Compare commits
45 commits
Author | SHA1 | Date | |
---|---|---|---|
Natsu Kagami | 17e66e339c | ||
Natsu Kagami | 63c2616c0f | ||
Natsu Kagami | bc5de8bc77 | ||
Natsu Kagami | 177f0f686e | ||
Natsu Kagami | 4fe33b7e80 | ||
Natsu Kagami | 5ecad94dcb | ||
Natsu Kagami | 84fa06937c | ||
Natsu Kagami | 08d0c7aea3 | ||
Natsu Kagami | 5b85a94be7 | ||
Natsu Kagami | 40d325218f | ||
Natsu Kagami | db7e115863 | ||
Natsu Kagami | 59f9ae8d5b | ||
Natsu Kagami | fbe19bac34 | ||
Natsu Kagami | bc4cfe7c69 | ||
Natsu Kagami | 70ab3aa5b3 | ||
Natsu Kagami | 41f717c5be | ||
Natsu Kagami | 9fecd353f8 | ||
Natsu Kagami | f0807443fd | ||
Natsu Kagami | b1db7229cd | ||
Natsu Kagami | f4c514baa6 | ||
Natsu Kagami | 58a49a71a8 | ||
Natsu Kagami | e8424a0d21 | ||
Natsu Kagami | 81d3c1dcd1 | ||
Natsu Kagami | 08111c8f13 | ||
Natsu Kagami | 5d2f127bcc | ||
Natsu Kagami | a490d5a5ef | ||
Natsu Kagami | a5df4c0b58 | ||
Natsu Kagami | 73d9b5fb4e | ||
Natsu Kagami | e772814eed | ||
Natsu Kagami | 7b53f1d945 | ||
Natsu Kagami | 167d1dddb8 | ||
Natsu Kagami | 472daa8e59 | ||
Natsu Kagami | d18a5ca503 | ||
Natsu Kagami | f164a27290 | ||
Natsu Kagami | 0887487c29 | ||
Natsu Kagami | 0b2e4feebb | ||
Natsu Kagami | 8ec79eac11 | ||
Natsu Kagami | 07478138d9 | ||
Natsu Kagami | 45e90570b7 | ||
Natsu Kagami | 28080d31c0 | ||
Natsu Kagami | e82627e317 | ||
Natsu Kagami | 228db93202 | ||
Natsu Kagami | fec7f40440 | ||
Natsu Kagami | 38c7afa96f | ||
Natsu Kagami | 581093ff78 |
15
.sops.yaml
15
.sops.yaml
|
@ -4,6 +4,8 @@ keys:
|
||||||
- &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
|
- &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
|
||||||
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
|
||||||
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
|
||||||
|
- &nki_yoga age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
|
||||||
|
- &nki_framework age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: kagami-air-m1/secrets\.yaml$
|
- path_regex: kagami-air-m1/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -16,9 +18,20 @@ creation_rules:
|
||||||
- *nki_pc
|
- *nki_pc
|
||||||
- *nkagami_main
|
- *nkagami_main
|
||||||
- *nkagami_do
|
- *nkagami_do
|
||||||
- path_regex: nki-home/secrets/secrets\.yaml$
|
- *nki_framework
|
||||||
|
- path_regex: nki-home/secrets\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *nki_pc
|
- *nki_pc
|
||||||
- *nkagami_main
|
- *nkagami_main
|
||||||
- *nkagami_do
|
- *nkagami_do
|
||||||
|
- path_regex: nki-yoga-g8/secrets\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *nki_yoga
|
||||||
|
- age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv # The machine itself
|
||||||
|
- path_regex: nki-framework/secrets\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *nki_framework
|
||||||
|
- age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27 # The machine itself
|
||||||
|
|
|
@ -13,6 +13,8 @@ in
|
||||||
with lib; {
|
with lib; {
|
||||||
imports = [
|
imports = [
|
||||||
# defaultShell
|
# defaultShell
|
||||||
|
./modules/services/nix-cache
|
||||||
|
./modules/services/nix-build-farm
|
||||||
];
|
];
|
||||||
|
|
||||||
## Packages
|
## Packages
|
||||||
|
|
423
flake.lock
423
flake.lock
|
@ -115,17 +115,14 @@
|
||||||
},
|
},
|
||||||
"crane_3": {
|
"crane_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_3",
|
"nixpkgs": "nixpkgs_5"
|
||||||
"flake-utils": "flake-utils_3",
|
|
||||||
"nixpkgs": "nixpkgs_5",
|
|
||||||
"rust-overlay": "rust-overlay"
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697334144,
|
"lastModified": 1724006180,
|
||||||
"narHash": "sha256-gcOxnHEgBcn8mGXgNkTvZ1BLAANZZj+IZzb9QnQt7bc=",
|
"narHash": "sha256-PVxPj0Ga2fMYMtcT9ARCthF+4U71YkOT7ZjgD/vf1Aw=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "4dcf584de14beff8dd0c030ac54e185fd3b72023",
|
"rev": "7ce92819802bc583b7e82ebc08013a530f22209f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -175,11 +172,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718730147,
|
"lastModified": 1724377159,
|
||||||
"narHash": "sha256-QmD6B6FYpuoCqu6ZuPJH896ItNquDkn0ulQlOn4ykN8=",
|
"narHash": "sha256-ixjje1JO8ucKT41hs6n2NCde1Vc0+Zc2p2gUbJpCsMw=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "32c21c29b034d0a93fdb2379d6fabc40fc3d0e6c",
|
"rev": "3e47b7a86c19142bd3675da49d6acef488b4dac1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -211,7 +208,7 @@
|
||||||
},
|
},
|
||||||
"deploy-rs": {
|
"deploy-rs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_4",
|
"flake-compat": "flake-compat_3",
|
||||||
"nixpkgs": "nixpkgs_6",
|
"nixpkgs": "nixpkgs_6",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
|
@ -231,21 +228,22 @@
|
||||||
},
|
},
|
||||||
"dtth-phanpy": {
|
"dtth-phanpy": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_4",
|
"flake-utils": "flake-utils_3",
|
||||||
"nixpkgs": "nixpkgs_7"
|
"nixpkgs": "nixpkgs_7"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719154855,
|
"lastModified": 1723470164,
|
||||||
"narHash": "sha256-uLV3PAVG+eZVnfVkRmHABGi7vRW/q8qvDafw3VzmFgk=",
|
"narHash": "sha256-ZWcDD4HTmFtEJgEA2Ydg2mA+yu0FVcfEHbCGVXDatfw=",
|
||||||
"ref": "refs/heads/dtth-fork",
|
"ref": "dtth-fork",
|
||||||
"rev": "97978f4a6556e69b826e15f7d2c3c4079a1c1c47",
|
"rev": "c72bd47bbd18523b951b3fa73c789629504d0eb3",
|
||||||
"revCount": 2662,
|
"revCount": 2721,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork"
|
"url": "ssh://gitea@git.dtth.ch/nki/phanpy"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
"ref": "dtth-fork",
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork"
|
"url": "ssh://gitea@git.dtth.ch/nki/phanpy"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"fenix": {
|
"fenix": {
|
||||||
|
@ -303,22 +301,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_3": {
|
"flake-compat_3": {
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1696267196,
|
|
||||||
"narHash": "sha256-AAQ/2sD+0D18bb8hKuEEVpHUYD1GmO2Uh/taFamn6XQ=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "4f910c9827911b1ec2bf26b5a062cd09f8d89f85",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_4": {
|
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696426674,
|
"lastModified": 1696426674,
|
||||||
|
@ -334,7 +316,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_5": {
|
"flake-compat_4": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673956053,
|
"lastModified": 1673956053,
|
||||||
|
@ -350,7 +332,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_6": {
|
"flake-compat_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688025799,
|
"lastModified": 1688025799,
|
||||||
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
||||||
|
@ -452,11 +434,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib_2"
|
"nixpkgs-lib": "nixpkgs-lib_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1706830856,
|
"lastModified": 1722555600,
|
||||||
"narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
|
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
|
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -480,24 +462,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_10": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_9"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1710146030,
|
|
||||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
|
@ -518,25 +482,7 @@
|
||||||
},
|
},
|
||||||
"flake-utils_3": {
|
"flake-utils_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_2"
|
"systems": "systems_3"
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1694529238,
|
|
||||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_4": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_4"
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710146030,
|
"lastModified": 1710146030,
|
||||||
|
@ -552,9 +498,9 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_5": {
|
"flake-utils_4": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_5"
|
"systems": "systems_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694529238,
|
"lastModified": 1694529238,
|
||||||
|
@ -570,9 +516,9 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_6": {
|
"flake-utils_5": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_6"
|
"systems": "systems_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681202837,
|
"lastModified": 1681202837,
|
||||||
|
@ -588,6 +534,24 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-utils_6": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems_6"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1710146030,
|
||||||
|
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-utils_7": {
|
"flake-utils_7": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_7"
|
"systems": "systems_7"
|
||||||
|
@ -607,15 +571,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_8": {
|
"flake-utils_8": {
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_8"
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710146030,
|
"lastModified": 1659877975,
|
||||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -625,12 +586,15 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_9": {
|
"flake-utils_9": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems_8"
|
||||||
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1659877975,
|
"lastModified": 1710146030,
|
||||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -778,11 +742,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719037157,
|
"lastModified": 1723986931,
|
||||||
"narHash": "sha256-aOKd8+mhBsLQChCu1mn/W5ww79ta5cXVE59aJFrifM8=",
|
"narHash": "sha256-Fy+KEvDQ+Hc8lJAV3t6leXhZJ2ncU5/esxkgt3b8DEY=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511",
|
"rev": "2598861031b78aadb4da7269df7ca9ddfc3e1671",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -794,11 +758,11 @@
|
||||||
"kak-lsp": {
|
"kak-lsp": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719761259,
|
"lastModified": 1723206901,
|
||||||
"narHash": "sha256-2cnjweEU/NgQffF2gav9b6EIXmV9TcSd7214FzW7ekY=",
|
"narHash": "sha256-wPCu/VxAMIB+zI0+eDq7lJ/rHJZfe0whYzdoiwrixCc=",
|
||||||
"owner": "kakoune-lsp",
|
"owner": "kakoune-lsp",
|
||||||
"repo": "kakoune-lsp",
|
"repo": "kakoune-lsp",
|
||||||
"rev": "484b19c2e373988ee5ab9afc54ecd6383b8da9bc",
|
"rev": "ebd370f43cb6e7af634e5f8cadb99cc8c16e1efe",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -826,14 +790,14 @@
|
||||||
"lanzaboote": {
|
"lanzaboote": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane_4",
|
"crane": "crane_4",
|
||||||
"flake-compat": "flake-compat_5",
|
"flake-compat": "flake-compat_4",
|
||||||
"flake-parts": "flake-parts_4",
|
"flake-parts": "flake-parts_4",
|
||||||
"flake-utils": "flake-utils_6",
|
"flake-utils": "flake-utils_5",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||||
"rust-overlay": "rust-overlay_2"
|
"rust-overlay": "rust-overlay"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682802423,
|
"lastModified": 1682802423,
|
||||||
|
@ -853,20 +817,20 @@
|
||||||
"lix": {
|
"lix": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720626042,
|
"lastModified": 1723503926,
|
||||||
"narHash": "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=",
|
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
|
||||||
"rev": "2a4376be20d70feaa2b0e640c5041fb66ddc67ed",
|
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2a4376be20d70feaa2b0e640c5041fb66ddc67ed.tar.gz"
|
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz"
|
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"lix-module": {
|
"lix-module": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_7",
|
"flake-utils": "flake-utils_6",
|
||||||
"flakey-profile": "flakey-profile",
|
"flakey-profile": "flakey-profile",
|
||||||
"lix": "lix",
|
"lix": "lix",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -874,20 +838,20 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720641669,
|
"lastModified": 1723510904,
|
||||||
"narHash": "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE=",
|
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
|
||||||
"rev": "5c48c833c15bb80d127a398a8c2484d42fdd8257",
|
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/5c48c833c15bb80d127a398a8c2484d42fdd8257.tar.gz"
|
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz"
|
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"mpd-mpris": {
|
"mpd-mpris": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_8",
|
"flake-utils": "flake-utils_7",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
|
@ -924,14 +888,15 @@
|
||||||
"nix-gaming": {
|
"nix-gaming": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-parts": "flake-parts_5",
|
"flake-parts": "flake-parts_5",
|
||||||
"nixpkgs": "nixpkgs_8"
|
"nixpkgs": "nixpkgs_8",
|
||||||
|
"umu": "umu"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716686274,
|
"lastModified": 1723945279,
|
||||||
"narHash": "sha256-4JiRUWtoEMrfq38jG4O+NP6rcQIhKxEclnSkHvywnf0=",
|
"narHash": "sha256-3W+/u3v/e0dTOxht6wW6pL+kr44e8Amb8A1Z3Bx8BUE=",
|
||||||
"owner": "fufexan",
|
"owner": "fufexan",
|
||||||
"repo": "nix-gaming",
|
"repo": "nix-gaming",
|
||||||
"rev": "83a47c12d3493f7eb876250d0298d1566a965ce4",
|
"rev": "bcf8116981cc332c2734d4c82a034f115780853d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -957,11 +922,11 @@
|
||||||
},
|
},
|
||||||
"nixos-m1": {
|
"nixos-m1": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_6",
|
"flake-compat": "flake-compat_5",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"rust-overlay": "rust-overlay_3"
|
"rust-overlay": "rust-overlay_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700436815,
|
"lastModified": 1700436815,
|
||||||
|
@ -1013,20 +978,14 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-lib_2": {
|
"nixpkgs-lib_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "lib",
|
"lastModified": 1722555339,
|
||||||
"lastModified": 1706550542,
|
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
|
||||||
"narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
|
"type": "tarball",
|
||||||
"owner": "NixOS",
|
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
|
|
||||||
"type": "github"
|
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"dir": "lib",
|
"type": "tarball",
|
||||||
"owner": "NixOS",
|
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
|
@ -1063,11 +1022,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720750130,
|
"lastModified": 1726652927,
|
||||||
"narHash": "sha256-y2wc7CdK0vVSIbx7MdVoZzuMcUoLvZXm+pQf2RIr1OU=",
|
"narHash": "sha256-WO6Lmbn37PlamY2fDg3B187THkSKU/W01z8SxoIqJd0=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6794d064edc69918bb0fc0e0eda33ece324be17a",
|
"rev": "294eb5975def0caa718fca92dc5a9d656ae392a9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1079,27 +1038,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_10": {
|
"nixpkgs_10": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713128889,
|
"lastModified": 1724224976,
|
||||||
"narHash": "sha256-aB90ZqzosyRDpBh+rILIcyP5lao8SKz8Sr2PSWvZrzk=",
|
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2748d22b45a99fb2deafa5f11c7531c212b2cefa",
|
"rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_11": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1718530797,
|
|
||||||
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1159,11 +1102,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696261572,
|
"lastModified": 1722640603,
|
||||||
"narHash": "sha256-s8TtSYJ1LBpuITXjbPLUPyxzAKw35LhETcajJjCS5f0=",
|
"narHash": "sha256-TcXjLVNd3VeH1qKPH335Tc4RbFDbZQX+d7rqnDUoRaY=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0c7ffbc66e6d78c50c38e717ec91a2a14e0622fb",
|
"rev": "81610abc161d4021b29199aa464d6a1a521e0cc9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1191,11 +1134,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_7": {
|
"nixpkgs_7": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719075281,
|
"lastModified": 1723175592,
|
||||||
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
|
"narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
|
||||||
"owner": "nixOS",
|
"owner": "nixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
|
"rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1207,11 +1150,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_8": {
|
"nixpkgs_8": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1708751719,
|
"lastModified": 1723856861,
|
||||||
"narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=",
|
"narHash": "sha256-OTDg91+Zzs2SpU3csK4xVdSQFoG8cK1lNUwKmTqERyE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "f63ce824cd2f036216eb5f637dfef31e1a03ee89",
|
"rev": "cd7b95ee3725af7113bacbce91dd6549cee58ca5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1223,11 +1166,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_9": {
|
"nixpkgs_9": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720954236,
|
"lastModified": 1725826545,
|
||||||
"narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
|
"narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
|
"rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1237,21 +1180,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nur": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1697363080,
|
|
||||||
"narHash": "sha256-/49Rh5mohp0ZD6HaNbDn9oIsLt+d7Tzbc/BGkb/7o+g=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "NUR",
|
|
||||||
"rev": "5771ba6f22db037b037a8bdd82acc5467c965c7e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "NUR",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"pre-commit-hooks-nix": {
|
"pre-commit-hooks-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": [
|
"flake-compat": [
|
||||||
|
@ -1291,7 +1219,7 @@
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
"dtth-phanpy": "dtth-phanpy",
|
"dtth-phanpy": "dtth-phanpy",
|
||||||
"flake-utils": "flake-utils_5",
|
"flake-utils": "flake-utils_4",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"home-manager-unstable": "home-manager-unstable",
|
"home-manager-unstable": "home-manager-unstable",
|
||||||
"kak-lsp": "kak-lsp",
|
"kak-lsp": "kak-lsp",
|
||||||
|
@ -1304,10 +1232,9 @@
|
||||||
"nixos-m1": "nixos-m1",
|
"nixos-m1": "nixos-m1",
|
||||||
"nixpkgs": "nixpkgs_9",
|
"nixpkgs": "nixpkgs_9",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
"nur": "nur",
|
"rust-overlay": "rust-overlay_3",
|
||||||
"secrets": "secrets",
|
"secrets": "secrets",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"swayfx": "swayfx",
|
|
||||||
"youmubot": "youmubot"
|
"youmubot": "youmubot"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -1329,31 +1256,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rust-overlay": {
|
"rust-overlay": {
|
||||||
"inputs": {
|
|
||||||
"flake-utils": [
|
|
||||||
"crane",
|
|
||||||
"flake-utils"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
|
||||||
"crane",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1696299134,
|
|
||||||
"narHash": "sha256-RS77cAa0N+Sfj5EmKbm5IdncNXaBCE1BSSQvUE8exvo=",
|
|
||||||
"owner": "oxalica",
|
|
||||||
"repo": "rust-overlay",
|
|
||||||
"rev": "611ccdceed92b4d94ae75328148d84ee4a5b462d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "oxalica",
|
|
||||||
"repo": "rust-overlay",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"rust-overlay_2": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": [
|
"flake-utils": [
|
||||||
"lanzaboote",
|
"lanzaboote",
|
||||||
|
@ -1378,7 +1280,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rust-overlay_3": {
|
"rust-overlay_2": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1686795910,
|
"lastModified": 1686795910,
|
||||||
|
@ -1394,27 +1296,50 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"scenefx": {
|
"rust-overlay_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_10"
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715160751,
|
"lastModified": 1724466314,
|
||||||
"narHash": "sha256-S8m7phTU7QYgAq4B0hjH5WdtTjHDcNVhYfPFdhbty+A=",
|
"narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=",
|
||||||
"owner": "wlrfx",
|
"owner": "oxalica",
|
||||||
"repo": "scenefx",
|
"repo": "rust-overlay",
|
||||||
"rev": "2ec3505248e819191c37cb831197629f373326fb",
|
"rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "wlrfx",
|
"owner": "oxalica",
|
||||||
"repo": "scenefx",
|
"repo": "rust-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"rust-overlay_4": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"youmubot",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1724466314,
|
||||||
|
"narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=",
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_9"
|
"flake-utils": "flake-utils_8"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693981285,
|
"lastModified": 1693981285,
|
||||||
|
@ -1453,27 +1378,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"swayfx": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"scenefx": "scenefx"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1715273144,
|
|
||||||
"narHash": "sha256-x8z/sjtJPojvaXiOUDvADiSU/QmSo8cqKQ1X4g+5dw4=",
|
|
||||||
"owner": "WillPower3309",
|
|
||||||
"repo": "swayfx",
|
|
||||||
"rev": "3c621dec7d653231f960d377fcb3ceeed55953e2",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "WillPower3309",
|
|
||||||
"repo": "swayfx",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems": {
|
"systems": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
@ -1594,24 +1498,34 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems_9": {
|
"umu": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nix-gaming",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"dir": "packaging/nix",
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
"lastModified": 1723697867,
|
||||||
"owner": "nix-systems",
|
"narHash": "sha256-LTfbJXR8x35oZ8Mo3R0WTVEp9toWpVfzD21xCSr64IM=",
|
||||||
"repo": "default",
|
"ref": "refs/heads/main",
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
"rev": "c71a45ad53036f4c668bcbe1be7a49f9d3460151",
|
||||||
"type": "github"
|
"revCount": 699,
|
||||||
|
"submodules": true,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-systems",
|
"dir": "packaging/nix",
|
||||||
"repo": "default",
|
"submodules": true,
|
||||||
"type": "github"
|
"type": "git",
|
||||||
|
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_3"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701680307,
|
"lastModified": 1701680307,
|
||||||
|
@ -1630,15 +1544,16 @@
|
||||||
"youmubot": {
|
"youmubot": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane_5",
|
"crane": "crane_5",
|
||||||
"flake-utils": "flake-utils_10",
|
"flake-utils": "flake-utils_9",
|
||||||
"nixpkgs": "nixpkgs_11"
|
"nixpkgs": "nixpkgs_10",
|
||||||
|
"rust-overlay": "rust-overlay_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720930588,
|
"lastModified": 1726330095,
|
||||||
"narHash": "sha256-Ue3ZRLUU/VoN0SUOCcAwR5LZJac9UgaSA9To//rP7fU=",
|
"narHash": "sha256-5Qhb4stOM8gbasfALX7Zaw7Q6OZZm2PjBC/8dYAOR8g=",
|
||||||
"owner": "natsukagami",
|
"owner": "natsukagami",
|
||||||
"repo": "youmubot",
|
"repo": "youmubot",
|
||||||
"rev": "dc02b4b7e280a8d5f129b5f43636407a2e4b96ea",
|
"rev": "76fd6c803d9c50a3ad677218dad249f596efe760",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
33
flake.nix
33
flake.nix
|
@ -15,7 +15,6 @@
|
||||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||||
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
|
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
|
||||||
deploy-rs.url = "github:Serokell/deploy-rs";
|
deploy-rs.url = "github:Serokell/deploy-rs";
|
||||||
nur.url = "github:nix-community/NUR";
|
|
||||||
|
|
||||||
# --- Secure boot
|
# --- Secure boot
|
||||||
lanzaboote = {
|
lanzaboote = {
|
||||||
|
@ -26,24 +25,28 @@
|
||||||
# --- Build tools
|
# --- Build tools
|
||||||
flake-utils.url = github:numtide/flake-utils;
|
flake-utils.url = github:numtide/flake-utils;
|
||||||
crane.url = github:ipetkov/crane;
|
crane.url = github:ipetkov/crane;
|
||||||
|
rust-overlay = {
|
||||||
|
url = "github:oxalica/rust-overlay";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
arion.url = github:hercules-ci/arion;
|
arion.url = github:hercules-ci/arion;
|
||||||
lix-module = {
|
lix-module = {
|
||||||
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
|
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# Imported apps
|
# Imported apps
|
||||||
youmubot.url = "github:natsukagami/youmubot";
|
youmubot.url = "github:natsukagami/youmubot";
|
||||||
swayfx = {
|
# swayfx = {
|
||||||
url = github:WillPower3309/swayfx;
|
# url = github:WillPower3309/swayfx;
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
# inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
# };
|
||||||
mpd-mpris = {
|
mpd-mpris = {
|
||||||
url = github:natsukagami/mpd-mpris;
|
url = github:natsukagami/mpd-mpris;
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork";
|
dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?ref=dtth-fork";
|
||||||
conduit.url = "gitlab:famedly/conduit/v0.8.0";
|
conduit.url = "gitlab:famedly/conduit/v0.8.0";
|
||||||
nix-gaming.url = github:fufexan/nix-gaming;
|
nix-gaming.url = github:fufexan/nix-gaming;
|
||||||
|
|
||||||
|
@ -60,7 +63,7 @@
|
||||||
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
|
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, nur, ... }@inputs:
|
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, ... }@inputs:
|
||||||
let
|
let
|
||||||
overlays = import ./overlay.nix inputs;
|
overlays = import ./overlay.nix inputs;
|
||||||
lib = nixpkgs.lib;
|
lib = nixpkgs.lib;
|
||||||
|
@ -85,6 +88,20 @@
|
||||||
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
|
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
|
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
|
||||||
|
programs.gamemode = {
|
||||||
|
enable = true;
|
||||||
|
enableRenice = true;
|
||||||
|
settings = {
|
||||||
|
general = {
|
||||||
|
renice = 10;
|
||||||
|
};
|
||||||
|
|
||||||
|
custom = {
|
||||||
|
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
|
||||||
|
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Common Nix modules
|
# Common Nix modules
|
||||||
|
|
|
@ -9,13 +9,6 @@
|
||||||
./modules/programs/my-kitty
|
./modules/programs/my-kitty
|
||||||
./modules/programs/openconnect-epfl.nix
|
./modules/programs/openconnect-epfl.nix
|
||||||
./common-linux.nix
|
./common-linux.nix
|
||||||
|
|
||||||
# PATH Overrides
|
|
||||||
({ config, lib, ... }: {
|
|
||||||
home.sessionPath = lib.mkBefore [
|
|
||||||
"${config.home.homeDirectory}/.bin/overrides"
|
|
||||||
];
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Let Home Manager install and manage itself.
|
# Let Home Manager install and manage itself.
|
||||||
|
|
|
@ -1,8 +1,3 @@
|
||||||
{
|
{
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
packageOverrides = pkgs: {
|
|
||||||
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
|
|
||||||
inherit pkgs;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,8 +53,7 @@ in
|
||||||
functions = {
|
functions = {
|
||||||
rebuild = {
|
rebuild = {
|
||||||
body = ''
|
body = ''
|
||||||
command sudo -v && \
|
pls nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \
|
||||||
command sudo nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \
|
|
||||||
&| ${pkgs.nix-output-monitor}/bin/nom --json
|
&| ${pkgs.nix-output-monitor}/bin/nom --json
|
||||||
'';
|
'';
|
||||||
wraps = "nixos-rebuild";
|
wraps = "nixos-rebuild";
|
||||||
|
@ -146,6 +145,29 @@ in
|
||||||
if test -e /opt/homebrew/bin/brew
|
if test -e /opt/homebrew/bin/brew
|
||||||
/opt/homebrew/bin/brew shellenv | source
|
/opt/homebrew/bin/brew shellenv | source
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Override PATH
|
||||||
|
set --export --prepend PATH ~/.bin/overrides ~/.local/bin
|
||||||
|
|
||||||
|
function pls --wraps "sudo"
|
||||||
|
set -l cmd "`"(string join " " -- $argv)"`"
|
||||||
|
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
|
||||||
|
# Send a notification on password prompt
|
||||||
|
if command sudo -vn 2>/dev/null
|
||||||
|
# nothing to do, user already authenticated
|
||||||
|
else
|
||||||
|
# throw a notification
|
||||||
|
set notif_id (kitten notify -P \
|
||||||
|
-p ${./haruka.png} \
|
||||||
|
-a "pls" \
|
||||||
|
-u critical \
|
||||||
|
"A-a command requires your p-password" \
|
||||||
|
(printf "I-I need your p-password to r-run the following c-command: %s" $cmd))
|
||||||
|
command sudo -v -p "P-password please: "
|
||||||
|
kitten notify -i $notif_id ""
|
||||||
|
end
|
||||||
|
command sudo $argv
|
||||||
|
end
|
||||||
'';
|
'';
|
||||||
|
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
|
@ -250,8 +272,8 @@ in
|
||||||
target = ".config/fish/conf.d/change_cmd.fish";
|
target = ".config/fish/conf.d/change_cmd.fish";
|
||||||
};
|
};
|
||||||
"fish/pls.fish" = {
|
"fish/pls.fish" = {
|
||||||
source = ./. + "/pls.fish";
|
source = ./pls_extra.fish;
|
||||||
target = ".config/fish/conf.d/pls.fish";
|
target = ".config/fish/conf.d/pls_extra.fish";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
BIN
home/fish/haruka.png
Normal file
BIN
home/fish/haruka.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 30 KiB |
|
@ -1,155 +0,0 @@
|
||||||
alias sue="pls -e"
|
|
||||||
|
|
||||||
function pls
|
|
||||||
set -l cmd "`"(string join " " -- $argv)"`"
|
|
||||||
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
|
|
||||||
# Send a notification on password prompt
|
|
||||||
if command sudo -vn 2>/dev/null
|
|
||||||
# nothing to do, user already authenticated
|
|
||||||
else
|
|
||||||
# throw a notification
|
|
||||||
# notify-send -t 3000 -u critical -i ~/Downloads/harukablush.jpg -h "STRING:command:"$cmd "A-a command requires your p-password" (printf "I-I need your p-password to r-run the following c-command: %s" $cmd)
|
|
||||||
end
|
|
||||||
command sudo $argv
|
|
||||||
end
|
|
||||||
|
|
||||||
function sudo
|
|
||||||
echo "Not polite enough."
|
|
||||||
end
|
|
||||||
|
|
||||||
function __fish_prepend_pls -d "Prepend 'pls ' to the beginning of the current commandline"
|
|
||||||
# If there is no commandline, insert the last item from history
|
|
||||||
# and *then* toggle
|
|
||||||
if not commandline | string length -q
|
|
||||||
commandline -r "$history[1]"
|
|
||||||
end
|
|
||||||
|
|
||||||
set -l cmd (commandline -po)
|
|
||||||
set -l cursor (commandline -C)
|
|
||||||
|
|
||||||
if test "$cmd[1]" = e
|
|
||||||
commandline -C 0
|
|
||||||
commandline -i "su"
|
|
||||||
commandline -C (math $cursor + 2)
|
|
||||||
else if test "$cmd[1]" = sue
|
|
||||||
commandline -r (string sub --start=3 (commandline -p))
|
|
||||||
commandline -C -- (math $cursor - 2)
|
|
||||||
else if test "$cmd[1]" != pls
|
|
||||||
commandline -C 0
|
|
||||||
commandline -i "pls "
|
|
||||||
commandline -C (math $cursor + 4)
|
|
||||||
else
|
|
||||||
commandline -r (string sub --start=5 (commandline -p))
|
|
||||||
commandline -C -- (math $cursor - 4)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
bind --preset -e -M insert \es
|
|
||||||
bind -M insert \es __fish_prepend_pls
|
|
||||||
|
|
||||||
function __fish_man_page
|
|
||||||
# Get all commandline tokens not starting with "-"
|
|
||||||
set -l args (commandline -po | string match -rv '^-')
|
|
||||||
|
|
||||||
# If commandline is empty, exit.
|
|
||||||
if not set -q args[1]
|
|
||||||
printf \a
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
#Skip `pls` and display then manpage of following command
|
|
||||||
while set -q args[2]
|
|
||||||
and string match -qr -- '^(pls|.*=.*)$' $args[1]
|
|
||||||
set -e args[1]
|
|
||||||
end
|
|
||||||
|
|
||||||
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
|
|
||||||
# Try "man first-second" and fall back to "man first" if that doesn't work out.
|
|
||||||
set -l maincmd (basename $args[1])
|
|
||||||
if set -q args[2]
|
|
||||||
# HACK: If stderr is not attached to a terminal `less` (the default pager)
|
|
||||||
# wouldn't use the alternate screen.
|
|
||||||
# But since we don't know what pager it is, and because `man` is totally underspecified,
|
|
||||||
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
|
|
||||||
# See #7863.
|
|
||||||
if man "$maincmd-$args[2]" &>/dev/null
|
|
||||||
man "$maincmd-$args[2]"
|
|
||||||
else if man "$maincmd" &>/dev/null
|
|
||||||
man "$maincmd"
|
|
||||||
else
|
|
||||||
printf \a
|
|
||||||
end
|
|
||||||
else
|
|
||||||
if man "$maincmd" &>/dev/null
|
|
||||||
man "$maincmd"
|
|
||||||
else
|
|
||||||
printf \a
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
commandline -f repaint
|
|
||||||
end
|
|
||||||
|
|
||||||
#
|
|
||||||
# Completion for pls
|
|
||||||
#
|
|
||||||
|
|
||||||
function __fish_pls_print_remaining_args
|
|
||||||
set -l tokens (commandline -opc) (commandline -ct)
|
|
||||||
set -e tokens[1]
|
|
||||||
# These are all the options mentioned in the man page for Todd Miller's "pls.ws" pls (in that order).
|
|
||||||
# If any other implementation has different options, this should be harmless, since they shouldn't be used anyway.
|
|
||||||
set -l opts A/askpass b/background C/close-from= E/preserve-env='?'
|
|
||||||
# Note that "-h" is both "--host" (which takes an option) and "--help" (which doesn't).
|
|
||||||
# But `-h` as `--help` only counts when it's the only argument (`pls -h`),
|
|
||||||
# so any argument completion after that should take it as "--host".
|
|
||||||
set -a opts e/edit g/group= H/set-home h/host= 1-help
|
|
||||||
set -a opts i/login K/remove-timestamp k/reset-timestamp l/list n/non-interactive
|
|
||||||
set -a opts P/preserve-groups p/prompt= S/stdin s/shell U/other-user=
|
|
||||||
set -a opts u/user= T/command-timeout= V/version v/validate
|
|
||||||
argparse -s $opts -- $tokens 2>/dev/null
|
|
||||||
# The remaining argv is the subcommand with all its options, which is what
|
|
||||||
# we want.
|
|
||||||
if test -n "$argv"
|
|
||||||
and not string match -qr '^-' $argv[1]
|
|
||||||
string join0 -- $argv
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
return 1
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
function __fish_pls_no_subcommand
|
|
||||||
not __fish_pls_print_remaining_args >/dev/null
|
|
||||||
end
|
|
||||||
|
|
||||||
function __fish_complete_pls_subcommand
|
|
||||||
set -l args (__fish_pls_print_remaining_args | string split0)
|
|
||||||
set -lx -a PATH /usr/local/sbin /sbin /usr/sbin
|
|
||||||
__fish_complete_subcommand --commandline $args
|
|
||||||
end
|
|
||||||
|
|
||||||
# All these options should be valid for GNU and OSX pls
|
|
||||||
complete -c pls -n __fish_no_arguments -s h -d "Display help and exit"
|
|
||||||
complete -c pls -n __fish_no_arguments -s V -d "Display version information and exit"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s A -d "Ask for password via the askpass or \$SSH_ASKPASS program"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s C -d "Close all file descriptors greater or equal to the given number" -xa "0 1 2 255"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s E -d "Preserve environment"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s H -d "Set home"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s K -d "Remove the credential timestamp entirely"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s P -d "Preserve group vector"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s S -d "Read password from stdin"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s b -d "Run command in the background"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s e -rF -d Edit
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s g -a "(__fish_complete_groups)" -x -d "Run command as group"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s i -d "Run a login shell"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s k -d "Reset or ignore the credential timestamp"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s l -d "List the allowed and forbidden commands for the given user"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s n -d "Do not prompt for a password - if one is needed, fail"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s p -d "Specify a custom password prompt"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s s -d "Run the given command in a shell"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s u -a "(__fish_complete_users)" -x -d "Run command as user"
|
|
||||||
complete -c pls -n __fish_pls_no_subcommand -s v -n __fish_no_arguments -d "Validate the credentials, extending timeout"
|
|
||||||
|
|
||||||
# Complete the command we are executed under pls
|
|
||||||
complete -c pls -x -n 'not __fish_seen_argument -s e' -a "(__fish_complete_pls_subcommand)"
|
|
47
home/fish/pls_extra.fish
Normal file
47
home/fish/pls_extra.fish
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
alias sue="pls -e"
|
||||||
|
|
||||||
|
function sudo
|
||||||
|
echo "Not polite enough."
|
||||||
|
end
|
||||||
|
|
||||||
|
bind --preset -M visual \es 'fish_commandline_prepend pls'
|
||||||
|
bind -M insert \es 'fish_commandline_prepend pls'
|
||||||
|
|
||||||
|
function __fish_man_page
|
||||||
|
# Get all commandline tokens not starting with "-", up to and including the cursor's
|
||||||
|
set -l args (string match -rv '^-|^$' -- (commandline -cpx && commandline -t))
|
||||||
|
|
||||||
|
# If commandline is empty, exit.
|
||||||
|
if not set -q args[1]
|
||||||
|
printf \a
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
# Skip leading commands and display the manpage of following command
|
||||||
|
while set -q args[2]
|
||||||
|
and string match -qr -- '^(and|begin|builtin|caffeinate|command|doas|entr|env|exec|if|mosh|nice|not|or|pipenv|prime-run|setsid|sudo|pls|systemd-nspawn|time|watch|while|xargs|.*=.*)$' $args[1]
|
||||||
|
set -e args[1]
|
||||||
|
end
|
||||||
|
|
||||||
|
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
|
||||||
|
# Try "man first-second" and fall back to "man first" if that doesn't work out.
|
||||||
|
set -l maincmd (path basename $args[1])
|
||||||
|
# HACK: If stderr is not attached to a terminal `less` (the default pager)
|
||||||
|
# wouldn't use the alternate screen.
|
||||||
|
# But since we don't know what pager it is, and because `man` is totally underspecified,
|
||||||
|
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
|
||||||
|
# See #7863.
|
||||||
|
if set -q args[2]
|
||||||
|
and not string match -q -- '*/*' $args[2]
|
||||||
|
and man "$maincmd-$args[2]" &>/dev/null
|
||||||
|
man "$maincmd-$args[2]"
|
||||||
|
else
|
||||||
|
if man "$maincmd" &>/dev/null
|
||||||
|
man "$maincmd"
|
||||||
|
else
|
||||||
|
printf \a
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
commandline -f repaint
|
||||||
|
end
|
|
@ -272,7 +272,7 @@ in
|
||||||
# override inherited files
|
# override inherited files
|
||||||
cat ${tree-sitter-go}/queries/highlights.scm ${src}/queries/templ/highlights.scm > $out/queries/highlights.scm
|
cat ${tree-sitter-go}/queries/highlights.scm ${src}/queries/templ/highlights.scm > $out/queries/highlights.scm
|
||||||
'';
|
'';
|
||||||
queries.path = "queries/templ";
|
queries.path = "queries";
|
||||||
};
|
};
|
||||||
|
|
||||||
go = {
|
go = {
|
||||||
|
@ -282,6 +282,23 @@ in
|
||||||
queries.src = tree-sitter-go;
|
queries.src = tree-sitter-go;
|
||||||
queries.path = "queries";
|
queries.path = "queries";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
hylo =
|
||||||
|
let
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "natsukagami";
|
||||||
|
repo = "tree-sitter-hylo";
|
||||||
|
rev = "494cbdff0d13cbc67348316af2efa0286dbddf6f";
|
||||||
|
hash = "sha256-R5UeoglCTl0do3VDJ/liCTeqbxU9slvmVKNRA/el2VY=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
grammar.src = src;
|
||||||
|
grammar.compile.args = [ "-c" "-fpic" "../parser.c" "-I" ".." ];
|
||||||
|
grammar.link.args = [ "-shared" "-fpic" "parser.o" ];
|
||||||
|
queries.src = src;
|
||||||
|
queries.path = "queries";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.my-kakoune.package = pkgs.kakoune;
|
programs.my-kakoune.package = pkgs.kakoune;
|
||||||
|
|
|
@ -64,6 +64,12 @@ hook global InsertChar \t %{ exec -draft -itersel h@ }
|
||||||
set global tabstop 2
|
set global tabstop 2
|
||||||
set global indentwidth 2
|
set global indentwidth 2
|
||||||
|
|
||||||
|
# Language-specific tabstop with override
|
||||||
|
hook global WinSetOption filetype=(rust) %{
|
||||||
|
set window tabstop 4
|
||||||
|
set window indentwidth 4
|
||||||
|
}
|
||||||
|
|
||||||
# Ctrl + a in insert mode = esc
|
# Ctrl + a in insert mode = esc
|
||||||
map global insert <c-a> '<esc>'
|
map global insert <c-a> '<esc>'
|
||||||
|
|
||||||
|
@ -152,9 +158,6 @@ hook global WinSetOption filetype=(rust) %{
|
||||||
hook global WinSetOption filetype=(scala) %{
|
hook global WinSetOption filetype=(scala) %{
|
||||||
# Format the document if possible
|
# Format the document if possible
|
||||||
hook -group scala-fmt window BufWritePre .* %{ lsp-formatting-sync }
|
hook -group scala-fmt window BufWritePre .* %{ lsp-formatting-sync }
|
||||||
|
|
||||||
set window tabstop 2
|
|
||||||
set window indentwidth 2
|
|
||||||
}
|
}
|
||||||
|
|
||||||
hook global WinSetOption filetype=(typst) %{
|
hook global WinSetOption filetype=(typst) %{
|
||||||
|
@ -214,7 +217,12 @@ hook global BufCreate .*[.]typ %{
|
||||||
|
|
||||||
hook global BufCreate .*[.]templ %{
|
hook global BufCreate .*[.]templ %{
|
||||||
set-option buffer filetype templ
|
set-option buffer filetype templ
|
||||||
set-option window comment_line "//"
|
set-option buffer comment_line "//"
|
||||||
|
}
|
||||||
|
|
||||||
|
hook global BufCreate .*[.]hylo %{
|
||||||
|
set-option buffer filetype hylo
|
||||||
|
set-option buffer comment_line "//"
|
||||||
}
|
}
|
||||||
|
|
||||||
hook global BufOpenFile .* %{
|
hook global BufOpenFile .* %{
|
||||||
|
|
|
@ -3,6 +3,7 @@ with lib;
|
||||||
let
|
let
|
||||||
cfg = config.linux.graphical;
|
cfg = config.linux.graphical;
|
||||||
|
|
||||||
|
thunderbird = pkgs.thunderbird-128;
|
||||||
vscode = with pkgs; if stdenv.isAarch64 then unstable.vscode else unstable.vscode-fhs;
|
vscode = with pkgs; if stdenv.isAarch64 then unstable.vscode else unstable.vscode-fhs;
|
||||||
|
|
||||||
wifi-indicator = pkgs.writeScriptBin "wifi-indicator" ''
|
wifi-indicator = pkgs.writeScriptBin "wifi-indicator" ''
|
||||||
|
@ -57,10 +58,9 @@ in
|
||||||
feh # For images?
|
feh # For images?
|
||||||
deluge # Torrent client
|
deluge # Torrent client
|
||||||
pavucontrol # PulseAudio control panel
|
pavucontrol # PulseAudio control panel
|
||||||
cinnamon.nemo # File manager
|
|
||||||
thunderbird # Email
|
thunderbird # Email
|
||||||
sublime-music # For navidrome
|
sublime-music # For navidrome
|
||||||
cinny-desktop
|
# cinny-desktop
|
||||||
gajim
|
gajim
|
||||||
vivaldi
|
vivaldi
|
||||||
# Audio
|
# Audio
|
||||||
|
@ -72,8 +72,10 @@ in
|
||||||
mpv # for anki
|
mpv # for anki
|
||||||
anki-bin
|
anki-bin
|
||||||
|
|
||||||
|
# Chat stuff
|
||||||
tdesktop
|
tdesktop
|
||||||
whatsapp-for-linux
|
whatsapp-for-linux
|
||||||
|
slack
|
||||||
|
|
||||||
librewolf
|
librewolf
|
||||||
|
|
||||||
|
@ -82,11 +84,7 @@ in
|
||||||
# sct # Display color temperature
|
# sct # Display color temperature
|
||||||
xdg-utils # Open stuff
|
xdg-utils # Open stuff
|
||||||
wifi-indicator
|
wifi-indicator
|
||||||
] ++ (if pkgs.stdenv.isAarch64 then [ ] else [
|
]);
|
||||||
gnome.cheese # Webcam check, expensive
|
|
||||||
# Chat stuff
|
|
||||||
slack
|
|
||||||
]));
|
|
||||||
|
|
||||||
nki.programs.discord.enable = pkgs.stdenv.isx86_64;
|
nki.programs.discord.enable = pkgs.stdenv.isx86_64;
|
||||||
nki.programs.discord.package = pkgs.vesktop;
|
nki.programs.discord.package = pkgs.vesktop;
|
||||||
|
|
|
@ -14,7 +14,7 @@ let
|
||||||
systemd.user.services.swaync.Unit.PartOf = lib.mkForce [ "sway-session.target" ];
|
systemd.user.services.swaync.Unit.PartOf = lib.mkForce [ "sway-session.target" ];
|
||||||
|
|
||||||
programs.my-sway.waybar = {
|
programs.my-sway.waybar = {
|
||||||
extraSettings = {
|
extraSettings = [{
|
||||||
modules-right = mkAfter [ "custom/swaync" ];
|
modules-right = mkAfter [ "custom/swaync" ];
|
||||||
modules."custom/swaync" = {
|
modules."custom/swaync" = {
|
||||||
tooltip = false;
|
tooltip = false;
|
||||||
|
@ -36,7 +36,7 @@ let
|
||||||
on-click-right = "${swaync}/bin/swaync-client -d -sw";
|
on-click-right = "${swaync}/bin/swaync-client -d -sw";
|
||||||
escape = true;
|
escape = true;
|
||||||
};
|
};
|
||||||
};
|
}];
|
||||||
extraStyle = mkAfter ''
|
extraStyle = mkAfter ''
|
||||||
#custom-swaync {
|
#custom-swaync {
|
||||||
background: #F0FFFF;
|
background: #F0FFFF;
|
||||||
|
|
|
@ -110,12 +110,12 @@ in
|
||||||
default = barWith: [ (barWith { }) ];
|
default = barWith: [ (barWith { }) ];
|
||||||
};
|
};
|
||||||
extraSettings = mkOption {
|
extraSettings = mkOption {
|
||||||
type = types.raw;
|
type = types.listOf types.raw;
|
||||||
description = "Extra settings to be included with every default bar";
|
description = "Extra settings to be included with every default bar";
|
||||||
default = { };
|
default = [ ];
|
||||||
};
|
};
|
||||||
extraStyle = mkOption {
|
extraStyle = mkOption {
|
||||||
type = types.str;
|
type = types.lines;
|
||||||
description = "Additional style for the default waybar";
|
description = "Additional style for the default waybar";
|
||||||
default = "";
|
default = "";
|
||||||
};
|
};
|
||||||
|
@ -409,7 +409,7 @@ in
|
||||||
|
|
||||||
config.programs.waybar =
|
config.programs.waybar =
|
||||||
let
|
let
|
||||||
barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: (mkMerge [{
|
barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: mkMerge ([{
|
||||||
position = "top";
|
position = "top";
|
||||||
modules-left = [
|
modules-left = [
|
||||||
"sway/workspaces"
|
"sway/workspaces"
|
||||||
|
@ -598,9 +598,9 @@ in
|
||||||
"on-click" = "${playerctl} play-pause";
|
"on-click" = "${playerctl} play-pause";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}] ++
|
||||||
cfg.waybar.extraSettings
|
cfg.waybar.extraSettings
|
||||||
extraSettings]);
|
++ [ extraSettings ]);
|
||||||
in
|
in
|
||||||
mkIf cfg.enable {
|
mkIf cfg.enable {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -4,12 +4,14 @@ let
|
||||||
name = "openconnect-epfl";
|
name = "openconnect-epfl";
|
||||||
runtimeInputs = with pkgs; [ openconnect rbw ];
|
runtimeInputs = with pkgs; [ openconnect rbw ];
|
||||||
text = ''
|
text = ''
|
||||||
GASPAR_PASSWORD=$(rbw get gaspar)
|
METHOD="Microsoft Entra ID"
|
||||||
GASPAR_TOKEN=$(rbw code gaspar)
|
RBW_ENTRY="EPFL Microsoft Auth"
|
||||||
|
GASPAR_PASSWORD=$(rbw get "$RBW_ENTRY")
|
||||||
|
GASPAR_TOKEN=$(rbw code "$RBW_ENTRY")
|
||||||
|
|
||||||
printf "%s\n%s\n" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | sudo openconnect \
|
printf "\n%s\n%s\n%s\n" "$METHOD" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | command sudo openconnect \
|
||||||
--passwd-on-stdin \
|
--passwd-on-stdin \
|
||||||
-u pham \
|
-u "pham" \
|
||||||
--useragent='AnyConnect' \
|
--useragent='AnyConnect' \
|
||||||
"https://vpn.epfl.ch"
|
"https://vpn.epfl.ch"
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -48,6 +48,21 @@
|
||||||
tap = "enabled";
|
tap = "enabled";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
programs.my-sway.waybar.extraSettings =
|
||||||
|
let
|
||||||
|
change-mode = pkgs.writeScript "change-mode" ''
|
||||||
|
#!/usr/bin/env ${lib.getExe pkgs.fish}
|
||||||
|
set -ax PATH ${lib.getBin pkgs.power-profiles-daemon} ${lib.getBin pkgs.rofi} ${lib.getBin pkgs.ripgrep}
|
||||||
|
|
||||||
|
set profiles (powerprofilesctl list | rg "^[ *] (\S+):" -r '$1')
|
||||||
|
set selected_index (math (contains -i (powerprofilesctl get) $profiles) - 1)
|
||||||
|
set new_profile (printf "%s\n" $profiles | rofi -dmenu -p "Switch to power profile" -a $selected_index)
|
||||||
|
powerprofilesctl set $new_profile
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
[{
|
||||||
|
modules."battery"."on-click" = change-mode;
|
||||||
|
}];
|
||||||
|
|
||||||
# input-remapping
|
# input-remapping
|
||||||
xdg.configFile."autostart/input-remapper-autoload.desktop".source =
|
xdg.configFile."autostart/input-remapper-autoload.desktop".source =
|
||||||
|
@ -61,16 +76,32 @@
|
||||||
# Multiple screen setup
|
# Multiple screen setup
|
||||||
services.kanshi = with config.common.monitors; {
|
services.kanshi = with config.common.monitors; {
|
||||||
enable = true;
|
enable = true;
|
||||||
profiles.undocked.outputs = [{
|
settings = [
|
||||||
|
{
|
||||||
|
profile.name = "undocked";
|
||||||
|
profile.outputs = [{ criteria = "eDP-1"; }];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
profile.name = "work-both";
|
||||||
|
profile.outputs = [
|
||||||
|
{
|
||||||
criteria = "eDP-1";
|
criteria = "eDP-1";
|
||||||
}];
|
position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}";
|
||||||
profiles.work-both.outputs = [
|
status = "enable";
|
||||||
{ criteria = "eDP-1"; position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}"; status = "enable"; }
|
}
|
||||||
{ criteria = work.name; position = "1920,0"; }
|
{ criteria = work.name; position = "1920,0"; }
|
||||||
];
|
];
|
||||||
profiles.work-one.outputs = [
|
}
|
||||||
{ criteria = "eDP-1"; status = "disable"; }
|
{
|
||||||
{ criteria = config.common.monitors.work.name; }
|
profile.name = "work-one";
|
||||||
|
profile.outputs = [
|
||||||
|
{
|
||||||
|
criteria = "eDP-1";
|
||||||
|
status = "disable";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{ output.criteria = config.common.monitors.work.name; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
43
home/osu.nix
43
home/osu.nix
|
@ -1,29 +1,28 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
osu-pkg = pkgs.unstable.osu-lazer-bin;
|
# osu-pkg = pkgs.unstable.osu-lazer-bin;
|
||||||
# osu-pkg = with pkgs; with lib;
|
osu-pkg = with pkgs; with lib;
|
||||||
# appimageTools.wrapType2 rec {
|
appimageTools.wrapType2 rec {
|
||||||
# pname = "osu-lazer-bin";
|
pname = "osu-lazer-bin";
|
||||||
# version = "2024.312.1";
|
version = "2024.906.2";
|
||||||
# src = pkgs.fetchurl {
|
src = fetchurl {
|
||||||
# url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage";
|
url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage";
|
||||||
# hash = "sha256-1dzgs1p3/pf4eCdKvQ9JxowN+oBPBNaZv5e6qHeFPEM=";
|
sha256 = "1ddnac72xk9zsi9pmxg72xd3piq6s5hgh7vzb09mh4r5mkfd22fd";
|
||||||
# };
|
};
|
||||||
|
extraPkgs = pkgs: with pkgs; [ icu ];
|
||||||
|
|
||||||
# extraPkgs = pkgs: with pkgs; [ icu ];
|
extraInstallCommands =
|
||||||
|
let contents = appimageTools.extract { inherit pname version src; };
|
||||||
# extraInstallCommands =
|
in
|
||||||
# let contents = appimageTools.extract { inherit pname version src; };
|
''
|
||||||
# in
|
mv -v $out/bin/${pname} $out/bin/osu\!
|
||||||
# ''
|
install -m 444 -D ${contents}/osu\!.desktop -t $out/share/applications
|
||||||
# mv -v $out/bin/${pname}-${version} $out/bin/osu\!
|
for i in 16 32 48 64 96 128 256 512 1024; do
|
||||||
# install -m 444 -D ${contents}/osu\!.desktop -t $out/share/applications
|
install -D ${contents}/osu\!.png $out/share/icons/hicolor/''${i}x$i/apps/osu\!.png
|
||||||
# for i in 16 32 48 64 96 128 256 512 1024; do
|
done
|
||||||
# install -D ${contents}/osu\!.png $out/share/icons/hicolor/''${i}x$i/apps/osu\!.png
|
'';
|
||||||
# done
|
};
|
||||||
# '';
|
|
||||||
# };
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
home.packages = [ osu-pkg ];
|
home.packages = [ osu-pkg ];
|
||||||
|
|
|
@ -70,7 +70,7 @@
|
||||||
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
|
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
|
||||||
|
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
services.xserver.libinput.enable = true;
|
services.libinput.enable = true;
|
||||||
# Keyboard
|
# Keyboard
|
||||||
services.input-remapper.enable = true;
|
services.input-remapper.enable = true;
|
||||||
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
|
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
|
||||||
|
|
|
@ -22,8 +22,8 @@ let
|
||||||
};
|
};
|
||||||
authentik = mkImage {
|
authentik = mkImage {
|
||||||
imageName = "ghcr.io/goauthentik/server";
|
imageName = "ghcr.io/goauthentik/server";
|
||||||
finalImageTag = "2024.4.2";
|
finalImageTag = "2024.6.3";
|
||||||
imageDigest = "sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff";
|
imageDigest = "sha256:31bbe9c91ef7f95f0ed5f051bd268465d79b20eeb127066f39af22991ccfc85d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
authentikEnv = pkgs.writeText "authentik.env" ''
|
authentikEnv = pkgs.writeText "authentik.env" ''
|
||||||
|
|
|
@ -31,6 +31,13 @@ in
|
||||||
ensureDatabases = cfg.databases;
|
ensureDatabases = cfg.databases;
|
||||||
|
|
||||||
ensureUsers = (map userFromDatabase cfg.databases);
|
ensureUsers = (map userFromDatabase cfg.databases);
|
||||||
|
|
||||||
|
dataDir = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
|
||||||
|
};
|
||||||
|
|
||||||
|
config.systemd.services.postgresql.serviceConfig = {
|
||||||
|
StateDirectory = "postgresql postgresql ${config.services.postgresql.dataDir}";
|
||||||
|
StateDirectoryMode = "0750";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Backup settings
|
# Backup settings
|
||||||
|
|
|
@ -27,6 +27,17 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
graphics = { config, ... }: {
|
||||||
|
hardware =
|
||||||
|
if config.system.nixos.release == "24.05" then {
|
||||||
|
opengl.enable = true;
|
||||||
|
opengl.driSupport32Bit = true;
|
||||||
|
} else {
|
||||||
|
graphics.enable = true;
|
||||||
|
graphics.enable32Bit = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
|
accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
|
||||||
environment.systemPackages = with pkgs.gnome; [ pkgs.glib gnome-control-center ];
|
environment.systemPackages = with pkgs.gnome; [ pkgs.glib gnome-control-center ];
|
||||||
services.accounts-daemon.enable = true;
|
services.accounts-daemon.enable = true;
|
||||||
|
@ -104,7 +115,19 @@ let
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = with modules; [ adb ios wlr logitech kwallet virtualisation accounts rt-audio ];
|
imports = with modules; [
|
||||||
|
./sops.nix
|
||||||
|
|
||||||
|
adb
|
||||||
|
ios
|
||||||
|
graphics
|
||||||
|
wlr
|
||||||
|
logitech
|
||||||
|
kwallet
|
||||||
|
virtualisation
|
||||||
|
accounts
|
||||||
|
rt-audio
|
||||||
|
];
|
||||||
|
|
||||||
options.common.linux = {
|
options.common.linux = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
|
@ -187,7 +210,6 @@ in
|
||||||
services.fwupd.enable = true;
|
services.fwupd.enable = true;
|
||||||
|
|
||||||
# Enable sound.
|
# Enable sound.
|
||||||
sound.enable = true;
|
|
||||||
services.pipewire = {
|
services.pipewire = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# alsa is optional
|
# alsa is optional
|
||||||
|
@ -251,20 +273,24 @@ in
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
|
|
||||||
## Time and Region
|
## Time and Region
|
||||||
time.timeZone = "Europe/Zurich";
|
time.timeZone = lib.mkDefault "Europe/Zurich";
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
console.keyMap = "jp106"; # Console key layout
|
console.keyMap = "jp106"; # Console key layout
|
||||||
i18n.defaultLocale = "ja_JP.UTF-8";
|
i18n.defaultLocale = "ja_JP.UTF-8";
|
||||||
# Input methods (only fcitx5 works reliably on Wayland)
|
# Input methods (only fcitx5 works reliably on Wayland)
|
||||||
i18n.inputMethod = {
|
i18n.inputMethod = {
|
||||||
enabled = "fcitx5";
|
|
||||||
fcitx5.waylandFrontend = true;
|
fcitx5.waylandFrontend = true;
|
||||||
fcitx5.addons = with pkgs; [
|
fcitx5.addons = with pkgs; [
|
||||||
fcitx5-mozc
|
fcitx5-mozc
|
||||||
fcitx5-unikey
|
fcitx5-unikey
|
||||||
fcitx5-gtk
|
fcitx5-gtk
|
||||||
];
|
];
|
||||||
};
|
} // (if config.system.nixos.release == "24.05" then {
|
||||||
|
enabled = "fcitx5";
|
||||||
|
} else {
|
||||||
|
enable = true;
|
||||||
|
type = "fcitx5";
|
||||||
|
});
|
||||||
|
|
||||||
# Default packages
|
# Default packages
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -294,8 +320,6 @@ in
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
# Gaming! (not for ARM64)
|
# Gaming! (not for ARM64)
|
||||||
programs.steam.enable = !pkgs.stdenv.isAarch64;
|
programs.steam.enable = !pkgs.stdenv.isAarch64;
|
||||||
hardware.opengl.enable = true;
|
|
||||||
hardware.opengl.driSupport32Bit = !pkgs.stdenv.isAarch64; # For 32 bit applications
|
|
||||||
|
|
||||||
## Services
|
## Services
|
||||||
# OpenSSH so you can SSH to me
|
# OpenSSH so you can SSH to me
|
||||||
|
|
18
modules/common/linux/sops.nix
Normal file
18
modules/common/linux/sops.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
with { inherit (lib) types mkOption mkEnableOption; };
|
||||||
|
let
|
||||||
|
cfg = config.common.linux.sops;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.common.linux.sops = {
|
||||||
|
enable = mkEnableOption "Enable sops configuration";
|
||||||
|
file = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "Path to the default sops file";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
sops.defaultSopsFile = cfg.file;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -34,11 +34,6 @@ in
|
||||||
default = 655;
|
default = 655;
|
||||||
description = "The port to listen on";
|
description = "The port to listen on";
|
||||||
};
|
};
|
||||||
|
|
||||||
meshIp = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
description = "The mesh ip to be assigned by hostname";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable (builtins.seq
|
config = mkIf cfg.enable (builtins.seq
|
||||||
|
@ -51,7 +46,6 @@ in
|
||||||
myMeshIp = myHost.subnetAddr;
|
myMeshIp = myHost.subnetAddr;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.my-tinc.meshIp = myMeshIp;
|
|
||||||
# Scripts that set up the tinc services
|
# Scripts that set up the tinc services
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
|
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
|
||||||
|
@ -84,6 +78,11 @@ in
|
||||||
# firewall
|
# firewall
|
||||||
networking.firewall.allowedUDPPorts = [ 655 ];
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
networking.firewall.allowedTCPPorts = [ 655 ];
|
networking.firewall.allowedTCPPorts = [ 655 ];
|
||||||
|
networking.firewall.interfaces."tinc.${networkName}" = {
|
||||||
|
allowedUDPPortRanges = [{ from = 0; to = 65535; }];
|
||||||
|
allowedTCPPortRanges = [{ from = 0; to = 65535; }];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# configure tinc service
|
# configure tinc service
|
||||||
# ----------------------
|
# ----------------------
|
||||||
|
|
|
@ -23,10 +23,13 @@ in
|
||||||
hosts;
|
hosts;
|
||||||
|
|
||||||
# Add all of them to host
|
# Add all of them to host
|
||||||
networking.extraHosts = lib.strings.concatStringsSep
|
nki.services.edns = {
|
||||||
"\n"
|
enable = true;
|
||||||
(lib.attrsets.mapAttrsToList
|
cloaking-rules =
|
||||||
(name: host: "${host.subnetAddr} ${name}.tinc")
|
(lib.attrsets.mapAttrs'
|
||||||
hosts);
|
(name: host: { name = "${name}.tinc"; value = host.subnetAddr; })
|
||||||
|
hosts)
|
||||||
|
;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,4 +22,14 @@
|
||||||
subnetAddr = "11.0.0.4";
|
subnetAddr = "11.0.0.4";
|
||||||
ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
|
ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
yoga = {
|
||||||
|
subnetAddr = "11.0.0.5";
|
||||||
|
ed25519PublicKey = "n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI";
|
||||||
|
};
|
||||||
|
|
||||||
|
framework = {
|
||||||
|
subnetAddr = "11.0.0.6";
|
||||||
|
ed25519PublicKey = "YL7NA6Ydv/3FBfSzOPvyHlGweAViPvsG3b0Zh8L0NzF";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ lib.mkIf pkgs.stdenv.isLinux {
|
||||||
name = "system-icons";
|
name = "system-icons";
|
||||||
paths = with pkgs; [
|
paths = with pkgs; [
|
||||||
#libsForQt5.breeze-qt5 # for plasma
|
#libsForQt5.breeze-qt5 # for plasma
|
||||||
gnome.gnome-themes-extra
|
(pkgs.gnome-themes-extra or gnome.gnome-themes-extra) # Until 24.11
|
||||||
];
|
];
|
||||||
pathsToLink = [ "/share/icons" ];
|
pathsToLink = [ "/share/icons" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,7 +16,7 @@ in
|
||||||
security.pam = mkIf pkgs.stdenv.isLinux {
|
security.pam = mkIf pkgs.stdenv.isLinux {
|
||||||
u2f = {
|
u2f = {
|
||||||
enable = true;
|
enable = true;
|
||||||
cue = true;
|
settings.cue = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
|
|
|
@ -8,6 +8,11 @@ in
|
||||||
options.nki.services.edns = {
|
options.nki.services.edns = {
|
||||||
enable = mkEnableOption "Enable encrypted DNS";
|
enable = mkEnableOption "Enable encrypted DNS";
|
||||||
ipv6 = mkEnableOption "Enable ipv6";
|
ipv6 = mkEnableOption "Enable ipv6";
|
||||||
|
cloaking-rules = mkOption {
|
||||||
|
type = types.attrsOf types.str;
|
||||||
|
default = { };
|
||||||
|
description = "A set of domain -> ip mapping for cloaking_rules";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -42,6 +47,11 @@ in
|
||||||
{ server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; }
|
{ server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; }
|
||||||
];
|
];
|
||||||
anonymized_dns.skip_incompatible = true;
|
anonymized_dns.skip_incompatible = true;
|
||||||
|
|
||||||
|
# Cloaking rules
|
||||||
|
cloaking_rules = pkgs.writeText "cloaking_rules.txt" (lib.strings.concatStringsSep
|
||||||
|
"\n"
|
||||||
|
(lib.attrsets.mapAttrsToList (name: ip: "${name} ${ip}") cfg.cloaking-rules));
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
66
modules/services/nix-build-farm/default.nix
Normal file
66
modules/services/nix-build-farm/default.nix
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
with { inherit (lib) mkOption types mkIf; };
|
||||||
|
let
|
||||||
|
cfg = config.services.nix-build-farm;
|
||||||
|
hosts = import ./hosts.nix;
|
||||||
|
|
||||||
|
build-user = "nix-builder";
|
||||||
|
|
||||||
|
isBuilder = host: host ? "builder";
|
||||||
|
allBuilders = lib.filterAttrs (_: isBuilder) hosts;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.services.nix-build-farm = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Whether to enable nix-build-farm as a client";
|
||||||
|
};
|
||||||
|
hostname = mkOption {
|
||||||
|
type = types.enum (builtins.attrNames hosts);
|
||||||
|
description = "The hostname as listed in ./hosts.nix file";
|
||||||
|
};
|
||||||
|
privateKeyFile = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "The path to the private SSH key file";
|
||||||
|
};
|
||||||
|
|
||||||
|
ipAddrs = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The ip addresses to limit access to";
|
||||||
|
default = "11.0.0.*";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable (
|
||||||
|
let
|
||||||
|
host = hosts.${cfg.hostname};
|
||||||
|
otherHosts = lib.filterAttrs (name: _: name != cfg.hostname) hosts;
|
||||||
|
otherBuilders = lib.filterAttrs (name: _: name != cfg.hostname) allBuilders;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
nix.distributedBuilds = true;
|
||||||
|
nix.buildMachines = lib.mapAttrsToList
|
||||||
|
(name: host: {
|
||||||
|
hostName = host.host;
|
||||||
|
sshUser = build-user;
|
||||||
|
sshKey = cfg.privateKeyFile;
|
||||||
|
} // host.builder)
|
||||||
|
otherBuilders;
|
||||||
|
|
||||||
|
users = mkIf (isBuilder host) {
|
||||||
|
users.${build-user} = {
|
||||||
|
description = "Nix build farm user";
|
||||||
|
group = build-user;
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}'') otherHosts;
|
||||||
|
};
|
||||||
|
groups.${build-user} = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.settings.trusted-users = mkIf (isBuilder host) [ build-user ];
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
37
modules/services/nix-build-farm/hosts.nix
Normal file
37
modules/services/nix-build-farm/hosts.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
cloud = {
|
||||||
|
host = "cloud.tinc";
|
||||||
|
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE87ddj0fTH0NuvJz0dT5ln7v7zbafXqDVdM2A4ddOb0 root@nki-personal-do";
|
||||||
|
};
|
||||||
|
|
||||||
|
home = {
|
||||||
|
host = "home.tinc";
|
||||||
|
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6N1uTxnbo73tyzD9X7d7OgPeoOpY7JmQaHASjSWFPI nki@kagamiPC";
|
||||||
|
|
||||||
|
builder = {
|
||||||
|
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUhiVTh2NlNBa0kyOTBCc1QzVG1IRVVJQWdXcVFyNm9jRmpjakRRczRoT2ggcm9vdEBrYWdhbWlQQwo=";
|
||||||
|
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||||
|
maxJobs = 16;
|
||||||
|
speedFactor = 2;
|
||||||
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
yoga = {
|
||||||
|
host = "yoga.tinc";
|
||||||
|
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6ZrO/xIdmwBCUx80cscBSpJBBTp55OHGrXYBGRXKAw nki@nki-yoga-g8";
|
||||||
|
};
|
||||||
|
|
||||||
|
framework = {
|
||||||
|
host = "framework.tinc";
|
||||||
|
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/g472MaT7YySUhBjxClfmMjpn98qYnKXDKlzWHYwuO nki@nki-framework";
|
||||||
|
|
||||||
|
builder = {
|
||||||
|
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdOUlBCVFRkNTVVMXY1U1Jac0FjYVdhS3JGZTY0ZjIxOVViODVTQ2NWd28gcm9vdEBua2ktZnJhbWV3b3JrCg==";
|
||||||
|
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||||
|
maxJobs = 16;
|
||||||
|
speedFactor = 3;
|
||||||
|
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
1
modules/services/nix-cache/cache-pub-key.pem
Normal file
1
modules/services/nix-cache/cache-pub-key.pem
Normal file
|
@ -0,0 +1 @@
|
||||||
|
nix.home.tinc:zG2uDy0MbLY0wLuoVH/qKzTD6hTfKZufA2cWDSTCZMA=
|
60
modules/services/nix-cache/default.nix
Normal file
60
modules/services/nix-cache/default.nix
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with { inherit (lib) mkEnableOption mkOption types mkIf; };
|
||||||
|
let
|
||||||
|
cfg = config.nki.services.nix-cache;
|
||||||
|
|
||||||
|
bindAddr = "127.0.0.1:5000";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.nki.services.nix-cache = {
|
||||||
|
enableClient = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = !cfg.enableServer;
|
||||||
|
description = "Enable nix-cache client";
|
||||||
|
};
|
||||||
|
enableServer = mkEnableOption "Enable nix-cache server";
|
||||||
|
|
||||||
|
host = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "nix.home.tinc";
|
||||||
|
};
|
||||||
|
|
||||||
|
publicKey = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = builtins.readFile ./cache-pub-key.pem;
|
||||||
|
};
|
||||||
|
|
||||||
|
privateKeyFile = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "Path to the private key .pem file";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
nix.settings = mkIf cfg.enableClient {
|
||||||
|
substituters = lib.mkAfter [ "http://${cfg.host}" ];
|
||||||
|
trusted-public-keys = [ cfg.publicKey ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.harmonia = mkIf cfg.enableServer {
|
||||||
|
enable = true;
|
||||||
|
signKeyPath = cfg.privateKeyFile;
|
||||||
|
settings = {
|
||||||
|
bind = bindAddr;
|
||||||
|
priority = 45;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = mkIf cfg.enableServer {
|
||||||
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
virtualHosts = {
|
||||||
|
# ... existing hosts config etc. ...
|
||||||
|
"${cfg.host}" = {
|
||||||
|
locations."/".proxyPass = "http://${bindAddr}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -17,10 +17,18 @@
|
||||||
./wireless.nix
|
./wireless.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Sops
|
||||||
|
common.linux.sops.enable = true;
|
||||||
|
common.linux.sops.file = ./secrets.yaml;
|
||||||
|
|
||||||
|
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
|
||||||
|
services.nix-build-farm.hostname = "framework";
|
||||||
|
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
|
||||||
|
|
||||||
# services.xserver.enable = true;
|
# services.xserver.enable = true;
|
||||||
# services.xserver.displayManager.sddm.enable = true;
|
# services.xserver.displayManager.sddm.enable = true;
|
||||||
# services.xserver.displayManager.sddm.wayland.enable = true;
|
# services.xserver.displayManager.sddm.wayland.enable = true;
|
||||||
services.xserver.desktopManager.plasma6.enable = true;
|
services.desktopManager.plasma6.enable = true;
|
||||||
|
|
||||||
# Power Management
|
# Power Management
|
||||||
services.upower = {
|
services.upower = {
|
||||||
|
@ -40,7 +48,7 @@
|
||||||
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
|
services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
|
||||||
|
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
services.xserver.libinput.enable = true;
|
services.libinput.enable = true;
|
||||||
# Keyboard
|
# Keyboard
|
||||||
services.input-remapper.enable = true;
|
services.input-remapper.enable = true;
|
||||||
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
|
services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
|
||||||
|
@ -77,6 +85,16 @@
|
||||||
security.pam.services.swaylock.fprintAuth = true;
|
security.pam.services.swaylock.fprintAuth = true;
|
||||||
security.pam.services.login.fprintAuth = true;
|
security.pam.services.login.fprintAuth = true;
|
||||||
|
|
||||||
|
# tinc network
|
||||||
|
sops.secrets."tinc-private-key" = { };
|
||||||
|
services.my-tinc = {
|
||||||
|
enable = true;
|
||||||
|
hostName = "framework";
|
||||||
|
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
|
||||||
|
bindPort = 6565;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
# Secrets
|
# Secrets
|
||||||
# sops.defaultSopsFile = ./secrets.yaml;
|
# sops.defaultSopsFile = ./secrets.yaml;
|
||||||
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
|
@ -12,10 +12,8 @@
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.kernelPackages = pkgs.linuxPackages; # until mesa fixed
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
# See https://community.frame.work/t/tracking-graphical-corruption-in-fedora-39-amd-3-03-bios/39073/143
|
|
||||||
"amdgpu.sg_display=0"
|
|
||||||
# Hibernation
|
# Hibernation
|
||||||
"resume=UUID=fa8aaf51-b99f-4fb4-9230-8c0957d8af3f"
|
"resume=UUID=fa8aaf51-b99f-4fb4-9230-8c0957d8af3f"
|
||||||
"resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile
|
"resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile
|
||||||
|
|
32
nki-framework/secrets.yaml
Normal file
32
nki-framework/secrets.yaml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str]
|
||||||
|
nix-build-farm:
|
||||||
|
private-key: ENC[AES256_GCM,data:w56sobHrhvVcKbuK15Yj20EqgFrR/5pNy/rcQjlZCiFEfgPC6ZrbsxziIdMTOX+Q4DyllKCKo+g/MIKm5S+s+nIff509ODlILhTtXlZvZlnT9+wvm5oN3WQCdkkqOr1gNnErPupfMxA6V35tNvNBCeomYuM8Xb7TuH4I1fXa5GFeT0Tnp5A2WqWoS1MzXz34CxlKXvoL6i4w7nUngt5zaGr9oMZbSa0pHxEzIhXk6h/lE864QlJid7q/mDok9gh2R80WvArGtNNj9PrT6cNKYIFuXo7vITkSkT3vo9BLflg5sgRxy4+7rBaRla0ziihQvZLtworwo6aNDvEqPqYfiX0TMYPpEWvJpp/HGDJy+Po7b0ZZkwSza+tB0J79vFH2h11Px1XSwXdq757Bn9G4OTb5oKWS5ycBU4xTnnHQBjYTSooFxYyTAvfKNEsB8AHKSuQRZgtVhWoOSPpJ6YL94ClUIT+DTaNmQjwouqNatf/nif+N/FCar8JWZDE+FX1TBu0yLmJie/f0LCdCQx+6IVdyXg7oVCoNiGg0,iv:TeSxlVc0WlOMMUtv/uq3f7JvW/kNCM7LjguhZxL51a4=,tag:m1iuk4pAX/yugM0ObzkJHQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL2Z1RzBWaTI1TDl6WDNa
|
||||||
|
NTNVdEhTSFU5enNlTGVNWTI5anBZb1BtaVhjCm1BRnJDSXl1cWdBRUs1VnREVjBU
|
||||||
|
QWZxdkgzdm9JL0k5WmhDL1RCNTltdm8KLS0tIFhvQTlKMDZiVklTRWd4TzVmc2ll
|
||||||
|
bmpjcWdBV1doZml2NjlzQzdQczJ3alEKBMRP3POxtPIqBWnrvxY/++5jtVE70Uxa
|
||||||
|
EVfhsUO76A/hzyxfzpLEy1QGFE+DB/zlU0CK7HkNGPD2TrBHbzkPJA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MUxQU0dZOGRaekF4MWdo
|
||||||
|
T0krcERtRTJndFR1RHZmL0t6MjBxMW5PSENNCkR6SUhxQ0FoaEhuaWpiUzJ0MnJE
|
||||||
|
RXRERzVhL0lRVW1iRUlac0c5OHZsckEKLS0tIC9VM1dNZTNzdkFnMWk2YUwvcDNB
|
||||||
|
TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1
|
||||||
|
rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-08-17T14:58:10Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ZCrzXDttLxYUvdLiqM5I17Ys6O3zoOVKq8xP78VaLb3AAoV4RGGQxixKVQ6K9h84e8bFymh512BR7xKa9fqebxTyL1XCqPkRaSZy0aWjbc6QCaK+JD4yqivgO/x5x2xgMpX/ZhPFzKNLpMga61bnm6plvF8ocG+wOqYvj3vL0Ss=,iv:QZ8YJD7h2QD2jqVKo4bg0rwpZSTyyNw6zZDcBfClKPo=,tag:PH2XnTqxV2irymg2+Z+Egg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
|
@ -10,8 +10,6 @@ with lib;
|
||||||
[
|
[
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
# secret management
|
|
||||||
./secrets
|
|
||||||
# Fonts
|
# Fonts
|
||||||
../modules/personal/fonts
|
../modules/personal/fonts
|
||||||
# Encrypted DNS
|
# Encrypted DNS
|
||||||
|
@ -27,10 +25,22 @@ with lib;
|
||||||
# Plasma!
|
# Plasma!
|
||||||
services.desktopManager.plasma6.enable = true;
|
services.desktopManager.plasma6.enable = true;
|
||||||
|
|
||||||
|
|
||||||
## Encryption
|
## Encryption
|
||||||
# Kernel modules needed for mounting USB VFAT devices in initrd stage
|
# Kernel modules needed for mounting USB VFAT devices in initrd stage
|
||||||
common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892";
|
common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892";
|
||||||
|
common.linux.sops.enable = true;
|
||||||
|
common.linux.sops.file = ./secrets.yaml;
|
||||||
|
|
||||||
|
# Nix cache server
|
||||||
|
sops.secrets."nix-cache/private-key" = { owner = "harmonia"; group = "harmonia"; mode = "0600"; };
|
||||||
|
nki.services.nix-cache = {
|
||||||
|
enableServer = true;
|
||||||
|
privateKeyFile = config.sops.secrets."nix-cache/private-key".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
|
||||||
|
services.nix-build-farm.hostname = "home";
|
||||||
|
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
|
||||||
|
|
||||||
# Networking
|
# Networking
|
||||||
common.linux.networking =
|
common.linux.networking =
|
||||||
|
@ -61,13 +71,11 @@ with lib;
|
||||||
PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path;
|
PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path;
|
||||||
};
|
};
|
||||||
wireguardPeers = [{
|
wireguardPeers = [{
|
||||||
wireguardPeerConfig = {
|
|
||||||
PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
|
PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
|
||||||
PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
|
PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
|
||||||
AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ];
|
AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ];
|
||||||
Endpoint = "vpn.dtth.ch:51820";
|
Endpoint = "vpn.dtth.ch:51820";
|
||||||
PersistentKeepalive = 25;
|
PersistentKeepalive = 25;
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
systemd.network.networks."dtth-wg" = {
|
systemd.network.networks."dtth-wg" = {
|
||||||
|
@ -75,8 +83,8 @@ with lib;
|
||||||
address = [ "100.73.146.80/32" "fd00::33:105b/128" ];
|
address = [ "100.73.146.80/32" "fd00::33:105b/128" ];
|
||||||
DHCP = "no";
|
DHCP = "no";
|
||||||
routes = [
|
routes = [
|
||||||
{ routeConfig = { Destination = "100.64.0.0/10"; Scope = "link"; }; }
|
{ Destination = "100.64.0.0/10"; Scope = "link"; }
|
||||||
{ routeConfig.Destination = "fd00::/106"; }
|
{ Destination = "fd00::/106"; }
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -36,10 +36,6 @@
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }];
|
[{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }];
|
||||||
|
|
||||||
# GPU options
|
|
||||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
|
||||||
hardware.opengl.enable = true;
|
|
||||||
|
|
||||||
# bluetooth usb
|
# bluetooth usb
|
||||||
hardware.firmware = [ pkgs.rtl8761b-firmware ];
|
hardware.firmware = [ pkgs.rtl8761b-firmware ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,6 +13,10 @@ dtth-wg:
|
||||||
preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str]
|
preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str]
|
||||||
peertube:
|
peertube:
|
||||||
dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str]
|
dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str]
|
||||||
|
nix-cache:
|
||||||
|
private-key: ENC[AES256_GCM,data:4sbfIQb10Y50CrZbgjN+1iXEbXTpDqMbIB/yA3WlaAqhLtb8HKib5aZX3DLoxFbVihJcztQsvBBgEAhT9iMijoksaT9qzBQ5yIn4NGCfFem1DK8DQdjhTLMCVTyMFCT7hQHu/2Sd7w==,iv:zTSxuKOtOLekOBKBvl9MScD/Bo1Hviqq/n8Saa+1Cgo=,tag:fx73fCDPY9d07V3KKMw3DA==,type:str]
|
||||||
|
nix-build-farm:
|
||||||
|
private-key: ENC[AES256_GCM,data:m5neeWCEdaZ1MRhNwTptfDIgv3ABNlYyNil3oTD81Jbe/6WxWaS5Q++CRlHCjc2hOoHsWsZixw8iGZVTA+QXgH6B9C6A4oOAhgR9m92EGTEfFw0qxQbdzs7U98Yonx/N8SApUycZZB/EU81+MrDNY4GGzCiO6s00/vZLkDTYnqRFgbo+8KTG0BQTl4q+VYP2q3l0wy+Ivz5CWPmbz42Xdin/sBnjeFHKDuof4iZZnN3i8gUJ/mMw3lbdiHd6A8DL0G5Ut46ljzMC2aMsZOATCID3mPOPgI0xIetDofPJLDqVsNqptRHo8WB+KwDidvl222f5F7JqdSqgAMOJYPscrX0odufApiJfg5bbXBygvrDfAlPSruW7GsWGoKAhw0qC4NC/j+qYCwhS0qdorCLnIy3zzMtA6HkHtE675hy7/7oLj7k9Y8MhE4PxztjXTmDazaVCtKhnA/DpaxP2mH84gfCkJFD1YF9jtPm+P3e+46FwkW+WnHaA2L+H7Evava30DLEBhh5y9Gd1A3JN4isn,iv:7KUWg7+GWgmGJkbIvsy9gtccZBb+1Y5uDWhXQFk0obk=,tag:qJdM684XPHxecLVxVb5pgw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -46,8 +50,8 @@ sops:
|
||||||
bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
|
bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
|
||||||
hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
|
hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-18T13:34:51Z"
|
lastmodified: "2024-08-16T13:59:20Z"
|
||||||
mac: ENC[AES256_GCM,data:cinVE1pHSgjCRPIDwANzR0oHw7zdN8DVDQKkhXT5j+dGiaFzNvLoYyMcEsjoxAjEdup3YMo+Vg6I4C94AUCrTn7N9BGjnGFVQz3m9q13zORi1+HWam0VItBzJm1iIo8x0PPs79OBaIHVUFAz8r4DW46P/LQISl9MQSDpCCTjVVk=,iv:2VAehWaoh2lNZM8jlmt+dqo5eeHfcr++eAdQfm/tCcM=,tag:QSnbObe3046AnFpK3Y01Eg==,type:str]
|
mac: ENC[AES256_GCM,data:ncT8fbtEb9ZcLcftXwgAKJRPPSG4TRHFMArtVgWNmIjDRcCNNT7ICa+9Dl8DAYKRJ+8pgelV9StIg2f7rvypHYlckontEP5nwSFzEApLItG3AZXewTC8VPoDYb4T8/OWKDoa5kBMvGrDr1bFP/CZz7H8No+k5TV7fVExsw0PHpg=,iv:vxbkeJtHkOAq7NcaZEIOMV3qGEqBUg/vpJYumBBfY70=,tag:T0yw2x1O5Tp0UllLpcFryg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
|
@ -1,6 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
||||||
}
|
|
|
@ -12,6 +12,9 @@
|
||||||
../modules/cloud/conduit
|
../modules/cloud/conduit
|
||||||
../modules/cloud/gotosocial
|
../modules/cloud/gotosocial
|
||||||
|
|
||||||
|
# Encrypted DNS
|
||||||
|
../modules/services/edns
|
||||||
|
|
||||||
./headscale.nix
|
./headscale.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
./miniflux.nix
|
./miniflux.nix
|
||||||
|
@ -57,18 +60,15 @@
|
||||||
|
|
||||||
services.do-agent.enable = true;
|
services.do-agent.enable = true;
|
||||||
|
|
||||||
system.autoUpgrade = {
|
|
||||||
enable = true;
|
|
||||||
allowReboot = true;
|
|
||||||
flake = "github:natsukagami/nix-home#nki-personal-do";
|
|
||||||
};
|
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
extraOptions = ''
|
extraOptions = ''
|
||||||
experimental-features = nix-command flakes
|
experimental-features = nix-command flakes
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nki.services.edns.enable = true;
|
||||||
|
nki.services.edns.ipv6 = true;
|
||||||
|
|
||||||
# Secret management
|
# Secret management
|
||||||
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
@ -81,6 +81,10 @@
|
||||||
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
|
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
|
||||||
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
|
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
|
||||||
|
|
||||||
|
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
|
||||||
|
services.nix-build-farm.hostname = "home";
|
||||||
|
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
|
||||||
|
|
||||||
# Set up traefik
|
# Set up traefik
|
||||||
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
|
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
|
||||||
sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
|
sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
|
||||||
|
|
|
@ -114,8 +114,6 @@ in
|
||||||
|
|
||||||
inherit user;
|
inherit user;
|
||||||
|
|
||||||
appName = "DTTHgit";
|
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = host;
|
DOMAIN = host;
|
||||||
|
@ -136,7 +134,7 @@ in
|
||||||
};
|
};
|
||||||
"repository.signing" = {
|
"repository.signing" = {
|
||||||
SIGNING_KEY = signingKey;
|
SIGNING_KEY = signingKey;
|
||||||
SIGNING_NAME = "DTTHGit";
|
SIGNING_NAME = "DTTHgit";
|
||||||
SIGNING_EMAIL = "dtth-gitea@nkagami.me";
|
SIGNING_EMAIL = "dtth-gitea@nkagami.me";
|
||||||
};
|
};
|
||||||
ui.THEMES = default-themes + "," + themes;
|
ui.THEMES = default-themes + "," + themes;
|
||||||
|
@ -177,7 +175,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
federation.ENABLED = true;
|
federation.ENABLED = true;
|
||||||
|
DEFAULT.APP_NAME = "DTTHGit";
|
||||||
};
|
};
|
||||||
|
|
||||||
stateDir = "/mnt/data/gitea";
|
stateDir = "/mnt/data/gitea";
|
||||||
|
|
|
@ -40,6 +40,8 @@ invidious: ENC[AES256_GCM,data:pCRlBaHRJyOHj2t04V6DkGVAPuAc8hz+Sn24nQ3IvcXNIdaYi
|
||||||
invidious-rotator-env: ENC[AES256_GCM,data:Q5c/sga+Nn0C7bKkTphob3tWNvKE1Zz0CIbXIayc73cfEsUgOIZdrm8BlAW7,iv:f0ccZsjNJ9UQCcfN/lZQdtxSg9ADFuykb8qw07c1xFI=,tag:4mUzgOHOE16FPhSTlbx+Rw==,type:str]
|
invidious-rotator-env: ENC[AES256_GCM,data:Q5c/sga+Nn0C7bKkTphob3tWNvKE1Zz0CIbXIayc73cfEsUgOIZdrm8BlAW7,iv:f0ccZsjNJ9UQCcfN/lZQdtxSg9ADFuykb8qw07c1xFI=,tag:4mUzgOHOE16FPhSTlbx+Rw==,type:str]
|
||||||
peertube: ENC[AES256_GCM,data:YWySVZVTC26qPMcgSV5v4Vp1u69jGt7VV2ElQBSxvG/R589PCJRDgBqjjLBLMrrnP/wo6o6xNoyLCSfzMQYoFnM=,iv:97gNEJ84u4Mt5GTlVV29MNHUHQRkaMK47ULNUx+HTUE=,tag:LGVWeaTaSQ3GgaIpav66EA==,type:str]
|
peertube: ENC[AES256_GCM,data:YWySVZVTC26qPMcgSV5v4Vp1u69jGt7VV2ElQBSxvG/R589PCJRDgBqjjLBLMrrnP/wo6o6xNoyLCSfzMQYoFnM=,iv:97gNEJ84u4Mt5GTlVV29MNHUHQRkaMK47ULNUx+HTUE=,tag:LGVWeaTaSQ3GgaIpav66EA==,type:str]
|
||||||
peertube-env: ENC[AES256_GCM,data:ZrWBwSfMuepIYTzHVCCSnpsXb+MTcOfklI0O/UdcGaR3RzO1R+/wXQcFlV46g9dvKLMOaH7bxrHeWxqPh/7hlPEYFYwlbwcX31MGiSeRyeR5YtVi0CmhiGRA3l8X5NMCpvZmNhnjYNuri/My86SMkjhuaFQ5+BjYISoJ5WnbNSqE9qgQKuJVu64hsOgaQQbmaBL/LU7Pv/vushbNg421kdbRnzCPcc3IzkVzsFsgYH2fdEJa3gE8M63eLn99PbA+e5cWEwGNkuoNuro2tnaMaX1PM6iTF+q0A8HbiEioNMRIdD9czatgF7EwKgCFNu44cm2lp/c5qj+Lm/nC,iv:+MjpreGr9M+Oe5DrDe5SIBKtLuIqtb0a50YvGhDZT2Y=,tag:gYGlMcgWwa1ZpbQb4XfMmQ==,type:str]
|
peertube-env: ENC[AES256_GCM,data:ZrWBwSfMuepIYTzHVCCSnpsXb+MTcOfklI0O/UdcGaR3RzO1R+/wXQcFlV46g9dvKLMOaH7bxrHeWxqPh/7hlPEYFYwlbwcX31MGiSeRyeR5YtVi0CmhiGRA3l8X5NMCpvZmNhnjYNuri/My86SMkjhuaFQ5+BjYISoJ5WnbNSqE9qgQKuJVu64hsOgaQQbmaBL/LU7Pv/vushbNg421kdbRnzCPcc3IzkVzsFsgYH2fdEJa3gE8M63eLn99PbA+e5cWEwGNkuoNuro2tnaMaX1PM6iTF+q0A8HbiEioNMRIdD9czatgF7EwKgCFNu44cm2lp/c5qj+Lm/nC,iv:+MjpreGr9M+Oe5DrDe5SIBKtLuIqtb0a50YvGhDZT2Y=,tag:gYGlMcgWwa1ZpbQb4XfMmQ==,type:str]
|
||||||
|
nix-build-farm:
|
||||||
|
private-key: ENC[AES256_GCM,data:bYQ5TAHgJ8rZmmnp0ZW9pM3p6e2ewAqz9+clp2lDnvPsU/YHr/POSW+UESvulT0UDI8t5th71py2G4BG3z9PdPaWw2iSm6hW3VITYCGYvLbF2yK6anSkww0ilpjwm5NXKJLTiPehkAqsZlZsAxeYw5bF0+7JjeH9+49jLOXtGD0uFSf5M3wVZcObzSYsdGaNKGYkokBYeZii1tdwZvAuUKKZ1eOvDAz5v6hjqZA7brDWr5IZXNCqRZOdyGQ5g3UP4o5XFnl57d1RAmKPK9WaTCjbi0hMfms4zldqGeXTRDAhvqMH2w/BY7KvgIOr+aQelTvQbOciq+DaZbzNgdI5gqrSUA19EEL04Qu/gjoVGwMhZ7Lq9+yS2Lb+xdhmn/99sbcRjaRqqjgzHRvbyirPT9EuEAdrijyuZzY9kASv8LN/Q8cawRZNk2vf0M8Qzg0F7iw2kcDrf+dwdcyrrAbg2XDlGsFBckBcPKA44PkOPtFLHZRU9pSpd15rL1JIes6m2YX7AmJFP2+FA5WjXQoqF+CRhBVUWXaXAmcq,iv:7Uqnu2xEcHotczRzIcDfq9bM7wNXdz0Fg2HNpxlV1/Q=,tag:w5aLsT9LN92+83rdP2YJTg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -73,8 +75,8 @@ sops:
|
||||||
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
|
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
|
||||||
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
|
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-11T20:55:31Z"
|
lastmodified: "2024-08-17T15:08:31Z"
|
||||||
mac: ENC[AES256_GCM,data:IdpNGX3E2TwGnmHhc7HXPjBEaYC7jO1dnEHQGoVra+scnKO66nt6uD2wK91G2wvdp2ekkR4qnF9/NYbpOt2vbzyaZG0xMHTr1w1Y5oqxzbTUned9sWjpsL2lCHpg4FQ+dImim05N76Qcna7gC5Y9wyh78/eB177SJ5mTEnyZhwE=,iv:3kjluCoHIMEQOTuDJbQZJWl3BLWzp/UqcC8jmlkVyDE=,tag:nmqkhmqXKB5/LKX7RpQB6g==,type:str]
|
mac: ENC[AES256_GCM,data:ejelcIHDYd7zbIJVw62fj4EcgR8ln/jm32QlaE7shYHwt9nJEsV0aWy9rqEjAm8Z0z3ruT4hR9M7aFkNICR9W20r54V0aRfJsp0txe9LeisAE4gXmVo3/+6pBGOUQNtFO+WaLqDwAGNvfr7IlQFXJyrkuOGe+HGVkhlx+UHxRDI=,iv:pI2xAfhajEWt4RjL2Cu3QPX8bgJn1/ew8ldz8E5Jej8=,tag:KJoia8X/FpaSbuXSDOjQAQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.9.0
|
||||||
|
|
|
@ -36,6 +36,4 @@
|
||||||
[{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }];
|
[{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }];
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
hardware.opengl.enable = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,24 @@
|
||||||
../modules/services/edns
|
../modules/services/edns
|
||||||
];
|
];
|
||||||
|
|
||||||
services.xserver.desktopManager.plasma6.enable = true;
|
# Secrets
|
||||||
|
common.linux.sops.enable = true;
|
||||||
|
common.linux.sops.file = ./secrets.yaml;
|
||||||
|
|
||||||
|
# Build farm
|
||||||
|
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
|
||||||
|
services.nix-build-farm.hostname = "yoga";
|
||||||
|
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
|
||||||
|
|
||||||
|
## tinc
|
||||||
|
sops.secrets."tinc-private-key" = { };
|
||||||
|
services.my-tinc = {
|
||||||
|
enable = true;
|
||||||
|
hostName = "yoga";
|
||||||
|
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.desktopManager.plasma6.enable = true;
|
||||||
|
|
||||||
# Power Management
|
# Power Management
|
||||||
services.upower = {
|
services.upower = {
|
||||||
|
|
32
nki-yoga-g8/secrets.yaml
Normal file
32
nki-yoga-g8/secrets.yaml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
|
||||||
|
nix-build-farm:
|
||||||
|
private-key: ENC[AES256_GCM,data:etqFl2T2atN2djxqktFRtrTGqsC61A+ZUd2yS0PLm5KPO2s2/k6XqQGac9rUWP86C1YGpTJhUMzYuOPGW4yNc0YmoeHVslxBR7nX8pubXabZNdB2YMm/yAgsdeeflo4slbxJ6+00eH0iCrtWcHtWbZafHnxojborZABOvCsODdx/ahJ4J9aHqf22cAqe9iJY3L0TgE+iazKS8OO+C/PTaQiV02NZjP8GajRMXzPVoYT7wz3u0t0q0m/t8FkhMIDl9QKL+kFUDeLEGoCBzR57JXLZiW1gJsRxbkP8hVIB3s4TQnhasxqQQlCJuqBSNFl/cGdBm/ADm/yi78VHQG7rUxUrFVDL4Aoidjp6GyoojLIEpdQjtlvC7RCLNpTibV6B71EB3obpjMmmIwfoDLT4jEWhXNx3b8DnMoa0Qh4ba+HBJf+XKA93B0qOJWwJzj4qH9uqBK3xPOGTkqQMmd9M1HYrStTcI/JUX0WvEMwk8xI8MZN/TsLij4w5i6NCwSqa8Dn2lyLK0BGp5C8RT8R4k6U2ieyY6lmxsGIe,iv:703rM/FQz65upd1JWTHNsjAXh2BeoknkALShKuHUsis=,tag:yAB6KJqpm1mOFT5GzKRPBw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseVN3ODV1YkZnNms0Y09l
|
||||||
|
dUFBK1EyOTEydWg5KzAwcjZVSG8yYlRDWlhRCklLS2ZJNlBvSlEyOGF2ZFg2UGVW
|
||||||
|
UC9LN0hxdmtGN3JlOWJaTU5hbGwvc2MKLS0tIGM1NGZxd1NoTXNacEJqMVlsbTdi
|
||||||
|
MytuNUNydmJYWFYyQk9DaHVuVk85cjAKScucMPO8pyMlSxFw09NqzqVmDYVEh5xT
|
||||||
|
4fSTAsMwIiuOyV7jvHYORxKWNMLr5t6fnj8+OFq5qUc//jNWf9pVuA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNXp6MWZGb2dGdW1ML2xq
|
||||||
|
ZWMvSVdWalQ5Z2NzTWd3Z1AweXlXZnRwUWtRCkY1VFhPS0NtbFZKU0VCMlAvSmhG
|
||||||
|
N2NmdWxTUEpMb05Ld3p6MzhhRkdBc3cKLS0tIGQ0TmFxdk1GV205azRzZ0hUWitj
|
||||||
|
eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
|
||||||
|
VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-08-16T14:17:07Z"
|
||||||
|
mac: ENC[AES256_GCM,data:qrMyVDLhtK4URqrHFBx+08PMrFyfib4iH0y7iAeVB/oFGazjm3O5MeS9fNYJeONghuelux69nh2FRfSJHG/moEBcWlL68R4xbCb4he528P+n7mQnR54BNFJdT2oOra4bqO9n/4m2UA8jmA0veoqSrZUVjnmjftqOedjnRESY1L8=,iv:jql79ItwPcJg/nnbsUywOzWz/UJy0ZpY04pvEF290c4=,tag:XKrToym2dXdippnivoK1/Q==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
57
overlay.nix
57
overlay.nix
|
@ -1,6 +1,7 @@
|
||||||
{ nixpkgs, nixpkgs-unstable, nur, ... }@inputs:
|
{ nixpkgs, nixpkgs-unstable, ... }@inputs:
|
||||||
let
|
let
|
||||||
overlay-unstable = final: prev: {
|
overlay-unstable = final: prev: {
|
||||||
|
stable = import nixpkgs { config.allowUnfree = true; system = prev.system; };
|
||||||
unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; };
|
unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; };
|
||||||
x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; };
|
x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; };
|
||||||
};
|
};
|
||||||
|
@ -86,6 +87,13 @@ let
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/issues/334822
|
||||||
|
vulkan-validation-layers = prev.vulkan-validation-layers.overrideAttrs (attrs: {
|
||||||
|
buildInputs = attrs.buildInputs ++ [
|
||||||
|
final.spirv-tools
|
||||||
|
];
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
overlay-libs = final: prev: {
|
overlay-libs = final: prev: {
|
||||||
|
@ -108,39 +116,24 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
overlay-aarch64-linux = final: prev:
|
overlay-rust-is-dumb = final: prev: {
|
||||||
let
|
# Use stable delta compiled with old Rust version
|
||||||
optionalOverride = pkg: alt:
|
delta = final.stable.delta;
|
||||||
if prev.stdenv.isLinux && prev.stdenv.isAarch64 then alt else pkg;
|
deepfilternet = final.stable.deepfilternet;
|
||||||
in
|
harmonia = final.callPackage
|
||||||
{
|
(import
|
||||||
# See https://github.com/sharkdp/fd/issues/1085
|
(builtins.fetchurl {
|
||||||
fd = optionalOverride prev.fd (prev.fd.overrideAttrs (attrs: {
|
url = "https://raw.githubusercontent.com/Mic92/nixpkgs/63f91202f5cd071187ede5e5ffc56003cb442876/pkgs/by-name/ha/harmonia/package.nix";
|
||||||
preBuild = ''
|
sha256 = "1mz211c0bxn116ix0j5xx4wlglpbkfg7d3npw1z8hg9gc0vbj2xb";
|
||||||
export JEMALLOC_SYS_WITH_LG_PAGE=16
|
}))
|
||||||
'';
|
{ };
|
||||||
}));
|
|
||||||
# See https://www.reddit.com/r/AsahiLinux/comments/zqejue/kitty_not_working_with_mesaasahiedge/
|
|
||||||
kitty = optionalOverride prev.kitty (final.writeShellApplication {
|
|
||||||
name = "kitty";
|
|
||||||
runtimeInputs = [ ];
|
|
||||||
text = ''
|
|
||||||
MESA_GL_VERSION_OVERRIDE=3.3 MESA_GLSL_VERSION_OVERRIDE=330 ${prev.kitty}/bin/kitty "$@"
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
# Zotero does not have their own aarch64-linux build
|
|
||||||
zotero = optionalOverride prev.zotero (final.callPackage ./packages/aarch64-linux/zotero.nix { });
|
|
||||||
# Typora for aarch64-linux only
|
|
||||||
typora = optionalOverride
|
|
||||||
(builtins.abort "no support for non-aarch64-linux")
|
|
||||||
(final.callPackage ./packages/aarch64-linux/typora.nix { });
|
|
||||||
};
|
};
|
||||||
|
|
||||||
overlay-asahi = inputs.nixos-m1.overlays.default;
|
|
||||||
in
|
in
|
||||||
[
|
[
|
||||||
inputs.swayfx.overlays.default
|
# inputs.swayfx.inputs.scenefx.overlays.override
|
||||||
|
# inputs.swayfx.overlays.override
|
||||||
inputs.mpd-mpris.overlays.default
|
inputs.mpd-mpris.overlays.default
|
||||||
|
inputs.rust-overlay.overlays.default
|
||||||
inputs.youmubot.overlays.default
|
inputs.youmubot.overlays.default
|
||||||
|
|
||||||
(import ./overlays/openrazer)
|
(import ./overlays/openrazer)
|
||||||
|
@ -150,9 +143,7 @@ in
|
||||||
overlay-imported
|
overlay-imported
|
||||||
overlay-versioning
|
overlay-versioning
|
||||||
overlay-libs
|
overlay-libs
|
||||||
overlay-asahi
|
overlay-rust-is-dumb
|
||||||
overlay-aarch64-linux
|
|
||||||
nur.overlay
|
|
||||||
|
|
||||||
(import ./packages/common)
|
(import ./packages/common)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue