Compare commits

..

No commits in common. "master" and "24.05" have entirely different histories.

56 changed files with 848 additions and 1217 deletions

View file

@ -4,8 +4,6 @@ keys:
- &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm - &nki_pc age1tt0peqg8zdfh74m5sdgwsczcqh036nhgmwvkqnvywll88uvmm9xs433rhm
- &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5 - &nkagami_main age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
- &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36 - &nkagami_do age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
- &nki_yoga age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
- &nki_framework age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
creation_rules: creation_rules:
- path_regex: kagami-air-m1/secrets\.yaml$ - path_regex: kagami-air-m1/secrets\.yaml$
key_groups: key_groups:
@ -18,20 +16,9 @@ creation_rules:
- *nki_pc - *nki_pc
- *nkagami_main - *nkagami_main
- *nkagami_do - *nkagami_do
- *nki_framework - path_regex: nki-home/secrets/secrets\.yaml$
- path_regex: nki-home/secrets\.yaml$
key_groups: key_groups:
- age: - age:
- *nki_pc - *nki_pc
- *nkagami_main - *nkagami_main
- *nkagami_do - *nkagami_do
- path_regex: nki-yoga-g8/secrets\.yaml$
key_groups:
- age:
- *nki_yoga
- age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv # The machine itself
- path_regex: nki-framework/secrets\.yaml$
key_groups:
- age:
- *nki_framework
- age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27 # The machine itself

View file

@ -13,8 +13,6 @@ in
with lib; { with lib; {
imports = [ imports = [
# defaultShell # defaultShell
./modules/services/nix-cache
./modules/services/nix-build-farm
]; ];
## Packages ## Packages

View file

@ -55,16 +55,16 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1728224242, "lastModified": 1718214198,
"narHash": "sha256-mQLfRAun2G/LDnw3jyFGJbOqpxh2PL8IGzFELRfAgAI=", "narHash": "sha256-/qKPeE2Ptweaf+rHOvdW0TUDLwN9D93MMgDoU4fTzEA=",
"owner": "famedly", "owner": "famedly",
"repo": "conduit", "repo": "conduit",
"rev": "f8d7ef04e664580e882bac852877b68e7bd3ab1e", "rev": "7a5b8930134cf7ea5ff9880e6fa468b2b3e05c98",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "famedly", "owner": "famedly",
"ref": "v0.9.0", "ref": "v0.8.0",
"repo": "conduit", "repo": "conduit",
"type": "gitlab" "type": "gitlab"
} }
@ -115,14 +115,17 @@
}, },
"crane_3": { "crane_3": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5" "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1724006180, "lastModified": 1697334144,
"narHash": "sha256-PVxPj0Ga2fMYMtcT9ARCthF+4U71YkOT7ZjgD/vf1Aw=", "narHash": "sha256-gcOxnHEgBcn8mGXgNkTvZ1BLAANZZj+IZzb9QnQt7bc=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "7ce92819802bc583b7e82ebc08013a530f22209f", "rev": "4dcf584de14beff8dd0c030ac54e185fd3b72023",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -172,11 +175,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724377159, "lastModified": 1718730147,
"narHash": "sha256-ixjje1JO8ucKT41hs6n2NCde1Vc0+Zc2p2gUbJpCsMw=", "narHash": "sha256-QmD6B6FYpuoCqu6ZuPJH896ItNquDkn0ulQlOn4ykN8=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "3e47b7a86c19142bd3675da49d6acef488b4dac1", "rev": "32c21c29b034d0a93fdb2379d6fabc40fc3d0e6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -208,7 +211,7 @@
}, },
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
"utils": "utils" "utils": "utils"
}, },
@ -228,22 +231,21 @@
}, },
"dtth-phanpy": { "dtth-phanpy": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1728598146, "lastModified": 1719154855,
"narHash": "sha256-8zAvVSR3chBSJ7YKW+MYC1mrDxtZDFBPVobfO4KPXzg=", "narHash": "sha256-uLV3PAVG+eZVnfVkRmHABGi7vRW/q8qvDafw3VzmFgk=",
"ref": "dtth-fork", "ref": "refs/heads/dtth-fork",
"rev": "fc6bd96aef92d7796d9c7663ac23e3fa837f8ddb", "rev": "97978f4a6556e69b826e15f7d2c3c4079a1c1c47",
"revCount": 3218, "revCount": 2662,
"type": "git", "type": "git",
"url": "ssh://gitea@git.dtth.ch/nki/phanpy" "url": "ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork"
}, },
"original": { "original": {
"ref": "dtth-fork",
"type": "git", "type": "git",
"url": "ssh://gitea@git.dtth.ch/nki/phanpy" "url": "ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork"
} }
}, },
"fenix": { "fenix": {
@ -301,6 +303,22 @@
} }
}, },
"flake-compat_3": { "flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696267196,
"narHash": "sha256-AAQ/2sD+0D18bb8hKuEEVpHUYD1GmO2Uh/taFamn6XQ=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "4f910c9827911b1ec2bf26b5a062cd09f8d89f85",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -316,7 +334,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -332,7 +350,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_6": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -434,11 +452,11 @@
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1722555600, "lastModified": 1706830856,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -462,6 +480,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_10": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -482,25 +518,7 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -516,16 +534,34 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1694529238,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -539,11 +575,11 @@
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1681202837,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -571,21 +607,6 @@
} }
}, },
"flake-utils_8": { "flake-utils_8": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"inputs": { "inputs": {
"systems": "systems_8" "systems": "systems_8"
}, },
@ -603,6 +624,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_9": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@ -742,11 +778,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728337164, "lastModified": 1719037157,
"narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", "narHash": "sha256-aOKd8+mhBsLQChCu1mn/W5ww79ta5cXVE59aJFrifM8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "038630363e7de57c36c417fd2f5d7c14773403e4", "rev": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -758,11 +794,11 @@
"kak-lsp": { "kak-lsp": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1723206901, "lastModified": 1719761259,
"narHash": "sha256-wPCu/VxAMIB+zI0+eDq7lJ/rHJZfe0whYzdoiwrixCc=", "narHash": "sha256-2cnjweEU/NgQffF2gav9b6EIXmV9TcSd7214FzW7ekY=",
"owner": "kakoune-lsp", "owner": "kakoune-lsp",
"repo": "kakoune-lsp", "repo": "kakoune-lsp",
"rev": "ebd370f43cb6e7af634e5f8cadb99cc8c16e1efe", "rev": "484b19c2e373988ee5ab9afc54ecd6383b8da9bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -790,14 +826,14 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_4", "crane": "crane_4",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_6",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1682802423, "lastModified": 1682802423,
@ -817,20 +853,20 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1729298361, "lastModified": 1720626042,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", "narHash": "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "rev": "2a4376be20d70feaa2b0e640c5041fb66ddc67ed",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2a4376be20d70feaa2b0e640c5041fb66ddc67ed.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_7",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -838,20 +874,20 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729360442, "lastModified": 1720641669,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", "narHash": "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6", "rev": "5c48c833c15bb80d127a398a8c2484d42fdd8257",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/5c48c833c15bb80d127a398a8c2484d42fdd8257.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz"
} }
}, },
"mpd-mpris": { "mpd-mpris": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_8",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -888,15 +924,14 @@
"nix-gaming": { "nix-gaming": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_8"
"umu": "umu"
}, },
"locked": { "locked": {
"lastModified": 1723945279, "lastModified": 1716686274,
"narHash": "sha256-3W+/u3v/e0dTOxht6wW6pL+kr44e8Amb8A1Z3Bx8BUE=", "narHash": "sha256-4JiRUWtoEMrfq38jG4O+NP6rcQIhKxEclnSkHvywnf0=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "bcf8116981cc332c2734d4c82a034f115780853d", "rev": "83a47c12d3493f7eb876250d0298d1566a965ce4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -922,11 +957,11 @@
}, },
"nixos-m1": { "nixos-m1": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1700436815, "lastModified": 1700436815,
@ -978,14 +1013,20 @@
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": { "locked": {
"lastModified": 1722555339, "dir": "lib",
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", "lastModified": 1706550542,
"type": "tarball", "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" "owner": "NixOS",
"repo": "nixpkgs",
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "dir": "lib",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
@ -1022,11 +1063,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1730272153, "lastModified": 1720750130,
"narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=", "narHash": "sha256-y2wc7CdK0vVSIbx7MdVoZzuMcUoLvZXm+pQf2RIr1OU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53", "rev": "6794d064edc69918bb0fc0e0eda33ece324be17a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1038,11 +1079,27 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1724224976, "lastModified": 1713128889,
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "narHash": "sha256-aB90ZqzosyRDpBh+rILIcyP5lao8SKz8Sr2PSWvZrzk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "rev": "2748d22b45a99fb2deafa5f11c7531c212b2cefa",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1718530797,
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1102,11 +1159,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1722640603, "lastModified": 1696261572,
"narHash": "sha256-TcXjLVNd3VeH1qKPH335Tc4RbFDbZQX+d7rqnDUoRaY=", "narHash": "sha256-s8TtSYJ1LBpuITXjbPLUPyxzAKw35LhETcajJjCS5f0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "81610abc161d4021b29199aa464d6a1a521e0cc9", "rev": "0c7ffbc66e6d78c50c38e717ec91a2a14e0622fb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1134,11 +1191,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1728492678, "lastModified": 1719075281,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
"owner": "nixOS", "owner": "nixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1150,11 +1207,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1723856861, "lastModified": 1708751719,
"narHash": "sha256-OTDg91+Zzs2SpU3csK4xVdSQFoG8cK1lNUwKmTqERyE=", "narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cd7b95ee3725af7113bacbce91dd6549cee58ca5", "rev": "f63ce824cd2f036216eb5f637dfef31e1a03ee89",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1166,11 +1223,11 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1730137625, "lastModified": 1720954236,
"narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1180,6 +1237,21 @@
"type": "github" "type": "github"
} }
}, },
"nur": {
"locked": {
"lastModified": 1697363080,
"narHash": "sha256-/49Rh5mohp0ZD6HaNbDn9oIsLt+d7Tzbc/BGkb/7o+g=",
"owner": "nix-community",
"repo": "NUR",
"rev": "5771ba6f22db037b037a8bdd82acc5467c965c7e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -1219,7 +1291,7 @@
"darwin": "darwin", "darwin": "darwin",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"dtth-phanpy": "dtth-phanpy", "dtth-phanpy": "dtth-phanpy",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_5",
"home-manager": "home-manager", "home-manager": "home-manager",
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"kak-lsp": "kak-lsp", "kak-lsp": "kak-lsp",
@ -1232,9 +1304,10 @@
"nixos-m1": "nixos-m1", "nixos-m1": "nixos-m1",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_9",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"rust-overlay": "rust-overlay_3", "nur": "nur",
"secrets": "secrets", "secrets": "secrets",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"swayfx": "swayfx",
"youmubot": "youmubot" "youmubot": "youmubot"
} }
}, },
@ -1256,6 +1329,31 @@
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": {
"flake-utils": [
"crane",
"flake-utils"
],
"nixpkgs": [
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1696299134,
"narHash": "sha256-RS77cAa0N+Sfj5EmKbm5IdncNXaBCE1BSSQvUE8exvo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "611ccdceed92b4d94ae75328148d84ee4a5b462d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
"lanzaboote", "lanzaboote",
@ -1280,7 +1378,7 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_2": { "rust-overlay_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1686795910, "lastModified": 1686795910,
@ -1296,50 +1394,27 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_3": { "scenefx": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": "nixpkgs_10"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1724466314, "lastModified": 1715160751,
"narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=", "narHash": "sha256-S8m7phTU7QYgAq4B0hjH5WdtTjHDcNVhYfPFdhbty+A=",
"owner": "oxalica", "owner": "wlrfx",
"repo": "rust-overlay", "repo": "scenefx",
"rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca", "rev": "2ec3505248e819191c37cb831197629f373326fb",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "oxalica", "owner": "wlrfx",
"repo": "rust-overlay", "repo": "scenefx",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": {
"nixpkgs": [
"youmubot",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724466314,
"narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github" "type": "github"
} }
}, },
"secrets": { "secrets": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_8" "flake-utils": "flake-utils_9"
}, },
"locked": { "locked": {
"lastModified": 1693981285, "lastModified": 1693981285,
@ -1378,6 +1453,27 @@
"type": "github" "type": "github"
} }
}, },
"swayfx": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"scenefx": "scenefx"
},
"locked": {
"lastModified": 1715273144,
"narHash": "sha256-x8z/sjtJPojvaXiOUDvADiSU/QmSo8cqKQ1X4g+5dw4=",
"owner": "WillPower3309",
"repo": "swayfx",
"rev": "3c621dec7d653231f960d377fcb3ceeed55953e2",
"type": "github"
},
"original": {
"owner": "WillPower3309",
"repo": "swayfx",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -1498,34 +1594,24 @@
"type": "github" "type": "github"
} }
}, },
"umu": { "systems_9": {
"inputs": {
"nixpkgs": [
"nix-gaming",
"nixpkgs"
]
},
"locked": { "locked": {
"dir": "packaging/nix", "lastModified": 1681028828,
"lastModified": 1723697867, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"narHash": "sha256-LTfbJXR8x35oZ8Mo3R0WTVEp9toWpVfzD21xCSr64IM=", "owner": "nix-systems",
"ref": "refs/heads/main", "repo": "default",
"rev": "c71a45ad53036f4c668bcbe1be7a49f9d3460151", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"revCount": 699, "type": "github"
"submodules": true,
"type": "git",
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
}, },
"original": { "original": {
"dir": "packaging/nix", "owner": "nix-systems",
"submodules": true, "repo": "default",
"type": "git", "type": "github"
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
} }
}, },
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
@ -1544,16 +1630,15 @@
"youmubot": { "youmubot": {
"inputs": { "inputs": {
"crane": "crane_5", "crane": "crane_5",
"flake-utils": "flake-utils_9", "flake-utils": "flake-utils_10",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_11"
"rust-overlay": "rust-overlay_4"
}, },
"locked": { "locked": {
"lastModified": 1730740980, "lastModified": 1720930588,
"narHash": "sha256-Z/RLbhlBxdNPZt/DeROPBV7bLQgpmamjcB0rdQrQoNw=", "narHash": "sha256-Ue3ZRLUU/VoN0SUOCcAwR5LZJac9UgaSA9To//rP7fU=",
"owner": "natsukagami", "owner": "natsukagami",
"repo": "youmubot", "repo": "youmubot",
"rev": "803d718c7ad34d3780ae6c2911ca0682b2417cc4", "rev": "dc02b4b7e280a8d5f129b5f43636407a2e4b96ea",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -15,6 +15,7 @@
sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable"; sops-nix.inputs.nixpkgs.follows = "nixpkgs-unstable";
sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs"; sops-nix.inputs.nixpkgs-stable.follows = "nixpkgs";
deploy-rs.url = "github:Serokell/deploy-rs"; deploy-rs.url = "github:Serokell/deploy-rs";
nur.url = "github:nix-community/NUR";
# --- Secure boot # --- Secure boot
lanzaboote = { lanzaboote = {
@ -25,29 +26,25 @@
# --- Build tools # --- Build tools
flake-utils.url = github:numtide/flake-utils; flake-utils.url = github:numtide/flake-utils;
crane.url = github:ipetkov/crane; crane.url = github:ipetkov/crane;
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
arion.url = github:hercules-ci/arion; arion.url = github:hercules-ci/arion;
lix-module = { lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# --- # ---
# Imported apps # Imported apps
youmubot.url = "github:natsukagami/youmubot"; youmubot.url = "github:natsukagami/youmubot";
# swayfx = { swayfx = {
# url = github:WillPower3309/swayfx; url = github:WillPower3309/swayfx;
# inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# }; };
mpd-mpris = { mpd-mpris = {
url = github:natsukagami/mpd-mpris; url = github:natsukagami/mpd-mpris;
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?ref=dtth-fork"; dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?branch=dtth-fork";
conduit.url = "gitlab:famedly/conduit/v0.9.0"; conduit.url = "gitlab:famedly/conduit/v0.8.0";
nix-gaming.url = github:fufexan/nix-gaming; nix-gaming.url = github:fufexan/nix-gaming;
# --- Sources # --- Sources
@ -63,7 +60,7 @@
secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets"; secrets.url = "git+ssh://git@github.com/natsukagami/nix-deploy-secrets";
}; };
outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, ... }@inputs: outputs = { self, darwin, nixpkgs, nixpkgs-unstable, home-manager, deploy-rs, sops-nix, nur, ... }@inputs:
let let
overlays = import ./overlay.nix inputs; overlays = import ./overlay.nix inputs;
lib = nixpkgs.lib; lib = nixpkgs.lib;
@ -88,20 +85,6 @@
trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ]; trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ];
}; };
environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ]; environment.systemPackages = [ inputs.nix-gaming.packages.${pkgs.hostPlatform.system}.osu-stable ];
programs.gamemode = {
enable = true;
enableRenice = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
}; };
# Common Nix modules # Common Nix modules

View file

@ -9,6 +9,13 @@
./modules/programs/my-kitty ./modules/programs/my-kitty
./modules/programs/openconnect-epfl.nix ./modules/programs/openconnect-epfl.nix
./common-linux.nix ./common-linux.nix
# PATH Overrides
({ config, lib, ... }: {
home.sessionPath = lib.mkBefore [
"${config.home.homeDirectory}/.bin/overrides"
];
})
]; ];
# Let Home Manager install and manage itself. # Let Home Manager install and manage itself.
@ -28,7 +35,6 @@
fx # JSON viewer fx # JSON viewer
glow # Markdown viewer glow # Markdown viewer
nix-output-monitor # Nice nix output formatting nix-output-monitor # Nice nix output formatting
unstable.scala-next
## PDF Processors ## PDF Processors
poppler_utils poppler_utils
## htop replacement ## htop replacement

View file

@ -1,3 +1,8 @@
{ {
allowUnfree = true; allowUnfree = true;
packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
} }

View file

@ -53,7 +53,8 @@ in
functions = { functions = {
rebuild = { rebuild = {
body = '' body = ''
pls nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \ command sudo -v && \
command sudo nixos-rebuild --flake ~/.config/nixpkgs -L --log-format internal-json -v $argv \
&| ${pkgs.nix-output-monitor}/bin/nom --json &| ${pkgs.nix-output-monitor}/bin/nom --json
''; '';
wraps = "nixos-rebuild"; wraps = "nixos-rebuild";
@ -61,18 +62,19 @@ in
# Simplify nix usage! # Simplify nix usage!
nx = { nx = {
body = '' body = ''
argparse -s 'h/help' 'impure' 'u/unstable' 'g/git' -- $argv set impure
if set -q _flag_help || test (count $argv) -eq 0 if test $argv[1] = "--impure"
echo "nx [--impure] [-u/--unstable/-g/--git] {package} [args...]" set impure "--impure"
return 1 set argv $argv[2..]
end
if test (count $argv) -gt 0
nix run $impure nixpkgs#$argv[1] -- $argv[2..]
else else
set -q _flag_impure && set impure "--impure" echo "nx [--impure] {package} [args...]"
set nixpkgs "nixpkgs" return 1
set -q _flag_unstable && set nixpkgs "nixpkgs-unstable"
set -q _flag_git && set nixpkgs "github:nixOS/nixpkgs/nixpkgs-unstable"
nix run $impure $nixpkgs"#"$argv[1] -- $argv[2..]
end end
''; '';
wraps = "nix run";
description = "Runs an app from the nixpkgs store."; description = "Runs an app from the nixpkgs store.";
}; };
@ -80,35 +82,25 @@ in
description = "Spawns a shell from the given nixpkgs packages"; description = "Spawns a shell from the given nixpkgs packages";
wraps = "nix shell"; wraps = "nix shell";
body = '' body = ''
function help set impure
echo "nsh [--impure] [--impure] [-u/--unstable/-g/--git] {package}* [-c command args...]" if test $argv[1] = "--impure"
set impure "--impure"
set argv $argv[2..]
end end
argparse -s 'h/help' 'impure' 'u/unstable' 'g/git' -- $argv if test (count $argv) -gt 0
if set -q _flag_help || test (count $argv) -eq 0 set minusc (contains -i -- "-c" $argv)
help if test -z $minusc
return 0 nix shell $impure nixpkgs#$argv -c fish
end else if test $minusc -eq (count $argv)
set packages $argv echo "nsh [--impure] {packages} [-c command args...]"
set minusc (contains -i -- "-c" $argv)
if test -n "$minusc"
if test $minusc -eq 1
help
return 1 return 1
else
nix shell $impure nixpkgs#$argv[..(math $minusc - 1)] $argv[$minusc..]
end end
set packages $argv[..(math $minusc - 1)]
set argv $argv[(math $minusc + 1)..]
else else
set argv "fish" "-i" echo "nsh [--impure] {packages} [-c command args...]"
end
if test (count $packages) -eq 0
help
return 1 return 1
end end
set -q _flag_impure && set impure "--impure"
set nixpkgs "nixpkgs"
set -q _flag_unstable && set nixpkgs "nixpkgs-unstable"
set -q _flag_git && set nixpkgs "github:nixOS/nixpkgs/nixpkgs-unstable"
nix shell $impure $nixpkgs"#"$packages --command $argv
''; '';
}; };
# Grep stuff # Grep stuff
@ -126,30 +118,6 @@ in
}; };
echo-today = "date +%F"; echo-today = "date +%F";
newfile = "mkdir -p (dirname $argv[-1]) && touch $argv"; newfile = "mkdir -p (dirname $argv[-1]) && touch $argv";
# pls
pls = {
wraps = "sudo";
body = ''
set -l cmd "`"(string join " " -- $argv)"`"
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
# Send a notification on password prompt
if command sudo -vn 2>/dev/null
# nothing to do, user already authenticated
else
# throw a notification
set notif_id (kitten notify -P \
-p ${./haruka.png} \
-a "pls" \
-u critical \
"A-a command requires your p-password" \
(printf "I-I need your p-password to r-run the following c-command:\n\n%s" $cmd))
command sudo -v -p "P-password please: "
kitten notify -i $notif_id ""
end
command sudo $argv
'';
};
}; };
@ -178,9 +146,6 @@ in
if test -e /opt/homebrew/bin/brew if test -e /opt/homebrew/bin/brew
/opt/homebrew/bin/brew shellenv | source /opt/homebrew/bin/brew shellenv | source
end end
# Override PATH
set --export --prepend PATH ~/.bin/overrides ~/.local/bin
''; '';
interactiveShellInit = '' interactiveShellInit = ''
@ -285,8 +250,8 @@ in
target = ".config/fish/conf.d/change_cmd.fish"; target = ".config/fish/conf.d/change_cmd.fish";
}; };
"fish/pls.fish" = { "fish/pls.fish" = {
source = ./pls_extra.fish; source = ./. + "/pls.fish";
target = ".config/fish/conf.d/pls_extra.fish"; target = ".config/fish/conf.d/pls.fish";
}; };
}; };
} }

Binary file not shown.

Before

Width:  |  Height:  |  Size: 30 KiB

155
home/fish/pls.fish Normal file
View file

@ -0,0 +1,155 @@
alias sue="pls -e"
function pls
set -l cmd "`"(string join " " -- $argv)"`"
echo "I-It's not like I'm gonna run "$cmd" for you or a-anything! Baka >:C" >&2
# Send a notification on password prompt
if command sudo -vn 2>/dev/null
# nothing to do, user already authenticated
else
# throw a notification
# notify-send -t 3000 -u critical -i ~/Downloads/harukablush.jpg -h "STRING:command:"$cmd "A-a command requires your p-password" (printf "I-I need your p-password to r-run the following c-command: %s" $cmd)
end
command sudo $argv
end
function sudo
echo "Not polite enough."
end
function __fish_prepend_pls -d "Prepend 'pls ' to the beginning of the current commandline"
# If there is no commandline, insert the last item from history
# and *then* toggle
if not commandline | string length -q
commandline -r "$history[1]"
end
set -l cmd (commandline -po)
set -l cursor (commandline -C)
if test "$cmd[1]" = e
commandline -C 0
commandline -i "su"
commandline -C (math $cursor + 2)
else if test "$cmd[1]" = sue
commandline -r (string sub --start=3 (commandline -p))
commandline -C -- (math $cursor - 2)
else if test "$cmd[1]" != pls
commandline -C 0
commandline -i "pls "
commandline -C (math $cursor + 4)
else
commandline -r (string sub --start=5 (commandline -p))
commandline -C -- (math $cursor - 4)
end
end
bind --preset -e -M insert \es
bind -M insert \es __fish_prepend_pls
function __fish_man_page
# Get all commandline tokens not starting with "-"
set -l args (commandline -po | string match -rv '^-')
# If commandline is empty, exit.
if not set -q args[1]
printf \a
return
end
#Skip `pls` and display then manpage of following command
while set -q args[2]
and string match -qr -- '^(pls|.*=.*)$' $args[1]
set -e args[1]
end
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
# Try "man first-second" and fall back to "man first" if that doesn't work out.
set -l maincmd (basename $args[1])
if set -q args[2]
# HACK: If stderr is not attached to a terminal `less` (the default pager)
# wouldn't use the alternate screen.
# But since we don't know what pager it is, and because `man` is totally underspecified,
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
# See #7863.
if man "$maincmd-$args[2]" &>/dev/null
man "$maincmd-$args[2]"
else if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
else
if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
end
commandline -f repaint
end
#
# Completion for pls
#
function __fish_pls_print_remaining_args
set -l tokens (commandline -opc) (commandline -ct)
set -e tokens[1]
# These are all the options mentioned in the man page for Todd Miller's "pls.ws" pls (in that order).
# If any other implementation has different options, this should be harmless, since they shouldn't be used anyway.
set -l opts A/askpass b/background C/close-from= E/preserve-env='?'
# Note that "-h" is both "--host" (which takes an option) and "--help" (which doesn't).
# But `-h` as `--help` only counts when it's the only argument (`pls -h`),
# so any argument completion after that should take it as "--host".
set -a opts e/edit g/group= H/set-home h/host= 1-help
set -a opts i/login K/remove-timestamp k/reset-timestamp l/list n/non-interactive
set -a opts P/preserve-groups p/prompt= S/stdin s/shell U/other-user=
set -a opts u/user= T/command-timeout= V/version v/validate
argparse -s $opts -- $tokens 2>/dev/null
# The remaining argv is the subcommand with all its options, which is what
# we want.
if test -n "$argv"
and not string match -qr '^-' $argv[1]
string join0 -- $argv
return 0
else
return 1
end
end
function __fish_pls_no_subcommand
not __fish_pls_print_remaining_args >/dev/null
end
function __fish_complete_pls_subcommand
set -l args (__fish_pls_print_remaining_args | string split0)
set -lx -a PATH /usr/local/sbin /sbin /usr/sbin
__fish_complete_subcommand --commandline $args
end
# All these options should be valid for GNU and OSX pls
complete -c pls -n __fish_no_arguments -s h -d "Display help and exit"
complete -c pls -n __fish_no_arguments -s V -d "Display version information and exit"
complete -c pls -n __fish_pls_no_subcommand -s A -d "Ask for password via the askpass or \$SSH_ASKPASS program"
complete -c pls -n __fish_pls_no_subcommand -s C -d "Close all file descriptors greater or equal to the given number" -xa "0 1 2 255"
complete -c pls -n __fish_pls_no_subcommand -s E -d "Preserve environment"
complete -c pls -n __fish_pls_no_subcommand -s H -d "Set home"
complete -c pls -n __fish_pls_no_subcommand -s K -d "Remove the credential timestamp entirely"
complete -c pls -n __fish_pls_no_subcommand -s P -d "Preserve group vector"
complete -c pls -n __fish_pls_no_subcommand -s S -d "Read password from stdin"
complete -c pls -n __fish_pls_no_subcommand -s b -d "Run command in the background"
complete -c pls -n __fish_pls_no_subcommand -s e -rF -d Edit
complete -c pls -n __fish_pls_no_subcommand -s g -a "(__fish_complete_groups)" -x -d "Run command as group"
complete -c pls -n __fish_pls_no_subcommand -s i -d "Run a login shell"
complete -c pls -n __fish_pls_no_subcommand -s k -d "Reset or ignore the credential timestamp"
complete -c pls -n __fish_pls_no_subcommand -s l -d "List the allowed and forbidden commands for the given user"
complete -c pls -n __fish_pls_no_subcommand -s n -d "Do not prompt for a password - if one is needed, fail"
complete -c pls -n __fish_pls_no_subcommand -s p -d "Specify a custom password prompt"
complete -c pls -n __fish_pls_no_subcommand -s s -d "Run the given command in a shell"
complete -c pls -n __fish_pls_no_subcommand -s u -a "(__fish_complete_users)" -x -d "Run command as user"
complete -c pls -n __fish_pls_no_subcommand -s v -n __fish_no_arguments -d "Validate the credentials, extending timeout"
# Complete the command we are executed under pls
complete -c pls -x -n 'not __fish_seen_argument -s e' -a "(__fish_complete_pls_subcommand)"

View file

@ -1,47 +0,0 @@
alias sue="pls -e"
function sudo
echo "Not polite enough."
end
bind --preset -M visual \es 'fish_commandline_prepend pls'
bind -M insert \es 'fish_commandline_prepend pls'
function __fish_man_page
# Get all commandline tokens not starting with "-", up to and including the cursor's
set -l args (string match -rv '^-|^$' -- (commandline -cpx && commandline -t))
# If commandline is empty, exit.
if not set -q args[1]
printf \a
return
end
# Skip leading commands and display the manpage of following command
while set -q args[2]
and string match -qr -- '^(and|begin|builtin|caffeinate|command|doas|entr|env|exec|if|mosh|nice|not|or|pipenv|prime-run|setsid|sudo|pls|systemd-nspawn|time|watch|while|xargs|.*=.*)$' $args[1]
set -e args[1]
end
# If there are at least two tokens not starting with "-", the second one might be a subcommand.
# Try "man first-second" and fall back to "man first" if that doesn't work out.
set -l maincmd (path basename $args[1])
# HACK: If stderr is not attached to a terminal `less` (the default pager)
# wouldn't use the alternate screen.
# But since we don't know what pager it is, and because `man` is totally underspecified,
# the best we can do is to *try* the man page, and assume that `man` will return false if it fails.
# See #7863.
if set -q args[2]
and not string match -q -- '*/*' $args[2]
and man "$maincmd-$args[2]" &>/dev/null
man "$maincmd-$args[2]"
else
if man "$maincmd" &>/dev/null
man "$maincmd"
else
printf \a
end
end
commandline -f repaint
end

View file

@ -272,7 +272,7 @@ in
# override inherited files # override inherited files
cat ${tree-sitter-go}/queries/highlights.scm ${src}/queries/templ/highlights.scm > $out/queries/highlights.scm cat ${tree-sitter-go}/queries/highlights.scm ${src}/queries/templ/highlights.scm > $out/queries/highlights.scm
''; '';
queries.path = "queries"; queries.path = "queries/templ";
}; };
go = { go = {
@ -282,23 +282,6 @@ in
queries.src = tree-sitter-go; queries.src = tree-sitter-go;
queries.path = "queries"; queries.path = "queries";
}; };
hylo =
let
src = pkgs.fetchFromGitHub {
owner = "natsukagami";
repo = "tree-sitter-hylo";
rev = "494cbdff0d13cbc67348316af2efa0286dbddf6f";
hash = "sha256-R5UeoglCTl0do3VDJ/liCTeqbxU9slvmVKNRA/el2VY=";
};
in
{
grammar.src = src;
grammar.compile.args = [ "-c" "-fpic" "../parser.c" "-I" ".." ];
grammar.link.args = [ "-shared" "-fpic" "parser.o" ];
queries.src = src;
queries.path = "queries";
};
}; };
programs.my-kakoune.package = pkgs.kakoune; programs.my-kakoune.package = pkgs.kakoune;

View file

@ -64,12 +64,6 @@ hook global InsertChar \t %{ exec -draft -itersel h@ }
set global tabstop 2 set global tabstop 2
set global indentwidth 2 set global indentwidth 2
# Language-specific tabstop with override
hook global WinSetOption filetype=(rust) %{
set window tabstop 4
set window indentwidth 4
}
# Ctrl + a in insert mode = esc # Ctrl + a in insert mode = esc
map global insert <c-a> '<esc>' map global insert <c-a> '<esc>'
@ -158,6 +152,9 @@ hook global WinSetOption filetype=(rust) %{
hook global WinSetOption filetype=(scala) %{ hook global WinSetOption filetype=(scala) %{
# Format the document if possible # Format the document if possible
hook -group scala-fmt window BufWritePre .* %{ lsp-formatting-sync } hook -group scala-fmt window BufWritePre .* %{ lsp-formatting-sync }
set window tabstop 2
set window indentwidth 2
} }
hook global WinSetOption filetype=(typst) %{ hook global WinSetOption filetype=(typst) %{
@ -217,12 +214,7 @@ hook global BufCreate .*[.]typ %{
hook global BufCreate .*[.]templ %{ hook global BufCreate .*[.]templ %{
set-option buffer filetype templ set-option buffer filetype templ
set-option buffer comment_line "//" set-option window comment_line "//"
}
hook global BufCreate .*[.]hylo %{
set-option buffer filetype hylo
set-option buffer comment_line "//"
} }
hook global BufOpenFile .* %{ hook global BufOpenFile .* %{

View file

@ -3,7 +3,6 @@ with lib;
let let
cfg = config.linux.graphical; cfg = config.linux.graphical;
thunderbird = pkgs.thunderbird-128;
vscode = with pkgs; if stdenv.isAarch64 then unstable.vscode else unstable.vscode-fhs; vscode = with pkgs; if stdenv.isAarch64 then unstable.vscode else unstable.vscode-fhs;
wifi-indicator = pkgs.writeScriptBin "wifi-indicator" '' wifi-indicator = pkgs.writeScriptBin "wifi-indicator" ''
@ -58,25 +57,23 @@ in
feh # For images? feh # For images?
deluge # Torrent client deluge # Torrent client
pavucontrol # PulseAudio control panel pavucontrol # PulseAudio control panel
cinnamon.nemo # File manager
thunderbird # Email thunderbird # Email
sublime-music # For navidrome sublime-music # For navidrome
# cinny-desktop cinny-desktop
gajim gajim
vivaldi vivaldi
# Audio # Audio
qpwgraph # Pipewire graph qpwgraph # Pipewire graph
unstable.zotero zotero_7
libreoffice libreoffice
mpv # for anki mpv # for anki
anki-bin anki-bin
# Chat stuff
tdesktop tdesktop
whatsapp-for-linux whatsapp-for-linux
slack
zoom-us
librewolf librewolf
@ -85,7 +82,11 @@ in
# sct # Display color temperature # sct # Display color temperature
xdg-utils # Open stuff xdg-utils # Open stuff
wifi-indicator wifi-indicator
]); ] ++ (if pkgs.stdenv.isAarch64 then [ ] else [
gnome.cheese # Webcam check, expensive
# Chat stuff
slack
]));
nki.programs.discord.enable = pkgs.stdenv.isx86_64; nki.programs.discord.enable = pkgs.stdenv.isx86_64;
nki.programs.discord.package = pkgs.vesktop; nki.programs.discord.package = pkgs.vesktop;

View file

@ -14,7 +14,7 @@ let
systemd.user.services.swaync.Unit.PartOf = lib.mkForce [ "sway-session.target" ]; systemd.user.services.swaync.Unit.PartOf = lib.mkForce [ "sway-session.target" ];
programs.my-sway.waybar = { programs.my-sway.waybar = {
extraSettings = [{ extraSettings = {
modules-right = mkAfter [ "custom/swaync" ]; modules-right = mkAfter [ "custom/swaync" ];
modules."custom/swaync" = { modules."custom/swaync" = {
tooltip = false; tooltip = false;
@ -36,7 +36,7 @@ let
on-click-right = "${swaync}/bin/swaync-client -d -sw"; on-click-right = "${swaync}/bin/swaync-client -d -sw";
escape = true; escape = true;
}; };
}]; };
extraStyle = mkAfter '' extraStyle = mkAfter ''
#custom-swaync { #custom-swaync {
background: #F0FFFF; background: #F0FFFF;

View file

@ -2,20 +2,11 @@
let let
cfg = config.nki.programs.kitty; cfg = config.nki.programs.kitty;
cmd = if pkgs.stdenv.isDarwin then "cmd" else "ctrl";
theme = { lib, options, config, ... }: {
programs.kitty = lib.mkIf config.nki.programs.kitty.enable (
if builtins.hasAttr "themeFile" options.programs.kitty then {
themeFile = "ayu_light";
} else {
theme = "Ayu Light";
}
);
};
in in
with lib; with lib;
{ {
imports = [ theme ./darwin.nix ./linux.nix ./tabs.nix ]; imports = [ ./darwin.nix ./linux.nix ./tabs.nix ];
options.nki.programs.kitty = { options.nki.programs.kitty = {
enable = mkEnableOption "Enable kitty"; enable = mkEnableOption "Enable kitty";
@ -60,6 +51,8 @@ with lib;
font.name = "Fantasque Sans Mono"; font.name = "Fantasque Sans Mono";
font.size = cfg.fontSize; font.size = cfg.fontSize;
theme = "Ayu Light";
settings = settings =
let let
# Background color and transparency # Background color and transparency

View file

@ -1,4 +1,4 @@
{ pkgs, lib, options, config, osConfig, ... }: { pkgs, lib, options, config, ... }:
with lib; with lib;
let let
cfg = config.programs.my-sway; cfg = config.programs.my-sway;
@ -110,12 +110,12 @@ in
default = barWith: [ (barWith { }) ]; default = barWith: [ (barWith { }) ];
}; };
extraSettings = mkOption { extraSettings = mkOption {
type = types.listOf types.raw; type = types.raw;
description = "Extra settings to be included with every default bar"; description = "Extra settings to be included with every default bar";
default = [ ]; default = { };
}; };
extraStyle = mkOption { extraStyle = mkOption {
type = types.lines; type = types.str;
description = "Additional style for the default waybar"; description = "Additional style for the default waybar";
default = ""; default = "";
}; };
@ -129,11 +129,8 @@ in
"PATH" # for portals "PATH" # for portals
"XDG_DATA_DIRS" # For extra icons "XDG_DATA_DIRS" # For extra icons
"XDG_DATA_HOME" # For extra icons "XDG_DATA_HOME" # For extra icons
] ++ lib.optionals osConfig.services.desktopManager.plasma6.enable [
"XDG_MENU_PREFIX"
]; ];
systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default systemd.extraCommands = options.wayland.windowManager.sway.systemd.extraCommands.default ++ [
++ [
"systemctl --user restart xdg-desktop-portal.service" "systemctl --user restart xdg-desktop-portal.service"
]; ];
@ -361,9 +358,7 @@ in
eval `gnome-keyring-daemon` eval `gnome-keyring-daemon`
export SSH_AUTH_SOCK export SSH_AUTH_SOCK
fi fi
'' else "") + lib.optionalString osConfig.services.desktopManager.plasma6.enable '' '' else "");
export XDG_MENU_PREFIX=plasma-
'';
# Extra # Extra
wrapperFeatures.base = true; wrapperFeatures.base = true;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
@ -414,7 +409,7 @@ in
config.programs.waybar = config.programs.waybar =
let let
barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: mkMerge ([{ barWith = { showMedia ? true, showConnectivity ? true, extraSettings ? { }, ... }: (mkMerge [{
position = "top"; position = "top";
modules-left = [ modules-left = [
"sway/workspaces" "sway/workspaces"
@ -425,7 +420,7 @@ in
]; ];
modules-right = modules-right =
lib.optional showMedia (if cfg.enableMpd then "mpd" else "custom/media") lib.optional showMedia (if cfg.enableMpd then "mpd" else "custom/media")
++ [ ++ [
"tray" "tray"
"pulseaudio" "pulseaudio"
] ++ lib.optionals showConnectivity [ ] ++ lib.optionals showConnectivity [
@ -436,7 +431,7 @@ in
"memory" "memory"
"temperature" "temperature"
] ++ lib.optionals cfg.enableLaptopBars [ "battery" "battery#bat2" ] ] ++ lib.optionals cfg.enableLaptopBars [ "battery" "battery#bat2" ]
++ [ ++ [
"clock" "clock"
]; ];
@ -603,9 +598,9 @@ in
"on-click" = "${playerctl} play-pause"; "on-click" = "${playerctl} play-pause";
}; };
}; };
}] ++ }
cfg.waybar.extraSettings cfg.waybar.extraSettings
++ [ extraSettings ]); extraSettings]);
in in
mkIf cfg.enable { mkIf cfg.enable {
enable = true; enable = true;

View file

@ -4,15 +4,13 @@ let
name = "openconnect-epfl"; name = "openconnect-epfl";
runtimeInputs = with pkgs; [ openconnect rbw ]; runtimeInputs = with pkgs; [ openconnect rbw ];
text = '' text = ''
METHOD="Microsoft Entra ID" GASPAR_PASSWORD=$(rbw get gaspar)
RBW_ENTRY="EPFL Microsoft Auth" GASPAR_TOKEN=$(rbw code gaspar)
GASPAR_PASSWORD=$(rbw get "$RBW_ENTRY")
GASPAR_TOKEN=$(rbw code "$RBW_ENTRY")
printf "\n%s\n%s\n%s\n" "$METHOD" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | command sudo openconnect \ printf "%s\n%s\n" "$GASPAR_PASSWORD" "$GASPAR_TOKEN" | sudo openconnect \
--passwd-on-stdin \ --passwd-on-stdin \
-u "pham" \ -u pham \
--useragent='AnyConnect' \ --useragent='AnyConnect' \
"https://vpn.epfl.ch" "https://vpn.epfl.ch"
''; '';
}; };

View file

@ -48,21 +48,6 @@
tap = "enabled"; tap = "enabled";
}; };
}; };
programs.my-sway.waybar.extraSettings =
let
change-mode = pkgs.writeScript "change-mode" ''
#!/usr/bin/env ${lib.getExe pkgs.fish}
set -ax PATH ${lib.getBin pkgs.power-profiles-daemon} ${lib.getBin pkgs.rofi} ${lib.getBin pkgs.ripgrep}
set profiles (powerprofilesctl list | rg "^[ *] (\S+):" -r '$1')
set selected_index (math (contains -i (powerprofilesctl get) $profiles) - 1)
set new_profile (printf "%s\n" $profiles | rofi -dmenu -p "Switch to power profile" -a $selected_index)
powerprofilesctl set $new_profile
'';
in
[{
modules."battery"."on-click" = change-mode;
}];
# input-remapping # input-remapping
xdg.configFile."autostart/input-remapper-autoload.desktop".source = xdg.configFile."autostart/input-remapper-autoload.desktop".source =
@ -76,32 +61,16 @@
# Multiple screen setup # Multiple screen setup
services.kanshi = with config.common.monitors; { services.kanshi = with config.common.monitors; {
enable = true; enable = true;
settings = [ profiles.undocked.outputs = [{
{ criteria = "eDP-1";
profile.name = "undocked"; }];
profile.outputs = [{ criteria = "eDP-1"; }]; profiles.work-both.outputs = [
} { criteria = "eDP-1"; position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}"; status = "enable"; }
{ { criteria = work.name; position = "1920,0"; }
profile.name = "work-both"; ];
profile.outputs = [ profiles.work-one.outputs = [
{ { criteria = "eDP-1"; status = "disable"; }
criteria = "eDP-1"; { criteria = config.common.monitors.work.name; }
position = "0,${toString (builtins.floor ((2160 / work.scale - 1200) + 1200 / 3))}";
status = "enable";
}
{ criteria = work.name; position = "1920,0"; }
];
}
{
profile.name = "work-one";
profile.outputs = [
{
criteria = "eDP-1";
status = "disable";
}
];
}
{ output.criteria = config.common.monitors.work.name; }
]; ];
}; };

View file

@ -1,28 +1,29 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
# osu-pkg = pkgs.unstable.osu-lazer-bin; osu-pkg = pkgs.unstable.osu-lazer-bin;
osu-pkg = with pkgs; with lib; # osu-pkg = with pkgs; with lib;
appimageTools.wrapType2 rec { # appimageTools.wrapType2 rec {
pname = "osu-lazer-bin"; # pname = "osu-lazer-bin";
version = "2024.1009.1"; # version = "2024.312.1";
src = fetchurl { # src = pkgs.fetchurl {
url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage"; # url = "https://github.com/ppy/osu/releases/download/${version}/osu.AppImage";
sha256 = "sha256-2H2SPcUm/H/0D9BqBiTFvaCwd0c14/r+oWhyeZdNpoU="; # hash = "sha256-1dzgs1p3/pf4eCdKvQ9JxowN+oBPBNaZv5e6qHeFPEM=";
}; # };
extraPkgs = pkgs: with pkgs; [ icu ];
extraInstallCommands = # extraPkgs = pkgs: with pkgs; [ icu ];
let contents = appimageTools.extract { inherit pname version src; };
in # extraInstallCommands =
'' # let contents = appimageTools.extract { inherit pname version src; };
mv -v $out/bin/${pname} $out/bin/osu\! # in
install -m 444 -D ${contents}/osu\!.desktop -t $out/share/applications # ''
for i in 16 32 48 64 96 128 256 512 1024; do # mv -v $out/bin/${pname}-${version} $out/bin/osu\!
install -D ${contents}/osu\!.png $out/share/icons/hicolor/''${i}x$i/apps/osu\!.png # install -m 444 -D ${contents}/osu\!.desktop -t $out/share/applications
done # for i in 16 32 48 64 96 128 256 512 1024; do
''; # install -D ${contents}/osu\!.png $out/share/icons/hicolor/''${i}x$i/apps/osu\!.png
}; # done
# '';
# };
in in
{ {
home.packages = [ osu-pkg ]; home.packages = [ osu-pkg ];

View file

@ -70,7 +70,7 @@
services.printing.drivers = with pkgs; [ epfl-cups-drivers ]; services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true; services.xserver.libinput.enable = true;
# Keyboard # Keyboard
services.input-remapper.enable = true; services.input-remapper.enable = true;
services.input-remapper.serviceWantedBy = [ "multi-user.target" ]; services.input-remapper.serviceWantedBy = [ "multi-user.target" ];

View file

@ -22,8 +22,8 @@ let
}; };
authentik = mkImage { authentik = mkImage {
imageName = "ghcr.io/goauthentik/server"; imageName = "ghcr.io/goauthentik/server";
finalImageTag = "2024.8.2"; finalImageTag = "2024.4.2";
imageDigest = "sha256:71984fdbb7a9414f5172bb446104d3fe4ab1ab412c8b3343bb97b04449dd53eb"; imageDigest = "sha256:a2e592a08eb3c9e3435aa4e6585d60cc1eb54850da9d1498d56a131bbfbe03ff";
}; };
}; };
authentikEnv = pkgs.writeText "authentik.env" '' authentikEnv = pkgs.writeText "authentik.env" ''
@ -48,14 +48,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.arion-authentik = { systemd.services.arion-authentik.serviceConfig.EnvironmentFile = cfg.envFile;
serviceConfig.EnvironmentFile = cfg.envFile;
serviceConfig.Type = "notify";
serviceConfig.NotifyAccess = "all";
script = lib.mkBefore ''
${lib.getExe pkgs.wait4x} http http://127.0.0.1:${toString cfg.port} --expect-status-code 200 -t 0 -q -- systemd-notify --ready &
'';
};
virtualisation.arion.projects.authentik.settings = { virtualisation.arion.projects.authentik.settings = {
services.postgresql.service = { services.postgresql.service = {
image = images.postgresql; image = images.postgresql;

View file

@ -74,8 +74,6 @@ with lib;
global.port = instance.port; global.port = instance.port;
global.allow_registration = instance.allow_registration; global.allow_registration = instance.allow_registration;
global.database_path = "/mnt/data/${srvName}/"; global.database_path = "/mnt/data/${srvName}/";
global.well_known_client = "https://${instance.host}";
global.well_known_server = "${instance.host}:443";
}); });
in in
{ {
@ -116,12 +114,61 @@ with lib;
)) ))
cfg.instances); cfg.instances);
# Serving .well-known files
# This is a single .well-known/matrix/server file that points to the server,
# which is NOT on port 8448 since Cloudflare doesn't allow us to route HTTPS
# through that port.
config.services.nginx = mkIf cfg.enable
{
enable = true;
virtualHosts = lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" {
listen = [{ addr = "127.0.0.1"; port = instance.well-known_port; }];
# Check https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md
# for the file structure.
root = pkgs.symlinkJoin
{
name = "well-known-files-for-conduit-${name}";
paths = [
(pkgs.writeTextDir ".well-known/matrix/client" (builtins.toJSON {
"m.homeserver".base_url = "https://${instance.host}";
"org.matrix.msc3575.proxy".url = "https://${instance.host}";
}))
(pkgs.writeTextDir ".well-known/matrix/server" (builtins.toJSON {
"m.server" = "${instance.host}:443";
}))
];
};
extraConfig =
# Enable CORS from anywhere since we want all clients to find us out
''
add_header 'Access-Control-Allow-Origin' "*";
'' +
# Force returning values to be JSON data
''
default_type application/json;
'';
})
cfg.instances;
};
config.cloud.traefik.hosts = mkIf cfg.enable ( config.cloud.traefik.hosts = mkIf cfg.enable (
(lib.attrsets.mapAttrs' (lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({ (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
inherit (instance) host port noCloudflare; inherit (instance) host port noCloudflare;
})) }))
cfg.instances) cfg.instances)
// (lib.attrsets.mapAttrs'
(name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" (
let
server_name = if instance.server_name == "" then instance.host else instance.server_name;
in
{
port = instance.well-known_port;
filter = "Host(`${server_name}`) && PathPrefix(`/.well-known`)";
}
))
cfg.instances)
); );
} }

View file

@ -33,7 +33,7 @@ with lib; {
{ {
systemd.services.heisenbridge = { systemd.services.heisenbridge = {
description = "Matrix<->IRC bridge"; description = "Matrix<->IRC bridge";
requires = [ "matrix-conduit-nkagami.service" "matrix-synapse.service" ]; # So the registration file can be used by Synapse requires = [ "matrix-synapse.service" ]; # So the registration file can be used by Synapse
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = rec { serviceConfig = rec {

View file

@ -4,7 +4,6 @@ let
cfg = config.cloud.gotosocial; cfg = config.cloud.gotosocial;
dbUser = "gotosocial"; dbUser = "gotosocial";
storageLocation = "/mnt/data/gotosocial";
in in
{ {
options.cloud.gotosocial = { options.cloud.gotosocial = {
@ -75,9 +74,6 @@ in
# Media # Media
media-emoji-remote-max-size = 256 * 1024 /* bytes */; media-emoji-remote-max-size = 256 * 1024 /* bytes */;
media-emoji-local-max-size = 256 * 1024 /* bytes */; media-emoji-local-max-size = 256 * 1024 /* bytes */;
media-remote-cache-days = 7;
media-cleanup-from = "00:00";
media-cleanup-every = "24h";
# OIDC # OIDC
oidc-enabled = true; oidc-enabled = true;
oidc-idp-name = "DTTH"; oidc-idp-name = "DTTH";
@ -86,22 +82,10 @@ in
http-client.block-ips = [ "11.0.0.0/24" ]; http-client.block-ips = [ "11.0.0.0/24" ];
# Advanced # Advanced
advanced-rate-limit-requests = 0; advanced-rate-limit-requests = 0;
# Storage
storage-backend = "local";
storage-local-base-path = "${storageLocation}/storage";
# instance-inject-mastodon-version = true; # instance-inject-mastodon-version = true;
}; };
}; };
systemd.services.gotosocial.requires = mkAfter [ "postgresql.service" "arion-authentik.service" ]; systemd.services.gotosocial.requires = mkAfter [ "minio.service" "postgresql.service" ];
systemd.services.gotosocial.after = mkAfter [ "postgresql.service" "arion-authentik.service" ]; systemd.services.gotosocial.after = mkAfter [ "minio.service" "postgresql.service" ];
systemd.services.gotosocial.unitConfig = {
RequiresMountsFor = [ storageLocation ];
ReadWritePaths = [ storageLocation ];
};
systemd.tmpfiles.settings."10-gotosocial".${storageLocation}.d = {
user = dbUser;
group = dbUser;
mode = "0700";
};
}; };
} }

View file

@ -1,183 +0,0 @@
commit 8c7f8c28fabc174a71499a4737579b24b5c4b244
Author: Natsu Kagami <nki@nkagami.me>
Date: Mon Oct 21 02:17:36 2024 +0200
Support R2
diff --git a/.env.sample b/.env.sample
index eb57ad85c..94ffcee07 100644
--- a/.env.sample
+++ b/.env.sample
@@ -66,6 +66,8 @@ AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
AWS_S3_FORCE_PATH_STYLE=true
AWS_S3_ACL=private
+AWS_S3_R2=true
+AWS_S3_R2_PUBLIC_URL=http://s3:4569
# AUTHENTICATION
diff --git a/app/utils/files.ts b/app/utils/files.ts
index 6607a6b12..5138f68ad 100644
--- a/app/utils/files.ts
+++ b/app/utils/files.ts
@@ -63,8 +63,13 @@ export const uploadFile = async (
xhr.addEventListener("loadend", () => {
resolve(xhr.readyState === 4 && xhr.status >= 200 && xhr.status < 400);
});
- xhr.open("POST", data.uploadUrl, true);
- xhr.send(formData);
+ xhr.open(data.method, data.uploadUrl, true);
+ xhr.setRequestHeader("Content-Type", file.type);
+ if (data.method === "POST") {
+ xhr.send(formData);
+ } else {
+ xhr.send(file);
+ }
});
if (!success) {
diff --git a/server/env.ts b/server/env.ts
index 5b420f2e1..4ea1e8d3c 100644
--- a/server/env.ts
+++ b/server/env.ts
@@ -519,6 +519,14 @@ export class Environment {
environment.AWS_S3_UPLOAD_BUCKET_NAME
);
+ @IsOptional()
+ public AWS_S3_R2 = this.toBoolean(environment.AWS_S3_R2 ?? "false");
+
+ @IsOptional()
+ public AWS_S3_R2_PUBLIC_URL = this.toOptionalString(
+ environment.AWS_S3_R2_PUBLIC_URL
+ );
+
/**
* Whether to force path style URLs for S3 objects, this is required for some
* S3-compatible storage providers.
diff --git a/server/routes/api/attachments/attachments.ts b/server/routes/api/attachments/attachments.ts
index 5e6c27594..b7620f440 100644
--- a/server/routes/api/attachments/attachments.ts
+++ b/server/routes/api/attachments/attachments.ts
@@ -3,6 +3,7 @@ import { v4 as uuidv4 } from "uuid";
import { AttachmentPreset } from "@shared/types";
import { bytesToHumanReadable } from "@shared/utils/files";
import { AttachmentValidation } from "@shared/validations";
+import env from "@server/env";
import { AuthorizationError, ValidationError } from "@server/errors";
import auth from "@server/middlewares/authentication";
import { rateLimiter } from "@server/middlewares/rateLimiter";
@@ -90,16 +91,30 @@ router.post(
{ transaction }
);
- const presignedPost = await FileStorage.getPresignedPost(
- key,
- acl,
- maxUploadSize,
- contentType
- );
+ let uploadUrl;
+ let method;
+ let presignedPost = {
+ fields: {},
+ };
+ if (env.AWS_S3_R2) {
+ uploadUrl = await FileStorage.getPresignedPut(key);
+ method = "PUT";
+ } else {
+ uploadUrl = FileStorage.getUploadUrl();
+ method = "POST";
+
+ presignedPost = await FileStorage.getPresignedPost(
+ key,
+ acl,
+ maxUploadSize,
+ contentType
+ );
+ }
ctx.body = {
data: {
- uploadUrl: FileStorage.getUploadUrl(),
+ uploadUrl,
+ method,
form: {
"Cache-Control": "max-age=31557600",
"Content-Type": contentType,
diff --git a/server/storage/files/BaseStorage.ts b/server/storage/files/BaseStorage.ts
index ce0287ebc..a1931c83d 100644
--- a/server/storage/files/BaseStorage.ts
+++ b/server/storage/files/BaseStorage.ts
@@ -26,6 +26,8 @@ export default abstract class BaseStorage {
contentType: string
): Promise<Partial<PresignedPost>>;
+ public abstract getPresignedPut(key: string): Promise<string>;
+
/**
* Returns a promise that resolves with a stream for reading a file from the storage provider.
*
diff --git a/server/storage/files/LocalStorage.ts b/server/storage/files/LocalStorage.ts
index 83cf98c50..324e60dd9 100644
--- a/server/storage/files/LocalStorage.ts
+++ b/server/storage/files/LocalStorage.ts
@@ -30,6 +30,10 @@ export default class LocalStorage extends BaseStorage {
});
}
+ public async getPresignedPut(key: string) {
+ return this.getUrlForKey(key);
+ }
+
public getUploadUrl() {
return "/api/files.create";
}
diff --git a/server/storage/files/S3Storage.ts b/server/storage/files/S3Storage.ts
index a42442e0c..d55ef5472 100644
--- a/server/storage/files/S3Storage.ts
+++ b/server/storage/files/S3Storage.ts
@@ -4,6 +4,7 @@ import {
S3Client,
DeleteObjectCommand,
GetObjectCommand,
+ PutObjectCommand,
ObjectCannedACL,
} from "@aws-sdk/client-s3";
import { Upload } from "@aws-sdk/lib-storage";
@@ -58,6 +59,16 @@ export default class S3Storage extends BaseStorage {
return createPresignedPost(this.client, params);
}
+ public async getPresignedPut(key: string) {
+ const params = {
+ Bucket: env.AWS_S3_UPLOAD_BUCKET_NAME,
+ Key: key,
+ };
+
+ const command = new PutObjectCommand(params);
+ return await getSignedUrl(this.client, command, { expiresIn: 3600 });
+ }
+
private getPublicEndpoint(isServerUpload?: boolean) {
if (env.AWS_S3_ACCELERATE_URL) {
return env.AWS_S3_ACCELERATE_URL;
@@ -137,10 +148,17 @@ export default class S3Storage extends BaseStorage {
);
}
+ public getR2ObjectUrl = async (key: string) =>
+ env.AWS_S3_R2_PUBLIC_URL + "/" + key;
+
public getSignedUrl = async (
key: string,
expiresIn = S3Storage.defaultSignedUrlExpires
) => {
+ if (env.AWS_S3_R2) {
+ return this.getR2ObjectUrl(key);
+ }
+
const isDocker = env.AWS_S3_UPLOAD_BUCKET_URL.match(/http:\/\/s3:/);
const params = {
Bucket: this.getBucket(),

View file

@ -31,13 +31,6 @@ in
ensureDatabases = cfg.databases; ensureDatabases = cfg.databases;
ensureUsers = (map userFromDatabase cfg.databases); ensureUsers = (map userFromDatabase cfg.databases);
dataDir = "/mnt/data/postgresql/${config.services.postgresql.package.psqlSchema}";
};
config.systemd.services.postgresql.serviceConfig = {
StateDirectory = "postgresql postgresql ${config.services.postgresql.dataDir}";
StateDirectoryMode = "0750";
}; };
# Backup settings # Backup settings

View file

@ -12,6 +12,7 @@ let
users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ]; users.users.${config.common.linux.username}.extraGroups = [ "adbusers" ];
}; };
ios = { config, pkgs, ... }: mkIf config.common.linux.enable { ios = { config, pkgs, ... }: mkIf config.common.linux.enable {
services.avahi.enable = true;
services.usbmuxd.enable = true; services.usbmuxd.enable = true;
services.usbmuxd.package = pkgs.usbmuxd2; services.usbmuxd.package = pkgs.usbmuxd2;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -26,19 +27,8 @@ let
}; };
}; };
graphics = { config, ... }: {
hardware =
if config.system.nixos.release == "24.05" then {
opengl.enable = true;
opengl.driSupport32Bit = true;
} else {
graphics.enable = true;
graphics.enable32Bit = true;
};
};
accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) { accounts = { pkgs, ... }: mkIf (config.common.linux.enable && !pkgs.stdenv.isAarch64) {
environment.systemPackages = [ pkgs.glib (pkgs.gnome-control-center or pkgs.gnome.gnome-control-center) ]; environment.systemPackages = with pkgs.gnome; [ pkgs.glib gnome-control-center ];
services.accounts-daemon.enable = true; services.accounts-daemon.enable = true;
services.gnome.gnome-online-accounts.enable = true; services.gnome.gnome-online-accounts.enable = true;
# programs.evolution.enable = true; # programs.evolution.enable = true;
@ -114,19 +104,7 @@ let
}; };
in in
{ {
imports = with modules; [ imports = with modules; [ adb ios wlr logitech kwallet virtualisation accounts rt-audio ];
./sops.nix
adb
ios
graphics
wlr
logitech
kwallet
virtualisation
accounts
rt-audio
];
options.common.linux = { options.common.linux = {
enable = mkOption { enable = mkOption {
@ -209,6 +187,7 @@ in
services.fwupd.enable = true; services.fwupd.enable = true;
# Enable sound. # Enable sound.
sound.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
# alsa is optional # alsa is optional
@ -272,24 +251,20 @@ in
services.tailscale.enable = true; services.tailscale.enable = true;
## Time and Region ## Time and Region
time.timeZone = lib.mkDefault "Europe/Zurich"; time.timeZone = "Europe/Zurich";
# Select internationalisation properties. # Select internationalisation properties.
console.keyMap = "jp106"; # Console key layout console.keyMap = "jp106"; # Console key layout
i18n.defaultLocale = "ja_JP.UTF-8"; i18n.defaultLocale = "ja_JP.UTF-8";
# Input methods (only fcitx5 works reliably on Wayland) # Input methods (only fcitx5 works reliably on Wayland)
i18n.inputMethod = { i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.waylandFrontend = true; fcitx5.waylandFrontend = true;
fcitx5.addons = with pkgs; [ fcitx5.addons = with pkgs; [
fcitx5-mozc fcitx5-mozc
fcitx5-unikey fcitx5-unikey
fcitx5-gtk fcitx5-gtk
]; ];
} // (if config.system.nixos.release == "24.05" then { };
enabled = "fcitx5";
} else {
enable = true;
type = "fcitx5";
});
# Default packages # Default packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -319,6 +294,8 @@ in
programs.dconf.enable = true; programs.dconf.enable = true;
# Gaming! (not for ARM64) # Gaming! (not for ARM64)
programs.steam.enable = !pkgs.stdenv.isAarch64; programs.steam.enable = !pkgs.stdenv.isAarch64;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = !pkgs.stdenv.isAarch64; # For 32 bit applications
## Services ## Services
# OpenSSH so you can SSH to me # OpenSSH so you can SSH to me

View file

@ -1,18 +0,0 @@
{ config, lib, ... }:
with { inherit (lib) types mkOption mkEnableOption; };
let
cfg = config.common.linux.sops;
in
{
options.common.linux.sops = {
enable = mkEnableOption "Enable sops configuration";
file = mkOption {
type = types.path;
description = "Path to the default sops file";
};
};
config = lib.mkIf cfg.enable {
sops.defaultSopsFile = cfg.file;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
}

View file

@ -34,6 +34,11 @@ in
default = 655; default = 655;
description = "The port to listen on"; description = "The port to listen on";
}; };
meshIp = mkOption {
type = types.str;
description = "The mesh ip to be assigned by hostname";
};
}; };
config = mkIf cfg.enable (builtins.seq config = mkIf cfg.enable (builtins.seq
@ -46,6 +51,7 @@ in
myMeshIp = myHost.subnetAddr; myMeshIp = myHost.subnetAddr;
in in
{ {
services.my-tinc.meshIp = myMeshIp;
# Scripts that set up the tinc services # Scripts that set up the tinc services
environment.etc = { environment.etc = {
"tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" '' "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
@ -78,11 +84,6 @@ in
# firewall # firewall
networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedUDPPorts = [ 655 ];
networking.firewall.allowedTCPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 ];
networking.firewall.interfaces."tinc.${networkName}" = {
allowedUDPPortRanges = [{ from = 0; to = 65535; }];
allowedTCPPortRanges = [{ from = 0; to = 65535; }];
};
# configure tinc service # configure tinc service
# ---------------------- # ----------------------

View file

@ -23,13 +23,10 @@ in
hosts; hosts;
# Add all of them to host # Add all of them to host
nki.services.edns = { networking.extraHosts = lib.strings.concatStringsSep
enable = true; "\n"
cloaking-rules = (lib.attrsets.mapAttrsToList
(lib.attrsets.mapAttrs' (name: host: "${host.subnetAddr} ${name}.tinc")
(name: host: { name = "${name}.tinc"; value = host.subnetAddr; }) hosts);
hosts)
;
};
}; };
} }

View file

@ -22,14 +22,4 @@
subnetAddr = "11.0.0.4"; subnetAddr = "11.0.0.4";
ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN"; ed25519PublicKey = "6MN5LVE4juavv8qJW2dTN4t/haKCADWquAQj/ADF7iN";
}; };
yoga = {
subnetAddr = "11.0.0.5";
ed25519PublicKey = "n+gIZjuuTPxi0OBqw2oOcmXd3loOHG+GQHBMXNlgyqI";
};
framework = {
subnetAddr = "11.0.0.6";
ed25519PublicKey = "YL7NA6Ydv/3FBfSzOPvyHlGweAViPvsG3b0Zh8L0NzF";
};
} }

View file

@ -10,7 +10,7 @@ with lib;
ibm-plex ibm-plex
(nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) (nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; })
noto-fonts noto-fonts
(pkgs.noto-fonts-cjk-sans or pkgs.noto-fonts-cjk) noto-fonts-cjk
merriweather merriweather
corefonts corefonts
font-awesome font-awesome

View file

@ -12,7 +12,7 @@ lib.mkIf pkgs.stdenv.isLinux {
name = "system-icons"; name = "system-icons";
paths = with pkgs; [ paths = with pkgs; [
#libsForQt5.breeze-qt5 # for plasma #libsForQt5.breeze-qt5 # for plasma
(pkgs.gnome-themes-extra or gnome.gnome-themes-extra) # Until 24.11 gnome.gnome-themes-extra
]; ];
pathsToLink = [ "/share/icons" ]; pathsToLink = [ "/share/icons" ];
}; };

View file

@ -16,7 +16,7 @@ in
security.pam = mkIf pkgs.stdenv.isLinux { security.pam = mkIf pkgs.stdenv.isLinux {
u2f = { u2f = {
enable = true; enable = true;
settings.cue = true; cue = true;
}; };
# Services # Services

View file

@ -8,11 +8,6 @@ in
options.nki.services.edns = { options.nki.services.edns = {
enable = mkEnableOption "Enable encrypted DNS"; enable = mkEnableOption "Enable encrypted DNS";
ipv6 = mkEnableOption "Enable ipv6"; ipv6 = mkEnableOption "Enable ipv6";
cloaking-rules = mkOption {
type = types.attrsOf types.str;
default = { };
description = "A set of domain -> ip mapping for cloaking_rules";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -47,11 +42,6 @@ in
{ server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; } { server_name = "*"; via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; }
]; ];
anonymized_dns.skip_incompatible = true; anonymized_dns.skip_incompatible = true;
# Cloaking rules
cloaking_rules = pkgs.writeText "cloaking_rules.txt" (lib.strings.concatStringsSep
"\n"
(lib.attrsets.mapAttrsToList (name: ip: "${name} ${ip}") cfg.cloaking-rules));
}; };
}; };
}; };

View file

@ -1,66 +0,0 @@
{ config, lib, ... }:
with { inherit (lib) mkOption types mkIf; };
let
cfg = config.services.nix-build-farm;
hosts = import ./hosts.nix;
build-user = "nix-builder";
isBuilder = host: host ? "builder";
allBuilders = lib.filterAttrs (_: isBuilder) hosts;
in
{
options.services.nix-build-farm = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable nix-build-farm as a client";
};
hostname = mkOption {
type = types.enum (builtins.attrNames hosts);
description = "The hostname as listed in ./hosts.nix file";
};
privateKeyFile = mkOption {
type = types.path;
description = "The path to the private SSH key file";
};
ipAddrs = mkOption {
type = types.str;
description = "The ip addresses to limit access to";
default = "11.0.0.*";
};
};
config = mkIf cfg.enable (
let
host = hosts.${cfg.hostname};
otherHosts = lib.filterAttrs (name: _: name != cfg.hostname) hosts;
otherBuilders = lib.filterAttrs (name: _: name != cfg.hostname) allBuilders;
in
{
nix.distributedBuilds = true;
nix.buildMachines = lib.mapAttrsToList
(name: host: {
hostName = host.host;
sshUser = build-user;
sshKey = cfg.privateKeyFile;
} // host.builder)
otherBuilders;
users = mkIf (isBuilder host) {
users.${build-user} = {
description = "Nix build farm user";
group = build-user;
isNormalUser = true;
openssh.authorizedKeys.keys = lib.mapAttrsToList (_: host: ''from="${cfg.ipAddrs}" ${host.pubKey}'') otherHosts;
};
groups.${build-user} = { };
};
nix.settings.trusted-users = mkIf (isBuilder host) [ build-user ];
}
);
}

View file

@ -1,37 +0,0 @@
{
cloud = {
host = "cloud.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE87ddj0fTH0NuvJz0dT5ln7v7zbafXqDVdM2A4ddOb0 root@nki-personal-do";
};
home = {
host = "home.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6N1uTxnbo73tyzD9X7d7OgPeoOpY7JmQaHASjSWFPI nki@kagamiPC";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUhiVTh2NlNBa0kyOTBCc1QzVG1IRVVJQWdXcVFyNm9jRmpjakRRczRoT2ggcm9vdEBrYWdhbWlQQwo=";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
};
};
yoga = {
host = "yoga.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6ZrO/xIdmwBCUx80cscBSpJBBTp55OHGrXYBGRXKAw nki@nki-yoga-g8";
};
framework = {
host = "framework.tinc";
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH/g472MaT7YySUhBjxClfmMjpn98qYnKXDKlzWHYwuO nki@nki-framework";
builder = {
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUdOUlBCVFRkNTVVMXY1U1Jac0FjYVdhS3JGZTY0ZjIxOVViODVTQ2NWd28gcm9vdEBua2ktZnJhbWV3b3JrCg==";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 16;
speedFactor = 3;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
};
};
}

View file

@ -1 +0,0 @@
nix.home.tinc:zG2uDy0MbLY0wLuoVH/qKzTD6hTfKZufA2cWDSTCZMA=

View file

@ -1,60 +0,0 @@
{ config, pkgs, lib, ... }:
with { inherit (lib) mkEnableOption mkOption types mkIf; };
let
cfg = config.nki.services.nix-cache;
bindAddr = "127.0.0.1:5000";
in
{
options.nki.services.nix-cache = {
enableClient = mkOption {
type = types.bool;
default = !cfg.enableServer;
description = "Enable nix-cache client";
};
enableServer = mkEnableOption "Enable nix-cache server";
host = mkOption {
type = types.str;
default = "nix.home.tinc";
};
publicKey = mkOption {
type = types.str;
default = builtins.readFile ./cache-pub-key.pem;
};
privateKeyFile = mkOption {
type = types.path;
description = "Path to the private key .pem file";
};
};
config = {
nix.settings = mkIf cfg.enableClient {
substituters = lib.mkAfter [ "http://${cfg.host}" ];
trusted-public-keys = [ cfg.publicKey ];
};
services.harmonia = mkIf cfg.enableServer {
enable = true;
signKeyPath = cfg.privateKeyFile;
settings = {
bind = bindAddr;
priority = 45;
};
};
services.nginx = mkIf cfg.enableServer {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
# ... existing hosts config etc. ...
"${cfg.host}" = {
locations."/".proxyPass = "http://${bindAddr}";
};
};
};
};
}

View file

@ -17,18 +17,10 @@
./wireless.nix ./wireless.nix
]; ];
# Sops
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "framework";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# services.xserver.enable = true; # services.xserver.enable = true;
# services.xserver.displayManager.sddm.enable = true; # services.xserver.displayManager.sddm.enable = true;
# services.xserver.displayManager.sddm.wayland.enable = true; # services.xserver.displayManager.sddm.wayland.enable = true;
services.desktopManager.plasma6.enable = true; services.xserver.desktopManager.plasma6.enable = true;
# Power Management # Power Management
services.upower = { services.upower = {
@ -42,13 +34,13 @@
services.power-profiles-daemon.enable = true; services.power-profiles-daemon.enable = true;
# powerManagement.enable = true; # powerManagement.enable = true;
# powerManagement.powertop.enable = true; # powerManagement.powertop.enable = true;
services.logind.lidSwitch = "suspend-then-hibernate"; services.logind.lidSwitch = "suspend";
# Printing # Printing
services.printing.drivers = with pkgs; [ epfl-cups-drivers ]; services.printing.drivers = with pkgs; [ epfl-cups-drivers ];
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true; services.xserver.libinput.enable = true;
# Keyboard # Keyboard
services.input-remapper.enable = true; services.input-remapper.enable = true;
services.input-remapper.serviceWantedBy = [ "multi-user.target" ]; services.input-remapper.serviceWantedBy = [ "multi-user.target" ];
@ -85,16 +77,6 @@
security.pam.services.swaylock.fprintAuth = true; security.pam.services.swaylock.fprintAuth = true;
security.pam.services.login.fprintAuth = true; security.pam.services.login.fprintAuth = true;
# tinc network
sops.secrets."tinc-private-key" = { };
services.my-tinc = {
enable = true;
hostName = "framework";
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
bindPort = 6565;
};
# Secrets # Secrets
# sops.defaultSopsFile = ./secrets.yaml; # sops.defaultSopsFile = ./secrets.yaml;
# sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

View file

@ -12,8 +12,10 @@
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.kernelPackages = pkgs.linuxPackages; # until mesa fixed boot.extraModulePackages = [ ];
boot.kernelParams = [ boot.kernelParams = [
# See https://community.frame.work/t/tracking-graphical-corruption-in-fedora-39-amd-3-03-bios/39073/143
"amdgpu.sg_display=0"
# Hibernation # Hibernation
"resume=UUID=fa8aaf51-b99f-4fb4-9230-8c0957d8af3f" "resume=UUID=fa8aaf51-b99f-4fb4-9230-8c0957d8af3f"
"resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile "resume_offset=5776640" # btrfs inspect-internal map-swapfile -r /var/swapfile

View file

@ -1,32 +0,0 @@
tinc-private-key: ENC[AES256_GCM,data:cKtOFrF5FRSHWxe/QxH5O9GAba1WcWeCwW1IOzmbgdtFufRoWbCtYeaLP+WQhQ70z6xobiY9DN8Jrh7mDptKSsfKrrx2SH5JrdpsoINhLMbetXq7E29+q6CkS8NlLgE/KyV8eFjQySNsYiA/+Efq9xj9e1wOmHBDsND/jgiJDkA1qsEIFZg/vuv8LdoRY3TV/oKJ4pao9+70G4H+8Ef1sMZHGNe9qJ94Wa71nNX2fTSjKH5YBbRijMAePWr/IeCpZ9Phs7RqjBs=,iv:l0iB136X7nLVblQjFi7K4f42JKSxdsiLIRy5GPzK1nc=,tag:HAgkvWkl0Rx62ejGZckdKA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:w56sobHrhvVcKbuK15Yj20EqgFrR/5pNy/rcQjlZCiFEfgPC6ZrbsxziIdMTOX+Q4DyllKCKo+g/MIKm5S+s+nIff509ODlILhTtXlZvZlnT9+wvm5oN3WQCdkkqOr1gNnErPupfMxA6V35tNvNBCeomYuM8Xb7TuH4I1fXa5GFeT0Tnp5A2WqWoS1MzXz34CxlKXvoL6i4w7nUngt5zaGr9oMZbSa0pHxEzIhXk6h/lE864QlJid7q/mDok9gh2R80WvArGtNNj9PrT6cNKYIFuXo7vITkSkT3vo9BLflg5sgRxy4+7rBaRla0ziihQvZLtworwo6aNDvEqPqYfiX0TMYPpEWvJpp/HGDJy+Po7b0ZZkwSza+tB0J79vFH2h11Px1XSwXdq757Bn9G4OTb5oKWS5ycBU4xTnnHQBjYTSooFxYyTAvfKNEsB8AHKSuQRZgtVhWoOSPpJ6YL94ClUIT+DTaNmQjwouqNatf/nif+N/FCar8JWZDE+FX1TBu0yLmJie/f0LCdCQx+6IVdyXg7oVCoNiGg0,iv:TeSxlVc0WlOMMUtv/uq3f7JvW/kNCM7LjguhZxL51a4=,tag:m1iuk4pAX/yugM0ObzkJHQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age188tgu3psvywk6shq85mk2q0jdjwd0tcswzwlwu5pa5n3pndx75dq090z59
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmL2Z1RzBWaTI1TDl6WDNa
NTNVdEhTSFU5enNlTGVNWTI5anBZb1BtaVhjCm1BRnJDSXl1cWdBRUs1VnREVjBU
QWZxdkgzdm9JL0k5WmhDL1RCNTltdm8KLS0tIFhvQTlKMDZiVklTRWd4TzVmc2ll
bmpjcWdBV1doZml2NjlzQzdQczJ3alEKBMRP3POxtPIqBWnrvxY/++5jtVE70Uxa
EVfhsUO76A/hzyxfzpLEy1QGFE+DB/zlU0CK7HkNGPD2TrBHbzkPJA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vgh6kvee8lvxylm7z86fpl3xzjyjs4u3zdfkyf064rjvxk9fpumsew7n27
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MUxQU0dZOGRaekF4MWdo
T0krcERtRTJndFR1RHZmL0t6MjBxMW5PSENNCkR6SUhxQ0FoaEhuaWpiUzJ0MnJE
RXRERzVhL0lRVW1iRUlac0c5OHZsckEKLS0tIC9VM1dNZTNzdkFnMWk2YUwvcDNB
TDZnVjBaVzZBem5lZDB1MW4xQ0RmZ28K6d7mF+f3ZyilXlSIQGT2pBrTWuYLccE1
rYIJjHjFft/2wPX2gAW9VTiwfMT3lKJhJRqNdoie5phV5BZhkb3D9w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-17T14:58:10Z"
mac: ENC[AES256_GCM,data:ZCrzXDttLxYUvdLiqM5I17Ys6O3zoOVKq8xP78VaLb3AAoV4RGGQxixKVQ6K9h84e8bFymh512BR7xKa9fqebxTyL1XCqPkRaSZy0aWjbc6QCaK+JD4yqivgO/x5x2xgMpX/ZhPFzKNLpMga61bnm6plvF8ocG+wOqYvj3vL0Ss=,iv:QZ8YJD7h2QD2jqVKo4bg0rwpZSTyyNw6zZDcBfClKPo=,tag:PH2XnTqxV2irymg2+Z+Egg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

View file

@ -10,6 +10,8 @@ with lib;
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
# secret management
./secrets
# Fonts # Fonts
../modules/personal/fonts ../modules/personal/fonts
# Encrypted DNS # Encrypted DNS
@ -25,22 +27,10 @@ with lib;
# Plasma! # Plasma!
services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enable = true;
## Encryption ## Encryption
# Kernel modules needed for mounting USB VFAT devices in initrd stage # Kernel modules needed for mounting USB VFAT devices in initrd stage
common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892"; common.linux.luksDevices.root = "/dev/disk/by-uuid/7c6e40a8-900b-4f85-9712-2b872caf1892";
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
# Nix cache server
sops.secrets."nix-cache/private-key" = { owner = "harmonia"; group = "harmonia"; mode = "0600"; };
nki.services.nix-cache = {
enableServer = true;
privateKeyFile = config.sops.secrets."nix-cache/private-key".path;
};
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Networking # Networking
common.linux.networking = common.linux.networking =
@ -71,11 +61,13 @@ with lib;
PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path; PrivateKeyFile = config.sops.secrets."dtth-wg/private-key".path;
}; };
wireguardPeers = [{ wireguardPeers = [{
PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ="; wireguardPeerConfig = {
PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path; PublicKey = "+7iI4jwmM1Qr+/DKB1Hv8JgFkGu7lSV0PAoo+O5d3yQ=";
AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ]; PresharedKeyFile = config.sops.secrets."dtth-wg/preshared-key".path;
Endpoint = "vpn.dtth.ch:51820"; AllowedIPs = [ "100.64.0.0/10" "fd00::/106" ];
PersistentKeepalive = 25; Endpoint = "vpn.dtth.ch:51820";
PersistentKeepalive = 25;
};
}]; }];
}; };
systemd.network.networks."dtth-wg" = { systemd.network.networks."dtth-wg" = {
@ -83,8 +75,8 @@ with lib;
address = [ "100.73.146.80/32" "fd00::33:105b/128" ]; address = [ "100.73.146.80/32" "fd00::33:105b/128" ];
DHCP = "no"; DHCP = "no";
routes = [ routes = [
{ Destination = "100.64.0.0/10"; Scope = "link"; } { routeConfig = { Destination = "100.64.0.0/10"; Scope = "link"; }; }
{ Destination = "fd00::/106"; } { routeConfig.Destination = "fd00::/106"; }
]; ];
}; };

View file

@ -36,6 +36,10 @@
swapDevices = swapDevices =
[{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }]; [{ device = "/dev/disk/by-uuid/561f6441-1915-4059-a5e1-76a449b0c9bf"; }];
# GPU options
services.xserver.videoDrivers = [ "amdgpu" ];
hardware.opengl.enable = true;
# bluetooth usb # bluetooth usb
hardware.firmware = [ pkgs.rtl8761b-firmware ]; hardware.firmware = [ pkgs.rtl8761b-firmware ];
} }

View file

@ -0,0 +1,6 @@
{ config, pkgs, ... }:
{
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}

View file

@ -13,10 +13,6 @@ dtth-wg:
preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str] preshared-key: ENC[AES256_GCM,data:96q0ZfvPz4pb53XvTGameVkcETamYH8Xbv69672RBdacH6QjRCCVvPnBTfA=,iv:Q2Yonb07/Uu6KidhMgRX4zJuNU1ZySNC7g/5TwpMU80=,tag:1qQQdk20yIQlGZmX+/25RA==,type:str]
peertube: peertube:
dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str] dtth-key: ENC[AES256_GCM,data:Gu7qOisVBZrFXKBr51165FJ7Ej4hV+lIf3AMC02R3UFNXOnTHF2xC8E=,iv:F83FuD1VjZEJFMcx3gkQuKCpJmYdHtO15fRHkYdMxJM=,tag:ScH42Tr5ZsIo9JMnXhylSw==,type:str]
nix-cache:
private-key: ENC[AES256_GCM,data:4sbfIQb10Y50CrZbgjN+1iXEbXTpDqMbIB/yA3WlaAqhLtb8HKib5aZX3DLoxFbVihJcztQsvBBgEAhT9iMijoksaT9qzBQ5yIn4NGCfFem1DK8DQdjhTLMCVTyMFCT7hQHu/2Sd7w==,iv:zTSxuKOtOLekOBKBvl9MScD/Bo1Hviqq/n8Saa+1Cgo=,tag:fx73fCDPY9d07V3KKMw3DA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:m5neeWCEdaZ1MRhNwTptfDIgv3ABNlYyNil3oTD81Jbe/6WxWaS5Q++CRlHCjc2hOoHsWsZixw8iGZVTA+QXgH6B9C6A4oOAhgR9m92EGTEfFw0qxQbdzs7U98Yonx/N8SApUycZZB/EU81+MrDNY4GGzCiO6s00/vZLkDTYnqRFgbo+8KTG0BQTl4q+VYP2q3l0wy+Ivz5CWPmbz42Xdin/sBnjeFHKDuof4iZZnN3i8gUJ/mMw3lbdiHd6A8DL0G5Ut46ljzMC2aMsZOATCID3mPOPgI0xIetDofPJLDqVsNqptRHo8WB+KwDidvl222f5F7JqdSqgAMOJYPscrX0odufApiJfg5bbXBygvrDfAlPSruW7GsWGoKAhw0qC4NC/j+qYCwhS0qdorCLnIy3zzMtA6HkHtE675hy7/7oLj7k9Y8MhE4PxztjXTmDazaVCtKhnA/DpaxP2mH84gfCkJFD1YF9jtPm+P3e+46FwkW+WnHaA2L+H7Evava30DLEBhh5y9Gd1A3JN4isn,iv:7KUWg7+GWgmGJkbIvsy9gtccZBb+1Y5uDWhXQFk0obk=,tag:qJdM684XPHxecLVxVb5pgw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -50,8 +46,8 @@ sops:
bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw bUhIT0Z2b1dVWGNyS1hRVFRyZTA4d00KchP7EhSOMwBl5vFuuskzosRoi8jUu1sw
hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA== hVjJNF2a40ewgkQgVAoWEzirHbknbQORzmepDDRth7Bve3UQU64+GA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T13:59:20Z" lastmodified: "2024-04-18T13:34:51Z"
mac: ENC[AES256_GCM,data:ncT8fbtEb9ZcLcftXwgAKJRPPSG4TRHFMArtVgWNmIjDRcCNNT7ICa+9Dl8DAYKRJ+8pgelV9StIg2f7rvypHYlckontEP5nwSFzEApLItG3AZXewTC8VPoDYb4T8/OWKDoa5kBMvGrDr1bFP/CZz7H8No+k5TV7fVExsw0PHpg=,iv:vxbkeJtHkOAq7NcaZEIOMV3qGEqBUg/vpJYumBBfY70=,tag:T0yw2x1O5Tp0UllLpcFryg==,type:str] mac: ENC[AES256_GCM,data:cinVE1pHSgjCRPIDwANzR0oHw7zdN8DVDQKkhXT5j+dGiaFzNvLoYyMcEsjoxAjEdup3YMo+Vg6I4C94AUCrTn7N9BGjnGFVQz3m9q13zORi1+HWam0VItBzJm1iIo8x0PPs79OBaIHVUFAz8r4DW46P/LQISl9MQSDpCCTjVVk=,iv:2VAehWaoh2lNZM8jlmt+dqo5eeHfcr++eAdQfm/tCcM=,tag:QSnbObe3046AnFpK3Y01Eg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.8.1

View file

@ -12,9 +12,6 @@
../modules/cloud/conduit ../modules/cloud/conduit
../modules/cloud/gotosocial ../modules/cloud/gotosocial
# Encrypted DNS
../modules/services/edns
./headscale.nix ./headscale.nix
./gitea.nix ./gitea.nix
./miniflux.nix ./miniflux.nix
@ -24,11 +21,8 @@
./invidious.nix ./invidious.nix
./owncast.nix ./owncast.nix
./peertube.nix ./peertube.nix
./outline.nix
]; ];
system.stateVersion = "21.11";
common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine. common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine.
# Personal user # Personal user
@ -63,15 +57,18 @@
services.do-agent.enable = true; services.do-agent.enable = true;
system.autoUpgrade = {
enable = true;
allowReboot = true;
flake = "github:natsukagami/nix-home#nki-personal-do";
};
nix = { nix = {
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
}; };
nki.services.edns.enable = true;
nki.services.edns.ipv6 = true;
# Secret management # Secret management
sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@ -84,10 +81,6 @@
services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path; services.my-tinc.rsaPrivateKey = config.sops.secrets."tinc/rsa-private-key".path;
services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path; services.my-tinc.ed25519PrivateKey = config.sops.secrets."tinc/ed25519-private-key".path;
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "home";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
# Set up traefik # Set up traefik
sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; }; sops.secrets.cloudflare-dns-api-token = { owner = "traefik"; };
sops.secrets.traefik-dashboard-users = { owner = "traefik"; }; sops.secrets.traefik-dashboard-users = { owner = "traefik"; };
@ -192,13 +185,74 @@
protocol = "udp"; protocol = "udp";
}; };
# Outline
sops.secrets.minio-secret-key = { owner = "root"; mode = "0444"; };
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
services.outline = {
enable = true;
package = pkgs.outline.overrideAttrs (attrs: {
patches = if builtins.hasAttr "patches" attrs then attrs.patches else [ ] ++ [ ../modules/cloud/outline/dtth-wiki.patch ];
});
databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable";
redisUrl = "local";
publicUrl = "https://wiki.dtth.ch";
port = 18729;
storage = {
accessKey = "minio";
secretKeyFile = config.sops.secrets.minio-secret-key.path;
region = config.services.minio.region;
uploadBucketUrl = "https://s3.dtth.ch";
uploadBucketName = "dtth-outline";
uploadMaxSize = 50 * 1024 * 1000;
};
maximumImportSize = 50 * 1024 * 1000;
oidcAuthentication = {
clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7";
clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path;
authUrl = "https://auth.dtth.ch/application/o/authorize/";
tokenUrl = "https://auth.dtth.ch/application/o/token/";
userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/";
displayName = "DTTH Account";
};
smtp = {
fromEmail = "DTTH Wiki <dtth.wiki@nkagami.me>";
replyEmail = "";
host = "mx1.nkagami.me";
username = "dtth.wiki@nkagami.me";
passwordFile = config.sops.secrets."outline/smtp-password".path;
port = 465;
secure = true;
};
forceHttps = false;
};
cloud.postgresql.databases = [ "outline" ];
systemd.services.outline.requires = [ "postgresql.service" ];
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
# GoToSocial # GoToSocial
sops.secrets.gts-env = { restartUnits = [ "gotosocial.service" ]; }; sops.secrets.gts-env = { };
cloud.gotosocial = { cloud.gotosocial = {
enable = true; enable = true;
envFile = config.sops.secrets.gts-env.path; envFile = config.sops.secrets.gts-env.path;
}; };
# Minio
sops.secrets.minio-credentials = { };
services.minio = {
enable = true;
listenAddress = ":61929";
consoleAddress = ":62929";
rootCredentialsFile = config.sops.secrets.minio-credentials.path;
dataDir = lib.mkForce [ "/mnt/data/minio" ];
};
cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
system.stateVersion = "21.11";
# ntfy # ntfy
cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; }; cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; };
services.ntfy-sh = { services.ntfy-sh = {

View file

@ -98,7 +98,6 @@ in
}; };
users.groups.${user} = { }; users.groups.${user} = { };
sops.secrets."gitea/signing-key".owner = user; sops.secrets."gitea/signing-key".owner = user;
sops.secrets."gitea/minio-secret-key".owner = user;
sops.secrets."gitea/mailer-password".owner = user; sops.secrets."gitea/mailer-password".owner = user;
# database # database
cloud.postgresql.databases = [ user ]; cloud.postgresql.databases = [ user ];
@ -115,6 +114,8 @@ in
inherit user; inherit user;
appName = "DTTHgit";
settings = { settings = {
server = { server = {
DOMAIN = host; DOMAIN = host;
@ -135,7 +136,7 @@ in
}; };
"repository.signing" = { "repository.signing" = {
SIGNING_KEY = signingKey; SIGNING_KEY = signingKey;
SIGNING_NAME = "DTTHgit"; SIGNING_NAME = "DTTHGit";
SIGNING_EMAIL = "dtth-gitea@nkagami.me"; SIGNING_EMAIL = "dtth-gitea@nkagami.me";
}; };
ui.THEMES = default-themes + "," + themes; ui.THEMES = default-themes + "," + themes;
@ -175,19 +176,8 @@ in
PATH = "${pkgs.git}/bin/git"; PATH = "${pkgs.git}/bin/git";
}; };
storage = {
STORAGE_TYPE = "minio";
MINIO_USE_SSL = "true";
MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#";
MINIO_BUCKET = "dtth-gitea";
MINIO_LOCATION = "auto";
MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
};
federation.ENABLED = true; federation.ENABLED = true;
DEFAULT.APP_NAME = "DTTHGit";
}; };
stateDir = "/mnt/data/gitea"; stateDir = "/mnt/data/gitea";
@ -215,25 +205,17 @@ in
environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg"; environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg";
# https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7 # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
preStart = preStart = ''
let # Import the signing subkey
configFile = "${config.services.forgejo.customDir}/conf/app.ini"; if cat ${config.services.gitea.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
in echo "Keys already imported"
'' # imported
# Update minio secret key else
chmod u+w ${configFile} && \ echo "Import your keys!"
${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \ ${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
chmod u-w ${configFile} echo "trusted-key ${signingKey}" >> ${config.services.gitea.stateDir}/.gnupg/gpg.conf
# Import the signing subkey exit 1
if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then fi
echo "Keys already imported" '';
# imported
else
echo "Import your keys!"
${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
echo "trusted-key ${signingKey}" >> ${config.services.forgejo.stateDir}/.gnupg/gpg.conf
exit 1
fi
'';
}; };
} }

View file

@ -9,11 +9,9 @@
swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }]; swapDevices = [{ device = "/var/swapfile"; size = 4 * 1024; priority = 1024; }];
zramSwap.enable = true; zramSwap.enable = true;
# volumes # volumes
services.btrfs.autoScrub.enable = true;
fileSystems.data = { fileSystems.data = {
device = "/dev/disk/by-id/scsi-0HC_Volume_101470796"; device = "/dev/disk/by-id/scsi-0HC_Volume_31812942";
fsType = "btrfs"; fsType = "ext4";
mountPoint = "/mnt/data"; mountPoint = "/mnt/data";
options = [ "compress=zstd" ];
}; };
} }

View file

@ -0,0 +1,67 @@
{ lib, pkgs, config, ... }:
with lib;
let
user = "nextcloud";
host = "cloud.dtth.ch";
port = 61155;
secrets = config.sops.secrets;
in
{
sops.secrets."nextcloud/admin-password" = { owner = user; };
sops.secrets."nextcloud/minio-secret-key" = { owner = user; key = "minio-secret-key"; };
# database
cloud.postgresql.databases = [ user ];
# traefik
cloud.traefik.hosts.nextcloud = {
inherit port host;
};
systemd.services.nextcloud.requires = [ "postgresql.service" ];
services.nextcloud = {
enable = true;
hostName = host;
package = pkgs.nextcloud26;
enableBrokenCiphersForSSE = false;
home = "/mnt/data/nextcloud";
https = true;
database.createLocally = false;
extraApps = with pkgs.nextcloud26Packages.apps; {
inherit calendar contacts deck forms groupfolders news tasks;
sociallogin = pkgs.fetchNextcloudApp rec {
url = "https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.4.3/release.tar.gz";
sha256 = "sha256-ZKwtF9j9WFIk3MZgng9DmN00A73S2Rb4qbehL9adaZo=";
};
};
config = {
# Database
dbtype = "pgsql";
dbname = user;
dbuser = user;
dbhost = "/run/postgresql";
# User
adminuser = "nki";
adminpassFile = secrets."nextcloud/admin-password".path;
# General
overwriteProtocol = "https";
defaultPhoneRegion = "VN";
objectstore.s3 = {
enable = true;
bucket = "nextcloud-dtth";
autocreate = true;
key = "minio";
secretFile = config.sops.secrets."nextcloud/minio-secret-key".path;
hostname = "s3.dtth.ch";
port = 443;
useSsl = true;
usePathStyle = true;
region = "us-east-1";
};
};
};
services.nginx.virtualHosts.${host}.listen = [{ inherit port; addr = "127.0.0.1"; }];
}

View file

@ -1,56 +0,0 @@
{ config, pkgs, ... }: {
sops.secrets.authentik-oidc-client-secret = { owner = "outline"; };
sops.secrets."outline/smtp-password" = { owner = "outline"; };
sops.secrets."outline/s3-secret-key" = { owner = "outline"; };
services.outline = {
enable = true;
package = pkgs.outline.overrideAttrs (attrs: {
patches = attrs.patches or [ ] ++ [
../modules/cloud/outline/dtth-wiki.patch
../modules/cloud/outline/r2.patch
];
});
databaseUrl = "postgres://outline:outline@localhost/outline?sslmode=disable";
redisUrl = "local";
publicUrl = "https://wiki.dtth.ch";
port = 18729;
storage = {
accessKey = "6ef730e13f172d2ed6ed77f0b5b9bad9";
secretKeyFile = config.sops.secrets."outline/s3-secret-key".path;
region = "auto";
uploadBucketUrl = "https://60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
uploadBucketName = "dtth-outline";
uploadMaxSize = 50 * 1024 * 1000;
};
maximumImportSize = 50 * 1024 * 1000;
oidcAuthentication = {
clientId = "3a0c10e00cdcb4a1194315577fa208a747c1a5f7";
clientSecretFile = config.sops.secrets.authentik-oidc-client-secret.path;
authUrl = "https://auth.dtth.ch/application/o/authorize/";
tokenUrl = "https://auth.dtth.ch/application/o/token/";
userinfoUrl = "https://auth.dtth.ch/application/o/userinfo/";
displayName = "DTTH Account";
};
smtp = {
fromEmail = "DTTH Wiki <dtth.wiki@nkagami.me>";
replyEmail = "";
host = "mx1.nkagami.me";
username = "dtth.wiki@nkagami.me";
passwordFile = config.sops.secrets."outline/smtp-password".path;
port = 465;
secure = true;
};
forceHttps = false;
};
cloud.postgresql.databases = [ "outline" ];
systemd.services.outline.requires = [ "postgresql.service" ];
systemd.services.outline.environment = {
AWS_S3_R2 = "true";
AWS_S3_R2_PUBLIC_URL = "https://s3.wiki.dtth.ch";
};
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
}

File diff suppressed because one or more lines are too long

View file

@ -36,4 +36,6 @@
[{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }]; [{ device = "/dev/disk/by-uuid/2694d189-2ff6-4719-a449-367c52ed3ad6"; }];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl.enable = true;
} }

View file

@ -15,24 +15,7 @@
../modules/services/edns ../modules/services/edns
]; ];
# Secrets services.xserver.desktopManager.plasma6.enable = true;
common.linux.sops.enable = true;
common.linux.sops.file = ./secrets.yaml;
# Build farm
sops.secrets."nix-build-farm/private-key" = { mode = "0400"; };
services.nix-build-farm.hostname = "yoga";
services.nix-build-farm.privateKeyFile = config.sops.secrets."nix-build-farm/private-key".path;
## tinc
sops.secrets."tinc-private-key" = { };
services.my-tinc = {
enable = true;
hostName = "yoga";
ed25519PrivateKey = config.sops.secrets."tinc-private-key".path;
};
services.desktopManager.plasma6.enable = true;
# Power Management # Power Management
services.upower = { services.upower = {

View file

@ -1,32 +0,0 @@
tinc-private-key: ENC[AES256_GCM,data:lzmisexQPfRlIMGqbmb+uqGtOPceQ3CJGlVOeOC6nbP/IDwkufSWtxugYmUwi9IJKwO0mldijiKWuG3p9005H++8567hhPy/bU7fA4vyVC+3UVGW6l0mE+yKQXTyI7kzxkXMCK5a4Q4rUJj544vU6pt75/mytfg+Cox2woGZAHZvJ/pRuHDe2t3R6w3EYYTu6x1w5azGnFvCOVdR6XPsGJA2p3oRnEpz64L7KD2QOdtm0YsfMnorH9FbvkZgNr927VbRnBRJ1QM=,iv:4K4w6ruQxtRGjmFnWszlXZKp36TuTTnrB0sDEE/tmrM=,tag:NBP897Sw84bvZTvo/+fVfA==,type:str]
nix-build-farm:
private-key: ENC[AES256_GCM,data:etqFl2T2atN2djxqktFRtrTGqsC61A+ZUd2yS0PLm5KPO2s2/k6XqQGac9rUWP86C1YGpTJhUMzYuOPGW4yNc0YmoeHVslxBR7nX8pubXabZNdB2YMm/yAgsdeeflo4slbxJ6+00eH0iCrtWcHtWbZafHnxojborZABOvCsODdx/ahJ4J9aHqf22cAqe9iJY3L0TgE+iazKS8OO+C/PTaQiV02NZjP8GajRMXzPVoYT7wz3u0t0q0m/t8FkhMIDl9QKL+kFUDeLEGoCBzR57JXLZiW1gJsRxbkP8hVIB3s4TQnhasxqQQlCJuqBSNFl/cGdBm/ADm/yi78VHQG7rUxUrFVDL4Aoidjp6GyoojLIEpdQjtlvC7RCLNpTibV6B71EB3obpjMmmIwfoDLT4jEWhXNx3b8DnMoa0Qh4ba+HBJf+XKA93B0qOJWwJzj4qH9uqBK3xPOGTkqQMmd9M1HYrStTcI/JUX0WvEMwk8xI8MZN/TsLij4w5i6NCwSqa8Dn2lyLK0BGp5C8RT8R4k6U2ieyY6lmxsGIe,iv:703rM/FQz65upd1JWTHNsjAXh2BeoknkALShKuHUsis=,tag:yAB6KJqpm1mOFT5GzKRPBw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1vhjhmxura35apu5zdwg5ur5r40xay45ld9szh07dy0ph9chgsu7shfm4h9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseVN3ODV1YkZnNms0Y09l
dUFBK1EyOTEydWg5KzAwcjZVSG8yYlRDWlhRCklLS2ZJNlBvSlEyOGF2ZFg2UGVW
UC9LN0hxdmtGN3JlOWJaTU5hbGwvc2MKLS0tIGM1NGZxd1NoTXNacEJqMVlsbTdi
MytuNUNydmJYWFYyQk9DaHVuVk85cjAKScucMPO8pyMlSxFw09NqzqVmDYVEh5xT
4fSTAsMwIiuOyV7jvHYORxKWNMLr5t6fnj8+OFq5qUc//jNWf9pVuA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1axvjllyv2gutngwmp3pvp4xtq2gqneldaq2c4nrzmaye0uwmk9lqsealdv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYNXp6MWZGb2dGdW1ML2xq
ZWMvSVdWalQ5Z2NzTWd3Z1AweXlXZnRwUWtRCkY1VFhPS0NtbFZKU0VCMlAvSmhG
N2NmdWxTUEpMb05Ld3p6MzhhRkdBc3cKLS0tIGQ0TmFxdk1GV205azRzZ0hUWitj
eitNc1E2SzY5bkUxNWtNczRsWWJaU2MKUIu9GT7zu0MvvnXxiQfLW9pQcxFKOwPm
VRU2k3XQkYjSDZX29DxrOzaPS/L3OYNyBYMyOW8GyMa2V12lMH6lPQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T14:17:07Z"
mac: ENC[AES256_GCM,data:qrMyVDLhtK4URqrHFBx+08PMrFyfib4iH0y7iAeVB/oFGazjm3O5MeS9fNYJeONghuelux69nh2FRfSJHG/moEBcWlL68R4xbCb4he528P+n7mQnR54BNFJdT2oOra4bqO9n/4m2UA8jmA0veoqSrZUVjnmjftqOedjnRESY1L8=,iv:jql79ItwPcJg/nnbsUywOzWz/UJy0ZpY04pvEF290c4=,tag:XKrToym2dXdippnivoK1/Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,7 +1,6 @@
{ nixpkgs, nixpkgs-unstable, ... }@inputs: { nixpkgs, nixpkgs-unstable, nur, ... }@inputs:
let let
overlay-unstable = final: prev: { overlay-unstable = final: prev: {
stable = import nixpkgs { config.allowUnfree = true; system = prev.system; };
unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; }; unstable = import nixpkgs-unstable { config.allowUnfree = true; system = prev.system; };
x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; }; x86 = import nixpkgs-unstable { system = prev.system; config.allowUnsupportedSystem = true; };
}; };
@ -25,7 +24,7 @@ let
overlay-versioning = final: prev: { overlay-versioning = final: prev: {
gotosocial = prev.gotosocial.overrideAttrs (attrs: rec { gotosocial = prev.gotosocial.overrideAttrs (attrs: rec {
version = "0.17.1"; version = "0.16.0";
ldflags = [ ldflags = [
"-s" "-s"
"-w" "-w"
@ -35,13 +34,13 @@ let
web-assets = final.fetchurl { web-assets = final.fetchurl {
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz"; url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_web-assets.tar.gz";
hash = "sha256-rGntLlIbgfCtdqpD7tnvAY8qwF+BpYbQWfAGMhdOTgY="; hash = "sha256-aZQpd5KvoZvXEMVzGbWrtGsc+P1JStjZ6U5mX6q7Vb0=";
}; };
src = final.fetchFromGitHub { src = final.fetchFromGitHub {
owner = "superseriousbusiness"; owner = "superseriousbusiness";
repo = "gotosocial"; repo = "gotosocial";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-oWWsCs9jgd244yzWhgLkuHp7kY0BQ8+Ay6KpuBVG+U8="; hash = "sha256-QoG09+jmq5e5vxDVtkhY35098W/9B1HsYTuUnz43LV4=";
}; };
postInstall = '' postInstall = ''
tar xf ${web-assets} tar xf ${web-assets}
@ -87,13 +86,6 @@ let
}) })
]; ];
}; };
# https://github.com/NixOS/nixpkgs/issues/334822
vulkan-validation-layers = prev.vulkan-validation-layers.overrideAttrs (attrs: {
buildInputs = attrs.buildInputs ++ [
final.spirv-tools
];
});
}; };
overlay-libs = final: prev: { overlay-libs = final: prev: {
@ -116,24 +108,39 @@ let
}; };
}; };
overlay-rust-is-dumb = final: prev: { overlay-aarch64-linux = final: prev:
# Use stable delta compiled with old Rust version let
delta = final.stable.delta; optionalOverride = pkg: alt:
deepfilternet = final.stable.deepfilternet; if prev.stdenv.isLinux && prev.stdenv.isAarch64 then alt else pkg;
harmonia = final.callPackage in
(import {
(builtins.fetchurl { # See https://github.com/sharkdp/fd/issues/1085
url = "https://raw.githubusercontent.com/Mic92/nixpkgs/63f91202f5cd071187ede5e5ffc56003cb442876/pkgs/by-name/ha/harmonia/package.nix"; fd = optionalOverride prev.fd (prev.fd.overrideAttrs (attrs: {
sha256 = "1mz211c0bxn116ix0j5xx4wlglpbkfg7d3npw1z8hg9gc0vbj2xb"; preBuild = ''
})) export JEMALLOC_SYS_WITH_LG_PAGE=16
{ }; '';
}; }));
# See https://www.reddit.com/r/AsahiLinux/comments/zqejue/kitty_not_working_with_mesaasahiedge/
kitty = optionalOverride prev.kitty (final.writeShellApplication {
name = "kitty";
runtimeInputs = [ ];
text = ''
MESA_GL_VERSION_OVERRIDE=3.3 MESA_GLSL_VERSION_OVERRIDE=330 ${prev.kitty}/bin/kitty "$@"
'';
});
# Zotero does not have their own aarch64-linux build
zotero = optionalOverride prev.zotero (final.callPackage ./packages/aarch64-linux/zotero.nix { });
# Typora for aarch64-linux only
typora = optionalOverride
(builtins.abort "no support for non-aarch64-linux")
(final.callPackage ./packages/aarch64-linux/typora.nix { });
};
overlay-asahi = inputs.nixos-m1.overlays.default;
in in
[ [
# inputs.swayfx.inputs.scenefx.overlays.override inputs.swayfx.overlays.default
# inputs.swayfx.overlays.override
inputs.mpd-mpris.overlays.default inputs.mpd-mpris.overlays.default
inputs.rust-overlay.overlays.default
inputs.youmubot.overlays.default inputs.youmubot.overlays.default
(import ./overlays/openrazer) (import ./overlays/openrazer)
@ -143,7 +150,9 @@ in
overlay-imported overlay-imported
overlay-versioning overlay-versioning
overlay-libs overlay-libs
overlay-rust-is-dumb overlay-asahi
overlay-aarch64-linux
nur.overlay
(import ./packages/common) (import ./packages/common)