From a1db22226c2aa11f443232d44be9adf4bd7d6591 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Mon, 20 Jun 2022 19:30:58 -0400 Subject: [PATCH 01/80] Fix now broken network device name --- flake.lock | 7 ++++--- flake.nix | 2 +- machines/levitation.nix | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7df5753..dd3f3f6 100644 --- a/flake.lock +++ b/flake.lock @@ -62,16 +62,17 @@ ] }, "locked": { - "lastModified": 1655672044, - "narHash": "sha256-FamjZO5yOF1irDu3b95NO9Ae6/4Db0gNiXuAAWJtF9k=", + "lastModified": 1655120294, + "narHash": "sha256-e0IXVoxH3o1QbLtHxANAg2CHdVE3jZBi5ifhh+6Vpcs=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4392cba3b33ef8abc1a9c007fc58a6ce86cf0ea1", + "rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", + "rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", "type": "github" } }, diff --git a/flake.nix b/flake.nix index d9c1a6d..cce338f 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpgks.follows = "nixpkgs"; }; emacs = { - url = "github:nix-community/emacs-overlay"; + url = "github:nix-community/emacs-overlay/29dcfbc1b29ae7281e95367e0f2358b44224a46e"; inputs.nixpkgs.follows = "nixpkgs"; }; mozilla = { diff --git a/machines/levitation.nix b/machines/levitation.nix index 008340f..d543e95 100644 --- a/machines/levitation.nix +++ b/machines/levitation.nix @@ -7,8 +7,8 @@ hostName = "levitation"; domain = "mccarty.io"; useDHCP = false; - interfaces.enp5s0.useDHCP = true; - nat.externalInterface = "enp5s0"; + interfaces.enp6s0.useDHCP = true; + nat.externalInterface = "enp6s0"; }; ### ## Enable programs we don't want on every machine From f62e627c5e74a2d1a70b7dce7dcb0bddd49ee74d Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Tue, 21 Jun 2022 23:23:36 -0400 Subject: [PATCH 02/80] Add pyright (python lsp) --- applications/devel-core.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/applications/devel-core.nix b/applications/devel-core.nix index 603ca30..f25d753 100644 --- a/applications/devel-core.nix +++ b/applications/devel-core.nix @@ -25,5 +25,7 @@ sops # Just in case neovim + # For python + nodePackages.pyright ]; } From 43c78acc1558aefd67388b701d94965c48674207 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Thu, 23 Jun 2022 02:57:41 -0400 Subject: [PATCH 03/80] rewrite to be more module based --- applications/communications.nix | 96 ----- applications/devel-core-linux.nix | 10 - applications/devel-core.nix | 31 -- applications/devel-js.nix | 10 - applications/devel-kotlin.nix | 12 - applications/devel-raku.nix | 8 - applications/devel-rust.nix | 27 -- applications/emacs.nix | 28 -- applications/image-editing.nix | 16 - applications/media.nix | 163 -------- applications/syncthing.nix | 20 - applications/utils-core.nix | 56 --- common.nix | 10 - core.nix | 3 + darwin-modules/base.nix | 37 -- darwin-modules/gpg.nix | 24 -- desktop.nix | 40 -- droid.nix | 115 ----- flake.lock | 132 ++---- flake.nix | 350 ++++++---------- home-linux.nix | 80 ---- home-manager/bat.nix | 20 - home-manager/common.nix | 11 - home-manager/default.nix | 98 +++++ home-manager/fish.nix | 65 --- home-manager/git.nix | 90 ---- home-manager/machines/x86vm.nix | 12 + home-manager/programs/communications.nix | 78 ++++ home-manager/programs/core.nix | 215 ++++++++++ home-manager/programs/devel.nix | 107 +++++ home-manager/programs/emacs.nix | 44 ++ home-manager/programs/image-editing.nix | 20 + home-manager/programs/media.nix | 50 +++ {modules => home-manager/programs}/sway.nix | 172 ++++---- home-manager/programs/syncthing.nix | 12 + home-manager/ssh.nix | 61 --- home.nix | 23 - machines/levitation.nix | 122 ------ machines/matrix.nix | 102 ----- machines/oracles.nix | 101 ----- machines/perception.nix | 57 --- machines/shadowchild.nix | 83 ---- modules/audio.nix | 48 --- modules/autoupdate.nix | 13 - modules/base.nix | 14 + modules/common.nix | 18 - modules/default.nix | 137 ++++++ modules/desktop.nix | 80 ++++ modules/docker.nix | 17 - modules/fonts.nix | 14 - modules/games.nix | 26 -- modules/gpg.nix | 36 -- modules/hardware.nix | 13 + modules/lib.nix | 25 ++ modules/linux/base.nix | 34 ++ modules/logitech.nix | 7 - modules/lxc.nix | 11 - modules/printing.nix | 23 - modules/programs/games.nix | 33 ++ modules/programs/gpg.nix | 43 ++ modules/programs/utils.nix | 69 +++ modules/protonmail.nix | 9 - modules/qemu.nix | 12 - modules/services/ssh.nix | 31 ++ modules/services/tailscale.nix | 61 +++ modules/ssh.nix | 25 -- modules/swaywm.nix | 101 +++++ modules/tailscale.nix | 52 --- modules/user.nix | 44 ++ modules/virtualization.nix | 40 ++ modules/zt.nix | 8 - secrets/borg.yaml | 69 --- secrets/gitlab-runner.yaml | 66 --- secrets/lastfm.conf | 24 -- secrets/matrix-community-recaptcha | 40 -- secrets/nathan.yaml | 65 ++- secrets/tailscale.yaml | 66 --- system-specific/matrix/gitea.nix | 92 ---- system-specific/matrix/matrix.nix | 439 -------------------- system-specific/oracles/gitea.nix | 91 ---- system-specific/oracles/gitlab-runner.nix | 49 --- system-specific/oracles/matrix.nix | 69 --- system-specific/oracles/minecraft.nix | 11 - system-specific/perception/plex.nix | 31 -- 84 files changed, 1642 insertions(+), 3325 deletions(-) delete mode 100644 applications/communications.nix delete mode 100644 applications/devel-core-linux.nix delete mode 100644 applications/devel-core.nix delete mode 100644 applications/devel-js.nix delete mode 100644 applications/devel-kotlin.nix delete mode 100644 applications/devel-raku.nix delete mode 100644 applications/devel-rust.nix delete mode 100644 applications/emacs.nix delete mode 100644 applications/image-editing.nix delete mode 100644 applications/media.nix delete mode 100644 applications/syncthing.nix delete mode 100644 applications/utils-core.nix delete mode 100644 common.nix create mode 100644 core.nix delete mode 100644 darwin-modules/base.nix delete mode 100644 darwin-modules/gpg.nix delete mode 100644 desktop.nix delete mode 100644 droid.nix delete mode 100644 home-linux.nix delete mode 100644 home-manager/bat.nix delete mode 100644 home-manager/common.nix create mode 100644 home-manager/default.nix delete mode 100644 home-manager/fish.nix delete mode 100644 home-manager/git.nix create mode 100644 home-manager/machines/x86vm.nix create mode 100644 home-manager/programs/communications.nix create mode 100644 home-manager/programs/core.nix create mode 100644 home-manager/programs/devel.nix create mode 100644 home-manager/programs/emacs.nix create mode 100644 home-manager/programs/image-editing.nix create mode 100644 home-manager/programs/media.nix rename {modules => home-manager/programs}/sway.nix (58%) create mode 100644 home-manager/programs/syncthing.nix delete mode 100644 home-manager/ssh.nix delete mode 100644 home.nix delete mode 100644 machines/levitation.nix delete mode 100644 machines/matrix.nix delete mode 100644 machines/oracles.nix delete mode 100644 machines/perception.nix delete mode 100644 machines/shadowchild.nix delete mode 100644 modules/audio.nix delete mode 100644 modules/autoupdate.nix create mode 100644 modules/base.nix delete mode 100644 modules/common.nix create mode 100644 modules/default.nix create mode 100644 modules/desktop.nix delete mode 100644 modules/docker.nix delete mode 100644 modules/fonts.nix delete mode 100644 modules/games.nix delete mode 100644 modules/gpg.nix create mode 100644 modules/hardware.nix create mode 100644 modules/lib.nix create mode 100644 modules/linux/base.nix delete mode 100644 modules/logitech.nix delete mode 100644 modules/lxc.nix delete mode 100644 modules/printing.nix create mode 100644 modules/programs/games.nix create mode 100644 modules/programs/gpg.nix create mode 100644 modules/programs/utils.nix delete mode 100644 modules/protonmail.nix delete mode 100644 modules/qemu.nix create mode 100644 modules/services/ssh.nix create mode 100644 modules/services/tailscale.nix delete mode 100644 modules/ssh.nix create mode 100644 modules/swaywm.nix delete mode 100644 modules/tailscale.nix create mode 100644 modules/user.nix create mode 100644 modules/virtualization.nix delete mode 100644 modules/zt.nix delete mode 100644 secrets/borg.yaml delete mode 100644 secrets/gitlab-runner.yaml delete mode 100644 secrets/lastfm.conf delete mode 100644 secrets/matrix-community-recaptcha delete mode 100644 secrets/tailscale.yaml delete mode 100644 system-specific/matrix/gitea.nix delete mode 100644 system-specific/matrix/matrix.nix delete mode 100644 system-specific/oracles/gitea.nix delete mode 100644 system-specific/oracles/gitlab-runner.nix delete mode 100644 system-specific/oracles/matrix.nix delete mode 100644 system-specific/oracles/minecraft.nix delete mode 100644 system-specific/perception/plex.nix diff --git a/applications/communications.nix b/applications/communications.nix deleted file mode 100644 index 32ad1ac..0000000 --- a/applications/communications.nix +++ /dev/null @@ -1,96 +0,0 @@ -# Communications software -{ config, pkgs, unstable, ... }: -{ - # Pull in personal overlay - # nixpkgs.overlays = [ (import ../../overlays/personal/overlay.nix) ]; - - environment.systemPackages = with pkgs; - let - enableWayland = drv: bin: drv.overrideAttrs ( - old: { - nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ]; - postFixup = (old.postFixup or "") + '' - wrapProgram $out/bin/${bin} \ - --add-flags "--enable-features=UseOzonePlatform" \ - --add-flags "--ozone-platform=wayland" - ''; - } - ); - ## Wayland workaround chromium desktop items - # Facebook messenger - fbChromeDesktopItem = pkgs.makeDesktopItem { - name = "messenger-chrome"; - desktopName = "Messenger (chrome)"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\""; - terminal = false; - }; - # Teams - teamsItem = pkgs.makeDesktopItem { - name = "teams-wayland"; - desktopName = "Teams (Wayland)"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\""; - terminal = false; - }; - # Discord - - discordWayland = pkgs.callPackage ../packages/discord/default.nix rec { - pname = "discord-electron"; - binaryName = "Discord"; - desktopName = "Discord (Wayland)"; - version = "0.0.18"; - src = fetchurl { - url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; - hash = "sha256-BBc4n6Q3xuBE13JS3gz/6EcwdOWW57NLp2saOlwOgMI="; - }; - electron = pkgs.electron_13; - }; - ## Pass wayland options to existing applications - signalWaylandItem = pkgs.makeDesktopItem { - name = "signal-desktop-wayland"; - desktopName = "Signal (Wayland)"; - exec = "${unstable.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform -ozone-platform=wayland"; - terminal = false; - icon = "signal-desktop"; - type = "Application"; - }; - zulipWayland = pkgs.makeDesktopItem { - name = "zulip-wayland"; - desktopName = "Zulip (Wayland)"; - exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland"; - terminal = false; - icon = "zulip"; - type = "Application"; - }; - in - [ - # Discord - discordWayland - unstable.betterdiscordctl - # Desktop matrix client - (enableWayland element-desktop "element-desktop") - # Desktop signal client - (enableWayland signal-desktop "signal-desktop") - # Desktop telegram client - tdesktop - # Desktop mastodon client - tootle - # zulip - unstable.zulip - zulipWayland - # Zoom (for work, sadly) - unstable.zoom-us - # Teams (also for work) - unstable.teams - # chromium - chromium - # Wayland workaround packages - fbChromeDesktopItem - teamsItem - ]; - - - # Work around for discord jank ugh - nixpkgs.config.permittedInsecurePackages = [ - "electron-13.6.9" - ]; -} diff --git a/applications/devel-core-linux.nix b/applications/devel-core-linux.nix deleted file mode 100644 index 44c2744..0000000 --- a/applications/devel-core-linux.nix +++ /dev/null @@ -1,10 +0,0 @@ -# Linux Specific Core development libraries -{ config, pkgs, unstable, ... }: -{ - environment.systemPackages = with pkgs; [ - gcc - binutils - clang - unstable.mold - ]; -} diff --git a/applications/devel-core.nix b/applications/devel-core.nix deleted file mode 100644 index f25d753..0000000 --- a/applications/devel-core.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Core development libraries -{ config, pkgs, unstable, ... }: -{ - environment.systemPackages = with pkgs; [ - # Full version of git - unstable.gitFull - # Git addons - git-secret - unstable.git-lfs - delta - # General development requirements - python3Full - cmake - libtool - gnumake - nixpkgs-fmt - # jq for interacting with JSON - jq - jc - # Viewer for deeply nested JSON - fx - # Direnv for nix-shell niceness - direnv - # Sops for secrets - sops - # Just in case - neovim - # For python - nodePackages.pyright - ]; -} diff --git a/applications/devel-js.nix b/applications/devel-js.nix deleted file mode 100644 index 193b1ff..0000000 --- a/applications/devel-js.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, unstable, pkgs, ... }: - -{ - environment.systemPackages = with unstable; [ - nodejs - yarn - nodePackages.typescript - deno - ]; -} diff --git a/applications/devel-kotlin.nix b/applications/devel-kotlin.nix deleted file mode 100644 index ce6afee..0000000 --- a/applications/devel-kotlin.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, java, unstable, ... }: - -{ - environment.systemPackages = with unstable; [ - java.packages.${system}.semeru-stable - gradle - kotlin - kotlin-native - kotlin-language-server - ktlint - ]; -} diff --git a/applications/devel-raku.nix b/applications/devel-raku.nix deleted file mode 100644 index ab98a9f..0000000 --- a/applications/devel-raku.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, unstable, ... }: - -{ - environment.systemPackages = with unstable; [ - rakudo - zef - ]; -} diff --git a/applications/devel-rust.nix b/applications/devel-rust.nix deleted file mode 100644 index 556cf06..0000000 --- a/applications/devel-rust.nix +++ /dev/null @@ -1,27 +0,0 @@ -# Utilities for developing in rust -{ config, pkgs, unstable, fenix, ... }: -{ - environment.systemPackages = with pkgs; [ - # Use rustup to get the compiler - rustup - # Install the latest rust analyzer - fenix.packages."${system}".rust-analyzer - # Sccache for faster builds - sccache - # Misc cargo utilites - cargo-binutils # Allow invoking the llvm tools included with the toolchain - cargo-edit # Command line Cargo.toml manipulation - cargo-asm # Dump the generated assembly - cargo-fuzz # front end for fuzz testing rust - cargo-license # Audit the licenses of dependencies - cargo-criterion # Benchmarking front end - cargo-audit # Check dependencies for known CVEs - cargo-bloat # Find out what's taking up space in the executable - cargo-udeps # Find unused dependencies - cargo-expand # Dump expanded macros - unstable.cargo-tarpaulin # Code coverage - cargo-play # Quickly execute code outside of a crate - # For building stuff that uses protocol buffers - protobuf - ]; -} diff --git a/applications/emacs.nix b/applications/emacs.nix deleted file mode 100644 index ec93a24..0000000 --- a/applications/emacs.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, pkgs, doomEmacs, ... }: -{ - # Install emacs - environment.systemPackages = with pkgs; [ - # For markdown rendering - python39Packages.grip - # For graph generation - graphviz - ]; - - # Utilize home-manager - home-manager.users.nathan = { - # Nixify doomEmacs - # TODO:Reenable, currently off because of ghub - imports = [ doomEmacs ]; - programs.doom-emacs = { - enable = true; - doomPrivateDir = ../doom.d; - emacsPackage = pkgs.emacsPgtkNativeComp; - }; - # Startup service - services.emacs = { - enable = pkgs.stdenv.isLinux; - client.enable = true; - defaultEditor = true; - }; - }; -} diff --git a/applications/image-editing.nix b/applications/image-editing.nix deleted file mode 100644 index 9ca5da8..0000000 --- a/applications/image-editing.nix +++ /dev/null @@ -1,16 +0,0 @@ -# Image editing applications -{ config, pkgs, unstable, ... }: -{ - environment.systemPackages = with pkgs; [ - # RawTherapee for raw editing - unstable.rawtherapee - # Gimp for complex editing - unstable.gimp-with-plugins - # Krita for drawing - unstable.krita - # Pinta for basic image editing - unstable.pinta - # Command line tools for image conversion and handling - imagemagickBig - ]; -} diff --git a/applications/media.nix b/applications/media.nix deleted file mode 100644 index bc2679f..0000000 --- a/applications/media.nix +++ /dev/null @@ -1,163 +0,0 @@ -# Media players and other applications -{ config, pkgs, lib, unstable, ... }: -let - mopidyEnv = pkgs.buildEnv { - name = "mopidy-daemon-environment"; - paths = with pkgs; [ - mopidy-mpd - mopidy-iris - mopidy-scrobbler - mopidy-local - ]; - pathsToLink = [ "/${pkgs.mopidyPackages.python.sitePackages}" ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - makeWrapper ${pkgs.mopidy}/bin/mopidy $out/bin/mopidy \ - --prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages} - ''; - }; - mopidyConf = pkgs.writeText "mopidy.conf" - '' - [core] - #cache_dir = $XDG_CACHE_DIR/mopidy - #config_dir = $XDG_CONFIG_DIR/mopidy - #data_dir = $XDG_DATA_DIR/mopidy - #max_tracklist_length = 10000 - #restore_state = false - - [logging] - #verbosity = 0 - #format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n %(message)s - #color = true - #config_file = - - [audio] - #mixer = software - #mixer_volume = - #output = autoaudiosink - #buffer_time = - - [proxy] - #scheme = - #hostname = - #port = - #username = - #password = - - [file] - enabled = true - media_dirs = - ~/Music - # $XDG_MUSIC_DIR|Music - #excluded_file_extensions = - # .directory - # .html - # .jpeg - # .jpg - # .log - # .nfo - # .pdf - # .png - # .txt - # .zip - #show_dotfiles = false - #follow_symlinks = false - #metadata_timeout = 1000 - - [local] - media_dir = /home/nathan/Music - - [http] - #enabled = true - #hostname = 127.0.0.1 - #port = 6680 - #zeroconf = Mopidy HTTP server on $hostname - #allowed_origins = - #csrf_protection = true - #default_app = mopidy - - [m3u] - #enabled = true - #base_dir = $XDG_MUSIC_DIR - #default_encoding = latin-1 - #default_extension = .m3u8 - #playlists_dir = - - [softwaremixer] - #enabled = true - - [stream] - #enabled = true - #protocols = - # http - # https - # mms - # rtmp - # rtmps - # rtsp - #metadata_blacklist = - #timeout = 5000 - - [mpd] - enabled = true - ''; -in -{ - environment.systemPackages = - let - ## Wrapper around iris - irisDesktopItem = pkgs.makeDesktopItem { - name = "iris"; - desktopName = "Iris"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"http://localhost:6680/iris/\""; - terminal = false; - }; - in - with pkgs; [ - # Spotify - spotify - # Latest version of vlc - unstable.vlc - # Plex client - plex-media-player - # OBS studio for screen recording - unstable.obs-studio - # Soulseek client - nicotine-plus - # Mopidy + extensions - mopidyEnv - # Iris desktop client - irisDesktopItem - # Picard for sorting - unstable.picard - ]; - - # Start mopidy as a user service, for sanity - systemd.user.services.mopidy = { - description = "Mopidy music server"; - wantedBy = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = "${mopidyEnv}/bin/mopidy --config ${lib.concatStringsSep ":" [mopidyConf config.sops.secrets.lastfm-conf.path]}"; - }; - wants = [ "rclone-music.service" ]; - enable = true; - }; - # Load up lastfm scrobbling secret - sops.secrets.lastfm-conf = { - owner = "nathan"; - format = "binary"; - sopsFile = ../secrets/lastfm.conf; - }; - - # Same for the scanning service - systemd.user.services.mopidy-scan = { - description = "Mopidy files local scanner"; - serviceConfig = { - ExecStart = "${mopidyEnv}/bin/mopidy local scan"; - Type = "oneshot"; - }; - wants = [ "rclone-music.service" ]; - }; - -} diff --git a/applications/syncthing.nix b/applications/syncthing.nix deleted file mode 100644 index 18a385a..0000000 --- a/applications/syncthing.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, pkgs, unstable, ... }: -{ - # Install synthing and syncthing-tray - environment.systemPackages = with pkgs; [ - syncthing - unstable.syncthingtray - ]; - # Home manager configuration - home-manager.users.nathan = { - # Enable the service for both syncthing and the tray - services.syncthing = { - enable = true; - tray = { - enable = true; - package = unstable.syncthingtray; - command = "syncthingtray --wait"; - }; - }; - }; -} diff --git a/applications/utils-core.nix b/applications/utils-core.nix deleted file mode 100644 index d1c6fed..0000000 --- a/applications/utils-core.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Basic, must have, command-line utilities -{ config, pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ - # Basic command line utilities - wget - tmux - nano - unzip - any-nix-shell - htop - # Spell check - hunspell - hunspellDicts.en-us - # Rust rewrites of common shell utilities - starship - exa - bat - fd - sd - du-dust - ripgrep - ripgrep-all - tokei - hyperfine - bottom - dogdns - duf - # CLI Markdown renderer - glow - # Command line file manager - broot - # Much better curl - httpie - # CLI spreadsheets - visidata - # User friendly cut - choose - # Cheatsheet manager - cheat - # Ping with a graph - gping - # Man but terse - tealdeer - # Pandoc for documentation - pandoc - # For nslookup - dnsutils - # Feh image viewer - feh - # Mosh for better high-latency ssh - mosh - # PV for viewing pipes - pv - ]; -} diff --git a/common.nix b/common.nix deleted file mode 100644 index 6736933..0000000 --- a/common.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./ssh.nix - ./fish.nix - ./git.nix - ]; - programs.home-manager.enable = true; -} diff --git a/core.nix b/core.nix new file mode 100644 index 0000000..88d8a3b --- /dev/null +++ b/core.nix @@ -0,0 +1,3 @@ +{ config, lib, pkgs, ... }: + +{ } diff --git a/darwin-modules/base.nix b/darwin-modules/base.nix deleted file mode 100644 index 8ce0415..0000000 --- a/darwin-modules/base.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, ... }: - -{ - # List packages installed in system profile. To search by name, run: - # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; - [ - openssh - coreutils-full - ]; - - # Use a custom configuration.nix location. - # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix - # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - - # Auto upgrade nix package and the daemon service. - services.nix-daemon.enable = true; - - # Create /etc/bashrc that loads the nix-darwin environment. - programs.zsh.enable = true; # default shell on catalina - programs.fish.enable = true; - # Give nix packages higher priority than system packages in fish - programs.fish.shellInit = '' - for p in /run/current-system/sw/bin - if not contains $p $fish_user_paths - set -g fish_user_paths $p $fish_user_paths - end - end - ''; - - # Make nix managed fonts work on macos - fonts.fontDir.enable = true; - - # Used for backwards compatibility, please read the changelog before changing. - # $ darwin-rebuild changelog - system.stateVersion = 4; -} diff --git a/darwin-modules/gpg.nix b/darwin-modules/gpg.nix deleted file mode 100644 index 49e279e..0000000 --- a/darwin-modules/gpg.nix +++ /dev/null @@ -1,24 +0,0 @@ -# Configure gpg with yubikey support -{ config, pkgs, ... }: -{ - # Setup environment for gpg agent - environment.shellInit = '' - export GPG_TTY="$(tty)" - gpg-connect-agent /bye - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - ''; - - programs = { - # Enable gpg-agent with ssh support - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - }; - - # install gnupg and yubikey personalization - environment.systemPackages = with pkgs; [ - gnupg - yubikey-personalization - ]; -} diff --git a/desktop.nix b/desktop.nix deleted file mode 100644 index 9e48ab2..0000000 --- a/desktop.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, lib, unstable, ... }: { - ## Boot, drivers, and host name - # Use grub - boot.loader = { - grub = { - enable = true; - version = 2; - efiSupport = true; - # Go efi only - device = "nodev"; - # Use os-prober - useOSProber = true; - }; - efi = { - efiSysMountPoint = "/boot/"; - canTouchEfiVariables = true; - }; - }; - # Enable AMD gpu drivers early - boot.initrd.kernelModules = [ "amdgpu" ]; - # Use the zen kernel with muqss turned on - boot.kernelPackages = - let - linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override { - structuredExtraConfig = with lib.kernel; { - SCHED_MUQSS = yes; - }; - ignoreConfigErrors = true; - } - ); - in - linuxZenWMuQSS; - ## Left over uncategorized packages - environment.systemPackages = with pkgs; [ - unstable.firefox-beta-bin - wally-cli - ]; - # Enable ergodox udev rules - hardware.keyboard.zsa.enable = true; -} diff --git a/droid.nix b/droid.nix deleted file mode 100644 index d424c31..0000000 --- a/droid.nix +++ /dev/null @@ -1,115 +0,0 @@ -{ config, lib, pkgs, unstable, fenix, ... }: - -{ - system.stateVersion = "21.11"; - - environment.sessionVariables = { - XDG_RUNTIME_DIR = "/data/data/com.termux.nix/files/home/run"; - GDK_DPI_SCALE = "2"; - GDK_SCALE = "2"; - }; - - # Get home-manager up and running - home-manager.config = ./home-manager/common.nix; - - # Have to put packages here, as it does not have environment.systemPackages - environment.packages = with pkgs; - [ - ### - ## utils-core - ### - # Basic command line utilities - wget - tmux - nano - unzip - any-nix-shell - htop - # Spell check - hunspell - hunspellDicts.en-us - # Rust rewrites of common shell utilities - starship - exa - bat - fd - sd - du-dust - ripgrep - ripgrep-all - tokei - hyperfine - unstable.bottom - dogdns - duf - # CLI Markdown renderer - glow - # Command line file manager - broot - # Much better curl - unstable.httpie - # CLI spreadsheets - visidata - # User friendly cut - choose - # Cheatsheet manager - cheat - # Ping with a graph - gping - # Man but terse - tealdeer - # Pandoc for documentation - unstable.pandoc - # For nslookup - dnsutils - # Feh image viewer - feh - # Mosh for better high-latency ssh - mosh - ### - ## devel-core - ### - # Full version of git - git - # Git addons - git-secret - git-lfs - delta - # General development requirements - python3Full - cmake - libtool - gnumake - nixpkgs-fmt - # jq for interacting with JSON - jq - jc - # Viewer for deeply nested JSON - fx - # Direnv for nix-shell niceness - direnv - ### - ## devel-rust - ### - # Use rustup to get the compiler - rustup - # Install the latest rust analyzer - fenix.rust-analyzer - # Sccache for faster builds - # sccache - # Misc cargo utilites - cargo-binutils # Allow invoking the llvm tools included with the toolchain - cargo-edit # Command line Cargo.toml manipulation - cargo-asm # Dump the generated assembly - cargo-fuzz # front end for fuzz testing rust - cargo-license # Audit the licenses of dependencies - cargo-criterion # Benchmarking front end - cargo-audit # Check dependencies for known CVEs - cargo-bloat # Find out what's taking up space in the executable - cargo-udeps # Find unused dependencies - cargo-expand # Dump expanded macros - cargo-play # Quickly execute code outside of a crate - # For building stuff that uses protocol buffers - protobuf - ]; -} diff --git a/flake.lock b/flake.lock index dd3f3f6..0aabb61 100644 --- a/flake.lock +++ b/flake.lock @@ -62,17 +62,16 @@ ] }, "locked": { - "lastModified": 1655120294, - "narHash": "sha256-e0IXVoxH3o1QbLtHxANAg2CHdVE3jZBi5ifhh+6Vpcs=", + "lastModified": 1656648158, + "narHash": "sha256-e4tPuEW8Uj8PEVAYNzr3DPqxY5mGEvnCNyDih8RPP5c=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", + "rev": "2724625945ddeaeffd94ca56e11b75b98b8bba8b", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", - "rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", "type": "github" } }, @@ -162,11 +161,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1655619932, - "narHash": "sha256-/7L0/ymVXGL0FrQNLAP2P1Ch22RR0kt0N6jfdjm+WVc=", + "lastModified": 1656656878, + "narHash": "sha256-0rA054abuLVzv24nrk4rVWQIDl20T+570UZglPhXgzg=", "owner": "nix-community", "repo": "fenix", - "rev": "55987185def5cf3afc616d38907406293a170cfe", + "rev": "e172d625f705ca4013f93d3fe061d3ecf1fc3a34", "type": "github" }, "original": { @@ -191,29 +190,13 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -256,20 +239,17 @@ }, "home-manager": { "inputs": { - "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" ], - "nmd": "nmd", - "nmt": "nmt", "utils": "utils" }, "locked": { - "lastModified": 1655679417, - "narHash": "sha256-rUM/VDIQAMm0pLAVBizQoR9I8TELRmak7SsJLaO/NBg=", + "lastModified": 1656367977, + "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d8265c5efd5e4d3ad8a90686bc81d49353fdb08", + "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1", "type": "github" }, "original": { @@ -286,11 +266,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1655182547, - "narHash": "sha256-gmkb6l13CVKtlRydDJ9O3sifKtamKLgLdUaEASdQ6Ls=", + "lastModified": 1656122108, + "narHash": "sha256-wJrVZLqvBhq+u2Mi3yc4oS8pOtzdxL6uMmmSt+1bNHE=", "owner": "nathans-flakes", "repo": "java", - "rev": "8e53bfead6195e4440aef47b2f08b0e7f89b1d4d", + "rev": "4ade2ae9e949b184ba2d47495ec348f385ab0300", "type": "github" }, "original": { @@ -390,11 +370,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1655400192, - "narHash": "sha256-49OBVVRgb9H/PSmNT9W61+NRdDbuSJVuDDflwXlaUKU=", + "lastModified": 1656461576, + "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3d7435c638baffaa826b85459df0fff47f12317d", + "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", "type": "github" }, "original": { @@ -406,11 +386,11 @@ }, "nixpkgs-21_11": { "locked": { - "lastModified": 1655562720, - "narHash": "sha256-OrN8DkBRZqZMzMuECuQNvSQ5gWoFBCxDvxYXjIQ/pH0=", + "lastModified": 1656198488, + "narHash": "sha256-xe81o3Kin6a0jXA3mTxcR+jeA1jLKw3TCar5LUo/B5c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27dffce7eaa9648b4a13a461e786f169a17c0889", + "rev": "46af3303651699dc58cfc251d9b18c0f59d857da", "type": "github" }, "original": { @@ -422,11 +402,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1655584987, - "narHash": "sha256-YmWxPm6ctu+9nV80DtYtMfOBosNymeTpj8+Z0JTDfhU=", + "lastModified": 1656199498, + "narHash": "sha256-/BCpM7j7y1G4het6Z3idlnv9A87/s0O1glVmH7fnWvk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "57622cb817210146b379adbbd036d3da0d1f367c", + "rev": "72a1f167077060a1a7b6e0104863245d0483fa7f", "type": "github" }, "original": { @@ -438,11 +418,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1655567057, - "narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=", + "lastModified": 1656461576, + "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e0a42267f73ea52adc061a64650fddc59906fc99", + "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c", "type": "github" }, "original": { @@ -454,11 +434,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1655456688, - "narHash": "sha256-j2trI5gv2fnHdfUQFBy957avCPxxzCqE8R+TOYHPSRE=", + "lastModified": 1656589841, + "narHash": "sha256-Kqd6r9aNIzjYGhMFYATdKwRbXBCGLcdqAJMLr4I8LG0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d17a56d90ecbd1b8fc908d49598fb854ef188461", + "rev": "dbb62c34bbb5cdf05f1aeab07638b24b0824d605", "type": "github" }, "original": { @@ -468,38 +448,6 @@ "type": "github" } }, - "nmd": { - "flake": false, - "locked": { - "lastModified": 1653339422, - "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", - "owner": "rycee", - "repo": "nmd", - "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmt": { - "flake": false, - "locked": { - "lastModified": 1648075362, - "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", - "owner": "rycee", - "repo": "nmt", - "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmt", - "type": "gitlab" - } - }, "nose": { "flake": false, "locked": { @@ -598,18 +546,18 @@ }, "polymc": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "libnbtplusplus": "libnbtplusplus", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1655285534, - "narHash": "sha256-g1WTrnRD1YtI2aCVUqatg7NlhmLJ7jIA4p0ke9Zpvx0=", + "lastModified": 1656582643, + "narHash": "sha256-TC7tkdgpvConambYP1yoVjxxixZkMhkrdfHDKMKIyKE=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "03e454b71d83aebbb534c5734ccd9093842da28c", + "rev": "286f82cc99322398d720f2bbf88869c42960227d", "type": "github" }, "original": { @@ -668,11 +616,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1655591884, - "narHash": "sha256-eBjsdPC5vudbUv4/i7AAggrrTATnCTzMfQetCiJndaQ=", + "lastModified": 1656601302, + "narHash": "sha256-8vlDMdGmccsFkDTM5O3RGRTZIGBEVIDjnXpxWGoVIQc=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "eb9b36075272013984ac5d27128e87a714b90c9a", + "rev": "ce36446943a33b01de50ca27d8d17e176af13cd5", "type": "github" }, "original": { @@ -691,11 +639,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1655665732, - "narHash": "sha256-Fe+evSlGbMOMNSI9dECLDJx6L3ZvYFxosfaDnaPwSK8=", + "lastModified": 1656399028, + "narHash": "sha256-re66+rVHGR3y+0QsaDAwoAHCfoi3BlGV24t2EqRZsAE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67af9b179c629dea211ebd83f92c77f5745043be", + "rev": "d26947f2d6252e2aae5ffddfe9b38b7c4b94e8f9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index cce338f..51bab65 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpgks.follows = "nixpkgs"; }; emacs = { - url = "github:nix-community/emacs-overlay/29dcfbc1b29ae7281e95367e0f2358b44224a46e"; + url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; mozilla = { @@ -56,245 +56,131 @@ , polymc , nix-doom-emacs , java - }@attrs: + }@inputs: let - baseModules = [ - ./applications/utils-core.nix - ## Setup binary caches and other common nix config - ({ pkgs, ... }: { - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # First install cachix, so we can discover new ones - environment.systemPackages = [ pkgs.cachix ]; - # Then configure up the nix community cache - nix = { - binaryCaches = [ - "https://nix-community.cachix.org" - ]; - binaryCachePublicKeys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - # Turn on flakes support (from within a flake, lamo) - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - # Setup overlays - nixpkgs.overlays = [ emacs.overlay polymc.overlay ]; - }) - ]; - sopsModules = [ - sops-nix.nixosModules.sops - ## Setup sops - ({ pkgs, config, ... }: { - # Add default secrets - sops.defaultSopsFile = ./secrets/nathan.yaml; - # Use system ssh key as an age key - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - }) - ]; - coreModules = baseModules ++ sopsModules ++ [ - ./modules/common.nix - ./modules/ssh.nix - home-manager.nixosModules.home-manager - # Configure system state version for linux - ({ pkgs, ... }: { - # System state version for compat - system.stateVersion = "21.11"; - }) - ]; - setHomeManagerVersions = ({ pkgs, config, unstable, ... }: { - home-manager.users.nathan.programs = { - starship.package = unstable.starship; - git.package = unstable.gitFull; - fish.package = unstable.fish; + makeNixosSystem = { system, hostName, extraModules ? [ ], ourNixpkgs ? nixpkgs }: ourNixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inputs = inputs; }; - }); - baseHomeModules = [ - { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - users.nathan = import ./home-manager/common.nix; - }; - } - setHomeManagerVersions - ./home.nix - ]; - desktopModules = baseHomeModules ++ coreModules ++ [ - ./modules/audio.nix - ./modules/sway.nix - ./modules/fonts.nix - ./modules/gpg.nix - ./modules/logitech.nix - ./modules/qemu.nix - ./modules/docker.nix - ./modules/printing.nix - ./modules/zt.nix - ./modules/lxc.nix - ./modules/tailscale.nix - ./modules/protonmail.nix - ./applications/communications.nix - ./applications/devel-core.nix - ./applications/devel-core-linux.nix - ./applications/devel-rust.nix - ./applications/devel-raku.nix - ./applications/devel-kotlin.nix - ./applications/devel-js.nix - ./applications/emacs.nix - ./applications/image-editing.nix - ./applications/media.nix - ./applications/syncthing.nix - ./desktop.nix - ]; - serverModules = baseHomeModules ++ coreModules ++ [ - ./home-linux.nix - ./modules/zt.nix - ./modules/autoupdate.nix - ./modules/tailscale.nix - ./applications/devel-core.nix - ./applications/devel-core-linux.nix - ]; - mozillaOverlay = import "${mozilla}"; - in - { - nixosConfigurations = { - levitation = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ mozillaOverlay ]; - system = "x86_64-linux"; + modules = [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + ./modules/default.nix + ({ pkgs, lib, ... }: { + # Configure hostname + networking = { + hostName = hostName; }; - doomEmacs = nix-doom-emacs.hmModule; - } // attrs; - modules = [ - ./hardware/levitation.nix - ./machines/levitation.nix - ./modules/games.nix - ./home-linux.nix - ] ++ desktopModules; - }; - - oracles = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; + # Setup sops + # Add default secrets + sops = { + defaultSopsFile = ./secrets/nathan.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; - } // attrs; - modules = [ - ./hardware/oracles.nix - ./machines/oracles.nix - ./applications/devel-rust.nix - ./modules/docker.nix - ./system-specific/oracles/matrix.nix - ./system-specific/oracles/gitlab-runner.nix - ./system-specific/oracles/gitea.nix - ./system-specific/oracles/minecraft.nix - ] ++ serverModules; - }; - - perception = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfreePredicate = (pkg: true); + # Home manager configuration + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + extraSpecialArgs = { + inputs = inputs; + }; + sharedModules = [ + ./home-manager/default.nix + ]; }; - } // attrs; - modules = [ - ./hardware/perception.nix - ./machines/perception.nix - ./applications/devel-rust.nix - ./modules/docker.nix - ./system-specific/perception/plex.nix - ] ++ serverModules; - }; - - shadowchild = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; - }; - } // attrs; - modules = [ - ./hardware/shadowchild.nix - ./machines/shadowchild.nix - ./modules/docker.nix - ] ++ serverModules; - }; - - matrix = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; - }; - } // attrs; - modules = [ - ./hardware/matrix.nix - ./machines/matrix.nix - ./modules/docker.nix - ./system-specific/matrix/matrix.nix - ./system-specific/matrix/gitea.nix - ] ++ serverModules; - }; - - x86vm = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-linux"; - }; - } // attrs; - modules = [ ./home-linux.nix ] ++ desktopModules; - }; + }) + ] ++ extraModules; }; - darwinConfigurations = { - "Nathans-MacBook-Pro" = darwin.lib.darwinSystem { - system = "x86_64-darwin"; - specialArgs = { - unstable = import nixpkgs-unstable { - config = { allowUnfree = true; }; - overlays = [ ]; - system = "x86_64-darwin"; - }; - doomEmacs = nix-doom-emacs.hmModule; - } // attrs; - modules = baseModules ++ baseHomeModules ++ [ - ./darwin-modules/base.nix - home-manager.darwinModules.home-manager - ./modules/fonts.nix - ./darwin-modules/gpg.nix - ./applications/devel-core.nix - ./applications/devel-rust.nix - ./applications/emacs.nix + in + rec { + nixosConfigurations = { + levitation = makeNixosSystem { + system = "x86_64-linux"; + hostName = "levitation"; + extraModules = [ + ./hardware/levitation.nix + ({ pkgs, config, lib, ... }: { + boot.loader = { + grub = { + enable = true; + version = 2; + efiSupport = true; + # Go efi only + devices = [ "nodev" ]; + # Use os-prober + useOSProber = true; + }; + efi = { + efiSysMountPoint = "/boot/"; + canTouchEfiVariables = false; + }; + }; + # Setup system configuration + nathan = { + programs = { + games = true; + }; + config = { + isDesktop = true; + nix.autoUpdate = false; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.enp6s0.useDHCP = true; + nat.externalInterface = "enp6s0"; + # Open ports for soulseek + # TODO add in soulseek + firewall = { + allowedTCPPorts = [ 61377 ]; + allowedUDPPorts = [ 61377 ]; + }; + }; + # FIXME borg backup module + + # Setup home manager + home-manager.users.nathan = { config, lib, pkgs, ... }: { + # Module configuration + nathan = { + config = { + isDesktop = true; + }; + }; + }; + }) + ]; + }; + + x86vm = makeNixosSystem { + system = "x86_64-linux"; + hostName = "x86vm"; + extraModules = [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" + ({ pkgs, config, lib, ... }: { + nathan = { + programs = { + games = true; + }; + config = { + isDesktop = true; + nix.autoUpdate = false; + }; + }; + home-manager.users.nathan = import ./home-manager/machines/x86vm.nix; + + # Workaround to get sway working in qemu + environment.variables = { + "WLR_RENDERER" = "pixman"; + }; + }) ]; }; }; - homeConfigurations.linux = - let - system = "x86_64-linux"; - in - home-manager.lib.homeManagerConfiguration { - configuration = import ./home-manager/linux.nix; - inherit system; - username = "nathan"; - homeDirectory = "/home/nathan"; - stateVersion = "21.11"; - }; }; } diff --git a/home-linux.nix b/home-linux.nix deleted file mode 100644 index 3239a4c..0000000 --- a/home-linux.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ pkgs, config, unstable, ... }: -{ - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - ## Linux specific user configuration - users = { - mutableUsers = false; - users.nathan = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; - hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; - openssh.authorizedKeys.keys = [ - # yubikey ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" - # Macbook pro key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" - # Phone key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" - # Tablet key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" - ]; - }; - }; - # enable sudo - security.sudo.enable = true; - home-manager = { - users.nathan = { - # Alacritty configuration - programs.alacritty = { - enable = true; - settings = { - env = { - TERM = "xterm-256color"; - ALACRITTY = "1"; - }; - font = { - normal.family = "FiraCode Nerd Font"; - bold.family = "FiraCode Nerd Font"; - italic.family = "FiraCode Nerd Font"; - bold_italic.family = "FiraCode Nerd Font"; - size = 9.0; - }; - colors = { - primary = { - background = "0x103c48"; - foreground = "0xadbcbc"; - }; - normal = { - black = "0x184956"; - red = "0xfa5750"; - green = "0x75b938"; - yellow = "0xdbb32d"; - blue = "0x4695f7"; - magenta = "0xf275be"; - cyan = "0x41c7b9"; - white = "0x72898f"; - }; - bright = { - black = "0x2d5b69"; - red = "0xff665c"; - green = "0x84c747"; - yellow = "0xebc13d"; - blue = "0x58a3ff"; - magenta = "0xff84cd"; - cyan = "0x53d6c7"; - white = "0xcad8d9"; - }; - }; - }; - }; - ## Multimedia - # Easyeffects for the eq - services.easyeffects.enable = true; - }; - }; -} diff --git a/home-manager/bat.nix b/home-manager/bat.nix deleted file mode 100644 index 30e99c2..0000000 --- a/home-manager/bat.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - options.nathans-home.bat = with lib; { - enable = mkOption { - type = types.bool; - default = true; - }; - }; - config = lib.mkIf config.nathans-home.bat.enable { - programs.bat = { - enable = true; - config = { - theme = "zenburn"; - style = "header,rule,snip,changes"; - }; - }; - }; -} diff --git a/home-manager/common.nix b/home-manager/common.nix deleted file mode 100644 index f1b0f37..0000000 --- a/home-manager/common.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./ssh.nix - ./git.nix - ./fish.nix - ./bat.nix - ]; - programs.home-manager.enable = true; -} diff --git a/home-manager/default.nix b/home-manager/default.nix new file mode 100644 index 0000000..6500764 --- /dev/null +++ b/home-manager/default.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, inputs, ... }: +let + inherit (import ../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in +with lib; with nLib; { + imports = [ + ./programs/sway.nix + ./programs/core.nix + ./programs/communications.nix + ./programs/devel.nix + ./programs/emacs.nix + ./programs/image-editing.nix + ./programs/media.nix + ./programs/syncthing.nix + ]; + + options = { + nathan = { + # Services + services = { + # Synthing, enabled by default on linux desktop + syncthing = mkDefaultOption "Syncthing" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # Programs + programs = { + util = { + # Ssh configuration, enabled by default + ssh = mkEnableOptionT "ssh"; + # Fish configuration, enabled by default + fish = mkEnableOptionT "fish"; + # Git configuration, enabled by default + git = { + enable = mkEnableOptionT "git"; + gpgSign = mkEnableOptionT "git signatures"; + }; + # Bat configuration, enabled by default + bat = mkEnableOptionT "bat"; + # JSON Utilities, enabled by default + json = mkEnableOptionT "json"; + }; + # Swaywm and supoorting application configuration + swaywm = { + enable = mkDefaultOption "swaywm" config.nathan.config.isDesktop; + }; + # Communications applications + communications = { + # Enable by default if we are on a linux desktop + enable = mkDefaultOption "Communication applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # Development applications, enabled by default on desktop + devel = { + core = mkDefaultOption "Core Development Utilites" config.nathan.config.isDesktop; + rust = mkDefaultOption "Rust Development Utilites" config.nathan.config.isDesktop; + jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop; + python = mkDefaultOption "Python Development Utilites" config.nathan.config.isDesktop; + js = mkDefaultOption "JavaScript/TypeScript Development Utilites" config.nathan.config.isDesktop; + raku = mkDefaultOption "Raku Development Utilites" config.nathan.config.isDesktop; + }; + # Emacs, enabled by default on desktop + emacs = { + enable = mkDefaultOption "Emacs" config.nathan.config.isDesktop; + service = mkDefaultOption "Emacs Service" config.nathan.config.isDesktop; + package = mkOption { + description = "Emacs package to use"; + default = inputs.emacs.packages."${pkgs.system}".emacsPgtkNativeComp; + }; + }; + # Image editing software, on by default on desktop + image-editing = mkDefaultOption "Image Editing Software" config.nathan.config.isDesktop; + # Media appilcations, on by default on linux desktop + media = { + enable = mkDefaultOption "Media Applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + mopidyExtraConfig = mkOption { + description = "Extra config files for mopidy"; + default = [ ]; + }; + }; + # Firefox, enabled by default on linux desktop + firefox = mkDefaultOption "Firefox" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # General configuration options + config = { + # Is this system a desktop? + # false by default + isDesktop = mkEnableOption "Desktop specific settings"; + }; + }; + }; + + config = { + home.stateVersion = "22.05"; + programs.home-manager.enable = true; + programs.firefox = { + enable = config.nathan.programs.firefox; + package = pkgs.firefox-beta-bin; + }; + }; +} diff --git a/home-manager/fish.nix b/home-manager/fish.nix deleted file mode 100644 index b7126ea..0000000 --- a/home-manager/fish.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - options.nathans-home.fish = with lib; { - enable = mkOption { - type = types.bool; - default = true; - }; - }; - config = lib.mkIf config.nathans-home.fish.enable { - ## Shell - # Shell proper - programs.fish = { - enable = true; - # Setup our aliases - shellAliases = { - ls = "exa --icons"; - la = "exa --icons -a"; - lg = "exa --icons --git"; - cat = "bat"; - dig = "dog"; - df = "duf"; - }; - # Custom configuration - interactiveShellInit = '' - # Setup any-nix-shell - any-nix-shell fish --info-right | source - # Load logger function - source ~/.config/fish/functions/cmdlogger.fish - ''; - functions = { - # Setup command logging to ~/.logs - cmdlogger = { - onEvent = "fish_preexec"; - body = '' - mkdir -p ~/.logs - echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log - ''; - }; - }; - }; - # Starship, for the prompt - programs.starship = { - enable = true; - settings = { - directory = { - truncation_length = 3; - fish_style_pwd_dir_length = 1; - }; - git_commit = { - commit_hash_length = 6; - only_detached = false; - }; - package = { - symbol = ""; - }; - time = { - disabled = false; - format = "[$time]($style)"; - time_format = "%I:%M %p"; - }; - }; - }; - }; -} diff --git a/home-manager/git.nix b/home-manager/git.nix deleted file mode 100644 index 1d6d767..0000000 --- a/home-manager/git.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Git configuration - programs.git = { - enable = true; - userName = "Nathan McCarty"; - userEmail = "nathan@mccarty.io"; - signing = { - key = "B7A40A5D78C08885"; - signByDefault = pkgs.stdenv.isx86_64; - }; - ignores = [ - "**/*~" - "*~" - "*_archive" - "/auto/" - "auto-save-list" - ".cask/" - ".dir-locals.el" - "dist/" - "**/.DS_Store" - "*.elc" - "/elpa/" - "/.emacs.desktop" - "/.emacs.desktop.lock" - "/eshell/history" - "/eshell/lastdir" - "flycheck_*.el" - "*_flymake.*" - "/network-security.data" - ".org-id-locations" - ".persp" - ".projectile" - "*.rel" - "/server/" - "tramp" - "\\#*\\#" - ]; - delta.enable = true; - extraConfig = { - init = { - defaultBranch = "trunk"; - }; - log = { - showSignature = true; - abbrevCommit = true; - follow = true; - decorate = false; - }; - rerere = { - enable = true; - autoupdate = true; - }; - merge = { - ff = "only"; - conflictstyle = "diff3"; - }; - push = { - default = "simple"; - followTags = true; - }; - pull = { - rebase = true; - }; - status = { - showUntrackedFiles = "all"; - }; - transfer = { - fsckobjects = true; - }; - color = { - ui = "auto"; - }; - diff = { - mnemonicPrefix = true; - renames = true; - wordRegex = "."; - submodule = "log"; - }; - credential = { - helper = "cache"; - }; - # Disable annoying safe directory nonsense - safe = { - directory = "*"; - }; - }; - }; -} diff --git a/home-manager/machines/x86vm.nix b/home-manager/machines/x86vm.nix new file mode 100644 index 0000000..acbdcd2 --- /dev/null +++ b/home-manager/machines/x86vm.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + programs = { + util.git.gpgSign = false; + }; + config = { + isDesktop = true; + }; + }; +} diff --git a/home-manager/programs/communications.nix b/home-manager/programs/communications.nix new file mode 100644 index 0000000..55c15c0 --- /dev/null +++ b/home-manager/programs/communications.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + config = lib.mkIf config.nathan.programs.communications.enable { + home.packages = with pkgs; + let + unstable = import inputs.nixpkgs-unstable { config = { allowUnfree = true; }; inherit system; }; + enableWayland = drv: bin: drv.overrideAttrs ( + old: { + nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ]; + postFixup = (old.postFixup or "") + '' + wrapProgram $out/bin/${bin} \ + --add-flags "--enable-features=UseOzonePlatform" \ + --add-flags "--ozone-platform=wayland" + ''; + } + ); + discordWayland = pkgs.callPackage ../../packages/discord/default.nix rec { + pname = "discord-electron"; + binaryName = "Discord"; + desktopName = "Discord (Wayland)"; + version = "0.0.18"; + src = fetchurl { + url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; + hash = "sha256-BBc4n6Q3xuBE13JS3gz/6EcwdOWW57NLp2saOlwOgMI="; + }; + electron = pkgs.electron_13; + }; + zulipWayland = pkgs.makeDesktopItem { + name = "zulip-wayland"; + desktopName = "Zulip (Wayland)"; + exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland"; + terminal = false; + icon = "zulip"; + type = "Application"; + }; + # Facebook messenger + fbChromeDesktopItem = pkgs.makeDesktopItem { + name = "messenger-chrome"; + desktopName = "Messenger (chrome)"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\""; + terminal = false; + }; + # Teams + teamsItem = pkgs.makeDesktopItem { + name = "teams-wayland"; + desktopName = "Teams (Wayland)"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\""; + terminal = false; + }; + in + [ + # Discord + discordWayland + betterdiscordctl + # Desktop matrix client + (enableWayland element-desktop "element-desktop") + # Desktop signal client + (enableWayland signal-desktop "signal-desktop") + # Desktop telegram client + tdesktop + # Desktop mastodon client + tootle + # zulip + unstable.zulip + zulipWayland + # Zoom (for work, sadly) + unstable.zoom-us + # Teams (also for work) + unstable.teams + # chromium + (enableWayland chromium "chromium") + # Wayland workaround packages + fbChromeDesktopItem + teamsItem + ]; + }; +} diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix new file mode 100644 index 0000000..ec5da81 --- /dev/null +++ b/home-manager/programs/core.nix @@ -0,0 +1,215 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = { + ######################### + ## SSH Configuration + ######################### + programs.ssh = mkIf nathan.programs.util.ssh { + # SSH configuration + enable = true; + # extra config to set the ciphers + extraConfig = '' + Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + ''; + # enable session reuse + controlMaster = "auto"; + controlPersist = "10m"; + # Configure known hosts + matchBlocks = { + "levitation" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.95.223.6"; + }; + "perception" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.67.146.101"; + }; + "oracles" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.66.15.34"; + }; + "tounge" = { + forwardAgent = true; + user = "nathan"; + hostname = "172.23.98.121"; + }; + "shadowchild" = { + forwardAgent = true; + user = "nathan"; + hostname = "172.23.217.149"; + }; + "matrix.community.rs" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.113.74.107"; + }; + "de1955" = { + user = "de1955"; + hostname = "de1955.rsync.net"; + }; + }; + }; + ######################### + ## Fish Configuration + ######################### + programs.fish = mkIf nathan.programs.util.fish { + enable = true; + # Setup our aliases + shellAliases = { + ls = "exa --icons"; + la = "exa --icons -a"; + lg = "exa --icons --git"; + cat = "bat"; + dig = "dog"; + df = "duf"; + }; + # Custom configuration + interactiveShellInit = '' + # Setup any-nix-shell + any-nix-shell fish --info-right | source + # Load logger function + source ~/.config/fish/functions/cmdlogger.fish + ''; + functions = { + # Setup command logging to ~/.logs + cmdlogger = { + onEvent = "fish_preexec"; + body = '' + mkdir -p ~/.logs + echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log + ''; + }; + }; + }; + programs.starship = mkIf nathan.programs.util.fish { + enable = true; + settings = { + directory = { + truncation_length = 3; + fish_style_pwd_dir_length = 1; + }; + git_commit = { + commit_hash_length = 6; + only_detached = false; + }; + package = { + symbol = ""; + }; + time = { + disabled = false; + format = "[$time]($style)"; + time_format = "%I:l%M %p"; + }; + }; + }; + + ######################### + ## Git configuration + ######################### + programs.git = mkIf nathan.programs.util.git.enable { + enable = true; + package = pkgs.gitAndTools.gitFull; + userName = "Nathan McCarty"; + userEmail = "nathan@mccarty.io"; + signing = { + key = "B7A40A5D78C08885"; + signByDefault = nathan.programs.util.git.gpgSign; + }; + ignores = [ + "**/*~" + "*~" + "*_archive" + "/auto/" + "auto-save-list" + ".cask/" + ".dir-locals.el" + "dist/" + "**/.DS_Store" + "*.elc" + "/elpa/" + "/.emacs.desktop" + "/.emacs.desktop.lock" + "/eshell/history" + "/eshell/lastdir" + "flycheck_*.el" + "*_flymake.*" + "/network-security.data" + ".org-id-locations" + ".persp" + ".projectile" + "*.rel" + "/server/" + "tramp" + "\\#*\\#" + ]; + delta.enable = true; + lfs.enable = true; + extraConfig = { + init = { + defaultBranch = "trunk"; + }; + log = { + showSignature = true; + abbrevCommit = true; + follow = true; + decorate = false; + }; + rerere = { + enable = true; + autoupdate = true; + }; + merge = { + ff = "only"; + conflictstyle = "diff3"; + }; + push = { + default = "simple"; + followTags = true; + }; + pull = { + rebase = true; + }; + status = { + showUntrackedFiles = "all"; + }; + transfer = { + fsckobjects = true; + }; + color = { + ui = "auto"; + }; + diff = { + mnemonicPrefix = true; + renames = true; + wordRegex = "."; + submodule = "log"; + }; + credential = { + helper = "cache"; + }; + # Disable annoying safe directory nonsense + safe = { + directory = "*"; + }; + }; + }; + } // mkIf nathan.programs.util.json { + ######################### + ## JSON Utilities + ######################### + programs.jq = mkIf nathan.programs.util.json { + enable = true; + }; + home.packages = with pkgs; [ + jc + fx + ]; + }; +} diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix new file mode 100644 index 0000000..1dfcbb8 --- /dev/null +++ b/home-manager/programs/devel.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, inputs, ... }: +let + devel = config.nathan.programs.devel; + unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; + inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in + +with lib; with nLib; { + config = + # Core development utilites + (mkIf devel.core { + home.packages = with pkgs; + appendIf + pkgs.stdenv.isLinux + # General packages + [ + # Git addons + git-secret + delta + # General development requirements + cmake + libtool + gnumake + nixpkgs-fmt + # sops for secrets management + sops + ] + # Linux specific packages + [ + gcc + binutils + unstable.mold + ]; + + programs = { + direnv = { + enable = true; + }; + # Neovim + # (I'm not abonding emacs I just want the tutor) + neovim = { + enable = true; + }; + }; + }) + # Rust development + // (mkIf devel.rust { + home.packages = with pkgs; [ + # Rustup for having the compiler around + rustup + # Install the latest rust analyzer + inputs.fenix.packages."${pkgs.system}".rust-analyzer + # Misc cargo utilites + cargo-binutils # Allow invoking the llvm tools included with the toolchain + cargo-edit # Command line Cargo.toml manipulation + cargo-asm # Dump the generated assembly + cargo-fuzz # front end for fuzz testing rust + cargo-license # Audit the licenses of dependencies + cargo-criterion # Benchmarking front end + cargo-audit # Check dependencies for known CVEs + cargo-bloat # Find out what's taking up space in the executable + cargo-udeps # Find unused dependencies + cargo-expand # Dump expanded macros + unstable.cargo-tarpaulin # Code coverage + cargo-play # Quickly execute code outside of a crate + # For building stuff that uses protocol buffers + protobuf + ]; + }) + # JVM Development + // (mkIf devel.jvm { + home.packages = with unstable; [ + inputs.java.packages."${pkgs.system}".semeru-stable + gradle + kotlin + kotlin-native + kotlin-language-server + ktlint + ]; + }) + # Python Development + // (mkIf devel.python { + home.packages = with pkgs; [ + python3Full + nodePackages.pyright + ]; + }) + # JavaScript/TypeScript Development + // (mkIf devel.js { + home.packages = with unstable; [ + nodejs + yarn + nodePackages.typescript + deno + ]; + }) + # Raku Development + // (mkIf devel.raku { + home.packages = with pkgs; [ + rakudo + zef + ]; + }); +} + + +# TODO: Add pyright and python3Full under python module diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix new file mode 100644 index 0000000..b60e8b6 --- /dev/null +++ b/home-manager/programs/emacs.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = [ inputs.nix-doom-emacs.hmModule ]; + + config = lib.mkIf config.nathan.programs.emacs.enable { + # Dependencies of my emacs environment + home.packages = with pkgs; [ + # For markdown rendering + python39Packages.grip + # For graph generation + graphviz + sqlite + # For latex editing + texlive.combined.scheme-medium + ]; + # Setup doom emacs + programs.doom-emacs = { + enable = true; + doomPrivateDir = ../../doom.d; + emacsPackage = config.nathan.programs.emacs.package; + emacsPackagesOverlay = self: super: { + org-protocol-capture-html = self.trivialBuild { + pname = "org-protocol-capture-html"; + ename = "org-protocol-capture-html"; + version = "0.0.0"; + buildInputs = [ self.s ]; + src = pkgs.fetchFromGitHub { + owner = "alphapapa"; + repo = "org-protocol-capture-html"; + rev = "3359ce9a2f3b48df26329adaee0c4710b1024250"; + hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI="; + }; + }; + }; + }; + # Setup service + services.emacs = { + enable = config.nathan.programs.emacs.service; + client.enable = true; + defaultEditor = true; + }; + }; +} diff --git a/home-manager/programs/image-editing.nix b/home-manager/programs/image-editing.nix new file mode 100644 index 0000000..c8edf0b --- /dev/null +++ b/home-manager/programs/image-editing.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, inputs, ... }: +let + unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; +in +{ + config = lib.mkIf config.nathan.programs.image-editing { + home.packages = with pkgs; [ + # RawTherapee for raw editing + unstable.rawtherapee + # Gimp for complex editing + unstable.gimp-with-plugins + # Krita for drawing + unstable.krita + # Pinta for basic image editing + unstable.pinta + # Command line tools for image conversion and handling + imagemagickBig + ]; + }; +} diff --git a/home-manager/programs/media.nix b/home-manager/programs/media.nix new file mode 100644 index 0000000..01daa74 --- /dev/null +++ b/home-manager/programs/media.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, inputs, ... }: +let + unstable = import inputs.nixpkgs-unstable { config = { allowUnfree = true; }; system = pkgs.system; }; + irisDesktopItem = pkgs.makeDesktopItem { + name = "iris"; + desktopName = "Iris"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"http://localhost:6680/iris/\""; + terminal = false; + }; +in +{ + config = lib.mkIf config.nathan.programs.media.enable { + # General Packages + home.packages = with pkgs; [ + unstable.spotify + unstable.vlc + unstable.plex-media-player + unstable.obs-studio + nicotine-plus + irisDesktopItem + picard + ]; + # Mopidy service + # TODO: Add scrobbling + services.mopidy = { + enable = true; + extensionPackages = with pkgs; [ + mopidy-mpd + mopidy-iris + mopidy-scrobbler + mopidy-local + ]; + # extraConfigFiles = config.nathan.programs.media.mopidyExtraConfig; + settings = { + file = { + media_dirs = [ + "~/Music" + ]; + }; + local = { + enabled = true; + media_dir = "~/Music"; + }; + mpd = { + enabled = true; + }; + }; + }; + }; +} diff --git a/modules/sway.nix b/home-manager/programs/sway.nix similarity index 58% rename from modules/sway.nix rename to home-manager/programs/sway.nix index 9fffa58..136812e 100644 --- a/modules/sway.nix +++ b/home-manager/programs/sway.nix @@ -1,105 +1,17 @@ -## Enable and setup SwayWM -{ config, pkgs, lib, unstable, ... }: +{ config, lib, pkgs, inputs, ... }: +let + nathan = config.nathan; +in +with lib; { - # Turn on GDM for login - services.xserver = { - enable = true; - autorun = true; - displayManager.gdm = { - enable = true; - wayland = true; - }; - # Set swaywm as default - displayManager.defaultSession = "sway"; - # Enable plasma for the applications - desktopManager.plasma5.enable = true; - }; - # Setup drivers - hardware.opengl = { - # Enable vulkan - driSupport = true; - # Force vulkan drivers - extraPackages = [ - pkgs.amdvlk - ]; - # Same as above, but enable 32 bit legacy support (for games) - driSupport32Bit = true; - extraPackages32 = [ - pkgs.driversi686Linux.amdvlk - ]; - }; - # Basic packages that are effectively required for a graphical system - environment.systemPackages = with pkgs; [ - # GTK Theming - gtk-engine-murrine - gtk_engines - gsettings-desktop-schemas - lxappearance - kde-gtk-config - ]; - # Enable QT themeing - programs.qt5ct.enable = true; - # Enable and configure sway itself - programs.sway = { - enable = true; - # Enable the wrapper for gtk applications - wrapperFeatures.gtk = true; - # Install some applications required for sway to work how I want - extraPackages = with pkgs; [ - # Unstable waybar, its a fast moving target - unstable.waybar - # Locking and display management - wdisplays - swaylock-effects - swayidle - # Clipboard - wl-clipboard - # Notifications - mako - # Terminal - alacritty - # glib for sound stuff - glib - # Glpaper for the background - (glpaper.overrideAttrs (old: { - src = fetchFromSourcehut { - owner = "~scoopta"; - repo = "glpaper"; - vc = "hg"; - rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35"; - hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M="; - }; - })) - # Screenshots - sway-contrib.grimshot - # Albert for launcher - albert - ]; - }; - - environment.sessionVariables = { - MOZ_ENABLE_WAYLAND = "1"; - }; - - # Enable the xdg-portal - xdg = { - portal = { - enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-wlr - xdg-desktop-portal-gtk - ]; - gtkUsePortal = true; - }; - }; - - ## Home manager stuff for sway - home-manager.users.nathan = + config = mkIf nathan.programs.swaywm.enable ( let swaylock-command = "${pkgs.swaylock-effects}/bin/swaylock --screenshots --grace 30 --indicator --clock --timestr \"%-I:%M:%S %p\" --datestr \"%A %Y-%M-%d\" --effect-blur 20x3"; in { - # Configure sway itself + ######################### + ## Sway + ######################### wayland.windowManager.sway = { enable = true; systemdIntegration = true; @@ -168,7 +80,9 @@ for_window [title=".*Minecraft.*"] opacity 1 ''; }; - # Mako for notifications + ######################### + ## Mako (notifications) + ######################### programs.mako = { enable = true; # Selenized color scheme @@ -188,7 +102,9 @@ # Sort by time in descending order (newest first) sort = "-time"; }; - # Swayidle for automatic screen locking + ######################### + ## Swayidle + ######################### services.swayidle = { enable = true; timeouts = [ @@ -205,10 +121,62 @@ } ]; }; - # Waybar configuration + ######################### + ## Waybar + ######################### programs.waybar = { enable = true; - package = unstable.waybar; + package = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}".waybar; }; - }; + ######################### + ## Alacritty + ######################### + programs.alacritty = { + enable = true; + settings = { + env = { + TERM = "xterm-256color"; + ALACRITTY = "1"; + }; + font = { + normal.family = "FiraCode Nerd Font"; + bold.family = "FiraCode Nerd Font"; + italic.family = "FiraCode Nerd Font"; + bold_italic.family = "FiraCode Nerd Font"; + size = 9.0; + }; + colors = { + primary = { + background = "0x103c48"; + foreground = "0xadbcbc"; + }; + normal = { + black = "0x184956"; + red = "0xfa5750"; + green = "0x75b938"; + yellow = "0xdbb32d"; + blue = "0x4695f7"; + magenta = "0xf275be"; + cyan = "0x41c7b9"; + white = "0x72898f"; + }; + bright = { + black = "0x2d5b69"; + red = "0xff665c"; + green = "0x84c747"; + yellow = "0xebc13d"; + blue = "0x58a3ff"; + magenta = "0xff84cd"; + cyan = "0x53d6c7"; + white = "0xcad8d9"; + }; + }; + }; + }; + ######################### + ## EasyEffects + ######################### + services.easyeffects.enable = true; + } + ); } diff --git a/home-manager/programs/syncthing.nix b/home-manager/programs/syncthing.nix new file mode 100644 index 0000000..2cf4690 --- /dev/null +++ b/home-manager/programs/syncthing.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + config = lib.mkIf config.nathan.services.syncthing { + services.syncthing = { + enable = true; + tray = { + enable = true; + }; + }; + }; +} diff --git a/home-manager/ssh.nix b/home-manager/ssh.nix deleted file mode 100644 index b0e70b1..0000000 --- a/home-manager/ssh.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options.nathans-home.ssh = with lib; { - enable = mkOption { - type = types.bool; - default = true; - }; - }; - - config = lib.mkIf config.nathans-home.ssh.enable { - programs.ssh = { - # SSH configuration - enable = true; - # extra config to set the ciphers - extraConfig = '' - Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr - ''; - # enable session reuse - controlMaster = "auto"; - controlPersist = "10m"; - # Configure known hosts - matchBlocks = { - "levitation" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.95.223.6"; - }; - "perception" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.67.146.101"; - }; - "oracles" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.66.15.34"; - }; - "tounge" = { - forwardAgent = true; - user = "nathan"; - hostname = "172.23.98.121"; - }; - "shadowchild" = { - forwardAgent = true; - user = "nathan"; - hostname = "172.23.217.149"; - }; - "matrix.community.rs" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.113.74.107"; - }; - "de1955" = { - user = "de1955"; - hostname = "de1955.rsync.net"; - }; - }; - }; - }; -} diff --git a/home.nix b/home.nix deleted file mode 100644 index ceca74f..0000000 --- a/home.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, config, ... }: -{ - ## Some general settings that were in the user configuration - # Set time zone - time.timeZone = "America/New_York"; - ## Setup user first - users = { - users.nathan = { - # darwin is special - home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; - description = "Nathan McCarty"; - shell = pkgs.fish; - }; - }; - ## Misc packages that were in user.nix - # Install general use packages - environment.systemPackages = with pkgs; [ - # Install our shell of choice - fish - # Install rclone - rclone - ]; -} diff --git a/machines/levitation.nix b/machines/levitation.nix deleted file mode 100644 index d543e95..0000000 --- a/machines/levitation.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ pkgs, lib, config, ... }: { - - ### - ## Define the hostname, enable dhcp - ### - networking = { - hostName = "levitation"; - domain = "mccarty.io"; - useDHCP = false; - interfaces.enp6s0.useDHCP = true; - nat.externalInterface = "enp6s0"; - }; - ### - ## Enable programs we don't want on every machine - ### - programs = { - steam.enable = true; - adb.enable = true; - }; - - ### - ## Firewall ports - ### - # 61377 - SoulSeek - # Enable firewall and pass some ports - networking.firewall = { - enable = true; - allowedTCPPorts = [ 61377 ]; - allowedUDPPorts = [ 61377 ]; - }; - - ### - ## Machine specific home-manager - ### - home-manager.users.nathan = { - # Sway outputs - wayland.windowManager.sway.config = { - output = { - DP-1 = { - pos = "0 140"; - scale = "1"; - subpixel = "rgb"; - }; - DP-3 = { - pos = "2560 0"; - scale = "1.25"; - subpixel = "rgb"; - }; - HDMI-A-1 = { - pos = "5632 140"; - scale = "1"; - subpixel = "rgb"; - }; - }; - startup = [ - # GLPaper - { command = "glpaper DP-1 ${../custom-files/sway/selen.frag} --fork"; } - { command = "glpaper DP-3 ${../custom-files/sway/selen.frag} --fork"; } - { command = "glpaper HDMI-A-1 ${../custom-files/sway/selen.frag} --fork"; } - ]; - }; - # Mako output configuration - programs.mako = { - # Lock mako notifs to main display - output = "DP-3"; - }; - }; - - ### - ## Borg Backups - ### - - # Install borg - environment.systemPackages = with pkgs; [ - borgbackup - ]; - # Setup sops - sops.secrets."borg-sshKey" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - sops.secrets."borg-levitationPassword" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - # Setup the job - services.borgbackup.jobs = { - remote_backup = { - paths = [ - "/home" - "/var" - "/etc" - ]; - exclude = [ - "*/.cache" - "*/.tmp" - "/home/nathan/Projects/*/target" - "/home/nathan/Work/*/target" - "/home/nathan/.local/share/Steam" - "/home/nathan/Downloads" - "/home/nathan/Music" - "/var/lib/docker" - "/var/log" - "/home/nathan/*/Cache" - ]; - repo = "de1955@de1955.rsync.net:computers/levitation"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}"; - }; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}"; - compression = "auto,zstd"; - startAt = "hourly"; - prune.keep = { - within = "7d"; # Keep all archives for the past week - daily = 1; # Keep 1 snapshot a day for 2 weeks - weekly = 4; # Keep 1 snapshot a week for 4 weeks - monthly = -1; # Keep unlimited monthly backups - }; - }; - }; -} diff --git a/machines/matrix.nix b/machines/matrix.nix deleted file mode 100644 index 00a0c33..0000000 --- a/machines/matrix.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # Grub configuration for linode - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.forceInstall = true; - boot.loader.timeout = 10; - boot.loader.grub.extraConfig = '' - serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; - terminal_input serial; - terminal_output serial - ''; - boot.kernelParams = [ - "console=ttyS0" - ]; - - networking.hostName = "matrix"; - networking.domain = "community.rs"; - networking.useDHCP = false; - networking.interfaces.enp0s5.useDHCP = true; - networking.enableIPv6 = false; - - # Create www-html group - users.groups.www-html.gid = 6848; - # Add shaurya - users.users.shaurya = { - isNormalUser = true; - home = "/home/shaurya"; - description = "Shaurya"; - extraGroups = [ "www-html" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com" - ]; - shell = pkgs.nushell; - }; - # Add www-html for my self - users.users.nathan = { - extraGroups = [ "www-html" ]; - }; - - ### - ## Borg Backup - ### - - # Install borg - environment.systemPackages = with pkgs; [ - borgbackup - ]; - - # Setup sops - sops.secrets."borg-sshKey" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - sops.secrets."borg-matrixPassword" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - # Setup the job - services.borgbackup.jobs = { - files = { - paths = [ - "/home" - "/var" - "/etc" - ]; - exclude = [ - "*/.cache" - "*/.tmp" - "/home/nathan/minecraft/server/backup" - "/var/lib/postgresql" - "/var/lib/redis" - "/var/lib/docker" - "/var/log" - ]; - repo = "de1955@de1955.rsync.net:computers/matrix"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."borg-matrixPassword".path}"; - }; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}"; - compression = "auto,zstd"; - startAt = "OnCalendar=00/4:30"; - prune.keep = { - within = "7d"; # Keep all archives for the past week - daily = 1; # Keep 1 snapshot a day for 2 weeks - weekly = 4; # Keep 1 snapshot a week for 4 weeks - monthly = -1; # Keep unlimited monthly backups - }; - }; - }; - # Backup postgres - services.postgresqlBackup = { - enable = true; - compression = "none"; - backupAll = true; - startAt = "OnCalendar=00/2:00"; - }; -} diff --git a/machines/oracles.nix b/machines/oracles.nix deleted file mode 100644 index c094d6e..0000000 --- a/machines/oracles.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ config, lib, pkgs, java, ... }: - -{ - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # Configure networking - networking = { - hostName = "oracles"; - domain = "mccarty.io"; - useDHCP = false; - interfaces.enp1s0f1.ipv4.addresses = [{ - address = "104.238.220.96"; - prefixLength = 24; - }]; - defaultGateway = "104.238.220.1"; - nameservers = [ "172.23.98.121" "1.1.1.1" ]; - }; - - # Open ports in firewall - networking.firewall.allowedTCPPorts = [ 22 80 443 25565 ]; - networking.firewall.allowedUDPPorts = [ 22 80 443 25565 ]; - networking.firewall.enable = true; - # Trust zerotier interface - networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ]; - - # Add nginx and acme certs - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - }; - security.acme = { - defaults.email = "nathan@mccarty.io"; - acceptTerms = true; - }; - # Redis - services.redis.servers.main = { - enable = true; - bind = "172.23.108.12"; - }; - - # Install java - environment.systemPackages = with pkgs; [ - java.packages.${system}.semeru-latest - borgbackup - ]; - - # Setup sops - sops.secrets."borg-sshKey" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - sops.secrets."borg-oraclesPassword" = { - format = "yaml"; - sopsFile = ../secrets/borg.yaml; - }; - # Setup the job - services.borgbackup.jobs = { - files = { - paths = [ - "/home" - "/var" - "/etc" - ]; - exclude = [ - "*/.cache" - "*/.tmp" - "/home/nathan/minecraft/server/backup" - "/var/lib/postgresql" - "/var/lib/redis" - "/var/lib/docker" - "/var/log" - ]; - repo = "de1955@de1955.rsync.net:computers/oracles"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."borg-oraclesPassword".path}"; - }; - environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}"; - compression = "auto,zstd"; - startAt = "OnCalendar=00/4:30"; - prune.keep = { - within = "7d"; # Keep all archives for the past week - daily = 1; # Keep 1 snapshot a day for 2 weeks - weekly = 4; # Keep 1 snapshot a week for 4 weeks - monthly = -1; # Keep unlimited monthly backups - }; - }; - }; - # Backup postgres - services.postgresqlBackup = { - enable = true; - compression = "none"; - backupAll = true; - startAt = "OnCalendar=00/2:00"; - }; - -} diff --git a/machines/perception.nix b/machines/perception.nix deleted file mode 100644 index 918dd6e..0000000 --- a/machines/perception.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - networking = { - hostName = "perception"; - domain = "mccarty.io"; - useDHCP = false; - interfaces.eno1 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "10.0.0.11"; - prefixLength = 21; - } - ]; - }; - defaultGateway = "10.0.4.1"; - nameservers = [ "10.0.0.10" ]; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Trust ZT interface - networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ]; - - # add plex nfs mount - fileSystems."/var/plex" = { - device = "10.0.0.139:/mnt/tank/root/data/plex"; - fsType = "nfs"; - }; - fileSystems."/var/scratch" = { - device = "10.0.0.139:/mnt/tank/root/scratch"; - fsType = "nfs"; - }; - - # Enable sabnzbd - services.sabnzbd = { - enable = true; - }; - # Enable sonarr - services.sonarr = { - enable = true; - }; - # Enable radarr - services.radarr = { - enable = true; - }; - - # Open firewall ports - networking.firewall = { - enable = false; - allowedTCPPorts = [ 8080 8989 9383 7878 ]; - allowedUDPPorts = [ 8080 8989 9383 7878 ]; - }; -} diff --git a/machines/shadowchild.nix b/machines/shadowchild.nix deleted file mode 100644 index bca9cc2..0000000 --- a/machines/shadowchild.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - boot.cleanTmpDir = true; - networking.hostName = "shadowchild"; - networking.domain = "mccarty.io"; - networking.firewall.allowPing = true; - - # Turn on nginx so we can get a lets encrypt cert - security.acme.defaults.email = "nathan@mccarty.io"; - security.acme.acceptTerms = true; - - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts."turn.community.rs" = { - enableACME = true; - forceSSL = true; - }; - }; - - services.coturn = rec { - enable = true; - no-cli = true; - no-tcp-relay = true; - min-port = 49000; - max-port = 50000; - use-auth-secret = true; - static-auth-secret = "5C1rbLi5pPJhEGTzkVR1"; - realm = "turn.community.rs"; - cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; - pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; - extraConfig = '' - # for debugging - verbose - # ban private IP ranges - no-multicast-peers - denied-peer-ip=0.0.0.0-0.255.255.255 - denied-peer-ip=10.0.0.0-10.255.255.255 - denied-peer-ip=100.64.0.0-100.127.255.255 - denied-peer-ip=127.0.0.0-127.255.255.255 - denied-peer-ip=169.254.0.0-169.254.255.255 - denied-peer-ip=192.0.0.0-192.0.0.255 - denied-peer-ip=192.0.2.0-192.0.2.255 - denied-peer-ip=192.88.99.0-192.88.99.255 - denied-peer-ip=192.168.0.0-192.168.255.255 - denied-peer-ip=198.18.0.0-198.19.255.255 - denied-peer-ip=198.51.100.0-198.51.100.255 - denied-peer-ip=203.0.113.0-203.0.113.255 - denied-peer-ip=240.0.0.0-255.255.255.255 - denied-peer-ip=::1 - denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff - denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255 - denied-peer-ip=100::-100::ffff:ffff:ffff:ffff - denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff - ''; - }; - # open the firewall - networking.firewall = { - interfaces.enp2s0 = - let - range = with config.services.coturn; [{ - from = min-port; - to = max-port; - }]; - in - { - allowedUDPPortRanges = range; - allowedUDPPorts = [ 3478 ]; - allowedTCPPortRanges = range; - allowedTCPPorts = [ 3478 ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; -} diff --git a/modules/audio.nix b/modules/audio.nix deleted file mode 100644 index e178c89..0000000 --- a/modules/audio.nix +++ /dev/null @@ -1,48 +0,0 @@ -## Setup pipewire, including bluetooth audio -{ config, pkgs, ... }: -let new-noisetorch = pkgs.noisetorch.overrideAttrs (old: { - src = pkgs.fetchFromGitHub { - owner = "noisetorch"; - repo = "NoiseTorch"; - rev = "fe3ace8cc7add2f3bd42dd767c8fc292bc2aeaad"; - fetchSubmodules = true; - hash = "sha256-A6cX1ck47/ZIn9cnV/Ow4CxVFfOX5J0K0Q+B70jCFdQ="; - }; - version = "0.12.0"; - meta.insecure = false; -}); -in -{ - # Disable normal audio subsystem explicitly - sound.enable = false; - # Turn on rtkit, so that audio processes can be upgraded to real time - security.rtkit.enable = true; - # Turn on pipewire - services.pipewire = { - enable = true; - # Turn on all the emulation layers - alsa = { - enable = true; - support32Bit = true; - }; - pulse.enable = true; - jack.enable = true; - }; - # Turn on bluetooth services - services.blueman.enable = true; - hardware.bluetooth = { - enable = true; - package = pkgs.bluezFull; - }; - # Add pulse audio packages, but do not enable them - environment.systemPackages = [ - pkgs.pulseaudio - pkgs.pavucontrol - ]; - # Add noisetorch for microphone noise canceling - programs.noisetorch = { - enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 - # Use latest noisetorch, its a fast moving target - package = new-noisetorch; - }; -} diff --git a/modules/autoupdate.nix b/modules/autoupdate.nix deleted file mode 100644 index e4d6e16..0000000 --- a/modules/autoupdate.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Autoupdate the system - system.autoUpgrade = { - enable = true; - allowReboot = true; - # Update from the flake - flake = "github:nathans-flakes/system"; - # Attempt to update daily at 2AM - dates = "2:00"; - }; -} diff --git a/modules/base.nix b/modules/base.nix new file mode 100644 index 0000000..5169a2e --- /dev/null +++ b/modules/base.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +with lib; { + + config = { + nix = mkIf config.nathan.config.nix.autoGC { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + }; + }; +} diff --git a/modules/common.nix b/modules/common.nix deleted file mode 100644 index 972df7e..0000000 --- a/modules/common.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: -{ - # Turn on compressed memory swap - zramSwap = { - enable = true; - algorithm = "lz4"; - memoryPercent = 25; - }; - # Automatically optimize and garbage collect the store - nix = { - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..4fa363b --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,137 @@ +{ config, lib, pkgs, ... }: +let + inherit (import ./lib.nix { inherit lib; inherit pkgs; }) nLib; +in +{ + imports = [ + ./base.nix + ./user.nix + ./desktop.nix + ./swaywm.nix + ./hardware.nix + ./programs/games.nix + ./programs/gpg.nix + ./programs/utils.nix + ./services/ssh.nix + ./services/tailscale.nix + ./linux/base.nix + ]; + + options = with lib; with nLib; { + nathan = { + # Control enabling of services + services = { + # Use zramSwap, enabled by default + zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop; + # Enable ssh and configure firewall + # On by default + ssh = mkEnableOptionT "ssh"; + # Enable tailscale, on by default on linux + tailscale = { + enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; + }; + }; + # Control enabling/configuratin of services + programs = { + # Install games + games = mkEnableOption "games"; + # Install gpg with yubikey support + # Enabled by default if the system is a desktop + gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop; + # Utility modules + utils = { + # Core utililtes I want on every system + # Enabled by default + core = mkEnableOptionT "utils-core"; + # Productivity utilites that make sense for a desktop + # Enabled by default on desktop + productivity = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; + # Enable multi system emulation + # Enabled by default on desktop + binfmt = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; + }; + }; + # Control enabling of hardware support + hardware = { + # Logitech hardware support + # On by default if the system is a desktop + logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; + }; + # General system configuration + config = { + # Wether or not to install the main user + installUser = mkOption { + default = pkgs.stdenv.isLinux; + example = true; + description = "Whether to install the 'nathan' user"; + type = lib.types.bool; + }; + # Name of the user to install + user = mkOption { + default = "nathan"; + example = "nathan"; + description = "Username to use for common configuration"; + type = lib.types.str; + }; + # Is this system a desktop? + # Off by default + isDesktop = mkEnableOption "Desktop specific settings"; + # Should we harden this system? + # On by default + harden = mkEnableOptionT "Apply system hardening"; + # Enable audio subsystem + # On by default if the system is a desktop + audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop; + # Basic grub configuration + # Off by default + setupGrub = mkEnableOption "Setup grub"; + # Install fonts + # On by default if the system is a desktop + fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop; + # Enable unfree software + # On by default + enableUnfree = mkEnableOptionT "unfree software"; + # Nix configuration + nix = { + # Automatic GC and optimization of the nix store + # On by default + autoGC = mkEnableOptionT "Nix store optimization and auto gc"; + # Automatic updating of the system + # On by default + autoUpdate = mkEnableOptionT "Nix autoupdating"; + }; + # Swaywm configuration + # On by default if the system is a desktop + swaywm = { + enable = mkOption { + default = config.nathan.config.isDesktop; + example = true; + description = "Whether to setup swaywm"; + type = lib.types.bool; + }; + }; + # Virtualization configuration + # All on by default if the system is a desktop + virtualization = { + qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop; + docker = mkDefaultOption "docker" config.nathan.config.isDesktop; + lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; + nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; + }; + }; + }; + }; + + config = { + # Enable the firewall + networking.firewall.enable = true; + # Enable unfree packages + nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree; + # Work around for discord jank ugh + nixpkgs.config.permittedInsecurePackages = [ + "electron-13.6.9" + ]; + # Set system state version + system.stateVersion = "22.05"; + }; +} diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 0000000..a5d780d --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: +let + nc = config.nathan.config; +in +with lib; { + # Generic desktop configuration + config = mkIf nc.isDesktop + { + # Ergodox + environment.systemPackages = with pkgs; [ + wally-cli + ]; + hardware.keyboard.zsa.enable = true; + # Configure grub if configured + } // mkIf nc.setupGrub { + ## Boot, drivers, and host name + # Use grub + boot.loader = { + grub = { + enable = true; + version = 2; + efiSupport = true; + # Go efi only + devices = [ "nodev" ]; + # Use os-prober + useOSProber = true; + }; + efi = { + efiSysMountPoint = "/boot/"; + canTouchEfiVariables = false; + }; + }; + # Configure audio + } // mkIf nc.audio { + # Disable normal audio subsystem explicitly + sound.enable = false; + # Turn on rtkit, so that audio processes can be upgraded to real time + security.rtkit.enable = true; + # Turn on pipewire + services.pipewire = { + enable = true; + # Turn on all the emulation layers + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; + # Turn on bluetooth services + services.blueman.enable = true; + hardware.bluetooth = { + enable = true; + package = pkgs.bluezFull; + }; + # Add pulse audio packages, but do not enable them + environment.systemPackages = with pkgs;[ + pulseaudio + pavucontrol + noisetorch + ]; + # Add noisetorch for microphone noise canceling + programs.noisetorch = { + enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 + }; + # Configure fonts + } // mkIf nc.fonts { + fonts.fonts = with pkgs; [ + ## Monospace Fonts + # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs + (nerdfonts.override { fonts = [ "FiraCode" ]; }) + fira-code-symbols + fira + # Proportional + roboto + liberation_ttf + noto-fonts + ]; + }; +} diff --git a/modules/docker.nix b/modules/docker.nix deleted file mode 100644 index 2403651..0000000 --- a/modules/docker.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: -{ - # Enable docker and use unstable version - virtualisation.docker = { - enable = true; - package = pkgs.docker; - # Automatically prune to keep things lean - autoPrune.enable = true; - }; - # Setup networking for nixos containers - networking = { - nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - }; - }; -} diff --git a/modules/fonts.nix b/modules/fonts.nix deleted file mode 100644 index a84620f..0000000 --- a/modules/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: -{ - fonts.fonts = with pkgs; [ - ## Monospace Fonts - # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs - (nerdfonts.override { fonts = [ "FiraCode" ]; }) - fira-code-symbols - fira - # Proportional - roboto - liberation_ttf - noto-fonts - ]; -} diff --git a/modules/games.nix b/modules/games.nix deleted file mode 100644 index e2c4314..0000000 --- a/modules/games.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, nixpkgs-unstable, ... }: { - environment.systemPackages = - let - # https://github.com/Admicos/minecraft-wayland - glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: { - patches = attrs.patches ++ [ - ../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch - ../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch - ]; - }); - stable-packages = with pkgs; [ - # Dwarf fortress - (dwarf-fortress-packages.dwarf-fortress-full.override { - enableFPS = true; - }) - # PolyMC minecraft stuff - polymc - glfw-patched - ]; - unstable-packages = with nixpkgs-unstable.legacyPackages."${pkgs.system}"; [ - # Packwiz for maintaing modpacks - packwiz - ]; - in - stable-packages ++ unstable-packages; -} diff --git a/modules/gpg.nix b/modules/gpg.nix deleted file mode 100644 index 829e7f4..0000000 --- a/modules/gpg.nix +++ /dev/null @@ -1,36 +0,0 @@ -# Configure gpg with yubikey support -{ config, pkgs, ... }: -{ - # Setup environment for gpg agent - environment.shellInit = '' - export GPG_TTY="$(tty)" - gpg-connect-agent /bye - export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" - ''; - - environment.sessionVariables = { - SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"; - }; - - programs = { - # Disable ssh-agent, the gpg-agent will fill in - ssh.startAgent = false; - # Enable gpg-agent with ssh support - gnupg.agent = { - enable = true; - enableSSHSupport = true; - enableExtraSocket = true; - }; - }; - - # Enable ykpersonalize to work - services.udev.packages = [ pkgs.yubikey-personalization ]; - # Enable smartcard service - services.pcscd.enable = true; - - # install gnupg and yubikey personalization - environment.systemPackages = with pkgs; [ - gnupg - yubikey-personalization - ]; -} diff --git a/modules/hardware.nix b/modules/hardware.nix new file mode 100644 index 0000000..d867aca --- /dev/null +++ b/modules/hardware.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: +let + nw = config.nathan.hardware; +in +with lib; +{ + config = { + hardware.logitech.wireless = mkIf nw.logitech { + enable = true; + enableGraphical = true; + }; + }; +} diff --git a/modules/lib.nix b/modules/lib.nix new file mode 100644 index 0000000..8f8a629 --- /dev/null +++ b/modules/lib.nix @@ -0,0 +1,25 @@ +{ lib, pkgs }: + +{ + nLib = { + # mkEnableOption, but defaults to true + mkEnableOptionT = name: lib.mkOption { + default = true; + example = false; + description = "Whether to enable ${name}."; + type = lib.types.bool; + }; + # mkEnableOption, but with a default + mkDefaultOption = name: default: lib.mkOption { + default = default; + example = false; + description = "Whether to enable ${name}."; + type = lib.types.bool; + }; + # Returns an empty list if the current system is not linux + ifLinux = value: if pkgs.stdenv.isLinux then value else [ ]; + # Appends if the predicate is true + appendIf = predicate: input: append: + if predicate then input ++ append else input; + }; +} diff --git a/modules/linux/base.nix b/modules/linux/base.nix new file mode 100644 index 0000000..29cb9d8 --- /dev/null +++ b/modules/linux/base.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, inputs, ... }@attrs: +with lib; +{ + config = mkIf pkgs.stdenv.isLinux + ({ + zramSwap = mkIf config.nathan.servics.zramSwap + { + enable = true; + algorithm = "lz4"; + memoryPercent = 25; + }; + nix = mkIf config.nathan.config.nix.autoGC { + autoOptimiseStore = true; + }; + } // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) + // mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux) + { + # System must be for us :v + networking.domain = "mccarty.io"; + } + // mkIf + (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) + { + # Auto update daily at 2 am + system.autoUpgrade = { + enable = true; + allowReboot = true; + # Update from the flake + flake = "github:nathans-flakes/system"; + # Attempt to update daily at 2AM + dates = "2:00"; + }; + }; +} diff --git a/modules/logitech.nix b/modules/logitech.nix deleted file mode 100644 index 8dd107b..0000000 --- a/modules/logitech.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, ... }: -{ - hardware.logitech.wireless = { - enable = true; - enableGraphical = true; - }; -} diff --git a/modules/lxc.nix b/modules/lxc.nix deleted file mode 100644 index 7fbc446..0000000 --- a/modules/lxc.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - virtualisation.lxd = { - enable = true; - recommendedSysctlSettings = true; - }; - users.users.nathan = { - extraGroups = [ "lxd" ]; - }; -} diff --git a/modules/printing.nix b/modules/printing.nix deleted file mode 100644 index e342982..0000000 --- a/modules/printing.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: -{ - services.printing = { - enable = true; - drivers = with pkgs; [ - canon-cups-ufr2 - carps-cups - cnijfilter2 - ]; - }; - - # Enable avahi for printer discovery - services.avahi = { - enable = true; - nssmdns = true; - }; - - environment.systemPackages = with pkgs; [ - canon-cups-ufr2 - cups - cups-filters - ]; -} diff --git a/modules/programs/games.nix b/modules/programs/games.nix new file mode 100644 index 0000000..6f7067f --- /dev/null +++ b/modules/programs/games.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, inputs, ... }: +let + np = config.nathan.programs; +in +with lib; +{ + config = mkIf np.games { + environment.systemPackages = + let + # https://github.com/Admicos/minecraft-wayland + glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: { + patches = attrs.patches ++ [ + ../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch + ../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch + ]; + }); + stable-packages = with pkgs; [ + # Dwarf fortress + (dwarf-fortress-packages.dwarf-fortress-full.override { + enableFPS = true; + }) + # PolyMC minecraft stuff + inputs.polymc.packages."${system}".polymc + glfw-patched + ]; + unstable-packages = with inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; [ + # Packwiz for maintaing modpacks + packwiz + ]; + in + stable-packages ++ unstable-packages; + }; +} diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix new file mode 100644 index 0000000..65c9d6c --- /dev/null +++ b/modules/programs/gpg.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +let + np = config.nathan.programs; + nc = config.nathan.config; +in +with lib; +{ + config = mkIf np.gpg { + # Setup environment for gpg agent + environment.shellInit = '' + export GPG_TTY="$(tty)" + gpg-connect-agent /bye + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + ''; + + environment.sessionVariables = { + SSH_AUTH_SOCK = + "/run/user/1000/gnupg/S.gpg-agent.ssh"; + }; + + programs = { + # Disable ssh-agent, the gpg-agent will fill in + ssh.startAgent = false; + # Enable gpg-agent with ssh support + gnupg.agent = { + enable = true; + enableSSHSupport = true; + enableExtraSocket = true; + }; + }; + + # Enable ykpersonalize to work + services.udev.packages = [ pkgs.yubikey-personalization ]; + # Enable smartcard service + services.pcscd.enable = true; + + # install gnupg and yubikey personalization + environment.systemPackages = with pkgs; [ + gnupg + yubikey-personalization + ]; + }; +} diff --git a/modules/programs/utils.nix b/modules/programs/utils.nix new file mode 100644 index 0000000..b1e3751 --- /dev/null +++ b/modules/programs/utils.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkIf nathan.programs.utils.core + { + environment.systemPackages = with pkgs; [ + # Basic command line utilities + wget + tmux + nano + unzip + any-nix-shell + htop + # Rust rewrites of common shell utilities + starship + exa + bat + fd + sd + du-dust + ripgrep + ripgrep-all + hyperfine + bottom + dogdns + duf + # User friendly cut + choose + # Man but terse + tealdeer + # For nslookup + dnsutils + # Mosh for better high-latency ssh + mosh + # PV for viewing pipes + pv + ]; + } // mkIf nathan.programs.utils.productivity { + environment.systemPackages = with pkgs; [ + # Feh image viewer + feh + tokei + # Spell check + hunspell + hunspellDicts.en-us + # CLI Markdown renderer + glow + # Command line file manager + broot + # Much better curl + httpie + # CLI spreadsheets + visidata + # Cheatsheet manager + cheat + # Ping with a graph + gping + # Pandoc for documentation + pandoc + ]; + } // mkIf nathan.programs.utils.binfmt { + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + }; +} diff --git a/modules/protonmail.nix b/modules/protonmail.nix deleted file mode 100644 index daad5b6..0000000 --- a/modules/protonmail.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Install protonmail-bridge and pass - environment.systemPackages = with pkgs; [ - protonmail-bridge - pass - ]; -} diff --git a/modules/qemu.nix b/modules/qemu.nix deleted file mode 100644 index 97d34fe..0000000 --- a/modules/qemu.nix +++ /dev/null @@ -1,12 +0,0 @@ -# Setup quem/libvirt -{ config, pkgs, ... }: -{ - # Enable the kernel modules - boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; - # Enable libvirt - virtualisation.libvirtd.enable = true; - # Install virt-manager - environment.systemPackages = with pkgs; [ - virtmanager - ]; -} diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix new file mode 100644 index 0000000..2d09dfb --- /dev/null +++ b/modules/services/ssh.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkIf nathan.services.ssh { + networking.firewall = { + allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ 22 ]; + }; + + services.openssh = { + enable = true; + extraConfig = '' + StreamLocalBindUnlink yes + ''; + listenAddresses = [ + { + addr = "0.0.0.0"; + port = 22; + } + ]; + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + # Enable mosh for connecting from phone or bad internet + programs.mosh.enable = true; + }; +} diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix new file mode 100644 index 0000000..49291e4 --- /dev/null +++ b/modules/services/tailscale.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkIf nathan.services.tailscale.enable { + environment.systemPackages = with pkgs; [ + tailscale + ]; + + # Enable the service + services.tailscale = { + enable = true; + }; + + # Setup sops + sops.secrets."tailscale-auth" = { + format = "yaml"; + }; + + # Oneshot job to authenticate to tailscale + systemd.services.tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ "network-pre.target" "tailscale.service" ]; + wants = [ "network-pre.target" "tailscale.service" ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey $(cat ${config.sops.secrets."tailscale-auth".path}) + ''; + }; + + # Configure firewall for tailscale + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + }; + + # Also enable zerotierone for now + # TODO: Get completely migrated away from this + services.zerotierone = { + enable = true; + joinNetworks = [ "c7c8172af15d643d" ]; + }; + }; +} diff --git a/modules/ssh.nix b/modules/ssh.nix deleted file mode 100644 index 870fc69..0000000 --- a/modules/ssh.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, ... }: -{ - networking.firewall = { - allowedTCPPorts = [ 22 ]; - allowedUDPPorts = [ 22 ]; - }; - - services.openssh = { - enable = true; - extraConfig = '' - StreamLocalBindUnlink yes - ''; - listenAddresses = [ - { - addr = "0.0.0.0"; - port = 22; - } - ]; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - - # Enable mosh for connecting to phone - programs.mosh.enable = true; -} diff --git a/modules/swaywm.nix b/modules/swaywm.nix new file mode 100644 index 0000000..8507259 --- /dev/null +++ b/modules/swaywm.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, inputs, ... }: +let + nc = config.nathan.config; +in +with lib; +{ + config = mkIf nc.swaywm.enable { + # Turn on GDM for login + services.xserver = { + enable = true; + autorun = true; + displayManager = { + gdm = { + enable = true; + }; + defaultSession = "sway"; + }; + # Enable plasma for the applications + desktopManager.plasma5.enable = true; + }; + # Setup drivers + hardware.opengl = { + # Enable vulkan + driSupport = true; + # Force vulkan drivers + extraPackages = [ + pkgs.amdvlk + ]; + # Same as above, but enable 32 bit legacy support (for games) + driSupport32Bit = true; + extraPackages32 = [ + pkgs.driversi686Linux.amdvlk + ]; + }; + # Basic packages that are effectively required for a graphical system + environment.systemPackages = with pkgs; [ + # GTK Theming + gtk-engine-murrine + gtk_engines + gsettings-desktop-schemas + lxappearance + kde-gtk-config + ]; + # Enable QT themeing + programs.qt5ct.enable = true; + # Enable and configure sway itself + programs.sway = { + enable = true; + # Enable the wrapper for gtk applications + wrapperFeatures.gtk = true; + # Install some applications required for sway to work how I want + extraPackages = with pkgs; [ + # Unstable waybar, its a fast moving target + inputs.nixpkgs-unstable.legacyPackages.${system}.waybar + # Locking and display management + wdisplays + swaylock-effects + swayidle + # Clipboard + wl-clipboard + # Notifications + mako + # Terminal + alacritty + # glib for sound stuff + glib + # Glpaper for the background + (glpaper.overrideAttrs (old: { + src = fetchFromSourcehut { + owner = "~scoopta"; + repo = "glpaper"; + vc = "hg"; + rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35"; + hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M="; + }; + })) + # Screenshots + sway-contrib.grimshot + # Albert for launcher + albert + ]; + }; + + environment.sessionVariables = { + MOZ_ENABLE_WAYLAND = "1"; + }; + + # Enable the xdg-portal + xdg = { + portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + ]; + gtkUsePortal = true; + }; + }; + + }; +} diff --git a/modules/tailscale.nix b/modules/tailscale.nix deleted file mode 100644 index 866f9d4..0000000 --- a/modules/tailscale.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - tailscale - ]; - - # Enable the service - services.tailscale = { - enable = true; - }; - - # Setup sops - sops.secrets."tailscale-auth" = { - format = "yaml"; - sopsFile = ../secrets/tailscale.yaml; - }; - - # Oneshot job to authenticate to tailscale - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - # make sure tailscale is running before trying to connect to tailscale - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; - - # set this service as a oneshot job - serviceConfig.Type = "oneshot"; - - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey $(cat ${config.sops.secrets."tailscale-auth".path}) - ''; - }; - - # Configure firewall for tailscale - networking.firewall = { - checkReversePath = "loose"; - trustedInterfaces = [ "tailscale0" ]; - }; -} diff --git a/modules/user.nix b/modules/user.nix new file mode 100644 index 0000000..0d59f20 --- /dev/null +++ b/modules/user.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: +let + nc = config.nathan.config; +in +with lib; { + config = { + users = { + # If we install the user and the system is hardended, then disable mutable users + mutableUsers = !(nc.installUser && nc.harden); + # Configure our user, if enabled + users."${nc.user}" = mkIf nc.installUser + { + # Darwin is special + home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; + description = "Nathan McCarty"; + shell = pkgs.fish; + # Linux specific configuration next + } // mkIf (nc.installUser && pkgs.stdenv.isLinux) { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; + hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; + openssh.authorizedKeys.keys = [ + # yubikey ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" + # Macbook pro key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" + # Phone key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" + # Tablet key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" + ]; + }; + }; + # If we install the user, enable sudo + security.sudo.enable = mkDefault nc.installUser; + # If we setup the user, install the shell as well + environment.systemPackages = + if nc.installUser then [ + pkgs.fish + ] else [ ]; + # Configure the timezone + time.timeZone = "America/New_York"; + }; +} diff --git a/modules/virtualization.nix b/modules/virtualization.nix new file mode 100644 index 0000000..e5719b4 --- /dev/null +++ b/modules/virtualization.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: +let + nc = config.nathan.config; +in +with lib; +{ + config = mkIf nc.virtualization.qemu { + # Enable the kernel modules + boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; + # Enable libvirt + virtualisation.libvirtd.enable = true; + # Install virt-manager + environment.systemPackages = with pkgs; [ + virtmanager + ] // mkIf nc.virtualization.docker { + # Enable docker + virtualisation.docker = { + enable = true; + # Automatically prune to keep things lean + autoPrune.enable = true; + }; + } // mkIf nc.virtualization.lxc { + virtualisation.lxd = { + enable = true; + recommendedSysctlSettings = true; + }; + users.users.${nc.user} = mkIf nc.installUser { + extraGroups = [ "lxd" ]; + }; + } // mkIf nc.virtualization.nixos { + # Setup networking for nixos containers + networking = { + nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + }; + }; + }; + }; +} diff --git a/modules/zt.nix b/modules/zt.nix deleted file mode 100644 index 4c89017..0000000 --- a/modules/zt.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.zerotierone = { - enable = true; - joinNetworks = [ "c7c8172af15d643d" ]; - }; -} diff --git a/secrets/borg.yaml b/secrets/borg.yaml deleted file mode 100644 index a21e998..0000000 --- a/secrets/borg.yaml +++ /dev/null @@ -1,69 +0,0 @@ -borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str] -borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str] -borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str] -borg-matrixPassword: ENC[AES256_GCM,data:7dZh8G36PAhfVU4k4mdnWAMCRKme9nAd4GUkdwdZiIAd037Ou2n3wJfZLA==,iv:rPGFyAmHe2H0g0mPxSo84NT/wwBwMt1vV9DAenvwbW4=,tag:2Q4ID6jsA02AC4vvPmBTPw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajVrQjRjemFTNTdBOTFn - bTN4TjVoT0hpd3RvUFRwSkdPZzhzNWJ4dWtVCkFSd2lvSE5BLzlGVmhYb3BFMXM1 - dlZiOFdCUnZ5UExZMkpqSDFPemRITFkKLS0tIFdLZU96YjNZN1FiRTBpN3R6c0RJ - Z3JBZWM3RTdqcG44M0RBYXJDci9MUG8KKzI86Y2gYYyhKHK+H5U3aoJuU2a+RiRz - pulu06DWlL6R3e4HUDTpe0m1/RHwYxE8ap+WgVlq7jvG0STZV2a6pg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b0M2WkNPRzI3YW15cHYz - TUcwUGt0bldSV3REKzF4dkk2anVLTjFCbGdvCnNJbWpONjJXU3dBaG1Za0tQS0Uw - engwS0RWRnVCRmdDaGx1UElsNVdZWjQKLS0tIGp2K1BsL0RlaFFzWTdKQmV3NnVa - c1ZONlRic2xBUzhTVVZYMWpGRWJ3bncK829TyEoxOAjmbdAJEZpmt+sW66bpVUgY - njlFpVrwAjLe49RezMelWbfI+ZIlL5+eKvoMzaG3te9daTxPjRoaVQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQkRtS3lyUG9xK3laNndP - V2hOVXMvSmpRKzBqeW43Y01vS2VBRWFQK2xJCk9zQXgzSUFEd1BkcjhicXFpQ3hI - KzhYMXlZaFcrcGx0VG05ZEl4eWttY0kKLS0tIE1saUV4WHNKVC9ocHIzV2JTWENs - M0FqdDF2TU5JY3RwM2lXZEg4SVlscG8KoPu3vxd5watGkeKBPcwnfY79n27RKtre - zZDkeCldJNaIsvX2PPjm3NKUdUjVG1m8m8bQrvq0e4IAWkBwOFjUrA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTTJ4Mm9rZklxWlcraW5C - TUl5UVp1eUxkd0Mxamh5YVpQN0ZxMU83TVRvCmlvMWd0MFc2c3htWllySVRZcWYz - UjNLQkUwVG1Kb0tMb1J0ZHpSMnJDU1kKLS0tIHVIR1cxTXRoSUJtRllsYlk5c3FS - dzNxQzl0VGVsZExhL05vcWJiSzk2c0kKsU5nsgBcKh8EdrTYco6FvVRkk+8tUVtu - gltw8yhYC3TmbdsW185KIDMCxaX8btWmtBKoQk7RiSlHNgcNn+ebbg== - -----END AGE ENCRYPTED FILE----- - - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QTl5blVHUjZYdGdLY00w - aCtYalhVNzFsYlJSZmRPTVpGSmRoSkg5YnhnCmVlbCtka2lUck42MmZIRGkyQ2RC - NWQ5OW5Wc1liOWplbGtXbWxDZHlQQUUKLS0tIG1nOEpjcHpaZjRpM3ZEa3hlSDZL - K2JPTDBMemdyZU9RU0JzRDZFQ2hLZ1EKJrV5DVDw/zqvZ3fzDPc2xcQjGzFy+2pn - Y5yO+fQJC6mrrIQiQG1Jhl6RZNXPgI02f/iJKodDZ33QTc1e9/916w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeUttdmhEalQ4R0EwbXVH - azZrMmx0Q1p5K2ZTTXM3RTQzWWZlNUV6cmhRCmppdGExTmU0aGF3Rk9lS3hnOHd4 - cStBejlrZU42OHJJbEVKblppUUgvdmsKLS0tIGo5YkJGdkdFUGxta3k5aGVGRGRk - WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/ - nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-11T00:07:08Z" - mac: ENC[AES256_GCM,data:o71aJDP01oX/hzJKjkOkM185wgQ0YSCeYtkjGnGF7OLZ5v7EFIK7iszU4nXP5XdtVydHBXDIWGZPLg2pIzWwlOun3K2sxsy6oGrbgE0rB4+G8SSqO6vi7Lny6+RMI8jYmMEx5hUNOWEc/YWtyBxiQ2iXf7Lcj/Xg2adDDHXUJ4c=,iv:n1D/VapaoLD4qhGhj7xRaqYSkaTizNmNCVYUrfYHyqU=,tag:hZD2iH0YWntEMB9JoMYDXg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/secrets/gitlab-runner.yaml b/secrets/gitlab-runner.yaml deleted file mode 100644 index de6dd44..0000000 --- a/secrets/gitlab-runner.yaml +++ /dev/null @@ -1,66 +0,0 @@ -nix-asuran: ENC[AES256_GCM,data:g5rLx9e8+YRVSEGR/zz2cf3XQ79um7iQgK6/5CA/15Xx+KBaPFi0CRsTyXpbMiHAVGJEqruNxEa5AE8VfOtPCjFp0Qed4bkmN23mGHDFTeXZ,iv:sX7ZkCxU6CGCPF+dhdfaZSqk6ADfsNgeNINzfqhEblo=,tag:eTj5BGN86qPNuauI0C6+Bw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eHpicnMreWNUbEVBNHdm - bVBKekVVdng4V1RpNGdKK2ZtQXJrOU12Vno4CldBZFlaREhnVVBaTERCQ3cyY1Y2 - WjdLa2I4QnBvZGJpV25ZQXF2MHJtS28KLS0tIC9Oa0NydXFtR0diNGRxbXZHYmdK - Z2h4U0VlTmJPa1BCay9SRmhJSlhURXcK/s3wwTnokpnYJ2q5/NIX2BnJnKwpzBt6 - C/8os7EZ3IYinL5Joz4BgN67yzvWNqrputVKmf+/WnL8utiosZBC/A== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVUVyZkZOK2pId3BxeEFl - RW9RSllmWklpZEp6Y0ZObGZZMGFZZ3Z3SHlZCkNPZzNWdTVCNkxEVmFtRW5uRFFT - WmNTUGVXYzdxUVBRK0pNMHVjeDdINVEKLS0tIDJyOTQzLy8rckR1Ui80VTYrR3gz - VmkxTlJTRDZYZEVrYklkSU1EZHdWdUkKLwlC83gkZmtmUF6wXyleSDJ1FvfUlDjo - iwkFo+SSOUVsFWJw2FB4sSCFyZ1qmH+57nQsw5JDrk15MZ3xd4g3dw== - -----END AGE ENCRYPTED FILE----- - - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORXhDU1NDQ3Q4cHhmMVlD - K2hnSWRtTGkybnlBajlFaU1vTnRSNFVTclRFClV5Y2dzTHZwOGpyM3NOZnppYUpp - OXVTZjFSMnd6WVRGakloRHd6NldFK28KLS0tIHJNditiZWxUclZuUVpqTi9DL2JG - T3FQWUJEbm9IZ2tvamtlNjBnQXVrb0EKQ8Bpa/DcIH55KoJFozOCZzOmMwtChbpk - X5sSK23aQdljSY8oLHaq4GxQVGkCukNPWDwRvcYKcS7N7e5pdXctFQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUHI3dUNRYld6RlhJdlZN - RGV1L3h4a3dHQ0JoQmRnUDRraVNrYmV3a2w4Cm9LK2lFMHJhOURld0tKS0NFT0NQ - WUZyQkNaUWhseHJ2djFxcFhzNkVXQlUKLS0tIEFxWlVFMWdha2VjQUhndWoraU1J - eG5QdkdFY2lRalZhTEJ1OVVXYU9RczgKGRBHEE4buclWmFEjAiMWFk8lYwNJkDdz - ssmH09J95uqKkdfob+mjBU4LVZqLzDRhw3s5xo6dHSAmjhkQSyHZxg== - -----END AGE ENCRYPTED FILE----- - - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL0lZclU3Y2RCQ0pXclVv - akVvZ29iSlZSQ1lKWHp6bmZVaTVoaDVKU1JJCitLVjZJMm5VZzhXeEZWdkFpcFJv - Vnp6STNpdWE0eUxyZUhZcFBra0xsQzAKLS0tIFNlRW5nejBNTzU2R0ZJV0hHaHFX - V2swZ3dTcHBMVXlGZGkrWWNZVWZlZFEKmwky7MF79rTZRrDTKp+ODICV5Ag18vfL - SAdgpt3fJgwOuNIZpE3zO1tA1K/amk4LS9pGN1jq9sch3Nkk7R6TvQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0bTl4aWNzUWVCSEdwR0wx - OWhLVmRYbWlwenpWTzRicEd3ZkdSZjdCRWhRCkxvbEhIVlRNRUZTNHM2RjFtazd6 - MHRNejFJUnViUTF1Y3dqUFh5RjNuVnMKLS0tIE9UQ1lwRGpUT3JCb05iUnZCMFZB - R1BiNnFyUzhWcDhJd0JOV2xQRURUaWsKDZ8fr8YHgecqzZuMEGdXCe1MZHe5UP3x - C3CfnrprJWJCKh1EfVvycwcjSU66MdcoU3G12zdU1EiqlJdtfOzyqg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-05-28T03:19:17Z" - mac: ENC[AES256_GCM,data:pe8D02Uv4ALFmyZb52QZbPFLCYPddd1U3vGHmiPl1ZC/hiJcRZl5riB2GWrq5Eq/E6uoTl70Mbuk6FTT84iNkCPAOr/U95aPj/gUhP4B/7UGJiA49TI86gHRHBzvd5TPjpht6kQhlyU26Z/Z6JqYyCa1itTO2PAnzuaDYkxfpJc=,iv:83krP9E0ZWneX3e5YUS2srzNraU/vdQxKaO2RwNt810=,tag:g165SgajOR1tZmDmnACYtA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/secrets/lastfm.conf b/secrets/lastfm.conf deleted file mode 100644 index 88dae96..0000000 --- a/secrets/lastfm.conf +++ /dev/null @@ -1,24 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:oOtQy15abXSDyeokVMenOWgw6r0RRBiQ7YioT20Qacjd4WYWiBY3iKledcOSAVk/8sL2UJrxO5Jn0Jb/iEgxlpsRhZsBy+Ta,iv:ZHV/53GY9ItxfnelAz77+FPp7skXpZIEoGRTqaP3rr8=,tag:Ei3GD+Cm9spnx52OsBo0mw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldk10aElCTUhnT1NnL2VE\ncmxVSjAvRW1ta0hzQ2RkL1p5eTZ1RHV1bUYwCnRBczk3K1RkK2hHWHh2UG5WeTFp\nKytSbFhORzJOeVJDMDhaUXNzV016K0UKLS0tIE0xVXBMQm50Tmo3UVBhakhuZHc1\nRVZxYUdKMExPdTRmN2NIME8zY3pXaDQKiKcFgWhJnkazqETFI+X0CF5MEztMLZJ7\nqLAqrPyCq048BMr+T2tuFsWnXDrQP9TdF4bKZbVu6bRERoFt1booLw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMelJQUTFMalV1Ni9uOHFx\nUm9COE5oMHpvNy9jZmhDaHpKU2tmR0FSSGxRCndibnN1QUNXNk5MMnoza2doOXBG\ndzBBMCtYbjg4WEZWV0pnVVcyMWo3a3cKLS0tIHNTZzZEMktESWF5dSs4ZW10Ykth\nZ1J5Y3lZbElJUGlJaU0zNTR6d2ZTVE0KkW+mJDTlMvt2tCoGeqgL50RU0PArH07q\nLCxoj/7MRV9BegKOrThJ+IfcfgLWnTB2XGGf8wIBAQbseb+H+Uq9Zw==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-05-23T02:43:23Z", - "mac": "ENC[AES256_GCM,data:gMQTP8HpmdLO5/X7EMDWAhLy5TO+maOq7Kk53JBoVWJYR5kEU4bK2KN8rEArORICcs7MtfRAPRxsivlxGN+Erhe/IRUWwTMDBekppOh16iNw1leStwomHSe5nhJvBzEf8rRWynojp7WzfAalpfAD2b77cCOUviXh3VWmB2olcqc=,iv:hBHLKWPaEIrcCk6vkefgZQkkjSjN7x/bnajTf1D28LI=,tag:/W/WAAFON7U7M0yA/7Cxzg==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/secrets/matrix-community-recaptcha b/secrets/matrix-community-recaptcha deleted file mode 100644 index 82a66e5..0000000 --- a/secrets/matrix-community-recaptcha +++ /dev/null @@ -1,40 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:3ZzrLItW8BjikdOUcxMgVRrEkM5jj9065T/x6EJrGKjoV3quznbAlWKRn5Tpa0UOq4c+PbcFeS7edJSQkqd7sTxH+noDfOdM1gIXrQbNHHWOrmqzYmppRYLxe+gkffhQDFJlGWMuKNiOx2eGtATCvgojsKIlWOI9npMT16Osx3mvEZ9TtmvKWsh2WK9C1SUJtj0TdTkctg2/qjW7yqQ/+JAY2/0oRJDz,iv:tBW7tRVRTS/ORV6A/yoP6x/yjGH6lNHKn0/sWjjBXgc=,tag:iBtwsr63lxwyjoHkXI4hyw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OU5mT0VJeEx6UkVYWVhJ\nMDNnOGlpaVhLUnlhTHVrcEtLQU9mamVrTEFzCkROMlgvUXNMVlR0aTNxQ1Qvc2lD\na1JEMXRYc0t2VWh6QXp6WUhmR2lQbHcKLS0tIGx5SjNEdmxETDlqZmF4ZjdLeUg3\ncGVabVVkTzg1bGJueVhSbnJzZC9sYzgKlzR7qCu3TB33cJEM9tWuXU7Mt3p+y2KK\nPQo6R/j+j6jeaqRe4TnB2oz3ZDvd8E6JxEFCEQMuIVwMs79qy2tyEg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0S3gwdmNiRURxRnAyVXZ5\nYkhBcmxZRDlkNWx5RDc3WnhidG1qWUt3cldBCm5JaENXUUplT1N5VlU0Y1U4UVk1\nVDlTcnlBTStxTEN4YmdlVEN2eWV3aEUKLS0tIEZxbG5JRUZUVi9Kd1Y1dnBQeXFF\nOGtvWFMwNjlybEZxZ0wrSDFEYlp5eTgKc6wUj1ZppA/DvgP+eB2pnwBYXVkEJJWb\nA9wqEvjAQjpktsFkjGH+la03RJftPZaQXP9Bx/3qFHmaZ2MKN2Ff9w==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOTkxdExrby9BRVZ4L0kw\nQkVMZHhJVmgwbW5vVW9sU05jSE5yZ1psZ1JNClRIenlKNlRCWCtrKzY4TXpnaHpV\nZEVGWlNuaFpadW1TcElSVlkrYndvMHMKLS0tIDVXekwzQ0ViR1U3cW1vY3IweHpE\ndGNzVmRZQy9Ob2lvN0tFU200MkR2QVUKOxLB3N179MTmcEp3rLqcGkw1PvJUku3O\ntGHd8bu/egwNYExh3+9zrXjRjF7H8rj/aTOsfMrPg4HTEa0zunh0jQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqeFQwcmtvcTRBcTJJeEJF\nOGdzL3RoME5PU1N1SERvMG1iTGRPazRJdWo4CmhoWHVha1BkWjA1ZG8rMGFXM01V\nMTlkUE9yOFF1RmZtbXNCeldwOEJTYUEKLS0tIHVhUkJJRGErVjdTS21Cd3pNY2w5\nMjhOTUFLQ3dZSGJRcDl4aitoeTgwTWsKvE0GMBacRdIuDfwdhS8+OsuCdXzHtM4b\no81euQF3qfoDhOs0TjhlT4qc8mvf5o6pQEyOiqCmcbbykW5JnIzUeg==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZFk0bVRvcmpBZlB4bFk2\nVVUyQW9NMm9oM3YwVk8yL1d2Q3RNRzVmNkdZCnZSTEhaVkVSWVpiY1ErTjdKcUpx\nTW0yRytSOUhLZzJ1RFk3K01kT1ZNd2MKLS0tIEZDa093c1BsYTA0Y2JaWjA3eEZQ\nelR1ODd0cVNCNTVwR3M1Q3QxalptZzQKsz0mPw8ZJ7am2FnOR7a6BRIVERhXMsCy\nNqRfpnlKPSpvCbuZqVWxyqweg2vYFsL5Z7kHIDSZBGbGtUSfToAykQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRHR6VzlodzJxbHRxSGNV\nWGVQeTBkQS8xODF1aTN5YVZHZnNTSW9IUUVvCi9kZ1V2bHdjMkpNTDJaNk1MZS85\nWFg2Q0E0L3o2ekdmamM5ZzZWb0ljaGcKLS0tIGx6MWpPOGM0UzJCN2IyckM3OThQ\nQ3RlQzh5OWZtd1JRRmdRdlA1djErYTAK4H2//NN6irNZmTj/VVMfkbapOPeSutif\nVxtx5U9/1ors/yxoWdvkAfPD50IiPhfEq3FVUbbLoLIeA0cxIKX2tg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-05-23T05:09:47Z", - "mac": "ENC[AES256_GCM,data:ZoZ+H/bFSvvSQGbFcmIUXtXTZqWBCqOPX5lCQxm3HV6OJahgPxWf0j+9lWih3dsc2sroXX6EmXFG7r1TO38Kpzjn3PFQH938J++9xwTPshREPhXULRC6l+yIJir0mz/5/dw6ZIBRavXLJdVaM9WnnyEDMX+X1IsKdtZ7N5HoC3U=,iv:Zdv2Gr/nZxLMo1to11JwxDOpyv8PA2FtafT+lYlm/1s=,tag:DcYS9cKztNBXzrsPhCxBBg==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file diff --git a/secrets/nathan.yaml b/secrets/nathan.yaml index 32d3c72..01b9495 100644 --- a/secrets/nathan.yaml +++ b/secrets/nathan.yaml @@ -1,5 +1,4 @@ -lastfm-username: ENC[AES256_GCM,data:uzGMxSMjnUYLF0Mutg==,iv:9JSXwl+X5eKIoJFjOt7LntlK6iQcy/Fm1ViG/J3I1d8=,tag:MAsE2f3qxBTYS+gt783jow==,type:str] -lastfm-password: ENC[AES256_GCM,data:U+jEt8sY/kB7r1y0odqf0fs7jt5Jj2ra,iv:olko3/QHnNPoNpEMUeGL77qxphYLGhHSnn+ru5ANd2U=,tag:iXUy1CnZmI6cDj5dy5U3Kg==,type:str] +tailscale-auth: ENC[AES256_GCM,data:p/hDzRWFH13b0yFMpE2OkWU1KxPxCPhPSBcQlKy822P5D/K3lh8q2A==,iv:S+BDPc8vZc28EkO/XWgo3hyVRz6ap/Q/AqOGBr4DCzA=,tag:U0Ps+u7EpE/+wDoZmnfWgQ==,type:str] sops: kms: [] gcp_kms: [] @@ -9,23 +8,59 @@ sops: - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVWh2dTZzZXE5SWtNVW9K - TFp3NGc5NndvdXZUVzVCOHhPQ0Q4TVRwVGt3CkREOFJkc3dyck0xTmQ1bnhzSHA2 - dFdrVThwajMyeS9tODl5UHpUQWk1OEEKLS0tIGdsaFBKMDR3RDdSOUU0THFpbXJy - UGZ5dVljc3F1a080TnQ0UWpRQ0tVR0UKbMgZKAHeLWb/sgMNbjO/SUwAeiaSiwcy - TbMu1WJdG6CJKxpsYiYvSo5S6FcOp/xWYh3+893zkwoL31yf64NACA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR3ZrbnhyOGlsd1FGNnlM + eWp2NVcydGtJL1pXSTZnYUhjY0JYNEJwUGlvCk82cnRNbFJnV2sxS2ZwVE8wWTIy + OGlzTGRKeEo1VmQybTlody9vSjhZd2cKLS0tIE44bkg4NVkyMnhsYnZoMUhvZkhs + Vk5vU2psN0FXM3YvbjZISGZnQk0zcEUK+XhL767U4VOHKtUpm0rvS2a0xZqqDPn0 + lzpJJ/xy3sHwUVb4iLHGigcc78mefu2oecMP8bfDuZFp6DNoK9WP1Q== -----END AGE ENCRYPTED FILE----- - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ2R2N3p6K2J1ZW5oTUNr - WVNBS3A2T3o2WXhRU216L1F3WmE3V0tzNGdrCnh5OVVXV3YzTy9UVE9qWE4yNnlv - Ym5EN0QyU2xMMUw2TWlSU2QvdStPeFUKLS0tIFZpN1drNkwyWG5TRWlULzVFb1Bl - NW9lVmdFOS9KSFFld2F0VVdZcjRhR3MKpwRAfTUHogYp3XKdXyKih/DxWjEy6D2o - 2a0cwtZ3+pHXxMTJd3wGvKpPNPO58YO4lgIUuwkR02upLzIre/KgRw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZ1lNdlk5UU9xUVhRRzFt + bThEbk5BUWtWSXptTmZLRjBMSjd3bzVjbXo4CjRTNUJZZ2h5ZnJTNXMwRkFMbGxs + S3dOZUtRbUxZSXJHb1E4QXNxSlBScEUKLS0tIFNqSVRIdXZUckVJanBTWTd3dHMv + Z3NvcmdrcjZtK3YyR3o0Znc5cmQ2YVkKFvRIQQoxZ7WYngPHJJPCYpUuAPRjxABV + iD8mJ2RJ+VStQONZZyhf9ZC+TprdNC5nD4GimA/AM5f5YxRAhRhXcA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-05-23T02:43:17Z" - mac: ENC[AES256_GCM,data:T/zhvzP6ziH0gKcy694VlX7KSQRlk559REAuR7NfkxvhFhi7WwOOnBE336q5s4ebfGWUqREOzt6MXTDILVcjwbBC8HZ8sDInx364KXfmcSo8C/Md4VgDIqFYBsLYqJNijY34gCtycVZYAc/UBoNztpdtZYMkhBFgzb1DLcaaS3g=,iv:0S2wpefnXpeK80QVbnoJ582BZbZA5CNg/hJd9lLV75k=,tag:Wzz7T9f06bCYirUmaawLMg==,type:str] + - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eWZ5Mzc2QVFZazRrZk4y + a214TW5EMkw3TDNGNlN4N25hekY0UGRXbzBFCnVaZU1MYThMeGRNNWY0WW5DNTFp + MUZFZkxJVDVWdjd2YXlXVkxwTFFyc0EKLS0tIHY5UWZ1akxBcUY4b0E3VUJwakt3 + UytuYTZBZlhMNFNWeDkwdDl0YzR4YU0KOQPfVIBWGFyPbCJOe4yY4i9FwGYaAQRY + aIn9RtB5q84J4KvTXo8+l0XMqzq6AktYJtvuGmKDmoDg/ZoZLj15xg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzREZHQ2o4UnJweXR2bHVQ + R2R5VWtML2NITlNwOU5PYmZLZlRhYkNKd3pjClZCcitJSHBSdnhNVnZwVUYzY0Rn + UURIdFlUVEhLSkt2NGtDZi9tMzNOR1kKLS0tIFRCbW8rYjdMblNaa2NhZW00UzBV + ZUpXQjRPYjNVYVdlbHNlWE5hVDhJam8KyZHwn0y+KIu5J1g7oI6qsBsTWP589Lfd + bZgh/yo9CF9/iZO74I1a4eHYBGYGh/clNjLmKk63gsfxcqY6Ck2eqQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdHV1NXh1RmpPWXBGOVIw + U0I3NWEraWs4dUxLWXdoMTlYQ1d6blBhZ2pjCk1lY0pZM1VHaGFSZGYyeEZxOFFO + MzJwRHdTaCtZakJUNUxHeG40NnlFaHcKLS0tIDVzMzZPN3lQeUhlZ0thWWZLbkc2 + UXNROW1Ub2VyT01jMUN4MUMrUU1mKzgKmf24d/VgivYC25yHJSdFkItt9SCtLNZb + 0Rrh/N11pV24qWFXkFuX/ZKK5bV3JrUgS7K3KWOp4ur6dlI5rfMsUg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOXdMcFJ5WVVBNEhtbkR0 + a1JFczdsZDFpNnd2a0RTWjNoOXM4ZXpSQVM4Cjh0aHg2MCtMWmZPUnRpdEZoS3E2 + NDJZZ3ZpNlh3VUQvQVZxSkJmd05TOXMKLS0tIDJwQW5nVStYSEROVnRJK0liRzR5 + UWU2SXIyTkhRU1NCajZQUUd5MlBnT2MKMIgwTZWnrAKzqHP7EFslZ+HMD7ZtBilJ + +FgcIllwQV9XeIyhAuAeKjP95JgCwn1oQL32fYCyyqwykeb0wjQdzA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-06-24T00:21:52Z" + mac: ENC[AES256_GCM,data:92ibRrMnizSQrHIJtW+2KZSeUlU2/Oi18voZKBsC2xyODDh+iHWOBBlv62YUKODRBE2Ze/OklvcYME03NAvY4/wKOqjz/cFMU8PeEkxZvzCtnP55CCYYL6QJ0DSJPP+dKQQkfTV5Xy0JPyY9lZc+g22FB+/FZeo1o3N3lz9Nd1E=,iv:dTeHpQQWcm6cAh11csxR6Lgw3pdTTFWPqR6MozFP+fU=,tag:7WFZfd1D+twItx/xC/MHfA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.1 + version: 3.7.3 diff --git a/secrets/tailscale.yaml b/secrets/tailscale.yaml deleted file mode 100644 index 70f4641..0000000 --- a/secrets/tailscale.yaml +++ /dev/null @@ -1,66 +0,0 @@ -tailscale-auth: ENC[AES256_GCM,data:Xp3WPLuOkjgXa85Xtx5LqKSn3M4uRtPwVRJco0yctvdftsCh00NFzA==,iv:lVqOkksJha0tw3yZyeWdOhpB3omQ8WDya2OTeDcrP54=,tag:C3JOb7hG++wgJZSN2dFMmA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4OWM5NzlFd09POHJKZmVM - MFhqZFNiUUxBU3p1NHBBTERMd0tWak8zL2pBCjFldDdlUzd4TFI5b09PNFhtRHlT - Z1VuRVNnK0xlTFNEMjFxUmFqMWJIQlkKLS0tIExLaDBkdytZbTc0b2d1enlBUGQr - RzZJR3RmQ1haa25hZzNVVGpXdXcxczgK4NoVyME5fmgDV9sWg0GjB8bvlYFJtF+l - NM+gug2ZAxhx8AuRt89oYqhKLxzEDfEtGpX02kbLWZ0RTTDLlqmDKQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvL2UzdGM5a2FJbjhFYkdX - NHhzeGFTcXArV05nTmlBWjY4OUtDaldpYWdNCkl5aWZvRXhkTHNJdnBWa0tzY3Vy - eUZjanJybEVJeXBDOHpvRDVWM2NkTVUKLS0tIHB0UHQ4MFZpVVdKM2pYNkJkYTAz - MFlIdHJBN3FEVE5FR3Bud3dvcHhuQm8KiQSQ38odsEfJusja9/ouwxSNFeis3ISB - hvrkz6R0WPU22dcpJyFuVMlnTvtkKakabYhWuLlZLzBB8qwGsB1WRA== - -----END AGE ENCRYPTED FILE----- - - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUDZ3Zitodll4VXZoazRM - UXZ3N0FUVG9EMlIxVUlpS21UcXg1V3dPRGhRCjg5ekZ1UUErcitDMU5KeWlGK0Np - clhlMHk0WVc2MVBYNnZVN3NLKzV6Zk0KLS0tIFprYWVZbkFMYjQ0dlIwTWNDSzlj - ekdGVGFwL0NZakJzb0hEbDRKMmZkZDQKfxr3gdNKkF0x4WIVQweC3ZoV38YZCqUm - bzpfbkM0zpbL8+uNc4p6kqHhC3MktuV454FiS/UXpeazLa2s4VtM+Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJQ1BQSnduMmduTDd4S0Zx - WE5sL2wxRk9HQ2JmVTB6Vk9DN2k3MEhBWkdJCjU1b1FHb2lRL2Y2K0J5dE1zQ1Bm - YjE4eDZ1dWNEVXFoWndFNFloK3RiNmcKLS0tIElQNEt5c2tGNHpERHlBUDlrWGJq - K0RySWMyOEsyYUIxM0U0Z2FNNlVsMDgKRPckpbJeAnCJuKb0zaEPQFoQ9ScvPJHN - NEHeVV68iPKmNWrS8DAYaaeyYcADjxA/JuOUmrA6Uigbgl5rmWQR3A== - -----END AGE ENCRYPTED FILE----- - - recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWXB5Qm44dDBWNWMrWmNa - aWNOM2tIcVAxU0JqU282KzhGMG5FYWhEYW53CjRXSWxyVGVLVTRKMHJ5ejJ5eWJF - a1k1VTZUUW9ycmV5dEo2TU5FYWNTNTAKLS0tIDlYZ2ROYUtXYkhDTFBmRndzWnZ3 - MmtaaEIvd2tlV3hRdGlVcmV3SXZaQ0EK78lpqMOPuyMh8NFdSCpPwQov6j0kVwKX - 3pTSG7i9fduwOygCynn/Be6W+5G5iI448lxSCfHLoESACZpiFpc+nA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0R3BzM2p3SUp3R0ZLOG9R - V29ESE8zU1J2Q01vclRRSXUyOXNCeW8zK1JVClBxUDdqZkoybW8ydkpDTnZkY1Bo - OXNjR3NrZVRMbzUrMVBlS2VJTXlxRjAKLS0tIFBsa1NmdjdrT0VFd0ZRV3BIck1x - bnhDdUV4SGh4QXJIUEZDOWptNkxhUTgKGUGoazZzBYWpMqLJcrryJAYWe84ttGoP - 6o0hlKQf4XlcouqxYoY754uO4Xrvr51aaNqmUGgToc0zlFcTRvrK5A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-06-14T17:48:23Z" - mac: ENC[AES256_GCM,data:z2CU/geAuYKDsdoASsxDK4trIVqsPfr2sHw5D92g6uiUoQDOUXf5/ihQxJvgcKWCxYixZnZ4zsNCkd11YU52oNUdY7LZqg9X8C941WGsqKLBzRTI875EYK50MFO22RaBKWSgJYHasWhh6OIgLjyw1VL1HWcKlN8kuTYV33Uo/2g=,iv:NFornFaSHy1aRBOWl0O6kmbvGcDJbZM0JOj3iagFNUM=,tag:V/AlMWy0Jk4V+ZC2XsTaBA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/system-specific/matrix/gitea.nix b/system-specific/matrix/gitea.nix deleted file mode 100644 index edee9c4..0000000 --- a/system-specific/matrix/gitea.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - services.gitea = { - enable = true; - appName = "Rust Community Matrix Homeserver"; - domain = "gitea.community.rs"; - rootUrl = "https://gitea.community.rs"; - database = { - type = "sqlite3"; - }; - httpPort = 3001; - settings = { - ui = { - DEFAULT_THEME = "arc-green"; - }; - service = { - DISABLE_REGISTRATION = lib.mkForce true; - }; - repository = { - DEFAULT_BRANCH = "trunk"; - }; - }; - lfs.enable = true; - }; - # Setup the docker networking for woodpecker - systemd.services.init-woodpecker-network-and-files = { - description = "Create the network bridge woodpecker-br for filerun."; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - before = [ "docker-woodpecker-server.service" ]; - - serviceConfig.Type = "oneshot"; - script = - let dockercli = "${config.virtualisation.docker.package}/bin/docker"; - in - '' - # Put a true at the end to prevent getting non-zero return code, which will - # crash the whole service. - check=$(${dockercli} network ls | grep "woodpecker-br" || true) - if [ -z "$check" ]; then - ${dockercli} network create woodpecker-br - else - echo "woodpecker-br already exists in docker" - fi - ''; - }; - # Setup woodpecker - virtualisation.oci-containers.containers = { - woodpecker-server = { - image = "woodpeckerci/woodpecker-server:latest"; - ports = [ "8000:8000" ]; - volumes = [ "woodpecker-server-data:/var/lib/drone" ]; - environment = { - WOODPECKER_OPEN = "true"; - WOODPECKER_GITEA = "true"; - WOODPECKER_HOST = "https://woodpecker.community.rs"; - WOODPECKER_GITEA_URL = "https://gitea.community.rs"; - WOODPECKER_LIMIT_CPU_QUOTA = "200001"; - WOODPECKER_LIMIT_MEM = "2147483648"; - WOODPECKER_ADMIN = "thatonelutenist"; - WOODPECKER_ENVIRONMENT = "SCCACHE_REDIS:redis://172.23.108.12"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-server" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - woodpecker-agent = { - image = "woodpeckerci/woodpecker-agent:latest"; - dependsOn = [ "woodpecker-server" ]; - volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - environment = { - WOODPECKER_SERVER = "woodpecker-server:9000"; - WOODPECKER_MAX_PROCS = "1"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-agent" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - }; - - - services.nginx = { - virtualHosts."gitea.community.rs" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:3001"; - }; - virtualHosts."woodpecker.community.rs" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:8000"; - }; - }; -} diff --git a/system-specific/matrix/matrix.nix b/system-specific/matrix/matrix.nix deleted file mode 100644 index 4e0845a..0000000 --- a/system-specific/matrix/matrix.nix +++ /dev/null @@ -1,439 +0,0 @@ -{ pkgs, lib, config, unstable, ... }: -let - fqdn = - let - join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; - in - join config.networking.hostName config.networking.domain; -in -{ - # Punch a hole in the firewall - networking.firewall.allowedTCPPorts = [ 80 443 ]; - # Enable postgresql - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - # configure cert email - security.acme.defaults.email = "thatonelutenist@protonmail.com"; - security.acme.acceptTerms = true; - # Enable nginx - services.nginx = { - enable = true; - # only recommendedProxySettings and recommendedGzipSettings are strictly required, - # but the rest make sense as well - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - # This host section can be placed on a different host than the rest, - # i.e. to delegate from the host being accessible as ${config.networking.domain} - # to another host actually running the Matrix homeserver. - "${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - locations."/".extraConfig = '' - rewrite ^(.*)$ http://www.community.rs$1 redirect; - ''; - }; - - # Reverse proxy for Matrix client-server and server-server communication - ${fqdn} = { - enableACME = true; - forceSSL = true; - - # Or do a redirect instead of the 404, or whatever is appropriate for you. - # But do not put a Matrix Web client here! See the Element web section below. - locations."/".extraConfig = '' - rewrite ^(.*)$ http://element.community.rs$1 redirect; - ''; - - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://127.0.0.1:8008"; # without a trailing / - }; - }; - # Main domain - "www.community.rs" = { - enableACME = true; - forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - - root = "/var/www"; - }; - }; - }; - - # Enable element web - services.nginx.virtualHosts."element.${fqdn}" = { - enableACME = true; - forceSSL = true; - serverAliases = [ - "element.${config.networking.domain}" - ]; - - root = unstable.element-web.override { - conf = { - default_server_config."m.homeserver" = { - "base_url" = "https://${fqdn}"; - "server_name" = "${fqdn}"; - }; - showLabsSettings = true; - settingDefaults.custom_themes = [ - { - "name" = "Discord Dark"; - "is_dark" = true; - "colors" = { - "accent-color" = "#747ff4"; - "primary-color" = "#00aff4"; - "warning-color" = "#ed4245d9"; - "sidebar-color" = "#202225"; - "roomlist-background-color" = "#2f3136"; - "roomlist-text-color" = "#dcddde"; - "roomlist-text-secondary-color" = "#8e9297"; - "roomlist-highlights-color" = "#4f545c52"; - "roomlist-separator-color" = "#40444b"; - "timeline-background-color" = "#36393f"; - "timeline-text-color" = "#dcddde"; - "timeline-text-secondary-color" = "#b9bbbe"; - "timeline-highlights-color" = "#04040512"; - "reaction-row-button-selected-bg-color" = "#b9bbbe"; - }; - } - { - "name" = "Dracula Flat"; - "is_dark" = true; - "colors" = { - "accent-color" = "#bd93f9"; - "primary-color" = "#bd93f9"; - "warning-color" = "#bd93f9"; - "sidebar-color" = "#1e1f29"; - "roomlist-background-color" = "#1e1f29"; - "roomlist-text-color" = "#eeeeee"; - "roomlist-text-secondary-color" = "#eeeeee"; - "roomlist-highlights-color" = "#00000030"; - "roomlist-separator-color" = "#00000000"; - "timeline-background-color" = "#1e1f29"; - "timeline-text-color" = "#eeeeee"; - "timeline-text-secondary-color" = "#dddddd"; - "timeline-highlights-color" = "#00000030"; - "reaction-row-button-selected-bg-color" = "#b9bbbe"; - }; - } - - { - "name" = "Dracula"; - "is_dark" = true; - "colors" = { - "accent-color" = "#bd93f9"; - "primary-color" = "#bd93f9"; - "warning-color" = "#bd93f9"; - "sidebar-color" = "#1e1f29"; - "roomlist-background-color" = "#1e1f29"; - "roomlist-text-color" = "#eeeeee"; - "roomlist-text-secondary-color" = "#eeeeee"; - "roomlist-highlights-color" = "#00000030"; - "roomlist-separator-color" = "#4d4d4d90"; - "timeline-background-color" = "#282A36"; - "timeline-text-color" = "#eeeeee"; - "timeline-text-secondary-color" = "#dddddd"; - "timeline-highlights-color" = "#00000030"; - "reaction-row-button-selected-bg-color" = "#b9bbbe"; - }; - } - { - "name" = "Geeko dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#73ba25"; - "primary-color" = "#35b9ab"; - "warning-color" = "#bf616a"; - - "sidebar-color" = "#2a2a2a"; - "roomlist-background-color" = "#4a4a4a"; - "roomlist-text-color" = "#fff"; - "roomlist-text-secondary-color" = "#ddd"; - "roomlist-highlights-color" = "#2a2a2a"; - "roomlist-separator-color" = "#3a3a3a"; - - "timeline-background-color" = "#3a3a3a"; - "timeline-text-color" = "#eee"; - "timeline-text-secondary-color" = "#6da741"; - "timeline-highlights-color" = "#bf616a"; - "reaction-row-button-selected-bg-color" = "#bf616a"; - }; - } - { - "name" = "Luxury Dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#D9BC00"; - "primary-color" = "#FFDD00"; - "warning-color" = "#FBC403"; - - "sidebar-color" = "#020F1B"; - "roomlist-background-color" = "#011223"; - "roomlist-highlights-color" = "#1E354A"; - "roomlist-separator-color" = "#05192D"; - "roomlist-text-color" = "#FFEC70"; - "roomlist-text-secondary-color" = "#FFF3A4"; - - "timeline-background-color" = "#05192D"; - "timeline-highlights-color" = "#011223"; - "timeline-text-color" = "#FFF3A4"; - "timeline-text-secondary-color" = "#A79000"; - "reaction-row-button-selected-bg-color" = "#FFEC70"; - }; - } - { - "name" = "Nord dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#a3be8c"; - "primary-color" = "#88c0d0"; - "warning-color" = "#bf616a"; - - "sidebar-color" = "#2e3440"; - "roomlist-background-color" = "#3b4252"; - "roomlist-text-color" = "#ebcb8b"; - "roomlist-text-secondary-color" = "#e5e9f0"; - "roomlist-highlights-color" = "#2e3440"; - "roomlist-separator-color" = "#434c5e"; - - "timeline-background-color" = "#434c5e"; - "timeline-text-color" = "#eceff4"; - "timeline-text-secondary-color" = "#81a1c1"; - "timeline-highlights-color" = "#3b4252"; - "reaction-row-button-selected-bg-color" = "#bf616a"; - }; - } - - { - "name" = "Nord light theme"; - "is_dark" = false; - "colors" = { - "accent-color" = "#a3be8c"; - "primary-color" = "#5e81ac"; - "warning-color" = "#bf616a"; - - "sidebar-color" = "#d8dee9"; - "roomlist-background-color" = "#e5e9f0"; - "roomlist-text-color" = "#d08770"; - "roomlist-text-secondary-color" = "#3b4252"; - "roomlist-highlights-color" = "#eceff4"; - "roomlist-separator-color" = "#eceff4"; - - "timeline-background-color" = "#eceff4"; - "timeline-text-color" = "#2e3440"; - "timeline-text-secondary-color" = "#3b4252"; - "timeline-highlights-color" = "#e5e9f0"; - "reaction-row-button-selected-bg-color" = "#bf616a"; - }; - } - { - "name" = "Selenized black theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#70b433"; - "primary-color" = "#4695f7"; - "warning-color" = "#ed4a46"; - - "sidebar-color" = "#181818"; - "roomlist-background-color" = "#252525"; - "roomlist-text-color" = "#ffffff"; - "roomlist-text-secondary-color" = "#b9b9b9"; - "roomlist-highlights-color" = "#3b3b3b"; - "roomlist-separator-color" = "#121212"; - - "timeline-background-color" = "#181818"; - "timeline-text-color" = "#FFFFFF"; - "timeline-text-secondary-color" = "#777777"; - "timeline-highlights-color" = "#252525"; - "reaction-row-button-selected-bg-color" = "#4695f7"; - }; - } - - { - "name" = "Selenized dark theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#41c7b9"; - "primary-color" = "#4695f7"; - "warning-color" = "#fa5750"; - - "sidebar-color" = "#103c48"; - "roomlist-background-color" = "#184956"; - "roomlist-text-color" = "#dbb32d"; - "roomlist-text-secondary-color" = "#FFFFFF"; - "roomlist-highlights-color" = "#2d5b69"; - "roomlist-separator-color" = "#2d5b69"; - - "timeline-background-color" = "#2d5b69"; - "timeline-text-color" = "#FFFFFF"; - "timeline-text-secondary-color" = "#72898f"; - "timeline-highlights-color" = "#184956"; - "reaction-row-button-selected-bg-color" = "#4695f7"; - }; - } - - - { - "name" = "Selenized light theme"; - "is_dark" = false; - "colors" = { - "accent-color" = "#ad8900"; - "primary-color" = "#009c8f"; - "warning-color" = "#d2212d"; - - "sidebar-color" = "#d5cdb6"; - "roomlist-background-color" = "#ece3cc"; - "roomlist-text-color" = "#c25d1e"; - "roomlist-text-secondary-color" = "#000000"; - "roomlist-highlights-color" = "#fbf3db"; - "roomlist-separator-color" = "#fbf3db"; - - "timeline-background-color" = "#fbf3db"; - "timeline-text-color" = "#000000"; - "timeline-text-secondary-color" = "#777777"; - "timeline-highlights-color" = "#ece3cc"; - "reaction-row-button-selected-bg-color" = "#4695f7"; - }; - } - { - "name" = "Solarized Dark"; - "is_dark" = true; - "colors" = { - "accent-color" = "#b58900"; - "primary-color" = "#268bd2"; - "warning-color" = "#dc322f"; - "sidebar-color" = "#002b36"; - "roomlist-background-color" = "#073642"; - "roomlist-text-color" = "#839496"; - "roomlist-text-secondary-color" = "#93a1a1"; - "roomlist-highlights-color" = "#586e75"; - "timeline-background-color" = "#002b36"; - "timeline-text-color" = "#839496"; - "timeline-text-secondary-color" = "#586e75"; - "timeline-highlights-color" = "#073642"; - "reaction-row-button-selected-bg-color" = "#268bd2"; - }; - } - { - "name" = "ThomCat black theme"; - "is_dark" = true; - "colors" = { - "accent-color" = "#cc7b19"; - "primary-color" = "#9F8652"; - "warning-color" = "#f9c003"; - "sidebar-color" = "#000000"; - "roomlist-background-color" = "#191919"; - "roomlist-text-color" = "#cc7b19"; - "roomlist-text-secondary-color" = "#e5e5e5"; - "roomlist-highlights-color" = "#323232"; - "roomlist-separator-color" = "#4c4c4c"; - "timeline-background-color" = "#000000"; - "timeline-text-color" = "#e5e5e5"; - "timeline-text-secondary-color" = "#b2b2b2"; - "timeline-highlights-color" = "#212121"; - "reaction-row-button-selected-bg-color" = "#cc7b19"; - }; - } - ]; - }; - }; - }; - - # Matrix recaptcha keys - sops.secrets."matrix-secrets.yaml" = { - owner = "matrix-synapse"; - format = "binary"; - sopsFile = ../../secrets/matrix-community-recaptcha; - }; - - services.matrix-synapse = { - enable = true; - settings = { - server_name = config.networking.domain; - public_baseurl = "https://matrix.community.rs"; - listeners = [ - { - port = 8008; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; - enable_registration = true; - enable_registration_captcha = true; - allow_guest_access = false; - extraConfig = '' - allow_public_rooms_over_federation: true - experimental_features: { spaces_enabled: true } - auto_join_rooms: [ "#space:community.rs" , "#rust:community.rs" , "#rules:community.rs" , "#info:community.rs" ] - ''; - turn_uris = [ "turn:turn.community.rs:3478?transport=udp" "turn:turn.community.rs:3478?transport=tcp" ]; - turn_user_lifetime = "1h"; - # Configure secrets - extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ]; - }; - }; -} diff --git a/system-specific/oracles/gitea.nix b/system-specific/oracles/gitea.nix deleted file mode 100644 index b9512a3..0000000 --- a/system-specific/oracles/gitea.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # Setup gitea - services.gitea = { - enable = true; - appName = "Nathan's Git"; - database = { - type = "sqlite3"; - }; - domain = "git.mccarty.io"; - rootUrl = "https://git.mccarty.io"; - httpPort = 3001; - settings = { - ui = { - DEFAULT_THEME = "arc-green"; - }; - service = { - DISABLE_REGISTRATION = lib.mkForce true; - }; - repository = { - DEFAULT_BRANCH = "main"; - }; - }; - lfs.enable = true; - }; - # Setup the docker networking for woodpecker - systemd.services.init-woodpecker-network-and-files = { - description = "Create the network bridge woodpecker-br for filerun."; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - before = [ "docker-woodpecker-server.service" ]; - - serviceConfig.Type = "oneshot"; - script = - let dockercli = "${config.virtualisation.docker.package}/bin/docker"; - in - '' - # Put a true at the end to prevent getting non-zero return code, which will - # crash the whole service. - check=$(${dockercli} network ls | grep "woodpecker-br" || true) - if [ -z "$check" ]; then - ${dockercli} network create woodpecker-br - else - echo "woodpecker-br already exists in docker" - fi - ''; - }; - # Setup woodpecker - virtualisation.oci-containers.containers = { - woodpecker-server = { - image = "woodpeckerci/woodpecker-server:latest"; - ports = [ "8000:8000" ]; - volumes = [ "woodpecker-server-data:/var/lib/drone" ]; - environment = { - WOODPECKER_OPEN = "true"; - WOODPECKER_GITEA = "true"; - WOODPECKER_HOST = "https://ci.mccarty.io"; - WOODPECKER_GITEA_URL = "https://git.mccarty.io"; - WOODPECKER_LIMIT_CPU_QUOTA = "400000"; - WOODPECKER_LIMIT_MEM = "2147483648"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-server" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - woodpecker-agent = { - image = "woodpeckerci/woodpecker-agent:latest"; - dependsOn = [ "woodpecker-server" ]; - volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - environment = { - WOODPECKER_SERVER = "woodpecker-server:9000"; - WOODPECKER_MAX_PROCS = "2"; - }; - environmentFiles = [ "/var/lib/secret/woodpecker-agent" ]; - extraOptions = [ "--network=woodpecker-br" ]; - }; - }; - - - services.nginx = { - virtualHosts."git.mccarty.io" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:3001"; - }; - virtualHosts."ci.mccarty.io" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:8000"; - }; - }; -} diff --git a/system-specific/oracles/gitlab-runner.nix b/system-specific/oracles/gitlab-runner.nix deleted file mode 100644 index 1a5a5bf..0000000 --- a/system-specific/oracles/gitlab-runner.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - # setup sops for secrets - sops.secrets."nix-asuran" = { - format = "yaml"; - sopsFile = ../../secrets/gitlab-runner.yaml; - }; - # Make sure docker containers can reach the network - boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1 - # Make sure docker is enabled - virtualisation.docker.enable = true; - # Enable binfmt-misc so we can run aarch64 containers - boot.binfmt.emulatedSystems = [ "wasm32-wasi" "aarch64-linux" ]; - services.gitlab-runner = - let - nix-shared = with lib; { - dockerImage = "nixpkgs/nix-flakes"; - dockerVolumes = [ - "/var/sharedstore:/sharedstore" - ]; - dockerDisableCache = true; - dockerPrivileged = true; - }; - in - { - enable = true; - concurrent = 4; - checkInterval = 1; - services = { - # default-asuran = { - # registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default"; - # dockerImage = "debian:stable"; - # dockerVolumes = [ - # "/var/run/docker.sock:/var/run/docker.sock" - # ]; - # dockerPrivileged = true; - # tagList = [ "linux-own" ]; - # }; - - nix-asuran = nix-shared // { - registrationConfigFile = config.sops.secrets.nix-asuran.path; - tagList = [ "nix" ]; - requestConcurrency = 8; - limit = 4; - runUntagged = true; - }; - }; - }; -} diff --git a/system-specific/oracles/matrix.nix b/system-specific/oracles/matrix.nix deleted file mode 100644 index 920747a..0000000 --- a/system-specific/oracles/matrix.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ pkgs, lib, config, unstable, ... }: -{ - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'matrix-synapse'; - CREATE DATABASE "synapse" WITH OWNER "synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - - services.nginx = { - virtualHosts = { - "matrix.mccarty.io" = { - enableACME = true; - forceSSL = true; - - locations."/".extraConfig = '' - rewrite ^(.*)$ http://element.mccarty.io$1 redirect; - ''; - - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - locations."/_synapse" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - }; - "element.mccarty.io" = { - enableACME = true; - forceSSL = true; - root = unstable.element-web; - }; - }; - }; - - services.matrix-synapse = { - enable = true; - settings = { - enable_registration = false; - server_name = "mccarty.io"; - listeners = [ - { - port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; - extraConfig = '' - ip_range_whitelist: - - '172.23.0.0/16' - registration_requires_token: true - ''; - database.args = { - user = "matrix-synapse"; - database = "synapse"; - }; - }; - }; -} diff --git a/system-specific/oracles/minecraft.nix b/system-specific/oracles/minecraft.nix deleted file mode 100644 index c5a688e..0000000 --- a/system-specific/oracles/minecraft.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # Webserver for hosting pack - services.nginx.virtualHosts."pack.forward-progress.net" = { - enableACME = true; - forceSSL = true; - locations."/".root = "/var/www/pack.forward-progress.net"; - root = "/var/www/pack.forward-progress.net"; - }; -} diff --git a/system-specific/perception/plex.nix b/system-specific/perception/plex.nix deleted file mode 100644 index 481a3dc..0000000 --- a/system-specific/perception/plex.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, pkgs, ... }: -{ - services.plex = - let - myPlexRaw = pkgs.plexRaw.overrideAttrs (x: - let - # see https://www.plex.tv/media-server-downloads/ for 64bit rpm - version = "1.26.1.5798-99a4a6ac9"; - hash = "sha256-Chu4IULIvkmfMEV0LSg50i6usZJZI3UWOgCHQakbhaY="; - in - { - name = "plex-${version}"; - src = pkgs.fetchurl { - url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; - inherit hash; - }; - } - ); - myPlex = pkgs.plex.override (x: { plexRaw = myPlexRaw; }); - in - { - enable = true; - openFirewall = true; - dataDir = "/var/lib/plex"; - user = "nathan"; - group = "users"; - package = myPlex; - }; - - services.tautulli.enable = true; -} From d30315a050f33074ed02d47c6f514fe7178837c2 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 02:44:43 -0400 Subject: [PATCH 04/80] Fix incorrect merging logic --- .sops.yaml | 7 +- flake.nix | 11 +- home-manager/machines/levitation.nix | 41 ++ home-manager/programs/core.nix | 405 ++++++++++---------- home-manager/programs/devel.nix | 15 +- modules/default.nix | 3 +- modules/desktop.nix | 147 +++---- modules/linux/base.nix | 70 ++-- modules/programs/utils.nix | 124 +++--- modules/services/tailscale.nix | 1 + modules/swaywm.nix | 2 +- modules/user.nix | 47 +-- modules/virtualization.nix | 32 +- secrets/{ => all}/backblaze.yaml | 0 secrets/{nathan.yaml => all/tailscale.yaml} | 0 15 files changed, 490 insertions(+), 415 deletions(-) create mode 100644 home-manager/machines/levitation.nix rename secrets/{ => all}/backblaze.yaml (100%) rename secrets/{nathan.yaml => all/tailscale.yaml} (100%) diff --git a/.sops.yaml b/.sops.yaml index 697fd1d..aed779b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d creation_rules: - - path_regex: .* + - path_regex: secrets/all/.* key_groups: - age: - *nathan @@ -16,3 +16,8 @@ creation_rules: - *perception - *shadowchild - *matrix + - path_regex: secrets/levitation + key_groups: + - age: + - *nathan + - *levitation diff --git a/flake.nix b/flake.nix index 5870f83..fb4c689 100644 --- a/flake.nix +++ b/flake.nix @@ -80,7 +80,6 @@ # Setup sops # Add default secrets sops = { - defaultSopsFile = ./secrets/nathan.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; nixpkgs.config.allowUnfree = true; @@ -131,6 +130,7 @@ config = { isDesktop = true; nix.autoUpdate = false; + harden = false; }; }; # Configure networking @@ -149,14 +149,7 @@ # FIXME borg backup module # Setup home manager - home-manager.users.nathan = { config, lib, pkgs, ... }: { - # Module configuration - nathan = { - config = { - isDesktop = true; - }; - }; - }; + home-manager.users.nathan = import ./home-manager/machines/levitation.nix; }) ]; }; diff --git a/home-manager/machines/levitation.nix b/home-manager/machines/levitation.nix new file mode 100644 index 0000000..4f78a0e --- /dev/null +++ b/home-manager/machines/levitation.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + config = { + isDesktop = true; + }; + }; + + # Sway outputs + wayland.windowManager.sway.config = { + output = { + DP-1 = { + pos = "0 140"; + scale = "1"; + subpixel = "rgb"; + }; + DP-3 = { + pos = "2560 0"; + scale = "1.25"; + subpixel = "rgb"; + }; + HDMI-A-1 = { + pos = "5632 140"; + scale = "1"; + subpixel = "rgb"; + }; + }; + startup = [ + # GLPaper + { command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; } + { command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; } + { command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; } + ]; + }; + # Mako output configuration + programs.mako = { + # Lock mako notifs to main display + output = "DP-3"; + }; +} diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix index ec5da81..a3eeb94 100644 --- a/home-manager/programs/core.nix +++ b/home-manager/programs/core.nix @@ -1,215 +1,218 @@ { config, lib, pkgs, ... }: -let - nathan = config.nathan; -in with lib; { - config = { - ######################### - ## SSH Configuration - ######################### - programs.ssh = mkIf nathan.programs.util.ssh { - # SSH configuration - enable = true; - # extra config to set the ciphers - extraConfig = '' - Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr - ''; - # enable session reuse - controlMaster = "auto"; - controlPersist = "10m"; - # Configure known hosts - matchBlocks = { - "levitation" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.95.223.6"; + config = mkMerge [ + (mkIf config.nathan.programs.util.git.enable { + ######################### + ## Git configuration + ######################### + programs.git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + userName = "Nathan McCarty"; + userEmail = "nathan@mccarty.io"; + signing = { + key = "B7A40A5D78C08885"; + signByDefault = config.nathan.programs.util.git.gpgSign; }; - "perception" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.67.146.101"; - }; - "oracles" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.66.15.34"; - }; - "tounge" = { - forwardAgent = true; - user = "nathan"; - hostname = "172.23.98.121"; - }; - "shadowchild" = { - forwardAgent = true; - user = "nathan"; - hostname = "172.23.217.149"; - }; - "matrix.community.rs" = { - forwardAgent = true; - user = "nathan"; - hostname = "100.113.74.107"; - }; - "de1955" = { - user = "de1955"; - hostname = "de1955.rsync.net"; + ignores = [ + "**/*~" + "*~" + "*_archive" + "/auto/" + "auto-save-list" + ".cask/" + ".dir-locals.el" + "dist/" + "**/.DS_Store" + "*.elc" + "/elpa/" + "/.emacs.desktop" + "/.emacs.desktop.lock" + "/eshell/history" + "/eshell/lastdir" + "flycheck_*.el" + "*_flymake.*" + "/network-security.data" + ".org-id-locations" + ".persp" + ".projectile" + "*.rel" + "/server/" + "tramp" + "\\#*\\#" + ]; + delta.enable = true; + lfs.enable = true; + extraConfig = { + init = { + defaultBranch = "trunk"; + }; + log = { + showSignature = true; + abbrevCommit = true; + follow = true; + decorate = false; + }; + rerere = { + enable = true; + autoupdate = true; + }; + merge = { + ff = "only"; + conflictstyle = "diff3"; + }; + push = { + default = "simple"; + followTags = true; + }; + pull = { + rebase = true; + }; + status = { + showUntrackedFiles = "all"; + }; + transfer = { + fsckobjects = true; + }; + color = { + ui = "auto"; + }; + diff = { + mnemonicPrefix = true; + renames = true; + wordRegex = "."; + submodule = "log"; + }; + credential = { + helper = "cache"; + }; + # Disable annoying safe directory nonsense + safe = { + directory = "*"; + }; }; }; - }; - ######################### - ## Fish Configuration - ######################### - programs.fish = mkIf nathan.programs.util.fish { - enable = true; - # Setup our aliases - shellAliases = { - ls = "exa --icons"; - la = "exa --icons -a"; - lg = "exa --icons --git"; - cat = "bat"; - dig = "dog"; - df = "duf"; - }; - # Custom configuration - interactiveShellInit = '' - # Setup any-nix-shell - any-nix-shell fish --info-right | source - # Load logger function - source ~/.config/fish/functions/cmdlogger.fish - ''; - functions = { - # Setup command logging to ~/.logs - cmdlogger = { - onEvent = "fish_preexec"; - body = '' - mkdir -p ~/.logs - echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log - ''; + }) + (mkIf config.nathan.programs.util.ssh { + ######################### + ## SSH Configuration + ######################### + programs.ssh = { + # SSH configuration + enable = true; + # extra config to set the ciphers + extraConfig = '' + Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr + ''; + # enable session reuse + controlMaster = "auto"; + controlPersist = "10m"; + # Configure known hosts + matchBlocks = { + "levitation" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.95.223.6"; + }; + "perception" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.67.146.101"; + }; + "oracles" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.66.15.34"; + }; + "tounge" = { + forwardAgent = true; + user = "nathan"; + hostname = "172.23.98.121"; + }; + "shadowchild" = { + forwardAgent = true; + user = "nathan"; + hostname = "172.23.217.149"; + }; + "matrix.community.rs" = { + forwardAgent = true; + user = "nathan"; + hostname = "100.113.74.107"; + }; + "de1955" = { + user = "de1955"; + hostname = "de1955.rsync.net"; + }; }; }; - }; - programs.starship = mkIf nathan.programs.util.fish { - enable = true; - settings = { - directory = { - truncation_length = 3; - fish_style_pwd_dir_length = 1; + }) + (mkIf config.nathan.programs.util.fish { + ######################### + ## Fish Configuration + ######################### + programs.fish = { + enable = true; + # Setup our aliases + shellAliases = { + ls = "exa --icons"; + la = "exa --icons -a"; + lg = "exa --icons --git"; + cat = "bat"; + dig = "dog"; + df = "duf"; }; - git_commit = { - commit_hash_length = 6; - only_detached = false; - }; - package = { - symbol = ""; - }; - time = { - disabled = false; - format = "[$time]($style)"; - time_format = "%I:l%M %p"; + # Custom configuration + interactiveShellInit = '' + # Setup any-nix-shell + any-nix-shell fish --info-right | source + # Load logger function + source ~/.config/fish/functions/cmdlogger.fish + ''; + functions = { + # Setup command logging to ~/.logs + cmdlogger = { + onEvent = "fish_preexec"; + body = '' + mkdir -p ~/.logs + echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log + ''; + }; }; }; - }; - - ######################### - ## Git configuration - ######################### - programs.git = mkIf nathan.programs.util.git.enable { - enable = true; - package = pkgs.gitAndTools.gitFull; - userName = "Nathan McCarty"; - userEmail = "nathan@mccarty.io"; - signing = { - key = "B7A40A5D78C08885"; - signByDefault = nathan.programs.util.git.gpgSign; + programs.starship = { + enable = true; + settings = { + directory = { + truncation_length = 3; + fish_style_pwd_dir_length = 1; + }; + git_commit = { + commit_hash_length = 6; + only_detached = false; + }; + package = { + symbol = ""; + }; + time = { + disabled = false; + format = "[$time]($style)"; + time_format = "%I:%M %p"; + }; + }; }; - ignores = [ - "**/*~" - "*~" - "*_archive" - "/auto/" - "auto-save-list" - ".cask/" - ".dir-locals.el" - "dist/" - "**/.DS_Store" - "*.elc" - "/elpa/" - "/.emacs.desktop" - "/.emacs.desktop.lock" - "/eshell/history" - "/eshell/lastdir" - "flycheck_*.el" - "*_flymake.*" - "/network-security.data" - ".org-id-locations" - ".persp" - ".projectile" - "*.rel" - "/server/" - "tramp" - "\\#*\\#" + }) + (mkIf config.nathan.programs.util.json { + ######################### + ## JSON Utilities + ######################### + programs.jq = { + enable = true; + }; + home.packages = with pkgs; [ + jc + fx ]; - delta.enable = true; - lfs.enable = true; - extraConfig = { - init = { - defaultBranch = "trunk"; - }; - log = { - showSignature = true; - abbrevCommit = true; - follow = true; - decorate = false; - }; - rerere = { - enable = true; - autoupdate = true; - }; - merge = { - ff = "only"; - conflictstyle = "diff3"; - }; - push = { - default = "simple"; - followTags = true; - }; - pull = { - rebase = true; - }; - status = { - showUntrackedFiles = "all"; - }; - transfer = { - fsckobjects = true; - }; - color = { - ui = "auto"; - }; - diff = { - mnemonicPrefix = true; - renames = true; - wordRegex = "."; - submodule = "log"; - }; - credential = { - helper = "cache"; - }; - # Disable annoying safe directory nonsense - safe = { - directory = "*"; - }; - }; - }; - } // mkIf nathan.programs.util.json { - ######################### - ## JSON Utilities - ######################### - programs.jq = mkIf nathan.programs.util.json { - enable = true; - }; - home.packages = with pkgs; [ - jc - fx - ]; - }; + }) + ]; } diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix index 1dfcbb8..c07ca6c 100644 --- a/home-manager/programs/devel.nix +++ b/home-manager/programs/devel.nix @@ -6,7 +6,7 @@ let in with lib; with nLib; { - config = + config = mkMerge [ # Core development utilites (mkIf devel.core { home.packages = with pkgs; @@ -44,7 +44,7 @@ with lib; with nLib; { }; }) # Rust development - // (mkIf devel.rust { + (mkIf devel.rust { home.packages = with pkgs; [ # Rustup for having the compiler around rustup @@ -68,7 +68,7 @@ with lib; with nLib; { ]; }) # JVM Development - // (mkIf devel.jvm { + (mkIf devel.jvm { home.packages = with unstable; [ inputs.java.packages."${pkgs.system}".semeru-stable gradle @@ -79,14 +79,14 @@ with lib; with nLib; { ]; }) # Python Development - // (mkIf devel.python { + (mkIf devel.python { home.packages = with pkgs; [ python3Full nodePackages.pyright ]; }) # JavaScript/TypeScript Development - // (mkIf devel.js { + (mkIf devel.js { home.packages = with unstable; [ nodejs yarn @@ -95,12 +95,13 @@ with lib; with nLib; { ]; }) # Raku Development - // (mkIf devel.raku { + (mkIf devel.raku { home.packages = with pkgs; [ rakudo zef ]; - }); + }) + ]; } diff --git a/modules/default.nix b/modules/default.nix index 4fa363b..fc01c2a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -9,6 +9,7 @@ in ./desktop.nix ./swaywm.nix ./hardware.nix + ./virtualization.nix ./programs/games.nix ./programs/gpg.nix ./programs/utils.nix @@ -81,7 +82,7 @@ in harden = mkEnableOptionT "Apply system hardening"; # Enable audio subsystem # On by default if the system is a desktop - audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop; + audio = mkDefaultOption "audio" config.nathan.config.isDesktop; # Basic grub configuration # Off by default setupGrub = mkEnableOption "Setup grub"; diff --git a/modules/desktop.nix b/modules/desktop.nix index a5d780d..8375856 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -4,77 +4,82 @@ let in with lib; { # Generic desktop configuration - config = mkIf nc.isDesktop - { - # Ergodox - environment.systemPackages = with pkgs; [ - wally-cli + config = mkMerge [ + (mkIf nc.isDesktop + { + # Ergodox + environment.systemPackages = with pkgs; [ + wally-cli + ]; + hardware.keyboard.zsa.enable = true; + # Configure grub if configured + }) + (mkIf nc.setupGrub { + ## Boot, drivers, and host name + # Use grub + boot.loader = { + grub = { + enable = true; + version = 2; + efiSupport = true; + # Go efi only + devices = [ "nodev" ]; + # Use os-prober + useOSProber = true; + }; + efi = { + efiSysMountPoint = "/boot/"; + canTouchEfiVariables = false; + }; + }; + # Configure audio + }) + (mkIf nc.audio { + # Disable normal audio subsystem explicitly + sound.enable = false; + # Turn on rtkit, so that audio processes can be upgraded to real time + security.rtkit.enable = true; + # Turn on pipewire + services.pipewire = { + enable = true; + # Turn on all the emulation layers + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; + # Turn on bluetooth services + services.blueman.enable = true; + hardware.bluetooth = { + enable = true; + package = pkgs.bluezFull; + }; + # Add pulse audio packages, but do not enable them + environment.systemPackages = with pkgs;[ + pulseaudio + pavucontrol + noisetorch ]; - hardware.keyboard.zsa.enable = true; - # Configure grub if configured - } // mkIf nc.setupGrub { - ## Boot, drivers, and host name - # Use grub - boot.loader = { - grub = { - enable = true; - version = 2; - efiSupport = true; - # Go efi only - devices = [ "nodev" ]; - # Use os-prober - useOSProber = true; + # Add noisetorch for microphone noise canceling + programs.noisetorch = { + enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 }; - efi = { - efiSysMountPoint = "/boot/"; - canTouchEfiVariables = false; - }; - }; - # Configure audio - } // mkIf nc.audio { - # Disable normal audio subsystem explicitly - sound.enable = false; - # Turn on rtkit, so that audio processes can be upgraded to real time - security.rtkit.enable = true; - # Turn on pipewire - services.pipewire = { - enable = true; - # Turn on all the emulation layers - alsa = { - enable = true; - support32Bit = true; - }; - pulse.enable = true; - jack.enable = true; - }; - # Turn on bluetooth services - services.blueman.enable = true; - hardware.bluetooth = { - enable = true; - package = pkgs.bluezFull; - }; - # Add pulse audio packages, but do not enable them - environment.systemPackages = with pkgs;[ - pulseaudio - pavucontrol - noisetorch - ]; - # Add noisetorch for microphone noise canceling - programs.noisetorch = { - enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 - }; - # Configure fonts - } // mkIf nc.fonts { - fonts.fonts = with pkgs; [ - ## Monospace Fonts - # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs - (nerdfonts.override { fonts = [ "FiraCode" ]; }) - fira-code-symbols - fira - # Proportional - roboto - liberation_ttf - noto-fonts - ]; - }; + # Configure fonts + }) + (mkIf nc.fonts { + fonts.fonts = with pkgs; [ + ## Monospace Fonts + # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs + (nerdfonts.override { fonts = [ "FiraCode" ]; }) + fira-code-symbols + fira + # Proportional + roboto + liberation_ttf + noto-fonts + ]; + }) + ]; } diff --git a/modules/linux/base.nix b/modules/linux/base.nix index 29cb9d8..46e36e8 100644 --- a/modules/linux/base.nix +++ b/modules/linux/base.nix @@ -1,34 +1,46 @@ { config, lib, pkgs, inputs, ... }@attrs: with lib; { - config = mkIf pkgs.stdenv.isLinux - ({ - zramSwap = mkIf config.nathan.servics.zramSwap - { - enable = true; - algorithm = "lz4"; - memoryPercent = 25; + config = mkMerge [ + (mkIf pkgs.stdenv.isLinux + { + zramSwap = mkIf config.nathan.services.zramSwap + { + enable = true; + algorithm = "lz4"; + memoryPercent = 25; + }; + nix = mkIf config.nathan.config.nix.autoGC { + autoOptimiseStore = true; }; - nix = mkIf config.nathan.config.nix.autoGC { - autoOptimiseStore = true; - }; - } // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) - // mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux) - { - # System must be for us :v - networking.domain = "mccarty.io"; - } - // mkIf - (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) - { - # Auto update daily at 2 am - system.autoUpgrade = { - enable = true; - allowReboot = true; - # Update from the flake - flake = "github:nathans-flakes/system"; - # Attempt to update daily at 2AM - dates = "2:00"; - }; - }; + }) + (mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) + (mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) { + # Use the zen kernel with muqss turned on + boot.kernelPackages = + let + linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override { + structuredExtraConfig = with lib.kernel; { + SCHED_MUQSS = yes; + }; + ignoreConfigErrors = true; + } + ); + in + linuxZenWMuQSS; + }) + (mkIf + (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) + { + # Auto update daily at 2 am + system.autoUpgrade = { + enable = true; + allowReboot = true; + # Update from the flake + flake = "github:nathans-flakes/system"; + # Attempt to update daily at 2AM + dates = "2:00"; + }; + }) + ]; } diff --git a/modules/programs/utils.nix b/modules/programs/utils.nix index b1e3751..afba516 100644 --- a/modules/programs/utils.nix +++ b/modules/programs/utils.nix @@ -4,66 +4,70 @@ let in with lib; { - config = mkIf nathan.programs.utils.core - { + config = mkMerge [ + (mkIf nathan.programs.utils.core + { + environment.systemPackages = with pkgs; [ + # Basic command line utilities + wget + tmux + nano + unzip + any-nix-shell + htop + # Rust rewrites of common shell utilities + starship + exa + bat + fd + sd + du-dust + ripgrep + ripgrep-all + hyperfine + bottom + dogdns + duf + # User friendly cut + choose + # Man but terse + tealdeer + # For nslookup + dnsutils + # Mosh for better high-latency ssh + mosh + # PV for viewing pipes + pv + ]; + }) + (mkIf nathan.programs.utils.productivity { environment.systemPackages = with pkgs; [ - # Basic command line utilities - wget - tmux - nano - unzip - any-nix-shell - htop - # Rust rewrites of common shell utilities - starship - exa - bat - fd - sd - du-dust - ripgrep - ripgrep-all - hyperfine - bottom - dogdns - duf - # User friendly cut - choose - # Man but terse - tealdeer - # For nslookup - dnsutils - # Mosh for better high-latency ssh - mosh - # PV for viewing pipes - pv + # Feh image viewer + feh + tokei + # Spell check + hunspell + hunspellDicts.en-us + # CLI Markdown renderer + glow + # Command line file manager + broot + # Much better curl + httpie + # CLI spreadsheets + visidata + # Cheatsheet manager + cheat + # Ping with a graph + gping + # Pandoc for documentation + pandoc ]; - } // mkIf nathan.programs.utils.productivity { - environment.systemPackages = with pkgs; [ - # Feh image viewer - feh - tokei - # Spell check - hunspell - hunspellDicts.en-us - # CLI Markdown renderer - glow - # Command line file manager - broot - # Much better curl - httpie - # CLI spreadsheets - visidata - # Cheatsheet manager - cheat - # Ping with a graph - gping - # Pandoc for documentation - pandoc - ]; - } // mkIf nathan.programs.utils.binfmt { - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - }; + }) + (mkIf nathan.programs.utils.binfmt { + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + ]; + }) + ]; } diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix index 49291e4..b37a408 100644 --- a/modules/services/tailscale.nix +++ b/modules/services/tailscale.nix @@ -16,6 +16,7 @@ with lib; # Setup sops sops.secrets."tailscale-auth" = { + sopsFile = ../../secrets/all/tailscale.yaml; format = "yaml"; }; diff --git a/modules/swaywm.nix b/modules/swaywm.nix index 8507259..bf7c64c 100644 --- a/modules/swaywm.nix +++ b/modules/swaywm.nix @@ -8,7 +8,7 @@ with lib; # Turn on GDM for login services.xserver = { enable = true; - autorun = true; + autorun = false; displayManager = { gdm = { enable = true; diff --git a/modules/user.nix b/modules/user.nix index 0d59f20..165778c 100644 --- a/modules/user.nix +++ b/modules/user.nix @@ -8,28 +8,31 @@ with lib; { # If we install the user and the system is hardended, then disable mutable users mutableUsers = !(nc.installUser && nc.harden); # Configure our user, if enabled - users."${nc.user}" = mkIf nc.installUser - { - # Darwin is special - home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; - description = "Nathan McCarty"; - shell = pkgs.fish; - # Linux specific configuration next - } // mkIf (nc.installUser && pkgs.stdenv.isLinux) { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; - hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; - openssh.authorizedKeys.keys = [ - # yubikey ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" - # Macbook pro key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" - # Phone key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" - # Tablet key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" - ]; - }; + users."${nc.user}" = mkMerge [ + (mkIf nc.installUser + { + # Darwin is special + home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; + description = "Nathan McCarty"; + shell = pkgs.fish; + # Linux specific configuration next + }) + (mkIf (nc.installUser && pkgs.stdenv.isLinux) { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; + hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; + openssh.authorizedKeys.keys = [ + # yubikey ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" + # Macbook pro key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" + # Phone key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" + # Tablet key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" + ]; + }) + ]; }; # If we install the user, enable sudo security.sudo.enable = mkDefault nc.installUser; diff --git a/modules/virtualization.nix b/modules/virtualization.nix index e5719b4..d8fc76a 100644 --- a/modules/virtualization.nix +++ b/modules/virtualization.nix @@ -4,22 +4,27 @@ let in with lib; { - config = mkIf nc.virtualization.qemu { - # Enable the kernel modules - boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; - # Enable libvirt - virtualisation.libvirtd.enable = true; - # Install virt-manager - environment.systemPackages = with pkgs; [ - virtmanager - ] // mkIf nc.virtualization.docker { + config = mkMerge [ + (mkIf nc.virtualization.qemu + { + # Enable the kernel modules + boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; + # Enable libvirt + virtualisation.libvirtd.enable = true; + # Install virt-manager + environment.systemPackages = with pkgs; [ + virtmanager + ]; + }) + (mkIf nc.virtualization.docker { # Enable docker virtualisation.docker = { enable = true; # Automatically prune to keep things lean autoPrune.enable = true; }; - } // mkIf nc.virtualization.lxc { + }) + (mkIf nc.virtualization.lxc { virtualisation.lxd = { enable = true; recommendedSysctlSettings = true; @@ -27,7 +32,8 @@ with lib; users.users.${nc.user} = mkIf nc.installUser { extraGroups = [ "lxd" ]; }; - } // mkIf nc.virtualization.nixos { + }) + (mkIf nc.virtualization.nixos { # Setup networking for nixos containers networking = { nat = { @@ -35,6 +41,6 @@ with lib; internalInterfaces = [ "ve-+" ]; }; }; - }; - }; + }) + ]; } diff --git a/secrets/backblaze.yaml b/secrets/all/backblaze.yaml similarity index 100% rename from secrets/backblaze.yaml rename to secrets/all/backblaze.yaml diff --git a/secrets/nathan.yaml b/secrets/all/tailscale.yaml similarity index 100% rename from secrets/nathan.yaml rename to secrets/all/tailscale.yaml From 8b4d93de73e6663c59b075cea6d3fdfee26b2c1f Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 14:33:15 -0400 Subject: [PATCH 05/80] Add borg backup module --- flake.nix | 35 +++++++++++++++++------------ modules/default.nix | 31 ++++++++++++++++++++++++++ modules/services/borg.nix | 43 ++++++++++++++++++++++++++++++++++++ secrets/levitation/borg.yaml | 31 ++++++++++++++++++++++++++ 4 files changed, 126 insertions(+), 14 deletions(-) create mode 100644 modules/services/borg.nix create mode 100644 secrets/levitation/borg.yaml diff --git a/flake.nix b/flake.nix index fb4c689..9c8e47f 100644 --- a/flake.nix +++ b/flake.nix @@ -107,28 +107,35 @@ extraModules = [ ./hardware/levitation.nix ({ pkgs, config, lib, ... }: { - boot.loader = { - grub = { - enable = true; - version = 2; - efiSupport = true; - # Go efi only - devices = [ "nodev" ]; - # Use os-prober - useOSProber = true; - }; - efi = { - efiSysMountPoint = "/boot/"; - canTouchEfiVariables = false; - }; + # sops for borg + sops.secrets."borg-ssh-key" = { + sopsFile = ./secrets/levitation/borg.yaml; + format = "yaml"; + }; + sops.secrets."borg-password" = { + sopsFile = ./secrets/levitation/borg.yaml; + format = "yaml"; }; # Setup system configuration nathan = { programs = { games = true; }; + services = { + borg = { + enable = true; + extraExcludes = [ + "/home/${config.nathan.config.user}/Music" + "/var/lib/docker" + "/var/log" + ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + }; config = { isDesktop = true; + setupGrub = true; nix.autoUpdate = false; harden = false; }; diff --git a/modules/default.nix b/modules/default.nix index fc01c2a..619eae7 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -15,6 +15,7 @@ in ./programs/utils.nix ./services/ssh.nix ./services/tailscale.nix + ./services/borg.nix ./linux/base.nix ]; @@ -31,6 +32,36 @@ in tailscale = { enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; }; + # Borg backup + # Disabled by default as it requires configuration, but a really good idea to turn on + borg = { + enable = mkEnableOption "borg"; + extraExcludes = mkOption { + default = [ ]; + description = "List of extra paths to exclude"; + }; + extraIncludes = mkOption { + default = [ ]; + description = "List of extra paths to include"; + }; + location = mkOption { + default = "de1955@de1955.rsync.net:computers"; + description = "Location to backup to"; + type = lib.types.str; + }; + passwordFile = mkOption { + description = "Path to the password file"; + type = lib.types.str; + }; + sshKey = mkOption { + description = "Path to the ssh key"; + type = lib.types.str; + }; + startAt = mkOption { + description = "How often to run backups"; + default = "hourly"; + }; + }; }; # Control enabling/configuratin of services programs = { diff --git a/modules/services/borg.nix b/modules/services/borg.nix new file mode 100644 index 0000000..34df290 --- /dev/null +++ b/modules/services/borg.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +with lib; { + config = mkIf config.nathan.services.borg.enable { + # Add borg to the system packages + environment.systemPackages = with pkgs; [ + borgbackup + ]; + services.borgbackup.jobs = { + rsyncnet = { + paths = [ + "/home" + "/var" + "/etc" + "/root" + ] ++ config.nathan.services.borg.extraIncludes; + exclude = [ + "*/.cache" + "*/.tmp" + "/home/${config.nathan.config.user}/Projects/*/target" + "/home/${config.nathan.config.user}/Work/*/target" + "/home/${config.nathan.config.user}/.local/share/Steam" + "/home/${config.nathan.config.user}/*/Cache" + "/home/*/Downloads" + ]; + repo = "${config.nathan.services.borg.location}/${config.networking.hostName}"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.nathan.services.borg.passwordFile}"; + }; + environment.BORG_RSH = "ssh -i ${config.nathan.services.borg.sshKey}"; + compression = "auto,zstd"; + startAt = config.nathan.services.borg.startAt; + prune.keep = { + within = "7d"; # Keep all archives for the past week + daily = 1; # Keep 1 snapshot a day for 2 weeks + weekly = 4; # Keep 1 snapshot a week for 4 weeks + monthly = -1; # Keep unlimited monthly backups + }; + }; + }; + }; +} diff --git a/secrets/levitation/borg.yaml b/secrets/levitation/borg.yaml new file mode 100644 index 0000000..0d40b9d --- /dev/null +++ b/secrets/levitation/borg.yaml @@ -0,0 +1,31 @@ +borg-ssh-key: ENC[AES256_GCM,data:w3l69u5319qQsD+4SIEtqft5WX9yWtbK0/AB/RJAohh3x8zBfVOz9EG+tSoal28EUEcXg0EDVYh7hZ33nPeq5PWP+/ktob0uWd1i7apTJRnQGI5sOf0GrK3qCZXJMn7kGVSzYlnZWyf1XAzgEOtR4QhGnrHsFrp5IKBrRC2u2HTdlxPJPUwNjOL3PbtuPZga8R497/6d86LHdmx1q+DWBhANkQZNNsDWiXGQU2MKfJFoNMd8I4SZia1M7rt4T8TkcxzwzqRvx8CRjI/CWmUkzRnojIvmOFsZuScfeenjq8uolDSI5kNznXG+r+bIyW6BFyOPoGCqR4YcJZZdPJxIJGBBl6wXDow1iyAoCnSrJhQV7HFDc4Gyd0UESeAIRiWzEmlAiKvGQG/J7K1HbYekrLfxENcwYEt26h5FfLznFSNJ1VGIOJFk/08ewy2SZ9KiImeTpv2lcqAmOLjSp+OkxU+1xeffOMGR8adutsbhXLMlCIaqlimZWvSRPyR5Qp9SOo2esQ3S4Rq5VUbq93xAFnrJpNgyr7r0OZTy,iv:UGiwqGadbm3P5RBI/R32zlIOmVjRiEaEwAuGTAqhnks=,tag:WS0ksDUEoGJLl1L2jNb2Zg==,type:str] +borg-password: ENC[AES256_GCM,data:W0MEp075S/1fAzLl3UxQ/8W/Cx+Z0pBU/qYMEbL+rmvCnhLRpbM/iy48RAz0xFZ4txUIDHkNllaA,iv:7wlt8FjA8k5iol4lgW8upuRQJTeu2ToyI6LsTmPCk/4=,tag:jrG00Q5bkDONDhfYMlKtfA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ak5NVEJ4U0s0ajB2SnhC + Ym45TlZjdWM0VnhYK08yMWduWUg5SDI3bFJrCkt1SGlpUkx2cnFMbDdLTWdUM3Za + eElFbjJDVXlRUDQrek5XalpUMEZydVUKLS0tIHpLU21ZY29ydU1ENmVWWXdTK0RF + VFFmQld5UzVUZUtDQmRRVnNacm1uUkEKuodQeOPsTw7i3dTWqb4XQ4v/Jtf9X9ah + NVhYD79ZltK2k5Epa95oH46Djwz1RjPad0WVgLDPlPYdto2Kd5Y26A== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadlVMRzY1Zkoyb1JVYTd0 + NEQ0bStuNWVpRTZJRGx6NVpUejIxMzhKT1NjCnJyK1pONmljYTVLajF3VGpiRllG + MEcxR1ptbWs0Q1U5Zi85U3hZOFJxUGMKLS0tIDZYT0dZYkJoU0lTMHBRS0NqVHdq + SHRtU2NNeHdJTVdvNFhDU1dXbHZVSTgKAan3xhZNtYVRgrx0oCgz5bA2x2gS9+mj + DzxQY1NrM4ZEGWQtm7NWyyfuO16OAVsdotiMN8mbSlyh9uB+j4nNig== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-07-02T18:30:32Z" + mac: ENC[AES256_GCM,data:cX7URw9zZN2WIpKe4RKbZi6T/CW6L5nMiINzAoNeO0pdmsQpeCiiNiI3bn4epOf5qWKZDybSbwMdEB9a/uDOAImIKL08rUUJr9JTLICFRMcQgNpczN6XNu5Xpbt8uxksRc/ex2x8a7TbE7gy4xsEE0U9CGG3WWQm2LeUpbz9PGA=,iv:mbY+1H1rsyAL00VmNTjzmGITywRc5uFEd+HAfQQNtY4=,tag:JNcoz8XLPCpQ61CV2Dxfuw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From bace462b4725b9e9467fa2dd18d96e01646aa74c Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 15:02:56 -0400 Subject: [PATCH 06/80] Add in bat configuration --- home-manager/programs/core.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix index a3eeb94..de5818e 100644 --- a/home-manager/programs/core.nix +++ b/home-manager/programs/core.nix @@ -201,6 +201,13 @@ with lib; }; }; }; + programs.bat = { + enable = true; + config = { + theme = "zenburn"; + style = "header,rule,snip,changes"; + }; + }; }) (mkIf config.nathan.programs.util.json { ######################### From aadef397ac4aeade6da9286449cfaed611ebf207 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 16:15:19 -0400 Subject: [PATCH 07/80] Configure protonmail with mbsync and mu --- certificates/protonmail-levitation.pem | 22 +++++ flake.nix | 3 +- home-manager/default.nix | 9 +- home-manager/machines/levitation.nix | 5 ++ home-manager/services/email.nix | 83 +++++++++++++++++++ .../{programs => services}/syncthing.nix | 0 6 files changed, 120 insertions(+), 2 deletions(-) create mode 100644 certificates/protonmail-levitation.pem create mode 100644 home-manager/services/email.nix rename home-manager/{programs => services}/syncthing.nix (100%) diff --git a/certificates/protonmail-levitation.pem b/certificates/protonmail-levitation.pem new file mode 100644 index 0000000..2133054 --- /dev/null +++ b/certificates/protonmail-levitation.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCApOgAwIBAgIRAJ8hYGGIdDyn13K0d/euZzgwDQYJKoZIhvcNAQELBQAw +VzELMAkGA1UEBhMCQ0gxHzAdBgNVBAoTFlByb3RvbiBUZWNobm9sb2dpZXMgQUcx +EzARBgNVBAsTClByb3Rvbk1haWwxEjAQBgNVBAMTCTEyNy4wLjAuMTAeFw0yMjA2 +MjgxMjM0MzRaFw00MjA2MjMxMjM0MzRaMFcxCzAJBgNVBAYTAkNIMR8wHQYDVQQK +ExZQcm90b24gVGVjaG5vbG9naWVzIEFHMRMwEQYDVQQLEwpQcm90b25NYWlsMRIw +EAYDVQQDEwkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQDL1asnn8Z9Uvk8zT9hfdCG2MuHfSYSNi4/RNqzA0kACfCw8/fKQx+FDJOWuZAH +7ZJA8+xk3W+AS2VTb35+TtwWSyIE/9cc4exTSx52Mv/EdhrSCbIBPGmp6MPiLFCf +5xPD7Df6WbfGuTcfc6sBIUPcN9qZmud2tiHCb6CCvyWpTrLjaSCAx5eRB4mKlqiz +bFaTrEal/DSgrtziMRwawCLMH3Q7/6PQNTpXzOGXhrhy3b9Fi7aLLHztQWr23C9K +RI22TgawYh/rG7xd/tjSm7qJkhsqvFoq/41I4c/PMNTpVuCWYQyBr7pm9CxrvIsA +of6vbMScUT+h3pWl/cz1lNrhAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwICpDAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUwqc9Wvucag5zHRnlXw6Ti3kt3aAwDwYDVR0RBAgwBocEfwAAATANBgkq +hkiG9w0BAQsFAAOCAQEAp0YD/BlWvjE7PBMnpR4LOJO/RqxtUgaKMb1DiFCtrBai +n3MHJEVaZsFNk7Golm2ZihmfTFou60JFpt7FtspgQp8XzIA0oXnGqB+6EYFfmC8X +aJK1yrOI1R+nYCY99BGZ8BzyhwXh7ofNQt1+SzP7iBA1HwDy19HVQTRedt3rm61Q +WKudhxo8IIhWSTQ2OLYMSU1PrSdPjS+wUBY8rqrXz6xdHT5yxcwMyTURQJmF6GGl +dCVv5Q89hrvG26rv6ycldLMRbBlaAoNr8JCSbHPpU/KQybSsga0Qui7z0w7mYT4z +NJNXADYysmkqbNuj8pAGTzio64EFqQCDbkWOW7DlSQ== +-----END CERTIFICATE----- diff --git a/flake.nix b/flake.nix index 9c8e47f..6abde5e 100644 --- a/flake.nix +++ b/flake.nix @@ -72,7 +72,7 @@ sops-nix.nixosModules.sops home-manager.nixosModules.home-manager ./modules/default.nix - ({ pkgs, lib, ... }: { + ({ pkgs, lib, config, ... }: { # Configure hostname networking = { hostName = hostName; @@ -90,6 +90,7 @@ useGlobalPkgs = true; extraSpecialArgs = { inputs = inputs; + nixosConfig = config; }; sharedModules = [ ./home-manager/default.nix diff --git a/home-manager/default.nix b/home-manager/default.nix index 6500764..95938e4 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -11,7 +11,8 @@ with lib; with nLib; { ./programs/emacs.nix ./programs/image-editing.nix ./programs/media.nix - ./programs/syncthing.nix + ./services/syncthing.nix + ./services/email.nix ]; options = { @@ -20,6 +21,12 @@ with lib; with nLib; { services = { # Synthing, enabled by default on linux desktop syncthing = mkDefaultOption "Syncthing" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + # Email syncing + # Disabled by default since this requires manual setup on the machine + # TODO: Get this working on darwin + email = { + enable = mkEnableOption "Email"; + }; }; # Programs programs = { diff --git a/home-manager/machines/levitation.nix b/home-manager/machines/levitation.nix index 4f78a0e..fb35fc4 100644 --- a/home-manager/machines/levitation.nix +++ b/home-manager/machines/levitation.nix @@ -2,6 +2,11 @@ { nathan = { + services = { + email = { + enable = true; + }; + }; config = { isDesktop = true; }; diff --git a/home-manager/services/email.nix b/home-manager/services/email.nix new file mode 100644 index 0000000..303357c --- /dev/null +++ b/home-manager/services/email.nix @@ -0,0 +1,83 @@ +{ config, nixosConfig, lib, pkgs, ... }: + +with lib; { + config = mkIf config.nathan.services.email.enable { + # Packages used for mbsync + mu + protonmail-bridge + home.packages = with pkgs; [ + pass + protonmail-bridge + mu + xapian + ]; + # Configure protonmail as a service + systemd.user.services.protonmail-bridge = { + Unit = { + Description = "Proton Mail Bridge"; + After = [ "graphical-session-pre.target" ]; + Before = [ "mbsync.service" ]; + PartOf = [ "graphical-session.target" ]; + }; + Service = { + Type = "simple"; + ExecStart = '' + ${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive + ''; + }; + }; + # Setup accounts + accounts.email = { + maildirBasePath = ".mail"; + accounts = { + "nathan@mccarty.io" = { + maildir = { + path = "nathan@mccarty.io"; + }; + address = "nathan@mccarty.io"; + primary = true; + realName = "Nathan McCarty"; + userName = "nathan@mccarty.io"; + # TODO: Move into `pass` + passwordCommand = "${pkgs.pass}/bin/pass protonmail-bridge-password"; + aliases = [ + "thatonelutenist@protonmail.com" + "nathan@asuran.rs" + "nathan@community.rs" + ]; + imap = { + host = "127.0.0.1"; + port = 1143; + tls = { + useStartTls = true; + certificatesFile = ../../certificates/protonmail-${nixosConfig.networking.hostName}.pem; + }; + }; + smtp = { + host = "127.0.0.1"; + port = 1025; + tls = { + useStartTls = true; + certificatesFile = ../../certificates/protonmail-${nixosConfig.networking.hostName}.pem; + }; + }; + mbsync = { + enable = true; + create = "maildir"; + }; + mu.enable = true; + }; + }; + }; + # Setup mbsync + programs.mbsync = { + enable = true; + }; + services.mbsync = { + enable = true; + postExec = "${pkgs.mu}/bin/mu index"; + }; + # Setup mu + programs.mu = { + enable = true; + }; + }; +} diff --git a/home-manager/programs/syncthing.nix b/home-manager/services/syncthing.nix similarity index 100% rename from home-manager/programs/syncthing.nix rename to home-manager/services/syncthing.nix From ac49bd822d4f7d5c192e4193c12a38c3a9371dcb Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 21:32:06 -0400 Subject: [PATCH 08/80] Systemd tweaks --- home-manager/programs/sway.nix | 41 ++++++++++++++++++++++++++--- home-manager/services/syncthing.nix | 7 +++-- 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 136812e..6a3282f 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -41,9 +41,9 @@ with lib; menu = "albert show"; # Use waybar, but through systemd bars = [ - { - command = "waybar"; - } + # { + # command = "waybar"; + # } ]; # Use fira code fonts = { @@ -101,6 +101,9 @@ with lib; maxVisible = 10; # Sort by time in descending order (newest first) sort = "-time"; + # Don't time out notifications , I want to have to dismiss them + defaultTimeout = 0; + ignoreTimeout = true; }; ######################### ## Swayidle @@ -127,6 +130,28 @@ with lib; programs.waybar = { enable = true; package = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}".waybar; + systemd = { + enable = false; + }; + }; + # Override the service to run during graphical-session-pre.target + systemd.user.services.waybar = { + Unit = { + Description = + "Highly customizable Wayland bar for Sway and Wlroots based compositors."; + Documentation = "https://github.com/Alexays/Waybar/wiki"; + Before = [ "tray.target" ]; + }; + + Service = { + ExecStart = "${config.programs.waybar.package}/bin/waybar"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR2 $MAINPID"; + ExecstartPost = "${pkgs.coreutils}/bin/sleep 1"; + Restart = "on-failure"; + KillMode = "mixed"; + }; + + Install = { WantedBy = [ "graphical-session-pre.target" ]; }; }; ######################### ## Alacritty @@ -177,6 +202,16 @@ with lib; ## EasyEffects ######################### services.easyeffects.enable = true; + ######################### + ## Create tray target to fix some things + ######################### + systemd.user.targets.tray = { + Unit = { + Description = "Home Manager System Tray"; + Requires = [ "graphical-session-pre.target" "waybar.service" ]; + After = ["waybar.service"]; + }; + }; } ); } diff --git a/home-manager/services/syncthing.nix b/home-manager/services/syncthing.nix index 2cf4690..dc2adfc 100644 --- a/home-manager/services/syncthing.nix +++ b/home-manager/services/syncthing.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, ... }: - +{ config, lib, pkgs, inputs, ... }: +let + stray = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}".syncthingtray; +in { config = lib.mkIf config.nathan.services.syncthing { services.syncthing = { enable = true; tray = { enable = true; + package = stray; }; }; }; From 36ee201aa168bd520e737d9c181fb87e28412d52 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 22:36:59 -0400 Subject: [PATCH 09/80] Setup mu4e --- doom.d/config.el | 15 +++++++++++++++ doom.d/config.org | 21 +++++++++++++++++++++ doom.d/init.el | 2 +- home-manager/programs/emacs.nix | 1 + home-manager/programs/sway.nix | 8 ++++---- home-manager/services/email.nix | 14 +++++++++++--- 6 files changed, 53 insertions(+), 8 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index b4fc045..ea903c4 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -330,3 +330,18 @@ work if it thinks it needs to." elfeed-enclosure-default-dir (concat org-directory "elfeed/enclosures/") shr-max-width nil) (make-directory elfeed-db-directory t)) + +(after! mu4e + (setq sendmail-program (executable-find "msmtp") + send-mail-function #'smtpmail-send-it + message-sendmail-f-is-evil t + message-sendmail-extra-arguments '("--read-envelope-from") + message-send-mail-function #'message-send-mail-with-sendmail)) + +(set-email-account! "mccarty.io" + '((mu4e-sent-folder . "/nathan@mccarty.io/Sent") + (mu4e-drafts-folder . "/nathan@mccarty.io/Drafts") + (mu4e-trash-folder . "/nathan@mccarty.io/Trash") + (mu4e-refile-folder . "/nathan@mccarty.io/Archive") + (smtpmail-smtp-user . "nathan@mccarty.io")) + t) diff --git a/doom.d/config.org b/doom.d/config.org index e28e958..202d37e 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -528,3 +528,24 @@ Use ~elfeed~ for RSS. Doom provides most of the configuration, but we'll make a shr-max-width nil) (make-directory elfeed-db-directory t)) #+end_src +** Email +Use ~mu4e~ for email. Most of the bootstrap is provided by doom emacs. +First, tell mu4e to use msmtp +#+begin_src emacs-lisp +(after! mu4e + (setq sendmail-program (executable-find "msmtp") + send-mail-function #'smtpmail-send-it + message-sendmail-f-is-evil t + message-sendmail-extra-arguments '("--read-envelope-from") + message-send-mail-function #'message-send-mail-with-sendmail)) +#+end_src +Then tell it where our account's stuff is +#+begin_src emacs-lisp +(set-email-account! "mccarty.io" + '((mu4e-sent-folder . "/nathan@mccarty.io/Sent") + (mu4e-drafts-folder . "/nathan@mccarty.io/Drafts") + (mu4e-trash-folder . "/nathan@mccarty.io/Trash") + (mu4e-refile-folder . "/nathan@mccarty.io/Archive") + (smtpmail-smtp-user . "nathan@mccarty.io")) + t) +#+end_src diff --git a/doom.d/init.el b/doom.d/init.el index 8d47dd5..47020ee 100644 --- a/doom.d/init.el +++ b/doom.d/init.el @@ -91,7 +91,7 @@ (java +lsp +meghanada) (javascript +lsp) :email - ;;(mu4e +org +gmail) + (mu4e +org) ;;notmuch ;;(wanderlust +gmail) diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix index b60e8b6..2ce90ca 100644 --- a/home-manager/programs/emacs.nix +++ b/home-manager/programs/emacs.nix @@ -33,6 +33,7 @@ }; }; }; + extraPackages = [ pkgs.mu ]; }; # Setup service services.emacs = { diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 6a3282f..2997eb0 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -41,9 +41,9 @@ with lib; menu = "albert show"; # Use waybar, but through systemd bars = [ - # { - # command = "waybar"; - # } + # { + # command = "waybar"; + # } ]; # Use fira code fonts = { @@ -209,7 +209,7 @@ with lib; Unit = { Description = "Home Manager System Tray"; Requires = [ "graphical-session-pre.target" "waybar.service" ]; - After = ["waybar.service"]; + After = [ "waybar.service" ]; }; }; } diff --git a/home-manager/services/email.nix b/home-manager/services/email.nix index 303357c..7ba2cc8 100644 --- a/home-manager/services/email.nix +++ b/home-manager/services/email.nix @@ -7,7 +7,6 @@ with lib; { pass protonmail-bridge mu - xapian ]; # Configure protonmail as a service systemd.user.services.protonmail-bridge = { @@ -64,10 +63,15 @@ with lib; { create = "maildir"; }; mu.enable = true; + msmtp = { + enable = true; + }; }; }; }; - # Setup mbsync + ## Enable email applications + # Setup mbsync for incoming emails + # For fun reasons this requires enabling the program and the service programs.mbsync = { enable = true; }; @@ -75,9 +79,13 @@ with lib; { enable = true; postExec = "${pkgs.mu}/bin/mu index"; }; - # Setup mu + # Setup mu for indexing emails programs.mu = { enable = true; }; + # Setup msmtp for outbound emails + programs.msmtp = { + enable = true; + }; }; } From 5431f9e0e3d01aad8420704397bca0a42937f54c Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 22:59:13 -0400 Subject: [PATCH 10/80] Switch launcher to fuzzel --- home-manager/programs/sway.nix | 40 +++++++++++++++++++++++++++++----- modules/swaywm.nix | 31 -------------------------- 2 files changed, 34 insertions(+), 37 deletions(-) diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 2997eb0..5a9cc09 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -9,6 +9,34 @@ with lib; swaylock-command = "${pkgs.swaylock-effects}/bin/swaylock --screenshots --grace 30 --indicator --clock --timestr \"%-I:%M:%S %p\" --datestr \"%A %Y-%M-%d\" --effect-blur 20x3"; in { + home.packages = with pkgs; [ + # Locking and display management + wdisplays + swaylock-effects + swayidle + # Clipboard + wl-clipboard + # Notifications + mako + # Terminal + alacritty + # glib for sound stuff + glib + # Glpaper for the background + (glpaper.overrideAttrs (old: { + src = fetchFromSourcehut { + owner = "~scoopta"; + repo = "glpaper"; + vc = "hg"; + rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35"; + hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M="; + }; + })) + # Screenshots + sway-contrib.grimshot + # fuzzel for launcher + fuzzel + ]; ######################### ## Sway ######################### @@ -38,16 +66,18 @@ with lib; # Alacritty as default terminal terminal = "alacritty"; # Use krunner (from kde) as our launcher - menu = "albert show"; + menu = '' + fuzzel -f Fira -b "103c48ff" -S "adbcbcff" -s "184956ff" -t "72898fff" -B 5 -r 5 -C "ed8649ff" + ''; # Use waybar, but through systemd bars = [ # { # command = "waybar"; # } ]; - # Use fira code + # Use fira fonts = { - names = [ "Fira Code Nerd Font" ]; + names = [ "Fira" ]; size = 10.0; }; # Setup keybindings @@ -68,8 +98,6 @@ with lib; }; # Startup applications startup = [ - # Albert, the launcher - { command = "albert"; } # Mako, the notification daemon { command = "mako"; } ]; @@ -92,7 +120,7 @@ with lib; # Border configuration borderSize = 3; # Use Fira Code for font - font = "Fira Code Nerd Font 10"; + font = "Fira 10"; # Group by application groupBy = "app-name"; # Bottom right corner diff --git a/modules/swaywm.nix b/modules/swaywm.nix index bf7c64c..f3c829a 100644 --- a/modules/swaywm.nix +++ b/modules/swaywm.nix @@ -48,37 +48,6 @@ with lib; enable = true; # Enable the wrapper for gtk applications wrapperFeatures.gtk = true; - # Install some applications required for sway to work how I want - extraPackages = with pkgs; [ - # Unstable waybar, its a fast moving target - inputs.nixpkgs-unstable.legacyPackages.${system}.waybar - # Locking and display management - wdisplays - swaylock-effects - swayidle - # Clipboard - wl-clipboard - # Notifications - mako - # Terminal - alacritty - # glib for sound stuff - glib - # Glpaper for the background - (glpaper.overrideAttrs (old: { - src = fetchFromSourcehut { - owner = "~scoopta"; - repo = "glpaper"; - vc = "hg"; - rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35"; - hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M="; - }; - })) - # Screenshots - sway-contrib.grimshot - # Albert for launcher - albert - ]; }; environment.sessionVariables = { From 2472f2e7afdda7723b520ff9a2421478dc7a0dd3 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sat, 2 Jul 2022 23:13:40 -0400 Subject: [PATCH 11/80] Selenize sway --- home-manager/programs/sway.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 5a9cc09..99d2e75 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -80,6 +80,37 @@ with lib; names = [ "Fira" ]; size = 10.0; }; + # Selenize it + colors = { + focused = { + border = "75b938"; + background = "184956"; + text = "adbcbc"; + indicator = "fa5750"; + childBorder = "75b938"; + }; + focusedInactive = { + border = "84c747"; + background = "103c48"; + text = "adbcbc"; + indicator = "fa5750"; + childBorder = "84c747"; + }; + unfocused = { + border = "72898f"; + background = "103c48"; + text = "72898f"; + indicator = "fa5750"; + childBorder = "72898f"; + }; + urgent = { + border = "f275be"; + background = "184956"; + text = "fa5750"; + indicator = "fa5750"; + childBorder = "f275be"; + }; + }; # Setup keybindings keybindings = let From 0693bca45203a4f7fd5e8329835c4b2b35b8f3e7 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 3 Jul 2022 00:33:57 -0400 Subject: [PATCH 12/80] Theme up waybar --- home-manager/programs/communications.nix | 4 +- home-manager/programs/media.nix | 2 +- home-manager/programs/sway.nix | 308 +++++++++++++++++++++++ 3 files changed, 311 insertions(+), 3 deletions(-) diff --git a/home-manager/programs/communications.nix b/home-manager/programs/communications.nix index 55c15c0..7b7e8ba 100644 --- a/home-manager/programs/communications.nix +++ b/home-manager/programs/communications.nix @@ -38,14 +38,14 @@ fbChromeDesktopItem = pkgs.makeDesktopItem { name = "messenger-chrome"; desktopName = "Messenger (chrome)"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\""; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://messenger.com\""; terminal = false; }; # Teams teamsItem = pkgs.makeDesktopItem { name = "teams-wayland"; desktopName = "Teams (Wayland)"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\""; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://teams.microsoft.com\""; terminal = false; }; in diff --git a/home-manager/programs/media.nix b/home-manager/programs/media.nix index 01daa74..d321d82 100644 --- a/home-manager/programs/media.nix +++ b/home-manager/programs/media.nix @@ -4,7 +4,7 @@ let irisDesktopItem = pkgs.makeDesktopItem { name = "iris"; desktopName = "Iris"; - exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"http://localhost:6680/iris/\""; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=http://localhost:6680/iris/\""; terminal = false; }; in diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 99d2e75..3386cb6 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -192,6 +192,314 @@ with lib; systemd = { enable = false; }; + settings = { + mainBar = { + layer = "top"; + position = "bottom"; + height = 27; + modules-left = [ "sway/workspaces" "sway/mode" ]; + modules-center = [ "sway/window" ]; + modules-right = [ "mpd" "clock" "tray" ]; + "sway/workspaces" = { + disable-scroll = true; + }; + "sway/window" = { + icon = true; + }; + "clock" = { + format = "{:%I:%M%p %Y-%m-%d}"; + }; + "window" = { + icon = true; + }; + "tray" = { + spacing = 5; + }; + "mpd" = { + format = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S})"; + format-disconnected = "Disconnected ❌"; + format-stopped = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped ⏸"; + consume-icons = { + on = "🍴"; + }; + random-icons = { + on = "🔀"; + }; + repeat-icons = { + on = "🔁"; + }; + state-icons = { + paused = "⏸"; + playing = "▶"; + }; + }; + }; + }; + style = '' + * { + /* `otf-font-awesome` is required to be installed for icons */ + font-family: FontAwesome, Fira; + font-size: 14px; + } + + window#waybar { + background-color: #103c48; + border: 2px solid #2d5b69; + color: #adbcbc; + transition-property: background-color; + transition-duration: .5s; + } + + window#waybar.hidden { + opacity: 0.2; + } + + /* + window#waybar.empty { + background-color: transparent; + } + window#waybar.solo { + background-color: #FFFFFF; + } + */ + + window#waybar.termite { + background-color: #3F3F3F; + } + + window#waybar.chromium { + background-color: #000000; + border: none; + } + + #workspaces button { + padding: 0 5px; + background-color: #184956; + color: #72898f; + /* Use box-shadow instead of border so the text isn't offset */ + box-shadow: inset 0 -3px transparent; + /* Avoid rounded borders under each workspace name */ + border: none; + border-radius: 0; + } + + /* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */ + #workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + box-shadow: inset 0 -3px #ffffff; + } + + #workspaces button.focused { + background-color: #2d5b69; + color: #adbcbc; + /* box-shadow: inset 0 -3px #ffffff; */ + } + + #workspaces button.urgent { + background-color: #2d5b69; + color: #fa5750; + } + + #mode { + background-color: #64727D; + border-bottom: 3px solid #ffffff; + } + + #clock, + #battery, + #cpu, + #memory, + #disk, + #temperature, + #backlight, + #network, + #pulseaudio, + #custom-media, + #tray, + #mode, + #idle_inhibitor, + #mpd { + padding: 0 10px; + } + + #window, + #workspaces { + margin: 0 4px; + } + + /* If workspaces is the leftmost module, omit left margin */ + .modules-left > widget:first-child > #workspaces { + margin-left: 0; + } + + /* If workspaces is the rightmost module, omit right margin */ + .modules-right > widget:last-child > #workspaces { + margin-right: 0; + } + + #clock { + border: 2px solid #41c7b9; + background-color: #184956; + color: #41c7b9; + } + + #battery { + background-color: #ffffff; + color: #000000; + } + + #battery.charging, #battery.plugged { + color: #ffffff; + background-color: #26A65B; + } + + @keyframes blink { + to { + background-color: #ffffff; + color: #000000; + } + } + + #battery.critical:not(.charging) { + background-color: #f53c3c; + color: #ffffff; + animation-name: blink; + animation-duration: 0.5s; + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + + label:focus { + background-color: #000000; + } + + #cpu { + background-color: #2ecc71; + color: #000000; + } + + #memory { + background-color: #9b59b6; + } + + #disk { + background-color: #964B00; + } + + #backlight { + background-color: #90b1b1; + } + + #network { + background-color: #2980b9; + } + + #network.disconnected { + background-color: #f53c3c; + } + + #pulseaudio { + background-color: #f1c40f; + color: #000000; + } + + #pulseaudio.muted { + background-color: #90b1b1; + color: #2a5c45; + } + + #custom-media { + background-color: #66cc99; + color: #2a5c45; + min-width: 100px; + } + + #custom-media.custom-spotify { + background-color: #66cc99; + } + + #custom-media.custom-vlc { + background-color: #ffa000; + } + + #temperature { + background-color: #f0932b; + } + + #temperature.critical { + background-color: #eb4d4b; + } + + #tray { + background-color: #4695f7; + border: 2px solid #58a3ff; + } + + #tray > .passive { + -gtk-icon-effect: dim; + } + + #tray > .needs-attention { + -gtk-icon-effect: highlight; + background-color: #eb4d4b; + } + + #idle_inhibitor { + background-color: #2d3436; + } + + #idle_inhibitor.activated { + background-color: #ecf0f1; + color: #2d3436; + } + + #mpd { + color: #adbcbc; + border: 2px solid #75b938; + background-color: #184956; + + } + + #mpd.disconnected { + color: #dbb32d; + border: 2px solid #dbb32d; + } + + #mpd.stopped { + color: #fa5750; + border: 2px solid #fa5750; + } + + #mpd.paused { + color: #f275be; + border: 2px solid #f275be; + } + + #language { + background: #00b093; + color: #740864; + padding: 0 5px; + margin: 0 5px; + min-width: 16px; + } + + #keyboard-state { + background: #97e1ad; + color: #000000; + padding: 0 0px; + margin: 0 5px; + min-width: 16px; + } + + #keyboard-state > label { + padding: 0 5px; + } + + #keyboard-state > label.locked { + background: rgba(0, 0, 0, 0.2); + } + ''; }; # Override the service to run during graphical-session-pre.target systemd.user.services.waybar = { From 481cde91d9a513fdeb969a2d969557163eb62268 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 3 Jul 2022 00:40:04 -0400 Subject: [PATCH 13/80] Move more packages into home manager --- home-manager/default.nix | 6 ++++- home-manager/programs/core.nix | 44 ++++++++++++++++++++++++++++++++++ modules/default.nix | 3 --- modules/programs/utils.nix | 41 ------------------------------- 4 files changed, 49 insertions(+), 45 deletions(-) diff --git a/home-manager/default.nix b/home-manager/default.nix index 95938e4..618cfce 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -31,6 +31,8 @@ with lib; with nLib; { # Programs programs = { util = { + # Core utilites + core = mkEnableOptionT "core"; # Ssh configuration, enabled by default ssh = mkEnableOptionT "ssh"; # Fish configuration, enabled by default @@ -38,12 +40,14 @@ with lib; with nLib; { # Git configuration, enabled by default git = { enable = mkEnableOptionT "git"; - gpgSign = mkEnableOptionT "git signatures"; + gpgSign = mkDefaultOption "git signatures" config.nathan.config.isDesktop; }; # Bat configuration, enabled by default bat = mkEnableOptionT "bat"; # JSON Utilities, enabled by default json = mkEnableOptionT "json"; + # Productivity application + productivity = mkDefaultOption "Productivity applications" config.nathan.config.isDesktop; }; # Swaywm and supoorting application configuration swaywm = { diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix index de5818e..ef9379d 100644 --- a/home-manager/programs/core.nix +++ b/home-manager/programs/core.nix @@ -2,6 +2,50 @@ with lib; { config = mkMerge [ + (mkIf config.nathan.programs.util.core { + home.packages = with pkgs; [ + # Rust rewrites of common shell utilites + exa + bat + fd + sd + du-dust + ripgrep + ripgrep-all + hyperfine + bottom + dogdns + duf + # User friendly cut + choose + # Man but terse + tealdeer + ]; + }) + (mkIf config.nathan.programs.util.productivity { + home.packages = with pkgs; [ + # Feh image viewer + feh + tokei + # Spell check + hunspell + hunspellDicts.en-us + # CLI Markdown renderer + glow + # Command line file manager + broot + # Much better curl + httpie + # CLI spreadsheets + visidata + # Cheatsheet manager + cheat + # Ping with a graph + gping + # Pandoc for documentation + pandoc + ]; + }) (mkIf config.nathan.programs.util.git.enable { ######################### ## Git configuration diff --git a/modules/default.nix b/modules/default.nix index 619eae7..fba83b3 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -75,9 +75,6 @@ in # Core utililtes I want on every system # Enabled by default core = mkEnableOptionT "utils-core"; - # Productivity utilites that make sense for a desktop - # Enabled by default on desktop - productivity = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; # Enable multi system emulation # Enabled by default on desktop binfmt = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; diff --git a/modules/programs/utils.nix b/modules/programs/utils.nix index afba516..a391756 100644 --- a/modules/programs/utils.nix +++ b/modules/programs/utils.nix @@ -15,23 +15,6 @@ with lib; unzip any-nix-shell htop - # Rust rewrites of common shell utilities - starship - exa - bat - fd - sd - du-dust - ripgrep - ripgrep-all - hyperfine - bottom - dogdns - duf - # User friendly cut - choose - # Man but terse - tealdeer # For nslookup dnsutils # Mosh for better high-latency ssh @@ -40,30 +23,6 @@ with lib; pv ]; }) - (mkIf nathan.programs.utils.productivity { - environment.systemPackages = with pkgs; [ - # Feh image viewer - feh - tokei - # Spell check - hunspell - hunspellDicts.en-us - # CLI Markdown renderer - glow - # Command line file manager - broot - # Much better curl - httpie - # CLI spreadsheets - visidata - # Cheatsheet manager - cheat - # Ping with a graph - gping - # Pandoc for documentation - pandoc - ]; - }) (mkIf nathan.programs.utils.binfmt { boot.binfmt.emulatedSystems = [ "aarch64-linux" From c6114eca929b3f209fad0013432bd7241094d76b Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 3 Jul 2022 00:41:42 -0400 Subject: [PATCH 14/80] Move machines folder --- flake.nix | 4 ++-- .../machines/levitation.nix => machines/levitation/home.nix | 0 home-manager/machines/x86vm.nix => machines/x86vm/home.nix | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename home-manager/machines/levitation.nix => machines/levitation/home.nix (100%) rename home-manager/machines/x86vm.nix => machines/x86vm/home.nix (100%) diff --git a/flake.nix b/flake.nix index 6abde5e..b792bc9 100644 --- a/flake.nix +++ b/flake.nix @@ -157,7 +157,7 @@ # FIXME borg backup module # Setup home manager - home-manager.users.nathan = import ./home-manager/machines/levitation.nix; + home-manager.users.nathan = import ./machines/levitation/home.nix; }) ]; }; @@ -178,7 +178,7 @@ nix.autoUpdate = false; }; }; - home-manager.users.nathan = import ./home-manager/machines/x86vm.nix; + home-manager.users.nathan = import ./machines/x86vm/home.nix; # Workaround to get sway working in qemu environment.variables = { diff --git a/home-manager/machines/levitation.nix b/machines/levitation/home.nix similarity index 100% rename from home-manager/machines/levitation.nix rename to machines/levitation/home.nix diff --git a/home-manager/machines/x86vm.nix b/machines/x86vm/home.nix similarity index 100% rename from home-manager/machines/x86vm.nix rename to machines/x86vm/home.nix From 806140b6ccafaeaf178bd168101e364a31f55093 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 3 Jul 2022 00:43:50 -0400 Subject: [PATCH 15/80] Create configuration.nix --- flake.nix | 71 +-------------------------- machines/levitation/configuration.nix | 54 ++++++++++++++++++++ machines/x86vm/configuration.nix | 19 +++++++ 3 files changed, 75 insertions(+), 69 deletions(-) create mode 100644 machines/levitation/configuration.nix create mode 100644 machines/x86vm/configuration.nix diff --git a/flake.nix b/flake.nix index b792bc9..0c047f7 100644 --- a/flake.nix +++ b/flake.nix @@ -107,58 +107,7 @@ hostName = "levitation"; extraModules = [ ./hardware/levitation.nix - ({ pkgs, config, lib, ... }: { - # sops for borg - sops.secrets."borg-ssh-key" = { - sopsFile = ./secrets/levitation/borg.yaml; - format = "yaml"; - }; - sops.secrets."borg-password" = { - sopsFile = ./secrets/levitation/borg.yaml; - format = "yaml"; - }; - # Setup system configuration - nathan = { - programs = { - games = true; - }; - services = { - borg = { - enable = true; - extraExcludes = [ - "/home/${config.nathan.config.user}/Music" - "/var/lib/docker" - "/var/log" - ]; - passwordFile = config.sops.secrets."borg-password".path; - sshKey = config.sops.secrets."borg-ssh-key".path; - }; - }; - config = { - isDesktop = true; - setupGrub = true; - nix.autoUpdate = false; - harden = false; - }; - }; - # Configure networking - networking = { - domain = "mccarty.io"; - useDHCP = false; - interfaces.enp6s0.useDHCP = true; - nat.externalInterface = "enp6s0"; - # Open ports for soulseek - # TODO add in soulseek - firewall = { - allowedTCPPorts = [ 61377 ]; - allowedUDPPorts = [ 61377 ]; - }; - }; - # FIXME borg backup module - - # Setup home manager - home-manager.users.nathan = import ./machines/levitation/home.nix; - }) + ./machines/levitation/configuration.nix ]; }; @@ -168,23 +117,7 @@ extraModules = [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" - ({ pkgs, config, lib, ... }: { - nathan = { - programs = { - games = true; - }; - config = { - isDesktop = true; - nix.autoUpdate = false; - }; - }; - home-manager.users.nathan = import ./machines/x86vm/home.nix; - - # Workaround to get sway working in qemu - environment.variables = { - "WLR_RENDERER" = "pixman"; - }; - }) + ./machines/x86vm/configuration.nix ]; }; }; diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix new file mode 100644 index 0000000..0a8a4aa --- /dev/null +++ b/machines/levitation/configuration.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +{ + # sops for borg + sops.secrets."borg-ssh-key" = { + sopsFile = ../../secrets/levitation/borg.yaml; + format = "yaml"; + }; + sops.secrets."borg-password" = { + sopsFile = ../../secrets/levitation/borg.yaml; + format = "yaml"; + }; + # Setup system configuration + nathan = { + programs = { + games = true; + }; + services = { + borg = { + enable = true; + extraExcludes = [ + "/home/${config.nathan.config.user}/Music" + "/var/lib/docker" + "/var/log" + ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + }; + config = { + isDesktop = true; + setupGrub = true; + nix.autoUpdate = false; + harden = false; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.enp6s0.useDHCP = true; + nat.externalInterface = "enp6s0"; + # Open ports for soulseek + # TODO add in soulseek + firewall = { + allowedTCPPorts = [ 61377 ]; + allowedUDPPorts = [ 61377 ]; + }; + }; + # FIXME borg backup module + + # Setup home manager + home-manager.users.nathan = import ./home.nix; +} diff --git a/machines/x86vm/configuration.nix b/machines/x86vm/configuration.nix new file mode 100644 index 0000000..a7d4a1a --- /dev/null +++ b/machines/x86vm/configuration.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + programs = { + games = true; + }; + config = { + isDesktop = true; + nix.autoUpdate = false; + }; + }; + home-manager.users.nathan = import ./home.nix; + + # Workaround to get sway working in qemu + environment.variables = { + "WLR_RENDERER" = "pixman"; + }; +} From 9c95870b2b1f5d8c36d3720db9bc8839ab95b1c8 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 3 Jul 2022 23:34:12 -0400 Subject: [PATCH 16/80] Cosmetic tweaks --- doom.d/config.el | 24 ++++++++----- doom.d/config.org | 32 +++++++++++------ home-manager/programs/core.nix | 2 ++ home-manager/programs/sway.nix | 65 ++++++++++++++++++---------------- 4 files changed, 73 insertions(+), 50 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index ea903c4..d4428f8 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -22,7 +22,8 @@ ;; accept. For example: ;; (setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) - doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15)) + doom-unicode-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) + doom-variable-pitch-font (font-spec :family "Fira" :size 15)) ;; ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them ;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to @@ -99,7 +100,8 @@ :config (setq mixed-pitch-set-height t)) -(setq doom-modeline-buffer-file-name-style 'truncate-with-project) +(setq doom-modeline-buffer-file-name-style 'truncate-with-project + doom-modeline-mu4e t) (display-time-mode 1) @@ -338,10 +340,14 @@ work if it thinks it needs to." message-sendmail-extra-arguments '("--read-envelope-from") message-send-mail-function #'message-send-mail-with-sendmail)) -(set-email-account! "mccarty.io" - '((mu4e-sent-folder . "/nathan@mccarty.io/Sent") - (mu4e-drafts-folder . "/nathan@mccarty.io/Drafts") - (mu4e-trash-folder . "/nathan@mccarty.io/Trash") - (mu4e-refile-folder . "/nathan@mccarty.io/Archive") - (smtpmail-smtp-user . "nathan@mccarty.io")) - t) +(after! mu4e + (set-email-account! "mccarty.io" + '((mu4e-sent-folder . "/nathan@mccarty.io/Sent") + (mu4e-drafts-folder . "/nathan@mccarty.io/Drafts") + (mu4e-trash-folder . "/nathan@mccarty.io/Trash") + (mu4e-refile-folder . "/nathan@mccarty.io/Archive") + (smtpmail-smtp-user . "nathan@mccarty.io")) + t)) + +(after! mu4e + (mu4e-alert-enable-mode-line-display)) diff --git a/doom.d/config.org b/doom.d/config.org index 202d37e..4f5e8a8 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -33,7 +33,8 @@ The provided default ~config.el~ ;; accept. For example: ;; (setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) - doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15)) + doom-unicode-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) + doom-variable-pitch-font (font-spec :family "Fira" :size 15)) ;; ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them ;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to @@ -122,9 +123,12 @@ This tweak applies to: Setting ~mixed-pitch-set-height~ is required to get ~mixed-pitch-mode~ to render fonts with the correct size in doom emacs, apparently. ** Modeline configuration -Configure the modeline to truncate with project (so that ~~/Projects/Asuran/replicator/src/lib.rs~ becomes ~replicator/s/lib.rs~) +Configure the modeline to: + + truncate with project (so that ~~/Projects/Asuran/replicator/src/lib.rs~ becomes ~replicator/s/lib.rs~) + + Show the mu4e alert #+begin_src emacs-lisp -(setq doom-modeline-buffer-file-name-style 'truncate-with-project) +(setq doom-modeline-buffer-file-name-style 'truncate-with-project + doom-modeline-mu4e t) #+end_src Display the current time in the modeline @@ -539,13 +543,19 @@ First, tell mu4e to use msmtp message-sendmail-extra-arguments '("--read-envelope-from") message-send-mail-function #'message-send-mail-with-sendmail)) #+end_src -Then tell it where our account's stuff is +Tell it where our account's stuff is #+begin_src emacs-lisp -(set-email-account! "mccarty.io" - '((mu4e-sent-folder . "/nathan@mccarty.io/Sent") - (mu4e-drafts-folder . "/nathan@mccarty.io/Drafts") - (mu4e-trash-folder . "/nathan@mccarty.io/Trash") - (mu4e-refile-folder . "/nathan@mccarty.io/Archive") - (smtpmail-smtp-user . "nathan@mccarty.io")) - t) +(after! mu4e + (set-email-account! "mccarty.io" + '((mu4e-sent-folder . "/nathan@mccarty.io/Sent") + (mu4e-drafts-folder . "/nathan@mccarty.io/Drafts") + (mu4e-trash-folder . "/nathan@mccarty.io/Trash") + (mu4e-refile-folder . "/nathan@mccarty.io/Archive") + (smtpmail-smtp-user . "nathan@mccarty.io")) + t)) +#+end_src +Tell it to enable the modeline display +#+begin_src emacs-lisp +(after! mu4e + (mu4e-alert-enable-mode-line-display)) #+end_src diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix index ef9379d..918ee16 100644 --- a/home-manager/programs/core.nix +++ b/home-manager/programs/core.nix @@ -20,6 +20,8 @@ with lib; choose # Man but terse tealdeer + # rsync for _The Cloud_ :tm: + rclone ]; }) (mkIf config.nathan.programs.util.productivity { diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 3386cb6..f1bfb50 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -57,9 +57,19 @@ with lib; smartGaps = true; inner = 9; }; - # disable borders + # Window configuration window = { - border = 0; + # Configure borders + border = 2; + # Application specific configuration + commands = [ + { + command = "floating enable"; + criteria = { + app_id = "pinentry-qt"; + }; + } + ]; }; # Use windows key as modifier modifier = "Mod4"; @@ -67,7 +77,7 @@ with lib; terminal = "alacritty"; # Use krunner (from kde) as our launcher menu = '' - fuzzel -f Fira -b "103c48ff" -S "adbcbcff" -s "184956ff" -t "72898fff" -B 5 -r 5 -C "ed8649ff" + fuzzel -f "Fira Sans" -b "103c48ff" -S "adbcbcff" -s "184956ff" -t "72898fff" -B 5 -r 5 -C "ed8649ff" ''; # Use waybar, but through systemd bars = [ @@ -77,38 +87,38 @@ with lib; ]; # Use fira fonts = { - names = [ "Fira" ]; + names = [ "Fira Sans" ]; size = 10.0; }; # Selenize it colors = { focused = { - border = "75b938"; - background = "184956"; - text = "adbcbc"; - indicator = "fa5750"; - childBorder = "75b938"; + border = "#75b938"; + background = "#184956"; + text = "#adbcbc"; + indicator = "#84c747"; + childBorder = "#75b938"; }; focusedInactive = { - border = "84c747"; - background = "103c48"; - text = "adbcbc"; - indicator = "fa5750"; - childBorder = "84c747"; + border = "#41c7b9"; + background = "#103c48"; + text = "#adbcbc"; + indicator = "#53d6c7"; + childBorder = "#41c7b9"; }; unfocused = { - border = "72898f"; - background = "103c48"; - text = "72898f"; - indicator = "fa5750"; - childBorder = "72898f"; + border = "#72898f"; + background = "#103c48"; + text = "#72898f"; + indicator = "#adbcbc"; + childBorder = "#72898f"; }; urgent = { - border = "f275be"; - background = "184956"; - text = "fa5750"; - indicator = "fa5750"; - childBorder = "f275be"; + border = "#f275be"; + background = "#184956"; + text = "#fa5750"; + indicator = "#fa5750"; + childBorder = "#f275be"; }; }; # Setup keybindings @@ -132,12 +142,7 @@ with lib; # Mako, the notification daemon { command = "mako"; } ]; - # Other stuff }; - # disable transparency for minecraft - extraConfig = '' - for_window [title=".*Minecraft.*"] opacity 1 - ''; }; ######################### ## Mako (notifications) @@ -151,7 +156,7 @@ with lib; # Border configuration borderSize = 3; # Use Fira Code for font - font = "Fira 10"; + font = "Fira Sans 10"; # Group by application groupBy = "app-name"; # Bottom right corner From de1f8fb95b3fa995872b5a212ef92de893d8f76e Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 3 Jul 2022 23:38:01 -0400 Subject: [PATCH 17/80] oop --- doom.d/config.el | 2 +- doom.d/config.org | 2 +- home-manager/programs/sway.nix | 38 +++++++++++++++++----------------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index d4428f8..c79fe0d 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -23,7 +23,7 @@ ;; (setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) doom-unicode-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) - doom-variable-pitch-font (font-spec :family "Fira" :size 15)) + doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15)) ;; ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them ;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to diff --git a/doom.d/config.org b/doom.d/config.org index 4f5e8a8..a3b76ea 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -34,7 +34,7 @@ The provided default ~config.el~ ;; (setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) doom-unicode-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) - doom-variable-pitch-font (font-spec :family "Fira" :size 15)) + doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15)) ;; ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them ;; up, `M-x eval-region' to execute elisp code, and 'M-x doom/reload-font' to diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index f1bfb50..dcd3c84 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -93,32 +93,32 @@ with lib; # Selenize it colors = { focused = { - border = "#75b938"; - background = "#184956"; - text = "#adbcbc"; - indicator = "#84c747"; - childBorder = "#75b938"; + border = "75b938"; + background = "184956"; + text = "adbcbc"; + indicator = "84c747"; + childBorder = "75b938"; }; focusedInactive = { - border = "#41c7b9"; + border = "41c7b9"; background = "#103c48"; - text = "#adbcbc"; - indicator = "#53d6c7"; - childBorder = "#41c7b9"; + text = "adbcbc"; + indicator = "53d6c7"; + childBorder = "41c7b9"; }; unfocused = { - border = "#72898f"; - background = "#103c48"; - text = "#72898f"; - indicator = "#adbcbc"; - childBorder = "#72898f"; + border = "72898f"; + background = "103c48"; + text = "72898f"; + indicator = "adbcbc"; + childBorder = "72898f"; }; urgent = { - border = "#f275be"; - background = "#184956"; - text = "#fa5750"; - indicator = "#fa5750"; - childBorder = "#f275be"; + border = "f275be"; + background = "184956"; + text = "fa5750"; + indicator = "fa5750"; + childBorder = "f275be"; }; }; # Setup keybindings From 96a09e85012a2e82ad3b02c1bc64716c9a3c383c Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 4 Jul 2022 01:17:05 -0400 Subject: [PATCH 18/80] Tweak mu4e --- doom.d/config.el | 10 +++++++++- doom.d/config.org | 12 +++++++++++- home-manager/programs/devel.nix | 2 +- home-manager/services/email.nix | 9 ++++++++- 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index c79fe0d..b66f3c3 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -347,7 +347,15 @@ work if it thinks it needs to." (mu4e-trash-folder . "/nathan@mccarty.io/Trash") (mu4e-refile-folder . "/nathan@mccarty.io/Archive") (smtpmail-smtp-user . "nathan@mccarty.io")) - t)) + t) + (add-to-list 'mu4e-bookmarks + '(:name "Inbox - nathan@mccarty.io" + :key ?m + :query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed"))) (after! mu4e (mu4e-alert-enable-mode-line-display)) + +(setq +mu4e-backend nil) +(after! mu4e + mu4e-get-mail-command "true") diff --git a/doom.d/config.org b/doom.d/config.org index a3b76ea..a7980f9 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -552,10 +552,20 @@ Tell it where our account's stuff is (mu4e-trash-folder . "/nathan@mccarty.io/Trash") (mu4e-refile-folder . "/nathan@mccarty.io/Archive") (smtpmail-smtp-user . "nathan@mccarty.io")) - t)) + t) + (add-to-list 'mu4e-bookmarks + '(:name "Inbox - nathan@mccarty.io" + :key ?m + :query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed"))) #+end_src Tell it to enable the modeline display #+begin_src emacs-lisp (after! mu4e (mu4e-alert-enable-mode-line-display)) #+end_src +Tell it not to update the mail itself, we have a systemd unit for that +#+begin_src emacs-lisp +(setq +mu4e-backend nil) +(after! mu4e + mu4e-get-mail-command "true") +#+end_src diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix index c07ca6c..a1271df 100644 --- a/home-manager/programs/devel.nix +++ b/home-manager/programs/devel.nix @@ -87,7 +87,7 @@ with lib; with nLib; { }) # JavaScript/TypeScript Development (mkIf devel.js { - home.packages = with unstable; [ + home.packages = with pkgs; [ nodejs yarn nodePackages.typescript diff --git a/home-manager/services/email.nix b/home-manager/services/email.nix index 7ba2cc8..09bb627 100644 --- a/home-manager/services/email.nix +++ b/home-manager/services/email.nix @@ -77,7 +77,14 @@ with lib; { }; services.mbsync = { enable = true; - postExec = "${pkgs.mu}/bin/mu index"; + # Index manually with mu if we don't have emacs setup, but if we have the emacs service setup, + # run through emacsclient, as it will have the lock + postExec = + if config.nathan.programs.emacs.service + then + ''${config.nathan.programs.emacs.package}/bin/emacsclient --eval "(mu4e-update-mail-and-index t)"'' + else + "${pkgs.mu}/bin/mu index"; }; # Setup mu for indexing emails programs.mu = { From 0ecb8aa1c8ebf4d5b8dfada617d33efca1f04bab Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 4 Jul 2022 17:34:15 -0400 Subject: [PATCH 19/80] Add nfs shares --- hardware/levitation.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hardware/levitation.nix b/hardware/levitation.nix index 8e5ae05..a33b700 100644 --- a/hardware/levitation.nix +++ b/hardware/levitation.nix @@ -61,6 +61,14 @@ device = "10.0.0.139:/mnt/tank/root/nathan/music"; fsType = "nfs"; }; + fileSystems."/mnt/general" = { + device = "10.0.0.139:/mnt/tank/root/shares/general"; + fsType = "nfs"; + }; + fileSystems."/mnt/archive" = { + device = "10.0.0.139:/mnt/tank/root/shares/archive"; + fsType = "nfs"; + }; swapDevices = [{ From 2088ad70728a60c3309942c3855585e1cb0e5d71 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 4 Jul 2022 17:41:18 -0400 Subject: [PATCH 20/80] Allow mounting a BitLocker encrypted partition Add the windows module --- home-manager/programs/emacs.nix | 6 +++++- machines/levitation/configuration.nix | 30 +++++++++++++++++++------- modules/default.nix | 22 +++++++++++++++++++ modules/services/borg.nix | 1 + modules/windows.nix | 31 +++++++++++++++++++++++++++ scripts/windows/mount.sh | 29 +++++++++++++++++++++++++ scripts/windows/unmount.sh | 24 +++++++++++++++++++++ secrets/levitation/windows.yaml | 30 ++++++++++++++++++++++++++ 8 files changed, 164 insertions(+), 9 deletions(-) create mode 100644 modules/windows.nix create mode 100755 scripts/windows/mount.sh create mode 100755 scripts/windows/unmount.sh create mode 100644 secrets/levitation/windows.yaml diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix index 2ce90ca..71aaed3 100644 --- a/home-manager/programs/emacs.nix +++ b/home-manager/programs/emacs.nix @@ -39,7 +39,11 @@ services.emacs = { enable = config.nathan.programs.emacs.service; client.enable = true; - defaultEditor = true; + }; + # Set editor + home.sessionVariables = { + EDITOR = "emacsclient"; + VISUAL = "emacsclient"; }; }; } diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix index 0a8a4aa..90ae49f 100644 --- a/machines/levitation/configuration.nix +++ b/machines/levitation/configuration.nix @@ -1,14 +1,20 @@ { config, lib, pkgs, ... }: { - # sops for borg - sops.secrets."borg-ssh-key" = { - sopsFile = ../../secrets/levitation/borg.yaml; - format = "yaml"; - }; - sops.secrets."borg-password" = { - sopsFile = ../../secrets/levitation/borg.yaml; - format = "yaml"; + # Sops setup for this machine + sops.secrets = { + "borg-ssh-key" = { + sopsFile = ../../secrets/levitation/borg.yaml; + format = "yaml"; + }; + "borg-password" = { + sopsFile = ../../secrets/levitation/borg.yaml; + format = "yaml"; + }; + "windows-bitlocker-key" = { + sopsFile = ../../secrets/levitation/windows.yaml; + format = "yaml"; + }; }; # Setup system configuration nathan = { @@ -32,6 +38,14 @@ setupGrub = true; nix.autoUpdate = false; harden = false; + windows = { + enable = true; + mount = { + device = "/dev/nvme0n1p3"; + mountPoint = "/mnt/windows"; + keyFile = config.sops.secrets."windows-bitlocker-key".path; + }; + }; }; }; # Configure networking diff --git a/modules/default.nix b/modules/default.nix index fba83b3..1758e39 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,6 +10,7 @@ in ./swaywm.nix ./hardware.nix ./virtualization.nix + ./windows.nix ./programs/games.nix ./programs/gpg.nix ./programs/utils.nix @@ -147,6 +148,27 @@ in lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; }; + # Support for interacting with a dual booted windows system + windows = { + enable = mkEnableOption "Windows Integration"; + mount = { + enable = mkDefaultOption "Mount a bitlockered windows partition" config.nathan.config.windows.enable; + device = mkOption { + description = "Device to mount"; + example = "/dev/sda2"; + type = types.str; + }; + mountPoint = mkOption { + description = "Location to mount the device to"; + example = "/dev/sda2"; + type = types.str; + }; + keyFile = mkOption { + description = "File containing the recovery key for the partition"; + type = types.str; + }; + }; + }; }; }; }; diff --git a/modules/services/borg.nix b/modules/services/borg.nix index 34df290..06ccf29 100644 --- a/modules/services/borg.nix +++ b/modules/services/borg.nix @@ -22,6 +22,7 @@ with lib; { "/home/${config.nathan.config.user}/.local/share/Steam" "/home/${config.nathan.config.user}/*/Cache" "/home/*/Downloads" + "/var/dislocker" ]; repo = "${config.nathan.services.borg.location}/${config.networking.hostName}"; encryption = { diff --git a/modules/windows.nix b/modules/windows.nix new file mode 100644 index 0000000..734fd45 --- /dev/null +++ b/modules/windows.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib;{ + config = mkIf config.nathan.config.windows.enable { + # Enable ntfs support + boot.supportedFilesystems = [ "ntfs" ]; + # Install dislocker for mounting bitlocker encrypted partitions + environment.systemPackages = with pkgs; [ + dislocker + ]; + + systemd.services.mount-windows = + let + mount = config.nathan.config.windows.mount; + in + mkIf mount.enable { + description = "Mount ${mount.device} to ${mount.mountPoint}"; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + bash + dislocker + ]; + serviceConfig = { + Type = "forking"; + ExecStart = + "${../scripts/windows/mount.sh} ${mount.device} ${mount.mountPoint} ${mount.keyFile}"; + ExecStop = "${../scripts/windows/unmount.sh} ${mount.device} ${mount.mountPoint}"; + }; + }; + }; +} diff --git a/scripts/windows/mount.sh b/scripts/windows/mount.sh new file mode 100755 index 0000000..6f233eb --- /dev/null +++ b/scripts/windows/mount.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +### Mounts the given, bitlocker encrypted, ntfs partition +### +### Arguments: +### 1. The device to mount +### 2. The path to mount at +### 3. The path to the recovery code file + +### +## Setup +### +# Turn on the guard rails +set -eou pipefail +# Parse out the name of the device +DEVICE_NAME=$(basename $1) +# Make sure our /var directory exists +mkdir -p /var/dislocker/$DEVICE_NAME +# Make sure that the mountpoint exists +mkdir -p $2 + +### +## Mount dislocker +### +dislocker-fuse -V $1 -p"$(cat $3)" -- /var/dislocker/$DEVICE_NAME + +### +## Mount the underlying ntfs partition +### +/run/wrappers/bin/mount -t ntfs-3g -o loop /var/dislocker/$DEVICE_NAME/dislocker-file $2 diff --git a/scripts/windows/unmount.sh b/scripts/windows/unmount.sh new file mode 100755 index 0000000..4792c8e --- /dev/null +++ b/scripts/windows/unmount.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +### Unmounts the given, bitlocker encrypted, ntfs partition +### +### Arguments: +### 1. The device to mount +### 2. The path to mount at + +### +## Setup +### +# Turn on the guard rails +set -xeou pipefail +# Parse out the name of the device +DEVICE_NAME=$(basename $1) + +### +## Unmount the NTFS Partiion +### +umount $2 + +### +## Unmount the dislocker-file +### +/run/wrappers/bin/umount /var/dislocker/$DEVICE_NAME/ diff --git a/secrets/levitation/windows.yaml b/secrets/levitation/windows.yaml new file mode 100644 index 0000000..aecb4fc --- /dev/null +++ b/secrets/levitation/windows.yaml @@ -0,0 +1,30 @@ +windows-bitlocker-key: ENC[AES256_GCM,data:44FRgH2jVyou2+MGBb35cS+GTRyx4AYPvLtLo5tvf5T6LcboPRparVMVk4JhnNwy4arEEUuh1A==,iv:QEVUz4nyiFL0UgQ+pEeng/CNhSSmZxpWJ7y9PO8wNKU=,tag:c3/zWa8g6i4IrYWmehLcHg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dnJuYjFiY2c2QUE4V204 + QlFLV0tZZHpqdmx0YThuOHhVL0tUOXhFb1NjCmE0TnQ1RFY0WWNYOGRZUFkvbjRl + L3BtbDM3eWVUTUhwTXZEZWREdjR4OEUKLS0tIHArSXhDc2dIaXU3emNwc2haYTZy + Q2RxRXpqdkdKNGFtN0M0Y3VEbC9pSDgKYqmhvzyuDsO0s8ZkOO8nuF05aPHPiRxJ + QCLAyh92/O4GOKv1WczpdSUmsEk6J3/krjtyn1qH56RvqfRfUwZaSA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyNHhiTnBZbUh4OTNMS3VJ + WDZyam8vSEVMYkh5bXljcitzS3N1TGxKN2wwCjZsRWNyWU94WGpCcE5Nb3g3WEhs + YTNhd0tzRU1ON0NWUjl2N3J4bHNkUFUKLS0tIFF5eTZIUXpVU3k2ZExvSDJLZElB + YUlNT1crUjZtcDBWWHZVM3N3SDkvUjAKRrUqT0aRYZXYXpphh8OKz9h+BXkq+RLn + Hop/TKukRIK70B0cd/PnbEwaA2qw/uRsDdOJCPUupO/U0rm0b0iiOA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-07-05T04:40:28Z" + mac: ENC[AES256_GCM,data:e6IQs7sbZCaa0Faiv8OtP8V0DnJgwAMTcUu3Y85HXjne1VaM4CAv8ufJQQYU8o5T1D/1+ys1AbrzHtMMWeM/svF+6rAD+GGHbbDcDb+50Ad22Xiq90T/x0fz/TmXpR+zyhsjIsl3s1JGRALiodPvUcgRLcnDavTVeRbckQYgkNI=,iv:MaUrsxozwc5nySB/BeYFKQ0PN26k9MdeWCPy0mrdaIU=,tag:zt1rIYw+Ipas+RKmZkTpvw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From c4acff47217ddab392262789a6915ae5eb4cee61 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Tue, 5 Jul 2022 01:07:47 -0400 Subject: [PATCH 21/80] Emacs tweaks - Setup mu4e bookmarks how I like them - Configure Alert - Cleanup TODOs - Setup anki-editor --- doom.d/config.el | 25 +++++++++++++++++--- doom.d/config.org | 33 ++++++++++++++++++++++++--- doom.d/init.el | 4 ++-- doom.d/packages.el | 2 ++ home-manager/programs/devel.nix | 3 --- home-manager/programs/emacs.nix | 21 ++++++++++++++++- home-manager/services/email.nix | 1 - machines/levitation/configuration.nix | 2 -- modules/desktop.nix | 2 +- 9 files changed, 77 insertions(+), 16 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index b66f3c3..729cef4 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -108,6 +108,11 @@ (after! treemacs (setq treemacs-width 25)) +(use-package! alert + :config + ;; TODO: Make this conditional so we can make the correct choice on macos + (setq alert-default-style 'libnotify)) + (setq-default fill-column 100) (after! avy @@ -261,6 +266,8 @@ work if it thinks it needs to." "* %a :website:\n\n%U %?\n\n%:initial") org-capture-templates)) +(use-package! anki-editor) + (use-package! magit-todos :hook (magit-mode . magit-todos-mode)) @@ -347,15 +354,27 @@ work if it thinks it needs to." (mu4e-trash-folder . "/nathan@mccarty.io/Trash") (mu4e-refile-folder . "/nathan@mccarty.io/Archive") (smtpmail-smtp-user . "nathan@mccarty.io")) - t) + t)) + +(after! mu4e + (setq mu4e-bookmarks '()) + (add-to-list 'mu4e-bookmarks + '(:name "All Mail" + :key ?a + :query "NOT flag:trashed")) (add-to-list 'mu4e-bookmarks '(:name "Inbox - nathan@mccarty.io" :key ?m - :query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed"))) + :query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed")) + (add-to-list 'mu4e-bookmarks + '(:name "Unread" + :key ?u + :query "flag:unread AND NOT flag:trashed"))) (after! mu4e (mu4e-alert-enable-mode-line-display)) (setq +mu4e-backend nil) (after! mu4e - mu4e-get-mail-command "true") + (setq mu4e-get-mail-command "true" + mu4e-update-interval 300)) diff --git a/doom.d/config.org b/doom.d/config.org index a7980f9..fa249d0 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -142,6 +142,14 @@ Configure treemacs, doing the following: (after! treemacs (setq treemacs-width 25)) #+end_src +** Alert +Configure notifications that originate from within emacs +#+begin_src emacs-lisp +(use-package! alert + :config + ;; TODO: Make this conditional so we can make the correct choice on macos + (setq alert-default-style 'libnotify)) +#+end_src * Basic Editing ** Fill Column Set the default fill column to 100 @@ -370,6 +378,11 @@ The default template for org-protocol-capture-html "* %a :website:\n\n%U %?\n\n%:initial") org-capture-templates)) #+end_src +** anki-editor +Flash cards from within emacs. +#+begin_src emacs-lisp +(use-package! anki-editor) +#+end_src * General Modes ** Magit Further configuration for magit @@ -552,11 +565,24 @@ Tell it where our account's stuff is (mu4e-trash-folder . "/nathan@mccarty.io/Trash") (mu4e-refile-folder . "/nathan@mccarty.io/Archive") (smtpmail-smtp-user . "nathan@mccarty.io")) - t) + t)) +#+end_src +Setup our bookmarks, resetting the list of bookmarks first so we can go completely custom +#+begin_src emacs-lisp +(after! mu4e + (setq mu4e-bookmarks '()) + (add-to-list 'mu4e-bookmarks + '(:name "All Mail" + :key ?a + :query "NOT flag:trashed")) (add-to-list 'mu4e-bookmarks '(:name "Inbox - nathan@mccarty.io" :key ?m - :query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed"))) + :query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed")) + (add-to-list 'mu4e-bookmarks + '(:name "Unread" + :key ?u + :query "flag:unread AND NOT flag:trashed"))) #+end_src Tell it to enable the modeline display #+begin_src emacs-lisp @@ -567,5 +593,6 @@ Tell it not to update the mail itself, we have a systemd unit for that #+begin_src emacs-lisp (setq +mu4e-backend nil) (after! mu4e - mu4e-get-mail-command "true") + (setq mu4e-get-mail-command "true" + mu4e-update-interval 300)) #+end_src diff --git a/doom.d/init.el b/doom.d/init.el index 47020ee..354de39 100644 --- a/doom.d/init.el +++ b/doom.d/init.el @@ -22,7 +22,7 @@ doom ; what makes DOOM look the way it does doom-dashboard ; a nifty splash screen for Emacs (emoji +unicode +github) ; 🙂 - hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW + hl-todo ; highlight todo-words indent-guides ; highlighted indent columns ;;(ligatures +fira) ; ligatures and symbols to make your code pretty again modeline ; snazzy, Atom-inspired modeline, plus API @@ -60,7 +60,7 @@ (spell +flyspell +hunspell +everywhere) ; tasing you for misspelling mispelling :tools - (debugger +lsp) ; FIXME stepping through code, to help you add bugs + (debugger +lsp) ; stepping through code, to help you add bugs direnv docker editorconfig ; let someone else argue about tabs vs spaces diff --git a/doom.d/packages.el b/doom.d/packages.el index 84d3d3e..3a6b257 100644 --- a/doom.d/packages.el +++ b/doom.d/packages.el @@ -62,3 +62,5 @@ (package! grip-mode) (package! org-protocol-capture-html) (package! org-superstar) +(package! alert) +(package! anki-editor) diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix index a1271df..cc6cc85 100644 --- a/home-manager/programs/devel.nix +++ b/home-manager/programs/devel.nix @@ -103,6 +103,3 @@ with lib; with nLib; { }) ]; } - - -# TODO: Add pyright and python3Full under python module diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix index 71aaed3..33b7093 100644 --- a/home-manager/programs/emacs.nix +++ b/home-manager/programs/emacs.nix @@ -13,6 +13,10 @@ sqlite # For latex editing texlive.combined.scheme-medium + # For notifications + libnotify + # For flash cards + anki ]; # Setup doom emacs programs.doom-emacs = { @@ -24,7 +28,7 @@ pname = "org-protocol-capture-html"; ename = "org-protocol-capture-html"; version = "0.0.0"; - buildInputs = [ self.s ]; + packageRequires = [ self.s ]; src = pkgs.fetchFromGitHub { owner = "alphapapa"; repo = "org-protocol-capture-html"; @@ -32,6 +36,21 @@ hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI="; }; }; + anki-editor = self.trivialBuild { + pname = "anki-editor"; + ename = "anki-editor"; + version = "0.3.1"; + packageRequires = with self; [ + dash + request + ]; + src = pkgs.fetchFromGitHub { + owner = "billop"; + repo = "anki-editor"; + rev = "c11187a79a980a738af608c98f8de2cdc1d988be"; + hash = "sha256-3R9bEu982a9Tq+hXy+ALFF/N2NwK9MsqDELFVGHV09I="; + }; + }; }; extraPackages = [ pkgs.mu ]; }; diff --git a/home-manager/services/email.nix b/home-manager/services/email.nix index 09bb627..8387ca4 100644 --- a/home-manager/services/email.nix +++ b/home-manager/services/email.nix @@ -35,7 +35,6 @@ with lib; { primary = true; realName = "Nathan McCarty"; userName = "nathan@mccarty.io"; - # TODO: Move into `pass` passwordCommand = "${pkgs.pass}/bin/pass protonmail-bridge-password"; aliases = [ "thatonelutenist@protonmail.com" diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix index 90ae49f..a1bf065 100644 --- a/machines/levitation/configuration.nix +++ b/machines/levitation/configuration.nix @@ -55,13 +55,11 @@ interfaces.enp6s0.useDHCP = true; nat.externalInterface = "enp6s0"; # Open ports for soulseek - # TODO add in soulseek firewall = { allowedTCPPorts = [ 61377 ]; allowedUDPPorts = [ 61377 ]; }; }; - # FIXME borg backup module # Setup home manager home-manager.users.nathan = import ./home.nix; diff --git a/modules/desktop.nix b/modules/desktop.nix index 8375856..9cbf1cc 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -64,7 +64,7 @@ with lib; { ]; # Add noisetorch for microphone noise canceling programs.noisetorch = { - enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 + enable = true; }; # Configure fonts }) From 6186bdf1d18e246e9cf728c2af8358e8ea4631b0 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Tue, 5 Jul 2022 12:11:23 -0400 Subject: [PATCH 22/80] Deploy cludge for chromium --- home-manager/programs/sway.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index dcd3c84..8748d9b 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -69,6 +69,13 @@ with lib; app_id = "pinentry-qt"; }; } + # Work around for chrome ui bug + { + command = "shortcuts_inhibitor disable"; + criteria = { + app_id = "^chrome-.*__-.*$"; + }; + } ]; }; # Use windows key as modifier From dcb7cef1d58597d10f150d4e14cb60f6a7572c04 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Tue, 5 Jul 2022 19:57:35 -0400 Subject: [PATCH 23/80] Fix emacs email updating --- scripts/update-mu4e.sh | 1 + 1 file changed, 1 insertion(+) create mode 100755 scripts/update-mu4e.sh diff --git a/scripts/update-mu4e.sh b/scripts/update-mu4e.sh new file mode 100755 index 0000000..f1f641a --- /dev/null +++ b/scripts/update-mu4e.sh @@ -0,0 +1 @@ +#!/usr/bin/env bash From 148c39fbd2c459e3d48712b3300943cfa8deee2a Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Wed, 6 Jul 2022 01:14:56 -0400 Subject: [PATCH 24/80] Add sccache --- home-manager/programs/devel.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix index cc6cc85..6a3bd28 100644 --- a/home-manager/programs/devel.nix +++ b/home-manager/programs/devel.nix @@ -65,6 +65,8 @@ with lib; with nLib; { cargo-play # Quickly execute code outside of a crate # For building stuff that uses protocol buffers protobuf + # For faster builds + sccache ]; }) # JVM Development From cc139355c31e045204a7d4b49479286f6e91271e Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Wed, 6 Jul 2022 01:15:21 -0400 Subject: [PATCH 25/80] Fix mu4e --- doom.d/config.el | 5 ++++- doom.d/config.org | 7 ++++++- home-manager/programs/emacs.nix | 9 +++++++++ home-manager/services/email.nix | 3 ++- scripts/update-mu4e.sh | 4 ++++ 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index 729cef4..3ceeca8 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -377,4 +377,7 @@ work if it thinks it needs to." (setq +mu4e-backend nil) (after! mu4e (setq mu4e-get-mail-command "true" - mu4e-update-interval 300)) + mu4e-update-interval nil)) + +(after! mu4e + (setq mu4e-change-filenames-when-moving t)) diff --git a/doom.d/config.org b/doom.d/config.org index fa249d0..36bffd1 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -594,5 +594,10 @@ Tell it not to update the mail itself, we have a systemd unit for that (setq +mu4e-backend nil) (after! mu4e (setq mu4e-get-mail-command "true" - mu4e-update-interval 300)) + mu4e-update-interval nil)) +#+end_src +We need to tell mu4e to rename files when they are moved, or else mbsync will break, see [[https://github.com/djcb/mu/issues/613#issuecomment-166714305][issue]] and [[http://tiborsimko.org/mbsync-duplicate-uid.html][blog post]] +#+begin_src emacs-lisp +(after! mu4e + (setq mu4e-change-filenames-when-moving t)) #+end_src diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix index 33b7093..dc93344 100644 --- a/home-manager/programs/emacs.nix +++ b/home-manager/programs/emacs.nix @@ -17,6 +17,15 @@ libnotify # For flash cards anki + # Desktop file for org-protocol + (makeDesktopItem { + name = "org-protocol"; + exec = "emacsclient %u"; + comment = "Org protocol"; + desktopName = "org-protocol"; + type = "Application"; + mimeTypes = [ "x-scheme-handler/org-protocol" ]; + }) ]; # Setup doom emacs programs.doom-emacs = { diff --git a/home-manager/services/email.nix b/home-manager/services/email.nix index 8387ca4..05a0fd0 100644 --- a/home-manager/services/email.nix +++ b/home-manager/services/email.nix @@ -60,6 +60,7 @@ with lib; { mbsync = { enable = true; create = "maildir"; + remove = "both"; }; mu.enable = true; msmtp = { @@ -81,7 +82,7 @@ with lib; { postExec = if config.nathan.programs.emacs.service then - ''${config.nathan.programs.emacs.package}/bin/emacsclient --eval "(mu4e-update-mail-and-index t)"'' + "${../../scripts/update-mu4e.sh}" else "${pkgs.mu}/bin/mu index"; }; diff --git a/scripts/update-mu4e.sh b/scripts/update-mu4e.sh index f1f641a..772a7b1 100755 --- a/scripts/update-mu4e.sh +++ b/scripts/update-mu4e.sh @@ -1 +1,5 @@ #!/usr/bin/env bash +# Turn on the guard rails +set -exou pipefail +# Tell emacs to update mu4e +emacsclient --eval "(mu4e-update-index)" From 18913693e847d6fc2ca75f658eba4c72ca2e9e00 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Wed, 6 Jul 2022 01:42:31 -0400 Subject: [PATCH 26/80] Add wsl "machine" --- flake.lock | 93 ++++++++++++++++++++++++++++++- flake.nix | 33 +++++++++++ machines/hyperv/configuration.nix | 28 ++++++++++ machines/hyperv/home.nix | 46 +++++++++++++++ machines/wsl/configuration.nix | 24 ++++++++ machines/wsl/home.nix | 30 ++++++++++ modules/default.nix | 6 ++ 7 files changed, 259 insertions(+), 1 deletion(-) create mode 100644 machines/hyperv/configuration.nix create mode 100644 machines/hyperv/home.nix create mode 100644 machines/wsl/configuration.nix create mode 100644 machines/wsl/home.nix diff --git a/flake.lock b/flake.lock index a7bedd1..ef1df14 100644 --- a/flake.lock +++ b/flake.lock @@ -190,6 +190,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1656065134, @@ -220,6 +236,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "format-all": { "flake": false, "locked": { @@ -390,6 +421,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1655901362, + "narHash": "sha256-1cPiO869Dr3hqn1qhqd6amvw5U0PB7XDSdwMsIMWNiQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "898edde476232843da50c9a855efaf5dd8caadaa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1656753965, @@ -634,11 +701,13 @@ "java": "java", "mozilla": "mozilla", "nix-doom-emacs": "nix-doom-emacs", + "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "polymc": "polymc", "quilt-server": "quilt-server", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "wsl": "wsl" } }, "rotate-text": { @@ -740,6 +809,28 @@ "repo": "flake-utils", "type": "github" } + }, + "wsl": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656703122, + "narHash": "sha256-2Eb5dd7AYlJ359QmRomzlaQQLMep0kT0iVVfMMHE7SQ=", + "owner": "nix-community", + "repo": "NixOS-WSL", + "rev": "46bf5e0f86b01faad3498bc4ef3706e5568b4fd6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NixOS-WSL", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0c047f7..d3dbbd1 100644 --- a/flake.nix +++ b/flake.nix @@ -45,6 +45,14 @@ url = "github:forward-progress/quilt-server-nix-container"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + wsl = { + url = "github:nix-community/NixOS-WSL"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -61,6 +69,8 @@ , nix-doom-emacs , java , quilt-server + , nixos-generators + , wsl }@inputs: let makeNixosSystem = { system, hostName, extraModules ? [ ], ourNixpkgs ? nixpkgs }: ourNixpkgs.lib.nixosSystem { @@ -101,6 +111,7 @@ }; in rec { + # Real systems nixosConfigurations = { levitation = makeNixosSystem { system = "x86_64-linux"; @@ -120,6 +131,28 @@ ./machines/x86vm/configuration.nix ]; }; + + # WSL sytem + wsl = makeNixosSystem { + system = "x86_64-linux"; + hostName = "wsl"; + extraModules = [ + wsl.nixosModules.wsl + ./machines/wsl/configuration.nix + ]; + }; + }; + packages = { + x86_64-linux = { + # Hyper-V image + hyperv = nixos-generators.nixosGenerate { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + modules = [ + ./machines/hyperv/configuration.nix + ]; + format = "hyperv"; + }; + }; }; }; } diff --git a/machines/hyperv/configuration.nix b/machines/hyperv/configuration.nix new file mode 100644 index 0000000..8fe25b4 --- /dev/null +++ b/machines/hyperv/configuration.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +{ + # Setup system configuration + nathan = { + config = { + isDesktop = true; + setupGrub = true; + nix.autoUpdate = false; + harden = false; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.enp6s0.useDHCP = true; + nat.externalInterface = "enp6s0"; + # Open ports for soulseek + firewall = { + allowedTCPPorts = [ 61377 ]; + allowedUDPPorts = [ 61377 ]; + }; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; +} diff --git a/machines/hyperv/home.nix b/machines/hyperv/home.nix new file mode 100644 index 0000000..007cde0 --- /dev/null +++ b/machines/hyperv/home.nix @@ -0,0 +1,46 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + services = { + email = { + enable = true; + }; + }; + config = { + isDesktop = true; + }; + }; + + # # Sway outputs + # wayland.windowManager.sway.config = { + # output = { + # DP-1 = { + # pos = "0 140"; + # scale = "1"; + # subpixel = "rgb"; + # }; + # DP-3 = { + # pos = "2560 0"; + # scale = "1.25"; + # subpixel = "rgb"; + # }; + # HDMI-A-1 = { + # pos = "5632 140"; + # scale = "1"; + # subpixel = "rgb"; + # }; + # }; + # startup = [ + # # GLPaper + # { command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; } + # { command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; } + # { command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; } + # ]; + # }; + # # Mako output configuration + # programs.mako = { + # # Lock mako notifs to main display + # output = "DP-3"; + # }; +} diff --git a/machines/wsl/configuration.nix b/machines/wsl/configuration.nix new file mode 100644 index 0000000..9764982 --- /dev/null +++ b/machines/wsl/configuration.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + # Setup system configuration + nathan = { + services = { + ssh = false; + tailscale.enable = false; + }; + config = { + installUser = false; + nix.autoUpdate = false; + harden = false; + fonts = true; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; +} diff --git a/machines/wsl/home.nix b/machines/wsl/home.nix new file mode 100644 index 0000000..fac93f4 --- /dev/null +++ b/machines/wsl/home.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + services = { + email = { + # TODO: enable + enable = false; + }; + }; + programs = { + util = { + productivity = true; + }; + devel = { + core = true; + rust = true; + jvm = true; + python = true; + js = true; + raku = true; + }; + emacs = { + enable = true; + # TODO: enable + service = false; + }; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 1758e39..7d8bb44 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -184,5 +184,11 @@ in ]; # Set system state version system.stateVersion = "22.05"; + # Enable flakes + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; }; } From 3d4c29a6ae26df74d46c845080a76a709be73229 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Wed, 6 Jul 2022 02:09:33 -0400 Subject: [PATCH 27/80] Add wsl --- machines/wsl/configuration.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/machines/wsl/configuration.nix b/machines/wsl/configuration.nix index 9764982..7558a89 100644 --- a/machines/wsl/configuration.nix +++ b/machines/wsl/configuration.nix @@ -18,7 +18,13 @@ networking = { domain = "mccarty.io"; }; - # Setup home manager home-manager.users.nathan = import ./home.nix; + # Setup WSL + wsl = { + enable = true; + automountPath = "/mnt"; + defaultUser = "nathan"; + startMenuLaunchers = true; + }; } From dfa4666a033927e5ddbd22702e30b212d2a7f740 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Fri, 8 Jul 2022 23:52:26 -0400 Subject: [PATCH 28/80] Swtich home-manager configuration to clang --- home-manager/programs/devel.nix | 3 +-- modules/default.nix | 4 +++- modules/programs/utils.nix | 6 ++++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/home-manager/programs/devel.nix b/home-manager/programs/devel.nix index 6a3bd28..bcf3a3e 100644 --- a/home-manager/programs/devel.nix +++ b/home-manager/programs/devel.nix @@ -27,8 +27,7 @@ with lib; with nLib; { ] # Linux specific packages [ - gcc - binutils + clang unstable.mold ]; diff --git a/modules/default.nix b/modules/default.nix index 7d8bb44..51fc125 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -78,7 +78,9 @@ in core = mkEnableOptionT "utils-core"; # Enable multi system emulation # Enabled by default on desktop - binfmt = mkDefaultOption "utils-productivity" config.nathan.config.isDesktop; + binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop; + # Development utilities that can't be installed through home manager due to collisions + devel = mkDefaultOption "devel" config.nathan.config.isDesktop; }; }; # Control enabling of hardware support diff --git a/modules/programs/utils.nix b/modules/programs/utils.nix index a391756..2171ab8 100644 --- a/modules/programs/utils.nix +++ b/modules/programs/utils.nix @@ -28,5 +28,11 @@ with lib; "aarch64-linux" ]; }) + (mkIf nathan.programs.utils.devel { + environment.systemPackages = with pkgs; [ + gcc + binutils + ]; + }) ]; } From c605379efdfdb10c0b5214c6462ce2334c9fd1fb Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 17 Jul 2022 23:17:36 -0400 Subject: [PATCH 29/80] chore: Update flake.lock --- flake.lock | 240 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 154 insertions(+), 86 deletions(-) diff --git a/flake.lock b/flake.lock index ef1df14..2577441 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1651916036, - "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", + "lastModified": 1657835815, + "narHash": "sha256-CnZszAYpNKydh6N7+xg+eRtWNVoAAGqc6bg+Lpgq1xc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", + "rev": "54a24f042f93c79f5679f133faddedec61955cf2", "type": "github" }, "original": { @@ -24,11 +24,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1656519163, - "narHash": "sha256-iNg3DnQJB6iIWLBsFGcloFHwwQUgrJeIQeNJHD7nwIo=", + "lastModified": 1657393840, + "narHash": "sha256-ISaIbqCNKKz9DhrTVKvDS40CzZiqICb2eDepGUdwYQA=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "c2f8476c8641fcc9a1371d873ed3b5924952a059", + "rev": "33c5f3721a704c72e49efc5960be3785d1a80b81", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1656872948, - "narHash": "sha256-PpkbO+yOmeDgEss9tV3ce3hgnrkeukZY7NJBcdUZowU=", + "lastModified": 1658083628, + "narHash": "sha256-Sc3DibJDtveCYfAZPO8r/R5Fi8KvIYbHl7jlDRn5pNs=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "90a8239ebb7c12ddefca43fca4d6b74d630ac433", + "rev": "afb0f1be5bdcb7ba95495a536ed1ddea96653ee0", "type": "github" }, "original": { @@ -91,6 +91,22 @@ "type": "github" } }, + "evil-escape": { + "flake": false, + "locked": { + "lastModified": 1588439096, + "narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=", + "owner": "hlissner", + "repo": "evil-escape", + "rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-escape", + "type": "github" + } + }, "evil-markdown": { "flake": false, "locked": { @@ -161,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1656829543, - "narHash": "sha256-DGFdAPhRGntXOqeYnZSzKxlTIebXSpAGN8Cl7nqR18k=", + "lastModified": 1658039175, + "narHash": "sha256-JAqC/sJAGTXCs1DYws1dlzQbViDe4e3xc3PnoYvCgqs=", "owner": "nix-community", "repo": "fenix", - "rev": "e9b9b68faefba3c25e9f4af477ccb815dc43c3d0", + "rev": "7307f8f619cb3d91c4e8bdbfe7bef93f1e0097b8", "type": "github" }, "original": { @@ -206,13 +222,29 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -223,11 +255,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -276,11 +308,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1656367977, - "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=", + "lastModified": 1657887110, + "narHash": "sha256-8VV0/kZed2z8fGtEc2zr+WLxTow+JTIlMjnSisyv0GQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1", + "rev": "4c5106ed0f3168ff2df21b646aef67e86cbfc11c", "type": "github" }, "original": { @@ -351,11 +383,11 @@ "mozilla": { "flake": false, "locked": { - "lastModified": 1650459918, - "narHash": "sha256-sroCK+QJTmoXtcRkwZyKOP9iAYOPID2Bwdxn4GkG16w=", + "lastModified": 1657214286, + "narHash": "sha256-rO/4oymKXU09wG2bcTt4uthPCp1XsBZjxuCJo3yVXNs=", "owner": "mozilla", "repo": "nixpkgs-mozilla", - "rev": "e1f7540fc0a8b989fb8cf701dc4fd7fc76bcf168", + "rev": "0508a66e28a5792fdfb126bbf4dec1029c2509e0", "type": "github" }, "original": { @@ -372,10 +404,12 @@ "emacs" ], "emacs-so-long": "emacs-so-long", + "evil-escape": "evil-escape", "evil-markdown": "evil-markdown", "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", + "flake-compat": "flake-compat", "flake-utils": "flake-utils_2", "format-all": "format-all", "nix-straight": "nix-straight", @@ -389,14 +423,17 @@ "org-yt": "org-yt", "php-extras": "php-extras", "revealjs": "revealjs", - "rotate-text": "rotate-text" + "rotate-text": "rotate-text", + "sln-mode": "sln-mode", + "ts-fold": "ts-fold", + "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1656689849, - "narHash": "sha256-0LdzPqMzwVaTI6NC/+khOUN5FAvE4mIJAsESW8s/Nsc=", + "lastModified": 1657850811, + "narHash": "sha256-UeeaT2If2wixWzjRj31QM55lpt5Eq+PM+ZeXYK0Zq0Y=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "4717e4e835a424258e526888b3a1f475bfe98805", + "rev": "7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc", "type": "github" }, "original": { @@ -444,11 +481,11 @@ ] }, "locked": { - "lastModified": 1655901362, - "narHash": "sha256-1cPiO869Dr3hqn1qhqd6amvw5U0PB7XDSdwMsIMWNiQ=", + "lastModified": 1657748715, + "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "898edde476232843da50c9a855efaf5dd8caadaa", + "rev": "3323b944d99b026aebfd8de439e001409dde067d", "type": "github" }, "original": { @@ -459,11 +496,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1657802959, + "narHash": "sha256-9+JWARSdlL8KiH3ymnKDXltE1vM+/WEJ78F5B1kjXys=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "4a01ca36d6bfc133bc617e661916a81327c9bbc8", "type": "github" }, "original": { @@ -473,29 +510,13 @@ "type": "github" } }, - "nixpkgs-21_11": { - "locked": { - "lastModified": 1656782578, - "narHash": "sha256-1eMCBEqJplPotTo/SZ/t5HU6Sf2I8qKlZi9MX7jv9fw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "573603b7fdb9feb0eb8efc16ee18a015c667ab1b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-21.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-22_05": { "locked": { - "lastModified": 1656782561, - "narHash": "sha256-sZVLNNKIcELllTHqydsckz8HBfVqxeAt51acaaQWLCw=", + "lastModified": 1658029355, + "narHash": "sha256-VJcYmkYfzwHrZ76SMH6y9KqoVFOPgZiJgh1rK9cF2mw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18038cee44aa0c3c99a2319c3c1c4d16d6612d81", + "rev": "4e329926df7ee5fa49929a83d31ee7d541f8b45c", "type": "github" }, "original": { @@ -507,11 +528,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1658015103, + "narHash": "sha256-mO+23f3SO+fBzEvbxRe6GkSB5Xp43CT2sV8Rs8MYdz8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "8f485713f5e6b6883a9b6959afa98688360a3ecb", "type": "github" }, "original": { @@ -523,11 +544,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1656679828, - "narHash": "sha256-akGA97pR1BAQew1FrVTCME3p8qvYxJXB2X3a13aBphs=", + "lastModified": 1657815135, + "narHash": "sha256-+5Jby1ayRjtSgsM5IpRNeUgdcIutCKQWR6sypRtd1RE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "915f5a5b3cc4f8ba206afd0b70e52ba4c6a2796b", + "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e", "type": "github" }, "original": { @@ -572,11 +593,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1656574173, - "narHash": "sha256-Qbsa1b/S26ZudQ0XUtV1YB1pVVd7d9ZIo3UFYTQhe5o=", + "lastModified": 1657805672, + "narHash": "sha256-AtB0epI4wGsY/kesgX/OshHYYY0uZJq4oTFO8wSWDlU=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "381a2ae4dd439b5f246873ae6630c1e303c35287", + "rev": "d9479887226ad79a1a8de739e7be0fc1fffec536", "type": "github" }, "original": { @@ -588,17 +609,17 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1654411077, - "narHash": "sha256-ywXAI+s+D701PvuDEQljDmFWrTPymqustSYVyf3NYRk=", - "ref": "refs/heads/master", - "rev": "c6aef31ccfc7c4418c3b51e98f7c3bd8e255f5e6", - "revCount": 2622, - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" + "lastModified": 1652646857, + "narHash": "sha256-IWIShWyVnbwXqGLQaDNvJ0KoepxhIrXWTjPyGPEkQ14=", + "owner": "emacsmirror", + "repo": "org-contrib", + "rev": "c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa", + "type": "github" }, "original": { - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" + "owner": "emacsmirror", + "repo": "org-contrib", + "type": "github" } }, "org-yt": { @@ -635,18 +656,18 @@ }, "polymc": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "libnbtplusplus": "libnbtplusplus", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1656864985, - "narHash": "sha256-6ONpDQKlhbV5QLr0Y4XsmfiJwpvHPSilHLHmJn0AcsM=", + "lastModified": 1658044623, + "narHash": "sha256-yZETGGcw+/Qiuoz1wAs/IMN24+l/eYZzUzp+8q/IZtI=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "e7ed3abb799ce1e648a734aae0ad82951df33ad9", + "rev": "56085310cb066c7b3899684c3e3f39fe9fd311c4", "type": "github" }, "original": { @@ -729,11 +750,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1656790937, - "narHash": "sha256-8gcFV9RDWrhcJ6/9qFJxBCKNKi0HYEgM+4VvORZ9EvE=", + "lastModified": 1657989926, + "narHash": "sha256-1+luKGZsSwIc8PjRq+MFy6eNIOHQkkwj5ZfiNwbewis=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "cc0bb71e258fa1a180435e265ece1fcc3ffb59f1", + "rev": "766c5f08610376ab2dda19175bee07238d43bef3", "type": "github" }, "original": { @@ -743,20 +764,35 @@ "type": "github" } }, + "sln-mode": { + "flake": false, + "locked": { + "lastModified": 1423727528, + "narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=", + "owner": "sensorflo", + "repo": "sln-mode", + "rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c", + "type": "github" + }, + "original": { + "owner": "sensorflo", + "repo": "sln-mode", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ "nixpkgs" ], - "nixpkgs-21_11": "nixpkgs-21_11", "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1656820546, - "narHash": "sha256-g+1URmRH75RDAzVUtVb4Ls7X8n1iocAGULtSE7JUdwU=", + "lastModified": 1658030499, + "narHash": "sha256-Y2Me+uys8VpKUincd7T3ab8O4gBFv8bR5BmBZfn4i4w=", "owner": "Mic92", "repo": "sops-nix", - "rev": "85907ae7384477e447499f6e942d822d6f2998d8", + "rev": "7526ce07b897ad1f1016680de5121f646e28a893", "type": "github" }, "original": { @@ -765,6 +801,22 @@ "type": "github" } }, + "ts-fold": { + "flake": false, + "locked": { + "lastModified": 1657604837, + "narHash": "sha256-ztIkLW/CGh5cOfL9VrbP4N055aXKU0uraipeTFTYFM0=", + "owner": "jcs-elpa", + "repo": "ts-fold", + "rev": "33e3fb561e71cf0ab83833d45c55909583fc3899", + "type": "github" + }, + "original": { + "owner": "jcs-elpa", + "repo": "ts-fold", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1653893745, @@ -810,20 +862,36 @@ "type": "github" } }, + "ws-butler": { + "flake": false, + "locked": { + "lastModified": 1634511126, + "narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=", + "owner": "hlissner", + "repo": "ws-butler", + "rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "ws-butler", + "type": "github" + } + }, "wsl": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1656703122, - "narHash": "sha256-2Eb5dd7AYlJ359QmRomzlaQQLMep0kT0iVVfMMHE7SQ=", + "lastModified": 1657910528, + "narHash": "sha256-9hU+CCKwudwLJ8dfrdmk+ilaRpvp/4/wUBM4Gqz8nZk=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "46bf5e0f86b01faad3498bc4ef3706e5568b4fd6", + "rev": "cc4888fff19ddf81eac53f3760e6798468d55956", "type": "github" }, "original": { From e5053710063c97301346292efd53cd5426fa9d00 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 17 Jul 2022 23:24:27 -0400 Subject: [PATCH 30/80] feat: Add wine to home-manager module --- home-manager/default.nix | 3 +++ home-manager/programs/wine.nix | 10 ++++++++++ machines/levitation/home.nix | 5 +++++ 3 files changed, 18 insertions(+) create mode 100644 home-manager/programs/wine.nix diff --git a/home-manager/default.nix b/home-manager/default.nix index 618cfce..1276604 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -11,6 +11,7 @@ with lib; with nLib; { ./programs/emacs.nix ./programs/image-editing.nix ./programs/media.nix + ./programs/wine.nix ./services/syncthing.nix ./services/email.nix ]; @@ -48,6 +49,8 @@ with lib; with nLib; { json = mkEnableOptionT "json"; # Productivity application productivity = mkDefaultOption "Productivity applications" config.nathan.config.isDesktop; + # Wine support, disabled by default + wine = mkEnableOption "wine"; }; # Swaywm and supoorting application configuration swaywm = { diff --git a/home-manager/programs/wine.nix b/home-manager/programs/wine.nix new file mode 100644 index 0000000..359b943 --- /dev/null +++ b/home-manager/programs/wine.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + config = lib.mkIf config.nathan.programs.util.wine { + home.packages = with pkgs; [ + proton-caller + wineWowPackages.waylandFull + ]; + }; +} diff --git a/machines/levitation/home.nix b/machines/levitation/home.nix index fb35fc4..763dad9 100644 --- a/machines/levitation/home.nix +++ b/machines/levitation/home.nix @@ -10,6 +10,11 @@ config = { isDesktop = true; }; + programs = { + util = { + wine = true; + }; + }; }; # Sway outputs From aa955163da073e413bfb8418ee78b5a27bd1ac74 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 18 Jul 2022 00:10:09 -0400 Subject: [PATCH 31/80] feat: Make hardening use 5.18 kernel --- machines/levitation/configuration.nix | 2 +- modules/linux/base.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix index a1bf065..593baa6 100644 --- a/machines/levitation/configuration.nix +++ b/machines/levitation/configuration.nix @@ -37,7 +37,7 @@ isDesktop = true; setupGrub = true; nix.autoUpdate = false; - harden = false; + harden = true; windows = { enable = true; mount = { diff --git a/modules/linux/base.nix b/modules/linux/base.nix index 46e36e8..bc0b0ec 100644 --- a/modules/linux/base.nix +++ b/modules/linux/base.nix @@ -15,6 +15,13 @@ with lib; }; }) (mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) + (mkIf config.nathan.config.harden { + boot.kernelPackages = pkgs.linuxPackages_5_18_hardened; + security = { + allowSimultaneousMultithreading = true; + unprivilegedUsernsClone = true; + }; + }) (mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) { # Use the zen kernel with muqss turned on boot.kernelPackages = @@ -42,5 +49,11 @@ with lib; dates = "2:00"; }; }) + # Systemd user service cludge + { + systemd.user.extraConfig = '' + DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin" + ''; + } ]; } From 05b8d54d5ceb4e9ff9f5c0ae4fb8089ba9b22535 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 18 Jul 2022 16:37:10 -0400 Subject: [PATCH 32/80] feat: Install steam with games --- machines/levitation/configuration.nix | 2 +- modules/programs/games.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix index 593baa6..a1bf065 100644 --- a/machines/levitation/configuration.nix +++ b/machines/levitation/configuration.nix @@ -37,7 +37,7 @@ isDesktop = true; setupGrub = true; nix.autoUpdate = false; - harden = true; + harden = false; windows = { enable = true; mount = { diff --git a/modules/programs/games.nix b/modules/programs/games.nix index 6f7067f..8bb62f7 100644 --- a/modules/programs/games.nix +++ b/modules/programs/games.nix @@ -29,5 +29,7 @@ with lib; ]; in stable-packages ++ unstable-packages; + # Install steam + programs.steam.enable = true; }; } From 186146ba99c59819b4446a2ebd0d125b59b72952 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Wed, 20 Jul 2022 23:52:18 -0400 Subject: [PATCH 33/80] Switch to sddm --- modules/swaywm.nix | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/modules/swaywm.nix b/modules/swaywm.nix index f3c829a..5d365f5 100644 --- a/modules/swaywm.nix +++ b/modules/swaywm.nix @@ -8,10 +8,16 @@ with lib; # Turn on GDM for login services.xserver = { enable = true; - autorun = false; + autorun = true; displayManager = { - gdm = { + sddm = { enable = true; + settings = { + Wayland = { + CompositorCommand = "kwin_wayland --no-lockscreen"; + }; + }; + theme = "sugar-dark"; }; defaultSession = "sway"; }; @@ -40,6 +46,21 @@ with lib; gsettings-desktop-schemas lxappearance kde-gtk-config + (stdenv.mkDerivation rec { + pname = "sddm-sugar-dark-theme"; + version = "1.2"; + dontBuild = true; + installPhase = '' + mkdir -p $out/share/sddm/themes + cp -aR $src $out/share/sddm/themes/sugar-dark + ''; + src = fetchFromGitHub { + owner = "MarianArlt"; + repo = "sddm-sugar-dark"; + rev = "v${version}"; + sha256 = "0gx0am7vq1ywaw2rm1p015x90b75ccqxnb1sz3wy8yjl27v82yhb"; + }; + }) ]; # Enable QT themeing programs.qt5ct.enable = true; From eb12fb0024945b16aa5e15e1caea65ecee69f9a6 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 24 Jul 2022 13:52:34 -0400 Subject: [PATCH 34/80] feat: Initial attempt at tpm setup --- machines/levitation/configuration.nix | 16 ++++++++++++++++ modules/desktop.nix | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix index a1bf065..0f763a6 100644 --- a/machines/levitation/configuration.nix +++ b/machines/levitation/configuration.nix @@ -63,4 +63,20 @@ # Setup home manager home-manager.users.nathan = import ./home.nix; + + # TPM setup + security = { + tpm2 = { + enable = true; + }; + }; + boot = { + initrd = { + kernelModules = [ "tpm_crb" ]; + systemd = { + enable = true; + }; + }; + kernelParams = [ "crypt-pv.luks.options=tpm2-device=auto" ]; + }; } diff --git a/modules/desktop.nix b/modules/desktop.nix index 9cbf1cc..f75eda0 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -15,7 +15,7 @@ with lib; { # Configure grub if configured }) (mkIf nc.setupGrub { - ## Boot, drivers, and host name + # Boot, drivers, and host name # Use grub boot.loader = { grub = { @@ -32,8 +32,8 @@ with lib; { canTouchEfiVariables = false; }; }; - # Configure audio }) + # Configure audio (mkIf nc.audio { # Disable normal audio subsystem explicitly sound.enable = false; From 1e0356f191903776bbfa05414b5e67a99327cd83 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 24 Jul 2022 14:38:52 -0400 Subject: [PATCH 35/80] Turn on numlock in sway --- home-manager/programs/sway.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home-manager/programs/sway.nix b/home-manager/programs/sway.nix index 8748d9b..eee2b6c 100644 --- a/home-manager/programs/sway.nix +++ b/home-manager/programs/sway.nix @@ -149,6 +149,10 @@ with lib; # Mako, the notification daemon { command = "mako"; } ]; + # Turn on numlock by default + input = { + "*" = { xkb_numlock = "enable"; }; + }; }; }; ######################### From a4c3d191be4736e42e977bb8619cb5d68ffbbfbd Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Sun, 24 Jul 2022 14:39:18 -0400 Subject: [PATCH 36/80] Update flake and pin home-manager to release --- flake.lock | 111 +++++++++++++++++++++++------------------------------ flake.nix | 2 +- 2 files changed, 49 insertions(+), 64 deletions(-) diff --git a/flake.lock b/flake.lock index 2577441..f70d2f0 100644 --- a/flake.lock +++ b/flake.lock @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1658083628, - "narHash": "sha256-Sc3DibJDtveCYfAZPO8r/R5Fi8KvIYbHl7jlDRn5pNs=", + "lastModified": 1658659239, + "narHash": "sha256-XzA1/K8SdL/dQ6C6XTpxjeBm9mYjLZ8vQFy2Wpqs1ts=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "afb0f1be5bdcb7ba95495a536ed1ddea96653ee0", + "rev": "9e75e2c6c772f4c8ac411f4982ed656dec3be29f", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1658039175, - "narHash": "sha256-JAqC/sJAGTXCs1DYws1dlzQbViDe4e3xc3PnoYvCgqs=", + "lastModified": 1658644019, + "narHash": "sha256-P4ZEkrJSvtiBVnXZUagg6QtiVRc6k9XgTbWLZ7Q73Ow=", "owner": "nix-community", "repo": "fenix", - "rev": "7307f8f619cb3d91c4e8bdbfe7bef93f1e0097b8", + "rev": "a844a251dcd8aac45d47a81adae6117ff4f57b8d", "type": "github" }, "original": { @@ -304,19 +304,19 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1657887110, - "narHash": "sha256-8VV0/kZed2z8fGtEc2zr+WLxTow+JTIlMjnSisyv0GQ=", + "lastModified": 1656169755, + "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "owner": "nix-community", "repo": "home-manager", - "rev": "4c5106ed0f3168ff2df21b646aef67e86cbfc11c", + "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } @@ -326,7 +326,7 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils_2" + "utils": "utils" }, "locked": { "lastModified": 1656122108, @@ -348,7 +348,7 @@ "quilt-server", "nixpkgs" ], - "utils": "utils_3" + "utils": "utils_2" }, "locked": { "lastModified": 1656122108, @@ -367,15 +367,15 @@ "libnbtplusplus": { "flake": false, "locked": { - "lastModified": 1591558203, - "narHash": "sha256-QgvNvaoFflCXEPCCFBCeZvYTpuiwScBG7EosUgFwFNQ=", - "owner": "multimc", + "lastModified": 1650031308, + "narHash": "sha256-TvVOjkUobYJD9itQYueELJX3wmecvEdCbJ0FinW2mL4=", + "owner": "PolyMC", "repo": "libnbtplusplus", - "rev": "dc72a20b7efd304d12af2025223fad07b4b78464", + "rev": "2203af7eeb48c45398139b583615134efd8d407f", "type": "github" }, "original": { - "owner": "multimc", + "owner": "PolyMC", "repo": "libnbtplusplus", "type": "github" } @@ -429,11 +429,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1657850811, - "narHash": "sha256-UeeaT2If2wixWzjRj31QM55lpt5Eq+PM+ZeXYK0Zq0Y=", + "lastModified": 1658470797, + "narHash": "sha256-ovk7xcjGqoXgc7fV4m0tlKhiuAglON4TKmt//Bd0fLE=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc", + "rev": "f7fd8620be427c6489f496645513d536e380c50c", "type": "github" }, "original": { @@ -496,11 +496,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1657802959, - "narHash": "sha256-9+JWARSdlL8KiH3ymnKDXltE1vM+/WEJ78F5B1kjXys=", + "lastModified": 1658557357, + "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4a01ca36d6bfc133bc617e661916a81327c9bbc8", + "rev": "42ca9bef09e780eabe84328dd1b730cef978f098", "type": "github" }, "original": { @@ -512,11 +512,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1658029355, - "narHash": "sha256-VJcYmkYfzwHrZ76SMH6y9KqoVFOPgZiJgh1rK9cF2mw=", + "lastModified": 1658634393, + "narHash": "sha256-VW7edeFzA9VU8gZPxPFGpoPsM2AQLYHKhA9H5+OYtno=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e329926df7ee5fa49929a83d31ee7d541f8b45c", + "rev": "2e14bc76ab41c60ba57fd57ff52badaa29d349f5", "type": "github" }, "original": { @@ -528,11 +528,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1658015103, - "narHash": "sha256-mO+23f3SO+fBzEvbxRe6GkSB5Xp43CT2sV8Rs8MYdz8=", + "lastModified": 1658557357, + "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f485713f5e6b6883a9b6959afa98688360a3ecb", + "rev": "42ca9bef09e780eabe84328dd1b730cef978f098", "type": "github" }, "original": { @@ -544,11 +544,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1657815135, - "narHash": "sha256-+5Jby1ayRjtSgsM5IpRNeUgdcIutCKQWR6sypRtd1RE=", + "lastModified": 1658500284, + "narHash": "sha256-g7vwZ5UF8PvC9f2/7Zf5O6zxgJiMSuh1CiGZVuuOhEQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c06d5fa9c605d143b15cafdbbb61c7c95388d76e", + "rev": "e3583ad6e533a9d8dd78f90bfa93812d390ea187", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1657805672, - "narHash": "sha256-AtB0epI4wGsY/kesgX/OshHYYY0uZJq4oTFO8wSWDlU=", + "lastModified": 1658412564, + "narHash": "sha256-JHiUjc4OAfPtNTWikVYEIkJkba9qV4N3QbtcJpjk4cM=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "d9479887226ad79a1a8de739e7be0fc1fffec536", + "rev": "99681ce38937ba993a0407cee4fd6a7f869211bf", "type": "github" }, "original": { @@ -663,11 +663,11 @@ ] }, "locked": { - "lastModified": 1658044623, - "narHash": "sha256-yZETGGcw+/Qiuoz1wAs/IMN24+l/eYZzUzp+8q/IZtI=", + "lastModified": 1658611864, + "narHash": "sha256-AblXf4/TN3ACzUZCA9YrfQZlqx5DgvDQsJMeCWB8DiA=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "56085310cb066c7b3899684c3e3f39fe9fd311c4", + "rev": "0e473f4570f49ba212459365c7971b5d3988a3ff", "type": "github" }, "original": { @@ -750,11 +750,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1657989926, - "narHash": "sha256-1+luKGZsSwIc8PjRq+MFy6eNIOHQkkwj5ZfiNwbewis=", + "lastModified": 1658612252, + "narHash": "sha256-mO2M5pgrkxjSURWILT91w+ChkQ3mU+oOpdxF+yFaBEc=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "766c5f08610376ab2dda19175bee07238d43bef3", + "rev": "977e12a0bdc3e329af179ef3a9d466af9eb613bb", "type": "github" }, "original": { @@ -788,11 +788,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1658030499, - "narHash": "sha256-Y2Me+uys8VpKUincd7T3ab8O4gBFv8bR5BmBZfn4i4w=", + "lastModified": 1658635258, + "narHash": "sha256-EC8y3Rg+l9IzIUdOaFSA0LMdDipTRoweg1Y2EL8XhMc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7526ce07b897ad1f1016680de5121f646e28a893", + "rev": "d7f8cf1b77ebe5f287884f17b1ee4cc4f48bad1d", "type": "github" }, "original": { @@ -804,11 +804,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1657604837, - "narHash": "sha256-ztIkLW/CGh5cOfL9VrbP4N055aXKU0uraipeTFTYFM0=", + "lastModified": 1658223568, + "narHash": "sha256-HxUAg+MUbH8nNhKtRzZDeN/a/sCQHSpDRCK2nvvHp8g=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "33e3fb561e71cf0ab83833d45c55909583fc3899", + "rev": "ea554f10e79ed9846662b1639adc4b86783ecfc6", "type": "github" }, "original": { @@ -847,21 +847,6 @@ "type": "github" } }, - "utils_3": { - "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "ws-butler": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index d3dbbd1..e69832f 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-22.05"; inputs.nixpkgs.follows = "nixpkgs"; }; darwin = { From 7c88b0f0772f32d1aa6990a28146e9e75bf000b2 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 1 Aug 2022 18:10:41 -0400 Subject: [PATCH 37/80] Gamescope --- flake.lock | 81 +++++++++++++++++++++++++-- flake.nix | 5 ++ machines/levitation/configuration.nix | 14 ++++- modules/swaywm.nix | 7 --- 4 files changed, 95 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f70d2f0..1961273 100644 --- a/flake.lock +++ b/flake.lock @@ -300,6 +300,47 @@ "type": "github" } }, + "gamescope": { + "inputs": { + "gamescope-src": "gamescope-src", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-unstable": "nixpkgs-unstable", + "utils": "utils" + }, + "locked": { + "lastModified": 1658887125, + "narHash": "sha256-evUl+58qvhEYA/A55hd8Y/bQMwS7i1GuUlVeTHg9IDk=", + "owner": "nathans-flakes", + "repo": "gamescope", + "rev": "019dfcc926a31dd399940befe1ac67c17a442db8", + "type": "github" + }, + "original": { + "owner": "nathans-flakes", + "repo": "gamescope", + "type": "github" + } + }, + "gamescope-src": { + "flake": false, + "locked": { + "lastModified": 1658761788, + "narHash": "sha256-tyzRnyB4MZ3e30pn/mPxE5E0VOBeKgcnFmhB8iM0IJA=", + "ref": "master", + "rev": "cce6a29a2494eaf8f99e299a39b957fda3fcdb2a", + "revCount": 1140, + "submodules": true, + "type": "git", + "url": "https://github.com/Plagman/gamescope.git" + }, + "original": { + "submodules": true, + "type": "git", + "url": "https://github.com/Plagman/gamescope.git" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -326,7 +367,7 @@ "nixpkgs": [ "nixpkgs" ], - "utils": "utils" + "utils": "utils_2" }, "locked": { "lastModified": 1656122108, @@ -348,7 +389,7 @@ "quilt-server", "nixpkgs" ], - "utils": "utils_2" + "utils": "utils_3" }, "locked": { "lastModified": 1656122108, @@ -527,6 +568,22 @@ } }, "nixpkgs-unstable": { + "locked": { + "lastModified": 1658644204, + "narHash": "sha256-MWyfCH9K3eVTXJUxBi67OQSAh9jJAnvWklM6qm4j8w8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f0c3be57c348f4cfd8820f2d189e29a685d9c41", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable_2": { "locked": { "lastModified": 1658557357, "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=", @@ -718,13 +775,14 @@ "darwin": "darwin", "emacs": "emacs", "fenix": "fenix", + "gamescope": "gamescope", "home-manager": "home-manager", "java": "java", "mozilla": "mozilla", "nix-doom-emacs": "nix-doom-emacs", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-unstable": "nixpkgs-unstable_2", "polymc": "polymc", "quilt-server": "quilt-server", "sops-nix": "sops-nix", @@ -818,6 +876,21 @@ } }, "utils": { + "locked": { + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_2": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -832,7 +905,7 @@ "type": "github" } }, - "utils_2": { + "utils_3": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", diff --git a/flake.nix b/flake.nix index e69832f..f81d01e 100644 --- a/flake.nix +++ b/flake.nix @@ -53,6 +53,10 @@ url = "github:nix-community/NixOS-WSL"; inputs.nixpkgs.follows = "nixpkgs"; }; + gamescope = { + url = "github:nathans-flakes/gamescope"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -71,6 +75,7 @@ , quilt-server , nixos-generators , wsl + , gamescope }@inputs: let makeNixosSystem = { system, hostName, extraModules ? [ ], ourNixpkgs ? nixpkgs }: ourNixpkgs.lib.nixosSystem { diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix index 0f763a6..803351d 100644 --- a/machines/levitation/configuration.nix +++ b/machines/levitation/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { # Sops setup for this machine @@ -79,4 +79,16 @@ }; kernelParams = [ "crypt-pv.luks.options=tpm2-device=auto" ]; }; + + # Install gamescope + environment.systemPackages = [ + inputs.gamescope.defaultPackage."x86_64-linux" + ]; + nixpkgs.config.packageOverrides = pkgs: { + steam = pkgs.steam.override { + extraPkgs = pkgs: [ + inputs.gamescope.defaultPackage."x86_64-linux" + ]; + }; + }; } diff --git a/modules/swaywm.nix b/modules/swaywm.nix index 5d365f5..2b982f3 100644 --- a/modules/swaywm.nix +++ b/modules/swaywm.nix @@ -28,15 +28,8 @@ with lib; hardware.opengl = { # Enable vulkan driSupport = true; - # Force vulkan drivers - extraPackages = [ - pkgs.amdvlk - ]; # Same as above, but enable 32 bit legacy support (for games) driSupport32Bit = true; - extraPackages32 = [ - pkgs.driversi686Linux.amdvlk - ]; }; # Basic packages that are effectively required for a graphical system environment.systemPackages = with pkgs; [ From c0bf80f413ac79314750640bba0265ab26f432db Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Tue, 9 Aug 2022 13:13:14 -0400 Subject: [PATCH 38/80] Turn on tty support in doom emacs --- doom.d/init.el | 1 + 1 file changed, 1 insertion(+) diff --git a/doom.d/init.el b/doom.d/init.el index 354de39..0e3486f 100644 --- a/doom.d/init.el +++ b/doom.d/init.el @@ -73,6 +73,7 @@ :os (:if IS-MAC macos) ; improve compatibility with macOS + (tty +osc) :lang data ; config/data formats From 58c842d386e503df008907cccc75a7956d2c78f6 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Tue, 9 Aug 2022 13:17:20 -0400 Subject: [PATCH 39/80] Update lockfile --- flake.lock | 90 +++++++++++++++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index 1961273..509c631 100644 --- a/flake.lock +++ b/flake.lock @@ -24,11 +24,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1657393840, - "narHash": "sha256-ISaIbqCNKKz9DhrTVKvDS40CzZiqICb2eDepGUdwYQA=", + "lastModified": 1659040172, + "narHash": "sha256-cl9CWknGL+PadiFSXTKlf07JQ15b4hkHETQs7z/Ksm0=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "33c5f3721a704c72e49efc5960be3785d1a80b81", + "rev": "35a89bdfa6064e507f8848b1d162433fe92ca829", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1658659239, - "narHash": "sha256-XzA1/K8SdL/dQ6C6XTpxjeBm9mYjLZ8vQFy2Wpqs1ts=", + "lastModified": 1660042366, + "narHash": "sha256-Gx6q2iyZ+ooBiNkc3yEQYebjvmBozILny/eo5dgOHhc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9e75e2c6c772f4c8ac411f4982ed656dec3be29f", + "rev": "4ef493b8be95fd8c76dd660a1e4b11e6bc690e62", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1658644019, - "narHash": "sha256-P4ZEkrJSvtiBVnXZUagg6QtiVRc6k9XgTbWLZ7Q73Ow=", + "lastModified": 1660026556, + "narHash": "sha256-cyfcHCElI/JPC/8Rz80nSNyvGOF1RYSXes/tCB4rSzc=", "owner": "nix-community", "repo": "fenix", - "rev": "a844a251dcd8aac45d47a81adae6117ff4f57b8d", + "rev": "5154b100dd33149d0a53e46e69e15d6bc7ca0f8d", "type": "github" }, "original": { @@ -240,11 +240,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -470,11 +470,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1658470797, - "narHash": "sha256-ovk7xcjGqoXgc7fV4m0tlKhiuAglON4TKmt//Bd0fLE=", + "lastModified": 1659734704, + "narHash": "sha256-JDu9llYR5QTyE6+AGydqwKxTosIQYA+AXThnEmOjT78=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "f7fd8620be427c6489f496645513d536e380c50c", + "rev": "b7d44a76ea4f352b751b1ccba18f70f686838622", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658557357, - "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=", + "lastModified": 1659981942, + "narHash": "sha256-uCFiP/B/NXOWzhN6TKfMbSxtVMk1bVnCrnJRjCF6RmU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "42ca9bef09e780eabe84328dd1b730cef978f098", + "rev": "39d7f929fbcb1446ad7aa7441b04fb30625a4190", "type": "github" }, "original": { @@ -553,11 +553,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1658634393, - "narHash": "sha256-VW7edeFzA9VU8gZPxPFGpoPsM2AQLYHKhA9H5+OYtno=", + "lastModified": 1659228671, + "narHash": "sha256-fraIjyAthUgoeDUF14tFeszKFPqaGnlc2qxczHbAmec=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2e14bc76ab41c60ba57fd57ff52badaa29d349f5", + "rev": "a26a6f4529878fbfe5f1f287dcdff4a287c58def", "type": "github" }, "original": { @@ -585,11 +585,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1658557357, - "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=", + "lastModified": 1659981942, + "narHash": "sha256-uCFiP/B/NXOWzhN6TKfMbSxtVMk1bVnCrnJRjCF6RmU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42ca9bef09e780eabe84328dd1b730cef978f098", + "rev": "39d7f929fbcb1446ad7aa7441b04fb30625a4190", "type": "github" }, "original": { @@ -601,11 +601,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1658500284, - "narHash": "sha256-g7vwZ5UF8PvC9f2/7Zf5O6zxgJiMSuh1CiGZVuuOhEQ=", + "lastModified": 1659907814, + "narHash": "sha256-JEYCjAFJQK0JGe2ApyGu/+doxzTraT+g1LP3npXnuBI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e3583ad6e533a9d8dd78f90bfa93812d390ea187", + "rev": "92fe622fdfe477a85662bb77678e39fa70373f13", "type": "github" }, "original": { @@ -650,11 +650,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1658412564, - "narHash": "sha256-JHiUjc4OAfPtNTWikVYEIkJkba9qV4N3QbtcJpjk4cM=", + "lastModified": 1659533964, + "narHash": "sha256-ipwJjcRzY9iqEjkG4m8EXZ6+8OMdANuXRnSwct2LByQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "99681ce38937ba993a0407cee4fd6a7f869211bf", + "rev": "4702a73031c77ba03b480b0848c137d5d8773e07", "type": "github" }, "original": { @@ -666,11 +666,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1652646857, - "narHash": "sha256-IWIShWyVnbwXqGLQaDNvJ0KoepxhIrXWTjPyGPEkQ14=", + "lastModified": 1659039737, + "narHash": "sha256-ig8pVl790DopN6ZrCTIrvojt5/0Y+aOsjE87pqIVz8M=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa", + "rev": "39e2abc5629c1be6186bb6489ec4f76524edf82a", "type": "github" }, "original": { @@ -720,11 +720,11 @@ ] }, "locked": { - "lastModified": 1658611864, - "narHash": "sha256-AblXf4/TN3ACzUZCA9YrfQZlqx5DgvDQsJMeCWB8DiA=", + "lastModified": 1659643040, + "narHash": "sha256-jt02lt5qm+Ph8RNgtrqeLcVo3BgJJYsqBWlVhYDBM4I=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "0e473f4570f49ba212459365c7971b5d3988a3ff", + "rev": "75f92de8f8517142289dc76d071cfb4fa724598c", "type": "github" }, "original": { @@ -808,11 +808,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1658612252, - "narHash": "sha256-mO2M5pgrkxjSURWILT91w+ChkQ3mU+oOpdxF+yFaBEc=", + "lastModified": 1659971600, + "narHash": "sha256-E/7K3odEuzSg++KTGsxt9JW3S5NzIrtwysSpBKXs85Y=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "977e12a0bdc3e329af179ef3a9d466af9eb613bb", + "rev": "554f7f889e9feecf7d851ae3aaa03d5273563b1f", "type": "github" }, "original": { @@ -846,11 +846,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1658635258, - "narHash": "sha256-EC8y3Rg+l9IzIUdOaFSA0LMdDipTRoweg1Y2EL8XhMc=", + "lastModified": 1659441021, + "narHash": "sha256-J2C83bo1mHcdfzxk8S3rE8iqNZM2AlPUGqftdhbm5Zk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d7f8cf1b77ebe5f287884f17b1ee4cc4f48bad1d", + "rev": "34ee98b8c2ca153a23a63c1841a0a067313856d5", "type": "github" }, "original": { @@ -862,11 +862,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1658223568, - "narHash": "sha256-HxUAg+MUbH8nNhKtRzZDeN/a/sCQHSpDRCK2nvvHp8g=", + "lastModified": 1659171920, + "narHash": "sha256-/yY3Ph/BE3PFZhnBIQIHkwOW/43phSI7WeoMvU83TG4=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "ea554f10e79ed9846662b1639adc4b86783ecfc6", + "rev": "17d131f69a717d7e8cc6d3af9dfa7d2b5e2b78ef", "type": "github" }, "original": { From bc9dde2be4940b9b2c8438beba5b6a8c0a5efe60 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Thu, 11 Aug 2022 11:25:05 -0400 Subject: [PATCH 40/80] Make tmate work --- home-manager/programs/core.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home-manager/programs/core.nix b/home-manager/programs/core.nix index 918ee16..9aeb8232 100644 --- a/home-manager/programs/core.nix +++ b/home-manager/programs/core.nix @@ -46,6 +46,8 @@ with lib; gping # Pandoc for documentation pandoc + # Tmate for pair programming + tmate ]; }) (mkIf config.nathan.programs.util.git.enable { @@ -151,6 +153,8 @@ with lib; extraConfig = '' Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr ''; + # Enable compression + compression = true; # enable session reuse controlMaster = "auto"; controlPersist = "10m"; From 6b3baefdf822aaf5125724ffc9070d7fb5bfe959 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Thu, 18 Aug 2022 03:01:39 -0400 Subject: [PATCH 41/80] Tweak doom emacs configs --- doom.d/config.el | 6 ++++++ doom.d/config.org | 14 ++++++++++++-- doom.d/init.el | 16 ++++------------ 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index 3ceeca8..556231a 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -113,6 +113,9 @@ ;; TODO: Make this conditional so we can make the correct choice on macos (setq alert-default-style 'libnotify)) +(after! dired + (setq dired-omit-files "\\`[.]?#\\|\\`[.]?\\'\\|^\\.DS_Store\\'\\|^\\.project\\(?:ile\\)?\\'\\|^\\.\\(?:svn\\|git\\)\\'\\|^\\.ccls-cache\\'\\|\\(?:\\.js\\)?\\.meta\\'\\|\\.\\(?:elc\\|o\\|pyo\\|swp\\|class\\)\\'")) + (setq-default fill-column 100) (after! avy @@ -148,6 +151,9 @@ (use-package! deadgrep :bind ("C-c s r" . deadgrep)) +(after! flyspell + (add-hook 'prog-mode-hook #'flyspell-prog-mode)) + (setq org-hide-emphasis-markers t org-pretty-entities t) diff --git a/doom.d/config.org b/doom.d/config.org index 36bffd1..f5fc148 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -5,7 +5,6 @@ My doom emacs configuration * Basic Doom stuff - The provided default ~config.el~ #+begin_src emacs-lisp @@ -150,6 +149,12 @@ Configure notifications that originate from within emacs ;; TODO: Make this conditional so we can make the correct choice on macos (setq alert-default-style 'libnotify)) #+end_src +** Dired +Modify the ~dired-omit-files~ regex to exclude the current working directory (~.~), but not the parent directory(~..~). +#+begin_src emacs-lisp +(after! dired + (setq dired-omit-files "\\`[.]?#\\|\\`[.]?\\'\\|^\\.DS_Store\\'\\|^\\.project\\(?:ile\\)?\\'\\|^\\.\\(?:svn\\|git\\)\\'\\|^\\.ccls-cache\\'\\|\\(?:\\.js\\)?\\.meta\\'\\|\\.\\(?:elc\\|o\\|pyo\\|swp\\|class\\)\\'")) +#+end_src * Basic Editing ** Fill Column Set the default fill column to 100 @@ -217,7 +222,12 @@ Ripgrep, but from within emacs (use-package! deadgrep :bind ("C-c s r" . deadgrep)) #+end_src - +** Spell Checking +Hook ~flyspell-prog-mode~ into ~prog-mode~ +#+begin_src emacs-lisp +(after! flyspell + (add-hook 'prog-mode-hook #'flyspell-prog-mode)) +#+end_src * Org Mode Improvements to the best mode in emacs diff --git a/doom.d/init.el b/doom.d/init.el index 0e3486f..23a8383 100644 --- a/doom.d/init.el +++ b/doom.d/init.el @@ -15,19 +15,17 @@ ;; directory (for easy access to its source code). (doom! :completion - company ; the ultimate code completion backend + (company +childframe) ; the ultimate code completion backend (ivy +fuzzy +precient +childframe +icons) :ui doom ; what makes DOOM look the way it does doom-dashboard ; a nifty splash screen for Emacs - (emoji +unicode +github) ; 🙂 + (emoji +unicode) ; 🙂 hl-todo ; highlight todo-words indent-guides ; highlighted indent columns - ;;(ligatures +fira) ; ligatures and symbols to make your code pretty again modeline ; snazzy, Atom-inspired modeline, plus API nav-flash ; blink cursor line after big motions - ;; ophints ; highlight the region an operation acts on (popup +defaults) ; tame sudden yet inevitable temporary windows tabs ; a tab bar for Emacs (treemacs +lsp) ; a project drawer, like neotree but cooler @@ -40,7 +38,7 @@ file-templates ; auto-snippets for empty files fold ; (nigh) universal code folding (format +onsave) ; automated prettiness - ;; multiple-cursors ; editing in many places at once + multiple-cursors ; editing in many places at once rotate-text ; cycle region at point between text candidates snippets ; my elves. They type so I don't have to word-wrap ; soft wrapping with language-aware indent @@ -91,18 +89,12 @@ (kotlin +lsp) (java +lsp +meghanada) (javascript +lsp) + :email (mu4e +org) - ;;notmuch - ;;(wanderlust +gmail) :app - ;;calendar - ;; emms - ;;everywhere ; *leave* Emacs!? You must be joking - ;;irc ; how neckbeards socialize (rss +org) ; emacs as an RSS reader - ;;twitter ; twitter client https://twitter.com/vnought :config literate From a9ce73098a8397f156ae3cb198dd73b295a2df33 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Thu, 18 Aug 2022 03:02:08 -0400 Subject: [PATCH 42/80] Update discord --- home-manager/programs/communications.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home-manager/programs/communications.nix b/home-manager/programs/communications.nix index 7b7e8ba..111c76e 100644 --- a/home-manager/programs/communications.nix +++ b/home-manager/programs/communications.nix @@ -19,10 +19,10 @@ pname = "discord-electron"; binaryName = "Discord"; desktopName = "Discord (Wayland)"; - version = "0.0.18"; + version = "0.0.19"; src = fetchurl { url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz"; - hash = "sha256-BBc4n6Q3xuBE13JS3gz/6EcwdOWW57NLp2saOlwOgMI="; + hash = "sha256-GfSyddbGF8WA6JmHo4tUM27cyHV5kRAyrEiZe1jbA5A="; }; electron = pkgs.electron_13; }; From cc61503582efa65f583bf1afe50ffe21fd55d634 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Thu, 18 Aug 2022 03:39:31 -0400 Subject: [PATCH 43/80] Update lock file --- flake.lock | 120 ++++++++++++++++++++++++++--------------------------- 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/flake.lock b/flake.lock index 509c631..678f9ac 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1657835815, - "narHash": "sha256-CnZszAYpNKydh6N7+xg+eRtWNVoAAGqc6bg+Lpgq1xc=", + "lastModified": 1660649317, + "narHash": "sha256-16sWaj3cTZOQQgrmzlvBSRaBFKLrHJrfYh1k7/sSWok=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "54a24f042f93c79f5679f133faddedec61955cf2", + "rev": "80871c71edb3da76d40bdff9cae007a2a035c074", "type": "github" }, "original": { @@ -24,11 +24,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1659040172, - "narHash": "sha256-cl9CWknGL+PadiFSXTKlf07JQ15b4hkHETQs7z/Ksm0=", + "lastModified": 1660594365, + "narHash": "sha256-qdv8scMO91kRk1JNyU2el/TO4tC+Uu7N4NiH55PCsuQ=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "35a89bdfa6064e507f8848b1d162433fe92ca829", + "rev": "050624d47532cef18fcb41daa4e626576b00659c", "type": "github" }, "original": { @@ -41,11 +41,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1655900328, - "narHash": "sha256-fEYwFxW2sdzNK14DrS92OCGy8KDPZKewrHljnE/RlzQ=", + "lastModified": 1659894476, + "narHash": "sha256-1arRqlTos5uj6N47N4hyzHMMoUBxsxaZ/NK7iN5A+ZY=", "owner": "doomemacs", "repo": "snippets", - "rev": "6b2bd5a77c536ed414794ecf71d37a60ebd4663e", + "rev": "f957f8d195872f19c7ab0a777d592c611e10e9bb", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1660042366, - "narHash": "sha256-Gx6q2iyZ+ooBiNkc3yEQYebjvmBozILny/eo5dgOHhc=", + "lastModified": 1660794348, + "narHash": "sha256-uamLp80Om9UmauEWRT8uYdzXYmmlRvhqvKivZC8vw5I=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4ef493b8be95fd8c76dd660a1e4b11e6bc690e62", + "rev": "720a9722d3fb67ef37a0b1e8394047298b7b9b1c", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1660026556, - "narHash": "sha256-cyfcHCElI/JPC/8Rz80nSNyvGOF1RYSXes/tCB4rSzc=", + "lastModified": 1660804093, + "narHash": "sha256-7cYexWyLUnBzB0w6otnwrkKqHnxEK+itqkUPxF83mMk=", "owner": "nix-community", "repo": "fenix", - "rev": "5154b100dd33149d0a53e46e69e15d6bc7ca0f8d", + "rev": "aa24b7eacd6f60c92fc60aaa214b597c930ac7af", "type": "github" }, "original": { @@ -255,11 +255,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -470,11 +470,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1659734704, - "narHash": "sha256-JDu9llYR5QTyE6+AGydqwKxTosIQYA+AXThnEmOjT78=", + "lastModified": 1660732989, + "narHash": "sha256-WHa+ZoXEkdkzCABz4iluV5dQGt60ThX5dB4Yti3znoE=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "b7d44a76ea4f352b751b1ccba18f70f686838622", + "rev": "863af017941b8a81a7c5955d760d14df36137afd", "type": "github" }, "original": { @@ -522,11 +522,11 @@ ] }, "locked": { - "lastModified": 1657748715, - "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", + "lastModified": 1660727616, + "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3323b944d99b026aebfd8de439e001409dde067d", + "rev": "adccd191a0e83039d537e021f19495b7bad546a1", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1659981942, - "narHash": "sha256-uCFiP/B/NXOWzhN6TKfMbSxtVMk1bVnCrnJRjCF6RmU=", + "lastModified": 1660646295, + "narHash": "sha256-V4G+egGRc3elXPTr7QLJ7r7yrYed0areIKDiIAlMLC8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "39d7f929fbcb1446ad7aa7441b04fb30625a4190", + "rev": "762b003329510ea855b4097a37511eb19c7077f0", "type": "github" }, "original": { @@ -553,11 +553,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1659228671, - "narHash": "sha256-fraIjyAthUgoeDUF14tFeszKFPqaGnlc2qxczHbAmec=", + "lastModified": 1660410996, + "narHash": "sha256-arkfX1YYFmwMyDTCguzoOI4epABC41FGQU4J1/G3/9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a26a6f4529878fbfe5f1f287dcdff4a287c58def", + "rev": "70b6236f3cbc815f2cae8d597418c714cf83d1c8", "type": "github" }, "original": { @@ -585,11 +585,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1659981942, - "narHash": "sha256-uCFiP/B/NXOWzhN6TKfMbSxtVMk1bVnCrnJRjCF6RmU=", + "lastModified": 1660646295, + "narHash": "sha256-V4G+egGRc3elXPTr7QLJ7r7yrYed0areIKDiIAlMLC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "39d7f929fbcb1446ad7aa7441b04fb30625a4190", + "rev": "762b003329510ea855b4097a37511eb19c7077f0", "type": "github" }, "original": { @@ -601,11 +601,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1659907814, - "narHash": "sha256-JEYCjAFJQK0JGe2ApyGu/+doxzTraT+g1LP3npXnuBI=", + "lastModified": 1660661643, + "narHash": "sha256-WlgPb7KLTZUeY31o9HWhu37pvgA76MKwakaXefkaIB4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "92fe622fdfe477a85662bb77678e39fa70373f13", + "rev": "a82127cea64fd801c5e138ae23dfd444ec1e06d1", "type": "github" }, "original": { @@ -650,11 +650,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1659533964, - "narHash": "sha256-ipwJjcRzY9iqEjkG4m8EXZ6+8OMdANuXRnSwct2LByQ=", + "lastModified": 1660447962, + "narHash": "sha256-EShZzaIDe2Dt/9dLTgypvvW809qEggN5ia1Vssmc27M=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "4702a73031c77ba03b480b0848c137d5d8773e07", + "rev": "3303a54d74805cdd2b6eda37285f259949f7ba2e", "type": "github" }, "original": { @@ -720,11 +720,11 @@ ] }, "locked": { - "lastModified": 1659643040, - "narHash": "sha256-jt02lt5qm+Ph8RNgtrqeLcVo3BgJJYsqBWlVhYDBM4I=", + "lastModified": 1660200605, + "narHash": "sha256-Uc8mqU6mdHe2pQTcbX9TNuU7yymnTC6nVFl/RLPI4S8=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "75f92de8f8517142289dc76d071cfb4fa724598c", + "rev": "c375e7b4dfbdf7c201c42a70c96a1b2afdc34552", "type": "github" }, "original": { @@ -757,11 +757,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1653993278, - "narHash": "sha256-X43lsjoLBWmttIKj9Jzut0UP0dZlsue3fYbJ3++ojbU=", + "lastModified": 1660499724, + "narHash": "sha256-BhnEmX+8h0MVol7T4Zr2w53A+AmgzcVirpwHCR/G73U=", "owner": "hakimel", "repo": "reveal.js", - "rev": "039972c730690af7a83a5cb832056a7cc8b565d7", + "rev": "b23d15c4304a9a1b72f484171fc97682e5ed85a3", "type": "github" }, "original": { @@ -808,11 +808,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1659971600, - "narHash": "sha256-E/7K3odEuzSg++KTGsxt9JW3S5NzIrtwysSpBKXs85Y=", + "lastModified": 1660748342, + "narHash": "sha256-DEK7a9yNXUJsAc7YCoKH68zOx0i9GiaTOyCmjDpJBlY=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "554f7f889e9feecf7d851ae3aaa03d5273563b1f", + "rev": "82ff740501e1da239a6c9ff94dddf7ae1ca9aeb6", "type": "github" }, "original": { @@ -846,11 +846,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1659441021, - "narHash": "sha256-J2C83bo1mHcdfzxk8S3rE8iqNZM2AlPUGqftdhbm5Zk=", + "lastModified": 1660540143, + "narHash": "sha256-oqeOdJH0ey/UyG1G31BV6Lk8qjI+VKboTpTJB317OhM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "34ee98b8c2ca153a23a63c1841a0a067313856d5", + "rev": "773365016f5202a199f5aff72cac75c64add4528", "type": "github" }, "original": { @@ -862,11 +862,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1659171920, - "narHash": "sha256-/yY3Ph/BE3PFZhnBIQIHkwOW/43phSI7WeoMvU83TG4=", + "lastModified": 1660200855, + "narHash": "sha256-y2gouqMbu619qPy48HjAuURLReH96zEKdhvmyIoEZuM=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "17d131f69a717d7e8cc6d3af9dfa7d2b5e2b78ef", + "rev": "f0804a243544fbbf593791e4390d838b5d1187b0", "type": "github" }, "original": { @@ -945,11 +945,11 @@ ] }, "locked": { - "lastModified": 1657910528, - "narHash": "sha256-9hU+CCKwudwLJ8dfrdmk+ilaRpvp/4/wUBM4Gqz8nZk=", + "lastModified": 1660574212, + "narHash": "sha256-Dd/qBZ5r0OJn9t5KEjJvS+jociaWQKGq9A35QDewgKg=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "cc4888fff19ddf81eac53f3760e6798468d55956", + "rev": "b199d85cf3095e3bb7bb953afc83540c3141efdd", "type": "github" }, "original": { From 3f0d170da21ef5f38b2b502610eae5d668c419ae Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 22 Aug 2022 08:49:02 -0400 Subject: [PATCH 44/80] Update Flake --- flake.lock | 84 +++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index 678f9ac..a7ae524 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1660649317, - "narHash": "sha256-16sWaj3cTZOQQgrmzlvBSRaBFKLrHJrfYh1k7/sSWok=", + "lastModified": 1661154924, + "narHash": "sha256-zwkShc4VZ9feLeIrWjdm6YkZBoobzXETF5xIIgi++Ec=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "80871c71edb3da76d40bdff9cae007a2a035c074", + "rev": "5af1aa51f63d734284bf6728a21d2c9c31eb7492", "type": "github" }, "original": { @@ -24,11 +24,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1660594365, - "narHash": "sha256-qdv8scMO91kRk1JNyU2el/TO4tC+Uu7N4NiH55PCsuQ=", + "lastModified": 1660835296, + "narHash": "sha256-dEg/Ck0S6HZUO3VAVvd5oWyxitaKy7+DLljNq3Slpr0=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "050624d47532cef18fcb41daa4e626576b00659c", + "rev": "4c9df9bfc63d2c3a9e20e20deaa854072e379f47", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1660794348, - "narHash": "sha256-uamLp80Om9UmauEWRT8uYdzXYmmlRvhqvKivZC8vw5I=", + "lastModified": 1661168755, + "narHash": "sha256-eVhR8ZykWIAPT+GQW9fTzA5sj6qgE7Y3PAqwz4tPHDw=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "720a9722d3fb67ef37a0b1e8394047298b7b9b1c", + "rev": "f7084ae4176f6779f8de9bfa724e67002db3174c", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1660804093, - "narHash": "sha256-7cYexWyLUnBzB0w6otnwrkKqHnxEK+itqkUPxF83mMk=", + "lastModified": 1661149922, + "narHash": "sha256-rvYJU7qdQUe82MaZoMVLyCcqQsITB4OK+TuYlT0xXDg=", "owner": "nix-community", "repo": "fenix", - "rev": "aa24b7eacd6f60c92fc60aaa214b597c930ac7af", + "rev": "b30862cd69d405849e4b3e79972da551bf5620bb", "type": "github" }, "original": { @@ -470,11 +470,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1660732989, - "narHash": "sha256-WHa+ZoXEkdkzCABz4iluV5dQGt60ThX5dB4Yti3znoE=", + "lastModified": 1660946298, + "narHash": "sha256-XzIcFkcTsScS7blStWdPNXJ74FYPRbgTc30NvKeFzu8=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "863af017941b8a81a7c5955d760d14df36137afd", + "rev": "b62e04967ad303f0395025d5f2340beef8a67a57", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1660646295, - "narHash": "sha256-V4G+egGRc3elXPTr7QLJ7r7yrYed0areIKDiIAlMLC8=", + "lastModified": 1660998696, + "narHash": "sha256-N5eDv9THZz5pFn7NR1swaFrAJYByfrA5gU5L7JONItA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "762b003329510ea855b4097a37511eb19c7077f0", + "rev": "13711c9ab9f5a160a44affb7a6221be53318a873", "type": "github" }, "original": { @@ -553,11 +553,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1660410996, - "narHash": "sha256-arkfX1YYFmwMyDTCguzoOI4epABC41FGQU4J1/G3/9M=", + "lastModified": 1661009065, + "narHash": "sha256-i+Q2ttGp4uOL3j0wEYP3MXLcu/4L/WbChxGQogiNSZo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70b6236f3cbc815f2cae8d597418c714cf83d1c8", + "rev": "9a91318fffec81ad009b73fd3b640d2541d87909", "type": "github" }, "original": { @@ -585,11 +585,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1660646295, - "narHash": "sha256-V4G+egGRc3elXPTr7QLJ7r7yrYed0areIKDiIAlMLC8=", + "lastModified": 1661088761, + "narHash": "sha256-5DGKX81wIPAAiLwUmUYECpA3vop94AHHR7WmGXSsQok=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "762b003329510ea855b4097a37511eb19c7077f0", + "rev": "a7855f2235a1876f97473a76151fec2afa02b287", "type": "github" }, "original": { @@ -601,11 +601,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1660661643, - "narHash": "sha256-WlgPb7KLTZUeY31o9HWhu37pvgA76MKwakaXefkaIB4=", + "lastModified": 1661094678, + "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a82127cea64fd801c5e138ae23dfd444ec1e06d1", + "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", "type": "github" }, "original": { @@ -650,11 +650,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1660447962, - "narHash": "sha256-EShZzaIDe2Dt/9dLTgypvvW809qEggN5ia1Vssmc27M=", + "lastModified": 1660824704, + "narHash": "sha256-rEjxbktmMt1dFlF7Dd6+bo0oAYCOP/ylfcRDeCCgb58=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "3303a54d74805cdd2b6eda37285f259949f7ba2e", + "rev": "f28288c255e293591725cbcd02637707bc9a77c2", "type": "github" }, "original": { @@ -720,11 +720,11 @@ ] }, "locked": { - "lastModified": 1660200605, - "narHash": "sha256-Uc8mqU6mdHe2pQTcbX9TNuU7yymnTC6nVFl/RLPI4S8=", + "lastModified": 1661098170, + "narHash": "sha256-jV12o8uORKyeP4iitqP8VNybW9jcrUyTEvmUvYrnQkg=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "c375e7b4dfbdf7c201c42a70c96a1b2afdc34552", + "rev": "bb54fec9072573117aa6211a18a8824f0836276a", "type": "github" }, "original": { @@ -808,11 +808,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1660748342, - "narHash": "sha256-DEK7a9yNXUJsAc7YCoKH68zOx0i9GiaTOyCmjDpJBlY=", + "lastModified": 1661084493, + "narHash": "sha256-G/IElEE6eetQcLpESXCQtuYED/uTrsdeZj8fkqC3FSM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "82ff740501e1da239a6c9ff94dddf7ae1ca9aeb6", + "rev": "a670ff888437f4b6a3d24cc2996e9f969a87cbae", "type": "github" }, "original": { @@ -846,11 +846,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1660540143, - "narHash": "sha256-oqeOdJH0ey/UyG1G31BV6Lk8qjI+VKboTpTJB317OhM=", + "lastModified": 1661054796, + "narHash": "sha256-SWiWmENiim8liUNOZ1oxjc5yKb/fNpcyfSRo41bsEy0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "773365016f5202a199f5aff72cac75c64add4528", + "rev": "6068774a8e85fea4b0177efcc90afb3c3b74430b", "type": "github" }, "original": { @@ -945,11 +945,11 @@ ] }, "locked": { - "lastModified": 1660574212, - "narHash": "sha256-Dd/qBZ5r0OJn9t5KEjJvS+jociaWQKGq9A35QDewgKg=", + "lastModified": 1660838518, + "narHash": "sha256-wcOR7nKEWx1kfrdNeb7kS2hqmCqFCp86G3mblJxrgrA=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "b199d85cf3095e3bb7bb953afc83540c3141efdd", + "rev": "0b29fc7500d3222c396556661276b98f060d6838", "type": "github" }, "original": { From 2d372f0bc726ce3686cd537aa3afa8c6d2601974 Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 29 Aug 2022 18:48:49 -0400 Subject: [PATCH 45/80] Update flake --- flake.lock | 96 +++++++++++++++++++++++++++--------------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index a7ae524..9c8b9fb 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1661154924, - "narHash": "sha256-zwkShc4VZ9feLeIrWjdm6YkZBoobzXETF5xIIgi++Ec=", + "lastModified": 1661762118, + "narHash": "sha256-+kQvys2HuLwQBkpN2AoVl4pFQx2MQ7o0jjNdGu2dIV4=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "5af1aa51f63d734284bf6728a21d2c9c31eb7492", + "rev": "157a3c3c4ea482317a4eb4ea2c41db4f16c82420", "type": "github" }, "original": { @@ -24,11 +24,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1660835296, - "narHash": "sha256-dEg/Ck0S6HZUO3VAVvd5oWyxitaKy7+DLljNq3Slpr0=", + "lastModified": 1660901074, + "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "4c9df9bfc63d2c3a9e20e20deaa854072e379f47", + "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1661168755, - "narHash": "sha256-eVhR8ZykWIAPT+GQW9fTzA5sj6qgE7Y3PAqwz4tPHDw=", + "lastModified": 1661799365, + "narHash": "sha256-/puVfMA5mxLbtVk4EHiur6Z980rmiME0JrEVDFv6/D8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f7084ae4176f6779f8de9bfa724e67002db3174c", + "rev": "a5ec23280df5d9bf27ae266fdafcf375656487ba", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1661149922, - "narHash": "sha256-rvYJU7qdQUe82MaZoMVLyCcqQsITB4OK+TuYlT0xXDg=", + "lastModified": 1661755887, + "narHash": "sha256-i6dZAdx9Vwl4cWtmZT7hGjkMF0OYiTM1YAN6cT+utOI=", "owner": "nix-community", "repo": "fenix", - "rev": "b30862cd69d405849e4b3e79972da551bf5620bb", + "rev": "b5f2261237c6418e36c2994fd5f83df42ab38d47", "type": "github" }, "original": { @@ -470,11 +470,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1660946298, - "narHash": "sha256-XzIcFkcTsScS7blStWdPNXJ74FYPRbgTc30NvKeFzu8=", + "lastModified": 1661480711, + "narHash": "sha256-gwvvwppGDBFYXfuchpvRRHiKBM8XCE1ZnpldryKPN9o=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "b62e04967ad303f0395025d5f2340beef8a67a57", + "rev": "ae22b4a3fe31ae31b3e8b415889f8c2c5a77d8dc", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1660998696, - "narHash": "sha256-N5eDv9THZz5pFn7NR1swaFrAJYByfrA5gU5L7JONItA=", + "lastModified": 1661628722, + "narHash": "sha256-oR/7NhG7pPkACToUtaaT6hH+rONE2z5/4NzjoUwEZt8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "13711c9ab9f5a160a44affb7a6221be53318a873", + "rev": "324c8aaf25b2f2027af7798e5582ce3040a793b6", "type": "github" }, "original": { @@ -553,11 +553,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1661009065, - "narHash": "sha256-i+Q2ttGp4uOL3j0wEYP3MXLcu/4L/WbChxGQogiNSZo=", + "lastModified": 1661656705, + "narHash": "sha256-1ujNuL1Tx1dt8dC/kuYS329ZZgiXXmD96axwrqsUY7w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9a91318fffec81ad009b73fd3b640d2541d87909", + "rev": "290dbaacc1f0b783fd8e271b585ec2c8c3b03954", "type": "github" }, "original": { @@ -585,11 +585,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1661088761, - "narHash": "sha256-5DGKX81wIPAAiLwUmUYECpA3vop94AHHR7WmGXSsQok=", + "lastModified": 1661628722, + "narHash": "sha256-oR/7NhG7pPkACToUtaaT6hH+rONE2z5/4NzjoUwEZt8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7855f2235a1876f97473a76151fec2afa02b287", + "rev": "324c8aaf25b2f2027af7798e5582ce3040a793b6", "type": "github" }, "original": { @@ -601,11 +601,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1661094678, - "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", + "lastModified": 1661700591, + "narHash": "sha256-NZa+z+TJC+Hk+87+LKkjFFmBn4GyMVEPcWFXFU+aTkU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", + "rev": "16236dd7e33ba4579ccd3ca8349396b2f9c960fe", "type": "github" }, "original": { @@ -650,11 +650,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1660824704, - "narHash": "sha256-rEjxbktmMt1dFlF7Dd6+bo0oAYCOP/ylfcRDeCCgb58=", + "lastModified": 1661237582, + "narHash": "sha256-pebP1mA019FejUe6CURqDUaqPyTUZ3wRcqfd6gE+YVg=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "f28288c255e293591725cbcd02637707bc9a77c2", + "rev": "3c11e9df6e8353ae5d7e1179f9bcb114f469c942", "type": "github" }, "original": { @@ -666,11 +666,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1659039737, - "narHash": "sha256-ig8pVl790DopN6ZrCTIrvojt5/0Y+aOsjE87pqIVz8M=", + "lastModified": 1661026052, + "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "39e2abc5629c1be6186bb6489ec4f76524edf82a", + "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e", "type": "github" }, "original": { @@ -720,11 +720,11 @@ ] }, "locked": { - "lastModified": 1661098170, - "narHash": "sha256-jV12o8uORKyeP4iitqP8VNybW9jcrUyTEvmUvYrnQkg=", + "lastModified": 1661714861, + "narHash": "sha256-EOkEZXM2Bx7boQkVHehds+Ieq+JiFaSXYfs+QA+ua2M=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "bb54fec9072573117aa6211a18a8824f0836276a", + "rev": "9171f471abc4d61079a9fe2bda10801bded100e9", "type": "github" }, "original": { @@ -808,11 +808,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1661084493, - "narHash": "sha256-G/IElEE6eetQcLpESXCQtuYED/uTrsdeZj8fkqC3FSM=", + "lastModified": 1661680566, + "narHash": "sha256-HBB6f+lGYGaMku/TyVMcEFSID1KKRS3tVVIqnddVWjQ=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "a670ff888437f4b6a3d24cc2996e9f969a87cbae", + "rev": "e8e598f6415461e7fe957eec1bee6afb55927d59", "type": "github" }, "original": { @@ -846,11 +846,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1661054796, - "narHash": "sha256-SWiWmENiim8liUNOZ1oxjc5yKb/fNpcyfSRo41bsEy0=", + "lastModified": 1661660105, + "narHash": "sha256-3ITdkYwsNDh2DRqi7FZOJ92ui92NmcO6Nhj49u+JjWY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "6068774a8e85fea4b0177efcc90afb3c3b74430b", + "rev": "d92fba1bfc9f64e4ccb533701ddd8590c0d8c74a", "type": "github" }, "original": { @@ -862,11 +862,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1660200855, - "narHash": "sha256-y2gouqMbu619qPy48HjAuURLReH96zEKdhvmyIoEZuM=", + "lastModified": 1661407110, + "narHash": "sha256-tJfJFYeANRGu3ObQHGTxhXqS++JVVQREh8RTMwwbwYQ=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "f0804a243544fbbf593791e4390d838b5d1187b0", + "rev": "3b2e70db92f127dc2e8e302e009447c1a9eb49aa", "type": "github" }, "original": { @@ -945,11 +945,11 @@ ] }, "locked": { - "lastModified": 1660838518, - "narHash": "sha256-wcOR7nKEWx1kfrdNeb7kS2hqmCqFCp86G3mblJxrgrA=", + "lastModified": 1661772734, + "narHash": "sha256-DkvAaLDg9D6O0i2MzUknaf/U078K4KWAZaJQmNC/tL8=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "0b29fc7500d3222c396556661276b98f060d6838", + "rev": "c1b0259313f661cf74051c916cf3bb4f061ce11f", "type": "github" }, "original": { From 3c22bf2308fe517715aa970b89665b3978ea0a8f Mon Sep 17 00:00:00 2001 From: nathan mccarty Date: Mon, 29 Aug 2022 18:58:34 -0400 Subject: [PATCH 46/80] Add orcles config add nginx module sops matrix --- .sops.yaml | 5 + flake.nix | 9 + machines/oracles/configuration.nix | 186 +++++++++++++++ machines/oracles/home.nix | 3 + modules/default.nix | 25 +++ modules/services/matrix.nix | 350 +++++++++++++++++++++++++++++ modules/services/nginx.nix | 28 +++ secrets/oracles/backblaze.yaml | 30 +++ secrets/oracles/borg.yaml | 31 +++ 9 files changed, 667 insertions(+) create mode 100644 machines/oracles/configuration.nix create mode 100644 machines/oracles/home.nix create mode 100644 modules/services/matrix.nix create mode 100644 modules/services/nginx.nix create mode 100644 secrets/oracles/backblaze.yaml create mode 100644 secrets/oracles/borg.yaml diff --git a/.sops.yaml b/.sops.yaml index aed779b..641d84f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -21,3 +21,8 @@ creation_rules: - age: - *nathan - *levitation + - path_regex: secrets/oracles + key_groups: + - age: + - *nathan + - *oracles diff --git a/flake.nix b/flake.nix index f81d01e..8cf0049 100644 --- a/flake.nix +++ b/flake.nix @@ -127,6 +127,15 @@ ]; }; + oracles = makeNixosSystem { + system = "x86_64-linux"; + hostName = "oracles"; + extraModules = [ + ./hardware/oracles.nix + ./machines/oracles/configuration.nix + ]; + }; + x86vm = makeNixosSystem { system = "x86_64-linux"; hostName = "x86vm"; diff --git a/machines/oracles/configuration.nix b/machines/oracles/configuration.nix new file mode 100644 index 0000000..5ff5e6e --- /dev/null +++ b/machines/oracles/configuration.nix @@ -0,0 +1,186 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + # Sops setup for this machine + sops.secrets = { + "borg-ssh-key" = { + sopsFile = ../../secrets/oracles/borg.yaml; + format = "yaml"; + }; + "borg-password" = { + sopsFile = ../../secrets/oracles/borg.yaml; + format = "yaml"; + }; + "friendpack-backblaze" = { + format = "yaml"; + sopsFile = ../../secrets/oracles/backblaze.yaml; + owner = config.users.users.nathan.name; + group = config.users.users.nathan.group; + }; + }; + # Setup system configuration + nathan = { + programs = { + utils = { + devel = true; + }; + }; + services = { + nginx = { + enable = true; + acme = true; + }; + matrix = { + enable = true; + baseDomain = "mccarty.io"; + }; + borg = { + enable = true; + extraExcludes = [ + "*/.cache" + "*/.tmp" + "/home/nathan/minecraft/server/backup" + "/var/lib/postgresql" + "/var/lib/redis" + "/var/lib/docker" + "/var/log" + "/var/minecraft" + "/var/sharedstore" + ]; + passwordFile = config.sops.secrets."borg-password".path; + sshKey = config.sops.secrets."borg-ssh-key".path; + }; + }; + config = { + setupGrub = true; + nix.autoUpdate = true; + harden = false; + }; + }; + # Configure networking + networking = { + domain = "mccarty.io"; + useDHCP = false; + interfaces.enp1s0f1.ipv4.addresses = [{ + address = "104.238.220.96"; + prefixLength = 24; + }]; + defaultGateway = "104.238.220.1"; + nameservers = [ "1.1.1.1" ]; + # Open ports in firewall + firewall = { + allowedTCPPorts = [ 25565 ]; + allowedUDPPorts = [ 25565 ]; + trustedInterfaces = [ "zt5u4uutwm" ]; + }; + }; + + # Setup home manager + home-manager.users.nathan = import ./home.nix; + + # Setup minecraft container + containers.minecraft = + let + b2AccountID = "00284106ead1ac40000000002"; + b2KeyFile = "${config.sops.secrets."friendpack-backblaze".path}"; + b2Bucket = "ForwardProgressServerBackup"; + in + { + config = { pkgs, lib, ... }@attrs: + let + # OpenJDK 17 + javaPackage = pkgs.jdk; + in + { + imports = [ + inputs.quilt-server.nixosModules.default + ]; + ### + ## Container stuff + ### + # Let nix know this is a container + boot.isContainer = true; + # Set system state version + system.stateVersion = "22.05"; + # Setup networking + networking.useDHCP = false; + # Allow minecraft out + networking.firewall.allowedTCPPorts = [ 25565 ]; + + ### + ## User + ### + users = { + mutableUsers = false; + # Enable us to not use a password, this is a container + allowNoPasswordLogin = true; + }; + + ### + ## Configure module + ### + forward-progress = { + services = { + minecraft = { + enable = true; + minecraft-version = "1.18.2"; + quilt-version = "0.17.1-beta.6"; + ram = 6144; + properties = { + motd = "Nathan's Private Modded Minecraft"; + white-list = true; + enforce-whitelist = true; + }; + packwiz-url = "https://pack.forward-progress.net/0.3/pack.toml"; + acceptEula = true; + }; + backup = { + enable = true; + backblaze = { + enable = true; + accountId = b2AccountID; + keyFile = b2KeyFile; + bucket = b2Bucket; + }; + }; + }; + }; + }; + autoStart = true; + bindMounts = { + "/var/minecraft" = { + hostPath = "/var/minecraft"; + isReadOnly = false; + }; + "/run/secrets/friendpack-backblaze" = { + hostPath = "/run/secrets/friendpack-backblaze"; + }; + }; + forwardPorts = [ + { + containerPort = 25565; + hostPort = 25565; + protocol = "tcp"; + } + { + containerPort = 25565; + hostPort = 25565; + protocol = "udp"; + } + ]; + }; + services.nginx.virtualHosts."pack.forward-progress.net" = { + enableACME = true; + forceSSL = true; + locations."/".root = "/var/www/pack.forward-progress.net"; + root = "/var/www/pack.forward-progress.net"; + }; + # Backup postgres + services.postgresqlBackup = { + #enable = true; + compression = "none"; + backupAll = true; + startAt = "OnCalendar=00/2:00"; + }; + +} diff --git a/machines/oracles/home.nix b/machines/oracles/home.nix new file mode 100644 index 0000000..88d8a3b --- /dev/null +++ b/machines/oracles/home.nix @@ -0,0 +1,3 @@ +{ config, lib, pkgs, ... }: + +{ } diff --git a/modules/default.nix b/modules/default.nix index 51fc125..c5adcc8 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -17,6 +17,8 @@ in ./services/ssh.nix ./services/tailscale.nix ./services/borg.nix + ./services/nginx.nix + ./services/matrix.nix ./linux/base.nix ]; @@ -63,6 +65,22 @@ in default = "hourly"; }; }; + # Nginx + nginx = { + enable = mkEnableOption "nginx"; + acme = mkEnableOption "ACME Integration"; + }; + # Matrix + matrix = { + enable = mkEnableOption "matrix"; + baseDomain = mkOption { + description = "Base domain to use for the matrix services"; + example = "mccarty.io"; + type = lib.types.str; + }; + element = mkDefaultOption "element" config.nathan.services.matrix.enable; + enableRegistration = mkEnableOption "synapse registration"; + }; }; # Control enabling/configuratin of services programs = { @@ -105,6 +123,13 @@ in description = "Username to use for common configuration"; type = lib.types.str; }; + # Name of the user to install + email = mkOption { + default = "nathan@mccarty.io"; + example = "nathan@mccarty.io"; + description = "Email to use for common configuration"; + type = lib.types.str; + }; # Is this system a desktop? # Off by default isDesktop = mkEnableOption "Desktop specific settings"; diff --git a/modules/services/matrix.nix b/modules/services/matrix.nix new file mode 100644 index 0000000..f743a24 --- /dev/null +++ b/modules/services/matrix.nix @@ -0,0 +1,350 @@ +{ config, lib, pkgs, inputs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkMerge [ + (mkIf nathan.services.matrix.enable + { + # Enable nginx + nathan.services.nginx.enable = true; + services = { + # Setup postgres + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'matrix-synapse'; + CREATE DATABASE "synapse" WITH OWNER "synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + # Setup synapse + matrix-synapse = { + enable = true; + settings = { + enable_registration = false; + server_name = nathan.services.matrix.baseDomain; + + listeners = [ + { + port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = false; + } + ]; + } + ]; + database.args = { + user = "matrix-synapse"; + database = "synapse"; + }; + }; + }; + # Configure nginx + nginx.virtualHosts = { + "matrix.${nathan.services.matrix.baseDomain}" = { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + rewrite ^(.*)$ http://${"element." + nathan.services.matrix.baseDomain}$1 redirect; + ''; + + # forward all Matrix API calls to the synapse Matrix homeserver + locations."/_matrix" = { + proxyPass = "http://[::1]:8008"; # without a trailing / + }; + locations."/_synapse" = { + proxyPass = "http://[::1]:8008"; # without a trailing / + }; + }; + }; + }; + } + ) + (mkIf nathan.services.matrix.element { + services.nginx.virtualHosts."element.${nathan.services.matrix.baseDomain}" = { + enableACME = true; + forceSSL = true; + root = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.element-web.override { + conf = { + default_server_config."m.homeserver" = { + "base_url" = "https://matrix.${nathan.services.matrix.baseDomain}"; + "server_name" = "matrix.${nathan.services.matrix.baseDomain}"; + }; + showLabsSettings = true; + settingDefaults.custom_themes = [ + { + "name" = "Discord Dark"; + "is_dark" = true; + "colors" = { + "accent-color" = "#747ff4"; + "primary-color" = "#00aff4"; + "warning-color" = "#ed4245d9"; + "sidebar-color" = "#202225"; + "roomlist-background-color" = "#2f3136"; + "roomlist-text-color" = "#dcddde"; + "roomlist-text-secondary-color" = "#8e9297"; + "roomlist-highlights-color" = "#4f545c52"; + "roomlist-separator-color" = "#40444b"; + "timeline-background-color" = "#36393f"; + "timeline-text-color" = "#dcddde"; + "timeline-text-secondary-color" = "#b9bbbe"; + "timeline-highlights-color" = "#04040512"; + "reaction-row-button-selected-bg-color" = "#b9bbbe"; + }; + } + { + "name" = "Dracula Flat"; + "is_dark" = true; + "colors" = { + "accent-color" = "#bd93f9"; + "primary-color" = "#bd93f9"; + "warning-color" = "#bd93f9"; + "sidebar-color" = "#1e1f29"; + "roomlist-background-color" = "#1e1f29"; + "roomlist-text-color" = "#eeeeee"; + "roomlist-text-secondary-color" = "#eeeeee"; + "roomlist-highlights-color" = "#00000030"; + "roomlist-separator-color" = "#00000000"; + "timeline-background-color" = "#1e1f29"; + "timeline-text-color" = "#eeeeee"; + "timeline-text-secondary-color" = "#dddddd"; + "timeline-highlights-color" = "#00000030"; + "reaction-row-button-selected-bg-color" = "#b9bbbe"; + }; + } + + { + "name" = "Dracula"; + "is_dark" = true; + "colors" = { + "accent-color" = "#bd93f9"; + "primary-color" = "#bd93f9"; + "warning-color" = "#bd93f9"; + "sidebar-color" = "#1e1f29"; + "roomlist-background-color" = "#1e1f29"; + "roomlist-text-color" = "#eeeeee"; + "roomlist-text-secondary-color" = "#eeeeee"; + "roomlist-highlights-color" = "#00000030"; + "roomlist-separator-color" = "#4d4d4d90"; + "timeline-background-color" = "#282A36"; + "timeline-text-color" = "#eeeeee"; + "timeline-text-secondary-color" = "#dddddd"; + "timeline-highlights-color" = "#00000030"; + "reaction-row-button-selected-bg-color" = "#b9bbbe"; + }; + } + { + "name" = "Geeko dark theme"; + "is_dark" = true; + "colors" = { + "accent-color" = "#73ba25"; + "primary-color" = "#35b9ab"; + "warning-color" = "#bf616a"; + + "sidebar-color" = "#2a2a2a"; + "roomlist-background-color" = "#4a4a4a"; + "roomlist-text-color" = "#fff"; + "roomlist-text-secondary-color" = "#ddd"; + "roomlist-highlights-color" = "#2a2a2a"; + "roomlist-separator-color" = "#3a3a3a"; + + "timeline-background-color" = "#3a3a3a"; + "timeline-text-color" = "#eee"; + "timeline-text-secondary-color" = "#6da741"; + "timeline-highlights-color" = "#bf616a"; + "reaction-row-button-selected-bg-color" = "#bf616a"; + }; + } + { + "name" = "Luxury Dark theme"; + "is_dark" = true; + "colors" = { + "accent-color" = "#D9BC00"; + "primary-color" = "#FFDD00"; + "warning-color" = "#FBC403"; + + "sidebar-color" = "#020F1B"; + "roomlist-background-color" = "#011223"; + "roomlist-highlights-color" = "#1E354A"; + "roomlist-separator-color" = "#05192D"; + "roomlist-text-color" = "#FFEC70"; + "roomlist-text-secondary-color" = "#FFF3A4"; + + "timeline-background-color" = "#05192D"; + "timeline-highlights-color" = "#011223"; + "timeline-text-color" = "#FFF3A4"; + "timeline-text-secondary-color" = "#A79000"; + "reaction-row-button-selected-bg-color" = "#FFEC70"; + }; + } + { + "name" = "Nord dark theme"; + "is_dark" = true; + "colors" = { + "accent-color" = "#a3be8c"; + "primary-color" = "#88c0d0"; + "warning-color" = "#bf616a"; + + "sidebar-color" = "#2e3440"; + "roomlist-background-color" = "#3b4252"; + "roomlist-text-color" = "#ebcb8b"; + "roomlist-text-secondary-color" = "#e5e9f0"; + "roomlist-highlights-color" = "#2e3440"; + "roomlist-separator-color" = "#434c5e"; + + "timeline-background-color" = "#434c5e"; + "timeline-text-color" = "#eceff4"; + "timeline-text-secondary-color" = "#81a1c1"; + "timeline-highlights-color" = "#3b4252"; + "reaction-row-button-selected-bg-color" = "#bf616a"; + }; + } + + { + "name" = "Nord light theme"; + "is_dark" = false; + "colors" = { + "accent-color" = "#a3be8c"; + "primary-color" = "#5e81ac"; + "warning-color" = "#bf616a"; + + "sidebar-color" = "#d8dee9"; + "roomlist-background-color" = "#e5e9f0"; + "roomlist-text-color" = "#d08770"; + "roomlist-text-secondary-color" = "#3b4252"; + "roomlist-highlights-color" = "#eceff4"; + "roomlist-separator-color" = "#eceff4"; + + "timeline-background-color" = "#eceff4"; + "timeline-text-color" = "#2e3440"; + "timeline-text-secondary-color" = "#3b4252"; + "timeline-highlights-color" = "#e5e9f0"; + "reaction-row-button-selected-bg-color" = "#bf616a"; + }; + } + { + "name" = "Selenized black theme"; + "is_dark" = true; + "colors" = { + "accent-color" = "#70b433"; + "primary-color" = "#4695f7"; + "warning-color" = "#ed4a46"; + + "sidebar-color" = "#181818"; + "roomlist-background-color" = "#252525"; + "roomlist-text-color" = "#ffffff"; + "roomlist-text-secondary-color" = "#b9b9b9"; + "roomlist-highlights-color" = "#3b3b3b"; + "roomlist-separator-color" = "#121212"; + + "timeline-background-color" = "#181818"; + "timeline-text-color" = "#FFFFFF"; + "timeline-text-secondary-color" = "#777777"; + "timeline-highlights-color" = "#252525"; + "reaction-row-button-selected-bg-color" = "#4695f7"; + }; + } + + { + "name" = "Selenized dark theme"; + "is_dark" = true; + "colors" = { + "accent-color" = "#41c7b9"; + "primary-color" = "#4695f7"; + "warning-color" = "#fa5750"; + + "sidebar-color" = "#103c48"; + "roomlist-background-color" = "#184956"; + "roomlist-text-color" = "#dbb32d"; + "roomlist-text-secondary-color" = "#FFFFFF"; + "roomlist-highlights-color" = "#2d5b69"; + "roomlist-separator-color" = "#2d5b69"; + + "timeline-background-color" = "#2d5b69"; + "timeline-text-color" = "#FFFFFF"; + "timeline-text-secondary-color" = "#72898f"; + "timeline-highlights-color" = "#184956"; + "reaction-row-button-selected-bg-color" = "#4695f7"; + }; + } + + + { + "name" = "Selenized light theme"; + "is_dark" = false; + "colors" = { + "accent-color" = "#ad8900"; + "primary-color" = "#009c8f"; + "warning-color" = "#d2212d"; + + "sidebar-color" = "#d5cdb6"; + "roomlist-background-color" = "#ece3cc"; + "roomlist-text-color" = "#c25d1e"; + "roomlist-text-secondary-color" = "#000000"; + "roomlist-highlights-color" = "#fbf3db"; + "roomlist-separator-color" = "#fbf3db"; + + "timeline-background-color" = "#fbf3db"; + "timeline-text-color" = "#000000"; + "timeline-text-secondary-color" = "#777777"; + "timeline-highlights-color" = "#ece3cc"; + "reaction-row-button-selected-bg-color" = "#4695f7"; + }; + } + { + "name" = "Solarized Dark"; + "is_dark" = true; + "colors" = { + "accent-color" = "#b58900"; + "primary-color" = "#268bd2"; + "warning-color" = "#dc322f"; + "sidebar-color" = "#002b36"; + "roomlist-background-color" = "#073642"; + "roomlist-text-color" = "#839496"; + "roomlist-text-secondary-color" = "#93a1a1"; + "roomlist-highlights-color" = "#586e75"; + "timeline-background-color" = "#002b36"; + "timeline-text-color" = "#839496"; + "timeline-text-secondary-color" = "#586e75"; + "timeline-highlights-color" = "#073642"; + "reaction-row-button-selected-bg-color" = "#268bd2"; + }; + } + { + "name" = "ThomCat black theme"; + "is_dark" = true; + "colors" = { + "accent-color" = "#cc7b19"; + "primary-color" = "#9F8652"; + "warning-color" = "#f9c003"; + "sidebar-color" = "#000000"; + "roomlist-background-color" = "#191919"; + "roomlist-text-color" = "#cc7b19"; + "roomlist-text-secondary-color" = "#e5e5e5"; + "roomlist-highlights-color" = "#323232"; + "roomlist-separator-color" = "#4c4c4c"; + "timeline-background-color" = "#000000"; + "timeline-text-color" = "#e5e5e5"; + "timeline-text-secondary-color" = "#b2b2b2"; + "timeline-highlights-color" = "#212121"; + "reaction-row-button-selected-bg-color" = "#cc7b19"; + }; + } + ]; + }; + }; + }; + }) + ]; +} diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix new file mode 100644 index 0000000..f3c423d --- /dev/null +++ b/modules/services/nginx.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkMerge [ + (mkIf nathan.services.nginx.enable { + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; + }; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + }; + }) + (mkIf nathan.services.nginx.acme { + security.acme = { + defaults.email = nathan.config.email; + acceptTerms = true; + }; + }) + ]; +} diff --git a/secrets/oracles/backblaze.yaml b/secrets/oracles/backblaze.yaml new file mode 100644 index 0000000..8f183fb --- /dev/null +++ b/secrets/oracles/backblaze.yaml @@ -0,0 +1,30 @@ +friendpack-backblaze: ENC[AES256_GCM,data:TcxDtV1LZFh0tvTC2DkSsQ+FyK06s8X4dSmDInHNvQ==,iv:470Z+fHKQpmMNg4NlIduLFflnOCZ+3wa2pS2Tnw7/t4=,tag:1bY/+pnbUwK2pzbbwRG30Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDei8zQld4YTQvS0VJV1R3 + TE1oOTZsU2kvWnVBS05WWTdibUkyOXJRbVhNCm8yY0tQSFFpMXBQSytTVEJGYXZn + eFlhNmJ4TTZPazFZd2lDN0pPMWtoT3MKLS0tIEllNzJGYjBZUFl1aU9RR2NaTXBV + b0IxaEZFMVRtUUpoSDRuQWJpd1JHY2sK6NAJ2va2i3/jy3VRcEz1iqSrOsXTUY3q + GQQKTWoWhQWTkQ9XK5EW5+WQJjQXFVghOpIk01VBLePUtT0EozZe0w== + -----END AGE ENCRYPTED FILE----- + - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eElpaG9idkQ4Z1F5alU3 + Z09YdDFxZ3BuZTlRY0VtR2FuZ25zNzVzb3lrClNGUHViYkE4eWJiSzIydjlVR0lJ + YnhCYjV0MUF4aVd0YWZReHlvSkp6WUEKLS0tIGJUelNIWVA3TGsvTWdUdDd1NXpv + RTVPZ2tMZ1RCOXBSMVJHelpGd2l6VVkKRgFUa32eIG77lJ4nQhLLM+BI4+M983aO + Oli0jk1bhAdbySslnkCdnmu7V8ps/1xERstJrXzijR5/8sy+bpOt6w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-08-29T23:18:03Z" + mac: ENC[AES256_GCM,data:+4BPXOyd2ZN+w1C5WwM6zNXSuYWMw/SwYW/kjaNGrLVzC44wpKsvdZgzcRgLu3o6AKNNXJTNtfZgwOVSu5prq7ZUefDS6xSxgct9rQoDJ94hSR9YnVVBdAKxbshhkfAA3wBwh0eIfBB0axV2QdO7T58lgQ+BPKNxVxHTQP6EVuM=,iv:9bTZ2xZCBNDqt9VeICZwG8v4QIP45566c4fbSt/jyNA=,tag:ozvyQcS+DvpcQNzW/OSvHg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/oracles/borg.yaml b/secrets/oracles/borg.yaml new file mode 100644 index 0000000..1d98328 --- /dev/null +++ b/secrets/oracles/borg.yaml @@ -0,0 +1,31 @@ +borg-ssh-key: ENC[AES256_GCM,data:1ELyipwSOVLZf9mK8sfBmbMmGWlWpzhlam9eRCOJbnQEdEvtjAApjJAM0aqNLP91lP2J+39a/HZa6MWYcv4HkD10qJpBacXZJcm9aWIjlV8oJnaepeaI40raZxzbMyfTP2Kj5Yzm0mlnGNHldKZOE5zzV7zHC8Zlz1PSpS0Tl3azqJT6s574308f1rX3W0BYIa6yCTKD94k1Fgbv956QYrbx1h8MOpo4EdRWsekwYd5dtXn7JdRnDU+KnXl5DZkfmQlmOnVypeP5XlDVo5JCQ+aA2H6elN1rIAT4eCXvddhK0vt9PLB09l90Q0t+9u/2c53Y5SJqx1Ae5Odd7TfMq2x60KvZDEUyHDOxCAIoIsWaArLg+3iyr23TcRifMeZthaLuWYlycdL/wrn5J/R/mmNv2E7A97ICS55zc06MJqFq8Vf9B1zCHIZSS1GbEU9t8TtzU03ynO3PuLPGq8IB1klcJ0Yul0pPemEhWHeISME5paZR8NjcPytJmhG/9pg7EWWLXVMeH0jb8cbVPnTjtkgxWrsqTI4er1Aw,iv:X9VtEBp7g0Tdkc23gW+3xRrrjIXcpo1fvbjo9vA+Uxg=,tag:G8yGWa1aU0mWU/qgUFRQTw==,type:str] +borg-password: ENC[AES256_GCM,data:PQxjLaJmS26bXzHO4DsTLN/+8DdgkaO9/1KeEpPIXOFnQ5XkphI3jSQWamsCQcylL+4YJA==,iv:nVSFLMC6z+cAgS584V2UEb1utUOw+LJoZjtqeyTZvGA=,tag:xVx9/2O3jH2SV9N+33gqbQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaWZELzZGWlVmcmRiM01q + UWZXbEJFZzQ2VFVJWlRtK2Rld2FsalY1VHlJCnl1OERkUlNDNjBTaUl3cXNUTkQ0 + aklxUlNEZ2FYamRYcVVwRFdKWUY1SmMKLS0tIC9LeUdFakl1VUNMaVFhQm1LUVZl + MndDcVRFMGFzczJsMFNkUFBkdUx3TGsKJirbvAOkXRIJzBN/lm0rwaC62j5/AdE5 + ADmeAgnM3xxv67VvGUM8SvaUDPmckBig5gIX2GREVAxQzuldTCC86Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaclgzckxYR3NtdzYrU2Mw + eWw1T3haMTJNWkhTOXdCS0pvUTM1Zm5QSkdvCjN1dUoxck1uNDlFRjVLMEJOSG5L + Y2E4Qkg3RktXdWxTYUxxRUJMM1hYOVkKLS0tIFg0SUN4ZGozRXQvQ082eUZreEla + WWNZMVIwMTU2THR2WVAwc2orTTRNQjQK0XZ6ASJmcRYCrvLsaNFzO6jdz32Leo7g + O5g8rQPQpc2C4IV47fYV7GQCDQoTrwNqi1fLscPzhWThYPvDTSPiqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-08-29T23:34:24Z" + mac: ENC[AES256_GCM,data:0cvTPHwmYbUhPojKG9qtULFQapKjaLBlwfTTllgUVJ/o79VODSu66xPszZfy9uxnIVodTtU5x0ooGDn41iyIml7apoKH0gTipZ2iEPYy+l/trnshFw9BuMtxcvsvAWrXpcYy4ygKYLagm040cfCpGfahXAFmenPhzOv1Wy/B+Jk=,iv:vjMUECHJKNaFGb2DgK0wbiYOJ3/1gpLG5ChsgsMWzok=,tag:cmbYR0iKN8k1sKOC9GeTHg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From bdae66f3d4cb3db4dd7de6460bffd51cf4d01f5c Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Wed, 31 Aug 2022 23:04:05 -0400 Subject: [PATCH 47/80] update flake --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 9c8b9fb..24e8227 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1661762118, - "narHash": "sha256-+kQvys2HuLwQBkpN2AoVl4pFQx2MQ7o0jjNdGu2dIV4=", + "lastModified": 1661882940, + "narHash": "sha256-4LaVFnV22WrOA0aolqqk9dXrM8crikcrLQt29G18F7M=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "157a3c3c4ea482317a4eb4ea2c41db4f16c82420", + "rev": "80cec5115aae74accc4ccfb9f84306d7863f0632", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1661799365, - "narHash": "sha256-/puVfMA5mxLbtVk4EHiur6Z980rmiME0JrEVDFv6/D8=", + "lastModified": 1661919213, + "narHash": "sha256-XXaX2AsnhDuQdL5X3m3sROP0H7WlIi5lB5TidEJWmkU=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "a5ec23280df5d9bf27ae266fdafcf375656487ba", + "rev": "d2ef237d85c5967bc00da2d0e4e179a3118b4490", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1661755887, - "narHash": "sha256-i6dZAdx9Vwl4cWtmZT7hGjkMF0OYiTM1YAN6cT+utOI=", + "lastModified": 1661929115, + "narHash": "sha256-XnCL0aLeQIbh0Ua51m8lF4sQFGn9tc+8VZLOQ9UEDAA=", "owner": "nix-community", "repo": "fenix", - "rev": "b5f2261237c6418e36c2994fd5f83df42ab38d47", + "rev": "82b14d02053f49d70c834f8e5ef6f07fe804d7eb", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661628722, - "narHash": "sha256-oR/7NhG7pPkACToUtaaT6hH+rONE2z5/4NzjoUwEZt8=", + "lastModified": 1661720780, + "narHash": "sha256-AJNGyaB2eKZAYaPNjBZOzap87yL+F9ZLaFzzMkvega0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "324c8aaf25b2f2027af7798e5582ce3040a793b6", + "rev": "a63021a330d8d33d862a8e29924b42d73037dd37", "type": "github" }, "original": { @@ -585,11 +585,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1661628722, - "narHash": "sha256-oR/7NhG7pPkACToUtaaT6hH+rONE2z5/4NzjoUwEZt8=", + "lastModified": 1661720780, + "narHash": "sha256-AJNGyaB2eKZAYaPNjBZOzap87yL+F9ZLaFzzMkvega0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "324c8aaf25b2f2027af7798e5582ce3040a793b6", + "rev": "a63021a330d8d33d862a8e29924b42d73037dd37", "type": "github" }, "original": { @@ -601,11 +601,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1661700591, - "narHash": "sha256-NZa+z+TJC+Hk+87+LKkjFFmBn4GyMVEPcWFXFU+aTkU=", + "lastModified": 1661864979, + "narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16236dd7e33ba4579ccd3ca8349396b2f9c960fe", + "rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979", "type": "github" }, "original": { @@ -808,11 +808,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1661680566, - "narHash": "sha256-HBB6f+lGYGaMku/TyVMcEFSID1KKRS3tVVIqnddVWjQ=", + "lastModified": 1661866297, + "narHash": "sha256-Q0aniSF4Skm7yYE1Z2Jikn0C7Hpjbk94eha2Y7GWjPk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "e8e598f6415461e7fe957eec1bee6afb55927d59", + "rev": "989b09d20cafc2b1eb9198e25701b9e2234d8ba0", "type": "github" }, "original": { From f2d805462c4b280522c95a686dcd119ad0c7dd76 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 2 Sep 2022 19:18:37 -0400 Subject: [PATCH 48/80] Change to spell-fu and tweak rust analyzer --- doom.d/config.el | 13 ++++++++++--- doom.d/config.org | 15 +++++++++++---- doom.d/init.el | 2 +- home-manager/programs/emacs.nix | 5 +++++ 4 files changed, 27 insertions(+), 8 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index 556231a..4849f9e 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -151,8 +151,13 @@ (use-package! deadgrep :bind ("C-c s r" . deadgrep)) -(after! flyspell - (add-hook 'prog-mode-hook #'flyspell-prog-mode)) +(after! spell-fu + (add-hook 'spell-fu-mode + (lambda () + (spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en")) + (spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-science")) + (spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-computers")))) + (bind-key "C-." #'+spell/correct)) (setq org-hide-emphasis-markers t org-pretty-entities t) @@ -319,7 +324,9 @@ work if it thinks it needs to." lsp-rust-analyzer-experimental-proc-attr-macros t lsp-rust-analyzer-proc-macro-enable t lsp-rust-analyzer-use-rustc-wrapper-for-build-scripts t - lsp-rust-analyzer-import-enforce-granularity t)) + lsp-rust-analyzer-import-enforce-granularity t + lsp-rust-analyzer-diagnostics-enable-experimental t + lsp-rust-analyzer-display-chaining-hints t)) (use-package! markdown-mode :mode ("README\\.md" . gfm-mode) diff --git a/doom.d/config.org b/doom.d/config.org index f5fc148..186a9a7 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -223,10 +223,15 @@ Ripgrep, but from within emacs :bind ("C-c s r" . deadgrep)) #+end_src ** Spell Checking -Hook ~flyspell-prog-mode~ into ~prog-mode~ +Add in all of our dictionaries #+begin_src emacs-lisp -(after! flyspell - (add-hook 'prog-mode-hook #'flyspell-prog-mode)) +(after! spell-fu + (add-hook 'spell-fu-mode + (lambda () + (spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en")) + (spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-science")) + (spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-computers")))) + (bind-key "C-." #'+spell/correct)) #+end_src * Org Mode Improvements to the best mode in emacs @@ -499,7 +504,9 @@ Most of these are defaults, but I like having them explicit for my sanity lsp-rust-analyzer-experimental-proc-attr-macros t lsp-rust-analyzer-proc-macro-enable t lsp-rust-analyzer-use-rustc-wrapper-for-build-scripts t - lsp-rust-analyzer-import-enforce-granularity t)) + lsp-rust-analyzer-import-enforce-granularity t + lsp-rust-analyzer-diagnostics-enable-experimental t + lsp-rust-analyzer-display-chaining-hints t)) #+end_src * Composition Modes for handling plain text and prose diff --git a/doom.d/init.el b/doom.d/init.el index 23a8383..bd596b4 100644 --- a/doom.d/init.el +++ b/doom.d/init.el @@ -55,7 +55,7 @@ :checkers (syntax +childframe) ; tasing you for every semicolon you forget - (spell +flyspell +hunspell +everywhere) ; tasing you for misspelling mispelling + (spell +aspell +everywhere) ; tasing you for misspelling mispelling :tools (debugger +lsp) ; stepping through code, to help you add bugs diff --git a/home-manager/programs/emacs.nix b/home-manager/programs/emacs.nix index dc93344..8399b26 100644 --- a/home-manager/programs/emacs.nix +++ b/home-manager/programs/emacs.nix @@ -17,6 +17,11 @@ libnotify # For flash cards anki + # For spelling + aspell + aspellDicts.en + aspellDicts.en-science + aspellDicts.en-computers # Desktop file for org-protocol (makeDesktopItem { name = "org-protocol"; From 8f231ab2ab30cb817b1eebf8395c1a9036844dcd Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sat, 3 Sep 2022 00:17:10 -0400 Subject: [PATCH 49/80] switch tablet key --- modules/user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user.nix b/modules/user.nix index 165778c..57a9c17 100644 --- a/modules/user.nix +++ b/modules/user.nix @@ -29,7 +29,7 @@ with lib; { # Phone key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" # Tablet key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKQYdgfDWhvbJnLvgTN/AVT733rz8G9+ck800py9r8r u0_a33@localhost" ]; }) ]; From 9817f1998fa41a427ebd24cef255ef0e974444cf Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 01:59:56 -0400 Subject: [PATCH 50/80] Move linux into its own directory --- flake.nix | 2 +- modules/base.nix | 14 ----- modules/linux/base.nix | 69 ++++------------------ modules/linux/default.nix | 44 ++++++++++++++ modules/{ => linux}/desktop.nix | 0 modules/{ => linux}/hardware.nix | 0 modules/linux/linux/base.nix | 59 ++++++++++++++++++ modules/{ => linux}/programs/games.nix | 4 +- modules/{ => linux}/programs/gpg.nix | 0 modules/{ => linux}/programs/utils.nix | 0 modules/{ => linux}/services/borg.nix | 0 modules/{ => linux}/services/matrix.nix | 0 modules/{ => linux}/services/nginx.nix | 0 modules/{ => linux}/services/ssh.nix | 0 modules/{ => linux}/services/tailscale.nix | 2 +- modules/{ => linux}/swaywm.nix | 0 modules/{ => linux}/user.nix | 0 modules/{ => linux}/virtualization.nix | 0 modules/{ => linux}/windows.nix | 4 +- modules/{default.nix => options.nix} | 39 +----------- 20 files changed, 122 insertions(+), 115 deletions(-) delete mode 100644 modules/base.nix create mode 100644 modules/linux/default.nix rename modules/{ => linux}/desktop.nix (100%) rename modules/{ => linux}/hardware.nix (100%) create mode 100644 modules/linux/linux/base.nix rename modules/{ => linux}/programs/games.nix (83%) rename modules/{ => linux}/programs/gpg.nix (100%) rename modules/{ => linux}/programs/utils.nix (100%) rename modules/{ => linux}/services/borg.nix (100%) rename modules/{ => linux}/services/matrix.nix (100%) rename modules/{ => linux}/services/nginx.nix (100%) rename modules/{ => linux}/services/ssh.nix (100%) rename modules/{ => linux}/services/tailscale.nix (96%) rename modules/{ => linux}/swaywm.nix (100%) rename modules/{ => linux}/user.nix (100%) rename modules/{ => linux}/virtualization.nix (100%) rename modules/{ => linux}/windows.nix (78%) rename modules/{default.nix => options.nix} (88%) diff --git a/flake.nix b/flake.nix index 8cf0049..1d8a666 100644 --- a/flake.nix +++ b/flake.nix @@ -86,7 +86,7 @@ modules = [ sops-nix.nixosModules.sops home-manager.nixosModules.home-manager - ./modules/default.nix + ./modules/linux/default.nix ({ pkgs, lib, config, ... }: { # Configure hostname networking = { diff --git a/modules/base.nix b/modules/base.nix deleted file mode 100644 index 5169a2e..0000000 --- a/modules/base.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; { - - config = { - nix = mkIf config.nathan.config.nix.autoGC { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - }; -} diff --git a/modules/linux/base.nix b/modules/linux/base.nix index bc0b0ec..5169a2e 100644 --- a/modules/linux/base.nix +++ b/modules/linux/base.nix @@ -1,59 +1,14 @@ -{ config, lib, pkgs, inputs, ... }@attrs: -with lib; -{ - config = mkMerge [ - (mkIf pkgs.stdenv.isLinux - { - zramSwap = mkIf config.nathan.services.zramSwap - { - enable = true; - algorithm = "lz4"; - memoryPercent = 25; - }; - nix = mkIf config.nathan.config.nix.autoGC { - autoOptimiseStore = true; - }; - }) - (mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) - (mkIf config.nathan.config.harden { - boot.kernelPackages = pkgs.linuxPackages_5_18_hardened; - security = { - allowSimultaneousMultithreading = true; - unprivilegedUsernsClone = true; +{ config, lib, pkgs, ... }: + +with lib; { + + config = { + nix = mkIf config.nathan.config.nix.autoGC { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; }; - }) - (mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) { - # Use the zen kernel with muqss turned on - boot.kernelPackages = - let - linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override { - structuredExtraConfig = with lib.kernel; { - SCHED_MUQSS = yes; - }; - ignoreConfigErrors = true; - } - ); - in - linuxZenWMuQSS; - }) - (mkIf - (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) - { - # Auto update daily at 2 am - system.autoUpgrade = { - enable = true; - allowReboot = true; - # Update from the flake - flake = "github:nathans-flakes/system"; - # Attempt to update daily at 2AM - dates = "2:00"; - }; - }) - # Systemd user service cludge - { - systemd.user.extraConfig = '' - DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin" - ''; - } - ]; + }; + }; } diff --git a/modules/linux/default.nix b/modules/linux/default.nix new file mode 100644 index 0000000..85f3869 --- /dev/null +++ b/modules/linux/default.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: +let + inherit (import ../lib.nix { inherit lib; inherit pkgs; }) nLib; +in +{ + imports = [ + ../options.nix + ./base.nix + ./user.nix + ./desktop.nix + ./swaywm.nix + ./hardware.nix + ./virtualization.nix + ./windows.nix + ./programs/games.nix + ./programs/gpg.nix + ./programs/utils.nix + ./services/ssh.nix + ./services/tailscale.nix + ./services/borg.nix + ./services/nginx.nix + ./services/matrix.nix + ./linux/base.nix + ]; + + config = { + # Enable the firewall + networking.firewall.enable = true; + # Enable unfree packages + nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree; + # Work around for discord jank ugh + nixpkgs.config.permittedInsecurePackages = [ + "electron-13.6.9" + ]; + # Set system state version + system.stateVersion = "22.05"; + # Enable flakes + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + }; +} diff --git a/modules/desktop.nix b/modules/linux/desktop.nix similarity index 100% rename from modules/desktop.nix rename to modules/linux/desktop.nix diff --git a/modules/hardware.nix b/modules/linux/hardware.nix similarity index 100% rename from modules/hardware.nix rename to modules/linux/hardware.nix diff --git a/modules/linux/linux/base.nix b/modules/linux/linux/base.nix new file mode 100644 index 0000000..bc0b0ec --- /dev/null +++ b/modules/linux/linux/base.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, inputs, ... }@attrs: +with lib; +{ + config = mkMerge [ + (mkIf pkgs.stdenv.isLinux + { + zramSwap = mkIf config.nathan.services.zramSwap + { + enable = true; + algorithm = "lz4"; + memoryPercent = 25; + }; + nix = mkIf config.nathan.config.nix.autoGC { + autoOptimiseStore = true; + }; + }) + (mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) + (mkIf config.nathan.config.harden { + boot.kernelPackages = pkgs.linuxPackages_5_18_hardened; + security = { + allowSimultaneousMultithreading = true; + unprivilegedUsernsClone = true; + }; + }) + (mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) { + # Use the zen kernel with muqss turned on + boot.kernelPackages = + let + linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override { + structuredExtraConfig = with lib.kernel; { + SCHED_MUQSS = yes; + }; + ignoreConfigErrors = true; + } + ); + in + linuxZenWMuQSS; + }) + (mkIf + (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) + { + # Auto update daily at 2 am + system.autoUpgrade = { + enable = true; + allowReboot = true; + # Update from the flake + flake = "github:nathans-flakes/system"; + # Attempt to update daily at 2AM + dates = "2:00"; + }; + }) + # Systemd user service cludge + { + systemd.user.extraConfig = '' + DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin" + ''; + } + ]; +} diff --git a/modules/programs/games.nix b/modules/linux/programs/games.nix similarity index 83% rename from modules/programs/games.nix rename to modules/linux/programs/games.nix index 8bb62f7..1ef08e8 100644 --- a/modules/programs/games.nix +++ b/modules/linux/programs/games.nix @@ -10,8 +10,8 @@ with lib; # https://github.com/Admicos/minecraft-wayland glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: { patches = attrs.patches ++ [ - ../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch - ../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch + ../../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch + ../../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch ]; }); stable-packages = with pkgs; [ diff --git a/modules/programs/gpg.nix b/modules/linux/programs/gpg.nix similarity index 100% rename from modules/programs/gpg.nix rename to modules/linux/programs/gpg.nix diff --git a/modules/programs/utils.nix b/modules/linux/programs/utils.nix similarity index 100% rename from modules/programs/utils.nix rename to modules/linux/programs/utils.nix diff --git a/modules/services/borg.nix b/modules/linux/services/borg.nix similarity index 100% rename from modules/services/borg.nix rename to modules/linux/services/borg.nix diff --git a/modules/services/matrix.nix b/modules/linux/services/matrix.nix similarity index 100% rename from modules/services/matrix.nix rename to modules/linux/services/matrix.nix diff --git a/modules/services/nginx.nix b/modules/linux/services/nginx.nix similarity index 100% rename from modules/services/nginx.nix rename to modules/linux/services/nginx.nix diff --git a/modules/services/ssh.nix b/modules/linux/services/ssh.nix similarity index 100% rename from modules/services/ssh.nix rename to modules/linux/services/ssh.nix diff --git a/modules/services/tailscale.nix b/modules/linux/services/tailscale.nix similarity index 96% rename from modules/services/tailscale.nix rename to modules/linux/services/tailscale.nix index b37a408..27664e3 100644 --- a/modules/services/tailscale.nix +++ b/modules/linux/services/tailscale.nix @@ -16,7 +16,7 @@ with lib; # Setup sops sops.secrets."tailscale-auth" = { - sopsFile = ../../secrets/all/tailscale.yaml; + sopsFile = ../../../secrets/all/tailscale.yaml; format = "yaml"; }; diff --git a/modules/swaywm.nix b/modules/linux/swaywm.nix similarity index 100% rename from modules/swaywm.nix rename to modules/linux/swaywm.nix diff --git a/modules/user.nix b/modules/linux/user.nix similarity index 100% rename from modules/user.nix rename to modules/linux/user.nix diff --git a/modules/virtualization.nix b/modules/linux/virtualization.nix similarity index 100% rename from modules/virtualization.nix rename to modules/linux/virtualization.nix diff --git a/modules/windows.nix b/modules/linux/windows.nix similarity index 78% rename from modules/windows.nix rename to modules/linux/windows.nix index 734fd45..1bed9c4 100644 --- a/modules/windows.nix +++ b/modules/linux/windows.nix @@ -23,8 +23,8 @@ with lib;{ serviceConfig = { Type = "forking"; ExecStart = - "${../scripts/windows/mount.sh} ${mount.device} ${mount.mountPoint} ${mount.keyFile}"; - ExecStop = "${../scripts/windows/unmount.sh} ${mount.device} ${mount.mountPoint}"; + "${../../scripts/windows/mount.sh} ${mount.device} ${mount.mountPoint} ${mount.keyFile}"; + ExecStop = "${../../scripts/windows/unmount.sh} ${mount.device} ${mount.mountPoint}"; }; }; }; diff --git a/modules/default.nix b/modules/options.nix similarity index 88% rename from modules/default.nix rename to modules/options.nix index c5adcc8..e1ec302 100644 --- a/modules/default.nix +++ b/modules/options.nix @@ -1,27 +1,9 @@ { config, lib, pkgs, ... }: + let inherit (import ./lib.nix { inherit lib; inherit pkgs; }) nLib; in { - imports = [ - ./base.nix - ./user.nix - ./desktop.nix - ./swaywm.nix - ./hardware.nix - ./virtualization.nix - ./windows.nix - ./programs/games.nix - ./programs/gpg.nix - ./programs/utils.nix - ./services/ssh.nix - ./services/tailscale.nix - ./services/borg.nix - ./services/nginx.nix - ./services/matrix.nix - ./linux/base.nix - ]; - options = with lib; with nLib; { nathan = { # Control enabling of services @@ -199,23 +181,4 @@ in }; }; }; - - config = { - # Enable the firewall - networking.firewall.enable = true; - # Enable unfree packages - nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree; - # Work around for discord jank ugh - nixpkgs.config.permittedInsecurePackages = [ - "electron-13.6.9" - ]; - # Set system state version - system.stateVersion = "22.05"; - # Enable flakes - # Enable nix flakes - nix.package = pkgs.nixFlakes; - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - }; } From 585dd9f50d814cdca83b806739337b0e24f277ca Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:22:19 -0400 Subject: [PATCH 51/80] Refactor linux specific configuration --- modules/linux/default.nix | 173 ++++++++++++++++++++++++++++++++++++++ modules/options.nix | 164 +----------------------------------- 2 files changed, 175 insertions(+), 162 deletions(-) diff --git a/modules/linux/default.nix b/modules/linux/default.nix index 85f3869..2966452 100644 --- a/modules/linux/default.nix +++ b/modules/linux/default.nix @@ -23,6 +23,179 @@ in ./linux/base.nix ]; + options = with lib; with nLib; { + nathan = { + # Control enabling of services + # Services are system specific so they go here + services = { + # Use zramSwap, enabled by default + zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop; + # Enable ssh and configure firewall + # On by default + ssh = mkEnableOptionT "ssh"; + # Enable tailscale, on by default on linux + tailscale = { + enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; + }; + # Borg backup + # Disabled by default as it requires configuration, but a really good idea to turn on + borg = { + enable = mkEnableOption "borg"; + extraExcludes = mkOption { + default = [ ]; + description = "List of extra paths to exclude"; + }; + extraIncludes = mkOption { + default = [ ]; + description = "List of extra paths to include"; + }; + location = mkOption { + default = "de1955@de1955.rsync.net:computers"; + description = "Location to backup to"; + type = lib.types.str; + }; + passwordFile = mkOption { + description = "Path to the password file"; + type = lib.types.str; + }; + sshKey = mkOption { + description = "Path to the ssh key"; + type = lib.types.str; + }; + startAt = mkOption { + description = "How often to run backups"; + default = "hourly"; + }; + }; + # Nginx + nginx = { + enable = mkEnableOption "nginx"; + acme = mkEnableOption "ACME Integration"; + }; + # Matrix + matrix = { + enable = mkEnableOption "matrix"; + baseDomain = mkOption { + description = "Base domain to use for the matrix services"; + example = "mccarty.io"; + type = lib.types.str; + }; + element = mkDefaultOption "element" config.nathan.services.matrix.enable; + enableRegistration = mkEnableOption "synapse registration"; + }; + }; + # Linux (desktop/server, not android) specific programs + programs = { + # Install games + games = mkEnableOption "games"; + # Install gpg with yubikey support + # Enabled by default if the system is a desktop + gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop; + utils = { + # Enable multi system emulation + # Enabled by default on desktop + binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop; + }; + }; + # Control enabling of hardware support + hardware = { + # Logitech hardware support + # On by default if the system is a desktop + logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; + }; + # Linux specific configuration + config = { + # Wether or not to install the main user + installUser = mkOption { + default = pkgs.stdenv.isLinux; + example = true; + description = "Whether to install the 'nathan' user"; + type = lib.types.bool; + }; + # Name of the user to install + user = mkOption { + default = "nathan"; + example = "nathan"; + description = "Username to use for common configuration"; + type = lib.types.str; + }; + # Name of the user to install + email = mkOption { + default = "nathan@mccarty.io"; + example = "nathan@mccarty.io"; + description = "Email to use for common configuration"; + type = lib.types.str; + }; + # Is this system a desktop? + # Off by default + isDesktop = mkEnableOption "Desktop specific settings"; + # Should we harden this system? + # On by default + harden = mkEnableOptionT "Apply system hardening"; + # Enable audio subsystem + # On by default if the system is a desktop + audio = mkDefaultOption "audio" config.nathan.config.isDesktop; + # Basic grub configuration + # Off by default + setupGrub = mkEnableOption "Setup grub"; + # Install fonts + # On by default if the system is a desktop + fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop; + # Enable unfree software + # On by default + enableUnfree = mkEnableOptionT "unfree software"; + # Nix configuration + nix = { + # Automatic GC and optimization of the nix store + # On by default + autoGC = mkEnableOptionT "Nix store optimization and auto gc"; + # Automatic updating of the system + # On by default + autoUpdate = mkEnableOptionT "Nix autoupdating"; + }; + # Swaywm configuration + # On by default if the system is a desktop + swaywm = { + enable = mkOption { + default = config.nathan.config.isDesktop; + example = true; + description = "Whether to setup swaywm"; + type = lib.types.bool; + }; + }; + # Virtualization configuration + # All on by default if the system is a desktop + virtualization = { + qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop; + docker = mkDefaultOption "docker" config.nathan.config.isDesktop; + lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; + nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; + }; + # Support for interacting with a dual booted windows system + windows = { + enable = mkEnableOption "Windows Integration"; + mount = { + enable = mkDefaultOption "Mount a bitlockered windows partition" config.nathan.config.windows.enable; + device = mkOption { + description = "Device to mount"; + example = "/dev/sda2"; + type = types.str; + }; + mountPoint = mkOption { + description = "Location to mount the device to"; + example = "/dev/sda2"; + type = types.str; + }; + keyFile = mkOption { + description = "File containing the recovery key for the partition"; + type = types.str; + }; + }; + }; + }; + }; + }; + config = { # Enable the firewall networking.firewall.enable = true; diff --git a/modules/options.nix b/modules/options.nix index e1ec302..d47dcb2 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -6,179 +6,19 @@ in { options = with lib; with nLib; { nathan = { - # Control enabling of services - services = { - # Use zramSwap, enabled by default - zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop; - # Enable ssh and configure firewall - # On by default - ssh = mkEnableOptionT "ssh"; - # Enable tailscale, on by default on linux - tailscale = { - enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux; - }; - # Borg backup - # Disabled by default as it requires configuration, but a really good idea to turn on - borg = { - enable = mkEnableOption "borg"; - extraExcludes = mkOption { - default = [ ]; - description = "List of extra paths to exclude"; - }; - extraIncludes = mkOption { - default = [ ]; - description = "List of extra paths to include"; - }; - location = mkOption { - default = "de1955@de1955.rsync.net:computers"; - description = "Location to backup to"; - type = lib.types.str; - }; - passwordFile = mkOption { - description = "Path to the password file"; - type = lib.types.str; - }; - sshKey = mkOption { - description = "Path to the ssh key"; - type = lib.types.str; - }; - startAt = mkOption { - description = "How often to run backups"; - default = "hourly"; - }; - }; - # Nginx - nginx = { - enable = mkEnableOption "nginx"; - acme = mkEnableOption "ACME Integration"; - }; - # Matrix - matrix = { - enable = mkEnableOption "matrix"; - baseDomain = mkOption { - description = "Base domain to use for the matrix services"; - example = "mccarty.io"; - type = lib.types.str; - }; - element = mkDefaultOption "element" config.nathan.services.matrix.enable; - enableRegistration = mkEnableOption "synapse registration"; - }; - }; - # Control enabling/configuratin of services + # Programs, many of these will be generic programs = { - # Install games - games = mkEnableOption "games"; - # Install gpg with yubikey support - # Enabled by default if the system is a desktop - gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop; # Utility modules utils = { # Core utililtes I want on every system # Enabled by default core = mkEnableOptionT "utils-core"; - # Enable multi system emulation - # Enabled by default on desktop - binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop; # Development utilities that can't be installed through home manager due to collisions devel = mkDefaultOption "devel" config.nathan.config.isDesktop; }; }; - # Control enabling of hardware support - hardware = { - # Logitech hardware support - # On by default if the system is a desktop - logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop; - }; # General system configuration - config = { - # Wether or not to install the main user - installUser = mkOption { - default = pkgs.stdenv.isLinux; - example = true; - description = "Whether to install the 'nathan' user"; - type = lib.types.bool; - }; - # Name of the user to install - user = mkOption { - default = "nathan"; - example = "nathan"; - description = "Username to use for common configuration"; - type = lib.types.str; - }; - # Name of the user to install - email = mkOption { - default = "nathan@mccarty.io"; - example = "nathan@mccarty.io"; - description = "Email to use for common configuration"; - type = lib.types.str; - }; - # Is this system a desktop? - # Off by default - isDesktop = mkEnableOption "Desktop specific settings"; - # Should we harden this system? - # On by default - harden = mkEnableOptionT "Apply system hardening"; - # Enable audio subsystem - # On by default if the system is a desktop - audio = mkDefaultOption "audio" config.nathan.config.isDesktop; - # Basic grub configuration - # Off by default - setupGrub = mkEnableOption "Setup grub"; - # Install fonts - # On by default if the system is a desktop - fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop; - # Enable unfree software - # On by default - enableUnfree = mkEnableOptionT "unfree software"; - # Nix configuration - nix = { - # Automatic GC and optimization of the nix store - # On by default - autoGC = mkEnableOptionT "Nix store optimization and auto gc"; - # Automatic updating of the system - # On by default - autoUpdate = mkEnableOptionT "Nix autoupdating"; - }; - # Swaywm configuration - # On by default if the system is a desktop - swaywm = { - enable = mkOption { - default = config.nathan.config.isDesktop; - example = true; - description = "Whether to setup swaywm"; - type = lib.types.bool; - }; - }; - # Virtualization configuration - # All on by default if the system is a desktop - virtualization = { - qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop; - docker = mkDefaultOption "docker" config.nathan.config.isDesktop; - lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop; - nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop; - }; - # Support for interacting with a dual booted windows system - windows = { - enable = mkEnableOption "Windows Integration"; - mount = { - enable = mkDefaultOption "Mount a bitlockered windows partition" config.nathan.config.windows.enable; - device = mkOption { - description = "Device to mount"; - example = "/dev/sda2"; - type = types.str; - }; - mountPoint = mkOption { - description = "Location to mount the device to"; - example = "/dev/sda2"; - type = types.str; - }; - keyFile = mkOption { - description = "File containing the recovery key for the partition"; - type = types.str; - }; - }; - }; - }; + config = { }; }; }; } From 9536d516512d9009f99c0bfe5bacc4378baaa490 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:24:29 -0400 Subject: [PATCH 52/80] Add additional avy bindings --- doom.d/config.el | 8 ++++---- doom.d/config.org | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index 4849f9e..b02d573 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -120,14 +120,14 @@ (after! avy (define-key! - "C-:" 'avy-goto-char - "C-'" 'avy-goto-char-2 + "M-g c" 'avy-goto-char + "M-g x" 'avy-goto-char-2 "M-g f" 'avy-goto-line "M-g w" 'avy-goto-word-1 "M-g e" 'avy-goto-word-0) (cheatsheet-add-group 'Avy - '(:key "C-:" :description "Goto Char") - '(:key "C-'" :description "Goto Char (2)") + '(:key "M-g c" :description "Goto Char") + '(:key "M-g x" :description "Goto Char (2)") '(:key "M-g f" :description "Goto line") '(:key "M-g w" :description "Goto word") '(:key "M-g e" :description "Goto word (0)"))) diff --git a/doom.d/config.org b/doom.d/config.org index 186a9a7..ef4871b 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -169,14 +169,14 @@ Set up our key bindings #+begin_src emacs-lisp (after! avy (define-key! - "C-:" 'avy-goto-char - "C-'" 'avy-goto-char-2 + "M-g c" 'avy-goto-char + "M-g x" 'avy-goto-char-2 "M-g f" 'avy-goto-line "M-g w" 'avy-goto-word-1 "M-g e" 'avy-goto-word-0) (cheatsheet-add-group 'Avy - '(:key "C-:" :description "Goto Char") - '(:key "C-'" :description "Goto Char (2)") + '(:key "M-g c" :description "Goto Char") + '(:key "M-g x" :description "Goto Char (2)") '(:key "M-g f" :description "Goto line") '(:key "M-g w" :description "Goto word") '(:key "M-g e" :description "Goto word (0)"))) From 87ed1662564523d995ba595c1b02ec0c98bdd1ca Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:32:49 -0400 Subject: [PATCH 53/80] Factor out non-linux-specific utilities --- flake.lock | 42 ++++++++++++++++++++++++++++++- flake.nix | 15 +++++++++++ machines/tablet/configuration.nix | 5 ++++ modules/common/programs/utils.nix | 33 ++++++++++++++++++++++++ modules/linux/programs/utils.nix | 8 +++--- modules/nix-on-droid/default.nix | 5 ++++ 6 files changed, 102 insertions(+), 6 deletions(-) create mode 100644 machines/tablet/configuration.nix create mode 100644 modules/common/programs/utils.nix create mode 100644 modules/nix-on-droid/default.nix diff --git a/flake.lock b/flake.lock index 24e8227..c99927a 100644 --- a/flake.lock +++ b/flake.lock @@ -283,6 +283,21 @@ "type": "github" } }, + "flake-utils_4": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "format-all": { "flake": false, "locked": { @@ -483,6 +498,30 @@ "type": "github" } }, + "nix-on-droid": { + "inputs": { + "flake-utils": "flake-utils_3", + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658777837, + "narHash": "sha256-12rIm639nXldGgyc1uPbF/oz2jTrpgl8zvqxrIq+Jek=", + "owner": "t184256", + "repo": "nix-on-droid", + "rev": "d49fd3a0c874d34a3c3f33fa73cd7a364a1332e3", + "type": "github" + }, + "original": { + "owner": "t184256", + "repo": "nix-on-droid", + "type": "github" + } + }, "nix-straight": { "flake": false, "locked": { @@ -780,6 +819,7 @@ "java": "java", "mozilla": "mozilla", "nix-doom-emacs": "nix-doom-emacs", + "nix-on-droid": "nix-on-droid", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable_2", @@ -939,7 +979,7 @@ "wsl": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index 1d8a666..6280798 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,13 @@ url = "github:nathans-flakes/gamescope"; inputs.nixpkgs.follows = "nixpkgs"; }; + nix-on-droid = { + url = "github:t184256/nix-on-droid"; + inputs = { + nixpkgs.follows = "nixpkgs"; + home-manager.follows = "home-manager"; + }; + }; }; outputs = @@ -76,6 +83,7 @@ , nixos-generators , wsl , gamescope + , nix-on-droid }@inputs: let makeNixosSystem = { system, hostName, extraModules ? [ ], ourNixpkgs ? nixpkgs }: ourNixpkgs.lib.nixosSystem { @@ -156,6 +164,13 @@ ]; }; }; + # Android systems + nixOnDroidConfigurations = { + tablet = nix-on-droid.lib.nixOnDroidConfiguration { + config = ./machines/tablet/configuration.nix; + system = "aarch64-linux"; + }; + }; packages = { x86_64-linux = { # Hyper-V image diff --git a/machines/tablet/configuration.nix b/machines/tablet/configuration.nix new file mode 100644 index 0000000..865d469 --- /dev/null +++ b/machines/tablet/configuration.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + +} diff --git a/modules/common/programs/utils.nix b/modules/common/programs/utils.nix new file mode 100644 index 0000000..863f132 --- /dev/null +++ b/modules/common/programs/utils.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkMerge [ + (mkIf nathan.programs.utils.core + { + environment.systemPackages = with pkgs; [ + # Basic command line utilities + wget + tmux + nano + unzip + any-nix-shell + htop + # For nslookup + dnsutils + # Mosh for better high-latency ssh + mosh + # PV for viewing pipes + pv + ]; + }) + (mkIf nathan.programs.utils.devel { + environment.systemPackages = with pkgs; [ + gcc + binutils + ]; + }) + ]; +} diff --git a/modules/linux/programs/utils.nix b/modules/linux/programs/utils.nix index 2171ab8..b672c4d 100644 --- a/modules/linux/programs/utils.nix +++ b/modules/linux/programs/utils.nix @@ -4,6 +4,9 @@ let in with lib; { + imports = [ + ../../common/programs/utils.nix + ]; config = mkMerge [ (mkIf nathan.programs.utils.core { @@ -23,11 +26,6 @@ with lib; pv ]; }) - (mkIf nathan.programs.utils.binfmt { - boot.binfmt.emulatedSystems = [ - "aarch64-linux" - ]; - }) (mkIf nathan.programs.utils.devel { environment.systemPackages = with pkgs; [ gcc diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix new file mode 100644 index 0000000..17acfb2 --- /dev/null +++ b/modules/nix-on-droid/default.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: +let + inherit (import ../lib.nix { inherit lib; inherit pkgs; }) nLib; +in +{ } From e5be86a89f5d92a459167a8be7d3567e82ec12a0 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:46:27 -0400 Subject: [PATCH 54/80] First pass nix-on-droid --- flake.nix | 3 +++ machines/tablet/configuration.nix | 4 +-- modules/nix-on-droid/default.nix | 8 +++++- modules/nix-on-droid/programs/util.nix | 35 ++++++++++++++++++++++++++ 4 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 modules/nix-on-droid/programs/util.nix diff --git a/flake.nix b/flake.nix index 6280798..b220e58 100644 --- a/flake.nix +++ b/flake.nix @@ -169,6 +169,9 @@ tablet = nix-on-droid.lib.nixOnDroidConfiguration { config = ./machines/tablet/configuration.nix; system = "aarch64-linux"; + extraModules = [ + ./modules/nix-on-droid/default.nix + ]; }; }; packages = { diff --git a/machines/tablet/configuration.nix b/machines/tablet/configuration.nix index 865d469..88d8a3b 100644 --- a/machines/tablet/configuration.nix +++ b/machines/tablet/configuration.nix @@ -1,5 +1,3 @@ { config, lib, pkgs, ... }: -{ - -} +{ } diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index 17acfb2..fb279fd 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -2,4 +2,10 @@ let inherit (import ../lib.nix { inherit lib; inherit pkgs; }) nLib; in -{ } +{ + imports = [ + ../options.nix + ]; + + options = with lib; with nLib; { }; +} diff --git a/modules/nix-on-droid/programs/util.nix b/modules/nix-on-droid/programs/util.nix new file mode 100644 index 0000000..1e29556 --- /dev/null +++ b/modules/nix-on-droid/programs/util.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: +let + nathan = config.nathan; +in +with lib; +{ + config = mkMerge [ + (mkIf nathan.programs.utils.core + { + environment.packages = with pkgs; [ + # Basic command line utilities + wget + tmux + nano + unzip + any-nix-shell + htop + # For being able to update the flake + gitFull + # For nslookup + dnsutils + # Mosh for better high-latency ssh + mosh + # PV for viewing pipes + pv + ]; + }) + (mkIf nathan.programs.utils.devel { + environment.packages = with pkgs; [ + gcc + binutils + ]; + }) + ]; +} From 818294bddd69a32275f6dee2b41f3d0e72821cf9 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:48:19 -0400 Subject: [PATCH 55/80] Add nix configuration to droid --- modules/nix-on-droid/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index fb279fd..e1bf741 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -8,4 +8,21 @@ in ]; options = with lib; with nLib; { }; + + config = { + # Enable unfree packages + nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree; + # Work around for discord jank ugh + nixpkgs.config.permittedInsecurePackages = [ + "electron-13.6.9" + ]; + # Set system state version + system.stateVersion = "22.05"; + # Enable flakes + # Enable nix flakes + nix.package = pkgs.nixFlakes; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + }; } From 092a0d001032eb56ea23912c984bc01f3ccdc8a3 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 02:54:15 -0400 Subject: [PATCH 56/80] Seperate out linux home-manager --- flake.nix | 2 +- home-manager/{ => common}/programs/core.nix | 0 home-manager/{ => common}/programs/devel.nix | 2 +- home-manager/default.nix | 112 ------------------ home-manager/linux/default.nix | 73 ++++++++++++ .../{ => linux}/programs/communications.nix | 2 +- home-manager/{ => linux}/programs/emacs.nix | 2 +- .../{ => linux}/programs/image-editing.nix | 0 home-manager/{ => linux}/programs/media.nix | 0 home-manager/{ => linux}/programs/sway.nix | 0 home-manager/{ => linux}/programs/wine.nix | 0 home-manager/{ => linux}/services/email.nix | 6 +- .../{ => linux}/services/syncthing.nix | 0 home-manager/options.nix | 55 +++++++++ 14 files changed, 135 insertions(+), 119 deletions(-) rename home-manager/{ => common}/programs/core.nix (100%) rename home-manager/{ => common}/programs/devel.nix (97%) delete mode 100644 home-manager/default.nix create mode 100644 home-manager/linux/default.nix rename home-manager/{ => linux}/programs/communications.nix (96%) rename home-manager/{ => linux}/programs/emacs.nix (98%) rename home-manager/{ => linux}/programs/image-editing.nix (100%) rename home-manager/{ => linux}/programs/media.nix (100%) rename home-manager/{ => linux}/programs/sway.nix (100%) rename home-manager/{ => linux}/programs/wine.nix (100%) rename home-manager/{ => linux}/services/email.nix (90%) rename home-manager/{ => linux}/services/syncthing.nix (100%) create mode 100644 home-manager/options.nix diff --git a/flake.nix b/flake.nix index b220e58..4ae5d29 100644 --- a/flake.nix +++ b/flake.nix @@ -116,7 +116,7 @@ nixosConfig = config; }; sharedModules = [ - ./home-manager/default.nix + ./home-manager/linux/default.nix ]; }; }) diff --git a/home-manager/programs/core.nix b/home-manager/common/programs/core.nix similarity index 100% rename from home-manager/programs/core.nix rename to home-manager/common/programs/core.nix diff --git a/home-manager/programs/devel.nix b/home-manager/common/programs/devel.nix similarity index 97% rename from home-manager/programs/devel.nix rename to home-manager/common/programs/devel.nix index bcf3a3e..2888ab0 100644 --- a/home-manager/programs/devel.nix +++ b/home-manager/common/programs/devel.nix @@ -2,7 +2,7 @@ let devel = config.nathan.programs.devel; unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; - inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; + inherit (import ../../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; in with lib; with nLib; { diff --git a/home-manager/default.nix b/home-manager/default.nix deleted file mode 100644 index 1276604..0000000 --- a/home-manager/default.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: -let - inherit (import ../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; -in -with lib; with nLib; { - imports = [ - ./programs/sway.nix - ./programs/core.nix - ./programs/communications.nix - ./programs/devel.nix - ./programs/emacs.nix - ./programs/image-editing.nix - ./programs/media.nix - ./programs/wine.nix - ./services/syncthing.nix - ./services/email.nix - ]; - - options = { - nathan = { - # Services - services = { - # Synthing, enabled by default on linux desktop - syncthing = mkDefaultOption "Syncthing" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); - # Email syncing - # Disabled by default since this requires manual setup on the machine - # TODO: Get this working on darwin - email = { - enable = mkEnableOption "Email"; - }; - }; - # Programs - programs = { - util = { - # Core utilites - core = mkEnableOptionT "core"; - # Ssh configuration, enabled by default - ssh = mkEnableOptionT "ssh"; - # Fish configuration, enabled by default - fish = mkEnableOptionT "fish"; - # Git configuration, enabled by default - git = { - enable = mkEnableOptionT "git"; - gpgSign = mkDefaultOption "git signatures" config.nathan.config.isDesktop; - }; - # Bat configuration, enabled by default - bat = mkEnableOptionT "bat"; - # JSON Utilities, enabled by default - json = mkEnableOptionT "json"; - # Productivity application - productivity = mkDefaultOption "Productivity applications" config.nathan.config.isDesktop; - # Wine support, disabled by default - wine = mkEnableOption "wine"; - }; - # Swaywm and supoorting application configuration - swaywm = { - enable = mkDefaultOption "swaywm" config.nathan.config.isDesktop; - }; - # Communications applications - communications = { - # Enable by default if we are on a linux desktop - enable = mkDefaultOption "Communication applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); - }; - # Development applications, enabled by default on desktop - devel = { - core = mkDefaultOption "Core Development Utilites" config.nathan.config.isDesktop; - rust = mkDefaultOption "Rust Development Utilites" config.nathan.config.isDesktop; - jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop; - python = mkDefaultOption "Python Development Utilites" config.nathan.config.isDesktop; - js = mkDefaultOption "JavaScript/TypeScript Development Utilites" config.nathan.config.isDesktop; - raku = mkDefaultOption "Raku Development Utilites" config.nathan.config.isDesktop; - }; - # Emacs, enabled by default on desktop - emacs = { - enable = mkDefaultOption "Emacs" config.nathan.config.isDesktop; - service = mkDefaultOption "Emacs Service" config.nathan.config.isDesktop; - package = mkOption { - description = "Emacs package to use"; - default = inputs.emacs.packages."${pkgs.system}".emacsPgtkNativeComp; - }; - }; - # Image editing software, on by default on desktop - image-editing = mkDefaultOption "Image Editing Software" config.nathan.config.isDesktop; - # Media appilcations, on by default on linux desktop - media = { - enable = mkDefaultOption "Media Applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); - mopidyExtraConfig = mkOption { - description = "Extra config files for mopidy"; - default = [ ]; - }; - }; - # Firefox, enabled by default on linux desktop - firefox = mkDefaultOption "Firefox" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); - }; - # General configuration options - config = { - # Is this system a desktop? - # false by default - isDesktop = mkEnableOption "Desktop specific settings"; - }; - }; - }; - - config = { - home.stateVersion = "22.05"; - programs.home-manager.enable = true; - programs.firefox = { - enable = config.nathan.programs.firefox; - package = pkgs.firefox-beta-bin; - }; - }; -} diff --git a/home-manager/linux/default.nix b/home-manager/linux/default.nix new file mode 100644 index 0000000..21fb462 --- /dev/null +++ b/home-manager/linux/default.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, inputs, ... }: +let + inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in +with lib; with nLib; { + imports = [ + ../options.nix + ./programs/sway.nix + ../common/programs/core.nix + ./programs/communications.nix + ../common/programs/devel.nix + ./programs/emacs.nix + ./programs/image-editing.nix + ./programs/media.nix + ./programs/wine.nix + ./services/syncthing.nix + ./services/email.nix + ]; + + options = { + nathan = { + # Services, these are platform specific so they go here + services = { + # Synthing, enabled by default on linux desktop + syncthing = mkDefaultOption "Syncthing" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + # Email syncing + # Disabled by default since this requires manual setup on the machine + # TODO: Get this working on darwin + email = { + enable = mkEnableOption "Email"; + }; + }; + # Linux specific programs + programs = { + util = { + # Wine support, disabled by default + wine = mkEnableOption "wine"; + }; + # Swaywm and supoorting application configuration + swaywm = { + enable = mkDefaultOption "swaywm" config.nathan.config.isDesktop; + }; + # Communications applications + communications = { + # Enable by default if we are on a linux desktop + enable = mkDefaultOption "Communication applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + # Image editing software, on by default on desktop + image-editing = mkDefaultOption "Image Editing Software" config.nathan.config.isDesktop; + # Media appilcations, on by default on linux desktop + media = { + enable = mkDefaultOption "Media Applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + mopidyExtraConfig = mkOption { + description = "Extra config files for mopidy"; + default = [ ]; + }; + }; + # Firefox, enabled by default on linux desktop + firefox = mkDefaultOption "Firefox" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux); + }; + }; + }; + + config = { + home.stateVersion = "22.05"; + programs.home-manager.enable = true; + programs.firefox = { + enable = config.nathan.programs.firefox; + package = pkgs.firefox-beta-bin; + }; + nathan.programs.emacs.package = lib.mkDefault inputs.emacs.packages."${pkgs.system}".emacsPgtkNativeComp; + }; +} diff --git a/home-manager/programs/communications.nix b/home-manager/linux/programs/communications.nix similarity index 96% rename from home-manager/programs/communications.nix rename to home-manager/linux/programs/communications.nix index 111c76e..46215ea 100644 --- a/home-manager/programs/communications.nix +++ b/home-manager/linux/programs/communications.nix @@ -15,7 +15,7 @@ ''; } ); - discordWayland = pkgs.callPackage ../../packages/discord/default.nix rec { + discordWayland = pkgs.callPackage ../../../packages/discord/default.nix rec { pname = "discord-electron"; binaryName = "Discord"; desktopName = "Discord (Wayland)"; diff --git a/home-manager/programs/emacs.nix b/home-manager/linux/programs/emacs.nix similarity index 98% rename from home-manager/programs/emacs.nix rename to home-manager/linux/programs/emacs.nix index 8399b26..304d49a 100644 --- a/home-manager/programs/emacs.nix +++ b/home-manager/linux/programs/emacs.nix @@ -35,7 +35,7 @@ # Setup doom emacs programs.doom-emacs = { enable = true; - doomPrivateDir = ../../doom.d; + doomPrivateDir = ../../../doom.d; emacsPackage = config.nathan.programs.emacs.package; emacsPackagesOverlay = self: super: { org-protocol-capture-html = self.trivialBuild { diff --git a/home-manager/programs/image-editing.nix b/home-manager/linux/programs/image-editing.nix similarity index 100% rename from home-manager/programs/image-editing.nix rename to home-manager/linux/programs/image-editing.nix diff --git a/home-manager/programs/media.nix b/home-manager/linux/programs/media.nix similarity index 100% rename from home-manager/programs/media.nix rename to home-manager/linux/programs/media.nix diff --git a/home-manager/programs/sway.nix b/home-manager/linux/programs/sway.nix similarity index 100% rename from home-manager/programs/sway.nix rename to home-manager/linux/programs/sway.nix diff --git a/home-manager/programs/wine.nix b/home-manager/linux/programs/wine.nix similarity index 100% rename from home-manager/programs/wine.nix rename to home-manager/linux/programs/wine.nix diff --git a/home-manager/services/email.nix b/home-manager/linux/services/email.nix similarity index 90% rename from home-manager/services/email.nix rename to home-manager/linux/services/email.nix index 05a0fd0..4d0dd0f 100644 --- a/home-manager/services/email.nix +++ b/home-manager/linux/services/email.nix @@ -46,7 +46,7 @@ with lib; { port = 1143; tls = { useStartTls = true; - certificatesFile = ../../certificates/protonmail-${nixosConfig.networking.hostName}.pem; + certificatesFile = ../../../certificates/protonmail-${nixosConfig.networking.hostName}.pem; }; }; smtp = { @@ -54,7 +54,7 @@ with lib; { port = 1025; tls = { useStartTls = true; - certificatesFile = ../../certificates/protonmail-${nixosConfig.networking.hostName}.pem; + certificatesFile = ../../../certificates/protonmail-${nixosConfig.networking.hostName}.pem; }; }; mbsync = { @@ -82,7 +82,7 @@ with lib; { postExec = if config.nathan.programs.emacs.service then - "${../../scripts/update-mu4e.sh}" + "${../../../scripts/update-mu4e.sh}" else "${pkgs.mu}/bin/mu index"; }; diff --git a/home-manager/services/syncthing.nix b/home-manager/linux/services/syncthing.nix similarity index 100% rename from home-manager/services/syncthing.nix rename to home-manager/linux/services/syncthing.nix diff --git a/home-manager/options.nix b/home-manager/options.nix new file mode 100644 index 0000000..0c8a951 --- /dev/null +++ b/home-manager/options.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: +let + inherit (import ../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in +with lib; with nLib; +{ + options = { + nathan = { + programs = { + util = { + # Core utilites + core = mkEnableOptionT "core"; + # Ssh configuration, enabled by default + ssh = mkEnableOptionT "ssh"; + # Fish configuration, enabled by default + fish = mkEnableOptionT "fish"; + # Git configuration, enabled by default + git = { + enable = mkEnableOptionT "git"; + gpgSign = mkDefaultOption "git signatures" config.nathan.config.isDesktop; + }; + # Bat configuration, enabled by default + bat = mkEnableOptionT "bat"; + # JSON Utilities, enabled by default + json = mkEnableOptionT "json"; + # Productivity application + productivity = mkDefaultOption "Productivity applications" config.nathan.config.isDesktop; + }; + # Development applications, enabled by default on desktop + devel = { + core = mkDefaultOption "Core Development Utilites" config.nathan.config.isDesktop; + rust = mkDefaultOption "Rust Development Utilites" config.nathan.config.isDesktop; + jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop; + python = mkDefaultOption "Python Development Utilites" config.nathan.config.isDesktop; + js = mkDefaultOption "JavaScript/TypeScript Development Utilites" config.nathan.config.isDesktop; + raku = mkDefaultOption "Raku Development Utilites" config.nathan.config.isDesktop; + }; + # Emacs, enabled by default on desktop + emacs = { + enable = mkDefaultOption "Emacs" config.nathan.config.isDesktop; + service = mkDefaultOption "Emacs Service" config.nathan.config.isDesktop; + package = mkOption { + description = "Emacs package to use"; + }; + }; + }; + # General configuration options + config = { + # Is this system a desktop? + # false by default + isDesktop = mkEnableOption "Desktop specific settings"; + }; + }; + }; +} From e391e6e42bc206f45c6d1eaedf96ecc5082813d8 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:15:17 -0400 Subject: [PATCH 57/80] Tweak nix-on-droid defaults --- modules/nix-on-droid/default.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index e1bf741..2101e20 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -10,12 +10,7 @@ in options = with lib; with nLib; { }; config = { - # Enable unfree packages - nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree; - # Work around for discord jank ugh - nixpkgs.config.permittedInsecurePackages = [ - "electron-13.6.9" - ]; + # Set system state version system.stateVersion = "22.05"; # Enable flakes @@ -24,5 +19,8 @@ in nix.extraOptions = '' experimental-features = nix-command flakes ''; + + # Set login shell + user.shell = "#{pkgs.fish}/bin/fish"; }; } From 53959dcedce287474ede95fa4ddecb924512bf3a Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:17:19 -0400 Subject: [PATCH 58/80] whoop --- modules/nix-on-droid/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index 2101e20..f8ead1b 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -21,6 +21,6 @@ in ''; # Set login shell - user.shell = "#{pkgs.fish}/bin/fish"; + user.shell = "${pkgs.fish}/bin/fish"; }; } From 6b96e82cd3cbe506e08dca7112e6e046d072fae0 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:21:18 -0400 Subject: [PATCH 59/80] home.nix --- flake.nix | 14 ++++++++++++++ machines/tablet/configuration.nix | 5 ++++- machines/tablet/home.nix | 9 +++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 machines/tablet/home.nix diff --git a/flake.nix b/flake.nix index 4ae5d29..dba2db3 100644 --- a/flake.nix +++ b/flake.nix @@ -171,6 +171,20 @@ system = "aarch64-linux"; extraModules = [ ./modules/nix-on-droid/default.nix + ({ pkgs, lib, config, ... }: { + # Home manager configuration + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + extraSpecialArgs = { + inputs = inputs; + nixosConfig = config; + }; + sharedModules = [ + ./home-manager/linux/default.nix + ]; + }; + }) ]; }; }; diff --git a/machines/tablet/configuration.nix b/machines/tablet/configuration.nix index 88d8a3b..e3d9969 100644 --- a/machines/tablet/configuration.nix +++ b/machines/tablet/configuration.nix @@ -1,3 +1,6 @@ { config, lib, pkgs, ... }: -{ } +{ + + home-manager.config = import ./home.nix; +} diff --git a/machines/tablet/home.nix b/machines/tablet/home.nix new file mode 100644 index 0000000..574d9bd --- /dev/null +++ b/machines/tablet/home.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, ... }: + +{ + nathan = { + config = { + isDesktop = true; + }; + }; +} From f8a4c48b0a709053c14455c47ba6ba1cdd8208ba Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:29:35 -0400 Subject: [PATCH 60/80] starter home --- home-manager/common/programs/devel.nix | 11 ----------- home-manager/linux/default.nix | 4 ++++ home-manager/linux/programs/devel.nix | 22 ++++++++++++++++++++++ home-manager/nix-on-droid/default.nix | 24 ++++++++++++++++++++++++ home-manager/options.nix | 1 - 5 files changed, 50 insertions(+), 12 deletions(-) create mode 100644 home-manager/linux/programs/devel.nix create mode 100644 home-manager/nix-on-droid/default.nix diff --git a/home-manager/common/programs/devel.nix b/home-manager/common/programs/devel.nix index 2888ab0..dddc263 100644 --- a/home-manager/common/programs/devel.nix +++ b/home-manager/common/programs/devel.nix @@ -68,17 +68,6 @@ with lib; with nLib; { sccache ]; }) - # JVM Development - (mkIf devel.jvm { - home.packages = with unstable; [ - inputs.java.packages."${pkgs.system}".semeru-stable - gradle - kotlin - kotlin-native - kotlin-language-server - ktlint - ]; - }) # Python Development (mkIf devel.python { home.packages = with pkgs; [ diff --git a/home-manager/linux/default.nix b/home-manager/linux/default.nix index 21fb462..7e6680d 100644 --- a/home-manager/linux/default.nix +++ b/home-manager/linux/default.nix @@ -9,6 +9,7 @@ with lib; with nLib; { ../common/programs/core.nix ./programs/communications.nix ../common/programs/devel.nix + ./programs/devel.nix ./programs/emacs.nix ./programs/image-editing.nix ./programs/media.nix @@ -36,6 +37,9 @@ with lib; with nLib; { # Wine support, disabled by default wine = mkEnableOption "wine"; }; + devel = { + jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop; + }; # Swaywm and supoorting application configuration swaywm = { enable = mkDefaultOption "swaywm" config.nathan.config.isDesktop; diff --git a/home-manager/linux/programs/devel.nix b/home-manager/linux/programs/devel.nix new file mode 100644 index 0000000..2ac95ba --- /dev/null +++ b/home-manager/linux/programs/devel.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, inputs, ... }: +let + devel = config.nathan.programs.devel; + unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; + inherit (import ../../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in + +with lib; with nLib; { + config = mkMerge [ + # JVM Development + (mkIf devel.jvm { + home.packages = with unstable; [ + inputs.java.packages."${pkgs.system}".semeru-stable + gradle + kotlin + kotlin-native + kotlin-language-server + ktlint + ]; + }) + ]; +} diff --git a/home-manager/nix-on-droid/default.nix b/home-manager/nix-on-droid/default.nix new file mode 100644 index 0000000..d92b259 --- /dev/null +++ b/home-manager/nix-on-droid/default.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, inputs, ... }: +let + inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib; +in +with lib; with nLib; { + imports = [ + ../options.nix + ../common/programs/core.nix + ../common/programs/devel.nix + ]; + + options = { }; + + config = { + home.stateVersion = "22.05"; + programs.home-manager.enable = true; + nathan.programs.emacs.package = lib.mkDefault inputs.emacs.packages."${pkgs.system}".emacsNativeComp.override { + withNS = false; + withX = false; + withGTK2 = false; + withGTK3 = false; + }; + }; +} diff --git a/home-manager/options.nix b/home-manager/options.nix index 0c8a951..5d15def 100644 --- a/home-manager/options.nix +++ b/home-manager/options.nix @@ -30,7 +30,6 @@ with lib; with nLib; devel = { core = mkDefaultOption "Core Development Utilites" config.nathan.config.isDesktop; rust = mkDefaultOption "Rust Development Utilites" config.nathan.config.isDesktop; - jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop; python = mkDefaultOption "Python Development Utilites" config.nathan.config.isDesktop; js = mkDefaultOption "JavaScript/TypeScript Development Utilites" config.nathan.config.isDesktop; raku = mkDefaultOption "Raku Development Utilites" config.nathan.config.isDesktop; From 8f938e375599fd34152ee1267a9d1f7f57280f6e Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:30:59 -0400 Subject: [PATCH 61/80] whoop --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index dba2db3..135aef7 100644 --- a/flake.nix +++ b/flake.nix @@ -181,7 +181,7 @@ nixosConfig = config; }; sharedModules = [ - ./home-manager/linux/default.nix + ./home-manager/nix-on-droid/default.nix ]; }; }) From 067dd243eef419472a179f7cf0ec0f8bf6999667 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:33:35 -0400 Subject: [PATCH 62/80] make mold linux specific --- home-manager/common/programs/devel.nix | 33 ++++++++++---------------- home-manager/linux/programs/devel.nix | 9 +++++++ 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/home-manager/common/programs/devel.nix b/home-manager/common/programs/devel.nix index dddc263..fca5c70 100644 --- a/home-manager/common/programs/devel.nix +++ b/home-manager/common/programs/devel.nix @@ -10,26 +10,19 @@ with lib; with nLib; { # Core development utilites (mkIf devel.core { home.packages = with pkgs; - appendIf - pkgs.stdenv.isLinux - # General packages - [ - # Git addons - git-secret - delta - # General development requirements - cmake - libtool - gnumake - nixpkgs-fmt - # sops for secrets management - sops - ] - # Linux specific packages - [ - clang - unstable.mold - ]; + # General packages + [ + # Git addons + git-secret + delta + # General development requirements + cmake + libtool + gnumake + nixpkgs-fmt + # sops for secrets management + sops + ]; programs = { direnv = { diff --git a/home-manager/linux/programs/devel.nix b/home-manager/linux/programs/devel.nix index 2ac95ba..01b0a4e 100644 --- a/home-manager/linux/programs/devel.nix +++ b/home-manager/linux/programs/devel.nix @@ -7,6 +7,15 @@ in with lib; with nLib; { config = mkMerge [ + # Core development utilites + (mkIf devel.core { + home.packages = with pkgs; + # Linux specific packages + [ + clang + unstable.mold + ]; + }) # JVM Development (mkIf devel.jvm { home.packages = with unstable; [ From 359b3d15244c7bd992c3ecc3aa3a82917f5987fc Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:36:15 -0400 Subject: [PATCH 63/80] make cargo-tarpaulin linux only --- home-manager/common/programs/devel.nix | 1 - home-manager/linux/programs/devel.nix | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/home-manager/common/programs/devel.nix b/home-manager/common/programs/devel.nix index fca5c70..ca58238 100644 --- a/home-manager/common/programs/devel.nix +++ b/home-manager/common/programs/devel.nix @@ -53,7 +53,6 @@ with lib; with nLib; { cargo-bloat # Find out what's taking up space in the executable cargo-udeps # Find unused dependencies cargo-expand # Dump expanded macros - unstable.cargo-tarpaulin # Code coverage cargo-play # Quickly execute code outside of a crate # For building stuff that uses protocol buffers protobuf diff --git a/home-manager/linux/programs/devel.nix b/home-manager/linux/programs/devel.nix index 01b0a4e..f8588b5 100644 --- a/home-manager/linux/programs/devel.nix +++ b/home-manager/linux/programs/devel.nix @@ -16,6 +16,12 @@ with lib; with nLib; { unstable.mold ]; }) + # Rust development + (mkIf devel.rust { + home.packages = with pkgs; [ + unstable.cargo-tarpaulin # Code coverage + ]; + }) # JVM Development (mkIf devel.jvm { home.packages = with unstable; [ From afe3d9fe2e52a76c618431c8c2bad34f4ee79279 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 03:42:31 -0400 Subject: [PATCH 64/80] Reeanble binfmt --- modules/linux/programs/utils.nix | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/modules/linux/programs/utils.nix b/modules/linux/programs/utils.nix index b672c4d..5f68e25 100644 --- a/modules/linux/programs/utils.nix +++ b/modules/linux/programs/utils.nix @@ -8,29 +8,8 @@ with lib; ../../common/programs/utils.nix ]; config = mkMerge [ - (mkIf nathan.programs.utils.core - { - environment.systemPackages = with pkgs; [ - # Basic command line utilities - wget - tmux - nano - unzip - any-nix-shell - htop - # For nslookup - dnsutils - # Mosh for better high-latency ssh - mosh - # PV for viewing pipes - pv - ]; - }) - (mkIf nathan.programs.utils.devel { - environment.systemPackages = with pkgs; [ - gcc - binutils - ]; + (mkIf nathan.programs.utils.binfmt { + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; }) ]; } From 24a10f09e33fe3d1590a18bb2a6cfcd2b5e99689 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:03:24 -0400 Subject: [PATCH 65/80] add nettools --- modules/nix-on-droid/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index f8ead1b..b43c203 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -10,6 +10,9 @@ in options = with lib; with nLib; { }; config = { + environment.packages = with pkgs; [ + nettools + ]; # Set system state version system.stateVersion = "22.05"; From c555f7ceee2af0c8901e623eaba860ddb544ea27 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:05:35 -0400 Subject: [PATCH 66/80] openssh --- modules/nix-on-droid/programs/util.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nix-on-droid/programs/util.nix b/modules/nix-on-droid/programs/util.nix index 1e29556..9bd7f43 100644 --- a/modules/nix-on-droid/programs/util.nix +++ b/modules/nix-on-droid/programs/util.nix @@ -23,6 +23,8 @@ with lib; mosh # PV for viewing pipes pv + # Openssh + openssh ]; }) (mkIf nathan.programs.utils.devel { From 532a573ffc3b6b6896bd371c9045746c39ebb806 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:09:33 -0400 Subject: [PATCH 67/80] whoop --- machines/tablet/configuration.nix | 6 +++++- modules/linux/default.nix | 17 ----------------- modules/nix-on-droid/default.nix | 2 ++ modules/options.nix | 20 +++++++++++++++++++- 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/machines/tablet/configuration.nix b/machines/tablet/configuration.nix index e3d9969..d09ce79 100644 --- a/machines/tablet/configuration.nix +++ b/machines/tablet/configuration.nix @@ -1,6 +1,10 @@ { config, lib, pkgs, ... }: { - + nathan = { + config = { + isDesktop = true; + }; + }; home-manager.config = import ./home.nix; } diff --git a/modules/linux/default.nix b/modules/linux/default.nix index 2966452..8276906 100644 --- a/modules/linux/default.nix +++ b/modules/linux/default.nix @@ -112,23 +112,6 @@ in description = "Whether to install the 'nathan' user"; type = lib.types.bool; }; - # Name of the user to install - user = mkOption { - default = "nathan"; - example = "nathan"; - description = "Username to use for common configuration"; - type = lib.types.str; - }; - # Name of the user to install - email = mkOption { - default = "nathan@mccarty.io"; - example = "nathan@mccarty.io"; - description = "Email to use for common configuration"; - type = lib.types.str; - }; - # Is this system a desktop? - # Off by default - isDesktop = mkEnableOption "Desktop specific settings"; # Should we harden this system? # On by default harden = mkEnableOptionT "Apply system hardening"; diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index b43c203..759ed24 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -25,5 +25,7 @@ in # Set login shell user.shell = "${pkgs.fish}/bin/fish"; + + nathan.config.user = "nix-on-droid"; }; } diff --git a/modules/options.nix b/modules/options.nix index d47dcb2..546629d 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -18,7 +18,25 @@ in }; }; # General system configuration - config = { }; + config = { + # Name of the user to install + user = mkOption { + default = "nathan"; + example = "nathan"; + description = "Username to use for common configuration"; + type = lib.types.str; + }; + # Name of the user to install + email = mkOption { + default = "nathan@mccarty.io"; + example = "nathan@mccarty.io"; + description = "Email to use for common configuration"; + type = lib.types.str; + }; + # Is this system a desktop? + # Off by default + isDesktop = mkEnableOption "Desktop specific settings"; + }; }; }; } From a1d4dd959785efe47a179258920ec9b98a54b788 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:11:28 -0400 Subject: [PATCH 68/80] double whoop --- modules/nix-on-droid/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nix-on-droid/default.nix b/modules/nix-on-droid/default.nix index 759ed24..1737b9f 100644 --- a/modules/nix-on-droid/default.nix +++ b/modules/nix-on-droid/default.nix @@ -5,6 +5,7 @@ in { imports = [ ../options.nix + ./programs/util.nix ]; options = with lib; with nLib; { }; From 072838ff307e7f3f7dd2b5786744f7d383ead961 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:14:36 -0400 Subject: [PATCH 69/80] update tablet key --- modules/linux/user.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/linux/user.nix b/modules/linux/user.nix index 57a9c17..1be7971 100644 --- a/modules/linux/user.nix +++ b/modules/linux/user.nix @@ -29,7 +29,7 @@ with lib; { # Phone key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" # Tablet key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKQYdgfDWhvbJnLvgTN/AVT733rz8G9+ck800py9r8r u0_a33@localhost" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost" ]; }) ]; From 7c86a1a947a6dffbba28417dfe2a0bb0ef410a82 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:19:50 -0400 Subject: [PATCH 70/80] Move emacs into common --- home-manager/common/programs/emacs.nix | 77 ++++++++++++++++++++++++++ home-manager/linux/programs/emacs.nix | 71 +----------------------- home-manager/nix-on-droid/default.nix | 1 + modules/nix-on-droid/programs/util.nix | 1 + 4 files changed, 80 insertions(+), 70 deletions(-) create mode 100644 home-manager/common/programs/emacs.nix diff --git a/home-manager/common/programs/emacs.nix b/home-manager/common/programs/emacs.nix new file mode 100644 index 0000000..3168c2d --- /dev/null +++ b/home-manager/common/programs/emacs.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = [ inputs.nix-doom-emacs.hmModule ]; + + config = lib.mkIf config.nathan.programs.emacs.enable { + # Dependencies of my emacs environment + home.packages = with pkgs; [ + # For markdown rendering + python39Packages.grip + # For graph generation + graphviz + sqlite + # For latex editing + texlive.combined.scheme-medium + # For notifications + libnotify + # For flash cards + anki + # For spelling + aspell + aspellDicts.en + aspellDicts.en-science + aspellDicts.en-computers + # Desktop file for org-protocol + (makeDesktopItem { + name = "org-protocol"; + exec = "emacsclient %u"; + comment = "Org protocol"; + desktopName = "org-protocol"; + type = "Application"; + mimeTypes = [ "x-scheme-handler/org-protocol" ]; + }) + ]; + # Setup doom emacs + programs.doom-emacs = { + enable = true; + doomPrivateDir = ../../../doom.d; + emacsPackage = config.nathan.programs.emacs.package; + emacsPackagesOverlay = self: super: { + org-protocol-capture-html = self.trivialBuild { + pname = "org-protocol-capture-html"; + ename = "org-protocol-capture-html"; + version = "0.0.0"; + packageRequires = [ self.s ]; + src = pkgs.fetchFromGitHub { + owner = "alphapapa"; + repo = "org-protocol-capture-html"; + rev = "3359ce9a2f3b48df26329adaee0c4710b1024250"; + hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI="; + }; + }; + anki-editor = self.trivialBuild { + pname = "anki-editor"; + ename = "anki-editor"; + version = "0.3.1"; + packageRequires = with self; [ + dash + request + ]; + src = pkgs.fetchFromGitHub { + owner = "billop"; + repo = "anki-editor"; + rev = "c11187a79a980a738af608c98f8de2cdc1d988be"; + hash = "sha256-3R9bEu982a9Tq+hXy+ALFF/N2NwK9MsqDELFVGHV09I="; + }; + }; + }; + extraPackages = [ pkgs.mu ]; + }; + # Set editor + home.sessionVariables = { + EDITOR = "emacsclient"; + VISUAL = "emacsclient"; + }; + }; +} diff --git a/home-manager/linux/programs/emacs.nix b/home-manager/linux/programs/emacs.nix index 304d49a..0106f13 100644 --- a/home-manager/linux/programs/emacs.nix +++ b/home-manager/linux/programs/emacs.nix @@ -1,82 +1,13 @@ { config, lib, pkgs, inputs, ... }: { - imports = [ inputs.nix-doom-emacs.hmModule ]; + imports = [ ../../common/programs/emacs.nix ]; config = lib.mkIf config.nathan.programs.emacs.enable { - # Dependencies of my emacs environment - home.packages = with pkgs; [ - # For markdown rendering - python39Packages.grip - # For graph generation - graphviz - sqlite - # For latex editing - texlive.combined.scheme-medium - # For notifications - libnotify - # For flash cards - anki - # For spelling - aspell - aspellDicts.en - aspellDicts.en-science - aspellDicts.en-computers - # Desktop file for org-protocol - (makeDesktopItem { - name = "org-protocol"; - exec = "emacsclient %u"; - comment = "Org protocol"; - desktopName = "org-protocol"; - type = "Application"; - mimeTypes = [ "x-scheme-handler/org-protocol" ]; - }) - ]; - # Setup doom emacs - programs.doom-emacs = { - enable = true; - doomPrivateDir = ../../../doom.d; - emacsPackage = config.nathan.programs.emacs.package; - emacsPackagesOverlay = self: super: { - org-protocol-capture-html = self.trivialBuild { - pname = "org-protocol-capture-html"; - ename = "org-protocol-capture-html"; - version = "0.0.0"; - packageRequires = [ self.s ]; - src = pkgs.fetchFromGitHub { - owner = "alphapapa"; - repo = "org-protocol-capture-html"; - rev = "3359ce9a2f3b48df26329adaee0c4710b1024250"; - hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI="; - }; - }; - anki-editor = self.trivialBuild { - pname = "anki-editor"; - ename = "anki-editor"; - version = "0.3.1"; - packageRequires = with self; [ - dash - request - ]; - src = pkgs.fetchFromGitHub { - owner = "billop"; - repo = "anki-editor"; - rev = "c11187a79a980a738af608c98f8de2cdc1d988be"; - hash = "sha256-3R9bEu982a9Tq+hXy+ALFF/N2NwK9MsqDELFVGHV09I="; - }; - }; - }; - extraPackages = [ pkgs.mu ]; - }; # Setup service services.emacs = { enable = config.nathan.programs.emacs.service; client.enable = true; }; - # Set editor - home.sessionVariables = { - EDITOR = "emacsclient"; - VISUAL = "emacsclient"; - }; }; } diff --git a/home-manager/nix-on-droid/default.nix b/home-manager/nix-on-droid/default.nix index d92b259..0863734 100644 --- a/home-manager/nix-on-droid/default.nix +++ b/home-manager/nix-on-droid/default.nix @@ -7,6 +7,7 @@ with lib; with nLib; { ../options.nix ../common/programs/core.nix ../common/programs/devel.nix + ../common/programs/emacs.nix ]; options = { }; diff --git a/modules/nix-on-droid/programs/util.nix b/modules/nix-on-droid/programs/util.nix index 9bd7f43..d4ad110 100644 --- a/modules/nix-on-droid/programs/util.nix +++ b/modules/nix-on-droid/programs/util.nix @@ -15,6 +15,7 @@ with lib; unzip any-nix-shell htop + which # For being able to update the flake gitFull # For nslookup From 86a0c62f9f93b92c42f6b81e2ea068430ffc86c9 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:22:56 -0400 Subject: [PATCH 71/80] whoop --- home-manager/nix-on-droid/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home-manager/nix-on-droid/default.nix b/home-manager/nix-on-droid/default.nix index 0863734..20992b8 100644 --- a/home-manager/nix-on-droid/default.nix +++ b/home-manager/nix-on-droid/default.nix @@ -15,7 +15,7 @@ with lib; with nLib; { config = { home.stateVersion = "22.05"; programs.home-manager.enable = true; - nathan.programs.emacs.package = lib.mkDefault inputs.emacs.packages."${pkgs.system}".emacsNativeComp.override { + nathan.programs.emacs.package = inputs.emacs.packages."${pkgs.system}".emacsNativeComp.override { withNS = false; withX = false; withGTK2 = false; From 842f33692e55793909f4c2ffc7f6792479307b86 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 4 Sep 2022 04:25:59 -0400 Subject: [PATCH 72/80] Make self a trusted user --- modules/linux/user.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/linux/user.nix b/modules/linux/user.nix index 1be7971..ee8f39c 100644 --- a/modules/linux/user.nix +++ b/modules/linux/user.nix @@ -36,6 +36,11 @@ with lib; { }; # If we install the user, enable sudo security.sudo.enable = mkDefault nc.installUser; + # If we isntall the user, make them trusted + nix.settings.trusted-users = + if nc.installUser then [ + "nathan" + ] else [ ]; # If we setup the user, install the shell as well environment.systemPackages = if nc.installUser then [ From 1f0f23232035ebfd245878d5882f26d0b4b03fed Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Mon, 5 Sep 2022 02:31:37 -0400 Subject: [PATCH 73/80] Fix emacs and tmux envvars --- home-manager/common/programs/core.nix | 9 +++++++++ home-manager/common/programs/emacs.nix | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/home-manager/common/programs/core.nix b/home-manager/common/programs/core.nix index 9aeb8232..b0364d6 100644 --- a/home-manager/common/programs/core.nix +++ b/home-manager/common/programs/core.nix @@ -23,6 +23,15 @@ with lib; # rsync for _The Cloud_ :tm: rclone ]; + # Configure tmux + programs.tmux = { + enable = true; + aggressiveResize = true; + extraConfig = '' + set -g default-terminal "tmux-256color" + set -ag terminal-overrides ",xterm-256color:RGB" + ''; + }; }) (mkIf config.nathan.programs.util.productivity { home.packages = with pkgs; [ diff --git a/home-manager/common/programs/emacs.nix b/home-manager/common/programs/emacs.nix index 3168c2d..243d38d 100644 --- a/home-manager/common/programs/emacs.nix +++ b/home-manager/common/programs/emacs.nix @@ -73,5 +73,9 @@ EDITOR = "emacsclient"; VISUAL = "emacsclient"; }; + systemd.user.sessionVariables = { + EDITOR = "emacsclient"; + VISUAL = "emacsclient"; + }; }; } From 6c9e4ef4213ecd8d906ee54839855bb888dff637 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Mon, 5 Sep 2022 02:32:55 -0400 Subject: [PATCH 74/80] Use prebuilt emacs on droid --- home-manager/nix-on-droid/default.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/home-manager/nix-on-droid/default.nix b/home-manager/nix-on-droid/default.nix index 20992b8..8c4497e 100644 --- a/home-manager/nix-on-droid/default.nix +++ b/home-manager/nix-on-droid/default.nix @@ -15,11 +15,6 @@ with lib; with nLib; { config = { home.stateVersion = "22.05"; programs.home-manager.enable = true; - nathan.programs.emacs.package = inputs.emacs.packages."${pkgs.system}".emacsNativeComp.override { - withNS = false; - withX = false; - withGTK2 = false; - withGTK3 = false; - }; + nathan.programs.emacs.package = pkgs.emacs28NativeComp; }; } From 607c186fc34ed5eadabc1c02b54033b60f2b0f03 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Mon, 5 Sep 2022 02:35:40 -0400 Subject: [PATCH 75/80] update flake --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index c99927a..4a8bef9 100644 --- a/flake.lock +++ b/flake.lock @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1661919213, - "narHash": "sha256-XXaX2AsnhDuQdL5X3m3sROP0H7WlIi5lB5TidEJWmkU=", + "lastModified": 1662352075, + "narHash": "sha256-xh8VqTB2TZOGqPwjx7Nb1YATvDNWm+fxppSk+1wdX7I=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d2ef237d85c5967bc00da2d0e4e179a3118b4490", + "rev": "3633040a41dc3379b5c4d53a4ec0fc0eb68b236d", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1661929115, - "narHash": "sha256-XnCL0aLeQIbh0Ua51m8lF4sQFGn9tc+8VZLOQ9UEDAA=", + "lastModified": 1662272813, + "narHash": "sha256-aYTZCnaoW6A2m3mFMvTE8ywob9BmrauW7LBZmxMGceA=", "owner": "nix-community", "repo": "fenix", - "rev": "82b14d02053f49d70c834f8e5ef6f07fe804d7eb", + "rev": "85494959e6b4a7c8e22d56df96a39f6756ca58b2", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1661480711, - "narHash": "sha256-gwvvwppGDBFYXfuchpvRRHiKBM8XCE1ZnpldryKPN9o=", + "lastModified": 1662238434, + "narHash": "sha256-kizN1H6cJqu7TCt+QQxoWw0f1WdO1hU4myhUiETpHsk=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "ae22b4a3fe31ae31b3e8b415889f8c2c5a77d8dc", + "rev": "7b8c1c53537840f2656cacce267697eca7032727", "type": "github" }, "original": { @@ -576,11 +576,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661720780, - "narHash": "sha256-AJNGyaB2eKZAYaPNjBZOzap87yL+F9ZLaFzzMkvega0=", + "lastModified": 1662019588, + "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a63021a330d8d33d862a8e29924b42d73037dd37", + "rev": "2da64a81275b68fdad38af669afeda43d401e94b", "type": "github" }, "original": { @@ -592,11 +592,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1661656705, - "narHash": "sha256-1ujNuL1Tx1dt8dC/kuYS329ZZgiXXmD96axwrqsUY7w=", + "lastModified": 1662221733, + "narHash": "sha256-dw1xjYyQ0JidXIpzeQh/gQX+ih1sJO1zBHKs5QSYp8Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "290dbaacc1f0b783fd8e271b585ec2c8c3b03954", + "rev": "013e8d86d9a3f33074c903c8ffcab0d34087b1ed", "type": "github" }, "original": { @@ -624,11 +624,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1661720780, - "narHash": "sha256-AJNGyaB2eKZAYaPNjBZOzap87yL+F9ZLaFzzMkvega0=", + "lastModified": 1662019588, + "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a63021a330d8d33d862a8e29924b42d73037dd37", + "rev": "2da64a81275b68fdad38af669afeda43d401e94b", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1661864979, - "narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=", + "lastModified": 1662099760, + "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979", + "rev": "67e45078141102f45eff1589a831aeaa3182b41e", "type": "github" }, "original": { @@ -689,11 +689,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1661237582, - "narHash": "sha256-pebP1mA019FejUe6CURqDUaqPyTUZ3wRcqfd6gE+YVg=", + "lastModified": 1662044935, + "narHash": "sha256-ZpxKw8L/IpxolkGyQMDut6V4i8I1T5za0QBBrztfcts=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "3c11e9df6e8353ae5d7e1179f9bcb114f469c942", + "rev": "e36c3cc21b8b1471e1f7928a118de693819c3f12", "type": "github" }, "original": { @@ -759,11 +759,11 @@ ] }, "locked": { - "lastModified": 1661714861, - "narHash": "sha256-EOkEZXM2Bx7boQkVHehds+Ieq+JiFaSXYfs+QA+ua2M=", + "lastModified": 1662018862, + "narHash": "sha256-X5pdZ9h2AJ6nVtXI+DSz6CbJNcG1QeMBKjUm2ZMWOAY=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "9171f471abc4d61079a9fe2bda10801bded100e9", + "rev": "2f167b1512dc0c3b80731ae412d55ee897da14fd", "type": "github" }, "original": { @@ -848,11 +848,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1661866297, - "narHash": "sha256-Q0aniSF4Skm7yYE1Z2Jikn0C7Hpjbk94eha2Y7GWjPk=", + "lastModified": 1662219201, + "narHash": "sha256-cuQJy5L6DNXIK2myVravMja+/Tj/BgyEO4VF33cQNg4=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "989b09d20cafc2b1eb9198e25701b9e2234d8ba0", + "rev": "8ddb8b7e8ed9fd99f580503b5ee94e8452d57f5e", "type": "github" }, "original": { @@ -886,11 +886,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1661660105, - "narHash": "sha256-3ITdkYwsNDh2DRqi7FZOJ92ui92NmcO6Nhj49u+JjWY=", + "lastModified": 1662265707, + "narHash": "sha256-nSCTmU6Ol02JMUzueAQGq1B/TC8JLrhrYivFzEmV0iQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d92fba1bfc9f64e4ccb533701ddd8590c0d8c74a", + "rev": "00da5de7380e0fc01e009e7ea9eb3f391d4b6e02", "type": "github" }, "original": { @@ -902,11 +902,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1661407110, - "narHash": "sha256-tJfJFYeANRGu3ObQHGTxhXqS++JVVQREh8RTMwwbwYQ=", + "lastModified": 1662006199, + "narHash": "sha256-gDelW/h2LyknTQNkHODvzCJCKelLdLIQoDh/L1lk3KA=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "3b2e70db92f127dc2e8e302e009447c1a9eb49aa", + "rev": "28409a0ceede0751ed9d520c6a19d1f5f1211502", "type": "github" }, "original": { From 310008ca0282ebefc2b44c5f673166385904c1ea Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Mon, 5 Sep 2022 20:52:22 -0400 Subject: [PATCH 76/80] Add gitlab runner back to oracles --- machines/oracles/configuration.nix | 50 +++++++++++++++++++++++++++++- modules/linux/linux/base.nix | 2 +- modules/linux/virtualization.nix | 2 ++ secrets/oracles/gitlab.yaml | 30 ++++++++++++++++++ 4 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 secrets/oracles/gitlab.yaml diff --git a/machines/oracles/configuration.nix b/machines/oracles/configuration.nix index 5ff5e6e..b8addc0 100644 --- a/machines/oracles/configuration.nix +++ b/machines/oracles/configuration.nix @@ -17,12 +17,17 @@ owner = config.users.users.nathan.name; group = config.users.users.nathan.group; }; + "nix-asuran" = { + format = "yaml"; + sopsFile = ../../secrets/oracles/gitlab.yaml; + }; }; # Setup system configuration nathan = { programs = { utils = { devel = true; + binfmt = true; }; }; services = { @@ -55,6 +60,9 @@ setupGrub = true; nix.autoUpdate = true; harden = false; + virtualization = { + docker = true; + }; }; }; # Configure networking @@ -169,13 +177,16 @@ } ]; }; + + # Setup vhost for pack website services.nginx.virtualHosts."pack.forward-progress.net" = { enableACME = true; forceSSL = true; locations."/".root = "/var/www/pack.forward-progress.net"; root = "/var/www/pack.forward-progress.net"; }; - # Backup postgres + + # Backup postgres, as used by matrix services.postgresqlBackup = { #enable = true; compression = "none"; @@ -183,4 +194,41 @@ startAt = "OnCalendar=00/2:00"; }; + # Setup the gitlab runners + services.gitlab-runner = + let + nix-shared = with lib; { + dockerImage = "nixpkgs/nix-flakes"; + dockerVolumes = [ + "/var/sharedstore:/sharedstore" + ]; + dockerDisableCache = true; + dockerPrivileged = true; + }; + in + { + enable = true; + concurrent = 4; + checkInterval = 1; + services = { + # default-asuran = { + # registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default"; + # dockerImage = "debian:stable"; + # dockerVolumes = [ + # "/var/run/docker.sock:/var/run/docker.sock" + # ]; + # dockerPrivileged = true; + # tagList = [ "linux-own" ]; + # }; + + nix-asuran = nix-shared // { + registrationConfigFile = config.sops.secrets.nix-asuran.path; + tagList = [ "nix" ]; + requestConcurrency = 8; + limit = 4; + runUntagged = true; + }; + }; + }; + } diff --git a/modules/linux/linux/base.nix b/modules/linux/linux/base.nix index bc0b0ec..dbcbfbc 100644 --- a/modules/linux/linux/base.nix +++ b/modules/linux/linux/base.nix @@ -44,7 +44,7 @@ with lib; enable = true; allowReboot = true; # Update from the flake - flake = "github:nathans-flakes/system"; + flake = "github:nathans-flakes/system/rewrite"; # Attempt to update daily at 2AM dates = "2:00"; }; diff --git a/modules/linux/virtualization.nix b/modules/linux/virtualization.nix index d8fc76a..c45fd8a 100644 --- a/modules/linux/virtualization.nix +++ b/modules/linux/virtualization.nix @@ -23,6 +23,8 @@ with lib; # Automatically prune to keep things lean autoPrune.enable = true; }; + # Make sure our containers can reach the network + boot.kernel.sysctl."net.ipv4.ip_forward" = true; }) (mkIf nc.virtualization.lxc { virtualisation.lxd = { diff --git a/secrets/oracles/gitlab.yaml b/secrets/oracles/gitlab.yaml new file mode 100644 index 0000000..49e6d2d --- /dev/null +++ b/secrets/oracles/gitlab.yaml @@ -0,0 +1,30 @@ +nix-asuran: ENC[AES256_GCM,data:RXjgVChMgDP1YodyEZyUJejD8g/eXVvbBzZ7N1oUmkKEDgjjetHxZVt8h4BfCyymQaZA9wP2wtq4/jiWdOKrYuKsnCZ3SR4qJpxjkOe0W+hh,iv:pLmBWY6ZB4S4OrRJRiOhxBKGJvPsGQcJRarmZY6aFSw=,tag:uliGhjYATCn0qvpsG3Ux/A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUkxDNzRaaXk5MjFSK3o2 + aWhRamxEb3FFMGo3OUVDL25udVg5UDM3SHhFCnZEWmluYklvcjh2ZWk0K2kvSUZj + YzFMUHdaQlhhQi8ya3l5KzB4NzBDdlEKLS0tIHVLSlFkUEdoK3hzQ2V5VlZTSW9Q + MWw3OG9CN3BkanZsUEVPbjBRclVTLzAKYyjhfh/VZDx9RnlcS6palMaGDOSYPha0 + i3bU8KvH0cc/FhSkv320Owwrwq4ocI3ZSWEWXVgmnwxLuXi2pNW3Qw== + -----END AGE ENCRYPTED FILE----- + - recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjFkRkpjcytHV1RCSEc1 + TnlQR2c2cUtVT3dUZGQrb1JEWFFyNmNSekdBCjRYUHdDZGdQRWFkZHdISzgrNHdO + S2hlQThUckRDVE9RM1czcWFpVWMzczAKLS0tIGFrZFhVWk5SR3dtVUFwQjdCaEJ5 + R3NHOS83TmIyaG1yYjdJODFuVmZ6aTAKF/PP60jU0JlN8TchHeTp0T5Fhg55kMHc + t9Dv+PBkscQxO3VxUD3Oqw9/c/C5Abm8KgcWmYrLa00+2zbMC0oZEA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-09-06T00:47:48Z" + mac: ENC[AES256_GCM,data:7LHqZlBtRw+dN5Ed2bSPl7onYbI6m3rpFSqJ2qJM7dLK0wLSrJoP9K0chfLKDthTtw21KRv9m0SyAOsjv1ek8uyD7PIE5hhmtWGWm/rrDMLtLt+NWxQWBdM2sMGughvzhRG0auLUF8WaWHaoRuQyG9qlmO8lXMspS7/dfDQUcdQ=,iv:ciThIEZv4nom9w6XQS2rtw+lAlPcpGMLeuUjfAkTiWg=,tag:G0C0d6+fRGZ0Bq/GeczIrg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 From 45ce81cd3c7962eadad14b8e5acccf541777a613 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Mon, 5 Sep 2022 22:00:17 -0400 Subject: [PATCH 77/80] Minor tweaks --- home-manager/linux/programs/communications.nix | 9 +++++++++ machines/oracles/configuration.nix | 5 ++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/home-manager/linux/programs/communications.nix b/home-manager/linux/programs/communications.nix index 46215ea..0867189 100644 --- a/home-manager/linux/programs/communications.nix +++ b/home-manager/linux/programs/communications.nix @@ -48,6 +48,13 @@ exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://teams.microsoft.com\""; terminal = false; }; + # Cinny + cinnyItem = pkgs.makeDesktopItem { + name = "cinny"; + desktopName = "Cinny"; + exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://app.cinny.in\""; + terminal = false; + }; in [ # Discord @@ -68,6 +75,8 @@ unstable.zoom-us # Teams (also for work) unstable.teams + # Cinny for pretty matrix + cinnyItem # chromium (enableWayland chromium "chromium") # Wayland workaround packages diff --git a/machines/oracles/configuration.nix b/machines/oracles/configuration.nix index b8addc0..8a1962f 100644 --- a/machines/oracles/configuration.nix +++ b/machines/oracles/configuration.nix @@ -58,7 +58,10 @@ }; config = { setupGrub = true; - nix.autoUpdate = true; + nix = { + autoUpdate = true; + autoGC = true; + }; harden = false; virtualization = { docker = true; From 218899921bbb6c02ecf009385bba0b176cdc1ef9 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Tue, 6 Sep 2022 09:15:58 -0400 Subject: [PATCH 78/80] tweak mbsync config --- home-manager/linux/services/email.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home-manager/linux/services/email.nix b/home-manager/linux/services/email.nix index 4d0dd0f..cacfae4 100644 --- a/home-manager/linux/services/email.nix +++ b/home-manager/linux/services/email.nix @@ -77,6 +77,7 @@ with lib; { }; services.mbsync = { enable = true; + frequency = "*:0/1"; # Index manually with mu if we don't have emacs setup, but if we have the emacs service setup, # run through emacsclient, as it will have the lock postExec = From fb3cf52a1f02a79c5b2f034fa28fff262393b903 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Tue, 6 Sep 2022 12:38:29 -0400 Subject: [PATCH 79/80] Tweak mu4e --- doom.d/config.el | 12 +++++++++++- doom.d/config.org | 14 +++++++++++++- flake.lock | 36 ++++++++++++++++++------------------ 3 files changed, 42 insertions(+), 20 deletions(-) diff --git a/doom.d/config.el b/doom.d/config.el index b02d573..3ec44d1 100644 --- a/doom.d/config.el +++ b/doom.d/config.el @@ -375,6 +375,10 @@ work if it thinks it needs to." '(:name "All Mail" :key ?a :query "NOT flag:trashed")) + (add-to-list 'mu4e-bookmarks + '(:name "Unread Notifications - nathan@mccarty.io" + :key ?n + :query "maildir:\"/nathan@mccarty.io/Folders/Notifications*\" AND NOT flag:trashed AND flag:unread")) (add-to-list 'mu4e-bookmarks '(:name "Inbox - nathan@mccarty.io" :key ?m @@ -384,12 +388,18 @@ work if it thinks it needs to." :key ?u :query "flag:unread AND NOT flag:trashed"))) +(after! mu4e + (setq mu4e-maildir-shortcuts + '((:maildir "/nathan@mccarty.io/Folders/Notifications/Github" :key ?h) + (:maildir "/nathan@mccarty.io/Folders/Notifications/Gitlab" :key ?l) + (:maildir "/nathan@mccarty.io/Folders/Notifications/SourceHut" :key ?s)))) + (after! mu4e (mu4e-alert-enable-mode-line-display)) (setq +mu4e-backend nil) (after! mu4e - (setq mu4e-get-mail-command "true" + (setq mu4e-get-mail-command "systemctl start --user mbsync.service" mu4e-update-interval nil)) (after! mu4e diff --git a/doom.d/config.org b/doom.d/config.org index ef4871b..cf37864 100644 --- a/doom.d/config.org +++ b/doom.d/config.org @@ -592,6 +592,10 @@ Setup our bookmarks, resetting the list of bookmarks first so we can go complete '(:name "All Mail" :key ?a :query "NOT flag:trashed")) + (add-to-list 'mu4e-bookmarks + '(:name "Unread Notifications - nathan@mccarty.io" + :key ?n + :query "maildir:\"/nathan@mccarty.io/Folders/Notifications*\" AND NOT flag:trashed AND flag:unread")) (add-to-list 'mu4e-bookmarks '(:name "Inbox - nathan@mccarty.io" :key ?m @@ -601,6 +605,14 @@ Setup our bookmarks, resetting the list of bookmarks first so we can go complete :key ?u :query "flag:unread AND NOT flag:trashed"))) #+end_src +Setup the maildirs we want to see, we'll show our notifications +#+begin_src emacs-lisp +(after! mu4e + (setq mu4e-maildir-shortcuts + '((:maildir "/nathan@mccarty.io/Folders/Notifications/Github" :key ?h) + (:maildir "/nathan@mccarty.io/Folders/Notifications/Gitlab" :key ?l) + (:maildir "/nathan@mccarty.io/Folders/Notifications/SourceHut" :key ?s)))) +#+end_src Tell it to enable the modeline display #+begin_src emacs-lisp (after! mu4e @@ -610,7 +622,7 @@ Tell it not to update the mail itself, we have a systemd unit for that #+begin_src emacs-lisp (setq +mu4e-backend nil) (after! mu4e - (setq mu4e-get-mail-command "true" + (setq mu4e-get-mail-command "systemctl start --user mbsync.service" mu4e-update-interval nil)) #+end_src We need to tell mu4e to rename files when they are moved, or else mbsync will break, see [[https://github.com/djcb/mu/issues/613#issuecomment-166714305][issue]] and [[http://tiborsimko.org/mbsync-duplicate-uid.html][blog post]] diff --git a/flake.lock b/flake.lock index 4a8bef9..2360a49 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1661882940, - "narHash": "sha256-4LaVFnV22WrOA0aolqqk9dXrM8crikcrLQt29G18F7M=", + "lastModified": 1662478528, + "narHash": "sha256-Myjd0HPL5lXri3NXOcJ6gP7IKod2eMweQBKM4uxgEGw=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "80cec5115aae74accc4ccfb9f84306d7863f0632", + "rev": "3b69bf3cc26ae19de847bfe54d6ab22d7381a90a", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1662352075, - "narHash": "sha256-xh8VqTB2TZOGqPwjx7Nb1YATvDNWm+fxppSk+1wdX7I=", + "lastModified": 1662496984, + "narHash": "sha256-SWAuZBAr3soy45+vO2gaRG0XTYO3sQVOMe7aPKqIno0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "3633040a41dc3379b5c4d53a4ec0fc0eb68b236d", + "rev": "82704788ffcbf4d1b417b7ce62b9f1ef7d98f442", "type": "github" }, "original": { @@ -177,11 +177,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1662272813, - "narHash": "sha256-aYTZCnaoW6A2m3mFMvTE8ywob9BmrauW7LBZmxMGceA=", + "lastModified": 1662447736, + "narHash": "sha256-HMnv/9V5JekVlBCdb4k9CzhW3UHJ1fi41bI5Kwi19EE=", "owner": "nix-community", "repo": "fenix", - "rev": "85494959e6b4a7c8e22d56df96a39f6756ca58b2", + "rev": "1bdc5042356c21bdf8075dd63f291cf77bb77b92", "type": "github" }, "original": { @@ -759,11 +759,11 @@ ] }, "locked": { - "lastModified": 1662018862, - "narHash": "sha256-X5pdZ9h2AJ6nVtXI+DSz6CbJNcG1QeMBKjUm2ZMWOAY=", + "lastModified": 1662476795, + "narHash": "sha256-fNp1vn7yty48BtyC9q+JpzZSD59gLuXuAFTYeJ5o+Ss=", "owner": "PolyMC", "repo": "PolyMC", - "rev": "2f167b1512dc0c3b80731ae412d55ee897da14fd", + "rev": "e37f70b9f7e35639f49c2f53f8e82e97f5fbffc9", "type": "github" }, "original": { @@ -848,11 +848,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1662219201, - "narHash": "sha256-cuQJy5L6DNXIK2myVravMja+/Tj/BgyEO4VF33cQNg4=", + "lastModified": 1662377094, + "narHash": "sha256-0bvOQxEe8nzk/VlhHBrUn/Mz3DlE92Us7JqveVjTe0A=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "8ddb8b7e8ed9fd99f580503b5ee94e8452d57f5e", + "rev": "6dfd8aebdfa1ee1824446f01daf5bdb229b32f92", "type": "github" }, "original": { @@ -886,11 +886,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1662265707, - "narHash": "sha256-nSCTmU6Ol02JMUzueAQGq1B/TC8JLrhrYivFzEmV0iQ=", + "lastModified": 1662390490, + "narHash": "sha256-HnFHRFu0eoB0tLOZRjLgVfHzK+4bQzAmAmHSzOquuyI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "00da5de7380e0fc01e009e7ea9eb3f391d4b6e02", + "rev": "044ccfe24b349859cd9efc943e4465cc993ac84e", "type": "github" }, "original": { From ebd97336e98a0eebee4a53d0647a99f59fc28d0f Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Wed, 7 Sep 2022 21:23:56 -0400 Subject: [PATCH 80/80] maybe? --- modules/linux/linux/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/linux/linux/base.nix b/modules/linux/linux/base.nix index dbcbfbc..7330564 100644 --- a/modules/linux/linux/base.nix +++ b/modules/linux/linux/base.nix @@ -44,7 +44,7 @@ with lib; enable = true; allowReboot = true; # Update from the flake - flake = "github:nathans-flakes/system/rewrite"; + flake = "github:nathans-flakes/System/rewrite"; # Attempt to update daily at 2AM dates = "2:00"; };