (optional) and "style" (optional). - - A string indicating the font family. - - An array of strings or tables as described above. - ''; - }; - - italic = lib.mkOption { - type = types.nullOr fontType; - default = null; - description = "Optional italic font description."; - }; - - bold_italic = lib.mkOption { - type = types.nullOr fontType; - default = null; - description = "Optional bold-italic font description."; - }; - - features = lib.mkOption { - type = types.nullOr (lib.types.attrsOf (lib.types.listOf lib.types.str)); - default = { }; - description = '' - Optional font features. A table where the key is the font family and - the value is a list of font features. Each feature can be: - - + (e.g., +ss01) - - - (e.g., -calt) - - = (e.g., ss02=2) - ''; - }; - - width = lib.mkOption { - type = types.nullOr types.float; - default = null; - description = "Optional font width."; - }; - - hinting = lib.mkOption { - type = types.nullOr types.str; - default = null; - description = "Optional font hinting (none, slight, medium, full)."; - }; - - edging = lib.mkOption { - type = types.nullOr types.str; - default = null; - description = "Optional font edging (none, antialiased, subpixel)."; - }; - - }; }; config = mkIf cfg.enable { home.packages = with pkgs; [ @@ -117,12 +25,7 @@ in ]; programs.neovim.enable = false; home.file.".config/neovide/config.toml" = { - source = tomlFormat.generate "neovide-config" ( - neovideConfig - // (attrsets.filterAttrsRecursive (n: v: v != null) { - font = cfg.font; - }) - ); + source = tomlFormat.generate "neovide-config" neovideConfig; }; }; } diff --git a/modules/home-manager/vscode.nix b/modules/home-manager/vscode.nix index a34febe..9af7fdd 100644 --- a/modules/home-manager/vscode.nix +++ b/modules/home-manager/vscode.nix @@ -1,4 +1,5 @@ { + inputs, config, lib, pkgs, @@ -15,7 +16,7 @@ let nixd nixpkgs-fmt ]; - extension = with pkgs.vscode-marketplace; [ + extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ jnoortheen.nix-ide ]; settings = { @@ -29,16 +30,13 @@ let clang-tools cmake-format ]; - extension = - with pkgs.vscode-marketplace; - [ - llvm-vs-code-extensions.vscode-clangd - (ms-vscode.cmake-tools.overrideAttrs (_: { - sourceRoot = "extension"; - })) - twxs.cmake - ] - ++ (with pkgs.vscode-extensions; [ ms-vscode.cpptools ]); + extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ + llvm-vs-code-extensions.vscode-clangd + (ms-vscode.cmake-tools.overrideAttrs (_: { + sourceRoot = "extension"; + })) + twxs.cmake + ] ++ (with pkgs.vscode-extensions; [ ms-vscode.cpptools ]); settings = { "cmake.configureOnEdit" = false; "cmake.showOptionsMovedNotification" = false; @@ -52,7 +50,7 @@ let }; pythonPackages = { systemPackages = with pkgs; [ ]; - extension = with pkgs.vscode-marketplace; [ + extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ ms-python.python ]; settings = { }; @@ -62,7 +60,7 @@ let coursier metals ]; - extension = with pkgs.vscode-marketplace; [ + extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ scala-lang.scala scalameta.metals ]; @@ -70,7 +68,7 @@ let }; latexPackages = { systemPackages = with pkgs; [ texliveSmall ]; - extension = with pkgs.vscode-marketplace; [ + extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ james-yu.latex-workshop ]; settings = { @@ -186,7 +184,7 @@ in mutableExtensionsDir = false; extensions = lib.mkMerge ( [ - (with pkgs.vscode-marketplace; [ + (with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ mkhl.direnv ms-azuretools.vscode-docker diff --git a/modules/home-manager/xdg-autostart.nix b/modules/home-manager/xdg-autostart.nix deleted file mode 100644 index d2127ae..0000000 --- a/modules/home-manager/xdg-autostart.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - cfg = config.xdg.autoStart; - inherit (lib) hm types; -in -{ - - options.xdg.autoStart = { - - packages = lib.mkOption { - description = '' - List of packages which should be autostarted. - - This module tries to select the package’s default desktop file, - which is either described by its .desktopItem attribute - or by its first entry of its .desktopItems attribute. - - Users who want to specifically select a certain desktop file - or who want to write their own - can make use of the {option}`xdg.autoStart.desktopItems` option. - ''; - - type = types.listOf types.package; - default = [ ]; - example = lib.literalExpression '' - with pkgs; [ - pkgs.trilium-desktop - ] - ''; - }; - - desktopItems = lib.mkOption { - description = '' - List of desktop files which should be autostarted. - - Users should prefer to use {option}`xdg.autoStart.packages` - and only use this option in case - they want to specifically - select a package’s desktop item - or want to create their own desktop item. - - Be warned, this may shadow entries of {option}`xdg.autoStart.packages`. - ''; - - type = types.attrsOf (types.unspecified); # TODO replace unspecified - default = { }; - # TODO improve example, take one where it would make sense to use this option - example = lib.literalExpression '' - { - discord = pkgs.discord.desktopItem - firefox-custom = makeDesktopItem { - exec = "firefox -P custom"; - }; - } - ''; - }; - - }; - - config = - let - # helpers - retrieveDesktopItem = ( - pkg: - if pkg ? desktopItem then - pkg.desktopItem - else if pkg ? desktopItems && pkg.desktopItems != [ ] then - builtins.head pkg.desktopItems - else - abort "package '${pkg.pname}' is missing a desktop file" - ); - emulateDesktopItem = (pkg: lib.nameValuePair pkg.pname (retrieveDesktopItem pkg)); - embedDesktopItem = ( - name: deskItem: - lib.nameValuePair "autostart/${name}.desktop" { - source = "${deskItem}/share/applications/${deskItem.name}"; - } - ); - # parse opts - desktopItemsPackages = builtins.listToAttrs (map emulateDesktopItem cfg.packages); - desktopItems = desktopItemsPackages // cfg.desktopItems; - in - { - assertions = [ - (hm.assertions.assertPlatform "xdg.autoStart" pkgs lib.platforms.linux) - ]; - - xdg.configFile = lib.attrsets.mapAttrs' embedDesktopItem desktopItems; - }; - -} diff --git a/modules/home-manager/zellij.nix b/modules/home-manager/zellij.nix index fcb8f04..be2d4fe 100644 --- a/modules/home-manager/zellij.nix +++ b/modules/home-manager/zellij.nix @@ -26,7 +26,7 @@ in bind "Ctrl l" { MoveFocusOrTab "Right"; } bind "Ctrl j" { MoveFocus "Down"; } bind "Ctrl k" { MoveFocus "Up"; } - unbind "Alt h" "Alt l" "Alt j" "Alt k" "Alt f" + unbind "Alt h" "Alt l" "Alt j" "Alt k" } unbind "Ctrl p" "Ctrl n" } diff --git a/modules/nixos/common-settings/proxy-server.nix b/modules/nixos/common-settings/proxy-server.nix deleted file mode 100644 index d2cfb0f..0000000 --- a/modules/nixos/common-settings/proxy-server.nix +++ /dev/null @@ -1,152 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - inherit (lib) - mkIf - mkEnableOption - mkOption - types - ; - - cfg = config.commonSettings.proxyServer; - - singTls = { - enabled = true; - server_name = config.deployment.targetHost; - key_path = config.security.acme.certs.${config.deployment.targetHost}.directory + "/key.pem"; - certificate_path = - config.security.acme.certs.${config.deployment.targetHost}.directory + "/cert.pem"; - }; - - mkSingConfig = - { uuid, password, ... }: - { - inbounds = - [ - { - tag = "sg0"; - type = "trojan"; - listen = "::"; - listen_port = 8080; - users = [ - { - name = "proxy"; - password = { - _secret = password; - }; - } - ]; - tls = singTls; - } - ] - ++ lib.forEach (lib.range 6311 6314) (port: { - tag = "sg" + toString (port - 6310); - type = "tuic"; - listen = "::"; - listen_port = port; - congestion_control = "bbr"; - users = [ - { - name = "proxy"; - uuid = { - _secret = uuid; - }; - password = { - _secret = password; - }; - } - ]; - tls = singTls; - }); - outbounds = [ - { - type = "wireguard"; - tag = "wg-out"; - private_key = { - _secret = config.sops.secrets.wg_private_key.path; - }; - local_address = [ - "172.16.0.2/32" - { _secret = config.sops.secrets.wg_ipv6_local_addr.path; } - ]; - peers = [ - { - public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="; - allowed_ips = [ - "0.0.0.0/0" - "::/0" - ]; - server = "162.159.192.1"; - server_port = 500; - } - ]; - } - { - type = "direct"; - tag = "direct"; - } - ]; - route = { - rules = [ - { - inbound = "sg0"; - outbound = "direct"; - } - { - inbound = "sg4"; - outbound = "direct"; - } - ]; - }; - }; -in -{ - options.commonSettings.proxyServer = { - enable = mkEnableOption "sing-box as a server"; - }; - - config = mkIf cfg.enable { - boot.kernel.sysctl = { - "net.core.default_qdisc" = "fq"; - "net.ipv4.tcp_congestion_control" = "bbr"; - }; - - networking.firewall.trustedInterfaces = [ "tun0" ]; - - security.acme = { - acceptTerms = true; - certs.${config.deployment.targetHost} = { - email = "me@namely.icu"; - # Avoid port conflict - listenHTTP = if config.services.caddy.enable then ":30310" else ":80"; - }; - }; - services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = '' - reverse_proxy 127.0.0.1:30310 - ''; - - networking.firewall.allowedTCPPorts = [ - 80 - 8080 - ]; - networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); - - custom.prometheus = { - enable = true; - exporters.blackbox.enable = true; - }; - - services.sing-box = { - enable = true; - settings = mkSingConfig { - uuid = config.sops.secrets."sing-box/uuid".path; - password = config.sops.secrets."sing-box/password".path; - }; - }; - }; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bcfdca7..bfc36ce 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,12 +3,12 @@ ./common-settings/auth.nix ./common-settings/autoupgrade.nix ./common-settings/nix-conf.nix - ./common-settings/proxy-server.nix ./restic.nix ./vaultwarden.nix ./prometheus ./hedgedoc.nix ./sing-box.nix + ./stylix.nix ./kanidm-client.nix ./ssh-tpm-agent.nix # FIXME: Waiting for upstream merge ./forgejo-actions-runner.nix diff --git a/modules/nixos/stylix.nix b/modules/nixos/stylix.nix new file mode 100644 index 0000000..c5e546b --- /dev/null +++ b/modules/nixos/stylix.nix @@ -0,0 +1,41 @@ +{ + inputs, + config, + pkgs, + lib, + ... +}: +let + inherit (lib) mkEnableOption mkIf; + cfg = config.custom.stylix; +in +{ + imports = [ inputs.stylix.nixosModules.stylix ]; + + options = { + custom.stylix = { + enable = mkEnableOption "style management with stylix"; + }; + }; + + config = mkIf cfg.enable { + stylix.enable = true; + stylix.image = pkgs.fetchurl { + url = "https://github.com/NixOS/nixos-artwork/blob/master/wallpapers/nixos-wallpaper-catppuccin-mocha.png?raw=true"; + hash = "sha256-fmKFYw2gYAYFjOv4lr8IkXPtZfE1+88yKQ4vjEcax1s="; + }; + + stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; + stylix.polarity = "dark"; + stylix.autoEnable = false; + stylix.homeManagerIntegration.autoImport = true; + stylix.homeManagerIntegration.followSystem = true; + + stylix.targets = { + console.enable = true; + # gnome.enable = if config.services.xserver.desktopManager.gnome.enable then true else false; + gnome.enable = false; + gtk.enable = true; + }; + }; +} diff --git a/overlays/add-pkgs.nix b/overlays/add-pkgs.nix index f1b214e..35b6981 100644 --- a/overlays/add-pkgs.nix +++ b/overlays/add-pkgs.nix @@ -1,12 +1,3 @@ (final: prev: { - ubootOrangePiR1LtsPackage = prev.buildUBoot { - defconfig = "orangepi-r1-plus-lts-rk3328_defconfig"; - enableParallelBuilding = true; - - BL31 = "${prev.armTrustedFirmwareRK3328}/bl31.elf"; - filesToInstall = [ - "u-boot.itb" - "idbloader.img" - ]; - }; + oidc-agent = prev.callPackage ./pkgs/oidc-agent { }; }) diff --git a/scripts/nixos-updater.py b/scripts/nixos-updater.py deleted file mode 100644 index c859250..0000000 --- a/scripts/nixos-updater.py +++ /dev/null @@ -1,90 +0,0 @@ -import requests -import os -import socket -import json -from os import path as osp -from dataclasses import dataclass - -""" -This updater consists of several parts: - -- Update checker: Check an url for update (if outPath is different from /run/current-system or some specified profile) or maybe use timestamp for update -- Nix copy --from: copy from remote. Need to specify remote url. -- Create a symlink: /run/next-system -> -- Listen for POST request to trigger system switch (optional) -""" - - -@dataclass -class GarnixConfig: - token: str - - -@dataclass -class Config: - check_type: str - check_url: str - remote_url: str - garnix: GarnixConfig - hostname: str = socket.gethostname() - - -class Nix: - def __init__(self, args): - self.args = args - - def copy_from_remote(self): - # run nix copy with subprocess - pass - - def eval(self): - - -class Updater: - def __init__(self, config: Config): - self.config = config - - # TODO: Make this configurable - self.current_drv = os.readlink("/run/current-system") - self.next_dev = None - - # checkers take an url and returns the outPath of the latest success build - def garnix_checker(self) -> str: - domain = "garnix.io" - build_endpoint = "/api/build/commit" - - # Latest commit from git - - # Check build status of this commit - resp = requests.get( - f"https://{domain}{build_endpoint}/40b1e9ff23aaa5f555420dd22414c3f137a02cfe" - ) - # Raise error if status code is not valid - - # Fetch outPath from eval endpoint - # TODO: In theory, this could be done by parsing raw log from garnix. - - # Try to evaluate locally if eval endpoint is not configured - - resp = resp.json() - # TODO - return "null" - - def hydra_checker(self) -> str: - # TODO - return "null" - - # Check for update - def poll(self) -> str | None: - cfg = self.config - if cfg.check_type == "garnix": - pass - elif cfg.check_type == "hydra": - pass - else: - pass - pass - - -if __name__ == "__main__": - pass