WIP

kasei: binfmt i686-linux
kasei: add arch nspawn container
2024-10-05 12:10:18 +02:00 · 2024-10-05 12:09:15 +02:00 · 2024-10-05 12:08:58 +02:00 · 2024-10-05 12:07:34 +02:00 · 2024-10-04 16:32:07 +02:00 · 2024-10-02 12:31:10 +02:00
34 changed files with 428 additions and 134 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -95,10 +95,19 @@
        nonrecursive-unstable-pkgs = import nixpkgs-unstable {
          inherit system;
          config.allowUnfree = true;
+          config.segger-jlink.acceptLicense = true;
+          config.permittedInsecurePackages = [
+            "segger-jlink-qt4-794s"
+          ];
        };
      in [
        (self: super: {
-          inherit (nonrecursive-unstable-pkgs) atuin wstunnel;
+          inherit (nonrecursive-unstable-pkgs)
+            atuin
+            wstunnel
+            nrf-udev
+            nrfutil
+            ;
        })

        # https://github.com/NixOS/nixpkgs/pull/251706
@@ -188,6 +197,7 @@
                  useGlobalPkgs = true;
                  extraSpecialArgs = {
                    inherit inputs;
+                    inherit unstable-pkgs;
                    inherit (self) extendedLib;
                    inherit (config) machineVars;
                    secrets = secrets.outputs.settings;
--- a/home/config/xdg/directory-spec-overrides.nix
+++ b/home/config/xdg/directory-spec-overrides.nix
@@ -18,8 +18,12 @@

    GHCUP_USE_XDG_DIRS = "true";

+    __GL_SHADER_DISK_CACHE_PATH = "${cacheHome}/nv";
    ANDROID_USER_HOME = "${dataHome}/android";
    AZURE_CONFIG_DIR = "${dataHome}/azure";
+    BZRPATH = "${configHome}/bazaar";
+    BZR_PLUGIN_PATH = "${dataHome}/bazaar";
+    BZR_HOME = "${cacheHome}/bazaar";
    CARGO_HOME = "${dataHome}/cargo";
    CUDA_CACHE_PATH = "${cacheHome}/nv";
    DOCKER_CONFIG = "${configHome}/docker";
--- a/home/config/xdg/mimetypes.nix
+++ b/home/config/xdg/mimetypes.nix
@@ -95,7 +95,7 @@ let
  vscode = "code.desktop";
  mpv = "mpv.desktop";
  zathura = "org.pwmt.zathura.desktop";
-  sxiv = "sxiv.desktop";
+  nsxiv = "nsxiv.desktop";
  font-viewer = "org.gnome.font-viewer.desktop";
 in {
  xdg.configFile."mimeapps.list".force = true;
@@ -104,7 +104,7 @@ in {
    # associations.added = {};
    # associations.removed = {};
    defaultApplications =
-      (lib.mapAttrs' (_: v: lib.nameValuePair v sxiv) mime.image)
+      (lib.mapAttrs' (_: v: lib.nameValuePair v nsxiv) mime.image)
    // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.audio)
    // (lib.mapAttrs' (_: v: lib.nameValuePair v mpv) mime.video)
    // (lib.mapAttrs' (_: v: lib.nameValuePair v font-viewer) mime.font)
--- a/home/home.nix
+++ b/home/home.nix
@@ -8,18 +8,23 @@ in {

    ./config/xdg

+    ./programs/aria2.nix
    ./programs/atuin.nix
+    ./programs/beets.nix
    ./programs/comma.nix
    ./programs/direnv
    ./programs/gdb.nix
    ./programs/gh.nix
+    ./programs/gh-dash.nix
    ./programs/git
    ./programs/gpg
+    ./programs/jq.nix
    ./programs/less.nix
    ./programs/neovim
    ./programs/nix-index
    ./programs/ssh
    ./programs/tealdeer
+    ./programs/thunderbird.nix
    ./programs/tmux.nix
    ./programs/zsh

@@ -96,9 +101,17 @@ in {
    sessionVariables = {
      CARGO_NET_GIT_FETCH_WITH_CLI = "true";
      PYTHONSTARTUP = "${config.xdg.configHome}/python/pyrc";
+      _JAVA_AWT_WM_NONREPARENTING = "1";
    };
  };

+  xsession = {
+    enable = true;
+    # TODO: declare using xdg config home
+    scriptPath = ".config/X11/xsession";
+    profilePath = ".config/X11/xprofile";
+  };
+
  xdg.configFile = {
    "ghc/ghci.conf".text = ''
      :set prompt "${extendedLib.termColors.front.magenta "[GHCi]λ"} "
@@ -172,10 +185,7 @@ in {

  qt = mkIf graphics {
    enable = true;
-    platformTheme.name = "gtk";
-    style = {
-      name = "adwaita-dark";
-      package = pkgs.adwaita-qt;
-    };
+    platformTheme.name = "adwaita";
+    style.name = "adwaita-dark";
  };
 }
--- a/home/packages.nix
+++ b/home/packages.nix
@@ -1,7 +1,6 @@
 { pkgs, config, machineVars, ... }:
 {
  home.packages = with pkgs; [
-    beets
    binutils
    cloc
    cyme
@@ -12,18 +11,18 @@
    duff
    ffmpeg
    file
-    gh-dash
    glances
    gpg-tui
    gping
    graphviz
+    hexyl
    httpie
    imagemagick
-    jq
    kepubify
    # keybase
    keymapviz
    libwebp
+    lnav
    lolcat
    mdcat
    mediainfo
@@ -33,7 +32,6 @@
    mtr
    neofetch
    nix-diff
-    nix-index
    nix-output-monitor
    nix-tree
    nix-update
@@ -44,6 +42,7 @@
    pandoc
    parallel
    progress
+    pwntools
    python3
    rclone
    ripgrep
@@ -82,17 +81,18 @@
      alsa-utils
      anki
      ark
-      birdtray
      calibre
      cool-retro-term
      darktable
      discord
      element-desktop
      geogebra
+      ghidra
      gimp
      gnome.gnome-font-viewer
      gnome.seahorse
      google-chrome
+      imhex
      inkscape
      insomnia
      iwgtk
@@ -109,6 +109,7 @@
      mopidy-youtube
      mpc_cli
      naps2
+      nsxiv
      nyxt
      obsidian
      # pcloud
@@ -119,11 +120,9 @@
      slack
      # sublime3
      # swiPrologWithGui
-      sxiv
      tagainijisho

      tenacity
-      thunderbird
      # transcribe
      wireshark
      xcalib
--- a/home/programs/aria2.nix
+++ b/home/programs/aria2.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.aria2.enable = true;
+}
--- a/home/programs/beets.nix
+++ b/home/programs/beets.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.beets.enable = true;
+}
--- a/home/programs/browser/bookmarks.nix
+++ b/home/programs/browser/bookmarks.nix
@@ -9,7 +9,7 @@ in [
  (link "GitHub" "http://github.com")
  (short "/u/" "danger/u/" "https://dangeru.us/")
  (link "PVV" "https://www.pvv.ntnu.no/")
-  (short "PVVM" "PVV Mail" "https://webmail2.pvv.ntnu.no/roundcube/")
+  (short "PVVM" "PVV Mail" "https://webmail.pvv.ntnu.no/roundcube/")
  (short "ΩV" "Omega Verksted" "https://omegav.no/")

  (dir "Nix" [
@@ -31,21 +31,34 @@ in [
  ])

  (dir "CTF" [
-    (link "HackTheBox" "https://www.hackthebox.eu/")
-    (link "TryHackMe" "https://tryhackme.com/dashboard")
-    (link "OverTheWire" "https://overthewire.org/wargames/")
-    (link "NetGarage" "https://io.netgarage.org/")
+    (link "Revshells" "https://revshells.com/")
    (link "Exploit Education" "http://exploit.education/")
+    (link "Webhook" "https://webhook.site")
+    (link "CyberChef" "https://gchq.github.io/CyberChef/")
+    (link "Aperisolve" "https://www.aperisolve.com/")
+    (link "how2heap" "https://github.com/shellphish/how2heap")
+    (link "Heap Search" "https://kissprogramming.com/heap/heap-search")
+    (link "CrackStation" "https://crackstation.net/")
+    (link "FactorDB" "http://factordb.com/")
+    (link "Syscalls" "https://syscalls.w3challs.com/")
+    (link "DogBolt" "https://dogbolt.org/")
+    (link "HackTricks" "https://book.hacktricks.xyz/")
+    (dir "Practise" [
+      (link "S2G" "https://s2gctf.ncr.ntnu.no")
+      (link "Pico CTF" "https://play.picoctf.org/practice")
+      (link "Pwn college" "https://pwn.college/")
+      (link "HackTheBox" "https://www.hackthebox.eu")
+      (link "Crackmes" "https://crackmes.one")
+      (link "Nightmare" "https://guyinatuxedo.github.io/")
+    ])
  ])

  (dir "Misc & Tools" [
    (link "ASCIIFlow" "https://asciiflow.com/#/")
    (link "CopyChar" "https://copychar.cc/")
-    (link "CyberChef" "https://gchq.github.io/CyberChef/")
    (link "Device Info" "https://www.deviceinfo.me/")
    (link "Diagrams" "https://app.diagrams.net/")
    (link "FakeMail" "http://www.fakemailgenerator.com/")
-    (link "FilePizza" "https://file.pizza/")
    (link "IPLeak" "https://ipleak.net/")
    (link "LaTeX" "https://www.codecogs.com/latex/eqneditor.php")
    (link "ManualsLib" "https://www.manualslib.com/")
--- a/home/programs/gh-dash.nix
+++ b/home/programs/gh-dash.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.gh-dash.enable = true;
+}
--- a/home/programs/gh.nix
+++ b/home/programs/gh.nix
@@ -4,7 +4,7 @@
    enable = true;
    settings = {
      gitProtocol = "ssh";
-      pager = "${pkgs.bat}/git/bat";
+      pager = "${pkgs.bat}/bin/bat";
      aliases = {
        co = "pr checkout";
        pv = "pr view";
--- a/home/programs/git/default.nix
+++ b/home/programs/git/default.nix
@@ -53,6 +53,7 @@ in
        forcepush = "push --force-with-lease --force-if-includes";
        authors = "shortlog --summary --numbered --email";
        si = "switch-interactive";
+        subs = "submodule update --init --recursive";
        rebase-author = "rebase -i -x \"git commit --amend --reset-author -CHEAD\"";
        git = "!git";
      };
@@ -128,6 +129,8 @@ in
          submodule = "log";
        };

+        pager.show = lib.getExe pkgs.bat;
+
        status = {
          showUntrackedFiles = "all";
          relativePaths = true;
@@ -259,6 +262,14 @@ in
      runtimeInputs = with pkgs; [ cfg.package coreutils ];
      text = lib.fileContents ./scripts/git-tcommit.sh;
    })
+    (pkgs.writeShellApplication {
+      name = "git-tmcommit";
+      runtimeInputs = with pkgs; [ cfg.package coreutils ];
+      text = lib.pipe ./scripts/git-tcommit.sh [
+        lib.fileContents
+        (builtins.replaceStrings ["hours" "tcommit"] ["minutes" "tmcommit"])
+      ];
+    })
    (pkgs.writeShellApplication {
      name = "git-switch-interactive";
      runtimeInputs = with pkgs; [ cfg.package fzf gnused coreutils ];
--- a/home/programs/git/scripts/git-tcommit.sh
+++ b/home/programs/git/scripts/git-tcommit.sh
@@ -1,5 +1,10 @@
 set -euo pipefail

+if [[ $# -lt 1 ]]; then
+  echo "Usage: git tcommit [-]<hours>"
+  exit 1
+fi
+
 HOUR_SHIFT="$1"
 shift

--- a/home/programs/jq.nix
+++ b/home/programs/jq.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.jq.enable = true;
+}
--- a/home/programs/newsboat/sources.nix
+++ b/home/programs/newsboat/sources.nix
@@ -3,40 +3,45 @@ let
  mkSource = tags: url: { inherit tags url; };
 in {
  programs.newsboat.urls = [
-    (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
-    (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
-    (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
-    (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
-    (mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml")
-    (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
    (mkSource [ "tech" "linux" ] "https://archlinux.org/feeds/news/")
-    (mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/")
-    (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org//blog/announcements-rss.xml")
-    (mkSource [ "tech" "linux" ] "https://www.digitalneanderthal.com/index.xml")
+    (mkSource [ "tech" "linux" "nixos" ] "https://nixos.org/blog/announcements-rss.xml")
    (mkSource [ "tech" "ntnu" ] "https://omegav.no/newsrss")
-    (mkSource [ "tech" ] "https://code.visualstudio.com/feed.xml")
+    (mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
+    (mkSource [ "tech" ] "https://blog.hackeriet.no/feed.xml")
+    (mkSource [ "tech" ] "https://fribyte.no/rss.xml")
+    (mkSource [ "tech" ] "https://existentialtype.wordpress.com/feed/")
+    (mkSource [ "tech" "linux" "ntnu" ] "https://wiki.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=90&limit=50&action=feedrecentchanges&format=xml")
+    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
+    (mkSource [ "tech" "linux" ] "http://xahlee.info/comp/blog.xml")
+    (mkSource [ "tech" ] "https://branchfree.org/feed/")
+    (mkSource [ "tech" ] "https://search.marginalia.nu/news.xml")
+    (mkSource [ "tech" "linux" ] "https://bartoszmilewski.com/feed/")
+    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/atom-feed.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://blog.ysndr.de/atom.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://kaushikc.org/atom.xml")
    (mkSource [ "tech" "linux" "nixos" ] "https://ianthehenry.com/feed.xml")
-    (mkSource [ "tech" "linux" "ntnu" ] "https://www.pvv.ntnu.no/w/api.php?hidebots=1&urlversion=1&days=7&limit=50&action=feedrecentchanges&feedformat=atom")
-    (mkSource [ "ntnu" ] "https://varsel.it.ntnu.no/subscribe/rss/")
    (mkSource [ "tech" "linux" "japanese" ] "https://www.ncaq.net/feed.atom")
-    (mkSource [ "tech" "linux" "haskell" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://williamyaoh.com/feed.atom")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
-    (mkSource [ "tech" "haskell" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
-    (mkSource [ "tech" "haskell" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
-    (mkSource [ "tech" "haskell" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
-    (mkSource [ "tech" "haskell" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
-    (mkSource [ "tech" "flutter" ] "https://resocoder.com/feed/")
-    (mkSource [ "tech" "compilers" ] "https://existentialtype.wordpress.com/feed/")
-    (mkSource [ "tech" "compilers" "haskell" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
+    (mkSource [ "tech" "linux" "nixos" "emacs" "japanese" ] "https://apribase.net/program/feed")
+    (mkSource [ "tech" "linux" "nixos" "functional-programming" ] "https://www.haskellforall.com/feeds/posts/default")
+    (mkSource [ "tech" "linux" "nixos" ] "https://christine.website/blog.rss")
+    (mkSource [ "tech" "functional-programming" "nixos" ] "https://markkarpov.com/feed.atom")
+    (mkSource [ "tech" "functional-programming" ] "https://williamyaoh.com/feed.atom")
+    (mkSource [ "tech" "functional-programming" ] "https://www.parsonsmatt.org/feed.xml")
+    (mkSource [ "tech" "functional-programming" "python" ] "http://blog.ezyang.com/feed/")
+    (mkSource [ "tech" "functional-programming" ] "https://lexi-lambda.github.io/feeds/all.rss.xml")
+    (mkSource [ "tech" "functional-programming" ] "https://www.stephendiehl.com/feed.rss")
+    (mkSource [ "tech" "functional-programming" "emacs" ] "https://chrisdone.com/rss.xml")
+    (mkSource [ "tech" ] "https://go.dev/blog/feed.atom")
+    (mkSource [ "tech" "linux" ] "https://jfx.ac/blog/index.xml")
+    (mkSource [ "tech" "linux" ] "https://lukesmith.xyz/rss.xml")
+    (mkSource [ "japanese" "language" ] "https://www.outlier-linguistics.com/blogs/japanese.atom")
    (mkSource [ "language" ] "https://feeds.feedburner.com/blogspot/Ckyi")
-    (mkSource [ "tech" "compilers" ] "https://go.dev/blog/feed.atom")
-    (mkSource [ "tech" "linux" "nixos" ] "https://myme.no/feed.xml")
-    (mkSource [ "tech" "linux" "nixos" "compilers" ] "https://flyx.org/feed.xml")
-    (mkSource [ "tech" "linux" ] "https://blog.jfx.ac/feed.xml")
-    (mkSource [ "tech" "linux" "nixos" ] "https://dandellion.xyz/atom.xml")
+    (mkSource [ "japanese" "language" "old" ] "http://feeds.feedburner.com/LocalizingJapan")
+    (mkSource [ "tech" "vim" "old" ] "https://castel.dev/rss.xml")
+    (mkSource [ "tech" "functional-programming" "old" ] "https://skilpat.tumblr.com/rss")
+    (mkSource [ "tech" ] "https://resocoder.com/feed/")
+
+    # Broken?
+    (mkSource [ "tech" "linux" "nixos" ] "https://flyx.org/feed.xml")
  ];
 }
--- a/home/programs/ssh/pvv.nix
+++ b/home/programs/ssh/pvv.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, extendedLib, ... }:
+{ pkgs, lib, ... }:
 let
  adminUser = "root";
  normalUser = "oysteikt";
@@ -10,26 +10,35 @@ let
      proxyJump = lib.mkDefault null;
      addressFamily = "inet";
    }
-    "dagali"
-    "drolsum"
-    "demiurgen"
-    "eirin"
    [ "bekkalokk" "pvv-web" "pvv-wiki" "pvv-webmail" ]
-    "ildkule"
-    "shark"
-    "buskerud"
    [ "bicep" "pvv-databases" ]
    "bob"
-    "knutsen"
+    [ "brzeczyszczykiewicz" "brez" "bokhylle" ]
+    "buskerud"
+    "dagali"
+    "demiurgen"
+    "drolsum"
+    "eirin"
+    "georg"
+    "ildkule"
    "isvegg"
-    "tom"
+    "knutsen"
    [ "microbel" "pvv-users" "pvv-mail" ]
+    "orchid"
+    "shark"
+    "tallulah"
+    "tom"
+    "venture"
  ];

  rootMachines = [
-    [ "sleipner" "pvv-salt" ]
+    [ "ameno" "pvv-dns" ]
    [ "balduzius" "pvv-krb" ]
    [ "innovation" "pvv-minecraft" ]
+    "ludvigsen"
+    [ "principal" "pvv-backup" ]
+    [ "skrott" "dibbler" ]
+    [ "sleipner" "pvv-salt" ]
  ];

  # Either( String [String] AttrSet{String} ) -> AttrSet{String}
@@ -79,16 +88,17 @@ let
    machines: pipe machines pipeline;
 in
  {
-    programs.ssh.matchBlocks = (extendedLib.attrsets.concatAttrs [
+    programs.ssh.matchBlocks = lib.mergeAttrsList [
      (convertMachinesWith convertNormalMachine normalMachines)
      (convertMachinesWith convertAdminMachine rootMachines)
-    ]) // {
-      "pvv-git git.pvv.ntnu.no" = {
-        hostname = "git.pvv.ntnu.no";
-        user = "gitea";
-        addressFamily = "inet";
-        port = 2222;
-        proxyJump = "pvv";
-      };
-    };
+      {
+        "pvv-git git.pvv.ntnu.no" = {
+          hostname = "git.pvv.ntnu.no";
+          user = "gitea";
+          addressFamily = "inet";
+          port = 2222;
+          proxyJump = "pvv";
+        };
+      }
+    ];
  }
--- a/home/programs/thunderbird.nix
+++ b/home/programs/thunderbird.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, lib, machineVars, ... }:
+let
+  cfg = config.programs.thunderbird;
+in
+{
+  programs.thunderbird = {
+    enable = !machineVars.headless;
+    profiles.h7x4 = {
+      isDefault = true;
+      withExternalGnupg = true;
+    };
+  };
+
+
+  home.packages = lib.mkIf cfg.enable (with pkgs; [
+    birdtray
+  ]);
+}
--- a/home/programs/vscode/default.nix
+++ b/home/programs/vscode/default.nix
@@ -24,7 +24,7 @@ in
    onChange = ''install -m660 $(realpath "${configFilePath}.ro") "${configFilePath}"'';
  };

-  programs.vscode ={
+  programs.vscode = {
    enable = true;

    package = pkgs.vscode;
@@ -296,7 +296,7 @@ in
      # jock.svg
      # ms-azuretools.vscode-docker
      # ms-toolsai.jupyter
-      ms-vscode-remote.remote-ssh
+      # ms-vscode-remote.remote-ssh
      # ms-vsliveshare.vsliveshare
      bbenoist.nix
      christian-kohler.path-intellisense
@@ -318,8 +318,12 @@ in
      rust-lang.rust-analyzer
      mkhl.direnv
      waderyan.gitblame
-      # vs-liveshare
      vscodevim.vim
+      hbenl.vscode-test-explorer
+      # vitaliymaz.vscode-svg-previewer
+      ms-vscode.test-adapter-converter
+      visualstudioexptteam.vscodeintellicode
+      tamasfe.even-better-toml
    ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
      {
        name = "monokai-st3";
@@ -327,47 +331,17 @@ in
        version = "0.2.0";
        sha256 = "1rvz5hlrfshy9laybxzvrdklx328s13j0lb8ljbda9zkadi3wcad";
      }
-      {
-        name = "vscode-svgviewer";
-        publisher = "cssho";
-        version = "2.0.0";
-        sha256 = "06swlqiv3gc7plcbmzz795y6zwpxsdhg79k1n3jj6qngfwnv2p6z";
-      }
      {
        name = "comment-anchors";
        publisher = "ExodiusStudios";
-        version = "1.10.3";
-        sha256 = "sha256-IyiiS4jpcghwKI0j8s69uGNZlKnZ0o78ZCT0oZeJER0=";
-      }
-      {
-        name = "vscode-test-explorer";
-        publisher = "hbenl";
-        version = "2.21.1";
-        sha256 = "022lnkq278ic0h9ggpqcwb3x3ivpcqjimhgirixznq0zvwyrwz3w";
+        version = "1.10.4";
+        sha256 = "sha256-FvfjPpQsgCsnY1BylhLCM/qDQChf9/iTr3cKkCGfMVI=";
      }
      {
        name = "vscode-gutter-preview";
        publisher = "kisstkondoros";
-        version = "0.29.0";
-        sha256 = "00vibv9xmhwaqiqzp0y2c246pqiqfjsw4bqx4vcdd67pz1wnqhg1";
-      }
-      {
-        name = "test-adapter-converter";
-        publisher = "ms-vscode";
-        version = "0.1.9";
-        sha256 = "sha256-M53jhAVawk2yCeSrLkWrUit3xbDc0zgCK2snbK+BaSs=";
-      }
-      # {
-      #   name = "indent-rainbow";
-      #   publisher = "oderwat";
-      #   version = "8.2.2";
-      #   sha256 = "1xxljwh66f21fzmhw8icrmxxmfww1s67kf5ja65a8qb1x1rhjjgf";
-      # }
-      {
-        name = "vscodeintellicode";
-        publisher = "VisualStudioExptTeam";
-        version = "1.2.30";
-        sha256 = "sha256-f2Gn+W0QHN8jD5aCG+P93Y+JDr/vs2ldGL7uQwBK4lE=";
+        version = "0.31.2";
+        sha256 = "sha256-2/RvDSsVL06UmNG9HchXaJMJ4FYtnpuJ2Bn53JVv1t8=";
      }
      {
        name = "keyboard-quickfix";
--- a/home/programs/xmonad/xmonad.hs
+++ b/home/programs/xmonad/xmonad.hs
@@ -86,14 +86,16 @@ myScratchpads = [ NS "ncmpcpp"     spawnNC findNC layoutA
  where
    spawnNC = myTerminal ++ " --title ncmpcppScratchpad -e ncmpcpp"
    spawnTM = myTerminal ++ " --class floatingTerminal -e tmux new-session -A -s f"
+    spawnTW = myTerminal ++ " --class taskWarriorTerminal -e taskwarrior-tui"
    -- spawnMX = "element"
    spawnFB = "thunar --class=floatingThunar"
    spawnEX = "emacs --name=floatingEmacs"
-    spawnSC = "sxiv -N floatingSchedule ~/uni/schedule.png"
+    spawnSC = "nsxiv -N floatingSchedule ~/uni/schedule.png"
    spawnHP = "echo \"" ++ help ++ "\" | xmessage -file -"

    findNC = title =? "ncmpcppScratchpad"
    findTM = className =? "floatingTerminal"
+    findTW = className =? "taskWarriorTerminal"
    findSC = className =? "floatingSchedule"
    -- findMX = className =? "element"
    findFB = className =? "floatingThunar"
@@ -168,7 +170,7 @@ myKeys conf@(XConfig {XMonad.modMask = modm}) = M.fromList $
    , ((modm .|. shiftMask , xK_space ),    spawn $ myTerminal ++ " -e tmux")

    -- , ((modm               , xK_v ),        spawn "rofi -modi lpass:$HOME/.scripts/rofi/lpass//rofi-lpass -show lpass")
-    , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
+    -- , ((modm .|. shiftMask, xK_d     ), viewDropboxStatus)
    ]

 termIsOpen :: X Bool
--- a/home/programs/zed/default.nix
+++ b/home/programs/zed/default.nix
@@ -1,6 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, unstable-pkgs, lib, ... }:
 {
-  home.packages = with pkgs; [ zed-editor ];
+  home.packages = with unstable-pkgs; [ zed-editor ];

  xdg.configFile."zed/settings.json".source = let
    format = pkgs.formats.json { };
--- a/home/services/polybar.nix
+++ b/home/services/polybar.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, machineVars, ... }: let
+{ pkgs, lib, config, machineVars, ... }: let
  colors = config.colors.defaultColorSet;
 in {
  services.polybar = {
@@ -11,13 +11,23 @@ in {
    package = pkgs.polybar.override {
      githubSupport = true;
      mpdSupport = true;
+      pulseSupport = true;
    };

    settings = {
+      "module/tray" = {
+        type = "internal/tray";
+
+        # padding = 4;
+        tray-spacing = "8px";
+        tray-maxsize = "25px";
+        # tray-background = colors.background;
+      };
+
      "bar/top" = {
        bottom = false;
        # monitor =
-        tray.position = "right";
+        # tray.position = "right";

        background = colors.background;
        foreground = colors.foreground;
@@ -41,19 +51,20 @@ in {
          left = "xmonad";
          center = "date";
          right = builtins.concatStringsSep " " [
-            "filesystem "
-            (if machineVars.wlanInterface != null then "wlan " else "")
-            (if machineVars.battery != null then "batt " else "")
-            "vol"
+            "filesystem"
+            (lib.optionalString (machineVars.wlanInterface != null) "wlan")
+            (lib.optionalString (machineVars.battery != null) "batt")
+            "pulseaudio"
            "mpd"
+            "tray"
          ];
        };

-        tray = {
-          padding = 4;
-          maxsize = 25;
-          background = colors.background;
-        };
+        # tray = {
+        #   padding = 4;
+        #   maxsize = 25;
+        #   background = colors.background;
+        # };
      };

      "module/xmonad" = {
@@ -155,15 +166,15 @@ in {
        };
      };

-      "module/vol" = {
-        type = "internal/alsa";
+      "module/pulseaudio" = {
+        type = "internal/pulseaudio";
        # format-volume = "<bar-volume>}"
        # format-volume = "%{A1:bash -c '~/.scripts/get-volume' &:}<bar-volume>%{A}"
        # format-volume = <label-volume> <bar-volume>

        # format-volume-padding = 1
        # format-muted-padding = 1
-        format-volume = "%{T3}%{T-} <label-volume> <bar-volume>";
+        format-volume = "  <label-volume> <bar-volume>";
        # label-volume = 
        label-volume-foreground = colors.magenta;
        # format-muted-foreground = "${colors.foreground-alt}";
@@ -273,9 +284,11 @@ in {
        # Default: false
        fixed-values = true;

-        # Spacing (number of spaces, pixels, points) between entries
-        # Default: 2
-        spacing = 4;
+        # Margin (number of spaces, pixels, or points) to add before/after each module
+        # Individual side values can be defined using:
+        #   module-margin-{left,right}
+        module-margin = "16px";
+        # spacing = "16px";

        # Default: 90
        # New in version 3.6.0
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, unstable-pkgs, lib, extendedLib, config, inputs, secrets, ... }:
+{ config, pkgs, lib, extendedLib, ... }:
 let
  inherit (config) machineVars;
 in {
@@ -12,7 +12,9 @@ in {
    ./programs/ssh.nix
    ./programs/usbtop.nix

+    ./services/cups.nix
    ./services/dbus.nix
+    ./services/logrotate.nix
    ./services/openssh.nix
    ./services/pcscd.nix
    ./services/pipewire.nix
@@ -129,6 +131,8 @@ in {
      touchpad.disableWhileTyping = true;
    };

+    irqbalance.enable = true;
+
    displayManager.defaultSession = "none+xmonad";
  };

--- a/hosts/common/services/cups.nix
+++ b/hosts/common/services/cups.nix
@@ -0,0 +1,71 @@
+{ config, lib, ... }:
+{
+  systemd.services = lib.mkIf config.services.printing.enable {
+    cups.serviceConfig = {
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectClock= true;
+      ProtectControlGroups = true;
+      ProtectHostname = true; 
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      PrivateDevices = true;
+      NoNewPrivileges = true;
+      # User =
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DevicePolicy = "closed";
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      RemoveIPC = true;
+      # RestrictAddressFamilies = [ "" ];
+      RestrictNamespaces=true;
+      RestrictRealtime=true;
+      RestrictSUIDSGID=true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+      ];
+      UMask = "0077";
+    };
+    cups-browsed.serviceConfig = {
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectClock= true;
+      ProtectControlGroups = true;
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      PrivateDevices = true;
+      NoNewPrivileges = true;
+      # User =
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DevicePolicy = "closed";
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      PrivateUsers = true;
+      RemoveIPC = true;
+      # RestrictAddressFamilies = [ "" ];
+      RestrictNamespaces=true;
+      RestrictRealtime=true;
+      RestrictSUIDSGID=true;
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+        "~@privileged"
+      ];
+      UMask = "0077";
+    };
+  };
+}
--- a/hosts/common/services/logrotate.nix
+++ b/hosts/common/services/logrotate.nix
@@ -0,0 +1,42 @@
+{ ... }:
+{
+  # source: https://github.com/logrotate/logrotate/blob/main/examples/logrotate.service
+  systemd.services.logrotate = {
+    documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ];
+    unitConfig.RequiresMountsFor = "/var/log";
+    serviceConfig = {
+      Nice = 19;
+      IOSchedulingClass = "best-effort";
+      IOSchedulingPriority = 7;
+
+      ReadWritePaths = [ "/var/log" ];
+
+      AmbientCapabilities = [ "" ];
+      CapabilityBoundingSet = [ "" ];
+      DeviceAllow = [ "" ];
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      NoNewPrivileges = true; # disable for third party rotate scripts
+      PrivateDevices = true;
+      PrivateNetwork = true; # disable for mail delivery
+      PrivateTmp = true;
+      ProtectClock = true;
+      ProtectControlGroups = true;
+      ProtectHome = true; # disable for userdir logs
+      ProtectHostname = true;
+      ProtectKernelLogs = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectProc = "invisible";
+      ProtectSystem = "full";
+      RestrictNamespaces = true;
+      RestrictRealtime = true;
+      RestrictSUIDSGID = true; # disable for creating setgid directories
+      SocketBindDeny = [ "any" ];
+      SystemCallArchitectures = "native";
+      SystemCallFilter = [
+        "@system-service"
+      ];
+    };
+  };
+}
--- a/hosts/dosei/configuration.nix
+++ b/hosts/dosei/configuration.nix
@@ -3,6 +3,8 @@
  imports = [
    ./hardware-configuration.nix

+    ./programs/nrfutil.nix
+
    ./services/avahi.nix
    ./services/docker.nix
    ./services/jenkins.nix
--- a/hosts/dosei/programs/nrfutil.nix
+++ b/hosts/dosei/programs/nrfutil.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    nrfutil
+    nrfconnect
+    nrf-command-line-tools
+  ];
+
+  services.udev.packages = with pkgs; [
+    nrf-udev
+    segger-jlink
+  ];
+}
--- a/hosts/dosei/services/journald-remote.nix
+++ b/hosts/dosei/services/journald-remote.nix
@@ -0,0 +1,19 @@
+{ ... }:
+{
+  # TODO: Reproducible certificates
+  services.journald.remote = {
+    enable = true;
+    settings.Remote = {
+      # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
+      # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
+      ServerKeyFile = "/etc/journald-remote-certs/key.pem";
+      ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
+      TrustedCertificateFile = "-";
+    };
+  };
+
+  # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
+  #   "key.pem:/etc/journald-remote-certs/key.pem"
+  #   "cert.pem:/etc/journald-remote-certs/cert.pem"
+  # ];
+}
--- a/hosts/europa/configuration.nix
+++ b/hosts/europa/configuration.nix
@@ -5,6 +5,7 @@

    ./services/avahi.nix
    ./services/docker.nix
+    ./services/journald-remote.nix
  ];

  boot.loader.systemd-boot.enable = true;
--- a/hosts/europa/services/journald-remote.nix
+++ b/hosts/europa/services/journald-remote.nix
@@ -0,0 +1,14 @@
+{ ... }:
+{
+  services.journald.upload = {
+    enable = true;
+    settings.Upload = {
+      URL = "https://10.250.14.105:19532";
+      # ServerKeyFile = toString ./key.pem;
+      # ServerCertificateFile = toString ./cert.pem;
+      ServerKeyFile = "-";
+      ServerCertificateFile = "-";
+      TrustedCertificateFile = "-";
+    };
+  };  
+}
--- a/hosts/kasei/configuration.nix
+++ b/hosts/kasei/configuration.nix
@@ -2,6 +2,7 @@
 {
  imports = [
    ./services/avahi.nix
+    ./services/btrfs.nix
    ./services/docker.nix
    ./services/libvirtd.nix
    ./services/logiops.nix
@@ -10,12 +11,16 @@
    ./services/tailscale.nix
    ./services/keybase.nix

+    ./nspawn-containers/arch.nix
+  ];
+
  system.stateVersion = "22.05";

  boot.binfmt.emulatedSystems = [
    "x86_64-windows"
    "aarch64-linux"
    "armv7l-linux"
+    "i686-linux"
  ];

  nix.settings.system-features = [
--- a/hosts/kasei/nspawn-containers/arch.nix
+++ b/hosts/kasei/nspawn-containers/arch.nix
@@ -0,0 +1,28 @@
+{ ... }:
+{
+  systemd.targets.machines.enable = true;
+
+  systemd.nspawn."arch" = {
+    enable = true;
+    execConfig.Boot = true;
+
+    filesConfig = {
+      BindReadOnly = [
+        "/nix/store"
+        # "/etc/resolv.conf:/etc/resolv.conf"
+      ];
+      Bind = [
+        "/home/h7x4/git"
+        "/home/h7x4/pico"
+        "/home/h7x4/Downloads"
+      ];
+    };
+    networkConfig.Private = false;
+  };
+
+  systemd.services."systemd-nspawn@arch" = {
+    enable = true;
+    requiredBy = [ "machines.target" ];
+    overrideStrategy = "asDropin";
+  };
+}
--- a/hosts/kasei/services/btrfs.nix
+++ b/hosts/kasei/services/btrfs.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  services.btrfs.autoScrub.enable = true;
+}
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -7,9 +7,6 @@ in rec {
  mapToAttrsWithConst = constant: items:
    listToAttrs (map (name: nameValuePair name constant) items);

-  # [AttrSet] -> AttrSet
-  concatAttrs = foldr (a: b: a // b) {};
-
  # (Int -> String -> a -> a) -> AttrSet -> AttrSet
  imap0Attrs = f: set:
    listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));
--- a/package-overrides/fcitx5-mozc.nix
+++ b/package-overrides/fcitx5-mozc.nix
@@ -1,3 +1,5 @@
+# Dogfooding of https://github.com/NixOS/nixpkgs/pull/251706
+
 { bazel
 , buildBazelPackage
 , fcitx5
--- a/package-overrides/mozc.nix
+++ b/package-overrides/mozc.nix
@@ -1,3 +1,5 @@
+# Dogfooding of https://github.com/NixOS/nixpkgs/pull/251706
+
 { bazel
 , buildBazelPackage
 , fetchFromGitHub
Author	SHA1	Message	Date
h7x4	f6d0847c39	WIP	2024-10-05 12:10:18 +02:00
h7x4	17f019cbc0	kasei: binfmt i686-linux	2024-10-05 12:09:15 +02:00
h7x4	db82ee3419	kasei: add arch nspawn container	2024-10-05 12:08:58 +02:00
h7x4	b3e782d716	home/git: add tmcommit script	2024-10-05 12:07:34 +02:00
h7x4	40d5a8af88	home/git: add alias for fetching submodules	2024-10-04 16:32:07 +02:00
h7x4	9115c0c5c2	home/git: set pager	2024-10-02 12:31:10 +02:00
h7x4	1d8c2752f5	hosts/common: remove unused module args	2024-09-26 10:23:14 +02:00
h7x4	7500197568	extendedLib: attrsets.concatAttrs -> lib.mergeAttrsList	2024-09-26 10:14:42 +02:00
h7x4	0ea394dbf9	home/qt: fix theme	2024-09-26 10:06:52 +02:00
h7x4	f7030546a5	home/xsession: set	2024-09-26 10:06:52 +02:00
h7x4	7d80f6941f	home/packages: sxiv -> nsxiv	2024-09-26 10:06:52 +02:00
h7x4	ea541f2f2b	home: prefer modules for some packages	2024-09-26 09:56:38 +02:00
h7x4	7d7d0868ce	dosei: install nrf tools	2024-09-25 13:00:06 +02:00
h7x4	d47f1102e6	home/browser: update bookmarks	2024-09-25 12:19:04 +02:00
h7x4	bd1cbe53b9	home/newsboat: update sources	2024-09-25 12:18:30 +02:00
h7x4	7c79a6c37b	europa: enable journald-remote	2024-09-04 10:35:34 +02:00
h7x4	fbd5b3798b	dosei: enable journald-remote	2024-09-04 10:33:16 +02:00
h7x4	e8db1d6612	home/packages: add a few more packages	2024-09-04 10:31:47 +02:00
h7x4	46e12cfc9e	home/vscode: nit	2024-09-04 10:30:29 +02:00
h7x4	2b81c752f0	home/zed: use unstable package	2024-09-04 10:30:00 +02:00
h7x4	c533a7df56	home/ssh: add missing pvv hosts	2024-09-04 10:29:31 +02:00
h7x4	3de3b459ad	home/gh: fix pager	2024-09-04 10:29:16 +02:00
h7x4	28364a66f1	home: enable _JAVA_AWT_WM_NONPARENTING	2024-09-04 10:28:54 +02:00
h7x4	94bddadd50	common: harden logrotate	2024-08-27 14:54:33 +02:00
h7x4	810311bbc2	common: harden cups	2024-08-27 14:54:16 +02:00
h7x4	0a5e8774c7	home/packages: add `lnav`	2024-08-27 14:53:38 +02:00
h7x4	f8bd568bd6	home/aria2: init	2024-08-24 01:58:39 +02:00
h7x4	20296fa754	home/vscode: update extensions	2024-08-24 01:53:18 +02:00
h7x4	d7a6ac7c81	kasei: enable btrfs scrubbing	2024-08-24 01:45:35 +02:00
h7x4	dc947a2edc	common: enable services.irqbalance	2024-08-24 01:45:02 +02:00
h7x4	2d34226781	package-overrides: add links to pr	2024-08-19 23:12:14 +02:00
h7x4	d7d83da9a6	home/xdg: add some more directory spec envvars	2024-08-16 12:39:57 +02:00