diff --git a/README.md b/README.md index 33a0d74..c7518bf 100644 --- a/README.md +++ b/README.md @@ -1,41 +1,12 @@ -# Nix configuration +## Unified nix configuration -## Updating +Update whole flake (clean working directory 1st): `nix flake update --commit-lock-file` -Update flake +Switch current machine: `sudo nixos-rebuild switch --flake . --show-trace` - nix flake update --commit-lock-file +Switch current home manager: `home-manager switch --flake . --show-trace` -Switch current machine +## Maintenance shit () +Clean shit de Home: `nix store gc` - sudo nixos-rebuild switch --flake . --show-trace - -Switch current home manager - - home-manager switch --flake . --show-trace - -Switch server - - nixos-rebuild switch --target-host root@posixlycorrect.com --use-substitutes --show-trace --flake .\#vps - -Update homepage - - nix flake update --commit-lock-file homepage - - -## Cleanup - -Collect garbage (run with sudo to collect root garbage) - - nix-collect-garbage -d - - -## Submodule management - -Trivionomicon - - git subtree push --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master - git subtree pull --prefix=trivionomicon forgejo@git.posixlycorrect.com:deepState/trivionomicon.git master - -## About -This is a unification of my old configs, which had a combined 506 commits. +Clean shit de sys: `sudo nix store gc` diff --git a/flake.lock b/flake.lock index ca067ef..1553136 100644 --- a/flake.lock +++ b/flake.lock @@ -1,86 +1,6 @@ { "nodes": { - "authentik-nix": { - "inputs": { - "authentik-src": "authentik-src", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "napalm": "napalm", - "nixpkgs": [ - "nixpkgs" - ], - "pyproject-build-systems": "pyproject-build-systems", - "pyproject-nix": "pyproject-nix", - "systems": "systems", - "uv2nix": "uv2nix" - }, - "locked": { - "lastModified": 1757676906, - "narHash": "sha256-2Zbde5orbGsYdzroe51P1AW8pFMCNyqHgLjmHYJvOmE=", - "owner": "nix-community", - "repo": "authentik-nix", - "rev": "04db807ac00ba6d62808ffab18b3b6d500b6f7cb", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "authentik-nix", - "type": "github" - } - }, - "authentik-src": { - "flake": false, - "locked": { - "lastModified": 1755873658, - "narHash": "sha256-5l1g55b0xozGg0NaZFimiO5JbHGcudaNSEn1/XsweaU=", - "owner": "goauthentik", - "repo": "authentik", - "rev": "dd7c6b29d950664deadbcf5390272619a8bf9a5e", - "type": "github" - }, - "original": { - "owner": "goauthentik", - "ref": "version/2025.8.1", - "repo": "authentik", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nur", @@ -103,10 +23,7 @@ }, "flake-utils": { "inputs": { - "systems": [ - "authentik-nix", - "systems" - ] + "systems": "systems" }, "locked": { "lastModified": 1731533236, @@ -144,42 +61,6 @@ "inputs": { "systems": "systems_3" }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "inputs": { - "systems": "systems_5" - }, "locked": { "lastModified": 1731533236, "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", @@ -216,11 +97,11 @@ ] }, "locked": { - "lastModified": 1757808926, - "narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f21d9167782c086a33ad53e2311854a8f13c281e", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { @@ -230,27 +111,6 @@ "type": "github" } }, - "homepage": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758437709, - "narHash": "sha256-EyflOWOdq007z0P4JdzxAwPoZmuo33Rq/5opdcQ7miQ=", - "ref": "refs/heads/master", - "rev": "f0cecfa02d67e986cb3eaf537ec2f7007e1b9583", - "revCount": 68, - "type": "git", - "url": "https://git.posixlycorrect.com/fabian/homepage.git" - }, - "original": { - "type": "git", - "url": "https://git.posixlycorrect.com/fabian/homepage.git" - } - }, "impermanence": { "locked": { "lastModified": 1737831083, @@ -266,52 +126,9 @@ "type": "github" } }, - "mediawikiSkinCitizen": { - "flake": false, - "locked": { - "lastModified": 1724097552, - "narHash": "sha256-+o5FDWMrEqnva5qcdc45wAYyE2ZtUhEjygUGVt0HsaA=", - "owner": "StarCitizenTools", - "repo": "mediawiki-skins-Citizen", - "rev": "28cd4e18b52aed3270fe7b55bff4545c8314a687", - "type": "github" - }, - "original": { - "owner": "StarCitizenTools", - "ref": "v2.27.0", - "repo": "mediawiki-skins-Citizen", - "type": "github" - } - }, - "napalm": { - "inputs": { - "flake-utils": [ - "authentik-nix", - "flake-utils" - ], - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1725806412, - "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", - "owner": "willibutz", - "repo": "napalm", - "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", - "type": "github" - }, - "original": { - "owner": "willibutz", - "ref": "avoid-foldl-stack-overflow", - "repo": "napalm", - "type": "github" - } - }, "nixGL": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs" }, "locked": { @@ -343,28 +160,13 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1757810152, - "narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", + "lastModified": 1757244434, + "narHash": "sha256-AeqTqY0Y95K1Fgs6wuT1LafBNcmKxcOkWnm4alD9pqM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9a094440e02a699be5c57453a092a8baf569bdad", + "rev": "092c565d333be1e17b4779ac22104338941d913f", "type": "github" }, "original": { @@ -376,11 +178,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1757068644, + "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "type": "github" }, "original": { @@ -392,15 +194,15 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1757879066, - "narHash": "sha256-EHZWQe3a04DvOlUR2j7LwGCaGqYTStYExpstYezfq3c=", + "lastModified": 1757345656, + "narHash": "sha256-ZvNfl8pu1iwJW0uUZKV8XHIM7JqJxoZX+EqzjayMDqU=", "owner": "nix-community", "repo": "NUR", - "rev": "087c74cd9cc63e44dd20f1dcc5cdb4e5fddc9e14", + "rev": "9009f3b97f820b7b5c2732d423a08bb8d82d179a", "type": "github" }, "original": { @@ -409,85 +211,31 @@ "type": "github" } }, - "pyproject-build-systems": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ], - "uv2nix": [ - "authentik-nix", - "uv2nix" - ] - }, - "locked": { - "lastModified": 1756087852, - "narHash": "sha256-4jc3JDQt75fYXFrglgqyzF6C6zLU0QGLymzian4aP+U=", - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "rev": "6edb3ae27395cd88be3d64b732d1539957dad59c", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "build-system-pkgs", - "type": "github" - } - }, - "pyproject-nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756395552, - "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=", - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "rev": "030dffc235dcf240d918c651c78dc5f158067b51", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "pyproject.nix", - "type": "github" - } - }, "root": { "inputs": { - "authentik-nix": "authentik-nix", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "hm-isolation": "hm-isolation", "home-manager": "home-manager", - "homepage": "homepage", "impermanence": "impermanence", - "mediawikiSkinCitizen": "mediawikiSkinCitizen", "nixGL": "nixGL", "nixpkgs": "nixpkgs_2", "nur": "nur", "trivionomicon": "trivionomicon", - "unstable": "unstable", - "vpsadminos": "vpsadminos" + "unstable": "unstable" } }, "systems": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -521,39 +269,9 @@ "type": "github" } }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "trivionomicon": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -570,11 +288,11 @@ }, "unstable": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1757068644, + "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "type": "github" }, "original": { @@ -583,46 +301,6 @@ "repo": "nixpkgs", "type": "github" } - }, - "uv2nix": { - "inputs": { - "nixpkgs": [ - "authentik-nix", - "nixpkgs" - ], - "pyproject-nix": [ - "authentik-nix", - "pyproject-nix" - ] - }, - "locked": { - "lastModified": 1756466761, - "narHash": "sha256-ALXRHIMXQ4qVNfCbcWykC23MjMwUoHn9BreoBfqmq0Y=", - "owner": "pyproject-nix", - "repo": "uv2nix", - "rev": "0529e6d8227517205afcd1b37eee3088db745730", - "type": "github" - }, - "original": { - "owner": "pyproject-nix", - "repo": "uv2nix", - "type": "github" - } - }, - "vpsadminos": { - "locked": { - "lastModified": 1755964485, - "narHash": "sha256-+YzznL/mHiSjDFC8vJsSgQ+pvjhqWMsLRjegEKSNv/4=", - "owner": "vpsfreecz", - "repo": "vpsadminos", - "rev": "20f55b1d9bee4fdab62494d4471854d6586d3637", - "type": "github" - }, - "original": { - "owner": "vpsfreecz", - "repo": "vpsadminos", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f60e7c6..f36bda0 100644 --- a/flake.nix +++ b/flake.nix @@ -8,32 +8,16 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nur.url = "github:nix-community/NUR"; + impermanence.url = "github:nix-community/impermanence"; + hm-isolation.url = "github:3442/hm-isolation"; + nixGL.url = "github:guibou/nixGL"; + flake-utils.url = "github:numtide/flake-utils"; + trivionomicon = { url = "./trivionomicon"; inputs.nixpkgs.follows = "nixpkgs"; }; - - homepage = { - url = "git+https://git.posixlycorrect.com/fabian/homepage.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - authentik-nix = { - url = "github:nix-community/authentik-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - mediawikiSkinCitizen = { - url = "github:StarCitizenTools/mediawiki-skins-Citizen/v2.27.0"; - flake = false; - }; - - flake-utils.url = "github:numtide/flake-utils"; - hm-isolation.url = "github:3442/hm-isolation"; - impermanence.url = "github:nix-community/impermanence"; - nixGL.url = "github:guibou/nixGL"; - nur.url = "github:nix-community/NUR"; - vpsadminos.url = "github:vpsfreecz/vpsadminos"; }; outputs = flakes: @@ -41,6 +25,7 @@ inherit flakes; system = "x86_64-linux"; + doctrinePrefix = "local"; paths = { localOverlay = "pkgs"; diff --git a/home/modules/accounts.nix b/home/modules/accounts.nix deleted file mode 100644 index 3ce1fbe..0000000 --- a/home/modules/accounts.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.services.accounts; -in { - options.local.services.accounts.enable = mkEnableOption "accounts settings"; - config = mkIf cfg.enable { - accounts.email.accounts = { - "fabian@posixlycorrect.com" = { - address = "fabian@posixlycorrect.com"; - userName = "fabianmontero@fastmail.com"; - realName = "fabian"; - primary = true; - flavor = "fastmail.com"; - }; - }; - }; -} diff --git a/home/modules/baseline.nix b/home/modules/baseline.nix index 6883185..b4bdc1f 100644 --- a/home/modules/baseline.nix +++ b/home/modules/baseline.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - flakes, ... }: with lib; let @@ -12,18 +11,6 @@ in { enable = mkEnableOption "Basic home settings"; }; config = mkIf cfg.enable { - programs.home-manager.enable = true; - - nix.registry = { - "system".to = { - type = "path"; - path = "/home/fabian/nix"; - }; - - "nixpkgs".flake = flakes.nixpkgs; - "unstable".flake = flakes.unstable; - }; - xdg = { enable = true; }; @@ -31,30 +18,20 @@ in { home = { stateVersion = "24.05"; # DO NOT CHANGE - username = "fabian"; - homeDirectory = "/home/fabian"; - packages = with pkgs; [ calc - dysk - fd file - fzf gcc htop killall man-pages man-pages-posix - nmap pv - ripgrep tree units unzip vim - wl-clipboard zip - zoxide ]; keyboard = { layout = "us"; @@ -67,17 +44,8 @@ in { programs.git = { enable = true; - userEmail = "fabian@posixlycorrect.com"; - userName = "Fabian Montero"; - }; - - local = { - services = { - zsh.enable = true; - }; - programs = { - neovim.enable = true; - }; + userEmail = "josescalante9808@gmail.com"; + userName = "josEscalante"; }; }; } diff --git a/home/modules/default.nix b/home/modules/default.nix index 26ce768..c9a4816 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -9,17 +9,11 @@ ./neovim.nix ./baseline.nix ./gaming.nix - ./yubikey.nix ./firefox.nix ./gui ./zsh - ./gpg.nix ./defaultDesktopPack.nix - ./accounts.nix - ./syncthing.nix ./mapping.nix ./zed.nix - ./pass.nix - ./halloy.nix ]; } diff --git a/home/modules/defaultDesktopPack.nix b/home/modules/defaultDesktopPack.nix index a6021e5..c910312 100644 --- a/home/modules/defaultDesktopPack.nix +++ b/home/modules/defaultDesktopPack.nix @@ -5,60 +5,28 @@ ... }: with lib; let - cfg = config.local.defaultDesktopPack; + cfg = config.local.apps.defaultDesktopPack; in { - options.local.defaultDesktopPack = { - enable = mkEnableOption "common desktop programs and services"; - laptop = mkOption { - type = types.bool; - default = false; - }; + options.local.apps.defaultDesktopPack = { + enable = mkEnableOption "common desktop apps"; }; config = mkIf cfg.enable { home.packages = with pkgs; [ calibre chromium discord - (gajim.override { - enableSecrets = true; - enableUPnP = true; - enableAppIndicator = true; - enableE2E = true; - enableRST = true; - }) + kdePackages.gwenview libreoffice-fresh mpv obs-studio pavucontrol pdfarranger - qimgv qpdfview - qbittorrent - runelite spotify tdesktop - thunderbird usbutils - vpsfree-client vscodium-fhs - zola + trilium-next-desktop ]; - - local = { - baseline.enable = true; - - services = { - gpg.enable = true; - accounts.enable = true; - pass.enable = true; - syncthing.enable = true; - }; - programs = { - firefox.enable = true; - zed.enable = true; - halloy.enable = true; - terminal.enable = true; - }; - }; }; } diff --git a/home/modules/firefox.nix b/home/modules/firefox.nix index c260730..93feb80 100644 --- a/home/modules/firefox.nix +++ b/home/modules/firefox.nix @@ -5,33 +5,41 @@ ... }: with lib; let - cfg = config.local.programs.firefox; + cfg = config.local.apps.firefox; in { - options.local.programs.firefox = { - enable = mkEnableOption "firefox"; + options.local.apps.firefox = { + enable = mkEnableOption "firefox settings"; + + makeDefaultBrowser = mkOption { + type = types.bool; + default = true; + description = '' + Take a guess + ''; + }; }; - config = mkIf cfg.enable { - programs.firefox = { - enable = true; - package = pkgs.firefox.override { - nativeMessagingHosts = [pkgs.passff-host]; - }; - }; + config = mkIf cfg.enable (mkMerge [ + { + programs.firefox.enable = true; + } - xdg = { - mimeApps = { - enable = true; - defaultApplications = { - "text/html" = ["firefox.desktop"]; - "text/uri-list" = ["firefox.desktop"]; - "x-scheme-handler/http" = ["firefox.desktop"]; - "x-scheme-handler/https" = ["firefox.desktop"]; - "x-scheme-handler/about" = ["firefox.desktop"]; - "x-scheme-handler/unknown" = ["firefox.desktop"]; + (mkIf cfg.makeDefaultBrowser { + xdg = { + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = ["firefox"]; + "text/uri-list" = ["firefox"]; + "x-scheme-handler/http" = ["firefox"]; + "x-scheme-handler/https" = ["firefox"]; + "x-scheme-handler/about" = ["firefox"]; + "x-scheme-handler/unknown" = ["firefox"]; + }; }; }; - }; - home.sessionVariables.DEFAULT_BROWSER = "${lib.getExe pkgs.firefox}"; - }; + + home.sessionVariables.DEFAULT_BROWSER = "${lib.getExe pkgs.firefox}"; + }) + ]); } diff --git a/home/modules/gaming.nix b/home/modules/gaming.nix index 191a8ff..24158aa 100644 --- a/home/modules/gaming.nix +++ b/home/modules/gaming.nix @@ -5,16 +5,16 @@ ... }: with lib; let - cfg = config.local.programs.gaming; + cfg = config.local.apps.gaming; in { - options.local.programs.gaming = { + options.local.apps.gaming = { enable = mkEnableOption "gaming apps"; }; config = mkIf cfg.enable { - home.packages = [ - pkgs.lutris - pkgs.openrct2 - pkgs.prismlauncher + home.packages = with pkgs; [ + lutris + openrct2 + prismlauncher ]; }; } diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix deleted file mode 100644 index da17eca..0000000 --- a/home/modules/gpg.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.services.gpg; -in { - options.local.services.gpg = { - enable = mkEnableOption "gpg settings"; - defaultKey = mkOption { - type = types.str; - description = "fingerprint of default public key to be used in gpg, git, email, etc."; - example = "A8981D346F8F4130CA16A7775517E687FCCE0BB9"; - }; - }; - config = mkIf cfg.enable { - programs.gpg = { - enable = true; - settings = { - default-key = config.local.services.gpg.defaultKey; - }; - }; - - services.gpg-agent = { - enable = true; - - enableZshIntegration = true; - enableBashIntegration = true; - - enableExtraSocket = true; - enableSshSupport = true; - - defaultCacheTtl = 3600 * 3; - defaultCacheTtlSsh = 3600 * 3; - - maxCacheTtl = 3600 * 6; - maxCacheTtlSsh = 3600 * 6; - - pinentry.package = pkgs.pinentry-emacs; - }; - - accounts.email.accounts = { - "fabian@posixlycorrect.com" = { - gpg = { - encryptByDefault = true; - signByDefault = true; - key = config.local.services.gpg.defaultKey; - }; - }; - }; - - programs.git = { - signing = { - key = config.local.services.gpg.defaultKey; - signByDefault = true; - }; - }; - }; -} diff --git a/home/modules/gui/default.nix b/home/modules/gui/default.nix index 1a72ed9..110a835 100644 --- a/home/modules/gui/default.nix +++ b/home/modules/gui/default.nix @@ -61,8 +61,8 @@ in { mimeApps = { enable = true; defaultApplications = { - "application/pdf" = with pkgs; ["qpdfview.desktop"]; - "x-scheme-handler/file" = with pkgs; ["foot.desktop"]; + "application/pdf" = with pkgs; ["qpdfview"]; + "x-scheme-handler/file" = with pkgs; ["foot"]; }; }; }; diff --git a/home/modules/gui/fonts.nix b/home/modules/gui/fonts.nix index b74c094..1830208 100644 --- a/home/modules/gui/fonts.nix +++ b/home/modules/gui/fonts.nix @@ -8,7 +8,7 @@ enable = true; defaultFonts = { monospace = [ - "JetBrainsMono Nerd Font" + "JetBrains Mono" "Noto Sans Mono CJK SC" "Noto Sans Mono" "Noto Color Emoji" @@ -31,10 +31,11 @@ # with fonts.packages buy im too lazy to check home.packages = with pkgs; [ jetbrains-mono - nerd-fonts.jetbrains-mono noto-fonts noto-fonts-cjk-sans noto-fonts-emoji noto-fonts-extra + nerd-fonts.fira-code + nerd-fonts.droid-sans-mono ]; } diff --git a/home/modules/gui/mako.nix b/home/modules/gui/mako.nix index ad6fd11..7f0dde4 100644 --- a/home/modules/gui/mako.nix +++ b/home/modules/gui/mako.nix @@ -18,7 +18,7 @@ in { progress-color = "over #FFFFFF"; border-radius = 0; default-timeout = 7000; - font = "JetBrainsMono Nerd Font 10"; + font = "JetBrains Mono 10"; icons = true; ignore-timeout = false; layer = "top"; diff --git a/home/modules/gui/sway.nix b/home/modules/gui/sway.nix index 3028f3d..b795be7 100644 --- a/home/modules/gui/sway.nix +++ b/home/modules/gui/sway.nix @@ -62,7 +62,7 @@ in { }; fonts = { - names = ["JetBrainsMono Nerd Font"]; + names = ["JetBrains Mono"]; style = "Regular"; size = 8.0; }; @@ -136,7 +136,7 @@ in { keybindings = let mod = config.wayland.windowManager.sway.config.modifier; grimshot = getExe pkgs.sway-contrib.grimshot; - bemenuCommand = ''bemenu-run --center --width-factor 0.2 --fixed-height --list 10 --scrollbar none --auto-select --accept-single --fn "JetBrainsMono Nerd Font 12" --prompt "" --tb "#000000" --tf "#EAEAEA" --fb "#000000" --ff "#EAEAEA" --cb "#EAEAEA" --cf "#000000" --nb "#000000" --nf "#EAEAEA" --sb "#000000" --sf "#EAEAEA" --hb "#000000" --hf "#EAEAEA" --fbb "#000000" --fbf "#000000" --ab "#000000" --af "#EAEAEA"''; + bemenuCommand = ''bemenu-run --center --width-factor 0.2 --fixed-height --list 10 --scrollbar none --auto-select --accept-single --fn "JetBrains Mono 12" --prompt "" --tb "#000000" --tf "#EAEAEA" --fb "#000000" --ff "#EAEAEA" --cb "#EAEAEA" --cf "#000000" --nb "#000000" --nf "#EAEAEA" --sb "#000000" --sf "#EAEAEA" --hb "#000000" --hf "#EAEAEA" --fbb "#000000" --fbf "#000000" --ab "#000000" --af "#EAEAEA"''; in mkOptionDefault { "${mod}+a" = "focus parent"; @@ -156,13 +156,10 @@ in { command = "${lib.getExe pkgs.sway} 'workspace 1; exec ${lib.getExe pkgs.firefox}'"; } { - command = "${lib.getExe pkgs.sway} 'workspace 2; exec ${lib.getExe pkgs.tdesktop}'"; + command = "${lib.getExe pkgs.sway} 'workspace 10; exec ${lib.getExe pkgs.tdesktop}'"; } { - command = "${lib.getExe pkgs.sway} 'workspace 2; exec ${lib.getExe pkgs.gajim}'"; - } - { - command = "${lib.getExe pkgs.swaybg} -m fill -i ${config.home.homeDirectory}/Pictures/wallpapers/jupiter.png"; + command = "${lib.getExe pkgs.swaybg} -m fill -i ${config.home.homeDirectory}/Pictures/wallpapers/wallpaper.jpg"; always = true; } { diff --git a/home/modules/gui/waybar.nix b/home/modules/gui/waybar.nix index 0a6c1b3..eb73361 100644 --- a/home/modules/gui/waybar.nix +++ b/home/modules/gui/waybar.nix @@ -6,7 +6,6 @@ }: with lib; let cfg = config.local.gui; - laptop = config.local.defaultDesktopPack.laptop; in { config = mkIf cfg.enable { programs.waybar = { @@ -27,74 +26,58 @@ in { ]; modules-right = [ - "keyboard-state" "privacy" "cpu" "memory" "disk" "temperature" + "keyboard-state" "tray" - ] - ++ lists.optionals laptop [ - "battery" ]; - battery = mkIf laptop { - format = "{capacity}% {icon}"; - format-plugged = "{capacity}% 󱐥{icon}"; - format-icons = [ "󰂃" "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹" ]; - states = { - warning = 20; - critical = 10; - }; - }; - keyboard-state = { + "keyboard-state" = { + numlock = true; capslock = true; - format.capslock = "{icon}"; - format-icons = { - locked = "󰘲 "; - unlocked = ""; - }; }; - tray = { + "tray" = { icon-size = 13; spacing = 8; }; - clock = { + "clock" = { interval = 60; format = "{:%A %B %d %Y %H:%M}"; tooltip = false; }; - cpu = { - format = " {usage}%"; + "cpu" = { + format = "cpu {usage}%"; tooltip = false; }; - memory = { - format = " {percentage}% "; + "memory" = { + format = "mem {percentage}%"; tooltip = true; tooltip-format = "{used}/{total}"; }; - disk = { - format = " {specific_used:0.0f}/{specific_total:0.0f}"; + "disk" = { + format = "disk {specific_used:0.0f}/{specific_total:0.0f}"; unit = "GiB"; tooltip = false; }; - privacy = { + "privacy" = { icon-size = 12; }; }; }; style = '' * { - font-family: "JetBrainsMono Nerd Font", monospace; + font-family: "JetBrains Mono", monospace; font-size: 12px; font-weight: 500; border: none; box-shadow: none; } - /* Entire bar: fully transparent, no border */ + /* Entire bar: blacc, no border */ window#waybar { - background: transparent; + background: #000000; color: #eaeaea; margin: 0; padding: 0; @@ -155,21 +138,21 @@ in { margin: 0; background: rgba(255, 255, 255, 0.10); color: #ffffff; - box-shadow: inset 0 -2px #ffffff; + border-bottom: 2px solid #ffffff; } /* Status modules — keep them flat and compact */ #clock, #battery, #network, #pulseaudio, #backlight, #cpu, #memory, #temperature, #tray { padding: 0 6px; margin: 0; - background: transparent; + background: #000000; color: #eaeaea; } /* States (battery, network, audio) */ - #battery.charging { color: #27f902; } - #battery.warning:not(.charging) { color: #fc8b02; } - #battery.critical:not(.charging) { color: #fc0000; } + #battery.charging { color: #c9ffbf; } + #battery.warning:not(.charging) { color: #ffd29a; } + #battery.critical:not(.charging) { color: #ff9a9a; } #network.disconnected { color: #ffb4b4; } #pulseaudio.muted { color: #9aa0a6; } diff --git a/home/modules/halloy.nix b/home/modules/halloy.nix deleted file mode 100644 index 8005b3f..0000000 --- a/home/modules/halloy.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -with lib; let - cfg = config.local.programs.halloy; -in { - options.local.programs.halloy = { - enable = mkEnableOption "halloy irc client"; - }; - config = mkIf cfg.enable { - programs.halloy = { - enable = true; - settings = { - theme = "macawCustom"; - font.size = 16; - preview.enabled = false; - sidebar = { - buffer_action = "replace-pane"; - focused_buffer_action = "close-pane"; - }; - buffer = { - channel.topic = { - enabled = true; - }; - chathistory.infinite_scroll = true; - server_messages = { - join.exclude = ["*"]; - quit.exclude = ["*"]; - }; - }; - - servers.liberachat = { - nickname = "posixlycorrect"; - nick_password_command = "pass show liberachat_irc"; - - username = "fabiansoju/irc.libera.chat"; - password_command = "pass show soju"; - - server = "soju.posixlycorrect.com"; - port = 6697; - chathistory = true; - channels = [ - "##chat" - "##politics" - "##rust" - "#datahoarder" - "#git" - "#indieweb" - "#indieweb-dev" - "#linux" - "#lobsters" - "#nixos" - "#OSRS" - "#soju" - ]; - }; - }; - themes = { - macawCustom = { - general = { - background = "#333333"; - border = "#505050"; - horizontal_rule = "#333333"; - unread_indicator = "#2884FC"; - }; - - text = { - primary = "#DFDFDF"; - secondary = "#C2C2C2"; - tertiary = "#8839EF"; - success = "#959595"; - error = "#959595"; - }; - - buffer = { - action = "#959595"; - background = "#1E1E1E"; - background_text_input = "#2E2E2E"; - background_title_bar = "#2E2E2E"; - border = "#1A1A1A"; - border_selected = "#1A1A1A"; - code = "#7287FD"; - highlight = "#454645"; - nickname = "#00C8FF"; - selection = "#777777"; - timestamp = "#959595"; - topic = "#DFDFDF"; - url = "#2884FC"; - buffer.server_messages = { - default = "#959595"; - }; - }; - - buttons.primary = { - background = "#00000000"; - background_hover = "#484848"; - background_selected = "#4A4A4A"; - background_selected_hover = "#666666"; - }; - - buttons.secondary = { - background = "#3B3B3B"; - background_hover = "#484848"; - background_selected = "#646464"; - background_selected_hover = "#666666"; - }; - }; - }; - }; - }; -} diff --git a/home/modules/mapping.nix b/home/modules/mapping.nix index 9170f59..7a76d8b 100644 --- a/home/modules/mapping.nix +++ b/home/modules/mapping.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.local.programs.mapping; + cfg = config.local.apps.mapping; in { - options.local.programs.mapping = { + options.local.apps.mapping = { enable = mkEnableOption "mapping apps"; }; config = mkIf cfg.enable { diff --git a/home/modules/neovim.nix b/home/modules/neovim.nix index 33870da..7bed139 100644 --- a/home/modules/neovim.nix +++ b/home/modules/neovim.nix @@ -5,9 +5,9 @@ ... }: with lib; let - cfg = config.local.programs.neovim; + cfg = config.local.apps.neovim; in { - options.local.programs.neovim = { + options.local.apps.neovim = { enable = mkEnableOption "Neovim settings"; }; config = mkIf cfg.enable { @@ -40,66 +40,8 @@ in { ''; plugins = with pkgs.vimPlugins; [ - barbar-nvim - nvim-web-devicons vim-nix vim-visual-multi - { - plugin = nvim-tree-lua; - type = "lua"; - config = '' - require("nvim-tree").setup({ - renderer = { - icons = { - show = { - file = true, - folder = true, - folder_arrow = true, - git = true, - }, - glyphs = { - git = { - unstaged = "", - staged = "", - unmerged = "", - renamed = "", - untracked = "", - deleted = "", - ignored = "", - }, - }, - }, - }, - view = { - width = 30, - side = 'left', - }, - sync_root_with_cwd = true, --fix to open cwd with tree - respect_buf_cwd = true, - update_cwd = true, - update_focused_file = { - enable = true, - update_cwd = true, - update_root = true, - }, - }) - - vim.g.nvim_tree_respect_buf_cwd = 1 - - -- use g? for bindings help while in tree - ''; - } - { - plugin = gruvbox-nvim; - type = "lua"; - config = '' - require("gruvbox").setup({ - contrast = "high", - }) - vim.o.background = "dark" - vim.cmd([[colorscheme gruvbox]]) - ''; - } ]; }; home.sessionVariables = { diff --git a/home/modules/pass.nix b/home/modules/pass.nix deleted file mode 100644 index 61811ac..0000000 --- a/home/modules/pass.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.services.pass; -in { - options.local.services.pass = { - enable = mkEnableOption "pass settings"; - }; - config = mkIf cfg.enable { - programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: - with exts; [ - pass-audit - pass-genphrase - pass-otp - pass-tomb - pass-update - ]); - - settings = { - PASSWORD_STORE_DIR = "${config.home.homeDirectory}/safe/trust"; - }; - }; - }; -} diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix deleted file mode 100644 index 4857e63..0000000 --- a/home/modules/syncthing.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.services.syncthing; -in { - options.local.services.syncthing = { - enable = mkEnableOption "syncthing settings"; - }; - - config = mkIf cfg.enable { - services.syncthing = { - enable = true; - tray.enable = true; - }; - }; -} diff --git a/home/modules/terminal.nix b/home/modules/terminal.nix index 0bc1228..9bf84b8 100644 --- a/home/modules/terminal.nix +++ b/home/modules/terminal.nix @@ -5,11 +5,9 @@ ... }: with lib; let - cfg = config.local.programs.terminal; + cfg = config.local.apps.terminal; in { - options.local.programs.terminal = { - enable = mkEnableOption "terminal emulator settings"; - }; + options.local.apps.terminal.enable = mkEnableOption "terminal emulator settings"; config = mkIf cfg.enable { programs = { foot = { @@ -17,10 +15,10 @@ in { settings = { main = { term = "xterm-256color"; - font = "JetBrainsMono Nerd Font:style=Medium:size=15"; - font-bold = "JetBrainsMono Nerd Font:style=Bold:size=15"; - font-italic = "JetBrainsMono Nerd Font:style=Italic:size=15"; - font-bold-italic = "JetBrainsMono Nerd Font:style=Bold Italic:size=15"; + font = "JetBrains Mono:style=Medium:size=12"; + font-bold = "JetBrains Mono:style=Bold:size=12"; + font-italic = "JetBrains Mono:style=Italic:size=12"; + font-bold-italic = "JetBrains Mono:style=Bold Italic:size=12"; dpi-aware = "yes"; initial-window-size-pixels = "1200x600"; }; @@ -31,15 +29,15 @@ in { }; colors = { - background = "000000"; - regular0 = "616161"; - regular1 = "ff4d51"; - regular2 = "35d450"; - regular3 = "e9e836"; - regular4 = "5dc5f8"; - regular5 = "feabf2"; - regular6 = "24dfc4"; - regular7 = "ffffff"; + background = "111111"; + regular0 = "1E201E"; #black + regular1 = "BE3144"; #red + regular2 = "1F7D53"; #green + regular3 = "FEC260"; #yellow + regular4 = "065084"; #blue + regular5 = "940B92"; #magenta + regular6 = "008B8B"; #cyan + regular7 = "D3DAD9"; #white }; bell = { @@ -109,12 +107,6 @@ in { set -g status-justify left ''; }; - - fzf = { - enable = true; - enableZshIntegration = true; - tmux.enableShellIntegration = true; - }; }; home = { sessionVariables = { diff --git a/home/modules/yubikey.nix b/home/modules/yubikey.nix deleted file mode 100644 index 95371fd..0000000 --- a/home/modules/yubikey.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.services.yubikey; -in { - options.local.services.yubikey = { - enable = mkEnableOption "Yubikey home settings"; - }; - config = mkIf cfg.enable { - home.packages = with pkgs; [ - yubikey-manager - yubico-pam - yubikey-personalization - ]; - }; -} diff --git a/home/modules/zed.nix b/home/modules/zed.nix index 8379e11..6e54ca7 100644 --- a/home/modules/zed.nix +++ b/home/modules/zed.nix @@ -5,18 +5,16 @@ ... }: with lib; let - cfg = config.local.programs.zed; + cfg = config.local.apps.zed; in { - options.local.programs.zed = { - enable = mkEnableOption "zed editor settings"; - }; + options.local.apps.zed.enable = mkEnableOption "zed editor settings"; config = mkIf cfg.enable { programs.zed-editor = { enable = true; extensions = [ "nix" "codebook" - "vscode-dark-high-contrast" + "one-dark" "catppuccin-icons" ]; extraPackages = with pkgs; [ @@ -25,8 +23,8 @@ in { userSettings = { disable_ai = true; theme = { - dark = "VSCode Dark High Contrast"; - light = "VSCode Dark High Contrast"; + dark = "One Dark"; + light = "One Dark"; }; icon_theme = { dark = "Catppuccin Latte"; @@ -42,8 +40,8 @@ in { }; autosave = "on_focus_change"; auto_update = false; - buffer_font_family = "JetBrainsMono Nerd Font"; - buffer_font_size = 22; + buffer_font_family = "JetBrains Mono"; + buffer_font_size = 16; hide_mouse = "never"; minimap.show = "auto"; tabs = { diff --git a/home/modules/zsh/default.nix b/home/modules/zsh/default.nix index c30f14e..7a781eb 100644 --- a/home/modules/zsh/default.nix +++ b/home/modules/zsh/default.nix @@ -13,7 +13,6 @@ in { type = types.str; description = "prompt for your terminal"; example = literalExpression "%B[%~] \${vcs_info_msg_0_}%b"; - default = "%B[%~] \${vcs_info_msg_0_}%b"; }; }; config = mkIf cfg.enable { diff --git a/home/modules/zsh/zshrc.nix b/home/modules/zsh/zshrc.nix index 9e5c9e7..ed874bb 100644 --- a/home/modules/zsh/zshrc.nix +++ b/home/modules/zsh/zshrc.nix @@ -18,7 +18,7 @@ zstyle ':completion:*' original true zstyle ':completion:*' preserve-prefix '//[^/]##/' zstyle ':completion:*' verbose true - zstyle :compinstall filename '/home/fabian/.zshrc' + zstyle :compinstall filename '/home/chem/.zshrc' autoload -Uz compinit compinit @@ -79,8 +79,11 @@ alias l='ls --color -FhAltr' alias x='killall --ignore-case --user=$(whoami) --interactive' alias tree='tree -CF' + alias lock="betterlockscreen -l" + alias nightmode="${lib.getExe pkgs.redshift} -P -O 1000" + alias lightmode="${lib.getExe pkgs.redshift} -x=" alias nixoide="nix repl ''" - alias vps="ssh -A vps" + alias vim=nvim bindkey -e bindkey "^[[1;5D" backward-word bindkey "^[[1;5C" forward-word @@ -98,8 +101,8 @@ local pkg pkg="$1" shift - echo "nix shell nixpkgs#$pkg --impure" - nix shell "nixpkgs#$pkg" "$@" --impure + echo "nix shell unstable#$pkg --impure" + nix shell "unstable#$pkg" "$@" --impure } function spawn () { @@ -127,6 +130,4 @@ export VISUAL=nvim export PATH="$PATH:$HOME/.local/bin:$HOME/.cargo/bin" export NIXPKGS_ALLOW_UNFREE=1 - - eval "$(fzf --zsh)" '' diff --git a/home/platforms/chem@yuki/default.nix b/home/platforms/chem@yuki/default.nix new file mode 100644 index 0000000..9d774d2 --- /dev/null +++ b/home/platforms/chem@yuki/default.nix @@ -0,0 +1,77 @@ +{ + flakes, + config, + pkgs, + lib, + ... +}: { + imports = [ + ./systemd + ./isolation.nix + ]; + + nix.registry = { + "system".to = { + type = "path"; + path = "/home/chem/nix"; + }; + + "nixpkgs".flake = flakes.nixpkgs; + "unstable".flake = flakes.unstable; + }; + + local = { + baseline.enable = true; + + services = { + zsh = { + enable = true; + prompt = "%B[%~] \${vcs_info_msg_0_}%b"; + }; + }; + + apps = { + #todo move some of this to defaultDesktop pack? + terminal.enable = true; + neovim.enable = true; + gaming.enable = true; + defaultDesktopPack.enable = true; + firefox.enable = true; + mapping.enable = true; + zed.enable = true; + }; + + gui = { + enable = true; + monitors = { + HDMI-A-4 = { + width = "1920"; + height = "1080"; + rate = "59.94"; + }; + DP-1 = { + width = "1600"; + height = "900"; + rate = "59.94"; + posX = "1920"; + }; + }; + }; + }; + + home = { + packages = with pkgs; [ + gnucash + kdePackages.kdenlive + nmap + qbittorrent + virt-manager + vintagestory + ]; + + username = "chem"; + homeDirectory = "/home/chem"; + }; + + programs.home-manager.enable = true; +} diff --git a/home/platforms/fabian@posixlycorrect/isolation.nix b/home/platforms/chem@yuki/isolation.nix similarity index 100% rename from home/platforms/fabian@posixlycorrect/isolation.nix rename to home/platforms/chem@yuki/isolation.nix diff --git a/home/platforms/fabian@posixlycorrect/shenvs/c.nix b/home/platforms/chem@yuki/shenvs/c.nix similarity index 100% rename from home/platforms/fabian@posixlycorrect/shenvs/c.nix rename to home/platforms/chem@yuki/shenvs/c.nix diff --git a/home/platforms/fabian@posixlycorrect/shenvs/python.nix b/home/platforms/chem@yuki/shenvs/python.nix similarity index 100% rename from home/platforms/fabian@posixlycorrect/shenvs/python.nix rename to home/platforms/chem@yuki/shenvs/python.nix diff --git a/home/platforms/fabian@posixlycorrect/systemd/default.nix b/home/platforms/chem@yuki/systemd/default.nix similarity index 67% rename from home/platforms/fabian@posixlycorrect/systemd/default.nix rename to home/platforms/chem@yuki/systemd/default.nix index 83d75a8..b69c88d 100644 --- a/home/platforms/fabian@posixlycorrect/systemd/default.nix +++ b/home/platforms/chem@yuki/systemd/default.nix @@ -5,6 +5,6 @@ }: with lib; { systemd.user.tmpfiles.rules = [ - "d %t/tmp 0700 fabian fabian 24h" + "d %t/tmp 0700 chem chem 24h" ]; } diff --git a/home/platforms/fabian@posixlycorrect/default.nix b/home/platforms/fabian@posixlycorrect/default.nix deleted file mode 100644 index d53c779..0000000 --- a/home/platforms/fabian@posixlycorrect/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - flakes, - config, - pkgs, - lib, - ... -}: { - imports = [ - ./systemd - ./isolation.nix - ]; - - local = { - defaultDesktopPack.enable = true; - - services = { - gpg.defaultKey = "A8981D346F8F4130CA16A7775517E687FCCE0BB9"; - yubikey.enable = true; - }; - - programs = { - gaming.enable = true; - mapping.enable = true; - }; - - gui = { - enable = true; - monitors = { - DP-1 = { - width = "1920"; - height = "1080"; - rate = "59.94"; - }; - DP-2 = { - width = "1920"; - height = "1080"; - rate = "143.855"; - posX = "1920"; - }; - }; - }; - }; - - home = { - packages = with pkgs; [ - darktable - gnucash - kdePackages.kdenlive - virt-manager - ]; - }; -} diff --git a/home/platforms/fabian@t14/default.nix b/home/platforms/fabian@t14/default.nix deleted file mode 100644 index 5282868..0000000 --- a/home/platforms/fabian@t14/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - flakes, - config, - pkgs, - lib, - ... -}: { - imports = [ - ./systemd - ./isolation.nix - ]; - - local = { - defaultDesktopPack = { - enable = true; - laptop = true; - }; - - services = { - gpg.defaultKey = "A8981D346F8F4130CA16A7775517E687FCCE0BB9"; - yubikey.enable = true; - }; - - programs = { - gaming.enable = true; - mapping.enable = true; - }; - - gui = { - enable = true; - monitors = { - eDP-1 = { - width = "1920"; - height = "1080"; - rate = "60.00"; - }; - }; - }; - }; - - home = { - packages = with pkgs; [ - ]; - }; -} diff --git a/home/platforms/fabian@t14/isolation.nix b/home/platforms/fabian@t14/isolation.nix deleted file mode 100644 index 6a79337..0000000 --- a/home/platforms/fabian@t14/isolation.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: -with lib; { - home.isolation = { - enable = true; - btrfsSupport = true; - defaults = { - static = true; - bindHome = "home/"; - persist = { - base = "shenvs"; - btrfs = true; - }; - }; - - modulesUnder = ./shenvs; - }; -} diff --git a/home/platforms/fabian@t14/shenvs/c.nix b/home/platforms/fabian@t14/shenvs/c.nix deleted file mode 100644 index 0ce5ad7..0000000 --- a/home/platforms/fabian@t14/shenvs/c.nix +++ /dev/null @@ -1,13 +0,0 @@ -{pkgs, ...}: { - static = true; - - packages = with pkgs; [ - binutils - cmake - curl - gdb - gnumake - rustup - valgrind - ]; -} diff --git a/home/platforms/fabian@t14/shenvs/python.nix b/home/platforms/fabian@t14/shenvs/python.nix deleted file mode 100644 index 4818ea5..0000000 --- a/home/platforms/fabian@t14/shenvs/python.nix +++ /dev/null @@ -1,11 +0,0 @@ -{pkgs, ...}: { - static = true; - - packages = with pkgs; [ - pipenv - (python310.withPackages (packages: - with packages; [ - setuptools - ])) - ]; -} diff --git a/home/platforms/fabian@t14/systemd/default.nix b/home/platforms/fabian@t14/systemd/default.nix deleted file mode 100644 index 83d75a8..0000000 --- a/home/platforms/fabian@t14/systemd/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - systemd.user.tmpfiles.rules = [ - "d %t/tmp 0700 fabian fabian 24h" - ]; -} diff --git a/home/platforms/fabian@vps/default.nix b/home/platforms/fabian@vps/default.nix deleted file mode 100644 index 717bc0c..0000000 --- a/home/platforms/fabian@vps/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - pkgs, - lib, - flakes, - ... -}: -with lib; { - imports = [ - ]; - - local = { - baseline.enable = true; - - services = { - zsh.prompt = "%B<%~> \${vcs_info_msg_0_}%b"; - }; - }; - - home = { - packages = with pkgs; [ - ]; - }; -} diff --git a/pkgs/config/default.nix b/pkgs/config/default.nix index 47abe76..3590c24 100644 --- a/pkgs/config/default.nix +++ b/pkgs/config/default.nix @@ -1,5 +1,6 @@ {lib}: with lib; { - android_sdk.accept_license = true; + android_sdk.accept_license = true; #TODO: what the fuck is this allowUnfreePredicate = pkg: import ./unfree.nix lib (getName pkg); + allowInsecurePredicate = pkg: import ./insecure.nix lib (getName pkg); } diff --git a/pkgs/config/insecure.nix b/pkgs/config/insecure.nix new file mode 100644 index 0000000..5a0d472 --- /dev/null +++ b/pkgs/config/insecure.nix @@ -0,0 +1,4 @@ +lib: name: +with lib; + elem name [ + ] diff --git a/pkgs/config/unfree.nix b/pkgs/config/unfree.nix index 9f6ff13..f00e8cc 100644 --- a/pkgs/config/unfree.nix +++ b/pkgs/config/unfree.nix @@ -8,4 +8,5 @@ with lib; "steam-original" "steam-unwrapped" "steam-run" + "vintagestory" ] diff --git a/pkgs/default.nix b/pkgs/default.nix index f6189a2..97d428c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -6,8 +6,6 @@ with prev.lib; let inherit (final) callPackage fetchpatch; in { - homepage = flakes.homepage.packages.${final.system}.default; - override = { # add python modules here to make them available in all versions diff --git a/sys/modules/baseline.nix b/sys/modules/baseline.nix index fd594b7..3869463 100644 --- a/sys/modules/baseline.nix +++ b/sys/modules/baseline.nix @@ -53,17 +53,6 @@ in { ]; }; - fonts.packages = with pkgs; [ - jetbrains-mono - nerd-fonts.jetbrains-mono - noto-fonts - noto-fonts-cjk-sans - noto-fonts-emoji - noto-fonts-extra - nerd-fonts.fira-code - nerd-fonts.droid-sans-mono - ]; - services = { openssh.enable = mkDefault true; @@ -73,8 +62,6 @@ in { }; }; - programs.dconf.enable = true; - # Coredumps are a security risk and may use up a lot of disk space systemd.coredump.extraConfig = '' Storage=none @@ -85,7 +72,5 @@ in { enable = true; defaultBitSize = 4096; }; - - i18n.defaultLocale = "en_US.UTF-8"; }; } diff --git a/sys/modules/borgsync.nix b/sys/modules/borgsync.nix deleted file mode 100644 index 709f58d..0000000 --- a/sys/modules/borgsync.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.sys.borgsync; -in { - options.local.sys.borgsync = { - enable = mkEnableOption "borg backup to an rsync.net repo"; - paths = mkOption { - type = with types; nullOr (coercedTo str singleton (listOf str)); - default = null; - description = "Paths to back up."; - }; - exclude = mkOption { - type = with types; listOf str; - description = "Exclude paths."; - default = []; - }; - repoName = mkOption { - type = types.str; - description = "Remote rsync repository to back up to."; - }; - }; - - config = mkIf cfg.enable { - services.borgbackup.jobs.rsync = { - paths = cfg.paths; - exclude = cfg.exclude; - user = "root"; - group = "root"; - doInit = true; - startAt = [ - "hourly" - ]; - inhibitsSleep = true; - persistentTimer = true; - - repo = "zh5777@zh5777.rsync.net:${cfg.repoName}"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat /var/trust/borg/${cfg.repoName}_passphrase"; - }; - compression = "auto,lz4"; - prune = { - keep = { - hourly = 24; - daily = 7; - weekly = 4; - monthly = 12; - yearly = 99; - }; - }; - extraArgs = [ - "--remote-path=borg14" - ]; - }; - - environment.sessionVariables.BORG_REMOTE_PATH = "borg14"; - }; -} diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 80d9159..c8df074 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -6,7 +6,6 @@ }: { imports = [ ./baseline.nix - ./yubikey.nix ./audio.nix ./graphics.nix ./virtualisation.nix @@ -16,8 +15,15 @@ ./net.nix ./steam.nix ./gtklock.nix - ./borgsync.nix - ./dufs.nix - ./defaultDesktopPack.nix + ]; + + fonts.packages = with pkgs; [ + jetbrains-mono + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + noto-fonts-extra + nerd-fonts.fira-code + nerd-fonts.droid-sans-mono ]; } diff --git a/sys/modules/defaultDesktopPack.nix b/sys/modules/defaultDesktopPack.nix deleted file mode 100644 index 9cc8283..0000000 --- a/sys/modules/defaultDesktopPack.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.sys.defaultDesktopPack; -in { - options.local.sys.defaultDesktopPack = { - enable = mkEnableOption "common desktop programs and services"; - }; - config = mkIf cfg.enable { - local.sys = { - baseline.enable = true; - - audio.enable = true; - graphics.enable = true; - gtklock.enable = true; - steam.enable = true; - - users = { - fabian = { - enable = true; - unixId = 1002; #TODO !!!!!! - }; - }; - }; - - trivium = { - sway.enable = true; - trivionomiconMotd.enable = true; - }; - - networking = { - networkmanager.enable = true; - useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here. - }; - }; -} diff --git a/sys/modules/dufs.nix b/sys/modules/dufs.nix deleted file mode 100644 index 8dab7b4..0000000 --- a/sys/modules/dufs.nix +++ /dev/null @@ -1,233 +0,0 @@ -# https://github.com/NixOS/nixpkgs/blob/c77cd68706b590b44334bb8c506239b3384c26a0/nixos/modules/services/misc/dufs.nix -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.sys.dufs; - types = lib.types; -in { - options.local.sys.dufs = { - enable = lib.mkEnableOption "the dufs server"; - package = lib.mkPackageOption pkgs "dufs" {}; - settings = lib.mkOption { - type = types.submodule { - options = { - serve-path = lib.mkOption { - type = types.path; - description = "Specific path to serve."; - }; - bind = lib.mkOption { - type = types.nullOr types.str; - description = "Specify bind address or unix socket."; - default = null; - }; - port = lib.mkOption { - type = types.port; - description = "Specify port to listen on."; - default = 5000; - }; - path-prefix = lib.mkOption { - type = types.nullOr types.path; - description = "Specify a path prefix."; - default = null; - }; - hidden = lib.mkOption { - type = types.listOf types.str; - description = "Hide paths from directory listings, e.g. tmp,*.log,*.lock."; - default = []; - example = lib.literalExpression '' - [ - "tmp" - "*.log" - "*.lock." - ] - ''; - }; - allow-all = lib.mkOption { - type = types.bool; - description = "Allow all operations."; - default = true; - }; - allow-upload = lib.mkOption { - type = types.bool; - description = "Allow upload files/folders."; - default = false; - }; - allow-delete = lib.mkOption { - type = types.bool; - description = "Allow delete files/folders."; - default = false; - }; - allow-search = lib.mkOption { - type = types.bool; - description = "Allow search files/folders."; - default = false; - }; - allow-symlink = lib.mkOption { - type = types.bool; - description = "Allow symlink to files/folders outside root directory."; - default = false; - }; - allow-archive = lib.mkOption { - type = types.bool; - description = "Allow zip archive generation."; - default = false; - }; - enable-cors = lib.mkOption { - type = types.bool; - description = "Enable CORS, sets `Access-Control-Allow-Origin: *`."; - default = false; - }; - render-index = lib.mkOption { - type = types.bool; - description = "Serve index.html when requesting a directory, returns 404 if not found index.html."; - default = false; - }; - render-try-index = lib.mkOption { - type = types.bool; - description = "Serve index.html when requesting a directory, returns directory listing if not found index.html."; - default = false; - }; - render-spa = lib.mkOption { - type = types.bool; - description = "Serve SPA(Single Page Application)."; - default = false; - }; - assets = lib.mkOption { - type = types.nullOr types.path; - description = "Set the path to the assets directory for overriding the built-in assets."; - default = null; - }; - log-format = lib.mkOption { - type = types.nullOr types.str; - description = "Customize http log format."; - default = null; - example = lib.literalExpression '' - "$remote_addr \"$request\" $status" - ''; - }; - compress = lib.mkOption { - type = types.enum [ - "none" - "low" - "medium" - "high" - ]; - description = "Customize http log format."; - default = "none"; - }; - tls-cert = lib.mkOption { - type = types.nullOr types.path; - description = "Path to an SSL/TLS certificate to serve with HTTPS."; - default = null; - }; - tls-key = lib.mkOption { - type = types.nullOr types.path; - description = "Path to the SSL/TLS certificate's private key."; - default = null; - }; - }; - }; - description = "Settings for dufs."; - }; - authFile = lib.mkOption { - type = types.nullOr types.path; - description = '' - Path to file containing auth roles (e.g. user:pass@/dir1:rw,/dir2), one per line. - - Passwords may be hashed, see https://github.com/sigoden/dufs#hashed-password. - ''; - default = null; - }; - openFirewall = lib.mkOption { - type = types.bool; - description = "Open firewall on configured port."; - default = false; - }; - user = lib.mkOption { - type = types.str; - description = "User to run dufs under."; - default = "dufs"; - }; - group = lib.mkOption { - type = types.str; - description = "Group to run dufs under."; - default = "dufs"; - }; - }; - config = lib.mkIf cfg.enable { - networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [cfg.settings.port]; - systemd.services.dufs = let - settings = lib.filterAttrs (_: v: v != null) cfg.settings; - pathWritable = settings.allow-all || settings.allow-upload || settings.allow-delete; - in { - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - environment.DUFS_CONFIG = (pkgs.formats.yaml {}).generate "dufs-config.yaml" settings; - script = '' - ${lib.optionalString (cfg.authFile != null) '' - export DUFS_AUTH=$(tr '\n' '|' < ${lib.escapeShellArg cfg.authFile} | sed 's/|$//') - ''} - exec ${lib.escapeShellArg (lib.getExe cfg.package)} - ''; - serviceConfig = { - BindReadOnlyPaths = - [ - builtins.storeDir - ] - ++ lib.optional (!pathWritable) settings.serve-path - ++ lib.optional (cfg.authFile != null) cfg.authFile; - BindPaths = lib.mkIf pathWritable settings.serve-path; - CapabilityBoundingSet = ""; - DeviceAllow = ""; - Group = cfg.group; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProcSubset = "pid"; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProtectSystem = "strict"; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_NETLINK" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - RootDirectory = "/run/dufs"; - RuntimeDirectory = "dufs"; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@resources" - "~@privileged" - ]; - User = cfg.user; - }; - }; - users = { - users.dufs = lib.mkIf (cfg.user == "dufs") { - group = cfg.group; - home = cfg.settings.serve-path; - isSystemUser = true; - }; - groups.dufs = lib.mkIf (cfg.group == "dufs") {}; - }; - }; - meta.maintainers = with lib.maintainers; [jackwilsdon]; -} diff --git a/sys/modules/graphics.nix b/sys/modules/graphics.nix index 5b8503b..706c2d3 100644 --- a/sys/modules/graphics.nix +++ b/sys/modules/graphics.nix @@ -16,5 +16,7 @@ in { }; hardware.graphics.enable = true; + + programs.dconf.enable = true; }; } diff --git a/sys/modules/gtklock.nix b/sys/modules/gtklock.nix index 5d9721d..3600b41 100644 --- a/sys/modules/gtklock.nix +++ b/sys/modules/gtklock.nix @@ -26,7 +26,7 @@ in { window { background-color: black; color: #eaeaea; - font-family: "JetBrainsMono Nerd Font", monospace; + font-family: "JetBrains Mono", monospace; font-size: 14px; } diff --git a/sys/modules/users.nix b/sys/modules/users.nix index e54d38e..f55d69e 100644 --- a/sys/modules/users.nix +++ b/sys/modules/users.nix @@ -31,7 +31,7 @@ in { config = { local.sys.users = { - fabian = { + chem = { unixId = mkDefault 1000; admin = true; }; @@ -54,7 +54,7 @@ in { shell = pkgs.zsh; extraGroups = ["users" "networkmanager"] - ++ optionals (v.admin) ["wheel" "libvirtd" "dialout" "adbusers" "video" "input"]; + ++ optionals (v.admin) ["wheel" "libvirtd" "dialout" "adbusers"]; openssh.authorizedKeys.keyFiles = v.sshKeyPublicFile; }) enabledUsers; diff --git a/sys/modules/yubikey.nix b/sys/modules/yubikey.nix deleted file mode 100644 index c5e3008..0000000 --- a/sys/modules/yubikey.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.sys.yubikey; -in { - options.local.sys.yubikey = { - enable = mkEnableOption "yubikey settings"; - }; - config = mkIf cfg.enable { - services = { - pcscd.enable = true; - udev.packages = [pkgs.yubikey-personalization]; - }; - - environment.etc."pkcs11/modules/ykcs11".text = '' - module: ${pkgs.yubico-piv-tool}/lib/libykcs11.so - ''; - - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - security.pam = { - services = { - login.u2fAuth = true; - sudo.u2fAuth = true; - }; - - u2f = { - enable = true; - control = "sufficient"; - settings = { - debug = false; - cue = true; - }; - }; - }; - }; -} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix deleted file mode 100644 index 494e602..0000000 --- a/sys/platforms/posixlycorrect/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - pkgs, - lib, - flakes, - ... -}: { - imports = [ - flakes.home-manager.nixosModules.home-manager - flakes.impermanence.nixosModule - ./hardware-configuration.nix - ]; - - local.sys = { - defaultDesktopPack.enable = true; - - yubikey.enable = true; - virtualisation.enable = true; - androidSupport.enable = true; - borgsync = { - enable = true; - paths = [ - "/home/fabian/nix" - "/home/fabian/safe" - "/xtern/backup" - ]; - repoName = "posixlycorrect"; - }; - }; - - networking = { - hostName = "posixlycorrect"; - hostId = "0414a727"; - }; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - tmp.useTmpfs = true; - supportedFilesystems = ["zfs"]; - zfs = { - forceImportRoot = false; - useKeyringForCredentials = true; - }; - }; - - time.timeZone = "America/Costa_Rica"; -} diff --git a/sys/platforms/posixlycorrect/hardware-configuration.nix b/sys/platforms/posixlycorrect/hardware-configuration.nix deleted file mode 100644 index 168c7c6..0000000 --- a/sys/platforms/posixlycorrect/hardware-configuration.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - lib, - pkgs, - flakes, - modulesPath, - ... -}: let - subvol = subvol: { - device = "/dev/disk/by-uuid/645fdba0-5c03-4285-926b-facded1ee259"; - fsType = "btrfs"; - options = ["subvol=${subvol}" "compress=zstd" "noatime" "ssd"]; - }; -in { - imports = [ - flakes.nixpkgs.nixosModules.notDetected - ]; - - boot.initrd = { - availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; - luks.devices."toplevel" = { - device = "/dev/disk/by-uuid/58277baa-90d4-4a5e-a658-1b918b89130a"; - preLVM = false; - }; - }; - - fileSystems = { - "/" = subvol "root"; - "/toplevel" = subvol "/"; - "/boot" = { - device = "/dev/disk/by-uuid/B007-B007"; - fsType = "vfat"; - options = ["umask=027"]; - }; - - "/extern" = { - device = "/dev/disk/by-uuid/7d8d3ec9-b456-4e2a-9396-551dcaf7705b"; - fsType = "btrfs"; - options = ["noatime" "compress=zstd"]; - }; - }; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/sys/platforms/t14/default.nix b/sys/platforms/t14/default.nix deleted file mode 100644 index 884293b..0000000 --- a/sys/platforms/t14/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - pkgs, - lib, - flakes, - ... -}: { - imports = [ - flakes.home-manager.nixosModules.home-manager - flakes.impermanence.nixosModule - ./hardware-configuration.nix - ]; - - local.sys = { - defaultDesktopPack.enable = true; - - yubikey.enable = true; - bluetooth.enable = true; - }; - - trivium = { - laptop.enable = true; - thinkpad.enable = true; - }; - - services = { - fwupd.enable = true; #TODO - pcscd.enable = true; #TODO - }; - - hardware.acpilight.enable = true; - - networking.hostName = "t14"; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - tmp.useTmpfs = true; - kernelPackages = pkgs.linuxPackages_latest; - }; - - time.timeZone = "America/Costa_Rica"; -} diff --git a/sys/platforms/t14/hardware-configuration.nix b/sys/platforms/t14/hardware-configuration.nix deleted file mode 100644 index 80b46c0..0000000 --- a/sys/platforms/t14/hardware-configuration.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - lib, - pkgs, - flakes, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - services.xserver.videoDrivers = ["i915" "modesetting" "fbdev"]; - - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "sdhci_pci"]; - kernelModules = ["dm-snapshot"]; - luks.devices."tomb" = { - device = "/dev/disk/by-uuid/0b2b9aec-c239-4cce-948d-4411d9300c1d"; - preLVM = true; - }; - }; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38"; - fsType = "btrfs"; - options = ["subvol=root"]; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/A7E5-EEAB"; - fsType = "vfat"; - }; - - "/nix" = { - device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38"; - fsType = "btrfs"; - options = ["subvol=nix"]; - }; - - "/home" = { - device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38"; - fsType = "btrfs"; - options = ["subvol=home"]; - }; - - "/toplevel" = { - device = "/dev/disk/by-uuid/2774158f-8ec5-4ba1-a4fb-a37f55b8bb38"; - fsType = "btrfs"; - }; - }; - - swapDevices = []; - - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix deleted file mode 100644 index 87433d8..0000000 --- a/sys/platforms/vps/default.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ - config, - lib, - pkgs, - flakes, - modulesPath, - doctrine, - ... -}: -with lib; { - imports = [ - flakes.vpsadminos.nixosConfigurations.container - flakes.home-manager.nixosModules.home-manager - flakes.impermanence.nixosModule - ./hardware-configuration.nix - ./srv - ./networkMap.nix - ]; - - local.sys = { - baseline.enable = true; - - borgsync = { - enable = true; - paths = [ - "/var/lib/forgejo" - "/var/lib/mealie" - "/var/lib/trilium" - "/var/lib/forgejo" - ]; - repoName = "vps"; - }; - - users.fabian = { - enable = true; - sshKeyPublicFile = [pki/id_ed25519.pub]; # move this out someday - }; - }; - - trivium.soju = { - enable = true; - fullyQualifiedDomain = "soju.posixlycorrect.com"; - }; - - services.openssh = { - settings.PasswordAuthentication = false; - }; - - programs.mosh.enable = true; - - networking = { - hostName = "vps"; - domain = "posixlycorrect.com"; - firewall.allowedUDPPorts = [51820]; #TODO - }; - - time.timeZone = "Europe/Amsterdam"; - - systemd = { - extraConfig = '' - DefaultTimeoutStartSec=900s - ''; - - network = let - inherit (config.local.sys) nets; - in { - enable = true; - - netdevs = { - wg-vpn = { - netdevConfig = { - Name = "wg-vpn"; - Kind = "wireguard"; - }; - - wireguardConfig = { - PrivateKeyFile = "/var/trust/wg/vpn/key.priv"; - ListenPort = "51820"; - }; - - wireguardPeers = [ - { - PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU="; - PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk"; - AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"]; - } - { - PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks="; - PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk"; - AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"]; - } - ]; - }; - }; - - networks = { - wg-vpn = { - name = "wg-vpn"; - - networkConfig = { - Address = [ - nets.vpn-vps.hosts.vps.v6.cidr - ]; - }; - - routes = [ - { - Destination = nets.vpn.v6.cidr; - } - { - Source = nets.vpn.v6.cidr; - } - ]; - }; - }; - }; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - - extraSpecialArgs = { - inherit flakes; - doctrine = flakes.trivionomicon.lib.mkDoctrine { - inherit pkgs; - inherit (doctrine) prefix; - namespace = "home"; - }; - }; - - users.fabian = { - imports = [ - flakes.impermanence.nixosModules.home-manager.impermanence - "${flakes.self}/home/platforms/fabian@vps" - "${flakes.self}/home" - ]; - }; - }; -} diff --git a/sys/platforms/vps/hardware-configuration.nix b/sys/platforms/vps/hardware-configuration.nix deleted file mode 100644 index 41cc7ee..0000000 --- a/sys/platforms/vps/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - pkgs, - flakes, - modulesPath, - ... -}: let -in { - fileSystems = { - "/mnt/export2008" = { - device = "172.16.129.19:/nas/5876"; - fsType = "nfs"; - options = ["nofail" "noatime"]; - }; - - "/mnt/export2178" = { - device = "172.16.129.151:/nas/5876/immich"; - fsType = "nfs"; - options = ["nofail" "noatime"]; - }; - - "/mnt/export2179" = { - device = "172.16.131.31:/nas/5876/syncthing"; - fsType = "nfs"; - options = ["nofail"]; - }; - }; -} diff --git a/sys/platforms/vps/networkMap.nix b/sys/platforms/vps/networkMap.nix deleted file mode 100644 index 473815e..0000000 --- a/sys/platforms/vps/networkMap.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - pkgs, - lib, - flakes, - ... -}: -with lib; { - local.sys.nets = { - default = { - v4 = { - bits = 32; - prefix = "37.205.12.34"; - }; - - v6 = { - bits = 64; - prefix = "2a03:3b40:fe:102"; - }; - - hosts = { - vps.v6.suffix = "1"; - vps.v4.suffix = ""; - }; - }; - - vpn = { - v6 = { - bits = 48; - prefix = "2a03:3b40:2b"; - }; - }; - - vpn-vps = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1000"; - }; - - hosts = { - vps.v6.suffix = "1"; - }; - }; - - vpn-posixlycorrect = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1001"; - }; - - hosts = { - posixlycorrect.v6.suffix = "1"; - }; - }; - - vpn-pixel8 = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1002"; - }; - - hosts = { - pixel8.v6.suffix = "1"; - }; - }; - - vpn-t14 = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1003"; - }; - - hosts = { - t14.v6.suffix = "1"; - }; - }; - }; -} diff --git a/sys/platforms/vps/pki/id_ed25519.pub b/sys/platforms/vps/pki/id_ed25519.pub deleted file mode 100644 index f5d7f29..0000000 --- a/sys/platforms/vps/pki/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICls/LbyzkIXj5HCp7Qc4eoGcUXzJdQFshNX2caPwgNh openpgp:0x1B7A8CB7 diff --git a/sys/platforms/vps/srv/calibre-web.nix b/sys/platforms/vps/srv/calibre-web.nix deleted file mode 100644 index 28e4c11..0000000 --- a/sys/platforms/vps/srv/calibre-web.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."calibre.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://[::1]:8083"; - }; - }; - }; - - calibre-web = { - enable = true; - options = { - enableBookUploading = true; - calibreLibrary = "/var/lib/calibre-web/calibre_library"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/default.nix b/sys/platforms/vps/srv/default.nix deleted file mode 100644 index e56a3da..0000000 --- a/sys/platforms/vps/srv/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - pkgs, - lib, - flakes, - ... -}: -with lib; { - imports = [ - ./net.nix - ./mediawiki.nix - ./forgejo.nix - ./vaultwarden.nix - ./msmtp.nix - ./trilium.nix - ./syncthing.nix - ./calibre-web.nix - ./immich.nix - ./mealie.nix - ./dufs.nix - ./isso.nix - ./miniflux.nix - ./radicale.nix - ]; -} diff --git a/sys/platforms/vps/srv/dufs.nix b/sys/platforms/vps/srv/dufs.nix deleted file mode 100644 index da38169..0000000 --- a/sys/platforms/vps/srv/dufs.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."public.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:5000"; - }; - }; - }; - }; - - local.sys.dufs = { - enable = true; - settings = { - serve-path = "/var/public"; - allow-all = false; - allow-archive = true; - }; - }; -} diff --git a/sys/platforms/vps/srv/forgejo.nix b/sys/platforms/vps/srv/forgejo.nix deleted file mode 100644 index 9feb36a..0000000 --- a/sys/platforms/vps/srv/forgejo.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; { - config = { - environment.etc."fail2ban/filter.d/gitea.local".text = '' - [Definition] - failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from - ignoreregex = - ''; - - services = { - nginx = { - virtualHosts."git.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/".proxyPass = "http://localhost:9170"; - }; - }; - - fail2ban.jails.gitea.settings = { - filter = "gitea"; - logpath = "${config.services.gitea.stateDir}/log/gitea.log"; - maxretry = "10"; - findtime = "3600"; - bantime = "900"; - action = "iptables-allports"; - }; - - forgejo = { - enable = true; - lfs.enable = true; - useWizard = false; - settings = { - general.APP_NAME = "posixlycorrect"; - ui.DEFAULT_THEME = "forgejo-dark"; - server = { - DOMAIN = "git.posixlycorrect.com"; - ROOT_URL = "https://git.posixlycorrect.com"; - HTTP_PORT = 9170; - LANDING_PAGE = "explore"; - }; - - service.DISABLE_REGISTRATION = true; - - actions = { - ENABLED = true; - }; - mailer = { - ENABLED = false; - }; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/immich.nix b/sys/platforms/vps/srv/immich.nix deleted file mode 100644 index cad0b6a..0000000 --- a/sys/platforms/vps/srv/immich.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."photos.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://localhost:2283"; - }; - }; - }; - - immich = { - enable = true; - secretsFile = "/var/trust/immich/secrets.txt"; - mediaLocation = "/mnt/export2178/immich/media"; - machine-learning.enable = false; - environment = { - IMMICH_TELEMETRY_EXCLUDE = "host,api,io,repo,job"; - }; - settings = { - machineLearning = { - enabled = false; - }; - job = { - backgroundTask = { - concurrency = 1; - }; - smartSearch = { - concurrency = 1; - }; - metadataExtraction = { - concurrency = 1; - }; - faceDetection = { - concurrency = 1; - }; - search = { - concurrency = 1; - }; - sidecar = { - concurrency = 1; - }; - library = { - concurrency = 1; - }; - migration = { - concurrency = 1; - }; - thumbnailGeneration = { - concurrency = 1; - }; - videoConversion = { - concurrency = 1; - }; - notifications = { - concurrency = 1; - }; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/isso.nix b/sys/platforms/vps/srv/isso.nix deleted file mode 100644 index 6715e85..0000000 --- a/sys/platforms/vps/srv/isso.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."isso.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:8888/"; - }; - }; - }; - - isso = { - enable = true; - settings = { - general = { - host = "https://posixlycorrect.com/"; - dbpath = "/var/lib/isso/comments.db"; - notify = "stdout"; - }; - moderation = { - enabled = false; - approve-if-email-previously-approved = false; - purge-after = "365d"; - }; - server = { - listen = "http://127.0.0.1:8888/"; - }; - guard = { - require-author = true; - require-email = true; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/mealie.nix b/sys/platforms/vps/srv/mealie.nix deleted file mode 100644 index c494ff9..0000000 --- a/sys/platforms/vps/srv/mealie.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - systemd.services.wiki-js = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - }; - - services = { - nginx = { - virtualHosts."food.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:9000"; - }; - }; - }; - - mealie = { - enable = true; - listenAddress = "127.0.0.1"; - port = 9000; - credentialsFile = "/var/trust/mealie/credentials.env"; - settings = { - ALLOW_SIGNUP = "false"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/mediawiki.nix b/sys/platforms/vps/srv/mediawiki.nix deleted file mode 100644 index 37fd9ba..0000000 --- a/sys/platforms/vps/srv/mediawiki.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ - lib, - pkgs, - flakes, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."wiki.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - }; - }; - mediawiki = { - enable = true; - name = "posixlycorrect wiki"; - webserver = "nginx"; - nginx.hostName = "wiki.posixlycorrect.com"; - database.type = "postgres"; - - passwordFile = "/run/keys/mediawiki-password"; - - skins = { - citizen = "${flakes.mediawikiSkinCitizen}"; - }; - - extraConfig = '' - # Disable anonymous editing and account creation - $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['*']['createaccount'] = false; - - $wgDefaultSkin = 'citizen'; - $wgDefaultMobileSkin = 'citizen'; - $wgCitizenThemeDefault = 'dark'; - $wgCitizenShowPageTools = 'login'; - $wgLogos = [ - 'icon' => "https://posixlycorrect.com/favicon.png", - '1x' => "https://posixlycorrect.com/favicon.png", - '2x' => "https://posixlycorrect.com/favicon.png", - ]; - - $wgEnableEmail = false; #TODO: arreglar esto - $wgNoReplyAddress = 'mediawiki@posixlycorrect.com'; - $wgEmergencyContact = 'mediawiki@posixlycorrect.com'; - $wgPasswordSender = 'mediawiki@posixlycorrect.com'; - ''; - - extensions = { - # some extensions are included and can enabled by passing null - VisualEditor = null; - CategoryTree = null; - CiteThisPage = null; - Scribunto = null; - Cite = null; - CodeEditor = null; - Math = null; - MultimediaViewer = null; - PdfHandler = null; - Poem = null; - SecureLinkFixer = null; - WikiEditor = null; - ParserFunctions = null; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/miniflux.nix b/sys/platforms/vps/srv/miniflux.nix deleted file mode 100644 index 8712dc5..0000000 --- a/sys/platforms/vps/srv/miniflux.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."rss.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:8087"; - }; - }; - }; - - miniflux = { - enable = true; - adminCredentialsFile = "/var/trust/miniflux/adminCredentialsFile"; - config = { - CLEANUP_FREQUENCY = 48; - LISTEN_ADDR = "127.0.0.1:8087"; - BASE_URL = "https://rss.posixlycorrect.com"; - CREATE_ADMIN = 1; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/msmtp.nix b/sys/platforms/vps/srv/msmtp.nix deleted file mode 100644 index 89e9bae..0000000 --- a/sys/platforms/vps/srv/msmtp.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - users.groups = { - mailsenders = { - members = ["fabian" "mediawiki"]; - }; - }; - - # esto sirve para que PHP pueda accesar la clave smtp de fastmail - #systemd.services.phpfpm-mediawiki = { - # path = [ "/run/wrappers" ]; - # serviceConfig.ReadWritePaths = [ "/run/wrappers" "/var/trust/fastmail" ]; - #}; - - programs = { - msmtp = { - enable = true; - accounts = { - default = { - auth = true; - host = "smtp.fastmail.com"; - port = 587; - passwordeval = "cat /var/trust/fastmail/smtp_key"; - user = "fabianmontero@fastmail.com"; - tls = true; - tls_starttls = true; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/net.nix b/sys/platforms/vps/srv/net.nix deleted file mode 100644 index 61adb45..0000000 --- a/sys/platforms/vps/srv/net.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - inherit (config.local.sys) nets; -in { - # adds "/var/lib/acme/acme-challenge" as a webroot fallback - options = { - security.acme = { - certs = mkOption { - type = with types; - attrsOf (submodule ({config, ...}: { - config = { - webroot = - if config.dnsProvider == null - then "/var/lib/acme/acme-challenge" - else null; - }; - })); - }; - }; - }; - - config = { - networking = { - nftables.enable = false; # learn how to use this later - firewall = { - enable = true; - allowedTCPPorts = [80 443]; - }; - domain = "posixlycorrect.com"; - }; - - # ver https://nixos.org/manual/nixos/stable/index.html#module-security-acme-nginx - security.acme = { - acceptTerms = true; - defaults = { - email = "fabian@posixlycorrect.com"; - }; - }; - - services = { - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - logError = "/var/log/nginx/error.log"; - clientMaxBodySize = "99M"; - virtualHosts = { - "posixlycorrect.com" = { - forceSSL = true; - enableACME = true; - locations = { - "/".root = "${pkgs.trivium.homepage}"; - "/.well-known/openpgpkey/hu/".alias = "/var/public/wkd/"; - }; - }; - }; - }; - - fail2ban = { - enable = true; - bantime = "10m"; - ignoreIP = [ - nets.default.hosts.vps.v6.cidr - nets.default.hosts.vps.v4.address - nets.vpn.v6.cidr - ]; - bantime-increment = { - enable = true; - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "48h"; # Do not ban for more than 48h - rndtime = "10m"; - overalljails = true; # Calculate the bantime based on all the violations - }; - jails = { - # https://discourse.nixos.org/t/fail2ban-with-nginx-and-authelia/31419 - nginx-botsearch.settings = { - # Usar log en vez de journalctl - # TODO: Pasar todo a systemd? - backend = "pyinotify"; - logpath = "/var/log/nginx/*.log"; - journalmatch = ""; - }; - nginx-bad-request.settings = { - backend = "pyinotify"; - logpath = "/var/log/nginx/*.log"; - journalmatch = ""; - maxretry = 10; - }; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/radicale.nix b/sys/platforms/vps/srv/radicale.nix deleted file mode 100644 index ce0b309..0000000 --- a/sys/platforms/vps/srv/radicale.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."dav.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:5232"; - }; - }; - }; - - radicale = { - enable = true; - settings = { - server = { - hosts = ["127.0.0.1:5232"]; - }; - auth = { - type = "htpasswd"; - htpasswd_filename = "/var/trust/radicale/htpasswd"; - htpasswd_encryption = "bcrypt"; - }; - storage = { - filesystem_folder = "/var/lib/radicale/collections"; - }; - web.type = "internal"; - rights.type = "authenticated"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/syncthing.nix b/sys/platforms/vps/srv/syncthing.nix deleted file mode 100644 index 581df4c..0000000 --- a/sys/platforms/vps/srv/syncthing.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - syncthing = { - enable = true; - systemService = true; - overrideFolders = false; - overrideDevices = false; - openDefaultPorts = true; - guiAddress = "127.0.0.1:8384"; - settings.options.urAccepted = -1; - dataDir = "/mnt/export2179/syncthing"; - relay = { - enable = true; - pools = []; - providedBy = "vps.posixlycorrect.com"; - }; - }; - }; - - # calibre web stuff. make this better someday, this is pure duct-tape - users.groups."calybresync".members = ["syncthing" "calibre-web"]; - systemd = { - services."calybreown" = { - script = '' - chgrp -R calybresync /var/lib/calibre-web/calibre_library - chmod -R g+w /var/lib/calibre-web/calibre_library - ''; - serviceConfig.Type = "oneshot"; - }; - timers."calybreown" = { - wantedBy = [ - "timers.target" - ]; - timerConfig.OnCalendar = "*-*-* *:00/30:00"; - }; - }; -} diff --git a/sys/platforms/vps/srv/trilium.nix b/sys/platforms/vps/srv/trilium.nix deleted file mode 100644 index 32774f5..0000000 --- a/sys/platforms/vps/srv/trilium.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."notes.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - }; - }; - - trilium-server = { - enable = true; - package = pkgs.trilium-next-server; - host = "127.0.0.1"; - port = 8458; - noAuthentication = false; - noBackup = true; # I already backup the whole dataDir, so no need for this - instanceName = "posixlycorrect"; - dataDir = "/var/lib/trilium"; - nginx = { - enable = true; - hostName = "notes.posixlycorrect.com"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/vaultwarden.nix b/sys/platforms/vps/srv/vaultwarden.nix deleted file mode 100644 index 2b8dc91..0000000 --- a/sys/platforms/vps/srv/vaultwarden.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."vault.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; - }; - }; - - #fail2ban.jails.gitea.settings = { }; - - postgresql = { - ensureDatabases = ["vaultwarden"]; - ensureUsers = [ - { - name = "vaultwarden"; - ensureDBOwnership = true; - } - ]; - }; - - vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = "/var/trust/vaultwarden/smtp_key"; - config = { - DOMAIN = "https://vault.posixlycorrect.com"; - SIGNUPS_ALLOWED = false; - - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - - ROCKET_LOG = "critical"; - - # Using FASTMAIL mail server - # If you use an external mail server, follow: - # https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration - SMTP_HOST = "smtp.fastmail.com"; - SMTP_PORT = 587; - SMTP_SECURITY = "starttls"; - - SMTP_FROM = "vault@posixlycorrect.com"; - SMTP_FROM_NAME = "posixlycorrect vaultwarden server"; - - SMTP_AUTH_MECHANISM = "PLAIN"; - - DATABASE_URL = "postgresql:///vaultwarden"; - }; - }; - - bitwarden-directory-connector-cli.domain = "https://vault.posixlycorrect.com"; - }; -} diff --git a/sys/platforms/yuki/default.nix b/sys/platforms/yuki/default.nix new file mode 100644 index 0000000..b1c5afc --- /dev/null +++ b/sys/platforms/yuki/default.nix @@ -0,0 +1,55 @@ +{ + config, + pkgs, + lib, + flakes, + ... +}: { + imports = [ + flakes.home-manager.nixosModules.home-manager + flakes.impermanence.nixosModule + ./hardware-configuration.nix + ]; + + local.sys = { + baseline.enable = true; + + audio.enable = true; + graphics.enable = true; + virtualisation.enable = true; + androidSupport.enable = true; + steam.enable = true; + gtklock.enable = true; + + users = { + chem = { + enable = true; + }; + }; + }; + + local.sway.enable = true; + + networking = { + hostName = "yuki"; + networkmanager.enable = true; + + useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here. + #interfaces.enp7s0.useDHCP = true; # Per-interface useDHCP will be mandatory in the future, so this generated config + #interfaces.wlp6s0.useDHCP = true; # replicates the default behaviour. + }; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + tmp.useTmpfs = true; + kernelPackages = pkgs.linuxPackages_zen; + }; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; #todo: move to baseline? + + time.timeZone = "America/Costa_Rica"; #todo: move to baseline? +} diff --git a/sys/platforms/yuki/hardware-configuration.nix b/sys/platforms/yuki/hardware-configuration.nix new file mode 100644 index 0000000..a6bb41e --- /dev/null +++ b/sys/platforms/yuki/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b925ebc0-f717-4f0d-83ca-a9a29990b8e2"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/EC62-0FDF"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/trivionomicon/flake.nix b/trivionomicon/flake.nix index 2b53ebd..f2ee049 100644 --- a/trivionomicon/flake.nix +++ b/trivionomicon/flake.nix @@ -9,11 +9,11 @@ nixpkgs, flake-utils, }: let - mapOverlayOverride = prefix: overlay: final: prev: let + mapOverlayOverride = namespace: overlay: final: prev: let overlayPkgs = overlay final prev; in { - "${prefix}" = (prev.${prefix} or {}) // builtins.removeAttrs overlayPkgs ["override"]; + "${namespace}" = builtins.removeAttrs overlayPkgs ["override"]; } // (overlayPkgs.override or {}); @@ -30,7 +30,7 @@ packages = (import nixpkgs { inherit system; - overlays = [self.overlays.default]; + overlays = [(mapOverlayOverride doctrineNoPkgs.prefix (import ./pkgs))]; }).${ doctrineNoPkgs.prefix }; @@ -121,7 +121,7 @@ } # NB: Preserve the relative order { - overlay = mapOverlayOverride prefix (import ./pkgs); + overlay = self.overlays.default; condition = true; } { @@ -164,12 +164,24 @@ } // optionalAttrs (paths ? nixosSource) { nixosConfigurations = let - hostConfig = platform: - self.lib.mkSystem { - inherit flakes pkgs; - doctrine = doctrineNoPkgs; + nixosSystem = {modules}: + lib.makeOverridable nixpkgs.lib.nixosSystem { + inherit modules pkgs system; + specialArgs = { + inherit flakes; + + doctrine = mkDoctrine { + inherit pkgs; + namespace = "sys"; + }; + }; + }; + + hostConfig = platform: + nixosSystem { modules = [ + self.nixosModules.default nixosSourcePath platform ]; @@ -201,29 +213,6 @@ in lib.mapAttrs home (importAll {root = hmPlatformsPath;}); }; - - mkSystem = { - pkgs, - flakes, - doctrine, - modules, - }: - flakes.nixpkgs.lib.makeOverridable flakes.nixpkgs.lib.nixosSystem { - inherit pkgs; - inherit (pkgs) system; - - modules = [self.nixosModules.default] ++ modules; - - specialArgs = { - inherit flakes; - - doctrine = self.lib.mkDoctrine { - inherit pkgs; - inherit (doctrine) prefix; - namespace = "sys"; - }; - }; - }; }; }; } diff --git a/trivionomicon/modules/soju/default.nix b/trivionomicon/modules/soju/default.nix deleted file mode 100644 index 2b302f0..0000000 --- a/trivionomicon/modules/soju/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - pkgs, - doctrine, - ... -}: -doctrine.lib.mkModule { - inherit config; - name = "soju"; - sys = ./sys.nix; - options = ./options.nix; -} diff --git a/trivionomicon/modules/soju/options.nix b/trivionomicon/modules/soju/options.nix deleted file mode 100644 index 06c3381..0000000 --- a/trivionomicon/modules/soju/options.nix +++ /dev/null @@ -1,16 +0,0 @@ -{lib, ...}: -with lib.types; { - sys = { - fullyQualifiedDomain = lib.mkOption { - type = str; - example = "soju.trivionomicon.com"; - description = "fully qualified domain name to be used by soju"; - }; - - port = lib.mkOption { - type = port; - default = 6697; - description = "port to be used by soju"; - }; - }; -} diff --git a/trivionomicon/modules/soju/sys.nix b/trivionomicon/modules/soju/sys.nix deleted file mode 100644 index 83c3560..0000000 --- a/trivionomicon/modules/soju/sys.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - lib, - cfg, - doctrine, - ... -}: -with lib; { - security.acme.certs."${cfg.fullyQualifiedDomain}" = { - reloadServices = ["soju.service"]; - group = "soju"; - }; - - networking.firewall.allowedTCPPorts = [cfg.port]; - - services.soju = let - sojuCertDir = config.security.acme.certs."${cfg.fullyQualifiedDomain}".directory; - in { - enable = true; - hostName = "${cfg.fullyQualifiedDomain}"; - listen = ["ircs://[::]:${toString cfg.port}"]; - tlsCertificate = "${sojuCertDir}/fullchain.pem"; - tlsCertificateKey = "${sojuCertDir}/key.pem"; - }; - - systemd.services.soju = { - after = ["acme-${cfg.fullyQualifiedDomain}.service"]; - serviceConfig = { - DynamicUser = mkForce false; # fuck dynamic users - User = "soju"; - Group = "soju"; - ProtectSystem = "strict"; - ProtectHome = "read-only"; - PrivateTmp = true; - RemoveIPC = true; - }; - }; - - users = { - users.soju = { - isSystemUser = true; - group = "soju"; - }; - groups.soju = {}; - }; -} diff --git a/trivionomicon/modules/trivionomiconMotd/default.nix b/trivionomicon/modules/trivionomiconMotd/default.nix deleted file mode 100644 index 0844b5a..0000000 --- a/trivionomicon/modules/trivionomiconMotd/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - config, - doctrine, - ... -}: -doctrine.lib.mkModule { - inherit config; - name = "trivionomiconMotd"; - sys = ./sys.nix; -} diff --git a/trivionomicon/modules/trivionomiconMotd/sys.nix b/trivionomicon/modules/trivionomiconMotd/sys.nix deleted file mode 100644 index 5b38e3d..0000000 --- a/trivionomicon/modules/trivionomiconMotd/sys.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - users.motd = '' - _ _ _ _ - | | | | | | | | - _ __ _____ _____ _ __ ___ __| | | |__ _ _ | |_| |__ ___ - | '_ \ / _ \ \ /\ / / _ \ '__/ _ \/ _` | | '_ \| | | | | __| '_ \ / _ \ - | |_) | (_) \ V V / __/ | | __/ (_| | | |_) | |_| | | |_| | | | __/ - | .__/ \___/ \_/\_/ \___|_| \___|\__,_| |_.__/ \__, | \__|_| |_|\___| - | | __/ | - |_|_____ _____ _______ _______ ____ _ _|___/_ __ __ _____ _____ ____ _ _ - |__ __| __ \|_ _\ \ / /_ _/ __ \| \ | |/ __ \| \/ |_ _/ ____/ __ \| \ | | - | | | |__) | | | \ \ / / | || | | | \| | | | | \ / | | || | | | | | \| | - | | | _ / | | \ \/ / | || | | | . ` | | | | |\/| | | || | | | | | . ` | - | | | | \ \ _| |_ \ / _| || |__| | |\ | |__| | | | |_| || |___| |__| | |\ | - |_| |_| \_\_____| \/ |_____\____/|_| \_|\____/|_| |_|_____\_____\____/|_| \_| - ''; -} diff --git a/trivionomicon/pkgs/default.nix b/trivionomicon/pkgs/default.nix index 4a275a3..484ca77 100644 --- a/trivionomicon/pkgs/default.nix +++ b/trivionomicon/pkgs/default.nix @@ -5,6 +5,5 @@ in { override = {}; athena-bccr = callPackage ./athena-bccr {}; - snapborg = final.python3Packages.callPackage ./snapborg {}; spliit = callPackage ./spliit {}; } diff --git a/trivionomicon/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch b/trivionomicon/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch deleted file mode 100644 index 33f7a0c..0000000 --- a/trivionomicon/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c363931656938f9cc3354b8e2797fe9abac1b0e3 Mon Sep 17 00:00:00 2001 -From: Alejandro Soto -Date: Sun, 31 Aug 2025 13:30:45 -0600 -Subject: [PATCH] Remove "env" arg from subprocess calls - ---- - snapborg/borg.py | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/snapborg/borg.py b/snapborg/borg.py -index 89a3d84..b74ddf7 100644 ---- a/snapborg/borg.py -+++ b/snapborg/borg.py -@@ -173,11 +173,10 @@ def launch_borg(args, password=None, print_output=False, dryrun=False, cwd=None) - # TODO: parse output from JSON log lines - try: - if print_output: -- subprocess.run(cmd, env=env, check=True, cwd=cwd) -+ subprocess.run(cmd, check=True, cwd=cwd) - else: - subprocess.check_output(cmd, - stderr=subprocess.STDOUT, -- env=env, - cwd=cwd) - except CalledProcessError as e: - if e.returncode == 1: --- -2.49.0 - diff --git a/trivionomicon/pkgs/snapborg/default.nix b/trivionomicon/pkgs/snapborg/default.nix deleted file mode 100644 index 271be5c..0000000 --- a/trivionomicon/pkgs/snapborg/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - borgbackup, - buildPythonApplication, - fetchFromGitHub, - lib, - packaging, - pyyaml, -}: -buildPythonApplication { - pname = "snapborg"; - version = "0.1.0-unstable-20250331"; - - src = fetchFromGitHub { - repo = "snapborg"; - owner = "enzingerm"; - - rev = "7e860395319f995161a6e0c7954ce47635e3cd59"; - hash = "sha256-RzYL4IHulk1Q/ALWFs6YCTeCO8ohwqXH2NMHRctRVSA="; - }; - - patches = [ - ./0001-Remove-env-arg-from-subprocess-calls.patch # Fixes broken $PATH when calling borg - ]; - - propagatedBuildInputs = [ - borgbackup - packaging - pyyaml - ]; - - preFixup = '' - makeWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [borgbackup]}) - ''; -}