diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 6ae6746..e276cbf 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ jobs: - titan os: - ubuntu-latest - runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -28,28 +27,27 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - - uses: nixbuild/nix-quick-install-action@master - + - name: Install Nix + uses: cachix/install-nix-action@v30 + with: + install_url: https://releases.nixos.org/nix/nix-2.25.4/install + extra_nix_config: 'accept-flake-config = true' - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -67,9 +65,7 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel - build-homes: strategy: matrix: @@ -79,7 +75,6 @@ jobs: os: - ubuntu-latest # - macos-latest - runs-on: ${{ matrix.os }} continue-on-error: true steps: @@ -94,28 +89,23 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -133,5 +123,4 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index a177078..4408d30 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,7 +6,6 @@ on: description: "package to build" required: false type: string - jobs: build-packages: strategy: @@ -19,32 +18,27 @@ jobs: - ubuntu-latest - macos-latest - ubuntu-24.04-arm - runs-on: ${{ matrix.os }} continue-on-error: true steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ vars.ATTIC_ENDPOINT }} cache: ${{ vars.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -62,5 +56,4 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L ${{ matrix.package }} diff --git a/.sops.yaml b/.sops.yaml index 3cfb014..e067ba9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -103,3 +103,13 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/tailscale.yaml + key_groups: + - age: + - *chunk + - *cy + - path_regex: secrets/yt/(.*).yaml$ + key_groups: + - age: + - *yt + - *cy \ No newline at end of file diff --git a/flake.lock b/flake.lock index 8cd1162..df9e697 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,152 @@ { "nodes": { - "crane": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "lastModified": 1731270564, + "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "47752427561f1c34debb16728a210d378f0ece36", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "main", + "repo": "attic", + "type": "github" + } + }, + "cachix": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1737621947, + "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", + "owner": "cachix", + "repo": "cachix", + "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": [ + "conduwuit", + "cachix", + "devenv" + ], + "flake-compat": [ + "conduwuit", + "cachix", + "devenv" + ], + "git-hooks": [ + "conduwuit", + "cachix", + "devenv" + ], + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1728672398, + "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", + "owner": "cachix", + "repo": "cachix", + "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "complement": { + "flake": false, + "locked": { + "lastModified": 1734303596, + "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=", + "owner": "girlbossceo", + "repo": "complement", + "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "ref": "main", + "repo": "complement", + "type": "github" + } + }, + "conduwuit": { + "inputs": { + "attic": "attic", + "cachix": "cachix", + "complement": "complement", + "crane": [ + "crane" + ], + "fenix": "fenix", + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "liburing": "liburing", + "nix-filter": "nix-filter", + "nixpkgs": [ + "nixpkgs" + ], + "rocksdb": "rocksdb" + }, + "locked": { + "lastModified": 1738132650, + "narHash": "sha256-ryebu2VoopIpr5+DuHIs2/x60u+3EzRJexYRWVJn2AE=", + "owner": "girlbossceo", + "repo": "conduwuit", + "rev": "eb7d893c8675f955fa770c8ae6f1c32a2394284c", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "repo": "conduwuit", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", "type": "github" }, "original": { @@ -15,6 +155,55 @@ "type": "github" } }, + "crane_2": { + "locked": { + "lastModified": 1737689766, + "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", + "owner": "ipetkov", + "repo": "crane", + "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "devenv": { + "inputs": { + "cachix": "cachix_2", + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "git-hooks": [ + "conduwuit", + "cachix", + "git-hooks" + ], + "nix": "nix", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733323168, + "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", + "owner": "cachix", + "repo": "devenv", + "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -57,6 +246,29 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1737786656, + "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=", + "owner": "nix-community", + "repo": "fenix", + "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -74,29 +286,50 @@ } }, "flake-compat_2": { + "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" } }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "conduwuit", + "attic", + "nixpkgs" + ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -108,16 +341,19 @@ "flake-parts_2": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", + "conduwuit", + "cachix", + "devenv", + "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "type": "github" }, "original": { @@ -129,16 +365,15 @@ "flake-parts_3": { "inputs": { "nixpkgs-lib": [ - "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -165,24 +400,86 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "git-hooks": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { "inputs": { "flake-compat": [ "nixvim", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore_3", "nixpkgs": [ "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1737043064, - "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", + "lastModified": 1737465171, + "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", + "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", "type": "github" }, "original": { @@ -192,6 +489,29 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -213,7 +533,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "nixvim", @@ -242,32 +562,11 @@ ] }, "locked": { - "lastModified": 1737394973, - "narHash": "sha256-EW4oXMfnfA5sNM9Jqm+y98horWVvN66Gu7YIcEpFYZc=", + "lastModified": 1738448366, + "narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", "owner": "nix-community", "repo": "home-manager", - "rev": "9786661d57c476021c8a0c3e53bf9fa2b4f3328b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737075266, - "narHash": "sha256-u1gk5I1an975FOAMMdS6oBKnSIsZza5ZKhaeBZAskVo=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "12851ae7467bad8ef422b20806ab4d6d81e12d29", + "rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", "type": "github" }, "original": { @@ -306,21 +605,29 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { - "lastModified": 1737299073, - "narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=", + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", "type": "github" }, "original": { @@ -330,6 +637,92 @@ "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, + "liburing": { + "flake": false, + "locked": { + "lastModified": 1737600516, + "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=", + "owner": "axboe", + "repo": "liburing", + "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681", + "type": "github" + }, + "original": { + "owner": "axboe", + "ref": "master", + "repo": "liburing", + "type": "github" + } + }, + "lix": { + "inputs": { + "flake-compat": [ + "flake-compat" + ], + "nix2container": "nix2container", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1738446528, + "narHash": "sha256-NYL/r7EXSyYP7nXuYGvGYMI9QtztGjVaKKofBt/pCv8=", + "ref": "refs/heads/main", + "rev": "a51380645f61b33d37a536b596d16c481f7b84a6", + "revCount": 17342, + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" + } + }, + "lix-module": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "flakey-profile": "flakey-profile", + "lix": [ + "lix" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738176840, + "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", + "ref": "refs/heads/main", + "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", + "revCount": 133, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -337,16 +730,18 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs-stable": [ + "nixpkgs" + ], "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737373716, - "narHash": "sha256-GRI9WugYv8QlnhZlINfY8gHIR+xn/AsEXhQP3+FjUh0=", + "lastModified": 1738502867, + "narHash": "sha256-92cVHcxV7j00BquLo5I4G8EwKzrq2AlHuD3AQV9r+T8=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "5aa5e53601ff1d93ae6b4dc6f833c73fc8de6466", + "rev": "cf0be7affb15e21727d137c029146fe7df2bc6d0", "type": "github" }, "original": { @@ -375,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737370409, - "narHash": "sha256-khoHHrpP/yArGEm94H/GtZytGzfJECsAEGmB9DLWb7M=", + "lastModified": 1738479340, + "narHash": "sha256-sutel7RKfu9eIJsjswSzptCIvKELbXQCSldt0PtwSd0=", "owner": "YaLTeR", "repo": "niri", - "rev": "7f025da5b6edb1d77e785ba6a6450ab10788ad8f", + "rev": "d5592743cb04cef3fe50c987b7ba9349c5090dbd", "type": "github" }, "original": { @@ -388,6 +783,47 @@ "type": "github" } }, + "nix": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "devenv" + ], + "flake-parts": "flake-parts_2", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_3", + "nixpkgs-23-11": [ + "conduwuit", + "cachix", + "devenv" + ], + "nixpkgs-regression": [ + "conduwuit", + "cachix", + "devenv" + ], + "pre-commit-hooks": [ + "conduwuit", + "cachix", + "devenv" + ] + }, + "locked": { + "lastModified": 1727438425, + "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", + "owner": "domenkozar", + "repo": "nix", + "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.24", + "repo": "nix", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -396,11 +832,11 @@ ] }, "locked": { - "lastModified": 1736819234, - "narHash": "sha256-deQVtIH4UJueELJqluAICUtX7OosD9paTP+5FgbiSwI=", + "lastModified": 1738277753, + "narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bd921223ba7cdac346477d7ea5204d6f4736fcc6", + "rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9", "type": "github" }, "original": { @@ -409,18 +845,92 @@ "type": "github" } }, - "nixpkgs": { + "nix-filter": { "locked": { - "lastModified": 1737401148, - "narHash": "sha256-8YfoGyE89rWpG6NjCmYrJeV8EPAKvnZf2lN402WbC/A=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7ceed4f800bec4c12c9b21c54bb76cb28a80e259", + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", + "owner": "numtide", + "ref": "main", + "repo": "nix-filter", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-ld": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737361468, + "narHash": "sha256-+CtIrQZ22MOAOHcpg1zbhX/fVkmEc8A8lYVpXAbXElQ=", + "owner": "nix-community", + "repo": "nix-ld", + "rev": "7f15f8622b63b907fef137689f4528a9447d9377", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-ld", + "type": "github" + } + }, + "nix2container": { + "flake": false, + "locked": { + "lastModified": 1724996935, + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -441,19 +951,39 @@ "type": "github" } }, - "nixpkgs-lib": { + "nixpkgs-regression": { "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -469,18 +999,82 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1738487426, + "narHash": "sha256-hnB0V0R/aKASnTBeTthFvW60uydv1xswWD4weqSuSfg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8ed1fafea6a613d962f6a84c1153d34dc8b06d83", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } @@ -488,23 +1082,31 @@ "nixvim": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", - "home-manager": "home-manager_2", + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], + "git-hooks": "git-hooks_2", + "home-manager": [ + "home-manager" + ], "nix-darwin": "nix-darwin", "nixpkgs": [ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": [ + "treefmt" + ] }, "locked": { - "lastModified": 1737385899, - "narHash": "sha256-/zyvdstDpPhc5lhFMtKgyQdU2oXGXDb0cg4BY91NKvg=", + "lastModified": 1738517265, + "narHash": "sha256-ZzulGUIHZhvcSHx+1ucCJkIcn27r9H+cSzCCpKxJcls=", "owner": "nix-community", "repo": "nixvim", - "rev": "115994f18e439a1cca9cdaaf15c004870256814d", + "rev": "56d0c4579e022b44a3e324f722fa23a6f4295798", "type": "github" }, "original": { @@ -515,7 +1117,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -523,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1735854821, - "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=", + "lastModified": 1738445998, + "narHash": "sha256-wF2ZcRKF37re161jrXtNyjGMBDsIFtPeDvmIVfp8f7w=", "owner": "NuschtOS", "repo": "search", - "rev": "836908e3bddd837ae0f13e215dd48767aee355f0", + "rev": "381d84a7422a4dbfef6a9c7703dbaf42036ae1c3", "type": "github" }, "original": { @@ -536,18 +1138,73 @@ "type": "github" } }, + "nvim-github-theme": { + "flake": false, + "locked": { + "lastModified": 1735641120, + "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", + "owner": "projekt0n", + "repo": "github-nvim-theme", + "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", + "type": "github" + }, + "original": { + "owner": "projekt0n", + "repo": "github-nvim-theme", + "type": "github" + } + }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736549395, + "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, + "pre-commit-hooks": { + "flake": false, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1731363552, @@ -563,54 +1220,76 @@ "type": "github" } }, + "rocksdb": { + "flake": false, + "locked": { + "lastModified": 1737828695, + "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=", + "owner": "girlbossceo", + "repo": "rocksdb", + "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "ref": "v9.9.3", + "repo": "rocksdb", + "type": "github" + } + }, "root": { "inputs": { + "conduwuit": "conduwuit", + "crane": "crane_2", "disko": "disko", - "flake-parts": "flake-parts", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", + "flake-utils": "flake-utils", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "lix": "lix", + "lix-module": "lix-module", "niri": "niri", - "nixpkgs": "nixpkgs", + "nix-ld": "nix-ld", + "nixpkgs": "nixpkgs_5", "nixpkgs-garage": "nixpkgs-garage", "nixvim": "nixvim", - "rust-overlay": "rust-overlay_2", + "nvim-github-theme": "nvim-github-theme", + "plasma-manager": "plasma-manager", + "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1737728869, + "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ - "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "lastModified": 1738463259, + "narHash": "sha256-+5QJpiRpkh1ALvKcMEpPyGwkPZfaynsYF4SFdNW5UfQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737340068, - "narHash": "sha256-5UciRckNV+YOZ6y6ASBIb01cySB12whDxgFUK+EqT8g=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "275c824ed9e90e7fd4f96d187bde3670062e721f", + "rev": "e2bb8c205a069514535f083742c7da8dfb6e02b9", "type": "github" }, "original": { @@ -626,11 +1305,11 @@ ] }, "locked": { - "lastModified": 1737411508, - "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", + "lastModified": 1738291974, + "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", "owner": "Mic92", "repo": "sops-nix", - "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", + "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", "type": "github" }, "original": { @@ -654,6 +1333,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -661,32 +1355,11 @@ ] }, "locked": { - "lastModified": 1737103437, - "narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=", + "lastModified": 1738070913, + "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737054102, - "narHash": "sha256-saLiCRQ5RtdTnznT/fja7GxcYRAzeY3k8S+IF/2s/2A=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "97871d416166803134ba64597a1006f3f670fbde", + "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", "type": "github" }, "original": { @@ -715,11 +1388,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1736487362, - "narHash": "sha256-4kGoOA7FgK9N2mzS+TFEn41kUUNY6KwdiA/0rqlr868=", + "lastModified": 1737837494, + "narHash": "sha256-wIMowP8Juas4ZwMRcpc+58sZ0kKTDu8fm13THPmv/F8=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "8f55e27f63a749881c4bbfbb6b1da028342a91d1", + "rev": "3944c9a0e40e5629f16ad023bbc90dac80d35a0f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f75fe1e..cb60dbb 100644 --- a/flake.nix +++ b/flake.nix @@ -22,22 +22,73 @@ lanzaboote = { url = "github:nix-community/lanzaboote/master"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.crane.follows = "crane"; + inputs.flake-compat.follows = "flake-compat"; + inputs.flake-parts.follows = "flake-parts"; + inputs.rust-overlay.follows = "rust-overlay"; }; nixvim = { url = "github:nix-community/nixvim"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + inputs.flake-compat.follows = "flake-compat"; + inputs.home-manager.follows = "home-manager"; + inputs.treefmt-nix.follows = "treefmt"; + }; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; }; - flake-parts.url = "github:hercules-ci/flake-parts"; niri = { url = "github:sodiboo/niri-flake"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; + conduwuit = { + url = "github:girlbossceo/conduwuit"; + inputs = { + nixpkgs.follows = "nixpkgs"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + inputs.lix.follows = "lix"; + }; + lix = { + url = "git+https://git.lix.systems/lix-project/lix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-compat.follows = "flake-compat"; + }; + nix-ld = { + url = "github:nix-community/nix-ld"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR + + nvim-github-theme = { + url = "github:projekt0n/github-nvim-theme"; + flake = false; + }; + + # deduplication + flake-utils.url = "github:numtide/flake-utils"; + crane.url = "github:ipetkov/crane"; + flake-compat.url = "github:edolstra/flake-compat"; }; nixConfig = { @@ -45,11 +96,16 @@ "https://cache.cything.io/central" "https://niri.cachix.org" "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://cything.cachix.org" + "https://aseipp-nix-cache.global.ssl.fastly.net" ]; extra-trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" ]; builders-use-substitutes = true; }; @@ -75,18 +131,10 @@ ]; perSystem = { - system, + inputs', ... }: { - # make pkgs available to `perSystem` - _module.args.pkgs = import inputs.nixpkgs { - inherit system; - config = { - allowUnfree = true; - }; - }; - treefmt = { projectRootFile = "flake.nix"; programs.nixfmt.enable = true; @@ -97,7 +145,7 @@ settings.global.excludes = [ "secrets/*" - "**/*.png" # tries to format a png file?? + "**/*.png" # tries to format a png file ]; }; }; @@ -130,6 +178,8 @@ ./modules inputs.lanzaboote.nixosModules.lanzaboote inputs.niri.nixosModules.niri + inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld ]; }; chunk = lib.nixosSystem { @@ -173,6 +223,7 @@ ./home/yt/ytnix.nix inputs.nixvim.homeManagerModules.nixvim inputs.niri.homeModules.config + inputs.plasma-manager.homeManagerModules.plasma-manager ]; }; diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..c189664 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,6 @@ +builds: + include: + - 'nixosConfigurations.*' + - 'homeConfigurations.*' + - '*.aarch64-linux.*' + - '*.x86_64-linux.*' diff --git a/home/foot.nix b/home/foot.nix index 2df77bc..ce7cb0c 100644 --- a/home/foot.nix +++ b/home/foot.nix @@ -17,40 +17,32 @@ blink = "yes"; blink-rate = 500; beam-thickness = 1.5; + color = "161821 c6c8d1"; }; mouse = { hide-when-typing = "yes"; }; colors = { - background = "161821"; foreground = "c6c8d1"; - - selection-background = "1e2132"; - selection-foreground = "c6c8d1"; - - regular0 = "161821"; - bright0 = "6b7089"; - + background = "161821"; + regular0 = "1e2132"; regular1 = "e27878"; - bright1 = "e98989"; - regular2 = "b4be82"; - bright2 = "c0ca8e"; - regular3 = "e2a478"; - bright3 = "e9b189"; - regular4 = "84a0c6"; - bright4 = "91acd1"; - regular5 = "a093c7"; - bright5 = "ada0d3"; - regular6 = "89b8c2"; - bright6 = "95c4ce"; - regular7 = "c6c8d1"; + bright0 = "6b7089"; + bright1 = "e98989"; + bright2 = "c0ca8e"; + bright3 = "e9b189"; + bright4 = "91acd1"; + bright5 = "ada0d3"; + bright6 = "95c4ce"; bright7 = "d2d4de"; + selection-foreground = "161821"; + selection-background = "c6c8d1"; }; key-bindings = { diff --git a/home/ghostty.nix b/home/ghostty.nix new file mode 100644 index 0000000..1c592f5 --- /dev/null +++ b/home/ghostty.nix @@ -0,0 +1,20 @@ +{ ... }: +{ + programs.ghostty = { + enable = true; + enableZshIntegration = true; + clearDefaultKeybinds = true; + settings = { + theme = "iceberg-dark"; + font-family = "IBM Plex Mono"; + font-size = "12"; + window-decoration = false; + confirm-close-surface = false; + keybind = [ + "ctrl+q=quit" + "ctrl+shift+c=copy_to_clipboard" + "ctrl+shift+v=paste_from_clipboard" + ]; + }; + }; +} diff --git a/home/irssi.nix b/home/irssi.nix new file mode 100644 index 0000000..e8133c1 --- /dev/null +++ b/home/irssi.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + programs.irssi = { + enable = true; + networks.liberachat = { + nick = "cy7"; + server = { + address = "irc.libera.chat"; + port = 6697; + autoConnect = true; + }; + channels = { + nixos.autoJoin = true; + linux.autoJoin = true; + rust.autoJoin = true; + }; + }; + extraConfig = '' + ignores = ( { level = "JOINS PARTS QUITS MODES NICKS"; } ) + ''; + }; +} diff --git a/home/kitty.nix b/home/kitty.nix new file mode 100644 index 0000000..da676cb --- /dev/null +++ b/home/kitty.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + programs.kitty = { + enable = true; + font = { + name = "IBM Plex Mono"; + package = pkgs.ibm-plex; + size = 12; + }; + themeFile = "GitHub_Dark"; + settings = { + enable_audio_bell = true; + # how many windows should be open before kitty asks + # for confirmation + confirm_os_window_close = 0; + clear_all_shortcuts = true; + + # will probably lower this later but the max allowed is actually 4GB + # this is NOT stored in memory and can only be viewed with scrollback_pager + "scrollback_pager_history_size" = "1024"; + # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 + "scrollback_pager" = "bat --pager='less -FR +G'"; + "scrollback_lines" = 20000; + }; + keybindings = { + # kitty_mod is ctrl+shift by default + "kitty_mod+c" = "copy_to_clipboard"; + "kitty_mod+v" = "paste_from_clipboard"; + # "ctrl+q" = "quit"; + + "kitty_mod+m" = "show_scrollback"; + + # windows + "kitty_mod+h" = "neighboring_window left"; + "kitty_mod+alt+h" = "move_window left"; + "kitty_mod+l" = "neighboring_window right"; + "kitty_mod+alt+l" = "move_window right"; + "kitty_mod+j" = "neighboring_window down"; + "kitty_mod+alt+j" = "move_window down"; + "kitty_mod+k" = "neighboring_window up"; + "kitty_mod+alt+k" = "move_window up"; + "ctrl+f3" = "detach_window new-tab"; + "ctrl+f4" = "detach_window tab-left"; + "ctrl+f5" = "load_config_file"; + "ctrl+alt+l" = "next_layout"; + "ctrl+alt+t" = "goto_layout tall"; + "ctrl+alt+s" = "goto_layout stack"; + "kitty_mod+enter" = "new_window_with_cwd"; + "kitty_mod+r" = "resize_window"; + + # tabs + "kitty_mod+n" = "next_tab"; + "kitty_mod+p" = "previous_tab"; + "kitty_mod+alt+n" = "move_tab_forward"; + "kitty_mod+alt+p" = "move_tab_backward"; + "kitty_mod+w" = "close_tab"; + "kitty_mod+t" = "new_tab_with_cwd"; + "ctrl+f2" = "detach_tab"; + + # hints + # > basically means the preceding key is a prefix (think tmux) + "kitty_mod+o>o" = "open_url_with_hints"; + "kitty_mod+o>p" = "kitten hints --type path --program -"; + "kitty_mod+o>n" = "kitten hints --type line --program -"; + "kitty_mod+o>w" = "kitten hints --type word --program -"; + "kitty_mod+o>h" = "kitten hints --type hash --program -"; + "kitty_mod+o>l" = "kitten hints --type linenum"; + }; + }; + + programs.zsh.shellAliases."ssh" = "kitten ssh"; +} diff --git a/home/niri/default.nix b/home/niri/default.nix index f74bcb3..f1c8172 100644 --- a/home/niri/default.nix +++ b/home/niri/default.nix @@ -6,7 +6,7 @@ }: let wallpaper = "${./nixos-c-book.png}"; - terminal = "foot"; + terminal = "kitty"; menu = [ "fuzzel" "-w" @@ -32,7 +32,14 @@ in ]; } { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } - { command = [ "wl-paste" "--watch" "cliphist" "store"]; } + { + command = [ + "wl-paste" + "--watch" + "cliphist" + "store" + ]; + } ]; hotkey-overlay.skip-at-startup = true; @@ -43,12 +50,13 @@ in natural-scroll = true; click-method = "clickfinger"; }; - warp-mouse-to-focus = true; + warp-mouse-to-focus = false; focus-follows-mouse.enable = false; }; environment = { DISPLAY = ":0"; # for xwayland-satellite + ANKI_WAYLAND = "1"; }; layout = { @@ -65,17 +73,23 @@ in window-rules = [ { matches = [ - { - app-id = "anki"; - title = "Add"; - } { app-id = "mpv"; } { app-id = "Bitwarden"; } + { + app-id = "ghidra-Ghidra"; + # pop-up windows + title = "^win(.*)"; + } ]; open-floating = true; } { - matches = [ { app-id = "anki"; } ]; + matches = [ + { + app-id = "anki"; + title = "Add"; + } + ]; default-column-width.proportion = .25; } { @@ -85,6 +99,10 @@ in app-id = "anki"; title = "^Browse"; } + { app-id = "com.mitchellh.ghostt"; } + { app-id = "org.kde.okular"; } + { app-id = "kitty"; } + { app-id = "VSCodium"; } ]; default-column-width.proportion = .5; } @@ -124,13 +142,16 @@ in "Mod+Shift+U".action = move-window-to-workspace-up; "Mod+Shift+I".action = move-window-to-workspace-down; "Mod+W".action = maximize-column; + "Mod+E".action = set-column-width "50%"; + "Mod+R".action = set-column-width "75%"; + "Mod+Q".action = set-column-width "25%"; "Mod+C".action = center-column; "Mod+Shift+Space".action = toggle-window-floating; "Mod+Space".action = switch-focus-between-floating-and-tiling; "Print".action = screenshot; "Alt+Print".action = screenshot-window; "Ctrl+Print".action = screenshot-screen; - "Mod+R".action = switch-preset-column-width; + # "Mod+R".action = switch-preset-column-width; "Mod+Shift+R".action = switch-preset-window-height; "Mod+Ctrl+R".action = reset-window-height; "Mod+F".action = fullscreen-window; diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh index 5065980..0ef7c0d 100755 --- a/home/niri/scripts/remote.sh +++ b/home/niri/scripts/remote.sh @@ -5,7 +5,7 @@ active_window=$(niri msg --json focused-window |jq -r .app_id) if [ "$1" = "btn1" ]; then if [ "$active_window" = "anki" ]; then wtype " " - elif [ "$active_window" = "foot" ]; then + elif [ "$active_window" = "kitty" ]; then wtype -M ctrl -M shift -k c -m ctrl -m shift elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then wtype -M alt -P right -p right -m alt @@ -15,7 +15,7 @@ if [ "$1" = "btn1" ]; then else if [ "$active_window" = "anki" ]; then wtype "1" - elif [ "$active_window" = "foot" ]; then + elif [ "$active_window" = "kitty" ]; then wtype -M ctrl -M shift -k v -m ctrl elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then wtype -M alt -P left -p left -m alt diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix index 98a97ee..26b8bc6 100644 --- a/home/nixvim/default.nix +++ b/home/nixvim/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, inputs, ... }: { programs.nixvim = { enable = true; @@ -15,15 +15,18 @@ incsearch = true; smartcase = true; }; - colorscheme = "iceberg"; - clipboard.register = "unnamedplus"; + colorscheme = "github_dark_tritanopia"; + clipboard.register = "unnamed"; globals = { mapleader = ","; }; - extraPlugins = with pkgs.vimPlugins; [ - iceberg-vim + extraPlugins = [ + (pkgs.vimUtils.buildVimPlugin { + name = "github-theme"; + src = inputs.nvim-github-theme; + }) ]; keymaps = [ @@ -68,6 +71,41 @@ key = ""; mode = "i"; } + # quick chat with copilot + { + key = "ccq"; + action.__raw = '' + function() + local input = vim.fn.input("Quick chat: ") + if input ~= "" then + require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer }) + end + end + ''; + mode = [ + "n" + "v" + ]; + } + # ask perplexity a quick question + { + key = "ccs"; + action.__raw = '' + function() + local input = vim.fn.input("Perplexity: ") + if input ~= "" then + require("CopilotChat").ask(input, { + agent = "perplexityai", + selection = false, + }) + end + end + ''; + mode = [ + "n" + "v" + ]; + } ]; plugins.cmp = { @@ -112,7 +150,8 @@ end end) ''; - "" = '' + # plain tab conflicts with i try to indent + "" = '' cmp.mapping(function(fallback) if require("luasnip").jumpable(1) then require("luasnip").jump(1) @@ -167,10 +206,15 @@ plugins.treesitter = { enable = true; nixGrammars = true; - settings.indent.enable = true; + settings = { + indent.enable = true; + auto_install = true; + highlight.enable = true; + }; }; plugins.fzf-lua = { enable = true; + profile = "fzf-native"; keymaps = { "ff" = "files"; "fg" = "live_grep"; @@ -188,6 +232,13 @@ settings.current_line_blame = true; }; + plugins.copilot-chat = { + enable = true; + settings = { + model = "claude-3.5-sonnet"; + }; + }; + plugins.cmp-buffer.enable = true; plugins.cmp-emoji.enable = true; plugins.cmp-nvim-lsp.enable = true; diff --git a/home/plasma.nix b/home/plasma.nix new file mode 100644 index 0000000..facdad1 --- /dev/null +++ b/home/plasma.nix @@ -0,0 +1,80 @@ +{ ... }: +{ + programs.plasma = { + enable = true; + overrideConfig = true; + immutableByDefault = true; + workspace = { + lookAndFeel = "org.ide.breezedark.desktop"; + cursor = { + theme = "Bibata-Modern-Classic"; + size = 23; + }; + }; + + fonts = { + general = { + family = "IBM Plex Mono"; + pointSize = 12; + }; + }; + + input.keyboard = { + numlockOnStartup = "on"; + options = [ "ctrl:nocaps" ]; + }; + + # Meta key is actually the Super key in KDE + + hotkeys.commands = { + "launch-terminal" = { + name = "launch terminal"; + key = "Meta+Return"; + command = "kitty"; + }; + "launch-browser" = { + name = "launch browser"; + key = "Meta+B"; + command = "librewolf"; + }; + }; + + shortcuts = { + kwin = { + "Switch Window Down" = "Meta+J"; + "Switch Window Left" = "Meta+H"; + "Switch Window Right" = "Meta+L"; + "Switch Window Up" = "Meta+K"; + "Window Quick Tile Down" = "Meta+Shift+J"; + "Window Quick Tile Left" = "Meta+Shift+H"; + "Window Quick Tile Right" = "Meta+Shift+L"; + "Window Quick Tile Up" = "Meta+Shift+K"; + "Window Close" = "Meta+Ctrl+Q"; + "Window Maximize" = "Meta+W"; + "Window Minimize" = "Meta+Shift+-"; + "Window Fullscreen" = "Meta+F"; + "Window Shrink Horizontal" = "Meta+-"; + }; + + ksmserver = { + "Lock Session" = [ + "Screensaver" + "Meta+Ctrl+L" + ]; + }; + }; + + configFile = { + # save RAM + baloofilerc."Basic Settings"."Indexing-Enabled" = false; + }; + + # looks like KDE overrides services.logind settings + powerdevil.AC = { + whenLaptopLidClosed = "hibernate"; + }; + powerdevil.battery = { + whenLaptopLidClosed = "hibernate"; + }; + }; +} diff --git a/home/vscode.nix b/home/vscode.nix index d2b7bb0..2680ffe 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -8,11 +8,33 @@ mutableExtensionsDir = false; extensions = with pkgs.vscode-extensions; [ vscodevim.vim - jnoortheen.nix-ide # nix language support - editorconfig.editorconfig # editorconfig - dracula-theme.theme-dracula # color scheme - tomoki1207.pdf # pdf viewer - yzhang.markdown-all-in-one # markdown tools + jnoortheen.nix-ide + editorconfig.editorconfig + github.github-vscode-theme + github.copilot + rust-lang.rust-analyzer ]; + userSettings = { + "workbench.colorTheme" = "GitHub Dark Default"; + "files.autoSave" = "afterDelay"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nixd"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 16; + "editor.wordWrap" = "on"; + + # vim mode settings + "vim.handleKeys" = { + "" = false; # file tree toggle + }; + "vim.normalModeKeyBindings" = [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + ]; + "workbench.startupEditor" = "none"; + }; }; } diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index 3285421..ad024cd 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -16,7 +16,6 @@ systemd.user.startServices = "sd-switch"; home.packages = with pkgs; [ - foot.terminfo attic-server ]; } diff --git a/home/yt/common.nix b/home/yt/common.nix index 77c98fe..e919d4b 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -44,7 +44,11 @@ rebase = true; autostash = true; }; - merge.tool = "vimdiff"; + merge = { + tool = "vimdiff"; + keepBackup = false; + prompt = false; + }; rebase = { stat = true; autoStash = true; @@ -52,12 +56,10 @@ updateRefs = true; }; help.autocorrect = 1; - mergetool = { - prompt = false; - path = "nvim-open"; - }; + "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; }; }; programs.ripgrep.enable = true; programs.man.generateCaches = true; + programs.fd.enable = true; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 8624bdf..748ba3b 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -1,5 +1,6 @@ { pkgs, + lib, ... }: { @@ -7,6 +8,10 @@ ./common.nix ../foot.nix ../niri + ../irssi.nix + ../kitty.nix + ../vscode.nix + ../plasma.nix ]; home = { username = "yt"; @@ -17,32 +22,34 @@ systemd.user.startServices = "sd-switch"; - qt = { - enable = true; - platformTheme.name = "gtk"; - style.name = "adwaita-dark"; - style.package = pkgs.adwaita-qt; - }; + # keep this commented when using plasma + # otherwise "system settings" in KDE will not function + # qt = { + # enable = true; + # platformTheme.name = "kde"; + # style.name = "breeze-dark"; + # style.package = pkgs.kdePackages.breeze; + # }; - gtk = { - enable = true; - cursorTheme = { - package = pkgs.bibata-cursors; - name = "Bibata-Modern"; - }; - theme = { - package = pkgs.adw-gtk3; - name = "adw-gtk3-dark"; - }; - iconTheme = { - package = pkgs.adwaita-icon-theme; - name = "Adwaita"; - }; - }; + # this one too + # gtk = { + # enable = true; + # theme = { + # package = pkgs.adw-gtk3; + # name = "adw-gtk3-dark"; + # }; + # iconTheme = { + # package = pkgs.adwaita-icon-theme; + # name = "Adwaita"; + # }; + # }; - home.sessionVariables = { - ANKI_WAYLAND = "1"; - DISPLAY = ":0"; + home.pointerCursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 23; + gtk.enable = true; + x11.enable = true; }; home.packages = with pkgs; [ @@ -52,7 +59,6 @@ bitwarden-desktop bitwarden-cli fastfetch - discord nwg-look kdePackages.gwenview kdePackages.okular @@ -103,6 +109,22 @@ github-cli fuzzel nixpkgs-review + just + hugo + ghidra-bin + sequoia + sccache + awscli2 + lldb + (cutter.withPlugins (p: with p; [ + rz-ghidra + jsdec + sigdb + ])) + ida-free + patchelf + radare2 + p7zip ]; programs.waybar.enable = true; @@ -140,10 +162,36 @@ ''; }; - services.gnome-keyring.enable = true; - programs.direnv = { enable = true; nix-direnv.enable = true; }; + + programs.git.extraConfig = { + user = { + signingKey = "~/.ssh/id.key"; + }; + gpg.format = "ssh"; + commit.gpgsign = true; + core.sshCommand = "ssh -i ~/.ssh/id.key"; + }; + + home.sessionVariables = { + # to make ghidra work on xwayland + _JAVA_AWT_WM_NONREPARENTING = 1; + + # sccache stuff + RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; + SCCACHE_BUCKET = "sccache"; + SCCACHE_REGION = "earth"; + SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; + SCCACHE_ALLOW_CORE_DUMPS = "true"; + SCCACHE_S3_USE_SSL = "true"; + SCCACHE_CACHE_MULTIARCH = "true"; + SCCACHE_LOG_LEVEL = "warn"; + AWS_DEFAULT_REGION = "earth"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; + AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + }; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 994fa1f..52fd38a 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -39,11 +39,6 @@ initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL - # manually integrate fzf cause we need to make sure zsh-vi-mode - # won't override C-r - function zvm_after_init() { - eval "$(${pkgs.fzf}/bin/fzf --zsh)" - } # useful emacs mode bindings bindkey -M viins "^E" end-of-line diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile deleted file mode 100644 index 5e56278..0000000 --- a/hosts/chunk/Caddyfile +++ /dev/null @@ -1,89 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -git.cything.io { - import common - - # wrap in route so things are evaluated in the order written - route { - # rewrite gitlab URIs to make it work with forgejo - uri path_regexp /-/ / - uri replace /blob/ /src/ - redir https://git.cy7.sh{uri} permanent - } -} - -git.cy7.sh { - import common - reverse_proxy localhost:3000 -} - -rss.cy7.sh { - import common - reverse_proxy localhost:8080 -} - -photos.cy7.sh { - import common - reverse_proxy localhost:2283 -} - -chat.cything.io { - import common - reverse_proxy localhost:8448 -} - -pass.cy7.sh { - import common - reverse_proxy localhost:8081 -} - -dns.cything.io { - import common - reverse_proxy localhost:8082 -} - -pad.cything.io { - import common - reverse_proxy localhost:8085 -} - -red.cything.io { - import common - reverse_proxy localhost:8087 -} - -grafana.cything.io { - import common - reverse_proxy localhost:8088 -} - -element.cything.io { - import common - reverse_proxy localhost:8089 -} - -cache.cything.io { - import common - reverse_proxy localhost:8090 -} - -s3.cy7.sh { - import common - reverse_proxy localhost:3900 -} - -admin.s3.cy7.sh { - import common - reverse_proxy localhost:3903 -} diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix index fe4b9bb..74207fc 100644 --- a/hosts/chunk/adguard.nix +++ b/hosts/chunk/adguard.nix @@ -21,4 +21,9 @@ ]; }; }; + + services.caddy.virtualHosts."dns.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8082 + ''; } diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index 2f84394..c41e985 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -31,4 +31,9 @@ }; }; }; + + services.caddy.virtualHosts."cache.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8090 + ''; } diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 6bada8e..99d3958 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -1,11 +1,35 @@ -{ ... }: +{ inputs, ... }: { services.conduwuit = { enable = true; + package = + inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; settings.global = { port = [ 8448 ]; server_name = "cything.io"; allow_check_for_updates = true; }; }; + + services.caddy.virtualHosts."chat.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8448 + ''; + + services.caddy.virtualHosts."cything.io" = { + serverAliases = [ "www.cything.io" ]; + extraConfig = '' + import common + + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD + header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept + route { + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + redir https://cy7.sh/posts{uri} permanent + } + ''; + }; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index edb153b..e149526 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,6 +1,4 @@ { - config, - lib, pkgs, ... }: @@ -26,6 +24,7 @@ ./attic.nix ./forgejo.nix ./garage.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -66,14 +65,19 @@ "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; - "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + boot = { + loader.grub.enable = true; + loader.grub.device = "/dev/vda"; + kernelPackages = pkgs.linuxPackages_latest; + }; system.stateVersion = "24.05"; @@ -177,11 +181,13 @@ programs.gnupg.agent.enable = true; programs.git.enable = true; - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; + my.caddy.enable = true; + services.caddy.virtualHosts."cy7.sh" = { + serverAliases = [ "www.cy7.sh" ]; + extraConfig = '' + import common + redir https://cything.io temporary + ''; }; # container stuff @@ -197,4 +203,5 @@ }; }; virtualisation.oci-containers.backend = "podman"; + environment.enableAllTerminfo = true; } diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix index 638c728..5dd3fd4 100644 --- a/hosts/chunk/deluge.nix +++ b/hosts/chunk/deluge.nix @@ -7,4 +7,9 @@ port = 8112; }; }; + + services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8112 + ''; } diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix index 81ab246..5a12e1e 100644 --- a/hosts/chunk/element.nix +++ b/hosts/chunk/element.nix @@ -25,4 +25,9 @@ ${pkgs.podman}/bin/podman network create element-net ''; }; + + services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8089 + ''; } diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 07d0e69..0abc681 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -1,7 +1,8 @@ -{ ... }: +{ pkgs, ... }: { services.forgejo = { enable = true; + package = pkgs.forgejo; # uses forgejo-lts by default user = "git"; group = "git"; settings = { @@ -16,7 +17,7 @@ service.DISABLE_REGISTRATION = true; ui = { AMBIGUOUS_UNICODE_DETECTION = false; - DEFAULT_THEME = "gitea-dark"; + DEFAULT_THEME = "forgejo-dark"; }; actions.ENABLED = false; repository.ENABLE_PUSH_CREATE_USER = true; @@ -29,4 +30,24 @@ name = "git"; }; }; + + services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' + import common + + # renamed repo + uri replace /cy/infra /cy/nixos-config + + reverse_proxy localhost:3000 + ''; + services.caddy.virtualHosts."git.cything.io".extraConfig = '' + import common + + # wrap in route so things are evaluated in the order written + route { + # rewrite gitlab URIs to make it work with forgejo + uri path_regexp /-/ / + uri replace /blob/ /src/ + redir https://git.cy7.sh{uri} permanent + } + ''; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index fe3ef46..a6f39dd 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -8,6 +8,12 @@ s3_api = { s3_region = "earth"; api_bind_addr = "[::]:3900"; + root_domain = ".s3.cy7.sh"; + }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.s3.cy7.sh"; + index = "index.html"; }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; @@ -16,4 +22,22 @@ }; environmentFile = config.sops.secrets."garage/env".path; }; + + services.caddy.virtualHosts = { + "s3.cy7.sh" = { + serverAliases = [ "*.s3.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3900 + ''; + }; + "*.web.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; + "admin.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3903 + ''; + }; } diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 0575f51..007bcf1 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -31,4 +31,9 @@ } ]; }; + + services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8088 + ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1988520..62505f9 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -16,4 +16,9 @@ protocolUseSSL = true; }; }; + + services.caddy.virtualHosts."pad.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8085 + ''; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 2062330..9661e8c 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -95,4 +95,9 @@ in ${pkgs.podman}/bin/podman network create immich-net ''; }; + + services.caddy.virtualHosts."photos.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:2283 + ''; } diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index f40b2b6..84783f6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -9,4 +9,9 @@ FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; + + services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8080 + ''; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index 39585f1..d095da5 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -10,4 +10,9 @@ REDLIB_ROBOTS_DISABLE_INDEXING = "on"; }; }; + + services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8087 + ''; } diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix new file mode 100644 index 0000000..e170e6b --- /dev/null +++ b/hosts/chunk/tailscale.nix @@ -0,0 +1,13 @@ +{ config, ... }: +{ + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + extraUpFlags = [ + "--advertise-exit-node" + "--accept-dns=false" + ]; + useRoutingFeatures = "server"; + openFirewall = true; + }; +} diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index b97835e..7529610 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -10,4 +10,9 @@ DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; }; }; + + services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8081 + ''; } diff --git a/hosts/common.nix b/hosts/common.nix index b334b5f..c4bc548 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,4 +1,4 @@ -{ ... }: +{ inputs, ... }: { nix = { settings = { @@ -9,8 +9,21 @@ "root" "@wheel" ]; - trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; - substituters = [ "https://cache.cything.io/central" ]; + trusted-public-keys = [ + "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + ]; + substituters = [ + "https://aseipp-nix-cache.global.ssl.fastly.net" + "https://cache.cything.io/central" + "https://niri.cachix.org" + "https://nix-community.cachix.org" + "https://cache.garnix.io" + "https://cything.cachix.org" + ]; }; channel.enable = false; optimise = { @@ -24,8 +37,9 @@ options = "--delete-older-than 14d"; }; extraOptions = '' - builders-use-substitutes = true - ''; + builders-use-substitutes = true + ''; + registry.nixpkgs.flake = inputs.nixpkgs; }; time.timeZone = "America/Toronto"; networking.firewall.logRefusedConnections = false; diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile index 70cc99f..c306399 100644 --- a/hosts/titan/Caddyfile +++ b/hosts/titan/Caddyfile @@ -13,14 +13,16 @@ cything.io { import common - reverse_proxy localhost:8084 header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + route { + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + redir https://cy7.sh/posts{uri} permanent + } } www.cything.io { diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 01a9c97..b92493c 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -9,6 +9,7 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -32,6 +33,17 @@ sopsFile = ../../secrets/newsboat.yaml; owner = "yt"; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; + "aws/key_id" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; + "aws/key_secret" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; }; boot = { @@ -41,7 +53,8 @@ efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_6_12; + # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed + kernelPackages = pkgs.linuxKernel.packages.linux_6_12; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; @@ -58,6 +71,7 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -128,6 +142,7 @@ "wheel" "libvirtd" "docker" + "disk" ]; environment.systemPackages = with pkgs; [ @@ -160,6 +175,8 @@ haskell-language-server ghc sbctl # secure boot + wine-wayland + wine64 ]; environment.sessionVariables = { @@ -173,6 +190,12 @@ services.displayManager = { enable = true; autoLogin.user = "yt"; + defaultSession = "plasma"; + sddm = { + enable = true; + wayland.enable = true; + autoNumlock = true; + }; }; fonts.packages = with pkgs; [ @@ -262,12 +285,56 @@ programs.virt-manager.enable = true; services.usbmuxd.enable = true; - programs.nix-ld.enable = true; + programs.nix-ld.dev = { + enable = true; + # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ + libraries = with pkgs; [ + mesa + extest + stdenv.cc.cc + libGL + fontconfig + libxkbcommon + zlib + libxml2 + dbus + freetype + egl-wayland + waylandpp + cairo + xcb-util-cursor + libplist + p11-kit + kdePackages.qtwayland + qt6.qtwayland + libsForQt5.qt5.qtwayland + xorg.libX11 + xorg.libxcb + xorg.xcbutilwm + xorg.xcbutilimage + xorg.xcbutilkeysyms + xorg.xcbutilrenderutil + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxkbfile + xorg.libxshmfence + ]; + }; programs.evolution.enable = true; xdg.portal = { enable = true; wlr.enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ]; }; programs.obs-studio = { @@ -311,8 +378,22 @@ services.trezord.enable = true; - my.niri = { + programs.niri.enable = true; + programs.niri.package = pkgs.niri-unstable; + programs.xwayland.enable = true; + + services.udev.extraHwdb = '' + SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" + ''; + + programs.ssh = { + askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; + startAgent = true; + enableAskPassword = true; + }; + + services.desktopManager.plasma6 = { enable = true; - package = pkgs.niri-unstable; + enableQt5Integration = true; }; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix new file mode 100644 index 0000000..63489ae --- /dev/null +++ b/hosts/ytnix/tailscale.nix @@ -0,0 +1,13 @@ +{ config, ... }: +{ + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + openFirewall = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + "--exit-node=100.122.132.30" + "--accept-dns=false" + ]; + }; +} diff --git a/justfile b/justfile new file mode 100644 index 0000000..e113688 --- /dev/null +++ b/justfile @@ -0,0 +1,18 @@ +update: + git branch -D update || true + git switch -c update + nix flake update + git add flake.lock + git commit -s -m "flake update" + git push -f + git switch main + +upgrade: + git switch update + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes + home-manager -L switch --flake . + git switch main + git merge update + git branch -d update diff --git a/modules/caddy.nix b/modules/caddy.nix new file mode 100644 index 0000000..03d7a4a --- /dev/null +++ b/modules/caddy.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my.caddy; +in +{ + options.my.caddy = { + enable = lib.mkEnableOption "caddy reverse proxy"; + }; + + config = lib.mkIf cfg.enable { + services.caddy = { + enable = true; + package = pkgs.caddy.withPlugins { + plugins = [ + # error message will tell you the correct version tag to use + # (still need the @ to pass nix config check) + "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" + ]; + hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + }; + logFormat = lib.mkForce "level INFO"; + acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + extraConfig = '' + (common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + } + ''; + globalConfig = '' + acme_dns cloudflare {$CLOUDFLARE_KEY} + ''; + environmentFile = config.sops.secrets."caddy/env".path; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index bde6e96..070a96e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,6 +2,6 @@ { imports = [ ./backup.nix - ./niri.nix + ./caddy.nix ]; } diff --git a/modules/niri.nix b/modules/niri.nix deleted file mode 100644 index b5a6ef4..0000000 --- a/modules/niri.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -let - cfg = config.my.niri; -in -{ - options.my.niri = { - enable = lib.mkEnableOption "niri"; - package = lib.mkPackageOption pkgs "niri" { }; - }; - - config = lib.mkIf cfg.enable { - programs.niri.package = cfg.package; - programs.niri.enable = true; - programs.xwayland.enable = true; - }; -} diff --git a/overlay/default.nix b/overlay/default.nix index 99fc17b..5b6a9a8 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -2,6 +2,7 @@ let overlays = [ ./conduwuit ./attic + ./vscode.nix ]; importedOverlays = map (m: import m) overlays; in diff --git a/overlay/vscode.nix b/overlay/vscode.nix new file mode 100644 index 0000000..4de2d90 --- /dev/null +++ b/overlay/vscode.nix @@ -0,0 +1,14 @@ +final: prev: { + vscode-extensions = prev.vscode-extensions // { + github = prev.vscode-extensions.github // { + codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { + mktplcRef = { + publisher = "github"; + name = "codespaces"; + version = "1.17.3"; + hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; + }; + }; + }; + }; +} diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 9fea4c0..2ff8b4c 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] + env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:37Z" - mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] + lastmodified: "2025-01-30T17:26:39Z" + mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml new file mode 100644 index 0000000..27997b8 --- /dev/null +++ b/secrets/services/tailscale.yaml @@ -0,0 +1,31 @@ +tailscale: + auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr + c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly + V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx + UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW + 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP + R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r + TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 + em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 + kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-24T05:26:20Z" + mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.3 diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml new file mode 100644 index 0000000..95bdf7a --- /dev/null +++ b/secrets/yt/aws.yaml @@ -0,0 +1,32 @@ +aws: + key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str] + key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT + T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL + dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R + azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO + HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu + dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv + Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0 + UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe + j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-30T17:45:09Z" + mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4