diff --git a/.sops.yaml b/.sops.yaml index 79707f1..0ce16ed 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &host-la-00 age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh - &host-massicot age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta - &host-weilite age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml - - &host-hk-00 age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + - &host-hk-00 age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu creation_rules: - path_regex: machines/calcite/secrets.yaml key_groups: @@ -24,6 +24,14 @@ creation_rules: - age: - *xin - *host-massicot + - path_regex: machines/dolomite/secrets/secrets.yaml + key_groups: + - age: + - *xin + - *host-sgp-00 + - *host-tok-00 + - *host-la-00 + - *host-hk-00 - path_regex: machines/dolomite/secrets/sgp-00.yaml key_groups: - age: diff --git a/flake.lock b/flake.lock index be689de..f6abc8b 100644 --- a/flake.lock +++ b/flake.lock @@ -1,126 +1,12 @@ { "nodes": { - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1708890466, - "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "665b3c6748534eb766c777298721cece9453fdae", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-foot": { - "flake": false, - "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", - "owner": "tinted-theming", - "repo": "base16-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-foot", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1720809814, - "narHash": "sha256-numb3xigRGnr/deF7wdjBwVg7fpbTH7reFDkJ75AJkY=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "34f41987bec14c0f3f6b2155c19787b1f6489625", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-kitty": { - "flake": false, - "locked": { - "lastModified": 1665001328, - "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", - "owner": "kdrag0n", - "repo": "base16-kitty", - "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", - "type": "github" - }, - "original": { - "owner": "kdrag0n", - "repo": "base16-kitty", - "type": "github" - } - }, - "base16-tmux": { - "flake": false, - "locked": { - "lastModified": 1696725902, - "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", - "owner": "tinted-theming", - "repo": "base16-tmux", - "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-tmux", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1716150083, - "narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "type": "github" - } - }, "catppuccin": { "locked": { - "lastModified": 1730458408, - "narHash": "sha256-JQ+SphQn13bdibKUrBBBznYehXX4xJrxD1ifBp6vSWw=", + "lastModified": 1731232837, + "narHash": "sha256-0aIwr/RC/oe7rYkfJb47xjdEQDSNcqpFGsEa+EPlDEs=", "owner": "catppuccin", "repo": "nix", - "rev": "191fbf2d81a63fad8f62f1233c0051f09b75d0ad", + "rev": "32359bf226fe874d3b7a0a5753d291a4da9616fe", "type": "github" }, "original": { @@ -132,22 +18,19 @@ "colmena": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", "nixpkgs": [ "nixpkgs" ], - "stable": [ - "nixpkgs" - ] + "stable": "stable" }, "locked": { - "lastModified": 1728263678, - "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", + "lastModified": 1731527002, + "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", "owner": "zhaofengli", "repo": "colmena", - "rev": "b0a62f234fae02a006123e661ff70e62af16106b", + "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", "type": "github" }, "original": { @@ -178,6 +61,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732221404, + "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", + "owner": "nix-community", + "repo": "disko", + "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -224,22 +127,6 @@ "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -281,15 +168,12 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems" - }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -299,6 +183,24 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -316,43 +218,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": [ - "stylix", - "systems" - ] - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1689549921, - "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -409,23 +274,6 @@ "type": "github" } }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1713702291, - "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "46.1", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -433,11 +281,11 @@ ] }, "locked": { - "lastModified": 1730837930, - "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=", + "lastModified": 1731786860, + "narHash": "sha256-130gQ5k8kZlxjBEeLpE+SvWFgSOFgQFeZlqIik7KgtQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f607e07f3ac7e53541120536708e824acccfaa8", + "rev": "1bd5616e33c0c54d7a5b37db94160635a9b27aeb", "type": "github" }, "original": { @@ -468,27 +316,6 @@ "type": "github" } }, - "home-manager_3": { - "inputs": { - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "ixx": { "inputs": { "flake-utils": [ @@ -563,6 +390,27 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -570,11 +418,11 @@ ] }, "locked": { - "lastModified": 1730604744, - "narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=", + "lastModified": 1731814505, + "narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318", + "rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132", "type": "github" }, "original": { @@ -594,11 +442,11 @@ ] }, "locked": { - "lastModified": 1730944043, - "narHash": "sha256-DIYTHa57pQQc9ARiMpJWYkaoiTaQPLH7Y4qK0J10Khk=", + "lastModified": 1731808759, + "narHash": "sha256-WwJqguc/5Q7HEwHlgDzDT8mtd8ZxInxZM2neJKC1oh8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0a959b25ff573f079ed032f88d8c988561b96a96", + "rev": "5cf92678e6799ce45442dee4c9cb8094843c7cfa", "type": "github" }, "original": { @@ -609,11 +457,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730919458, - "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", + "lastModified": 1731797098, + "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", + "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", "type": "github" }, "original": { @@ -653,11 +501,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "lastModified": 1731652201, + "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d", "type": "github" }, "original": { @@ -669,11 +517,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -685,11 +533,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1731119255, - "narHash": "sha256-rDHKmBBUu7XSK+68yXEI9TJVc2TaQH7SVieP9pH3h7k=", + "lastModified": 1731819057, + "narHash": "sha256-nfqKsQhFCakM+eIKGf/JWu/g56rOPoGny10EZN8q7R0=", "owner": "xinyangli", "repo": "nixpkgs", - "rev": "ca12ccda69b37abe3ea78dab388b0bfe638eb743", + "rev": "b2644ed7258502987ad4a70cf8959bf5a26ce26d", "type": "github" }, "original": { @@ -699,22 +547,6 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1725194671, - "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "devshell": "devshell", @@ -743,11 +575,11 @@ }, "nur": { "locked": { - "lastModified": 1730959878, - "narHash": "sha256-UZ6oSptjE04ooORHvvR+kiGnr/nhzWgYwGryxUkKAv0=", + "lastModified": 1731819675, + "narHash": "sha256-GGp/rEfxRdi1BD9TlHoXxp2g9IuKDp0Jk7wYh1LacP8=", "owner": "nix-community", "repo": "NUR", - "rev": "bc4d2a3b71c75d81cc247b1bf991b63f75358004", + "rev": "59740d792bea5caa547c9bc7ce366802ecfafb7f", "type": "github" }, "original": { @@ -758,7 +590,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "ixx": "ixx", "nixpkgs": [ "my-nixvim", @@ -784,7 +616,8 @@ "inputs": { "catppuccin": "catppuccin", "colmena": "colmena", - "flake-utils": "flake-utils", + "disko": "disko", + "flake-utils": "flake-utils_2", "home-manager": "home-manager", "my-nixvim": "my-nixvim", "nix-index-database": "nix-index-database", @@ -793,8 +626,7 @@ "nixpkgs": "nixpkgs_2", "nixpkgs-stable": "nixpkgs-stable", "nur": "nur", - "sops-nix": "sops-nix", - "stylix": "stylix" + "sops-nix": "sops-nix" } }, "sops-nix": { @@ -805,11 +637,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1730883027, - "narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=", + "lastModified": 1731814239, + "narHash": "sha256-TGnMXCeXS924w9W6CvRFtUCUFr8E/RK138lHxU3vcw8=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c5ae1e214ff935f2d3593187a131becb289ea639", + "rev": "47fc1d8c72dbd69b32ecb2019b5b648da3dd20ce", "type": "github" }, "original": { @@ -818,33 +650,19 @@ "type": "github" } }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-foot": "base16-foot", - "base16-helix": "base16-helix", - "base16-kitty": "base16-kitty", - "base16-tmux": "base16-tmux", - "base16-vim": "base16-vim", - "flake-compat": "flake-compat_4", - "flake-utils": "flake-utils_3", - "gnome-shell": "gnome-shell", - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_3", - "systems": "systems_3" - }, + "stable": { "locked": { - "lastModified": 1725416430, - "narHash": "sha256-DkF49DlcaZHV9v3m5ctQnC9qNqsEdfNhwjQArx5Q+Zw=", - "owner": "xinyangli", - "repo": "stylix", - "rev": "7aad490478518af03367dabfb5811b3f87ea93a1", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { - "owner": "xinyangli", - "repo": "stylix", + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", "type": "github" } }, @@ -878,21 +696,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 959d920..a7957b4 100644 --- a/flake.nix +++ b/flake.nix @@ -34,9 +34,12 @@ colmena = { url = "github:zhaofengli/colmena"; - inputs.stable.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; }; nix-index-database = { @@ -52,12 +55,6 @@ catppuccin = { url = "github:catppuccin/nix"; }; - - stylix = { - url = "github:xinyangli/stylix"; - # inputs.nixpkgs.follows = "nixpkgs"; - # inputs.home-manager.follows = "home-manager"; - }; }; outputs = @@ -66,35 +63,73 @@ home-manager, nixpkgs, nixos-hardware, + sops-nix, flake-utils, nur, catppuccin, my-nixvim, + nix-vscode-extensions, + colmena, + nix-index-database, + disko, ... - }@inputs: + }: let - nixvimOverlay = (final: prev: { nixvim = self.packages.${prev.stdenv.system}.nixvim; }); + editorOverlay = ( + final: prev: { + inherit (nix-vscode-extensions.extensions.${prev.stdenv.system}) vscode-marketplace; + inherit (self.packages.${prev.stdenv.system}) nixvim; + } + ); overlayModule = { ... }: { nixpkgs.overlays = [ - nixvimOverlay + editorOverlay (import ./overlays/add-pkgs.nix) ]; }; deploymentModule = { deployment.targetUser = "xin"; }; - sharedColmenaModules = [ - self.nixosModules.default - deploymentModule - ]; sharedHmModules = [ - inputs.sops-nix.homeManagerModules.sops - inputs.nix-index-database.hmModules.nix-index + self.homeManagerModules.default + sops-nix.homeManagerModules.sops + nix-index-database.hmModules.nix-index catppuccin.homeManagerModules.catppuccin - self.homeManagerModules ]; + sharedNixosModules = [ + self.nixosModules.default + sops-nix.nixosModules.sops + ]; + nodeNixosModules = { + calcite = [ + nixos-hardware.nixosModules.asus-zephyrus-ga401 + nur.nixosModules.nur + catppuccin.nixosModules.catppuccin + machines/calcite/configuration.nix + (mkHome "xin" "calcite") + ]; + hk-00 = [ + ./machines/dolomite/claw.nix + ./machines/dolomite/common.nix + disko.nixosModules.disko + ]; + la-00 = [ + ./machines/dolomite/bandwagon.nix + ./machines/dolomite/common.nix + ]; + tok-00 = [ + ./machines/dolomite/lightsail.nix + ./machines/dolomite/common.nix + ]; + osmium = [ + ./machines/osmium + ]; + }; + sharedColmenaModules = [ + deploymentModule + ] ++ sharedNixosModules; mkHome = user: host: { ... }: @@ -106,42 +141,29 @@ sharedModules = sharedHmModules; useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { - inherit inputs; - }; }; home-manager.users.${user} = (import ./home).${user}.${host}; } ]; }; - mkHomeConfiguration = user: host: { - name = user; - value = home-manager.lib.homeManagerConfiguration { - pkgs = import nixpkgs { system = "x86_64-linux"; }; - modules = [ - (import ./home).${user}.${host} - overlayModule - ] ++ sharedHmModules; - extraSpecialArgs = { - inherit inputs; - }; - }; - }; mkNixos = { - system, - modules, - specialArgs ? { }, + hostname, + system ? null, }: nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = specialArgs // { - inherit inputs system; + modules = sharedNixosModules ++ nodeNixosModules.${hostname}; + }; + # TODO: + mkColmenaHive = + { + hostname, + }: + colmena.lib.makeHive { + meta = { + # FIXME: + nixpkgs = import nixpkgs { system = "x86_64-linux"; }; }; - modules = [ - self.nixosModules.default - nur.nixosModules.nur - ] ++ modules; }; in { @@ -152,16 +174,12 @@ overlayModule ]; }; - homeManagerModules = import ./modules/home-manager; + homeManagerModules.default = import ./modules/home-manager; - homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ]; - - colmenaHive = inputs.colmena.lib.makeHive { + colmenaHive = colmena.lib.makeHive { meta = { + # FIXME: nixpkgs = import nixpkgs { system = "x86_64-linux"; }; - specialArgs = { - inherit inputs; - }; }; massicot = @@ -179,7 +197,7 @@ tok-00 = { ... }: { - imports = [ machines/dolomite ] ++ sharedColmenaModules; + imports = nodeNixosModules.tok-00 ++ sharedColmenaModules; nixpkgs.system = "x86_64-linux"; networking.hostName = "tok-00"; system.stateVersion = "23.11"; @@ -193,7 +211,7 @@ la-00 = { ... }: { - imports = [ machines/dolomite ] ++ sharedColmenaModules; + imports = nodeNixosModules.la-00 ++ sharedColmenaModules; nixpkgs.system = "x86_64-linux"; networking.hostName = "la-00"; system.stateVersion = "21.05"; @@ -207,7 +225,7 @@ hk-00 = { ... }: { - imports = [ machines/dolomite ] ++ sharedColmenaModules; + imports = nodeNixosModules.hk-00 ++ sharedColmenaModules; nixpkgs.system = "x86_64-linux"; networking.hostName = "hk-00"; system.stateVersion = "24.05"; @@ -248,12 +266,11 @@ nixosConfigurations = { calcite = mkNixos { - system = "x86_64-linux"; - modules = [ - nixos-hardware.nixosModules.asus-zephyrus-ga401 - machines/calcite/configuration.nix - (mkHome "xin" "calcite") - ]; + hostname = "calcite"; + }; + + osmium = mkNixos { + hostname = "osmium"; }; } // self.colmenaHive.nodes; @@ -262,6 +279,17 @@ system: let pkgs = nixpkgs.legacyPackages.${system}; + + mkHomeConfiguration = user: host: { + name = user; + value = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ + (import ./home).${user}.${host} + overlayModule + ] ++ sharedHmModules; + }; + }; in { devShells = { @@ -269,16 +297,19 @@ packages = with pkgs; [ nix git - colmena + colmena.packages.${system}.colmena sops nix-output-monitor nil nvd nh + (python3.withPackages (ps: with ps; [ requests ])) ]; }; }; + homeConfigurations = builtins.listToAttrs [ (mkHomeConfiguration "xin" "calcite") ]; + packages = { nixvim = my-nixvim.packages.${system}.default; }; diff --git a/home/xin/calcite.nix b/home/xin/calcite.nix index 654aedc..69d16d6 100644 --- a/home/xin/calcite.nix +++ b/home/xin/calcite.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: let homeDirectory = "/home/xin"; in @@ -36,13 +36,23 @@ in home.packages = with pkgs; [ thunderbird remmina + qq + wechat-uos + wpsoffice + ttf-wps-fonts ]; # Theme catppuccin = { enable = true; + accent = "peach"; flavor = "mocha"; }; + # Missing from catppuccin module + services.swaync.style = pkgs.fetchurl { + url = "https://github.com/catppuccin/swaync/releases/download/v0.2.3/mocha.css"; + hash = "sha256-Hie/vDt15nGCy4XWERGy1tUIecROw17GOoasT97kIfc="; + }; xdg.enable = true; @@ -51,6 +61,12 @@ in fcitx5.addons = with pkgs; [ fcitx5-rime ]; }; + # Using wayland + home.sessionVariables = { + GTK_IM_MODULE = lib.mkForce ""; + QT_IM_MODULE = lib.mkForce ""; + }; + custom-hm = { alacritty = { enable = true; @@ -70,6 +86,14 @@ in }; neovim = { enable = true; + font = { + normal = [ + "JetbrainsMono Nerd Font" + "Noto Sans Mono CJK SC" + "Ubuntu" + ]; + size = 12.0; + }; }; vscode = { enable = true; @@ -84,6 +108,7 @@ in zellij = { enable = true; }; + gui = { niri.enable = true; waybar.enable = true; diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index 7235179..8ad5348 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -4,7 +4,9 @@ lib, ... }: - +let + inherit (lib) mkForce getExe; +in { imports = [ # Include the results of the hardware scan. @@ -34,6 +36,11 @@ boot.supportedFilesystems = [ "ntfs" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + documentation = { + nixos.enable = false; + man.enable = false; + }; + security.tpm2 = { enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so @@ -43,7 +50,7 @@ # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables tctiEnvironment.enable = true; }; - services.gnome.gnome-keyring.enable = lib.mkForce false; + # services.gnome.gnome-keyring.enable = lib.mkForce false; security.pam.services.login.enableGnomeKeyring = lib.mkForce false; services.ssh-tpm-agent.enable = true; @@ -98,14 +105,51 @@ LC_TIME = "en_US.utf8"; }; - services.displayManager = { - enable = true; - defaultSession = "niri"; - }; + # ====== GUI ====== programs.niri.enable = true; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + security.pam.services.gtklock = { }; # Required by gtklock - services.xserver.displayManager.gdm.enable = true; + catppuccin = { + enable = true; + accent = "rosewater"; + flavor = "mocha"; + }; + + xdg.portal = { + enable = true; + extraPortals = [ + pkgs.xdg-desktop-portal-gnome + pkgs.xdg-desktop-portal-gtk + ]; + configPackages = [ pkgs.niri ]; + }; + + systemd.user.services.xdg-desktop-portal-gtk.after = [ "graphical-session.target" ]; + systemd.user.services.xdg-desktop-portal-gnome.after = [ "graphical-session.target" ]; + systemd.user.services.xdg-desktop-portal-gnome.wantedBy = [ "graphical-session.target" ]; + + services.greetd = + let + niri-login-config = pkgs.writeText "niri-login-config.kdl" '' + animations { + off + } + hotkey-overlay { + skip-at-startup + } + ''; + in + { + enable = true; + vt = 1; + settings = { + default_session = { + command = "${pkgs.dbus}/bin/dbus-run-session -- ${getExe pkgs.niri} -c ${niri-login-config} -- ${getExe pkgs.greetd.gtkgreet} -l -c niri-session -s ${pkgs.magnetic-catppuccin-gtk}/share/themes/Catppuccin-GTK-Dark/gtk-3.0/gtk.css"; + }; + }; + }; # Keyboard mapping on internal keyboard services.keyd = { @@ -120,6 +164,15 @@ }; }; }; + "logiM720" = { + ids = [ "046d:b015" ]; + settings = { + main = { + mouse2 = "leftmeta"; + # leftalt = "mouse1"; + }; + }; + }; }; }; @@ -166,6 +219,7 @@ services.smartd.enable = true; # Allow unfree packages + nixpkgs.system = "x86_64-linux"; nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" @@ -229,7 +283,6 @@ # IM element-desktop tdesktop - qq # Password manager bitwarden @@ -246,8 +299,6 @@ # Writting zotero # onlyoffice-bin - wpsoffice - zed-editor config.nur.repos.linyinfeng.wemeet @@ -300,8 +351,6 @@ exporters.blackbox.enable = true; }; - custom.stylix.enable = false; - services.ollama = { enable = true; acceleration = "cuda"; @@ -311,7 +360,6 @@ services.gvfs.enable = true; services.flatpak.enable = true; - xdg.portal.enable = true; # Fonts fonts = { diff --git a/machines/calcite/network.nix b/machines/calcite/network.nix index 89e9255..31203ad 100644 --- a/machines/calcite/network.nix +++ b/machines/calcite/network.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { imports = [ ]; @@ -10,7 +10,6 @@ dns = "systemd-resolved"; }; }; - systemd.services.NetworkManager-wait-online.enable = false; services.resolved = { enable = true; @@ -25,6 +24,7 @@ services.dae.enable = true; services.dae.configFile = "/var/lib/dae/config.dae"; + systemd.services.dae.after = lib.mkIf (config.networking.networkmanager.enable) [ "NetworkManager-wait-online.service" ]; custom.sing-box = { enable = false; @@ -46,14 +46,13 @@ # Use nftables to manager firewall networking.nftables.enable = true; - # Add gsconnect, open firewall - programs.kdeconnect = { - enable = true; - package = pkgs.gnomeExtensions.gsconnect; - }; - programs.wireshark = { enable = true; package = pkgs.wireshark-qt; }; + + programs.kdeconnect = { + enable = true; + package = pkgs.valent; + }; } diff --git a/machines/dolomite/bandwagon.nix b/machines/dolomite/bandwagon.nix index 91449c1..803be29 100644 --- a/machines/dolomite/bandwagon.nix +++ b/machines/dolomite/bandwagon.nix @@ -1,21 +1,11 @@ { - config, - lib, - pkgs, modulesPath, ... }: -let - cfg = config.isBandwagon; -in { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - options = { - isBandwagon = lib.mkEnableOption "Bandwagon instance"; - }; - - config = lib.mkIf cfg { + config = { boot.initrd.availableKernelModules = [ "ata_piix" "xhci_pci" diff --git a/machines/dolomite/claw.nix b/machines/dolomite/claw.nix index b8cf692..84b3da9 100644 --- a/machines/dolomite/claw.nix +++ b/machines/dolomite/claw.nix @@ -1,22 +1,14 @@ { - config, lib, modulesPath, ... }: -let - cfg = config.isClaw; -in { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - options = { - isClaw = lib.mkEnableOption "Lightsail instance"; - }; - - config = lib.mkIf cfg { + config = { boot.initrd.availableKernelModules = [ "uhci_hcd" "virtio_blk" @@ -26,6 +18,38 @@ in "xen_blkfront" "vmw_pvscsi" ]; + + disko.devices = { + disk = { + main = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; @@ -34,11 +58,6 @@ in device = "/dev/vda"; }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/fe563e38-9a57-447a-ba57-c3e53ddd84ee"; - fsType = "ext4"; - }; - swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/machines/dolomite/common.nix b/machines/dolomite/common.nix new file mode 100644 index 0000000..83b0e36 --- /dev/null +++ b/machines/dolomite/common.nix @@ -0,0 +1,36 @@ +{ config, ... }: +{ + config = { + sops = { + secrets = { + wg_private_key = { + owner = "root"; + sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; + }; + wg_ipv6_local_addr = { + owner = "root"; + sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; + }; + "sing-box/password" = { + owner = "root"; + sopsFile = ./secrets/secrets.yaml; + }; + "sing-box/uuid" = { + owner = "root"; + sopsFile = ./secrets/secrets.yaml; + }; + }; + }; + + custom.prometheus = { + enable = true; + exporters.blackbox.enable = true; + }; + + commonSettings = { + auth.enable = true; + proxyServer.enable = true; + }; + }; + +} diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix deleted file mode 100644 index 32e2425..0000000 --- a/machines/dolomite/default.nix +++ /dev/null @@ -1,182 +0,0 @@ -{ config, lib, ... }: -let - awsHosts = [ "tok-00" ]; - bwgHosts = [ "la-00" ]; - clawHosts = [ "hk-00" ]; -in -{ - imports = [ - ../sops.nix - ./bandwagon.nix - ./lightsail.nix - ./claw.nix - ]; - - config = { - isBandwagon = builtins.elem config.networking.hostName bwgHosts; - isLightsail = builtins.elem config.networking.hostName awsHosts; - isClaw = builtins.elem config.networking.hostName clawHosts; - sops = { - secrets = { - wg_private_key = { - owner = "root"; - sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; - }; - wg_ipv6_local_addr = { - owner = "root"; - sopsFile = ./secrets + "/${config.networking.hostName}.yaml"; - }; - }; - }; - boot.kernel.sysctl = { - "net.core.default_qdisc" = "fq"; - "net.ipv4.tcp_congestion_control" = "bbr"; - }; - - networking.firewall.trustedInterfaces = [ "tun0" ]; - - security.acme = { - acceptTerms = true; - certs.${config.deployment.targetHost} = { - email = "me@namely.icu"; - # Avoid port conflict - listenHTTP = if config.services.caddy.enable then ":30310" else ":80"; - }; - }; - services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = '' - reverse_proxy 127.0.0.1:30310 - ''; - - networking.firewall.allowedTCPPorts = [ - 80 - 8080 - ]; - networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); - - custom.prometheus = { - enable = true; - exporters.blackbox.enable = true; - }; - - custom.kanidm-client = { - enable = true; - uri = "https://auth.xinyang.life/"; - asSSHAuth = { - enable = true; - allowedGroups = [ "linux_users" ]; - }; - sudoers = [ "xin@auth.xinyang.life" ]; - }; - - services.openssh = { - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = lib.mkForce "no"; - GSSAPIAuthentication = "no"; - KerberosAuthentication = "no"; - }; - }; - services.fail2ban.enable = true; - programs.mosh.enable = true; - - security.sudo = { - execWheelOnly = true; - wheelNeedsPassword = false; - }; - - services.sing-box = - let - singTls = { - enabled = true; - server_name = config.deployment.targetHost; - key_path = config.security.acme.certs.${config.deployment.targetHost}.directory + "/key.pem"; - certificate_path = - config.security.acme.certs.${config.deployment.targetHost}.directory + "/cert.pem"; - }; - password = { - _secret = config.sops.secrets.singbox_password.path; - }; - uuid = { - _secret = config.sops.secrets.singbox_uuid.path; - }; - in - { - enable = true; - settings = { - inbounds = - [ - { - tag = "sg0"; - type = "trojan"; - listen = "::"; - listen_port = 8080; - users = [ - { - name = "proxy"; - password = password; - } - ]; - tls = singTls; - } - ] - ++ lib.forEach (lib.range 6311 6314) (port: { - tag = "sg" + toString (port - 6310); - type = "tuic"; - listen = "::"; - listen_port = port; - congestion_control = "bbr"; - users = [ - { - name = "proxy"; - uuid = uuid; - password = password; - } - ]; - tls = singTls; - }); - outbounds = [ - { - type = "wireguard"; - tag = "wg-out"; - private_key = { - _secret = config.sops.secrets.wg_private_key.path; - }; - local_address = [ - "172.16.0.2/32" - { _secret = config.sops.secrets.wg_ipv6_local_addr.path; } - ]; - peers = [ - { - public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="; - allowed_ips = [ - "0.0.0.0/0" - "::/0" - ]; - server = "162.159.192.1"; - server_port = 500; - } - ]; - } - { - type = "direct"; - tag = "direct"; - } - ]; - route = { - rules = [ - { - inbound = "sg0"; - outbound = "direct"; - } - { - inbound = "sg4"; - outbound = "direct"; - } - ]; - }; - }; - }; - }; - -} diff --git a/machines/dolomite/lightsail.nix b/machines/dolomite/lightsail.nix index 230b23d..e44fac4 100644 --- a/machines/dolomite/lightsail.nix +++ b/machines/dolomite/lightsail.nix @@ -1,11 +1,9 @@ { config, - lib, pkgs, modulesPath, ... }: -with lib; let cfg = config.ec2; in @@ -20,11 +18,7 @@ in "${modulesPath}/virtualisation/amazon-init.nix" ]; - options = { - isLightsail = mkEnableOption "Lightsail instance"; - }; - - config = mkIf config.isLightsail { + config = { boot.loader.grub.device = "/dev/nvme0n1"; # from nixpkgs amazon-image.nix diff --git a/machines/dolomite/secrets/hk-00.yaml b/machines/dolomite/secrets/hk-00.yaml index 91d6540..3236479 100644 --- a/machines/dolomite/secrets/hk-00.yaml +++ b/machines/dolomite/secrets/hk-00.yaml @@ -1,5 +1,5 @@ -wg_private_key: ENC[AES256_GCM,data:M4lSTVf5cCbjuPjabYzGV1RQ0ZarM9vP2V8l1MJbLCKPTKGZV5wi9a3IIzA=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:+sQMIpmEwqOsBWBnqN6J1Q==,type:str] -wg_ipv6_local_addr: ENC[AES256_GCM,data:mzZDRHo5bD6Vji4LuvE8vEmQR/J5MeCXuS0DVihJcQdBw/NJ5zdATNVD,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:/hixvECSasepzvZdBOoO7g==,type:str] +wg_private_key: ENC[AES256_GCM,data:rzWGmeKVKjSaViN7fkgwLXdD7gLwTaNd9dtTdj6POMXqjk6uYNXKhKES/d0=,iv:M9jU7/xpzHxV3pYIfZqxGnsnbrx8wKN4zKa4qqyL7ak=,tag:Pz8P7mq1DpGPVwgTTFmFiw==,type:str] +wg_ipv6_local_addr: ENC[AES256_GCM,data:SuRSCFKW5MM2mtDNNfa3By7hrz66Y+nw/Ij+uO0MHwklAlkydVVKi89D,iv:5OevY9C3oqPhhksnd5itz8TWorFsm/mjs430c2ki+ZM=,tag:DjZjY54Pb1AHIyyzQIlHaw==,type:str] sops: kms: [] gcp_kms: [] @@ -9,23 +9,23 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNmVpY09ZNzhacDdpdVUr - SGc2NGNrRWlMMzE2RVNSN0tHTGNoeVhlWUFRCnpqNy9qMExKUFA0akFnNG1HS0h2 - NXlmWkJMemJkam5oSEFaSENkRTRnczQKLS0tIGNha0RWbGFUWGpROEdoKy9WbC9n - WTUrUjMydHRHODN3TDhyakpHNG1hZjQKR3I8TwUDvvht9ck8YIplCjafhUdvxw7M - VNSjUoacKg0Uu5m777UlBpDdDXBwulrVryFxrKA0Q395+YRJ2Sg0wQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNXJzOHF2M3RkV2MxeThi + NzFXcHg2QVZzQXZWMlFibE10MnhiekJnSVNzCjJ4TVBXZmk1ZWk5Rjl0WUlHNWc2 + bUdHcCsraEpWb2hqVDAxaVpNdC9SOXMKLS0tIFJ2amxtTXY2VnF2NUlVYXdJZG5R + RHk3SjZIUTQ3VmJpcElmMXd3dFp1RVEKQCe/BYPU9b8aNsTV1z5VKfnesp8KT98T + iRWUz4cuNLEUbmO9H2AuoM2iVtsFmYyPRz2NlSPUMdCHR7MnAGbkFg== -----END AGE ENCRYPTED FILE----- - - recipient: age1w3x5mz2g8jc9aq8cajdpg62f8n5p4qr6jgjlxw9seagyw0t0fsuqvkmym0 + - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZC9GU085TmV6b1FsdGFw - OEFJeVM1WFJib1lFM1luQmlQSGt3Ym1PaVVjCkd4TmhIcVB2Nk4xaHdwSVVHOGJJ - TVErNHZ1ZURKMmk2SzJUajFTV0tJSE0KLS0tIG5jVnZHNm55dncvaDdsWXNidDB1 - TURVTjR3RUJzMmxmNVIyTk5rM0YvMU0KP3R78NlGqbRHmSn2WqanPq8Y9m+olBLO - 2CTJI9QQfPACzz9KoEt5hlpqVpsgQT9CGDpyYEwXrFyxFY4QIh5NPw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY25mNU1DVnc5eHdPWlpt + a2RtMVRLa3BwRTJQbWIrREcrRGtSdHNsUnpvCkZQN1k0blBON1FLOG5SeFRRalc3 + UTUvNVV6RXpxZmUzVGJlMEVkRzVqUFEKLS0tIHpNYWdaTkMycGp3WW9VNkYrUzZD + NmhOZldZa2lQVEFQQk8zNFI3dm1QaHcKdTuNNHPE/Co4Eg5KWfIFb47w4nt6n7K4 + 7gSrkobL+aZJTGZcEjwh6LsqmxoPbU0jyVk6Lb8cv2I71p1UcF32JA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-17T10:52:20Z" - mac: ENC[AES256_GCM,data:lxqZaTqs5d/b/iIZ7BbD2jYJq3fTIbFlbdwKbCAAiXJv8abxN6SjOKuecKEvkJ0Y7qf2e0Cl8lbRwSy5FJb9Wsl9O4LzF0KBu0lssnBtDuZujFldgxJSWB8kQ3vMsPQ+NbmRME3zdKazmuhEwS0h/O6L6KmnfHjtfnDpAjYD+MY=,iv:Xue3R2qGxiw5/hjr9dLiLqeKDTpnwAnx8v9M3qjz5EM=,tag:T67z1oCMoW/ApF6tFJL3dA==,type:str] + lastmodified: "2024-11-22T07:15:56Z" + mac: ENC[AES256_GCM,data:fJcdcoGiqkEPOyINmCjLf+PUc46pCkjZB8q8CE1vxpgLQg+SuaYRByVTuse1xHPVj/ytBiHFHk9btEFcf4F69IyMJl7abuIakTvJctkfs1Y1/lSiDvYBi8+S6n1Oloj63osRX0XKKIabju262zb7KsA6Vyxg9hSJI54dbVRkCqg=,iv:a0dHwBQbQJm1grg9S4T6VMg8177px0sc19GWvvUJYDs=,tag:T1CivleWWnijQQDm/3xP4A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/machines/dolomite/secrets/secrets.yaml b/machines/dolomite/secrets/secrets.yaml new file mode 100644 index 0000000..5a33087 --- /dev/null +++ b/machines/dolomite/secrets/secrets.yaml @@ -0,0 +1,59 @@ +sing-box: + password: ENC[AES256_GCM,data:YfMSwvgAu7wBEYCP9/L+FFVdd9dL1Ls3,iv:C9KlVngh74z/VjjOGxnlpA4CqFv7TCSD3KSm2l/xGB4=,tag:/94NFyVHzPIkqn+/NzKTHQ==,type:str] + uuid: ENC[AES256_GCM,data:bDjrhciE0lttJfdL8cvGSf7/gdMRu/Fid+q0yBUqEvWH5ZSm,iv:Oy/U1c2sW5a2eQQxXAEjqaE85xX5rFapz9k/DtcZR+w=,tag:s0HwGkhqvnCQkzfbTEHUWw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc0ZvdUIzRXJhVVRuTWZ6 + dkN5OTVDR0tWSXhBZEI1U2srLzJmSnMvOXk4ClhaWk15Wng5WHJPVmtNSTM2OHpF + ZWUrcXNKV21BZ05xMkRwcnFRVkFGd0EKLS0tIGQ1c3psYmV5YXZZR1N6WjZRQndH + TW5WeXVXS2ZtRklPbEs4S1BGYVFxSncKmwg7cINY6Vk8WCWdOEk8quBn67tiieiD + 6bWyq+OQbDoAzwOdZ1Bt6q7YrTWSlrFjs8mk/YWUSFmn2g25grKABg== + -----END AGE ENCRYPTED FILE----- + - recipient: age13s6rwd3wjk2x5wkn69tdczhl3l5d7mfmlv90efsv4q67jne43qss9tcakx + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbUhaSXdmbXJmUGtHb1lr + Sk1GSGJUMHhNQ1lET2VleXlmcDBPd3NodlNNCmRWVUNQOExWVzI0VzR3Wk0vbkp5 + NmV4NlUrbUxNbWdMNGNRdDdvbzhsSmsKLS0tIHgyVFI3REcySGRLai9lVTI2VWpn + enVSUjBoRHN3ekc2ci9oaUhqdnRiVHMKAS+KAsqqF/xm80mucgpHbky2Lw3k/kxH + iQGzhzMsNY3jY/nSARcRjWSRrugDtK5ou+rJySGCOov7U2AlulZl3A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1t5nw2jx4dw67jkf72uxcxt72j7lq3xyj35lvl09f8kala90h2g2s2a5yvj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha21uc3dQZWZTQmp0Q0pT + WEk5cy9oUm1yN2FxdDU4THIySEk2SDJrMVd3CnZ6c2VneTMwRC8vUG5sM0s1SHNx + dm9mSDdhem1CdkpPQ0dpY2pSbzN0Nk0KLS0tIEpLVGtBSEsyMnpFSk81ekRhVU84 + bTRzTS8wemRHNUJrZWJlc2l0bXFIN3MK8IB0DBkJdTU4evQO41hf/GKGvSm39bWd + CDKCn62RnWLEDlq3xRddqQnr4ogk/6D0lhxvbrN8obCq+Ev1wakAcg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbEpyNkhrZ0lldU9Bc0lr + Q21ENWFOS0UwK1gzZ1A1SjFKUkRzUTNBV0gwCnBYY0dPakZnaVJWekdlS2hUaXIx + a3J2VjhCalVPMk5qcFkzekpYR0Y2WUEKLS0tIEhYQWUxZjIvTit4R0hHMDYxZXpu + amV1YmxraDRETmdmTmU3ekhQdGlOVjAKzJGI5WomWDMSLHeJZ8Rka4rRv6AEaYnp + NgYpsDF6uhB2a270xzGDHXOUjRFUMhYiz3p+tN/RSzt00Ks/q5SyPg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hrckkydr9yhnyw6qqqptz45yc9suszccu0nd53q2zhlksgy9pqaqmlsdmu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRWwwSTd6cGJpZXl6ZjZk + TlJySzdxNXlNMWdjVisrZEUxQWVuNXVqb1NBCklTSkVST092MURDL0JhT1dpWGR1 + QzdJbXROM2ZIRjZUUG5FaFBUVUNHWTgKLS0tIHJycG8vUGJoOVNCcmxwVVlJQ0NO + NlBsZmpCODUwNThCc1RrUkNHMWdQeUUKRHsKHjCRmJ0L5W7Aw5LTf0jlulvBOt4u + IQWkyuw/5Co3cS9DHZ41zlFDKld/+jr1DFpATUSvSTFL+laNcwWwCQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-22T07:16:07Z" + mac: ENC[AES256_GCM,data:ldGU1of+oldDpdgGrlryUSsudUjk2FOKQ/4krY+5fOb07NRl0nvVgWBhVoHbY7JgdFO9EXxJfhLe/vkxjeQ6XxbZQkJFaXBY8MM4S8CPFdUwd2Ebr6e+aNvJR586LtZOfJ0cU8zr/DGm00zIaQParbzXPLq2fvahKgzqv84bM3Y=,iv:ZBzkMkkRRtJ9lIOdrG1fC0YayPZlT7Gsdos7ulFJjD0=,tag:3rSlPFWeVNfeyTIia0hU2w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix index ecbc6e2..e461039 100644 --- a/machines/massicot/default.nix +++ b/machines/massicot/default.nix @@ -1,12 +1,10 @@ { - inputs, pkgs, ... }: { imports = [ - inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ./networking.nix ./services.nix @@ -54,6 +52,10 @@ git ]; + # Disable docs on servers + documentation.nixos.enable = false; + documentation.man.enable = false; + system.stateVersion = "22.11"; networking = { diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index 31cd6e6..ef8323b 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -73,8 +73,8 @@ systems.oauth2 = { forgejo = { displayName = "ForgeJo"; - originUrl = "https://git.xinyang.life/"; - originLanding = "https://git.xinyang.life/user/oauth2/kandim"; + originUrl = "https://git.xinyang.life/user/oauth2/kanidm/callback"; + originLanding = "https://git.xinyang.life/user/oauth2/kanidm"; allowInsecureClientDisablePkce = true; scopeMaps = { forgejo-access = [ @@ -96,8 +96,8 @@ }; gts = { displayName = "GoToSocial"; - originUrl = "https://xinyang.life/"; - originLanding = "https://xinyang.life/"; + originUrl = "https://xinyang.life/auth/callback"; + originLanding = "https://xinyang.life/auth/callback"; allowInsecureClientDisablePkce = true; scopeMaps = { gts-users = [ @@ -133,7 +133,7 @@ hedgedoc = { displayName = "HedgeDoc"; - originUrl = "https://docs.xinyang.life/"; + originUrl = "https://docs.xinyang.life/auth/oauth2/callback"; originLanding = "https://docs.xinyang.life/auth/oauth2"; allowInsecureClientDisablePkce = true; scopeMaps = { @@ -147,9 +147,9 @@ immich = { displayName = "Immich"; originUrl = [ - "https://immich.xinyang.life:8000/api/oauth/mobile-redirect/" - "https://immich.xinyang.life:8000/auth/login/" - "https://immich.xinyang.life:8000/user-settings/" + "https://immich.xinyang.life:8000/api/oauth/mobile-redirect" + "https://immich.xinyang.life:8000/auth/login" + "https://immich.xinyang.life:8000/user-settings" ]; originLanding = "https://immich.xinyang.life:8000/auth/login?autoLaunch=0"; allowInsecureClientDisablePkce = true; @@ -163,8 +163,9 @@ }; miniflux = { displayName = "Miniflux"; - originUrl = "https://rss.xinyang.life/"; - originLanding = "https://rss.xinyang.life/"; + originUrl = "https://rss.xinyang.life/oauth2/oidc/callback"; + + originLanding = "https://rss.xinyang.life/oauth2/oidc/redirect"; scopeMaps = { miniflux-users = [ "openid" @@ -175,7 +176,7 @@ }; grafana = { displayName = "Grafana"; - originUrl = "https://grafana.xinyang.life/"; + originUrl = "https://grafana.xinyang.life/login/generic_oauth"; originLanding = "https://grafana.xinyang.life/"; scopeMaps = { grafana-users = [ diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix index 4be75c5..6a43aa3 100644 --- a/machines/massicot/services.nix +++ b/machines/massicot/services.nix @@ -101,7 +101,6 @@ in services.matrix-conduit = { enable = true; - # package = inputs.conduit.packages.${pkgs.system}.default; package = pkgs.matrix-conduit; settings.global = { server_name = "xinyang.life"; diff --git a/machines/osmium/default.nix b/machines/osmium/default.nix new file mode 100644 index 0000000..823d2f0 --- /dev/null +++ b/machines/osmium/default.nix @@ -0,0 +1,111 @@ +{ + pkgs, + lib, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/installer/sd-card/sd-image.nix") + ./sd-image-aarch64-orangepi-r1plus.nix + ]; + + config = { + system.stateVersion = "24.05"; + + nixpkgs.system = "aarch64-linux"; + + boot.tmp.useTmpfs = false; + boot.kernelModules = [ + "br_netfilter" + "bridge" + ]; + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv4.ip_nonlocal_bind" = 1; + "net.ipv6.conf.all.forwarding" = 1; + "net.ipv6.ip_nonlocal_bind" = 1; + "net.bridge.bridge-nf-call-ip6tables" = 1; + "net.bridge.bridge-nf-call-iptables" = 1; + "net.bridge.bridge-nf-call-arptables" = 1; + "fs.inotify.max_user_watches" = 524288; + "dev.i915.perf_stream_paranoid" = 0; + "net.ipv4.conf.all.rp_filter" = 0; + "vm.max_map_count" = 2000000; + "net.ipv4.conf.all.route_localnet" = 1; + "net.ipv4.conf.all.send_redirects" = 0; + "kernel.msgmnb" = 65536; + "kernel.msgmax" = 65536; + "net.ipv4.tcp_timestamps" = 0; + "net.ipv4.tcp_synack_retries" = 1; + "net.ipv4.tcp_syn_retries" = 1; + "net.ipv4.tcp_tw_recycle" = 1; + "net.ipv4.tcp_tw_reuse" = 1; + "net.ipv4.tcp_fin_timeout" = 15; + "net.ipv4.tcp_keepalive_time" = 1800; + "net.ipv4.tcp_keepalive_probes" = 3; + "net.ipv4.tcp_keepalive_intvl" = 15; + "net.ipv4.ip_local_port_range" = "2048 65535"; + "fs.file-max" = 102400; + "net.ipv4.tcp_max_tw_buckets" = 180000; + }; + + commonSettings = { + nix.enableMirrors = true; + auth.enable = true; + }; + + documentation.enable = false; + + time.timeZone = "Asia/Shanghai"; + i18n = { + defaultLocale = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + lsof + wget + curl + neovim + jq + iptables + ebtables + tcpdump + busybox + ethtool + socat + htop + iftop + lm_sensors + ]; + + programs.command-not-found.enable = false; + + networking = { + useDHCP = false; + hostName = "osmium"; + }; + + systemd.network = { + enable = true; + networks."lan" = { + matchConfig.Name = "enu1"; + networkConfig.DHCP = "no"; + linkConfig.RequiredForOnline = "no"; + }; + networks."wan" = { + matchConfig.Name = "end0"; + networkConfig.DHCP = "yes"; + linkConfig.RequiredForOnline = "yes"; + }; + }; + + services.dae = { + enable = true; + configFile = "/var/lib/dae/config.dae"; + }; + + services.tailscale.enable = true; + + }; +} diff --git a/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix b/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix new file mode 100644 index 0000000..3802760 --- /dev/null +++ b/machines/osmium/sd-image-aarch64-orangepi-r1plus.nix @@ -0,0 +1,44 @@ +{ + config, + modulesPath, + lib, + pkgs, + ... +}: +let +in +{ + imports = [ + (modulesPath + "/profiles/base.nix") + ]; + + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + boot.kernelParams = [ + "earlycon" + "console=ttyS2,1500000" + "consoleblank=0" + ]; + boot.supportedFilesystems = lib.mkForce [ + "ext4" + "vfat" + "ntfs" + ]; + + sdImage = { + compressImage = false; + imageBaseName = "nixos-sd-image-orange-pi-r1-plus-lts"; + firmwarePartitionOffset = 16; + populateFirmwareCommands = '' + echo "Install U-Boot: ${pkgs.ubootOrangePiR1LtsPackage}" + dd if=${pkgs.ubootOrangePiR1LtsPackage}/idbloader.img of=$img seek=64 conv=notrunc + dd if=${pkgs.ubootOrangePiR1LtsPackage}/u-boot.itb of=$img seek=16384 conv=notrunc + ''; + populateRootCommands = '' + mkdir -p ./files/boot + ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot + ''; + }; +} diff --git a/machines/secrets.yaml b/machines/secrets.yaml index 58dc777..cedd676 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -4,8 +4,9 @@ autofs-nas-secret: ENC[AES256_GCM,data:gbOizRZAvh79HlJWIWeKTk79Ux311XGL1eIswc0P2 github_public_token: ENC[AES256_GCM,data:6Gt+oJcCRHeoLK7CRndMMbszTXSEbnN0nQzsVOnl/+zB4hxbEPD5k/vkkl+cZ/qmxdxFXV0OOsYvktn44Yv1DMUE3mkB0hcAdoyPwLuYM7W3RpOoW3OktH8DRCUi6msvFp3ykpdmIl9WyjVhc/lMwTaYJQyRh1ue,iv:PJSFtJBelyc3rzd6hqjMp+ciU2Q3FTOEXsiq5F2KKTY=,tag:Y/stRg6kwyjjIFZCXS/peg==,type:str] singbox_sg_server: ENC[AES256_GCM,data:SF2ja6W4TwThwoug5x2KTA==,iv:Vx9wNTdVHkReux4YeQY+0VkC1Wqg/CRkY7frVY/3e50=,tag:7XA9KSoR0GA6FoYRhCv4BQ==,type:str] singbox_jp_server: ENC[AES256_GCM,data:S3Bs5yVMzyz6vD51GYElOM5h,iv:nXetY339YuOi2jFEb3xkPTglHRMk/quIrQL4ko+8MxY=,tag:o9d55cZuWmX4NDYexWjvYQ==,type:str] -singbox_password: ENC[AES256_GCM,data:bZ50/gG53D9fyGnQ7ky8VRdNEDhGjbFD,iv:W2HaHeSkvmS6jHSnfOJ6tD2QXuUq1A+mfZf7sEXB++E=,tag:nbr2zNCs3RAr/uidkp08ng==,type:str] -singbox_uuid: ENC[AES256_GCM,data:gYppcUvF5Aj4mBQTMy56kb9JazUM6SeiYLspqiZjbTkPOhhk,iv:+uwt/N9LpFaJK6MjoczyrZ039MDZn4kRmtEoq4OvdFU=,tag:IiBZRfFpjKB/swmJNjodyA==,type:str] +sing-box: + password: ENC[AES256_GCM,data:xyqmoJEDI5959zHPTVelln/iThtoeDwS,iv:rLyqJsE/4JDf08RlMLLPh+MKJkba9bL0z8jx6bTEfgc=,tag:cgLHdeLIyPvLhRNaVcQ0TQ==,type:str] + uuid: ENC[AES256_GCM,data:lWBCM5wyz6BcUUHdvynkn5y166Kk15jO0EhWUDuhXXhrve5l,iv:RmDJYFnYqIEIShLn25sf4h8AO2E3+3Xa2U9Mff+Xk2w=,tag:SN0DUdwZXKO/VEnozrr5mA==,type:str] grafana_cloud_api: ENC[AES256_GCM,data:eEvPAwtThK1FMhbrnmSo89+GlWZAF+LQRMLXA2C6f1vR7ZPlXJZGWzjYwDcPlnpiC737/cG14M4kZqvPGBuNub5A83rBS/+FeebvGDIF59L5PC1Ys1jWBB9YRI/L9EU0tvwTTUCvLRA9j28n7Jw7wR6mWXm63XA+OMu8/UbTwbeV/WUQn8vnwqadSUdCnNKJXMsAY+q9t/st0DPm5+aNxA==,iv:cHvbeCmLFmJPNKsl1BBYx9WJP7ZJWi+8c9yHZWc6FTs=,tag:87C+0FVvzDIowE0+QpY1zA==,type:str] private_dns_address: ENC[AES256_GCM,data:YJxNOH4hsZHResvANEqJRTANhnL4PLp/Pmi/PhgtSTbTKiJKPqudhTEkNg==,iv:8+qG5rQXAKfrykEjt9qrbtyNaBuKvi7EaIWouRqEipY=,tag:VH0w5ZbXcWFGZ9GLavm7/w==,type:str] sops: @@ -86,8 +87,8 @@ sops: NzA1cy80ZW5vUFplQzVMZ0txSmVkMUEKFUvgmJNdo9sV33gOx7LVUSCYvIqCNwaP u+XoWTfg4kp9f4KVTy/8huPsVLhZBUaf6jI10mV2z4QwaLHje4JiHw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-17T12:19:12Z" - mac: ENC[AES256_GCM,data:3Z22GxxDjR2FVZ7VnFY/QhQ1i//1WC93GIwK4d51i13OWmcb71UPmmA6O/HlvLdP6goFCj95eRMUEiiVcdKagt1ca6HsDd6bkOEXwdl//fgOHUsgx5SNtA4kVJwK2bJuUvG72aOiLq89qvNprMLslJ47YqS9WM3rudk3Wp/P+og=,iv:GMN806nsrQg0+ZS0AReamzVv2FrLGELfA6x3RLNE/II=,tag:j2Bq9xYETCSL13zHx1BztA==,type:str] + lastmodified: "2024-11-22T05:48:59Z" + mac: ENC[AES256_GCM,data:In/gSIYnXKbbv1lzS/nmSESCHBcBv/TtkvhzdNiIn73N4kP9aJ+1JE8Npix8zNItzk46DX+nHBk8Kwgl6uq26YtL+sMTBKh5K8Ny0H8ivlgS+olXswv3Y9h1cYD7FBHUKzbMuiJd0ppjC0ZIn20rRpb4d57rwUbvY0KstyQW4JA=,iv:DcdTAimbXXpKhhiB9rriS75+XGNOCcScqi/804+Xx6g=,tag:NHW+UViRmbUDHb0gTd9TDg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 diff --git a/machines/sops.nix b/machines/sops.nix index aeb99d9..869fef7 100644 --- a/machines/sops.nix +++ b/machines/sops.nix @@ -1,11 +1,9 @@ { - inputs, config, lib, ... }: { - imports = [ inputs.sops-nix.nixosModules.sops ]; config = { sops = { defaultSopsFile = ./secrets.yaml; @@ -21,12 +19,6 @@ singbox_jp_server = { owner = "root"; }; - singbox_password = { - owner = "root"; - }; - singbox_uuid = { - owner = "root"; - }; private_dns_address = { owner = "root"; }; diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix index 2fdacc1..8a58896 100644 --- a/machines/weilite/default.nix +++ b/machines/weilite/default.nix @@ -1,14 +1,13 @@ { - inputs, config, pkgs, + lib, modulesPath, ... }: { imports = [ - inputs.sops-nix.nixosModules.sops (modulesPath + "/profiles/qemu-guest.nix") ./services ]; @@ -150,6 +149,15 @@ permitCertUid = "caddy"; }; + services.tailscale.derper = { + enable = true; + domain = "derper00.namely.icu"; + openFirewall = true; + verifyClients = true; + }; + # tailscale derper module use nginx for reverse proxy + services.nginx.enable = lib.mkForce false; + services.caddy = { enable = true; package = pkgs.caddy.withPlugins { @@ -165,6 +173,9 @@ ]; vendorHash = "sha256-OhOeU2+JiJyIW9WdCYq98OKckXQZ9Fn5zULz0aLsXMI="; }; + virtualHosts."derper00.namely.icu:8443".extraConfig = '' + reverse_proxy 127.0.0.1:${toString config.services.tailscale.derper.port} + ''; virtualHosts."weilite.coho-tet.ts.net:8080".extraConfig = '' reverse_proxy 127.0.0.1:${toString config.services.immich.port} ''; diff --git a/machines/weilite/services/default.nix b/machines/weilite/services/default.nix index 031018b..d70e175 100644 --- a/machines/weilite/services/default.nix +++ b/machines/weilite/services/default.nix @@ -2,5 +2,6 @@ imports = [ ./ocis.nix ./restic.nix + ./media-download.nix ]; } diff --git a/machines/weilite/services/media-download.nix b/machines/weilite/services/media-download.nix new file mode 100644 index 0000000..36ae424 --- /dev/null +++ b/machines/weilite/services/media-download.nix @@ -0,0 +1,6 @@ +{ + services.jackett = { + enable = true; + openFirewall = false; + }; +} diff --git a/modules/home-manager/alacritty.nix b/modules/home-manager/alacritty.nix index afe00ea..84fac8c 100644 --- a/modules/home-manager/alacritty.nix +++ b/modules/home-manager/alacritty.nix @@ -21,7 +21,7 @@ in "alacritty-zellij" ]; }; - font.size = 10.0; + font.size = 12.0; window = { resize_increments = true; dynamic_padding = true; diff --git a/modules/home-manager/gui/bwmountains.jpg b/modules/home-manager/gui/bwmountains.jpg new file mode 100755 index 0000000..41ca976 Binary files /dev/null and b/modules/home-manager/gui/bwmountains.jpg differ diff --git a/modules/home-manager/gui/default.nix b/modules/home-manager/gui/default.nix index dae49a8..5528027 100644 --- a/modules/home-manager/gui/default.nix +++ b/modules/home-manager/gui/default.nix @@ -1,7 +1,20 @@ +{ config, lib, ... }: +let + inherit (lib) mkOption types; + cfg = config.custom-hm.gui; +in { imports = [ ./niri.nix ./fuzzel.nix + ./gtklock.nix ./waybar.nix ]; + + options.custom-hm.gui = { + wallpaper = mkOption { + type = types.path; + default = ./bwmountains.jpg; + }; + }; } diff --git a/modules/home-manager/gui/fuzzel.nix b/modules/home-manager/gui/fuzzel.nix index 8b27240..3b4e880 100644 --- a/modules/home-manager/gui/fuzzel.nix +++ b/modules/home-manager/gui/fuzzel.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let inherit (lib) mkIf mkEnableOption; cfg = config.custom-hm.gui.fuzzel; @@ -9,6 +14,28 @@ in }; config = mkIf cfg.enable { - programs.fuzzel.enable = true; + programs.fuzzel = { + enable = true; + settings = { + main = { + fields = "filename,name,exec,generic"; + y-margin = 30; + width = 40; + font = "Ubuntu"; + use-bold = true; + line-height = 30; + }; + }; + }; + home.packages = with pkgs; [ + networkmanager_dmenu + networkmanagerapplet + ]; + xdg.configFile."networkmanager-dmenu/config.ini".text = '' + [dmenu] + dmenu_command = fuzzel --dmenu + wifi_chars = ▂▄▆█ + wifi_icons = 󰤯󰤟󰤢󰤥󰤨 + ''; }; } diff --git a/modules/home-manager/gui/gtklock.nix b/modules/home-manager/gui/gtklock.nix new file mode 100644 index 0000000..69b3ce9 --- /dev/null +++ b/modules/home-manager/gui/gtklock.nix @@ -0,0 +1,128 @@ +# modified from https://github.com/isabelroses/dotfiles/blob/2fd4d2d0cb8254cad5ce4b089d81114e1b88ad02/modules/extra/home-manager/gtklock.nix +{ + lib, + pkgs, + config, + ... +}: +let + cfg = config.custom-hm.gui.gtklock; + + inherit (lib.modules) mkIf; + inherit (lib.options) + mkOption + mkEnableOption + mkPackageOption + literalExpression + ; + inherit (lib.strings) optionalString concatStringsSep; + inherit (lib.lists) optionals; + inherit (lib.types) + oneOf + str + path + listOf + either + package + nullOr + attrs + ; + inherit (lib.generators) toINI; + + # the main config includes two very niche options: style (which takes a path) and modules, which takes a list of module paths + # concatted by ";" + # for type checking purposes, I prefer templating the main section of the config and let the user safely choose options + # extraConfig takes an attrset, and converts it to the correct INI format - it's mostly just strings and integers, so that's fine + baseConfig = '' + [main] + ${optionalString (cfg.config.gtk-theme != "") "gtk-theme=${cfg.config.gtk-theme}"} + ${optionalString (cfg.config.style != "") "style=${cfg.config.style}"} + ${optionalString (cfg.config.modules != [ ]) "modules=${concatStringsSep ";" cfg.config.modules}"} + ''; + + finalConfig = baseConfig + optionals (cfg.extraConfig != null) (toINI { } cfg.extraConfig); +in +{ + options.custom-hm.gui.gtklock = { + enable = mkEnableOption "GTK-based lockscreen for Wayland"; + package = mkPackageOption pkgs "gtklock" { }; + + config = { + gtk-theme = mkOption { + type = str; + default = ""; + description = '' + GTK theme to use for gtklock. + ''; + example = "Adwaita-dark"; + }; + + style = mkOption { + type = oneOf [ + str + path + ]; + default = pkgs.writeText "gtklock-style.css" '' + window { + background-image: url("${config.custom-hm.gui.wallpaper}"); + background-size: cover; + background-repeat: no-repeat; + background-position: center; + } + ''; + description = '' + The css file to be used for gtklock. + ''; + example = literalExpression '' + pkgs.writeText "gtklock-style.css" ''' + window { + background-size: cover; + background-repeat: no-repeat; + background-position: center; + } + ''' + ''; + }; + + modules = mkOption { + type = listOf (either package str); + default = [ + # "${pkgs.gtklock-playerctl-module.outPath}/lib/gtklock/playerctl-module.so" + ]; + description = '' + A list of gtklock modulesto use. Can either be packages, absolute paths, or strings. + ''; + example = literalExpression '' + [ + "${pkgs.gtklock-powerbar-module.outPath}/lib/gtklock/powerbar-module.so" + "${pkgs.gtklock-playerctl-module.outPath}/lib/gtklock/playerctl-module.so" + ]; + ''; + }; + }; + + extraConfig = mkOption { + type = nullOr attrs; + default = + { + }; + description = '' + Extra configuration to append to gtklock configuration file. + Mostly used for appending module configurations. + ''; + example = literalExpression '' + countdown = { + countdown-position = "top-right"; + justify = "right"; + countdown = 20; + } + ''; + }; + }; + + config = mkIf cfg.enable { + home.packages = [ cfg.package ]; + + xdg.configFile."gtklock/config.ini".source = pkgs.writeText "gtklock-config.ini" finalConfig; + }; +} diff --git a/modules/home-manager/gui/niri.nix b/modules/home-manager/gui/niri.nix index a80e692..d26bf93 100644 --- a/modules/home-manager/gui/niri.nix +++ b/modules/home-manager/gui/niri.nix @@ -5,38 +5,52 @@ ... }: let - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkEnableOption getExe; cfg = config.custom-hm.gui.niri; - wallpaper = pkgs.fetchurl { - url = "https://github.com/NixOS/nixos-artwork/blob/master/wallpapers/nixos-wallpaper-catppuccin-mocha.png?raw=true"; - hash = "sha256-fmKFYw2gYAYFjOv4lr8IkXPtZfE1+88yKQ4vjEcax1s="; - }; + wallpaper = config.custom-hm.gui.wallpaper; + xwayland-satellite = pkgs.xwayland-satellite.overrideAttrs (drv: rec { + src = pkgs.fetchFromGitHub { + owner = "Supreeeme"; + repo = "xwayland-satellite"; + rev = "3e6f892d20d918479e67d1e6c90c4be824a9d4ab"; + hash = "sha256-W1UUok7DPi4IXCYtc273FbVH1ifuCIcl+oO6CDqt8Dk="; + }; + cargoDeps = drv.cargoDeps.overrideAttrs ( + lib.const { + name = "xwayland-satellite-vendor.tar.gz"; + inherit src; + outputHash = "sha256-/nK4cVgelaMtpym18RYNafPUFnMOG4uHRpVO8bOS3ow="; + } + ); + }); in { + imports = [ + ./themes.nix + ]; + options.custom-hm.gui.niri = { enable = mkEnableOption "niri"; }; config = mkIf cfg.enable { home.packages = with pkgs; [ - xwayland-satellite cosmic-files ]; - home.pointerCursor = { - name = "Bibata-Modern-Ice"; - size = 24; - package = pkgs.bibata-cursors; - gtk.enable = true; - }; - gtk = { - enable = true; - theme = { - name = "Catppuccin-GTK-Dark"; - package = pkgs.magnetic-catppuccin-gtk; + + systemd.user.services.xwayland-satellite = { + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + Unit = { + PartOf = [ "graphical-session.target" ]; + After = [ "graphical-session.target" ]; + }; + Service = { + ExecStart = "${xwayland-satellite}/bin/xwayland-satellite"; + Restart = "on-failure"; }; - gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; }; - services.network-manager-applet.enable = true; systemd.user.services.swaybg = { Install = { @@ -52,12 +66,14 @@ in }; }; - programs.swaylock = { + services.swaync = { enable = true; - settings = { - show-failed-attempts = true; - daemonize = true; - scaling = "fill"; + }; + + custom-hm.gui.gtklock = { + enable = true; + config = { + gtk-theme = "Catppuccin-GTK-Dark"; }; }; @@ -68,14 +84,18 @@ in enable = true; timeouts = [ { - timeout = 900; - command = "/run/current-system/systemd/bin/systemctl suspend"; + timeout = 600; + command = ''[ "$(${pkgs.tlp}/bin/tlp-stat -m)" == "battery" ] && /run/current-system/systemd/bin/systemctl suspend''; + } + { + timeout = 1200; + command = ''${getExe pkgs.niri} msg action power-off-monitors''; } ]; events = [ { event = "lock"; - command = "${pkgs.swaylock}/bin/swaylock"; + command = "${getExe pkgs.gtklock}"; } { event = "before-sleep"; diff --git a/modules/home-manager/gui/themes.nix b/modules/home-manager/gui/themes.nix new file mode 100644 index 0000000..ad0de1c --- /dev/null +++ b/modules/home-manager/gui/themes.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + config = { + home.pointerCursor = { + name = "Bibata-Modern-Ice"; + size = 24; + package = pkgs.bibata-cursors; + gtk.enable = true; + }; + gtk = { + enable = true; + theme = { + name = "Catppuccin-GTK-Dark"; + package = pkgs.magnetic-catppuccin-gtk; + }; + gtk2.configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc"; + }; + }; +} diff --git a/modules/home-manager/gui/waybar.css b/modules/home-manager/gui/waybar.css index 6a5da1d..eaed007 100644 --- a/modules/home-manager/gui/waybar.css +++ b/modules/home-manager/gui/waybar.css @@ -49,7 +49,8 @@ window#waybar { #network, #backlight, #battery, -#tray { +#tray, +#custom-notification { margin-right: 15px; } #clock { diff --git a/modules/home-manager/gui/waybar.nix b/modules/home-manager/gui/waybar.nix index 001e7ce..3890a00 100644 --- a/modules/home-manager/gui/waybar.nix +++ b/modules/home-manager/gui/waybar.nix @@ -57,6 +57,8 @@ in "battery" "custom/separator" "tray" + "custom/separator" + "custom/notification" ]; "niri/workspaces" = { all-outputs = true; @@ -158,16 +160,30 @@ in icon-size = 18; spacing = 14; }; + + "custom/notification" = { + escape = true; + exec = "swaync-client -swb"; + exec-if = "which swaync-client"; + format = "{icon}"; + format-icons = { + dnd-inhibited-none = ""; + dnd-inhibited-notification = ""; + dnd-none = ""; + dnd-notification = ""; + inhibited-none = ""; + inhibited-notification = ""; + none = ""; + notification = ""; + }; + on-click = "swaync-client -t -sw"; + on-click-right = "swaync-client -d -sw"; + return-type = "json"; + tooltip = false; + }; }; }; systemd.enable = true; }; - - systemd.user.targets.tray = { - Unit = { - Description = "Home Manager System Tray"; - Requires = [ "graphical-session-pre.target" ]; - }; - }; }; } diff --git a/modules/home-manager/vim.nix b/modules/home-manager/vim.nix index 0709791..bd41ca5 100644 --- a/modules/home-manager/vim.nix +++ b/modules/home-manager/vim.nix @@ -5,9 +5,29 @@ ... }: let - inherit (lib) mkIf mkEnableOption getExe; + inherit (lib) + mkIf + mkEnableOption + getExe + types + attrsets + ; cfg = config.custom-hm.neovim; tomlFormat = pkgs.formats.toml { }; + fontItem = + with types; + either str (submodule { + options = { + family = { + type = str; + }; + style = { + type = nullOr str; + default = null; + }; + }; + }); + fontType = types.either fontItem (types.listOf fontItem); neovideConfig = { neovim-bin = getExe pkgs.nixvim; fork = true; @@ -17,6 +37,78 @@ in { options.custom-hm.neovim = { enable = mkEnableOption "neovim configurations"; + font = { + # Required options + normal = lib.mkOption { + type = fontType; + description = '' + The normal font description. Can be: + - A table with "family" (required) and "style" (optional). + - A string indicating the font family. + - An array of strings or tables as described above. + ''; + }; + + size = lib.mkOption { + type = lib.types.float; + description = "Required font size."; + }; + + # Optional options + bold = lib.mkOption { + type = types.nullOr fontType; + default = null; + description = '' + Optional bold font description. Can be: + - A table with "family" (optional) and "style" (optional). + - A string indicating the font family. + - An array of strings or tables as described above. + ''; + }; + + italic = lib.mkOption { + type = types.nullOr fontType; + default = null; + description = "Optional italic font description."; + }; + + bold_italic = lib.mkOption { + type = types.nullOr fontType; + default = null; + description = "Optional bold-italic font description."; + }; + + features = lib.mkOption { + type = types.nullOr (lib.types.attrsOf (lib.types.listOf lib.types.str)); + default = { }; + description = '' + Optional font features. A table where the key is the font family and + the value is a list of font features. Each feature can be: + - + (e.g., +ss01) + - - (e.g., -calt) + - = (e.g., ss02=2) + ''; + }; + + width = lib.mkOption { + type = types.nullOr types.float; + default = null; + description = "Optional font width."; + }; + + hinting = lib.mkOption { + type = types.nullOr types.str; + default = null; + description = "Optional font hinting (none, slight, medium, full)."; + }; + + edging = lib.mkOption { + type = types.nullOr types.str; + default = null; + description = "Optional font edging (none, antialiased, subpixel)."; + }; + + }; }; config = mkIf cfg.enable { home.packages = with pkgs; [ @@ -25,7 +117,12 @@ in ]; programs.neovim.enable = false; home.file.".config/neovide/config.toml" = { - source = tomlFormat.generate "neovide-config" neovideConfig; + source = tomlFormat.generate "neovide-config" ( + neovideConfig + // (attrsets.filterAttrsRecursive (n: v: v != null) { + font = cfg.font; + }) + ); }; }; } diff --git a/modules/home-manager/vscode.nix b/modules/home-manager/vscode.nix index 9af7fdd..a34febe 100644 --- a/modules/home-manager/vscode.nix +++ b/modules/home-manager/vscode.nix @@ -1,5 +1,4 @@ { - inputs, config, lib, pkgs, @@ -16,7 +15,7 @@ let nixd nixpkgs-fmt ]; - extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ + extension = with pkgs.vscode-marketplace; [ jnoortheen.nix-ide ]; settings = { @@ -30,13 +29,16 @@ let clang-tools cmake-format ]; - extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ - llvm-vs-code-extensions.vscode-clangd - (ms-vscode.cmake-tools.overrideAttrs (_: { - sourceRoot = "extension"; - })) - twxs.cmake - ] ++ (with pkgs.vscode-extensions; [ ms-vscode.cpptools ]); + extension = + with pkgs.vscode-marketplace; + [ + llvm-vs-code-extensions.vscode-clangd + (ms-vscode.cmake-tools.overrideAttrs (_: { + sourceRoot = "extension"; + })) + twxs.cmake + ] + ++ (with pkgs.vscode-extensions; [ ms-vscode.cpptools ]); settings = { "cmake.configureOnEdit" = false; "cmake.showOptionsMovedNotification" = false; @@ -50,7 +52,7 @@ let }; pythonPackages = { systemPackages = with pkgs; [ ]; - extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ + extension = with pkgs.vscode-marketplace; [ ms-python.python ]; settings = { }; @@ -60,7 +62,7 @@ let coursier metals ]; - extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ + extension = with pkgs.vscode-marketplace; [ scala-lang.scala scalameta.metals ]; @@ -68,7 +70,7 @@ let }; latexPackages = { systemPackages = with pkgs; [ texliveSmall ]; - extension = with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ + extension = with pkgs.vscode-marketplace; [ james-yu.latex-workshop ]; settings = { @@ -184,7 +186,7 @@ in mutableExtensionsDir = false; extensions = lib.mkMerge ( [ - (with inputs.nix-vscode-extensions.extensions.${pkgs.system}.vscode-marketplace; [ + (with pkgs.vscode-marketplace; [ mkhl.direnv ms-azuretools.vscode-docker diff --git a/modules/home-manager/xdg-autostart.nix b/modules/home-manager/xdg-autostart.nix new file mode 100644 index 0000000..d2127ae --- /dev/null +++ b/modules/home-manager/xdg-autostart.nix @@ -0,0 +1,96 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.xdg.autoStart; + inherit (lib) hm types; +in +{ + + options.xdg.autoStart = { + + packages = lib.mkOption { + description = '' + List of packages which should be autostarted. + + This module tries to select the package’s default desktop file, + which is either described by its .desktopItem attribute + or by its first entry of its .desktopItems attribute. + + Users who want to specifically select a certain desktop file + or who want to write their own + can make use of the {option}`xdg.autoStart.desktopItems` option. + ''; + + type = types.listOf types.package; + default = [ ]; + example = lib.literalExpression '' + with pkgs; [ + pkgs.trilium-desktop + ] + ''; + }; + + desktopItems = lib.mkOption { + description = '' + List of desktop files which should be autostarted. + + Users should prefer to use {option}`xdg.autoStart.packages` + and only use this option in case + they want to specifically + select a package’s desktop item + or want to create their own desktop item. + + Be warned, this may shadow entries of {option}`xdg.autoStart.packages`. + ''; + + type = types.attrsOf (types.unspecified); # TODO replace unspecified + default = { }; + # TODO improve example, take one where it would make sense to use this option + example = lib.literalExpression '' + { + discord = pkgs.discord.desktopItem + firefox-custom = makeDesktopItem { + exec = "firefox -P custom"; + }; + } + ''; + }; + + }; + + config = + let + # helpers + retrieveDesktopItem = ( + pkg: + if pkg ? desktopItem then + pkg.desktopItem + else if pkg ? desktopItems && pkg.desktopItems != [ ] then + builtins.head pkg.desktopItems + else + abort "package '${pkg.pname}' is missing a desktop file" + ); + emulateDesktopItem = (pkg: lib.nameValuePair pkg.pname (retrieveDesktopItem pkg)); + embedDesktopItem = ( + name: deskItem: + lib.nameValuePair "autostart/${name}.desktop" { + source = "${deskItem}/share/applications/${deskItem.name}"; + } + ); + # parse opts + desktopItemsPackages = builtins.listToAttrs (map emulateDesktopItem cfg.packages); + desktopItems = desktopItemsPackages // cfg.desktopItems; + in + { + assertions = [ + (hm.assertions.assertPlatform "xdg.autoStart" pkgs lib.platforms.linux) + ]; + + xdg.configFile = lib.attrsets.mapAttrs' embedDesktopItem desktopItems; + }; + +} diff --git a/modules/home-manager/zellij.nix b/modules/home-manager/zellij.nix index be2d4fe..fcb8f04 100644 --- a/modules/home-manager/zellij.nix +++ b/modules/home-manager/zellij.nix @@ -26,7 +26,7 @@ in bind "Ctrl l" { MoveFocusOrTab "Right"; } bind "Ctrl j" { MoveFocus "Down"; } bind "Ctrl k" { MoveFocus "Up"; } - unbind "Alt h" "Alt l" "Alt j" "Alt k" + unbind "Alt h" "Alt l" "Alt j" "Alt k" "Alt f" } unbind "Ctrl p" "Ctrl n" } diff --git a/modules/nixos/common-settings/proxy-server.nix b/modules/nixos/common-settings/proxy-server.nix new file mode 100644 index 0000000..d2cfb0f --- /dev/null +++ b/modules/nixos/common-settings/proxy-server.nix @@ -0,0 +1,152 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + mkIf + mkEnableOption + mkOption + types + ; + + cfg = config.commonSettings.proxyServer; + + singTls = { + enabled = true; + server_name = config.deployment.targetHost; + key_path = config.security.acme.certs.${config.deployment.targetHost}.directory + "/key.pem"; + certificate_path = + config.security.acme.certs.${config.deployment.targetHost}.directory + "/cert.pem"; + }; + + mkSingConfig = + { uuid, password, ... }: + { + inbounds = + [ + { + tag = "sg0"; + type = "trojan"; + listen = "::"; + listen_port = 8080; + users = [ + { + name = "proxy"; + password = { + _secret = password; + }; + } + ]; + tls = singTls; + } + ] + ++ lib.forEach (lib.range 6311 6314) (port: { + tag = "sg" + toString (port - 6310); + type = "tuic"; + listen = "::"; + listen_port = port; + congestion_control = "bbr"; + users = [ + { + name = "proxy"; + uuid = { + _secret = uuid; + }; + password = { + _secret = password; + }; + } + ]; + tls = singTls; + }); + outbounds = [ + { + type = "wireguard"; + tag = "wg-out"; + private_key = { + _secret = config.sops.secrets.wg_private_key.path; + }; + local_address = [ + "172.16.0.2/32" + { _secret = config.sops.secrets.wg_ipv6_local_addr.path; } + ]; + peers = [ + { + public_key = "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo="; + allowed_ips = [ + "0.0.0.0/0" + "::/0" + ]; + server = "162.159.192.1"; + server_port = 500; + } + ]; + } + { + type = "direct"; + tag = "direct"; + } + ]; + route = { + rules = [ + { + inbound = "sg0"; + outbound = "direct"; + } + { + inbound = "sg4"; + outbound = "direct"; + } + ]; + }; + }; +in +{ + options.commonSettings.proxyServer = { + enable = mkEnableOption "sing-box as a server"; + }; + + config = mkIf cfg.enable { + boot.kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + }; + + networking.firewall.trustedInterfaces = [ "tun0" ]; + + security.acme = { + acceptTerms = true; + certs.${config.deployment.targetHost} = { + email = "me@namely.icu"; + # Avoid port conflict + listenHTTP = if config.services.caddy.enable then ":30310" else ":80"; + }; + }; + services.caddy.virtualHosts."http://${config.deployment.targetHost}:80".extraConfig = '' + reverse_proxy 127.0.0.1:30310 + ''; + + networking.firewall.allowedTCPPorts = [ + 80 + 8080 + ]; + networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314); + + custom.prometheus = { + enable = true; + exporters.blackbox.enable = true; + }; + + services.sing-box = { + enable = true; + settings = mkSingConfig { + uuid = config.sops.secrets."sing-box/uuid".path; + password = config.sops.secrets."sing-box/password".path; + }; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bfc36ce..bcfdca7 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -3,12 +3,12 @@ ./common-settings/auth.nix ./common-settings/autoupgrade.nix ./common-settings/nix-conf.nix + ./common-settings/proxy-server.nix ./restic.nix ./vaultwarden.nix ./prometheus ./hedgedoc.nix ./sing-box.nix - ./stylix.nix ./kanidm-client.nix ./ssh-tpm-agent.nix # FIXME: Waiting for upstream merge ./forgejo-actions-runner.nix diff --git a/modules/nixos/stylix.nix b/modules/nixos/stylix.nix deleted file mode 100644 index c5e546b..0000000 --- a/modules/nixos/stylix.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: -let - inherit (lib) mkEnableOption mkIf; - cfg = config.custom.stylix; -in -{ - imports = [ inputs.stylix.nixosModules.stylix ]; - - options = { - custom.stylix = { - enable = mkEnableOption "style management with stylix"; - }; - }; - - config = mkIf cfg.enable { - stylix.enable = true; - stylix.image = pkgs.fetchurl { - url = "https://github.com/NixOS/nixos-artwork/blob/master/wallpapers/nixos-wallpaper-catppuccin-mocha.png?raw=true"; - hash = "sha256-fmKFYw2gYAYFjOv4lr8IkXPtZfE1+88yKQ4vjEcax1s="; - }; - - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/catppuccin-mocha.yaml"; - stylix.polarity = "dark"; - stylix.autoEnable = false; - stylix.homeManagerIntegration.autoImport = true; - stylix.homeManagerIntegration.followSystem = true; - - stylix.targets = { - console.enable = true; - # gnome.enable = if config.services.xserver.desktopManager.gnome.enable then true else false; - gnome.enable = false; - gtk.enable = true; - }; - }; -} diff --git a/overlays/add-pkgs.nix b/overlays/add-pkgs.nix index 35b6981..f1b214e 100644 --- a/overlays/add-pkgs.nix +++ b/overlays/add-pkgs.nix @@ -1,3 +1,12 @@ (final: prev: { - oidc-agent = prev.callPackage ./pkgs/oidc-agent { }; + ubootOrangePiR1LtsPackage = prev.buildUBoot { + defconfig = "orangepi-r1-plus-lts-rk3328_defconfig"; + enableParallelBuilding = true; + + BL31 = "${prev.armTrustedFirmwareRK3328}/bl31.elf"; + filesToInstall = [ + "u-boot.itb" + "idbloader.img" + ]; + }; }) diff --git a/scripts/nixos-updater.py b/scripts/nixos-updater.py new file mode 100644 index 0000000..c859250 --- /dev/null +++ b/scripts/nixos-updater.py @@ -0,0 +1,90 @@ +import requests +import os +import socket +import json +from os import path as osp +from dataclasses import dataclass + +""" +This updater consists of several parts: + +- Update checker: Check an url for update (if outPath is different from /run/current-system or some specified profile) or maybe use timestamp for update +- Nix copy --from: copy from remote. Need to specify remote url. +- Create a symlink: /run/next-system -> +- Listen for POST request to trigger system switch (optional) +""" + + +@dataclass +class GarnixConfig: + token: str + + +@dataclass +class Config: + check_type: str + check_url: str + remote_url: str + garnix: GarnixConfig + hostname: str = socket.gethostname() + + +class Nix: + def __init__(self, args): + self.args = args + + def copy_from_remote(self): + # run nix copy with subprocess + pass + + def eval(self): + + +class Updater: + def __init__(self, config: Config): + self.config = config + + # TODO: Make this configurable + self.current_drv = os.readlink("/run/current-system") + self.next_dev = None + + # checkers take an url and returns the outPath of the latest success build + def garnix_checker(self) -> str: + domain = "garnix.io" + build_endpoint = "/api/build/commit" + + # Latest commit from git + + # Check build status of this commit + resp = requests.get( + f"https://{domain}{build_endpoint}/40b1e9ff23aaa5f555420dd22414c3f137a02cfe" + ) + # Raise error if status code is not valid + + # Fetch outPath from eval endpoint + # TODO: In theory, this could be done by parsing raw log from garnix. + + # Try to evaluate locally if eval endpoint is not configured + + resp = resp.json() + # TODO + return "null" + + def hydra_checker(self) -> str: + # TODO + return "null" + + # Check for update + def poll(self) -> str | None: + cfg = self.config + if cfg.check_type == "garnix": + pass + elif cfg.check_type == "hydra": + pass + else: + pass + pass + + +if __name__ == "__main__": + pass