diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index b8a1d2e..2e8073c 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,7 +13,6 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} - continue-on-error: true steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -69,7 +68,6 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} - continue-on-error: true steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 1fb55fd..72fc72c 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -9,45 +9,30 @@ on: jobs: build-packages: strategy: + fail-fast: false matrix: package: - - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr - - github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact - ${{ inputs.package }} os: - ubuntu-latest - - macos-latest - ubuntu-24.04-arm + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} - continue-on-error: true steps: - name: Install Nix uses: cachix/install-nix-action@v30 + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true + - run: nix build -L ${{ matrix.package }} diff --git a/.sops.yaml b/.sops.yaml index 96b61cd..6276e76 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,3 +118,9 @@ creation_rules: - age: - *chunk - *cy + + - path_regex: secrets/services/searx.yaml + key_groups: + - age: + - *chunk + - *cy \ No newline at end of file diff --git a/flake.lock b/flake.lock index 7fd9b1e..8916bfc 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", + "lastModified": 1741396358, + "narHash": "sha256-js4c6tqxluo4Fysn8gloLnlZ6ZjQkuWMgGjHN8+WssE=", "owner": "ipetkov", "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", + "rev": "aaebfb7ce7e13c691aea178aff7621906f466662", "type": "github" }, "original": { @@ -204,27 +204,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", - "owner": "nix-community", - "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "latest", - "repo": "disko", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -348,11 +327,11 @@ ] }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -493,11 +472,11 @@ ] }, "locked": { - "lastModified": 1740840901, - "narHash": "sha256-nAHSkQJ2J5W8rGSReohh4xZ1b2edkG2UIj/4tF+ARAQ=", + "lastModified": 1741461731, + "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=", "owner": "nix-community", "repo": "home-manager", - "rev": "30da4310935450ea38931abf775ffe1dfab15355", + "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44", "type": "github" }, "original": { @@ -554,11 +533,11 @@ ] }, "locked": { - "lastModified": 1740440383, - "narHash": "sha256-w8ixbqOGrVWMQZFFs4uAwZpuwuGMzFoKjocMFxTR5Ts=", + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "6321bc060d757c137c1fbae2057c7e941483878f", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", "type": "github" }, "original": { @@ -614,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1740781229, - "narHash": "sha256-H8i+LhDQr6PbAxFt37TXYoRkwHvGlSTuNJUrlE5bb0w=", + "lastModified": 1741358751, + "narHash": "sha256-cDPg74UirjlGcVjB9qI/8ImkdEJ9p2y8Y2FQBfU8KzY=", "ref": "refs/heads/main", - "rev": "99bc6867e8913ad8f5fa7d63fefd885743eac4c1", - "revCount": 17539, + "rev": "93c3ca4e92b8cd1a129498f4c3f4c48558032d46", + "revCount": 17620, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -667,11 +646,11 @@ ] }, "locked": { - "lastModified": 1732053863, - "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=", + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", "owner": "oxalica", "repo": "nil", - "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", "type": "github" }, "original": { @@ -680,66 +659,6 @@ "type": "github" } }, - "niri": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ], - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1740817768, - "narHash": "sha256-NFu4LhDHkc4xonmpknh2cI/0ozeXjFmoMxVz1HecqxI=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "f3dde1ed6d76545ac637a80a356d50f6a7089a2a", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1740117926, - "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "b94a5db8790339cf9134873d8b490be69e02ac71", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.02", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1740749946, - "narHash": "sha256-uA03y5H8XI00ZxOIAAj3RGGOBOQCFjLyjLc79NH01oI=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "66113d7d76f6cf7d06e2ccde9281ff9bafab126c", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, "nix": { "inputs": { "flake-compat": [ @@ -819,6 +738,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741446546, + "narHash": "sha256-0z0GiUsUhjhZWa24bcAxqmlI3Ch8QvEeh42wghc6oVw=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "eeaf10849c3a0435323216885c0df7569dc95cb9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nix-ld": { "inputs": { "nixpkgs": [ @@ -826,11 +765,11 @@ ] }, "locked": { - "lastModified": 1740390822, - "narHash": "sha256-UnMANgi2Zf4gf4p49cXM4fDRrPEpN6oJJMXT4Z2BW/U=", + "lastModified": 1740995332, + "narHash": "sha256-SELnZZg9LOhw+kz60yEAr3l1plu70rBLInMRszLHtuc=", "owner": "nix-community", "repo": "nix-ld", - "rev": "4c86e9f94553bceba004c48be6f2691971d2a6f7", + "rev": "090c2003e3faa739e5a94e0a3cd782a1ccc40964", "type": "github" }, "original": { @@ -921,27 +860,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_4": { - "locked": { - "lastModified": 1740743217, - "narHash": "sha256-brsCRzLqimpyhORma84c3W2xPbIidZlIc3JGIuQVSNI=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b27ba4eb322d9d2bf2dc9ada9fd59442f50c8d7c", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { @@ -1001,11 +924,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740804553, - "narHash": "sha256-1vP/NaV+Ps+kFqfVBJ5yxYahML9Vk6VwLndtU9bDvUE=", + "lastModified": 1741455743, + "narHash": "sha256-raXtjhD9mmNrVdCoJkYoUo0X2lhEyIZYQ6M7uUp/Uuc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9114ab05304c83c930673fee79948b3fb14acd9a", + "rev": "c1ee2620296430ac1e3ee72583ad0191463a9d60", "type": "github" }, "original": { @@ -1026,11 +949,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1740520037, - "narHash": "sha256-TpZMYjOre+6GhKDVHFwoW2iBWqpNQppQTuqIAo+OBV8=", + "lastModified": 1741098523, + "narHash": "sha256-gXDSXDr6tAb+JgxGMvcEjKC9YO8tVOd8hMMZHJLyQ6Q=", "owner": "nix-community", "repo": "nixvim", - "rev": "6f8d8f7aee84f377f52c8bb58385015f9168a666", + "rev": "03065fd4708bfdf47dd541d655392a60daa25ded", "type": "github" }, "original": { @@ -1078,26 +1001,19 @@ "type": "github" } }, - "plasma-manager": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, + "pixelflasher": { "locked": { - "lastModified": 1740569341, - "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", - "owner": "nix-community", - "repo": "plasma-manager", - "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", + "lastModified": 1741302870, + "narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "5ef8b274bb7f939104295a22cec3382268ed73cc", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "plasma-manager", + "owner": "cything", + "ref": "pixelflasher", + "repo": "nixpkgs", "type": "github" } }, @@ -1127,15 +1043,14 @@ "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_3" + ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", "type": "github" }, "original": { @@ -1165,7 +1080,6 @@ "inputs": { "conduwuit": "conduwuit", "crane": "crane_2", - "disko": "disko", "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "flake-utils": "flake-utils", @@ -1174,13 +1088,13 @@ "lix": "lix", "lix-module": "lix-module", "nil": "nil", - "niri": "niri", + "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_4", + "nixpkgs-stable": "nixpkgs-stable_3", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", - "plasma-manager": "plasma-manager", + "pixelflasher": "pixelflasher", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", @@ -1211,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1740796337, - "narHash": "sha256-FuoXrXZPoJEZQ3PF7t85tEpfBVID9JQIOnVKMNfTAb0=", + "lastModified": 1741400194, + "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "bbac9527bc6b28b6330b13043d0e76eac11720dc", + "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", "type": "github" }, "original": { @@ -1231,11 +1145,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1741043164, + "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", "type": "github" }, "original": { @@ -1307,49 +1221,17 @@ ] }, "locked": { - "lastModified": 1740827838, - "narHash": "sha256-xHWVg/CgaJqID4BUxqqJ47ESXRzWOxRNhJ9+jBXKuLc=", + "lastModified": 1740924345, + "narHash": "sha256-TO8Ttb+7PeKBkUe8vUrBt6Vxg3RMeQp4ARmlWQfcWrs=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "02d071ae1fadb1a63c6122d307ca5eb7e6b4feb9", + "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" }, "original": { "owner": "nix-community", "repo": "nix-vscode-extensions", - "type": "github" - } - }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1739246919, - "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.5.1", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1739246919, - "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", + "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" } } diff --git a/flake.nix b/flake.nix index 710d889..cdb829e 100644 --- a/flake.nix +++ b/flake.nix @@ -16,10 +16,6 @@ url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko/latest"; - inputs.nixpkgs.follows = "nixpkgs"; - }; lanzaboote = { url = "github:nix-community/lanzaboote/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -37,11 +33,6 @@ url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; - niri = { - url = "github:sodiboo/niri-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; - }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -70,11 +61,6 @@ url = "github:nix-community/nix-ld"; inputs.nixpkgs.follows = "nixpkgs"; }; - plasma-manager = { - url = "github:nix-community/plasma-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; nil = { url = "github:oxalica/nil"; inputs.nixpkgs.follows = "nixpkgs"; @@ -82,11 +68,17 @@ inputs.flake-utils.follows = "flake-utils"; }; vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions"; + # https://github.com/nix-community/nix-vscode-extensions/issues/102 + url = "github:nix-community/nix-vscode-extensions/1fc267a10f46200e32f0850caa396bd1ba4ba08e"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; inputs.flake-compat.follows = "flake-compat"; }; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -101,13 +93,11 @@ nixConfig = { extra-substituters = [ - "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" ]; extra-trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" @@ -120,7 +110,6 @@ self, nixpkgs, home-manager, - disko, flake-parts, ... }@inputs: @@ -161,7 +150,6 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ - inputs.niri.overlays.niri inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); @@ -180,10 +168,9 @@ nixpkgs = { inherit pkgs; }; } ./hosts/ytnix - inputs.sops-nix.nixosModules.sops ./modules + inputs.sops-nix.nixosModules.sops inputs.lanzaboote.nixosModules.lanzaboote - inputs.niri.nixosModules.niri inputs.lix-module.nixosModules.default inputs.nix-ld.nixosModules.nix-ld ]; @@ -195,8 +182,9 @@ nixpkgs = { inherit pkgs; }; } ./hosts/chunk - inputs.sops-nix.nixosModules.sops ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default ]; }; }; @@ -211,8 +199,7 @@ modules = [ ./home/yt/ytnix.nix inputs.nixvim.homeManagerModules.nixvim - inputs.niri.homeModules.config - inputs.plasma-manager.homeManagerModules.plasma-manager + inputs.nix-index-database.hmModules.nix-index ]; }; diff --git a/home/codium.nix b/home/codium.nix index 792f880..2d7bb9d 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,122 +10,189 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; [ + with pkgs.open-vsx; + [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme rust-lang.rust-analyzer shd101wyy.markdown-preview-enhanced - fwcd.kotlin alefragnani.bookmarks tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker + emilast.logfilehighlighter ]; - userSettings = { - "workbench.colorTheme" = "GitHub Dark Default"; - "files.autoSave" = "onFocusChange"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 15; - "window.zoomLevel" = 0.5; + userSettings = + let + vimCommonKeyBindings = [ + { + "before" = [ "C-a" ]; + "commands" = [ "cursorHome" ]; + } + { + "before" = [ "C-e" ]; + "commands" = [ "cursorEnd" ]; + } + ]; + in + { + "workbench.colorTheme" = "GitHub Dark Default"; + "workbench.startupEditor" = "none"; + "workbench.enableExperiments" = false; + "files.autoSave" = "onFocusChange"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 15; + "editor.minimap.enabled" = false; + "window.zoomLevel" = 0.5; + "security.promptForLocalFileProtocolHandling" = false; + "security.promptForRemoteFileProtocolHandling" = false; + "explorer.confirmDelete" = false; + "explorer.confirmDragAndDrop" = false; + "editor.acceptSuggestionOnEnter" = "off"; + "editor.acceptSuggestionOnCommitCharacter" = false; + "git.openRepositoryInParentFolders" = "never"; + "git.ignoreLimitWarning" = true; + "git.blame.editorDecoration.enabled" = true; + "extensions.ignoreRecommendations" = true; + "telemetry.enableTelemetry" = false; + "telemetry.telemetryLevel" = "off"; + "window.titleBarStyle" = "custom"; - # vim stuff - "vim.leader" = ","; - "vim.normalModeKeyBindings" = [ - { - "before" = [ ";" ]; - "after" = [ ":" ]; - "silent" = true; - } - { - "before" = [ "" "m" ]; - "commands" = [ "bookmarks.toggle" ]; - } - { - "before" = [ "" "l" ]; - "commands" = [ "bookmarks.toggleLabeled" ]; - } - { - "before" = [ "" "b" ]; - "commands" = [ "bookmarks.list" ]; - } - { - "before" = [ "" "s" ]; - "commands" = [ "workbench.action.toggleSidebarVisibility" ]; - } - { - "before" = [ "" "f" "f" ]; - "commands" = [ "find-it-faster.findFiles" ]; - } - { - "before" = [ "" "f" "g"]; - "commands" = [ "find-it-faster.findWithinFiles"]; - } - { - "before" = [ "" "f" "t"]; - "commands" = [ "find-it-faster.findWithinFilesWithType"]; - } - # "gd" for definitions is by default - { - "before" = [ "g" "r" ]; - "commands" = [ "editor.action.goToReferences" ]; - } - # the default is weird when you need to go back within a file - { - "before" = [ "C-o" ]; - "commands" = [ "workbench.action.navigateBack" ]; - } - { - "before" = [ "C-i" ]; - "commands" = [ "workbench.action.navigateForward" ]; - } - ]; - "vim.insertModeKeyBindings" = [ - { - "before" = [ "C-a" ]; - "commands" = [ "cursorHome" ]; - } - { - "before" = [ "C-e" ]; - "commands" = [ "cursorEnd" ]; - } - ]; - "vim.visualModeKeyBindings" = [ - { - "before" = [ ">" ]; - "commands" = [ "editor.action.indentLines" ]; - } - { - "before" = [ "<" ]; - "commands" = [ "editor.action.outdentLines" ]; - } - ]; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; - "workbench.startupEditor" = "none"; - "git.openRepositoryInParentFolders" = "never"; - - # terminal stuff - "terminal.integrated.cursorBlinking" = true; - "terminal.integrated.cursorStyle" = "line"; - "terminal.integrated.customGlyphs" = false; - "terminal.integrated.env.linux" = { - # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 - FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; - }; - # don't let the workbench handle terminal keys like ctrl+n and friends - "terminal.integrated.sendKeybindingsToShell" = true; - "terminal.integrated.allowChords" = false; + # terminal stuff + "terminal.integrated.cursorBlinking" = true; + "terminal.integrated.cursorStyle" = "line"; + "terminal.integrated.customGlyphs" = false; + "terminal.integrated.env.linux" = { + # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 + FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + }; + # don't let the workbench handle terminal keys like ctrl+n and friends + "terminal.integrated.sendKeybindingsToShell" = true; + "terminal.integrated.allowChords" = false; - "security.promptForLocalFileProtocolHandling" = false; - "security.promptForRemoteFileProtocolHandling" = false; - "markdown-preview-enhanced.previewTheme" = "github-dark.css"; - "editor.minimap.enabled" = false; - "explorer.confirmDelete" = false; - "explorer.confirmDragAndDrop" = false; - }; + "markdown-preview-enhanced.previewTheme" = "github-dark.css"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "bookmarks.saveBookmarksInProject" = true; + + "cSpell.enabledFileTypes" = { + "markdown" = true; + "*" = false; + }; + + # vim stuff + "vim.leader" = ","; + "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + { + "before" = [ + "" + "m" + ]; + "commands" = [ "bookmarks.toggle" ]; + } + { + "before" = [ + "" + "l" + ]; + "commands" = [ "bookmarks.toggleLabeled" ]; + } + { + "before" = [ + "" + "b" + ]; + "commands" = [ "bookmarks.list" ]; + } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ + "" + "f" + "f" + ]; + "commands" = [ "find-it-faster.findFiles" ]; + } + { + "before" = [ + "" + "f" + "g" + ]; + "commands" = [ "find-it-faster.findWithinFiles" ]; + } + { + "before" = [ + "" + "f" + "t" + ]; + "commands" = [ "find-it-faster.findWithinFilesWithType" ]; + } + # "gd" for definitions is by default + { + "before" = [ + "g" + "r" + ]; + "commands" = [ "editor.action.goToReferences" ]; + } + # the default is weird when you need to go back within a file + { + "before" = [ "C-o" ]; + "commands" = [ "workbench.action.navigateBack" ]; + } + { + "before" = [ "C-i" ]; + "commands" = [ "workbench.action.navigateForward" ]; + } + # insert line without leaving normal mode + { + "before" = [ + "" + "o" + ]; + "commands" = [ "editor.action.insertLineAfter" ]; + } + { + "before" = [ + "" + "O" + ]; + "commands" = [ "editor.action.insertLineBefore" ]; + } + ]; + "vim.insertModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ "C-k" ]; + "commands" = [ "acceptSelectedSuggestion" ]; + } + ]; + "vim.visualModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ">" ]; + "commands" = [ "editor.action.indentLines" ]; + } + { + "before" = [ "<" ]; + "commands" = [ "editor.action.outdentLines" ]; + } + ]; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; + }; }; }; } diff --git a/home/fish.nix b/home/fish.nix deleted file mode 100644 index 3bb9d84..0000000 --- a/home/fish.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ ... }: -{ - programs.fish = { - enable = true; - shellAliases = { - "vi" = "nvim"; - "vim" = "nvim"; - "t" = "tmux"; - "tl" = "tmux list-sessions"; - "ta" = "tmux new-session -A -s"; - "se" = "sudoedit"; - "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch --flake ."; - "nrt" = "sudo nixos-rebuild test --flake ."; - "hrs" = "home-manager switch --flake ."; - "g" = "git"; - "ga" = "git add"; - "gaa" = "git add --all"; - "gb" = "git branch"; - "gc" = "git commit --verbose"; - "gcmsg" = "git commit --message"; - "gd" = "git diff"; - "gdca" = "git diff --cached"; - "gds" = "git diff --staged"; - "gl" = "git log --stat"; - "glg" = "git log --graph"; - "glga" = "git log --graph --decorate --all"; - "glo" = "git log --oneline --decorate"; - "gp" = "git push"; - "gr" = "git remote"; - "gra" = "git remote add"; - "grv" = "git remote --verbose"; - "gs" = "git status --short"; - "gss" = "git status"; - }; - - shellInit = '' - set fish_greeting - ''; - - functions = { - fish_prompt = '' - set -l last_status $status - set -l normal (set_color normal) - set -l status_color (set_color brgreen) - set -l cwd_color (set_color $fish_color_cwd) - set -l vcs_color (set_color brpurple) - set -l prompt_status "" - - # Since we display the prompt on a new line allow the directory names to be longer. - set -q fish_prompt_pwd_dir_length - or set -lx fish_prompt_pwd_dir_length 0 - - # Color the prompt differently when we're root - set -l suffix '❯' - if functions -q fish_is_root_user; and fish_is_root_user - if set -q fish_color_cwd_root - set cwd_color (set_color $fish_color_cwd_root) - end - set suffix '#' - end - - # Color the prompt in red on error - if test $last_status -ne 0 - set status_color (set_color $fish_color_error) - set prompt_status $status_color "[" $last_status "]" $normal - end - - echo -s (prompt_login) ' ' $cwd_color (prompt_pwd) $vcs_color (fish_vcs_prompt) $normal ' ' $prompt_status - echo -n -s $status_color $suffix ' ' $normal - ''; - - }; - }; - - programs.fzf.enableFishIntegration = true; - programs.zoxide.enableFishIntegration = true; - programs.eza.enableFishIntegration = true; - programs.nix-index.enableFishIntegration = true; -} diff --git a/home/foot.nix b/home/foot.nix deleted file mode 100644 index ce7cb0c..0000000 --- a/home/foot.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ ... }: -{ - programs.foot = { - enable = true; - settings = { - main = { - font = "IBM Plex Mono:size=8"; - dpi-aware = "yes"; - }; - bell = { - urgent = "no"; - notify = "no"; - visual = "no"; - }; - cursor = { - style = "beam"; - blink = "yes"; - blink-rate = 500; - beam-thickness = 1.5; - color = "161821 c6c8d1"; - }; - mouse = { - hide-when-typing = "yes"; - }; - colors = { - foreground = "c6c8d1"; - background = "161821"; - regular0 = "1e2132"; - regular1 = "e27878"; - regular2 = "b4be82"; - regular3 = "e2a478"; - regular4 = "84a0c6"; - regular5 = "a093c7"; - regular6 = "89b8c2"; - regular7 = "c6c8d1"; - bright0 = "6b7089"; - bright1 = "e98989"; - bright2 = "c0ca8e"; - bright3 = "e9b189"; - bright4 = "91acd1"; - bright5 = "ada0d3"; - bright6 = "95c4ce"; - bright7 = "d2d4de"; - selection-foreground = "161821"; - selection-background = "c6c8d1"; - }; - - key-bindings = { - clipboard-copy = "Control+Shift+c XF86Copy"; - clipboard-paste = "Control+Shift+v XF86Paste"; - quit = "Control+q"; - }; - }; - }; -} diff --git a/home/ghostty.nix b/home/ghostty.nix deleted file mode 100644 index 1c592f5..0000000 --- a/home/ghostty.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -{ - programs.ghostty = { - enable = true; - enableZshIntegration = true; - clearDefaultKeybinds = true; - settings = { - theme = "iceberg-dark"; - font-family = "IBM Plex Mono"; - font-size = "12"; - window-decoration = false; - confirm-close-surface = false; - keybind = [ - "ctrl+q=quit" - "ctrl+shift+c=copy_to_clipboard" - "ctrl+shift+v=paste_from_clipboard" - ]; - }; - }; -} diff --git a/home/kitty.nix b/home/kitty.nix index 463b10a..ea7047f 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -71,5 +71,5 @@ }; }; - programs.zsh.shellAliases."ssh" = "kitten ssh"; + # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( } diff --git a/home/niri/default.nix b/home/niri/default.nix deleted file mode 100644 index f1c8172..0000000 --- a/home/niri/default.nix +++ /dev/null @@ -1,210 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - wallpaper = "${./nixos-c-book.png}"; - terminal = "kitty"; - menu = [ - "fuzzel" - "-w" - "100" - ]; - browser = "librewolf"; - file-manager = "thunar"; - clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; -in -{ - programs.niri.settings = { - prefer-no-csd = true; - input.keyboard.xkb.options = "ctrl:nocaps"; - spawn-at-startup = [ - { command = [ "${lib.getExe pkgs.waybar}" ]; } - { - command = [ - "${lib.getExe pkgs.swaybg}" - "-m" - "fill" - "-i" - wallpaper - ]; - } - { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } - { - command = [ - "wl-paste" - "--watch" - "cliphist" - "store" - ]; - } - ]; - hotkey-overlay.skip-at-startup = true; - - input = { - touchpad = { - tap = true; - dwt = true; - natural-scroll = true; - click-method = "clickfinger"; - }; - warp-mouse-to-focus = false; - focus-follows-mouse.enable = false; - }; - - environment = { - DISPLAY = ":0"; # for xwayland-satellite - ANKI_WAYLAND = "1"; - }; - - layout = { - gaps = 0; - focus-ring = { - width = 4; - active.color = "#4c7899"; - inactive.color = "#333333"; - }; - always-center-single-column = true; - border.enable = false; - }; - - window-rules = [ - { - matches = [ - { app-id = "mpv"; } - { app-id = "Bitwarden"; } - { - app-id = "ghidra-Ghidra"; - # pop-up windows - title = "^win(.*)"; - } - ]; - open-floating = true; - } - { - matches = [ - { - app-id = "anki"; - title = "Add"; - } - ]; - default-column-width.proportion = .25; - } - { - matches = [ - { app-id = "foot"; } - { - app-id = "anki"; - title = "^Browse"; - } - { app-id = "com.mitchellh.ghostt"; } - { app-id = "org.kde.okular"; } - { app-id = "kitty"; } - { app-id = "VSCodium"; } - ]; - default-column-width.proportion = .5; - } - { - matches = [ { app-id = "librewolf"; } ]; - default-column-width.proportion = .75; - } - ]; - }; - - programs.niri.settings.binds = - with config.lib.niri.actions; - let - sh = spawn "sh" "-c"; - in - { - "Mod+Return".action = spawn terminal; - "Mod+D".action = spawn menu; - - "Mod+Shift+E".action = quit; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - "Mod+Shift+Equal".action = set-window-height "+10%"; - "Mod+Shift+Minus".action = set-window-height "-10%"; - "Super+Alt+L".action = spawn "swaylock"; - "Mod+Ctrl+Q".action = close-window; - "Mod+H".action = focus-column-left; - "Mod+L".action = focus-column-right; - "Mod+K".action = focus-window-up; - "Mod+J".action = focus-window-down; - "Mod+Shift+H".action = move-column-left; - "Mod+Shift+L".action = move-column-right; - "Mod+Shift+K".action = move-window-up; - "Mod+Shift+J".action = move-window-down; - "Mod+U".action = focus-workspace-up; - "Mod+I".action = focus-workspace-down; - "Mod+Shift+U".action = move-window-to-workspace-up; - "Mod+Shift+I".action = move-window-to-workspace-down; - "Mod+W".action = maximize-column; - "Mod+E".action = set-column-width "50%"; - "Mod+R".action = set-column-width "75%"; - "Mod+Q".action = set-column-width "25%"; - "Mod+C".action = center-column; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Space".action = switch-focus-between-floating-and-tiling; - "Print".action = screenshot; - "Alt+Print".action = screenshot-window; - "Ctrl+Print".action = screenshot-screen; - # "Mod+R".action = switch-preset-column-width; - "Mod+Shift+R".action = switch-preset-window-height; - "Mod+Ctrl+R".action = reset-window-height; - "Mod+F".action = fullscreen-window; - "Mod+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-column-right; - }; - "Mod+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-column-left; - }; - "Mod+Shift+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-workspace-down; - }; - "Mod+Shift+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-workspace-up; - }; - - "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; - "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; - "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; - "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+"; - "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-"; - - "Mod+1".action = focus-workspace 1; - "Mod+2".action = focus-workspace 2; - "Mod+3".action = focus-workspace 3; - "Mod+4".action = focus-workspace 4; - "Mod+5".action = focus-workspace 5; - "Mod+6".action = focus-workspace 6; - "Mod+7".action = focus-workspace 7; - "Mod+8".action = focus-workspace 8; - "Mod+9".action = focus-workspace 9; - "Mod+Shift+1".action = move-column-to-workspace 1; - "Mod+Shift+2".action = move-column-to-workspace 2; - "Mod+Shift+3".action = move-column-to-workspace 3; - "Mod+Shift+4".action = move-column-to-workspace 4; - "Mod+Shift+5".action = move-column-to-workspace 5; - "Mod+Shift+6".action = move-column-to-workspace 6; - "Mod+Shift+7".action = move-column-to-workspace 7; - "Mod+Shift+8".action = move-column-to-workspace 8; - "Mod+Shift+9".action = move-column-to-workspace 9; - - "Mod+Alt+B".action = spawn browser; - "Mod+Alt+A".action = spawn "anki"; - "Mod+Alt+F".action = spawn file-manager; - "Mod+Alt+E".action = spawn "evolution"; - "Mod+P".action = spawn "bitwarden"; - "Mod+Comma".action = sh clipboard; - - "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1"; - "MouseBack".action = spawn "sh" "${./scripts/remote.sh}"; - }; -} diff --git a/home/niri/nixos-c-book.png b/home/niri/nixos-c-book.png deleted file mode 100644 index 96abf8f..0000000 Binary files a/home/niri/nixos-c-book.png and /dev/null differ diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh deleted file mode 100755 index 0ef7c0d..0000000 --- a/home/niri/scripts/remote.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(niri msg --json focused-window |jq -r .app_id) - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "kitty" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "kitty" ]; then - wtype -M ctrl -M shift -k v -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v -m ctrl - fi -fi diff --git a/home/rofi/config.rasi b/home/rofi/config.rasi deleted file mode 100644 index ae76aeb..0000000 --- a/home/rofi/config.rasi +++ /dev/null @@ -1,156 +0,0 @@ -configuration { - modes: "drun,run,emoji:rofimoji,clipboard:/home/yt/.config/rofi/scripts/cliphist.sh"; - font: "hack 12"; -/* location: 0;*/ -/* yoffset: 0;*/ -/* xoffset: 0;*/ -/* fixed-num-lines: true;*/ - show-icons: true; - terminal: "kitty"; -/* ssh-client: "ssh";*/ -/* ssh-command: "{terminal} -e {ssh-client} {host} [-p {port}]";*/ -/* run-command: "{cmd}";*/ -/* run-list-command: "";*/ -/* run-shell-command: "{terminal} -e {cmd}";*/ -/* window-command: "wmctrl -i -R {window}";*/ -/* window-match-fields: "all";*/ - icon-theme: "Papirus"; -/* drun-match-fields: "name,generic,exec,categories,keywords";*/ -/* drun-categories: ;*/ -/* drun-show-actions: false;*/ -/* drun-display-format: "{name} [({generic})]";*/ -/* drun-url-launcher: "xdg-open";*/ -/* disable-history: false;*/ -/* ignored-prefixes: "";*/ -/* sort: false;*/ -/* sorting-method: "normal";*/ -/* case-sensitive: false;*/ -/* cycle: true;*/ -/* sidebar-mode: false;*/ -/* hover-select: false;*/ -/* eh: 1;*/ -/* auto-select: false;*/ -/* parse-hosts: false;*/ -/* parse-known-hosts: true;*/ - combi-modes: "window,run,calc,filebrowser"; -/* matching: "normal";*/ -/* tokenize: true;*/ -/* m: "-5";*/ -/* filter: ;*/ -/* dpi: -1;*/ -/* threads: 0;*/ -/* scroll-method: 0;*/ -/* window-format: "{w} {c} {t}";*/ -/* click-to-exit: true;*/ -/* global-kb: false;*/ -/* max-history-size: 25;*/ -/* combi-hide-mode-prefix: false;*/ -/* combi-display-format: "{mode} {text}";*/ -/* matching-negate-char: '-' /* unsupported */;*/ -/* cache-dir: ;*/ -/* window-thumbnail: false;*/ -/* drun-use-desktop-cache: false;*/ -/* drun-reload-desktop-cache: false;*/ -/* normalize-match: false;*/ -/* steal-focus: false;*/ -/* application-fallback-icon: ;*/ -/* refilter-timeout-limit: 300;*/ -/* xserver-i300-workaround: false;*/ -/* completer-mode: "recursivebrowser";*/ -/* pid: "/run/user/1000/rofi.pid";*/ -/* display-window: ;*/ -/* display-run: ;*/ -/* display-ssh: ;*/ -/* display-drun: ;*/ -/* display-combi: ;*/ -/* display-keys: ;*/ -/* display-filebrowser: ;*/ -/* display-recursivebrowser: ;*/ -/* kb-primary-paste: "Control+V,Shift+Insert";*/ -/* kb-secondary-paste: "Control+v,Insert";*/ -/* kb-secondary-copy: "Control+c";*/ -/* kb-clear-line: "Control+w";*/ -/* kb-move-front: "Control+a";*/ -/* kb-move-end: "Control+e";*/ -/* kb-move-word-back: "Alt+b,Control+Left";*/ -/* kb-move-word-forward: "Alt+f,Control+Right";*/ -/* kb-move-char-back: "Left,Control+b";*/ -/* kb-move-char-forward: "Right,Control+f";*/ -/* kb-remove-word-back: "Control+Alt+h,Control+BackSpace";*/ -/* kb-remove-word-forward: "Control+Alt+d";*/ -/* kb-remove-char-forward: "Delete,Control+d";*/ -/* kb-remove-char-back: "BackSpace,Shift+BackSpace,Control+h";*/ -/* kb-remove-to-eol: "Control+k";*/ -/* kb-remove-to-sol: "Control+u";*/ -/* kb-accept-entry: "Control+j,Control+m,Return,KP_Enter";*/ -/* kb-accept-custom: "Control+Return";*/ -/* kb-accept-custom-alt: "Control+Shift+Return";*/ -/* kb-accept-alt: "Shift+Return";*/ -/* kb-delete-entry: "Shift+Delete";*/ -/* kb-mode-next: "Shift+Right,Control+Tab";*/ -/* kb-mode-previous: "Shift+Left,Control+ISO_Left_Tab";*/ -/* kb-mode-complete: "Control+l";*/ -/* kb-row-left: "Control+Page_Up";*/ -/* kb-row-right: "Control+Page_Down";*/ -/* kb-row-up: "Up,Control+p";*/ -/* kb-row-down: "Down,Control+n";*/ -/* kb-row-tab: "";*/ -/* kb-element-next: "Tab";*/ -/* kb-element-prev: "ISO_Left_Tab";*/ -/* kb-page-prev: "Page_Up";*/ -/* kb-page-next: "Page_Down";*/ -/* kb-row-first: "Home,KP_Home";*/ -/* kb-row-last: "End,KP_End";*/ -/* kb-row-select: "Control+space";*/ -/* kb-screenshot: "Alt+S";*/ -/* kb-ellipsize: "Alt+period";*/ -/* kb-toggle-case-sensitivity: "grave,dead_grave";*/ -/* kb-toggle-sort: "Alt+grave";*/ -/* kb-cancel: "Escape,Control+g,Control+bracketleft";*/ -/* kb-custom-1: "Alt+1";*/ -/* kb-custom-2: "Alt+2";*/ -/* kb-custom-3: "Alt+3";*/ -/* kb-custom-4: "Alt+4";*/ -/* kb-custom-5: "Alt+5";*/ -/* kb-custom-6: "Alt+6";*/ -/* kb-custom-7: "Alt+7";*/ -/* kb-custom-8: "Alt+8";*/ -/* kb-custom-9: "Alt+9";*/ -/* kb-custom-10: "Alt+0";*/ -/* kb-custom-11: "Alt+exclam";*/ -/* kb-custom-12: "Alt+at";*/ -/* kb-custom-13: "Alt+numbersign";*/ -/* kb-custom-14: "Alt+dollar";*/ -/* kb-custom-15: "Alt+percent";*/ -/* kb-custom-16: "Alt+dead_circumflex";*/ -/* kb-custom-17: "Alt+ampersand";*/ -/* kb-custom-18: "Alt+asterisk";*/ -/* kb-custom-19: "Alt+parenleft";*/ -/* kb-select-1: "Super+1";*/ -/* kb-select-2: "Super+2";*/ -/* kb-select-3: "Super+3";*/ -/* kb-select-4: "Super+4";*/ -/* kb-select-5: "Super+5";*/ -/* kb-select-6: "Super+6";*/ -/* kb-select-7: "Super+7";*/ -/* kb-select-8: "Super+8";*/ -/* kb-select-9: "Super+9";*/ -/* kb-select-10: "Super+0";*/ -/* kb-entry-history-up: "Control+Up";*/ -/* kb-entry-history-down: "Control+Down";*/ -/* ml-row-left: "ScrollLeft";*/ -/* ml-row-right: "ScrollRight";*/ -/* ml-row-up: "ScrollUp";*/ -/* ml-row-down: "ScrollDown";*/ -/* me-select-entry: "MousePrimary";*/ -/* me-accept-entry: "MouseDPrimary";*/ -/* me-accept-custom: "Control+MouseDPrimary";*/ - timeout { - action: "kb-cancel"; - delay: 0; - } - filebrowser { - directories-first: true; - sorting-method: "name"; - } -} diff --git a/home/rofi/scripts/cliphist.sh b/home/rofi/scripts/cliphist.sh deleted file mode 100755 index d11fadf..0000000 --- a/home/rofi/scripts/cliphist.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -tmp_dir="/tmp/cliphist" -rm -rf "$tmp_dir" - -if [[ -n "$1" ]]; then - cliphist decode <<<"$1" | wl-copy - exit -fi - -mkdir -p "$tmp_dir" - -read -r -d '' prog <$tmp_dir/"grp[1]"."grp[3]) - print \$0"\0icon\x1f$tmp_dir/"grp[1]"."grp[3] - next -} -1 -EOF -cliphist list | gawk "$prog" diff --git a/home/sway/config b/home/sway/config deleted file mode 100644 index 1005b61..0000000 --- a/home/sway/config +++ /dev/null @@ -1,156 +0,0 @@ -set $mod Mod4 -set $alt Mod1 -set $left h -set $down j -set $up k -set $right l - -set $term $HOME/.config/sway/scripts/terminal.sh -set $menu rofi -show run -set $screenshot grim -g "$(slurp)" - | wl-copy -set $browser librewolf -set $clipboard rofi -show clipboard -show-icons -set $emoji rofi -show emoji - -set $font_family DejaVu Sans Mono -set $font_size 11 -set $bg #000000 -set $fg #ffffff -set $fgi #888888 - -set $wallpaper $HOME/wallpapers/nixos-c-book-large.png -set $lock swaylock -f -i $wallpaper -output * bg $wallpaper fill - -floating_modifier $mod normal -default_border pixel -smart_borders on -focus_follows_mouse always -# mouse_warping container - -bindsym $mod+Return exec $term -bindsym $mod+Ctrl+q kill -bindsym $mod+d exec $menu -bindsym $mod+Shift+c reload -bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' -bindsym Print exec $screenshot -bindsym $mod+comma exec $clipboard -bindsym $mod+period exec $emoji - -bindsym $mod+$alt+b exec $browser -bindsym $mod+$alt+a exec anki -bindsym $mod+$alt+f exec thunar -bindsym $mod+$alt+e exec evolution -bindsym $mod+p exec bitwarden -bindsym $mod+$alt+m exec element-desktop - -bindsym $mod+$left focus left -bindsym $mod+$down focus down -bindsym $mod+$up focus up -bindsym $mod+$right focus right - -bindsym $mod+Shift+$left move left -bindsym $mod+Shift+$down move down -bindsym $mod+Shift+$up move up -bindsym $mod+Shift+$right move right - -bindsym $mod+1 workspace number 1 -bindsym $mod+2 workspace number 2 -bindsym $mod+3 workspace number 3 -bindsym $mod+4 workspace number 4 -bindsym $mod+5 workspace number 5 -bindsym $mod+6 workspace number 6 -bindsym $mod+7 workspace number 7 -bindsym $mod+8 workspace number 8 -bindsym $mod+9 workspace number 9 -bindsym $mod+0 workspace number 10 - -bindsym $mod+Shift+1 move container to workspace number 1 -bindsym $mod+Shift+2 move container to workspace number 2 -bindsym $mod+Shift+3 move container to workspace number 3 -bindsym $mod+Shift+4 move container to workspace number 4 -bindsym $mod+Shift+5 move container to workspace number 5 -bindsym $mod+Shift+6 move container to workspace number 6 -bindsym $mod+Shift+7 move container to workspace number 7 -bindsym $mod+Shift+8 move container to workspace number 8 -bindsym $mod+Shift+9 move container to workspace number 9 -bindsym $mod+Shift+0 move container to workspace number 10 - -# mouse side buttons -bindsym --whole-window BTN_EXTRA exec ~/.config/sway/scripts/remote.sh btn1 -bindsym --whole-window BTN_SIDE exec ~/.config/sway/scripts/remote.sh - -bindsym $mod+b splith -bindsym $mod+v splitv - -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -bindsym $mod+f fullscreen - -bindsym $mod+Shift+space floating toggle - -bindsym $mod+space focus mode_toggle - -bindsym $mod+a focus parent -bindsym $mod+Shift+a focus child - -bindsym $mod+Shift+minus move scratchpad -bindsym $mod+minus scratchpad show - -mode "resize" { - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# keys to adjust volue and brightness -bindsym --locked XF86AudioMute exec "amixer -q sset Master,0 toggle" -bindsym --locked XF86AudioLowerVolume exec "amixer -q set Master 1%-" -bindsym --locked XF86AudioRaiseVolume exec "amixer -q sset Master 1%+" -bindsym --locked XF86MonBrightnessDown exec brightnessctl set 1%- -bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+ - -# lockscreen -bindsym $mod+Control+l exec $lock - -font pango:$font_family $font_size - -for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable -for_window [app_id="LibreWolf" title="^Extension"] floating enable -for_window [floating] border csd -for_window [app_id="Bitwarden"] floating enable -for_window [app_id=anki title="Add"] floating enable - -bar { - swaybar_command waybar -} - -input "type:touchpad" { - dwt enabled - tap enabled - natural_scroll enabled -} - -input "type:keyboard" { - xkb_layout us - xkb_options ctrl:nocaps - xkb_numlock enabled -} - -exec wl-paste --watch cliphist store -exec mako >> $HOME/mako.log 2>&1 -exec dbus-update-activation-environment --all - -exec swayidle -w \ - timeout 300 'swaymsg "output * power off"' \ - timeout 305 $lock \ - resume 'swaymsg "output * power on"' \ - before-sleep 'playerctl pause; swaylock -f' - -exec system-dnotify --ready diff --git a/home/sway/scripts/remote.sh b/home/sway/scripts/remote.sh deleted file mode 100755 index 741c26d..0000000 --- a/home/sway/scripts/remote.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(swaymsg -t get_tree |jq -r '..|try select(.focused == true) |.app_id') - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k v - wtype -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v - wtype -m ctrl - fi -fi diff --git a/home/sway/scripts/terminal.sh b/home/sway/scripts/terminal.sh deleted file mode 100755 index 42653c6..0000000 --- a/home/sway/scripts/terminal.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -focused_workspace=$(swaymsg -t get_workspaces | jq '.[] | select(.focused == true) | .num') - -foot_window_count=$(swaymsg -t get_tree | jq --argjson workspace "$focused_workspace" '[recurse(.nodes[]?) | select(.type == "workspace" and .num == $workspace) | recurse(.nodes[]?) | select(.app_id == "foot")] | length') - -next_session=$((focused_workspace * 10)) - -if [ "$foot_window_count" -gt 0 ] -then - next_session=$((next_session + foot_window_count)) -fi - -foot tmux new-session -A -s ${next_session} diff --git a/home/waybar/config b/home/waybar/config deleted file mode 100644 index 6038a44..0000000 --- a/home/waybar/config +++ /dev/null @@ -1,81 +0,0 @@ -{ - "layer": "top", // Waybar on highest layer so tooltips go over windows - "output": "eDP-1", // Set output to primary monitor - "height": 40, // Set height to avoid jumping due to active workspace indicator - - "margin-left": 0, - "margin-right": 0, - "margin-top": 0, - "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar - "modules-center": ["niri/window"], // Set modules for the center of the bar - "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar - "clock#time": { - "format": "{:%H:%M:%S}", - "interval": 1, - }, - "clock#date": { - "format": "{:%Y/%m/%d}", - "tooltip-format": "{calendar}", - "interval": 360, - "calendar": { - "mode": "month", - "mode-mon-col": 4, - "weeks-pos": "right", - "on-scroll": 1, - "on-click-right": "mode", - "format": { - "months": "{}", - "days": "{}", - "weeks": "W{}", - "weekdays": "{}", - "today": "{}", - }, - }, - }, - "battery": { - "interval": 60, - "states": { - "warning": 40, - "critical": 20, - }, - "format": "{icon} {capacity}%", - "format-icons": [ - "", - "", - "", - "", - "", - ], - "format-charging": "󱐌 {capacity}%", - }, - "cpu": { - "format": "{usage}%", - "interval": 4, - }, - "memory": { - "format": "{used}GiB", - "interval": 4, - }, - "temperature": { - "hwmon-path": "/sys/class/hwmon/hwmon4/temp1_input", - "critical-threshold": 80, - "format": "{temperatureC}°C", - "format-critical": "{temperatureC}°C", - "interval": 4, - }, - "wireplumber": { - "scroll-step": 1, // %, can be a float - "format": "{icon} {volume}%", - "format-muted": "󰝟 Muted", - "format-icons": ["", "", ""], - "on-click": "pavucontrol", - "interval": 4, - }, - "niri/window": { - "max-length": 64, - }, - "tray": { - "icon-size": 22, - "spacing": 6, - } -} diff --git a/home/waybar/style.css b/home/waybar/style.css deleted file mode 100644 index 438d892..0000000 --- a/home/waybar/style.css +++ /dev/null @@ -1,70 +0,0 @@ -.module, -#clock.date, -#clock.time, -#workspaces button { - background: transparent; - padding: 0 10px; - font-family: RobotoMono Nerd Font; - font-weight: 900; - font-size: 13pt; - color: #c0caf5; -} - -/* main waybar */ -window#waybar { - background: rgba(26, 27, 38, 1); - border: 2px solid #414868; -} - -/* when hovering over modules */ -tooltip { - background: #1e1e2e; - border-radius: 0; -} - -#workspaces { - padding-right: 0; -} - -#workspaces button { - padding: 2px; -} - -#clock { - padding-right: 100px; -} - - -/* Sets active workspace to have a solid line on the bottom */ -#workspaces button.focused { - border-bottom: 2px solid #7aa2f7; - border-radius: 0; - margin-top: 0px; - transition: none; -} - -/* More workspace stuff for highlighting on hover */ -#workspaces button.focused { - color: #a6adc8; -} - -#workspaces button.urgent { - color: #f7768e; -} - -#workspaces button:hover { - background: #11111b; - color: #cdd6f4; -} - -/* Hide window module when not focused on window or empty workspace */ -window#waybar.empty #window { - padding: 0; - margin: 0; - opacity: 0; -} - -/* Set up rounding to make these modules look like separate pills */ -#tray { - margin-right: 4px; -} diff --git a/home/yt/codespace.nix b/home/yt/codespace.nix deleted file mode 100644 index 6720c17..0000000 --- a/home/yt/codespace.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - ... -}: -{ - imports = [ - ./common.nix - ]; - home = { - username = "codespace"; - homeDirectory = "/home/codespace"; - stateVersion = "24.05"; - }; - programs.home-manager.enable = true; - - systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - foot.terminfo - attic-client - ]; -} diff --git a/home/yt/common.nix b/home/yt/common.nix index 28f3457..a8c9467 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -60,7 +60,11 @@ "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; url = { "ssh://git@github.com/" = { - insteadOf = "https://github.com/"; + insteadOf = [ + "https://github.com/" + "github:" + "gh:" + ]; }; }; }; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index e9b8738..c0182e7 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,8 +6,6 @@ { imports = [ ./common.nix - ../foot.nix - ../niri ../irssi.nix ../kitty.nix ../codium.nix @@ -27,99 +25,83 @@ x11.enable = true; }; - home.packages = with pkgs; [ - firefox - ungoogled-chromium - librewolf - bitwarden-desktop - fastfetch - nwg-look - kdePackages.gwenview - kdePackages.okular - kdePackages.qtwayland - mpv - yt-dlp - signal-desktop - pavucontrol - btop - jq - bash-language-server - sqlite - usbutils - clang-tools - calibre - tor-browser - wtype - bat - yarn - rclone - go - (rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override { - extensions = [ "rust-src" ]; - })) - pwgen - lua-language-server - gnumake - minisign - unzip - lm_sensors - sshfs - gopls - anki-bin - trezorctl - trezor-agent - q - opentofu - terraform-ls - gdb - clang - seahorse - github-cli - fuzzel - nixpkgs-review - just - hugo - ghidra - sequoia - sccache - awscli2 - lldb - (cutter.withPlugins ( - p: with p; [ - rz-ghidra - jsdec - sigdb - ] - )) - ida-free - patchelf - radare2 - p7zip - qbittorrent - nil - pkg-config - gtk2 - gtk2-x11 - android-tools - frida-tools - mitmproxy - openssl - (python313.withPackages ( - p: with p; [ - python-lsp-server - pip - virtualenv - ] - )) - telegram-desktop - jadx - gradle - localsend - scrcpy - syncthing - syncthingtray - obsidian - ]; + home.packages = + with pkgs; + lib.flatten [ + ungoogled-chromium + librewolf + bitwarden-desktop + bitwarden-cli + fastfetch + (with kdePackages; [ + gwenview + okular + ]) + mpv + signal-desktop + btop + jq + sqlite + usbutils + calibre + tor-browser + wtype + bat + rclone + go + (rust-bin.selectLatestNightlyWith ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) + pwgen + gnumake + unzip + anki-bin + trezorctl + trezor-agent + q + gdb + fuzzel + hugo + ghidra + sccache + awscli2 + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) + p7zip + qbittorrent + nil + android-tools + frida-tools + mitmproxy + (python313.withPackages ( + p: with p; [ + python-lsp-server + pip + virtualenv + ] + )) + jadx + scrcpy + syncthing + syncthingtray + (with llvmPackages; [ + clangUseLLVM + compiler-rt + libllvm + ]) + nix-output-monitor + wl-clipboard-rs + pixelflasher + element-desktop + ]; programs.feh.enable = true; @@ -134,11 +116,10 @@ programs.git.extraConfig = { user = { - signingKey = "~/.ssh/id.key"; + signingKey = "~/.ssh/id_ed25519"; }; gpg.format = "ssh"; commit.gpgsign = true; - core.sshCommand = "ssh -i ~/.ssh/id.key"; }; home.sessionVariables = { @@ -158,5 +139,10 @@ AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + + # bitwarden ssh agent + SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; + + programs.nix-index-database.comma.enable = true; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 311def5..9b5bcc6 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -90,9 +90,9 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake ."; - "nrt" = "sudo nixos-rebuild test -L --flake ."; - "hrs" = "home-manager switch -L --flake ."; + "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; + "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; + "hrs" = "home-manager switch -L --flake . |& nom --json"; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; @@ -119,6 +119,6 @@ programs.fzf.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; - programs.nix-index.enableZshIntegration = false; - programs.direnv.enableZshIntegration = false; + programs.nix-index.enableZshIntegration = true; + programs.direnv.enableZshIntegration = true; } diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix deleted file mode 100644 index 74207fc..0000000 --- a/hosts/chunk/adguard.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: -{ - services.adguardhome = { - enable = true; - host = "127.0.0.1"; - port = 8082; - settings = { - http.port = "8083"; - users = [ - { - name = "cy"; - password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; - } - ]; - # do not listen eveywhere cause podman runs it's own DNS - dns.bind_hosts = [ - "127.0.0.1" - "::1" - "31.59.129.225" - "2a0f:85c1:840:2bfb::1" - ]; - }; - }; - - services.caddy.virtualHosts."dns.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8082 - ''; -} diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix deleted file mode 100644 index 464c8b7..0000000 --- a/hosts/chunk/attic.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: -{ - services.atticd = { - enable = true; - - environmentFile = config.sops.secrets."attic/env".path; - - settings = { - listen = "[::]:8090"; - api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" ]; - require-proof-of-possession = false; - compression.type = "zstd"; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = { - type = "s3"; - region = "auto"; - bucket = "attic"; - endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; - }; - - garbage-collection = { - default-retention-period = "2 weeks"; - }; - }; - }; - - services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8090 - ''; -} diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix deleted file mode 100644 index 48025e1..0000000 --- a/hosts/chunk/conduit.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.conduit = { - image = "ghcr.io/girlbossceo/conduwuit:main"; - autoStart = true; - ports = [ "127.0.0.1:8448:8448" ]; - pull = "newer"; - environment = { - CONDUWUIT_SERVER_NAME = "cything.io"; - CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit"; - CONDUWUIT_PORT = "8448"; - CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB - CONDUWUIT_ALLOW_REGISTRATION = "false"; - CONDUWUIT_ALLOW_FEDERATION = "true"; - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true"; - CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]''; - CONDUWUIT_ADDRESS = "0.0.0.0"; - # CONDUIT_CONFIG = ""; - }; - volumes = [ - "/opt/conduit/db:/var/lib/conduwuit/" - ]; - networks = [ "conduit-net" ]; - }; - - systemd.services.create-conduit-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-conduit.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists conduit-net || \ - ${pkgs.podman}/bin/podman network create conduit-net - ''; - }; -} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index ec85850..48d7d84 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -60,6 +60,9 @@ "zipline/env" = { sopsFile = ../../secrets/services/zipline.yaml; }; + "searx/env" = { + sopsFile = ../../secrets/services/searx.yaml; + }; }; boot = { @@ -71,81 +74,74 @@ system.stateVersion = "24.05"; # network stuff + networking = { + hostName = "chunk"; + networkmanager.enable = true; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + 53 + 853 + ]; + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - networking.hostName = "chunk"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - 53 - 853 - ]; - allowedUDPPorts = [ - 443 - 53 - 853 - ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in - '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # clear existing rules - ${tc} qdisc del dev ens18 root || true + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 30 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # tailscale - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 - - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 - ''; - }; - networking.interfaces.ens18 = { - ipv6.addresses = [ - { - address = "2a0f:85c1:840:2bfb::1"; - prefixLength = 64; - } - ]; - ipv4.addresses = [ - { - address = "31.59.129.225"; - prefixLength = 24; - } - ]; - }; - networking.defaultGateway6 = { - address = "2a0f:85c1:840::1"; - interface = "ens18"; - }; - networking.defaultGateway = { - address = "31.59.129.1"; - interface = "ens18"; - }; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ''; + }; + interfaces.ens18 = { + ipv6.addresses = [ + { + address = "2a0f:85c1:840:2bfb::1"; + prefixLength = 64; + } + ]; + ipv4.addresses = [ + { + address = "31.59.129.225"; + prefixLength = 24; + } + ]; + }; + defaultGateway6 = { + address = "2a0f:85c1:840::1"; + interface = "ens18"; + }; + defaultGateway = { + address = "31.59.129.1"; + interface = "ens18"; + }; }; users.users.yt = { @@ -179,7 +175,6 @@ tmux file sops - attic-server ]; environment.variables = { @@ -199,29 +194,11 @@ programs.git.enable = true; my.caddy.enable = true; - services.caddy.virtualHosts."cy7.sh" = { - serverAliases = [ "www.cy7.sh" ]; - extraConfig = '' - import common - redir https://cything.io temporary - ''; - }; # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - environment.enableAllTerminfo = true; + my.containerization.enable = true; my.roundcube.enable = true; my.zipline.enable = true; + my.searx.enable = true; } diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix deleted file mode 100644 index 5dd3fd4..0000000 --- a/hosts/chunk/deluge.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - services.deluge = { - enable = true; - web = { - enable = true; - port = 8112; - }; - }; - - services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8112 - ''; -} diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix deleted file mode 100644 index 753bcbd..0000000 --- a/hosts/chunk/gitlab.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, ... }: -{ - services.gitlab = { - enable = true; - https = true; - host = "git.cything.io"; - user = "git"; # so that you can ssh with git@git.cything.io - group = "git"; - port = 443; # this *not* the port gitlab will run on - puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma - sidekiq.concurrency = 5; - databaseUsername = "git"; # needs to be same as user - initialRootEmail = "hi@cything.io"; - initialRootPasswordFile = config.sops.secrets."gitlab/root".path; - secrets = { - secretFile = config.sops.secrets."gitlab/secret".path; - otpFile = config.sops.secrets."gitlab/otp".path; - jwsFile = config.sops.secrets."gitlab/jws".path; - dbFile = config.sops.secrets."gitlab/db".path; - }; - backup = { - startAt = "daily"; - # we already postgresqlbackup.service - skip = [ "db" ]; - keepTime = 48; # hours - }; - extraConfig = { - gitlab = { - # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database - default_color_mode = 2; - }; - prometheus.enabled = false; - }; - }; -} diff --git a/hosts/chunk/jellyfin.nix b/hosts/chunk/jellyfin.nix deleted file mode 100644 index c6e0dec..0000000 --- a/hosts/chunk/jellyfin.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.jellyfin = { - enable = true; - dataDir = "/mnt/jellyfin"; - configDir = "/var/lib/jellyfin/config"; - }; -} diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index 7529610..cedece2 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,15 +1,6 @@ -{ config, ... }: +{ ... }: { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - }; - }; + my.vaultwarden.enable = true; services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' import common diff --git a/hosts/common.nix b/hosts/common.nix index e59c314..feafd17 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -39,35 +39,46 @@ registry.nixpkgs.flake = inputs.nixpkgs; }; + i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { firewall.logRefusedConnections = false; nameservers = [ - # quad9 - "2620:fe::fe" - "2620:fe::9" - "9.9.9.9" - "149.112.112.112" + # quad9 (unfiltered) + "2620:fe::10" + "2620:fe::fe:10" + "9.9.9.10" + "149.112.112.110" ]; timeServers = [ + # https://github.com/jauderho/nts-servers + "ntp3.fau.de" "ntppool1.time.nl" - "nts.netnod.se" - "ptbtime1.ptb.de" - "ohio.time.system76.com" - "time.txryan.com" - "time.dfm.dk" + "ntpmon.dcs1.biz" + "stratum1.time.cifelli.xyz" + "nts.teambelgium.net" + "c.st1.ntp.br" ]; }; services.chrony = { enable = true; enableNTS = true; + enableMemoryLocking = true; + extraConfig = '' + # Expedited Forwarding + dscp 46 + # disable command port + cmdport 0 + # only allow NTS + authselectmode require + # update the clock only when at least 3 sources agree on the correct time + minsources 3 + ''; }; - # this is true by default and mutually exclusive with - # programs.nix-index - programs.command-not-found.enable = false; - programs.nix-index.enable = false; # set above to false to use this - # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; + + services.thermald.enable = true; + environment.enableAllTerminfo = true; } diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile deleted file mode 100644 index c306399..0000000 --- a/hosts/titan/Caddyfile +++ /dev/null @@ -1,41 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -cything.io { - import common - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD - header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - route { - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} - redir https://cy7.sh/posts{uri} permanent - } -} - -www.cything.io { - import common - redir https://cything.io{uri} permanent -} - -ntfy.cything.io { - import common - reverse_proxy localhost:8083 -} - -status.cything.io { - import common - reverse_proxy localhost:3001 -} diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix deleted file mode 100644 index ad09978..0000000 --- a/hosts/titan/backup.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - ... -}: -{ - my.backup = { - enable = true; - jobName = "titanRsync"; - repo = "titan"; - passFile = config.sops.secrets."borg/rsyncnet".path; - sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; - }; -} diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix deleted file mode 100644 index e8b03f0..0000000 --- a/hosts/titan/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ../common.nix - ./disk-config.nix - ./hardware-configuration.nix - ./ghost.nix - ./ntfy.nix - ./uptime-kuma.nix - ./backup.nix - ]; - - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; - sops.secrets = { - "caddy/env" = { - sopsFile = ../../secrets/services/caddy.yaml; - }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; - "borg/rsyncnet" = { - sopsFile = ../../secrets/borg/titan.yaml; - }; - "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/zh5061/titan.yaml; - }; - }; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" - ]; - - system.stateVersion = "24.05"; - - environment.systemPackages = with pkgs; [ - curl - git - ]; - - # network stuff - networking.hostName = "titan"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ - 443 - ]; - }; - - # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; - }; -} diff --git a/hosts/titan/disk-config.nix b/hosts/titan/disk-config.nix deleted file mode 100644 index 7c67624..0000000 --- a/hosts/titan/disk-config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/titan/ghost.nix b/hosts/titan/ghost.nix deleted file mode 100644 index a9f8293..0000000 --- a/hosts/titan/ghost.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.ghost = { - image = "ghost:5-alpine"; - autoStart = true; - ports = [ "127.0.0.1:8084:2368" ]; - pull = "newer"; - environment = { - database__client = "mysql"; - database__connection__host = "ghost-db"; - database__connection__user = "root"; - database__connection__password = "example"; - database__connection__database = "ghost"; - url = "https://cything.io"; - NODE_ENV = "production"; - }; - volumes = [ - "/opt/ghost/data:/var/lib/ghost/content" - ]; - networks = [ "ghost-net" ]; - dependsOn = [ "ghost-db" ]; - }; - - virtualisation.oci-containers.containers.ghost-db = { - image = "mysql:8.0"; - autoStart = true; - pull = "newer"; - environment = { - MYSQL_ROOT_PASSWORD = "example"; - }; - volumes = [ - "/opt/ghost/db:/var/lib/mysql" - ]; - networks = [ "ghost-net" ]; - }; - - systemd.services.create-ghost-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-ghost.service" - "${backend}-ghost-db.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists ghost-net || \ - ${pkgs.podman}/bin/podman network create ghost-net - ''; - }; -} diff --git a/hosts/titan/hardware-configuration.nix b/hosts/titan/hardware-configuration.nix deleted file mode 100644 index 2730f0c..0000000 --- a/hosts/titan/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - ... -}: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - virtualisation.hypervGuest.enable = true; -} diff --git a/hosts/titan/ntfy.nix b/hosts/titan/ntfy.nix deleted file mode 100644 index cc2cb47..0000000 --- a/hosts/titan/ntfy.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - services.ntfy-sh = { - enable = true; - settings = { - listen-http = "127.0.0.1:8083"; - base-url = "https://ntfy.cything.io"; - upstream-base-url = "https://ntfy.sh"; - auth-default-access = "deny-all"; - behind-proxy = true; - }; - }; -} diff --git a/hosts/titan/uptime-kuma.nix b/hosts/titan/uptime-kuma.nix deleted file mode 100644 index 8bc0251..0000000 --- a/hosts/titan/uptime-kuma.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - # data stored at /var/lib/uptime-kuma/ but does not expose - # an option to change it - services.uptime-kuma = { - enable = true; - settings.PORT = "3001"; - }; -} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 42d9217..c097165 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -31,16 +31,18 @@ sopsFile = ../../secrets/yt/aws.yaml; owner = "yt"; }; + "vaultwarden/env" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + }; }; boot = { loader = { # lanzaboote replaces systemd-boot systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = false; # toggle when installing + efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce @@ -141,40 +143,46 @@ "adbusers" ]; - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs; lib.flatten [ tmux vim wget - neovim - git - python3 - wl-clipboard - # mako # sway config uses this tree kitty borgbackup - brightnessctl - alsa-utils - nixd - bluetuith - libimobiledevice - pass-wayland htop file dnsutils + q age compsize wireguard-tools traceroute sops - restic - haskell-language-server - ghc sbctl # secure boot - wine-wayland - wine64 - solaar - gtk3 + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) ]; environment.sessionVariables = { @@ -196,18 +204,19 @@ }; }; - fonts.packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; - fonts.enableDefaultPackages = true; + fonts = { + packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; + enableDefaultPackages = true; + }; hardware.enableAllFirmware = true; hardware.bluetooth = { enable = true; powerOnBoot = true; }; - services.blueman.enable = true; my.backup = { enable = true; @@ -220,41 +229,24 @@ "**/.wine" "/home/yt/Games" "/home/yt/Videos" + "/home/yt/.bitmonero" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; }; - services.btrbk.instances.local = { - onCalendar = "hourly"; - # only create snapshots automatically. backups are triggered manually with `btrbk resume` - snapshotOnly = true; - settings = { - snapshot_preserve_min = "latest"; - target_preserve = "30d"; - target_preserve_min = "2d"; - target = "/mnt/target/btr_backup/ytnix"; - stream_compress = "zstd"; - stream_compress_level = "8"; - snapshot_dir = "/snapshots"; - subvolume = { - "/home" = { }; - "/" = { }; - }; - }; - }; - programs.steam = { enable = true; extest.enable = true; extraCompatPackages = with pkgs; [ proton-ge-bin ]; }; - hardware.steam-hardware.enable = true; + programs.gamescope.enable = true; services.logind = { - lidSwitch = "hibernate"; - powerKey = "hibernate"; + lidSwitch = "suspend"; + powerKey = "poweroff"; + suspendKey = "hibernate"; }; xdg.mime.defaultApplications = { @@ -263,31 +255,18 @@ "*/html" = "chromium-browser.desktop"; }; - programs.thunar = { - enable = true; - plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - }; - # preference changes don't work in thunar without this - programs.xfconf.enable = true; - # mount, trash and stuff in thunar - services.gvfs.enable = true; - # thumbnails in thunar - services.tumbler.enable = true; - virtualisation = { libvirtd.enable = true; - docker.enable = true; }; programs.virt-manager.enable = true; + my.containerization.enable = true; services.usbmuxd.enable = true; programs.nix-ld.dev = { enable = true; # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ libraries = with pkgs; [ + # TODO: revisit what we actually need mesa extest stdenv.cc.cc @@ -295,6 +274,7 @@ fontconfig libxkbcommon zlib + libz libxml2 dbus freetype @@ -359,6 +339,7 @@ enable = true; plugins = with pkgs.obs-studio-plugins; [ wlrobs + obs-pipewire-audio-capture ]; }; @@ -372,7 +353,7 @@ services.ollama.enable = false; - services.trezord.enable = false; + services.trezord.enable = true; programs.niri.enable = false; programs.niri.package = pkgs.niri-unstable; @@ -382,12 +363,6 @@ SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" ''; - programs.ssh = { - askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; - startAgent = true; - enableAskPassword = true; - }; - services.desktopManager.plasma6 = { enable = true; enableQt5Integration = true; @@ -403,8 +378,6 @@ programs.kdeconnect.enable = true; programs.dconf.enable = true; - programs.java = { - enable = true; - binfmt = true; - }; + programs.ccache.enable = true; + nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; } diff --git a/modules/caddy.nix b/modules/caddy.nix index 03d7a4a..6b46cb5 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -29,11 +29,12 @@ in (common) { encode zstd gzip header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + tls { + dns cloudflare {$CLOUDFLARE_KEY} + resolvers 1.1.1.1 8.8.8.8 + } } ''; - globalConfig = '' - acme_dns cloudflare {$CLOUDFLARE_KEY} - ''; environmentFile = config.sops.secrets."caddy/env".path; }; }; diff --git a/modules/containerization.nix b/modules/containerization.nix new file mode 100644 index 0000000..416d2bf --- /dev/null +++ b/modules/containerization.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.containerization; +in +{ + options.my.containerization = { + enable = lib.mkEnableOption "containerization"; + usePodman = lib.mkOption { + type = lib.types.bool; + default = true; + description = "whether to use podman instead of docker"; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + containers.enable = true; + podman = lib.mkIf cfg.usePodman { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + }; + oci-containers.backend = lib.mkIf cfg.usePodman "podman"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 96ea519..b93f89f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,5 +5,8 @@ ./caddy.nix ./roundcube.nix ./zipline.nix + ./containerization.nix + ./vaultwarden.nix + ./searx.nix ]; } diff --git a/modules/searx.nix b/modules/searx.nix new file mode 100644 index 0000000..3eb178a --- /dev/null +++ b/modules/searx.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.searx; + sockPath = "/run/searx/searx.sock"; +in +{ + options.my.searx = { + enable = lib.mkEnableOption "searx"; + }; + + config = lib.mkIf cfg.enable { + services.searx = { + enable = true; + runInUwsgi = true; + uwsgiConfig = { + disable-logging = true; + http = "127.0.0.1:8090"; + }; + settings = { + # get secret from env + server.secret_key = "@SEARX_SECRET_KEY@"; + }; + environmentFile = config.sops.secrets."searx/env".path; + }; + + services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:8090 + ''; + }; +} \ No newline at end of file diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix new file mode 100644 index 0000000..8fda611 --- /dev/null +++ b/modules/vaultwarden.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vaultwarden; +in +{ + options.my.vaultwarden = { + enable = lib.mkEnableOption "vaultwarden"; + domain = lib.mkOption { + type = lib.types.str; + default = "https://pass.cy7.sh"; + }; + }; + + config = lib.mkIf cfg.enable { + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2"; + DOMAIN = cfg.domain; + }; + }; + }; +} \ No newline at end of file diff --git a/overlay/default.nix b/overlay/default.nix index 6a824d1..d617b17 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -11,12 +11,14 @@ importedOverlays ( final: prev: let - pkgFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - stable = inputs.nixpkgs-stable; + nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + pkgFrom = flake: pkgFrom' flake "default"; + pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; in { conduwuit = - inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; + pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; } ) -] +] \ No newline at end of file diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 2ff8b4c..5f3ea62 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] + env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-30T17:26:39Z" - mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] + lastmodified: "2025-03-08T21:05:07Z" + mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/services/searx.yaml b/secrets/services/searx.yaml new file mode 100644 index 0000000..46df77e --- /dev/null +++ b/secrets/services/searx.yaml @@ -0,0 +1,31 @@ +searx: + env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD + Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP + WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR + d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg + XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx + cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy + OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3 + ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL + W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-08T20:52:15Z" + mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4