diff --git a/applications/communications.nix b/applications/communications.nix deleted file mode 100644 index 32ad1ac..0000000 --- a/applications/communications.nix +++ /dev/null @@ -1,96 +0,0 @@ -# Communications software -{ config, pkgs, unstable, ... }: -{ - # Pull in personal overlay - # nixpkgs.overlays = [ (import ../../overlays/personal/overlay.nix) ]; - - environment.systemPackages = with pkgs; - let - enableWayland = drv: bin: drv.overrideAttrs ( - old: { - nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ]; - postFixup = (old.postFixup or "") + '' - wrapProgram $out/bin/${bin} \ - --add-flags "--enable-features=UseOzonePlatform" \ - --add-flags "--ozone-platform=wayland" - ''; - } - ); - ## Wayland workaround chromium desktop items - # Facebook messenger - fbChromeDesktopItem = pkgs.makeDesktopItem { - name = "messenger-chrome"; - desktopName = "Messenger (chrome)"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\""; - terminal = false; - }; - # Teams - teamsItem = pkgs.makeDesktopItem { - name = "teams-wayland"; - desktopName = "Teams (Wayland)"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\""; - terminal = false; - }; - # Discord - - discordWayland = pkgs.callPackage ../packages/discord/default.nix rec { - pname = "discord-electron"; - binaryName = "Discord"; - desktopName = "Discord (Wayland)"; - version = "0.0.18"; - src = fetchurl { - url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; - hash = "sha256-BBc4n6Q3xuBE13JS3gz/6EcwdOWW57NLp2saOlwOgMI="; - }; - electron = pkgs.electron_13; - }; - ## Pass wayland options to existing applications - signalWaylandItem = pkgs.makeDesktopItem { - name = "signal-desktop-wayland"; - desktopName = "Signal (Wayland)"; - exec = "${unstable.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform -ozone-platform=wayland"; - terminal = false; - icon = "signal-desktop"; - type = "Application"; - }; - zulipWayland = pkgs.makeDesktopItem { - name = "zulip-wayland"; - desktopName = "Zulip (Wayland)"; - exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland"; - terminal = false; - icon = "zulip"; - type = "Application"; - }; - in - [ - # Discord - discordWayland - unstable.betterdiscordctl - # Desktop matrix client - (enableWayland element-desktop "element-desktop") - # Desktop signal client - (enableWayland signal-desktop "signal-desktop") - # Desktop telegram client - tdesktop - # Desktop mastodon client - tootle - # zulip - unstable.zulip - zulipWayland - # Zoom (for work, sadly) - unstable.zoom-us - # Teams (also for work) - unstable.teams - # chromium - chromium - # Wayland workaround packages - fbChromeDesktopItem - teamsItem - ]; - - - # Work around for discord jank ugh - nixpkgs.config.permittedInsecurePackages = [ - "electron-13.6.9" - ]; -} diff --git a/applications/devel-core-linux.nix b/applications/devel-core-linux.nix deleted file mode 100644 index 44c2744..0000000 --- a/applications/devel-core-linux.nix +++ /dev/null @@ -1,10 +0,0 @@ -# Linux Specific Core development libraries -{ config, pkgs, unstable, ... }: -{ - environment.systemPackages = with pkgs; [ - gcc - binutils - clang - unstable.mold - ]; -} diff --git a/applications/devel-core.nix b/applications/devel-core.nix deleted file mode 100644 index f25d753..0000000 --- a/applications/devel-core.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Core development libraries -{ config, pkgs, unstable, ... }: -{ - environment.systemPackages = with pkgs; [ - # Full version of git - unstable.gitFull - # Git addons - git-secret - unstable.git-lfs - delta - # General development requirements - python3Full - cmake - libtool - gnumake - nixpkgs-fmt - # jq for interacting with JSON - jq - jc - # Viewer for deeply nested JSON - fx - # Direnv for nix-shell niceness - direnv - # Sops for secrets - sops - # Just in case - neovim - # For python - nodePackages.pyright - ]; -} diff --git a/applications/devel-js.nix b/applications/devel-js.nix deleted file mode 100644 index 193b1ff..0000000 --- a/applications/devel-js.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, unstable, pkgs, ... }: - -{ - environment.systemPackages = with unstable; [ - nodejs - yarn - nodePackages.typescript - deno - ]; -} diff --git a/applications/devel-kotlin.nix b/applications/devel-kotlin.nix deleted file mode 100644 index ce6afee..0000000 --- a/applications/devel-kotlin.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, java, unstable, ... }: - -{ - environment.systemPackages = with unstable; [ - java.packages.${system}.semeru-stable - gradle - kotlin - kotlin-native - kotlin-language-server - ktlint - ]; -} diff --git a/applications/devel-raku.nix b/applications/devel-raku.nix deleted file mode 100644 index ab98a9f..0000000 --- a/applications/devel-raku.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, unstable, ... }: - -{ - environment.systemPackages = with unstable; [ - rakudo - zef - ]; -} diff --git a/applications/devel-rust.nix b/applications/devel-rust.nix deleted file mode 100644 index 556cf06..0000000 --- a/applications/devel-rust.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Utilities for developing in rust -{ config, pkgs, unstable, fenix, ... }: -{ - environment.systemPackages = with pkgs; [ - # Use rustup to get the compiler - rustup - # Install the latest rust analyzer - fenix.packages."${system}".rust-analyzer - # Sccache for faster builds - sccache - # Misc cargo utilites - cargo-binutils # Allow invoking the llvm tools included with the toolchain - cargo-edit # Command line Cargo.toml manipulation - cargo-asm # Dump the generated assembly - cargo-fuzz # front end for fuzz testing rust - cargo-license # Audit the licenses of dependencies - cargo-criterion # Benchmarking front end - cargo-audit # Check dependencies for known CVEs - cargo-bloat # Find out what's taking up space in the executable - cargo-udeps # Find unused dependencies - cargo-expand # Dump expanded macros - unstable.cargo-tarpaulin # Code coverage - cargo-play # Quickly execute code outside of a crate - # For building stuff that uses protocol buffers - protobuf - ]; -} diff --git a/applications/emacs.nix b/applications/emacs.nix deleted file mode 100644 index ec93a24..0000000 --- a/applications/emacs.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, doomEmacs, ... }: -{ - # Install emacs - environment.systemPackages = with pkgs; [ - # For markdown rendering - python39Packages.grip - # For graph generation - graphviz - ]; - - # Utilize home-manager - home-manager.users.nathan = { - # Nixify doomEmacs - # TODO:Reenable, currently off because of ghub - imports = [ doomEmacs ]; - programs.doom-emacs = { - enable = true; - doomPrivateDir = ../doom.d; - emacsPackage = pkgs.emacsPgtkNativeComp; - }; - # Startup service - services.emacs = { - enable = pkgs.stdenv.isLinux; - client.enable = true; - defaultEditor = true; - }; - }; -} diff --git a/applications/image-editing.nix b/applications/image-editing.nix deleted file mode 100644 index 9ca5da8..0000000 --- a/applications/image-editing.nix +++ /dev/null @@ -1,16 +0,0 @@ -# Image editing applications -{ config, pkgs, unstable, ... }: -{ - environment.systemPackages = with pkgs; [ - # RawTherapee for raw editing - unstable.rawtherapee - # Gimp for complex editing - unstable.gimp-with-plugins - # Krita for drawing - unstable.krita - # Pinta for basic image editing - unstable.pinta - # Command line tools for image conversion and handling - imagemagickBig - ]; -} diff --git a/applications/media.nix b/applications/media.nix deleted file mode 100644 index bc2679f..0000000 --- a/applications/media.nix +++ /dev/null @@ -1,163 +0,0 @@ -# Media players and other applications -{ config, pkgs, lib, unstable, ... }: -let - mopidyEnv = pkgs.buildEnv { - name = "mopidy-daemon-environment"; - paths = with pkgs; [ - mopidy-mpd - mopidy-iris - mopidy-scrobbler - mopidy-local - ]; - pathsToLink = [ "/${pkgs.mopidyPackages.python.sitePackages}" ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - makeWrapper ${pkgs.mopidy}/bin/mopidy $out/bin/mopidy \ - --prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages} - ''; - }; - mopidyConf = pkgs.writeText "mopidy.conf" - '' - [core] - #cache_dir = $XDG_CACHE_DIR/mopidy - #config_dir = $XDG_CONFIG_DIR/mopidy - #data_dir = $XDG_DATA_DIR/mopidy - #max_tracklist_length = 10000 - #restore_state = false - - [logging] - #verbosity = 0 - #format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n %(message)s - #color = true - #config_file = - - [audio] - #mixer = software - #mixer_volume = - #output = autoaudiosink - #buffer_time = - - [proxy] - #scheme = - #hostname = - #port = - #username = - #password = - - [file] - enabled = true - media_dirs = - ~/Music - # $XDG_MUSIC_DIR|Music - #excluded_file_extensions = - # .directory - # .html - # .jpeg - # .jpg - # .log - # .nfo - # .pdf - # .png - # .txt - # .zip - #show_dotfiles = false - #follow_symlinks = false - #metadata_timeout = 1000 - - [local] - media_dir = /home/nathan/Music - - [http] - #enabled = true - #hostname = 127.0.0.1 - #port = 6680 - #zeroconf = Mopidy HTTP server on $hostname - #allowed_origins = - #csrf_protection = true - #default_app = mopidy - - [m3u] - #enabled = true - #base_dir = $XDG_MUSIC_DIR - #default_encoding = latin-1 - #default_extension = .m3u8 - #playlists_dir = - - [softwaremixer] - #enabled = true - - [stream] - #enabled = true - #protocols = - # http - # https - # mms - # rtmp - # rtmps - # rtsp - #metadata_blacklist = - #timeout = 5000 - - [mpd] - enabled = true - ''; -in -{ - environment.systemPackages = - let - ## Wrapper around iris - irisDesktopItem = pkgs.makeDesktopItem { - name = "iris"; - desktopName = "Iris"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"http://localhost:6680/iris/\""; - terminal = false; - }; - in - with pkgs; [ - # Spotify - spotify - # Latest version of vlc - unstable.vlc - # Plex client - plex-media-player - # OBS studio for screen recording - unstable.obs-studio - # Soulseek client - nicotine-plus - # Mopidy + extensions - mopidyEnv - # Iris desktop client - irisDesktopItem - # Picard for sorting - unstable.picard - ]; - - # Start mopidy as a user service, for sanity - systemd.user.services.mopidy = { - description = "Mopidy music server"; - wantedBy = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${mopidyEnv}/bin/mopidy --config ${lib.concatStringsSep ":" [mopidyConf config.sops.secrets.lastfm-conf.path]}"; - }; - wants = [ "rclone-music.service" ]; - enable = true; - }; - # Load up lastfm scrobbling secret - sops.secrets.lastfm-conf = { - owner = "nathan"; - format = "binary"; - sopsFile = ../secrets/lastfm.conf; - }; - - # Same for the scanning service - systemd.user.services.mopidy-scan = { - description = "Mopidy files local scanner"; - serviceConfig = { - ExecStart = "${mopidyEnv}/bin/mopidy local scan"; - Type = "oneshot"; - }; - wants = [ "rclone-music.service" ]; - }; - -} diff --git a/applications/syncthing.nix b/applications/syncthing.nix deleted file mode 100644 index 18a385a..0000000 --- a/applications/syncthing.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, unstable, ... }: -{ - # Install synthing and syncthing-tray - environment.systemPackages = with pkgs; [ - syncthing - unstable.syncthingtray - ]; - # Home manager configuration - home-manager.users.nathan = { - # Enable the service for both syncthing and the tray - services.syncthing = { - enable = true; - tray = { - enable = true; - package = unstable.syncthingtray; - command = "syncthingtray --wait"; - }; - }; - }; -} diff --git a/applications/utils-core.nix b/applications/utils-core.nix deleted file mode 100644 index d1c6fed..0000000 --- a/applications/utils-core.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Basic, must have, command-line utilities -{ config, pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ - # Basic command line utilities - wget - tmux - nano - unzip - any-nix-shell - htop - # Spell check - hunspell - hunspellDicts.en-us - # Rust rewrites of common shell utilities - starship - exa - bat - fd - sd - du-dust - ripgrep - ripgrep-all - tokei - hyperfine - bottom - dogdns - duf - # CLI Markdown renderer - glow - # Command line file manager - broot - # Much better curl - httpie - # CLI spreadsheets - visidata - # User friendly cut - choose - # Cheatsheet manager - cheat - # Ping with a graph - gping - # Man but terse - tealdeer - # Pandoc for documentation - pandoc - # For nslookup - dnsutils - # Feh image viewer - feh - # Mosh for better high-latency ssh - mosh - # PV for viewing pipes - pv - ]; -} diff --git a/common.nix b/common.nix deleted file mode 100644 index 6736933..0000000 --- a/common.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./ssh.nix - ./fish.nix - ./git.nix - ]; - programs.home-manager.enable = true; -} diff --git a/core.nix b/core.nix new file mode 100644 index 0000000..88d8a3b --- /dev/null +++ b/core.nix @@ -0,0 +1,3 @@ +{ config, lib, pkgs, ... }: + +{ } diff --git a/darwin-modules/base.nix b/darwin-modules/base.nix deleted file mode 100644 index 8ce0415..0000000 --- a/darwin-modules/base.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: - -{ - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; - [ - openssh - coreutils-full - ]; - - # Use a custom configuration.nix location. - # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix - # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - - # Auto upgrade nix package and the daemon service. - services.nix-daemon.enable = true; - - # Create /etc/bashrc that loads the nix-darwin environment. - programs.zsh.enable = true; # default shell on catalina - programs.fish.enable = true; - # Give nix packages higher priority than system packages in fish - programs.fish.shellInit = '' - for p in /run/current-system/sw/bin - if not contains $p $fish_user_paths - set -g fish_user_paths $p $fish_user_paths - end - end - ''; - - # Make nix managed fonts work on macos - fonts.fontDir.enable = true; - - # Used for backwards compatibility, please read the changelog before changing. - # $ darwin-rebuild changelog - system.stateVersion = 4; -} diff --git a/darwin-modules/gpg.nix b/darwin-modules/gpg.nix deleted file mode 100644 index 49e279e..0000000 --- a/darwin-modules/gpg.nix +++ /dev/null @@ -1,24 +0,0 @@ -# Configure gpg with yubikey support -{ config, pkgs, ... }: -{ - # Setup environment for gpg agent - environment.shellInit = '' - export GPG_TTY="$(tty)" - gpg-connect-agent /bye - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - ''; - - programs = { - # Enable gpg-agent with ssh support - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - - # install gnupg and yubikey personalization - environment.systemPackages = with pkgs; [ - gnupg - yubikey-personalization - ]; -} diff --git a/desktop.nix b/desktop.nix deleted file mode 100644 index 9e48ab2..0000000 --- a/desktop.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, lib, unstable, ... }: { - ## Boot, drivers, and host name - # Use grub - boot.loader = { - grub = { - enable = true; - version = 2; - efiSupport = true; - # Go efi only - device = "nodev"; - # Use os-prober - useOSProber = true; - }; - efi = { - efiSysMountPoint = "/boot/"; - canTouchEfiVariables = true; - }; - }; - # Enable AMD gpu drivers early - boot.initrd.kernelModules = [ "amdgpu" ]; - # Use the zen kernel with muqss turned on - boot.kernelPackages = - let - linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override { - structuredExtraConfig = with lib.kernel; { - SCHED_MUQSS = yes; - }; - ignoreConfigErrors = true; - } - ); - in - linuxZenWMuQSS; - ## Left over uncategorized packages - environment.systemPackages = with pkgs; [ - unstable.firefox-beta-bin - wally-cli - ]; - # Enable ergodox udev rules - hardware.keyboard.zsa.enable = true; -} diff --git a/droid.nix b/droid.nix deleted file mode 100644 index d424c31..0000000 --- a/droid.nix +++ /dev/null @@ -1,115 +0,0 @@ -{ config, lib, pkgs, unstable, fenix, ... }: - -{ - system.stateVersion = "21.11"; - - environment.sessionVariables = { - XDG_RUNTIME_DIR = "/data/data/com.termux.nix/files/home/run"; - GDK_DPI_SCALE = "2"; - GDK_SCALE = "2"; - }; - - # Get home-manager up and running - home-manager.config = ./home-manager/common.nix; - - # Have to put packages here, as it does not have environment.systemPackages - environment.packages = with pkgs; - [ - ### - ## utils-core - ### - # Basic command line utilities - wget - tmux - nano - unzip - any-nix-shell - htop - # Spell check - hunspell - hunspellDicts.en-us - # Rust rewrites of common shell utilities - starship - exa - bat - fd - sd - du-dust - ripgrep - ripgrep-all - tokei - hyperfine - unstable.bottom - dogdns - duf - # CLI Markdown renderer - glow - # Command line file manager - broot - # Much better curl - unstable.httpie - # CLI spreadsheets - visidata - # User friendly cut - choose - # Cheatsheet manager - cheat - # Ping with a graph - gping - # Man but terse - tealdeer - # Pandoc for documentation - unstable.pandoc - # For nslookup - dnsutils - # Feh image viewer - feh - # Mosh for better high-latency ssh - mosh - ### - ## devel-core - ### - # Full version of git - git - # Git addons - git-secret - git-lfs - delta - # General development requirements - python3Full - cmake - libtool - gnumake - nixpkgs-fmt - # jq for interacting with JSON - jq - jc - # Viewer for deeply nested JSON - fx - # Direnv for nix-shell niceness - direnv - ### - ## devel-rust - ### - # Use rustup to get the compiler - rustup - # Install the latest rust analyzer - fenix.rust-analyzer - # Sccache for faster builds - # sccache - # Misc cargo utilites - cargo-binutils # Allow invoking the llvm tools included with the toolchain - cargo-edit # Command line Cargo.toml manipulation - cargo-asm # Dump the generated assembly - cargo-fuzz # front end for fuzz testing rust - cargo-license # Audit the licenses of dependencies - cargo-criterion # Benchmarking front end - cargo-audit # Check dependencies for known CVEs - cargo-bloat # Find out what's taking up space in the executable - cargo-udeps # Find unused dependencies - cargo-expand # Dump expanded macros - cargo-play # Quickly execute code outside of a crate - # For building stuff that uses protocol buffers - protobuf - ]; -} diff --git a/flake.lock b/flake.lock index dd3f3f6..0aabb61 100644 --- a/flake.lock +++ b/flake.lock @@ -62,17 +62,16 @@ ] }, "locked": { - "lastModified": 1655120294, - "narHash": "sha256-e0IXVoxH3o1QbLtHxANAg2CHdVE3jZBi5ifhh+6Vpcs=", + "lastModified": 1656648158, + "narHash": "sha256-e4tPuEW8Uj8PEVAYNzr3DPqxY5mGEvnCNyDih8RPP5c=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", + "rev": "2724625945ddeaeffd94ca56e11b75b98b8bba8b", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", - "rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", "type": "github" } }, @@ -162,11 +161,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1655619932, - "narHash": "sha256-/7L0/ymVXGL0FrQNLAP2P1Ch22RR0kt0N6jfdjm+WVc=", + "lastModified": 1656656878, + "narHash": "sha256-0rA054abuLVzv24nrk4rVWQIDl20T+570UZglPhXgzg=", "owner": "nix-community", "repo": "fenix", - "rev": "55987185def5cf3afc616d38907406293a170cfe", + "rev": "e172d625f705ca4013f93d3fe061d3ecf1fc3a34", "type": "github" }, "original": { @@ -191,29 +190,13 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -256,20 +239,17 @@ }, "home-manager": { "inputs": { - "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" ], - "nmd": "nmd", - "nmt": "nmt", "utils": "utils" }, "locked": { - "lastModified": 1655679417, - "narHash": "sha256-rUM/VDIQAMm0pLAVBizQoR9I8TELRmak7SsJLaO/NBg=", + "lastModified": 1656367977, + "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d8265c5efd5e4d3ad8a90686bc81d49353fdb08", + "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1", "type": "github" }, "original": { @@ -286,11 +266,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1655182547, - "narHash": "sha256-gmkb6l13CVKtlRydDJ9O3sifKtamKLgLdUaEASdQ6Ls=", + "lastModified": 1656122108, + "narHash": "sha256-wJrVZLqvBhq+u2Mi3yc4oS8pOtzdxL6uMmmSt+1bNHE=", "owner": "nathans-flakes", "repo": "java", - "rev": "8e53bfead6195e4440aef47b2f08b0e7f89b1d4d", + "rev": "4ade2ae9e949b184ba2d47495ec348f385ab0300", "type": "github" }, "original": { @@ -390,11 +370,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1655400192, - "narHash": "sha256-49OBVVRgb9H/PSmNT9W61+NRdDbuSJVuDDflwXlaUKU=", + "lastModified": 1656461576, + "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3d7435c638baffaa826b85459df0fff47f12317d", + "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", "type": "github" }, "original": { @@ -406,11 +386,11 @@ }, "nixpkgs-21_11": { "locked": { - "lastModified": 1655562720, - "narHash": "sha256-OrN8DkBRZqZMzMuECuQNvSQ5gWoFBCxDvxYXjIQ/pH0=", + "lastModified": 1656198488, + "narHash": "sha256-xe81o3Kin6a0jXA3mTxcR+jeA1jLKw3TCar5LUo/B5c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27dffce7eaa9648b4a13a461e786f169a17c0889", + "rev": "46af3303651699dc58cfc251d9b18c0f59d857da", "type": "github" }, "original": { @@ -422,11 +402,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1655584987, - "narHash": "sha256-YmWxPm6ctu+9nV80DtYtMfOBosNymeTpj8+Z0JTDfhU=", + "lastModified": 1656199498, + "narHash": "sha256-/BCpM7j7y1G4het6Z3idlnv9A87/s0O1glVmH7fnWvk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "57622cb817210146b379adbbd036d3da0d1f367c", + "rev": "72a1f167077060a1a7b6e0104863245d0483fa7f", "type": "github" }, "original": { @@ -438,11 +418,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1655567057, - "narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=", + "lastModified": 1656461576, + "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e0a42267f73ea52adc061a64650fddc59906fc99", + "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", "type": "github" }, "original": { @@ -454,11 +434,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1655456688, - "narHash": "sha256-j2trI5gv2fnHdfUQFBy957avCPxxzCqE8R+TOYHPSRE=", + "lastModified": 1656589841, + "narHash": "sha256-Kqd6r9aNIzjYGhMFYATdKwRbXBCGLcdqAJMLr4I8LG0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d17a56d90ecbd1b8fc908d49598fb854ef188461", + "rev": "dbb62c34bbb5cdf05f1aeab07638b24b0824d605", "type": "github" }, "original": { @@ -468,38 +448,6 @@ "type": "github" } }, - "nmd": { - "flake": false, - "locked": { - "lastModified": 1653339422, - "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", - "owner": "rycee", - "repo": "nmd", - "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmt": { - "flake": false, - "locked": { - "lastModified": 1648075362, - "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", - "owner": "rycee", - "repo": "nmt", - "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmt", - "type": "gitlab" - } - }, "nose": { "flake": false, "locked": { @@ -598,18 +546,18 @@ }, "polymc": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "libnbtplusplus": "libnbtplusplus", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1655285534, - "narHash": "sha256-g1WTrnRD1YtI2aCVUqatg7NlhmLJ7jIA4p0ke9Zpvx0=", + "lastModified": 1656582643, + "narHash": "sha256-TC7tkdgpvConambYP1yoVjxxixZkMhkrdfHDKMKIyKE=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "03e454b71d83aebbb534c5734ccd9093842da28c", + "rev": "286f82cc99322398d720f2bbf88869c42960227d", "type": "github" }, "original": { @@ -668,11 +616,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1655591884, - "narHash": "sha256-eBjsdPC5vudbUv4/i7AAggrrTATnCTzMfQetCiJndaQ=", + "lastModified": 1656601302, + "narHash": "sha256-8vlDMdGmccsFkDTM5O3RGRTZIGBEVIDjnXpxWGoVIQc=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "eb9b36075272013984ac5d27128e87a714b90c9a", + "rev": "ce36446943a33b01de50ca27d8d17e176af13cd5", "type": "github" }, "original": { @@ -691,11 +639,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1655665732, - "narHash": "sha256-Fe+evSlGbMOMNSI9dECLDJx6L3ZvYFxosfaDnaPwSK8=", + "lastModified": 1656399028, + "narHash": "sha256-re66+rVHGR3y+0QsaDAwoAHCfoi3BlGV24t2EqRZsAE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67af9b179c629dea211ebd83f92c77f5745043be", + "rev": "d26947f2d6252e2aae5ffddfe9b38b7c4b94e8f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index cce338f..51bab65 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpgks.follows = "nixpkgs"; }; emacs = { - url = "github:nix-community/emacs-overlay/29dcfbc1b29ae7281e95367e0f2358b44224a46e"; + url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; mozilla = { @@ -56,245 +56,131 @@ , polymc , nix-doom-emacs , java - }@attrs: + }@inputs: let - baseModules = [ - ./applications/utils-core.nix - ## Setup binary caches and other common nix config - ({ pkgs, ... }: { - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # First install cachix, so we can discover new ones - environment.systemPackages = [ pkgs.cachix ]; - # Then configure up the nix community cache - nix = { - binaryCaches = [ - "https://nix-community.cachix.org" - ]; - binaryCachePublicKeys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - # Turn on flakes support (from within a flake, lamo) - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - # Setup overlays - nixpkgs.overlays = [ emacs.overlay polymc.overlay ]; - }) - ]; - sopsModules = [ - sops-nix.nixosModules.sops - ## Setup sops - ({ pkgs, config, ... }: { - # Add default secrets - sops.defaultSopsFile = ./secrets/nathan.yaml; - # Use system ssh key as an age key - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - }) - ]; - coreModules = baseModules ++ sopsModules ++ [ - ./modules/common.nix - ./modules/ssh.nix - home-manager.nixosModules.home-manager - # Configure system state version for linux - ({ pkgs, ... }: { - # System state version for compat - system.stateVersion = "21.11"; - }) - ]; - setHomeManagerVersions = ({ pkgs, config, unstable, ... }: { - home-manager.users.nathan.programs = { - starship.package = unstable.starship; - git.package = unstable.gitFull; - fish.package = unstable.fish; + makeNixosSystem = { system, hostName, extraModules ? [ ], ourNixpkgs ? nixpkgs }: ourNixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inputs = inputs; }; - }); - baseHomeModules = [ - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.nathan = import ./home-manager/common.nix; - }; - } - setHomeManagerVersions - ./home.nix - ]; - desktopModules = baseHomeModules ++ coreModules ++ [ - ./modules/audio.nix - ./modules/sway.nix - ./modules/fonts.nix - ./modules/gpg.nix - ./modules/logitech.nix - ./modules/qemu.nix - ./modules/docker.nix - ./modules/printing.nix - ./modules/zt.nix - ./modules/lxc.nix - ./modules/tailscale.nix - ./modules/protonmail.nix - ./applications/communications.nix - ./applications/devel-core.nix - ./applications/devel-core-linux.nix - ./applications/devel-rust.nix - ./applications/devel-raku.nix - ./applications/devel-kotlin.nix - ./applications/devel-js.nix - ./applications/emacs.nix - ./applications/image-editing.nix - ./applications/media.nix - ./applications/syncthing.nix - ./desktop.nix - ]; - serverModules = baseHomeModules ++ coreModules ++ [ - ./home-linux.nix - ./modules/zt.nix - ./modules/autoupdate.nix - ./modules/tailscale.nix - ./applications/devel-core.nix - ./applications/devel-core-linux.nix - ]; - mozillaOverlay = import "${mozilla}"; - in - { - nixosConfigurations = { - levitation = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ mozillaOverlay ]; - system = "x86_64-linux"; + modules = [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + ./modules/default.nix + ({ pkgs, lib, ... }: { + # Configure hostname + networking = { + hostName = hostName; }; - doomEmacs = nix-doom-emacs.hmModule; - } // attrs; - modules = [ - ./hardware/levitation.nix - ./machines/levitation.nix - ./modules/games.nix - ./home-linux.nix - ] ++ desktopModules; - }; - - oracles = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; + # Setup sops + # Add default secrets + sops = { + defaultSopsFile = ./secrets/nathan.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; - } // attrs; - modules = [ - ./hardware/oracles.nix - ./machines/oracles.nix - ./applications/devel-rust.nix - ./modules/docker.nix - ./system-specific/oracles/matrix.nix - ./system-specific/oracles/gitlab-runner.nix - ./system-specific/oracles/gitea.nix - ./system-specific/oracles/minecraft.nix - ] ++ serverModules; - }; - - perception = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfreePredicate = (pkg: true); + # Home manager configuration + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + extraSpecialArgs = { + inputs = inputs; + }; + sharedModules = [ + ./home-manager/default.nix + ]; }; - } // attrs; - modules = [ - ./hardware/perception.nix - ./machines/perception.nix - ./applications/devel-rust.nix - ./modules/docker.nix - ./system-specific/perception/plex.nix - ] ++ serverModules; - }; - - shadowchild = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; - }; - } // attrs; - modules = [ - ./hardware/shadowchild.nix - ./machines/shadowchild.nix - ./modules/docker.nix - ] ++ serverModules; - }; - - matrix = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; - }; - } // attrs; - modules = [ - ./hardware/matrix.nix - ./machines/matrix.nix - ./modules/docker.nix - ./system-specific/matrix/matrix.nix - ./system-specific/matrix/gitea.nix - ] ++ serverModules; - }; - - x86vm = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; - }; - } // attrs; - modules = [ ./home-linux.nix ] ++ desktopModules; - }; + }) + ] ++ extraModules; }; - darwinConfigurations = { - "Nathans-MacBook-Pro" = darwin.lib.darwinSystem { - system = "x86_64-darwin"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-darwin"; - }; - doomEmacs = nix-doom-emacs.hmModule; - } // attrs; - modules = baseModules ++ baseHomeModules ++ [ - ./darwin-modules/base.nix - home-manager.darwinModules.home-manager - ./modules/fonts.nix - ./darwin-modules/gpg.nix - ./applications/devel-core.nix - ./applications/devel-rust.nix - ./applications/emacs.nix + in + rec { + nixosConfigurations = { + levitation = makeNixosSystem { + system = "x86_64-linux"; + hostName = "levitation"; + extraModules = [ + ./hardware/levitation.nix + ({ pkgs, config, lib, ... }: { + boot.loader = { + grub = { + enable = true; + version = 2; + efiSupport = true; + # Go efi only + devices = [ "nodev" ]; + # Use os-prober + useOSProber = true; + }; + efi = { + efiSysMountPoint = "/boot/"; + canTouchEfiVariables = false; + }; + }; + # Setup system configuration + nathan = { + programs = { + games = true; + }; + config = { + isDesktop = true; + nix.autoUpdate = false; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.enp6s0.useDHCP = true; + nat.externalInterface = "enp6s0"; + # Open ports for soulseek + # TODO add in soulseek + firewall = { + allowedTCPPorts = [ 61377 ]; + allowedUDPPorts = [ 61377 ]; + }; + }; + # FIXME borg backup module + + # Setup home manager + home-manager.users.nathan = { config, lib, pkgs, ... }: { + # Module configuration + nathan = { + config = { + isDesktop = true; + }; + }; + }; + }) + ]; + }; + + x86vm = makeNixosSystem { + system = "x86_64-linux"; + hostName = "x86vm"; + extraModules = [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" + ({ pkgs, config, lib, ... }: { + nathan = { + programs = { + games = true; + }; + config = { + isDesktop = true; + nix.autoUpdate = false; + }; + }; + home-manager.users.nathan = import ./home-manager/machines/x86vm.nix; + + # Workaround to get sway working in qemu + environment.variables = { + "WLR_RENDERER" = "pixman"; + }; + }) ]; }; }; - homeConfigurations.linux = - let - system = "x86_64-linux"; - in - home-manager.lib.homeManagerConfiguration { - configuration = import ./home-manager/linux.nix; - inherit system; - username = "nathan"; - homeDirectory = "/home/nathan"; - stateVersion = "21.11"; - }; }; } diff --git a/home-linux.nix b/home-linux.nix deleted file mode 100644 index 3239a4c..0000000 --- a/home-linux.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ pkgs, config, unstable, ... }: -{ - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - ## Linux specific user configuration - users = { - mutableUsers = false; - users.nathan = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; - hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; - openssh.authorizedKeys.keys = [ - # yubikey ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" - # Macbook pro key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" - # Phone key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" - # Tablet key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" - ]; - }; - }; - # enable sudo - security.sudo.enable = true; - home-manager = { - users.nathan = { - # Alacritty configuration - programs.alacritty = { - enable = true; - settings = { - env = { - TERM = "xterm-256color"; - ALACRITTY = "1"; - }; - font = { - normal.family = "FiraCode Nerd Font"; - bold.family = "FiraCode Nerd Font"; - italic.family = "FiraCode Nerd Font"; - bold_italic.family = "FiraCode Nerd Font"; - size = 9.0; - }; - colors = { - primary = { - background = "0x103c48"; - foreground = "0xadbcbc"; - }; - normal = { - black = "0x184956"; - red = "0xfa5750"; - green = "0x75b938"; - yellow = "0xdbb32d"; - blue = "0x4695f7"; - magenta = "0xf275be"; - cyan = "0x41c7b9"; - white = "0x72898f"; - }; - bright = { - black = "0x2d5b69"; - red = "0xff665c"; - green = "0x84c747"; - yellow = "0xebc13d"; - blue = "0x58a3ff"; - magenta = "0xff84cd"; - cyan = "0x53d6c7"; - white = "0xcad8d9"; - }; - }; - }; - }; - ## Multimedia - # Easyeffects for the eq - services.easyeffects.enable = true; - }; - }; -} diff --git a/home-manager/bat.nix b/home-manager/bat.nix deleted file mode 100644 index 30e99c2..0000000 --- a/home-manager/bat.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - options.nathans-home.bat = with lib; { - enable = mkOption { - type = types.bool; - default = true; - }; - }; - config = lib.mkIf config.nathans-home.bat.enable { - programs.bat = { - enable = true; - config = { - theme = "zenburn"; - style = "header,rule,snip,changes"; - }; - }; - }; -} diff --git a/home-manager/common.nix b/home-manager/common.nix deleted file mode 100644 index f1b0f37..0000000 --- a/home-manager/common.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./ssh.nix - ./git.nix - ./fish.nix - ./bat.nix - ]; - programs.home-manager.enable = true; -} diff --git a/home-manager/default.nix b/home-manager/default.nix new file mode 100644 index 0000000..6500764 --- /dev/null +++ b/home-manager/default.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, inputs, ... }: +let + inherit (import ../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in +with lib; with nLib; { + imports = [ + ./programs/sway.nix + ./programs/core.nix + ./programs/communications.nix + ./programs/devel.nix + ./programs/emacs.nix + ./programs/image-editing.nix + ./programs/media.nix + ./programs/syncthing.nix + ]; + + options = { + nathan = { + # Services + services = { + # Synthing, enabled by default on linux desktop + syncthing = mkDefaultOption "Syncthing" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # Programs + programs = { + util = { + # Ssh configuration, enabled by default + ssh = mkEnableOptionT "ssh"; + # Fish configuration, enabled by default + fish = mkEnableOptionT "fish"; + # Git configuration, enabled by default + git = { + enable = mkEnableOptionT "git"; + gpgSign = mkEnableOptionT "git signatures"; + }; + # Bat configuration, enabled by default + bat = mkEnableOptionT "bat"; + # JSON Utilities, enabled by default + json = mkEnableOptionT "json"; + }; + # Swaywm and supoorting application configuration + swaywm = { + enable = mkDefaultOption "swaywm" config.nathan.config.isDesktop; + }; + # Communications applications + communications = { + # Enable by default if we are on a linux desktop + enable = mkDefaultOption "Communication applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # Development applications, enabled by default on desktop + devel = { + core = mkDefaultOption "Core Development Utilites" config.nathan.config.isDesktop; + rust = mkDefaultOption "Rust Development Utilites" config.nathan.config.isDesktop; + jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop; + python = mkDefaultOption "Python Development Utilites" config.nathan.config.isDesktop; + js = mkDefaultOption "JavaScript/TypeScript Development Utilites" config.nathan.config.isDesktop; + raku = mkDefaultOption "Raku Development Utilites" config.nathan.config.isDesktop; + }; + # Emacs, enabled by default on desktop + emacs = { + enable = mkDefaultOption "Emacs" config.nathan.config.isDesktop; + service = mkDefaultOption "Emacs Service" config.nathan.config.isDesktop; + package = mkOption { + description = "Emacs package to use"; + default = inputs.emacs.packages."${pkgs.system}".emacsPgtkNativeComp; + }; + }; + # Image editing software, on by default on desktop + image-editing = mkDefaultOption "Image Editing Software" config.nathan.config.isDesktop; + # Media appilcations, on by default on linux desktop + media = { + enable = mkDefaultOption "Media Applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + mopidyExtraConfig = mkOption { + description = "Extra config files for mopidy"; + default = [ ]; + }; + }; + # Firefox, enabled by default on linux desktop + firefox = mkDefaultOption "Firefox" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # General configuration options + config = { + # Is this system a desktop? + # false by default + isDesktop = mkEnableOption "Desktop specific settings"; + }; + }; + }; + + config = { + home.stateVersion = "22.05"; + programs.home-manager.enable = true; + programs.firefox = { + enable = config.nathan.programs.firefox; + package = pkgs.firefox-beta-bin; + }; + }; +} diff --git a/home-manager/fish.nix b/home-manager/fish.nix deleted file mode 100644 index b7126ea..0000000 --- a/home-manager/fish.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - options.nathans-home.fish = with lib; { - enable = mkOption { - type = types.bool; - default = true; - }; - }; - config = lib.mkIf config.nathans-home.fish.enable { - ## Shell - # Shell proper - programs.fish = { - enable = true; - # Setup our aliases - shellAliases = { - ls = "exa --icons"; - la = "exa --icons -a"; - lg = "exa --icons --git"; - cat = "bat"; - dig = "dog"; - df = "duf"; - }; - # Custom configuration - interactiveShellInit = '' - # Setup any-nix-shell - any-nix-shell fish --info-right | source - # Load logger function - source ~/.config/fish/functions/cmdlogger.fish - ''; - functions = { - # Setup command logging to ~/.logs - cmdlogger = { - onEvent = "fish_preexec"; - body = '' - mkdir -p ~/.logs - echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log - ''; - }; - }; - }; - # Starship, for the prompt - programs.starship = { - enable = true; - settings = { - directory = { - truncation_length = 3; - fish_style_pwd_dir_length = 1; - }; - git_commit = { - commit_hash_length = 6; - only_detached = false; - }; - package = { - symbol = ""; - }; - time = { - disabled = false; - format = "[$time]($style)"; - time_format = "%I:%M %p"; - }; - }; - }; - }; -} diff --git a/home-manager/git.nix b/home-manager/git.nix deleted file mode 100644 index 1d6d767..0000000 --- a/home-manager/git.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Git configuration - programs.git = { - enable = true; - userName = "Nathan McCarty"; - userEmail = "nathan@mccarty.io"; - signing = { - key = "B7A40A5D78C08885"; - signByDefault = pkgs.stdenv.isx86_64; - }; - ignores = [ - "**/*~" - "*~" - "*_archive" - "/auto/" - "auto-save-list" - ".cask/" - ".dir-locals.el" - "dist/" - "**/.DS_Store" - "*.elc" - "/elpa/" - "/.emacs.desktop" - "/.emacs.desktop.lock" - "/eshell/history" - "/eshell/lastdir" - "flycheck_*.el" - "*_flymake.*" - "/network-security.data" - ".org-id-locations" - ".persp" - ".projectile" - "*.rel" - "/server/" - "tramp" - "\\#*\\#" - ]; - delta.enable = true; - extraConfig = { - init = { - defaultBranch = "trunk"; - }; - log = { - showSignature = true; - abbrevCommit = true; - follow = true; - decorate = false; - }; - rerere = { - enable = true; - autoupdate = true; - }; - merge = { - ff = "only"; - conflictstyle = "diff3"; - }; - push = { - default = "simple"; - followTags = true; - }; - pull = { - rebase = true; - }; - status = { - showUntrackedFiles = "all"; - }; - transfer = { - fsckobjects = true; - }; - color = { - ui = "auto"; - }; - diff = { - mnemonicPrefix = true; - renames = true; - wordRegex = "."; - submodule = "log"; - }; - credential = { - helper = "cache"; - }; - # Disable annoying safe directory nonsense - safe = { - directory = "*"; - }; - }; - }; -} diff --git a/home-manager/machines/x86vm.nix b/home-manager/machines/x86vm.nix new file mode 100644 index 0000000..acbdcd2 --- /dev/null +++ b/home-manager/machines/x86vm.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + programs = { + util.git.gpgSign = false; + }; + config = { + isDesktop = true; + }; + }; +} diff --git a/home-manager/programs/communications.nix b/home-manager/programs/communications.nix new file mode 100644 index 0000000..55c15c0 --- /dev/null +++ b/home-manager/programs/communications.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + config = lib.mkIf config.nathan.programs.communications.enable { + home.packages = with pkgs; + let + unstable = import inputs.nixpkgs-unstable { config = { allowUnfree = true; }; inherit system; }; + enableWayland = drv: bin: drv.overrideAttrs ( + old: { + nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ]; + postFixup = (old.postFixup or "") + '' + wrapProgram $out/bin/${bin} \ + --add-flags "--enable-features=UseOzonePlatform" \ + --add-flags "--ozone-platform=wayland" + ''; + } + ); + discordWayland = pkgs.callPackage ../../packages/discord/default.nix rec { + pname = "discord-electron"; + binaryName = "Discord"; + desktopName = "Discord (Wayland)"; + version = "0.0.18"; + src = fetchurl { + url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; + hash = "sha256-BBc4n6Q3xuBE13JS3gz/6EcwdOWW57NLp2saOlwOgMI="; + }; + electron = pkgs.electron_13; + }; + zulipWayland = pkgs.makeDesktopItem { + name = "zulip-wayland"; + desktopName = "Zulip (Wayland)"; + exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland"; + terminal = false; + icon = "zulip"; + type = "Application"; + }; + # Facebook messenger + fbChromeDesktopItem = pkgs.makeDesktopItem { + name = "messenger-chrome"; + desktopName = "Messenger (chrome)"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\""; + terminal = false; + }; + # Teams + teamsItem = pkgs.makeDesktopItem { + name = "teams-wayland"; + desktopName = "Teams (Wayland)"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\""; + terminal = false; + }; + in + [ + # Discord + discordWayland + betterdiscordctl + # Desktop matrix client + (enableWayland element-desktop "element-desktop") + # Desktop signal client + (enableWayland signal-desktop "signal-desktop") + # Desktop telegram client + tdesktop + # Desktop mastodon client + tootle + # zulip + unstable.zulip + zulipWayland + # Zoom (for work, sadly) + unstable.zoom-us + # Teams (also for work) + unstable.teams + # chromium + (enableWayland chromium "chromium") + # Wayland workaround packages + fbChromeDesktopItem + teamsItem + ]; + }; +} diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix new file mode 100644 index 0000000..ec5da81 --- /dev/null +++ b/home-manager/programs/core.nix @@ -0,0 +1,215 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = { + ######################### + ## SSH Configuration + ######################### + programs.ssh = mkIf nathan.programs.util.ssh { + # SSH configuration + enable = true; + # extra config to set the ciphers + extraConfig = '' + Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + ''; + # enable session reuse + controlMaster = "auto"; + controlPersist = "10m"; + # Configure known hosts + matchBlocks = { + "levitation" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.95.223.6"; + }; + "perception" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.67.146.101"; + }; + "oracles" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.66.15.34"; + }; + "tounge" = { + forwardAgent = true; + user = "nathan"; + hostname = "172.23.98.121"; + }; + "shadowchild" = { + forwardAgent = true; + user = "nathan"; + hostname = "172.23.217.149"; + }; + "matrix.community.rs" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.113.74.107"; + }; + "de1955" = { + user = "de1955"; + hostname = "de1955.rsync.net"; + }; + }; + }; + ######################### + ## Fish Configuration + ######################### + programs.fish = mkIf nathan.programs.util.fish { + enable = true; + # Setup our aliases + shellAliases = { + ls = "exa --icons"; + la = "exa --icons -a"; + lg = "exa --icons --git"; + cat = "bat"; + dig = "dog"; + df = "duf"; + }; + # Custom configuration + interactiveShellInit = '' + # Setup any-nix-shell + any-nix-shell fish --info-right | source + # Load logger function + source ~/.config/fish/functions/cmdlogger.fish + ''; + functions = { + # Setup command logging to ~/.logs + cmdlogger = { + onEvent = "fish_preexec"; + body = '' + mkdir -p ~/.logs + echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log + ''; + }; + }; + }; + programs.starship = mkIf nathan.programs.util.fish { + enable = true; + settings = { + directory = { + truncation_length = 3; + fish_style_pwd_dir_length = 1; + }; + git_commit = { + commit_hash_length = 6; + only_detached = false; + }; + package = { + symbol = ""; + }; + time = { + disabled = false; + format = "[$time]($style)"; + time_format = "%I:l%M %p"; + }; + }; + }; + + ######################### + ## Git configuration + ######################### + programs.git = mkIf nathan.programs.util.git.enable { + enable = true; + package = pkgs.gitAndTools.gitFull; + userName = "Nathan McCarty"; + userEmail = "nathan@mccarty.io"; + signing = { + key = "B7A40A5D78C08885"; + signByDefault = nathan.programs.util.git.gpgSign; + }; + ignores = [ + "**/*~" + "*~" + "*_archive" + "/auto/" + "auto-save-list" + ".cask/" + ".dir-locals.el" + "dist/" + "**/.DS_Store" + "*.elc" + "/elpa/" + "/.emacs.desktop" + "/.emacs.desktop.lock" + "/eshell/history" + "/eshell/lastdir" + "flycheck_*.el" + "*_flymake.*" + "/network-security.data" + ".org-id-locations" + ".persp" + ".projectile" + "*.rel" + "/server/" + "tramp" + "\\#*\\#" + ]; + delta.enable = true; + lfs.enable = true; + extraConfig = { + init = { + defaultBranch = "trunk"; + }; + log = { + showSignature = true; + abbrevCommit = true; + follow = true; + decorate = false; + }; + rerere = { + enable = true; + autoupdate = true; + }; + merge = { + ff = "only"; + conflictstyle = "diff3"; + }; + push = { + default = "simple"; + followTags = true; + }; + pull = { + rebase = true; + }; + status = { + showUntrackedFiles = "all"; + }; + transfer = { + fsckobjects = true; + }; + color = { + ui = "auto"; + }; + diff = { + mnemonicPrefix = true; + renames = true; + wordRegex = "."; + submodule = "log"; + }; + credential = { + helper = "cache"; + }; + # Disable annoying safe directory nonsense + safe = { + directory = "*"; + }; + }; + }; + } // mkIf nathan.programs.util.json { + ######################### + ## JSON Utilities + ######################### + programs.jq = mkIf nathan.programs.util.json { + enable = true; + }; + home.packages = with pkgs; [ + jc + fx + ]; + }; +} diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix new file mode 100644 index 0000000..1dfcbb8 --- /dev/null +++ b/home-manager/programs/devel.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, inputs, ... }: +let + devel = config.nathan.programs.devel; + unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; + inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in + +with lib; with nLib; { + config = + # Core development utilites + (mkIf devel.core { + home.packages = with pkgs; + appendIf + pkgs.stdenv.isLinux + # General packages + [ + # Git addons + git-secret + delta + # General development requirements + cmake + libtool + gnumake + nixpkgs-fmt + # sops for secrets management + sops + ] + # Linux specific packages + [ + gcc + binutils + unstable.mold + ]; + + programs = { + direnv = { + enable = true; + }; + # Neovim + # (I'm not abonding emacs I just want the tutor) + neovim = { + enable = true; + }; + }; + }) + # Rust development + // (mkIf devel.rust { + home.packages = with pkgs; [ + # Rustup for having the compiler around + rustup + # Install the latest rust analyzer + inputs.fenix.packages."${pkgs.system}".rust-analyzer + # Misc cargo utilites + cargo-binutils # Allow invoking the llvm tools included with the toolchain + cargo-edit # Command line Cargo.toml manipulation + cargo-asm # Dump the generated assembly + cargo-fuzz # front end for fuzz testing rust + cargo-license # Audit the licenses of dependencies + cargo-criterion # Benchmarking front end + cargo-audit # Check dependencies for known CVEs + cargo-bloat # Find out what's taking up space in the executable + cargo-udeps # Find unused dependencies + cargo-expand # Dump expanded macros + unstable.cargo-tarpaulin # Code coverage + cargo-play # Quickly execute code outside of a crate + # For building stuff that uses protocol buffers + protobuf + ]; + }) + # JVM Development + // (mkIf devel.jvm { + home.packages = with unstable; [ + inputs.java.packages."${pkgs.system}".semeru-stable + gradle + kotlin + kotlin-native + kotlin-language-server + ktlint + ]; + }) + # Python Development + // (mkIf devel.python { + home.packages = with pkgs; [ + python3Full + nodePackages.pyright + ]; + }) + # JavaScript/TypeScript Development + // (mkIf devel.js { + home.packages = with unstable; [ + nodejs + yarn + nodePackages.typescript + deno + ]; + }) + # Raku Development + // (mkIf devel.raku { + home.packages = with pkgs; [ + rakudo + zef + ]; + }); +} + + +# TODO: Add pyright and python3Full under python module diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix new file mode 100644 index 0000000..b60e8b6 --- /dev/null +++ b/home-manager/programs/emacs.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = [ inputs.nix-doom-emacs.hmModule ]; + + config = lib.mkIf config.nathan.programs.emacs.enable { + # Dependencies of my emacs environment + home.packages = with pkgs; [ + # For markdown rendering + python39Packages.grip + # For graph generation + graphviz + sqlite + # For latex editing + texlive.combined.scheme-medium + ]; + # Setup doom emacs + programs.doom-emacs = { + enable = true; + doomPrivateDir = ../../doom.d; + emacsPackage = config.nathan.programs.emacs.package; + emacsPackagesOverlay = self: super: { + org-protocol-capture-html = self.trivialBuild { + pname = "org-protocol-capture-html"; + ename = "org-protocol-capture-html"; + version = "0.0.0"; + buildInputs = [ self.s ]; + src = pkgs.fetchFromGitHub { + owner = "alphapapa"; + repo = "org-protocol-capture-html"; + rev = "3359ce9a2f3b48df26329adaee0c4710b1024250"; + hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI="; + }; + }; + }; + }; + # Setup service + services.emacs = { + enable = config.nathan.programs.emacs.service; + client.enable = true; + defaultEditor = true; + }; + }; +} diff --git a/home-manager/programs/image-editing.nix b/home-manager/programs/image-editing.nix new file mode 100644 index 0000000..c8edf0b --- /dev/null +++ b/home-manager/programs/image-editing.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, inputs, ... }: +let + unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; +in +{ + config = lib.mkIf config.nathan.programs.image-editing { + home.packages = with pkgs; [ + # RawTherapee for raw editing + unstable.rawtherapee + # Gimp for complex editing + unstable.gimp-with-plugins + # Krita for drawing + unstable.krita + # Pinta for basic image editing + unstable.pinta + # Command line tools for image conversion and handling + imagemagickBig + ]; + }; +} diff --git a/home-manager/programs/media.nix b/home-manager/programs/media.nix new file mode 100644 index 0000000..01daa74 --- /dev/null +++ b/home-manager/programs/media.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, inputs, ... }: +let + unstable = import inputs.nixpkgs-unstable { config = { allowUnfree = true; }; system = pkgs.system; }; + irisDesktopItem = pkgs.makeDesktopItem { + name = "iris"; + desktopName = "Iris"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"http://localhost:6680/iris/\""; + terminal = false; + }; +in +{ + config = lib.mkIf config.nathan.programs.media.enable { + # General Packages + home.packages = with pkgs; [ + unstable.spotify + unstable.vlc + unstable.plex-media-player + unstable.obs-studio + nicotine-plus + irisDesktopItem + picard + ]; + # Mopidy service + # TODO: Add scrobbling + services.mopidy = { + enable = true; + extensionPackages = with pkgs; [ + mopidy-mpd + mopidy-iris + mopidy-scrobbler + mopidy-local + ]; + # extraConfigFiles = config.nathan.programs.media.mopidyExtraConfig; + settings = { + file = { + media_dirs = [ + "~/Music" + ]; + }; + local = { + enabled = true; + media_dir = "~/Music"; + }; + mpd = { + enabled = true; + }; + }; + }; + }; +} diff --git a/modules/sway.nix b/home-manager/programs/sway.nix similarity index 58% rename from modules/sway.nix rename to home-manager/programs/sway.nix index 9fffa58..136812e 100644 --- a/modules/sway.nix +++ b/home-manager/programs/sway.nix @@ -1,105 +1,17 @@ -## Enable and setup SwayWM -{ config, pkgs, lib, unstable, ... }: +{ config, lib, pkgs, inputs, ... }: +let + nathan = config.nathan; +in +with lib; { - # Turn on GDM for login - services.xserver = { - enable = true; - autorun = true; - displayManager.gdm = { - enable = true; - wayland = true; - }; - # Set swaywm as default - displayManager.defaultSession = "sway"; - # Enable plasma for the applications - desktopManager.plasma5.enable = true; - }; - # Setup drivers - hardware.opengl = { - # Enable vulkan - driSupport = true; - # Force vulkan drivers - extraPackages = [ - pkgs.amdvlk - ]; - # Same as above, but enable 32 bit legacy support (for games) - driSupport32Bit = true; - extraPackages32 = [ - pkgs.driversi686Linux.amdvlk - ]; - }; - # Basic packages that are effectively required for a graphical system - environment.systemPackages = with pkgs; [ - # GTK Theming - gtk-engine-murrine - gtk_engines - gsettings-desktop-schemas - lxappearance - kde-gtk-config - ]; - # Enable QT themeing - programs.qt5ct.enable = true; - # Enable and configure sway itself - programs.sway = { - enable = true; - # Enable the wrapper for gtk applications - wrapperFeatures.gtk = true; - # Install some applications required for sway to work how I want - extraPackages = with pkgs; [ - # Unstable waybar, its a fast moving target - unstable.waybar - # Locking and display management - wdisplays - swaylock-effects - swayidle - # Clipboard - wl-clipboard - # Notifications - mako - # Terminal - alacritty - # glib for sound stuff - glib - # Glpaper for the background - (glpaper.overrideAttrs (old: { - src = fetchFromSourcehut { - owner = "~scoopta"; - repo = "glpaper"; - vc = "hg"; - rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35"; - hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M="; - }; - })) - # Screenshots - sway-contrib.grimshot - # Albert for launcher - albert - ]; - }; - - environment.sessionVariables = { - MOZ_ENABLE_WAYLAND = "1"; - }; - - # Enable the xdg-portal - xdg = { - portal = { - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - gtkUsePortal = true; - }; - }; - - ## Home manager stuff for sway - home-manager.users.nathan = + config = mkIf nathan.programs.swaywm.enable ( let swaylock-command = "${pkgs.swaylock-effects}/bin/swaylock --screenshots --grace 30 --indicator --clock --timestr \"%-I:%M:%S %p\" --datestr \"%A %Y-%M-%d\" --effect-blur 20x3"; in { - # Configure sway itself + ######################### + ## Sway + ######################### wayland.windowManager.sway = { enable = true; systemdIntegration = true; @@ -168,7 +80,9 @@ for_window [title=".*Minecraft.*"] opacity 1 ''; }; - # Mako for notifications + ######################### + ## Mako (notifications) + ######################### programs.mako = { enable = true; # Selenized color scheme @@ -188,7 +102,9 @@ # Sort by time in descending order (newest first) sort = "-time"; }; - # Swayidle for automatic screen locking + ######################### + ## Swayidle + ######################### services.swayidle = { enable = true; timeouts = [ @@ -205,10 +121,62 @@ } ]; }; - # Waybar configuration + ######################### + ## Waybar + ######################### programs.waybar = { enable = true; - package = unstable.waybar; + package = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}".waybar; }; - }; + ######################### + ## Alacritty + ######################### + programs.alacritty = { + enable = true; + settings = { + env = { + TERM = "xterm-256color"; + ALACRITTY = "1"; + }; + font = { + normal.family = "FiraCode Nerd Font"; + bold.family = "FiraCode Nerd Font"; + italic.family = "FiraCode Nerd Font"; + bold_italic.family = "FiraCode Nerd Font"; + size = 9.0; + }; + colors = { + primary = { + background = "0x103c48"; + foreground = "0xadbcbc"; + }; + normal = { + black = "0x184956"; + red = "0xfa5750"; + green = "0x75b938"; + yellow = "0xdbb32d"; + blue = "0x4695f7"; + magenta = "0xf275be"; + cyan = "0x41c7b9"; + white = "0x72898f"; + }; + bright = { + black = "0x2d5b69"; + red = "0xff665c"; + green = "0x84c747"; + yellow = "0xebc13d"; + blue = "0x58a3ff"; + magenta = "0xff84cd"; + cyan = "0x53d6c7"; + white = "0xcad8d9"; + }; + }; + }; + }; + ######################### + ## EasyEffects + ######################### + services.easyeffects.enable = true; + } + ); } diff --git a/home-manager/programs/syncthing.nix b/home-manager/programs/syncthing.nix new file mode 100644 index 0000000..2cf4690 --- /dev/null +++ b/home-manager/programs/syncthing.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + config = lib.mkIf config.nathan.services.syncthing { + services.syncthing = { + enable = true; + tray = { + enable = true; + }; + }; + }; +} diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix deleted file mode 100644 index b0e70b1..0000000 --- a/home-manager/ssh.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options.nathans-home.ssh = with lib; { - enable = mkOption { - type = types.bool; - default = true; - }; - }; - - config = lib.mkIf config.nathans-home.ssh.enable { - programs.ssh = { - # SSH configuration - enable = true; - # extra config to set the ciphers - extraConfig = '' - Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr - ''; - # enable session reuse - controlMaster = "auto"; - controlPersist = "10m"; - # Configure known hosts - matchBlocks = { - "levitation" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.95.223.6"; - }; - "perception" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.67.146.101"; - }; - "oracles" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.66.15.34"; - }; - "tounge" = { - forwardAgent = true; - user = "nathan"; - hostname = "172.23.98.121"; - }; - "shadowchild" = { - forwardAgent = true; - user = "nathan"; - hostname = "172.23.217.149"; - }; - "matrix.community.rs" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.113.74.107"; - }; - "de1955" = { - user = "de1955"; - hostname = "de1955.rsync.net"; - }; - }; - }; - }; -} diff --git a/home.nix b/home.nix deleted file mode 100644 index ceca74f..0000000 --- a/home.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, config, ... }: -{ - ## Some general settings that were in the user configuration - # Set time zone - time.timeZone = "America/New_York"; - ## Setup user first - users = { - users.nathan = { - # darwin is special - home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; - description = "Nathan McCarty"; - shell = pkgs.fish; - }; - }; - ## Misc packages that were in user.nix - # Install general use packages - environment.systemPackages = with pkgs; [ - # Install our shell of choice - fish - # Install rclone - rclone - ]; -} diff --git a/machines/levitation.nix b/machines/levitation.nix deleted file mode 100644 index d543e95..0000000 --- a/machines/levitation.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ pkgs, lib, config, ... }: { - - ### - ## Define the hostname, enable dhcp - ### - networking = { - hostName = "levitation"; - domain = "mccarty.io"; - useDHCP = false; - interfaces.enp6s0.useDHCP = true; - nat.externalInterface = "enp6s0"; - }; - ### - ## Enable programs we don't want on every machine - ### - programs = { - steam.enable = true; - adb.enable = true; - }; - - ### - ## Firewall ports - ### - # 61377 - SoulSeek - # Enable firewall and pass some ports - networking.firewall = { - enable = true; - allowedTCPPorts = [ 61377 ]; - allowedUDPPorts = [ 61377 ]; - }; - - ### - ## Machine specific home-manager - ### - home-manager.users.nathan = { - # Sway outputs - wayland.windowManager.sway.config = { - output = { - DP-1 = { - pos = "0 140"; - scale = "1"; - subpixel = "rgb"; - }; - DP-3 = { - pos = "2560 0"; - scale = "1.25"; - subpixel = "rgb"; - }; - HDMI-A-1 = { - pos = "5632 140"; - scale = "1"; - subpixel = "rgb"; - }; - }; - startup = [ - # GLPaper - { command = "glpaper DP-1 ${../custom-files/sway/selen.frag} --fork"; } - { command = "glpaper DP-3 ${../custom-files/sway/selen.frag} --fork"; } - { command = "glpaper HDMI-A-1 ${../custom-files/sway/selen.frag} --fork"; } - ]; - }; - # Mako output configuration - programs.mako = { - # Lock mako notifs to main display - output = "DP-3"; - }; - }; - - ### - ## Borg Backups - ### - - # Install borg - environment.systemPackages = with pkgs; [ - borgbackup - ]; - # Setup sops - sops.secrets."borg-sshKey" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - sops.secrets."borg-levitationPassword" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - # Setup the job - services.borgbackup.jobs = { - remote_backup = { - paths = [ - "/home" - "/var" - "/etc" - ]; - exclude = [ - "*/.cache" - "*/.tmp" - "/home/nathan/Projects/*/target" - "/home/nathan/Work/*/target" - "/home/nathan/.local/share/Steam" - "/home/nathan/Downloads" - "/home/nathan/Music" - "/var/lib/docker" - "/var/log" - "/home/nathan/*/Cache" - ]; - repo = "de1955@de1955.rsync.net:computers/levitation"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}"; - }; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}"; - compression = "auto,zstd"; - startAt = "hourly"; - prune.keep = { - within = "7d"; # Keep all archives for the past week - daily = 1; # Keep 1 snapshot a day for 2 weeks - weekly = 4; # Keep 1 snapshot a week for 4 weeks - monthly = -1; # Keep unlimited monthly backups - }; - }; - }; -} diff --git a/machines/matrix.nix b/machines/matrix.nix deleted file mode 100644 index 00a0c33..0000000 --- a/machines/matrix.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Grub configuration for linode - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.forceInstall = true; - boot.loader.timeout = 10; - boot.loader.grub.extraConfig = '' - serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; - terminal_input serial; - terminal_output serial - ''; - boot.kernelParams = [ - "console=ttyS0" - ]; - - networking.hostName = "matrix"; - networking.domain = "community.rs"; - networking.useDHCP = false; - networking.interfaces.enp0s5.useDHCP = true; - networking.enableIPv6 = false; - - # Create www-html group - users.groups.www-html.gid = 6848; - # Add shaurya - users.users.shaurya = { - isNormalUser = true; - home = "/home/shaurya"; - description = "Shaurya"; - extraGroups = [ "www-html" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com" - ]; - shell = pkgs.nushell; - }; - # Add www-html for my self - users.users.nathan = { - extraGroups = [ "www-html" ]; - }; - - ### - ## Borg Backup - ### - - # Install borg - environment.systemPackages = with pkgs; [ - borgbackup - ]; - - # Setup sops - sops.secrets."borg-sshKey" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - sops.secrets."borg-matrixPassword" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - # Setup the job - services.borgbackup.jobs = { - files = { - paths = [ - "/home" - "/var" - "/etc" - ]; - exclude = [ - "*/.cache" - "*/.tmp" - "/home/nathan/minecraft/server/backup" - "/var/lib/postgresql" - "/var/lib/redis" - "/var/lib/docker" - "/var/log" - ]; - repo = "de1955@de1955.rsync.net:computers/matrix"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."borg-matrixPassword".path}"; - }; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}"; - compression = "auto,zstd"; - startAt = "OnCalendar=00/4:30"; - prune.keep = { - within = "7d"; # Keep all archives for the past week - daily = 1; # Keep 1 snapshot a day for 2 weeks - weekly = 4; # Keep 1 snapshot a week for 4 weeks - monthly = -1; # Keep unlimited monthly backups - }; - }; - }; - # Backup postgres - services.postgresqlBackup = { - enable = true; - compression = "none"; - backupAll = true; - startAt = "OnCalendar=00/2:00"; - }; -} diff --git a/machines/oracles.nix b/machines/oracles.nix deleted file mode 100644 index c094d6e..0000000 --- a/machines/oracles.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ config, lib, pkgs, java, ... }: - -{ - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Configure networking - networking = { - hostName = "oracles"; - domain = "mccarty.io"; - useDHCP = false; - interfaces.enp1s0f1.ipv4.addresses = [{ - address = "104.238.220.96"; - prefixLength = 24; - }]; - defaultGateway = "104.238.220.1"; - nameservers = [ "172.23.98.121" "1.1.1.1" ]; - }; - - # Open ports in firewall - networking.firewall.allowedTCPPorts = [ 22 80 443 25565 ]; - networking.firewall.allowedUDPPorts = [ 22 80 443 25565 ]; - networking.firewall.enable = true; - # Trust zerotier interface - networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ]; - - # Add nginx and acme certs - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - }; - security.acme = { - defaults.email = "nathan@mccarty.io"; - acceptTerms = true; - }; - # Redis - services.redis.servers.main = { - enable = true; - bind = "172.23.108.12"; - }; - - # Install java - environment.systemPackages = with pkgs; [ - java.packages.${system}.semeru-latest - borgbackup - ]; - - # Setup sops - sops.secrets."borg-sshKey" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - sops.secrets."borg-oraclesPassword" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - # Setup the job - services.borgbackup.jobs = { - files = { - paths = [ - "/home" - "/var" - "/etc" - ]; - exclude = [ - "*/.cache" - "*/.tmp" - "/home/nathan/minecraft/server/backup" - "/var/lib/postgresql" - "/var/lib/redis" - "/var/lib/docker" - "/var/log" - ]; - repo = "de1955@de1955.rsync.net:computers/oracles"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."borg-oraclesPassword".path}"; - }; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}"; - compression = "auto,zstd"; - startAt = "OnCalendar=00/4:30"; - prune.keep = { - within = "7d"; # Keep all archives for the past week - daily = 1; # Keep 1 snapshot a day for 2 weeks - weekly = 4; # Keep 1 snapshot a week for 4 weeks - monthly = -1; # Keep unlimited monthly backups - }; - }; - }; - # Backup postgres - services.postgresqlBackup = { - enable = true; - compression = "none"; - backupAll = true; - startAt = "OnCalendar=00/2:00"; - }; - -} diff --git a/machines/perception.nix b/machines/perception.nix deleted file mode 100644 index 918dd6e..0000000 --- a/machines/perception.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - networking = { - hostName = "perception"; - domain = "mccarty.io"; - useDHCP = false; - interfaces.eno1 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "10.0.0.11"; - prefixLength = 21; - } - ]; - }; - defaultGateway = "10.0.4.1"; - nameservers = [ "10.0.0.10" ]; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Trust ZT interface - networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ]; - - # add plex nfs mount - fileSystems."/var/plex" = { - device = "10.0.0.139:/mnt/tank/root/data/plex"; - fsType = "nfs"; - }; - fileSystems."/var/scratch" = { - device = "10.0.0.139:/mnt/tank/root/scratch"; - fsType = "nfs"; - }; - - # Enable sabnzbd - services.sabnzbd = { - enable = true; - }; - # Enable sonarr - services.sonarr = { - enable = true; - }; - # Enable radarr - services.radarr = { - enable = true; - }; - - # Open firewall ports - networking.firewall = { - enable = false; - allowedTCPPorts = [ 8080 8989 9383 7878 ]; - allowedUDPPorts = [ 8080 8989 9383 7878 ]; - }; -} diff --git a/machines/shadowchild.nix b/machines/shadowchild.nix deleted file mode 100644 index bca9cc2..0000000 --- a/machines/shadowchild.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - boot.cleanTmpDir = true; - networking.hostName = "shadowchild"; - networking.domain = "mccarty.io"; - networking.firewall.allowPing = true; - - # Turn on nginx so we can get a lets encrypt cert - security.acme.defaults.email = "nathan@mccarty.io"; - security.acme.acceptTerms = true; - - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts."turn.community.rs" = { - enableACME = true; - forceSSL = true; - }; - }; - - services.coturn = rec { - enable = true; - no-cli = true; - no-tcp-relay = true; - min-port = 49000; - max-port = 50000; - use-auth-secret = true; - static-auth-secret = "5C1rbLi5pPJhEGTzkVR1"; - realm = "turn.community.rs"; - cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; - pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; - extraConfig = '' - # for debugging - verbose - # ban private IP ranges - no-multicast-peers - denied-peer-ip=0.0.0.0-0.255.255.255 - denied-peer-ip=10.0.0.0-10.255.255.255 - denied-peer-ip=100.64.0.0-100.127.255.255 - denied-peer-ip=127.0.0.0-127.255.255.255 - denied-peer-ip=169.254.0.0-169.254.255.255 - denied-peer-ip=192.0.0.0-192.0.0.255 - denied-peer-ip=192.0.2.0-192.0.2.255 - denied-peer-ip=192.88.99.0-192.88.99.255 - denied-peer-ip=192.168.0.0-192.168.255.255 - denied-peer-ip=198.18.0.0-198.19.255.255 - denied-peer-ip=198.51.100.0-198.51.100.255 - denied-peer-ip=203.0.113.0-203.0.113.255 - denied-peer-ip=240.0.0.0-255.255.255.255 - denied-peer-ip=::1 - denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff - denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 - denied-peer-ip=100::-100::ffff:ffff:ffff:ffff - denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff - ''; - }; - # open the firewall - networking.firewall = { - interfaces.enp2s0 = - let - range = with config.services.coturn; [{ - from = min-port; - to = max-port; - }]; - in - { - allowedUDPPortRanges = range; - allowedUDPPorts = [ 3478 ]; - allowedTCPPortRanges = range; - allowedTCPPorts = [ 3478 ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; -} diff --git a/modules/audio.nix b/modules/audio.nix deleted file mode 100644 index e178c89..0000000 --- a/modules/audio.nix +++ /dev/null @@ -1,48 +0,0 @@ -## Setup pipewire, including bluetooth audio -{ config, pkgs, ... }: -let new-noisetorch = pkgs.noisetorch.overrideAttrs (old: { - src = pkgs.fetchFromGitHub { - owner = "noisetorch"; - repo = "NoiseTorch"; - rev = "fe3ace8cc7add2f3bd42dd767c8fc292bc2aeaad"; - fetchSubmodules = true; - hash = "sha256-A6cX1ck47/ZIn9cnV/Ow4CxVFfOX5J0K0Q+B70jCFdQ="; - }; - version = "0.12.0"; - meta.insecure = false; -}); -in -{ - # Disable normal audio subsystem explicitly - sound.enable = false; - # Turn on rtkit, so that audio processes can be upgraded to real time - security.rtkit.enable = true; - # Turn on pipewire - services.pipewire = { - enable = true; - # Turn on all the emulation layers - alsa = { - enable = true; - support32Bit = true; - }; - pulse.enable = true; - jack.enable = true; - }; - # Turn on bluetooth services - services.blueman.enable = true; - hardware.bluetooth = { - enable = true; - package = pkgs.bluezFull; - }; - # Add pulse audio packages, but do not enable them - environment.systemPackages = [ - pkgs.pulseaudio - pkgs.pavucontrol - ]; - # Add noisetorch for microphone noise canceling - programs.noisetorch = { - enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 - # Use latest noisetorch, its a fast moving target - package = new-noisetorch; - }; -} diff --git a/modules/autoupdate.nix b/modules/autoupdate.nix deleted file mode 100644 index e4d6e16..0000000 --- a/modules/autoupdate.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Autoupdate the system - system.autoUpgrade = { - enable = true; - allowReboot = true; - # Update from the flake - flake = "github:nathans-flakes/system"; - # Attempt to update daily at 2AM - dates = "2:00"; - }; -} diff --git a/modules/base.nix b/modules/base.nix new file mode 100644 index 0000000..5169a2e --- /dev/null +++ b/modules/base.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with lib; { + + config = { + nix = mkIf config.nathan.config.nix.autoGC { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + }; + }; +} diff --git a/modules/common.nix b/modules/common.nix deleted file mode 100644 index 972df7e..0000000 --- a/modules/common.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: -{ - # Turn on compressed memory swap - zramSwap = { - enable = true; - algorithm = "lz4"; - memoryPercent = 25; - }; - # Automatically optimize and garbage collect the store - nix = { - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..4fa363b --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,137 @@ +{ config, lib, pkgs, ... }: +let + inherit (import ./lib.nix { inherit lib; inherit pkgs; }) nLib; +in +{ + imports = [ + ./base.nix + ./user.nix + ./desktop.nix + ./swaywm.nix + ./hardware.nix + ./programs/games.nix + ./programs/gpg.nix + ./programs/utils.nix + ./services/ssh.nix + ./services/tailscale.nix + ./linux/base.nix + ]; + + options = with lib; with nLib; { + nathan = { + # Control enabling of services + services = { + # Use zramSwap, enabled by default + zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop; + # Enable ssh and configure firewall + # On by default + ssh = mkEnableOptionT "ssh"; + # Enable tailscale, on by default on linux + tailscale = { + enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; + }; + }; + # Control enabling/configuratin of services + programs = { + # Install games + games = mkEnableOption "games"; + # Install gpg with yubikey support + # Enabled by default if the system is a desktop + gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop; + # Utility modules + utils = { + # Core utililtes I want on every system + # Enabled by default + core = mkEnableOptionT "utils-core"; + # Productivity utilites that make sense for a desktop + # Enabled by default on desktop + productivity = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; + # Enable multi system emulation + # Enabled by default on desktop + binfmt = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; + }; + }; + # Control enabling of hardware support + hardware = { + # Logitech hardware support + # On by default if the system is a desktop + logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; + }; + # General system configuration + config = { + # Wether or not to install the main user + installUser = mkOption { + default = pkgs.stdenv.isLinux; + example = true; + description = "Whether to install the 'nathan' user"; + type = lib.types.bool; + }; + # Name of the user to install + user = mkOption { + default = "nathan"; + example = "nathan"; + description = "Username to use for common configuration"; + type = lib.types.str; + }; + # Is this system a desktop? + # Off by default + isDesktop = mkEnableOption "Desktop specific settings"; + # Should we harden this system? + # On by default + harden = mkEnableOptionT "Apply system hardening"; + # Enable audio subsystem + # On by default if the system is a desktop + audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop; + # Basic grub configuration + # Off by default + setupGrub = mkEnableOption "Setup grub"; + # Install fonts + # On by default if the system is a desktop + fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop; + # Enable unfree software + # On by default + enableUnfree = mkEnableOptionT "unfree software"; + # Nix configuration + nix = { + # Automatic GC and optimization of the nix store + # On by default + autoGC = mkEnableOptionT "Nix store optimization and auto gc"; + # Automatic updating of the system + # On by default + autoUpdate = mkEnableOptionT "Nix autoupdating"; + }; + # Swaywm configuration + # On by default if the system is a desktop + swaywm = { + enable = mkOption { + default = config.nathan.config.isDesktop; + example = true; + description = "Whether to setup swaywm"; + type = lib.types.bool; + }; + }; + # Virtualization configuration + # All on by default if the system is a desktop + virtualization = { + qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop; + docker = mkDefaultOption "docker" config.nathan.config.isDesktop; + lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; + nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; + }; + }; + }; + }; + + config = { + # Enable the firewall + networking.firewall.enable = true; + # Enable unfree packages + nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree; + # Work around for discord jank ugh + nixpkgs.config.permittedInsecurePackages = [ + "electron-13.6.9" + ]; + # Set system state version + system.stateVersion = "22.05"; + }; +} diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..a5d780d --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: +let + nc = config.nathan.config; +in +with lib; { + # Generic desktop configuration + config = mkIf nc.isDesktop + { + # Ergodox + environment.systemPackages = with pkgs; [ + wally-cli + ]; + hardware.keyboard.zsa.enable = true; + # Configure grub if configured + } // mkIf nc.setupGrub { + ## Boot, drivers, and host name + # Use grub + boot.loader = { + grub = { + enable = true; + version = 2; + efiSupport = true; + # Go efi only + devices = [ "nodev" ]; + # Use os-prober + useOSProber = true; + }; + efi = { + efiSysMountPoint = "/boot/"; + canTouchEfiVariables = false; + }; + }; + # Configure audio + } // mkIf nc.audio { + # Disable normal audio subsystem explicitly + sound.enable = false; + # Turn on rtkit, so that audio processes can be upgraded to real time + security.rtkit.enable = true; + # Turn on pipewire + services.pipewire = { + enable = true; + # Turn on all the emulation layers + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; + # Turn on bluetooth services + services.blueman.enable = true; + hardware.bluetooth = { + enable = true; + package = pkgs.bluezFull; + }; + # Add pulse audio packages, but do not enable them + environment.systemPackages = with pkgs;[ + pulseaudio + pavucontrol + noisetorch + ]; + # Add noisetorch for microphone noise canceling + programs.noisetorch = { + enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 + }; + # Configure fonts + } // mkIf nc.fonts { + fonts.fonts = with pkgs; [ + ## Monospace Fonts + # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs + (nerdfonts.override { fonts = [ "FiraCode" ]; }) + fira-code-symbols + fira + # Proportional + roboto + liberation_ttf + noto-fonts + ]; + }; +} diff --git a/modules/docker.nix b/modules/docker.nix deleted file mode 100644 index 2403651..0000000 --- a/modules/docker.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: -{ - # Enable docker and use unstable version - virtualisation.docker = { - enable = true; - package = pkgs.docker; - # Automatically prune to keep things lean - autoPrune.enable = true; - }; - # Setup networking for nixos containers - networking = { - nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - }; - }; -} diff --git a/modules/fonts.nix b/modules/fonts.nix deleted file mode 100644 index a84620f..0000000 --- a/modules/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: -{ - fonts.fonts = with pkgs; [ - ## Monospace Fonts - # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs - (nerdfonts.override { fonts = [ "FiraCode" ]; }) - fira-code-symbols - fira - # Proportional - roboto - liberation_ttf - noto-fonts - ]; -} diff --git a/modules/games.nix b/modules/games.nix deleted file mode 100644 index e2c4314..0000000 --- a/modules/games.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, nixpkgs-unstable, ... }: { - environment.systemPackages = - let - # https://github.com/Admicos/minecraft-wayland - glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: { - patches = attrs.patches ++ [ - ../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch - ../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch - ]; - }); - stable-packages = with pkgs; [ - # Dwarf fortress - (dwarf-fortress-packages.dwarf-fortress-full.override { - enableFPS = true; - }) - # PolyMC minecraft stuff - polymc - glfw-patched - ]; - unstable-packages = with nixpkgs-unstable.legacyPackages."${pkgs.system}"; [ - # Packwiz for maintaing modpacks - packwiz - ]; - in - stable-packages ++ unstable-packages; -} diff --git a/modules/gpg.nix b/modules/gpg.nix deleted file mode 100644 index 829e7f4..0000000 --- a/modules/gpg.nix +++ /dev/null @@ -1,36 +0,0 @@ -# Configure gpg with yubikey support -{ config, pkgs, ... }: -{ - # Setup environment for gpg agent - environment.shellInit = '' - export GPG_TTY="$(tty)" - gpg-connect-agent /bye - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - ''; - - environment.sessionVariables = { - SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"; - }; - - programs = { - # Disable ssh-agent, the gpg-agent will fill in - ssh.startAgent = false; - # Enable gpg-agent with ssh support - gnupg.agent = { - enable = true; - enableSSHSupport = true; - enableExtraSocket = true; - }; - }; - - # Enable ykpersonalize to work - services.udev.packages = [ pkgs.yubikey-personalization ]; - # Enable smartcard service - services.pcscd.enable = true; - - # install gnupg and yubikey personalization - environment.systemPackages = with pkgs; [ - gnupg - yubikey-personalization - ]; -} diff --git a/modules/hardware.nix b/modules/hardware.nix new file mode 100644 index 0000000..d867aca --- /dev/null +++ b/modules/hardware.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +let + nw = config.nathan.hardware; +in +with lib; +{ + config = { + hardware.logitech.wireless = mkIf nw.logitech { + enable = true; + enableGraphical = true; + }; + }; +} diff --git a/modules/lib.nix b/modules/lib.nix new file mode 100644 index 0000000..8f8a629 --- /dev/null +++ b/modules/lib.nix @@ -0,0 +1,25 @@ +{ lib, pkgs }: + +{ + nLib = { + # mkEnableOption, but defaults to true + mkEnableOptionT = name: lib.mkOption { + default = true; + example = false; + description = "Whether to enable ${name}."; + type = lib.types.bool; + }; + # mkEnableOption, but with a default + mkDefaultOption = name: default: lib.mkOption { + default = default; + example = false; + description = "Whether to enable ${name}."; + type = lib.types.bool; + }; + # Returns an empty list if the current system is not linux + ifLinux = value: if pkgs.stdenv.isLinux then value else [ ]; + # Appends if the predicate is true + appendIf = predicate: input: append: + if predicate then input ++ append else input; + }; +} diff --git a/modules/linux/base.nix b/modules/linux/base.nix new file mode 100644 index 0000000..29cb9d8 --- /dev/null +++ b/modules/linux/base.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, inputs, ... }@attrs: +with lib; +{ + config = mkIf pkgs.stdenv.isLinux + ({ + zramSwap = mkIf config.nathan.servics.zramSwap + { + enable = true; + algorithm = "lz4"; + memoryPercent = 25; + }; + nix = mkIf config.nathan.config.nix.autoGC { + autoOptimiseStore = true; + }; + } // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) + // mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux) + { + # System must be for us :v + networking.domain = "mccarty.io"; + } + // mkIf + (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) + { + # Auto update daily at 2 am + system.autoUpgrade = { + enable = true; + allowReboot = true; + # Update from the flake + flake = "github:nathans-flakes/system"; + # Attempt to update daily at 2AM + dates = "2:00"; + }; + }; +} diff --git a/modules/logitech.nix b/modules/logitech.nix deleted file mode 100644 index 8dd107b..0000000 --- a/modules/logitech.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: -{ - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; - }; -} diff --git a/modules/lxc.nix b/modules/lxc.nix deleted file mode 100644 index 7fbc446..0000000 --- a/modules/lxc.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - virtualisation.lxd = { - enable = true; - recommendedSysctlSettings = true; - }; - users.users.nathan = { - extraGroups = [ "lxd" ]; - }; -} diff --git a/modules/printing.nix b/modules/printing.nix deleted file mode 100644 index e342982..0000000 --- a/modules/printing.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: -{ - services.printing = { - enable = true; - drivers = with pkgs; [ - canon-cups-ufr2 - carps-cups - cnijfilter2 - ]; - }; - - # Enable avahi for printer discovery - services.avahi = { - enable = true; - nssmdns = true; - }; - - environment.systemPackages = with pkgs; [ - canon-cups-ufr2 - cups - cups-filters - ]; -} diff --git a/modules/programs/games.nix b/modules/programs/games.nix new file mode 100644 index 0000000..6f7067f --- /dev/null +++ b/modules/programs/games.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, inputs, ... }: +let + np = config.nathan.programs; +in +with lib; +{ + config = mkIf np.games { + environment.systemPackages = + let + # https://github.com/Admicos/minecraft-wayland + glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: { + patches = attrs.patches ++ [ + ../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch + ../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch + ]; + }); + stable-packages = with pkgs; [ + # Dwarf fortress + (dwarf-fortress-packages.dwarf-fortress-full.override { + enableFPS = true; + }) + # PolyMC minecraft stuff + inputs.polymc.packages."${system}".polymc + glfw-patched + ]; + unstable-packages = with inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; [ + # Packwiz for maintaing modpacks + packwiz + ]; + in + stable-packages ++ unstable-packages; + }; +} diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix new file mode 100644 index 0000000..65c9d6c --- /dev/null +++ b/modules/programs/gpg.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +let + np = config.nathan.programs; + nc = config.nathan.config; +in +with lib; +{ + config = mkIf np.gpg { + # Setup environment for gpg agent + environment.shellInit = '' + export GPG_TTY="$(tty)" + gpg-connect-agent /bye + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + ''; + + environment.sessionVariables = { + SSH_AUTH_SOCK = + "/run/user/1000/gnupg/S.gpg-agent.ssh"; + }; + + programs = { + # Disable ssh-agent, the gpg-agent will fill in + ssh.startAgent = false; + # Enable gpg-agent with ssh support + gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + }; + }; + + # Enable ykpersonalize to work + services.udev.packages = [ pkgs.yubikey-personalization ]; + # Enable smartcard service + services.pcscd.enable = true; + + # install gnupg and yubikey personalization + environment.systemPackages = with pkgs; [ + gnupg + yubikey-personalization + ]; + }; +} diff --git a/modules/programs/utils.nix b/modules/programs/utils.nix new file mode 100644 index 0000000..b1e3751 --- /dev/null +++ b/modules/programs/utils.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkIf nathan.programs.utils.core + { + environment.systemPackages = with pkgs; [ + # Basic command line utilities + wget + tmux + nano + unzip + any-nix-shell + htop + # Rust rewrites of common shell utilities + starship + exa + bat + fd + sd + du-dust + ripgrep + ripgrep-all + hyperfine + bottom + dogdns + duf + # User friendly cut + choose + # Man but terse + tealdeer + # For nslookup + dnsutils + # Mosh for better high-latency ssh + mosh + # PV for viewing pipes + pv + ]; + } // mkIf nathan.programs.utils.productivity { + environment.systemPackages = with pkgs; [ + # Feh image viewer + feh + tokei + # Spell check + hunspell + hunspellDicts.en-us + # CLI Markdown renderer + glow + # Command line file manager + broot + # Much better curl + httpie + # CLI spreadsheets + visidata + # Cheatsheet manager + cheat + # Ping with a graph + gping + # Pandoc for documentation + pandoc + ]; + } // mkIf nathan.programs.utils.binfmt { + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + }; +} diff --git a/modules/protonmail.nix b/modules/protonmail.nix deleted file mode 100644 index daad5b6..0000000 --- a/modules/protonmail.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Install protonmail-bridge and pass - environment.systemPackages = with pkgs; [ - protonmail-bridge - pass - ]; -} diff --git a/modules/qemu.nix b/modules/qemu.nix deleted file mode 100644 index 97d34fe..0000000 --- a/modules/qemu.nix +++ /dev/null @@ -1,12 +0,0 @@ -# Setup quem/libvirt -{ config, pkgs, ... }: -{ - # Enable the kernel modules - boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; - # Enable libvirt - virtualisation.libvirtd.enable = true; - # Install virt-manager - environment.systemPackages = with pkgs; [ - virtmanager - ]; -} diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix new file mode 100644 index 0000000..2d09dfb --- /dev/null +++ b/modules/services/ssh.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkIf nathan.services.ssh { + networking.firewall = { + allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ 22 ]; + }; + + services.openssh = { + enable = true; + extraConfig = '' + StreamLocalBindUnlink yes + ''; + listenAddresses = [ + { + addr = "0.0.0.0"; + port = 22; + } + ]; + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + # Enable mosh for connecting from phone or bad internet + programs.mosh.enable = true; + }; +} diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix new file mode 100644 index 0000000..49291e4 --- /dev/null +++ b/modules/services/tailscale.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkIf nathan.services.tailscale.enable { + environment.systemPackages = with pkgs; [ + tailscale + ]; + + # Enable the service + services.tailscale = { + enable = true; + }; + + # Setup sops + sops.secrets."tailscale-auth" = { + format = "yaml"; + }; + + # Oneshot job to authenticate to tailscale + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey $(cat ${config.sops.secrets."tailscale-auth".path}) + ''; + }; + + # Configure firewall for tailscale + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + }; + + # Also enable zerotierone for now + # TODO: Get completely migrated away from this + services.zerotierone = { + enable = true; + joinNetworks = [ "c7c8172af15d643d" ]; + }; + }; +} diff --git a/modules/ssh.nix b/modules/ssh.nix deleted file mode 100644 index 870fc69..0000000 --- a/modules/ssh.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: -{ - networking.firewall = { - allowedTCPPorts = [ 22 ]; - allowedUDPPorts = [ 22 ]; - }; - - services.openssh = { - enable = true; - extraConfig = '' - StreamLocalBindUnlink yes - ''; - listenAddresses = [ - { - addr = "0.0.0.0"; - port = 22; - } - ]; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - - # Enable mosh for connecting to phone - programs.mosh.enable = true; -} diff --git a/modules/swaywm.nix b/modules/swaywm.nix new file mode 100644 index 0000000..8507259 --- /dev/null +++ b/modules/swaywm.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, inputs, ... }: +let + nc = config.nathan.config; +in +with lib; +{ + config = mkIf nc.swaywm.enable { + # Turn on GDM for login + services.xserver = { + enable = true; + autorun = true; + displayManager = { + gdm = { + enable = true; + }; + defaultSession = "sway"; + }; + # Enable plasma for the applications + desktopManager.plasma5.enable = true; + }; + # Setup drivers + hardware.opengl = { + # Enable vulkan + driSupport = true; + # Force vulkan drivers + extraPackages = [ + pkgs.amdvlk + ]; + # Same as above, but enable 32 bit legacy support (for games) + driSupport32Bit = true; + extraPackages32 = [ + pkgs.driversi686Linux.amdvlk + ]; + }; + # Basic packages that are effectively required for a graphical system + environment.systemPackages = with pkgs; [ + # GTK Theming + gtk-engine-murrine + gtk_engines + gsettings-desktop-schemas + lxappearance + kde-gtk-config + ]; + # Enable QT themeing + programs.qt5ct.enable = true; + # Enable and configure sway itself + programs.sway = { + enable = true; + # Enable the wrapper for gtk applications + wrapperFeatures.gtk = true; + # Install some applications required for sway to work how I want + extraPackages = with pkgs; [ + # Unstable waybar, its a fast moving target + inputs.nixpkgs-unstable.legacyPackages.${system}.waybar + # Locking and display management + wdisplays + swaylock-effects + swayidle + # Clipboard + wl-clipboard + # Notifications + mako + # Terminal + alacritty + # glib for sound stuff + glib + # Glpaper for the background + (glpaper.overrideAttrs (old: { + src = fetchFromSourcehut { + owner = "~scoopta"; + repo = "glpaper"; + vc = "hg"; + rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35"; + hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M="; + }; + })) + # Screenshots + sway-contrib.grimshot + # Albert for launcher + albert + ]; + }; + + environment.sessionVariables = { + MOZ_ENABLE_WAYLAND = "1"; + }; + + # Enable the xdg-portal + xdg = { + portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + gtkUsePortal = true; + }; + }; + + }; +} diff --git a/modules/tailscale.nix b/modules/tailscale.nix deleted file mode 100644 index 866f9d4..0000000 --- a/modules/tailscale.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - tailscale - ]; - - # Enable the service - services.tailscale = { - enable = true; - }; - - # Setup sops - sops.secrets."tailscale-auth" = { - format = "yaml"; - sopsFile = ../secrets/tailscale.yaml; - }; - - # Oneshot job to authenticate to tailscale - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - # make sure tailscale is running before trying to connect to tailscale - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; - - # set this service as a oneshot job - serviceConfig.Type = "oneshot"; - - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey $(cat ${config.sops.secrets."tailscale-auth".path}) - ''; - }; - - # Configure firewall for tailscale - networking.firewall = { - checkReversePath = "loose"; - trustedInterfaces = [ "tailscale0" ]; - }; -} diff --git a/modules/user.nix b/modules/user.nix new file mode 100644 index 0000000..0d59f20 --- /dev/null +++ b/modules/user.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: +let + nc = config.nathan.config; +in +with lib; { + config = { + users = { + # If we install the user and the system is hardended, then disable mutable users + mutableUsers = !(nc.installUser && nc.harden); + # Configure our user, if enabled + users."${nc.user}" = mkIf nc.installUser + { + # Darwin is special + home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; + description = "Nathan McCarty"; + shell = pkgs.fish; + # Linux specific configuration next + } // mkIf (nc.installUser && pkgs.stdenv.isLinux) { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; + hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; + openssh.authorizedKeys.keys = [ + # yubikey ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" + # Macbook pro key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" + # Phone key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" + # Tablet key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" + ]; + }; + }; + # If we install the user, enable sudo + security.sudo.enable = mkDefault nc.installUser; + # If we setup the user, install the shell as well + environment.systemPackages = + if nc.installUser then [ + pkgs.fish + ] else [ ]; + # Configure the timezone + time.timeZone = "America/New_York"; + }; +} diff --git a/modules/virtualization.nix b/modules/virtualization.nix new file mode 100644 index 0000000..e5719b4 --- /dev/null +++ b/modules/virtualization.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +let + nc = config.nathan.config; +in +with lib; +{ + config = mkIf nc.virtualization.qemu { + # Enable the kernel modules + boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; + # Enable libvirt + virtualisation.libvirtd.enable = true; + # Install virt-manager + environment.systemPackages = with pkgs; [ + virtmanager + ] // mkIf nc.virtualization.docker { + # Enable docker + virtualisation.docker = { + enable = true; + # Automatically prune to keep things lean + autoPrune.enable = true; + }; + } // mkIf nc.virtualization.lxc { + virtualisation.lxd = { + enable = true; + recommendedSysctlSettings = true; + }; + users.users.${nc.user} = mkIf nc.installUser { + extraGroups = [ "lxd" ]; + }; + } // mkIf nc.virtualization.nixos { + # Setup networking for nixos containers + networking = { + nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + }; + }; + }; + }; +} diff --git a/modules/zt.nix b/modules/zt.nix deleted file mode 100644 index 4c89017..0000000 --- a/modules/zt.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.zerotierone = { - enable = true; - joinNetworks = [ "c7c8172af15d643d" ]; - }; -} diff --git a/secrets/borg.yaml b/secrets/borg.yaml deleted file mode 100644 index a21e998..0000000 --- a/secrets/borg.yaml +++ /dev/null @@ -1,69 +0,0 @@ -borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str] -borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str] -borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str] -borg-matrixPassword: ENC[AES256_GCM,data:7dZh8G36PAhfVU4k4mdnWAMCRKme9nAd4GUkdwdZiIAd037Ou2n3wJfZLA==,iv:rPGFyAmHe2H0g0mPxSo84NT/wwBwMt1vV9DAenvwbW4=,tag:2Q4ID6jsA02AC4vvPmBTPw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajVrQjRjemFTNTdBOTFn - bTN4TjVoT0hpd3RvUFRwSkdPZzhzNWJ4dWtVCkFSd2lvSE5BLzlGVmhYb3BFMXM1 - dlZiOFdCUnZ5UExZMkpqSDFPemRITFkKLS0tIFdLZU96YjNZN1FiRTBpN3R6c0RJ - Z3JBZWM3RTdqcG44M0RBYXJDci9MUG8KKzI86Y2gYYyhKHK+H5U3aoJuU2a+RiRz - pulu06DWlL6R3e4HUDTpe0m1/RHwYxE8ap+WgVlq7jvG0STZV2a6pg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b0M2WkNPRzI3YW15cHYz - TUcwUGt0bldSV3REKzF4dkk2anVLTjFCbGdvCnNJbWpONjJXU3dBaG1Za0tQS0Uw - engwS0RWRnVCRmdDaGx1UElsNVdZWjQKLS0tIGp2K1BsL0RlaFFzWTdKQmV3NnVa - c1ZONlRic2xBUzhTVVZYMWpGRWJ3bncK829TyEoxOAjmbdAJEZpmt+sW66bpVUgY - njlFpVrwAjLe49RezMelWbfI+ZIlL5+eKvoMzaG3te9daTxPjRoaVQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQkRtS3lyUG9xK3laNndP - V2hOVXMvSmpRKzBqeW43Y01vS2VBRWFQK2xJCk9zQXgzSUFEd1BkcjhicXFpQ3hI - KzhYMXlZaFcrcGx0VG05ZEl4eWttY0kKLS0tIE1saUV4WHNKVC9ocHIzV2JTWENs - M0FqdDF2TU5JY3RwM2lXZEg4SVlscG8KoPu3vxd5watGkeKBPcwnfY79n27RKtre - zZDkeCldJNaIsvX2PPjm3NKUdUjVG1m8m8bQrvq0e4IAWkBwOFjUrA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTTJ4Mm9rZklxWlcraW5C - TUl5UVp1eUxkd0Mxamh5YVpQN0ZxMU83TVRvCmlvMWd0MFc2c3htWllySVRZcWYz - UjNLQkUwVG1Kb0tMb1J0ZHpSMnJDU1kKLS0tIHVIR1cxTXRoSUJtRllsYlk5c3FS - dzNxQzl0VGVsZExhL05vcWJiSzk2c0kKsU5nsgBcKh8EdrTYco6FvVRkk+8tUVtu - gltw8yhYC3TmbdsW185KIDMCxaX8btWmtBKoQk7RiSlHNgcNn+ebbg== - -----END AGE ENCRYPTED FILE----- - - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QTl5blVHUjZYdGdLY00w - aCtYalhVNzFsYlJSZmRPTVpGSmRoSkg5YnhnCmVlbCtka2lUck42MmZIRGkyQ2RC - NWQ5OW5Wc1liOWplbGtXbWxDZHlQQUUKLS0tIG1nOEpjcHpaZjRpM3ZEa3hlSDZL - K2JPTDBMemdyZU9RU0JzRDZFQ2hLZ1EKJrV5DVDw/zqvZ3fzDPc2xcQjGzFy+2pn - Y5yO+fQJC6mrrIQiQG1Jhl6RZNXPgI02f/iJKodDZ33QTc1e9/916w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeUttdmhEalQ4R0EwbXVH - azZrMmx0Q1p5K2ZTTXM3RTQzWWZlNUV6cmhRCmppdGExTmU0aGF3Rk9lS3hnOHd4 - cStBejlrZU42OHJJbEVKblppUUgvdmsKLS0tIGo5YkJGdkdFUGxta3k5aGVGRGRk - WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/ - nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-11T00:07:08Z" - mac: ENC[AES256_GCM,data:o71aJDP01oX/hzJKjkOkM185wgQ0YSCeYtkjGnGF7OLZ5v7EFIK7iszU4nXP5XdtVydHBXDIWGZPLg2pIzWwlOun3K2sxsy6oGrbgE0rB4+G8SSqO6vi7Lny6+RMI8jYmMEx5hUNOWEc/YWtyBxiQ2iXf7Lcj/Xg2adDDHXUJ4c=,iv:n1D/VapaoLD4qhGhj7xRaqYSkaTizNmNCVYUrfYHyqU=,tag:hZD2iH0YWntEMB9JoMYDXg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/secrets/gitlab-runner.yaml b/secrets/gitlab-runner.yaml deleted file mode 100644 index de6dd44..0000000 --- a/secrets/gitlab-runner.yaml +++ /dev/null @@ -1,66 +0,0 @@ -nix-asuran: ENC[AES256_GCM,data:g5rLx9e8+YRVSEGR/zz2cf3XQ79um7iQgK6/5CA/15Xx+KBaPFi0CRsTyXpbMiHAVGJEqruNxEa5AE8VfOtPCjFp0Qed4bkmN23mGHDFTeXZ,iv:sX7ZkCxU6CGCPF+dhdfaZSqk6ADfsNgeNINzfqhEblo=,tag:eTj5BGN86qPNuauI0C6+Bw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eHpicnMreWNUbEVBNHdm - bVBKekVVdng4V1RpNGdKK2ZtQXJrOU12Vno4CldBZFlaREhnVVBaTERCQ3cyY1Y2 - WjdLa2I4QnBvZGJpV25ZQXF2MHJtS28KLS0tIC9Oa0NydXFtR0diNGRxbXZHYmdK - Z2h4U0VlTmJPa1BCay9SRmhJSlhURXcK/s3wwTnokpnYJ2q5/NIX2BnJnKwpzBt6 - C/8os7EZ3IYinL5Joz4BgN67yzvWNqrputVKmf+/WnL8utiosZBC/A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVUVyZkZOK2pId3BxeEFl - RW9RSllmWklpZEp6Y0ZObGZZMGFZZ3Z3SHlZCkNPZzNWdTVCNkxEVmFtRW5uRFFT - WmNTUGVXYzdxUVBRK0pNMHVjeDdINVEKLS0tIDJyOTQzLy8rckR1Ui80VTYrR3gz - VmkxTlJTRDZYZEVrYklkSU1EZHdWdUkKLwlC83gkZmtmUF6wXyleSDJ1FvfUlDjo - iwkFo+SSOUVsFWJw2FB4sSCFyZ1qmH+57nQsw5JDrk15MZ3xd4g3dw== - -----END AGE ENCRYPTED FILE----- - - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORXhDU1NDQ3Q4cHhmMVlD - K2hnSWRtTGkybnlBajlFaU1vTnRSNFVTclRFClV5Y2dzTHZwOGpyM3NOZnppYUpp - OXVTZjFSMnd6WVRGakloRHd6NldFK28KLS0tIHJNditiZWxUclZuUVpqTi9DL2JG - T3FQWUJEbm9IZ2tvamtlNjBnQXVrb0EKQ8Bpa/DcIH55KoJFozOCZzOmMwtChbpk - X5sSK23aQdljSY8oLHaq4GxQVGkCukNPWDwRvcYKcS7N7e5pdXctFQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUHI3dUNRYld6RlhJdlZN - RGV1L3h4a3dHQ0JoQmRnUDRraVNrYmV3a2w4Cm9LK2lFMHJhOURld0tKS0NFT0NQ - WUZyQkNaUWhseHJ2djFxcFhzNkVXQlUKLS0tIEFxWlVFMWdha2VjQUhndWoraU1J - eG5QdkdFY2lRalZhTEJ1OVVXYU9RczgKGRBHEE4buclWmFEjAiMWFk8lYwNJkDdz - ssmH09J95uqKkdfob+mjBU4LVZqLzDRhw3s5xo6dHSAmjhkQSyHZxg== - -----END AGE ENCRYPTED FILE----- - - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL0lZclU3Y2RCQ0pXclVv - akVvZ29iSlZSQ1lKWHp6bmZVaTVoaDVKU1JJCitLVjZJMm5VZzhXeEZWdkFpcFJv - Vnp6STNpdWE0eUxyZUhZcFBra0xsQzAKLS0tIFNlRW5nejBNTzU2R0ZJV0hHaHFX - V2swZ3dTcHBMVXlGZGkrWWNZVWZlZFEKmwky7MF79rTZRrDTKp+ODICV5Ag18vfL - SAdgpt3fJgwOuNIZpE3zO1tA1K/amk4LS9pGN1jq9sch3Nkk7R6TvQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bTl4aWNzUWVCSEdwR0wx - OWhLVmRYbWlwenpWTzRicEd3ZkdSZjdCRWhRCkxvbEhIVlRNRUZTNHM2RjFtazd6 - MHRNejFJUnViUTF1Y3dqUFh5RjNuVnMKLS0tIE9UQ1lwRGpUT3JCb05iUnZCMFZB - R1BiNnFyUzhWcDhJd0JOV2xQRURUaWsKDZ8fr8YHgecqzZuMEGdXCe1MZHe5UP3x - C3CfnrprJWJCKh1EfVvycwcjSU66MdcoU3G12zdU1EiqlJdtfOzyqg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-05-28T03:19:17Z" - mac: ENC[AES256_GCM,data:pe8D02Uv4ALFmyZb52QZbPFLCYPddd1U3vGHmiPl1ZC/hiJcRZl5riB2GWrq5Eq/E6uoTl70Mbuk6FTT84iNkCPAOr/U95aPj/gUhP4B/7UGJiA49TI86gHRHBzvd5TPjpht6kQhlyU26Z/Z6JqYyCa1itTO2PAnzuaDYkxfpJc=,iv:83krP9E0ZWneX3e5YUS2srzNraU/vdQxKaO2RwNt810=,tag:g165SgajOR1tZmDmnACYtA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/secrets/lastfm.conf b/secrets/lastfm.conf deleted file mode 100644 index 88dae96..0000000 --- a/secrets/lastfm.conf +++ /dev/null @@ -1,24 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:oOtQy15abXSDyeokVMenOWgw6r0RRBiQ7YioT20Qacjd4WYWiBY3iKledcOSAVk/8sL2UJrxO5Jn0Jb/iEgxlpsRhZsBy+Ta,iv:ZHV/53GY9ItxfnelAz77+FPp7skXpZIEoGRTqaP3rr8=,tag:Ei3GD+Cm9spnx52OsBo0mw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldk10aElCTUhnT1NnL2VE\ncmxVSjAvRW1ta0hzQ2RkL1p5eTZ1RHV1bUYwCnRBczk3K1RkK2hHWHh2UG5WeTFp\nKytSbFhORzJOeVJDMDhaUXNzV016K0UKLS0tIE0xVXBMQm50Tmo3UVBhakhuZHc1\nRVZxYUdKMExPdTRmN2NIME8zY3pXaDQKiKcFgWhJnkazqETFI+X0CF5MEztMLZJ7\nqLAqrPyCq048BMr+T2tuFsWnXDrQP9TdF4bKZbVu6bRERoFt1booLw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMelJQUTFMalV1Ni9uOHFx\nUm9COE5oMHpvNy9jZmhDaHpKU2tmR0FSSGxRCndibnN1QUNXNk5MMnoza2doOXBG\ndzBBMCtYbjg4WEZWV0pnVVcyMWo3a3cKLS0tIHNTZzZEMktESWF5dSs4ZW10Ykth\nZ1J5Y3lZbElJUGlJaU0zNTR6d2ZTVE0KkW+mJDTlMvt2tCoGeqgL50RU0PArH07q\nLCxoj/7MRV9BegKOrThJ+IfcfgLWnTB2XGGf8wIBAQbseb+H+Uq9Zw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-05-23T02:43:23Z", - "mac": "ENC[AES256_GCM,data:gMQTP8HpmdLO5/X7EMDWAhLy5TO+maOq7Kk53JBoVWJYR5kEU4bK2KN8rEArORICcs7MtfRAPRxsivlxGN+Erhe/IRUWwTMDBekppOh16iNw1leStwomHSe5nhJvBzEf8rRWynojp7WzfAalpfAD2b77cCOUviXh3VWmB2olcqc=,iv:hBHLKWPaEIrcCk6vkefgZQkkjSjN7x/bnajTf1D28LI=,tag:/W/WAAFON7U7M0yA/7Cxzg==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/secrets/matrix-community-recaptcha b/secrets/matrix-community-recaptcha deleted file mode 100644 index 82a66e5..0000000 --- a/secrets/matrix-community-recaptcha +++ /dev/null @@ -1,40 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:3ZzrLItW8BjikdOUcxMgVRrEkM5jj9065T/x6EJrGKjoV3quznbAlWKRn5Tpa0UOq4c+PbcFeS7edJSQkqd7sTxH+noDfOdM1gIXrQbNHHWOrmqzYmppRYLxe+gkffhQDFJlGWMuKNiOx2eGtATCvgojsKIlWOI9npMT16Osx3mvEZ9TtmvKWsh2WK9C1SUJtj0TdTkctg2/qjW7yqQ/+JAY2/0oRJDz,iv:tBW7tRVRTS/ORV6A/yoP6x/yjGH6lNHKn0/sWjjBXgc=,tag:iBtwsr63lxwyjoHkXI4hyw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OU5mT0VJeEx6UkVYWVhJ\nMDNnOGlpaVhLUnlhTHVrcEtLQU9mamVrTEFzCkROMlgvUXNMVlR0aTNxQ1Qvc2lD\na1JEMXRYc0t2VWh6QXp6WUhmR2lQbHcKLS0tIGx5SjNEdmxETDlqZmF4ZjdLeUg3\ncGVabVVkTzg1bGJueVhSbnJzZC9sYzgKlzR7qCu3TB33cJEM9tWuXU7Mt3p+y2KK\nPQo6R/j+j6jeaqRe4TnB2oz3ZDvd8E6JxEFCEQMuIVwMs79qy2tyEg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0S3gwdmNiRURxRnAyVXZ5\nYkhBcmxZRDlkNWx5RDc3WnhidG1qWUt3cldBCm5JaENXUUplT1N5VlU0Y1U4UVk1\nVDlTcnlBTStxTEN4YmdlVEN2eWV3aEUKLS0tIEZxbG5JRUZUVi9Kd1Y1dnBQeXFF\nOGtvWFMwNjlybEZxZ0wrSDFEYlp5eTgKc6wUj1ZppA/DvgP+eB2pnwBYXVkEJJWb\nA9wqEvjAQjpktsFkjGH+la03RJftPZaQXP9Bx/3qFHmaZ2MKN2Ff9w==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOTkxdExrby9BRVZ4L0kw\nQkVMZHhJVmgwbW5vVW9sU05jSE5yZ1psZ1JNClRIenlKNlRCWCtrKzY4TXpnaHpV\nZEVGWlNuaFpadW1TcElSVlkrYndvMHMKLS0tIDVXekwzQ0ViR1U3cW1vY3IweHpE\ndGNzVmRZQy9Ob2lvN0tFU200MkR2QVUKOxLB3N179MTmcEp3rLqcGkw1PvJUku3O\ntGHd8bu/egwNYExh3+9zrXjRjF7H8rj/aTOsfMrPg4HTEa0zunh0jQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqeFQwcmtvcTRBcTJJeEJF\nOGdzL3RoME5PU1N1SERvMG1iTGRPazRJdWo4CmhoWHVha1BkWjA1ZG8rMGFXM01V\nMTlkUE9yOFF1RmZtbXNCeldwOEJTYUEKLS0tIHVhUkJJRGErVjdTS21Cd3pNY2w5\nMjhOTUFLQ3dZSGJRcDl4aitoeTgwTWsKvE0GMBacRdIuDfwdhS8+OsuCdXzHtM4b\no81euQF3qfoDhOs0TjhlT4qc8mvf5o6pQEyOiqCmcbbykW5JnIzUeg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZFk0bVRvcmpBZlB4bFk2\nVVUyQW9NMm9oM3YwVk8yL1d2Q3RNRzVmNkdZCnZSTEhaVkVSWVpiY1ErTjdKcUpx\nTW0yRytSOUhLZzJ1RFk3K01kT1ZNd2MKLS0tIEZDa093c1BsYTA0Y2JaWjA3eEZQ\nelR1ODd0cVNCNTVwR3M1Q3QxalptZzQKsz0mPw8ZJ7am2FnOR7a6BRIVERhXMsCy\nNqRfpnlKPSpvCbuZqVWxyqweg2vYFsL5Z7kHIDSZBGbGtUSfToAykQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRHR6VzlodzJxbHRxSGNV\nWGVQeTBkQS8xODF1aTN5YVZHZnNTSW9IUUVvCi9kZ1V2bHdjMkpNTDJaNk1MZS85\nWFg2Q0E0L3o2ekdmamM5ZzZWb0ljaGcKLS0tIGx6MWpPOGM0UzJCN2IyckM3OThQ\nQ3RlQzh5OWZtd1JRRmdRdlA1djErYTAK4H2//NN6irNZmTj/VVMfkbapOPeSutif\nVxtx5U9/1ors/yxoWdvkAfPD50IiPhfEq3FVUbbLoLIeA0cxIKX2tg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-05-23T05:09:47Z", - "mac": "ENC[AES256_GCM,data:ZoZ+H/bFSvvSQGbFcmIUXtXTZqWBCqOPX5lCQxm3HV6OJahgPxWf0j+9lWih3dsc2sroXX6EmXFG7r1TO38Kpzjn3PFQH938J++9xwTPshREPhXULRC6l+yIJir0mz/5/dw6ZIBRavXLJdVaM9WnnyEDMX+X1IsKdtZ7N5HoC3U=,iv:Zdv2Gr/nZxLMo1to11JwxDOpyv8PA2FtafT+lYlm/1s=,tag:DcYS9cKztNBXzrsPhCxBBg==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/secrets/nathan.yaml b/secrets/nathan.yaml index 32d3c72..01b9495 100644 --- a/secrets/nathan.yaml +++ b/secrets/nathan.yaml @@ -1,5 +1,4 @@ -lastfm-username: ENC[AES256_GCM,data:uzGMxSMjnUYLF0Mutg==,iv:9JSXwl+X5eKIoJFjOt7LntlK6iQcy/Fm1ViG/J3I1d8=,tag:MAsE2f3qxBTYS+gt783jow==,type:str] -lastfm-password: ENC[AES256_GCM,data:U+jEt8sY/kB7r1y0odqf0fs7jt5Jj2ra,iv:olko3/QHnNPoNpEMUeGL77qxphYLGhHSnn+ru5ANd2U=,tag:iXUy1CnZmI6cDj5dy5U3Kg==,type:str] +tailscale-auth: ENC[AES256_GCM,data:p/hDzRWFH13b0yFMpE2OkWU1KxPxCPhPSBcQlKy822P5D/K3lh8q2A==,iv:S+BDPc8vZc28EkO/XWgo3hyVRz6ap/Q/AqOGBr4DCzA=,tag:U0Ps+u7EpE/+wDoZmnfWgQ==,type:str] sops: kms: [] gcp_kms: [] @@ -9,23 +8,59 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVWh2dTZzZXE5SWtNVW9K - TFp3NGc5NndvdXZUVzVCOHhPQ0Q4TVRwVGt3CkREOFJkc3dyck0xTmQ1bnhzSHA2 - dFdrVThwajMyeS9tODl5UHpUQWk1OEEKLS0tIGdsaFBKMDR3RDdSOUU0THFpbXJy - UGZ5dVljc3F1a080TnQ0UWpRQ0tVR0UKbMgZKAHeLWb/sgMNbjO/SUwAeiaSiwcy - TbMu1WJdG6CJKxpsYiYvSo5S6FcOp/xWYh3+893zkwoL31yf64NACA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR3ZrbnhyOGlsd1FGNnlM + eWp2NVcydGtJL1pXSTZnYUhjY0JYNEJwUGlvCk82cnRNbFJnV2sxS2ZwVE8wWTIy + OGlzTGRKeEo1VmQybTlody9vSjhZd2cKLS0tIE44bkg4NVkyMnhsYnZoMUhvZkhs + Vk5vU2psN0FXM3YvbjZISGZnQk0zcEUK+XhL767U4VOHKtUpm0rvS2a0xZqqDPn0 + lzpJJ/xy3sHwUVb4iLHGigcc78mefu2oecMP8bfDuZFp6DNoK9WP1Q== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ2R2N3p6K2J1ZW5oTUNr - WVNBS3A2T3o2WXhRU216L1F3WmE3V0tzNGdrCnh5OVVXV3YzTy9UVE9qWE4yNnlv - Ym5EN0QyU2xMMUw2TWlSU2QvdStPeFUKLS0tIFZpN1drNkwyWG5TRWlULzVFb1Bl - NW9lVmdFOS9KSFFld2F0VVdZcjRhR3MKpwRAfTUHogYp3XKdXyKih/DxWjEy6D2o - 2a0cwtZ3+pHXxMTJd3wGvKpPNPO58YO4lgIUuwkR02upLzIre/KgRw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZ1lNdlk5UU9xUVhRRzFt + bThEbk5BUWtWSXptTmZLRjBMSjd3bzVjbXo4CjRTNUJZZ2h5ZnJTNXMwRkFMbGxs + S3dOZUtRbUxZSXJHb1E4QXNxSlBScEUKLS0tIFNqSVRIdXZUckVJanBTWTd3dHMv + Z3NvcmdrcjZtK3YyR3o0Znc5cmQ2YVkKFvRIQQoxZ7WYngPHJJPCYpUuAPRjxABV + iD8mJ2RJ+VStQONZZyhf9ZC+TprdNC5nD4GimA/AM5f5YxRAhRhXcA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-05-23T02:43:17Z" - mac: ENC[AES256_GCM,data:T/zhvzP6ziH0gKcy694VlX7KSQRlk559REAuR7NfkxvhFhi7WwOOnBE336q5s4ebfGWUqREOzt6MXTDILVcjwbBC8HZ8sDInx364KXfmcSo8C/Md4VgDIqFYBsLYqJNijY34gCtycVZYAc/UBoNztpdtZYMkhBFgzb1DLcaaS3g=,iv:0S2wpefnXpeK80QVbnoJ582BZbZA5CNg/hJd9lLV75k=,tag:Wzz7T9f06bCYirUmaawLMg==,type:str] + - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eWZ5Mzc2QVFZazRrZk4y + a214TW5EMkw3TDNGNlN4N25hekY0UGRXbzBFCnVaZU1MYThMeGRNNWY0WW5DNTFp + MUZFZkxJVDVWdjd2YXlXVkxwTFFyc0EKLS0tIHY5UWZ1akxBcUY4b0E3VUJwakt3 + UytuYTZBZlhMNFNWeDkwdDl0YzR4YU0KOQPfVIBWGFyPbCJOe4yY4i9FwGYaAQRY + aIn9RtB5q84J4KvTXo8+l0XMqzq6AktYJtvuGmKDmoDg/ZoZLj15xg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzREZHQ2o4UnJweXR2bHVQ + R2R5VWtML2NITlNwOU5PYmZLZlRhYkNKd3pjClZCcitJSHBSdnhNVnZwVUYzY0Rn + UURIdFlUVEhLSkt2NGtDZi9tMzNOR1kKLS0tIFRCbW8rYjdMblNaa2NhZW00UzBV + ZUpXQjRPYjNVYVdlbHNlWE5hVDhJam8KyZHwn0y+KIu5J1g7oI6qsBsTWP589Lfd + bZgh/yo9CF9/iZO74I1a4eHYBGYGh/clNjLmKk63gsfxcqY6Ck2eqQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdHV1NXh1RmpPWXBGOVIw + U0I3NWEraWs4dUxLWXdoMTlYQ1d6blBhZ2pjCk1lY0pZM1VHaGFSZGYyeEZxOFFO + MzJwRHdTaCtZakJUNUxHeG40NnlFaHcKLS0tIDVzMzZPN3lQeUhlZ0thWWZLbkc2 + UXNROW1Ub2VyT01jMUN4MUMrUU1mKzgKmf24d/VgivYC25yHJSdFkItt9SCtLNZb + 0Rrh/N11pV24qWFXkFuX/ZKK5bV3JrUgS7K3KWOp4ur6dlI5rfMsUg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOXdMcFJ5WVVBNEhtbkR0 + a1JFczdsZDFpNnd2a0RTWjNoOXM4ZXpSQVM4Cjh0aHg2MCtMWmZPUnRpdEZoS3E2 + NDJZZ3ZpNlh3VUQvQVZxSkJmd05TOXMKLS0tIDJwQW5nVStYSEROVnRJK0liRzR5 + UWU2SXIyTkhRU1NCajZQUUd5MlBnT2MKMIgwTZWnrAKzqHP7EFslZ+HMD7ZtBilJ + +FgcIllwQV9XeIyhAuAeKjP95JgCwn1oQL32fYCyyqwykeb0wjQdzA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-06-24T00:21:52Z" + mac: ENC[AES256_GCM,data:92ibRrMnizSQrHIJtW+2KZSeUlU2/Oi18voZKBsC2xyODDh+iHWOBBlv62YUKODRBE2Ze/OklvcYME03NAvY4/wKOqjz/cFMU8PeEkxZvzCtnP55CCYYL6QJ0DSJPP+dKQQkfTV5Xy0JPyY9lZc+g22FB+/FZeo1o3N3lz9Nd1E=,iv:dTeHpQQWcm6cAh11csxR6Lgw3pdTTFWPqR6MozFP+fU=,tag:7WFZfd1D+twItx/xC/MHfA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.1 + version: 3.7.3 diff --git a/secrets/tailscale.yaml b/secrets/tailscale.yaml deleted file mode 100644 index 70f4641..0000000 --- a/secrets/tailscale.yaml +++ /dev/null @@ -1,66 +0,0 @@ -tailscale-auth: ENC[AES256_GCM,data:Xp3WPLuOkjgXa85Xtx5LqKSn3M4uRtPwVRJco0yctvdftsCh00NFzA==,iv:lVqOkksJha0tw3yZyeWdOhpB3omQ8WDya2OTeDcrP54=,tag:C3JOb7hG++wgJZSN2dFMmA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4OWM5NzlFd09POHJKZmVM - MFhqZFNiUUxBU3p1NHBBTERMd0tWak8zL2pBCjFldDdlUzd4TFI5b09PNFhtRHlT - Z1VuRVNnK0xlTFNEMjFxUmFqMWJIQlkKLS0tIExLaDBkdytZbTc0b2d1enlBUGQr - RzZJR3RmQ1haa25hZzNVVGpXdXcxczgK4NoVyME5fmgDV9sWg0GjB8bvlYFJtF+l - NM+gug2ZAxhx8AuRt89oYqhKLxzEDfEtGpX02kbLWZ0RTTDLlqmDKQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvL2UzdGM5a2FJbjhFYkdX - NHhzeGFTcXArV05nTmlBWjY4OUtDaldpYWdNCkl5aWZvRXhkTHNJdnBWa0tzY3Vy - eUZjanJybEVJeXBDOHpvRDVWM2NkTVUKLS0tIHB0UHQ4MFZpVVdKM2pYNkJkYTAz - MFlIdHJBN3FEVE5FR3Bud3dvcHhuQm8KiQSQ38odsEfJusja9/ouwxSNFeis3ISB - hvrkz6R0WPU22dcpJyFuVMlnTvtkKakabYhWuLlZLzBB8qwGsB1WRA== - -----END AGE ENCRYPTED FILE----- - - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUDZ3Zitodll4VXZoazRM - UXZ3N0FUVG9EMlIxVUlpS21UcXg1V3dPRGhRCjg5ekZ1UUErcitDMU5KeWlGK0Np - clhlMHk0WVc2MVBYNnZVN3NLKzV6Zk0KLS0tIFprYWVZbkFMYjQ0dlIwTWNDSzlj - ekdGVGFwL0NZakJzb0hEbDRKMmZkZDQKfxr3gdNKkF0x4WIVQweC3ZoV38YZCqUm - bzpfbkM0zpbL8+uNc4p6kqHhC3MktuV454FiS/UXpeazLa2s4VtM+Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJQ1BQSnduMmduTDd4S0Zx - WE5sL2wxRk9HQ2JmVTB6Vk9DN2k3MEhBWkdJCjU1b1FHb2lRL2Y2K0J5dE1zQ1Bm - YjE4eDZ1dWNEVXFoWndFNFloK3RiNmcKLS0tIElQNEt5c2tGNHpERHlBUDlrWGJq - K0RySWMyOEsyYUIxM0U0Z2FNNlVsMDgKRPckpbJeAnCJuKb0zaEPQFoQ9ScvPJHN - NEHeVV68iPKmNWrS8DAYaaeyYcADjxA/JuOUmrA6Uigbgl5rmWQR3A== - -----END AGE ENCRYPTED FILE----- - - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWXB5Qm44dDBWNWMrWmNa - aWNOM2tIcVAxU0JqU282KzhGMG5FYWhEYW53CjRXSWxyVGVLVTRKMHJ5ejJ5eWJF - a1k1VTZUUW9ycmV5dEo2TU5FYWNTNTAKLS0tIDlYZ2ROYUtXYkhDTFBmRndzWnZ3 - MmtaaEIvd2tlV3hRdGlVcmV3SXZaQ0EK78lpqMOPuyMh8NFdSCpPwQov6j0kVwKX - 3pTSG7i9fduwOygCynn/Be6W+5G5iI448lxSCfHLoESACZpiFpc+nA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0R3BzM2p3SUp3R0ZLOG9R - V29ESE8zU1J2Q01vclRRSXUyOXNCeW8zK1JVClBxUDdqZkoybW8ydkpDTnZkY1Bo - OXNjR3NrZVRMbzUrMVBlS2VJTXlxRjAKLS0tIFBsa1NmdjdrT0VFd0ZRV3BIck1x - bnhDdUV4SGh4QXJIUEZDOWptNkxhUTgKGUGoazZzBYWpMqLJcrryJAYWe84ttGoP - 6o0hlKQf4XlcouqxYoY754uO4Xrvr51aaNqmUGgToc0zlFcTRvrK5A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-14T17:48:23Z" - mac: ENC[AES256_GCM,data:z2CU/geAuYKDsdoASsxDK4trIVqsPfr2sHw5D92g6uiUoQDOUXf5/ihQxJvgcKWCxYixZnZ4zsNCkd11YU52oNUdY7LZqg9X8C941WGsqKLBzRTI875EYK50MFO22RaBKWSgJYHasWhh6OIgLjyw1VL1HWcKlN8kuTYV33Uo/2g=,iv:NFornFaSHy1aRBOWl0O6kmbvGcDJbZM0JOj3iagFNUM=,tag:V/AlMWy0Jk4V+ZC2XsTaBA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/system-specific/matrix/gitea.nix b/system-specific/matrix/gitea.nix deleted file mode 100644 index edee9c4..0000000 --- a/system-specific/matrix/gitea.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - services.gitea = { - enable = true; - appName = "Rust Community Matrix Homeserver"; - domain = "gitea.community.rs"; - rootUrl = "https://gitea.community.rs"; - database = { - type = "sqlite3"; - }; - httpPort = 3001; - settings = { - ui = { - DEFAULT_THEME = "arc-green"; - }; - service = { - DISABLE_REGISTRATION = lib.mkForce true; - }; - repository = { - DEFAULT_BRANCH = "trunk"; - }; - }; - lfs.enable = true; - }; - # Setup the docker networking for woodpecker - systemd.services.init-woodpecker-network-and-files = { - description = "Create the network bridge woodpecker-br for filerun."; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - before = [ "docker-woodpecker-server.service" ]; - - serviceConfig.Type = "oneshot"; - script = - let dockercli = "${config.virtualisation.docker.package}/bin/docker"; - in - '' - # Put a true at the end to prevent getting non-zero return code, which will - # crash the whole service. - check=$(${dockercli} network ls | grep "woodpecker-br" || true) - if [ -z "$check" ]; then - ${dockercli} network create woodpecker-br - else - echo "woodpecker-br already exists in docker" - fi - ''; - }; - # Setup woodpecker - virtualisation.oci-containers.containers = { - woodpecker-server = { - image = "woodpeckerci/woodpecker-server:latest"; - ports = [ "8000:8000" ]; - volumes = [ "woodpecker-server-data:/var/lib/drone" ]; - environment = { - WOODPECKER_OPEN = "true"; - WOODPECKER_GITEA = "true"; - WOODPECKER_HOST = "https://woodpecker.community.rs"; - WOODPECKER_GITEA_URL = "https://gitea.community.rs"; - WOODPECKER_LIMIT_CPU_QUOTA = "200001"; - WOODPECKER_LIMIT_MEM = "2147483648"; - WOODPECKER_ADMIN = "thatonelutenist"; - WOODPECKER_ENVIRONMENT = "SCCACHE_REDIS:redis://172.23.108.12"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-server" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - woodpecker-agent = { - image = "woodpeckerci/woodpecker-agent:latest"; - dependsOn = [ "woodpecker-server" ]; - volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - environment = { - WOODPECKER_SERVER = "woodpecker-server:9000"; - WOODPECKER_MAX_PROCS = "1"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-agent" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - }; - - - services.nginx = { - virtualHosts."gitea.community.rs" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:3001"; - }; - virtualHosts."woodpecker.community.rs" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:8000"; - }; - }; -} diff --git a/system-specific/matrix/matrix.nix b/system-specific/matrix/matrix.nix deleted file mode 100644 index 4e0845a..0000000 --- a/system-specific/matrix/matrix.nix +++ /dev/null @@ -1,439 +0,0 @@ -{ pkgs, lib, config, unstable, ... }: -let - fqdn = - let - join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; - in - join config.networking.hostName config.networking.domain; -in -{ - # Punch a hole in the firewall - networking.firewall.allowedTCPPorts = [ 80 443 ]; - # Enable postgresql - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - # configure cert email - security.acme.defaults.email = "thatonelutenist@protonmail.com"; - security.acme.acceptTerms = true; - # Enable nginx - services.nginx = { - enable = true; - # only recommendedProxySettings and recommendedGzipSettings are strictly required, - # but the rest make sense as well - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - # This host section can be placed on a different host than the rest, - # i.e. to delegate from the host being accessible as ${config.networking.domain} - # to another host actually running the Matrix homeserver. - "${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - locations."/".extraConfig = '' - rewrite ^(.*)$ http://www.community.rs$1 redirect; - ''; - }; - - # Reverse proxy for Matrix client-server and server-server communication - ${fqdn} = { - enableACME = true; - forceSSL = true; - - # Or do a redirect instead of the 404, or whatever is appropriate for you. - # But do not put a Matrix Web client here! See the Element web section below. - locations."/".extraConfig = '' - rewrite ^(.*)$ http://element.community.rs$1 redirect; - ''; - - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://127.0.0.1:8008"; # without a trailing / - }; - }; - # Main domain - "www.community.rs" = { - enableACME = true; - forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - - root = "/var/www"; - }; - }; - }; - - # Enable element web - services.nginx.virtualHosts."element.${fqdn}" = { - enableACME = true; - forceSSL = true; - serverAliases = [ - "element.${config.networking.domain}" - ]; - - root = unstable.element-web.override { - conf = { - default_server_config."m.homeserver" = { - "base_url" = "https://${fqdn}"; - "server_name" = "${fqdn}"; - }; - showLabsSettings = true; - settingDefaults.custom_themes = [ - { - "name" = "Discord Dark"; - "is_dark" = true; - "colors" = { - "accent-color" = "#747ff4"; - "primary-color" = "#00aff4"; - "warning-color" = "#ed4245d9"; - "sidebar-color" = "#202225"; - "roomlist-background-color" = "#2f3136"; - "roomlist-text-color" = "#dcddde"; - "roomlist-text-secondary-color" = "#8e9297"; - "roomlist-highlights-color" = "#4f545c52"; - "roomlist-separator-color" = "#40444b"; - "timeline-background-color" = "#36393f"; - "timeline-text-color" = "#dcddde"; - "timeline-text-secondary-color" = "#b9bbbe"; - "timeline-highlights-color" = "#04040512"; - "reaction-row-button-selected-bg-color" = "#b9bbbe"; - }; - } - { - "name" = "Dracula Flat"; - "is_dark" = true; - "colors" = { - "accent-color" = "#bd93f9"; - "primary-color" = "#bd93f9"; - "warning-color" = "#bd93f9"; - "sidebar-color" = "#1e1f29"; - "roomlist-background-color" = "#1e1f29"; - "roomlist-text-color" = "#eeeeee"; - "roomlist-text-secondary-color" = "#eeeeee"; - "roomlist-highlights-color" = "#00000030"; - "roomlist-separator-color" = "#00000000"; - "timeline-background-color" = "#1e1f29"; - "timeline-text-color" = "#eeeeee"; - "timeline-text-secondary-color" = "#dddddd"; - "timeline-highlights-color" = "#00000030"; - "reaction-row-button-selected-bg-color" = "#b9bbbe"; - }; - } - - { - "name" = "Dracula"; - "is_dark" = true; - "colors" = { - "accent-color" = "#bd93f9"; - "primary-color" = "#bd93f9"; - "warning-color" = "#bd93f9"; - "sidebar-color" = "#1e1f29"; - "roomlist-background-color" = "#1e1f29"; - "roomlist-text-color" = "#eeeeee"; - "roomlist-text-secondary-color" = "#eeeeee"; - "roomlist-highlights-color" = "#00000030"; - "roomlist-separator-color" = "#4d4d4d90"; - "timeline-background-color" = "#282A36"; - "timeline-text-color" = "#eeeeee"; - "timeline-text-secondary-color" = "#dddddd"; - "timeline-highlights-color" = "#00000030"; - "reaction-row-button-selected-bg-color" = "#b9bbbe"; - }; - } - { - "name" = "Geeko dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#73ba25"; - "primary-color" = "#35b9ab"; - "warning-color" = "#bf616a"; - - "sidebar-color" = "#2a2a2a"; - "roomlist-background-color" = "#4a4a4a"; - "roomlist-text-color" = "#fff"; - "roomlist-text-secondary-color" = "#ddd"; - "roomlist-highlights-color" = "#2a2a2a"; - "roomlist-separator-color" = "#3a3a3a"; - - "timeline-background-color" = "#3a3a3a"; - "timeline-text-color" = "#eee"; - "timeline-text-secondary-color" = "#6da741"; - "timeline-highlights-color" = "#bf616a"; - "reaction-row-button-selected-bg-color" = "#bf616a"; - }; - } - { - "name" = "Luxury Dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#D9BC00"; - "primary-color" = "#FFDD00"; - "warning-color" = "#FBC403"; - - "sidebar-color" = "#020F1B"; - "roomlist-background-color" = "#011223"; - "roomlist-highlights-color" = "#1E354A"; - "roomlist-separator-color" = "#05192D"; - "roomlist-text-color" = "#FFEC70"; - "roomlist-text-secondary-color" = "#FFF3A4"; - - "timeline-background-color" = "#05192D"; - "timeline-highlights-color" = "#011223"; - "timeline-text-color" = "#FFF3A4"; - "timeline-text-secondary-color" = "#A79000"; - "reaction-row-button-selected-bg-color" = "#FFEC70"; - }; - } - { - "name" = "Nord dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#a3be8c"; - "primary-color" = "#88c0d0"; - "warning-color" = "#bf616a"; - - "sidebar-color" = "#2e3440"; - "roomlist-background-color" = "#3b4252"; - "roomlist-text-color" = "#ebcb8b"; - "roomlist-text-secondary-color" = "#e5e9f0"; - "roomlist-highlights-color" = "#2e3440"; - "roomlist-separator-color" = "#434c5e"; - - "timeline-background-color" = "#434c5e"; - "timeline-text-color" = "#eceff4"; - "timeline-text-secondary-color" = "#81a1c1"; - "timeline-highlights-color" = "#3b4252"; - "reaction-row-button-selected-bg-color" = "#bf616a"; - }; - } - - { - "name" = "Nord light theme"; - "is_dark" = false; - "colors" = { - "accent-color" = "#a3be8c"; - "primary-color" = "#5e81ac"; - "warning-color" = "#bf616a"; - - "sidebar-color" = "#d8dee9"; - "roomlist-background-color" = "#e5e9f0"; - "roomlist-text-color" = "#d08770"; - "roomlist-text-secondary-color" = "#3b4252"; - "roomlist-highlights-color" = "#eceff4"; - "roomlist-separator-color" = "#eceff4"; - - "timeline-background-color" = "#eceff4"; - "timeline-text-color" = "#2e3440"; - "timeline-text-secondary-color" = "#3b4252"; - "timeline-highlights-color" = "#e5e9f0"; - "reaction-row-button-selected-bg-color" = "#bf616a"; - }; - } - { - "name" = "Selenized black theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#70b433"; - "primary-color" = "#4695f7"; - "warning-color" = "#ed4a46"; - - "sidebar-color" = "#181818"; - "roomlist-background-color" = "#252525"; - "roomlist-text-color" = "#ffffff"; - "roomlist-text-secondary-color" = "#b9b9b9"; - "roomlist-highlights-color" = "#3b3b3b"; - "roomlist-separator-color" = "#121212"; - - "timeline-background-color" = "#181818"; - "timeline-text-color" = "#FFFFFF"; - "timeline-text-secondary-color" = "#777777"; - "timeline-highlights-color" = "#252525"; - "reaction-row-button-selected-bg-color" = "#4695f7"; - }; - } - - { - "name" = "Selenized dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#41c7b9"; - "primary-color" = "#4695f7"; - "warning-color" = "#fa5750"; - - "sidebar-color" = "#103c48"; - "roomlist-background-color" = "#184956"; - "roomlist-text-color" = "#dbb32d"; - "roomlist-text-secondary-color" = "#FFFFFF"; - "roomlist-highlights-color" = "#2d5b69"; - "roomlist-separator-color" = "#2d5b69"; - - "timeline-background-color" = "#2d5b69"; - "timeline-text-color" = "#FFFFFF"; - "timeline-text-secondary-color" = "#72898f"; - "timeline-highlights-color" = "#184956"; - "reaction-row-button-selected-bg-color" = "#4695f7"; - }; - } - - - { - "name" = "Selenized light theme"; - "is_dark" = false; - "colors" = { - "accent-color" = "#ad8900"; - "primary-color" = "#009c8f"; - "warning-color" = "#d2212d"; - - "sidebar-color" = "#d5cdb6"; - "roomlist-background-color" = "#ece3cc"; - "roomlist-text-color" = "#c25d1e"; - "roomlist-text-secondary-color" = "#000000"; - "roomlist-highlights-color" = "#fbf3db"; - "roomlist-separator-color" = "#fbf3db"; - - "timeline-background-color" = "#fbf3db"; - "timeline-text-color" = "#000000"; - "timeline-text-secondary-color" = "#777777"; - "timeline-highlights-color" = "#ece3cc"; - "reaction-row-button-selected-bg-color" = "#4695f7"; - }; - } - { - "name" = "Solarized Dark"; - "is_dark" = true; - "colors" = { - "accent-color" = "#b58900"; - "primary-color" = "#268bd2"; - "warning-color" = "#dc322f"; - "sidebar-color" = "#002b36"; - "roomlist-background-color" = "#073642"; - "roomlist-text-color" = "#839496"; - "roomlist-text-secondary-color" = "#93a1a1"; - "roomlist-highlights-color" = "#586e75"; - "timeline-background-color" = "#002b36"; - "timeline-text-color" = "#839496"; - "timeline-text-secondary-color" = "#586e75"; - "timeline-highlights-color" = "#073642"; - "reaction-row-button-selected-bg-color" = "#268bd2"; - }; - } - { - "name" = "ThomCat black theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#cc7b19"; - "primary-color" = "#9F8652"; - "warning-color" = "#f9c003"; - "sidebar-color" = "#000000"; - "roomlist-background-color" = "#191919"; - "roomlist-text-color" = "#cc7b19"; - "roomlist-text-secondary-color" = "#e5e5e5"; - "roomlist-highlights-color" = "#323232"; - "roomlist-separator-color" = "#4c4c4c"; - "timeline-background-color" = "#000000"; - "timeline-text-color" = "#e5e5e5"; - "timeline-text-secondary-color" = "#b2b2b2"; - "timeline-highlights-color" = "#212121"; - "reaction-row-button-selected-bg-color" = "#cc7b19"; - }; - } - ]; - }; - }; - }; - - # Matrix recaptcha keys - sops.secrets."matrix-secrets.yaml" = { - owner = "matrix-synapse"; - format = "binary"; - sopsFile = ../../secrets/matrix-community-recaptcha; - }; - - services.matrix-synapse = { - enable = true; - settings = { - server_name = config.networking.domain; - public_baseurl = "https://matrix.community.rs"; - listeners = [ - { - port = 8008; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; - enable_registration = true; - enable_registration_captcha = true; - allow_guest_access = false; - extraConfig = '' - allow_public_rooms_over_federation: true - experimental_features: { spaces_enabled: true } - auto_join_rooms: [ "#space:community.rs" , "#rust:community.rs" , "#rules:community.rs" , "#info:community.rs" ] - ''; - turn_uris = [ "turn:turn.community.rs:3478?transport=udp" "turn:turn.community.rs:3478?transport=tcp" ]; - turn_user_lifetime = "1h"; - # Configure secrets - extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ]; - }; - }; -} diff --git a/system-specific/oracles/gitea.nix b/system-specific/oracles/gitea.nix deleted file mode 100644 index b9512a3..0000000 --- a/system-specific/oracles/gitea.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # Setup gitea - services.gitea = { - enable = true; - appName = "Nathan's Git"; - database = { - type = "sqlite3"; - }; - domain = "git.mccarty.io"; - rootUrl = "https://git.mccarty.io"; - httpPort = 3001; - settings = { - ui = { - DEFAULT_THEME = "arc-green"; - }; - service = { - DISABLE_REGISTRATION = lib.mkForce true; - }; - repository = { - DEFAULT_BRANCH = "main"; - }; - }; - lfs.enable = true; - }; - # Setup the docker networking for woodpecker - systemd.services.init-woodpecker-network-and-files = { - description = "Create the network bridge woodpecker-br for filerun."; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - before = [ "docker-woodpecker-server.service" ]; - - serviceConfig.Type = "oneshot"; - script = - let dockercli = "${config.virtualisation.docker.package}/bin/docker"; - in - '' - # Put a true at the end to prevent getting non-zero return code, which will - # crash the whole service. - check=$(${dockercli} network ls | grep "woodpecker-br" || true) - if [ -z "$check" ]; then - ${dockercli} network create woodpecker-br - else - echo "woodpecker-br already exists in docker" - fi - ''; - }; - # Setup woodpecker - virtualisation.oci-containers.containers = { - woodpecker-server = { - image = "woodpeckerci/woodpecker-server:latest"; - ports = [ "8000:8000" ]; - volumes = [ "woodpecker-server-data:/var/lib/drone" ]; - environment = { - WOODPECKER_OPEN = "true"; - WOODPECKER_GITEA = "true"; - WOODPECKER_HOST = "https://ci.mccarty.io"; - WOODPECKER_GITEA_URL = "https://git.mccarty.io"; - WOODPECKER_LIMIT_CPU_QUOTA = "400000"; - WOODPECKER_LIMIT_MEM = "2147483648"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-server" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - woodpecker-agent = { - image = "woodpeckerci/woodpecker-agent:latest"; - dependsOn = [ "woodpecker-server" ]; - volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - environment = { - WOODPECKER_SERVER = "woodpecker-server:9000"; - WOODPECKER_MAX_PROCS = "2"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-agent" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - }; - - - services.nginx = { - virtualHosts."git.mccarty.io" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:3001"; - }; - virtualHosts."ci.mccarty.io" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:8000"; - }; - }; -} diff --git a/system-specific/oracles/gitlab-runner.nix b/system-specific/oracles/gitlab-runner.nix deleted file mode 100644 index 1a5a5bf..0000000 --- a/system-specific/oracles/gitlab-runner.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # setup sops for secrets - sops.secrets."nix-asuran" = { - format = "yaml"; - sopsFile = ../../secrets/gitlab-runner.yaml; - }; - # Make sure docker containers can reach the network - boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 - # Make sure docker is enabled - virtualisation.docker.enable = true; - # Enable binfmt-misc so we can run aarch64 containers - boot.binfmt.emulatedSystems = [ "wasm32-wasi" "aarch64-linux" ]; - services.gitlab-runner = - let - nix-shared = with lib; { - dockerImage = "nixpkgs/nix-flakes"; - dockerVolumes = [ - "/var/sharedstore:/sharedstore" - ]; - dockerDisableCache = true; - dockerPrivileged = true; - }; - in - { - enable = true; - concurrent = 4; - checkInterval = 1; - services = { - # default-asuran = { - # registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default"; - # dockerImage = "debian:stable"; - # dockerVolumes = [ - # "/var/run/docker.sock:/var/run/docker.sock" - # ]; - # dockerPrivileged = true; - # tagList = [ "linux-own" ]; - # }; - - nix-asuran = nix-shared // { - registrationConfigFile = config.sops.secrets.nix-asuran.path; - tagList = [ "nix" ]; - requestConcurrency = 8; - limit = 4; - runUntagged = true; - }; - }; - }; -} diff --git a/system-specific/oracles/matrix.nix b/system-specific/oracles/matrix.nix deleted file mode 100644 index 920747a..0000000 --- a/system-specific/oracles/matrix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ pkgs, lib, config, unstable, ... }: -{ - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'matrix-synapse'; - CREATE DATABASE "synapse" WITH OWNER "synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - - services.nginx = { - virtualHosts = { - "matrix.mccarty.io" = { - enableACME = true; - forceSSL = true; - - locations."/".extraConfig = '' - rewrite ^(.*)$ http://element.mccarty.io$1 redirect; - ''; - - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - locations."/_synapse" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - }; - "element.mccarty.io" = { - enableACME = true; - forceSSL = true; - root = unstable.element-web; - }; - }; - }; - - services.matrix-synapse = { - enable = true; - settings = { - enable_registration = false; - server_name = "mccarty.io"; - listeners = [ - { - port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; - extraConfig = '' - ip_range_whitelist: - - '172.23.0.0/16' - registration_requires_token: true - ''; - database.args = { - user = "matrix-synapse"; - database = "synapse"; - }; - }; - }; -} diff --git a/system-specific/oracles/minecraft.nix b/system-specific/oracles/minecraft.nix deleted file mode 100644 index c5a688e..0000000 --- a/system-specific/oracles/minecraft.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Webserver for hosting pack - services.nginx.virtualHosts."pack.forward-progress.net" = { - enableACME = true; - forceSSL = true; - locations."/".root = "/var/www/pack.forward-progress.net"; - root = "/var/www/pack.forward-progress.net"; - }; -} diff --git a/system-specific/perception/plex.nix b/system-specific/perception/plex.nix deleted file mode 100644 index 481a3dc..0000000 --- a/system-specific/perception/plex.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, ... }: -{ - services.plex = - let - myPlexRaw = pkgs.plexRaw.overrideAttrs (x: - let - # see https://www.plex.tv/media-server-downloads/ for 64bit rpm - version = "1.26.1.5798-99a4a6ac9"; - hash = "sha256-Chu4IULIvkmfMEV0LSg50i6usZJZI3UWOgCHQakbhaY="; - in - { - name = "plex-${version}"; - src = pkgs.fetchurl { - url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; - inherit hash; - }; - } - ); - myPlex = pkgs.plex.override (x: { plexRaw = myPlexRaw; }); - in - { - enable = true; - openFirewall = true; - dataDir = "/var/lib/plex"; - user = "nathan"; - group = "users"; - package = myPlex; - }; - - services.tautulli.enable = true; -}