diff --git a/flake.lock b/flake.lock index c6047e5..2cf70b8 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ ] }, "locked": { - "lastModified": 1706509311, - "narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=", + "lastModified": 1699171528, + "narHash": "sha256-ZsN6y+tgN5w84oAqRQpMhIvQM39ZNSZoZvn2AK0QYr4=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd", + "rev": "665603956a1c3040d756987bc7a810ffe86a3b15", "type": "github" }, "original": { @@ -64,11 +64,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -84,11 +84,11 @@ ] }, "locked": { - "lastModified": 1709764752, - "narHash": "sha256-+lM4J4JoJeiN8V+3WSWndPHj1pJ9Jc1UMikGbXLqCTk=", + "lastModified": 1705104164, + "narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=", "owner": "nix-community", "repo": "home-manager", - "rev": "cf111d1a849ddfc38e9155be029519b0e2329615", + "rev": "0912d26b30332ae6a90e1b321ff88e80492127dd", "type": "github" }, "original": { @@ -104,11 +104,11 @@ ] }, "locked": { - "lastModified": 1709708644, - "narHash": "sha256-XAFOkZ6yexsqeJrCXWoHxopq0i+7ZqbwATXomMnGmr4=", + "lastModified": 1704596958, + "narHash": "sha256-BK3Ohsz7m8X6qVKFxDtr8KVcHipfr5hYE9PDIJevHbQ=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "94a1e46434736a40f976a454f8bd3ea2144f349b", + "rev": "f46800ac5a6e9f892fe36e50821c5d85794ecc62", "type": "github" }, "original": { @@ -128,11 +128,11 @@ ] }, "locked": { - "lastModified": 1709773506, - "narHash": "sha256-RK9D2rbN7usqlxogWSBA0EsKDScSF/Uyb8ATntC4juA=", + "lastModified": 1705108826, + "narHash": "sha256-1xOzPcS8Zr4rqgLoaRwAcKqdCdzrBDaNwT+tiBdXf18=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a17ea69caec11561e73c985360fb596c25f74131", + "rev": "92fd8c24719f08692c36b685de6884a20080edf0", "type": "github" }, "original": { @@ -166,11 +166,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709410583, - "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", + "lastModified": 1704786394, + "narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", + "rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b", "type": "github" }, "original": { @@ -182,11 +182,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709479366, - "narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=", + "lastModified": 1704722960, + "narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b8697e57f10292a6165a20f03d2f42920dfaf973", + "rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", "type": "github" }, "original": { @@ -214,27 +214,27 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1709428628, - "narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } }, "nur": { "locked": { - "lastModified": 1709780742, - "narHash": "sha256-mJXQZLSI/zgQ98nHMSdmJ0l0YL3n38FWsdE9OiKPcWk=", + "lastModified": 1705110884, + "narHash": "sha256-8t8C+vYVoNsG7uv1cH/vkUHM84EkxGRoPuwk1TMXBZE=", "owner": "nix-community", "repo": "NUR", - "rev": "3428e6cf4521df6254ff5b8bcf31df84fc1dd0d2", + "rev": "075357ead2dbaf5c64120371f6a1e57d1ee23a02", "type": "github" }, "original": { @@ -266,11 +266,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1709711091, - "narHash": "sha256-L0rSIU9IguTG4YqSj4B/02SyTEz55ACq5t8gXpzteYc=", + "lastModified": 1704908274, + "narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "25dd60fdd08fcacee2567a26ba6b91fe098941dc", + "rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f29cae9..c8182ad 100644 --- a/flake.nix +++ b/flake.nix @@ -169,7 +169,6 @@ nixos-hardware.nixosModules.asus-zephyrus-ga401 machines/calcite/configuration.nix (mkHome "xin" "calcite") - (./overlays) ]; }; raspite = mkNixos { @@ -200,7 +199,7 @@ { devShells = { default = pkgs.mkShell { - packages = with pkgs; [ git colmena sops nix-output-monitor rnix-lsp nvd ]; + packages = with pkgs; [ git colmena sops nix-output-monitor rnix-lsp ]; }; }; } diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 5e0b056..4354bcd 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { imports = @@ -22,16 +22,9 @@ enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so pkcs11.enable = true; - # TODO: Need this until fapi-config is fixed in NixOS - pkcs11.package = pkgs.tpm2-pkcs11.override { fapiSupport = false; }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables tctiEnvironment.enable = true; }; - services.gnome.gnome-keyring.enable = lib.mkForce false; - security.pam.services.login.enableGnomeKeyring = lib.mkForce false; - services.ssh-tpm-agent.enable = true; - - programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so"; networking.hostName = "calcite"; @@ -80,8 +73,8 @@ # Configure keymap in X11 services.xserver = { - xkb.layout = "us"; - xkb.variant = ""; + layout = "us"; + xkbVariant = ""; }; # Keyboard mapping on internal keyboard services.keyd = { @@ -187,7 +180,6 @@ gnomeExtensions.search-light gnomeExtensions.tray-icons-reloaded gnome.gnome-tweaks - gnome.gnome-themes-extra gthumb oculante @@ -301,6 +293,7 @@ libvirtd.enable = true; podman = { enable = true; + enableNvidia = true; }; docker = { enable = true; diff --git a/machines/calcite/hardware-configuration.nix b/machines/calcite/hardware-configuration.nix index 9ebd38d..c84f41b 100644 --- a/machines/calcite/hardware-configuration.nix +++ b/machines/calcite/hardware-configuration.nix @@ -49,9 +49,4 @@ enable = true; driSupport32Bit = true; }; - - hardware.nvidia = { - powerManagement.enable = true; - dynamicBoost.enable = lib.mkForce false; - }; } diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix index 1599db5..bb91fa5 100644 --- a/machines/dolomite/default.nix +++ b/machines/dolomite/default.nix @@ -38,7 +38,7 @@ networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); custom.prometheus = { - enable = false; + enable = true; exporters.enable = true; grafana = { enable = true; @@ -164,7 +164,8 @@ protocol = "dns"; } { - inbound = "sg4"; + geoip = "cn"; + geosite = "cn"; outbound = "direct"; } ]; diff --git a/modules/home-manager/git.nix b/modules/home-manager/git.nix index cee2e22..e4b4c31 100644 --- a/modules/home-manager/git.nix +++ b/modules/home-manager/git.nix @@ -14,7 +14,7 @@ in enable = mkEnableOption "Git ssh signing"; keyFile = mkOption { type = types.str; - default = "~/.ssh/id.pub"; + default = "~/.ssh/id_ed25519_sk"; }; }; }; diff --git a/modules/home-manager/vscode.nix b/modules/home-manager/vscode.nix index f164de4..f8c98cc 100644 --- a/modules/home-manager/vscode.nix +++ b/modules/home-manager/vscode.nix @@ -33,6 +33,8 @@ in # Markdown davidanson.vscode-markdownlint # C/C++ + ms-vscode.cmake-tools + twxs.cmake llvm-vs-code-extensions.vscode-clangd # Nix jnoortheen.nix-ide @@ -44,9 +46,6 @@ in scala-lang.scala scalameta.metals - (ms-vscode.cmake-tools.overrideAttrs (_: { sourceRoot = "extension"; })) - twxs.cmake - sterben.fpga-support ms-vscode-remote.remote-ssh-edit @@ -56,6 +55,7 @@ in catppuccin.catppuccin-vsc # Rust rust-lang.rust-analyzer + github.copilot ]); userSettings = { "workbench.colorTheme" = "Catppuccin Macchiato"; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 1a6a520..3ba4a9b 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -7,6 +7,5 @@ ./hedgedoc.nix ./sing-box.nix ./kanidm-client.nix - ./ssh-tpm-agent.nix # FIXME: Waiting for upstream merge ]; } diff --git a/modules/nixos/ssh-tpm-agent.nix b/modules/nixos/ssh-tpm-agent.nix deleted file mode 100644 index f368c46..0000000 --- a/modules/nixos/ssh-tpm-agent.nix +++ /dev/null @@ -1,48 +0,0 @@ -# Temporary workaround -{ config, pkgs, lib, ... }: -let - cfg = config.services.ssh-tpm-agent; -in -{ - options = { - services.ssh-tpm-agent.enable = lib.mkEnableOption "TPM supported ssh agent in go"; - }; - config = lib.mkIf cfg.enable { - systemd.user.services.ssh-tpm-agent = { - enable = true; - unitConfig = { - Description = "SSH TPM agent service"; - Documentation = "man:ssh-agent(1) man:ssh-add(1) man:ssh(1)"; - Requires = "ssh-tpm-agent.socket"; - ConditionEnvironment = "!SSH_AGENT_PID"; - }; - serviceConfig = { - Environment = "SSH_AUTH_SOCK=%t/ssh-tpm-agent.socket"; - ExecStart = "${pkgs.ssh-tpm-agent}/bin/ssh-tpm-agent"; - PassEnvironment = "SSH_AGENT_PID"; - SuccessExitStatus = 2; - Type = "simple"; - }; - wants = [ "ssh-tpm-agent.socket" ]; - }; - - systemd.user.sockets.ssh-tpm-agent = { - enable = true; - description = "SSH TPM agent socket"; - socketConfig = { - ListenStream = "%t/ssh-tpm-agent.sock"; - SocketMode = "0600"; - Service = "ssh-tpm-agent.service"; - }; - - wantedBy = [ "sockets.target" ]; - }; - - environment = { - systemPackages = [ pkgs.ssh-tpm-agent ]; - extraInit = '' - export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-tpm-agent.sock" - ''; - }; - }; -} diff --git a/overlays/add-pkgs.nix b/overlays/add-pkgs.nix deleted file mode 100644 index 2a8aa2f..0000000 --- a/overlays/add-pkgs.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - nixpkgs.overlays = [ - (self: super: { - ssh-tpm-agent = - pkgs.callPackage ./pkgs/ssh-tpm-agent.nix { }; - }) - ]; -} diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index de8ee08..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, ... }: -{ - imports = [ - ./add-pkgs.nix - ]; -} diff --git a/overlays/pkgs/ssh-tpm-agent.nix b/overlays/pkgs/ssh-tpm-agent.nix deleted file mode 100644 index 0f960fc..0000000 --- a/overlays/pkgs/ssh-tpm-agent.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, buildGo122Module -, fetchFromGitHub -, openssl -}: - -buildGo122Module rec { - pname = "ssh-tpm-agent"; - version = "0.3.1"; - - src = fetchFromGitHub { - owner = "Foxboron"; - repo = "ssh-tpm-agent"; - rev = "v${version}"; - hash = "sha256-8CGSiCOcns4cWkYWqibs6hAFRipYabKPCpkhxF4OE8w="; - }; - - proxyVendor = true; - - vendorHash = "sha256-zUAIesBeuh1zlxXcjKSNmMawZGgUr9z3NzT0XKn/YCQ="; - - buildInputs = [ - openssl - ]; - - meta = with lib; { - description = "SSH agent with support for TPM sealed keys for public key authentication"; - homepage = "https://github.com/Foxboron/ssh-agent-tpm"; - license = licenses.mit; - platforms = platforms.linux; - maintainers = with maintainers; [ sgo ]; - }; -}