Compare commits
1 Commits
main
...
cleanup-x1
Author | SHA1 | Date |
---|---|---|
Oystein Kristoffer Tveit | f6d0847c39 |
73
flake.lock
73
flake.lock
|
@ -69,6 +69,19 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"fonts": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1668957008,
|
||||||
|
"narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=",
|
||||||
|
"path": "/home/h7x4/git/fonts",
|
||||||
|
"type": "path"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"path": "/home/h7x4/git/fonts",
|
||||||
|
"type": "path"
|
||||||
|
}
|
||||||
|
},
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -76,11 +89,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726989464,
|
"lastModified": 1718530513,
|
||||||
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -90,6 +103,26 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"home-manager-local": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs-unstable"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1719170506,
|
||||||
|
"narHash": "sha256-AROqng7/S3mTByq8DBVR6r0iW1yZH+otJkqOwLHvELE=",
|
||||||
|
"ref": "refs/heads/fix-stalonetrayrc-path",
|
||||||
|
"rev": "0e5656163c2f9ac6e2cc4de3b44beb7a137abbe6",
|
||||||
|
"revCount": 3588,
|
||||||
|
"type": "git",
|
||||||
|
"url": "file:///home/h7x4/git/home-manager"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "file:///home/h7x4/git/home-manager"
|
||||||
|
}
|
||||||
|
},
|
||||||
"matrix-synapse-next": {
|
"matrix-synapse-next": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -158,11 +191,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728006367,
|
"lastModified": 1719278718,
|
||||||
"narHash": "sha256-Bdf5twzinaacnn1JBogvxq0S8Ytm+25mWD2cfJ7fvpo=",
|
"narHash": "sha256-gWQb4P9CZgKzTn4F4eWMYeUv2AQOXFlcFmFXh2apoyA=",
|
||||||
"owner": "infinidoge",
|
"owner": "infinidoge",
|
||||||
"repo": "nix-minecraft",
|
"repo": "nix-minecraft",
|
||||||
"rev": "a3a7888df1b87bdababfd9f0b00b574ee4c2e204",
|
"rev": "b6ff85f3b416a700ac35e33c214d7c9f4fe071fa",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -173,11 +206,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728193676,
|
"lastModified": 1719145550,
|
||||||
"narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=",
|
"narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6",
|
"rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -188,27 +221,27 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728156290,
|
"lastModified": 1719099622,
|
||||||
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
|
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
|
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "release-24.05",
|
"ref": "release-23.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728018373,
|
"lastModified": 1719254875,
|
||||||
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
|
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
|
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -240,7 +273,9 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"dotfiles": "dotfiles",
|
"dotfiles": "dotfiles",
|
||||||
|
"fonts": "fonts",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
"home-manager-local": "home-manager-local",
|
||||||
"matrix-synapse-next": "matrix-synapse-next",
|
"matrix-synapse-next": "matrix-synapse-next",
|
||||||
"maunium-stickerpicker": "maunium-stickerpicker",
|
"maunium-stickerpicker": "maunium-stickerpicker",
|
||||||
"minecraft": "minecraft",
|
"minecraft": "minecraft",
|
||||||
|
@ -279,11 +314,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728342863,
|
"lastModified": 1719268571,
|
||||||
"narHash": "sha256-OeVSBqpigXgX3tuvkO2B3xN1ONSF0iFTbi6et7YhX+M=",
|
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "84d006846f98b2bfed3796f1ccc8e62faf0c2ae9",
|
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
35
flake.nix
35
flake.nix
|
@ -1,11 +1,10 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "nixpkgs/nixos-24.11";
|
nixpkgs.url = "nixpkgs/nixos-24.05";
|
||||||
# nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable";
|
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
|
||||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
|
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "github:nix-community/home-manager/release-24.11";
|
url = "github:nix-community/home-manager/release-24.05";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -88,7 +87,7 @@
|
||||||
android_sdk.accept_license = true;
|
android_sdk.accept_license = true;
|
||||||
segger-jlink.acceptLicense = true;
|
segger-jlink.acceptLicense = true;
|
||||||
permittedInsecurePackages = [
|
permittedInsecurePackages = [
|
||||||
"segger-jlink-qt4-796s"
|
"segger-jlink-qt4-794l"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -98,16 +97,30 @@
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
config.segger-jlink.acceptLicense = true;
|
config.segger-jlink.acceptLicense = true;
|
||||||
config.permittedInsecurePackages = [
|
config.permittedInsecurePackages = [
|
||||||
"segger-jlink-qt4-796s"
|
"segger-jlink-qt4-794s"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
in [
|
in [
|
||||||
(self: super: {
|
(self: super: {
|
||||||
inherit (nonrecursive-unstable-pkgs)
|
inherit (nonrecursive-unstable-pkgs)
|
||||||
calibre
|
atuin
|
||||||
fcitx5-mozc
|
wstunnel
|
||||||
|
nrf-udev
|
||||||
|
nrfutil
|
||||||
;
|
;
|
||||||
})
|
})
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/pull/251706
|
||||||
|
(self: super: {
|
||||||
|
mozc = self.qt6Packages.callPackage ./package-overrides/mozc.nix { };
|
||||||
|
fcitx5-mozc = self.callPackage ./package-overrides/fcitx5-mozc.nix { };
|
||||||
|
})
|
||||||
|
|
||||||
|
(self: super: {
|
||||||
|
mpv-unwrapped = super.mpv-unwrapped.override {
|
||||||
|
ffmpeg = super.ffmpeg_6-full;
|
||||||
|
};
|
||||||
|
})
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -208,11 +221,7 @@
|
||||||
"specialArgs"
|
"specialArgs"
|
||||||
]));
|
]));
|
||||||
in {
|
in {
|
||||||
dosei = nixSys "dosei" {
|
dosei = nixSys "dosei" { };
|
||||||
modules = [{
|
|
||||||
home-manager.users.h7x4.home.uid = 1001;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
kasei = nixSys "kasei" { };
|
kasei = nixSys "kasei" { };
|
||||||
europa = nixSys "europa" { };
|
europa = nixSys "europa" { };
|
||||||
tsuki = nixSys "tsuki" {
|
tsuki = nixSys "tsuki" {
|
||||||
|
|
|
@ -10,34 +10,22 @@ in {
|
||||||
|
|
||||||
./programs/aria2.nix
|
./programs/aria2.nix
|
||||||
./programs/atuin.nix
|
./programs/atuin.nix
|
||||||
./programs/bash.nix
|
|
||||||
./programs/bat.nix
|
|
||||||
./programs/beets.nix
|
./programs/beets.nix
|
||||||
./programs/bottom.nix
|
|
||||||
./programs/comma.nix
|
./programs/comma.nix
|
||||||
./programs/direnv
|
./programs/direnv
|
||||||
./programs/eza.nix
|
|
||||||
./programs/fzf.nix
|
|
||||||
./programs/gdb.nix
|
./programs/gdb.nix
|
||||||
./programs/gh-dash.nix
|
|
||||||
./programs/gh.nix
|
./programs/gh.nix
|
||||||
|
./programs/gh-dash.nix
|
||||||
./programs/git
|
./programs/git
|
||||||
./programs/gpg
|
./programs/gpg
|
||||||
./programs/home-manager.nix
|
|
||||||
./programs/jq.nix
|
./programs/jq.nix
|
||||||
./programs/less.nix
|
./programs/less.nix
|
||||||
./programs/man.nix
|
|
||||||
./programs/neovim
|
./programs/neovim
|
||||||
./programs/nix-index
|
./programs/nix-index
|
||||||
./programs/pandoc.nix
|
|
||||||
./programs/ripgrep.nix
|
|
||||||
./programs/ssh
|
./programs/ssh
|
||||||
./programs/tealdeer
|
./programs/tealdeer
|
||||||
./programs/texlive.nix
|
|
||||||
./programs/thunderbird.nix
|
./programs/thunderbird.nix
|
||||||
./programs/tmux
|
./programs/tmux.nix
|
||||||
./programs/yt-dlp.nix
|
|
||||||
./programs/zoxide.nix
|
|
||||||
./programs/zsh
|
./programs/zsh
|
||||||
|
|
||||||
./services/nix-channel-update.nix
|
./services/nix-channel-update.nix
|
||||||
|
@ -45,18 +33,14 @@ in {
|
||||||
|
|
||||||
./modules/colors.nix
|
./modules/colors.nix
|
||||||
./modules/shellAliases.nix
|
./modules/shellAliases.nix
|
||||||
./modules/uidGid.nix
|
|
||||||
] ++ optionals graphics [
|
] ++ optionals graphics [
|
||||||
./config/gtk.nix
|
./config/gtk.nix
|
||||||
|
|
||||||
./programs/alacritty.nix
|
./programs/alacritty.nix
|
||||||
./programs/emacs
|
./programs/emacs
|
||||||
./programs/feh.nix
|
|
||||||
./programs/firefox.nix
|
./programs/firefox.nix
|
||||||
./programs/mpv.nix
|
|
||||||
./programs/ncmpcpp.nix
|
./programs/ncmpcpp.nix
|
||||||
./programs/newsboat
|
./programs/newsboat
|
||||||
./programs/obs-studio.nix
|
|
||||||
./programs/qutebrowser.nix
|
./programs/qutebrowser.nix
|
||||||
./programs/rofi.nix
|
./programs/rofi.nix
|
||||||
./programs/taskwarrior.nix
|
./programs/taskwarrior.nix
|
||||||
|
@ -69,10 +53,7 @@ in {
|
||||||
./services/copyq.nix
|
./services/copyq.nix
|
||||||
./services/dunst.nix
|
./services/dunst.nix
|
||||||
./services/fcitx5.nix
|
./services/fcitx5.nix
|
||||||
./services/gnome-keyring.nix
|
|
||||||
./services/keybase.nix
|
|
||||||
./services/mpd.nix
|
./services/mpd.nix
|
||||||
./services/network-manager.nix
|
|
||||||
./services/picom.nix
|
./services/picom.nix
|
||||||
./services/polybar.nix
|
./services/polybar.nix
|
||||||
./services/screen-locker.nix
|
./services/screen-locker.nix
|
||||||
|
@ -151,6 +132,51 @@ in {
|
||||||
|
|
||||||
fonts.fontconfig.enable = mkForce true;
|
fonts.fontconfig.enable = mkForce true;
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
home-manager.enable = true;
|
||||||
|
|
||||||
|
bash = {
|
||||||
|
enable = true;
|
||||||
|
historyFile = "${config.xdg.dataHome}/bash_history";
|
||||||
|
historySize = 100000;
|
||||||
|
bashrcExtra = ''
|
||||||
|
source "${config.xdg.configHome}/mutable_env.sh"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
bat.enable = true;
|
||||||
|
bottom = {
|
||||||
|
enable = true;
|
||||||
|
settings.flags.enable_gpu = true;
|
||||||
|
};
|
||||||
|
eza.enable = true;
|
||||||
|
feh.enable = mkIf graphics true;
|
||||||
|
fzf = {
|
||||||
|
enable = true;
|
||||||
|
defaultCommand = "fd --type f";
|
||||||
|
};
|
||||||
|
man = {
|
||||||
|
enable = true;
|
||||||
|
generateCaches = true;
|
||||||
|
};
|
||||||
|
mpv.enable = mkIf graphics true;
|
||||||
|
obs-studio.enable = mkIf graphics true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
includes = [ "mutable_config" ];
|
||||||
|
};
|
||||||
|
texlive = {
|
||||||
|
enable = true;
|
||||||
|
# packageSet = pkgs.texlive.combined.scheme-medium;
|
||||||
|
};
|
||||||
|
zoxide.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
gnome-keyring.enable = mkIf graphics true;
|
||||||
|
network-manager-applet.enable = mkIf graphics true;
|
||||||
|
};
|
||||||
|
|
||||||
manual = {
|
manual = {
|
||||||
html.enable = true;
|
html.enable = true;
|
||||||
manpages.enable = true;
|
manpages.enable = true;
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
{ lib, ... }:
|
|
||||||
{
|
|
||||||
options.home = {
|
|
||||||
uid = lib.mkOption {
|
|
||||||
default = 1000;
|
|
||||||
type = lib.types.ints.between 0 60000;
|
|
||||||
};
|
|
||||||
gid = lib.mkOption {
|
|
||||||
default = 1000;
|
|
||||||
type = lib.types.ints.between 0 60000;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -5,14 +5,13 @@
|
||||||
cloc
|
cloc
|
||||||
cyme
|
cyme
|
||||||
czkawka
|
czkawka
|
||||||
|
delta
|
||||||
diskonaut
|
diskonaut
|
||||||
duf
|
duf
|
||||||
duff
|
duff
|
||||||
ffmpeg
|
ffmpeg
|
||||||
file
|
file
|
||||||
glances
|
glances
|
||||||
gpauth
|
|
||||||
gpclient
|
|
||||||
gpg-tui
|
gpg-tui
|
||||||
gping
|
gping
|
||||||
graphviz
|
graphviz
|
||||||
|
@ -20,6 +19,7 @@
|
||||||
httpie
|
httpie
|
||||||
imagemagick
|
imagemagick
|
||||||
kepubify
|
kepubify
|
||||||
|
# keybase
|
||||||
keymapviz
|
keymapviz
|
||||||
libwebp
|
libwebp
|
||||||
lnav
|
lnav
|
||||||
|
@ -39,15 +39,18 @@
|
||||||
# nixops
|
# nixops
|
||||||
nmap
|
nmap
|
||||||
ouch
|
ouch
|
||||||
|
pandoc
|
||||||
parallel
|
parallel
|
||||||
progress
|
progress
|
||||||
pwntools
|
pwntools
|
||||||
python3
|
python3
|
||||||
rclone
|
rclone
|
||||||
|
ripgrep
|
||||||
rsync
|
rsync
|
||||||
# sc-im
|
# sc-im
|
||||||
slack-term
|
slack-term
|
||||||
tea
|
tea
|
||||||
|
tealdeer
|
||||||
terminal-parrot
|
terminal-parrot
|
||||||
termtosvg
|
termtosvg
|
||||||
toilet
|
toilet
|
||||||
|
@ -59,6 +62,7 @@
|
||||||
waifu2x-converter-cpp
|
waifu2x-converter-cpp
|
||||||
wavemon
|
wavemon
|
||||||
wiki-tui
|
wiki-tui
|
||||||
|
yt-dlp
|
||||||
yubico-pam
|
yubico-pam
|
||||||
yubikey-agent
|
yubikey-agent
|
||||||
yubikey-manager
|
yubikey-manager
|
||||||
|
@ -85,8 +89,8 @@
|
||||||
geogebra
|
geogebra
|
||||||
ghidra
|
ghidra
|
||||||
gimp
|
gimp
|
||||||
gnome-font-viewer
|
gnome.gnome-font-viewer
|
||||||
seahorse
|
gnome.seahorse
|
||||||
google-chrome
|
google-chrome
|
||||||
imhex
|
imhex
|
||||||
inkscape
|
inkscape
|
||||||
|
|
|
@ -43,9 +43,9 @@
|
||||||
duration = 20;
|
duration = 20;
|
||||||
};
|
};
|
||||||
|
|
||||||
general.live_config_reload = true;
|
live_config_reload = true;
|
||||||
|
|
||||||
terminal.shell = {
|
shell = {
|
||||||
program = "${pkgs.zsh}/bin/zsh";
|
program = "${pkgs.zsh}/bin/zsh";
|
||||||
args = [ "--login" ];
|
args = [ "--login" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.programs.atuin;
|
cfg = config.programs.atuin;
|
||||||
xdg_runtime_dir = "/run/user/${toString config.home.uid}";
|
|
||||||
|
# TODO: retrieve this in a more dynamic and correct manner
|
||||||
|
xdg_runtime_dir = "/run/user/1000";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
programs.atuin = {
|
programs.atuin = {
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
{
|
|
||||||
programs.bash = {
|
|
||||||
enable = true;
|
|
||||||
historyFile = "${config.xdg.dataHome}/bash_history";
|
|
||||||
historySize = 100000;
|
|
||||||
bashrcExtra = ''
|
|
||||||
source "${config.xdg.configHome}/mutable_env.sh"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.bat.enable = true;
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.bottom = {
|
|
||||||
enable = true;
|
|
||||||
settings.flags.enable_gpu = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.eza.enable = true;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ machineVars, ... }:
|
|
||||||
{
|
|
||||||
programs.feh.enable = !machineVars.headless;
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.fzf = {
|
|
||||||
enable = true;
|
|
||||||
defaultCommand = "fd --type f";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -48,71 +48,15 @@ in
|
||||||
aliases = {
|
aliases = {
|
||||||
aliases = "!git config --get-regexp alias | sed -re 's/alias\\.(\\S*)\\s(.*)$/\\1 = \\2/g'";
|
aliases = "!git config --get-regexp alias | sed -re 's/alias\\.(\\S*)\\s(.*)$/\\1 = \\2/g'";
|
||||||
delete-merged = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d";
|
delete-merged = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d";
|
||||||
|
graph = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
|
||||||
|
graphv = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(bold yellow)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)' --all";
|
||||||
forcepush = "push --force-with-lease --force-if-includes";
|
forcepush = "push --force-with-lease --force-if-includes";
|
||||||
authors = "shortlog --summary --numbered --email";
|
authors = "shortlog --summary --numbered --email";
|
||||||
si = "switch-interactive";
|
si = "switch-interactive";
|
||||||
ff = "fixup-fixup";
|
|
||||||
fi = "fixup-interactive";
|
|
||||||
rf = "rebase-fixups";
|
|
||||||
pp = "post-pr";
|
|
||||||
subs = "submodule update --init --recursive";
|
subs = "submodule update --init --recursive";
|
||||||
rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
|
rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
|
||||||
git = "!git";
|
git = "!git";
|
||||||
} // (let
|
};
|
||||||
c = c: s: "%C(${c})${s}%C(reset)";
|
|
||||||
in {
|
|
||||||
graph = let
|
|
||||||
fmt = lib.concatStringsSep "" [
|
|
||||||
" - "
|
|
||||||
(c "bold blue" "%h")
|
|
||||||
" - "
|
|
||||||
(c "bold green" "(%ar)")
|
|
||||||
" "
|
|
||||||
(c "white" "> %s")
|
|
||||||
" "
|
|
||||||
(c "dim white" "- %an")
|
|
||||||
(c "bold yellow" "%d")
|
|
||||||
];
|
|
||||||
in "log --graph --abbrev-commit --decorate --format=format:'${fmt}' --all";
|
|
||||||
|
|
||||||
graphv = let
|
|
||||||
fmt = lib.concatStringsSep "" [
|
|
||||||
(c "bold blue" "%h")
|
|
||||||
" - "
|
|
||||||
(c "bold cyan" "%aD")
|
|
||||||
" "
|
|
||||||
(c "bold green" "(%ar)")
|
|
||||||
(c "bold yellow" "%d")
|
|
||||||
"%n"
|
|
||||||
" "
|
|
||||||
(c "white" "%s")
|
|
||||||
" "
|
|
||||||
(c "dim white" "- %an")
|
|
||||||
];
|
|
||||||
in "log --graph --abbrev-commit --decorate --format=format:'${fmt}' --all";
|
|
||||||
|
|
||||||
l = let
|
|
||||||
fmt = lib.concatStringsSep "%n" (map (x: if builtins.isList x then lib.concatStringsSep " " x else x) [
|
|
||||||
[ (c "bold yellow" "%H") (c "auto" "%d") ]
|
|
||||||
[ (c "bold white" "Author:") (c "bold cyan" "%aN <%aE>") (c "bold green" "(%ah)") ]
|
|
||||||
[ (c "bold white" "Committer:") (c "bold cyan" "%cN <%cE>") (c "bold green" "(%ah)") ]
|
|
||||||
[ (c "bold white" "GPG: (%G?)") (c "bold magenta" "%GF") "-" (c "bold cyan" "%GS") (c "bold blue" "(%GT) ") ]
|
|
||||||
""
|
|
||||||
(c "bold white" "# %s")
|
|
||||||
"%+b"
|
|
||||||
(c "dim yellow" "%+N")
|
|
||||||
]);
|
|
||||||
# sedExpressions = let
|
|
||||||
# colorExpr = "\\x1B\\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]";
|
|
||||||
# colorEndExpr = "\\x1B\\[m";
|
|
||||||
# colored = x: "${colorExpr}${x}${colorEndExpr}";
|
|
||||||
# in lib.concatMapStringsSep " " (x: "-e '${x}'") [
|
|
||||||
# "s|${colored "GPG: \\(N\\)"} ${colored "F3CDA86CC55A9F10D7A069819F2F7D8250F35146"} - ${colored "h7x4 <h7x4@nani.wtf>"} ${colored "\\(ultimate\\)"}|GPG: h7x4|"
|
|
||||||
# "s|${colored "GPG: \\(N\\)"} ${colored ""} - ${colored ""} ${colored "\\(undefined\\)"}||"
|
|
||||||
# ];
|
|
||||||
in "log --decorate --format=tformat:'${fmt}'";
|
|
||||||
# in "!git log --color=always --format=format:'${fmt}' | sed -E ${sedExpressions} | $PAGER";
|
|
||||||
});
|
|
||||||
|
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
core = {
|
core = {
|
||||||
|
@ -326,21 +270,6 @@ in
|
||||||
(builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
|
(builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
(pkgs.writeShellApplication {
|
|
||||||
name = "git-fixup-fixup";
|
|
||||||
runtimeInputs = with pkgs; [ cfg.package ];
|
|
||||||
text = lib.fileContents ./scripts/git-fixup-fixup.sh;
|
|
||||||
})
|
|
||||||
(pkgs.writeShellApplication {
|
|
||||||
name = "git-rebase-fixups";
|
|
||||||
runtimeInputs = with pkgs; [ cfg.package gnused ];
|
|
||||||
text = lib.fileContents ./scripts/git-rebase-fixups.sh;
|
|
||||||
})
|
|
||||||
(pkgs.writeShellApplication {
|
|
||||||
name = "git-fixup-interactive";
|
|
||||||
runtimeInputs = with pkgs; [ cfg.package gnused gnugrep fzf ];
|
|
||||||
text = lib.fileContents ./scripts/git-fixup-interactive.sh;
|
|
||||||
})
|
|
||||||
(pkgs.writeShellApplication {
|
(pkgs.writeShellApplication {
|
||||||
name = "git-switch-interactive";
|
name = "git-switch-interactive";
|
||||||
runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];
|
runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];
|
||||||
|
@ -349,21 +278,6 @@ in
|
||||||
"SC2001" # (style): See if you can use ${variable//search/replace} instead. (sed invocation)
|
"SC2001" # (style): See if you can use ${variable//search/replace} instead. (sed invocation)
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
((pkgs.writers.writePython3Bin "git-post-pr" {
|
|
||||||
libraries = with pkgs.python3Packages; [
|
|
||||||
tkinter
|
|
||||||
];
|
|
||||||
flakeIgnore = [
|
|
||||||
"E501" # I like long lines grr
|
|
||||||
];
|
|
||||||
} (lib.fileContents ./scripts/git-post-pr.py)).overrideAttrs (_: {
|
|
||||||
postFixup = ''
|
|
||||||
wrapProgram $out/bin/git-post-pr \
|
|
||||||
--prefix PATH : ${lib.makeBinPath [
|
|
||||||
pkgs.github-cli
|
|
||||||
]}
|
|
||||||
'';
|
|
||||||
}))
|
|
||||||
|
|
||||||
pkgs.git-absorb
|
pkgs.git-absorb
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
if [ -n "${1:-}" ]; then
|
|
||||||
TARGET_COMMIT="$1"
|
|
||||||
shift
|
|
||||||
else
|
|
||||||
TARGET_COMMIT="HEAD"
|
|
||||||
fi
|
|
||||||
|
|
||||||
COMMIT_MESSAGE=$(git log -1 --pretty=format:'%s' "$TARGET_COMMIT")
|
|
||||||
|
|
||||||
if [[ $COMMIT_MESSAGE =~ ^fixup!* ]]; then
|
|
||||||
git commit -m "$COMMIT_MESSAGE" "$@"
|
|
||||||
else
|
|
||||||
git commit --fixup "$TARGET_COMMIT" "$@"
|
|
||||||
fi
|
|
|
@ -1,18 +0,0 @@
|
||||||
if [ -n "${1:-}" ]; then
|
|
||||||
TARGET_BRANCH="$1"
|
|
||||||
shift
|
|
||||||
else
|
|
||||||
TARGET_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')
|
|
||||||
fi
|
|
||||||
|
|
||||||
FORK_POINT=$(git merge-base --fork-point "$TARGET_BRANCH")
|
|
||||||
|
|
||||||
COMMITS_SINCE_FORK_POINT=$(git log --format=format:'%s' "$FORK_POINT"..HEAD | grep -v -E '^fixup!')
|
|
||||||
|
|
||||||
RESULT=$(fzf <<<"$COMMITS_SINCE_FORK_POINT")
|
|
||||||
|
|
||||||
if [ "$RESULT" == "" ]; then
|
|
||||||
echo "Doing nothing..."
|
|
||||||
else
|
|
||||||
git commit -m "fixup! $RESULT" "$@"
|
|
||||||
fi
|
|
|
@ -1,130 +0,0 @@
|
||||||
import argparse
|
|
||||||
import json
|
|
||||||
import subprocess
|
|
||||||
import tkinter
|
|
||||||
|
|
||||||
# TODO: add support for gitea, and maybe other git hosting options.
|
|
||||||
|
|
||||||
|
|
||||||
def parse_args() -> argparse.Namespace:
|
|
||||||
parser = argparse.ArgumentParser(
|
|
||||||
prog="post-pr",
|
|
||||||
description="Post links to PRs",
|
|
||||||
)
|
|
||||||
|
|
||||||
parser.add_argument("-n", "--no-clipboard", action="store_true", help="do not copy the message to the clipboard")
|
|
||||||
|
|
||||||
pr_id = parser.add_mutually_exclusive_group()
|
|
||||||
pr_id.add_argument("-c", "--current-branch", action="store_true", help="generate post for the PR for the current branch")
|
|
||||||
pr_id.add_argument("-l", "--latest", action="store_true", help="generate post for the latest PR for the current user")
|
|
||||||
pr_id.add_argument("pr_id", nargs="?", default=None, help="generate post for the PR with the given ID")
|
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
if not any([args.current_branch, args.latest, args.pr_id,]):
|
|
||||||
args.current_branch = True
|
|
||||||
|
|
||||||
return args
|
|
||||||
|
|
||||||
|
|
||||||
def _gh(args: list[str]) -> str:
|
|
||||||
try:
|
|
||||||
return subprocess.check_output(["gh"] + args).decode("utf8")
|
|
||||||
except subprocess.CalledProcessError as e:
|
|
||||||
raise RuntimeError(f"GitHub CLI command failed: 'gh {' '.join(args)}'") from e
|
|
||||||
|
|
||||||
|
|
||||||
def _gh_retcode(args: list[str]) -> int:
|
|
||||||
return subprocess.run(["gh"] + args, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode
|
|
||||||
|
|
||||||
|
|
||||||
def ensure_gh_installed():
|
|
||||||
try:
|
|
||||||
if _gh_retcode(["--version"]) != 0:
|
|
||||||
raise RuntimeError("GitHub CLI (gh) is not installed, please install it")
|
|
||||||
except FileNotFoundError:
|
|
||||||
raise RuntimeError("GitHub CLI (gh) is not installed, please install it")
|
|
||||||
|
|
||||||
|
|
||||||
def ensure_gh_authenticated():
|
|
||||||
if _gh_retcode(["auth", "status"]) != 0:
|
|
||||||
raise RuntimeError("Failed to authenticate with GitHub, please run 'gh auth login'")
|
|
||||||
|
|
||||||
|
|
||||||
GH_PR_JSON_FIELDS = ",".join([
|
|
||||||
"additions",
|
|
||||||
"deletions",
|
|
||||||
"state",
|
|
||||||
"title",
|
|
||||||
"url",
|
|
||||||
])
|
|
||||||
|
|
||||||
|
|
||||||
def fetch_pr_data(current_branch: bool, latest: bool, pr_id: str | None) -> dict[str, any]:
|
|
||||||
if pr_id:
|
|
||||||
pr_data = _gh(["pr", "view", pr_id, "--json", GH_PR_JSON_FIELDS])
|
|
||||||
pr_data = json.loads(pr_data)
|
|
||||||
|
|
||||||
elif latest:
|
|
||||||
pr_list = _gh(["pr", "list", "--author", "@me", "--limit", "1", "--json", GH_PR_JSON_FIELDS])
|
|
||||||
pr_list = json.loads(pr_list)
|
|
||||||
|
|
||||||
if len(pr_list) == 0:
|
|
||||||
raise RuntimeError("Failed to find PR, are you sure you have any open PRs?")
|
|
||||||
|
|
||||||
pr_data = pr_list[0]
|
|
||||||
|
|
||||||
elif current_branch:
|
|
||||||
pr_data = _gh(["pr", "view", "--json", GH_PR_JSON_FIELDS])
|
|
||||||
pr_data = json.loads(pr_data)
|
|
||||||
|
|
||||||
return pr_data
|
|
||||||
|
|
||||||
|
|
||||||
def format_message(pr_data: dict[str, any]) -> str:
|
|
||||||
additions = pr_data["additions"]
|
|
||||||
deletions = pr_data["deletions"]
|
|
||||||
|
|
||||||
title = pr_data["title"]
|
|
||||||
pr_url = pr_data["url"]
|
|
||||||
pr_state = pr_data["state"]
|
|
||||||
|
|
||||||
state_html = f"({pr_state.lower()}) " if pr_state != "OPEN" else ""
|
|
||||||
additions_html = f"+{additions}" if additions > 0 else str(additions)
|
|
||||||
deletions_html = f"-{deletions}" if deletions > 0 else str(deletions)
|
|
||||||
|
|
||||||
return f"""{state_html}{pr_url} {title} [diff: {additions_html}/{deletions_html}]"""
|
|
||||||
|
|
||||||
|
|
||||||
def copy_to_clipboard(message: str):
|
|
||||||
r = tkinter.Tk()
|
|
||||||
r.withdraw()
|
|
||||||
r.clipboard_clear()
|
|
||||||
r.clipboard_append(message)
|
|
||||||
r.update()
|
|
||||||
r.destroy()
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
args = parse_args()
|
|
||||||
|
|
||||||
ensure_gh_installed()
|
|
||||||
ensure_gh_authenticated()
|
|
||||||
|
|
||||||
pr_data = fetch_pr_data(args.current_branch, args.latest, args.pr_id)
|
|
||||||
message = format_message(pr_data)
|
|
||||||
|
|
||||||
print("Message:\n")
|
|
||||||
print(f" {message}\n")
|
|
||||||
|
|
||||||
if not args.no_clipboard:
|
|
||||||
copy_to_clipboard(message)
|
|
||||||
print("Copied to clipboard")
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
try:
|
|
||||||
main()
|
|
||||||
except Exception as e:
|
|
||||||
print(f"Error: {e}")
|
|
||||||
exit(1)
|
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
if [ -n "${1:-}" ]; then
|
|
||||||
TARGET_BRANCH="$1"
|
|
||||||
shift
|
|
||||||
else
|
|
||||||
TARGET_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')
|
|
||||||
fi
|
|
||||||
|
|
||||||
FORK_POINT=$(git merge-base --fork-point "$TARGET_BRANCH")
|
|
||||||
|
|
||||||
git rebase "$FORK_POINT" --autosquash "$@"
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.home-manager.enable = true;
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.man = {
|
|
||||||
enable = true;
|
|
||||||
generateCaches = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ machineVars, ... }:
|
|
||||||
{
|
|
||||||
programs.mpv.enable = !machineVars.headless;
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{pkgs, ...}:
|
||||||
{
|
{
|
||||||
programs.ncmpcpp = {
|
programs.ncmpcpp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -332,11 +332,11 @@
|
||||||
window_border_color = "green";
|
window_border_color = "green";
|
||||||
active_window_border = "red";
|
active_window_border = "red";
|
||||||
|
|
||||||
visualizer_data_source = "/run/user/${toString config.home.uid}/mpd/visualizer.fifo";
|
visualizer_data_source = "/tmp/mpd.fifo";
|
||||||
visualizer_output_name = "Visualizer feed";
|
visualizer_output_name = "Visualizer feed";
|
||||||
visualizer_in_stereo = "no";
|
visualizer_in_stereo = "no";
|
||||||
# visualizer_type = "spectrum"; # spectrum, ellipse, wave_filled, wave
|
visualizer_type = "spectrum"; # spectrum, ellipse, wave_filled, wave
|
||||||
# visualizer_look = "+█"; # wave | spectrum, ellipse, wave_filled
|
visualizer_look = "+█"; # wave | spectrum, ellipse, wave_filled
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,58 +66,25 @@
|
||||||
}
|
}
|
||||||
limelight-vim
|
limelight-vim
|
||||||
vim-tmux-navigator
|
vim-tmux-navigator
|
||||||
|
vim-polyglot
|
||||||
lightline-vim
|
lightline-vim
|
||||||
vim-better-whitespace
|
|
||||||
{
|
{
|
||||||
plugin = nvim-treesitter.withAllGrammars;
|
plugin = rainbow;
|
||||||
config = ''
|
config = ''
|
||||||
packadd! nvim-treesitter
|
let g:rainbow_active = 1
|
||||||
lua << EOF
|
|
||||||
require'nvim-treesitter.configs'.setup {
|
|
||||||
highlight = {
|
|
||||||
enable = true,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
plugin = rainbow-delimiters-nvim;
|
|
||||||
config = ''
|
|
||||||
lua << EOF
|
|
||||||
local rainbow_delimiters = require 'rainbow-delimiters'
|
|
||||||
vim.g.rainbow_delimiters = {
|
|
||||||
["highlight"] = {
|
|
||||||
'RainbowDelimiterRed',
|
|
||||||
'RainbowDelimiterYellow',
|
|
||||||
'RainbowDelimiterBlue',
|
|
||||||
'RainbowDelimiterGreen',
|
|
||||||
'RainbowDelimiterViolet',
|
|
||||||
'RainbowDelimiterCyan',
|
|
||||||
},
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
plugin = vim-monokai;
|
plugin = vim-monokai;
|
||||||
config = ''
|
config = ''
|
||||||
colorscheme monokai
|
colorscheme monokai
|
||||||
|
autocmd ColorScheme * highlight Normal ctermbg=0
|
||||||
autocmd ColorScheme monokai highlight Normal ctermbg=0
|
autocmd ColorScheme * highlight LineNr ctermbg=0
|
||||||
autocmd ColorScheme monokai highlight LineNr ctermbg=0
|
autocmd ColorScheme * highlight CursorLineNR ctermbg=0 ctermfg=208
|
||||||
autocmd ColorScheme monokai highlight CursorLineNR ctermbg=0 ctermfg=208
|
autocmd ColorScheme * highlight SignColumn ctermbg=0
|
||||||
autocmd ColorScheme monokai highlight SignColumn ctermbg=0
|
autocmd ColorScheme * highlight GitGutterAdd ctermbg=0
|
||||||
autocmd ColorScheme monokai highlight GitGutterAdd ctermbg=0
|
autocmd ColorScheme * highlight GitGutterChange ctermbg=0
|
||||||
autocmd ColorScheme monokai highlight GitGutterChange ctermbg=0
|
autocmd ColorScheme * highlight GitGutterDelete ctermbg=0
|
||||||
autocmd ColorScheme monokai highlight GitGutterDelete ctermbg=0
|
|
||||||
|
|
||||||
autocmd ColorScheme monokai highlight RainbowDelimiterRed { fg = g:terminal_color_9 }
|
|
||||||
autocmd ColorScheme monokai highlight RainbowDelimiterYellow { fg = g:terminal_color_11 }
|
|
||||||
autocmd ColorScheme monokai highlight RainbowDelimiterBlue { fg = g:terminal_color_12 }
|
|
||||||
autocmd ColorScheme monokai highlight RainbowDelimiterGreen { fg = g:terminal_color_10 }
|
|
||||||
autocmd ColorScheme monokai highlight RainbowDelimiterViolet { fg = g:terminal_color_13 }
|
|
||||||
autocmd ColorScheme monokai highlight RainbowDelimiterCyan { fg = g:terminal_color_14 }
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -37,7 +37,6 @@ in {
|
||||||
(mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
|
(mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
|
||||||
(mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
|
(mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
|
||||||
(mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
|
(mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
|
||||||
(mkSource [ "japanese" "language" ] "https://wesleycrobertson.wordpress.com/feed/")
|
|
||||||
(mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
|
(mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
|
||||||
(mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
|
(mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
|
||||||
(mkSource [ "tech" ] "https://resocoder.com/feed/")
|
(mkSource [ "tech" ] "https://resocoder.com/feed/")
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ machineVars, ... }:
|
|
||||||
{
|
|
||||||
programs.obs-studio.enable = !machineVars.headless;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.pandoc.enable = true;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.ripgrep.enable = true;
|
|
||||||
}
|
|
|
@ -10,11 +10,5 @@
|
||||||
mode = "0444";
|
mode = "0444";
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.ssh = {
|
programs.ssh.includes = [ config.sops.secrets."ssh/secret-config".path ];
|
||||||
enable = true;
|
|
||||||
includes = [
|
|
||||||
config.sops.secrets."ssh/secret-config".path
|
|
||||||
"mutable_config"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.texlive = {
|
|
||||||
enable = true;
|
|
||||||
# packageSet = pkgs.texlive.combined.scheme-medium;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, lib, ... }:
|
{pkgs, ...}:
|
||||||
{
|
{
|
||||||
programs.tmux = {
|
programs.tmux = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -19,25 +19,7 @@
|
||||||
tmux-fzf
|
tmux-fzf
|
||||||
urlview
|
urlview
|
||||||
];
|
];
|
||||||
extraConfig = let
|
extraConfig = ''
|
||||||
fileContentsWithoutShebang = script: lib.pipe script [
|
|
||||||
lib.fileContents
|
|
||||||
(lib.splitString "\n")
|
|
||||||
(lib.drop 3) # remove shebang
|
|
||||||
(lib.concatStringsSep "\n")
|
|
||||||
];
|
|
||||||
|
|
||||||
fcitx5-status = (pkgs.writeShellApplication {
|
|
||||||
name = "tmux-fcitx5-status";
|
|
||||||
runtimeInputs = with pkgs; [ dbus ];
|
|
||||||
text = fileContentsWithoutShebang ./scripts/fcitx5-status.sh;
|
|
||||||
});
|
|
||||||
mpd-status = (pkgs.writeShellApplication {
|
|
||||||
name = "tmux-mpd-status";
|
|
||||||
runtimeInputs = with pkgs; [ mpc-cli gawk gnugrep ];
|
|
||||||
text = fileContentsWithoutShebang ./scripts/mpd-status.sh;
|
|
||||||
});
|
|
||||||
in ''
|
|
||||||
# Don't rename windows automatically after rename with ','
|
# Don't rename windows automatically after rename with ','
|
||||||
set-option -g allow-rename off
|
set-option -g allow-rename off
|
||||||
|
|
||||||
|
@ -109,8 +91,8 @@
|
||||||
### DESIGN CHANGES ###
|
### DESIGN CHANGES ###
|
||||||
######################
|
######################
|
||||||
|
|
||||||
set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default] #[fg=green]#(${lib.getExe fcitx5-status}) #[fg=red]%H:%M '
|
set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default] #[fg=green]#(~/.scripts/tmux/fcitx) #[fg=red]%H:%M '
|
||||||
set-option -g status-right '#[fg=red]#(${lib.getExe mpd-status})'
|
set-option -g status-right '#[fg=red]#(~/.scripts/tmux/mpd)'
|
||||||
set-window-option -g window-status-current-style fg=magenta
|
set-window-option -g window-status-current-style fg=magenta
|
||||||
set-option -g status-style 'bg=black fg=default'
|
set-option -g status-style 'bg=black fg=default'
|
||||||
set-option -g default-shell '${pkgs.zsh}/bin/zsh'
|
set-option -g default-shell '${pkgs.zsh}/bin/zsh'
|
|
@ -1,26 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -i bash -p dbus
|
|
||||||
|
|
||||||
printState() {
|
|
||||||
STATUS=$(dbus-send --session --print-reply=literal --dest='org.fcitx.Fcitx5' '/controller' 'org.fcitx.Fcitx.Controller1.CurrentInputMethod' | tr -d '[:space:]')
|
|
||||||
|
|
||||||
case $STATUS in
|
|
||||||
keyboard-us)
|
|
||||||
echo 'US'
|
|
||||||
;;
|
|
||||||
keyboard-no)
|
|
||||||
echo 'NO'
|
|
||||||
;;
|
|
||||||
mozc)
|
|
||||||
echo '日本語'
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "$STATUS?"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
while :; do
|
|
||||||
printState
|
|
||||||
sleep 1
|
|
||||||
done
|
|
|
@ -1,29 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -i sh -p mpc-cli gawk gnugrep
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
MPC_OUTPUT=$(mpc --format '[[%artist% - ]%title%]|[%file%]')
|
|
||||||
|
|
||||||
TITLE=$(head -n 1 <<<"$MPC_OUTPUT")
|
|
||||||
|
|
||||||
if [ ${#TITLE} -gt 60 ]; then
|
|
||||||
TITLE=$(awk '{print substr($0,0,57) "..."}' <<<"$TITLE")
|
|
||||||
fi
|
|
||||||
|
|
||||||
LINE2=$(head -n 2 <<<"$MPC_OUTPUT" | tail -n 1)
|
|
||||||
|
|
||||||
PLAY_STATUS_RAW=$(awk '{print $1}' <<<"$LINE2")
|
|
||||||
|
|
||||||
if [ "$PLAY_STATUS_RAW" == "[playing]" ]; then
|
|
||||||
PLAY_STATUS="▶"
|
|
||||||
elif [ "$PLAY_STATUS_RAW" == "[paused]" ]; then
|
|
||||||
PLAY_STATUS="⏸"
|
|
||||||
else
|
|
||||||
PLAY_STATUS="??"
|
|
||||||
fi
|
|
||||||
|
|
||||||
TIME=$(awk '{print $3}' <<<"$LINE2")
|
|
||||||
|
|
||||||
echo -e "$PLAY_STATUS $TITLE | [$TIME]"
|
|
||||||
sleep 1
|
|
||||||
done
|
|
|
@ -86,6 +86,7 @@ myScratchpads = [ NS "ncmpcpp" spawnNC findNC layoutA
|
||||||
where
|
where
|
||||||
spawnNC = myTerminal ++ " --title ncmpcppScratchpad -e ncmpcpp"
|
spawnNC = myTerminal ++ " --title ncmpcppScratchpad -e ncmpcpp"
|
||||||
spawnTM = myTerminal ++ " --class floatingTerminal -e tmux new-session -A -s f"
|
spawnTM = myTerminal ++ " --class floatingTerminal -e tmux new-session -A -s f"
|
||||||
|
spawnTW = myTerminal ++ " --class taskWarriorTerminal -e taskwarrior-tui"
|
||||||
-- spawnMX = "element"
|
-- spawnMX = "element"
|
||||||
spawnFB = "thunar --class=floatingThunar"
|
spawnFB = "thunar --class=floatingThunar"
|
||||||
spawnEX = "emacs --name=floatingEmacs"
|
spawnEX = "emacs --name=floatingEmacs"
|
||||||
|
@ -94,6 +95,7 @@ myScratchpads = [ NS "ncmpcpp" spawnNC findNC layoutA
|
||||||
|
|
||||||
findNC = title =? "ncmpcppScratchpad"
|
findNC = title =? "ncmpcppScratchpad"
|
||||||
findTM = className =? "floatingTerminal"
|
findTM = className =? "floatingTerminal"
|
||||||
|
findTW = className =? "taskWarriorTerminal"
|
||||||
findSC = className =? "floatingSchedule"
|
findSC = className =? "floatingSchedule"
|
||||||
-- findMX = className =? "element"
|
-- findMX = className =? "element"
|
||||||
findFB = className =? "floatingThunar"
|
findFB = className =? "floatingThunar"
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.yt-dlp.enable = true;
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
programs.zoxide.enable = true;
|
|
||||||
}
|
|
|
@ -3,7 +3,7 @@
|
||||||
services.dunst = {
|
services.dunst = {
|
||||||
enable = true;
|
enable = true;
|
||||||
iconTheme = {
|
iconTheme = {
|
||||||
package = pkgs.adwaita-icon-theme;
|
package = pkgs.gnome.adwaita-icon-theme;
|
||||||
name = "Adwaita";
|
name = "Adwaita";
|
||||||
size = "32x32";
|
size = "32x32";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ machineVars, ... }:
|
|
||||||
{
|
|
||||||
services.gnome-keyring.enable = !machineVars.headless;
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
services.keybase.enable = true;
|
|
||||||
services.kbfs.enable = true;
|
|
||||||
}
|
|
|
@ -1,141 +1,28 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, ... }:
|
||||||
let
|
|
||||||
cfg = config.services.mpd;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
services.mpd = {
|
services.mpd = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
musicDirectory = config.xdg.userDirs.music;
|
musicDirectory = config.xdg.userDirs.music;
|
||||||
playlistDirectory = "${cfg.musicDirectory}/playlists/MPD";
|
playlistDirectory = "${musicDirectory}/playlists/MPD";
|
||||||
network.startWhenNeeded = true;
|
network.startWhenNeeded = true;
|
||||||
|
|
||||||
|
# TODO: make the path specific to the user unit
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
pid_file "/run/user/${toString config.home.uid}/mpd/pid"
|
audio_output {
|
||||||
|
type "fifo"
|
||||||
zeroconf_enabled "no"
|
name "Visualizer feed"
|
||||||
|
path "/tmp/mpd.fifo"
|
||||||
replaygain "auto"
|
format "44100:16:2"
|
||||||
|
}
|
||||||
restore_paused "yes"
|
|
||||||
|
|
||||||
auto_update "no"
|
|
||||||
|
|
||||||
audio_output {
|
audio_output {
|
||||||
type "pipewire"
|
type "pipewire"
|
||||||
name "PipeWire Sound Server"
|
name "PipeWire Sound Server"
|
||||||
}
|
}
|
||||||
|
|
||||||
audio_output {
|
|
||||||
type "fifo"
|
|
||||||
name "Visualizer feed"
|
|
||||||
path "/run/user/${toString config.home.uid}/mpd/visualizer.fifo"
|
|
||||||
format "44100:16:2"
|
|
||||||
}
|
|
||||||
|
|
||||||
resampler {
|
|
||||||
plugin "soxr"
|
|
||||||
quality "very high"
|
|
||||||
}
|
|
||||||
|
|
||||||
playlist_plugin {
|
|
||||||
name "cue"
|
|
||||||
enabled "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
playlist_plugin {
|
|
||||||
name "m3u"
|
|
||||||
enabled "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
playlist_plugin {
|
|
||||||
name "extm3u"
|
|
||||||
enabled "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
playlist_plugin {
|
|
||||||
name "flac"
|
|
||||||
enabled "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
playlist_plugin {
|
|
||||||
name "rss"
|
|
||||||
enabled "true"
|
|
||||||
}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# TODO: disable auto_update and use systemd path to listen for changes
|
||||||
# TODO: upstream unix socket support to home-manager
|
# TODO: upstream unix socket support to home-manager
|
||||||
|
|
||||||
systemd.user.services.mpd = {
|
|
||||||
Unit = {
|
|
||||||
Documentation = [
|
|
||||||
"man:mpd(1)"
|
|
||||||
"man:mpd.conf(5)"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
Service = {
|
|
||||||
WatchdogSec = 120;
|
|
||||||
|
|
||||||
# for io_uring
|
|
||||||
LimitMEMLOCK = "64M";
|
|
||||||
|
|
||||||
# allow MPD to use real-time priority 40
|
|
||||||
LimitRTPRIO = 40;
|
|
||||||
LimitRTTIME = "infinity";
|
|
||||||
|
|
||||||
PrivateUsers = true;
|
|
||||||
ProtectSystem = true;
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
RestrictAddressFamilies = [
|
|
||||||
"AF_INET"
|
|
||||||
"AF_UNIX"
|
|
||||||
];
|
|
||||||
RestrictNamespaces = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.user.paths.mpd-update-library = {
|
|
||||||
Unit = {
|
|
||||||
Description = "Watchdog that updates the mpd library whenever the files are modified";
|
|
||||||
Documentation = [
|
|
||||||
"man:mpd(1)"
|
|
||||||
"man:mpd.conf(5)"
|
|
||||||
];
|
|
||||||
WantedBy = [ "paths.target" ];
|
|
||||||
};
|
|
||||||
Path = {
|
|
||||||
PathChanged = cfg.musicDirectory;
|
|
||||||
Unit = "mpd-update-library.service";
|
|
||||||
TriggerLimitIntervalSec = "1s";
|
|
||||||
TriggerLimitBurst = "1";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.user.services.mpd-update-library = {
|
|
||||||
Unit = {
|
|
||||||
Description = "Watchdog that updates the mpd library whenever the files are modified";
|
|
||||||
Documentation = [
|
|
||||||
"man:mpd(1)"
|
|
||||||
"man:mpd.conf(5)"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
Service = {
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = "${lib.getExe pkgs.mpc-cli} update --wait";
|
|
||||||
|
|
||||||
PrivateUsers = true;
|
|
||||||
ProtectSystem = true;
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
RestrictAddressFamilies = [
|
|
||||||
"AF_INET"
|
|
||||||
"AF_UNIX"
|
|
||||||
];
|
|
||||||
RestrictNamespaces = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
{ machineVars, ... }:
|
|
||||||
{
|
|
||||||
services.network-manager-applet.enable = !machineVars.headless;
|
|
||||||
}
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, machineVars, ... }: let
|
{ pkgs, lib, config, machineVars, ... }: let
|
||||||
colors = config.colors.defaultColorSet;
|
colors = config.colors.defaultColorSet;
|
||||||
in {
|
in {
|
||||||
services.polybar = {
|
services.polybar = {
|
||||||
|
@ -11,13 +11,23 @@ in {
|
||||||
package = pkgs.polybar.override {
|
package = pkgs.polybar.override {
|
||||||
githubSupport = true;
|
githubSupport = true;
|
||||||
mpdSupport = true;
|
mpdSupport = true;
|
||||||
|
pulseSupport = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
"module/tray" = {
|
||||||
|
type = "internal/tray";
|
||||||
|
|
||||||
|
# padding = 4;
|
||||||
|
tray-spacing = "8px";
|
||||||
|
tray-maxsize = "25px";
|
||||||
|
# tray-background = colors.background;
|
||||||
|
};
|
||||||
|
|
||||||
"bar/top" = {
|
"bar/top" = {
|
||||||
bottom = false;
|
bottom = false;
|
||||||
# monitor =
|
# monitor =
|
||||||
tray.position = "right";
|
# tray.position = "right";
|
||||||
|
|
||||||
background = colors.background;
|
background = colors.background;
|
||||||
foreground = colors.foreground;
|
foreground = colors.foreground;
|
||||||
|
@ -42,18 +52,19 @@ in {
|
||||||
center = "date";
|
center = "date";
|
||||||
right = builtins.concatStringsSep " " [
|
right = builtins.concatStringsSep " " [
|
||||||
"filesystem"
|
"filesystem"
|
||||||
(if machineVars.wlanInterface != null then "wlan " else "")
|
(lib.optionalString (machineVars.wlanInterface != null) "wlan")
|
||||||
(if machineVars.battery != null then "batt " else "")
|
(lib.optionalString (machineVars.battery != null) "batt")
|
||||||
"vol"
|
"pulseaudio"
|
||||||
"mpd"
|
"mpd"
|
||||||
|
"tray"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
tray = {
|
# tray = {
|
||||||
padding = 4;
|
# padding = 4;
|
||||||
maxsize = 25;
|
# maxsize = 25;
|
||||||
background = colors.background;
|
# background = colors.background;
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
"module/xmonad" = {
|
"module/xmonad" = {
|
||||||
|
@ -155,15 +166,15 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
"module/vol" = {
|
"module/pulseaudio" = {
|
||||||
type = "internal/alsa";
|
type = "internal/pulseaudio";
|
||||||
# format-volume = "<bar-volume>}"
|
# format-volume = "<bar-volume>}"
|
||||||
# format-volume = "%{A1:bash -c '~/.scripts/get-volume' &:}<bar-volume>%{A}"
|
# format-volume = "%{A1:bash -c '~/.scripts/get-volume' &:}<bar-volume>%{A}"
|
||||||
# format-volume = <label-volume> <bar-volume>
|
# format-volume = <label-volume> <bar-volume>
|
||||||
|
|
||||||
# format-volume-padding = 1
|
# format-volume-padding = 1
|
||||||
# format-muted-padding = 1
|
# format-muted-padding = 1
|
||||||
format-volume = "%{T3}%{T-} <label-volume> <bar-volume>";
|
format-volume = " <label-volume> <bar-volume>";
|
||||||
# label-volume =
|
# label-volume =
|
||||||
label-volume-foreground = colors.magenta;
|
label-volume-foreground = colors.magenta;
|
||||||
# format-muted-foreground = "${colors.foreground-alt}";
|
# format-muted-foreground = "${colors.foreground-alt}";
|
||||||
|
@ -273,9 +284,11 @@ in {
|
||||||
# Default: false
|
# Default: false
|
||||||
fixed-values = true;
|
fixed-values = true;
|
||||||
|
|
||||||
# Spacing (number of spaces, pixels, points) between entries
|
# Margin (number of spaces, pixels, or points) to add before/after each module
|
||||||
# Default: 2
|
# Individual side values can be defined using:
|
||||||
spacing = 4;
|
# module-margin-{left,right}
|
||||||
|
module-margin = "16px";
|
||||||
|
# spacing = "16px";
|
||||||
|
|
||||||
# Default: 90
|
# Default: 90
|
||||||
# New in version 3.6.0
|
# New in version 3.6.0
|
||||||
|
|
|
@ -22,11 +22,11 @@ in
|
||||||
|
|
||||||
# Volume
|
# Volume
|
||||||
|
|
||||||
"super + {@F7,@F8}" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%{-,+}";
|
"super + {@F7,@F8}" = "${pkgs.alsaUtils}/bin/amixer set Master 2%{-,+}";
|
||||||
|
|
||||||
"{XF86AudioLowerVolume,XF86AudioRaiseVolume}" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%{-,+}";
|
"{XF86AudioLowerVolume,XF86AudioRaiseVolume}" = "${pkgs.alsaUtils}/bin/amixer set Master 2%{-,+}";
|
||||||
|
|
||||||
"XF86AudioMute" = "${pkgs.wireplumber}/bin/wpctl set-mute toggle";
|
"XF86AudioMute" = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||||
|
|
||||||
# Music
|
# Music
|
||||||
|
|
||||||
|
|
|
@ -14,19 +14,6 @@
|
||||||
exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name;
|
exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name;
|
||||||
in "${pkg}/bin/${exe}";
|
in "${pkg}/bin/${exe}";
|
||||||
in {
|
in {
|
||||||
sops.secrets."nordicsemi/envvars" = {
|
|
||||||
sopsFile = ../secrets/home.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
programs.bash.bashrcExtra = ''
|
|
||||||
source "${config.sops.secrets."nordicsemi/envvars".path}"
|
|
||||||
'';
|
|
||||||
|
|
||||||
programs.zsh.envExtra = ''
|
|
||||||
source "${config.sops.secrets."nordicsemi/envvars".path}"
|
|
||||||
'';
|
|
||||||
|
|
||||||
local.shell.aliases = {
|
local.shell.aliases = {
|
||||||
|
|
||||||
# ░█▀▄░█▀▀░█▀█░█░░░█▀█░█▀▀░█▀▀░█▄█░█▀▀░█▀█░▀█▀░█▀▀
|
# ░█▀▄░█▀▀░█▀█░█░░░█▀█░█▀▀░█▀▀░█▄█░█▀▀░█▀█░▀█▀░█▀▀
|
||||||
|
@ -303,11 +290,6 @@ in {
|
||||||
view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex";
|
view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex";
|
||||||
|
|
||||||
reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf";
|
reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf";
|
||||||
|
|
||||||
nordic-vpn = lib.concatStringsSep " | " [
|
|
||||||
"${p "gpauth"} \"$NORDIC_VPN_ENDPOINT\" --gateway --browser default 2>/dev/null"
|
|
||||||
"sudo ${p "gpclient"} connect \"$NORDIC_VPN_ENDPOINT\" --as-gateway --cookie-on-stdin"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄
|
# ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄
|
||||||
|
|
|
@ -12,7 +12,9 @@ in {
|
||||||
./programs/ssh.nix
|
./programs/ssh.nix
|
||||||
./programs/usbtop.nix
|
./programs/usbtop.nix
|
||||||
|
|
||||||
|
./services/cups.nix
|
||||||
./services/dbus.nix
|
./services/dbus.nix
|
||||||
|
./services/logrotate.nix
|
||||||
./services/openssh.nix
|
./services/openssh.nix
|
||||||
./services/pcscd.nix
|
./services/pcscd.nix
|
||||||
./services/pipewire.nix
|
./services/pipewire.nix
|
||||||
|
@ -23,8 +25,6 @@ in {
|
||||||
./services/xserver.nix
|
./services/xserver.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.enableStrictShellChecks = true;
|
|
||||||
|
|
||||||
sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
|
sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
|
||||||
|
|
||||||
time.timeZone = "Europe/Oslo";
|
time.timeZone = "Europe/Oslo";
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
||||||
|
|
||||||
nix.buildMachines = [{
|
nix.buildMachines = [{
|
||||||
|
# Login details configured in ssh module in nix-secrets
|
||||||
hostName = "nix-builder-bob";
|
hostName = "nix-builder-bob";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
speedFactor = 5;
|
speedFactor = 5;
|
||||||
|
@ -13,8 +14,8 @@
|
||||||
"big-paralell"
|
"big-paralell"
|
||||||
];
|
];
|
||||||
mandatoryFeatures = [ ];
|
mandatoryFeatures = [ ];
|
||||||
sshUser = "oysteikt";
|
# sshUser = secrets.ssh.users.pvv.normalUser;
|
||||||
sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
|
# sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
|
||||||
}];
|
}];
|
||||||
|
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
|
|
|
@ -1,15 +1,16 @@
|
||||||
{ config, ... }:
|
{ config, secrets, ... }:
|
||||||
{
|
{
|
||||||
sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; };
|
||||||
|
|
||||||
nix.buildMachines = [{
|
nix.buildMachines = [{
|
||||||
|
# Login details configured in ssh module in nix-secrets
|
||||||
hostName = "nix-builder-isvegg";
|
hostName = "nix-builder-isvegg";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
speedFactor = 1;
|
speedFactor = 1;
|
||||||
maxJobs = 8;
|
maxJobs = 8;
|
||||||
supportedFeatures = [ ];
|
supportedFeatures = [ ];
|
||||||
mandatoryFeatures = [ ];
|
mandatoryFeatures = [ ];
|
||||||
sshUser = "oysteikt";
|
sshUser = secrets.ssh.users.pvv.normalUser;
|
||||||
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
|
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
|
||||||
}];
|
}];
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, ... }:
|
{ config, secrets, ... }:
|
||||||
{
|
{
|
||||||
# TODO: install public key on tsuki declaratively
|
# TODO: install public key on tsuki declaratively
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
|
@ -7,6 +7,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.buildMachines = [{
|
nix.buildMachines = [{
|
||||||
|
# Login details configured in ssh module in nix-secrets
|
||||||
hostName = "nix-builder-tsukir";
|
hostName = "nix-builder-tsukir";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
speedFactor = 2;
|
speedFactor = 2;
|
||||||
|
@ -25,8 +26,7 @@
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
Host nix-builder-tsukir
|
Host nix-builder-tsukir
|
||||||
HostName gingakei.loginto.me
|
HostName gingakei.loginto.me
|
||||||
Port 45497
|
Port ${toString secrets.ports.ssh.home-in}
|
||||||
IdentityFile ${config.sops.secrets."ssh/nix-builders/tsuki/key".path}
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# knownHosts.tsukir = {
|
# knownHosts.tsukir = {
|
||||||
|
|
|
@ -0,0 +1,71 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
systemd.services = lib.mkIf config.services.printing.enable {
|
||||||
|
cups.serviceConfig = {
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectClock= true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
PrivateDevices = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
# User =
|
||||||
|
AmbientCapabilities = [ "" ];
|
||||||
|
CapabilityBoundingSet = [ "" ];
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
KeyringMode = "private";
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
RemoveIPC = true;
|
||||||
|
# RestrictAddressFamilies = [ "" ];
|
||||||
|
RestrictNamespaces=true;
|
||||||
|
RestrictRealtime=true;
|
||||||
|
RestrictSUIDSGID=true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@privileged"
|
||||||
|
];
|
||||||
|
UMask = "0077";
|
||||||
|
};
|
||||||
|
cups-browsed.serviceConfig = {
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectClock= true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
PrivateDevices = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
# User =
|
||||||
|
AmbientCapabilities = [ "" ];
|
||||||
|
CapabilityBoundingSet = [ "" ];
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
KeyringMode = "private";
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
RemoveIPC = true;
|
||||||
|
# RestrictAddressFamilies = [ "" ];
|
||||||
|
RestrictNamespaces=true;
|
||||||
|
RestrictRealtime=true;
|
||||||
|
RestrictSUIDSGID=true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@privileged"
|
||||||
|
];
|
||||||
|
UMask = "0077";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
# source: https://github.com/logrotate/logrotate/blob/main/examples/logrotate.service
|
||||||
|
systemd.services.logrotate = {
|
||||||
|
documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ];
|
||||||
|
unitConfig.RequiresMountsFor = "/var/log";
|
||||||
|
serviceConfig = {
|
||||||
|
Nice = 19;
|
||||||
|
IOSchedulingClass = "best-effort";
|
||||||
|
IOSchedulingPriority = 7;
|
||||||
|
|
||||||
|
ReadWritePaths = [ "/var/log" ];
|
||||||
|
|
||||||
|
AmbientCapabilities = [ "" ];
|
||||||
|
CapabilityBoundingSet = [ "" ];
|
||||||
|
DeviceAllow = [ "" ];
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
NoNewPrivileges = true; # disable for third party rotate scripts
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateNetwork = true; # disable for mail delivery
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHome = true; # disable for userdir logs
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectSystem = "full";
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true; # disable for creating setgid directories
|
||||||
|
SocketBindDeny = [ "any" ];
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,77 +1,4 @@
|
||||||
{ config, lib, ... }:
|
{ config, ... }:
|
||||||
let
|
|
||||||
cfg = config.services.printing;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
# services.printing.enable = !config.machineVars.headless;
|
services.printing.enable = !config.machineVars.headless;
|
||||||
services.printing.enable = false;
|
|
||||||
|
|
||||||
systemd.services = lib.mkIf cfg.enable {
|
|
||||||
cups.serviceConfig = {
|
|
||||||
PrivateTmp = true;
|
|
||||||
ProtectSystem = "strict";
|
|
||||||
ProtectHome = true;
|
|
||||||
ProtectClock= true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectProc = "invisible";
|
|
||||||
PrivateDevices = true;
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
# User =
|
|
||||||
AmbientCapabilities = [ "" ];
|
|
||||||
CapabilityBoundingSet = [ "" ];
|
|
||||||
DevicePolicy = "closed";
|
|
||||||
KeyringMode = "private";
|
|
||||||
LockPersonality = true;
|
|
||||||
MemoryDenyWriteExecute = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
RemoveIPC = true;
|
|
||||||
# RestrictAddressFamilies = [ "" ];
|
|
||||||
RestrictNamespaces=true;
|
|
||||||
RestrictRealtime=true;
|
|
||||||
RestrictSUIDSGID=true;
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
SystemCallFilter = [
|
|
||||||
"@system-service"
|
|
||||||
"~@privileged"
|
|
||||||
];
|
|
||||||
UMask = "0077";
|
|
||||||
};
|
|
||||||
cups-browsed.serviceConfig = lib.mkIf cfg.enable {
|
|
||||||
PrivateTmp = true;
|
|
||||||
ProtectSystem = "strict";
|
|
||||||
ProtectHome = true;
|
|
||||||
ProtectClock= true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectProc = "invisible";
|
|
||||||
PrivateDevices = true;
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
# User =
|
|
||||||
AmbientCapabilities = [ "" ];
|
|
||||||
CapabilityBoundingSet = [ "" ];
|
|
||||||
DevicePolicy = "closed";
|
|
||||||
KeyringMode = "private";
|
|
||||||
LockPersonality = true;
|
|
||||||
MemoryDenyWriteExecute = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
RemoveIPC = true;
|
|
||||||
# RestrictAddressFamilies = [ "" ];
|
|
||||||
RestrictNamespaces=true;
|
|
||||||
RestrictRealtime=true;
|
|
||||||
RestrictSUIDSGID=true;
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
SystemCallFilter = [
|
|
||||||
"@system-service"
|
|
||||||
"~@privileged"
|
|
||||||
];
|
|
||||||
UMask = "0077";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -77,11 +77,14 @@
|
||||||
fstrim.enable = true;
|
fstrim.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.buildMachines = lib.mkForce [ ];
|
|
||||||
|
|
||||||
hardware = {
|
hardware = {
|
||||||
bluetooth.enable = true;
|
bluetooth.enable = true;
|
||||||
enableRedistributableFirmware = true;
|
enableRedistributableFirmware = true;
|
||||||
keyboard.zsa.enable = true;
|
keyboard.zsa.enable = true;
|
||||||
|
opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,8 +12,6 @@
|
||||||
./services/keybase.nix
|
./services/keybase.nix
|
||||||
|
|
||||||
./nspawn-containers/arch.nix
|
./nspawn-containers/arch.nix
|
||||||
|
|
||||||
./testconfig.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
# NOTE: this file is a space where i put new configuration while i'm testing it.
|
|
||||||
# There shouldn't really be anything here, I'm not planning to commit any config here.
|
|
||||||
{
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,23 +1,16 @@
|
||||||
{ config, lib, secrets, ... }:
|
{ secrets, ... }:
|
||||||
let
|
|
||||||
cfg = config.services.coturn;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
services.coturn = let
|
services.coturn = rec {
|
||||||
# certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
|
|
||||||
certName = "nani.wtf";
|
|
||||||
certDir = config.security.acme.certs.${certName}.directory;
|
|
||||||
in rec {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
no-cli = true;
|
no-cli = true;
|
||||||
no-tcp-relay = true;
|
no-tcp-relay = true;
|
||||||
min-port = 46000;
|
min-port = secrets.ports.matrix.coturn.min;
|
||||||
max-port = 47000;
|
max-port = secrets.ports.matrix.coturn.max;
|
||||||
use-auth-secret = true;
|
use-auth-secret = true;
|
||||||
static-auth-secret = secrets.keys.matrix.static-auth-secret;
|
static-auth-secret = secrets.keys.matrix.static-auth-secret;
|
||||||
realm = "turn.nani.wtf";
|
realm = "turn.nani.wtf";
|
||||||
cert = "${certDir}/cert.pem";
|
cert = "${secrets.keys.certificates.server.crt}";
|
||||||
pkey = "${certDir}/key.pem";
|
pkey = "${secrets.keys.certificates.server.key}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# for debugging
|
# for debugging
|
||||||
verbose
|
verbose
|
||||||
|
@ -47,19 +40,4 @@ in
|
||||||
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = lib.mkIf cfg.enable {
|
|
||||||
interfaces.enp2s0 = let
|
|
||||||
range = [{
|
|
||||||
from = cfg.min-port;
|
|
||||||
to = cfg.max-port;
|
|
||||||
}];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
allowedUDPPortRanges = range;
|
|
||||||
allowedUDPPorts = [ cfg.listening-port ];
|
|
||||||
allowedTCPPortRanges = range;
|
|
||||||
allowedTCPPorts = [ cfg.listening-port ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,11 +25,9 @@
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
turn_uris = let
|
turn_uris = let
|
||||||
inherit (config.services.coturn) realm listening-port;
|
inherit (config.services.coturn) realm;
|
||||||
in [
|
p = toString secrets.ports.matrix.default;
|
||||||
"turn:${realm}:${toString listening-port}?transport=udp"
|
in ["turn:${realm}:${p}?transport=udp" "turn:${realm}:${p}?transport=tcp"];
|
||||||
"turn:${realm}:${toString listening-port}?transport=tcp"
|
|
||||||
];
|
|
||||||
turn_shared_secret = config.services.coturn.static-auth-secret;
|
turn_shared_secret = config.services.coturn.static-auth-secret;
|
||||||
turn_user_lifetime = "1h";
|
turn_user_lifetime = "1h";
|
||||||
|
|
||||||
|
@ -69,7 +67,7 @@
|
||||||
user = "matrix-synapse";
|
user = "matrix-synapse";
|
||||||
database = "matrix-synapse";
|
database = "matrix-synapse";
|
||||||
host = "/var/run/postgresql";
|
host = "/var/run/postgresql";
|
||||||
port = config.services.postgresql.settings.port;
|
port = secrets.ports.postgres;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -94,4 +92,19 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.redis.servers."".enable = true;
|
services.redis.servers."".enable = true;
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
interfaces.enp2s0 = let
|
||||||
|
range = with config.services.coturn; [ {
|
||||||
|
from = secrets.ports.matrix.coturn.min;
|
||||||
|
to = secrets.ports.matrix.coturn.max;
|
||||||
|
} ];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
allowedUDPPortRanges = range;
|
||||||
|
allowedUDPPorts = [ secrets.ports.matrix.default ];
|
||||||
|
allowedTCPPortRanges = range;
|
||||||
|
allowedTCPPorts = [ secrets.ports.matrix.default ];
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, inputs, ... }:
|
{ pkgs, lib, config, secrets, inputs, ... }:
|
||||||
{
|
{
|
||||||
sops.secrets."cloudflare/api-key" = {};
|
sops.secrets."cloudflare/api-key" = {};
|
||||||
|
|
||||||
|
@ -37,18 +37,19 @@
|
||||||
recommendedZstdSettings = true;
|
recommendedZstdSettings = true;
|
||||||
|
|
||||||
upstreams = let
|
upstreams = let
|
||||||
|
inherit (secrets) ips ports;
|
||||||
srv = config.services;
|
srv = config.services;
|
||||||
sa = config.local.socketActivation;
|
sa = config.local.socketActivation;
|
||||||
in {
|
in {
|
||||||
"atuin".servers."unix:${sa.atuin.newSocketAddress}" = { };
|
"atuin".servers."unix:${sa.atuin.newSocketAddress}" = { };
|
||||||
"dynmap".servers."localhost:8123" = { };
|
"dynmap".servers."localhost:${s ports.minecraft.dynmap}" = { };
|
||||||
"grafana".servers."unix:/run/grafana/grafana.sock" = { };
|
"grafana".servers."unix:/run/grafana/grafana.sock" = { };
|
||||||
"headscale".servers."localhost:${s srv.headscale.port}" = { };
|
"headscale".servers."localhost:${s srv.headscale.port}" = { };
|
||||||
"hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { };
|
"hedgedoc".servers."unix:${srv.hedgedoc.settings.path}" = { };
|
||||||
"idrac".servers."10.0.0.201" = { };
|
"idrac".servers."${ips.idrac}" = { };
|
||||||
"kanidm".servers."localhost:8300" = { };
|
"kanidm".servers."localhost:8300" = { };
|
||||||
"osuchan".servers."localhost:${s srv.osuchan.port}" = { };
|
"osuchan".servers."localhost:${s ports.osuchan}" = { };
|
||||||
"plex".servers."localhost:32400" = { };
|
"plex".servers."localhost:${s ports.plex}" = { };
|
||||||
"vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { };
|
"vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { };
|
||||||
"wstunnel".servers = let
|
"wstunnel".servers = let
|
||||||
inherit (config.services.wstunnel.servers."ws-tsuki".listen) host port;
|
inherit (config.services.wstunnel.servers."ws-tsuki".listen) host port;
|
||||||
|
@ -60,7 +61,7 @@
|
||||||
virtualHosts = let
|
virtualHosts = let
|
||||||
inherit (lib.attrsets) nameValuePair listToAttrs recursiveUpdate;
|
inherit (lib.attrsets) nameValuePair listToAttrs recursiveUpdate;
|
||||||
inherit (lib.lists) head drop;
|
inherit (lib.lists) head drop;
|
||||||
domains = [ "nani.wtf" ];
|
inherit (secrets) domains keys;
|
||||||
|
|
||||||
cloudflare-origin-pull-ca = builtins.fetchurl {
|
cloudflare-origin-pull-ca = builtins.fetchurl {
|
||||||
url = "https://developers.cloudflare.com/ssl/static/authenticated_origin_pull_ca.pem";
|
url = "https://developers.cloudflare.com/ssl/static/authenticated_origin_pull_ca.pem";
|
||||||
|
@ -69,7 +70,7 @@
|
||||||
|
|
||||||
# nonCFHost =
|
# nonCFHost =
|
||||||
# subdomains: extraSettings: let
|
# subdomains: extraSettings: let
|
||||||
# settings = {
|
# settings = with keys.certificates; {
|
||||||
# useACMEHost = "nani.wtf";
|
# useACMEHost = "nani.wtf";
|
||||||
# forceSSL = true;
|
# forceSSL = true;
|
||||||
# kTLS = true;
|
# kTLS = true;
|
||||||
|
@ -83,7 +84,7 @@
|
||||||
|
|
||||||
host =
|
host =
|
||||||
subdomains: extraSettings: let
|
subdomains: extraSettings: let
|
||||||
settings = {
|
settings = with keys.certificates; {
|
||||||
serverAliases = drop 1 (generateServerAliases domains subdomains);
|
serverAliases = drop 1 (generateServerAliases domains subdomains);
|
||||||
useACMEHost = "nani.wtf";
|
useACMEHost = "nani.wtf";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -48,7 +48,32 @@ in {
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.postgresql.serviceConfig.ReadWritePaths = [ cfg.dataDir ];
|
systemd.services.postgresql = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 3;
|
||||||
|
ReadWritePaths = [ cfg.dataDir ];
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
# PrivateMounts = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectHome = true;
|
||||||
|
# PrivateNetwork = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
UMask = "0077";
|
||||||
|
# RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ config.services.postgresql.package ];
|
environment.systemPackages = [ config.services.postgresql.package ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,25 +5,26 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
# openFirewall = true;
|
# openFirewall = true;
|
||||||
|
|
||||||
settings = {
|
extraConfig = ''
|
||||||
global = {
|
workgroup = TSUKI
|
||||||
"workgroup" = "TSUKI";
|
server string = smbnix
|
||||||
"server string" = "smbnix";
|
netbios name = smbnix
|
||||||
"netbios name" = "smbnix";
|
|
||||||
|
|
||||||
"security" = "user";
|
security = user
|
||||||
|
|
||||||
"use sendfile" = "yes";
|
use sendfile = yes
|
||||||
"min protocol" = "SMB2";
|
min protocol = SMB2
|
||||||
"smb encrypt" = "desired";
|
smb encrypt = desired
|
||||||
|
|
||||||
# note: localhost is the ipv6 localhost ::1
|
# note: localhost is the ipv6 localhost ::1
|
||||||
"hosts allow" = "100.107.69.8 100.100.65.88";
|
hosts allow = 100.107.69.8 100.100.65.88
|
||||||
"hosts deny" = "0.0.0.0/0";
|
hosts deny = 0.0.0.0/0
|
||||||
|
|
||||||
"guest ok" = "no";
|
guest ok = no
|
||||||
"map to guest" = "never";
|
map to guest = never
|
||||||
};
|
'';
|
||||||
|
|
||||||
|
shares = {
|
||||||
cirno = {
|
cirno = {
|
||||||
path = "/data/cirno";
|
path = "/data/cirno";
|
||||||
browseable = "yes";
|
browseable = "yes";
|
||||||
|
@ -65,4 +66,15 @@
|
||||||
|
|
||||||
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 139 445 ];
|
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 139 445 ];
|
||||||
networking.firewall.interfaces."tailscale0".allowedUDPPorts = [ 137 138 ];
|
networking.firewall.interfaces."tailscale0".allowedUDPPorts = [ 137 138 ];
|
||||||
|
|
||||||
|
|
||||||
|
systemd.slices.system-samba = {
|
||||||
|
description = "Samba slice";
|
||||||
|
after = [ "system.slice" ];
|
||||||
|
requires = [ "system.slice" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.samba-smbd.serviceConfig.Slice = "system-samba.slice";
|
||||||
|
systemd.services.samba-nmbd.serviceConfig.Slice = "system-samba.slice";
|
||||||
|
systemd.services.samba-winbindd.serviceConfig.Slice = "system-samba.slice";
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,39 @@ in {
|
||||||
|
|
||||||
systemd.services.vaultwarden = lib.mkIf cfg.enable {
|
systemd.services.vaultwarden = lib.mkIf cfg.enable {
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
# Extra hardening
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
LockPersonality = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
# MemoryDenyWriteExecute = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProcSubset = "pid";
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
RestrictAddressFamilies = [
|
||||||
|
"AF_INET"
|
||||||
|
"AF_INET6"
|
||||||
|
"AF_UNIX"
|
||||||
|
];
|
||||||
|
RemoveIPC = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service"
|
||||||
|
"~@privileged"
|
||||||
|
];
|
||||||
|
UMask = "0007";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql = lib.mkIf cfg.enable {
|
services.postgresql = lib.mkIf cfg.enable {
|
||||||
|
|
|
@ -102,9 +102,9 @@ buildBazelPackage {
|
||||||
})
|
})
|
||||||
(fetchurl rec {
|
(fetchurl rec {
|
||||||
name = "jawiki";
|
name = "jawiki";
|
||||||
url = "https://dumps.wikimedia.org/${name}/20241101/${name}-20241101-all-titles-in-ns0.gz";
|
url = "https://dumps.wikimedia.org/${name}/20240620/${name}-20240620-all-titles-in-ns0.gz";
|
||||||
recursiveHash = true;
|
recursiveHash = true;
|
||||||
hash = "sha256-gyg6aSsbT7wNvlIu5H5Qmi5O2LBIoZU13U+OgZCEmac=";
|
hash = "sha256-p1LP8mHYknUPEB9u9CLCP1/uUjCVfb/mdpnOPawGcqQ=";
|
||||||
downloadToTemp = true;
|
downloadToTemp = true;
|
||||||
postFetch = ''
|
postFetch = ''
|
||||||
mkdir -p "$out"
|
mkdir -p "$out"
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
git:
|
git:
|
||||||
nordicsemi-config: ENC[AES256_GCM,data:ziuM41RTsxkiutxjj8Pl5YuoETkxQNWEbGKd2Y99E0kTV9fL67g+YeGjeVFXErraeB/+jBVpjitK3lSHxlpxZLWckZ0G6A7NAFNagY9cORCFlLb+egyKb44xu8vBt4V5eA==,iv:yG06oluENc038cm5A9tpmSQtaGjd6nYDi/FnBd3A8Rk=,tag:ky6bCsYLOZmWObHnJ816Zw==,type:str]
|
nordicsemi-config: ENC[AES256_GCM,data:ziuM41RTsxkiutxjj8Pl5YuoETkxQNWEbGKd2Y99E0kTV9fL67g+YeGjeVFXErraeB/+jBVpjitK3lSHxlpxZLWckZ0G6A7NAFNagY9cORCFlLb+egyKb44xu8vBt4V5eA==,iv:yG06oluENc038cm5A9tpmSQtaGjd6nYDi/FnBd3A8Rk=,tag:ky6bCsYLOZmWObHnJ816Zw==,type:str]
|
||||||
nordicsemi-maintenance-repos-config: ENC[AES256_GCM,data:oZ5hgpJj6ENM4S360Zo7SKGbZCDlBZ2NMJ/xRw7MUUvrFcvNSmhSf+WjjJbh+IXr2J82g92guI4Gw/1sOwyfmDfTo0cmKAGY1ZXIjHgSfpdufyl+sGWhpVG+fxmcqQTuiWYkCdLE3Rr+JoTCQ9f8N54uYJHU9X3MeFyrZjaPQA6tFDT8EIq35HifptN1uFEQyKxwaN9iKRyFEI3C9i6mvLYW6XuYYK+oirPgCecaMB3aVZotsMcLnO9C51N2hKKGdkx/JT/jqqAJ4IYUExDNTnBxvgKCrEldaqRGqi9F/3iPVuNSKCUG0uefG3010OhiwnU8WrXblw9jHSHkZ5crIhC2S/y9fzvA+ZuJUctan+GuoIG7VbqdLy0Jz2FXGDs6qNQX6/I0Eud7ajvIHAz+Zp/lVF8U91BwzY2dXLdEKK+KRHtT5gXWXPQHO3HEBlYjxVsMf0V/1WGuUeAQMu46q7YRuRuwuBNVFj2QkRKJo8TX8vXeWrdpzR6qQ4RynioUmI+GLZY=,iv:1wEwje63Ui6aKVq0yNtVsODmWe0kYkBt3pbp/RKqr/s=,tag:Ujhi6tRNphbPtFUL5m8jpw==,type:str]
|
nordicsemi-maintenance-repos-config: ENC[AES256_GCM,data:oZ5hgpJj6ENM4S360Zo7SKGbZCDlBZ2NMJ/xRw7MUUvrFcvNSmhSf+WjjJbh+IXr2J82g92guI4Gw/1sOwyfmDfTo0cmKAGY1ZXIjHgSfpdufyl+sGWhpVG+fxmcqQTuiWYkCdLE3Rr+JoTCQ9f8N54uYJHU9X3MeFyrZjaPQA6tFDT8EIq35HifptN1uFEQyKxwaN9iKRyFEI3C9i6mvLYW6XuYYK+oirPgCecaMB3aVZotsMcLnO9C51N2hKKGdkx/JT/jqqAJ4IYUExDNTnBxvgKCrEldaqRGqi9F/3iPVuNSKCUG0uefG3010OhiwnU8WrXblw9jHSHkZ5crIhC2S/y9fzvA+ZuJUctan+GuoIG7VbqdLy0Jz2FXGDs6qNQX6/I0Eud7ajvIHAz+Zp/lVF8U91BwzY2dXLdEKK+KRHtT5gXWXPQHO3HEBlYjxVsMf0V/1WGuUeAQMu46q7YRuRuwuBNVFj2QkRKJo8TX8vXeWrdpzR6qQ4RynioUmI+GLZY=,iv:1wEwje63Ui6aKVq0yNtVsODmWe0kYkBt3pbp/RKqr/s=,tag:Ujhi6tRNphbPtFUL5m8jpw==,type:str]
|
||||||
nordicsemi:
|
|
||||||
envvars: ENC[AES256_GCM,data:6vx077unPWt6WRy0oZKC3qpVA8BKigYDdhsZ2rmLYFtzW//01CrRgXX420UB,iv:e2hJuRj4A8ZBGG0j2YINdvM3IXzpCnJK0Sm5AXhOTZM=,tag:9SdpNIFSiLhI073dk3cC5g==,type:str]
|
|
||||||
ssh:
|
ssh:
|
||||||
secret-config: ""
|
secret-config: ""
|
||||||
sops:
|
sops:
|
||||||
|
@ -20,8 +18,8 @@ sops:
|
||||||
QllyaVlIVEVrSlJDZzlwdFpoRlg3bmsKYBGLYmsfFu6GuRUPGsS0+vkUv1QzJXZl
|
QllyaVlIVEVrSlJDZzlwdFpoRlg3bmsKYBGLYmsfFu6GuRUPGsS0+vkUv1QzJXZl
|
||||||
D9CFcRQw0Xzti0DvDj7cWrCJ32F1eYRp/9LWyG1CEjfoNEKyUJZ2qQ==
|
D9CFcRQw0Xzti0DvDj7cWrCJ32F1eYRp/9LWyG1CEjfoNEKyUJZ2qQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-07T23:05:27Z"
|
lastmodified: "2024-08-05T07:31:00Z"
|
||||||
mac: ENC[AES256_GCM,data:0EgnvPIiDHfE6YYVISwMdYycXUXRkvJLpi5llNF5HMCUMQNFIPemb4OkPbcZhP0HkZCRQC6pFhTXWMU9NbxpTmDWHV0+pNrlkX4PiRKjCJ7Yqq9dNkJzCfq7091ZYYCH9UrgKIyi6+/6jGANI1sq+QuEyZFVPYMnaeSVo+ntqVE=,iv:pJogp+pCfkDaTGh/Qy+GDcELw35Q4Sa8iMKU4JfGCRk=,tag:JGpN4HymcHpJS47fGx6cjg==,type:str]
|
mac: ENC[AES256_GCM,data:eD+cXSj7xvIY9hyXTwCmV/HJNR1SInXYp0yKCtFTuBzXL5u1nwi0hbN6iHe7xi5otlrddGCwYAIjogAQrE01Y06Y7+ZSdpQNPadz16q4sDa5z71pbzXy/vCZdTlcFL3MMWMhwVmLZtjJO90gQ1iWd1wza12JmbO3KqkFLIuKwnQ=,iv:Qr9k/J+ZU09KruDwrJGaj+5PR0Kv+Gu7zcgDhF/KLOY=,tag:DfspqZZSKTmEOXH2NuVo5Q==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-07-08T12:27:24Z"
|
- created_at: "2024-07-08T12:27:24Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in New Issue