diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2e8073c..b8a1d2e 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -13,6 +13,7 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} + continue-on-error: true steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -68,6 +69,7 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} + continue-on-error: true steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 72fc72c..1fb55fd 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -9,30 +9,45 @@ on: jobs: build-packages: strategy: - fail-fast: false matrix: package: + - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr + - github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact - ${{ inputs.package }} os: - ubuntu-latest - - ubuntu-24.04-arm - macos-latest - - macos-13 + - ubuntu-24.04-arm runs-on: ${{ matrix.os }} + continue-on-error: true steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 with: name: cything authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' useDaemon: false installCommand: nix profile install nixpkgs#cachix - + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5.1.0 + with: + # restore and save a cache using this key + primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}- + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: nix-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-last-accessed: 86400 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + # always save the cache + save-always: true - run: nix build -L ${{ matrix.package }} diff --git a/.sops.yaml b/.sops.yaml index 6276e76..96b61cd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,9 +118,3 @@ creation_rules: - age: - *chunk - *cy - - - path_regex: secrets/services/searx.yaml - key_groups: - - age: - - *chunk - - *cy \ No newline at end of file diff --git a/flake.lock b/flake.lock index 87450d3..e4d276f 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741021986, - "narHash": "sha256-VX8M6arxQU05mipDmLjk0TJVRNzu+VQx3w1gVmyPkO4=", + "lastModified": 1739936662, + "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", "owner": "ipetkov", "repo": "crane", - "rev": "5245473d6638a96da540e44372da96eebb97735a", + "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", "type": "github" }, "original": { @@ -204,6 +204,27 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "owner": "nix-community", + "repo": "disko", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -327,11 +348,11 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "type": "github" }, "original": { @@ -472,11 +493,11 @@ ] }, "locked": { - "lastModified": 1741056285, - "narHash": "sha256-/JKDMVqq8PIqcGonBVKbKq1SooV3kzGmv+cp3rKAgPA=", + "lastModified": 1740606115, + "narHash": "sha256-GKe3vrIWcei4gSTckEzHr5Zf/g9NSofmsAnbkNYU+lM=", "owner": "nix-community", "repo": "home-manager", - "rev": "70fbbf05a5594b0a72124ab211bff1d502c89e3f", + "rev": "6be185eb76295e7562f5bf2da42afe374b8beb15", "type": "github" }, "original": { @@ -533,11 +554,11 @@ ] }, "locked": { - "lastModified": 1741001137, - "narHash": "sha256-XxWib5eI3rgMPA4VzDHOx89WT76IN/ZNb+votz5gakw=", + "lastModified": 1740440383, + "narHash": "sha256-w8ixbqOGrVWMQZFFs4uAwZpuwuGMzFoKjocMFxTR5Ts=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "cc9786aa8158437facead0d8e21ac0c03be91dc8", + "rev": "6321bc060d757c137c1fbae2057c7e941483878f", "type": "github" }, "original": { @@ -593,11 +614,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1741082941, - "narHash": "sha256-mxMbmNSXLZ0G+4uPEXCodjRJffqh/Jq4X5pgFuQFZB0=", + "lastModified": 1740601249, + "narHash": "sha256-ruwhgVCS3c2kWhNVlgfNX/y4zAtonPqfUMJvC6Ha254=", "ref": "refs/heads/main", - "rev": "ca89e431a31527a014bfd0d529da2a8099027a5f", - "revCount": 17577, + "rev": "5d055896bccdad6ebb135ebf7cb80eafb217ad67", + "revCount": 17508, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -659,6 +680,66 @@ "type": "github" } }, + "niri": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs" + ], + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1740592142, + "narHash": "sha256-v+Qg8V0UHkXCDSgqKowqMyJR2LGKIJGA0HbwCRgZN/0=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "259a8cc3e351d0a34063ae857d3c730b1ae4ad56", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1740117926, + "narHash": "sha256-mTTHA0RAaQcdYe+9A3Jx77cmmyLFHmRoZdd8RpWa+m8=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "b94a5db8790339cf9134873d8b490be69e02ac71", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.02", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1740587638, + "narHash": "sha256-/BQ67VCF0ZpqCvxmVR18HdnqFy81ABWaKjz1FFwL65g=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "693d9355386c6217bb9cca5cb30c2b4248f19d8c", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix": { "inputs": { "flake-compat": [ @@ -738,26 +819,6 @@ "type": "github" } }, - "nix-index-database": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1740886574, - "narHash": "sha256-jN6kJ41B6jUVDTebIWeebTvrKP6YiLd1/wMej4uq4Sk=", - "owner": "nix-community", - "repo": "nix-index-database", - "rev": "26a0f969549cf4d56f6e9046b9e0418b3f3b94a5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-index-database", - "type": "github" - } - }, "nix-ld": { "inputs": { "nixpkgs": [ @@ -765,11 +826,11 @@ ] }, "locked": { - "lastModified": 1740995332, - "narHash": "sha256-SELnZZg9LOhw+kz60yEAr3l1plu70rBLInMRszLHtuc=", + "lastModified": 1740390822, + "narHash": "sha256-UnMANgi2Zf4gf4p49cXM4fDRrPEpN6oJJMXT4Z2BW/U=", "owner": "nix-community", "repo": "nix-ld", - "rev": "090c2003e3faa739e5a94e0a3cd782a1ccc40964", + "rev": "4c86e9f94553bceba004c48be6f2691971d2a6f7", "type": "github" }, "original": { @@ -860,11 +921,27 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1740932899, - "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { + "locked": { + "lastModified": 1740463929, + "narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", + "rev": "5d7db4668d7a0c6cc5fc8cf6ef33b008b2b1ed8b", "type": "github" }, "original": { @@ -924,11 +1001,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741073343, - "narHash": "sha256-8qmLpDUmaiBGLZkFfVyK5/T5fyTXXGdzCRdqAtO0gf4=", + "lastModified": 1740557110, + "narHash": "sha256-D2waFyJkaepTchTrGVAIfCd/YP+37bgXWg9cXwuxuT0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "72bccb2960235fd31de456566789c324a251f297", + "rev": "b89a821293c3872992137114d0db9a791243a41b", "type": "github" }, "original": { @@ -949,11 +1026,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741098523, - "narHash": "sha256-gXDSXDr6tAb+JgxGMvcEjKC9YO8tVOd8hMMZHJLyQ6Q=", + "lastModified": 1740520037, + "narHash": "sha256-TpZMYjOre+6GhKDVHFwoW2iBWqpNQppQTuqIAo+OBV8=", "owner": "nix-community", "repo": "nixvim", - "rev": "03065fd4708bfdf47dd541d655392a60daa25ded", + "rev": "6f8d8f7aee84f377f52c8bb58385015f9168a666", "type": "github" }, "original": { @@ -1001,19 +1078,26 @@ "type": "github" } }, - "pixelflasher": { + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1741302870, - "narHash": "sha256-7AywZ1b3PaqolAZ0vQmddD6Br4o0a7ucdtE0/W3rnaM=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "5ef8b274bb7f939104295a22cec3382268ed73cc", + "lastModified": 1740569341, + "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", "type": "github" }, "original": { - "owner": "cything", - "ref": "pixelflasher", - "repo": "nixpkgs", + "owner": "nix-community", + "repo": "plasma-manager", "type": "github" } }, @@ -1043,14 +1127,15 @@ "nixpkgs": [ "lanzaboote", "nixpkgs" - ] + ], + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -1080,6 +1165,7 @@ "inputs": { "conduwuit": "conduwuit", "crane": "crane_2", + "disko": "disko", "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "flake-utils": "flake-utils", @@ -1088,13 +1174,13 @@ "lix": "lix", "lix-module": "lix-module", "nil": "nil", - "nix-index-database": "nix-index-database", + "niri": "niri", "nix-ld": "nix-ld", "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs-stable": "nixpkgs-stable_4", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", - "pixelflasher": "pixelflasher", + "plasma-manager": "plasma-manager", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "treefmt": "treefmt", @@ -1125,11 +1211,11 @@ ] }, "locked": { - "lastModified": 1741055476, - "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", + "lastModified": 1740536993, + "narHash": "sha256-3YI+1ONZ28chM19Hep9Z+TSyiybYf/1VC/gwImVZKUw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "aefb7017d710f150970299685e8d8b549d653649", + "rev": "9f05c0655de9dc2c7b60b689447c48abb9190bf8", "type": "github" }, "original": { @@ -1145,11 +1231,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { @@ -1221,17 +1307,49 @@ ] }, "locked": { - "lastModified": 1740924345, - "narHash": "sha256-TO8Ttb+7PeKBkUe8vUrBt6Vxg3RMeQp4ARmlWQfcWrs=", + "lastModified": 1740534654, + "narHash": "sha256-NYHxfMVMy1ehRTlkinUdAG+iw7mWyWNcSRcRpCgTDVk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", + "rev": "4283e3e25d5c82e96fe3b575175b33abe66c5031", "type": "github" }, "original": { "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", + "type": "github" + } + }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1739246919, + "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.5.1", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1739246919, + "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", "type": "github" } } diff --git a/flake.nix b/flake.nix index cdb829e..710d889 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko/latest"; + inputs.nixpkgs.follows = "nixpkgs"; + }; lanzaboote = { url = "github:nix-community/lanzaboote/master"; inputs.nixpkgs.follows = "nixpkgs"; @@ -33,6 +37,11 @@ url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; + niri = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs-stable.follows = "nixpkgs"; + }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -61,6 +70,11 @@ url = "github:nix-community/nix-ld"; inputs.nixpkgs.follows = "nixpkgs"; }; + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; nil = { url = "github:oxalica/nil"; inputs.nixpkgs.follows = "nixpkgs"; @@ -68,17 +82,11 @@ inputs.flake-utils.follows = "flake-utils"; }; vscode-extensions = { - # https://github.com/nix-community/nix-vscode-extensions/issues/102 - url = "github:nix-community/nix-vscode-extensions/1fc267a10f46200e32f0850caa396bd1ba4ba08e"; + url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; inputs.flake-compat.follows = "flake-compat"; }; - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -93,11 +101,13 @@ nixConfig = { extra-substituters = [ + "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" "https://cything.cachix.org" ]; extra-trusted-public-keys = [ + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" @@ -110,6 +120,7 @@ self, nixpkgs, home-manager, + disko, flake-parts, ... }@inputs: @@ -150,6 +161,7 @@ config.allowUnfree = true; system = "x86_64-linux"; overlays = [ + inputs.niri.overlays.niri inputs.rust-overlay.overlays.default inputs.vscode-extensions.overlays.default ] ++ (import ./overlay { inherit inputs; }); @@ -168,9 +180,10 @@ nixpkgs = { inherit pkgs; }; } ./hosts/ytnix - ./modules inputs.sops-nix.nixosModules.sops + ./modules inputs.lanzaboote.nixosModules.lanzaboote + inputs.niri.nixosModules.niri inputs.lix-module.nixosModules.default inputs.nix-ld.nixosModules.nix-ld ]; @@ -182,9 +195,8 @@ nixpkgs = { inherit pkgs; }; } ./hosts/chunk - ./modules inputs.sops-nix.nixosModules.sops - inputs.lix-module.nixosModules.default + ./modules ]; }; }; @@ -199,7 +211,8 @@ modules = [ ./home/yt/ytnix.nix inputs.nixvim.homeManagerModules.nixvim - inputs.nix-index-database.hmModules.nix-index + inputs.niri.homeModules.config + inputs.plasma-manager.homeManagerModules.plasma-manager ]; }; diff --git a/home/codium.nix b/home/codium.nix index 2d7bb9d..f6c9a04 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,189 +10,36 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; - [ + with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme rust-lang.rust-analyzer shd101wyy.markdown-preview-enhanced - alefragnani.bookmarks - tomrijndorp.find-it-faster - streetsidesoftware.code-spell-checker - emilast.logfilehighlighter + fwcd.kotlin ]; - userSettings = - let - vimCommonKeyBindings = [ - { - "before" = [ "C-a" ]; - "commands" = [ "cursorHome" ]; - } - { - "before" = [ "C-e" ]; - "commands" = [ "cursorEnd" ]; - } - ]; - in - { - "workbench.colorTheme" = "GitHub Dark Default"; - "workbench.startupEditor" = "none"; - "workbench.enableExperiments" = false; - "files.autoSave" = "onFocusChange"; - "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 15; - "editor.minimap.enabled" = false; - "window.zoomLevel" = 0.5; - "security.promptForLocalFileProtocolHandling" = false; - "security.promptForRemoteFileProtocolHandling" = false; - "explorer.confirmDelete" = false; - "explorer.confirmDragAndDrop" = false; - "editor.acceptSuggestionOnEnter" = "off"; - "editor.acceptSuggestionOnCommitCharacter" = false; - "git.openRepositoryInParentFolders" = "never"; - "git.ignoreLimitWarning" = true; - "git.blame.editorDecoration.enabled" = true; - "extensions.ignoreRecommendations" = true; - "telemetry.enableTelemetry" = false; - "telemetry.telemetryLevel" = "off"; - "window.titleBarStyle" = "custom"; + userSettings = { + "workbench.colorTheme" = "GitHub Dark Default"; + "files.autoSave" = "afterDelay"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 16; + "editor.wordWrap" = "on"; - # terminal stuff - "terminal.integrated.cursorBlinking" = true; - "terminal.integrated.cursorStyle" = "line"; - "terminal.integrated.customGlyphs" = false; - "terminal.integrated.env.linux" = { - # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 - FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; - }; - # don't let the workbench handle terminal keys like ctrl+n and friends - "terminal.integrated.sendKeybindingsToShell" = true; - "terminal.integrated.allowChords" = false; - - "markdown-preview-enhanced.previewTheme" = "github-dark.css"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "bookmarks.saveBookmarksInProject" = true; - - "cSpell.enabledFileTypes" = { - "markdown" = true; - "*" = false; - }; - - # vim stuff - "vim.leader" = ","; - "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ - { - "before" = [ ";" ]; - "after" = [ ":" ]; - "silent" = true; - } - { - "before" = [ - "" - "m" - ]; - "commands" = [ "bookmarks.toggle" ]; - } - { - "before" = [ - "" - "l" - ]; - "commands" = [ "bookmarks.toggleLabeled" ]; - } - { - "before" = [ - "" - "b" - ]; - "commands" = [ "bookmarks.list" ]; - } - { - "before" = [ - "" - "s" - ]; - "commands" = [ "workbench.action.toggleSidebarVisibility" ]; - } - { - "before" = [ - "" - "f" - "f" - ]; - "commands" = [ "find-it-faster.findFiles" ]; - } - { - "before" = [ - "" - "f" - "g" - ]; - "commands" = [ "find-it-faster.findWithinFiles" ]; - } - { - "before" = [ - "" - "f" - "t" - ]; - "commands" = [ "find-it-faster.findWithinFilesWithType" ]; - } - # "gd" for definitions is by default - { - "before" = [ - "g" - "r" - ]; - "commands" = [ "editor.action.goToReferences" ]; - } - # the default is weird when you need to go back within a file - { - "before" = [ "C-o" ]; - "commands" = [ "workbench.action.navigateBack" ]; - } - { - "before" = [ "C-i" ]; - "commands" = [ "workbench.action.navigateForward" ]; - } - # insert line without leaving normal mode - { - "before" = [ - "" - "o" - ]; - "commands" = [ "editor.action.insertLineAfter" ]; - } - { - "before" = [ - "" - "O" - ]; - "commands" = [ "editor.action.insertLineBefore" ]; - } - ]; - "vim.insertModeKeyBindings" = vimCommonKeyBindings ++ [ - { - "before" = [ "C-k" ]; - "commands" = [ "acceptSelectedSuggestion" ]; - } - ]; - "vim.visualModeKeyBindings" = vimCommonKeyBindings ++ [ - { - "before" = [ ">" ]; - "commands" = [ "editor.action.indentLines" ]; - } - { - "before" = [ "<" ]; - "commands" = [ "editor.action.outdentLines" ]; - } - ]; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; + # vim mode settings + "vim.handleKeys" = { + "" = false; # file tree toggle }; + "vim.normalModeKeyBindings" = [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + ]; + "workbench.startupEditor" = "none"; + }; }; }; } diff --git a/home/fish.nix b/home/fish.nix new file mode 100644 index 0000000..3bb9d84 --- /dev/null +++ b/home/fish.nix @@ -0,0 +1,80 @@ +{ ... }: +{ + programs.fish = { + enable = true; + shellAliases = { + "vi" = "nvim"; + "vim" = "nvim"; + "t" = "tmux"; + "tl" = "tmux list-sessions"; + "ta" = "tmux new-session -A -s"; + "se" = "sudoedit"; + "s" = "sudo"; + "nrs" = "sudo nixos-rebuild switch --flake ."; + "nrt" = "sudo nixos-rebuild test --flake ."; + "hrs" = "home-manager switch --flake ."; + "g" = "git"; + "ga" = "git add"; + "gaa" = "git add --all"; + "gb" = "git branch"; + "gc" = "git commit --verbose"; + "gcmsg" = "git commit --message"; + "gd" = "git diff"; + "gdca" = "git diff --cached"; + "gds" = "git diff --staged"; + "gl" = "git log --stat"; + "glg" = "git log --graph"; + "glga" = "git log --graph --decorate --all"; + "glo" = "git log --oneline --decorate"; + "gp" = "git push"; + "gr" = "git remote"; + "gra" = "git remote add"; + "grv" = "git remote --verbose"; + "gs" = "git status --short"; + "gss" = "git status"; + }; + + shellInit = '' + set fish_greeting + ''; + + functions = { + fish_prompt = '' + set -l last_status $status + set -l normal (set_color normal) + set -l status_color (set_color brgreen) + set -l cwd_color (set_color $fish_color_cwd) + set -l vcs_color (set_color brpurple) + set -l prompt_status "" + + # Since we display the prompt on a new line allow the directory names to be longer. + set -q fish_prompt_pwd_dir_length + or set -lx fish_prompt_pwd_dir_length 0 + + # Color the prompt differently when we're root + set -l suffix '❯' + if functions -q fish_is_root_user; and fish_is_root_user + if set -q fish_color_cwd_root + set cwd_color (set_color $fish_color_cwd_root) + end + set suffix '#' + end + + # Color the prompt in red on error + if test $last_status -ne 0 + set status_color (set_color $fish_color_error) + set prompt_status $status_color "[" $last_status "]" $normal + end + + echo -s (prompt_login) ' ' $cwd_color (prompt_pwd) $vcs_color (fish_vcs_prompt) $normal ' ' $prompt_status + echo -n -s $status_color $suffix ' ' $normal + ''; + + }; + }; + + programs.fzf.enableFishIntegration = true; + programs.zoxide.enableFishIntegration = true; + programs.eza.enableFishIntegration = true; + programs.nix-index.enableFishIntegration = true; +} diff --git a/home/foot.nix b/home/foot.nix new file mode 100644 index 0000000..ce7cb0c --- /dev/null +++ b/home/foot.nix @@ -0,0 +1,55 @@ +{ ... }: +{ + programs.foot = { + enable = true; + settings = { + main = { + font = "IBM Plex Mono:size=8"; + dpi-aware = "yes"; + }; + bell = { + urgent = "no"; + notify = "no"; + visual = "no"; + }; + cursor = { + style = "beam"; + blink = "yes"; + blink-rate = 500; + beam-thickness = 1.5; + color = "161821 c6c8d1"; + }; + mouse = { + hide-when-typing = "yes"; + }; + colors = { + foreground = "c6c8d1"; + background = "161821"; + regular0 = "1e2132"; + regular1 = "e27878"; + regular2 = "b4be82"; + regular3 = "e2a478"; + regular4 = "84a0c6"; + regular5 = "a093c7"; + regular6 = "89b8c2"; + regular7 = "c6c8d1"; + bright0 = "6b7089"; + bright1 = "e98989"; + bright2 = "c0ca8e"; + bright3 = "e9b189"; + bright4 = "91acd1"; + bright5 = "ada0d3"; + bright6 = "95c4ce"; + bright7 = "d2d4de"; + selection-foreground = "161821"; + selection-background = "c6c8d1"; + }; + + key-bindings = { + clipboard-copy = "Control+Shift+c XF86Copy"; + clipboard-paste = "Control+Shift+v XF86Paste"; + quit = "Control+q"; + }; + }; + }; +} diff --git a/home/ghostty.nix b/home/ghostty.nix new file mode 100644 index 0000000..1c592f5 --- /dev/null +++ b/home/ghostty.nix @@ -0,0 +1,20 @@ +{ ... }: +{ + programs.ghostty = { + enable = true; + enableZshIntegration = true; + clearDefaultKeybinds = true; + settings = { + theme = "iceberg-dark"; + font-family = "IBM Plex Mono"; + font-size = "12"; + window-decoration = false; + confirm-close-surface = false; + keybind = [ + "ctrl+q=quit" + "ctrl+shift+c=copy_to_clipboard" + "ctrl+shift+v=paste_from_clipboard" + ]; + }; + }; +} diff --git a/home/kitty.nix b/home/kitty.nix index ea7047f..463b10a 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -71,5 +71,5 @@ }; }; - # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( + programs.zsh.shellAliases."ssh" = "kitten ssh"; } diff --git a/home/niri/default.nix b/home/niri/default.nix new file mode 100644 index 0000000..f1c8172 --- /dev/null +++ b/home/niri/default.nix @@ -0,0 +1,210 @@ +{ + config, + pkgs, + lib, + ... +}: +let + wallpaper = "${./nixos-c-book.png}"; + terminal = "kitty"; + menu = [ + "fuzzel" + "-w" + "100" + ]; + browser = "librewolf"; + file-manager = "thunar"; + clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; +in +{ + programs.niri.settings = { + prefer-no-csd = true; + input.keyboard.xkb.options = "ctrl:nocaps"; + spawn-at-startup = [ + { command = [ "${lib.getExe pkgs.waybar}" ]; } + { + command = [ + "${lib.getExe pkgs.swaybg}" + "-m" + "fill" + "-i" + wallpaper + ]; + } + { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } + { + command = [ + "wl-paste" + "--watch" + "cliphist" + "store" + ]; + } + ]; + hotkey-overlay.skip-at-startup = true; + + input = { + touchpad = { + tap = true; + dwt = true; + natural-scroll = true; + click-method = "clickfinger"; + }; + warp-mouse-to-focus = false; + focus-follows-mouse.enable = false; + }; + + environment = { + DISPLAY = ":0"; # for xwayland-satellite + ANKI_WAYLAND = "1"; + }; + + layout = { + gaps = 0; + focus-ring = { + width = 4; + active.color = "#4c7899"; + inactive.color = "#333333"; + }; + always-center-single-column = true; + border.enable = false; + }; + + window-rules = [ + { + matches = [ + { app-id = "mpv"; } + { app-id = "Bitwarden"; } + { + app-id = "ghidra-Ghidra"; + # pop-up windows + title = "^win(.*)"; + } + ]; + open-floating = true; + } + { + matches = [ + { + app-id = "anki"; + title = "Add"; + } + ]; + default-column-width.proportion = .25; + } + { + matches = [ + { app-id = "foot"; } + { + app-id = "anki"; + title = "^Browse"; + } + { app-id = "com.mitchellh.ghostt"; } + { app-id = "org.kde.okular"; } + { app-id = "kitty"; } + { app-id = "VSCodium"; } + ]; + default-column-width.proportion = .5; + } + { + matches = [ { app-id = "librewolf"; } ]; + default-column-width.proportion = .75; + } + ]; + }; + + programs.niri.settings.binds = + with config.lib.niri.actions; + let + sh = spawn "sh" "-c"; + in + { + "Mod+Return".action = spawn terminal; + "Mod+D".action = spawn menu; + + "Mod+Shift+E".action = quit; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + "Mod+Shift+Equal".action = set-window-height "+10%"; + "Mod+Shift+Minus".action = set-window-height "-10%"; + "Super+Alt+L".action = spawn "swaylock"; + "Mod+Ctrl+Q".action = close-window; + "Mod+H".action = focus-column-left; + "Mod+L".action = focus-column-right; + "Mod+K".action = focus-window-up; + "Mod+J".action = focus-window-down; + "Mod+Shift+H".action = move-column-left; + "Mod+Shift+L".action = move-column-right; + "Mod+Shift+K".action = move-window-up; + "Mod+Shift+J".action = move-window-down; + "Mod+U".action = focus-workspace-up; + "Mod+I".action = focus-workspace-down; + "Mod+Shift+U".action = move-window-to-workspace-up; + "Mod+Shift+I".action = move-window-to-workspace-down; + "Mod+W".action = maximize-column; + "Mod+E".action = set-column-width "50%"; + "Mod+R".action = set-column-width "75%"; + "Mod+Q".action = set-column-width "25%"; + "Mod+C".action = center-column; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Space".action = switch-focus-between-floating-and-tiling; + "Print".action = screenshot; + "Alt+Print".action = screenshot-window; + "Ctrl+Print".action = screenshot-screen; + # "Mod+R".action = switch-preset-column-width; + "Mod+Shift+R".action = switch-preset-window-height; + "Mod+Ctrl+R".action = reset-window-height; + "Mod+F".action = fullscreen-window; + "Mod+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-column-right; + }; + "Mod+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-column-left; + }; + "Mod+Shift+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-workspace-down; + }; + "Mod+Shift+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-workspace-up; + }; + + "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; + "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; + "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+"; + "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+Shift+1".action = move-column-to-workspace 1; + "Mod+Shift+2".action = move-column-to-workspace 2; + "Mod+Shift+3".action = move-column-to-workspace 3; + "Mod+Shift+4".action = move-column-to-workspace 4; + "Mod+Shift+5".action = move-column-to-workspace 5; + "Mod+Shift+6".action = move-column-to-workspace 6; + "Mod+Shift+7".action = move-column-to-workspace 7; + "Mod+Shift+8".action = move-column-to-workspace 8; + "Mod+Shift+9".action = move-column-to-workspace 9; + + "Mod+Alt+B".action = spawn browser; + "Mod+Alt+A".action = spawn "anki"; + "Mod+Alt+F".action = spawn file-manager; + "Mod+Alt+E".action = spawn "evolution"; + "Mod+P".action = spawn "bitwarden"; + "Mod+Comma".action = sh clipboard; + + "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1"; + "MouseBack".action = spawn "sh" "${./scripts/remote.sh}"; + }; +} diff --git a/home/niri/nixos-c-book.png b/home/niri/nixos-c-book.png new file mode 100644 index 0000000..96abf8f Binary files /dev/null and b/home/niri/nixos-c-book.png differ diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh new file mode 100755 index 0000000..0ef7c0d --- /dev/null +++ b/home/niri/scripts/remote.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +active_window=$(niri msg --json focused-window |jq -r .app_id) + +if [ "$1" = "btn1" ]; then + if [ "$active_window" = "anki" ]; then + wtype " " + elif [ "$active_window" = "kitty" ]; then + wtype -M ctrl -M shift -k c -m ctrl -m shift + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P right -p right -m alt + else + wtype -M ctrl -k c -m ctrl + fi +else + if [ "$active_window" = "anki" ]; then + wtype "1" + elif [ "$active_window" = "kitty" ]; then + wtype -M ctrl -M shift -k v -m ctrl + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P left -p left -m alt + else + wtype -M ctrl -k v -m ctrl + fi +fi diff --git a/home/rofi/config.rasi b/home/rofi/config.rasi new file mode 100644 index 0000000..ae76aeb --- /dev/null +++ b/home/rofi/config.rasi @@ -0,0 +1,156 @@ +configuration { + modes: "drun,run,emoji:rofimoji,clipboard:/home/yt/.config/rofi/scripts/cliphist.sh"; + font: "hack 12"; +/* location: 0;*/ +/* yoffset: 0;*/ +/* xoffset: 0;*/ +/* fixed-num-lines: true;*/ + show-icons: true; + terminal: "kitty"; +/* ssh-client: "ssh";*/ +/* ssh-command: "{terminal} -e {ssh-client} {host} [-p {port}]";*/ +/* run-command: "{cmd}";*/ +/* run-list-command: "";*/ +/* run-shell-command: "{terminal} -e {cmd}";*/ +/* window-command: "wmctrl -i -R {window}";*/ +/* window-match-fields: "all";*/ + icon-theme: "Papirus"; +/* drun-match-fields: "name,generic,exec,categories,keywords";*/ +/* drun-categories: ;*/ +/* drun-show-actions: false;*/ +/* drun-display-format: "{name} [({generic})]";*/ +/* drun-url-launcher: "xdg-open";*/ +/* disable-history: false;*/ +/* ignored-prefixes: "";*/ +/* sort: false;*/ +/* sorting-method: "normal";*/ +/* case-sensitive: false;*/ +/* cycle: true;*/ +/* sidebar-mode: false;*/ +/* hover-select: false;*/ +/* eh: 1;*/ +/* auto-select: false;*/ +/* parse-hosts: false;*/ +/* parse-known-hosts: true;*/ + combi-modes: "window,run,calc,filebrowser"; +/* matching: "normal";*/ +/* tokenize: true;*/ +/* m: "-5";*/ +/* filter: ;*/ +/* dpi: -1;*/ +/* threads: 0;*/ +/* scroll-method: 0;*/ +/* window-format: "{w} {c} {t}";*/ +/* click-to-exit: true;*/ +/* global-kb: false;*/ +/* max-history-size: 25;*/ +/* combi-hide-mode-prefix: false;*/ +/* combi-display-format: "{mode} {text}";*/ +/* matching-negate-char: '-' /* unsupported */;*/ +/* cache-dir: ;*/ +/* window-thumbnail: false;*/ +/* drun-use-desktop-cache: false;*/ +/* drun-reload-desktop-cache: false;*/ +/* normalize-match: false;*/ +/* steal-focus: false;*/ +/* application-fallback-icon: ;*/ +/* refilter-timeout-limit: 300;*/ +/* xserver-i300-workaround: false;*/ +/* completer-mode: "recursivebrowser";*/ +/* pid: "/run/user/1000/rofi.pid";*/ +/* display-window: ;*/ +/* display-run: ;*/ +/* display-ssh: ;*/ +/* display-drun: ;*/ +/* display-combi: ;*/ +/* display-keys: ;*/ +/* display-filebrowser: ;*/ +/* display-recursivebrowser: ;*/ +/* kb-primary-paste: "Control+V,Shift+Insert";*/ +/* kb-secondary-paste: "Control+v,Insert";*/ +/* kb-secondary-copy: "Control+c";*/ +/* kb-clear-line: "Control+w";*/ +/* kb-move-front: "Control+a";*/ +/* kb-move-end: "Control+e";*/ +/* kb-move-word-back: "Alt+b,Control+Left";*/ +/* kb-move-word-forward: "Alt+f,Control+Right";*/ +/* kb-move-char-back: "Left,Control+b";*/ +/* kb-move-char-forward: "Right,Control+f";*/ +/* kb-remove-word-back: "Control+Alt+h,Control+BackSpace";*/ +/* kb-remove-word-forward: "Control+Alt+d";*/ +/* kb-remove-char-forward: "Delete,Control+d";*/ +/* kb-remove-char-back: "BackSpace,Shift+BackSpace,Control+h";*/ +/* kb-remove-to-eol: "Control+k";*/ +/* kb-remove-to-sol: "Control+u";*/ +/* kb-accept-entry: "Control+j,Control+m,Return,KP_Enter";*/ +/* kb-accept-custom: "Control+Return";*/ +/* kb-accept-custom-alt: "Control+Shift+Return";*/ +/* kb-accept-alt: "Shift+Return";*/ +/* kb-delete-entry: "Shift+Delete";*/ +/* kb-mode-next: "Shift+Right,Control+Tab";*/ +/* kb-mode-previous: "Shift+Left,Control+ISO_Left_Tab";*/ +/* kb-mode-complete: "Control+l";*/ +/* kb-row-left: "Control+Page_Up";*/ +/* kb-row-right: "Control+Page_Down";*/ +/* kb-row-up: "Up,Control+p";*/ +/* kb-row-down: "Down,Control+n";*/ +/* kb-row-tab: "";*/ +/* kb-element-next: "Tab";*/ +/* kb-element-prev: "ISO_Left_Tab";*/ +/* kb-page-prev: "Page_Up";*/ +/* kb-page-next: "Page_Down";*/ +/* kb-row-first: "Home,KP_Home";*/ +/* kb-row-last: "End,KP_End";*/ +/* kb-row-select: "Control+space";*/ +/* kb-screenshot: "Alt+S";*/ +/* kb-ellipsize: "Alt+period";*/ +/* kb-toggle-case-sensitivity: "grave,dead_grave";*/ +/* kb-toggle-sort: "Alt+grave";*/ +/* kb-cancel: "Escape,Control+g,Control+bracketleft";*/ +/* kb-custom-1: "Alt+1";*/ +/* kb-custom-2: "Alt+2";*/ +/* kb-custom-3: "Alt+3";*/ +/* kb-custom-4: "Alt+4";*/ +/* kb-custom-5: "Alt+5";*/ +/* kb-custom-6: "Alt+6";*/ +/* kb-custom-7: "Alt+7";*/ +/* kb-custom-8: "Alt+8";*/ +/* kb-custom-9: "Alt+9";*/ +/* kb-custom-10: "Alt+0";*/ +/* kb-custom-11: "Alt+exclam";*/ +/* kb-custom-12: "Alt+at";*/ +/* kb-custom-13: "Alt+numbersign";*/ +/* kb-custom-14: "Alt+dollar";*/ +/* kb-custom-15: "Alt+percent";*/ +/* kb-custom-16: "Alt+dead_circumflex";*/ +/* kb-custom-17: "Alt+ampersand";*/ +/* kb-custom-18: "Alt+asterisk";*/ +/* kb-custom-19: "Alt+parenleft";*/ +/* kb-select-1: "Super+1";*/ +/* kb-select-2: "Super+2";*/ +/* kb-select-3: "Super+3";*/ +/* kb-select-4: "Super+4";*/ +/* kb-select-5: "Super+5";*/ +/* kb-select-6: "Super+6";*/ +/* kb-select-7: "Super+7";*/ +/* kb-select-8: "Super+8";*/ +/* kb-select-9: "Super+9";*/ +/* kb-select-10: "Super+0";*/ +/* kb-entry-history-up: "Control+Up";*/ +/* kb-entry-history-down: "Control+Down";*/ +/* ml-row-left: "ScrollLeft";*/ +/* ml-row-right: "ScrollRight";*/ +/* ml-row-up: "ScrollUp";*/ +/* ml-row-down: "ScrollDown";*/ +/* me-select-entry: "MousePrimary";*/ +/* me-accept-entry: "MouseDPrimary";*/ +/* me-accept-custom: "Control+MouseDPrimary";*/ + timeout { + action: "kb-cancel"; + delay: 0; + } + filebrowser { + directories-first: true; + sorting-method: "name"; + } +} diff --git a/home/rofi/scripts/cliphist.sh b/home/rofi/scripts/cliphist.sh new file mode 100755 index 0000000..d11fadf --- /dev/null +++ b/home/rofi/scripts/cliphist.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +tmp_dir="/tmp/cliphist" +rm -rf "$tmp_dir" + +if [[ -n "$1" ]]; then + cliphist decode <<<"$1" | wl-copy + exit +fi + +mkdir -p "$tmp_dir" + +read -r -d '' prog <$tmp_dir/"grp[1]"."grp[3]) + print \$0"\0icon\x1f$tmp_dir/"grp[1]"."grp[3] + next +} +1 +EOF +cliphist list | gawk "$prog" diff --git a/home/sway/config b/home/sway/config new file mode 100644 index 0000000..1005b61 --- /dev/null +++ b/home/sway/config @@ -0,0 +1,156 @@ +set $mod Mod4 +set $alt Mod1 +set $left h +set $down j +set $up k +set $right l + +set $term $HOME/.config/sway/scripts/terminal.sh +set $menu rofi -show run +set $screenshot grim -g "$(slurp)" - | wl-copy +set $browser librewolf +set $clipboard rofi -show clipboard -show-icons +set $emoji rofi -show emoji + +set $font_family DejaVu Sans Mono +set $font_size 11 +set $bg #000000 +set $fg #ffffff +set $fgi #888888 + +set $wallpaper $HOME/wallpapers/nixos-c-book-large.png +set $lock swaylock -f -i $wallpaper +output * bg $wallpaper fill + +floating_modifier $mod normal +default_border pixel +smart_borders on +focus_follows_mouse always +# mouse_warping container + +bindsym $mod+Return exec $term +bindsym $mod+Ctrl+q kill +bindsym $mod+d exec $menu +bindsym $mod+Shift+c reload +bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' +bindsym Print exec $screenshot +bindsym $mod+comma exec $clipboard +bindsym $mod+period exec $emoji + +bindsym $mod+$alt+b exec $browser +bindsym $mod+$alt+a exec anki +bindsym $mod+$alt+f exec thunar +bindsym $mod+$alt+e exec evolution +bindsym $mod+p exec bitwarden +bindsym $mod+$alt+m exec element-desktop + +bindsym $mod+$left focus left +bindsym $mod+$down focus down +bindsym $mod+$up focus up +bindsym $mod+$right focus right + +bindsym $mod+Shift+$left move left +bindsym $mod+Shift+$down move down +bindsym $mod+Shift+$up move up +bindsym $mod+Shift+$right move right + +bindsym $mod+1 workspace number 1 +bindsym $mod+2 workspace number 2 +bindsym $mod+3 workspace number 3 +bindsym $mod+4 workspace number 4 +bindsym $mod+5 workspace number 5 +bindsym $mod+6 workspace number 6 +bindsym $mod+7 workspace number 7 +bindsym $mod+8 workspace number 8 +bindsym $mod+9 workspace number 9 +bindsym $mod+0 workspace number 10 + +bindsym $mod+Shift+1 move container to workspace number 1 +bindsym $mod+Shift+2 move container to workspace number 2 +bindsym $mod+Shift+3 move container to workspace number 3 +bindsym $mod+Shift+4 move container to workspace number 4 +bindsym $mod+Shift+5 move container to workspace number 5 +bindsym $mod+Shift+6 move container to workspace number 6 +bindsym $mod+Shift+7 move container to workspace number 7 +bindsym $mod+Shift+8 move container to workspace number 8 +bindsym $mod+Shift+9 move container to workspace number 9 +bindsym $mod+Shift+0 move container to workspace number 10 + +# mouse side buttons +bindsym --whole-window BTN_EXTRA exec ~/.config/sway/scripts/remote.sh btn1 +bindsym --whole-window BTN_SIDE exec ~/.config/sway/scripts/remote.sh + +bindsym $mod+b splith +bindsym $mod+v splitv + +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +bindsym $mod+e layout toggle split + +bindsym $mod+f fullscreen + +bindsym $mod+Shift+space floating toggle + +bindsym $mod+space focus mode_toggle + +bindsym $mod+a focus parent +bindsym $mod+Shift+a focus child + +bindsym $mod+Shift+minus move scratchpad +bindsym $mod+minus scratchpad show + +mode "resize" { + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" + +# keys to adjust volue and brightness +bindsym --locked XF86AudioMute exec "amixer -q sset Master,0 toggle" +bindsym --locked XF86AudioLowerVolume exec "amixer -q set Master 1%-" +bindsym --locked XF86AudioRaiseVolume exec "amixer -q sset Master 1%+" +bindsym --locked XF86MonBrightnessDown exec brightnessctl set 1%- +bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+ + +# lockscreen +bindsym $mod+Control+l exec $lock + +font pango:$font_family $font_size + +for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable +for_window [app_id="LibreWolf" title="^Extension"] floating enable +for_window [floating] border csd +for_window [app_id="Bitwarden"] floating enable +for_window [app_id=anki title="Add"] floating enable + +bar { + swaybar_command waybar +} + +input "type:touchpad" { + dwt enabled + tap enabled + natural_scroll enabled +} + +input "type:keyboard" { + xkb_layout us + xkb_options ctrl:nocaps + xkb_numlock enabled +} + +exec wl-paste --watch cliphist store +exec mako >> $HOME/mako.log 2>&1 +exec dbus-update-activation-environment --all + +exec swayidle -w \ + timeout 300 'swaymsg "output * power off"' \ + timeout 305 $lock \ + resume 'swaymsg "output * power on"' \ + before-sleep 'playerctl pause; swaylock -f' + +exec system-dnotify --ready diff --git a/home/sway/scripts/remote.sh b/home/sway/scripts/remote.sh new file mode 100755 index 0000000..741c26d --- /dev/null +++ b/home/sway/scripts/remote.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +active_window=$(swaymsg -t get_tree |jq -r '..|try select(.focused == true) |.app_id') + +if [ "$1" = "btn1" ]; then + if [ "$active_window" = "anki" ]; then + wtype " " + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k c -m ctrl -m shift + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P right -p right -m alt + else + wtype -M ctrl -k c -m ctrl + fi +else + if [ "$active_window" = "anki" ]; then + wtype "1" + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k v + wtype -m ctrl + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P left -p left -m alt + else + wtype -M ctrl -k v + wtype -m ctrl + fi +fi diff --git a/home/sway/scripts/terminal.sh b/home/sway/scripts/terminal.sh new file mode 100755 index 0000000..42653c6 --- /dev/null +++ b/home/sway/scripts/terminal.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +focused_workspace=$(swaymsg -t get_workspaces | jq '.[] | select(.focused == true) | .num') + +foot_window_count=$(swaymsg -t get_tree | jq --argjson workspace "$focused_workspace" '[recurse(.nodes[]?) | select(.type == "workspace" and .num == $workspace) | recurse(.nodes[]?) | select(.app_id == "foot")] | length') + +next_session=$((focused_workspace * 10)) + +if [ "$foot_window_count" -gt 0 ] +then + next_session=$((next_session + foot_window_count)) +fi + +foot tmux new-session -A -s ${next_session} diff --git a/home/waybar/config b/home/waybar/config new file mode 100644 index 0000000..6038a44 --- /dev/null +++ b/home/waybar/config @@ -0,0 +1,81 @@ +{ + "layer": "top", // Waybar on highest layer so tooltips go over windows + "output": "eDP-1", // Set output to primary monitor + "height": 40, // Set height to avoid jumping due to active workspace indicator + + "margin-left": 0, + "margin-right": 0, + "margin-top": 0, + "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar + "modules-center": ["niri/window"], // Set modules for the center of the bar + "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar + "clock#time": { + "format": "{:%H:%M:%S}", + "interval": 1, + }, + "clock#date": { + "format": "{:%Y/%m/%d}", + "tooltip-format": "{calendar}", + "interval": 360, + "calendar": { + "mode": "month", + "mode-mon-col": 4, + "weeks-pos": "right", + "on-scroll": 1, + "on-click-right": "mode", + "format": { + "months": "{}", + "days": "{}", + "weeks": "W{}", + "weekdays": "{}", + "today": "{}", + }, + }, + }, + "battery": { + "interval": 60, + "states": { + "warning": 40, + "critical": 20, + }, + "format": "{icon} {capacity}%", + "format-icons": [ + "", + "", + "", + "", + "", + ], + "format-charging": "󱐌 {capacity}%", + }, + "cpu": { + "format": "{usage}%", + "interval": 4, + }, + "memory": { + "format": "{used}GiB", + "interval": 4, + }, + "temperature": { + "hwmon-path": "/sys/class/hwmon/hwmon4/temp1_input", + "critical-threshold": 80, + "format": "{temperatureC}°C", + "format-critical": "{temperatureC}°C", + "interval": 4, + }, + "wireplumber": { + "scroll-step": 1, // %, can be a float + "format": "{icon} {volume}%", + "format-muted": "󰝟 Muted", + "format-icons": ["", "", ""], + "on-click": "pavucontrol", + "interval": 4, + }, + "niri/window": { + "max-length": 64, + }, + "tray": { + "icon-size": 22, + "spacing": 6, + } +} diff --git a/home/waybar/style.css b/home/waybar/style.css new file mode 100644 index 0000000..438d892 --- /dev/null +++ b/home/waybar/style.css @@ -0,0 +1,70 @@ +.module, +#clock.date, +#clock.time, +#workspaces button { + background: transparent; + padding: 0 10px; + font-family: RobotoMono Nerd Font; + font-weight: 900; + font-size: 13pt; + color: #c0caf5; +} + +/* main waybar */ +window#waybar { + background: rgba(26, 27, 38, 1); + border: 2px solid #414868; +} + +/* when hovering over modules */ +tooltip { + background: #1e1e2e; + border-radius: 0; +} + +#workspaces { + padding-right: 0; +} + +#workspaces button { + padding: 2px; +} + +#clock { + padding-right: 100px; +} + + +/* Sets active workspace to have a solid line on the bottom */ +#workspaces button.focused { + border-bottom: 2px solid #7aa2f7; + border-radius: 0; + margin-top: 0px; + transition: none; +} + +/* More workspace stuff for highlighting on hover */ +#workspaces button.focused { + color: #a6adc8; +} + +#workspaces button.urgent { + color: #f7768e; +} + +#workspaces button:hover { + background: #11111b; + color: #cdd6f4; +} + +/* Hide window module when not focused on window or empty workspace */ +window#waybar.empty #window { + padding: 0; + margin: 0; + opacity: 0; +} + +/* Set up rounding to make these modules look like separate pills */ +#tray { + margin-right: 4px; +} diff --git a/home/yt/codespace.nix b/home/yt/codespace.nix new file mode 100644 index 0000000..6720c17 --- /dev/null +++ b/home/yt/codespace.nix @@ -0,0 +1,22 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ./common.nix + ]; + home = { + username = "codespace"; + homeDirectory = "/home/codespace"; + stateVersion = "24.05"; + }; + programs.home-manager.enable = true; + + systemd.user.startServices = "sd-switch"; + + home.packages = with pkgs; [ + foot.terminfo + attic-client + ]; +} diff --git a/home/yt/common.nix b/home/yt/common.nix index a8c9467..b7c586e 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -60,17 +60,12 @@ "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; url = { "ssh://git@github.com/" = { - insteadOf = [ - "https://github.com/" - "github:" - "gh:" - ]; + insteadOf = "https://github.com/"; }; }; }; }; programs.ripgrep.enable = true; - # programs.man.generateCaches = true; # slows down eval + programs.man.generateCaches = true; programs.fd.enable = true; - news.display = "silent"; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c0182e7..d16cd5f 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,6 +6,8 @@ { imports = [ ./common.nix + ../foot.nix + ../niri ../irssi.nix ../kitty.nix ../codium.nix @@ -25,83 +27,97 @@ x11.enable = true; }; - home.packages = - with pkgs; - lib.flatten [ - ungoogled-chromium - librewolf - bitwarden-desktop - bitwarden-cli - fastfetch - (with kdePackages; [ - gwenview - okular - ]) - mpv - signal-desktop - btop - jq - sqlite - usbutils - calibre - tor-browser - wtype - bat - rclone - go - (rust-bin.selectLatestNightlyWith ( - toolchain: - toolchain.default.override { - extensions = [ "rust-src" ]; - } - )) - pwgen - gnumake - unzip - anki-bin - trezorctl - trezor-agent - q - gdb - fuzzel - hugo - ghidra - sccache - awscli2 - (cutter.withPlugins ( - p: with p; [ - rz-ghidra - jsdec - sigdb - ] - )) - p7zip - qbittorrent - nil - android-tools - frida-tools - mitmproxy - (python313.withPackages ( - p: with p; [ - python-lsp-server - pip - virtualenv - ] - )) - jadx - scrcpy - syncthing - syncthingtray - (with llvmPackages; [ - clangUseLLVM - compiler-rt - libllvm - ]) - nix-output-monitor - wl-clipboard-rs - pixelflasher - element-desktop - ]; + home.packages = with pkgs; [ + firefox + ungoogled-chromium + librewolf + bitwarden-desktop + fastfetch + nwg-look + kdePackages.gwenview + kdePackages.okular + kdePackages.qtwayland + mpv + yt-dlp + signal-desktop + pavucontrol + btop + jq + bash-language-server + sqlite + usbutils + clang-tools + calibre + tor-browser + wtype + bat + yarn + rclone + go + rustup + pwgen + lua-language-server + gnumake + minisign + unzip + lm_sensors + sshfs + gopls + anki-bin + trezorctl + trezor-agent + q + opentofu + terraform-ls + gdb + clang + seahorse + github-cli + fuzzel + nixpkgs-review + just + hugo + ghidra + sequoia + sccache + awscli2 + lldb + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) + ida-free + patchelf + radare2 + p7zip + qbittorrent + nil + pkg-config + gtk2 + gtk2-x11 + android-tools + frida-tools + mitmproxy + openssl + (python313.withPackages ( + p: with p; [ + python-lsp-server + pip + virtualenv + ] + )) + telegram-desktop + jadx + gradle + localsend + scrcpy + syncthing + syncthingtray + obsidian + ]; programs.feh.enable = true; @@ -116,10 +132,11 @@ programs.git.extraConfig = { user = { - signingKey = "~/.ssh/id_ed25519"; + signingKey = "~/.ssh/id.key"; }; gpg.format = "ssh"; commit.gpgsign = true; + core.sshCommand = "ssh -i ~/.ssh/id.key"; }; home.sessionVariables = { @@ -139,10 +156,5 @@ AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; - - # bitwarden ssh agent - SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; - - programs.nix-index-database.comma.enable = true; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 9b5bcc6..0697fbc 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -51,7 +51,6 @@ bindkey -M viins "^E" end-of-line bindkey -M viins "^A" beginning-of-line bindkey -M viins "^B" backward-char - bindkey -M viins "^F" forward-char # accept one word completion bindkey -M viins "^S" forward-word @@ -90,9 +89,9 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; - "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; - "hrs" = "home-manager switch -L --flake . |& nom --json"; + "nrs" = "sudo nixos-rebuild switch -L --flake ."; + "nrt" = "sudo nixos-rebuild test -L --flake ."; + "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; @@ -112,13 +111,12 @@ "grv" = "git remote --verbose"; "gs" = "git status --short"; "gss" = "git status"; - "code" = "codium"; }; }; programs.fzf.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; - programs.nix-index.enableZshIntegration = true; - programs.direnv.enableZshIntegration = true; + programs.nix-index.enableZshIntegration = false; + programs.direnv.enableZshIntegration = false; } diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix new file mode 100644 index 0000000..74207fc --- /dev/null +++ b/hosts/chunk/adguard.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + services.adguardhome = { + enable = true; + host = "127.0.0.1"; + port = 8082; + settings = { + http.port = "8083"; + users = [ + { + name = "cy"; + password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; + } + ]; + # do not listen eveywhere cause podman runs it's own DNS + dns.bind_hosts = [ + "127.0.0.1" + "::1" + "31.59.129.225" + "2a0f:85c1:840:2bfb::1" + ]; + }; + }; + + services.caddy.virtualHosts."dns.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8082 + ''; +} diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix new file mode 100644 index 0000000..464c8b7 --- /dev/null +++ b/hosts/chunk/attic.nix @@ -0,0 +1,33 @@ +{ config, ... }: +{ + services.atticd = { + enable = true; + + environmentFile = config.sops.secrets."attic/env".path; + + settings = { + listen = "[::]:8090"; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ "cache.cy7.sh" ]; + require-proof-of-possession = false; + compression.type = "zstd"; + database.url = "postgresql:///atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "auto"; + bucket = "attic"; + endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + }; + + garbage-collection = { + default-retention-period = "2 weeks"; + }; + }; + }; + + services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8090 + ''; +} diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix new file mode 100644 index 0000000..48025e1 --- /dev/null +++ b/hosts/chunk/conduit.nix @@ -0,0 +1,40 @@ +{ + pkgs, + config, + ... +}: +{ + virtualisation.oci-containers.containers.conduit = { + image = "ghcr.io/girlbossceo/conduwuit:main"; + autoStart = true; + ports = [ "127.0.0.1:8448:8448" ]; + pull = "newer"; + environment = { + CONDUWUIT_SERVER_NAME = "cything.io"; + CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit"; + CONDUWUIT_PORT = "8448"; + CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB + CONDUWUIT_ALLOW_REGISTRATION = "false"; + CONDUWUIT_ALLOW_FEDERATION = "true"; + CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true"; + CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]''; + CONDUWUIT_ADDRESS = "0.0.0.0"; + # CONDUIT_CONFIG = ""; + }; + volumes = [ + "/opt/conduit/db:/var/lib/conduwuit/" + ]; + networks = [ "conduit-net" ]; + }; + + systemd.services.create-conduit-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-conduit.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists conduit-net || \ + ${pkgs.podman}/bin/podman network create conduit-net + ''; + }; +} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 48d7d84..ec85850 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -60,9 +60,6 @@ "zipline/env" = { sopsFile = ../../secrets/services/zipline.yaml; }; - "searx/env" = { - sopsFile = ../../secrets/services/searx.yaml; - }; }; boot = { @@ -74,74 +71,81 @@ system.stateVersion = "24.05"; # network stuff - networking = { - hostName = "chunk"; - networkmanager.enable = true; - firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ - 443 - 53 - 853 - ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in - '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off - # clear existing rules - ${tc} qdisc del dev ens18 root || true + networking.hostName = "chunk"; + networking.networkmanager.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + 53 + 853 + ]; + allowedUDPPorts = [ + 443 + 53 + 853 + ]; + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 30 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # tailscale - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 - ''; - }; - interfaces.ens18 = { - ipv6.addresses = [ - { - address = "2a0f:85c1:840:2bfb::1"; - prefixLength = 64; - } - ]; - ipv4.addresses = [ - { - address = "31.59.129.225"; - prefixLength = 24; - } - ]; - }; - defaultGateway6 = { - address = "2a0f:85c1:840::1"; - interface = "ens18"; - }; - defaultGateway = { - address = "31.59.129.1"; - interface = "ens18"; - }; + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 + + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ''; + }; + networking.interfaces.ens18 = { + ipv6.addresses = [ + { + address = "2a0f:85c1:840:2bfb::1"; + prefixLength = 64; + } + ]; + ipv4.addresses = [ + { + address = "31.59.129.225"; + prefixLength = 24; + } + ]; + }; + networking.defaultGateway6 = { + address = "2a0f:85c1:840::1"; + interface = "ens18"; + }; + networking.defaultGateway = { + address = "31.59.129.1"; + interface = "ens18"; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; }; users.users.yt = { @@ -175,6 +179,7 @@ tmux file sops + attic-server ]; environment.variables = { @@ -194,11 +199,29 @@ programs.git.enable = true; my.caddy.enable = true; + services.caddy.virtualHosts."cy7.sh" = { + serverAliases = [ "www.cy7.sh" ]; + extraConfig = '' + import common + redir https://cything.io temporary + ''; + }; # container stuff - my.containerization.enable = true; + virtualisation.containers.enable = true; + virtualisation.podman = { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + environment.enableAllTerminfo = true; my.roundcube.enable = true; my.zipline.enable = true; - my.searx.enable = true; } diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix new file mode 100644 index 0000000..5dd3fd4 --- /dev/null +++ b/hosts/chunk/deluge.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + services.deluge = { + enable = true; + web = { + enable = true; + port = 8112; + }; + }; + + services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8112 + ''; +} diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix new file mode 100644 index 0000000..753bcbd --- /dev/null +++ b/hosts/chunk/gitlab.nix @@ -0,0 +1,35 @@ +{ config, ... }: +{ + services.gitlab = { + enable = true; + https = true; + host = "git.cything.io"; + user = "git"; # so that you can ssh with git@git.cything.io + group = "git"; + port = 443; # this *not* the port gitlab will run on + puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma + sidekiq.concurrency = 5; + databaseUsername = "git"; # needs to be same as user + initialRootEmail = "hi@cything.io"; + initialRootPasswordFile = config.sops.secrets."gitlab/root".path; + secrets = { + secretFile = config.sops.secrets."gitlab/secret".path; + otpFile = config.sops.secrets."gitlab/otp".path; + jwsFile = config.sops.secrets."gitlab/jws".path; + dbFile = config.sops.secrets."gitlab/db".path; + }; + backup = { + startAt = "daily"; + # we already postgresqlbackup.service + skip = [ "db" ]; + keepTime = 48; # hours + }; + extraConfig = { + gitlab = { + # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database + default_color_mode = 2; + }; + prometheus.enabled = false; + }; + }; +} diff --git a/hosts/chunk/jellyfin.nix b/hosts/chunk/jellyfin.nix new file mode 100644 index 0000000..c6e0dec --- /dev/null +++ b/hosts/chunk/jellyfin.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.jellyfin = { + enable = true; + dataDir = "/mnt/jellyfin"; + configDir = "/var/lib/jellyfin/config"; + }; +} diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index cedece2..7529610 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,6 +1,15 @@ -{ ... }: +{ config, ... }: { - my.vaultwarden.enable = true; + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + }; + }; services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' import common diff --git a/hosts/common.nix b/hosts/common.nix index feafd17..e59c314 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -39,46 +39,35 @@ registry.nixpkgs.flake = inputs.nixpkgs; }; - i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { firewall.logRefusedConnections = false; nameservers = [ - # quad9 (unfiltered) - "2620:fe::10" - "2620:fe::fe:10" - "9.9.9.10" - "149.112.112.110" + # quad9 + "2620:fe::fe" + "2620:fe::9" + "9.9.9.9" + "149.112.112.112" ]; timeServers = [ - # https://github.com/jauderho/nts-servers - "ntp3.fau.de" "ntppool1.time.nl" - "ntpmon.dcs1.biz" - "stratum1.time.cifelli.xyz" - "nts.teambelgium.net" - "c.st1.ntp.br" + "nts.netnod.se" + "ptbtime1.ptb.de" + "ohio.time.system76.com" + "time.txryan.com" + "time.dfm.dk" ]; }; services.chrony = { enable = true; enableNTS = true; - enableMemoryLocking = true; - extraConfig = '' - # Expedited Forwarding - dscp 46 - # disable command port - cmdport 0 - # only allow NTS - authselectmode require - # update the clock only when at least 3 sources agree on the correct time - minsources 3 - ''; }; + # this is true by default and mutually exclusive with + # programs.nix-index + programs.command-not-found.enable = false; + programs.nix-index.enable = false; # set above to false to use this + # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; - - services.thermald.enable = true; - environment.enableAllTerminfo = true; } diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile new file mode 100644 index 0000000..c306399 --- /dev/null +++ b/hosts/titan/Caddyfile @@ -0,0 +1,41 @@ +{ + acme_ca https://acme.zerossl.com/v2/DV90 + acme_eab { + key_id {$EAB_KEY_ID} + mac_key {$EAB_MAC_KEY} + } +} + +(common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" +} + +cything.io { + import common + + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD + header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept + route { + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + redir https://cy7.sh/posts{uri} permanent + } +} + +www.cything.io { + import common + redir https://cything.io{uri} permanent +} + +ntfy.cything.io { + import common + reverse_proxy localhost:8083 +} + +status.cything.io { + import common + reverse_proxy localhost:3001 +} diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix new file mode 100644 index 0000000..ad09978 --- /dev/null +++ b/hosts/titan/backup.nix @@ -0,0 +1,13 @@ +{ + config, + ... +}: +{ + my.backup = { + enable = true; + jobName = "titanRsync"; + repo = "titan"; + passFile = config.sops.secrets."borg/rsyncnet".path; + sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; + }; +} diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix new file mode 100644 index 0000000..e8b03f0 --- /dev/null +++ b/hosts/titan/default.nix @@ -0,0 +1,98 @@ +{ + modulesPath, + config, + lib, + pkgs, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ../common.nix + ./disk-config.nix + ./hardware-configuration.nix + ./ghost.nix + ./ntfy.nix + ./uptime-kuma.nix + ./backup.nix + ]; + + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; + sops.secrets = { + "caddy/env" = { + sopsFile = ../../secrets/services/caddy.yaml; + }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/titan.yaml; + }; + "rsyncnet/id_ed25519" = { + sopsFile = ../../secrets/zh5061/titan.yaml; + }; + }; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + tmp.cleanOnBoot = true; + kernelPackages = pkgs.linuxPackages_latest; + }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + ]; + + system.stateVersion = "24.05"; + + environment.systemPackages = with pkgs; [ + curl + git + ]; + + # network stuff + networking.hostName = "titan"; + networking.networkmanager.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + ]; + }; + + # container stuff + virtualisation.containers.enable = true; + virtualisation.podman = { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + services.caddy = { + enable = true; + configFile = ./Caddyfile; + environmentFile = config.sops.secrets."caddy/env".path; + logFormat = lib.mkForce "level INFO"; + }; +} diff --git a/hosts/titan/disk-config.nix b/hosts/titan/disk-config.nix new file mode 100644 index 0000000..7c67624 --- /dev/null +++ b/hosts/titan/disk-config.nix @@ -0,0 +1,33 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/titan/ghost.nix b/hosts/titan/ghost.nix new file mode 100644 index 0000000..a9f8293 --- /dev/null +++ b/hosts/titan/ghost.nix @@ -0,0 +1,52 @@ +{ + pkgs, + config, + ... +}: +{ + virtualisation.oci-containers.containers.ghost = { + image = "ghost:5-alpine"; + autoStart = true; + ports = [ "127.0.0.1:8084:2368" ]; + pull = "newer"; + environment = { + database__client = "mysql"; + database__connection__host = "ghost-db"; + database__connection__user = "root"; + database__connection__password = "example"; + database__connection__database = "ghost"; + url = "https://cything.io"; + NODE_ENV = "production"; + }; + volumes = [ + "/opt/ghost/data:/var/lib/ghost/content" + ]; + networks = [ "ghost-net" ]; + dependsOn = [ "ghost-db" ]; + }; + + virtualisation.oci-containers.containers.ghost-db = { + image = "mysql:8.0"; + autoStart = true; + pull = "newer"; + environment = { + MYSQL_ROOT_PASSWORD = "example"; + }; + volumes = [ + "/opt/ghost/db:/var/lib/mysql" + ]; + networks = [ "ghost-net" ]; + }; + + systemd.services.create-ghost-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-ghost.service" + "${backend}-ghost-db.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists ghost-net || \ + ${pkgs.podman}/bin/podman network create ghost-net + ''; + }; +} diff --git a/hosts/titan/hardware-configuration.nix b/hosts/titan/hardware-configuration.nix new file mode 100644 index 0000000..2730f0c --- /dev/null +++ b/hosts/titan/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + lib, + ... +}: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + virtualisation.hypervGuest.enable = true; +} diff --git a/hosts/titan/ntfy.nix b/hosts/titan/ntfy.nix new file mode 100644 index 0000000..cc2cb47 --- /dev/null +++ b/hosts/titan/ntfy.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + services.ntfy-sh = { + enable = true; + settings = { + listen-http = "127.0.0.1:8083"; + base-url = "https://ntfy.cything.io"; + upstream-base-url = "https://ntfy.sh"; + auth-default-access = "deny-all"; + behind-proxy = true; + }; + }; +} diff --git a/hosts/titan/uptime-kuma.nix b/hosts/titan/uptime-kuma.nix new file mode 100644 index 0000000..8bc0251 --- /dev/null +++ b/hosts/titan/uptime-kuma.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + # data stored at /var/lib/uptime-kuma/ but does not expose + # an option to change it + services.uptime-kuma = { + enable = true; + settings.PORT = "3001"; + }; +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index cfbfc09..296335c 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -31,18 +31,16 @@ sopsFile = ../../secrets/yt/aws.yaml; owner = "yt"; }; - "vaultwarden/env" = { - sopsFile = ../../secrets/services/vaultwarden.yaml; - }; }; boot = { loader = { # lanzaboote replaces systemd-boot systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = true; + efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; + # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce @@ -143,46 +141,40 @@ "adbusers" ]; - environment.systemPackages = with pkgs; lib.flatten [ + environment.systemPackages = with pkgs; [ tmux vim wget + neovim + git + python3 + wl-clipboard + # mako # sway config uses this tree kitty borgbackup + brightnessctl + alsa-utils + nixd + bluetuith + libimobiledevice + pass-wayland htop file dnsutils - q age compsize wireguard-tools traceroute sops + restic + haskell-language-server + ghc sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) + wine-wayland + wine64 + solaar + gtk3 ]; environment.sessionVariables = { @@ -204,19 +196,18 @@ }; }; - fonts = { - packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; - enableDefaultPackages = true; - }; + fonts.packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; + fonts.enableDefaultPackages = true; hardware.enableAllFirmware = true; hardware.bluetooth = { enable = true; powerOnBoot = true; }; + services.blueman.enable = true; my.backup = { enable = true; @@ -229,24 +220,41 @@ "**/.wine" "/home/yt/Games" "/home/yt/Videos" - "/home/yt/.bitmonero" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; }; + services.btrbk.instances.local = { + onCalendar = "hourly"; + # only create snapshots automatically. backups are triggered manually with `btrbk resume` + snapshotOnly = true; + settings = { + snapshot_preserve_min = "latest"; + target_preserve = "*d"; + target_preserve_min = "no"; + target = "/mnt/external/btr_backup/ytnix"; + stream_compress = "zstd"; + stream_compress_level = "8"; + snapshot_dir = "/snapshots"; + subvolume = { + "/home" = { }; + "/" = { }; + }; + }; + }; + programs.steam = { enable = true; extest.enable = true; extraCompatPackages = with pkgs; [ proton-ge-bin ]; }; - programs.gamescope.enable = true; + hardware.steam-hardware.enable = true; services.logind = { - lidSwitch = "suspend"; - powerKey = "poweroff"; - suspendKey = "hibernate"; + lidSwitch = "hibernate"; + powerKey = "hibernate"; }; xdg.mime.defaultApplications = { @@ -255,18 +263,31 @@ "*/html" = "chromium-browser.desktop"; }; + programs.thunar = { + enable = true; + plugins = with pkgs.xfce; [ + thunar-archive-plugin + thunar-volman + ]; + }; + # preference changes don't work in thunar without this + programs.xfconf.enable = true; + # mount, trash and stuff in thunar + services.gvfs.enable = true; + # thumbnails in thunar + services.tumbler.enable = true; + virtualisation = { libvirtd.enable = true; + docker.enable = true; }; programs.virt-manager.enable = true; - my.containerization.enable = true; services.usbmuxd.enable = true; programs.nix-ld.dev = { enable = true; # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ libraries = with pkgs; [ - # TODO: revisit what we actually need mesa extest stdenv.cc.cc @@ -274,7 +295,6 @@ fontconfig libxkbcommon zlib - libz libxml2 dbus freetype @@ -339,7 +359,6 @@ enable = true; plugins = with pkgs.obs-studio-plugins; [ wlrobs - obs-pipewire-audio-capture ]; }; @@ -353,7 +372,7 @@ services.ollama.enable = false; - services.trezord.enable = true; + services.trezord.enable = false; programs.niri.enable = false; programs.niri.package = pkgs.niri-unstable; @@ -363,6 +382,12 @@ SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" ''; + programs.ssh = { + askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; + startAgent = true; + enableAskPassword = true; + }; + services.desktopManager.plasma6 = { enable = true; enableQt5Integration = true; @@ -378,19 +403,8 @@ programs.kdeconnect.enable = true; programs.dconf.enable = true; - programs.ccache.enable = true; - nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; - - services.postgresql = { + programs.java = { enable = true; - settings.port = 5432; - package = pkgs.postgresql_17; - enableTCPIP = true; + binfmt = true; }; - services.postgresqlBackup = { - enable = true; - startAt = "hourly"; - }; - - my.vaultwarden.enable = true; } diff --git a/modules/caddy.nix b/modules/caddy.nix index 6b46cb5..03d7a4a 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -29,12 +29,11 @@ in (common) { encode zstd gzip header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" - tls { - dns cloudflare {$CLOUDFLARE_KEY} - resolvers 1.1.1.1 8.8.8.8 - } } ''; + globalConfig = '' + acme_dns cloudflare {$CLOUDFLARE_KEY} + ''; environmentFile = config.sops.secrets."caddy/env".path; }; }; diff --git a/modules/containerization.nix b/modules/containerization.nix deleted file mode 100644 index 416d2bf..0000000 --- a/modules/containerization.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.containerization; -in -{ - options.my.containerization = { - enable = lib.mkEnableOption "containerization"; - usePodman = lib.mkOption { - type = lib.types.bool; - default = true; - description = "whether to use podman instead of docker"; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation = { - containers.enable = true; - podman = lib.mkIf cfg.usePodman { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - oci-containers.backend = lib.mkIf cfg.usePodman "podman"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index b93f89f..96ea519 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,8 +5,5 @@ ./caddy.nix ./roundcube.nix ./zipline.nix - ./containerization.nix - ./vaultwarden.nix - ./searx.nix ]; } diff --git a/modules/searx.nix b/modules/searx.nix deleted file mode 100644 index 3eb178a..0000000 --- a/modules/searx.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.searx; - sockPath = "/run/searx/searx.sock"; -in -{ - options.my.searx = { - enable = lib.mkEnableOption "searx"; - }; - - config = lib.mkIf cfg.enable { - services.searx = { - enable = true; - runInUwsgi = true; - uwsgiConfig = { - disable-logging = true; - http = "127.0.0.1:8090"; - }; - settings = { - # get secret from env - server.secret_key = "@SEARX_SECRET_KEY@"; - }; - environmentFile = config.sops.secrets."searx/env".path; - }; - - services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' - import common - reverse_proxy 127.0.0.1:8090 - ''; - }; -} \ No newline at end of file diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix deleted file mode 100644 index 8fda611..0000000 --- a/modules/vaultwarden.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.vaultwarden; -in -{ - options.my.vaultwarden = { - enable = lib.mkEnableOption "vaultwarden"; - domain = lib.mkOption { - type = lib.types.str; - default = "https://pass.cy7.sh"; - }; - }; - - config = lib.mkIf cfg.enable { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "0.0.0.0"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2"; - DOMAIN = cfg.domain; - }; - }; - }; -} \ No newline at end of file diff --git a/overlay/default.nix b/overlay/default.nix index d617b17..6a824d1 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -11,14 +11,12 @@ importedOverlays ( final: prev: let - nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - pkgFrom = flake: pkgFrom' flake "default"; - pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; + pkgFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + stable = inputs.nixpkgs-stable; in { conduwuit = - pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; - pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; + inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; } ) -] \ No newline at end of file +] diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 5f3ea62..2ff8b4c 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str] + env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-08T21:05:07Z" - mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str] + lastmodified: "2025-01-30T17:26:39Z" + mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/services/searx.yaml b/secrets/services/searx.yaml deleted file mode 100644 index 46df77e..0000000 --- a/secrets/services/searx.yaml +++ /dev/null @@ -1,31 +0,0 @@ -searx: - env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD - Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP - WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR - d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg - XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx - cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy - OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3 - ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL - W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-08T20:52:15Z" - mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4