Compare commits

..

1 Commits

Author SHA1 Message Date
7388e3635f
WIP 2024-08-16 12:37:58 +02:00
128 changed files with 1219 additions and 3092 deletions

View File

@ -4,7 +4,6 @@ keys:
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc - &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
- &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c - &host_dosei age179y7apa80p9unvyjtsphpzyhve90ex986vlxkx43xt9n6m7en3csqnug7c
- &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a - &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
- &host_xps16 age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm
- &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau - &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
creation_rules: creation_rules:
@ -17,7 +16,6 @@ creation_rules:
- *host_kasei - *host_kasei
- *host_dosei - *host_dosei
- *host_europa - *host_europa
- *host_xps16
- *home - *home
- path_regex: secrets/home.yaml - path_regex: secrets/home.yaml
@ -27,13 +25,6 @@ creation_rules:
age: age:
- *home - *home
- path_regex: secrets/xps16.yaml
key_groups:
- pgp:
- *gpg_h7x4
age:
- *host_xps16
- path_regex: secrets/kasei.yaml - path_regex: secrets/kasei.yaml
key_groups: key_groups:
- pgp: - pgp:

View File

@ -1,6 +1,5 @@
[![built with nix](https://builtwithnix.org/badge.svg)](https://builtwithnix.org) [![built with nix](https://builtwithnix.org/badge.svg)](https://builtwithnix.org)
# Nix Dotfiles # Nix Dotfiles
These are my dotfiles for several nix machines. These are my dotfiles for several nix machines.
@ -17,7 +16,6 @@ Here are some of the interesting files and dirs:
| `/secrets` | Encrypted [sops-nix][sops-nix] secrets. | | `/secrets` | Encrypted [sops-nix][sops-nix] secrets. |
| `flake.nix` | The root of everyting. Defines the inputs and outputs of the project. Also applies misc overlays and adds config-wide modules. See [Nix Flakes][nix-flakes] for more information. | | `flake.nix` | The root of everyting. Defines the inputs and outputs of the project. Also applies misc overlays and adds config-wide modules. See [Nix Flakes][nix-flakes] for more information. |
## Hosts ## Hosts
| Host | Machine type | Purpose | | Host | Machine type | Purpose |
@ -27,7 +25,6 @@ Here are some of the interesting files and dirs:
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. | | `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. | | `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |
## home-manager configuration ## home-manager configuration
| Path | Purpose | | Path | Purpose |
@ -39,28 +36,6 @@ Here are some of the interesting files and dirs:
| `/home/services` | Configuration for services/daemons that are user-specific. | | `/home/services` | Configuration for services/daemons that are user-specific. |
| `/home/shell.nix` | Shell-agnostic configuration. This includes aliases, envvars, functions, etc. | | `/home/shell.nix` | Shell-agnostic configuration. This includes aliases, envvars, functions, etc. |
## Some useful long commands
Build configuration without switching:
```
nix build .#nixosConfigurations.tsuki.config.system.build.toplevel -L
```
Check why configuration depends on package:
```
NIXPKGS_ALLOW_INSECURE=1 nix why-depends .#nixosConfigurations.tsuki.config.system.build.toplevel .#pkgs.suspiciousPackage
```
Re-encrypt sops secrets with new key:
```
sops updatekeys secrets/hosts/file.yml
```
[home-manager]: https://github.com/nix-community/home-manager [home-manager]: https://github.com/nix-community/home-manager
[nixos-search]: https://search.nixos.org/options [nixos-search]: https://search.nixos.org/options
[sops-nix]: https://github.com/Mic92/sops-nix [sops-nix]: https://github.com/Mic92/sops-nix

208
flake.lock generated
View File

@ -1,28 +1,5 @@
{ {
"nodes": { "nodes": {
"anyrun": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1733604390,
"narHash": "sha256-i1V+K46e0OSu3T9q2QsZ3GqpIrSIZx39sRpfcDPa6wU=",
"ref": "plugins-application-preprocess-exec",
"rev": "f9ef5665febcabd03ad2f0ce561c79974194a953",
"revCount": 197,
"type": "git",
"url": "https://git.pvv.ntnu.no/oysteikt/anyrun"
},
"original": {
"ref": "plugins-application-preprocess-exec",
"type": "git",
"url": "https://git.pvv.ntnu.no/oysteikt/anyrun"
}
},
"dotfiles": { "dotfiles": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -56,30 +33,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"anyrun",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -97,7 +53,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -113,6 +69,19 @@
"type": "github" "type": "github"
} }
}, },
"fonts": {
"flake": false,
"locked": {
"lastModified": 1668957008,
"narHash": "sha256-er2eUfNSG9qdBh0JvtxtftQjFfTFjRqqD8dnk5nZ1qw=",
"path": "/home/h7x4/git/fonts",
"type": "path"
},
"original": {
"path": "/home/h7x4/git/fonts",
"type": "path"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -120,20 +89,40 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734366194, "lastModified": 1718530513,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"home-manager-local": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1719170506,
"narHash": "sha256-AROqng7/S3mTByq8DBVR6r0iW1yZH+otJkqOwLHvELE=",
"ref": "refs/heads/fix-stalonetrayrc-path",
"rev": "0e5656163c2f9ac6e2cc4de3b44beb7a137abbe6",
"revCount": 3588,
"type": "git",
"url": "file:///home/h7x4/git/home-manager"
},
"original": {
"type": "git",
"url": "file:///home/h7x4/git/home-manager"
}
},
"matrix-synapse-next": { "matrix-synapse-next": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -202,11 +191,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734832422, "lastModified": 1719278718,
"narHash": "sha256-Ot9HidtOWkKIX65o5KH6GrnQ3CefYLJx0nk0G99BTk8=", "narHash": "sha256-gWQb4P9CZgKzTn4F4eWMYeUv2AQOXFlcFmFXh2apoyA=",
"owner": "infinidoge", "owner": "infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "bab1c34f0a1009b516c4cc3b30d663db43d993ce", "rev": "b6ff85f3b416a700ac35e33c214d7c9f4fe071fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -215,53 +204,52 @@
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": {
"locked": {
"lastModified": 1734862644,
"narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1734737257, "lastModified": 1719145550,
"narHash": "sha256-GIMyMt1pkkoXdCq9un859bX6YQZ/iYtukb9R5luazLM=", "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1c6e20d41d6a9c1d737945962160e8571df55daa", "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1734906031, "lastModified": 1719099622,
"narHash": "sha256-/x8rO3cpVyD/iw/vxIrpOy9wvq1GJSRIU/A+OhWptwc=", "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "31942f20f4625ec1c7371a338527e75d3ab0c926", "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "master", "ref": "release-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1719254875,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"osuchan": { "osuchan": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -269,11 +257,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684092181, "lastModified": 1672838459,
"narHash": "sha256-Oi6G8Jx2RkEMi3UndtAnZw61hfgKGEe7l/ILdB9ump4=", "narHash": "sha256-SIXzj9fbSvr/jfhhil+0cS7I6KONijdH80PFGxJi+CA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "028ed8774d1cf4650fc15253146cf14451eb608c", "rev": "392fb541ce39f1f52908eee336d5ed409cd798ed",
"revCount": 43, "revCount": 42,
"type": "git", "type": "git",
"url": "file:///home/h7x4/git/osuchan-line-bot" "url": "file:///home/h7x4/git/osuchan-line-bot"
}, },
@ -284,32 +272,53 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"anyrun": "anyrun",
"dotfiles": "dotfiles", "dotfiles": "dotfiles",
"fonts": "fonts",
"home-manager": "home-manager", "home-manager": "home-manager",
"home-manager-local": "home-manager-local",
"matrix-synapse-next": "matrix-synapse-next", "matrix-synapse-next": "matrix-synapse-next",
"maunium-stickerpicker": "maunium-stickerpicker", "maunium-stickerpicker": "maunium-stickerpicker",
"minecraft": "minecraft", "minecraft": "minecraft",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"osuchan": "osuchan", "osuchan": "osuchan",
"secrets": "secrets",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"vscode-server": "vscode-server" "vscode-server": "vscode-server"
} }
}, },
"sops-nix": { "secrets": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1734546875, "dirtyRev": "1d1e3c1a3293e22be504749eb92ac3b050cd8622-dirty",
"narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "dirtyShortRev": "1d1e3c1-dirty",
"lastModified": 1683506783,
"narHash": "sha256-iwnpd6v4tKXFDTRomzJxwYPr2mm2JR9DCCnkqsofX5c=",
"type": "git",
"url": "file:///home/h7x4/git/nix-secrets"
},
"original": {
"type": "git",
"url": "file:///home/h7x4/git/nix-secrets"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1719268571,
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -319,21 +328,6 @@
} }
}, },
"systems": { "systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -348,7 +342,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": { "systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -371,11 +365,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729422940, "lastModified": 1713958148,
"narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=", "narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-vscode-server", "repo": "nixos-vscode-server",
"rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f", "rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc",
"type": "github" "type": "github"
}, },
"original": { "original": {

123
flake.nix
View File

@ -1,16 +1,13 @@
{ {
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-24.11"; nixpkgs.url = "nixpkgs/nixos-24.05";
# nixpkgs-unstable.url = "nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.11"; url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
dotfiles = { dotfiles = {
url = "git+https://git.pvv.ntnu.no/oysteikt/dotfiles?ref=master"; url = "git+https://git.pvv.ntnu.no/oysteikt/dotfiles?ref=master";
flake = false; flake = false;
@ -53,8 +50,18 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
anyrun = { ra-multiplex = {
url = "git+https://git.pvv.ntnu.no/oysteikt/anyrun?ref=plugins-application-preprocess-exec"; url = "github:pr2502/ra-multiplex";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix expressions and keys (TODO: move keys to another solution like agenix)
# which should be kept from the main repo for privacy reasons.
#
# Includes stuff like usernames, emails, ports, other server users, ssh hosts, etc.
secrets = {
# TODO: Push this to a remote.
url = "git+file:///home/h7x4/git/nix-secrets";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@ -64,16 +71,16 @@
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
home-manager, home-manager,
nixos-hardware,
dotfiles, dotfiles,
matrix-synapse-next, matrix-synapse-next,
maunium-stickerpicker, maunium-stickerpicker,
minecraft, minecraft,
osuchan, osuchan,
secrets,
sops-nix, sops-nix,
vscode-server, vscode-server,
anyrun, ra-multiplex
# website # website
}: let }: let
system = "x86_64-linux"; system = "x86_64-linux";
@ -86,10 +93,7 @@
android_sdk.accept_license = true; android_sdk.accept_license = true;
segger-jlink.acceptLicense = true; segger-jlink.acceptLicense = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
"segger-jlink-qt4-796s" "segger-jlink-qt4-794l"
"dotnet-core-combined"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
]; ];
}; };
@ -97,37 +101,26 @@
nonrecursive-unstable-pkgs = import nixpkgs-unstable { nonrecursive-unstable-pkgs = import nixpkgs-unstable {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
config.segger-jlink.acceptLicense = true;
config.permittedInsecurePackages = [
"segger-jlink-qt4-796s"
];
}; };
in [ in [
(import ./overlays/wayland-ime-integration.nix) (self: super: {
inherit (nonrecursive-unstable-pkgs) atuin wstunnel;
})
(final: prev: { (self: super: {
mpd = prev.mpd.overrideAttrs (prev': { ra-multiplex = ra-multiplex.packages.${system}.default;
version = "v0.23.16-unstable"; })
src = final.fetchFromGitHub {
owner = "MusicPlayerDaemon";
repo = "MPD";
rev = "b6e187efd8520ca9e3541e630559246c893cc304";
hash = "sha256-EGpBiH/Sp7xgcSpj/zKgFqDfjdr2djveC+qV57imr3E=";
};
postPatch = prev'.postPatch + '' # https://github.com/NixOS/nixpkgs/pull/251706
substituteInPlace src/lib/yajl/Handle.hxx \ (self: super: {
--replace-fail '<yajl_parse.h>' '<yajl/yajl_parse.h>' mozc = self.qt6Packages.callPackage ./package-overrides/mozc.nix { };
substituteInPlace src/lib/yajl/Callbacks.hxx \ fcitx5-mozc = self.callPackage ./package-overrides/fcitx5-mozc.nix { };
--replace-fail '<yajl_parse.h>' '<yajl/yajl_parse.h>' })
substituteInPlace src/lib/yajl/Gen.hxx \
--replace-fail '<yajl_gen.h>' '<yajl/yajl_gen.h>'
'';
nativeBuildInputs = prev'.nativeBuildInputs ++ [ (self: super: {
final.python3Packages.sphinx-rtd-theme mpv-unwrapped = super.mpv-unwrapped.override {
]; ffmpeg = super.ffmpeg_6-full;
}); };
}) })
]; ];
}; };
@ -139,7 +132,9 @@
inherit pkgs; inherit pkgs;
inputs = pkgs.lib.mapAttrs (_: src: src.outPath) inputs; packages.${system} = {
inherit (pkgs) kanidm pcloud;
};
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [ sops ]; packages = with pkgs; [ sops ];
@ -182,6 +177,7 @@
inherit inputs; inherit inputs;
inherit unstable-pkgs; inherit unstable-pkgs;
inherit (self) extendedLib; inherit (self) extendedLib;
secrets = secrets.outputs.settings;
} // (extraConfig.specialArgs or { }); } // (extraConfig.specialArgs or { });
modules = [ modules = [
@ -193,6 +189,7 @@
./modules/machineVars.nix ./modules/machineVars.nix
./modules/socketActivation.nix ./modules/socketActivation.nix
secrets.outputs.nixos-config
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
({ config, ... }: ({ config, ... }:
@ -201,14 +198,13 @@
useGlobalPkgs = true; useGlobalPkgs = true;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs; inherit inputs;
inherit unstable-pkgs;
inherit (self) extendedLib; inherit (self) extendedLib;
inherit (config) machineVars; inherit (config) machineVars;
secrets = secrets.outputs.settings;
}; };
sharedModules = [ sharedModules = [
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
inputs.anyrun.homeManagerModules.default
]; ];
users.h7x4.imports = [ users.h7x4.imports = [
@ -225,44 +221,9 @@
"specialArgs" "specialArgs"
])); ]));
in { in {
dosei = nixSys "dosei" { dosei = nixSys "dosei" { };
modules = [ kasei = nixSys "kasei" { };
{ europa = nixSys "europa" { };
home-manager.users.h7x4.home.uid = 1001;
}
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
];
};
kasei = nixSys "kasei" {
modules = [
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-cpu-amd-pstate
nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
];
};
xps16 = nixSys "xps16" {
modules = [
nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
];
};
europa = nixSys "europa" {
modules = [
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
];
};
tsuki = nixSys "tsuki" { tsuki = nixSys "tsuki" {
modules = [ modules = [
matrix-synapse-next.nixosModules.default matrix-synapse-next.nixosModules.default

View File

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, ... }:
{ {
imports = [ imports = [
./mimetypes.nix ./mimetypes.nix
@ -8,14 +8,14 @@
enable = true; enable = true;
userDirs = { userDirs = {
enable = true; enable = true;
desktop = lib.mkDefault "${config.home.homeDirectory}/Desktop"; desktop = "${config.home.homeDirectory}/Desktop";
documents = lib.mkDefault "${config.home.homeDirectory}/documents"; documents = "${config.home.homeDirectory}/documents";
download = lib.mkDefault "${config.home.homeDirectory}/Downloads"; download = "${config.home.homeDirectory}/Downloads";
music = lib.mkDefault "${config.home.homeDirectory}/music"; music = "${config.home.homeDirectory}/music";
pictures = lib.mkDefault "${config.home.homeDirectory}/pictures"; pictures = "${config.home.homeDirectory}/pictures";
publicShare = lib.mkDefault "${config.home.homeDirectory}/public"; publicShare = "${config.home.homeDirectory}/public";
templates = lib.mkDefault "${config.home.homeDirectory}/templates"; templates = "${config.home.homeDirectory}/templates";
videos = lib.mkDefault "${config.home.homeDirectory}/videos"; videos = "${config.home.homeDirectory}/videos";
}; };
}; };
} }

View File

@ -4,7 +4,6 @@
home.sessionVariables = let home.sessionVariables = let
inherit (config.xdg) dataHome cacheHome configHome userDirs; inherit (config.xdg) dataHome cacheHome configHome userDirs;
runtimeDir = "/run/user/${toString config.home.uid}";
in { in {
TEXMFHOME = "${dataHome}/texmf"; TEXMFHOME = "${dataHome}/texmf";
TEXMFVAR = "${cacheHome}/texlive"; TEXMFVAR = "${cacheHome}/texlive";
@ -19,12 +18,8 @@
GHCUP_USE_XDG_DIRS = "true"; GHCUP_USE_XDG_DIRS = "true";
__GL_SHADER_DISK_CACHE_PATH = "${cacheHome}/nv";
ANDROID_USER_HOME = "${dataHome}/android"; ANDROID_USER_HOME = "${dataHome}/android";
AZURE_CONFIG_DIR = "${dataHome}/azure"; AZURE_CONFIG_DIR = "${dataHome}/azure";
BZRPATH = "${configHome}/bazaar";
BZR_PLUGIN_PATH = "${dataHome}/bazaar";
BZR_HOME = "${cacheHome}/bazaar";
CARGO_HOME = "${dataHome}/cargo"; CARGO_HOME = "${dataHome}/cargo";
CUDA_CACHE_PATH = "${cacheHome}/nv"; CUDA_CACHE_PATH = "${cacheHome}/nv";
DOCKER_CONFIG = "${configHome}/docker"; DOCKER_CONFIG = "${configHome}/docker";
@ -37,9 +32,6 @@
ICEAUTHORITY = "${cacheHome}/ICEauthority"; ICEAUTHORITY = "${cacheHome}/ICEauthority";
NIMBLE_DIR = "${dataHome}/nimble"; NIMBLE_DIR = "${dataHome}/nimble";
NLTK_DATA = "${dataHome}/nltk_data"; NLTK_DATA = "${dataHome}/nltk_data";
NPM_CONFIG_CACHE="${cacheHome}/npm";
NPM_CONFIG_INIT_MODULE="${configHome}/npm/config/npm-init.js";
NPM_CONFIG_TMP="${runtimeDir}/npm";
NRFUTIL_HOME = "${dataHome}/nrfutil"; NRFUTIL_HOME = "${dataHome}/nrfutil";
NUGET_PACKAGES = "${cacheHome}/nuget-packages"; NUGET_PACKAGES = "${cacheHome}/nuget-packages";
PARALLEL_HOME = "${configHome}/parallel"; PARALLEL_HOME = "${configHome}/parallel";

View File

@ -95,7 +95,7 @@ let
vscode = "code.desktop"; vscode = "code.desktop";
mpv = "mpv.desktop"; mpv = "mpv.desktop";
zathura = "org.pwmt.zathura.desktop"; zathura = "org.pwmt.zathura.desktop";
nsxiv = "nsxiv.desktop"; sxiv = "sxiv.desktop";
font-viewer = "org.gnome.font-viewer.desktop"; font-viewer = "org.gnome.font-viewer.desktop";
in { in {
xdg.configFile."mimeapps.list".force = true; xdg.configFile."mimeapps.list".force = true;
@ -104,7 +104,7 @@ in {
# associations.added = {}; # associations.added = {};
# associations.removed = {}; # associations.removed = {};
defaultApplications = defaultApplications =
(lib.mapAttrs' (_: v: lib.nameValuePair v nsxiv) mime.image) (lib.mapAttrs' (_: v: lib.nameValuePair v sxiv) mime.image)
// (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio) // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio)
// (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video) // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video)
// (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font) // (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font)

View File

@ -8,36 +8,19 @@ in {
./config/xdg ./config/xdg
./programs/aria2.nix
./programs/atuin.nix ./programs/atuin.nix
./programs/bash.nix
./programs/bat.nix
./programs/beets.nix
./programs/bottom.nix
./programs/comma.nix ./programs/comma.nix
./programs/direnv ./programs/direnv
./programs/eza.nix
./programs/fzf.nix
./programs/gdb.nix ./programs/gdb.nix
./programs/gh-dash.nix
./programs/gh.nix ./programs/gh.nix
./programs/git ./programs/git
./programs/gpg ./programs/gpg
./programs/home-manager.nix
./programs/jq.nix
./programs/less.nix ./programs/less.nix
./programs/man.nix
./programs/neovim ./programs/neovim
./programs/nix-index ./programs/nix-index
./programs/pandoc.nix
./programs/ripgrep.nix
./programs/ssh ./programs/ssh
./programs/tealdeer ./programs/tealdeer
./programs/texlive.nix ./programs/tmux.nix
./programs/thunderbird.nix
./programs/tmux
./programs/yt-dlp.nix
./programs/zoxide.nix
./programs/zsh ./programs/zsh
./services/nix-channel-update.nix ./services/nix-channel-update.nix
@ -45,48 +28,35 @@ in {
./modules/colors.nix ./modules/colors.nix
./modules/shellAliases.nix ./modules/shellAliases.nix
./modules/uidGid.nix ] ++ optionals graphics [
] ++ (optionals graphics [
./config/gtk.nix ./config/gtk.nix
./programs/alacritty.nix ./programs/alacritty.nix
./programs/emacs ./programs/emacs
./programs/feh.nix
./programs/firefox.nix ./programs/firefox.nix
./programs/mpv.nix
./programs/ncmpcpp.nix ./programs/ncmpcpp.nix
./programs/newsboat ./programs/newsboat
./programs/obs-studio.nix
./programs/qutebrowser.nix ./programs/qutebrowser.nix
./programs/rofi.nix ./programs/rofi.nix
./programs/taskwarrior.nix ./programs/taskwarrior.nix
./programs/vscode ./programs/vscode
# ./programs/xmobar
./programs/xmonad
./programs/zathura.nix ./programs/zathura.nix
./programs/zed ./programs/zed
./services/copyq.nix ./services/copyq.nix
./services/dunst.nix ./services/dunst.nix
./services/fcitx5.nix ./services/fcitx5.nix
./services/gnome-keyring.nix
./services/keybase.nix
./services/mpd.nix ./services/mpd.nix
./services/network-manager.nix
./services/psd.nix
./services/tumblerd.nix
]) ++ (optionals machineVars.wayland [
./programs/hyprland.nix
./programs/waybar.nix
./programs/anyrun
]) ++ (optionals (!machineVars.wayland) [
./programs/xmonad
# ./programs/xmobar
./services/picom.nix ./services/picom.nix
./services/polybar.nix ./services/polybar.nix
./services/ra-multiplex.nix
./services/screen-locker.nix ./services/screen-locker.nix
# ./services/stalonetray.nix # ./services/stalonetray.nix
./services/sxhkd.nix ./services/sxhkd.nix
]); ./services/tumblerd.nix
];
sops.defaultSopsFile = ../secrets/home.yaml; sops.defaultSopsFile = ../secrets/home.yaml;
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519_home_sops" ]; sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519_home_sops" ];
@ -127,23 +97,9 @@ in {
sessionVariables = { sessionVariables = {
CARGO_NET_GIT_FETCH_WITH_CLI = "true"; CARGO_NET_GIT_FETCH_WITH_CLI = "true";
PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc"; PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
_JAVA_AWT_WM_NONREPARENTING = "1";
}; };
}; };
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
xsession = {
enable = !machineVars.wayland;
# TODO: declare using xdg config home
scriptPath = ".config/X11/xsession";
profilePath = ".config/X11/xprofile";
};
xdg.configFile = { xdg.configFile = {
"ghc/ghci.conf".text = '' "ghc/ghci.conf".text = ''
:set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} " :set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} "
@ -164,6 +120,51 @@ in {
fonts.fontconfig.enable = mkForce true; fonts.fontconfig.enable = mkForce true;
programs = {
home-manager.enable = true;
bash = {
enable = true;
historyFile = "${config.xdg.dataHome}/bash_history";
historySize = 100000;
bashrcExtra = ''
source "${config.xdg.configHome}/mutable_env.sh"
'';
};
bat.enable = true;
bottom = {
enable = true;
settings.flags.enable_gpu = true;
};
eza.enable = true;
feh.enable = mkIf graphics true;
fzf = {
enable = true;
defaultCommand = "fd --type f";
};
man = {
enable = true;
generateCaches = true;
};
mpv.enable = mkIf graphics true;
obs-studio.enable = mkIf graphics true;
ssh = {
enable = true;
includes = [ "mutable_config" ];
};
texlive = {
enable = true;
# packageSet = pkgs.texlive.combined.scheme-medium;
};
zoxide.enable = true;
};
services = {
gnome-keyring.enable = mkIf graphics true;
network-manager-applet.enable = mkIf graphics true;
};
manual = { manual = {
html.enable = true; html.enable = true;
manpages.enable = true; manpages.enable = true;
@ -172,7 +173,10 @@ in {
qt = mkIf graphics { qt = mkIf graphics {
enable = true; enable = true;
platformTheme.name = "adwaita"; platformTheme.name = "gtk";
style.name = "adwaita-dark"; style = {
name = "adwaita-dark";
package = pkgs.adwaita-qt;
};
}; };
} }

View File

@ -1,13 +0,0 @@
{ lib, ... }:
{
options.home = {
uid = lib.mkOption {
default = 1000;
type = lib.types.ints.between 0 60000;
};
gid = lib.mkOption {
default = 1000;
type = lib.types.ints.between 0 60000;
};
};
}

View File

@ -1,28 +1,29 @@
{ pkgs, config, machineVars, ... }: { pkgs, config, machineVars, ... }:
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
beets
binutils binutils
cloc cloc
cyme cyme
czkawka czkawka
delta
diskonaut diskonaut
duf duf
duff duff
ffmpeg ffmpeg
file file
gh-dash
glances glances
gpauth
gpclient
gpg-tui gpg-tui
gping gping
graphviz graphviz
hexyl
httpie httpie
imagemagick imagemagick
jq
kepubify kepubify
# keybase
keymapviz keymapviz
libwebp libwebp
lnav
lolcat lolcat
mdcat mdcat
mediainfo mediainfo
@ -32,6 +33,7 @@
mtr mtr
neofetch neofetch
nix-diff nix-diff
nix-index
nix-output-monitor nix-output-monitor
nix-tree nix-tree
nix-update nix-update
@ -39,15 +41,17 @@
# nixops # nixops
nmap nmap
ouch ouch
pandoc
parallel parallel
progress progress
pwntools
python3 python3
rclone rclone
ripgrep
rsync rsync
# sc-im # sc-im
slack-term slack-term
tea tea
tealdeer
terminal-parrot terminal-parrot
termtosvg termtosvg
toilet toilet
@ -59,6 +63,7 @@
waifu2x-converter-cpp waifu2x-converter-cpp
wavemon wavemon
wiki-tui wiki-tui
yt-dlp
yubico-pam yubico-pam
yubikey-agent yubikey-agent
yubikey-manager yubikey-manager
@ -77,18 +82,17 @@
alsa-utils alsa-utils
anki anki
ark ark
birdtray
calibre calibre
cool-retro-term cool-retro-term
darktable darktable
discord discord
element-desktop element-desktop
geogebra geogebra
ghidra
gimp gimp
gnome-font-viewer gnome.gnome-font-viewer
seahorse gnome.seahorse
google-chrome google-chrome
imhex
inkscape inkscape
insomnia insomnia
iwgtk iwgtk
@ -99,14 +103,12 @@
libnotify libnotify
libreoffice libreoffice
light light
mission-center
mopidy mopidy
mopidy-mpd mopidy-mpd
mopidy-soundcloud mopidy-soundcloud
mopidy-youtube mopidy-youtube
mpc_cli mpc_cli
naps2 naps2
nsxiv
nyxt nyxt
obsidian obsidian
# pcloud # pcloud
@ -117,11 +119,13 @@
slack slack
# sublime3 # sublime3
# swiPrologWithGui # swiPrologWithGui
sxiv
tagainijisho tagainijisho
tenacity tenacity
thunderbird
# transcribe # transcribe
webcamoid wireshark
xcalib xcalib
xclip xclip
xdotool xdotool

View File

@ -43,9 +43,9 @@
duration = 20; duration = 20;
}; };
general.live_config_reload = true; live_config_reload = true;
terminal.shell = { shell = {
program = "${pkgs.zsh}/bin/zsh"; program = "${pkgs.zsh}/bin/zsh";
args = [ "--login" ]; args = [ "--login" ];
}; };

View File

@ -1,37 +0,0 @@
{ pkgs, lib, inputs, ... }:
{
programs.anyrun = {
enable = true;
config = {
y.fraction = 0.3;
width.fraction = 0.25;
plugins = [
inputs.anyrun.packages.${pkgs.system}.applications
];
hidePluginInfo = true;
closeOnClick = true;
showResultsImmediately = true;
};
extraCss = builtins.readFile (./. + "/style.css");
extraConfigFiles."applications.ron".text = let
preprocess_script = pkgs.writeShellApplication {
name = "anyrun-preprocess-application-exec";
runtimeInputs = [ ];
text = ''
shift # Remove term|no-term
echo "uwsm app -- $*"
'';
};
in ''
Config(
desktop_actions: false,
max_entries: 10,
preprocess_exec_script: Some("${lib.getExe preprocess_script}"),
terminal: Some("${lib.getExe pkgs.alacritty}"),
)
'';
};
}

View File

@ -1,48 +0,0 @@
* {
all: unset;
font-size: 1.2rem;
}
#window,
#match,
#entry,
#plugin,
#main {
background: transparent;
}
#match.activatable {
border-radius: 8px;
margin: 4px 0;
padding: 4px;
/* transition: 100ms ease-out; */
}
#match.activatable:first-child {
margin-top: 12px;
}
#match.activatable:last-child {
margin-bottom: 0;
}
#match:hover {
background: rgba(255, 255, 255, 0.05);
}
#match:selected {
background: rgba(255, 255, 255, 0.1);
}
#entry {
background: rgba(255, 255, 255, 0.05);
border: 1px solid rgba(255, 255, 255, 0.1);
border-radius: 8px;
padding: 4px 8px;
}
box#main {
background: rgba(0, 0, 0, 0.5);
box-shadow:
inset 0 0 0 1px rgba(255, 255, 255, 0.1),
0 30px 30px 15px rgba(0, 0, 0, 0.5);
border-radius: 20px;
padding: 12px;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.aria2.enable = true;
}

View File

@ -1,7 +1,9 @@
{ config, ... }: { config, ... }:
let let
cfg = config.programs.atuin; cfg = config.programs.atuin;
xdg_runtime_dir = "/run/user/${toString config.home.uid}";
# TODO: retrieve this in a more dynamic and correct manner
xdg_runtime_dir = "/run/user/1000";
in in
{ {
programs.atuin = { programs.atuin = {

View File

@ -1,11 +0,0 @@
{ config, ... }:
{
programs.bash = {
enable = true;
historyFile = "${config.xdg.dataHome}/bash_history";
historySize = 100000;
bashrcExtra = ''
source "${config.xdg.configHome}/mutable_env.sh"
'';
};
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.bat.enable = true;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.beets.enable = true;
}

View File

@ -1,7 +0,0 @@
{ ... }:
{
programs.bottom = {
enable = true;
settings.flags.enable_gpu = true;
};
}

View File

@ -9,7 +9,7 @@ in [
(link "GitHub" "http://github.com") (link "GitHub" "http://github.com")
(short "/u/" "danger/u/" "https://dangeru.us/") (short "/u/" "danger/u/" "https://dangeru.us/")
(link "PVV" "https://www.pvv.ntnu.no/") (link "PVV" "https://www.pvv.ntnu.no/")
(short "PVVM" "PVV Mail" "https://webmail.pvv.ntnu.no/roundcube/") (short "PVVM" "PVV Mail" "https://webmail2.pvv.ntnu.no/roundcube/")
(short "ΩV" "Omega Verksted" "https://omegav.no/") (short "ΩV" "Omega Verksted" "https://omegav.no/")
(dir "Nix" [ (dir "Nix" [
@ -31,34 +31,21 @@ in [
]) ])
(dir "CTF" [ (dir "CTF" [
(link "Revshells" "https://revshells.com/") (link "HackTheBox" "https://www.hackthebox.eu/")
(link "TryHackMe" "https://tryhackme.com/dashboard")
(link "OverTheWire" "https://overthewire.org/wargames/")
(link "NetGarage" "https://io.netgarage.org/")
(link "Exploit Education" "http://exploit.education/") (link "Exploit Education" "http://exploit.education/")
(link "Webhook" "https://webhook.site")
(link "CyberChef" "https://gchq.github.io/CyberChef/")
(link "Aperisolve" "https://www.aperisolve.com/")
(link "how2heap" "https://github.com/shellphish/how2heap")
(link "Heap Search" "https://kissprogramming.com/heap/heap-search")
(link "CrackStation" "https://crackstation.net/")
(link "FactorDB" "http://factordb.com/")
(link "Syscalls" "https://syscalls.w3challs.com/")
(link "DogBolt" "https://dogbolt.org/")
(link "HackTricks" "https://book.hacktricks.xyz/")
(dir "Practise" [
(link "S2G" "https://s2gctf.ncr.ntnu.no")
(link "Pico CTF" "https://play.picoctf.org/practice")
(link "Pwn college" "https://pwn.college/")
(link "HackTheBox" "https://www.hackthebox.eu")
(link "Crackmes" "https://crackmes.one")
(link "Nightmare" "https://guyinatuxedo.github.io/")
])
]) ])
(dir "Misc & Tools" [ (dir "Misc & Tools" [
(link "ASCIIFlow" "https://asciiflow.com/#/") (link "ASCIIFlow" "https://asciiflow.com/#/")
(link "CopyChar" "https://copychar.cc/") (link "CopyChar" "https://copychar.cc/")
(link "CyberChef" "https://gchq.github.io/CyberChef/")
(link "Device Info" "https://www.deviceinfo.me/") (link "Device Info" "https://www.deviceinfo.me/")
(link "Diagrams" "https://app.diagrams.net/") (link "Diagrams" "https://app.diagrams.net/")
(link "FakeMail" "http://www.fakemailgenerator.com/") (link "FakeMail" "http://www.fakemailgenerator.com/")
(link "FilePizza" "https://file.pizza/")
(link "IPLeak" "https://ipleak.net/") (link "IPLeak" "https://ipleak.net/")
(link "LaTeX" "https://www.codecogs.com/latex/eqneditor.php") (link "LaTeX" "https://www.codecogs.com/latex/eqneditor.php")
(link "ManualsLib" "https://www.manualslib.com/") (link "ManualsLib" "https://www.manualslib.com/")

View File

@ -8,7 +8,6 @@ in
Unit = { Unit = {
Description = "Prune unused allowed directories for direnv"; Description = "Prune unused allowed directories for direnv";
Documentation = [ "man:direnv(1)" ]; Documentation = [ "man:direnv(1)" ];
ConditionPathExists = "${config.xdg.dataHome}/direnv/allow";
}; };
Service = { Service = {

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.eza.enable = true;
}

View File

@ -1,4 +0,0 @@
{ machineVars, ... }:
{
programs.feh.enable = !machineVars.headless;
}

View File

@ -1,7 +0,0 @@
{ ... }:
{
programs.fzf = {
enable = true;
defaultCommand = "fd --type f";
};
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.gh-dash.enable = true;
}

View File

@ -4,7 +4,7 @@
enable = true; enable = true;
settings = { settings = {
gitProtocol = "ssh"; gitProtocol = "ssh";
pager = "${pkgs.bat}/bin/bat"; pager = "${pkgs.bat}/git/bat";
aliases = { aliases = {
co = "pr checkout"; co = "pr checkout";
pv = "pr view"; pv = "pr view";

View File

@ -48,71 +48,14 @@ in
aliases = { aliases = {
aliases = "!git config --get-regexp alias | sed -re 's/alias\\.(\\S*)\\s(.*)$/\\1 = \\2/g'"; aliases = "!git config --get-regexp alias | sed -re 's/alias\\.(\\S*)\\s(.*)$/\\1 = \\2/g'";
delete-merged = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d"; delete-merged = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d";
graph = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
graphv = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(bold yellow)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)' --all";
forcepush = "push --force-with-lease --force-if-includes"; forcepush = "push --force-with-lease --force-if-includes";
authors = "shortlog --summary --numbered --email"; authors = "shortlog --summary --numbered --email";
si = "switch-interactive"; si = "switch-interactive";
ff = "fixup-fixup";
fi = "fixup-interactive";
rf = "rebase-fixups";
pp = "post-pr";
subs = "submodule update --init --recursive";
rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\""; rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
git = "!git"; git = "!git";
} // (let };
c = c: s: "%C(${c})${s}%C(reset)";
in {
graph = let
fmt = lib.concatStringsSep "" [
" - "
(c "bold blue" "%h")
" - "
(c "bold green" "(%ar)")
" "
(c "white" "> %s")
" "
(c "dim white" "- %an")
(c "bold yellow" "%d")
];
in "log --graph --abbrev-commit --decorate --format=format:'${fmt}' --all";
graphv = let
fmt = lib.concatStringsSep "" [
(c "bold blue" "%h")
" - "
(c "bold cyan" "%aD")
" "
(c "bold green" "(%ar)")
(c "bold yellow" "%d")
"%n"
" "
(c "white" "%s")
" "
(c "dim white" "- %an")
];
in "log --graph --abbrev-commit --decorate --format=format:'${fmt}' --all";
l = let
fmt = lib.concatStringsSep "%n" (map (x: if builtins.isList x then lib.concatStringsSep " " x else x) [
[ (c "bold yellow" "%H") (c "auto" "%d") ]
[ (c "bold white" "Author:") (c "bold cyan" "%aN <%aE>") (c "bold green" "(%ah)") ]
[ (c "bold white" "Committer:") (c "bold cyan" "%cN <%cE>") (c "bold green" "(%ah)") ]
[ (c "bold white" "GPG: (%G?)") (c "bold magenta" "%GF") "-" (c "bold cyan" "%GS") (c "bold blue" "(%GT) ") ]
""
(c "bold white" "# %s")
"%+b"
(c "dim yellow" "%+N")
]);
# sedExpressions = let
# colorExpr = "\\x1B\\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]";
# colorEndExpr = "\\x1B\\[m";
# colored = x: "${colorExpr}${x}${colorEndExpr}";
# in lib.concatMapStringsSep " " (x: "-e '${x}'") [
# "s|${colored "GPG: \\(N\\)"} ${colored "F3CDA86CC55A9F10D7A069819F2F7D8250F35146"} - ${colored "h7x4 <h7x4@nani.wtf>"} ${colored "\\(ultimate\\)"}|GPG: h7x4|"
# "s|${colored "GPG: \\(N\\)"} ${colored ""} - ${colored ""} ${colored "\\(undefined\\)"}||"
# ];
in "log --decorate --format=tformat:'${fmt}'";
# in "!git log --color=always --format=format:'${fmt}' | sed -E ${sedExpressions} | $PAGER";
});
extraConfig = { extraConfig = {
core = { core = {
@ -185,8 +128,6 @@ in
submodule = "log"; submodule = "log";
}; };
pager.show = lib.getExe pkgs.bat;
status = { status = {
showUntrackedFiles = "all"; showUntrackedFiles = "all";
relativePaths = true; relativePaths = true;
@ -318,29 +259,6 @@ in
runtimeInputs = with pkgs; [ cfg.package coreutils ]; runtimeInputs = with pkgs; [ cfg.package coreutils ];
text = lib.fileContents ./scripts/git-tcommit.sh; text = lib.fileContents ./scripts/git-tcommit.sh;
}) })
(pkgs.writeShellApplication {
name = "git-tmcommit";
runtimeInputs = with pkgs; [ cfg.package coreutils ];
text = lib.pipe ./scripts/git-tcommit.sh [
lib.fileContents
(builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
];
})
(pkgs.writeShellApplication {
name = "git-fixup-fixup";
runtimeInputs = with pkgs; [ cfg.package ];
text = lib.fileContents ./scripts/git-fixup-fixup.sh;
})
(pkgs.writeShellApplication {
name = "git-rebase-fixups";
runtimeInputs = with pkgs; [ cfg.package gnused ];
text = lib.fileContents ./scripts/git-rebase-fixups.sh;
})
(pkgs.writeShellApplication {
name = "git-fixup-interactive";
runtimeInputs = with pkgs; [ cfg.package gnused gnugrep fzf ];
text = lib.fileContents ./scripts/git-fixup-interactive.sh;
})
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "git-switch-interactive"; name = "git-switch-interactive";
runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ]; runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];
@ -349,21 +267,6 @@ in
"SC2001" # (style): See if you can use ${variable//search/replace} instead. (sed invocation) "SC2001" # (style): See if you can use ${variable//search/replace} instead. (sed invocation)
]; ];
}) })
((pkgs.writers.writePython3Bin "git-post-pr" {
libraries = with pkgs.python3Packages; [
tkinter
];
flakeIgnore = [
"E501" # I like long lines grr
];
} (lib.fileContents ./scripts/git-post-pr.py)).overrideAttrs (_: {
postFixup = ''
wrapProgram $out/bin/git-post-pr \
--prefix PATH : ${lib.makeBinPath [
pkgs.github-cli
]}
'';
}))
pkgs.git-absorb pkgs.git-absorb
]; ];

View File

@ -1,14 +0,0 @@
if [ -n "${1:-}" ]; then
TARGET_COMMIT="$1"
shift
else
TARGET_COMMIT="HEAD"
fi
COMMIT_MESSAGE=$(git log -1 --pretty=format:'%s' "$TARGET_COMMIT")
if [[ $COMMIT_MESSAGE =~ ^fixup!* ]]; then
git commit -m "$COMMIT_MESSAGE" "$@"
else
git commit --fixup "$TARGET_COMMIT" "$@"
fi

View File

@ -1,18 +0,0 @@
if [ -n "${1:-}" ]; then
TARGET_BRANCH="$1"
shift
else
TARGET_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')
fi
FORK_POINT=$(git merge-base --fork-point "$TARGET_BRANCH")
COMMITS_SINCE_FORK_POINT=$(git log --format=format:'%s' "$FORK_POINT"..HEAD | grep -v -E '^fixup!')
RESULT=$(fzf <<<"$COMMITS_SINCE_FORK_POINT")
if [ "$RESULT" == "" ]; then
echo "Doing nothing..."
else
git commit -m "fixup! $RESULT" "$@"
fi

View File

@ -1,130 +0,0 @@
import argparse
import json
import subprocess
import tkinter
# TODO: add support for gitea, and maybe other git hosting options.
def parse_args() -> argparse.Namespace:
parser = argparse.ArgumentParser(
prog="post-pr",
description="Post links to PRs",
)
parser.add_argument("-n", "--no-clipboard", action="store_true", help="do not copy the message to the clipboard")
pr_id = parser.add_mutually_exclusive_group()
pr_id.add_argument("-c", "--current-branch", action="store_true", help="generate post for the PR for the current branch")
pr_id.add_argument("-l", "--latest", action="store_true", help="generate post for the latest PR for the current user")
pr_id.add_argument("pr_id", nargs="?", default=None, help="generate post for the PR with the given ID")
args = parser.parse_args()
if not any([args.current_branch, args.latest, args.pr_id,]):
args.current_branch = True
return args
def _gh(args: list[str]) -> str:
try:
return subprocess.check_output(["gh"] + args).decode("utf8")
except subprocess.CalledProcessError as e:
raise RuntimeError(f"GitHub CLI command failed: 'gh {' '.join(args)}'") from e
def _gh_retcode(args: list[str]) -> int:
return subprocess.run(["gh"] + args, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode
def ensure_gh_installed():
try:
if _gh_retcode(["--version"]) != 0:
raise RuntimeError("GitHub CLI (gh) is not installed, please install it")
except FileNotFoundError:
raise RuntimeError("GitHub CLI (gh) is not installed, please install it")
def ensure_gh_authenticated():
if _gh_retcode(["auth", "status"]) != 0:
raise RuntimeError("Failed to authenticate with GitHub, please run 'gh auth login'")
GH_PR_JSON_FIELDS = ",".join([
"additions",
"deletions",
"state",
"title",
"url",
])
def fetch_pr_data(current_branch: bool, latest: bool, pr_id: str | None) -> dict[str, any]:
if pr_id:
pr_data = _gh(["pr", "view", pr_id, "--json", GH_PR_JSON_FIELDS])
pr_data = json.loads(pr_data)
elif latest:
pr_list = _gh(["pr", "list", "--author", "@me", "--limit", "1", "--json", GH_PR_JSON_FIELDS])
pr_list = json.loads(pr_list)
if len(pr_list) == 0:
raise RuntimeError("Failed to find PR, are you sure you have any open PRs?")
pr_data = pr_list[0]
elif current_branch:
pr_data = _gh(["pr", "view", "--json", GH_PR_JSON_FIELDS])
pr_data = json.loads(pr_data)
return pr_data
def format_message(pr_data: dict[str, any]) -> str:
additions = pr_data["additions"]
deletions = pr_data["deletions"]
title = pr_data["title"]
pr_url = pr_data["url"]
pr_state = pr_data["state"]
state_html = f"({pr_state.lower()}) " if pr_state != "OPEN" else ""
additions_html = f"+{additions}" if additions > 0 else str(additions)
deletions_html = f"-{deletions}" if deletions > 0 else str(deletions)
return f"""{state_html}{pr_url} {title} [diff: {additions_html}/{deletions_html}]"""
def copy_to_clipboard(message: str):
r = tkinter.Tk()
r.withdraw()
r.clipboard_clear()
r.clipboard_append(message)
r.update()
r.destroy()
def main():
args = parse_args()
ensure_gh_installed()
ensure_gh_authenticated()
pr_data = fetch_pr_data(args.current_branch, args.latest, args.pr_id)
message = format_message(pr_data)
print("Message:\n")
print(f" {message}\n")
if not args.no_clipboard:
copy_to_clipboard(message)
print("Copied to clipboard")
if __name__ == "__main__":
try:
main()
except Exception as e:
print(f"Error: {e}")
exit(1)

View File

@ -1,10 +0,0 @@
if [ -n "${1:-}" ]; then
TARGET_BRANCH="$1"
shift
else
TARGET_BRANCH=$(git remote show origin | sed -n '/HEAD branch/s/.*: //p')
fi
FORK_POINT=$(git merge-base --fork-point "$TARGET_BRANCH")
git rebase "$FORK_POINT" --autosquash "$@"

View File

@ -1,10 +1,5 @@
set -euo pipefail set -euo pipefail
if [[ $# -lt 1 ]]; then
echo "Usage: git tcommit [-]<hours>"
exit 1
fi
HOUR_SHIFT="$1" HOUR_SHIFT="$1"
shift shift

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.home-manager.enable = true;
}

View File

@ -1,356 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.wayland.windowManager.hyprland;
in
{
home.sessionVariables = {
WLR_NO_HARDWARE_CURSORS = "1";
WLR_RENDERER_ALLOW_SOFTWARE = "1";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
GDK_BACKEND = "wayland,x11,*";
QT_QPA_PLATFORM = "wayland;xcb";
NIXOS_OZONE_WL = "1";
MOZ_ENABLE_WAYLAND = "1";
SDL_VIDEODRIVER = "wayland";
OZONE_PLATFORM = "wayland";
CLUTTER_BACKEND = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
# QT_QPA_PLATFORMTHEME = "qt6ct";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
# LIBVA_DRIVER_NAME = "nvidia";
# GBM_BACKEND = "nvidia-drm";
# __GLX_VENDOR_LIBRARY_NAME = "nvidia";
};
home.packages = with pkgs; [
wl-clipboard-rs
];
programs.hyprlock = {
enable = true;
settings = {
general = {
disable_loading_bar = true;
grace = 300;
hide_cursor = true;
no_fade_in = false;
};
background = [
{
path = "screenshot";
blur_passes = 3;
blur_size = 8;
}
];
input-field = [
{
size = "200, 50";
position = "0, -80";
monitor = "";
dots_center = true;
fade_on_empty = false;
font_color = "rgb(202, 211, 245)";
inner_color = "rgb(91, 96, 120)";
outer_color = "rgb(24, 25, 38)";
outline_thickness = 5;
placeholder_text = ''Password...'';
shadow_passes = 2;
}
];
};
};
services.hypridle = {
enable = true;
settings = {
general = {
ignore_dbus_inhibit = false;
lock_cmd = "pidof hyprlock || ${config.programs.hyprlock.package}/bin/hyprlock";
before_sleep_cmd = "${pkgs.systemd}/bin/loginctl lock-session";
after_sleep_cmd = "${cfg.finalPackage}/bin/hyprctl dispatch dpms on";
};
listener = [
{
timeout = 900;
on-timeout = "${config.programs.hyprlock.package}/bin/hyprlock";
}
{
timeout = 1200;
on-timeout = "${cfg.finalPackage}/bin/hyprctl dispatch dpms off";
on-resume = "${cfg.finalPackage}/bin/hyprctl dispatch dpms on";
}
];
};
};
wayland.windowManager.hyprland = {
enable = true;
systemd.enable = false;
systemd.enableXdgAutostart = false;
settings = let
exe = lib.getExe;
scratchpads = [
(rec {
title = "Floating terminal";
class = "floatingTerminal";
command = "uwsm app -- ${exe pkgs.alacritty} --class ${class} -e ${exe pkgs.tmux} new-session -A -s f";
size = { h = 90; w = 95; };
keys = [
"$mod, RETURN"
"$mod, SPACE"
];
})
(rec {
title = "Ncmpcpp";
class = "floatingNcmpcpp";
command = "uwsm app -- ${exe pkgs.alacritty} --class ${class} -e ${exe pkgs.ncmpcpp}";
size = { h = 95; w = 95; };
keys = [ "$mod, Q" ];
})
# "$mod, W, emacs"
# "$mod, E, filebrowser"
# "$mod, X, taskwarriortui"
];
in {
"$mod" = "SUPER";
# https://github.com/xkbcommon/libxkbcommon/blob/master/include/xkbcommon/xkbcommon-keysyms.h
bind = [
"$mod SHIFT, Q, exec, ${pkgs.systemd}/bin/loginctl terminate-user \"\""
"$mod ALT SHIFT, Q, exit"
"$mod, R, exec, uwsm app -- ${exe config.programs.anyrun.package}"
"$mod, T, togglefloating"
"$mod, F, fullscreenstate, 1"
"$mod SHIFT, F, fullscreenstate, 3"
"$mod, C, exec, ${cfg.finalPackage}/bin/hyprctl reload"
"$mod, BACKSPACE, killactive"
"$mod SHIFT, RETURN, exec, uwsm app -- ${exe pkgs.alacritty} --class termTerminal -e ${exe pkgs.tmux} new-session -A -s term"
"$mod SHIFT, SPACE, exec, uwsm app -- ${exe pkgs.alacritty} --class termTerminal -e ${exe pkgs.tmux} new-session -A -s term"
"$mod, j, layoutmsg,cyclenext"
"$mod, k, layoutmsg,cycleprev"
"$mod SHIFT, j, layoutmsg, swapnext"
"$mod SHIFT, k, layoutmsg, swapprev"
"$mod, 1, focusworkspaceoncurrentmonitor, 1"
"$mod, 2, focusworkspaceoncurrentmonitor, 2"
"$mod, 3, focusworkspaceoncurrentmonitor, 3"
"$mod, 4, focusworkspaceoncurrentmonitor, 4"
"$mod, 5, focusworkspaceoncurrentmonitor, 5"
"$mod, 6, focusworkspaceoncurrentmonitor, 6"
"$mod, 7, focusworkspaceoncurrentmonitor, 7"
"$mod, 8, focusworkspaceoncurrentmonitor, 8"
"$mod, 9, focusworkspaceoncurrentmonitor, 9"
"$mod SHIFT, 1, movetoworkspacesilent, 1"
"$mod SHIFT, 2, movetoworkspacesilent, 2"
"$mod SHIFT, 3, movetoworkspacesilent, 3"
"$mod SHIFT, 4, movetoworkspacesilent, 4"
"$mod SHIFT, 5, movetoworkspacesilent, 5"
"$mod SHIFT, 6, movetoworkspacesilent, 6"
"$mod SHIFT, 7, movetoworkspacesilent, 7"
"$mod SHIFT, 8, movetoworkspacesilent, 8"
"$mod SHIFT, 9, movetoworkspacesilent, 9"
"$mod, b, exec, ${pkgs.fcitx5}/bin/fcitx5-remote -s mozc"
"$mod, n, exec, ${pkgs.fcitx5}/bin/fcitx5-remote -s keyboard-no"
"$mod, m, exec, ${pkgs.fcitx5}/bin/fcitx5-remote -s keyboard-us"
# TODO: ensure exists in environment
"$mod, l, exec, ${pkgs.systemd}/bin/loginctl lock-session"
# TODO: fix
# "super + minus" = "${pkgs.xcalib}/bin/xcalib -invert -alter"
# TODO: fix
", Print, exec, ${exe pkgs.grimblast} copy area"
# "SHIFT, Print, exec, ${lib.getExe pkgs.grimblast} copy area"
# "shift + @Print" = "${pkgs.maim}/bin/maim --hidecursor --nokeyboard $SCREENSHOT_DIR/$(date +%s).png"
# TODO: Add boomer as package
# "super + @Print" = "boomer"
]
++
(lib.pipe scratchpads [
(map ({ keys, command, class, ... }:
(map (key: let
# TODO: rewrite this to take arguments instead of creating n copies
invokeIfNotRunningAndToggleWorkspace = pkgs.writeShellApplication {
name = "hyprland-toggle-scratchpad-${class}";
runtimeInputs = [ cfg.finalPackage pkgs.jq ];
text = ''
SCRATCHPAD_PROGRAM_EXISTS=$(hyprctl clients -j | jq -r '[.[].class]|any(. == "${class}")')
CURRENT_WORKSPACE_ID=$(hyprctl activeworkspace -j | jq -r '.id')
if [ "$SCRATCHPAD_PROGRAM_EXISTS" != "true" ]; then
${command} &
hyprctl dispatch movetoworkspacesilent "''${CURRENT_WORKSPACE_ID},class:${class}"
hyprctl dispatch focuswindow "class:${class}"
else
SCRATCHPAD_PROGRAM_WORKSPACE_ID=$(hyprctl clients -j | jq '.[] | select( .class == "${class}") | .workspace.id')
if [ "$SCRATCHPAD_PROGRAM_WORKSPACE_ID" != "$CURRENT_WORKSPACE_ID" ]; then
hyprctl dispatch movetoworkspacesilent "''${CURRENT_WORKSPACE_ID},class:${class}"
hyprctl dispatch focuswindow "class:${class}"
else
hyprctl dispatch movetoworkspacesilent "special:${class}Ws,class:${class}"
fi
fi
'';
};
in "${key}, exec, ${lib.getExe invokeIfNotRunningAndToggleWorkspace}"
) keys)
))
lib.flatten
]);
bindm = [
"$mod, mouse:272, movewindow"
"$mod, Control_L, movewindow"
"$mod, mouse:273, resizewindow"
"$mod, ALT_L, resizewindow"
];
bindl = [
"$mod, p, exec, ${exe pkgs.mpc_cli} toggle"
",XF86AudioPlay, exec, ${exe pkgs.mpc_cli} toggle"
",XF86AudioPrev, exec, ${exe pkgs.mpc_cli} prev"
",XF86AudioNext, exec, ${exe pkgs.mpc_cli} next"
];
bindle = [
",XF86MonBrightnessUp, exec, ${exe pkgs.brightnessctl} s +5%"
",XF86MonBrightnessDown, exec, ${exe pkgs.brightnessctl} s 5%-"
",XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
",XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%+"
"$mod ,F7, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
"$mod ,F8, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%+"
];
exec-once = [
"uwsm finalize"
];
windowrulev2 = [
"float,class:(Rofi)"
"float,class:^(xdg-desktop-portal-gtk)$"
"float, title:^(.*Bitwarden Password Manager.*)$"
"dimaround, class:^(xdg-desktop-portal-gtk)$"
"workspace special silent, title:^(Firefox Sharing Indicator)$"
"workspace special silent, title:^(Zen Sharing Indicator)$"
"workspace special silent, title:^(.*is sharing (your screen|a window)\.)$"
"workspace 2,class:(firefox)"
"workspace 2,class:(google-chrome)"
"workspace 3,class:(Emacs)"
"workspace 3,class:(code)"
"workspace 3,class:(code-url-handler)"
"workspace 5,class:(discord)"
"workspace 5,class:(Element)"
]
++
(lib.pipe scratchpads [
(map ({ class, size, ... }: [
"workspace special:${class}Ws, class:^${class}$"
"float, class:^${class}$"
"size ${toString size.w}% ${toString size.h}%, class:^${class}$"
"move ${toString ((100 - size.w) / 2)}% ${toString ((100 - size.h) / 2)}%, class:^${class}$"
]))
lib.flatten
]);
monitor = [
# TODO: host specific
"eDP-1, 3840x2400@90.00Hz, 0x0, 2"
",preferred,auto,1"
];
general = {
gaps_in = 5;
gaps_out = 15;
border_size = 2;
"col.active_border" = "rgba(33ccffee) rgba(00ff99ee) 45deg";
"col.inactive_border" = "rgba(595959aa)";
resize_on_border = false;
allow_tearing = false;
layout = "master";
};
decoration = {
rounding = 10;
# Change transparency of focused and unfocused windows
active_opacity = 1.0;
inactive_opacity = 1.0;
# drop_shadow = true;
# shadow_range = 4;
# shadow_render_power = 3;
# "col.shadow" = "rgba(1a1a1aee)";
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = 0.1696;
};
};
animations.enabled = false;
master = {
new_status = "slave";
};
misc = {
force_default_wallpaper = 0; # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false; # If true disables the random hyprland logo / anime girl background. :(
};
input ={
kb_layout = "us";
kb_variant = "";
kb_model = "";
kb_options = "caps:escape";
kb_rules = "";
follow_mouse = 1;
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
touchpad = {
natural_scroll = false;
};
};
};
};
# UWSM
systemd.user.services = {
hypridle.Unit.After = lib.mkForce "graphical-session.target";
waybar.Unit.After = lib.mkForce "graphical-session.target";
network-manager-applet.Unit.After = lib.mkForce "graphical-session.target";
fcitx5-daemon.Unit.After = lib.mkForce "graphical-session.target";
# hyprpaper.Unit.After = lib.mkForce "graphical-session.target";
};
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.jq.enable = true;
}

View File

@ -1,7 +0,0 @@
{ ... }:
{
programs.man = {
enable = true;
generateCaches = true;
};
}

View File

@ -1,4 +0,0 @@
{ machineVars, ... }:
{
programs.mpv.enable = !machineVars.headless;
}

View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {pkgs, ...}:
{ {
programs.ncmpcpp = { programs.ncmpcpp = {
enable = true; enable = true;
@ -332,11 +332,11 @@
window_border_color = "green"; window_border_color = "green";
active_window_border = "red"; active_window_border = "red";
visualizer_data_source = "/run/user/${toString config.home.uid}/mpd/visualizer.fifo"; visualizer_data_source = "/tmp/mpd.fifo";
visualizer_output_name = "Visualizer feed"; visualizer_output_name = "Visualizer feed";
visualizer_in_stereo = "no"; visualizer_in_stereo = "no";
# visualizer_type = "spectrum"; # spectrum, ellipse, wave_filled, wave visualizer_type = "spectrum"; # spectrum, ellipse, wave_filled, wave
# visualizer_look = "+█"; # wave | spectrum, ellipse, wave_filled visualizer_look = "+"; # wave | spectrum, ellipse, wave_filled
}; };
}; };
} }

View File

@ -1,4 +1,4 @@
{ pkgs, lib, machineVars, ... }: { pkgs, home, ... }:
{ {
imports = [ imports = [
./auto-clean-swapfiles.nix ./auto-clean-swapfiles.nix
@ -21,9 +21,6 @@
vim-surround vim-surround
vim-fugitive vim-fugitive
vim-css-color vim-css-color
] ++ (lib.optionals machineVars.wayland [
vim-wayland-clipboard
]) ++ [
semshi semshi
{ {
plugin = goyo-vim; plugin = goyo-vim;
@ -69,58 +66,25 @@
} }
limelight-vim limelight-vim
vim-tmux-navigator vim-tmux-navigator
vim-polyglot
lightline-vim lightline-vim
vim-better-whitespace
{ {
plugin = nvim-treesitter.withAllGrammars; plugin = rainbow;
config = '' config = ''
packadd! nvim-treesitter let g:rainbow_active = 1
lua << EOF
require'nvim-treesitter.configs'.setup {
highlight = {
enable = true,
},
}
EOF
'';
}
{
plugin = rainbow-delimiters-nvim;
config = ''
lua << EOF
local rainbow_delimiters = require 'rainbow-delimiters'
vim.g.rainbow_delimiters = {
["highlight"] = {
'RainbowDelimiterRed',
'RainbowDelimiterYellow',
'RainbowDelimiterBlue',
'RainbowDelimiterGreen',
'RainbowDelimiterViolet',
'RainbowDelimiterCyan',
},
}
EOF
''; '';
} }
{ {
plugin = vim-monokai; plugin = vim-monokai;
config = '' config = ''
colorscheme monokai colorscheme monokai
autocmd ColorScheme * highlight Normal ctermbg=0
autocmd ColorScheme monokai highlight Normal ctermbg=0 autocmd ColorScheme * highlight LineNr ctermbg=0
autocmd ColorScheme monokai highlight LineNr ctermbg=0 autocmd ColorScheme * highlight CursorLineNR ctermbg=0 ctermfg=208
autocmd ColorScheme monokai highlight CursorLineNR ctermbg=0 ctermfg=208 autocmd ColorScheme * highlight SignColumn ctermbg=0
autocmd ColorScheme monokai highlight SignColumn ctermbg=0 autocmd ColorScheme * highlight GitGutterAdd ctermbg=0
autocmd ColorScheme monokai highlight GitGutterAdd ctermbg=0 autocmd ColorScheme * highlight GitGutterChange ctermbg=0
autocmd ColorScheme monokai highlight GitGutterChange ctermbg=0 autocmd ColorScheme * highlight GitGutterDelete ctermbg=0
autocmd ColorScheme monokai highlight GitGutterDelete ctermbg=0
autocmd ColorScheme monokai highlight RainbowDelimiterRed { fg = g:terminal_color_9 }
autocmd ColorScheme monokai highlight RainbowDelimiterYellow { fg = g:terminal_color_11 }
autocmd ColorScheme monokai highlight RainbowDelimiterBlue { fg = g:terminal_color_12 }
autocmd ColorScheme monokai highlight RainbowDelimiterGreen { fg = g:terminal_color_10 }
autocmd ColorScheme monokai highlight RainbowDelimiterViolet { fg = g:terminal_color_13 }
autocmd ColorScheme monokai highlight RainbowDelimiterCyan { fg = g:terminal_color_14 }
''; '';
} }
]; ];

View File

@ -3,46 +3,40 @@ let
mkSource = tags: url: { inherit tags url; }; mkSource = tags: url: { inherit tags url; };
in { in {
programs.newsboat.urls = [ programs.newsboat.urls = [
(mkSource [ "tech" "linux" ] "https://archlinux.org/feeds/news/") (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
(mkSource [ "tech" "linux" "nixos" ] "https://nixos.org/blog/announcements-rss.xml") (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
(mkSource [ "tech" "ntnu" ] "https://omegav.no/newsrss") (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
(mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/") (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
(mkSource [ "tech" ] "https://blog.hackeriet.no/feed.xml")
(mkSource [ "tech" ] "https://fribyte.no/rss.xml")
(mkSource [ "tech" ] "https://existentialtype.wordpress.com/feed/")
(mkSource [ "tech" "linux" "ntnu" ] "https://wiki.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=90&limit=50&action=feedrecentchanges&format=xml")
(mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
(mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml") (mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml")
(mkSource [ "tech" ] "https://branchfree.org/feed/") (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
(mkSource [ "tech" ] "https://search.marginalia.nu/news.xml") (mkSource [ "tech" "linux" ] "https://archlinux.org/feeds/news/")
(mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/") (mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/")
(mkSource [ "tech" "linux" "nixos" ] "https://myme.no/atom-feed.xml") (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org//blog/announcements-rss.xml")
(mkSource [ "tech" "linux" ] "https://www.digitalneanderthal.com/index.xml")
(mkSource [ "tech" "ntnu" ] "https://omegav.no/newsrss")
(mkSource [ "tech" ] "https://code.visualstudio.com/feed.xml")
(mkSource [ "tech" "linux" "nixos" ] "https://blog.ysndr.de/atom.xml") (mkSource [ "tech" "linux" "nixos" ] "https://blog.ysndr.de/atom.xml")
(mkSource [ "tech" "linux" "nixos" ] "https://kaushikc.org/atom.xml") (mkSource [ "tech" "linux" "nixos" ] "https://kaushikc.org/atom.xml")
(mkSource [ "tech" "linux" "nixos" ] "https://ianthehenry.com/feed.xml") (mkSource [ "tech" "linux" "nixos" ] "https://ianthehenry.com/feed.xml")
(mkSource [ "tech" "linux" "ntnu" ] "https://www.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=7&limit=50&action=feedrecentchanges&feedformat=atom")
(mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
(mkSource [ "tech" "linux" "japanese" ] "https://www.ncaq.net/feed.atom") (mkSource [ "tech" "linux" "japanese" ] "https://www.ncaq.net/feed.atom")
(mkSource [ "tech" "linux" "nixos" "emacs" "japanese" ] "https://apribase.net/program/feed") (mkSource [ "tech" "linux" "haskell" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
(mkSource [ "tech" "linux" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default") (mkSource [ "tech" "haskell" "functional-programming" ] "https://williamyaoh.com/feed.atom")
(mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss") (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
(mkSource [ "tech" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom") (mkSource [ "tech" "haskell" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
(mkSource [ "tech" "functional-programming" ] "https://williamyaoh.com/feed.atom") (mkSource [ "tech" "haskell" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
(mkSource [ "tech" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml") (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
(mkSource [ "tech" "functional-programming" "python" ] "http://blog.ezyang.com/feed/") (mkSource [ "tech" "haskell" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
(mkSource [ "tech" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml") (mkSource [ "tech" "haskell" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
(mkSource [ "tech" "functional-programming" ] "https://www.stephendiehl.com/feed.rss") (mkSource [ "tech" "flutter" ] "https://resocoder.com/feed/")
(mkSource [ "tech" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml") (mkSource [ "tech" "compilers" ] "https://existentialtype.wordpress.com/feed/")
(mkSource [ "tech" ] "https://go.dev/blog/feed.atom") (mkSource [ "tech" "compilers" "haskell" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
(mkSource [ "tech" "linux" ] "https://jfx.ac/blog/index.xml")
(mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
(mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
(mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi") (mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
(mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan") (mkSource [ "tech" "compilers" ] "https://go.dev/blog/feed.atom")
(mkSource [ "japanese" "language" ] "https://wesleycrobertson.wordpress.com/feed/") (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/feed.xml")
(mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml") (mkSource [ "tech" "linux" "nixos" "compilers" ] "https://flyx.org/feed.xml")
(mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss") (mkSource [ "tech" "linux" ] "https://blog.jfx.ac/feed.xml")
(mkSource [ "tech" ] "https://resocoder.com/feed/") (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
# Broken?
(mkSource [ "tech" "linux" "nixos" ] "https://flyx.org/feed.xml")
]; ];
} }

View File

@ -1,4 +0,0 @@
{ machineVars, ... }:
{
programs.obs-studio.enable = !machineVars.headless;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.pandoc.enable = true;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.ripgrep.enable = true;
}

View File

@ -10,11 +10,5 @@
mode = "0444"; mode = "0444";
}; };
programs.ssh = { programs.ssh.includes = [ config.sops.secrets."ssh/secret-config".path ];
enable = true;
includes = [
config.sops.secrets."ssh/secret-config".path
"mutable_config"
];
};
} }

View File

@ -1,84 +1,94 @@
{ pkgs, lib, ... }: { pkgs, lib, extendedLib, ... }:
let # http://www.pvv.ntnu.no/pvv/Maskiner let
adminUser = "root";
normalUser = "oysteikt";
# http://www.pvv.ntnu.no/pvv/Maskiner
normalMachines = [ normalMachines = [
{ {
names = [ "hildring" "pvv-login" ]; names = [ "hildring" "pvv-login" "pvv" ];
proxyJump = lib.mkDefault null; proxyJump = lib.mkDefault null;
addressFamily = "inet"; addressFamily = "inet";
} }
{
names = [ "drolsum" "pvv-login2" "pvv" ];
proxyJump = lib.mkDefault null;
addressFamily = "inet";
}
[ "bekkalokk" "pvv-web" "pvv-wiki" "pvv-webmail" ]
[ "bicep" "pvv-databases" ]
"bob"
[ "brzeczyszczykiewicz" "brez" "bokhylle" ]
"buskerud"
"dagali" "dagali"
"drolsum"
"demiurgen" "demiurgen"
"eirin" "eirin"
"georg" [ "bekkalokk" "pvv-web" "pvv-wiki" "pvv-webmail" ]
"ildkule" "ildkule"
"isvegg"
"knutsen"
[ "microbel" "pvv-users" "pvv-mail" ]
"orchid"
"shark" "shark"
"tallulah" "buskerud"
[ "bicep" "pvv-databases" ]
"bob"
"knutsen"
"isvegg"
"tom" "tom"
"ustetind" [ "microbel" "pvv-users" "pvv-mail" ]
"venture"
]; ];
rootMachines = [ rootMachines = [
[ "ameno" "pvv-dns" ] [ "sleipner" "pvv-salt" ]
[ "balduzius" "pvv-krb" ] [ "balduzius" "pvv-krb" ]
[ "innovation" "pvv-minecraft" ] [ "innovation" "pvv-minecraft" ]
"ludvigsen"
[ "principal" "pvv-backup" ]
[ "skrott" "dibbler" ]
{
names = [ "sleipner" "pvv-salt" ];
user = "oysteikt/admin";
}
]; ];
overrideIfNotExists = b: a: a // (builtins.removeAttrs b (builtins.attrNames a)); # Either( String [String] AttrSet{String} ) -> AttrSet{String}
coerceToSSHMatchBlock =
machine:
if builtins.isString machine then { names = [machine]; }
else if builtins.isList machine then { names = machine; }
else machine;
coerce = user: machines: lib.pipe machines [ # ListOf(String) -> AttrSet
(m: if builtins.isString m then { names = [m]; } else m) machineWithNames = let
(m: if builtins.isList m then { names = m; } else m) inherit (lib.lists) head;
(overrideIfNotExists { inherit user; }) inherit (lib.strings) split;
]; in
names: { hostname = "${head names}.pvv.ntnu.no"; };
normalUser = "oysteikt"; # AttrSet -> AttrSet -> AttrSet
convertMachineWithDefaults = defaults: normalizedMachine: let
inherit (lib.attrsets) nameValuePair;
inherit (lib.strings) concatStringsSep;
inherit (normalizedMachine) names;
matchConfig = let name = concatStringsSep " " names;
machines = (map (coerce normalUser) normalMachines) ++ (map (coerce "root") rootMachines); value =
setVars = orig@{ names, ... }: { (machineWithNames names)
name = builtins.concatStringsSep " " names; // defaults
value = overrideIfNotExists { // removeAttrs normalizedMachine ["names"];
hostname = "${builtins.head names}.pvv.ntnu.no"; in
proxyJump = "pvv"; nameValuePair name value;
addressFamily = "inet";
} (builtins.removeAttrs orig ["names"]);
};
in builtins.listToAttrs (map setVars machines);
# AttrSet -> AttrSet
convertNormalMachine = convertMachineWithDefaults { user = normalUser; proxyJump = "pvv"; };
# AttrSet -> AttrSet
convertAdminMachine =
convertMachineWithDefaults { user = adminUser; proxyJump = "pvv"; };
# ListOf (Either(String ListOf(String) AttrsOf(String))) -> (AttrSet -> AttrSet) -> AttrSet
convertMachinesWith = convertMachineFunction: let
inherit (lib.attrsets) listToAttrs;
inherit (lib.trivial) pipe;
pipeline = [
(map coerceToSSHMatchBlock)
(map convertMachineFunction)
listToAttrs
];
in
machines: pipe machines pipeline;
in in
{ {
programs.ssh.matchBlocks = lib.mergeAttrsList [ programs.ssh.matchBlocks = (extendedLib.attrsets.concatAttrs [
matchConfig (convertMachinesWith convertNormalMachine normalMachines)
{ (convertMachinesWith convertAdminMachine rootMachines)
"pvv-git git.pvv.ntnu.no" = { ]) // {
hostname = "git.pvv.ntnu.no"; "pvv-git git.pvv.ntnu.no" = {
user = "gitea"; hostname = "git.pvv.ntnu.no";
addressFamily = "inet"; user = "gitea";
port = 2222; addressFamily = "inet";
proxyJump = "pvv"; port = 2222;
}; proxyJump = "pvv";
} };
]; };
} }

View File

@ -1,7 +0,0 @@
{ ... }:
{
programs.texlive = {
enable = true;
# packageSet = pkgs.texlive.combined.scheme-medium;
};
}

View File

@ -1,18 +0,0 @@
{ config, pkgs, lib, machineVars, ... }:
let
cfg = config.programs.thunderbird;
in
{
programs.thunderbird = {
enable = !machineVars.headless;
profiles.h7x4 = {
isDefault = true;
withExternalGnupg = true;
};
};
home.packages = lib.mkIf cfg.enable (with pkgs; [
birdtray
]);
}

View File

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: {pkgs, ...}:
{ {
programs.tmux = { programs.tmux = {
enable = true; enable = true;
@ -19,25 +19,7 @@
tmux-fzf tmux-fzf
urlview urlview
]; ];
extraConfig = let extraConfig = ''
fileContentsWithoutShebang = script: lib.pipe script [
lib.fileContents
(lib.splitString "\n")
(lib.drop 3) # remove shebang
(lib.concatStringsSep "\n")
];
fcitx5-status = (pkgs.writeShellApplication {
name = "tmux-fcitx5-status";
runtimeInputs = with pkgs; [ dbus ];
text = fileContentsWithoutShebang ./scripts/fcitx5-status.sh;
});
mpd-status = (pkgs.writeShellApplication {
name = "tmux-mpd-status";
runtimeInputs = with pkgs; [ mpc-cli gawk gnugrep ];
text = fileContentsWithoutShebang ./scripts/mpd-status.sh;
});
in ''
# Don't rename windows automatically after rename with ',' # Don't rename windows automatically after rename with ','
set-option -g allow-rename off set-option -g allow-rename off
@ -109,8 +91,8 @@
### DESIGN CHANGES ### ### DESIGN CHANGES ###
###################### ######################
set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default] #[fg=green]#(${lib.getExe fcitx5-status}) #[fg=red]%H:%M ' set-option -g status-left '#{prefix_highlight} #[bg=blue]#[fg=black,bold] ###S #[bg=default] #[fg=green]#(~/.scripts/tmux/fcitx) #[fg=red]%H:%M '
set-option -g status-right '#[fg=red]#(${lib.getExe mpd-status})' set-option -g status-right '#[fg=red]#(~/.scripts/tmux/mpd)'
set-window-option -g window-status-current-style fg=magenta set-window-option -g window-status-current-style fg=magenta
set-option -g status-style 'bg=black fg=default' set-option -g status-style 'bg=black fg=default'
set-option -g default-shell '${pkgs.zsh}/bin/zsh' set-option -g default-shell '${pkgs.zsh}/bin/zsh'

View File

@ -1,26 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p dbus
printState() {
STATUS=$(dbus-send --session --print-reply=literal --dest='org.fcitx.Fcitx5' '/controller' 'org.fcitx.Fcitx.Controller1.CurrentInputMethod' | tr -d '[:space:]')
case $STATUS in
keyboard-us)
echo 'US'
;;
keyboard-no)
echo 'NO'
;;
mozc)
echo '日本語'
;;
*)
echo "$STATUS?"
;;
esac
}
while :; do
printState
sleep 1
done

View File

@ -1,29 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i sh -p mpc-cli gawk gnugrep
while true; do
MPC_OUTPUT=$(mpc --format '[[%artist% - ]%title%]|[%file%]')
TITLE=$(head -n 1 <<<"$MPC_OUTPUT")
if [ ${#TITLE} -gt 60 ]; then
TITLE=$(awk '{print substr($0,0,57) "..."}' <<<"$TITLE")
fi
LINE2=$(head -n 2 <<<"$MPC_OUTPUT" | tail -n 1)
PLAY_STATUS_RAW=$(awk '{print $1}' <<<"$LINE2")
if [ "$PLAY_STATUS_RAW" == "[playing]" ]; then
PLAY_STATUS="▶"
elif [ "$PLAY_STATUS_RAW" == "[paused]" ]; then
PLAY_STATUS="⏸"
else
PLAY_STATUS="??"
fi
TIME=$(awk '{print $3}' <<<"$LINE2")
echo -e "$PLAY_STATUS $TITLE | [$TIME]"
sleep 1
done

View File

@ -24,18 +24,10 @@ in
onChange = ''install -m660 $(realpath "${configFilePath}.ro") "${configFilePath}"''; onChange = ''install -m660 $(realpath "${configFilePath}.ro") "${configFilePath}"'';
}; };
programs.vscode = { programs.vscode ={
enable = true; enable = true;
package = pkgs.vscode.overrideAttrs (prev: { package = pkgs.vscode;
# NOTE: this messes up zsh's tab completion in the terminal whenever code is started
# from within a shell
preFixup = prev.preFixup + ''
gappsWrapperArgs+=(
--unset TMUX_PANE
)
'';
});
userSettings = let userSettings = let
editor = mapPrefixToSet "editor" { editor = mapPrefixToSet "editor" {
@ -167,9 +159,11 @@ in
"telemetry.telemetryLevel" = "off"; "telemetry.telemetryLevel" = "off";
"terminal.integrated.fontSize" = 14; "terminal.integrated.fontSize" = 14;
"vsintellicode.modify.editor.suggestSelection" = "automaticallyOverrodeDefaultValue"; "vsintellicode.modify.editor.suggestSelection" = "automaticallyOverrodeDefaultValue";
"keyboard.dispatch" = "keyCode";
"window.zoomLevel" = 1; "window.zoomLevel" = 1;
"rust-analyzer.server.path" =
toString (pkgs.writeShellScript "ra-multiplex-client" "${lib.getExe pkgs.ra-multiplex} client");
"search.exclude" = { "search.exclude" = {
"**/node_modules" = true; "**/node_modules" = true;
"**/bower_components" = true; "**/bower_components" = true;
@ -202,6 +196,8 @@ in
"errorLens.errorBackground" = "rgba(240,0,0,0.1)"; "errorLens.errorBackground" = "rgba(240,0,0,0.1)";
"errorLens.warningBackground" = "rgba(180,180,0,0.1)"; "errorLens.warningBackground" = "rgba(180,180,0,0.1)";
"keyboard-quickfix.showActionNotification" = false;
"liveshare.presence" = true; "liveshare.presence" = true;
"liveshare.showInStatusBar" = "whileCollaborating"; "liveshare.showInStatusBar" = "whileCollaborating";
@ -236,15 +232,9 @@ in
keybindings = [ keybindings = [
{ {
key = "alt+k"; key = "ctrl+[Period]";
when = "codeActionMenuVisible"; command = "keyboard-quickfix.openQuickFix";
command = "selectPrevCodeAction"; when = "editorHasCodeActionsProvider && editorTextFocus && !editorReadonly";
}
{
key = "alt+j";
when = "codeActionMenuVisible";
command = "selectNextCodeAction";
} }
{ {
@ -309,7 +299,7 @@ in
# jock.svg # jock.svg
# ms-azuretools.vscode-docker # ms-azuretools.vscode-docker
# ms-toolsai.jupyter # ms-toolsai.jupyter
# ms-vscode-remote.remote-ssh ms-vscode-remote.remote-ssh
# ms-vsliveshare.vsliveshare # ms-vsliveshare.vsliveshare
bbenoist.nix bbenoist.nix
christian-kohler.path-intellisense christian-kohler.path-intellisense
@ -331,12 +321,8 @@ in
rust-lang.rust-analyzer rust-lang.rust-analyzer
mkhl.direnv mkhl.direnv
waderyan.gitblame waderyan.gitblame
# vs-liveshare
vscodevim.vim vscodevim.vim
hbenl.vscode-test-explorer
# vitaliymaz.vscode-svg-previewer
ms-vscode.test-adapter-converter
visualstudioexptteam.vscodeintellicode
tamasfe.even-better-toml
] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{ {
name = "monokai-st3"; name = "monokai-st3";
@ -344,17 +330,47 @@ in
version = "0.2.0"; version = "0.2.0";
sha256 = "1rvz5hlrfshy9laybxzvrdklx328s13j0lb8ljbda9zkadi3wcad"; sha256 = "1rvz5hlrfshy9laybxzvrdklx328s13j0lb8ljbda9zkadi3wcad";
} }
{
name = "vscode-svgviewer";
publisher = "cssho";
version = "2.0.0";
sha256 = "06swlqiv3gc7plcbmzz795y6zwpxsdhg79k1n3jj6qngfwnv2p6z";
}
{ {
name = "comment-anchors"; name = "comment-anchors";
publisher = "ExodiusStudios"; publisher = "ExodiusStudios";
version = "1.10.4"; version = "1.10.3";
sha256 = "sha256-FvfjPpQsgCsnY1BylhLCM/qDQChf9/iTr3cKkCGfMVI="; sha256 = "sha256-IyiiS4jpcghwKI0j8s69uGNZlKnZ0o78ZCT0oZeJER0=";
}
{
name = "vscode-test-explorer";
publisher = "hbenl";
version = "2.21.1";
sha256 = "022lnkq278ic0h9ggpqcwb3x3ivpcqjimhgirixznq0zvwyrwz3w";
} }
{ {
name = "vscode-gutter-preview"; name = "vscode-gutter-preview";
publisher = "kisstkondoros"; publisher = "kisstkondoros";
version = "0.31.2"; version = "0.29.0";
sha256 = "sha256-2/RvDSsVL06UmNG9HchXaJMJ4FYtnpuJ2Bn53JVv1t8="; sha256 = "00vibv9xmhwaqiqzp0y2c246pqiqfjsw4bqx4vcdd67pz1wnqhg1";
}
{
name = "test-adapter-converter";
publisher = "ms-vscode";
version = "0.1.9";
sha256 = "sha256-M53jhAVawk2yCeSrLkWrUit3xbDc0zgCK2snbK+BaSs=";
}
# {
# name = "indent-rainbow";
# publisher = "oderwat";
# version = "8.2.2";
# sha256 = "1xxljwh66f21fzmhw8icrmxxmfww1s67kf5ja65a8qb1x1rhjjgf";
# }
{
name = "vscodeintellicode";
publisher = "VisualStudioExptTeam";
version = "1.2.30";
sha256 = "sha256-f2Gn+W0QHN8jD5aCG+P93Y+JDr/vs2ldGL7uQwBK4lE=";
} }
{ {
name = "keyboard-quickfix"; name = "keyboard-quickfix";

View File

@ -1,245 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.programs.waybar;
cfgs = cfg.settings.mainBar;
in
{
programs.waybar = {
enable = true;
systemd.enable = true;
settings = {
mainBar = {
layer = "top";
position = "top";
height = 30;
# TODO: configure this per machine
# output = [ "DP-2" ];
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "clock" ];
modules-right = [ "mpd" "cpu" "memory" "wireplumber" "pulseaudio/slider" "battery" "tray" ];
"hyprland/workspaces" = {
all-outputs = true;
disable-scroll = true;
persistent-workspaces = {
${lib.head cfgs.output} = [ 1 2 3 4 5 6 7 8 ];
};
};
"mpd" = {
format = "{filename}";
};
"cpu" = {
format = "[#] {usage}%";
};
"memory" = {
format = "{used}/{total}Gb";
};
"wireplumber" = {
format = "{volume}% {icon}";
format-muted = "[M]";
};
"pulseaudio/slider" = {
orientation = "horizontal";
};
"tray" = {
icon-size = 20;
spacing = 8;
};
};
};
style = let
c = config.colors.defaultColorSet;
in ''
* {
font-family: FiraCode, FontAwesome, Roboto, Helvetica, Arial, sans-serif;
font-size: 13px;
}
window#waybar {
background-color: ${c.background};
color: ${c.foreground};
}
#pulseaudio-slider trough {
min-height: 10px;
min-width: 100px;
}
/**** DEFAULT ****/
window#waybar.hidden {
opacity: 0.2;
}
button {
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each button name */
border: none;
border-radius: 0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
button:hover {
background: inherit;
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.empty {
color: ${c.yellow};
}
#workspaces button {
padding: 0 5px;
color: ${c.magenta};
background-color: transparent;
}
#workspaces button.visible {
color: ${c.green};
}
#workspaces button.urgent {
background-color: ${c.red};
}
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
}
#mode {
background-color: #64727D;
box-shadow: inset 0 -3px #ffffff;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#wireplumber,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#scratchpad,
#power-profiles-daemon,
#mpd {
padding: 0 10px;
color: ${c.foreground};
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
background-color: #64727D;
}
#cpu {
background-color: ${c.cyan};
color: #000000;
}
#memory {
background-color: ${c.yellow};
color: #000000;
}
#network {
background-color: #2980b9;
}
#network.disconnected {
background-color: #f53c3c;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#wireplumber {
background-color: #fff0f5;
color: #000000;
}
#wireplumber.muted {
background-color: #f53c3c;
}
#tray {
background-color: #2980b9;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#mpd {
background-color: #66cc99;
color: #2a5c45;
}
#mpd.disconnected {
background-color: #f53c3c;
}
#mpd.stopped {
background-color: #90b1b1;
}
#mpd.paused {
background-color: #51a37a;
}
'';
# background-color: rgba(0,0,0,0);
# border-bottom: 3px solid rgba(100, 114, 125, 0.5);
#style = ''
#'';
};
systemd.user.services.waybar = {
Service.Environment = [
"DISPLAY=:0"
];
};
}

View File

@ -89,7 +89,7 @@ myScratchpads = [ NS "ncmpcpp" spawnNC findNC layoutA
-- spawnMX = "element" -- spawnMX = "element"
spawnFB = "thunar --class=floatingThunar" spawnFB = "thunar --class=floatingThunar"
spawnEX = "emacs --name=floatingEmacs" spawnEX = "emacs --name=floatingEmacs"
spawnSC = "nsxiv -N floatingSchedule ~/uni/schedule.png" spawnSC = "sxiv -N floatingSchedule ~/uni/schedule.png"
spawnHP = "echo \"" ++ help ++ "\" | xmessage -file -" spawnHP = "echo \"" ++ help ++ "\" | xmessage -file -"
findNC = title =? "ncmpcppScratchpad" findNC = title =? "ncmpcppScratchpad"
@ -168,7 +168,7 @@ myKeys conf@(XConfig {XMonad.modMask = modm}) = M.fromList $
, ((modm .|. shiftMask , xK_space ), spawn $ myTerminal ++ " -e tmux") , ((modm .|. shiftMask , xK_space ), spawn $ myTerminal ++ " -e tmux")
-- , ((modm , xK_v ), spawn "rofi -modi lpass:$HOME/.scripts/rofi/lpass//rofi-lpass -show lpass") -- , ((modm , xK_v ), spawn "rofi -modi lpass:$HOME/.scripts/rofi/lpass//rofi-lpass -show lpass")
-- , ((modm .|. shiftMask, xK_d ), viewDropboxStatus) , ((modm .|. shiftMask, xK_d ), viewDropboxStatus)
] ]
termIsOpen :: X Bool termIsOpen :: X Bool

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.yt-dlp.enable = true;
}

View File

@ -1,75 +1,26 @@
{ pkgs, ... }: { config, pkgs, lib, ... }:
{ {
programs.zed-editor = { home.packages = with pkgs; [ zed-editor ];
enable = true;
userSettings = { xdg.configFile."zed/settings.json".source = let
load_direnv = "shell_hook"; format = pkgs.formats.json { };
base_keymap = "VSCode"; in format.generate "zed-settings.json" {
autosave = "off";
buffer_font_family = "Fira Code";
load_direnv = "shell_hook";
format_on_save = "off";
autosave = "off"; telemetry = {
format_on_save = "off"; diagnostics = false;
remove_trailing_whitespace_on_save = false; metrics = false;
tab_size = 2;
ui_font_family = "Noto Sans";
buffer_font_family = "Fira Code";
terminal.font_family = "Fira Code";
telemetry = {
diagnostics = false;
metrics = false;
};
vim_mode = true;
theme = {
mode = "dark";
light = "monokai Classic";
dark = "monokai Darker Classic";
};
file_scan_exclusions = [
"**/.git"
"**/.svn"
"**/.hg"
"**/.jj"
"**/CVS"
"**/.DS_Store"
"**/Thumbs.db"
"**/.classpath"
"**/.settings"
"**/.direnv"
];
git.inline_blame.enable = false;
indent_guides = {
enabled = true;
coloring = "indent_aware";
};
}; };
userKeymaps = [ vim_mode = true;
{
context = "Workspace";
bindings = {
ctrl-j = "workspace::NewTerminal";
};
}
];
extensions = [ theme = {
"basher" mod = "dark";
"dart" dark = "monokai Classic";
"dockerfile" };
"html"
"nix"
"sql"
"toml"
];
}; };
xdg.configFile."zed/themes/monokai.json".source = let xdg.configFile."zed/themes/monokai.json".source = let

View File

@ -1,4 +0,0 @@
{ ... }:
{
programs.zoxide.enable = true;
}

View File

@ -1,9 +1,9 @@
{ config, pkgs, lib, machineVars, ... }: { pkgs, config, ... }:
{ {
services.dunst = { services.dunst = {
enable = true; enable = true;
iconTheme = { iconTheme = {
package = pkgs.adwaita-icon-theme; package = pkgs.gnome.adwaita-icon-theme;
name = "Adwaita"; name = "Adwaita";
size = "32x32"; size = "32x32";
}; };
@ -13,9 +13,9 @@
class = "Dunst"; class = "Dunst";
browser = "${pkgs.xdg-utils}/bin/xdg-open"; browser = "${pkgs.xdg-utils}/bin/xdg-open";
offset = lib.mkIf (!machineVars.wayland) (let offset = let
status-bar-height = config.services.polybar.settings."bar/top".height; status-bar-height = config.services.polybar.settings."bar/top".height;
in "15x${toString (status-bar-height + 10)}"); in "15x${toString (status-bar-height + 10)}";
corner_radius = 0; corner_radius = 0;
font = "Droid Sans 9"; font = "Droid Sans 9";

View File

@ -132,6 +132,5 @@ in
Service.Restart="on-failure"; Service.Restart="on-failure";
Service.ExecStart = lib.mkForce "${fcitx5Package}/bin/fcitx5"; Service.ExecStart = lib.mkForce "${fcitx5Package}/bin/fcitx5";
Service.ExecReload = "/bin/kill -HUP $MAINPID"; Service.ExecReload = "/bin/kill -HUP $MAINPID";
Install.Alias = "fcitx5.service";
}; };
} }

View File

@ -1,4 +0,0 @@
{ machineVars, ... }:
{
services.gnome-keyring.enable = !machineVars.headless;
}

View File

@ -1,5 +0,0 @@
{ ... }:
{
services.keybase.enable = true;
services.kbfs.enable = true;
}

View File

@ -1,141 +1,28 @@
{ config, pkgs, lib, ... }: { config, ... }:
let
cfg = config.services.mpd;
in
{ {
services.mpd = { services.mpd = rec {
enable = true; enable = true;
musicDirectory = config.xdg.userDirs.music; musicDirectory = config.xdg.userDirs.music;
playlistDirectory = "${cfg.musicDirectory}/playlists/MPD"; playlistDirectory = "${musicDirectory}/playlists/MPD";
network.startWhenNeeded = true; network.startWhenNeeded = true;
# TODO: make the path specific to the user unit
extraConfig = '' extraConfig = ''
pid_file "/run/user/${toString config.home.uid}/mpd/pid" audio_output {
type "fifo"
zeroconf_enabled "no" name "Visualizer feed"
path "/tmp/mpd.fifo"
replaygain "auto" format "44100:16:2"
}
restore_paused "yes"
auto_update "no"
audio_output { audio_output {
type "pipewire" type "pipewire"
name "PipeWire Sound Server" name "PipeWire Sound Server"
} }
audio_output {
type "fifo"
name "Visualizer feed"
path "/run/user/${toString config.home.uid}/mpd/visualizer.fifo"
format "44100:16:2"
}
resampler {
plugin "soxr"
quality "very high"
}
playlist_plugin {
name "cue"
enabled "true"
}
playlist_plugin {
name "m3u"
enabled "true"
}
playlist_plugin {
name "extm3u"
enabled "true"
}
playlist_plugin {
name "flac"
enabled "true"
}
playlist_plugin {
name "rss"
enabled "true"
}
''; '';
}; };
# TODO: disable auto_update and use systemd path to listen for changes
# TODO: upstream unix socket support to home-manager # TODO: upstream unix socket support to home-manager
systemd.user.services.mpd = {
Unit = {
Documentation = [
"man:mpd(1)"
"man:mpd.conf(5)"
];
};
Service = {
WatchdogSec = 120;
# for io_uring
LimitMEMLOCK = "64M";
# allow MPD to use real-time priority 40
LimitRTPRIO = 40;
LimitRTTIME = "infinity";
PrivateUsers = true;
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_UNIX"
];
RestrictNamespaces = true;
};
};
systemd.user.paths.mpd-update-library = {
Unit = {
Description = "Watchdog that updates the mpd library whenever the files are modified";
Documentation = [
"man:mpd(1)"
"man:mpd.conf(5)"
];
WantedBy = [ "paths.target" ];
};
Path = {
PathChanged = cfg.musicDirectory;
Unit = "mpd-update-library.service";
TriggerLimitIntervalSec = "1s";
TriggerLimitBurst = "1";
};
};
systemd.user.services.mpd-update-library = {
Unit = {
Description = "Watchdog that updates the mpd library whenever the files are modified";
Documentation = [
"man:mpd(1)"
"man:mpd.conf(5)"
];
};
Service = {
Type = "oneshot";
ExecStart = "${lib.getExe pkgs.mpc-cli} update --wait";
PrivateUsers = true;
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_UNIX"
];
RestrictNamespaces = true;
};
};
} }

View File

@ -1,4 +0,0 @@
{ machineVars, ... }:
{
services.network-manager-applet.enable = !machineVars.headless;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
services.psd.enable = true;
}

View File

@ -0,0 +1,36 @@
{ pkgs, lib, ... }:
let
format = pkgs.formats.toml { };
package = pkgs.ra-multiplex;
in
{
xdg.configFile."ra-multiplex/config.toml".source = format.generate "ra-multiplex-config.toml" {
# listen = "/var/run/user/1001/ra-mux/ra-multiplex.sock";
# connect = "/var/run/user/1001/ra-mux/ra-multiplex.sock";
listen = [ "127.0.0.1" 27631 ];
connect = [ "127.0.0.1" 27631 ];
pass_environment = [
"RUST_SRC_PATH"
"RUSTC_WRAPPER"
"SCCACHE_DIR"
];
};
systemd.user.services.ra-multiplex = {
Unit = {
Description = "Rust analyzer multiplex server";
};
Service = {
Type = "simple";
ExecStart = "${lib.getExe package} server";
Environment = [
"PATH=${lib.makeBinPath [ pkgs.rust-analyzer ]}"
];
};
Install = {
WantedBy = [ "default.target" ];
};
};
}

View File

@ -22,11 +22,11 @@ in
# Volume # Volume
"super + {@F7,@F8}" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%{-,+}"; "super + {@F7,@F8}" = "${pkgs.alsaUtils}/bin/amixer set Master 2%{-,+}";
"{XF86AudioLowerVolume,XF86AudioRaiseVolume}" = "${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%{-,+}"; "{XF86AudioLowerVolume,XF86AudioRaiseVolume}" = "${pkgs.alsaUtils}/bin/amixer set Master 2%{-,+}";
"XF86AudioMute" = "${pkgs.wireplumber}/bin/wpctl set-mute toggle"; "XF86AudioMute" = "${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
# Music # Music

View File

@ -14,19 +14,6 @@
exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name; exe = if pkg.meta ? mainProgram then pkg.meta.mainProgram else name;
in "${pkg}/bin/${exe}"; in "${pkg}/bin/${exe}";
in { in {
sops.secrets."nordicsemi/envvars" = {
sopsFile = ../secrets/home.yaml;
};
programs.bash.bashrcExtra = ''
source "${config.sops.secrets."nordicsemi/envvars".path}"
'';
programs.zsh.envExtra = ''
source "${config.sops.secrets."nordicsemi/envvars".path}"
'';
local.shell.aliases = { local.shell.aliases = {
# ░█▀▄░█▀▀░█▀█░█░░░█▀█░█▀▀░█▀▀░█▄█░█▀▀░█▀█░▀█▀░█▀▀ # ░█▀▄░█▀▀░█▀█░█░░░█▀█░█▀▀░█▀▀░█▄█░█▀▀░█▀█░▀█▀░█▀▀
@ -61,7 +48,6 @@ in {
findx = p "fd"; findx = p "fd";
ag = "${pkgs.ripgrep}/bin/rg"; ag = "${pkgs.ripgrep}/bin/rg";
sxiv = "${pkgs.nsxiv}/bin/nsxiv";
lls = "${pkgs.coreutils}/bin/ls --color=always"; lls = "${pkgs.coreutils}/bin/ls --color=always";
ls = p "eza"; ls = p "eza";
@ -271,7 +257,6 @@ in {
p = "${pkgs.python3Packages.ipython}/bin/ipython"; p = "${pkgs.python3Packages.ipython}/bin/ipython";
s = p "sxiv"; s = p "sxiv";
v = p "mpv"; v = p "mpv";
zed = p "zed-editor";
zt = p "zathura"; zt = p "zathura";
}; };
@ -305,11 +290,6 @@ in {
view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex"; view-latex = "${pkgs.texlive.combined.scheme-full}/bin/latexmk -pdf -pvc main.tex";
reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf"; reload-tmux = "${p "tmux"} source $HOME/.config/tmux/tmux.conf";
nordic-vpn = lib.concatStringsSep " | " [
"${p "gpauth"} \"$NORDIC_VPN_ENDPOINT\" --gateway --browser default 2>/dev/null"
"sudo ${p "gpclient"} connect \"$NORDIC_VPN_ENDPOINT\" --as-gateway --cookie-on-stdin"
];
}; };
# ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄ # ░█▀▀░█▀▀░█▀█░█▀▀░█▀▄░█▀█░▀█▀░█▀▀░█▀▄

View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, extendedLib, ... }: { pkgs, unstable-pkgs, lib, extendedLib, config, inputs, secrets, ... }:
let let
inherit (config) machineVars; inherit (config) machineVars;
in { in {
@ -11,14 +11,8 @@ in {
./programs/nix-ld.nix ./programs/nix-ld.nix
./programs/ssh.nix ./programs/ssh.nix
./programs/usbtop.nix ./programs/usbtop.nix
./programs/wireshark.nix
./services/dbus.nix ./services/dbus.nix
./services/fwupd.nix
./services/irqbalance.nix
./services/journald.nix
./services/libinput.nix
./services/logind.nix
./services/openssh.nix ./services/openssh.nix
./services/pcscd.nix ./services/pcscd.nix
./services/pipewire.nix ./services/pipewire.nix
@ -26,20 +20,16 @@ in {
./services/resolved.nix ./services/resolved.nix
./services/smartd.nix ./services/smartd.nix
./services/systemd-lock-handler.nix ./services/systemd-lock-handler.nix
./services/uptimed.nix
./services/userborn.nix
./services/xserver.nix ./services/xserver.nix
]; ];
# systemd.enableStrictShellChecks = true;
sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml"; sops.defaultSopsFile = ./../.. + "/secrets/${config.networking.hostName}.yaml";
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
console = { console = {
font = lib.mkDefault "Lat2-Terminus16"; font = "Lat2-Terminus16";
keyMap = lib.mkDefault "us"; keyMap = "us";
}; };
networking = { networking = {
@ -113,7 +103,6 @@ in {
"media" "media"
"minecraft" "minecraft"
"networkmanager" "networkmanager"
"rtkit"
"scanner" "scanner"
"video" "video"
"wheel" "wheel"
@ -134,6 +123,13 @@ in {
android-udev-rules android-udev-rules
light light
]; ];
libinput = {
enable = !config.machineVars.headless;
touchpad.disableWhileTyping = true;
};
displayManager.defaultSession = "none+xmonad";
}; };
programs = { programs = {
@ -141,14 +137,6 @@ in {
git.enable = true; git.enable = true;
tmux.enable = true; tmux.enable = true;
zsh.enable = true; zsh.enable = true;
hyprland = lib.mkIf config.machineVars.wayland {
enable = true;
withUWSM = true;
};
};
security.pam.services = lib.mkIf (config.machineVars.wayland) {
hyprlock = { };
}; };
system.extraDependencies = system.extraDependencies =
@ -190,48 +178,12 @@ in {
sqlite-web sqlite-web
]); ]);
# Realtime scheduling for pipewire and mpd
security.rtkit.enable = !config.machineVars.headless; security.rtkit.enable = !config.machineVars.headless;
security.tpm2.enable = lib.mkDefault true;
security.tpm2.abrmd.enable = lib.mkDefault config.security.tpm2.enable;
security.sudo.extraConfig = let security.sudo.extraConfig = let
sudoLecture = pkgs.writeText "sudo-lecture.txt" (extendedLib.termColors.front.red "Be careful or something, idk...\n"); sudoLecture = pkgs.writeText "sudo-lecture.txt" (extendedLib.termColors.front.red "Be careful or something, idk...\n");
in '' in ''
Defaults lecture = always Defaults lecture = always
Defaults lecture_file = ${sudoLecture} Defaults lecture_file = ${sudoLecture}
''; '';
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/profiles/hardened.nix
boot.blacklistedKernelModules = [
# Obscure network protocols
"ax25"
"netrom"
"rose"
# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
# "erofs" // used by systemd
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"ntfs"
"omfs"
"qnx4"
"qnx6"
"sysv"
"ufs"
];
} }

View File

@ -35,24 +35,10 @@
fontconfig = { fontconfig = {
defaultFonts = { defaultFonts = {
serif = [ serif = [ "Droid Sans Serif" "Ubuntu" ];
"Droid Sans Serif" sansSerif = [ "Droid Sans" "Ubuntu" ];
"Noto Serif CJK JP" monospace = [ "Fira Code" "Ubuntu" ];
"Ubuntu" emoji = [ "Noto Sans Emoji" ];
];
sansSerif = [
"Droid Sans"
"Noto Sans Serif CJK JP"
"Ubuntu"
];
monospace = [
"Fira Code"
"Noto Sans Mono CJK JP"
"Ubuntu"
];
emoji = [
"Noto Sans Emoji"
];
}; };
}; };
}; };

View File

@ -3,6 +3,7 @@
sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; }; sops.secrets."ssh/nix-builders/bob/key" = { sopsFile = ./../../../secrets/common.yaml; };
nix.buildMachines = [{ nix.buildMachines = [{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-bob"; hostName = "nix-builder-bob";
system = "x86_64-linux"; system = "x86_64-linux";
speedFactor = 5; speedFactor = 5;
@ -13,8 +14,8 @@
"big-paralell" "big-paralell"
]; ];
mandatoryFeatures = [ ]; mandatoryFeatures = [ ];
sshUser = "oysteikt"; # sshUser = secrets.ssh.users.pvv.normalUser;
sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path; # sshKey = config.sops.secrets."ssh/nix-builders/bob/key".path;
}]; }];
programs.ssh = { programs.ssh = {

View File

@ -1,15 +1,16 @@
{ config, ... }: { config, secrets, ... }:
{ {
sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; }; sops.secrets."ssh/nix-builders/isvegg/key" = { sopsFile = ./../../../secrets/common.yaml; };
nix.buildMachines = [{ nix.buildMachines = [{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-isvegg"; hostName = "nix-builder-isvegg";
system = "x86_64-linux"; system = "x86_64-linux";
speedFactor = 1; speedFactor = 1;
maxJobs = 8; maxJobs = 8;
supportedFeatures = [ ]; supportedFeatures = [ ];
mandatoryFeatures = [ ]; mandatoryFeatures = [ ];
sshUser = "oysteikt"; sshUser = secrets.ssh.users.pvv.normalUser;
sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path; sshKey = config.sops.secrets."ssh/nix-builders/isvegg/key".path;
}]; }];

View File

@ -1,4 +1,4 @@
{ config, ... }: { config, secrets, ... }:
{ {
# TODO: install public key on tsuki declaratively # TODO: install public key on tsuki declaratively
sops.secrets = { sops.secrets = {
@ -7,6 +7,7 @@
}; };
nix.buildMachines = [{ nix.buildMachines = [{
# Login details configured in ssh module in nix-secrets
hostName = "nix-builder-tsukir"; hostName = "nix-builder-tsukir";
system = "x86_64-linux"; system = "x86_64-linux";
speedFactor = 2; speedFactor = 2;
@ -25,8 +26,7 @@
extraConfig = '' extraConfig = ''
Host nix-builder-tsukir Host nix-builder-tsukir
HostName gingakei.loginto.me HostName gingakei.loginto.me
Port 45497 Port ${toString secrets.ports.ssh.home-in}
IdentityFile ${config.sops.secrets."ssh/nix-builders/tsuki/key".path}
''; '';
# knownHosts.tsukir = { # knownHosts.tsukir = {

View File

@ -43,11 +43,6 @@
type = "path"; type = "path";
path = "/home/h7x4/git/nixpkgs-tools"; path = "/home/h7x4/git/nixpkgs-tools";
}; };
shells.to = {
type = "git";
url = "https://git.pvv.ntnu.no/oysteikt/shells.git";
ref = "main";
};
}; };
}; };
} }

View File

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
let
inherit (config) machineVars;
in
{
programs.wireshark = {
enable = !config.machineVars.headless;
package = pkgs.wireshark;
};
}

View File

@ -2,7 +2,6 @@
{ {
services.dbus = { services.dbus = {
enable = true; enable = true;
implementation = "broker";
packages = with pkgs; [ packages = with pkgs; [
gcr gcr
dconf dconf

View File

@ -1,4 +0,0 @@
{ ... }:
{
services.fwupd.enable = true;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
services.irqbalance.enable = true;
}

View File

@ -1,6 +0,0 @@
{ ... }:
{
services.journald.extraConfig = ''
MaxFileSec=30day
'';
}

View File

@ -1,7 +0,0 @@
{ config, ...}:
{
services.libinput = {
enable = !config.machineVars.headless;
touchpad.disableWhileTyping = true;
};
}

View File

@ -1,6 +0,0 @@
{ ... }:
{
services.logind = {
powerKeyLongPress = "poweroff";
};
}

View File

@ -1,77 +1,4 @@
{ config, lib, ... }: { config, ... }:
let
cfg = config.services.printing;
in
{ {
# services.printing.enable = !config.machineVars.headless; services.printing.enable = !config.machineVars.headless;
services.printing.enable = false;
systemd.services = lib.mkIf cfg.enable {
cups.serviceConfig = {
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectClock= true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
PrivateDevices = true;
NoNewPrivileges = true;
# User =
AmbientCapabilities = [ "" ];
CapabilityBoundingSet = [ "" ];
DevicePolicy = "closed";
KeyringMode = "private";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateUsers = true;
RemoveIPC = true;
# RestrictAddressFamilies = [ "" ];
RestrictNamespaces=true;
RestrictRealtime=true;
RestrictSUIDSGID=true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
cups-browsed.serviceConfig = lib.mkIf cfg.enable {
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
ProtectClock= true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
PrivateDevices = true;
NoNewPrivileges = true;
# User =
AmbientCapabilities = [ "" ];
CapabilityBoundingSet = [ "" ];
DevicePolicy = "closed";
KeyringMode = "private";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateUsers = true;
RemoveIPC = true;
# RestrictAddressFamilies = [ "" ];
RestrictNamespaces=true;
RestrictRealtime=true;
RestrictSUIDSGID=true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
};
} }

View File

@ -1,4 +0,0 @@
{ ... }:
{
services.uptimed.enable = true;
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
services.userborn.enable = true;
}

View File

@ -1,41 +1,19 @@
{ config, pkgs, lib, ... }: { config, ... }:
{ {
services.displayManager = lib.mkIf (!config.machineVars.headless) { services.xserver = {
enable = true; enable = !config.machineVars.headless;
defaultSession = "none+xmonad";
sddm = {
enable = true;
wayland.enable = config.machineVars.wayland;
package = pkgs.kdePackages.sddm;
theme = "sddm-astronaut-theme";
extraPackages = [
pkgs.kdePackages.qt5compat
# pkgs.sddm-astronaut
];
};
};
environment.systemPackages = [
(pkgs.sddm-astronaut.override {
themeConfig = {
PartialBlur = false;
# Background = "Backgrounds/";
};
})
];
services.xserver = lib.mkIf (!config.machineVars.headless) {
enable = true;
xkb = { xkb = {
layout = "us"; layout = "us";
options = "caps:escape"; options = "caps:escape";
}; };
desktopManager = { # desktopManager = {
xterm.enable = true; # xterm.enable = false;
xfce.enable = true; # xfce.enable = !config.machineVars.headless;
}; # };
displayManager.lightdm.enable = !config.machineVars.headless;
windowManager.xmonad = { windowManager.xmonad = {
enable = true; enable = true;

View File

@ -1,10 +1,8 @@
{ config, pkgs, lib, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./programs/nrfutil.nix
./services/avahi.nix ./services/avahi.nix
./services/docker.nix ./services/docker.nix
./services/jenkins.nix ./services/jenkins.nix
@ -34,8 +32,6 @@
development = true; development = true;
creative = true; creative = true;
wayland = true;
dataDrives = let dataDrives = let
main = "/data"; main = "/data";
in { in {
@ -79,11 +75,14 @@
fstrim.enable = true; fstrim.enable = true;
}; };
nix.buildMachines = lib.mkForce [ ];
hardware = { hardware = {
bluetooth.enable = true; bluetooth.enable = true;
enableRedistributableFirmware = true; enableRedistributableFirmware = true;
keyboard.zsa.enable = true; keyboard.zsa.enable = true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
}; };
} }

View File

@ -1,11 +1,7 @@
{ config, pkgs, ... }: { config, ... }:
{ {
home.stateVersion = "24.05"; home.stateVersion = "24.05";
home.packages = with pkgs; [
groovy
];
programs.ssh.matchBlocks = { programs.ssh.matchBlocks = {
"tsuki-ws" = { "tsuki-ws" = {
user = "h7x4"; user = "h7x4";
@ -13,8 +9,7 @@
port = 10022; port = 10022;
}; };
"hildring pvv-login".proxyJump = "tsuki-ws"; "hildring pvv-login pvv".proxyJump = "tsuki-ws";
"drolsum pvv-login2 pvv".proxyJump = "tsuki-ws";
}; };
sops.secrets."git/nordicsemi-maintenance-repos-config" = { }; sops.secrets."git/nordicsemi-maintenance-repos-config" = { };
@ -22,6 +17,4 @@
programs.git.includes = [ programs.git.includes = [
{ path = config.sops.secrets."git/nordicsemi-maintenance-repos-config".path; } { path = config.sops.secrets."git/nordicsemi-maintenance-repos-config".path; }
]; ];
programs.waybar.settings.mainBar.output = [ "DP-1" ];
} }

View File

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
nrfutil
nrfconnect
nrf-command-line-tools
];
services.udev.packages = with pkgs; [
nrf-udev
segger-jlink
];
}

View File

@ -1,19 +0,0 @@
{ ... }:
{
# TODO: Reproducible certificates
services.journald.remote = {
enable = true;
settings.Remote = {
# ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
# ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
ServerKeyFile = "/etc/journald-remote-certs/key.pem";
ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
TrustedCertificateFile = "-";
};
};
# systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
# "key.pem:/etc/journald-remote-certs/key.pem"
# "cert.pem:/etc/journald-remote-certs/cert.pem"
# ];
}

View File

@ -7,16 +7,11 @@
"services/networking/wstunnel.nix" "services/networking/wstunnel.nix"
]; ];
sops = { # NOTE: Contains
secrets."wstunnel/http-upgrade-path-prefix" = { # - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
sopsFile = ../../../secrets/common.yaml; # - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
}; sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
templates."wstunnel-environment.env".content = let sopsFile = ../../../secrets/common.yaml;
inherit (config.sops) placeholder;
in ''
WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"}
'';
}; };
services.wstunnel = { services.wstunnel = {
@ -26,7 +21,7 @@
localToRemote = [ localToRemote = [
"tcp://10022:localhost:22" "tcp://10022:localhost:22"
]; ];
environmentFile = config.sops.templates."wstunnel-environment.env".path; environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
}; };
}; };
} }

View File

@ -5,7 +5,6 @@
./services/avahi.nix ./services/avahi.nix
./services/docker.nix ./services/docker.nix
./services/journald-remote.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

View File

@ -1,14 +0,0 @@
{ ... }:
{
services.journald.upload = {
enable = true;
settings.Upload = {
URL = "https://10.250.14.105:19532";
# ServerKeyFile = toString ./key.pem;
# ServerCertificateFile = toString ./cert.pem;
ServerKeyFile = "-";
ServerCertificateFile = "-";
TrustedCertificateFile = "-";
};
};
}

View File

@ -2,7 +2,6 @@
{ {
imports = [ imports = [
./services/avahi.nix ./services/avahi.nix
./services/btrfs.nix
./services/docker.nix ./services/docker.nix
./services/libvirtd.nix ./services/libvirtd.nix
./services/logiops.nix ./services/logiops.nix
@ -11,18 +10,12 @@
./services/tailscale.nix ./services/tailscale.nix
./services/keybase.nix ./services/keybase.nix
./nspawn-containers/arch.nix
./testconfig.nix
];
system.stateVersion = "22.05"; system.stateVersion = "22.05";
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"x86_64-windows" "x86_64-windows"
"aarch64-linux" "aarch64-linux"
"armv7l-linux" "armv7l-linux"
"i686-linux"
]; ];
nix.settings.system-features = [ nix.settings.system-features = [
@ -78,8 +71,11 @@
}; };
services = { services = {
openssh.enable = true; openssh = {
xserver.videoDrivers = [ "nvidia" ]; enable = true;
settings.X11Forwarding = true;
};
xserver.videoDrivers = [ "amdgpu" ];
tailscale.enable = true; tailscale.enable = true;
avahi = { avahi = {
enable = true; enable = true;
@ -95,6 +91,12 @@
boot = { boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
initrd.kernelModules = [ "amdgpu" ];
# kernelPackages = pkgs.linuxKernel.packages.linux_zen.zfs;
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelModules = [ "kvm-amd" ];
supportedFilesystems = [ "zfs" ];
loader = { loader = {
efi.canTouchEfiVariables = false; efi.canTouchEfiVariables = false;
@ -138,12 +140,10 @@
enableRedistributableFirmware = true; enableRedistributableFirmware = true;
keyboard.zsa.enable = true; keyboard.zsa.enable = true;
sane.enable = true; sane.enable = true;
opengl = {
nvidia = { enable = true;
modesetting.enable = true; driSupport = true;
open = false; driSupport32Bit = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
}; };
}; };
} }

View File

@ -1,28 +0,0 @@
{ ... }:
{
systemd.targets.machines.enable = true;
systemd.nspawn."arch" = {
enable = true;
execConfig.Boot = true;
filesConfig = {
BindReadOnly = [
"/nix/store"
# "/etc/resolv.conf:/etc/resolv.conf"
];
Bind = [
"/home/h7x4/git"
"/home/h7x4/pico"
"/home/h7x4/Downloads"
];
};
networkConfig.Private = false;
};
systemd.services."systemd-nspawn@arch" = {
enable = true;
requiredBy = [ "machines.target" ];
overrideStrategy = "asDropin";
};
}

View File

@ -1,4 +0,0 @@
{ ... }:
{
services.btrfs.autoScrub.enable = true;
}

View File

@ -1,6 +0,0 @@
{ ... }:
# NOTE: this file is a space where i put new configuration while i'm testing it.
# There shouldn't really be anything here, I'm not planning to commit any config here.
{
}

View File

@ -1,4 +1,4 @@
{ config, lib, modulesPath, ... }: { config, lib, secrets, modulesPath, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -71,6 +71,12 @@
isSystemUser = true; isSystemUser = true;
group = "media"; group = "media";
}; };
nix-builder = {
description = "User for executing distributed builds via SSH";
isSystemUser = true;
group = "nix-builder";
openssh.authorizedKeys.keyFiles = [ secrets.keys.ssh.nixBuilders.tsuki.public ];
};
}; };
groups = { groups = {
media = {}; media = {};
@ -78,11 +84,7 @@
}; };
}; };
sops.secrets."drives/cirno/password" = { }; sops.secrets."drives/cirno/credentials" = {};
sops.templates."drive-cirno.creds".content = ''
username=h7x4
password=${config.sops.placeholder."drives/cirno/password"}
'';
virtualisation = { virtualisation = {

View File

@ -1,80 +1,71 @@
{ pkgs, lib, config, ... }: let { pkgs, lib, config, options, ... }: let
cfg = config.services.hedgedoc; cfg = config.services.hedgedoc;
in { in {
sops = { config = {
secrets = { # Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
"hedgedoc/env/cmd_session_secret" = { }; sops.secrets."hedgedoc/env" = {
"hedgedoc/env/cmd_oauth2_client_secret" = { };
};
templates."hedgedoc.env" = {
restartUnits = [ "hedgedoc.service" ]; restartUnits = [ "hedgedoc.service" ];
owner = "hedgedoc"; owner = "hedgedoc";
group = "hedgedoc"; group = "hedgedoc";
content = let
inherit (config.sops) placeholder;
in ''
CMD_SESSION_SECRET=${placeholder."hedgedoc/env/cmd_session_secret"}
CMD_OAUTH2_CLIENT_SECRET=${placeholder."hedgedoc/env/cmd_oauth2_client_secret"}
'';
}; };
};
users.groups.hedgedoc.members = [ "nginx" ]; users.groups.hedgedoc.members = [ "nginx" ];
services.hedgedoc = { services.hedgedoc = {
enable = true; enable = true;
environmentFile = config.sops.templates."hedgedoc.env".path; environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = { settings = {
domain = "docs.nani.wtf"; domain = "docs.nani.wtf";
email = false; email = false;
allowAnonymous = false; allowAnonymous = false;
allowAnonymousEdits = true; allowAnonymousEdits = true;
protocolUseSSL = true; protocolUseSSL = true;
path = "/run/hedgedoc/hedgedoc.sock"; path = "/run/hedgedoc/hedgedoc.sock";
db = { db = {
username = "hedgedoc"; username = "hedgedoc";
# TODO: set a password # TODO: set a password
database = "hedgedoc"; database = "hedgedoc";
host = "/var/run/postgresql"; host = "/var/run/postgresql";
dialect = "postgres"; dialect = "postgres";
}; };
oauth2 = let oauth2 = let
authServerUrl = config.services.kanidm.serverSettings.origin; authServerUrl = config.services.kanidm.serverSettings.origin;
in rec { in rec {
baseURL = "${authServerUrl}/oauth2"; baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token"; tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2"; authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/${clientID}/userinfo"; userProfileURL = "${authServerUrl}/oauth2/openid/${clientID}/userinfo";
clientID = "hedgedoc"; clientID = "hedgedoc";
scope = "openid email profile"; scope = "openid email profile";
userProfileUsernameAttr = "name"; userProfileUsernameAttr = "name";
userProfileEmailAttr = "email"; userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname"; userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM"; providerName = "KaniDM";
};
}; };
}; };
};
services.postgresql = { services.postgresql = {
ensureDatabases = [ "hedgedoc" ]; ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{ ensureUsers = [{
name = "hedgedoc"; name = "hedgedoc";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }];
}; };
systemd.services.hedgedoc = rec { systemd.services.hedgedoc = rec {
requires = [ requires = [
"postgresql.service" "postgresql.service"
"kanidm.service" "kanidm.service"
]; ];
after = requires; after = requires;
};
}; };
} }

View File

@ -27,7 +27,6 @@ in {
tls_chain = "${credsDir}/fullchain.pem"; tls_chain = "${credsDir}/fullchain.pem";
tls_key = "${credsDir}/key.pem"; tls_key = "${credsDir}/key.pem";
bindaddress = "127.0.0.1:8300"; bindaddress = "127.0.0.1:8300";
# log_level = "debug";
online_backup = { online_backup = {
path = "/data/backup/kanidm"; path = "/data/backup/kanidm";
schedule = "00 22 * * *"; schedule = "00 22 * * *";

View File

@ -1,54 +1,6 @@
{ config, pkgs, lib, ... }: let { config, ... }: let
cfg = config.services.matrix-appservice-irc; cfg = config.services.matrix-appservice-irc;
in { in {
sops = {
secrets = {
"matrix/bridges/irc/id" = {};
"matrix/bridges/irc/hs_token" = {};
"matrix/bridges/irc/as_token" = {};
};
templates."matrix-appservice-irc-registration.yml" = {
owner = "matrix-appservice-irc";
group = "matrix-synapse";
mode = "0440";
file = let
inherit (config.sops) placeholder;
in (pkgs.formats.yaml {}).generate "matrix-appservice-irc-registration.yml" {
id = placeholder."matrix/bridges/irc/id";
hs_token = placeholder."matrix/bridges/irc/hs_token";
as_token = placeholder."matrix/bridges/irc/as_token";
url = cfg.registrationUrl;
sender_localpart = cfg.localpart;
"de.sorunome.msc2409.push_ephemeral" = true;
protocols = [ "irc" ];
namespaces = {
aliases = [
{
exclusive = true;
regex = "#lainchanirc_.*:nani\\.wtf";
}
{
exclusive = true;
regex = "#liberairc_.*:nani\\.wtf";
}
];
users = [
{
exclusive = true;
regex = "@lainanon_.*:nani\\.wtf";
}
{
exclusive = true;
regex = "@liberauser_.*:nani\\.wtf";
}
];
};
rate_limited = false;
};
};
};
services.matrix-appservice-irc = { services.matrix-appservice-irc = {
enable = true; enable = true;
registrationUrl = "http://localhost:${toString cfg.port}"; registrationUrl = "http://localhost:${toString cfg.port}";
@ -62,145 +14,64 @@ in {
database = { database = {
engine = "postgres"; engine = "postgres";
# TODO: use unix socket
connectionString = "postgres://matrix-appservice-irc:@localhost:${toString config.services.postgresql.port}/matrix-appservice-irc?sslmode=disable"; connectionString = "postgres://matrix-appservice-irc:@localhost:${toString config.services.postgresql.port}/matrix-appservice-irc?sslmode=disable";
}; };
ircService = { ircService.servers."irc.lainchan.org" = {
mediaProxy.publicUrl = "https://irc-matrix.nani.wtf/media"; name = "lainchan";
port = 6697;
ssl = true;
networkId = "ircLainchanOrg";
servers = { botConfig.enable = false;
"irc.libera.chat" = {
name = "libera";
port = 6697;
ssl = true;
networkId = "ircLiberaChat";
botConfig.enable = false; dynamicChannels = {
enabled = true;
createAlias = true;
aliasTemplate = "#lainchanirc_$CHANNEL";
published = true;
useHomeserverDirectory = true;
joinRule = "public";
federate = true;
};
dynamicChannels = { matrixClients = {
enabled = true; userTemplate = "@lainanon_$NICK";
createAlias = true; };
aliasTemplate = "#liberairc_$CHANNEL";
published = true; ircClients = {
useHomeserverDirectory = true; nickTemplate = "$LOCALPART[m]";
joinRule = "public"; allowNickChanges = true;
federate = true; };
membershipLists = {
enabled = true;
global = {
ircToMatrix = {
initial = true;
incremental = true;
}; };
matrixToIrc = {
matrixClients = { initial = true;
userTemplate = "@liberauser_$NICK"; incremental = true;
}; };
ircClients = {
nickTemplate = "$LOCALPART[m]";
allowNickChanges = true;
};
membershipLists = {
enabled = true;
global = {
ircToMatrix = {
initial = true;
incremental = true;
};
matrixToIrc = {
initial = true;
incremental = true;
};
};
};
permissions."@h7x4:nani.wtf" = "admin";
# TODO: Port forward
ident.enable = true;
# TODO: Metrics
};
"irc.lainchan.org" = {
name = "lainchan";
port = 6697;
ssl = true;
networkId = "ircLainchanOrg";
botConfig.enable = false;
dynamicChannels = {
enabled = true;
createAlias = true;
aliasTemplate = "#lainchanirc_$CHANNEL";
published = true;
useHomeserverDirectory = true;
joinRule = "public";
federate = true;
};
matrixClients = {
userTemplate = "@lainanon_$NICK";
};
ircClients = {
nickTemplate = "$LOCALPART[m]";
allowNickChanges = true;
};
membershipLists = {
enabled = true;
global = {
ircToMatrix = {
initial = true;
incremental = true;
};
matrixToIrc = {
initial = true;
incremental = true;
};
};
};
permissions."@h7x4:nani.wtf" = "admin";
# TODO: Port forward
ident.enable = true;
# TODO: Metrics
}; };
}; };
permissions."@h7x4:nani.wtf" = "admin";
# TODO: Port forward
ident.enable = true;
# TODO: Metrics
}; };
}; };
}; };
services.matrix-synapse-next.settings.app_service_config_files = [
config.sops.templates."matrix-appservice-irc-registration.yml".path
];
systemd.services.matrix-appservice-irc = { systemd.services.matrix-appservice-irc = {
enableStrictShellChecks = false;
requires = [ requires = [
"matrix-synapse.service" "matrix-synapse.service"
"postgresql.service" "postgresql.service"
]; ];
serviceConfig.BindReadOnlyPaths = [
"${config.sops.templates."matrix-appservice-irc-registration.yml".path}:/var/lib/matrix-appservice-irc/registration.yml"
];
preStart = lib.mkForce ''
umask 077
# Generate key for crypting passwords
if ! [ -f "${cfg.settings.ircService.passwordEncryptionKeyPath}" ]; then
${pkgs.openssl}/bin/openssl genpkey \
-out "${cfg.settings.ircService.passwordEncryptionKeyPath}" \
-outform PEM \
-algorithm RSA \
-pkeyopt "rsa_keygen_bits:${toString cfg.passwordEncryptionKeyLength}"
fi
if ! [ -f "${cfg.settings.ircService.mediaProxy.signingKeyPath}"]; then
${lib.getExe pkgs.nodejs} ${pkgs.matrix-appservice-irc}/lib/generate-signing-key.js > "${cfg.settings.ircService.mediaProxy.signingKeyPath}"
fi
'';
}; };
} }

View File

@ -1,25 +1,16 @@
{ config, lib, ... }: { secrets, ... }:
let
cfg = config.services.coturn;
in
{ {
sops.secrets."matrix_synapse/turn_shared_secret" = { }; services.coturn = rec {
enable = true;
services.coturn = let
# certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
certName = "nani.wtf";
certDir = config.security.acme.certs.${certName}.directory;
in rec {
enable = false;
no-cli = true; no-cli = true;
no-tcp-relay = true; no-tcp-relay = true;
min-port = 46000; min-port = secrets.ports.matrix.coturn.min;
max-port = 47000; max-port = secrets.ports.matrix.coturn.max;
use-auth-secret = true; use-auth-secret = true;
static-auth-secret-file = config.sops.secrets."matrix_synapse/turn_shared_secret".path; static-auth-secret = secrets.keys.matrix.static-auth-secret;
realm = "turn.nani.wtf"; realm = "turn.nani.wtf";
cert = "${certDir}/cert.pem"; cert = "${secrets.keys.certificates.server.crt}";
pkey = "${certDir}/key.pem"; pkey = "${secrets.keys.certificates.server.key}";
extraConfig = '' extraConfig = ''
# for debugging # for debugging
verbose verbose
@ -49,19 +40,4 @@ in
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
''; '';
}; };
networking.firewall = lib.mkIf cfg.enable {
interfaces.enp2s0 = let
range = [{
from = cfg.min-port;
to = cfg.max-port;
}];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ cfg.listening-port ];
allowedTCPPortRanges = range;
allowedTCPPorts = [ cfg.listening-port ];
};
};
} }

View File

@ -1,4 +1,5 @@
{ pkgs, lib, config, ... }: { { pkgs, lib, config, secrets, ... }: {
imports = [ imports = [
./bridges/matrix-appservice-irc.nix ./bridges/matrix-appservice-irc.nix
@ -8,12 +9,6 @@
./coturn.nix ./coturn.nix
]; ];
sops.secrets."matrix_synapse/registration_secret" = {
owner = "matrix-synapse";
group = "matrix-synapse";
mode = "0440";
};
services.matrix-synapse-next = { services.matrix-synapse-next = {
enable = true; enable = true;
enableNginx = true; enableNginx = true;
@ -30,11 +25,9 @@
settings = { settings = {
turn_uris = let turn_uris = let
inherit (config.services.coturn) realm listening-port; inherit (config.services.coturn) realm;
in [ p = toString secrets.ports.matrix.default;
"turn:${realm}:${toString listening-port}?transport=udp" in ["turn:${realm}:${p}?transport=udp" "turn:${realm}:${p}?transport=tcp"];
"turn:${realm}:${toString listening-port}?transport=tcp"
];
turn_shared_secret = config.services.coturn.static-auth-secret; turn_shared_secret = config.services.coturn.static-auth-secret;
turn_user_lifetime = "1h"; turn_user_lifetime = "1h";
@ -63,7 +56,7 @@
# with the registration shared secret # with the registration shared secret
enable_registration = false; enable_registration = false;
registration_shared_secret_path = config.sops.secrets."matrix_synapse/registration_secret".path; registration_shared_secret = secrets.keys.matrix.registration-shared-secret;
allow_public_rooms_over_federation = true; allow_public_rooms_over_federation = true;
# password_config.enabled = lib.mkForce false; # password_config.enabled = lib.mkForce false;
@ -74,10 +67,16 @@
user = "matrix-synapse"; user = "matrix-synapse";
database = "matrix-synapse"; database = "matrix-synapse";
host = "/var/run/postgresql"; host = "/var/run/postgresql";
port = config.services.postgresql.settings.port; port = secrets.ports.postgres;
}; };
}; };
# TODO: Figure out a way to do this declaratively.
# The files need to be owned by matrix-synapse
app_service_config_files = [
"/var/lib/matrix-synapse/irc-registration.yml"
];
# redis.enabled = true; # redis.enabled = true;
max_upload_size = "100M"; max_upload_size = "100M";
dynamic_thumbnails = true; dynamic_thumbnails = true;
@ -93,4 +92,19 @@
}; };
services.redis.servers."".enable = true; services.redis.servers."".enable = true;
networking.firewall = {
interfaces.enp2s0 = let
range = with config.services.coturn; [ {
from = secrets.ports.matrix.coturn.min;
to = secrets.ports.matrix.coturn.max;
} ];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ secrets.ports.matrix.default ];
allowedTCPPortRanges = range;
allowedTCPPorts = [ secrets.ports.matrix.default ];
};
};
} }

Some files were not shown because too many files have changed in this diff Show More