From 033328e893cbbf2ae67b6d454b802ccda8ebd89b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:27:21 +0200 Subject: [PATCH 01/12] feat(home): add poweralertd --- home/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/default.nix b/home/default.nix index 80d53a3..adeab0b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -432,6 +432,8 @@ in } ''; + services.poweralertd.enable = true; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 210fa098aee7b21235c175affcf25e385233ec74 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:27:36 +0200 Subject: [PATCH 02/12] fix: remove commented out line --- home/modules/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index fb4cc76..e7f8e57 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -45,7 +45,6 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' - #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" ''; profileExtra = '' ''; From 2917f96631209e50eacba0180bfc73c406698697 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:30:20 +0200 Subject: [PATCH 03/12] chore: update lix module --- flake.lock | 59 +++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 3 +-- 2 files changed, 46 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index e425e8b..923b31e 100644 --- a/flake.lock +++ b/flake.lock @@ -101,6 +101,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -174,22 +192,20 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -197,15 +213,15 @@ ] }, "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "nixlib": { @@ -322,7 +338,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", "nixpkgs-unstable": "nixpkgs-unstable", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -341,6 +357,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 8dc1c74..021bc7a 100644 --- a/flake.nix +++ b/flake.nix @@ -27,9 +27,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; From 8d54f859a0aee4d10f33f5b9d5fe090f1df7745b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:34:06 +0200 Subject: [PATCH 04/12] Revert "fix: bw theme popovers in tmux and helix" This reverts commit 5acfc7ecdde0627ffbf4827de018b90147f74ef5. --- home/modules/helix/config/themes/black.toml | 34 --------------------- home/modules/tmux.nix | 4 +-- 2 files changed, 2 insertions(+), 36 deletions(-) delete mode 100644 home/modules/helix/config/themes/black.toml diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml deleted file mode 100644 index 88d1a35..0000000 --- a/home/modules/helix/config/themes/black.toml +++ /dev/null @@ -1,34 +0,0 @@ -"ui.background" = {bg="white"} -"ui.text" = "black" -"ui.linenr" = {bg="white", fg="black"} -"ui.linenr.selected" = {bg="white", fg="black"} -"ui.selection" = {modifiers=["reversed"]} -"ui.cursorline" = {modifiers=["reversed"]} -"ui.statusline" = {modifiers=["reversed"]} -"ui.statusline.inactive" = {fg="black", bg="white"} -"ui.virtual" = "indent" -"ui.virtual.ruler" = { bg = "black", fg ="white" } -"ui.cursor.match" = {modifiers=["reversed"]} -"ui.cursor" = {modifiers=["reversed"]} -"ui.debug" = {fg="black"} -"ui.highlight" = { modifiers = ["underlined"] } -"ui.highlight.frameline" = {modifiers=["reversed"]} -"ui.help" = { modifiers=["reversed"] } -"ui.popup" = { modifiers=["reversed"] } -"ui.popup.info" = { modifiers=["reversed"] } -"ui.text.info" = { modifiers=["reversed"] } -"ui.menu" = { bg="black", fg="white" } -"ui.menu.selected" = { bg="white", fg="black" } -"ui.window" = { bg="white" } -"diagnostic" = { modifiers=["reversed"] } -"diagnostic.error" = {modifiers=["bold", "underlined"]} -"diagnostic.warning" = {modifiers=["underlined", "italic"]} -"diagnostic.hint" = {modifiers=["underlined"]} -"diagnostic.unnecessary" = {modifiers = ["dim"]} -"diagnostic.deprecated" = {modifiers = ["crossed_out"]} -"ui.bufferline" = { fg="black", bg="white" } -"ui.bufferline.active" = { fg="black", bg="white" } - -[palette] -white = "#ffffff" -black = "#000000" diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index df005ff..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,17 +12,17 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; + terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on + set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' - set -g status-bg "#000000" - set -g status-fg "#ffffff" bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" From 8baeff1f366e91a7a15cd55e43d6a308dac0645b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:34:08 +0200 Subject: [PATCH 05/12] Revert "feat: switch to black on white theme" This reverts commit cde3f39c11c9e524a4b79fa2dc6ea840b7d26658. --- home/default.nix | 36 +++++++++++++-------------- home/modules/alacritty/default.nix | 2 +- home/modules/helix/config/config.toml | 2 +- home/modules/zsh.nix | 1 - 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/home/default.nix b/home/default.nix index adeab0b..0a0df48 100644 --- a/home/default.nix +++ b/home/default.nix @@ -19,24 +19,24 @@ let "helix" ]; colors = { - background = "ffffff"; - foreground = "000000"; - regular0 = "000000"; - regular1 = "000000"; - regular2 = "000000"; - regular3 = "000000"; - regular4 = "000000"; - regular5 = "000000"; - regular6 = "000000"; - regular7 = "000000"; - bright0 = "ffffff"; - bright1 = "ffffff"; - bright2 = "ffffff"; - bright3 = "ffffff"; - bright4 = "ffffff"; - bright5 = "ffffff"; - bright6 = "ffffff"; - bright7 = "ffffff"; + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue }; in { diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index db3db6e..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in programs.alacritty = { enable = true; settings = { - env.TERM = "xterm-mono"; + env.TERM = "xterm-256color"; scrolling.history = 0; font = { size = 9; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 71b6c42..41cf786 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "black" +theme = "solarized_light" [editor] line-number = "relative" diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index e7f8e57..a095bff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -20,7 +20,6 @@ in autocd = true; sessionVariables = { EDITOR = "hx"; - TERM = "xterm-mono"; }; history = { extended = true; From 787ff188745f410000c3e977a0c8735d29cb3441 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:36:19 +0200 Subject: [PATCH 06/12] Revert "chore: make prompt and shell pretty" This reverts commit 65720489b501597a59b967c073f1bfeb78729140. --- home/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/home/default.nix b/home/default.nix index 0a0df48..fd0ddd3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -403,11 +403,11 @@ in bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border - client.focused #${background} #${foreground} #${background} #${foreground} #${background} - client.focused_inactive #${background} #${background} #${foreground} #${foreground} #${background} - client.unfocused #${background} #${background} #${foreground} #${foreground} #${background} - client.urgent #${background} #${background} #${foreground} #${foreground} #${background} - client.placeholder #${background} #${background} #${foreground} #${foreground} #${background} + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} client.background #${foreground} From 091c4243fe759d166eecd9757afab5bcf7df7bf4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:38:15 +0200 Subject: [PATCH 07/12] chore: update nixpkgs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 923b31e..f95384d 100644 --- a/flake.lock +++ b/flake.lock @@ -162,11 +162,11 @@ ] }, "locked": { - "lastModified": 1745251259, - "narHash": "sha256-Hf8WEJMMoP6Fe+k+PYkVJFk5UKory2S0jW7HqRVqQFc=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "82ee14ff60611b46588ea852f267aafcc117c8c8", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -262,11 +262,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744917357, - "narHash": "sha256-1Sj8MToixDwakJYNMYBS/PYbg8Oa4CAxreXraMHB5qg=", + "lastModified": 1747418223, + "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1eae3268880484be84199bdb77941c09bb4a97ba", + "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8", "type": "github" }, "original": { @@ -294,11 +294,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { @@ -310,11 +310,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -379,11 +379,11 @@ ] }, "locked": { - "lastModified": 1744961264, - "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { From 6ca9dde866a27d4e0343a28a8cbc1d8b4ba1fb10 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:49:05 +0200 Subject: [PATCH 08/12] chore: update nixpkgs --- flake.lock | 51 ++++++------------ flake.nix | 5 +- nixos/configurations.nix | 110 +++++++++++++++++++++++---------------- outputs.nix | 29 +++++------ 4 files changed, 97 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index f95384d..e980db7 100644 --- a/flake.lock +++ b/flake.lock @@ -277,38 +277,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1747418223, - "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-full": { - "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { "locked": { "lastModified": 1747327360, "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", @@ -324,6 +292,22 @@ "type": "github" } }, + "nixpkgs-small": { + "locked": { + "lastModified": 1747452614, + "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e067fb89ac3e59f993f257c799318132f1492f01", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -336,8 +320,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-full": "nixpkgs-full", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-small": "nixpkgs-small", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 021bc7a..ec49fa2 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,8 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 48d70cd..497a7bf 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,32 +1,42 @@ -{ self -, agenix -, lix-module -, nixpkgs -, nixpkgs-full -, home-manager -, homepage -, nixos-hardware -, nixos-generators -, nixpkgs-unstable -, ... +{ + self, + agenix, + home-manager, + homepage, + lix-module, + nixos-hardware, + nixos-generators, + nixpkgs, + nixpkgs-small, + ... }@inputs: let lixModule = lix-module.nixosModules.default; - nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { - inherit system; + nixosSystem = + { + nixpkgs, + system ? "x86_64-linux", + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; - modules = [ - lixModule - { - nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; - } - ] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; - }; + modules = + [ + lixModule + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; + }; in { gorgon = nixosSystem rec { - n_nixpkgs = nixpkgs-unstable; + nixpkgs = nixpkgs; system = "x86_64-linux"; @@ -34,13 +44,16 @@ in { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { dadada = self; }; + dadada.inputs = inputs // { + dadada = self; + }; } nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 home-manager.nixosModules.home-manager - ({ pkgs, lib, ... }: + ( + { pkgs, lib, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -49,12 +62,14 @@ in { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home; - }) + } + ) ./gorgon/configuration.nix ]; }; surgat = nixosSystem { + nixpkgs = nixpkgs-small; system = "x86_64-linux"; extraModules = [ { @@ -66,34 +81,39 @@ in }; agares = nixosSystem { + nixpkgs = nixpkgs-small; extraModules = [ ./agares/configuration.nix ]; }; - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - lixModule - nixos-generators.nixosModules.install-iso - self.nixosModules.admin - { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; - networking.tempAddresses = "disabled"; - dadada.admin.enable = true; - documentation.enable = true; - documentation.nixos.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - } - ]; - }; + installer = + let + nixpkgs = nixpkgs-small; + in + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + lixModule + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = true; + documentation.nixos.enable = true; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; ninurta = nixosSystem { - n_nixpkgs = nixpkgs-full; + nixpkgs = nixpkgs-small; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/outputs.nix b/outputs.nix index efa3dab..d588f6e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,18 +1,14 @@ # Adapted from Mic92/dotfiles -{ self -, flake-utils -, flake-registry -, homepage -, lix-module -, nixpkgs -, home-manager -, nixos-hardware -, nixpkgs-full -, agenix -, devshell -, ... -} @ inputs: -(flake-utils.lib.eachDefaultSystem (system: +{ + self, + flake-utils, + nixpkgs, + agenix, + devshell, + ... +}@inputs: +(flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; }; in @@ -35,8 +31,9 @@ packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; }; - })) - // { + } +)) +// { hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; From 0d892a1b7e0a6867e5f6f80777819c64056c0288 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 13:05:33 +0200 Subject: [PATCH 09/12] feat: switch to lix from nixpkgs --- flake.lock | 86 +-------------------------------- flake.nix | 4 -- nixos/configurations.nix | 65 ++++++++++++------------- nixos/modules/profiles/base.nix | 4 +- 4 files changed, 35 insertions(+), 124 deletions(-) diff --git a/flake.lock b/flake.lock index e980db7..8a95fce 100644 --- a/flake.lock +++ b/flake.lock @@ -101,39 +101,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -189,41 +156,6 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -316,12 +248,11 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", - "lix-module": "lix-module", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -340,21 +271,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index ec49fa2..05f7349 100644 --- a/flake.nix +++ b/flake.nix @@ -25,10 +25,6 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 497a7bf..adacb51 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -3,7 +3,6 @@ agenix, home-manager, homepage, - lix-module, nixos-hardware, nixos-generators, nixpkgs, @@ -11,8 +10,6 @@ ... }@inputs: let - lixModule = lix-module.nixosModules.default; - nixosSystem = { nixpkgs, @@ -24,7 +21,6 @@ let modules = [ - lixModule { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; } @@ -35,38 +31,40 @@ let }; in { - gorgon = nixosSystem rec { - nixpkgs = nixpkgs; + gorgon = + let + system = "x86_64-linux"; + in + nixosSystem { + inherit nixpkgs system; - system = "x86_64-linux"; - - extraModules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - - home-manager.nixosModules.home-manager - ( - { pkgs, lib, ... }: + extraModules = [ { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { + dadada = self; + }; } - ) - ./gorgon/configuration.nix - ]; - }; + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + ( + { pkgs, lib, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home; + } + ) + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { nixpkgs = nixpkgs-small; @@ -94,7 +92,6 @@ in nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - lixModule nixos-generators.nixosModules.install-iso self.nixosModules.admin { diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index e375cc9..c23a273 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -22,6 +22,8 @@ in time.timeZone = mkDefault "Europe/Berlin"; + nix.package = pkgs.lix; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ From cb69d8edb0a321d9069e3fe2f1a95745d783c927 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 13:43:46 +0200 Subject: [PATCH 10/12] fix: set maximum log retention to 100 days --- nixos/modules/profiles/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index d26358c..1aeab43 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -20,6 +20,7 @@ with lib; { services.journald.extraConfig = '' SystemKeepFree = 2G + MaxRetentionSec = 100days ''; system.autoUpgrade = { From 33bc06ee109b9798676f0c6e192f5000ff7fffe3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 14:01:36 +0200 Subject: [PATCH 11/12] fix(surgat): ssh initrd unlock --- nixos/modules/profiles/cloud.nix | 4 ++-- secrets/secrets.nix | 1 + secrets/surgat-initrd-ssh_host_ed25519_key.age | Bin 0 -> 820 bytes 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 secrets/surgat-initrd-ssh_host_ed25519_key.age diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 98314c7..86e2c74 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; + initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key"; in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; @@ -9,7 +9,7 @@ in enable = true; ssh = { enable = true; - port = 22; + port = 2223; hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7da57e3..d1a5265 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; + "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/surgat-initrd-ssh_host_ed25519_key.age new file mode 100644 index 0000000000000000000000000000000000000000..32dbcbf2ce1b0961f179ad26bb2a5577f8e340cc GIT binary patch literal 820 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73iZz_C|4+tGRfCZ z&d5sgGR!W_3CeS>Dl|^bjxsE-axG0RjLa=_3OB3DF3?X8jN~#X4lm3t^e)eL^GHt% z@isRt&#H*hFUTq`3~<(t(zb{QGRexy^RsYvE=RY`za%>+yIjFFE!W4nFd$evIVZB% zE4#=z(%3E2J0#U3IUuvrE3nu!Afz(I$IQgfJ(;V*JS5fMH6Xy>Fgz^F+a=e}O*_Ri zDLmB3IbFLdBiC2IA}}H^*wMKnDjj5-j&6EUYGQG!LVk^RY!+9cW0Y}rhL1t2g=2U| zdX#fMdPiB~zkGUt8uCA^^sG(y?QfYZensa1UWm=YgK&8HMVs@a9si8}iUx`O} zmVvWDa8ZF_aYZE813kM3k1ORHde^>FMMQs`M%E25m8 zrf<$7t1UjO@xAcLnVW2u?cfU+**y21(FLiW-|v39@qB*&kLfqhSh1E1Gs%Bz`t>Tr zBP3UyThds-|5-%9#B2+F?yXNJueQsZ-Mr6&^Obhkl_gHQEJL<*MQDnse_Wr_7RS%a z{_yj>dv|V3pD=fdd*xpqcbjvb>%V-MTE1qt!ZUfXA1i)ueREBJZlGyprG)>wX!%=W zJGyng-?=lXOYi5dF9ZO&NU2D_HH3{TdTKKN5 zXun#`e);h59lSp{KE9|6e=4~7vQOC0@3U{}mj7RHOLY3bEzyZw=6l|A8wHB3nsQ0$ z#e4_e_%COpJC|6rI~>hyTxXW4737q0n5UmvcSj&j^OB~_+z$Mn$L}z(6)!BRj@;_6pb~8|)hvRk+-ikQ Date: Sat, 17 May 2025 15:02:31 +0200 Subject: [PATCH 12/12] fix(surgat): initrd networking --- nixos/modules/profiles/cloud.nix | 17 +++++++++++++++-- nixos/surgat/configuration.nix | 4 ++++ ... => initrd-surgat-ssh_host_ed25519_key.age} | Bin secrets/secrets.nix | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) rename secrets/{surgat-initrd-ssh_host_ed25519_key.age => initrd-surgat-ssh_host_ed25519_key.age} (100%) diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 86e2c74..ba131e1 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -1,10 +1,18 @@ { config, lib, ... }: let secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key"; + initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; + + boot.kernelParams = [ + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; boot.initrd.network = { enable = true; ssh = { @@ -27,8 +35,13 @@ in ''; }; + assertions = lib.singleton { + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/${initrdHostKey}.age"; + file = "${secretsPath}/initrd-${initrdHostKey}.age"; mode = "600"; path = "/etc/initrd/${initrdHostKey}"; symlink = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 6dad1ee..f2c7ba2 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -137,6 +137,10 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; + boot.kernelParams = [ + "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" + ]; + services.resolved = { enable = true; fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age similarity index 100% rename from secrets/surgat-initrd-ssh_host_ed25519_key.age rename to secrets/initrd-surgat-ssh_host_ed25519_key.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d1a5265..946d855 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,7 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; - "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];