From 82655a38a7231c0bcad598caf06526538abd569e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 13:26:45 +0200 Subject: [PATCH 001/165] fix: mitigation for CVE-2024-6387 --- nixos/modules/profiles/base.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 56e17cd..eaf55e5 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -49,5 +49,10 @@ in }; programs.zsh.enable = mkDefault true; + + # Mitigation for CVE-2024-6387 + # Might be vulnerable to DOS, but better than RCE ... + # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128 + services.openssh.settings.LoginGraceTime = 0; } From 116468e4af7c04d9a832a3b1466b1371899b3469 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:32:28 +0200 Subject: [PATCH 002/165] fix: remove mitigation after update --- nixos/modules/profiles/base.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index eaf55e5..9c78ed7 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -50,9 +50,5 @@ in programs.zsh.enable = mkDefault true; - # Mitigation for CVE-2024-6387 - # Might be vulnerable to DOS, but better than RCE ... - # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128 - services.openssh.settings.LoginGraceTime = 0; } From 3c7d6111975cc46089731b45361fcd2e7534eed7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:31:02 +0200 Subject: [PATCH 003/165] flake: use nixos-*-small by default --- flake.lock | 23 ++++++++++++++++++++--- flake.nix | 3 ++- nixos/configurations.nix | 10 +++++++--- outputs.nix | 1 + 4 files changed, 30 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 94e1fb2..05a5355 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718086528, - "narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=", + "lastModified": 1719792669, + "narHash": "sha256-VtQjQGdRt6MzowlxEeub86i9Z/M7DNTNwFgZqLiZQVA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47b604b07d1e8146d5398b42d3306fdebd343986", + "rev": "e980b1051c444c81afcf2fee7e4a4c78489f1863", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-full": { + "locked": { + "lastModified": 1719707984, + "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "type": "github" }, "original": { @@ -257,6 +273,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nixpkgs-full": "nixpkgs-full", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index fb8c468..ccc986c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index d587829..41aabe8 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,7 @@ { self , agenix , nixpkgs +, nixpkgs-full , home-manager , homepage , nixos-hardware @@ -8,17 +9,19 @@ , ... }@inputs: let - nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { + nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { inherit system; modules = [{ - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; + nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; + }] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in { gorgon = nixosSystem rec { + n_nixpkgs = nixpkgs-full; + system = "x86_64-linux"; extraModules = [ @@ -83,6 +86,7 @@ in }; ninurta = nixosSystem { + n_nixpkgs = nixpkgs-full; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/outputs.nix b/outputs.nix index 8199211..b96b7bb 100644 --- a/outputs.nix +++ b/outputs.nix @@ -6,6 +6,7 @@ , nixpkgs , home-manager , nixos-hardware +, nixpkgs-full , agenix , devshell , ... From b66b445553c127afaafecad45518ad7306efc195 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:32:48 +0200 Subject: [PATCH 004/165] feat: move SSH to non-default port --- nixos/modules/gitea.nix | 5 +++++ nixos/modules/profiles/base.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index f73ddc0..0c808bc 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -37,6 +37,11 @@ in LANDING_PAGE = "explore"; OFFLINE_MODE = true; DISABLE_SSH = false; + + # Use built-in SSH server + START_SSH_SERVER = true; + SSH_PORT = 22; + DOMAIN = "git.dadada.li"; }; picture = { diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 9c78ed7..fdeb0ee 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -50,5 +50,7 @@ in programs.zsh.enable = mkDefault true; + # Avoid some bots + services.openssh.ports = [ 2222 ]; } From 0015d9d8e13030d214ff8929fefd12dba803d851 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:33:55 +0200 Subject: [PATCH 005/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04) → 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3' (2024-06-10) → 'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f' (2024-07-01) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f' (2024-04-07) → 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10) → 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e980b1051c444c81afcf2fee7e4a4c78489f1863' (2024-07-01) → 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/1cb529bffa880746a1d0ec4e0f5076876af931f1' (2024-06-11) → 'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 05a5355..8bea2a7 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1712450863, - "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", + "lastModified": 1719708727, + "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", + "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1718025593, - "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", + "lastModified": 1719796208, + "narHash": "sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", + "rev": "f7a029d41e49ff0747888105e1ed4314dca8436f", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717995329, - "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "58b52b0dd191af70f538c707c66c682331cfdffc", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719792669, - "narHash": "sha256-VtQjQGdRt6MzowlxEeub86i9Z/M7DNTNwFgZqLiZQVA=", + "lastModified": 1719825363, + "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e980b1051c444c81afcf2fee7e4a4c78489f1863", + "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1718139168, - "narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=", + "lastModified": 1719749022, + "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1", + "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", "type": "github" }, "original": { From 25f782e2fa2a696013e7103b0ddcd354614d3546 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 15:12:47 +0200 Subject: [PATCH 006/165] fix: snapperd config --- nixos/ninurta/configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 8bf36de..003cdbc 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -225,10 +225,10 @@ in SUBVOLUME = "/home"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = 24; - TIMELINE_LIMIT_DAILY = 13; - TIMELINE_LIMIT_WEEKLY = 6; - TIMELINE_LIMIT_MONTHLY = 3; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; configs.var = { SUBVOLUME = "/var"; From c25ecee64a3e7422a8191df8944c39cbad52e4e5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 15:14:28 +0200 Subject: [PATCH 007/165] fix: all snapperd configs --- nixos/ninurta/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 003cdbc..1023d5f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -234,19 +234,19 @@ in SUBVOLUME = "/var"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = 24; - TIMELINE_LIMIT_DAILY = 13; - TIMELINE_LIMIT_WEEKLY = 6; - TIMELINE_LIMIT_MONTHLY = 3; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; configs.storage = { SUBVOLUME = "/mnt/storage"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = 24; - TIMELINE_LIMIT_DAILY = 13; - TIMELINE_LIMIT_WEEKLY = 6; - TIMELINE_LIMIT_MONTHLY = 3; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; }; From 04ed7401af03557c9622e0928b201a5c227c167b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 2 Jul 2024 12:07:19 +0200 Subject: [PATCH 008/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f' (2024-07-01) → 'github:nix-community/nixos-generators/140dcc2b9a0eb87ba5e9011076a1a7af19179ab1' (2024-07-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) → 'github:NixOS/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/7dca15289a1c2990efbe4680f0923ce14139b042' (2024-06-30) → 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30) → 'github:numtide/treefmt-nix/bdb6355009562d8f9313d9460c0d3860f525bc6c' (2024-07-02) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8bea2a7..37e8d2e 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1719796208, - "narHash": "sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A=", + "lastModified": 1719841141, + "narHash": "sha256-WOyohxFJJdfDvEB7N3eTcX44lNU2rZes1inHsyHL7mM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "f7a029d41e49ff0747888105e1ed4314dca8436f", + "rev": "140dcc2b9a0eb87ba5e9011076a1a7af19179ab1", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719681865, - "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", + "lastModified": 1719895800, + "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", + "rev": "6e253f12b1009053eff5344be5e835f604bb64cd", "type": "github" }, "original": { @@ -248,11 +248,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1719707984, - "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1719749022, - "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", + "lastModified": 1719887753, + "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", + "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", "type": "github" }, "original": { From 7e464a5f2693beb45f6f3a4307f975595da9de9b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 2 Jul 2024 12:12:21 +0200 Subject: [PATCH 009/165] fix: overwrite flake registry set by NixOS --- nixos/modules/profiles/laptop.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index cc36988..85e8e86 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -20,8 +20,8 @@ with lib; { programs.ssh.enableAskPassword = true; programs.nix-ld.enable = true; - nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; - nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; + nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs); nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; From 149a4313013631a7d55e6c4c7a91430da1c856ca Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 4 Jul 2024 23:12:12 +0200 Subject: [PATCH 010/165] fix: allow forgejo to bind to tcp port 22 --- nixos/modules/gitea.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 0c808bc..259815a 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -74,6 +74,12 @@ in vmOverCommit = true; }; + systemd.services.forgejo.serviceConfig = { + AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE"; + CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE"; + PrivateUsers = lib.mkForce false; + }; + services.nginx.virtualHosts."git.${config.networking.domain}" = { enableACME = true; forceSSL = true; From b104e57b4d94877aedc22f6270e13cafd5a42bc0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 5 Jul 2024 00:23:42 +0200 Subject: [PATCH 011/165] feat: change remote to git.dadada.li --- flake.lock | 14 +++++--------- flake.nix | 2 +- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 37e8d2e..0e5392c 100644 --- a/flake.lock +++ b/flake.lock @@ -165,17 +165,13 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1714328013, - "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", - "owner": "dadada", - "repo": "dadada.li", - "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", - "type": "github" + "narHash": "sha256-3uMz0OG3OopSIilqI9Gx2fyQZe76YEOhRUx0qJM2kP4=", + "type": "file", + "url": "https://git.dadada.li/dadada/dadada.li.git" }, "original": { - "owner": "dadada", - "repo": "dadada.li", - "type": "github" + "type": "file", + "url": "https://git.dadada.li/dadada/dadada.li.git" } }, "nixlib": { diff --git a/flake.nix b/flake.nix index ccc986c..b2d98be 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "github:dadada/dadada.li"; + url = "https://git.dadada.li/dadada/dadada.li.git"; flake = false; }; agenix = { diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index c10979a..925f20e 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -24,7 +24,7 @@ with lib; { system.autoUpgrade = { enable = true; - flake = "github:dadada/nix-config#${config.networking.hostName}"; + flake = "https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From 4678969432208232cf3b9587fc75a1e3019b9408 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 5 Jul 2024 00:24:26 +0200 Subject: [PATCH 012/165] feat: add more supported locals To enable more units. --- nixos/modules/profiles/base.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index fdeb0ee..e375cc9 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -14,6 +14,12 @@ in keyMap = "us"; }; + i18n.supportedLocales = mkDefault [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "de_DE.UTF-8/UTF-8" + ]; + time.timeZone = mkDefault "Europe/Berlin"; nix.settings.substituters = [ https://cache.nixos.org/ ]; From cae05647661195f9588952aeb0123d52c6d72b12 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 20:40:29 +0200 Subject: [PATCH 013/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) → 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-3uMz0OG3OopSIilqI9Gx2fyQZe76YEOhRUx0qJM2kP4%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-Q6hzrC9mtLnk1EA%2Bh262S09CGliVL1HsLnh8f3dqAn4%3D' • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/140dcc2b9a0eb87ba5e9011076a1a7af19179ab1' (2024-07-01) → 'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7' (2024-07-13) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) → 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) → 'github:NixOS/nixpkgs/732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd' (2024-07-15) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) → 'github:NixOS/nixpkgs/53e81e790209e41f0c1efa9ff26ff2fd7ab35e27' (2024-07-14) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/bdb6355009562d8f9313d9460c0d3860f525bc6c' (2024-07-02) → 'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15) --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 0e5392c..bc928d6 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1719827385, - "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "owner": "nix-community", "repo": "home-manager", - "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "type": "github" }, "original": { @@ -165,7 +165,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-3uMz0OG3OopSIilqI9Gx2fyQZe76YEOhRUx0qJM2kP4=", + "narHash": "sha256-Q6hzrC9mtLnk1EA+h262S09CGliVL1HsLnh8f3dqAn4=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1719841141, - "narHash": "sha256-WOyohxFJJdfDvEB7N3eTcX44lNU2rZes1inHsyHL7mM=", + "lastModified": 1720859326, + "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "140dcc2b9a0eb87ba5e9011076a1a7af19179ab1", + "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", "type": "github" }, "original": { @@ -212,11 +212,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719895800, - "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", + "lastModified": 1720737798, + "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "6e253f12b1009053eff5344be5e835f604bb64cd", + "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", "type": "github" }, "original": { @@ -228,11 +228,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719825363, - "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=", + "lastModified": 1721079475, + "narHash": "sha256-wZ62hFCMTUG68u3hSUSJOCP/ltuE32Yb4dy7FfPCpso=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e", + "rev": "732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd", "type": "github" }, "original": { @@ -244,11 +244,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1719838683, - "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", + "lastModified": 1720954236, + "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", + "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", "type": "github" }, "original": { @@ -311,11 +311,11 @@ ] }, "locked": { - "lastModified": 1719887753, - "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", + "lastModified": 1721059077, + "narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", + "rev": "0fb28f237f83295b4dd05e342f333b447c097398", "type": "github" }, "original": { From 0a5fe27bac5201876a573ba63fb8591159692609 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 21:17:45 +0200 Subject: [PATCH 014/165] fix: replace youtube-dl with yt-dlp --- home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 67bf482..76c8353 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -138,7 +138,7 @@ with pkgs; [ xsv # cut for csv unixtools.xxd xxh # portable shells - youtube-dl + yt-dlp # zotero Marked as insecure zeal zk From 0fa98de9c47e78814fdcafd25d79d37f4c979680 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 23:06:44 +0200 Subject: [PATCH 015/165] feat: enable system-monitor gnome extension --- home/dconf.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/dconf.nix b/home/dconf.nix index 4569a88..645827a 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -13,7 +13,8 @@ with lib.hm.gvariant; }; "org/gnome/shell" = { - disable-user-extensions = true; + disable-user-extensions = false; + enabled-extensions = [ "system-monitor@gnome-shell-extensions.gcampax.github.com" ]; }; "org/gnome/desktop/calendar" = { From d8dd90a8a6d579dd205445997f0fbb8dddf595c0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 23:14:28 +0200 Subject: [PATCH 016/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-Q6hzrC9mtLnk1EA%2Bh262S09CGliVL1HsLnh8f3dqAn4%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu%2Bc%3D' --- flake.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index bc928d6..47ac290 100644 --- a/flake.lock +++ b/flake.lock @@ -165,7 +165,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-Q6hzrC9mtLnk1EA+h262S09CGliVL1HsLnh8f3dqAn4=", + "narHash": "sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu+c=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, From 09ee4d5f16657da6cfa979cd7afabcf735ea9f41 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 3 Aug 2024 14:22:20 +0200 Subject: [PATCH 017/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/1ebbe68d57457c8cae98145410b164b5477761f4' (2024-06-03) → 'github:numtide/devshell/67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae' (2024-07-27) • Removed input 'devshell/flake-utils' • Removed input 'devshell/flake-utils/systems' • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu%2Bc%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-0bBtcABZHBgodfmNPNXpp8Tr3SH7Hufx18xfiSb8cWo%3D' • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7' (2024-07-13) → 'github:nix-community/nixos-generators/75cbb2a5e19c18840d105a72d036c6c92fc46c5d' (2024-07-29) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30) → 'github:nix-community/nixpkgs.lib/d15f6f6021693898fcd2c6a9bb13707383da9bbc' (2024-07-28) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11) → 'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd' (2024-07-15) → 'github:NixOS/nixpkgs/15ed5d4537fd46399513bb040bf98415c825281b' (2024-08-02) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/53e81e790209e41f0c1efa9ff26ff2fd7ab35e27' (2024-07-14) → 'github:NixOS/nixpkgs/05405724efa137a0b899cce5ab4dde463b4fd30b' (2024-08-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15) → 'github:numtide/treefmt-nix/768acdb06968e53aa1ee8de207fd955335c754b7' (2024-07-30) --- flake.lock | 82 ++++++++++++++++-------------------------------------- 1 file changed, 24 insertions(+), 58 deletions(-) diff --git a/flake.lock b/flake.lock index 47ac290..43efbdb 100644 --- a/flake.lock +++ b/flake.lock @@ -47,17 +47,16 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1717408969, - "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "lastModified": 1722113426, + "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", "owner": "numtide", "repo": "devshell", - "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", "type": "github" }, "original": { @@ -83,24 +82,6 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": [ "systems" @@ -165,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu+c=", + "narHash": "sha256-0bBtcABZHBgodfmNPNXpp8Tr3SH7Hufx18xfiSb8cWo=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -176,11 +157,11 @@ }, "nixlib": { "locked": { - "lastModified": 1719708727, - "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", + "lastModified": 1722128034, + "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", + "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", "type": "github" }, "original": { @@ -197,11 +178,11 @@ ] }, "locked": { - "lastModified": 1720859326, - "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", + "lastModified": 1722214420, + "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", + "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", "type": "github" }, "original": { @@ -212,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1720737798, - "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -228,11 +209,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721079475, - "narHash": "sha256-wZ62hFCMTUG68u3hSUSJOCP/ltuE32Yb4dy7FfPCpso=", + "lastModified": 1722621932, + "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd", + "rev": "15ed5d4537fd46399513bb040bf98415c825281b", "type": "github" }, "original": { @@ -244,11 +225,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1720954236, - "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", + "lastModified": 1722519197, + "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", + "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b", "type": "github" }, "original": { @@ -263,14 +244,14 @@ "agenix": "agenix", "devshell": "devshell", "flake-registry": "flake-registry", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -289,21 +270,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -311,11 +277,11 @@ ] }, "locked": { - "lastModified": 1721059077, - "narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=", + "lastModified": 1722330636, + "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0fb28f237f83295b4dd05e342f333b447c097398", + "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", "type": "github" }, "original": { From 54988b2d849abb344be6925832a5416700686fe1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 8 Aug 2024 22:27:26 +0200 Subject: [PATCH 018/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-PdJ1RA11vx3tM09YYAv3qAlKzENCZZITefHv6KbYhcY%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-/ir2S0iPNVw5btUtMpmeMy9gKGe/CC7KPrZiK1SFpEQ%3D' --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 43efbdb..605b1a8 100644 --- a/flake.lock +++ b/flake.lock @@ -146,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-0bBtcABZHBgodfmNPNXpp8Tr3SH7Hufx18xfiSb8cWo=", + "narHash": "sha256-/ir2S0iPNVw5btUtMpmeMy9gKGe/CC7KPrZiK1SFpEQ=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -157,11 +157,11 @@ }, "nixlib": { "locked": { - "lastModified": 1722128034, - "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", + "lastModified": 1722732880, + "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", + "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c", "type": "github" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1722214420, - "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", + "lastModified": 1723078345, + "narHash": "sha256-HSxOQEKNZXiJe9aWnckTTCThOhcRCabwHa32IduDKLk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", + "rev": "d6c5d29f58acc10ea82afff1de2b28f038f572bd", "type": "github" }, "original": { @@ -209,11 +209,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722621932, - "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", + "lastModified": 1723070956, + "narHash": "sha256-bFOTvmkJ2c1ku+E0gvqmNEF2D1PSmujDFLofKAMF/pM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "15ed5d4537fd46399513bb040bf98415c825281b", + "rev": "7cec143201c32c4937f2c153af4a9f28a3d9bec1", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1722519197, - "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { From 879370e4a8d5f1434bff83befd0aff53fc789722 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:33:29 +0200 Subject: [PATCH 019/165] fix: nar hash of homepage --- flake.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 605b1a8..00fcf56 100644 --- a/flake.lock +++ b/flake.lock @@ -146,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-/ir2S0iPNVw5btUtMpmeMy9gKGe/CC7KPrZiK1SFpEQ=", + "narHash": "sha256-A6ottqpZYc3iLJvFg+DP2RNl9ypeskUeWyfdyyjpMZw=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, From 5c9eec85a150b634865f8c9e76a97f1c2ca6b55f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:33:48 +0200 Subject: [PATCH 020/165] feat: add switcher extension to gnome shell --- home/dconf.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index 645827a..b75fb2d 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -1,6 +1,10 @@ -{ lib, ... }: +{ lib, pkgs, ... }: with lib.hm.gvariant; { + home.packages = [ + pkgs.gnomeExtensions.switcher + ]; + dconf.settings = with lib.hm.gvariant; { "org/gnome/shell" = { favorite-apps = [ @@ -14,7 +18,10 @@ with lib.hm.gvariant; "org/gnome/shell" = { disable-user-extensions = false; - enabled-extensions = [ "system-monitor@gnome-shell-extensions.gcampax.github.com" ]; + enabled-extensions = [ + "system-monitor@gnome-shell-extensions.gcampax.github.com" + "switcher@landau.fi" + ]; }; "org/gnome/desktop/calendar" = { From e809610a63f7b559b1999a497cd3d6a93035134b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:34:10 +0200 Subject: [PATCH 021/165] feat: install krita and solvespace --- home/pkgs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 76c8353..ec1deb5 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -68,6 +68,7 @@ with pkgs; [ kcachegrind keepassxc kubetail + krita ldns liboping # oping, ping multiple hosts at once libreoffice @@ -117,6 +118,7 @@ with pkgs; [ skim # fzf in Rust slurp socat + solvespace spotify sqlite sshfs-fuse From b4889eec64e2fb69e333d965c6215f990be3e381 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:35:33 +0200 Subject: [PATCH 022/165] chore: update flake inputs --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 00fcf56..29d1dc6 100644 --- a/flake.lock +++ b/flake.lock @@ -146,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-A6ottqpZYc3iLJvFg+DP2RNl9ypeskUeWyfdyyjpMZw=", + "narHash": "sha256-d72V/oM66V48FbKzXx1Waj09c8VJUg+lbzFHRye40eQ=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1723078345, - "narHash": "sha256-HSxOQEKNZXiJe9aWnckTTCThOhcRCabwHa32IduDKLk=", + "lastModified": 1723444610, + "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d6c5d29f58acc10ea82afff1de2b28f038f572bd", + "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1723310128, + "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", "type": "github" }, "original": { @@ -209,11 +209,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723070956, - "narHash": "sha256-bFOTvmkJ2c1ku+E0gvqmNEF2D1PSmujDFLofKAMF/pM=", + "lastModified": 1723540975, + "narHash": "sha256-rxpxOz2VSqgmwI7g7FGVAoye5bxwO1MSpnELY5bsITw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7cec143201c32c4937f2c153af4a9f28a3d9bec1", + "rev": "fb81cec9eda2a6b5365ad723995f0329d9e356fd", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1722869614, - "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", + "lastModified": 1723400035, + "narHash": "sha256-WoKZDlBEdMhP+hjquBAh0BhUJbcH2+U8g2mHOr1mv8I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", + "rev": "a731b45590a5169542990c36ffcde6cebd9a3356", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1722330636, - "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", + "lastModified": 1723454642, + "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", + "rev": "349de7bc435bdff37785c2466f054ed1766173be", "type": "github" }, "original": { From 16e42c3177c3ad60f6996f0176e64a327faa7ce1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 16 Aug 2024 15:21:06 +0200 Subject: [PATCH 023/165] fix: gitea urls --- flake.lock | 40 +++++++++++++++++-------------- flake.nix | 2 +- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 29d1dc6..cd1f21a 100644 --- a/flake.lock +++ b/flake.lock @@ -146,22 +146,26 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-d72V/oM66V48FbKzXx1Waj09c8VJUg+lbzFHRye40eQ=", - "type": "file", + "lastModified": 1714328013, + "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", + "ref": "refs/heads/main", + "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", + "revCount": 31, + "type": "git", "url": "https://git.dadada.li/dadada/dadada.li.git" }, "original": { - "type": "file", + "type": "git", "url": "https://git.dadada.li/dadada/dadada.li.git" } }, "nixlib": { "locked": { - "lastModified": 1722732880, - "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=", + "lastModified": 1723337705, + "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c", + "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a", "type": "github" }, "original": { @@ -178,11 +182,11 @@ ] }, "locked": { - "lastModified": 1723444610, - "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=", + "lastModified": 1723683171, + "narHash": "sha256-hQMQQHOVVkiCO5hmbjI3EVimWFIkRNkGIGUhyIQ0mQ0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85", + "rev": "1cb3dc2f3af215ea40911de8fd0942c1ff3fb673", "type": "github" }, "original": { @@ -209,11 +213,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723540975, - "narHash": "sha256-rxpxOz2VSqgmwI7g7FGVAoye5bxwO1MSpnELY5bsITw=", + "lastModified": 1723746470, + "narHash": "sha256-xOWtLQpYetDWPlOvAo04as/ocpGTm1W556zfA24Vdh4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb81cec9eda2a6b5365ad723995f0329d9e356fd", + "rev": "9bbda8b76be48dd59d352199d06c24d61b94206a", "type": "github" }, "original": { @@ -225,11 +229,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1723400035, - "narHash": "sha256-WoKZDlBEdMhP+hjquBAh0BhUJbcH2+U8g2mHOr1mv8I=", + "lastModified": 1723688146, + "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a731b45590a5169542990c36ffcde6cebd9a3356", + "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", "type": "github" }, "original": { @@ -277,11 +281,11 @@ ] }, "locked": { - "lastModified": 1723454642, - "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=", + "lastModified": 1723808491, + "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "349de7bc435bdff37785c2466f054ed1766173be", + "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b2d98be..c1836b5 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "https://git.dadada.li/dadada/dadada.li.git"; + url = "git+https://git.dadada.li/dadada/dadada.li.git"; flake = false; }; agenix = { diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 925f20e..e5b6d4c 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -24,7 +24,7 @@ with lib; { system.autoUpgrade = { enable = true; - flake = "https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; + flake = "git+https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From fc616b7be6468b2e18407356728fbc06eb652c78 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 16 Aug 2024 15:33:58 +0200 Subject: [PATCH 024/165] fix: use tar.gz archive instead of git URL --- flake.lock | 10 ++++------ flake.nix | 2 +- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index cd1f21a..5bd2c90 100644 --- a/flake.lock +++ b/flake.lock @@ -148,15 +148,13 @@ "locked": { "lastModified": 1714328013, "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", - "ref": "refs/heads/main", "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", - "revCount": 31, - "type": "git", - "url": "https://git.dadada.li/dadada/dadada.li.git" + "type": "tarball", + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/b971b5905b38be19b4fa4e7d99a70df0aebfba28.tar.gz" }, "original": { - "type": "git", - "url": "https://git.dadada.li/dadada/dadada.li.git" + "type": "tarball", + "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, "nixlib": { diff --git a/flake.nix b/flake.nix index c1836b5..1e28a54 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "git+https://git.dadada.li/dadada/dadada.li.git"; + url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; flake = false; }; agenix = { diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index e5b6d4c..d26358c 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -24,7 +24,7 @@ with lib; { system.autoUpgrade = { enable = true; - flake = "git+https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; + flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From 9d91b0388643347eb9bade80fa6b28037a5cf104 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 25 Aug 2024 17:53:19 +0200 Subject: [PATCH 025/165] chore: update homepage --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5bd2c90..e86e642 100644 --- a/flake.lock +++ b/flake.lock @@ -146,11 +146,11 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1714328013, - "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", - "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", + "lastModified": 1724600377, + "narHash": "sha256-EdDHxZNjXtWG5CUUznbXF/ktkHWOvl3vDOi90cdE4cU=", + "rev": "40b6196abf7a066e93c68f48f3109b587dad44bf", "type": "tarball", - "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/b971b5905b38be19b4fa4e7d99a70df0aebfba28.tar.gz" + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/40b6196abf7a066e93c68f48f3109b587dad44bf.tar.gz" }, "original": { "type": "tarball", From 532c25a0c5734019c1db591458f58f7bb582fd72 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Sep 2024 16:34:40 +0200 Subject: [PATCH 026/165] chore: update flake inputs --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index e86e642..aa39a63 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726818100, + "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", "type": "github" }, "original": { @@ -159,11 +159,11 @@ }, "nixlib": { "locked": { - "lastModified": 1723337705, - "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=", + "lastModified": 1726362065, + "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a", + "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", "type": "github" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1723683171, - "narHash": "sha256-hQMQQHOVVkiCO5hmbjI3EVimWFIkRNkGIGUhyIQ0mQ0=", + "lastModified": 1726817511, + "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "1cb3dc2f3af215ea40911de8fd0942c1ff3fb673", + "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1723310128, - "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", + "lastModified": 1726724509, + "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", + "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723746470, - "narHash": "sha256-xOWtLQpYetDWPlOvAo04as/ocpGTm1W556zfA24Vdh4=", + "lastModified": 1726688310, + "narHash": "sha256-Xc9lEtentPCEtxc/F1e6jIZsd4MPDYv4Kugl9WtXlz0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9bbda8b76be48dd59d352199d06c24d61b94206a", + "rev": "dbebdd67a6006bb145d98c8debf9140ac7e651d0", "type": "github" }, "original": { @@ -227,11 +227,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1726447378, + "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", "type": "github" }, "original": { @@ -279,11 +279,11 @@ ] }, "locked": { - "lastModified": 1723808491, - "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", + "lastModified": 1726734507, + "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", + "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", "type": "github" }, "original": { From 11ac1b84b78831ed590356b214246d350b66cbac Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Sep 2024 18:23:32 +0200 Subject: [PATCH 027/165] feat: upgrade to Lix --- flake.lock | 53 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 5 ++++ nixos/configurations.nix | 14 ++++++++--- outputs.nix | 1 + 4 files changed, 69 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index aa39a63..9cc797c 100644 --- a/flake.lock +++ b/flake.lock @@ -101,6 +101,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -157,6 +172,43 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1723503926, + "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", + "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723510904, + "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", + "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + } + }, "nixlib": { "locked": { "lastModified": 1726362065, @@ -249,6 +301,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", + "lix-module": "lix-module", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 1e28a54..5e512b9 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,11 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 41aabe8..040ec6b 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,5 +1,6 @@ { self , agenix +, lix-module , nixpkgs , nixpkgs-full , home-manager @@ -9,13 +10,17 @@ , ... }@inputs: let + lixModule = lix-module.nixosModules.default; + nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { inherit system; - modules = [{ - - nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; - }] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; + modules = [ + lixModule + { + nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; + } + ] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in { @@ -68,6 +73,7 @@ in installer = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + lixModule nixos-generators.nixosModules.install-iso self.nixosModules.admin { diff --git a/outputs.nix b/outputs.nix index b96b7bb..efa3dab 100644 --- a/outputs.nix +++ b/outputs.nix @@ -3,6 +3,7 @@ , flake-utils , flake-registry , homepage +, lix-module , nixpkgs , home-manager , nixos-hardware From 34ae7f3748943ca6c2eea7373ccfed3754d538fd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 26 Sep 2024 10:16:38 +0200 Subject: [PATCH 028/165] chore: update flake inputs --- flake.lock | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 9cc797c..b76b11c 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1726818100, - "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -161,11 +161,11 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1724600377, - "narHash": "sha256-EdDHxZNjXtWG5CUUznbXF/ktkHWOvl3vDOi90cdE4cU=", - "rev": "40b6196abf7a066e93c68f48f3109b587dad44bf", + "lastModified": 1727338449, + "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=", + "rev": "60398d3d728a0057b4cad49879ef637c06b28371", "type": "tarball", - "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/40b6196abf7a066e93c68f48f3109b587dad44bf.tar.gz" + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371" }, "original": { "type": "tarball", @@ -202,7 +202,7 @@ "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" }, "original": { "type": "tarball", @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1726362065, - "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", + "lastModified": 1726966855, + "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", + "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1726817511, - "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", + "lastModified": 1727312535, + "narHash": "sha256-exnTgS6OBYvEa8v5x8UsLQK2ERdDFwXNFQHoT2cqycY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", + "rev": "f31447cd3f8e54674bd1675969e97e6043a309bc", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726724509, - "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", + "lastModified": 1727040444, + "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", + "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726688310, - "narHash": "sha256-Xc9lEtentPCEtxc/F1e6jIZsd4MPDYv4Kugl9WtXlz0=", + "lastModified": 1727284797, + "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dbebdd67a6006bb145d98c8debf9140ac7e651d0", + "rev": "37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1726447378, - "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1726734507, - "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", + "lastModified": 1727252110, + "narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", + "rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", "type": "github" }, "original": { From 0ea73f318775e514f9067f6e1c78a5048b5d6aec Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 9 Oct 2024 21:04:52 +0200 Subject: [PATCH 029/165] fix: enable ACME for weechat.dadada.li --- nixos/modules/weechat.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index 340f64c..e3d8f48 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -34,7 +34,7 @@ in }; }; services.nginx.virtualHosts."weechat.dadada.li" = { - useACMEHost = "webchat.dadada.li"; + enableACME = true; forceSSL = true; root = "${pkgs.nginx}/html"; From 8317113c6b1a2d55cebf018a64badb5943101e61 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 23 Oct 2024 21:33:16 +0200 Subject: [PATCH 030/165] chore: update nixpkgs --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index b76b11c..8dce0f2 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1722113426, - "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1726966855, - "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=", + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1727312535, - "narHash": "sha256-exnTgS6OBYvEa8v5x8UsLQK2ERdDFwXNFQHoT2cqycY=", + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "f31447cd3f8e54674bd1675969e97e6043a309bc", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1729690929, + "narHash": "sha256-cTSekmupaDfrhlpLhBUBrU9mUzBaD6mYsMveTX0bKDg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "64d900abe40057393148bc0283d35c2254dd4f57", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727284797, - "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", + "lastModified": 1729675617, + "narHash": "sha256-XAnP0mq9JdMEwEcwATPV7rPp1+ORV8G4rCX6GplYfDA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d", + "rev": "f885d67e3dbd2afe0c779a9f763ddf7a4b603d97", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1727264057, - "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", + "lastModified": 1729449015, + "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", + "rev": "89172919243df199fe237ba0f776c3e3e3d72367", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1727252110, - "narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", + "lastModified": 1729613947, + "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", + "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca", "type": "github" }, "original": { From 61530cc51318713f3da8cb6bffac150b2c8eb4b3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 30 Oct 2024 21:00:27 +0100 Subject: [PATCH 031/165] feat: power management settings --- home/dconf.nix | 8 ++++---- nixos/gorgon/configuration.nix | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index b75fb2d..7fb2800 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -176,11 +176,11 @@ with lib.hm.gvariant; }; "org/gnome/settings-daemon/plugins/power" = { - idle-dim = false; - power-button-action = "hibernate"; + idle-dim = true; + power-button-action = "interactive"; power-saver-profile-on-low-battery = true; - sleep-inactive-ac-type = "nothing"; - sleep-inactive-battery-timeout = 3600; + sleep-inactive-ac-type = "blank"; + sleep-inactive-battery-timeout = 600; sleep-inactive-battery-type = "suspend"; }; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index b2da49d..fd61298 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -143,6 +143,10 @@ in systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + systemd.sleep.extraConfig = '' + HibernateDelaySec=1h + ''; + services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From c256637dddf9d5be8f25be484ce8ff82b6bee512 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 30 Oct 2024 21:08:17 +0100 Subject: [PATCH 032/165] chore: update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/64d900abe40057393148bc0283d35c2254dd4f57' (2024-10-23) → 'github:NixOS/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f885d67e3dbd2afe0c779a9f763ddf7a4b603d97' (2024-10-23) → 'github:NixOS/nixpkgs/6aa8749b515f9dec000b24794b2787b64037db51' (2024-10-29) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20) → 'github:NixOS/nixpkgs/64b80bfb316b57cdb8919a9110ef63393d74382a' (2024-10-28) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/aac86347fb5063960eccb19493e0cadcdb4205ca' (2024-10-22) → 'github:numtide/treefmt-nix/9ef337e492a5555d8e17a51c911ff1f02635be15' (2024-10-28) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8dce0f2..2c62bcf 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729690929, - "narHash": "sha256-cTSekmupaDfrhlpLhBUBrU9mUzBaD6mYsMveTX0bKDg=", + "lastModified": 1730161780, + "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "64d900abe40057393148bc0283d35c2254dd4f57", + "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729675617, - "narHash": "sha256-XAnP0mq9JdMEwEcwATPV7rPp1+ORV8G4rCX6GplYfDA=", + "lastModified": 1730189606, + "narHash": "sha256-LgkEB/b9JRWdGHx95mxSWPV5PaSPp8Aau+lsbDUXb44=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f885d67e3dbd2afe0c779a9f763ddf7a4b603d97", + "rev": "6aa8749b515f9dec000b24794b2787b64037db51", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1729449015, - "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", + "lastModified": 1730137625, + "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1729613947, - "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=", + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", "type": "github" }, "original": { From 80bbfb43ac2e38348e871075b151f4be134e9f7d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 10 Nov 2024 15:34:29 +0100 Subject: [PATCH 033/165] feat(ninurta): remove agares from monitoring --- nixos/ninurta/monitoring.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix index 9a0b983..c8bee05 100644 --- a/nixos/ninurta/monitoring.nix +++ b/nixos/ninurta/monitoring.nix @@ -19,9 +19,6 @@ [surgat] address 10.3.3.1 - - [agares] - address 10.3.3.2 ''; }; services.munin-node.enable = true; From 3824effcb63d9b1306a8a9fcbf47b5337bbbd8f4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 17 Nov 2024 00:36:34 +0100 Subject: [PATCH 034/165] chore: update dependencies --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 2c62bcf..a946b3d 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1729386149, - "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", + "lastModified": 1731200463, + "narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", + "rev": "e04234d263750db01c78a412690363dc2226e68a", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1729472750, - "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", + "lastModified": 1731546190, + "narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", + "rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730161780, - "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", + "lastModified": 1731797098, + "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", + "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730189606, - "narHash": "sha256-LgkEB/b9JRWdGHx95mxSWPV5PaSPp8Aau+lsbDUXb44=", + "lastModified": 1731663789, + "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6aa8749b515f9dec000b24794b2787b64037db51", + "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1730137625, - "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", + "lastModified": 1731652201, + "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", + "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1730120726, - "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", "type": "github" }, "original": { From b7ed2f7ec01eac2142ee08c44fcf99d285649493 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 17 Nov 2024 00:50:21 +0100 Subject: [PATCH 035/165] feat(home): remove jujutsu from pkgs --- home/pkgs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index ec1deb5..3b1d6ec 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -61,8 +61,6 @@ with pkgs; [ jameica jc # convert output to json josm - jujutsu - jq jq #jupyter kcachegrind From 806da7a64630973ce7e532ff9ed7ddd5034da1d7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 15:58:42 +0100 Subject: [PATCH 036/165] feat: add udev rules from libsigrok --- nixos/gorgon/configuration.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index fd61298..beadbc6 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -147,7 +147,12 @@ in HibernateDelaySec=1h ''; - services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ]; + services.udev.packages = [ + xilinxJtag + saleaeLogic + keychron + pkgs.libsigrok + ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From c70621ece1e90fdeb69e98e845f49271cf66c7c1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 16:00:50 +0100 Subject: [PATCH 037/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/06ffce1a8d95e95c06a4bcfa117dd960b14a7101' (2024-11-14) → 'github:nix-community/nixos-generators/3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c' (2024-11-21) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/e04234d263750db01c78a412690363dc2226e68a' (2024-11-10) → 'github:nix-community/nixpkgs.lib/b9f04e3cf71c23bea21d2768051e6b3068d44734' (2024-11-17) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/035d434d48f4375ac5d3a620954cf5fda7dd7c36' (2024-11-15) → 'github:NixOS/nixpkgs/df94f897ffe1af1bcd60cb68697c5d8e6431346e' (2024-11-22) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/c21b77913ea840f8bcf9adf4c41cecc2abffd38d' (2024-11-15) → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30) → 'github:numtide/treefmt-nix/705df92694af7093dfbb27109ce16d828a79155f' (2024-11-22) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a946b3d..21ec40c 100644 --- a/flake.lock +++ b/flake.lock @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1731200463, - "narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=", + "lastModified": 1731805462, + "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e04234d263750db01c78a412690363dc2226e68a", + "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1731546190, - "narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=", + "lastModified": 1732151224, + "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101", + "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731663789, - "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", + "lastModified": 1732244845, + "narHash": "sha256-aspop5sCDNpDMS23BplGFtQDadwkSb/sOxpuC3lafvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", + "rev": "df94f897ffe1af1bcd60cb68697c5d8e6431346e", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1731652201, - "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1730321837, - "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "lastModified": 1732292307, + "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "rev": "705df92694af7093dfbb27109ce16d828a79155f", "type": "github" }, "original": { From 3bf0f03c0b36818612f5259ff1e14a1c0a29c9a3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 16:08:10 +0100 Subject: [PATCH 038/165] feat: remove unused nixos/sway module --- nixos/modules/sway.nix | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 nixos/modules/sway.nix diff --git a/nixos/modules/sway.nix b/nixos/modules/sway.nix deleted file mode 100644 index 190d13e..0000000 --- a/nixos/modules/sway.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.dadada.sway; -in -{ - options = { - dadada.sway.enable = lib.mkEnableOption "Enable sway"; - }; - - config = lib.mkIf cfg.enable { - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - wrapperFeatures.base = true; - extraPackages = with pkgs; [ - qt5.qtwayland - swayidle - xwayland - mako - kanshi - kitty - i3status - bemenu - xss-lock - swaylock - brightnessctl - playerctl - ]; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - # needs qt5.qtwayland in systemPackages - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - # Fix for some Java AWT applications (e.g. Android Studio), - # use this if they aren't displayed properly: - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - }; - }; -} From 4e9118e3736c67a0ef542b39e71f86ea357f17fa Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 18:28:34 +0100 Subject: [PATCH 039/165] feat(home): add foot config --- home/default.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/home/default.nix b/home/default.nix index 35bd006..a95f898 100644 --- a/home/default.nix +++ b/home/default.nix @@ -127,6 +127,41 @@ in Install.WantedBy = [ "multi-user.target" ]; }; + programs.foot = { + enable = true; + server.enable = false; + settings = { + main = { + shell = "tmux"; + font = "Jetbrains Mono:size=8"; + dpi-aware = false; + }; + mouse.hide-when-typing = true; + csd.preferred = "none"; + cursor.color = "fdf6e3 586e75"; + colors = { + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; + regular1 = "dc322f"; + regular2 = "859900"; + regular3 = "b58900"; + regular4 = "268bd2"; + regular5 = "d33682"; + regular6 = "2aa198"; + regular7 = "073642"; + bright0 = "cb4b16"; + bright1 = "fdf6e3"; + bright2 = "93a1a1"; + bright3 = "839496"; + bright4 = "657b83"; + bright5 = "6c71c4"; + bright6 = "586e75"; + bright7 = "002b36"; + }; + }; + }; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 0a6e4f99c4f190bd578cedd2e776700dadaa325d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 18:48:14 +0100 Subject: [PATCH 040/165] feat: configure sway --- home/config | 229 +++++++++++++++++++++++++++++++++ home/default.nix | 2 + home/modules/xdg.nix | 1 + nixos/gorgon/configuration.nix | 39 +++++- 4 files changed, 267 insertions(+), 4 deletions(-) create mode 100644 home/config diff --git a/home/config b/home/config new file mode 100644 index 0000000..b379fba --- /dev/null +++ b/home/config @@ -0,0 +1,229 @@ +# Read `man 5 sway` for a complete reference. + +### Variables +# +# Logo key. Use Mod1 for Alt. +set $mod Mod4 +# Home row direction keys, like vim +set $left h +set $down j +set $up k +set $right l +# Your preferred terminal emulator +set $term foot +# Your preferred application launcher +# Note: pass the final command to swaymsg so that the resulting window can be opened +# on the original workspace that the command was run on. +set $menu dmenu_path | wmenu | xargs swaymsg exec -- + +### Output configuration +# +# Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) +output * bg ~/lib/pictures/camera/Camera/PXL_20240302_142813383.jpg fill + +### Idle configuration +# +# Example configuration: +# +exec swayidle -w \ + timeout 300 'swaylock -f -c 000000' \ + timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ + before-sleep 'swaylock -f -c 000000' +# +# This will lock your screen after 300 seconds of inactivity, then turn off +# your displays after another 300 seconds, and turn your screens back on when +# resumed. It will also lock your screen before your computer goes to sleep. + +input * { + xkb_layout eu + xkb_model pc105+inet + xkb_options caps:escape + drag_lock enabled + drag enabled + dwt enabled + tap enabled + tap_button_map lrm + natural_scroll enabled +} + +### Key bindings +# +# Basics: +# +# Start a terminal +bindsym $mod+Return exec $term + +# Kill focused window +bindsym $mod+Shift+q kill + +# Start your launcher +bindsym $mod+d exec $menu + +# Drag floating windows by holding down $mod and left mouse button. +# Resize them with right mouse button + $mod. +# Despite the name, also works for non-floating windows. +# Change normal to inverse to use left mouse button for resizing and right +# mouse button for dragging. +floating_modifier $mod normal + +# Lock the screen +bindsym XF86Sleep exec 'swaylock -f -c 000000' + +# Reload the configuration file +bindsym $mod+Shift+c reload + +# Exit sway (logs you out of your Wayland session) +bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' + +# Brightness +bindsym --locked XF86MonBrightnessDown exec light -U 10 +bindsym --locked XF86MonBrightnessUp exec light -A 10 + +# Volume +bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' +bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' +bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' + +# +# Moving around: +# +# Move your focus around +bindsym $mod+$left focus left +bindsym $mod+$down focus down +bindsym $mod+$up focus up +bindsym $mod+$right focus right +# Or use $mod+[up|down|left|right] +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Move the focused window with the same, but add Shift +bindsym $mod+Shift+$left move left +bindsym $mod+Shift+$down move down +bindsym $mod+Shift+$up move up +bindsym $mod+Shift+$right move right +# Ditto, with arrow keys +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# +# Workspaces: +# +# Switch to workspace +bindsym $mod+1 workspace number 1 +bindsym $mod+2 workspace number 2 +bindsym $mod+3 workspace number 3 +bindsym $mod+4 workspace number 4 +bindsym $mod+5 workspace number 5 +bindsym $mod+6 workspace number 6 +bindsym $mod+7 workspace number 7 +bindsym $mod+8 workspace number 8 +bindsym $mod+9 workspace number 9 +bindsym $mod+0 workspace number 10 +# Move focused container to workspace +bindsym $mod+Shift+1 move container to workspace number 1 +bindsym $mod+Shift+2 move container to workspace number 2 +bindsym $mod+Shift+3 move container to workspace number 3 +bindsym $mod+Shift+4 move container to workspace number 4 +bindsym $mod+Shift+5 move container to workspace number 5 +bindsym $mod+Shift+6 move container to workspace number 6 +bindsym $mod+Shift+7 move container to workspace number 7 +bindsym $mod+Shift+8 move container to workspace number 8 +bindsym $mod+Shift+9 move container to workspace number 9 +bindsym $mod+Shift+0 move container to workspace number 10 +# Note: workspaces can have any name you want, not just numbers. +# We just use 1-10 as the default. + +# +# Layout stuff: +# +# You can "split" the current object of your focus with +# $mod+b or $mod+v, for horizontal and vertical splits +# respectively. +bindsym $mod+b splith +bindsym $mod+v splitv + +# Switch the current container between different layout styles +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +bindsym $mod+e layout toggle split + +# Make the current focus fullscreen +bindsym $mod+f fullscreen + +# Toggle the current focus between tiling and floating mode +bindsym $mod+Shift+space floating toggle + +# Swap focus between the tiling area and the floating area +bindsym $mod+space focus mode_toggle + +# Move focus to the parent container +bindsym $mod+a focus parent + +# +# Font +# +font "pango:Jetbrains Mono 8" + +# +# Scratchpad: +# +# Sway has a "scratchpad", which is a bag of holding for windows. +# You can send windows there and get them back later. + +# Move the currently focused window to the scratchpad +bindsym $mod+Shift+minus move scratchpad + +# Show the next scratchpad window or hide the focused scratchpad window. +# If there are multiple scratchpad windows, this command cycles through them. +bindsym $mod+minus scratchpad show + +# +# Resizing containers: +# +mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" + +# +# Status Bar: +# +# Read `man 5 sway-bar` for more information about this section. +bar { + position top + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command while date +'%Y-%m-%d %X'; do sleep 1; done + + colors { + statusline #ffffff + background #323232 + inactive_workspace #32323200 #32323200 #5c5c5c + } +} + +include /etc/sway/config.d/* + +exec sleep 5; systemctl --user start kanshi.service diff --git a/home/default.nix b/home/default.nix index a95f898..56298f0 100644 --- a/home/default.nix +++ b/home/default.nix @@ -162,6 +162,8 @@ in }; }; + home.file.".config/sway/config".source = ./config; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index b093eca..bb96a7d 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -29,6 +29,7 @@ in config = mkIf cfg.enable { xdg = { enable = true; + configHome = "${config.home.homeDirectory}/.config"; mimeApps = { enable = false; associations.added = apps; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index beadbc6..776165a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -125,9 +125,13 @@ in }; environment.systemPackages = with pkgs; [ - chromium ghostscript smartmontools + + grim # screenshot functionality + slurp # screenshot functionality + mako # notification system developed by swaywm maintainer + pulseaudio ]; networking.firewall = { @@ -208,9 +212,36 @@ in services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; - services.xserver.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.displayManager.gdm.enable = true; + #services.xserver.enable = true; + #services.xserver.desktopManager.gnome.enable = true; + #services.xserver.displayManager.gdm.enable = true; + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + user = "greeter"; + }; + }; + }; + systemd.user.services.kanshi = { + description = "kanshi daemon"; + environment = { + WAYLAND_DISPLAY = "wayland-1"; + DISPLAY = ":0"; + }; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.kanshi}/bin/kanshi''; + }; + }; + # enable Sway window manager + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + programs.light.enable = true; + xdg.portal.wlr.enable = true; hardware.opengl = { enable = true; From 168056ce39135c6495a38c107d8c6e0cdddba4a5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 19:16:34 +0100 Subject: [PATCH 041/165] chore: upgrade to 24.11 --- flake.lock | 44 +++++++++++++++--------------- flake.nix | 8 +++--- home/modules/alacritty/default.nix | 1 - home/modules/xdg.nix | 2 +- home/pkgs.nix | 2 +- nixos/gorgon/configuration.nix | 1 + nixos/ninurta/configuration.nix | 4 +-- 7 files changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 21ec40c..baa2c4e 100644 --- a/flake.lock +++ b/flake.lock @@ -144,16 +144,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -175,15 +175,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1723503926, - "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", - "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" } }, "lix-module": { @@ -198,15 +198,15 @@ ] }, "locked": { - "lastModified": 1723510904, - "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", - "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" } }, "nixlib": { @@ -263,32 +263,32 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732244845, - "narHash": "sha256-aspop5sCDNpDMS23BplGFtQDadwkSb/sOxpuC3lafvo=", + "lastModified": 1732237847, + "narHash": "sha256-WwtrPxym9sQtwZkemxUfT00iCWfXxzuVAC7uFP1m1Y0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "df94f897ffe1af1bcd60cb68697c5d8e6431346e", + "rev": "9bbcb9a5a7e54369faaced5fb0ddad1fda21b751", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "nixos-24.11-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-full": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 5e512b9..3ab6e15 100644 --- a/flake.nix +++ b/flake.nix @@ -2,14 +2,14 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; - nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; + nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; @@ -26,7 +26,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 0b84642..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -11,7 +11,6 @@ in enable = mkEnableOption "Enable alacritty config"; }; config = mkIf cfg.enable { - fonts.fontconfig.enable = true; home.packages = [ pkgs.jetbrains-mono ]; diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index bb96a7d..cccf70e 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -47,7 +47,7 @@ in home.packages = with pkgs; [ evince firefox - xdg_utils + xdg-utils ]; }; } diff --git a/home/pkgs.nix b/home/pkgs.nix index 3b1d6ec..8c1657f 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -133,7 +133,7 @@ with pkgs; [ vscodium whois wireshark - xdg_utils + xdg-utils xmlstarlet xsv # cut for csv unixtools.xxd diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 776165a..3b5a8e9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -242,6 +242,7 @@ in }; programs.light.enable = true; xdg.portal.wlr.enable = true; + hardware.bluetooth.enable = true; hardware.opengl = { enable = true; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 1023d5f..2a9e837 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -158,7 +158,7 @@ in services.hydra = { enable = true; - package = pkgs.hydra-unstable; + package = pkgs.hydra; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; @@ -394,7 +394,7 @@ in services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome = { enable = true; - extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + extraGSettingsOverridePackages = with pkgs; [ gnome.gnome-settings-daemon ]; extraGSettingsOverrides = '' [org.gnome.desktop.screensaver] lock-delay=uint32 30 From bd89f8498e8a22a13fec71e74c680a40ce159b1e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 25 Nov 2024 00:02:08 +0100 Subject: [PATCH 042/165] feat: update wallpaper --- home/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/config b/home/config index b379fba..c77a6b7 100644 --- a/home/config +++ b/home/config @@ -19,7 +19,7 @@ set $menu dmenu_path | wmenu | xargs swaymsg exec -- ### Output configuration # # Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) -output * bg ~/lib/pictures/camera/Camera/PXL_20240302_142813383.jpg fill +output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill ### Idle configuration # From 71de97484728331ec3eb0f1f6d2ca57f69b7bbf3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 25 Nov 2024 00:02:41 +0100 Subject: [PATCH 043/165] fix: disable shared shell history There is some bug preventing the fzf history selection from the widget to be pasted. --- home/modules/zsh.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 58cef5b..ab51e59 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -26,7 +26,9 @@ in ignoreDups = true; ignoreSpace = true; save = 100000; - share = true; + # FIXME https://github.com/junegunn/fzf/issues/4061 + #share = true; + share = false; }; plugins = [ ]; From cf26daecee2d42c9ac9b473bc8d7736997cb0743 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 25 Nov 2024 00:03:44 +0100 Subject: [PATCH 044/165] fix: actually start kanshi --- nixos/gorgon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3b5a8e9..85bb03d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -225,6 +225,7 @@ in }; }; systemd.user.services.kanshi = { + enable = true; description = "kanshi daemon"; environment = { WAYLAND_DISPLAY = "wayland-1"; From 429f906a1ab25b7dff7c613e086d4c27b5e652d8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 30 Nov 2024 18:29:51 +0100 Subject: [PATCH 045/165] feat: add status script --- home/config | 2 +- home/default.nix | 1 + home/pkgs.nix | 5 +- home/status | 113 +++++++++++++++++++++++++++++++++ nixos/gorgon/configuration.nix | 1 + 5 files changed, 120 insertions(+), 2 deletions(-) create mode 100755 home/status diff --git a/home/config b/home/config index c77a6b7..bc01bb6 100644 --- a/home/config +++ b/home/config @@ -215,7 +215,7 @@ bar { # When the status_command prints a new line to stdout, swaybar updates. # The default just shows the current date and time. - status_command while date +'%Y-%m-%d %X'; do sleep 1; done + status_command ~/.config/sway/status colors { statusline #ffffff diff --git a/home/default.nix b/home/default.nix index 56298f0..15514f9 100644 --- a/home/default.nix +++ b/home/default.nix @@ -163,6 +163,7 @@ in }; home.file.".config/sway/config".source = ./config; + home.file.".config/sway/status".source = ./status; # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/pkgs.nix b/home/pkgs.nix index 8c1657f..0fb833c 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -102,7 +102,10 @@ with pkgs; [ prusa-slicer pv pwgen - python3 + (python3.withPackages (python-pkgs: with python-pkgs; [ + pandas + requests + ])) ranger recipemd reptyr diff --git a/home/status b/home/status new file mode 100755 index 0000000..176467a --- /dev/null +++ b/home/status @@ -0,0 +1,113 @@ +#!/usr/bin/env python3 + +import json +import sys +import time +import requests +import logging + +from datetime import datetime + +logger = logging.getLogger(__name__) + + +class Status: + def status(self): + return None + + +class Cat(Status): + index = 0 + + def status(self): + cat_width = 200 + index = self.index + catwalk = " " * (cat_width - index) + 1 * "🐈🏳️‍🌈" + " " * index + self.index = (index + 1) % cat_width + + return catwalk + + +class Space(Status): + backoff = 0 + c_status = None + + def status(self): + backoff = self.backoff + if self.backoff == 0: + self.update() + + return self.c_status + + def update(self): + spacestatus_url = "https://status.stratum0.org/status.json" + resp = requests.get(url=spacestatus_url) + self.backoff = (self.backoff + 1) % 120 + data = resp.json() + if data["isOpen"]: + since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M") + spacestatus = f"Space is open since {since}" + else: + spacestatus = "Space is closed" + self.c_status = spacestatus + + +class Battery(Status): + capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r') + status_file = open('/sys/class/power_supply/BAT0/status', 'r') + + def status(self): + self.status_file.seek(0) + status = self.status_file.read().rstrip() + + self.capacity_file.seek(0) + capacity = self.capacity_file.read().rstrip() + + battery = f"{status} {capacity}%" + + return battery + + +class Time(Status): + def status(state): + return datetime.now().strftime("%Vth %A %H:%M") + + +def print_header(): + header = { + "version": 1, + "click_events": False, + } + print(json.dumps(header)) + print("[") + + +def run(interval, widgets): + print_header() + + while True: + body = [] + + for widget in widgets: + try: + status = widget.status() + except Exception as e: + logger.error(e) + if status: + body += {"full_text": f"{status}"}, + + print(json.dumps(body), ",", flush=True) + + ts = interval - (time.time() % interval) + time.sleep(ts) + + +if __name__ == "__main__": + logging.basicConfig(level=logging.INFO) + + # Interval in seconds + interval = 1.0 + + widgets = [Cat(), Space(), Battery(), Time()] + + run(interval, widgets) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 85bb03d..e0268e2 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,6 +128,7 @@ in ghostscript smartmontools + dmenu grim # screenshot functionality slurp # screenshot functionality mako # notification system developed by swaywm maintainer From 165c9822b985aa9576ff3f2e9f8aaa6f95e91619 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 14:12:05 +0100 Subject: [PATCH 046/165] chore(flake.lock): Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c' (2024-11-21) → 'github:nix-community/nixos-generators/098e8b6ff72c86944a8d54b64ddd7b7e6635830a' (2024-11-25) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/b9f04e3cf71c23bea21d2768051e6b3068d44734' (2024-11-17) → 'github:nix-community/nixpkgs.lib/87b6978992e2eb605732fba842cad0a7e14b2047' (2024-11-24) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16) → 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9bbcb9a5a7e54369faaced5fb0ddad1fda21b751' (2024-11-22) → 'github:NixOS/nixpkgs/d44a276324b63ff7ca4254b7ea51d5bac7eb6c64' (2024-12-01) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/057f63b6dc1a2c67301286152eb5af20747a9cb4' (2024-11-16) → 'github:NixOS/nixpkgs/62c435d93bf046a5396f3016472e8f7c8e2aed65' (2024-11-30) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/705df92694af7093dfbb27109ce16d828a79155f' (2024-11-22) → 'github:numtide/treefmt-nix/6209c381904cab55796c5d7350e89681d3b2a8ef' (2024-11-29) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index baa2c4e..b8383bc 100644 --- a/flake.lock +++ b/flake.lock @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1731805462, - "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", + "lastModified": 1732410305, + "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", + "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1732151224, - "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", + "lastModified": 1732496924, + "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", + "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731797098, - "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732237847, - "narHash": "sha256-WwtrPxym9sQtwZkemxUfT00iCWfXxzuVAC7uFP1m1Y0=", + "lastModified": 1733040108, + "narHash": "sha256-x48Dv2n8d0Ebk0Pp6qk5TW4b+oUfkOpl16ick+npjD0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9bbcb9a5a7e54369faaced5fb0ddad1fda21b751", + "rev": "d44a276324b63ff7ca4254b7ea51d5bac7eb6c64", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1732981179, + "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1732292307, - "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", + "lastModified": 1732894027, + "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "705df92694af7093dfbb27109ce16d828a79155f", + "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", "type": "github" }, "original": { From dbb636e7dfd7bd2cd8d7723727ff6538e76becf7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 14:43:32 +0100 Subject: [PATCH 047/165] fix: remove failing units --- nixos/gorgon/configuration.nix | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index e0268e2..12723e0 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -34,6 +34,8 @@ in ./hardware-configuration.nix ]; + dadada.backupClient.bs.enable = false; + dadada.backupClient.backup1.enable = true; dadada.backupClient.backup2 = { enable = true; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; @@ -178,38 +180,6 @@ in "127.0.0.2" = [ "kanboard.dadada.li" ]; }; - # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html - systemd.timers.wg-reresolve-dns = { - wantedBy = [ "timers.target" ]; - partOf = [ "wg-reresolve-dns.service" ]; - timerConfig.OnCalendar = "hourly"; - }; - - systemd.services.wg-reresolve-dns = - let - vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; - in - { - serviceConfig.Type = "oneshot"; - script = '' - ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 - ''; - }; - - #networking.wg-quick.interfaces.mullvad = { - # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; - # privateKeyFile = "/var/lib/wireguard/mullvad"; - # peers = [ - # { - # publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k="; - # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; - # endpoint = "193.27.14.66:51820"; - # persistentKeepalive = 25; - # } - # ]; - # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main"; - #}; - services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; From eb81a1fedf47cff9ec5a2711d2606a5006a86877 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 15:14:31 +0100 Subject: [PATCH 048/165] feat: count failed units in status --- home/status | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/home/status b/home/status index 176467a..45e78d8 100755 --- a/home/status +++ b/home/status @@ -5,6 +5,7 @@ import sys import time import requests import logging +import subprocess from datetime import datetime @@ -25,7 +26,7 @@ class Cat(Status): catwalk = " " * (cat_width - index) + 1 * "🐈🏳️‍🌈" + " " * index self.index = (index + 1) % cat_width - return catwalk + return {"full_text": catwalk} class Space(Status): @@ -37,7 +38,7 @@ class Space(Status): if self.backoff == 0: self.update() - return self.c_status + return {"full_text": self.c_status} def update(self): spacestatus_url = "https://status.stratum0.org/status.json" @@ -65,12 +66,26 @@ class Battery(Status): battery = f"{status} {capacity}%" - return battery + return {"full_text": battery} class Time(Status): - def status(state): - return datetime.now().strftime("%Vth %A %H:%M") + def status(self): + return {"full_text": datetime.now().strftime("%Vth %A %H:%M") } + + +class FailedUnits(Status): + def status(self): + proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True) + stdout = proc.stdout.decode('utf-8') + failed = 0 + for line in stdout: + if 'failed' in line: + failed += 1 + if failed is 0: + return {"full_text": f"No failed units"} + else: + return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} def print_header(): @@ -94,7 +109,7 @@ def run(interval, widgets): except Exception as e: logger.error(e) if status: - body += {"full_text": f"{status}"}, + body += status, print(json.dumps(body), ",", flush=True) @@ -108,6 +123,6 @@ if __name__ == "__main__": # Interval in seconds interval = 1.0 - widgets = [Cat(), Space(), Battery(), Time()] + widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()] run(interval, widgets) From fc4521750d5308c421c5900204ef1ff2a797da3a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 19:05:49 +0100 Subject: [PATCH 049/165] fix(ninurta): ssh port --- nixos/ninurta/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 2a9e837..7f63e0f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -37,6 +37,8 @@ in }; }; + services.openssh.ports = [ 22 ]; + dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; From 4e44dc164a7a3518153959d8fe10c35f1fe5aec7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:03:45 +0100 Subject: [PATCH 050/165] fix: enable backup1 --- nixos/modules/backup.nix | 2 +- nixos/modules/profiles/backup.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index c18aeb8..0ec680f 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -156,7 +156,7 @@ in }; }; - services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable { + services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable { paths = "/"; exclude = backupExcludes; repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}"; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index a69a89c..a5ad0eb 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -4,7 +4,7 @@ let in { dadada.backupClient.bs = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; From 776f7d2000879e0ec43741cd54f11f8fe7115a6c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:04:37 +0100 Subject: [PATCH 051/165] feat(laptop): remove ssh agent enable by default --- nixos/modules/profiles/laptop.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 85e8e86..a525106 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -16,7 +16,6 @@ with lib; { networking.domain = mkDefault "dadada.li"; services.fwupd.enable = mkDefault true; - programs.ssh.startAgent = true; programs.ssh.enableAskPassword = true; programs.nix-ld.enable = true; From 96dcd17947fff6c172597d2cd79bd3f19e04d5ae Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:10:22 +0100 Subject: [PATCH 052/165] feat(gorgon): enable ssh-agent --- nixos/gorgon/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 12723e0..935052a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -43,6 +43,8 @@ in repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; + programs.ssh.startAgent = true; + nix.extraOptions = '' experimental-features = nix-command flakes # Prevent garbage collection for nix shell and direnv From 3b12ac46af8d5d5ba007f5130505347d7d686835 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:27:55 +0100 Subject: [PATCH 053/165] chore(flake.lock): update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f3111f62a23451114433888902a55cf0692b408d' (2024-11-24) → 'github:nix-community/home-manager/c7ffc9727d115e433fd884a62dc164b587ff651d' (2024-12-07) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/098e8b6ff72c86944a8d54b64ddd7b7e6635830a' (2024-11-25) → 'github:nix-community/nixos-generators/8cdaf8885c9c85d9d27b594dbe882406aadfe00e' (2024-12-05) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/87b6978992e2eb605732fba842cad0a7e14b2047' (2024-11-24) → 'github:nix-community/nixpkgs.lib/0e4fdd4a0ab733276b6d2274ff84ae353f17129e' (2024-12-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24) → 'github:NixOS/nixos-hardware/e563803af3526852b6b1d77107a81908c66a9fcf' (2024-12-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d44a276324b63ff7ca4254b7ea51d5bac7eb6c64' (2024-12-01) → 'github:NixOS/nixpkgs/5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0' (2024-12-08) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/62c435d93bf046a5396f3016472e8f7c8e2aed65' (2024-11-30) → 'github:NixOS/nixpkgs/4dc2fc4e62dbf62b84132fe526356fbac7b03541' (2024-12-05) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/6209c381904cab55796c5d7350e89681d3b2a8ef' (2024-11-29) → 'github:numtide/treefmt-nix/50862ba6a8a0255b87377b9d2d4565e96f29b410' (2024-12-05) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index b8383bc..63f55fd 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1732466619, - "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", + "lastModified": 1733572789, + "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=", "owner": "nix-community", "repo": "home-manager", - "rev": "f3111f62a23451114433888902a55cf0692b408d", + "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1732410305, - "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", + "lastModified": 1733015484, + "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", + "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1732496924, - "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", + "lastModified": 1733360821, + "narHash": "sha256-bNXO+OGxrOjAxv/Lnyj84tNDicJ/FdLyLJHzOKSzYU8=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", + "rev": "8cdaf8885c9c85d9d27b594dbe882406aadfe00e", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733481457, + "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733040108, - "narHash": "sha256-x48Dv2n8d0Ebk0Pp6qk5TW4b+oUfkOpl16ick+npjD0=", + "lastModified": 1733642008, + "narHash": "sha256-ijS1XixgnF1UW1wnsO5J7rw5li0n6SZCBQWCYSfJwXw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d44a276324b63ff7ca4254b7ea51d5bac7eb6c64", + "rev": "5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1732981179, - "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=", + "lastModified": 1733412085, + "narHash": "sha256-FillH0qdWDt/nlO6ED7h4cmN+G9uXwGjwmCnHs0QVYM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65", + "rev": "4dc2fc4e62dbf62b84132fe526356fbac7b03541", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1732894027, - "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", + "lastModified": 1733440889, + "narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", + "rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410", "type": "github" }, "original": { From b059d11f6338bd93e976ff9e2e7f0c46ff0241a7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:32:44 +0100 Subject: [PATCH 054/165] feat(ninurta): remove desktop config --- nixos/ninurta/configuration.nix | 44 --------------------------------- 1 file changed, 44 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 7f63e0f..4bbca26 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -390,30 +390,6 @@ in networking.networkmanager.enable = false; networking.useDHCP = false; - # Desktop things for media playback - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = with pkgs; [ gnome.gnome-settings-daemon ]; - extraGSettingsOverrides = '' - [org.gnome.desktop.screensaver] - lock-delay=uint32 30 - lock-enabled=true - - [org.gnome.desktop.session] - idle-delay=uint32 0 - - [org.gnome.settings-daemon.plugins.power] - idle-dim=false - power-button-action='interactive' - power-saver-profile-on-low-battery=false - sleep-inactive-ac-type='nothing' - sleep-inactive-battery-type='nothing' - ''; - }; - powerManagement = { enable = true; cpuFreqGovernor = "powersave"; @@ -424,15 +400,6 @@ in # Configure the disks to spin down after 10 min of inactivity. }; - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - services.udev.packages = [ (pkgs.writeTextFile { name = "60-hdparm"; @@ -446,21 +413,10 @@ in hardware.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ - firefox - spotify - mpv smartmontools hdparm ]; - users.users."media" = { - isNormalUser = true; - description = "Media playback user"; - extraGroups = [ "users" "video" ]; - # allow anyone with physical access to log in - password = "media"; - }; - users.users."backup-keepassxc" = { home = "/mnt/storage/backups/backup-keepassxc"; isNormalUser = true; From da45c026555648b323cf728435698951b95f110d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 14 Dec 2024 21:13:53 +0100 Subject: [PATCH 055/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/c7ffc9727d115e433fd884a62dc164b587ff651d' (2024-12-07) → 'github:nix-community/home-manager/1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f' (2024-12-11) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/8cdaf8885c9c85d9d27b594dbe882406aadfe00e' (2024-12-05) → 'github:nix-community/nixos-generators/d162ffdf0a30f3d19e67df5091d6744ab8b9229f' (2024-12-12) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/0e4fdd4a0ab733276b6d2274ff84ae353f17129e' (2024-12-01) → 'github:nix-community/nixpkgs.lib/f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b' (2024-12-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e563803af3526852b6b1d77107a81908c66a9fcf' (2024-12-06) → 'github:NixOS/nixos-hardware/cf737e2eba82b603f54f71b10cb8fd09d22ce3f5' (2024-12-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0' (2024-12-08) → 'github:NixOS/nixpkgs/8e21c38b7d24eadf3ef672a65a1cc927015d2197' (2024-12-13) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/4dc2fc4e62dbf62b84132fe526356fbac7b03541' (2024-12-05) → 'github:NixOS/nixpkgs/a0f3e10d94359665dba45b71b4227b0aeb851f8e' (2024-12-10) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/50862ba6a8a0255b87377b9d2d4565e96f29b410' (2024-12-05) → 'github:numtide/treefmt-nix/0ce9d149d99bc383d1f2d85f31f6ebd146e46085' (2024-12-09) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 63f55fd..2eace4d 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1733572789, - "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=", + "lastModified": 1733951536, + "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", "owner": "nix-community", "repo": "home-manager", - "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d", + "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733015484, - "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", + "lastModified": 1733620091, + "narHash": "sha256-5WoMeCkaXqTZwwCNLRzyLxEJn8ISwjx4cNqLgqKwg9s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", + "rev": "f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1733360821, - "narHash": "sha256-bNXO+OGxrOjAxv/Lnyj84tNDicJ/FdLyLJHzOKSzYU8=", + "lastModified": 1733965598, + "narHash": "sha256-0tlZU8xfQGPcBOdXZee7P3vJLyPjTrXw7WbIgXD34gM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8cdaf8885c9c85d9d27b594dbe882406aadfe00e", + "rev": "d162ffdf0a30f3d19e67df5091d6744ab8b9229f", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733481457, - "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", + "lastModified": 1733861262, + "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", + "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733642008, - "narHash": "sha256-ijS1XixgnF1UW1wnsO5J7rw5li0n6SZCBQWCYSfJwXw=", + "lastModified": 1734078800, + "narHash": "sha256-x5OW9e2w1y/7UKvZK0m9vXddociX9cF1F1Cg9/uA/Ts=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0", + "rev": "8e21c38b7d24eadf3ef672a65a1cc927015d2197", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1733412085, - "narHash": "sha256-FillH0qdWDt/nlO6ED7h4cmN+G9uXwGjwmCnHs0QVYM=", + "lastModified": 1733808091, + "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4dc2fc4e62dbf62b84132fe526356fbac7b03541", + "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1733440889, - "narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { From 10876b113e523f66db986b283b90302ed11a0cb6 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 14 Dec 2024 21:19:29 +0100 Subject: [PATCH 056/165] feat(devshell): add nixd, remove nil --- devshell.nix | 1 - home/pkgs.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/devshell.nix b/devshell.nix index 27b9799..ebdfb12 100644 --- a/devshell.nix +++ b/devshell.nix @@ -8,7 +8,6 @@ agenix nixpkgs-fmt nixos-rebuild - nil ]; commands = [ diff --git a/home/pkgs.nix b/home/pkgs.nix index 0fb833c..e2d7eb5 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -81,6 +81,7 @@ with pkgs; [ mumble ncurses newsflash + nixd nfs-utils niv nix-index From 28200e1a8f38ea324dcf10fff0e371bcf637ee60 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 14 Dec 2024 21:40:19 +0100 Subject: [PATCH 057/165] fix: update lix --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2eace4d..09e1517 100644 --- a/flake.lock +++ b/flake.lock @@ -198,15 +198,15 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", - "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", + "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" } }, "nixlib": { diff --git a/flake.nix b/flake.nix index 3ab6e15..7519d56 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; From 022507887dd9b4fd4779ee5842a8e4a052adc6ff Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 15 Dec 2024 21:03:31 +0100 Subject: [PATCH 058/165] feat: allow connection to ssh via 2222 --- nixos/ninurta/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 4bbca26..bebea3f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -37,7 +37,7 @@ in }; }; - services.openssh.ports = [ 22 ]; + services.openssh.ports = [ 22 2222 ]; dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -367,6 +367,7 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH + 2222 80 # munin web 631 # Printing ]; From 2129924e78827c7b49fe04e131b06ac57cef7047 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 16 Dec 2024 18:59:14 +0100 Subject: [PATCH 059/165] feat: add bridge device for home assistant --- nixos/ninurta/configuration.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index bebea3f..4200470 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -312,9 +312,20 @@ in { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } ]; }; + "20-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; }; netdevs = { - "20-wg0" = { + "20-br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; + }; + }; + "20-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; @@ -367,7 +378,7 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH - 2222 + 2222 # SSH 80 # munin web 631 # Printing ]; From f67e77eaa1390bcdbccc68999b1d61cdcb4c54ff Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 16 Dec 2024 19:28:20 +0100 Subject: [PATCH 060/165] fix(ninurta): configure bridge --- nixos/ninurta/configuration.nix | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 4200470..dcd050f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -273,20 +273,7 @@ in }; "10-lan" = { matchConfig.Name = "enp*"; - networkConfig.DHCP = "ipv4"; - networkConfig.Domains = [ "bs.dadada.li" ]; - networkConfig.VLAN = [ ]; - networkConfig.IPv6PrivacyExtensions = false; - linkConfig.RequiredForOnline = "routable"; - dhcpV4Config = { - UseDomains = true; - UseDNS = true; - UseNTP = true; - }; - ipv6AcceptRAConfig = { - UseDomains = true; - UseDNS = true; - }; + bridge = [ "br0" ]; }; "30-wg0" = { matchConfig.Name = "wg0"; @@ -315,7 +302,19 @@ in "20-br0" = { matchConfig.Name = "br0"; networkConfig.DHCP = "ipv4"; + networkConfig.Domains = [ "bs.dadada.li" ]; + networkConfig.VLAN = [ ]; + networkConfig.IPv6PrivacyExtensions = false; linkConfig.RequiredForOnline = "routable"; + dhcpV4Config = { + UseDomains = true; + UseDNS = true; + UseNTP = true; + }; + ipv6AcceptRAConfig = { + UseDomains = true; + UseDNS = true; + }; }; }; netdevs = { From 87649ec999e0fa14bd2e62db52d1705cc7f23919 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:09:09 +0100 Subject: [PATCH 061/165] fix(ninurta): printer address --- nixos/ninurta/printing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index 6fdbb08..e22c989 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -32,7 +32,7 @@ drivers = [ pkgs.brlaser ]; # Remove all state at the start of the service stateless = true; - listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ]; + listenAddresses = [ "192.168.101.29:631" ]; allowFrom = [ "from 192.168.101.0/24" ]; browsing = true; defaultShared = true; From fe7dd57bc16312259babc650f4d34c0c72063281 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:27:42 +0100 Subject: [PATCH 062/165] feat(gorgon): adapt power management options --- nixos/gorgon/configuration.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 935052a..c90a2eb 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -226,5 +226,16 @@ in ]; }; + powerManagement = { + enable = true; + powertop.enable = true; + cpuFreqGovernor = "schedutil"; + powerUpCommands = '' + echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold + echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold + ''; + }; + services.tlp.enable = false; + system.stateVersion = "23.11"; } From 12b4614fc78db46a8cf6adf6d7ba187ea4e04a97 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:53:21 +0100 Subject: [PATCH 063/165] feat(ninurta): disable hydra --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index dcd050f..9eba60d 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -159,7 +159,7 @@ in }; services.hydra = { - enable = true; + enable = false; package = pkgs.hydra; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; From 09ca9341f94365d04af34d9461fa06954f2d345a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:53:38 +0100 Subject: [PATCH 064/165] feat(ninurta): make firewall configuration a little more restrictive --- nixos/ninurta/configuration.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 9eba60d..e188991 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -376,17 +376,21 @@ in enable = true; allowPing = true; allowedTCPPorts = [ - 22 # SSH 2222 # SSH - 80 # munin web - 631 # Printing ]; allowedUDPPorts = [ - 631 # Printing 51234 # Wireguard 51235 # Wireguard ]; interfaces = { + br0.allowedTCPPorts = [ + 22 # SSH + 80 # munin web + 631 # IPP + ]; + br0.allowedUDPPorts = [ + 631 # IPP + ]; uwu.allowedTCPPorts = [ softServePort ]; From 835bd775ae29747507b9d0e46c22221ebbe5cfe9 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 26 Dec 2024 20:35:53 +0100 Subject: [PATCH 065/165] chore: update flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 09e1517..9dc4020 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1717415742, - "narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=", + "lastModified": 1734450202, + "narHash": "sha256-/3gigrEBFORQs6a8LL5twoHs7biu08y/8Xc5aQmk3b0=", "owner": "NixOS", "repo": "flake-registry", - "rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96", + "rev": "02fe640c9e117dd9d6a34efc7bcb8bd09c08111d", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1733951536, - "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733620091, - "narHash": "sha256-5WoMeCkaXqTZwwCNLRzyLxEJn8ISwjx4cNqLgqKwg9s=", + "lastModified": 1734829460, + "narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b", + "rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1733965598, - "narHash": "sha256-0tlZU8xfQGPcBOdXZee7P3vJLyPjTrXw7WbIgXD34gM=", + "lastModified": 1734915500, + "narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d162ffdf0a30f3d19e67df5091d6744ab8b9229f", + "rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733861262, - "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734078800, - "narHash": "sha256-x5OW9e2w1y/7UKvZK0m9vXddociX9cF1F1Cg9/uA/Ts=", + "lastModified": 1735191716, + "narHash": "sha256-rwHLmGc/2OfudyjGnH8h5vQK2e5uJ6gt2GwPhWL9pPk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e21c38b7d24eadf3ef672a65a1cc927015d2197", + "rev": "1dd8f51e62c0ff199e551744ab46fc4fbe6f827a", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1733808091, - "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", + "lastModified": 1735141468, + "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", + "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1733761991, - "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", "type": "github" }, "original": { From 4e869e2cf0484a3a59186d6ea3ca4f6e2aee128d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 27 Dec 2024 15:30:19 +0100 Subject: [PATCH 066/165] fix: formating issues in prompt --- home/status | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/home/status b/home/status index 45e78d8..e24816b 100755 --- a/home/status +++ b/home/status @@ -23,7 +23,7 @@ class Cat(Status): def status(self): cat_width = 200 index = self.index - catwalk = " " * (cat_width - index) + 1 * "🐈🏳️‍🌈" + " " * index + catwalk = "🐈🏳️‍🌈" + " " * index self.index = (index + 1) % cat_width return {"full_text": catwalk} @@ -71,7 +71,17 @@ class Battery(Status): class Time(Status): def status(self): - return {"full_text": datetime.now().strftime("%Vth %A %H:%M") } + now = datetime.now() + match now.isocalendar().week % 10: + case 1: + th = "st" + case 2: + th = "nd" + case 3: + th = "rd" + case _: + th = "th" + return {"full_text": now.strftime(f"%V{th} %A %H:%M") } class FailedUnits(Status): @@ -82,7 +92,7 @@ class FailedUnits(Status): for line in stdout: if 'failed' in line: failed += 1 - if failed is 0: + if failed == 0: return {"full_text": f"No failed units"} else: return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} From da0069de8c997cc25bab9d41e90e0924e7899338 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 27 Dec 2024 16:40:35 +0100 Subject: [PATCH 067/165] feat: install nixfmt-rfc-style --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index e2d7eb5..5a03528 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -82,6 +82,7 @@ with pkgs; [ ncurses newsflash nixd + nixfmt-rfc-style nfs-utils niv nix-index From 6719d76de887c7975b4698a0633414b48ee7af49 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 12 Jan 2025 19:44:05 +0100 Subject: [PATCH 068/165] chore: Update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/dd6b80932022cea34a019e2bb32f6fa9e494dfef' (2024-10-07) → 'github:numtide/devshell/f7795ede5b02664b57035b3b757876703e2c3eac' (2024-12-31) • Updated input 'home-manager': 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16) → 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56' (2025-01-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/def1d472c832d77885f174089b0d34854b007198' (2024-12-23) → 'github:NixOS/nixos-hardware/8870dcaff63dfc6647fb10648b827e9d40b0a337' (2025-01-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1dd8f51e62c0ff199e551744ab46fc4fbe6f827a' (2024-12-26) → 'github:NixOS/nixpkgs/87d46406d6280e1c064bc5df10ebd09ce3113cb3' (2025-01-12) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/4005c3ff7505313cbc21081776ad0ce5dfd7a3ce' (2024-12-25) → 'github:NixOS/nixpkgs/1dab772dd4a68a7bba5d9460685547ff8e17d899' (2025-01-10) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/9e09d30a644c57257715902efbb3adc56c79cf28' (2024-12-25) → 'github:numtide/treefmt-nix/13c913f5deb3a5c08bb810efd89dc8cb24dd968b' (2025-01-06) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 9dc4020..b33294f 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1728330715, - "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", "owner": "numtide", "repo": "devshell", - "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735191716, - "narHash": "sha256-rwHLmGc/2OfudyjGnH8h5vQK2e5uJ6gt2GwPhWL9pPk=", + "lastModified": 1736669804, + "narHash": "sha256-EZusd5yhiZLXdBUDtXB3wCX3QvBeSFx/N0AstaajzpU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1dd8f51e62c0ff199e551744ab46fc4fbe6f827a", + "rev": "87d46406d6280e1c064bc5df10ebd09ce3113cb3", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1735141468, - "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", + "lastModified": 1736549401, + "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", + "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1735135567, - "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { From 21ad250fe7f1d2c73fa502f068abc2a20848c46a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 19:57:35 +0100 Subject: [PATCH 069/165] chore: update flake.lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b33294f..5aa15f3 100644 --- a/flake.lock +++ b/flake.lock @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1734829460, - "narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=", + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1734915500, - "narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=", + "lastModified": 1736730523, + "narHash": "sha256-mvTZ7fLKA6ggGnA8GZwcXV57EvVReRTCfi26xc08Q3g=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4", + "rev": "74b8e31dd709760c86eed16b6c1d0b88d7360937", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736669804, - "narHash": "sha256-EZusd5yhiZLXdBUDtXB3wCX3QvBeSFx/N0AstaajzpU=", + "lastModified": 1736842851, + "narHash": "sha256-iAYIidDSvqRWMRQrCIn2X8edyrOg/uTBZc1M4bdpQjs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87d46406d6280e1c064bc5df10ebd09ce3113cb3", + "rev": "a78c63a084314c55196488cf2252c5f6ea5c67a4", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1736549401, - "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "lastModified": 1736754065, + "narHash": "sha256-hcETjfECLklW1ND8svDvN0Nw6H/1qtuoz3rbFNQ1Lrk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "rev": "67e9c880898889470f153157a96b595e758167fc", "type": "github" }, "original": { From 02fcfe7b1d90eaab1ad5142b5868d720043cfcee Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 19:59:42 +0100 Subject: [PATCH 070/165] fix: formating --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index e188991..15c8a24 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -324,7 +324,7 @@ in Name = "br0"; }; }; - "20-wg0" = { + "20-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; From 7cd9d8c480c045a6cef8d58374961965f768578c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 20:10:36 +0100 Subject: [PATCH 071/165] fix: disable huge swapfile --- nixos/surgat/configuration.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 9a9bc54..66b8e27 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -137,13 +137,6 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; - swapDevices = [ - { - device = "/var/swapfile"; - size = 4096; - } - ]; - services.resolved = { enable = true; fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; From 2486f4c1a6615c694640425c01cc4a1df8d008ca Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 20:16:06 +0100 Subject: [PATCH 072/165] feat: remove weechat --- nixos/surgat/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 66b8e27..6dad1ee 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -42,7 +42,7 @@ in dadada.element.enable = true; dadada.forgejo.enable = true; dadada.miniflux.enable = true; - dadada.weechat.enable = true; + dadada.weechat.enable = false; dadada.homepage.enable = true; dadada.share.enable = true; dadada.backupClient = { From 99e3eaa034d273296d26ba7dc82b9d9e81d3c78e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 16 Jan 2025 18:34:03 +0100 Subject: [PATCH 073/165] fix: rotate SSH key Too many PIN attempts. --- admins.nix | 2 +- home/modules/git.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/admins.nix b/admins.nix index 82f6cef..e5e29ba 100644 --- a/admins.nix +++ b/admins.nix @@ -2,7 +2,7 @@ dadada = { shell = "zsh"; keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada " + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada " ]; }; diff --git a/home/modules/git.nix b/home/modules/git.nix index e89e62a..7762612 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -9,6 +9,7 @@ with lib; let name = "allowed-signers"; text = '' dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada + dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon ''; }; in @@ -33,7 +34,7 @@ in user = { email = "dadada@dadada.li"; name = "Tim Schubert"; - signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada "; + signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon"; }; core = { whitespace = { From c5a0cf2dd8f9bbca8c38bcc83e493c3d4293cf14 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 13:15:14 +0100 Subject: [PATCH 074/165] feat(home): add vegur font --- home/pkgs.nix | 1 + nixos/modules/profiles/laptop.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 5a03528..410abfe 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -133,6 +133,7 @@ with pkgs; [ ttyd unzip usbutils + vegur virt-manager viu # view images from the terminal vscodium diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index a525106..3ad8c11 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -27,6 +27,7 @@ with lib; { fonts.packages = mkDefault (with pkgs; [ source-code-pro + vegur ]); users.mutableUsers = mkDefault true; From e4c603b692e9338b29201eac6de66779040db2f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 13:17:02 +0100 Subject: [PATCH 075/165] chore: update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/74b8e31dd709760c86eed16b6c1d0b88d7360937' (2025-01-13) → 'github:nix-community/nixos-generators/d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453' (2025-01-16) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/8870dcaff63dfc6647fb10648b827e9d40b0a337' (2025-01-09) → 'github:NixOS/nixos-hardware/dfad538f751a5aa5d4436d9781ab27a6128ec9d4' (2025-01-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a78c63a084314c55196488cf2252c5f6ea5c67a4' (2025-01-14) → 'github:NixOS/nixpkgs/035f8c0853c2977b24ffc4d0a42c74f00b182cd8' (2025-01-23) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/67e9c880898889470f153157a96b595e758167fc' (2025-01-13) → 'github:NixOS/nixpkgs/035f8c0853c2977b24ffc4d0a42c74f00b182cd8' (2025-01-23) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/13c913f5deb3a5c08bb810efd89dc8cb24dd968b' (2025-01-06) → 'github:numtide/treefmt-nix/f2cc121df15418d028a59c9737d38e3a90fbaf8f' (2025-01-21) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5aa15f3..771d148 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1736730523, - "narHash": "sha256-mvTZ7fLKA6ggGnA8GZwcXV57EvVReRTCfi26xc08Q3g=", + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "74b8e31dd709760c86eed16b6c1d0b88d7360937", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1737751639, + "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736842851, - "narHash": "sha256-iAYIidDSvqRWMRQrCIn2X8edyrOg/uTBZc1M4bdpQjs=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a78c63a084314c55196488cf2252c5f6ea5c67a4", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1736754065, - "narHash": "sha256-hcETjfECLklW1ND8svDvN0Nw6H/1qtuoz3rbFNQ1Lrk=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67e9c880898889470f153157a96b595e758167fc", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1737483750, + "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", "type": "github" }, "original": { From 2688a624dd82f82b8f2c34a2c66611f14b325ed8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 13:41:53 +0100 Subject: [PATCH 076/165] feat: bind swaylock --- home/config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/config b/home/config index bc01bb6..6bfc506 100644 --- a/home/config +++ b/home/config @@ -224,6 +224,8 @@ bar { } } +bindsym $mod+grave exec swaylock -c 000000 + include /etc/sway/config.d/* exec sleep 5; systemctl --user start kanshi.service From 2977d1712e71e13d89519c69f8a1a65620c0b8f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 14:03:39 +0100 Subject: [PATCH 077/165] feat: lock password DB before locking screen --- home/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/config b/home/config index 6bfc506..d2a4443 100644 --- a/home/config +++ b/home/config @@ -224,7 +224,7 @@ bar { } } -bindsym $mod+grave exec swaylock -c 000000 +bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c 000000 include /etc/sway/config.d/* From 230d105a47ce17f69f833c5494997d5adec12495 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 14:04:14 +0100 Subject: [PATCH 078/165] feat: add kanshictl to path --- home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 410abfe..50de796 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -62,7 +62,7 @@ with pkgs; [ jc # convert output to json josm jq - #jupyter + kanshi kcachegrind keepassxc kubetail From d68d4fb0d042df6e18c3726571c56e4f1e23c3f4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 14:38:52 +0100 Subject: [PATCH 079/165] fix(home): prefer adwaita light theme variant --- home/dconf.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/dconf.nix b/home/dconf.nix index 7fb2800..2e25aab 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -48,6 +48,7 @@ with lib.hm.gvariant; gtk-enable-primary-paste = false; gtk-key-theme = "Emacs"; gtk-theme = "Adwaita"; + color-scheme = "prefer-light"; icon-theme = "Adwaita"; locate-pointer = false; monospace-font-name = "JetBrains Mono 10"; From b954f7181940d2daa6f8d9e5c767e23d0bc5f897 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 17:43:38 +0100 Subject: [PATCH 080/165] feat(home): template sway config with colors --- home/config | 231 ----------------------------------- home/default.nix | 311 +++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 286 insertions(+), 256 deletions(-) delete mode 100644 home/config diff --git a/home/config b/home/config deleted file mode 100644 index d2a4443..0000000 --- a/home/config +++ /dev/null @@ -1,231 +0,0 @@ -# Read `man 5 sway` for a complete reference. - -### Variables -# -# Logo key. Use Mod1 for Alt. -set $mod Mod4 -# Home row direction keys, like vim -set $left h -set $down j -set $up k -set $right l -# Your preferred terminal emulator -set $term foot -# Your preferred application launcher -# Note: pass the final command to swaymsg so that the resulting window can be opened -# on the original workspace that the command was run on. -set $menu dmenu_path | wmenu | xargs swaymsg exec -- - -### Output configuration -# -# Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) -output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill - -### Idle configuration -# -# Example configuration: -# -exec swayidle -w \ - timeout 300 'swaylock -f -c 000000' \ - timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ - before-sleep 'swaylock -f -c 000000' -# -# This will lock your screen after 300 seconds of inactivity, then turn off -# your displays after another 300 seconds, and turn your screens back on when -# resumed. It will also lock your screen before your computer goes to sleep. - -input * { - xkb_layout eu - xkb_model pc105+inet - xkb_options caps:escape - drag_lock enabled - drag enabled - dwt enabled - tap enabled - tap_button_map lrm - natural_scroll enabled -} - -### Key bindings -# -# Basics: -# -# Start a terminal -bindsym $mod+Return exec $term - -# Kill focused window -bindsym $mod+Shift+q kill - -# Start your launcher -bindsym $mod+d exec $menu - -# Drag floating windows by holding down $mod and left mouse button. -# Resize them with right mouse button + $mod. -# Despite the name, also works for non-floating windows. -# Change normal to inverse to use left mouse button for resizing and right -# mouse button for dragging. -floating_modifier $mod normal - -# Lock the screen -bindsym XF86Sleep exec 'swaylock -f -c 000000' - -# Reload the configuration file -bindsym $mod+Shift+c reload - -# Exit sway (logs you out of your Wayland session) -bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' - -# Brightness -bindsym --locked XF86MonBrightnessDown exec light -U 10 -bindsym --locked XF86MonBrightnessUp exec light -A 10 - -# Volume -bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' -bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' -bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' - -# -# Moving around: -# -# Move your focus around -bindsym $mod+$left focus left -bindsym $mod+$down focus down -bindsym $mod+$up focus up -bindsym $mod+$right focus right -# Or use $mod+[up|down|left|right] -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Move the focused window with the same, but add Shift -bindsym $mod+Shift+$left move left -bindsym $mod+Shift+$down move down -bindsym $mod+Shift+$up move up -bindsym $mod+Shift+$right move right -# Ditto, with arrow keys -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# -# Workspaces: -# -# Switch to workspace -bindsym $mod+1 workspace number 1 -bindsym $mod+2 workspace number 2 -bindsym $mod+3 workspace number 3 -bindsym $mod+4 workspace number 4 -bindsym $mod+5 workspace number 5 -bindsym $mod+6 workspace number 6 -bindsym $mod+7 workspace number 7 -bindsym $mod+8 workspace number 8 -bindsym $mod+9 workspace number 9 -bindsym $mod+0 workspace number 10 -# Move focused container to workspace -bindsym $mod+Shift+1 move container to workspace number 1 -bindsym $mod+Shift+2 move container to workspace number 2 -bindsym $mod+Shift+3 move container to workspace number 3 -bindsym $mod+Shift+4 move container to workspace number 4 -bindsym $mod+Shift+5 move container to workspace number 5 -bindsym $mod+Shift+6 move container to workspace number 6 -bindsym $mod+Shift+7 move container to workspace number 7 -bindsym $mod+Shift+8 move container to workspace number 8 -bindsym $mod+Shift+9 move container to workspace number 9 -bindsym $mod+Shift+0 move container to workspace number 10 -# Note: workspaces can have any name you want, not just numbers. -# We just use 1-10 as the default. - -# -# Layout stuff: -# -# You can "split" the current object of your focus with -# $mod+b or $mod+v, for horizontal and vertical splits -# respectively. -bindsym $mod+b splith -bindsym $mod+v splitv - -# Switch the current container between different layout styles -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -# Make the current focus fullscreen -bindsym $mod+f fullscreen - -# Toggle the current focus between tiling and floating mode -bindsym $mod+Shift+space floating toggle - -# Swap focus between the tiling area and the floating area -bindsym $mod+space focus mode_toggle - -# Move focus to the parent container -bindsym $mod+a focus parent - -# -# Font -# -font "pango:Jetbrains Mono 8" - -# -# Scratchpad: -# -# Sway has a "scratchpad", which is a bag of holding for windows. -# You can send windows there and get them back later. - -# Move the currently focused window to the scratchpad -bindsym $mod+Shift+minus move scratchpad - -# Show the next scratchpad window or hide the focused scratchpad window. -# If there are multiple scratchpad windows, this command cycles through them. -bindsym $mod+minus scratchpad show - -# -# Resizing containers: -# -mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - - # Ditto, with arrow keys - bindsym Left resize shrink width 10px - bindsym Down resize grow height 10px - bindsym Up resize shrink height 10px - bindsym Right resize grow width 10px - - # Return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# -# Status Bar: -# -# Read `man 5 sway-bar` for more information about this section. -bar { - position top - - # When the status_command prints a new line to stdout, swaybar updates. - # The default just shows the current date and time. - status_command ~/.config/sway/status - - colors { - statusline #ffffff - background #323232 - inactive_workspace #32323200 #32323200 #5c5c5c - } -} - -bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c 000000 - -include /etc/sway/config.d/* - -exec sleep 5; systemctl --user start kanshi.service diff --git a/home/default.nix b/home/default.nix index 15514f9..457d7ad 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,6 +1,7 @@ -{ pkgs -, lib -, ... +{ + pkgs, + lib, + ... }: let useFeatures = [ @@ -17,6 +18,26 @@ let "zsh" "helix" ]; + colors = { + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue + }; in { imports = [ @@ -28,7 +49,9 @@ in programs.gpg.settings.default-key = "99658A3EB5CD7C13"; dadada.home = - lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) + lib.attrsets.genAttrs useFeatures (useFeatures: { + enable = true; + }) // { session = { enable = true; @@ -56,7 +79,9 @@ in Restart = "always"; }; - Install = { WantedBy = [ "graphical-session.target" ]; }; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; }; programs.offlineimap.enable = false; @@ -131,6 +156,7 @@ in enable = true; server.enable = false; settings = { + inherit colors; main = { shell = "tmux"; font = "Jetbrains Mono:size=8"; @@ -139,31 +165,266 @@ in mouse.hide-when-typing = true; csd.preferred = "none"; cursor.color = "fdf6e3 586e75"; - colors = { - background = "fdf6e3"; - foreground = "657b83"; - regular0 = "eee8d5"; - regular1 = "dc322f"; - regular2 = "859900"; - regular3 = "b58900"; - regular4 = "268bd2"; - regular5 = "d33682"; - regular6 = "2aa198"; - regular7 = "073642"; - bright0 = "cb4b16"; - bright1 = "fdf6e3"; - bright2 = "93a1a1"; - bright3 = "839496"; - bright4 = "657b83"; - bright5 = "6c71c4"; - bright6 = "586e75"; - bright7 = "002b36"; + bell = { + urgent = true; + visual = false; }; }; }; - home.file.".config/sway/config".source = ./config; + home.file.".config/sway/config".text = with colors; '' + # Read `man 5 sway` for a complete reference. + + ### Variables + # + # Logo key. Use Mod1 for Alt. + set $mod Mod4 + # Home row direction keys, like vim + set $left h + set $down j + set $up k + set $right l + # Your preferred terminal emulator + set $term foot + # Your preferred application launcher + # Note: pass the final command to swaymsg so that the resulting window can be opened + # on the original workspace that the command was run on. + set $menu dmenu_path | wmenu | xargs swaymsg exec -- + + ### Idle configuration + # + # Example configuration: + # + exec swayidle -w \ + timeout 300 'swaylock -f -c ${background}' \ + timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ + before-sleep 'swaylock -f -c ${background}' + # + # This will lock your screen after 300 seconds of inactivity, then turn off + # your displays after another 300 seconds, and turn your screens back on when + # resumed. It will also lock your screen before your computer goes to sleep. + + input * { + xkb_layout eu + xkb_model pc105+inet + xkb_options caps:escape + drag_lock enabled + drag enabled + dwt enabled + tap enabled + tap_button_map lrm + natural_scroll enabled + } + + ### Key bindings + # + # Basics: + # + # Start a terminal + bindsym $mod+Return exec $term + + # Kill focused window + bindsym $mod+Shift+q kill + + # Start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Lock the screen + bindsym XF86Sleep exec 'swaylock -f -c ${background}' + + # Reload the configuration file + bindsym $mod+Shift+c reload + + # Exit sway (logs you out of your Wayland session) + bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' + + # Brightness + bindsym --locked XF86MonBrightnessDown exec light -U 10 + bindsym --locked XF86MonBrightnessUp exec light -A 10 + + # Volume + bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' + bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' + bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' + + # + # Moving around: + # + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right + + # + # Workspaces: + # + # Switch to workspace + bindsym $mod+1 workspace number 1 + bindsym $mod+2 workspace number 2 + bindsym $mod+3 workspace number 3 + bindsym $mod+4 workspace number 4 + bindsym $mod+5 workspace number 5 + bindsym $mod+6 workspace number 6 + bindsym $mod+7 workspace number 7 + bindsym $mod+8 workspace number 8 + bindsym $mod+9 workspace number 9 + bindsym $mod+0 workspace number 10 + # Move focused container to workspace + bindsym $mod+Shift+1 move container to workspace number 1 + bindsym $mod+Shift+2 move container to workspace number 2 + bindsym $mod+Shift+3 move container to workspace number 3 + bindsym $mod+Shift+4 move container to workspace number 4 + bindsym $mod+Shift+5 move container to workspace number 5 + bindsym $mod+Shift+6 move container to workspace number 6 + bindsym $mod+Shift+7 move container to workspace number 7 + bindsym $mod+Shift+8 move container to workspace number 8 + bindsym $mod+Shift+9 move container to workspace number 9 + bindsym $mod+Shift+0 move container to workspace number 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. + + # + # Layout stuff: + # + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent + + # + # Font + # + font "pango:Jetbrains Mono 8" + + # + # Scratchpad: + # + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show + + # + # Resizing containers: + # + mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" + } + bindsym $mod+r mode "resize" + + # + # Status Bar: + # + # Read `man 5 sway-bar` for more information about this section. + bar { + position top + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command ~/.config/sway/status + + colors { + statusline ${foreground} + background ${background} + inactive_workspace ${background}ee ${background}ee ${foreground}ee + } + } + + bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 + + # class border backgr. text indicator child_border + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} + + client.background #${foreground} + + include /etc/sway/config.d/* + + exec sleep 5; systemctl --user restart kanshi.service + exec sleep 5; output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill + ''; home.file.".config/sway/status".source = ./status; + home.file.".config/kanshi/config".text = '' + profile Laptop { + output eDP-1 enable + } + + profile Docked { + output eDP-1 disable + output "LG Electronics LG HDR 4K 0x000354D1" { + enable + scale 1.2 + position 0,0 + } + } + ''; # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 77e6017e57d3df42afd0067dbf5a9425e808feeb Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Feb 2025 19:48:37 +0100 Subject: [PATCH 081/165] chore: update flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 771d148..17bea85 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737751639, - "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", + "lastModified": 1738391520, + "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", + "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737672001, - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "lastModified": 1738392223, + "narHash": "sha256-epwD0BvADThOtRrDoI7qJUZPe1vhXoSIwLna2/VoOMA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "rev": "7d84bdf9cb85f399a8eafe8e17acee2354f13a21", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1737672001, - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "lastModified": 1738277201, + "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1737483750, - "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", + "lastModified": 1738070913, + "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", + "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", "type": "github" }, "original": { From 5f67272146536cfd95b92f61329b65b97a07fc8e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 2 Feb 2025 11:27:52 +0100 Subject: [PATCH 082/165] feat(home): move swaybar to bottom --- home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 457d7ad..300898b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -381,7 +381,7 @@ in # # Read `man 5 sway-bar` for more information about this section. bar { - position top + position bottom # When the status_command prints a new line to stdout, swaybar updates. # The default just shows the current date and time. From 86e5c155bf069fc6d475078078d65238953b5d7b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 2 Feb 2025 13:07:59 +0100 Subject: [PATCH 083/165] fix(home): adwaita cursor --- home/dconf.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index 2e25aab..db5ca18 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -2,7 +2,8 @@ with lib.hm.gvariant; { home.packages = [ - pkgs.gnomeExtensions.switcher + pkgs.adwaita-icon-theme + pkgs.adwaita-qt ]; dconf.settings = with lib.hm.gvariant; { @@ -40,6 +41,7 @@ with lib.hm.gvariant; clock-show-date = true; clock-show-seconds = false; clock-show-weekday = true; + cursor-theme = "Adwaita"; enable-animations = true; enable-hot-corners = false; font-antialiasing = "grayscale"; @@ -53,7 +55,7 @@ with lib.hm.gvariant; locate-pointer = false; monospace-font-name = "JetBrains Mono 10"; show-battery-percentage = false; - text-scaling-factor = 1.0; + #text-scaling-factor = 1.0; toolkit-accessibility = false; }; From 8cfa70e239e4fbf5bfc230852fc1f5f81ad4232b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 24 Feb 2025 20:57:18 +0100 Subject: [PATCH 084/165] chore: update nixpkgs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 17bea85..e7556f6 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738391520, - "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=", + "lastModified": 1740387674, + "narHash": "sha256-pGk/aA0EBvI6o4DeuZsr05Ig/r4uMlSaf5EWUZEWM10=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773", + "rev": "d58f642ddb23320965b27beb0beba7236e9117b5", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738392223, - "narHash": "sha256-epwD0BvADThOtRrDoI7qJUZPe1vhXoSIwLna2/VoOMA=", + "lastModified": 1740357648, + "narHash": "sha256-CaawdjLmSny3UV97my2Hg4h867p4lhd+EpRhFQGaHK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7d84bdf9cb85f399a8eafe8e17acee2354f13a21", + "rev": "060b03c5d950ee0592d16e97c63860640bd31f50", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1738277201, - "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", + "lastModified": 1740339700, + "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", + "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1738070913, - "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", + "lastModified": 1739829690, + "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", + "rev": "3d0579f5cc93436052d94b73925b48973a104204", "type": "github" }, "original": { From 87cb376d4d0b6dce4aed71657ed4db731f4e538a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 7 Mar 2025 17:55:27 +0100 Subject: [PATCH 085/165] chore: update inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index e7556f6..2d28985 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1740947705, + "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "507911df8c35939050ae324caccc7cf4ffb76565", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740387674, - "narHash": "sha256-pGk/aA0EBvI6o4DeuZsr05Ig/r4uMlSaf5EWUZEWM10=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d58f642ddb23320965b27beb0beba7236e9117b5", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740357648, - "narHash": "sha256-CaawdjLmSny3UV97my2Hg4h867p4lhd+EpRhFQGaHK4=", + "lastModified": 1741318725, + "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "060b03c5d950ee0592d16e97c63860640bd31f50", + "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1741196730, + "narHash": "sha256-0Sj6ZKjCpQMfWnN0NURqRCQn2ob7YtXTAOTwCuz7fkA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "48913d8f9127ea6530a2a2f1bd4daa1b8685d8a3", "type": "github" }, "original": { From b5318b48ad7ec5f30406ff407bd2eb922a72caae Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 13 Mar 2025 20:35:36 +0100 Subject: [PATCH 086/165] gorgon: add working printer config --- nixos/gorgon/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index c90a2eb..0d6f0cb 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,6 +128,13 @@ in ]; }; + hardware.printers.ensurePrinters = [{ + name = "Brother_HL-L2300D"; + model = "everywhere"; + location = "BS"; + deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + }]; + environment.systemPackages = with pkgs; [ ghostscript smartmontools From 4ea70d86d240aec198f3d6cc89538edc681c63a0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 26 Mar 2025 20:33:35 +0100 Subject: [PATCH 087/165] feat(home): bind swaylock to mod end --- home/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/default.nix b/home/default.nix index 300898b..2aef870 100644 --- a/home/default.nix +++ b/home/default.nix @@ -238,6 +238,7 @@ in # Lock the screen bindsym XF86Sleep exec 'swaylock -f -c ${background}' + bindsym $mod+End exec 'swaylock -f -c ${background}' # Reload the configuration file bindsym $mod+Shift+c reload From 3be5c51bc7d1e97665edde25b0aa569820707be2 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 26 Mar 2025 20:36:16 +0100 Subject: [PATCH 088/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/f7795ede5b02664b57035b3b757876703e2c3eac' (2024-12-31) → 'github:numtide/devshell/7c9e793ebe66bcba8292989a68c0419b737a22a0' (2025-03-08) • Updated input 'home-manager': 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17) → 'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff' (2025-03-22) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/507911df8c35939050ae324caccc7cf4ffb76565' (2025-03-02) → 'github:nix-community/nixos-generators/42ee229088490e3777ed7d1162cb9e9d8c3dbb11' (2025-03-21) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b48cc4dab0f9711af296fc367b6108cf7b8ccb16' (2025-03-07) → 'github:NixOS/nixos-hardware/ecaa2d911e77c265c2a5bac8b583c40b0f151726' (2025-03-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9290fda826610430b3fc8cc98443c3a2faaaf151' (2025-03-07) → 'github:NixOS/nixpkgs/d02d88f8de5b882ccdde0465d8fa2db3aa1169f7' (2025-03-25) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/48913d8f9127ea6530a2a2f1bd4daa1b8685d8a3' (2025-03-05) → 'github:NixOS/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092' (2025-03-23) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/3d0579f5cc93436052d94b73925b48973a104204' (2025-02-17) → 'github:numtide/treefmt-nix/61c88349bf6dff49fa52d7dfc39b21026c2a8881' (2025-03-26) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 2d28985..69e3554 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1735644329, - "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", "owner": "numtide", "repo": "devshell", - "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1742655702, + "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1740947705, - "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "507911df8c35939050ae324caccc7cf4ffb76565", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1742806253, + "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741318725, - "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1741196730, - "narHash": "sha256-0Sj6ZKjCpQMfWnN0NURqRCQn2ob7YtXTAOTwCuz7fkA=", + "lastModified": 1742751704, + "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48913d8f9127ea6530a2a2f1bd4daa1b8685d8a3", + "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742982148, + "narHash": "sha256-aRA6LSxjlbMI6MmMzi/M5WH/ynd8pK+vACD9za3MKLQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "61c88349bf6dff49fa52d7dfc39b21026c2a8881", "type": "github" }, "original": { From d3c2fd9fad8068c3c6236466e887b3f9740724ac Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 31 Mar 2025 20:22:22 +0200 Subject: [PATCH 089/165] feat: android studio --- nixos/gorgon/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0d6f0cb..339f8f4 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -43,6 +43,8 @@ in repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; + nixpkgs.config.android_sdk.accept_license = true; + programs.ssh.startAgent = true; nix.extraOptions = '' @@ -136,6 +138,7 @@ in }]; environment.systemPackages = with pkgs; [ + android-studio ghostscript smartmontools From 5e160905c09cc8df7064f36d230e829921e4c6e3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 31 Mar 2025 20:22:35 +0200 Subject: [PATCH 090/165] feat: add fuzzel --- home/default.nix | 2 +- home/pkgs.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 2aef870..9dde748 100644 --- a/home/default.nix +++ b/home/default.nix @@ -189,7 +189,7 @@ in # Your preferred application launcher # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. - set $menu dmenu_path | wmenu | xargs swaymsg exec -- + set $menu fuzzel ### Idle configuration # diff --git a/home/pkgs.nix b/home/pkgs.nix index 50de796..d777f41 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -27,6 +27,7 @@ with pkgs; [ evolution ffmpeg file + fuzzel fx # themable json viewer fzf fzf From eff41d31e6e8ff871f06b7b64b1c13196936b7da Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 5 Apr 2025 18:53:39 +0200 Subject: [PATCH 091/165] chore: update inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 69e3554..8521e8e 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742937945, - "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "lastModified": 1743792629, + "narHash": "sha256-dqQv17m0O5j9YUHXM1RZr3jtTDYqLUBjtJUlLHYAZEo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "rev": "749bd56cf89ec71d3c953d5fbfe27ede27d04c37", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1742751704, - "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", + "lastModified": 1743703532, + "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", + "rev": "bdb91860de2f719b57eef819b5617762f7120c70", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1742982148, - "narHash": "sha256-aRA6LSxjlbMI6MmMzi/M5WH/ynd8pK+vACD9za3MKLQ=", + "lastModified": 1743748085, + "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "61c88349bf6dff49fa52d7dfc39b21026c2a8881", + "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", "type": "github" }, "original": { From 5049c9f0196bb7a39ab6b15ea3635a77cda1f16c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 6 Apr 2025 18:06:06 +0200 Subject: [PATCH 092/165] feat: add nix-output-monitor --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index d777f41..d399bd8 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -80,6 +80,7 @@ with pkgs; [ mpv mtr mumble + nix-output-monitor ncurses newsflash nixd From cf328ce296d3ebb8a499a2adf4ef1fb78a3278f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 8 Apr 2025 20:40:39 +0200 Subject: [PATCH 093/165] update flake --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8521e8e..0521769 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1743808813, - "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "lastModified": 1744117652, + "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743792629, - "narHash": "sha256-dqQv17m0O5j9YUHXM1RZr3jtTDYqLUBjtJUlLHYAZEo=", + "lastModified": 1743987495, + "narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "749bd56cf89ec71d3c953d5fbfe27ede27d04c37", + "rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1743703532, - "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", + "lastModified": 1743975612, + "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bdb91860de2f719b57eef819b5617762f7120c70", + "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", "type": "github" }, "original": { From eb0b01a17d945da82f160ddcca02f2e573d3f6d4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 15:26:18 +0200 Subject: [PATCH 094/165] fix: sway scaling, wallpaper, gaps --- home/default.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/home/default.nix b/home/default.nix index 9dde748..e601068 100644 --- a/home/default.nix +++ b/home/default.nix @@ -190,15 +190,16 @@ in # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. set $menu fuzzel + set $wallpaper "~/lib/pictures/wallpaper.jpg" ### Idle configuration # # Example configuration: # exec swayidle -w \ - timeout 300 'swaylock -f -c ${background}' \ + timeout 300 'swaylock -f -i $wallpaper -s fill' \ timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ - before-sleep 'swaylock -f -c ${background}' + before-sleep 'swaylock -f -i $wallpaper -s fill' # # This will lock your screen after 300 seconds of inactivity, then turn off # your displays after another 300 seconds, and turn your screens back on when @@ -395,6 +396,10 @@ in } } + # Gaps between multiple tiling windows + gaps inner 10 + smart_gaps on + bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border @@ -409,7 +414,7 @@ in include /etc/sway/config.d/* exec sleep 5; systemctl --user restart kanshi.service - exec sleep 5; output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill + exec sleep 5; swaymsg output '*' bg $wallpaper fill ''; home.file.".config/sway/status".source = ./status; home.file.".config/kanshi/config".text = '' @@ -420,9 +425,9 @@ in profile Docked { output eDP-1 disable output "LG Electronics LG HDR 4K 0x000354D1" { - enable - scale 1.2 - position 0,0 + enable + scale 1.4 + position 0,0 } } ''; From cc80c71f88f736a7bde9d584a10d69442d0802cd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 15:33:20 +0200 Subject: [PATCH 095/165] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/de6fc5551121c59c01e2a3d45b277a6d05077bc4' (2025-03-31) → 'github:NixOS/nixos-hardware/1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1' (2025-04-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/db8f4fe18ce772a9c8f3adf321416981c8fe9371' (2025-04-07) → 'github:NixOS/nixpkgs/86484f6076aac9141df2bfcddbf7dcfce5e0c6bb' (2025-04-12) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/a880f49904d68b5e53338d1e8c7bf80f59903928' (2025-04-06) → 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d' (2025-04-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 0521769..9e7634e 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743987495, - "narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=", + "lastModified": 1744492897, + "narHash": "sha256-qqKO4FOo/vPmNIaRPcLqwfudUlQ29iNdI1IbCZfjmxs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371", + "rev": "86484f6076aac9141df2bfcddbf7dcfce5e0c6bb", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1743975612, - "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { From d257a18c2c7341eb2397a5591c262edd18b463d7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 19:09:17 +0200 Subject: [PATCH 096/165] feat: add chromium --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index d399bd8..c6ccc73 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -14,6 +14,7 @@ with pkgs; [ bluez-tools btop # htop choose # alternative to cut and awk with more readable syntax + chromium colordiff darcs delta # feature-rich diff viewer From cde3f39c11c9e524a4b79fa2dc6ea840b7d26658 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 20:56:56 +0200 Subject: [PATCH 097/165] feat: switch to black on white theme --- home/default.nix | 36 ++++++++++----------- home/modules/alacritty/default.nix | 2 +- home/modules/helix/config/config.toml | 2 +- home/modules/helix/config/themes/black.toml | 33 +++++++++++++++++++ home/modules/zsh.nix | 1 + 5 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 home/modules/helix/config/themes/black.toml diff --git a/home/default.nix b/home/default.nix index e601068..d35424e 100644 --- a/home/default.nix +++ b/home/default.nix @@ -19,24 +19,24 @@ let "helix" ]; colors = { - background = "fdf6e3"; - foreground = "657b83"; - regular0 = "eee8d5"; # background darker - regular1 = "dc322f"; # red - regular2 = "859900"; # green - regular3 = "b58900"; # dark orange - regular4 = "268bd2"; # azure blue - regular5 = "d33682"; # hot pink - regular6 = "2aa198"; # petrol - regular7 = "073642"; # navy - bright0 = "cb4b16"; # orange - bright1 = "fdf6e3"; # foreground - bright2 = "93a1a1"; # grey - bright3 = "839496"; # slightly darker grey - bright4 = "657b83"; # even slightly darker grey - bright5 = "6c71c4"; # purple - bright6 = "586e75"; # pretty dark grey - bright7 = "002b36"; # dark navy blue + background = "ffffff"; + foreground = "000000"; + regular0 = "000000"; + regular1 = "000000"; + regular2 = "000000"; + regular3 = "000000"; + regular4 = "000000"; + regular5 = "000000"; + regular6 = "000000"; + regular7 = "000000"; + bright0 = "ffffff"; + bright1 = "ffffff"; + bright2 = "ffffff"; + bright3 = "ffffff"; + bright4 = "ffffff"; + bright5 = "ffffff"; + bright6 = "ffffff"; + bright7 = "ffffff"; }; in { diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 086b945..db3db6e 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in programs.alacritty = { enable = true; settings = { - env.TERM = "xterm-256color"; + env.TERM = "xterm-mono"; scrolling.history = 0; font = { size = 9; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 41cf786..71b6c42 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "solarized_light" +theme = "black" [editor] line-number = "relative" diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml new file mode 100644 index 0000000..a403de9 --- /dev/null +++ b/home/modules/helix/config/themes/black.toml @@ -0,0 +1,33 @@ +"ui.background" = {bg="white"} +"ui.text" = "black" +"ui.linenr" = {bg="white", fg="black"} +"ui.linenr.selected" = {bg="white", fg="black"} +"ui.selection" = {bg="black", fg="white"} +"ui.cursorline" = {bg="black", fg="white"} +"ui.statusline" = {fg="white", bg="black"} +"ui.statusline.inactive" = {fg="black", bg="white"} +"ui.virtual" = "indent" +"ui.virtual.ruler" = { bg = "black", fg ="white" } +"ui.cursor.match" = { bg="black", fg="white" } +"ui.cursor" = {bg="black", fg="white"} +"ui.debug" = {fg="black"} +"ui.highlight" = { modifiers = ["underlined"] } +"ui.highlight.frameline" = { bg="black", fg="white" } +"ui.help" = { bg="black", fg="white" } +"ui.popup" = { bg="black", fg="white" } +"ui.text.info" = { bg="black", fg="white" } +"ui.menu" = { fg="white", bg="black" } +"ui.menu.selected" = { bg="white", fg="black" } +"ui.window" = { bg="white" } +"diagnostic" = { modifiers=["reversed"] } +"diagnostic.error" = {modifiers=["bold", "underlined"]} +"diagnostic.warning" = {modifiers=["underlined", "italic"]} +"diagnostic.hint" = {modifiers=["underlined"]} +"diagnostic.unnecessary" = {modifiers = ["dim"]} +"diagnostic.deprecated" = {modifiers = ["crossed_out"]} +"ui.bufferline" = { fg="black", bg="white" } +"ui.bufferline.active" = { fg="black", bg="white" } + +[palette] +white = "#ffffff" +black = "#000000" diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index ab51e59..b22cec0 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -20,6 +20,7 @@ in autocd = true; sessionVariables = { EDITOR = "hx"; + TERM = "xterm-mono"; }; history = { extended = true; From 5acfc7ecdde0627ffbf4827de018b90147f74ef5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 15 Apr 2025 20:37:03 +0200 Subject: [PATCH 098/165] fix: bw theme popovers in tmux and helix --- home/modules/helix/config/themes/black.toml | 21 +++++++++++---------- home/modules/tmux.nix | 4 ++-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml index a403de9..17ddd3d 100644 --- a/home/modules/helix/config/themes/black.toml +++ b/home/modules/helix/config/themes/black.toml @@ -2,21 +2,22 @@ "ui.text" = "black" "ui.linenr" = {bg="white", fg="black"} "ui.linenr.selected" = {bg="white", fg="black"} -"ui.selection" = {bg="black", fg="white"} -"ui.cursorline" = {bg="black", fg="white"} -"ui.statusline" = {fg="white", bg="black"} +"ui.selection" = {modifiers=["reversed"]} +"ui.cursorline" = {modifiers=["reversed"]} +"ui.statusline" = {modifiers=["reversed"]} "ui.statusline.inactive" = {fg="black", bg="white"} "ui.virtual" = "indent" "ui.virtual.ruler" = { bg = "black", fg ="white" } -"ui.cursor.match" = { bg="black", fg="white" } -"ui.cursor" = {bg="black", fg="white"} +"ui.cursor.match" = {modifiers=["reversed"]} +"ui.cursor" = {modifiers=["reversed"]} "ui.debug" = {fg="black"} "ui.highlight" = { modifiers = ["underlined"] } -"ui.highlight.frameline" = { bg="black", fg="white" } -"ui.help" = { bg="black", fg="white" } -"ui.popup" = { bg="black", fg="white" } -"ui.text.info" = { bg="black", fg="white" } -"ui.menu" = { fg="white", bg="black" } +"ui.highlight.frameline" = {modifiers=["reversed"]} +"ui.help" = { modifiers=["reversed"] } +"ui.popup" = { modifiers=["reversed"] } +"ui.popup.info" = { modifiers=["reversed"] } +"ui.text.info" = { modifiers=["reversed"] } +"ui.menu" = { modifiers=["reversed"] } "ui.menu.selected" = { bg="white", fg="black" } "ui.window" = { bg="white" } "diagnostic" = { modifiers=["reversed"] } diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 70f2974..df005ff 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,17 +12,17 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; - terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on - set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' + set -g status-bg "#000000" + set -g status-fg "#ffffff" bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" From fce74c64a96c3a451e41bcb3bc7836b8c35bb8e1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 19 Apr 2025 15:23:46 +0200 Subject: [PATCH 099/165] chore: update inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 9e7634e..c2ee325 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1734450202, - "narHash": "sha256-/3gigrEBFORQs6a8LL5twoHs7biu08y/8Xc5aQmk3b0=", + "lastModified": 1744623129, + "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=", "owner": "NixOS", "repo": "flake-registry", - "rev": "02fe640c9e117dd9d6a34efc7bcb8bd09c08111d", + "rev": "1322f33d5836ae757d2e6190239252cf8402acf6", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1744117652, - "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744492897, - "narHash": "sha256-qqKO4FOo/vPmNIaRPcLqwfudUlQ29iNdI1IbCZfjmxs=", + "lastModified": 1744917357, + "narHash": "sha256-1Sj8MToixDwakJYNMYBS/PYbg8Oa4CAxreXraMHB5qg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "86484f6076aac9141df2bfcddbf7dcfce5e0c6bb", + "rev": "1eae3268880484be84199bdb77941c09bb4a97ba", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1743748085, - "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", + "lastModified": 1744961264, + "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", + "rev": "8d404a69efe76146368885110f29a2ca3700bee6", "type": "github" }, "original": { From 687cb324007a548471dd9e1fa241fe0347747af1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Apr 2025 19:38:01 +0200 Subject: [PATCH 100/165] feat: switch to unstable channel for gorgon --- flake.lock | 24 +++++++-- flake.nix | 3 +- home/modules/helix/config/themes/black.toml | 2 +- home/pkgs.nix | 10 +--- nixos/configurations.nix | 3 +- nixos/modules/profiles/laptop.nix | 6 --- nixos/modules/yubikey.nix | 3 +- overlays.nix | 21 -------- pkgs/recipemd.nix | 58 --------------------- 9 files changed, 27 insertions(+), 103 deletions(-) delete mode 100644 pkgs/recipemd.nix diff --git a/flake.lock b/flake.lock index c2ee325..e425e8b 100644 --- a/flake.lock +++ b/flake.lock @@ -144,16 +144,15 @@ ] }, "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "lastModified": 1745251259, + "narHash": "sha256-Hf8WEJMMoP6Fe+k+PYkVJFk5UKory2S0jW7HqRVqQFc=", "owner": "nix-community", "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "rev": "82ee14ff60611b46588ea852f267aafcc117c8c8", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -293,6 +292,22 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -306,6 +321,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", + "nixpkgs-unstable": "nixpkgs-unstable", "systems": "systems", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 7519d56..8dc1c74 100644 --- a/flake.nix +++ b/flake.nix @@ -3,13 +3,14 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml index 17ddd3d..88d1a35 100644 --- a/home/modules/helix/config/themes/black.toml +++ b/home/modules/helix/config/themes/black.toml @@ -17,7 +17,7 @@ "ui.popup" = { modifiers=["reversed"] } "ui.popup.info" = { modifiers=["reversed"] } "ui.text.info" = { modifiers=["reversed"] } -"ui.menu" = { modifiers=["reversed"] } +"ui.menu" = { bg="black", fg="white" } "ui.menu.selected" = { bg="white", fg="black" } "ui.window" = { bg="white" } "diagnostic" = { modifiers=["reversed"] } diff --git a/home/pkgs.nix b/home/pkgs.nix index c6ccc73..8615921 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -20,7 +20,6 @@ with pkgs; [ delta # feature-rich diff viewer dig direnv - dstat duf # disk usage dyff # diff tool for YAML element-desktop @@ -38,7 +37,6 @@ with pkgs; [ gimp glow glow # render markdown - gnome.gnome-tweaks gnumake gnupg gping # ping with graphs @@ -65,7 +63,6 @@ with pkgs; [ josm jq kanshi - kcachegrind keepassxc kubetail krita @@ -107,12 +104,8 @@ with pkgs; [ prusa-slicer pv pwgen - (python3.withPackages (python-pkgs: with python-pkgs; [ - pandas - requests - ])) + (python3.withPackages (pkgs: [pkgs.pandas pkgs.requests])) ranger - recipemd reptyr ripgrep ripgrep @@ -144,7 +137,6 @@ with pkgs; [ wireshark xdg-utils xmlstarlet - xsv # cut for csv unixtools.xxd xxh # portable shells yt-dlp diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 040ec6b..48d70cd 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -7,6 +7,7 @@ , homepage , nixos-hardware , nixos-generators +, nixpkgs-unstable , ... }@inputs: let @@ -25,7 +26,7 @@ let in { gorgon = nixosSystem rec { - n_nixpkgs = nixpkgs-full; + n_nixpkgs = nixpkgs-unstable; system = "x86_64-linux"; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 3ad8c11..bdba617 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,5 +1,4 @@ { config -, pkgs , lib , ... }: @@ -25,11 +24,6 @@ with lib; { age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - fonts.packages = mkDefault (with pkgs; [ - source-code-pro - vegur - ]); - users.mutableUsers = mkDefault true; # Use the systemd-boot EFI boot loader. diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 3df9499..77f4394 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -45,8 +45,7 @@ in #linuxPackages.acpi_call pam_u2f pamtester - yubikey-manager - yubikey-manager-qt + yubioath-flutter ]; }; } diff --git a/overlays.nix b/overlays.nix index bf0588c..2c63c08 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,23 +1,2 @@ { - kanboard = final: prev: { - kanboard = prev.kanboard.overrideAttrs (oldAttrs: { - src = prev.fetchFromGitHub { - owner = "kanboard"; - repo = "kanboard"; - rev = "v${oldAttrs.version}"; - sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0="; - }; - }); - }; - - recipemd = final: prev: { - pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ - ( - python-final: python-prev: { - recipemd = python-final.callPackage ./pkgs/recipemd.nix { }; - } - ) - ]; - recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd; - }; } diff --git a/pkgs/recipemd.nix b/pkgs/recipemd.nix deleted file mode 100644 index 4879a9a..0000000 --- a/pkgs/recipemd.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, pytestCheckHook -, pythonPackages -, installShellFiles -, pythonOlder -, pythonAtLeast -}: -buildPythonPackage rec { - pname = "recipemd"; - version = "4.0.8"; - - disabled = pythonOlder "3.7" || pythonAtLeast "4"; - - src = fetchFromGitHub { - owner = "tstehr"; - repo = "RecipeMD"; - rev = "v${version}"; - hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc="; - }; - - propagatedBuildInputs = with pythonPackages; [ - dataclasses-json - yarl - CommonMark - argcomplete - pyparsing - ]; - - nativeBuildInputs = [ installShellFiles ]; - - postInstall = '' - ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash - installShellCompletion --bash --name recipemd.bash $out/completions.bash - - ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish - installShellCompletion --fish --name recipemd.fish $out/completions.fish - - # The version of argcomplete in nixpkgs-stable does not have support for zsh - #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh - #installShellCompletion --zsh --name _recipemd $out/completions.zsh - ''; - - checkInputs = [ - pytestCheckHook - pythonPackages.pytestcov - ]; - - doCheck = true; - - meta = with lib; { - description = "Markdown recipe manager, reference implementation of RecipeMD"; - homepage = "https://recipemd.org"; - license = [ licenses.lgpl3Only ]; - maintainers = [ maintainers.dadada ]; - }; -} From a934dca7b65d5158cb696a786d59211f536c9615 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Apr 2025 19:47:43 +0200 Subject: [PATCH 101/165] feat: add dune 3d --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 8615921..0facf12 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -21,6 +21,7 @@ with pkgs; [ dig direnv duf # disk usage + dune3d dyff # diff tool for YAML element-desktop evince From 65720489b501597a59b967c073f1bfeb78729140 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Apr 2025 21:45:36 +0200 Subject: [PATCH 102/165] chore: make prompt and shell pretty --- home/default.nix | 10 +++++----- home/modules/zsh.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/home/default.nix b/home/default.nix index d35424e..80d53a3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -403,11 +403,11 @@ in bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border - client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} - client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} - client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} - client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} - client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} + client.focused #${background} #${foreground} #${background} #${foreground} #${background} + client.focused_inactive #${background} #${background} #${foreground} #${foreground} #${background} + client.unfocused #${background} #${background} #${foreground} #${foreground} #${background} + client.urgent #${background} #${background} #${foreground} #${foreground} #${background} + client.placeholder #${background} #${background} #${foreground} #${foreground} #${background} client.background #${foreground} diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index b22cec0..fb4cc76 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -43,7 +43,7 @@ in preexec() { echo -n -e "\033]0;$1\007" } - PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " + PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" ''; From 033328e893cbbf2ae67b6d454b802ccda8ebd89b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:27:21 +0200 Subject: [PATCH 103/165] feat(home): add poweralertd --- home/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/default.nix b/home/default.nix index 80d53a3..adeab0b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -432,6 +432,8 @@ in } ''; + services.poweralertd.enable = true; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 210fa098aee7b21235c175affcf25e385233ec74 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:27:36 +0200 Subject: [PATCH 104/165] fix: remove commented out line --- home/modules/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index fb4cc76..e7f8e57 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -45,7 +45,6 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' - #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" ''; profileExtra = '' ''; From 2917f96631209e50eacba0180bfc73c406698697 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:30:20 +0200 Subject: [PATCH 105/165] chore: update lix module --- flake.lock | 59 +++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 3 +-- 2 files changed, 46 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index e425e8b..923b31e 100644 --- a/flake.lock +++ b/flake.lock @@ -101,6 +101,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -174,22 +192,20 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -197,15 +213,15 @@ ] }, "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "nixlib": { @@ -322,7 +338,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", "nixpkgs-unstable": "nixpkgs-unstable", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -341,6 +357,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 8dc1c74..021bc7a 100644 --- a/flake.nix +++ b/flake.nix @@ -27,9 +27,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; From 8d54f859a0aee4d10f33f5b9d5fe090f1df7745b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:34:06 +0200 Subject: [PATCH 106/165] Revert "fix: bw theme popovers in tmux and helix" This reverts commit 5acfc7ecdde0627ffbf4827de018b90147f74ef5. --- home/modules/helix/config/themes/black.toml | 34 --------------------- home/modules/tmux.nix | 4 +-- 2 files changed, 2 insertions(+), 36 deletions(-) delete mode 100644 home/modules/helix/config/themes/black.toml diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml deleted file mode 100644 index 88d1a35..0000000 --- a/home/modules/helix/config/themes/black.toml +++ /dev/null @@ -1,34 +0,0 @@ -"ui.background" = {bg="white"} -"ui.text" = "black" -"ui.linenr" = {bg="white", fg="black"} -"ui.linenr.selected" = {bg="white", fg="black"} -"ui.selection" = {modifiers=["reversed"]} -"ui.cursorline" = {modifiers=["reversed"]} -"ui.statusline" = {modifiers=["reversed"]} -"ui.statusline.inactive" = {fg="black", bg="white"} -"ui.virtual" = "indent" -"ui.virtual.ruler" = { bg = "black", fg ="white" } -"ui.cursor.match" = {modifiers=["reversed"]} -"ui.cursor" = {modifiers=["reversed"]} -"ui.debug" = {fg="black"} -"ui.highlight" = { modifiers = ["underlined"] } -"ui.highlight.frameline" = {modifiers=["reversed"]} -"ui.help" = { modifiers=["reversed"] } -"ui.popup" = { modifiers=["reversed"] } -"ui.popup.info" = { modifiers=["reversed"] } -"ui.text.info" = { modifiers=["reversed"] } -"ui.menu" = { bg="black", fg="white" } -"ui.menu.selected" = { bg="white", fg="black" } -"ui.window" = { bg="white" } -"diagnostic" = { modifiers=["reversed"] } -"diagnostic.error" = {modifiers=["bold", "underlined"]} -"diagnostic.warning" = {modifiers=["underlined", "italic"]} -"diagnostic.hint" = {modifiers=["underlined"]} -"diagnostic.unnecessary" = {modifiers = ["dim"]} -"diagnostic.deprecated" = {modifiers = ["crossed_out"]} -"ui.bufferline" = { fg="black", bg="white" } -"ui.bufferline.active" = { fg="black", bg="white" } - -[palette] -white = "#ffffff" -black = "#000000" diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index df005ff..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,17 +12,17 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; + terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on + set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' - set -g status-bg "#000000" - set -g status-fg "#ffffff" bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" From 8baeff1f366e91a7a15cd55e43d6a308dac0645b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:34:08 +0200 Subject: [PATCH 107/165] Revert "feat: switch to black on white theme" This reverts commit cde3f39c11c9e524a4b79fa2dc6ea840b7d26658. --- home/default.nix | 36 +++++++++++++-------------- home/modules/alacritty/default.nix | 2 +- home/modules/helix/config/config.toml | 2 +- home/modules/zsh.nix | 1 - 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/home/default.nix b/home/default.nix index adeab0b..0a0df48 100644 --- a/home/default.nix +++ b/home/default.nix @@ -19,24 +19,24 @@ let "helix" ]; colors = { - background = "ffffff"; - foreground = "000000"; - regular0 = "000000"; - regular1 = "000000"; - regular2 = "000000"; - regular3 = "000000"; - regular4 = "000000"; - regular5 = "000000"; - regular6 = "000000"; - regular7 = "000000"; - bright0 = "ffffff"; - bright1 = "ffffff"; - bright2 = "ffffff"; - bright3 = "ffffff"; - bright4 = "ffffff"; - bright5 = "ffffff"; - bright6 = "ffffff"; - bright7 = "ffffff"; + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue }; in { diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index db3db6e..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in programs.alacritty = { enable = true; settings = { - env.TERM = "xterm-mono"; + env.TERM = "xterm-256color"; scrolling.history = 0; font = { size = 9; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 71b6c42..41cf786 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "black" +theme = "solarized_light" [editor] line-number = "relative" diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index e7f8e57..a095bff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -20,7 +20,6 @@ in autocd = true; sessionVariables = { EDITOR = "hx"; - TERM = "xterm-mono"; }; history = { extended = true; From 787ff188745f410000c3e977a0c8735d29cb3441 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:36:19 +0200 Subject: [PATCH 108/165] Revert "chore: make prompt and shell pretty" This reverts commit 65720489b501597a59b967c073f1bfeb78729140. --- home/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/home/default.nix b/home/default.nix index 0a0df48..fd0ddd3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -403,11 +403,11 @@ in bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border - client.focused #${background} #${foreground} #${background} #${foreground} #${background} - client.focused_inactive #${background} #${background} #${foreground} #${foreground} #${background} - client.unfocused #${background} #${background} #${foreground} #${foreground} #${background} - client.urgent #${background} #${background} #${foreground} #${foreground} #${background} - client.placeholder #${background} #${background} #${foreground} #${foreground} #${background} + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} client.background #${foreground} From 091c4243fe759d166eecd9757afab5bcf7df7bf4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:38:15 +0200 Subject: [PATCH 109/165] chore: update nixpkgs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 923b31e..f95384d 100644 --- a/flake.lock +++ b/flake.lock @@ -162,11 +162,11 @@ ] }, "locked": { - "lastModified": 1745251259, - "narHash": "sha256-Hf8WEJMMoP6Fe+k+PYkVJFk5UKory2S0jW7HqRVqQFc=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "82ee14ff60611b46588ea852f267aafcc117c8c8", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -262,11 +262,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744917357, - "narHash": "sha256-1Sj8MToixDwakJYNMYBS/PYbg8Oa4CAxreXraMHB5qg=", + "lastModified": 1747418223, + "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1eae3268880484be84199bdb77941c09bb4a97ba", + "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8", "type": "github" }, "original": { @@ -294,11 +294,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { @@ -310,11 +310,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -379,11 +379,11 @@ ] }, "locked": { - "lastModified": 1744961264, - "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { From 6ca9dde866a27d4e0343a28a8cbc1d8b4ba1fb10 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:49:05 +0200 Subject: [PATCH 110/165] chore: update nixpkgs --- flake.lock | 51 ++++++------------ flake.nix | 5 +- nixos/configurations.nix | 110 +++++++++++++++++++++++---------------- outputs.nix | 29 +++++------ 4 files changed, 97 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index f95384d..e980db7 100644 --- a/flake.lock +++ b/flake.lock @@ -277,38 +277,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1747418223, - "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-full": { - "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { "locked": { "lastModified": 1747327360, "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", @@ -324,6 +292,22 @@ "type": "github" } }, + "nixpkgs-small": { + "locked": { + "lastModified": 1747452614, + "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e067fb89ac3e59f993f257c799318132f1492f01", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -336,8 +320,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-full": "nixpkgs-full", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-small": "nixpkgs-small", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 021bc7a..ec49fa2 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,8 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 48d70cd..497a7bf 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,32 +1,42 @@ -{ self -, agenix -, lix-module -, nixpkgs -, nixpkgs-full -, home-manager -, homepage -, nixos-hardware -, nixos-generators -, nixpkgs-unstable -, ... +{ + self, + agenix, + home-manager, + homepage, + lix-module, + nixos-hardware, + nixos-generators, + nixpkgs, + nixpkgs-small, + ... }@inputs: let lixModule = lix-module.nixosModules.default; - nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { - inherit system; + nixosSystem = + { + nixpkgs, + system ? "x86_64-linux", + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; - modules = [ - lixModule - { - nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; - } - ] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; - }; + modules = + [ + lixModule + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; + }; in { gorgon = nixosSystem rec { - n_nixpkgs = nixpkgs-unstable; + nixpkgs = nixpkgs; system = "x86_64-linux"; @@ -34,13 +44,16 @@ in { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { dadada = self; }; + dadada.inputs = inputs // { + dadada = self; + }; } nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 home-manager.nixosModules.home-manager - ({ pkgs, lib, ... }: + ( + { pkgs, lib, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -49,12 +62,14 @@ in { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home; - }) + } + ) ./gorgon/configuration.nix ]; }; surgat = nixosSystem { + nixpkgs = nixpkgs-small; system = "x86_64-linux"; extraModules = [ { @@ -66,34 +81,39 @@ in }; agares = nixosSystem { + nixpkgs = nixpkgs-small; extraModules = [ ./agares/configuration.nix ]; }; - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - lixModule - nixos-generators.nixosModules.install-iso - self.nixosModules.admin - { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; - networking.tempAddresses = "disabled"; - dadada.admin.enable = true; - documentation.enable = true; - documentation.nixos.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - } - ]; - }; + installer = + let + nixpkgs = nixpkgs-small; + in + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + lixModule + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = true; + documentation.nixos.enable = true; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; ninurta = nixosSystem { - n_nixpkgs = nixpkgs-full; + nixpkgs = nixpkgs-small; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/outputs.nix b/outputs.nix index efa3dab..d588f6e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,18 +1,14 @@ # Adapted from Mic92/dotfiles -{ self -, flake-utils -, flake-registry -, homepage -, lix-module -, nixpkgs -, home-manager -, nixos-hardware -, nixpkgs-full -, agenix -, devshell -, ... -} @ inputs: -(flake-utils.lib.eachDefaultSystem (system: +{ + self, + flake-utils, + nixpkgs, + agenix, + devshell, + ... +}@inputs: +(flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; }; in @@ -35,8 +31,9 @@ packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; }; - })) - // { + } +)) +// { hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; From 0d892a1b7e0a6867e5f6f80777819c64056c0288 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 13:05:33 +0200 Subject: [PATCH 111/165] feat: switch to lix from nixpkgs --- flake.lock | 86 +-------------------------------- flake.nix | 4 -- nixos/configurations.nix | 65 ++++++++++++------------- nixos/modules/profiles/base.nix | 4 +- 4 files changed, 35 insertions(+), 124 deletions(-) diff --git a/flake.lock b/flake.lock index e980db7..8a95fce 100644 --- a/flake.lock +++ b/flake.lock @@ -101,39 +101,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -189,41 +156,6 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -316,12 +248,11 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", - "lix-module": "lix-module", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -340,21 +271,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index ec49fa2..05f7349 100644 --- a/flake.nix +++ b/flake.nix @@ -25,10 +25,6 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 497a7bf..adacb51 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -3,7 +3,6 @@ agenix, home-manager, homepage, - lix-module, nixos-hardware, nixos-generators, nixpkgs, @@ -11,8 +10,6 @@ ... }@inputs: let - lixModule = lix-module.nixosModules.default; - nixosSystem = { nixpkgs, @@ -24,7 +21,6 @@ let modules = [ - lixModule { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; } @@ -35,38 +31,40 @@ let }; in { - gorgon = nixosSystem rec { - nixpkgs = nixpkgs; + gorgon = + let + system = "x86_64-linux"; + in + nixosSystem { + inherit nixpkgs system; - system = "x86_64-linux"; - - extraModules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - - home-manager.nixosModules.home-manager - ( - { pkgs, lib, ... }: + extraModules = [ { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { + dadada = self; + }; } - ) - ./gorgon/configuration.nix - ]; - }; + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + ( + { pkgs, lib, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home; + } + ) + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { nixpkgs = nixpkgs-small; @@ -94,7 +92,6 @@ in nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - lixModule nixos-generators.nixosModules.install-iso self.nixosModules.admin { diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index e375cc9..c23a273 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -22,6 +22,8 @@ in time.timeZone = mkDefault "Europe/Berlin"; + nix.package = pkgs.lix; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ From cb69d8edb0a321d9069e3fe2f1a95745d783c927 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 13:43:46 +0200 Subject: [PATCH 112/165] fix: set maximum log retention to 100 days --- nixos/modules/profiles/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index d26358c..1aeab43 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -20,6 +20,7 @@ with lib; { services.journald.extraConfig = '' SystemKeepFree = 2G + MaxRetentionSec = 100days ''; system.autoUpgrade = { From 33bc06ee109b9798676f0c6e192f5000ff7fffe3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 14:01:36 +0200 Subject: [PATCH 113/165] fix(surgat): ssh initrd unlock --- nixos/modules/profiles/cloud.nix | 4 ++-- secrets/secrets.nix | 1 + secrets/surgat-initrd-ssh_host_ed25519_key.age | Bin 0 -> 820 bytes 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 secrets/surgat-initrd-ssh_host_ed25519_key.age diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 98314c7..86e2c74 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; + initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key"; in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; @@ -9,7 +9,7 @@ in enable = true; ssh = { enable = true; - port = 22; + port = 2223; hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7da57e3..d1a5265 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; + "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/surgat-initrd-ssh_host_ed25519_key.age new file mode 100644 index 0000000000000000000000000000000000000000..32dbcbf2ce1b0961f179ad26bb2a5577f8e340cc GIT binary patch literal 820 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73iZz_C|4+tGRfCZ z&d5sgGR!W_3CeS>Dl|^bjxsE-axG0RjLa=_3OB3DF3?X8jN~#X4lm3t^e)eL^GHt% z@isRt&#H*hFUTq`3~<(t(zb{QGRexy^RsYvE=RY`za%>+yIjFFE!W4nFd$evIVZB% zE4#=z(%3E2J0#U3IUuvrE3nu!Afz(I$IQgfJ(;V*JS5fMH6Xy>Fgz^F+a=e}O*_Ri zDLmB3IbFLdBiC2IA}}H^*wMKnDjj5-j&6EUYGQG!LVk^RY!+9cW0Y}rhL1t2g=2U| zdX#fMdPiB~zkGUt8uCA^^sG(y?QfYZensa1UWm=YgK&8HMVs@a9si8}iUx`O} zmVvWDa8ZF_aYZE813kM3k1ORHde^>FMMQs`M%E25m8 zrf<$7t1UjO@xAcLnVW2u?cfU+**y21(FLiW-|v39@qB*&kLfqhSh1E1Gs%Bz`t>Tr zBP3UyThds-|5-%9#B2+F?yXNJueQsZ-Mr6&^Obhkl_gHQEJL<*MQDnse_Wr_7RS%a z{_yj>dv|V3pD=fdd*xpqcbjvb>%V-MTE1qt!ZUfXA1i)ueREBJZlGyprG)>wX!%=W zJGyng-?=lXOYi5dF9ZO&NU2D_HH3{TdTKKN5 zXun#`e);h59lSp{KE9|6e=4~7vQOC0@3U{}mj7RHOLY3bEzyZw=6l|A8wHB3nsQ0$ z#e4_e_%COpJC|6rI~>hyTxXW4737q0n5UmvcSj&j^OB~_+z$Mn$L}z(6)!BRj@;_6pb~8|)hvRk+-ikQ Date: Sat, 17 May 2025 15:02:31 +0200 Subject: [PATCH 114/165] fix(surgat): initrd networking --- nixos/modules/profiles/cloud.nix | 17 +++++++++++++++-- nixos/surgat/configuration.nix | 4 ++++ ... => initrd-surgat-ssh_host_ed25519_key.age} | Bin secrets/secrets.nix | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) rename secrets/{surgat-initrd-ssh_host_ed25519_key.age => initrd-surgat-ssh_host_ed25519_key.age} (100%) diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 86e2c74..ba131e1 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -1,10 +1,18 @@ { config, lib, ... }: let secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key"; + initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; + + boot.kernelParams = [ + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; boot.initrd.network = { enable = true; ssh = { @@ -27,8 +35,13 @@ in ''; }; + assertions = lib.singleton { + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/${initrdHostKey}.age"; + file = "${secretsPath}/initrd-${initrdHostKey}.age"; mode = "600"; path = "/etc/initrd/${initrdHostKey}"; symlink = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 6dad1ee..f2c7ba2 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -137,6 +137,10 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; + boot.kernelParams = [ + "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" + ]; + services.resolved = { enable = true; fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age similarity index 100% rename from secrets/surgat-initrd-ssh_host_ed25519_key.age rename to secrets/initrd-surgat-ssh_host_ed25519_key.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d1a5265..946d855 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,7 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; - "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; From 22a525b5b39f8b1231d1db5c959f9a3ee2bf1fc0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 25 May 2025 14:35:05 +0200 Subject: [PATCH 115/165] feat: switch to KDE --- home/default.nix | 4 ++-- nixos/gorgon/configuration.nix | 23 +++++++++++++++-------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/home/default.nix b/home/default.nix index fd0ddd3..a21362c 100644 --- a/home/default.nix +++ b/home/default.nix @@ -10,7 +10,7 @@ let "direnv" "git" "gpg" - "gtk" + #"gtk" #"keyring" "syncthing" "tmux" @@ -432,7 +432,7 @@ in } ''; - services.poweralertd.enable = true; + #services.poweralertd.enable = true; # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 339f8f4..13b861a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -145,8 +145,12 @@ in dmenu grim # screenshot functionality slurp # screenshot functionality - mako # notification system developed by swaywm maintainer + #mako # notification system developed by swaywm maintainer pulseaudio + + # KDE apps + kdePackages.kmail + kdePackages.kmail-account-wizard ]; networking.firewall = { @@ -195,11 +199,14 @@ in services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; - #services.xserver.enable = true; - #services.xserver.desktopManager.gnome.enable = true; - #services.xserver.displayManager.gdm.enable = true; + # KDE + services = { + desktopManager.plasma6.enable = true; + displayManager.sddm.enable = true; + displayManager.sddm.wayland.enable = true; + }; services.greetd = { - enable = true; + enable = false; settings = { default_session = { command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; @@ -208,7 +215,7 @@ in }; }; systemd.user.services.kanshi = { - enable = true; + enable = false; description = "kanshi daemon"; environment = { WAYLAND_DISPLAY = "wayland-1"; @@ -221,11 +228,11 @@ in }; # enable Sway window manager programs.sway = { - enable = true; + enable = false; wrapperFeatures.gtk = true; }; programs.light.enable = true; - xdg.portal.wlr.enable = true; + xdg.portal.wlr.enable = false; hardware.bluetooth.enable = true; hardware.opengl = { From 74fd474e4a149b37682b2d2a0f1c892e10cbd548 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 25 May 2025 14:45:18 +0200 Subject: [PATCH 116/165] fix: put tmps into RAM --- nixos/modules/profiles/base.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index c23a273..bc08040 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -8,6 +8,9 @@ in ./upgrade-pg-cluster.nix ]; + boot.tmp.useTmpfs = true; + boot.tmp.tmpfsSize = "50%"; + i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { font = "Lat2-Terminus16"; From b638c4125bab3d11aaa29a76f09c769370c095f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 3 Jun 2025 19:51:43 +0200 Subject: [PATCH 117/165] chore: update dependencies --- flake.lock | 63 +++++++++++++++++++++++++++++++++--------------------- flake.nix | 2 +- 2 files changed, 40 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 8a95fce..41a9b46 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,19 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1703089996, - "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { "owner": "ryantm", - "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1747439237, - "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", + "lastModified": 1748955489, + "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", "owner": "nix-community", "repo": "home-manager", - "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", + "rev": "bb846c031be68a96466b683be32704ef6e07b159", "type": "github" }, "original": { @@ -179,11 +179,11 @@ ] }, "locked": { - "lastModified": 1742568034, - "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", + "lastModified": 1747663185, + "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", + "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747129300, - "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "lastModified": 1748942041, + "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e81fd167b33121269149c57806599045fd33eeed", + "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747327360, - "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1747452614, - "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", + "lastModified": 1748942227, + "narHash": "sha256-U1oNpFoDO7QaO4iHsue7atK/5mJy7U1Y37mLU/SRk0o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e067fb89ac3e59f993f257c799318132f1492f01", + "rev": "7ab490624e297ff96f52858bb32b504516b8bb61", "type": "github" }, "original": { @@ -252,7 +252,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -271,6 +271,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -278,11 +293,11 @@ ] }, "locked": { - "lastModified": 1747469671, - "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 05f7349..801e5a2 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ flake = false; }; agenix = { - url = "github:ryantm/agenix/0.15.0"; + url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { From 1402ee13cc3454cf1634626aa7e80fe3c7e6f33a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 3 Jun 2025 20:04:44 +0200 Subject: [PATCH 118/165] chore: reformat --- checks.nix | 24 +-- flake.nix | 2 +- home/dconf.nix | 21 ++- home/modules.nix | 15 +- home/modules/alacritty/default.nix | 12 +- home/modules/colors.nix | 10 +- home/modules/direnv.nix | 12 +- home/modules/git.nix | 12 +- home/modules/gpg.nix | 10 +- home/modules/gtk.nix | 12 +- home/modules/helix/default.nix | 7 +- home/modules/keyring.nix | 10 +- home/modules/session.nix | 10 +- home/modules/ssh.nix | 10 +- home/modules/syncthing.nix | 12 +- home/modules/tmux.nix | 10 +- home/modules/xdg.nix | 12 +- home/modules/zsh.nix | 15 +- home/nixpkgs-config.nix | 3 +- home/pkgs.nix | 8 +- hydra-jobs.nix | 7 +- nixos/agares/configuration.nix | 23 ++- nixos/agares/dns.nix | 5 +- nixos/agares/network.nix | 63 ++++--- nixos/agares/ppp.nix | 7 +- nixos/gorgon/configuration.nix | 59 +++++-- nixos/gorgon/hardware-configuration.nix | 23 ++- nixos/modules/admin.nix | 56 +++--- nixos/modules/backup.nix | 12 +- nixos/modules/borg-server.nix | 27 ++- nixos/modules/ddns.nix | 104 ++++++----- nixos/modules/default.nix | 18 +- nixos/modules/element.nix | 9 +- nixos/modules/fileShare.nix | 10 +- nixos/modules/gitea.nix | 9 +- nixos/modules/headphones.nix | 12 +- nixos/modules/homepage.nix | 10 +- nixos/modules/inputs.nix | 9 +- nixos/modules/profiles/backup.nix | 6 +- nixos/modules/profiles/base.nix | 15 +- nixos/modules/profiles/cloud.nix | 19 +- nixos/modules/profiles/laptop.nix | 13 +- nixos/modules/profiles/server.nix | 16 +- nixos/modules/profiles/upgrade-pg-cluster.nix | 7 +- nixos/modules/share.nix | 12 +- nixos/modules/steam.nix | 12 +- nixos/modules/vpnServer.nix | 57 +++--- nixos/modules/weechat.nix | 12 +- nixos/modules/yubikey.nix | 12 +- nixos/ninurta/configuration.nix | 91 +++++++--- nixos/ninurta/hardware-configuration.nix | 166 ++++++++++-------- nixos/surgat/configuration.nix | 53 ++++-- nixos/surgat/hardware-configuration.nix | 22 ++- outputs.nix | 2 +- overlays.nix | 3 +- pkgs/default.nix | 3 +- secrets/secrets.nix | 100 ++++++++--- 57 files changed, 845 insertions(+), 466 deletions(-) diff --git a/checks.nix b/checks.nix index 65d3493..9505c35 100644 --- a/checks.nix +++ b/checks.nix @@ -1,20 +1,20 @@ -{ self -, flake-utils -, nixpkgs -, ... +{ + self, + flake-utils, + nixpkgs, + ... }: -(flake-utils.lib.eachDefaultSystem (system: +(flake-utils.lib.eachDefaultSystem ( + system: let pkgs = nixpkgs.legacyPackages.${system}; formatter = self.formatter.${system}; in { checks = { - format = pkgs.runCommand - "check-format" - { - buildInputs = [ formatter ]; - } - "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; + format = pkgs.runCommand "check-format" { + buildInputs = [ formatter ]; + } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; }; - })).checks + } +)).checks diff --git a/flake.nix b/flake.nix index 801e5a2..0cc4b5c 100644 --- a/flake.nix +++ b/flake.nix @@ -40,5 +40,5 @@ }; }; - outputs = { ... } @ args: import ./outputs.nix args; + outputs = { ... }@args: import ./outputs.nix args; } diff --git a/home/dconf.nix b/home/dconf.nix index db5ca18..5238c97 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -33,8 +33,20 @@ with lib.hm.gvariant; current = mkUint32 0; per-window = false; show-all-sources = true; - sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ]; - xkb-options = [ "lv3:ralt_switch" "caps:escape" ]; + sources = [ + (mkTuple [ + "xkb" + "eu" + ]) + (mkTuple [ + "xkb" + "de" + ]) + ]; + xkb-options = [ + "lv3:ralt_switch" + "caps:escape" + ]; }; "org/gnome/desktop/interface" = { @@ -127,7 +139,10 @@ with lib.hm.gvariant; composer-attribution-language = "de_DE"; composer-reply-start-bottom = false; composer-signature-in-new-only = true; - composer-spell-languages = [ "de" "en_US" ]; + composer-spell-languages = [ + "de" + "en_US" + ]; composer-top-signature = false; composer-unicode-smileys = false; composer-visually-wrap-long-lines = true; diff --git a/home/modules.nix b/home/modules.nix index 0e295c9..0a6c961 100644 --- a/home/modules.nix +++ b/home/modules.nix @@ -1,8 +1,13 @@ { lib, ... }: -with lib; let - modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) - (builtins.readDir dir); - modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) - (modules' dir); +with lib; +let + modules' = + dir: + filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir); + modules = + dir: + mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( + modules' dir + ); in (modules ./modules) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 086b945..da9f503 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -1,9 +1,11 @@ -{ pkgs -, lib -, config -, ... +{ + pkgs, + lib, + config, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.alacritty; in { diff --git a/home/modules/colors.nix b/home/modules/colors.nix index 5c197a1..a4dc5c7 100644 --- a/home/modules/colors.nix +++ b/home/modules/colors.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; { +with lib; +{ options.dadada.home.colors = mkOption { type = types.attrs; description = "Color scheme"; diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index cf36bf1..27a0907 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.direnv; in { diff --git a/home/modules/git.nix b/home/modules/git.nix index 7762612..92c4c12 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,9 +1,11 @@ -{ config -, lib -, pkgs -, ... +{ + config, + lib, + pkgs, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.git; allowedSigners = pkgs.writeTextFile { name = "allowed-signers"; diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index d1af776..baa17dd 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.gpg; in { diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index eb6dae8..5dcd2e6 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -1,9 +1,11 @@ -{ config -, lib -, pkgs -, ... +{ + config, + lib, + pkgs, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.gtk; in { diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 2ffdc51..7717423 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.dadada.home.helix; in diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index e82d476..48b8b54 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.keyring; in { diff --git a/home/modules/session.nix b/home/modules/session.nix index 879400d..ba5c941 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.session; in { diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index 96f4ed3..b8aab54 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.ssh; in { diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix index fd566b4..8095904 100644 --- a/home/modules/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.syncthing; in { diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 70f2974..063b8f2 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.tmux; in { diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index cccf70e..02cadaf 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let apps = { "x-scheme-handler/mailto" = "evolution.desktop"; "message/rfc822" = "evolution.desktop"; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index a095bff..96364ff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.zsh; in { @@ -45,8 +47,7 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' ''; - profileExtra = '' - ''; + profileExtra = ''''; shellAliases = { ga = "git add"; gc = "git commit"; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 83fcdbc..6a29a63 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,4 +1,5 @@ -{ pkgs }: { +{ pkgs }: +{ allowUnfree = true; allowUnfreePredicate = pkg: true; allowBroken = false; diff --git a/home/pkgs.nix b/home/pkgs.nix index 0facf12..8fd23e8 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -1,5 +1,6 @@ { pkgs }: -with pkgs; [ +with pkgs; +[ anki aqbanking aria2 @@ -105,7 +106,10 @@ with pkgs; [ prusa-slicer pv pwgen - (python3.withPackages (pkgs: [pkgs.pandas pkgs.requests])) + (python3.withPackages (pkgs: [ + pkgs.pandas + pkgs.requests + ])) ranger reptyr ripgrep diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 1d7dde7..3369943 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -1,5 +1,4 @@ { self, nixpkgs, ... }: -(nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) - self.nixosConfigurations -) +(nixpkgs.lib.mapAttrs' ( + name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel +) self.nixosConfigurations) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index c8ab058..ba00c29 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,7 +1,8 @@ -{ config -, modulesPath -, pkgs -, ... +{ + config, + modulesPath, + pkgs, + ... }: { imports = [ @@ -30,7 +31,10 @@ fileSystems."/swap" = { device = "/dev/sda1"; fsType = "btrfs"; - options = [ "subvol=/root/swap" "noatime" ]; + options = [ + "subvol=/root/swap" + "noatime" + ]; }; #swapDevices = [{ @@ -49,7 +53,14 @@ networking.hostName = "agares"; networking.domain = "bs.dadada.li"; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "ehci_pci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; # Use the GRUB 2 boot loader. diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index 7e52d8b..fe2843f 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -66,7 +66,10 @@ ]; stub-zone = let - stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; }; + stubZone = name: addrs: { + name = "${name}"; + stub-addr = addrs; + }; in [ #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index af15e05..6d86d22 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -10,7 +10,10 @@ in enable = true; links = { "10-persistent" = { - matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network] + matchConfig.OriginalName = [ + "enp1s0" + "enp2s0" + ]; # takes search domains from the [Network] linkConfig.MACAddressPolicy = "persistent"; }; }; @@ -49,19 +52,21 @@ in PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; ListenPort = 51234; }; - wireguardPeers = [{ - wireguardPeerConfig = - let - peerAddresses = i: [ - "${ipv4Prefix}.120.${i}/32" - "${ulaPrefix}:120::${i}/128" - ]; - in - { - PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - AllowedIPs = peerAddresses "3"; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = + let + peerAddresses = i: [ + "${ipv4Prefix}.120.${i}/32" + "${ulaPrefix}:120::${i}/128" + ]; + in + { + PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + AllowedIPs = peerAddresses "3"; + }; + } + ]; }; "20-wg0" = { netdevConfig = { @@ -137,7 +142,10 @@ in "10-mgmt" = lib.mkMerge [ (subnet "enp1s0" "100") { - networkConfig.VLAN = [ "lan.10" "ff.11" ]; + networkConfig.VLAN = [ + "lan.10" + "ff.11" + ]; dhcpServerStaticLeases = [ { # legion @@ -158,13 +166,24 @@ in ]; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; + address = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Destination = "10.3.3.1/24"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } + { + routeConfig = { + Destination = "10.3.3.1/24"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:121::1/64"; + }; + } ]; }; "30-lan" = subnet "lan.10" "101" // { @@ -266,10 +285,14 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; + routeConfig = { + Destination = "${ipv4Prefix}.120.1/24"; + }; } { - routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; + routeConfig = { + Destination = "${ulaPrefix}::120:1/64"; + }; } ]; }; diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix index dc26e46..ffa5bc4 100644 --- a/nixos/agares/ppp.nix +++ b/nixos/agares/ppp.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let secretsPath = config.dadada.secrets.path; in diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 13b861a..9c8b8e3 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let xilinxJtag = pkgs.writeTextFile { @@ -104,13 +105,18 @@ in passwordFile = config.age.secrets.paperless.path; }; - systemd.tmpfiles.rules = let cfg = config.services.paperless; in [ - (if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; age.secrets.paperless = { file = "${config.dadada.secrets.path}/paperless.age"; @@ -130,12 +136,14 @@ in ]; }; - hardware.printers.ensurePrinters = [{ - name = "Brother_HL-L2300D"; - model = "everywhere"; - location = "BS"; - deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - }]; + hardware.printers.ensurePrinters = [ + { + name = "Brother_HL-L2300D"; + model = "everywhere"; + location = "BS"; + deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + } + ]; environment.systemPackages = with pkgs; [ android-studio @@ -175,7 +183,7 @@ in saleaeLogic keychron pkgs.libsigrok - ]; #noMtpUdevRules ]; + ]; # noMtpUdevRules ]; virtualisation.libvirtd.enable = true; @@ -187,7 +195,20 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ]; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "adbusers" + "kvm" + "video" + "scanner" + "lp" + "docker" + "dialout" + "wireshark" + "paperless" + ]; shell = "/run/current-system/sw/bin/zsh"; }; }; diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index 4155fae..30d7447 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -1,17 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "ehci_pci" + "xhci_pci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 873832d..07323da 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -1,11 +1,16 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.admin; - extraGroups = [ "wheel" "libvirtd" ]; + extraGroups = [ + "wheel" + "libvirtd" + ]; shells = { "bash" = pkgs.bashInteractive; @@ -16,22 +21,32 @@ with lib; let shellNames = builtins.attrNames shells; adminOpts = - { name - , config - , ... - }: { + { + name, + config, + ... + }: + { options = { keys = mkOption { type = types.listOf types.str; default = [ ]; - apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; + apply = + x: + assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); + x; description = '' The keys that should be able to access the account. ''; }; shell = mkOption { type = types.nullOr types.str; - apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; + apply = + x: + assert ( + builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}" + ); + x; default = "zsh"; defaultText = literalExpression "zsh"; example = literalExpression "bash"; @@ -81,15 +96,12 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - users.users = - mapAttrs - (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; - isNormalUser = true; - openssh.authorizedKeys.keys = keys.keys; - }) - cfg.users; + users.users = mapAttrs (user: keys: { + shell = shells."${keys.shell}"; + extraGroups = extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + }) cfg.users; nix.settings.trusted-users = builtins.attrNames cfg.users; @@ -103,7 +115,7 @@ in services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [{ port = 22; }]; + map = [ { port = 22; } ]; }; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 0ec680f..095fd35 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let backupExcludes = [ "/backup" "/dev" diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index c1aceeb..594f356 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -1,6 +1,11 @@ { config, lib, ... }: let - inherit (lib) mkEnableOption mkIf mkOption types; + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; cfg = config.dadada.borgServer; in { @@ -20,31 +25,41 @@ in services.borgbackup.repos = { "metis" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" + ]; path = "${cfg.path}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" + ]; path = "${cfg.path}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" + ]; path = "${cfg.path}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" + ]; path = "${cfg.path}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" + ]; path = "${cfg.path}/wohnzimmerpi"; quota = "50G"; }; diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index af7d725..594be6d 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -1,52 +1,70 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.ddns; - ddnsConfig = { domains, credentialsPath, interface }: { - systemd.timers = listToAttrs (forEach domains (domain: - nameValuePair "ddns-${domain}" - { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${domain}.service" ]; - timerConfig.OnCalendar = "hourly"; - })); + ddnsConfig = + { + domains, + credentialsPath, + interface, + }: + { + systemd.timers = listToAttrs ( + forEach domains ( + domain: + nameValuePair "ddns-${domain}" { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${domain}.service" ]; + timerConfig.OnCalendar = "hourly"; + } + ) + ); - systemd.services = listToAttrs (forEach domains (domain: - nameValuePair "ddns-${domain}" - { - serviceConfig = { - Type = "oneshot"; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - PrivateMounts = true; - PrivateIPC = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - BindReadOnlyPaths = [ credentialsPath ]; - NoNewPrivileges = true; - CapabilitBoundingSet = [ ]; - }; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } + systemd.services = listToAttrs ( + forEach domains ( + domain: + nameValuePair "ddns-${domain}" { + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + PrivateMounts = true; + PrivateIPC = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + BindReadOnlyPaths = [ credentialsPath ]; + NoNewPrivileges = true; + CapabilitBoundingSet = [ ]; + }; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } - IFS=':' - read -r user password < ${credentialsPath} - unset IFS + IFS=':' + read -r user password < ${credentialsPath} + unset IFS - curl_url=$(url "$user" "$password" ${domain}) + curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true - ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} - ''; - })); - }; + ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${ + if interface == null then "" else "--interface ${interface}" + } || true + ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${ + if interface == null then "" else "--interface ${interface}" + } + ''; + } + ) + ); + }; in { options = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index d0554cc..fa94c8c 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,8 +1,16 @@ { lib, ... }: -with lib; let - modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))) - (builtins.readDir dir); - modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) - (modules' dir); +with lib; +let + modules' = + dir: + filterAttrs ( + name: type: + (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))) + ) (builtins.readDir dir); + modules = + dir: + mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( + modules' dir + ); in (modules ./.) diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix index 2a45da1..2fcefec 100644 --- a/nixos/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let cfg = config.dadada.element; diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix index 5b6a0f2..a3a72ba 100644 --- a/nixos/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 259815a..783bf6f 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let cfg = config.dadada.forgejo; diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix index 585a5dd..877be07 100644 --- a/nixos/modules/headphones.nix +++ b/nixos/modules/headphones.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.headphones; in { diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index b04c3b2..193e71e 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,11 +1,13 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: let cfg = config.dadada.homepage; in -with lib; { +with lib; +{ options.dadada.homepage = { enable = mkEnableOption "Enable home page"; package = mkOption { diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix index 4db219c..9d18883 100644 --- a/nixos/modules/inputs.nix +++ b/nixos/modules/inputs.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let cfg = config.dadada.inputs; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index a5ad0eb..d333804 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -21,6 +21,8 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; + age.secrets."${config.networking.hostName}-backup-passphrase".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = + "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index bc08040..b681d72 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -27,7 +32,7 @@ in nix.package = pkgs.lix; - nix.settings.substituters = [ https://cache.nixos.org/ ]; + nix.settings.substituters = [ "https://cache.nixos.org/" ]; nix.settings.trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" @@ -56,7 +61,10 @@ in services.resolved = { enable = mkDefault true; - fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; + fallbackDns = [ + "9.9.9.9#dns.quad9.net" + "2620:fe::fe:11#dns11.quad9.net" + ]; }; programs.zsh.enable = mkDefault true; @@ -64,4 +72,3 @@ in # Avoid some bots services.openssh.ports = [ 2222 ]; } - diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index ba131e1..de57714 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -21,14 +21,13 @@ in hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; - authorizedKeys = with lib; - concatLists (mapAttrsToList - (name: user: - if elem "wheel" user.extraGroups then - user.openssh.authorizedKeys.keys - else - [ ]) - config.users.users); + authorizedKeys = + with lib; + concatLists ( + mapAttrsToList ( + name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] + ) config.users.users + ); }; postCommands = '' echo 'cryptsetup-askpass' >> /root/.profile @@ -36,7 +35,9 @@ in }; assertions = lib.singleton { - assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + assertion = + (config.boot.initrd.network.ssh.hostKeys != [ ]) + -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index bdba617..d9f0bde 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,12 +1,14 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: let inputs = config.dadada.inputs; secretsPath = config.dadada.secrets.path; in -with lib; { +with lib; +{ imports = [ ./backup.nix ./base.nix @@ -53,5 +55,6 @@ with lib; { passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 1aeab43..724655f 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; { +with lib; +{ imports = [ ./backup.nix ./base.nix @@ -16,7 +18,9 @@ with lib; { documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }); + services.btrfs.autoScrub.enable = mkDefault ( + (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { } + ); services.journald.extraConfig = '' SystemKeepFree = 2G diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix index 3042265..486bf29 100644 --- a/nixos/modules/profiles/upgrade-pg-cluster.nix +++ b/nixos/modules/profiles/upgrade-pg-cluster.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { environment.systemPackages = lib.mkIf config.services.postgresql.enable [ ( diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix index a4e5f9c..7c7410b 100644 --- a/nixos/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.share; in { diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index 82944eb..b6b0846 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.steam; in { diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 6c0513f..ee2298e 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,28 +1,32 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.vpnServer; - wgPeer = { name, ... }: { - options = { - name = mkOption { - internal = true; - default = name; - }; - id = mkOption { - description = "VPN client id"; - default = 0; - type = types.str; - }; - key = mkOption { - description = "VPN client public key"; - default = ""; - type = types.str; + wgPeer = + { name, ... }: + { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; + }; }; }; - }; in { options.dadada.vpnServer = { @@ -41,13 +45,10 @@ in privateKeyFile = "/var/lib/wireguard/wg0-key"; ips = [ "fd42:9c3b:f96d:0201::0/64" ]; listenPort = 51234; - peers = - map - (peer: { - allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; - publicKey = peer.key; - }) - (attrValues cfg.peers); + peers = map (peer: { + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; + publicKey = peer.key; + }) (attrValues cfg.peers); postSetup = '' wg set wg0 fwmark 51234 ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index e3d8f48..6ff0106 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.weechat; in { diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 77f4394..4be4492 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let yubikey = config.dadada.yubikey; in { diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 15c8a24..d4eed97 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let hostAliases = [ "ifrit.dadada.li" @@ -37,7 +42,10 @@ in }; }; - services.openssh.ports = [ 22 2222 ]; + services.openssh.ports = [ + 22 + 2222 + ]; dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -59,7 +67,9 @@ in boot.loader.efi.canTouchEfiVariables = true; assertions = lib.singleton { - assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + assertion = + (config.boot.initrd.network.ssh.hostKeys != [ ]) + -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; @@ -183,7 +193,12 @@ in { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; maxJobs = 16; } ]; @@ -277,26 +292,48 @@ in }; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ]; + address = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Destination = "10.3.3.1/24"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } + { + routeConfig = { + Destination = "10.3.3.1/24"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:121::1/64"; + }; + } ]; }; "30-uwu" = { matchConfig.Name = "uwu"; - address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; + address = [ + "10.11.0.39/24" + "fc00:1337:dead:beef::10.11.0.39/128" + ]; dns = [ "10.11.0.1%uwu#uwu" ]; domains = [ "uwu" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Destination = "10.11.0.0/22"; }; } - { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } + { + routeConfig = { + Destination = "10.11.0.0/22"; + }; + } + { + routeConfig = { + Destination = "fc00:1337:dead:beef::10.11.0.0/118"; + }; + } ]; }; "20-br0" = { @@ -337,7 +374,10 @@ in { wireguardPeerConfig = { PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; + AllowedIPs = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; PersistentKeepalive = 25; Endpoint = "surgat.dadada.li:51235"; }; @@ -345,7 +385,10 @@ in { wireguardPeerConfig = { PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; + AllowedIPs = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; Endpoint = "192.168.101.1:51235"; }; } @@ -359,15 +402,21 @@ in wireguardConfig = { PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; }; - wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ + "10.11.0.0/22" + "fc00:1337:dead:beef::10.11.0.0/118" + "192.168.178.0/23" + ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; + }; + } + ]; }; }; }; diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index 8de34e8..cd6b64b 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -1,89 +1,115 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "igc" + "xhci_pci" + "thunderbolt" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "compress=zstd" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; - fileSystems."/swap" = + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=swap" + "noatime" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "noatime" + "compress=zstd" + ]; + }; + + fileSystems."/var" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=var" + "compress=zstd" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + ]; + }; + + fileSystems."/root" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2E20-49CB"; + fsType = "vfat"; + }; + + swapDevices = [ { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=swap" "noatime" ]; - }; + device = "/swap/swapfile"; + size = 32 * 1024; # 32 GByte + } + ]; - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=nix" "noatime" "compress=zstd" ]; - }; + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; - fileSystems."/var" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=var" "compress=zstd" ]; - }; - - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" ]; - }; - - fileSystems."/root" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/2E20-49CB"; - fsType = "vfat"; - }; - - swapDevices = [{ - device = "/swap/swapfile"; - size = 32 * 1024; # 32 GByte - }]; - - - fileSystems."/mnt/storage" = - { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - - fileSystems."/mnt/storage/backups" = - { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ "subvol=backups" "noatime" ]; - }; + fileSystems."/mnt/storage/backups" = { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ + "subvol=backups" + "noatime" + ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index f2c7ba2..5cd9596 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,6 +1,7 @@ -{ config -, pkgs -, ... +{ + config, + pkgs, + ... }: let hostName = "surgat"; @@ -85,14 +86,29 @@ in }; "10-ninurta" = { matchConfig.Name = "ninurta"; - address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; + address = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = "no"; routes = [ - { routeConfig = { Destination = "10.3.3.3/24"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; } + { + routeConfig = { + Destination = "10.3.3.3/24"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:121::/64"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:101::/64"; + }; + } ]; }; }; @@ -106,12 +122,18 @@ in PrivateKeyFile = "/var/lib/wireguard/hydra"; ListenPort = 51235; }; - wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ]; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" + ]; + }; + } + ]; }; }; }; @@ -143,7 +165,10 @@ in services.resolved = { enable = true; - fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; + fallbackDns = [ + "9.9.9.9" + "2620:fe::fe" + ]; }; system.autoUpgrade.allowReboot = false; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix index 71b7257..8476779 100644 --- a/nixos/surgat/hardware-configuration.nix +++ b/nixos/surgat/hardware-configuration.nix @@ -1,17 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "virtio_pci" + "xhci_pci" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/outputs.nix b/outputs.nix index d588f6e..aea7953 100644 --- a/outputs.nix +++ b/outputs.nix @@ -26,7 +26,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = pkgs.nixpkgs-fmt; + formatter = pkgs.nixfmt-tree; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; diff --git a/overlays.nix b/overlays.nix index 2c63c08..ffcd441 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,2 +1 @@ -{ -} +{ } diff --git a/pkgs/default.nix b/pkgs/default.nix index c78fe50..9fce6e9 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,2 +1 @@ -{ pkgs }: -{ } +{ pkgs }: { } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 946d855..1da186e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,30 +9,82 @@ let surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; }; backupSecrets = hostName: { - "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ]; - "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ]; + "${hostName}-backup-passphrase.age".publicKeys = [ + systems.${hostName} + dadada + ]; + "${hostName}-backup-ssh-key.age".publicKeys = [ + systems.${hostName} + dadada + ]; }; in { - "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ]; - "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ]; - "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ]; - "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ]; - "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; - "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; - "paperless.age".publicKeys = [ systems.gorgon dadada ]; - "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; - "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; - "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; - "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; - "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ]; - "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ]; - "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ]; - "agares-wg0-key.age".publicKeys = [ systems.agares dadada ]; -} // -backupSecrets "ninurta" // -backupSecrets "gorgon" // -backupSecrets "ifrit" // -backupSecrets "pruflas" // -backupSecrets "surgat" // -backupSecrets "agares" + "pruflas-wg0-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "pruflas-wg0-preshared-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "pruflas-wg-hydra-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "hydra-github-authorization.age".publicKeys = [ + systems.ninurta + dadada + ]; + "miniflux-admin-credentials.age".publicKeys = [ + systems.surgat + dadada + ]; + "gorgon-backup-passphrase-gs.age".publicKeys = [ + systems.gorgon + dadada + ]; + "paperless.age".publicKeys = [ + systems.gorgon + dadada + ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ + systems.surgat + dadada + ]; + "surgat-ssh_host_ed25519_key.age".publicKeys = [ + systems.surgat + dadada + ]; + "ninurta-initrd-ssh-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "ddns-credentials.age".publicKeys = [ + systems.agares + systems.ninurta + dadada + ]; + "etc-ppp-chap-secrets.age".publicKeys = [ + systems.agares + dadada + ]; + "etc-ppp-telekom-secret.age".publicKeys = [ + systems.agares + dadada + ]; + "wg-privkey-vpn-dadada-li.age".publicKeys = [ + systems.agares + dadada + ]; + "agares-wg0-key.age".publicKeys = [ + systems.agares + dadada + ]; +} +// backupSecrets "ninurta" +// backupSecrets "gorgon" +// backupSecrets "ifrit" +// backupSecrets "pruflas" +// backupSecrets "surgat" +// backupSecrets "agares" From 56af1ef2219d7033c33760c48c133f1c52bc1d87 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Jun 2025 15:37:30 +0200 Subject: [PATCH 119/165] chore: update dependencies --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 41a9b46..0aba46f 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1748955489, - "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", + "lastModified": 1749358668, + "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb846c031be68a96466b683be32704ef6e07b159", + "rev": "06451df423dd5e555f39857438ffc16c5b765862", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1748942041, - "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1749143949, + "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1748942227, - "narHash": "sha256-U1oNpFoDO7QaO4iHsue7atK/5mJy7U1Y37mLU/SRk0o=", + "lastModified": 1749289455, + "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ab490624e297ff96f52858bb32b504516b8bb61", + "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80", "type": "github" }, "original": { @@ -293,11 +293,11 @@ ] }, "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", "type": "github" }, "original": { From 1c96f0b762ee7debf4496075bcf12b9e062667e5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 23 Jun 2025 13:13:28 +0200 Subject: [PATCH 120/165] feat(home): add thunderbird --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 8fd23e8..1a073ce 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -130,6 +130,7 @@ with pkgs; taplo tcpdump tdesktop + thunderbird tmux ttyd unzip From 60a71a78055598560815879b247f2454f6d5c856 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 23 Jun 2025 13:15:02 +0200 Subject: [PATCH 121/165] chore(flake.lock): Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1' (2025-05-18) → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf' (2025-06-17) • Updated input 'home-manager': 'github:nix-community/home-manager/06451df423dd5e555f39857438ffc16c5b765862' (2025-06-08) → 'github:nix-community/home-manager/4c9e99e8e8e36bcdfa9cdb102e45e4dc95aa5c5b' (2025-06-23) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/4602f7e1d3f197b3cb540d5accf5669121629628' (2025-06-06) → 'github:NixOS/nixos-hardware/1552a9f4513f3f0ceedcf90320e48d3d47165712' (2025-06-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d3d2d80a2191a73d1e86456a751b83aa13085d7d' (2025-06-05) → 'github:NixOS/nixpkgs/4206c4cb56751df534751b058295ea61357bbbaa' (2025-06-21) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/6dbd508802ef3f74cf792a25b653861ed8360a80' (2025-06-07) → 'github:NixOS/nixpkgs/3233bc422b7c868fe5c853e82888d5dbbbd9f0c6' (2025-06-23) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 0aba46f..db709a1 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1749358668, - "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=", + "lastModified": 1750654717, + "narHash": "sha256-YXlhTUGaLAY1rSosaRXO5RSGriEyF9BGdLkpKV+9jyI=", "owner": "nix-community", "repo": "home-manager", - "rev": "06451df423dd5e555f39857438ffc16c5b765862", + "rev": "4c9e99e8e8e36bcdfa9cdb102e45e4dc95aa5c5b", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1749289455, - "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=", + "lastModified": 1750666157, + "narHash": "sha256-5xSV9MLO0pqsaoGEDx2um0gvEZhMg0uIsR68NrQbiY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80", + "rev": "3233bc422b7c868fe5c853e82888d5dbbbd9f0c6", "type": "github" }, "original": { From b8bab96d1407bffd024b3852361fb8233436a5e1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 13:53:31 +0200 Subject: [PATCH 122/165] feat(gorgon): enable zram swap --- nixos/gorgon/configuration.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9c8b8e3..d73c803 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -70,11 +70,10 @@ in }; }; }; - kernel.sysctl = { - "vm.swappiness" = 90; - }; }; + zramSwap.enable = true; + networking.hostName = "gorgon"; dadada = { From 205358ae772d18fa0fc846d2b320c45cd020f75d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 13:59:46 +0200 Subject: [PATCH 123/165] chore(flake): update --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index db709a1..61ac08a 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1750654717, - "narHash": "sha256-YXlhTUGaLAY1rSosaRXO5RSGriEyF9BGdLkpKV+9jyI=", + "lastModified": 1750730235, + "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", "owner": "nix-community", "repo": "home-manager", - "rev": "4c9e99e8e8e36bcdfa9cdb102e45e4dc95aa5c5b", + "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750666157, - "narHash": "sha256-5xSV9MLO0pqsaoGEDx2um0gvEZhMg0uIsR68NrQbiY8=", + "lastModified": 1750752886, + "narHash": "sha256-pP1ZBxEo44HbLDyXVPPK8BQO882eGKpW9zzXliGFA/8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3233bc422b7c868fe5c853e82888d5dbbbd9f0c6", + "rev": "83685a4ccd44d2d4c09f2e5f7773d2f3f2156121", "type": "github" }, "original": { From e1b800140719978f54c91298eb4d3799c32d388f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 14:45:47 +0200 Subject: [PATCH 124/165] fix: replace redundant home-manager input --- flake.lock | 27 ++++----------------------- flake.nix | 1 + 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index 61ac08a..71cdaaa 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,9 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", + "home-manager": [ + "home-manager" + ], "nixpkgs": [ "nixpkgs" ], @@ -102,27 +104,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -246,7 +227,7 @@ "devshell": "devshell", "flake-registry": "flake-registry", "flake-utils": "flake-utils", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "homepage": "homepage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 0cc4b5c..6ccece0 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; }; devshell = { url = "github:numtide/devshell"; From 89b763e9f8d43a412935c11a8dfc4a839e5f684e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 14:46:01 +0200 Subject: [PATCH 125/165] fix(home): replace broken http-prompt --- home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 1a073ce..7a707e1 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -48,7 +48,6 @@ with pkgs; h # Manage git repos hexyl # hex viewer htop - http-prompt httpie hub hyperfine # A command-line benchmarking tool. From c53d67a7881eca1a92bffae2f0a590e3c28933d0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 15:10:32 +0200 Subject: [PATCH 126/165] fix(gorgon): comment out failing ensurePrinters --- nixos/gorgon/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d73c803..0f14aa9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -135,14 +135,14 @@ in ]; }; - hardware.printers.ensurePrinters = [ - { - name = "Brother_HL-L2300D"; - model = "everywhere"; - location = "BS"; - deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - } - ]; + #hardware.printers.ensurePrinters = [ + # { + # name = "Brother_HL-L2300D"; + # model = "everywhere"; + # location = "BS"; + # deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + # } + #]; environment.systemPackages = with pkgs; [ android-studio From f23cbdf69c549fed78850d865c603f3f7c37a279 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 19:04:13 +0200 Subject: [PATCH 127/165] fix(flake): update inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 71cdaaa..2614b93 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1750730235, - "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", + "lastModified": 1750781171, + "narHash": "sha256-39oPt8TJZmt3bNEKBcwB+QuasiavRDwM5jkw6UkRb98=", "owner": "nix-community", "repo": "home-manager", - "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", + "rev": "a4bac2b9ba2f9bd68032880da8ae6b44fbc46047", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750752886, - "narHash": "sha256-pP1ZBxEo44HbLDyXVPPK8BQO882eGKpW9zzXliGFA/8=", + "lastModified": 1750776346, + "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "83685a4ccd44d2d4c09f2e5f7773d2f3f2156121", + "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", "type": "github" }, "original": { From a414e85e51b52e4c44fc398b07d75c8216eb8213 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 12 Jul 2025 09:56:07 +0200 Subject: [PATCH 128/165] feat: add driver package for ticket printer --- nixos/gorgon/configuration.nix | 1 + nixos/ninurta/printing.nix | 7 +++- pkgs/citizen-cups.nix | 70 ++++++++++++++++++++++++++++++++++ pkgs/default.nix | 4 +- 4 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 pkgs/citizen-cups.nix diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0f14aa9..d34d0e7 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,6 +128,7 @@ in enable = true; browsing = true; drivers = with pkgs; [ + config.dadada.pkgs.citizen-cups hplip brlaser brgenml1lpr diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index e22c989..c1d2aa8 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ cfg, pkgs, ... }: { hardware = { printers = { @@ -29,7 +29,10 @@ services.printing = { enable = true; - drivers = [ pkgs.brlaser ]; + drivers = [ + pkgs.brlaser + pkgs.gutenprint + ]; # Remove all state at the start of the service stateless = true; listenAddresses = [ "192.168.101.29:631" ]; diff --git a/pkgs/citizen-cups.nix b/pkgs/citizen-cups.nix new file mode 100644 index 0000000..9a63bdd --- /dev/null +++ b/pkgs/citizen-cups.nix @@ -0,0 +1,70 @@ +{ + cups, + fetchzip, + lib, + stdenv, + rpm, +}: + +let + version = "1.2.8"; +in +stdenv.mkDerivation { + inherit version; + name = "citizen-cups"; + pname = "citizen-cups"; + + src = fetchzip { + url = "https://www.citizen-systems.com/resource/support/POS/Generic_Printer_Files/CUPS_Linux_Driver/CUPS_Linux_Driver.zip"; + hash = "sha256-2ha24/7oS/rINKmYxyVryX66kkc6niCChxhw/2KOPSw="; + }; + + nativeBuildInputs = [ + rpm + ]; + + buildInputs = [ + cups + ]; + + postUnpack = '' + pushd source + ls -la + rpm2archive ctzpos-cups-1.2.8-0.src.rpm + tar xvf ctzpos-cups-1.2.8-0.src.rpm.tgz + tar xvf ctzpos-cups-1.2.8.tar.bz2 + popd + ''; + + buildPhase = '' + runHook preBuild + pushd "ctzpos-cups-${version}"; + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocbm1k rastertocbm1k.c -lcupsimage -lcups + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocds500 rastertocds500.c -lcupsimage -lcups + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocts2kl rastertocts2kl.c -lcupsimage -lcups + popd + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/cups/filter + install -D -m 755 ./ctzpos-cups-${version}/rastertocbm1k $out/lib/cups/filter/rastertocbm1k + install -D -m 755 ./ctzpos-cups-${version}/rastertocds500 $out/lib/cups/filter/rastertocds500 + install -D -m 755 ./ctzpos-cups-${version}/rastertocts2kl $out/lib/cups/filter/rastertocts2kl + + mkdir -p $out/share/cups/model/citizen + install -D -m 644 ./ctzpos-cups-${version}/*.ppd $out/share/cups/model/citizen + + runHook postInstall + ''; + + meta = with lib; { + description = "Citizen CUPS drivers and filters"; + homepage = "https://www.citizen-systems.com"; + #license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ dadada ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 9fce6e9..9cd9053 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1 +1,3 @@ -{ pkgs }: { } +{ pkgs }: { + citizen-cups = pkgs.callPackage ./citizen-cups.nix {}; +} From 1f9c599c405446eb372c05ee59109cf1113c7fd6 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 12 Jul 2025 09:57:38 +0200 Subject: [PATCH 129/165] chore: Update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/a4bac2b9ba2f9bd68032880da8ae6b44fbc46047' (2025-06-24) → 'github:nix-community/home-manager/392ddb642abec771d63688c49fa7bcbb9d2a5717' (2025-07-12) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc' (2025-05-19) → 'github:nix-community/nixos-generators/032decf9db65efed428afd2fa39d80f7089085eb' (2025-07-07) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/1552a9f4513f3f0ceedcf90320e48d3d47165712' (2025-06-20) → 'github:NixOS/nixos-hardware/7ced9122cff2163c6a0212b8d1ec8c33a1660806' (2025-07-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4206c4cb56751df534751b058295ea61357bbbaa' (2025-06-21) → 'github:NixOS/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0' (2025-07-08) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/4396a137499b6cc9f9fe9f3c266577bd52d455a4' (2025-06-24) → 'github:NixOS/nixpkgs/d3807bc34e7d086b4754e1c842505570e23f9d01' (2025-07-12) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/a05be418a1af1198ca0f63facb13c985db4cb3c5' (2025-06-06) → 'github:numtide/treefmt-nix/c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9' (2025-07-09) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2614b93..a2f410e 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1750781171, - "narHash": "sha256-39oPt8TJZmt3bNEKBcwB+QuasiavRDwM5jkw6UkRb98=", + "lastModified": 1752286566, + "narHash": "sha256-A4nftqiNz2bNihz0bKY94Hq/6ydR6UQOcGioeL7iymY=", "owner": "nix-community", "repo": "home-manager", - "rev": "a4bac2b9ba2f9bd68032880da8ae6b44fbc46047", + "rev": "392ddb642abec771d63688c49fa7bcbb9d2a5717", "type": "github" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -191,11 +191,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750776346, - "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", + "lastModified": 1752298176, + "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", + "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", "type": "github" }, "original": { @@ -274,11 +274,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { From 0e9b76da4831dcc7ad23f2c93b39a91727ea74f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Jul 2025 20:36:26 +0200 Subject: [PATCH 130/165] fix: some deprecations --- home/modules/zsh.nix | 2 +- nixos/configurations.nix | 37 +++- nixos/modules/profiles/base.nix | 4 +- nixos/modules/profiles/laptop.nix | 2 +- nixos/stolas/default.nix | 297 ++++++++++++++++++++++++++++++ 5 files changed, 335 insertions(+), 7 deletions(-) create mode 100644 nixos/stolas/default.nix diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 96364ff..7a0cd6c 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -34,7 +34,7 @@ in }; plugins = [ ]; - initExtra = '' + initContent = '' source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh diff --git a/nixos/configurations.nix b/nixos/configurations.nix index adacb51..14780f1 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -31,6 +31,39 @@ let }; in { + stolas = + let + system = "x86_64-linux"; + in + nixosSystem { + inherit nixpkgs system; + + extraModules = [ + # TODO lanzaboote.nixosModules.lanzaboote + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { + dadada = self; + }; + } + nixos-hardware.nixosModules.framework-amd-ai-300-series + home-manager.nixosModules.home-manager + ( + { pkgs, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + ]; + home-manager.users.dadada = import ../home; + } + ) + ./stolas + ]; + }; + gorgon = let system = "x86_64-linux"; @@ -46,12 +79,10 @@ in dadada = self; }; } - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager ( - { pkgs, lib, ... }: + { pkgs, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index b681d72..0976788 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -13,8 +13,8 @@ in ./upgrade-pg-cluster.nix ]; - boot.tmp.useTmpfs = true; - boot.tmp.tmpfsSize = "50%"; + boot.tmp.useTmpfs = lib.mkDefault true; + boot.tmp.tmpfsSize = lib.mkDefault "50%"; i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index d9f0bde..8e0b52f 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -48,7 +48,7 @@ with lib; alsa.support32Bit = true; pulse.enable = true; }; - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; dadada.backupClient.gs = { enable = true; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix new file mode 100644 index 0000000..e526eff --- /dev/null +++ b/nixos/stolas/default.nix @@ -0,0 +1,297 @@ +{ config, lib, pkgs, ... }: +{ + + imports = [ + ../modules/profiles/laptop.nix + ]; + + ### TODO double check with generated hw-config + + boot = { + # TODO lanzaboote = { + # enable = true; + # pkiBundle = "/var/lib/sbctl"; + #}; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + initrd = { + availableKernelModules = [ + "nvme" + "ehci_pci" + "xhci_pci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + # TODO disable for lanzaboote + systemd.enable = true; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + #boot.loader.systemd-boot.enable = lib.mkForce false; + luks.devices = { + root = { + # TODO + device = "/dev/disk/by-uuid/todo"; + allowDiscards = true; + # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL + #crypttabExtraOpts = [ "fido2-device=auto" ]; + }; + }; + }; + }; + + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; + + # TODO compare with nixos-generate-config --show-hardware-config + fileSystems = { + "/boot" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "vfat"; + }; + + "/" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + "/home" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + options = [ + "compress=zstd" + "subvol=home" + ]; + }; + + "/home/dadada" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + options = [ + "compress=zstd" + "subvol=home/dadada" + ]; + }; + + "/nix" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "noatime" + "compress=zstd" + "subvol=nix" + ]; + }; + + "/nix/var/nix/builds" = { + device = "none"; + fsType = "tmpfs"; + options = [ + # Max 80% of available RAM + "size=80%" + # Only owner (nix daemon may write) + "mode=755" + ]; + }; + + "/root" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=root" + ]; + }; + + "/var" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=var" + ]; + }; + + "/var/lib/paperless" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=var/lib/paperless" + ]; + }; + + "/var/swap" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "noatime" + "subvol=swap" + ]; + }; + + # NOTE: /tmp is tmpfs because of config in base.nix + }; + + # TODO btrfs filesystem mkswapfile --uuid clear /var/swap/swapfile + # swapDevices = [{ + # device = "/var/swap/swapfile"; + # size = 80*1024; # Creates an 80GB swap file + # }]; + + hardware = { + # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features + bluetooth.enable = true; + framework.laptop13.audioEnhancement.enable = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; + }; + + powerManagement = { + enable = true; + cpuFreqGovernor = "schedutil"; + # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod? + powerUpCommands = '' + echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold + ''; + }; + + networking = { + hostName = "stolas"; + firewall = { + enable = true; + allowedTCPPorts = [ + 22000 # Syncthing + ]; + allowedUDPPorts = [ + 21027 # Syncthing + ]; + }; + }; + + nix = { + settings.max-jobs = lib.mkDefault 16; + }; + + # TODO dadada.backupClient.backup1.enable = true; + # dadada.backupClient.backup2 = { + # enable = true; + # passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + # sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + # repo = "u355513-subX@u355513-subX.your-storagebox.de:/home/backup"; + # }; + + programs = { + adb.enable = true; + firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + gnupg.agent.enable = true; + ssh.startAgent = true; + wireshark.enable = true; + }; + + services = { + avahi.enable = true; + desktopManager.plasma6.enable = true; + displayManager = { + sddm.enable = true; + sddm.wayland.enable = true; + }; + gnome.gnome-keyring.enable = lib.mkForce false; + smartd.enable = true; + printing = { + enable = true; + browsing = true; + }; + paperless = { + # TODO migrate DB + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + tlp.enable = false; + }; + + system = { + stateVersion = "25.05"; + }; + + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; + + systemd.services = { + modem-manager.enable = lib.mkForce false; + "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + }; + + systemd.sleep.extraConfig = '' + HibernateDelaySec=1h + ''; + + virtualisation.libvirtd.enable = true; + + users = { + users = { + dadada = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "adbusers" + "kvm" + "video" + "scanner" + "lp" + "docker" + "dialout" + "wireshark" + "paperless" + ]; + shell = "/run/current-system/sw/bin/zsh"; + }; + }; + }; + + age.secrets = { + paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + }; + + # Create compressing swap space in RAM + zramSwap.enable = true; +} From 0b08beee355add707010e684267bdf77bc2dc834 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Jul 2025 20:41:06 +0200 Subject: [PATCH 131/165] feat(stolas): set initial hashed password --- nixos/stolas/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index e526eff..56b3bcb 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -264,6 +264,7 @@ users = { users = { dadada = { + initialHashedPassword = "$y$j9T$43qGBeY6hg6AXQmcVkS131$6AeRDOe6XAnmgA/AkJGaSIYTj5dbQLd9vrQ7zSyi5TA"; isNormalUser = true; extraGroups = [ "wheel" From e58a47af3f383f6358309f80aae39b9a8ad86e77 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Jul 2025 21:53:21 +0200 Subject: [PATCH 132/165] feat(stolas): disko for disk setup --- flake.lock | 21 ++++++++ flake.nix | 4 ++ nixos/configurations.nix | 2 + nixos/stolas/default.nix | 110 +-------------------------------------- nixos/stolas/disks.nix | 99 +++++++++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+), 109 deletions(-) create mode 100644 nixos/stolas/disks.nix diff --git a/flake.lock b/flake.lock index a2f410e..4bab678 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "owner": "nix-community", + "repo": "disko", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -225,6 +245,7 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", + "disko": "disko", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 6ccece0..622f9f0 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,10 @@ inputs = { nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 14780f1..38c38da 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,7 @@ { self, agenix, + disko, home-manager, homepage, nixos-hardware, @@ -40,6 +41,7 @@ in extraModules = [ # TODO lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 56b3bcb..04fd504 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -3,10 +3,9 @@ imports = [ ../modules/profiles/laptop.nix + ./disks.nix ]; - ### TODO double check with generated hw-config - boot = { # TODO lanzaboote = { # enable = true; @@ -47,113 +46,6 @@ pkgs.sbctl ]; - # TODO compare with nixos-generate-config --show-hardware-config - fileSystems = { - "/boot" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "vfat"; - }; - - "/" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - "/home" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - options = [ - "compress=zstd" - "subvol=home" - ]; - }; - - "/home/dadada" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - options = [ - "compress=zstd" - "subvol=home/dadada" - ]; - }; - - "/nix" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "noatime" - "compress=zstd" - "subvol=nix" - ]; - }; - - "/nix/var/nix/builds" = { - device = "none"; - fsType = "tmpfs"; - options = [ - # Max 80% of available RAM - "size=80%" - # Only owner (nix daemon may write) - "mode=755" - ]; - }; - - "/root" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=root" - ]; - }; - - "/var" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=var" - ]; - }; - - "/var/lib/paperless" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=var/lib/paperless" - ]; - }; - - "/var/swap" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "noatime" - "subvol=swap" - ]; - }; - - # NOTE: /tmp is tmpfs because of config in base.nix - }; - - # TODO btrfs filesystem mkswapfile --uuid clear /var/swap/swapfile - # swapDevices = [{ - # device = "/var/swap/swapfile"; - # size = 80*1024; # Creates an 80GB swap file - # }]; - hardware = { # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix new file mode 100644 index 0000000..6b07f9b --- /dev/null +++ b/nixos/stolas/disks.nix @@ -0,0 +1,99 @@ +{ + disko.devices = { + nodev."/nix/var/nix/builds" = { + fsType = "tmpfs"; + mountOptions = [ + "size=80%" + "defaults" + "mode=755" + ]; + }; + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-uuid/TODO"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + # TODO tmpfs for nix/var/nix/builds + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/dadada" = { + mountpoint = "/home/dadada"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/var" = { + mountpoint = "/var"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/paperless" = { + mountpoint = "/var/lib/paperless"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "64G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} From f602f150ba45a81e336b8773d6d30f57e118e2b4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 17 Jul 2025 21:38:11 +0200 Subject: [PATCH 133/165] feat(stolas): add backup config --- nixos/modules/borg-server.nix | 8 ++++++++ nixos/stolas/default.nix | 12 +++++------- secrets/secrets.nix | 2 ++ secrets/stolas-backup-passphrase.age | 7 +++++++ secrets/stolas-backup-ssh-key.age | 8 ++++++++ 5 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 secrets/stolas-backup-passphrase.age create mode 100644 secrets/stolas-backup-ssh-key.age diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index 594f356..e498cd1 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -39,6 +39,14 @@ in path = "${cfg.path}/gorgon"; quota = "1T"; }; + "stolas" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC/mVYd3o7oA0dsA58CgkqR40CSfeuU+rikleSrSXFz dadada@gorgon" + ]; + path = "${cfg.path}/stolas"; + quota = "1T"; + }; "surgat" = { allowSubRepos = false; authorizedKeysAppendOnly = [ diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 04fd504..3a370c3 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -85,13 +85,11 @@ settings.max-jobs = lib.mkDefault 16; }; - # TODO dadada.backupClient.backup1.enable = true; - # dadada.backupClient.backup2 = { - # enable = true; - # passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - # sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - # repo = "u355513-subX@u355513-subX.your-storagebox.de:/home/backup"; - # }; + dadada.backupClient.backup1.enable = true; + dadada.backupClient.backup2 = { + enable = true; + repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + }; programs = { adb.enable = true; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1da186e..a3255e1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,6 +7,7 @@ let ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; + stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV1LSH8jeMnXJ/eqhJCebbwxenJmxNoeB6UGrBmRjZk root@stolas"; }; backupSecrets = hostName: { "${hostName}-backup-passphrase.age".publicKeys = [ @@ -88,3 +89,4 @@ in // backupSecrets "pruflas" // backupSecrets "surgat" // backupSecrets "agares" +// backupSecrets "stolas" diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age new file mode 100644 index 0000000..ff9d514 --- /dev/null +++ b/secrets/stolas-backup-passphrase.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 OgKXZA A8XAP2YQw/CnN//rHPM9m9p1A/l4IiWV1Qhc9+RHdxQ +mcpcULPCQUMtoCiTwiAU2AXD5UVrQkF5LxZqCJ3VEMA +-> ssh-ed25519 Otklkw UzdSM3CCvzQ4owHWWmrBfiC6NuBAu0onns6s4nlR9Vs +UQ4TBW/4O5rVi0xpS2lAS6M7zgUcWtGlXeL+i748KYE +--- tqrtKyZVDght0KJQZDSDVdnEL38KZjPA2xZ3LjeKlI0 +2lC@(N3-igaH?~Fnqc ɝ<ۼ#F7aB%&t}vr_< \ No newline at end of file diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age new file mode 100644 index 0000000..cb98c8d --- /dev/null +++ b/secrets/stolas-backup-ssh-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 OgKXZA gTx4Ozd2BU13T8GpiBxSCZdjAwJ/zb10xqW62QMTwms +M9y1f/ndVYnujqIDo0rocQEX/8Isg0vn97mQm8K83iE +-> ssh-ed25519 Otklkw 2hyKMpf/Z8wgBowMgxwb77cj9B5b0/a7q4hq3CxWp0M +jFLwfV72isKUdtr5m2n5303KZiJDKTJny9koUOHLLLg +--- GQfIExiJTJEQTnesTVqF3X7AcorV+SH8TQ9uo5xLwso +u`6^|&Q[KPFAƇшU*n55Ozv傺-C0r;6JC={'@Ժ9O'b#Rw-(؊RjF[=uD3vڝ5bWxiz͢={S; r.O2|jtOrpK297Y/?8&pP:g Date: Thu, 17 Jul 2025 21:38:35 +0200 Subject: [PATCH 134/165] fix: move paperless config to module --- nixos/stolas/default.nix | 21 ++------------------- nixos/stolas/disks.nix | 1 - nixos/stolas/paperless.nix | 20 ++++++++++++++++++++ 3 files changed, 22 insertions(+), 20 deletions(-) create mode 100644 nixos/stolas/paperless.nix diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 3a370c3..b72f6be 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -4,6 +4,7 @@ imports = [ ../modules/profiles/laptop.nix ./disks.nix + # TODO ./paperless.nix ]; boot = { @@ -32,7 +33,7 @@ luks.devices = { root = { # TODO - device = "/dev/disk/by-uuid/todo"; + device = "/dev/disk/by-uuid/TODO"; allowDiscards = true; # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL #crypttabExtraOpts = [ "fido2-device=auto" ]; @@ -115,11 +116,6 @@ enable = true; browsing = true; }; - paperless = { - # TODO migrate DB - enable = true; - passwordFile = config.age.secrets.paperless.path; - }; tlp.enable = false; }; @@ -127,19 +123,6 @@ stateVersion = "25.05"; }; - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; - systemd.services = { modem-manager.enable = lib.mkForce false; "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 6b07f9b..3ecb67d 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -25,7 +25,6 @@ mountOptions = [ "umask=0077" ]; }; }; - # TODO tmpfs for nix/var/nix/builds luks = { size = "100%"; content = { diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix new file mode 100644 index 0000000..7591f0a --- /dev/null +++ b/nixos/stolas/paperless.nix @@ -0,0 +1,20 @@ +{ config }: +{ + services.paperless = { + # TODO migrate DB + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; +} From d618890198fedd909887b0cf7dde6a79e54938e9 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 17:22:31 +0200 Subject: [PATCH 135/165] feat(stolas): add name of NVME device --- nixos/stolas/disks.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 3ecb67d..5d48d17 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -11,7 +11,7 @@ disk = { main = { type = "disk"; - device = "/dev/disk/by-uuid/TODO"; + device = "/dev/nvme0n1"; content = { type = "gpt"; partitions = { From d81761e519a255025b5adeecf95307b3521943b0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 17:39:21 +0200 Subject: [PATCH 136/165] fix(stolas): update hardware config --- nixos/stolas/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index b72f6be..6733652 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -7,6 +7,10 @@ # TODO ./paperless.nix ]; + nixpkgs = { + hostPlatform = "x86_64-linux"; + }; + boot = { # TODO lanzaboote = { # enable = true; @@ -17,11 +21,10 @@ initrd = { availableKernelModules = [ "nvme" - "ehci_pci" "xhci_pci" + "thunderbolt" "usb_storage" "sd_mod" - "rtsx_pci_sdmmc" ]; # TODO disable for lanzaboote systemd.enable = true; @@ -50,6 +53,7 @@ hardware = { # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; framework.laptop13.audioEnhancement.enable = true; graphics = { enable = true; From 502d9aa4dc2a1a3371cee33f35abdf7eca432a45 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 18:14:56 +0200 Subject: [PATCH 137/165] fix(stolas): add UUID for root luks device to kernel commandline --- nixos/stolas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 6733652..10302eb 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -36,7 +36,7 @@ luks.devices = { root = { # TODO - device = "/dev/disk/by-uuid/TODO"; + device = "/dev/disk/by-uuid/81dfbfa5-d578-479c-b11c-3ee5abd6848a"; allowDiscards = true; # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL #crypttabExtraOpts = [ "fido2-device=auto" ]; From b8be17a9a9df21886b89c1a625f639d20933a741 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 20:05:29 +0200 Subject: [PATCH 138/165] fix(stolas): enable lanzaboote and additional firmware --- flake.lock | 165 +++++++++++++++++++++++++++++++++++++++ flake.nix | 4 + nixos/configurations.nix | 3 +- nixos/stolas/default.nix | 22 +++--- 4 files changed, 181 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 4bab678..572619e 100644 --- a/flake.lock +++ b/flake.lock @@ -25,6 +25,21 @@ "type": "github" } }, + "crane": { + "locked": { + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -87,6 +102,43 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -123,6 +175,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -157,6 +231,32 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.2", + "repo": "lanzaboote", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -241,6 +341,49 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -250,6 +393,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "homepage": "homepage", + "lanzaboote": "lanzaboote", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", @@ -258,6 +402,27 @@ "treefmt-nix": "treefmt-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 622f9f0..73686ce 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.2"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 38c38da..7a4185a 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -4,6 +4,7 @@ disko, home-manager, homepage, + lanzaboote, nixos-hardware, nixos-generators, nixpkgs, @@ -40,7 +41,7 @@ in inherit nixpkgs system; extraModules = [ - # TODO lanzaboote.nixosModules.lanzaboote + lanzaboote.nixosModules.lanzaboote disko.nixosModules.disko { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 10302eb..5ee2a4a 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -12,12 +12,17 @@ }; boot = { - # TODO lanzaboote = { - # enable = true; - # pkiBundle = "/var/lib/sbctl"; - #}; + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + loader.systemd-boot.enable = lib.mkForce false; initrd = { availableKernelModules = [ "nvme" @@ -26,16 +31,8 @@ "usb_storage" "sd_mod" ]; - # TODO disable for lanzaboote - systemd.enable = true; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - #boot.loader.systemd-boot.enable = lib.mkForce false; luks.devices = { root = { - # TODO device = "/dev/disk/by-uuid/81dfbfa5-d578-479c-b11c-3ee5abd6848a"; allowDiscards = true; # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL @@ -54,6 +51,7 @@ # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + enableAllFirmware = true; framework.laptop13.audioEnhancement.enable = true; graphics = { enable = true; From fc2f547919332fa8b56ecde0c663b888a9723b8e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 20:07:54 +0200 Subject: [PATCH 139/165] fix(stolas): allow unfree firmware --- nixos/stolas/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 5ee2a4a..db1f640 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -9,6 +9,7 @@ nixpkgs = { hostPlatform = "x86_64-linux"; + config.allowUnfree = true; }; boot = { From 427b62fe07963a6d2dd753d0fc02ccf678466e09 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:02:08 +0200 Subject: [PATCH 140/165] fix(stolas): name of dm-crypt container --- nixos/stolas/default.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index db1f640..197795e 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -32,14 +32,6 @@ "usb_storage" "sd_mod" ]; - luks.devices = { - root = { - device = "/dev/disk/by-uuid/81dfbfa5-d578-479c-b11c-3ee5abd6848a"; - allowDiscards = true; - # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL - #crypttabExtraOpts = [ "fido2-device=auto" ]; - }; - }; }; }; From ae419eb19a2c1884e57697d2ef437b8770f74e3b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:15:35 +0200 Subject: [PATCH 141/165] chore: rekey --- secrets/agares-backup-passphrase.age | 16 +++++++--------- secrets/agares-backup-ssh-key.age | Bin 898 -> 741 bytes secrets/agares-wg0-key.age | 15 ++++++--------- secrets/ddns-credentials.age | Bin 521 -> 466 bytes secrets/etc-ppp-chap-secrets.age | 16 ++++++---------- secrets/etc-ppp-telekom-secret.age | Bin 407 -> 370 bytes secrets/gorgon-backup-passphrase-gs.age | Bin 403 -> 343 bytes secrets/gorgon-backup-passphrase.age | 16 +++++++--------- secrets/gorgon-backup-ssh-key.age | Bin 791 -> 721 bytes secrets/hydra-github-authorization.age | 15 ++++++--------- secrets/ifrit-backup-passphrase.age | 15 ++++++--------- secrets/ifrit-backup-ssh-key.age | Bin 775 -> 733 bytes secrets/initrd-surgat-ssh_host_ed25519_key.age | Bin 820 -> 721 bytes secrets/miniflux-admin-credentials.age | 16 +++++++--------- secrets/ninurta-backup-passphrase.age | 15 ++++++--------- secrets/ninurta-backup-ssh-key.age | Bin 759 -> 741 bytes secrets/ninurta-initrd-ssh-key.age | Bin 890 -> 721 bytes secrets/paperless.age | Bin 396 -> 355 bytes secrets/pruflas-backup-passphrase.age | Bin 419 -> 355 bytes secrets/pruflas-backup-ssh-key.age | Bin 844 -> 721 bytes secrets/pruflas-wg-hydra-key.age | Bin 446 -> 367 bytes secrets/pruflas-wg0-key.age | 16 +++++++--------- secrets/pruflas-wg0-preshared-key.age | 17 +++++++---------- secrets/secrets.nix | 2 +- secrets/stolas-backup-passphrase.age | Bin 371 -> 371 bytes secrets/stolas-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/surgat-backup-passphrase.age | 15 +++++++-------- secrets/surgat-backup-ssh-key.age | Bin 790 -> 721 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 806 -> 720 bytes secrets/wg-privkey-vpn-dadada-li.age | Bin 403 -> 367 bytes 30 files changed, 73 insertions(+), 101 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index d538c5a..3139105 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w RayKtknLNvFu88aFp4QL7ZMLAh5VmHmlr1DWVsWBziE -rckeFrazZJ3TxY/yD2wlzRVLh9L4x1bV2Nk7Q0S/RWM --> ssh-ed25519 Otklkw oub7OICQalIkCqAZh4/FfXB9PPBe7j2IpBP7WF/UXGk -gAwxU97b0Js6UPv59/1389/qdPGQb4koa49R14c3UjA --> mU.rG&?F-grease V? d a}mj5 ^&dc?\ -B0k6BjXmH0cm74+rjQrzJwKa1dcFwTdmlgltZ70oHctwA3+E4/CQ1ChH9UHzkHGG -Fb62klB5XYePywsvxLo2nIGVIvhBgsfIvUpq ---- ONLpuXfKtuCB+VD5IQ5KeSPyqgEb4a2y26+n5E8Ph3E -uD{r ژR9P j?hD -u#F2N +Ys\ \ No newline at end of file +-> ssh-ed25519 L7f05w ZwPKXDj4QV+9GrvwgEI9vwhwwoHgZlnveG5GwpyeAQ0 +f4iPzhbR2HCeAQ8cUDUqcYmVPoQ9vKMvkFQyVo1T/Qo +-> ssh-ed25519 Otklkw 3y/RbwOR4wv6Iwq9+jMSZ1ntAD6G5jgeMx0PoBq3UwI +CyHATiRIbyj+yzVyhh8ccnL6j4I8BHhiBi8l3RV+mKs +--- 69+YwES2m/Lz68QMJTANOjgIPWmmjgFTrBGoEdHuaPY + +LwJT;&)IjYjzGRmv4A}2dL-6%ZDfJ@g-p}06h zH#Nn`)YQ;Y!M`LsC%arBFV(ozF}2hw*Ey{qGs8mPqCVWiAX(ep&)GZI&&(`6%Qz{; z#lR)q&&wc?%Ook)w@}}$u+qRa$;G?G!==C}(=))$x1hwyAl$;l!pYL#Ft4aQ*`zX( zOIKG{!Q3e|J2=B4E8I6NH$B|I(Ie3#GC#>9tkP89JzU$Z(zn!4KeDPMBrvO(%ZBrc z{vHFZfA!VOm+wArJ<&U7k8jqmsZKLvmOa?hY}z#Sis!XCp}MECm;H+he-N`FJMYWs z&ZAE~?2<0-FF2_m{~_;JXAZQEZZ`%Jge9{BR9myJwMIU(K|88+ae{)tjr)E zWL=t*bx@G2ZhBE_VsWZMxTBqZY@SUdSCW}imaDe8Z&*cMp^L9+NRgjodSG~FV0Khu zWTA6?MN(O0kfpI%u0>Fko1sahc5Z2slet?`uw`MsL7AVEu@9HGzf(q*cT~Qqeqy9$ zaAu{Sb8dLLkDqx#XrxPuk#m@5T2*3HXkngbexb3pS5;P$Sw@L=rjK@INWPnPRk$w~ zm#(g^LV=@Kg}daYtEmNW@^%L;xwbA4yWWTOdFCRD%NCuq-i{f(CSWuqNM$_sx^YY3Lv z65D_ALj8mCg4arMS6(ZIJ-R097e3<=>*w&(6Vm3(G8}IIHI3nY0%zH;?S=_6{~n$C zTTAPB+pi}q_x^heTy}j~DtLTP;@e+25ifu2So1qA;`rWA@!NGaT;ZJkHU8EGqidh5 z49eNJC{;c8NN}j0HBar?C;6tIX_=BHf3o$u+V>^w`&6E?tG+=g{PvfO$&us&P}F@by9H+_UOQZNXzht(J&D_=iywTylJ(Q#c)m@6eKYFQ z5r^bM$*zHmpRV` z2^7Zix4!V`Us&+E{44Y1U8-#r$`iS=o!@z@_L}_?I(c!PbFI=k+1moFM|bmHHa#X> NucEW!@0;3|1^~5_Y;*ts diff --git a/secrets/agares-wg0-key.age b/secrets/agares-wg0-key.age index 9938b85..c673a58 100644 --- a/secrets/agares-wg0-key.age +++ b/secrets/agares-wg0-key.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w ENcdsQ43v/xIe1Ej4BYjb/nTjIk76N2DR/zj754Puz0 -vIDFk+A/m8rOnBNXcvfBX4SJNxT6LP64s674v5pJtcQ --> ssh-ed25519 Otklkw lLwVf/2E67Bue+VBu+EMupLjuv6wfR656CD1st71GRM -AsXHvpANM0mOiSW3LTqzbEneVQSKNb0TvsMY2WCPfbk --> DJZq-grease 9))O09 z2- -ZFxd5v9Bma6VVIvpw8VK0DSR55lHUNOTh6cNxFJAezXn1apmjvuZPdMSXZ7OrE23 -qlqnskWvo+SX3JF7NH0yQf53dZJU ---- pSa5IqZmIDAHJkcPgqrS0WUwnD1ipE2pGr87qhTmrjk -(E/P(|Jؑҋz`JO2Ԗd3qO!8HN3\i \ No newline at end of file +-> ssh-ed25519 L7f05w KLdcD878do/oYEztzNfCgKtfh4QCFmCMSZiapueB5Hg +wnSioiBtYXjASmU+6WUGn26ga6Q3REbFC7DxA29PQno +-> ssh-ed25519 Otklkw WstJ3pNxaazVPxNjTx3NsXQFnW8sy51CYoB5WVxwHWo +YOmD3exRcPoNer1y7Me2t3nOtUY9Hc2Oywl5sXMlTWw +--- tCVr+COM2orioyWJZvvwbK4oTlRErsQLywIoCVGrO1Q +/a>0L|3`.@awG֗i}=KƮ$3?rtle ߩb}CqרUbc!P \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index 9ae8b774111398e0cee5d98039d21bb154a69c3e..b306c21d933f5e38ebf3b7953e23b8ddca3f81f3 100644 GIT binary patch delta 412 zcmeBVxx_p{r#`XBEkN7VQ9m=IqSUA|EvU*YJep--7~7#(kZDRET|;K$0^bz)F?CEl}p!7p}06h zH#Nn`)YQ;Y!OJYjzpPv#vn;|nJD@l>&?qRUFf7S6(#_ATC@I@8EGon(%+u9Xztlf6 zC$YFB)uN)DtJFC$$uTX$($gs-E!WG-G)UVhqSCS?DmPF&&pEvy%gHZ7+tNQ(->brP z;z#lN9Q~}|VB@?@*F^8Id?SCi5<|CeH#fJ6uxyJABg?e(Z0(}#wpV~dFLpyF~aU0q!TXA>WzbPr3z z$`YSMZ{K{6;F6Nu;>t*0uhdE}Gxx$U_v9k)B;zP^r-*O^E+*y3d~Q|IPfG$&9| GVF>_~iHp(z delta 468 zcmcb_+{rRQr(WN~FI_*#ysF&2(96*+JIFL7HOZyiFT1!bIUprHzce5#E4!>bBs4EC zpUb--F(fP5)7>>cCAZkrFf!erGBL>CIWM==FDKn2#I4N4KP5QJEyu*WDm}!+I5;~g z%fqwEE6XjPtH3lc!{0Z^-w;H0rr3ObwDV4IB-U{fbRJ%ei!Qbrp&YeF_5g zO+8XdEX+$YLJbYvvdc4_jVjAMOmoVj3J*02| diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age index 6a4d954..eb705d9 100644 --- a/secrets/etc-ppp-chap-secrets.age +++ b/secrets/etc-ppp-chap-secrets.age @@ -1,11 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w 6Ct4ARdph2N0g7ZFljPbEAg4R2gP5z2qMupI288AF3c -NaQUNkEt7XsV0A4nNR5uguwK6C2KN26FJjeNB0mtz8U --> ssh-ed25519 Otklkw uyRTZRjgzleuEFqGJDiO84c5yXFV0XtQci7PdroNzAE -vl80LseOwmKyR+d+VXWseuszqao56GjnbyN6XzETKt0 --> {D^ar+U-grease bvk{ `4v Tc? Fv -m/JnzLsIbh8nYWSIvbBl7GwnZQPvAyuHSbmNWiN5pzS7O+wFs9xWwl26Vn6Y/lEf -JL9+Ra5MHsiR7C9XRf7or1rd62SPuIKyaWlq+Z4Vqr4Of4jWyJqQtNo ---- 5cNGpnlhGc0NNriUIZ5KYGR7Erh/fPqV8/8qnpqEn+8 -sqD&L=7miأ%Sf(#re)ڧ^vc$gyyAk6̦F8J=J -W \ No newline at end of file +-> ssh-ed25519 L7f05w +3ivAltBBSpHDV8MI0WvxF+sQ4a7YAdPQy0YrpVtNEM +JnMWRY55x5/ZGtgZY2Wex+/bfa+/q2cIV/z9OMTIPiA +-> ssh-ed25519 Otklkw hLGKbMeImUkJEXZGW9KeqNNncBCltrVwIipE+wndQlE +zOHgtuhd2EHFfBKry8RORwe/w6naEUK976OuUqywvVU +--- fKBvXBk0gulWSTgRkQBBdSrV7loB+P6YKsdcVWAiofc + ~hWb+$^,5_m,!Pi$cwMY L ̏]?P4 6LMVL \ No newline at end of file diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age index a97dc40a488de8c7f143cbcc249894bf34c88c55..e3ea72bcf1757feb3e73b5893be562449a0ba3f9 100644 GIT binary patch delta 335 zcmbQv{E2CTPJNb%cZExoerA=0muYE=dx&RlhMS3}MS7}JSZTOvXh~I6phDwwY^gIhU@TLUD11 zZfc5=si~o*f`3VNPIkFMMS6y7x^roMsaIZ_Ur~}*R=u%PVN_PJwwqg(U%7dDet3$7 zON3vdZ@yzXS9xA(gr}o_WpZU!c%Z9!PV5p^UWL0n| zm#(g^f~QAdVO2m#uvbY)mW72^SWr=fPld5(q<*q@m}^mKNkK`be|d0FT3NCQmxPVE zscm)MYmcqxT8>>;NxXJK%W!q(dc%3j%PxJq5n!QyPvWL!g3pXi=D*(Cvwp2LTW`80 iOfEP!<>~J1N$KHlJTwB*{`L#LtJeB<^tDb>BL@H*_Ij28 delta 372 zcmeywG@W^ZPJL01W14<|Q&FBzWO{a{QDTmPpJ7s>U#ex6MWAtHWqM^cX{u+qaiwK>MNx)FctlZ!Yi?wwueU{5rjKiKdS#iZV`xUEzllYdE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1v3XFbX+WS`m}8!iWqGBaYkjDbr)jxGm4}gqe~Q0PUUs6s zZ*s0%Zdil?S7b?&Nw}lGc}S4Cp=EeMv16%GnWt+-s$WWxr$=yTl74uUM@~qliDwYl zx|rN>%PQUUqSVCVRD~K9CACO}+G* Q!NcckrG7_lU3EPH09*8gEdT%j diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index 24beb4001c319a7a7f2465532add0d647fa78741..1ee5a873d11148b47401d58a3c9e52d3d6807191 100644 GIT binary patch delta 308 zcmbQte4S~6PJO0-Zf06(fPaLAV_;O0K~}n1d1QErWoThoVNsQ(fxe@8c2z`rZbVp4 zGM87FQFw^9xtYE}mXoEIM^>(jdyrX_dx(i?Sbng%iEDv(N};!*iEo-?D3`9CLUD11 zZfc5=si~o*f`3VNPIkG1r=eedriq7VX{t$ipr=J)X?&lbH$~8ot3E(4FWDZ{`@-N5;@u3 Go(BNplWNES delta 368 zcmcc4G?{sVPJL2xd0?rrQ%GuINJOM@MsiuAYlUfLYF1%No@sHBSF&$tkWp4ZrbR(u zAXm1diLYtCetw!!xL1mKwsEDGS7MSuPKsxFluxNgSwvZmUwTn#W|B*(Czr0BLUD11 zZfc5=si~o*f`3VNPIkFMa-wmhL1IBvP=QNmNLENvdVOM2fnjBmr$@f0Q<%S_MNvk6 zdWlzPSz=W_SD1fVaD|7zNtUZYva^waSCoEkqhe>2m>46lOHe4mK$2un+!uqf?-$kOskA8n`bDDAv5 zUw!RNqw;hvU0q!TkAPr*w ssh-ed25519 0aOabg rRJrTkyZU+Fmx05c4FvTCW2xrGKVzqqkECywb99OLwg -AELU54TN2oUxQ9r2Zx2CltVvyKh+7kCJnccnENtAZyE --> ssh-ed25519 Otklkw i9UGmqESZAaz3x1B5OjJq/ILEQnDRWsGbgHtnICrBl4 -plEjZljaiRmeOhqFxblzfFcy/VqViE18hSwPrxgHm6Q --> Ukp-grease CP.W -MZp3tfA9p0SwGxc1gaphv1XUPi3jj4dfeiBmiVl/FB7DYubrLzbJZ2Zviz3S2h5l -upLMFRZsTyhskVQ0lCfXFXb86xLXTc6pXM0klBwGajJrJFbF5Q ---- JZS2Vh+BBv5memqLMM+onaaldFUFm6keKFQooGSmL04 -.oT 2b‹k,Ex|g1h;\}8=e)л'Jp( \ No newline at end of file +-> ssh-ed25519 0aOabg Bnv1ysgdcDayoKij0c1pB3s2I+p6Ps9s06SB/NBtQWQ +g7r0THpvT3Gl/yhfuejugvvuEzbl9wupseQuc+Fj6xE +-> ssh-ed25519 Otklkw Uto76sjDKrpHnCfH9wLauXX7hj6eWkiu2ps33lJtbA4 +27yu6fZEFYg2qvFtPvERDUpLVNAO7nVYMP2+5cBL/W8 +--- fmqPTiddDg9/oU6PYfuuB1Me2gDQQBzk5T/2a5GdgBE +HEA"U PZMi~׊P)߸C +ߖ kb,c{ҷ=8&bc0bz\5-p>`O4 ;/9; \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index 64ae67527617004f823eec7b5ba94e69efcb3782..6fdd034e5db07d8ca215e0205c1842eb9a07f13e 100644 GIT binary patch delta 689 zcmbQvc9C_0PJK>6uy$~;V}-wqg;9P;X=+G7QlW=uo|loCmzQH0lY5F^c6wx>yK|+l zucxJNWo~FOSEfObqeZg0cAXuiXe}0|o(b5%97u`J`*t%FpLRoS9 zWAC4}iZ^C!Z)>Q{*UAa}JA3+?3ufGFTqXJ~Sq)Fid@LzYs=w!&aHVjqbo|q&FXTBo z|0;-XZ*!Nspj&LaZWHU$9R06{-pq9K0-=)2F#VeTV2(@o!@*c zX7<|Cn?vp!Sw_fQKAz_`C+NJF*V5%lcl7>02$gaFC?0CJWx{6PnVt=qYqc~xo32F& zN~ksZ&SjfYH(@8^nk7@~FWr)9xye3RV~T#t(^Sz{p$y+ltFEtnRw}3YblcsNKkpjy z|6qL=eBCAE;^}3gJ^MQT%n=newCLNO7^W8?+R^+W?3TC5qJQ@f@XopB`{3gV^U_eR z8NrbX r-`#`@Rd;Xf*`~qqZ1XSe**B~kr_B4bO0f0n{c`ovmW++t%;HJ`DH9ng>gYf zD3`vrPnlm}QLb~KkC8z}QhI56Ubd;RS)g%Qka4banwwLavtM$OdrGoTAeXM4LUD11 zZfc5=si~o*f`3VNPIkFMp^r;Isb5}!LAr5rp;uW(P`#P6f4*UOxPC-vhDo?~dP-ql zu3=7Ul2b$=m%e3oRfTg=U|x}hZ+LK3RG5WddQg;WfSFfOl)p)ohkK^6VNq&osi|c? z$U2?GDDO%e-Snc=#Nt$iBEy^#9j>&*jIcb@3ZD>5M*|lVkKD*AM<0LxJSS%ZLzBwl zitN1l#GEh>qcmr4CnrO%axPt6T?Ic!edn_B)DTB6=a51tU!Te}1JB$@6YubJ!%EK( z=fEm$eG`x3$YS#XSFY}}2X{?6^PtbxBHi(i6g(_q=2B(zY1T~ z9xu9@^yb*oJAXe%%#Ajj-Ek(prZ+_3vU>ln`-MLB8#YQ#yLjUC>b+WJy)W)`9$I=d zi)GKF4@=lSeF^{S(D!-Oy*)R)Y-R;>p7oyUyxR2j(#ub_7VJJ#I7{XI6g_2wW8p2n zLZ;_lPH$T+Cv?h5Dkg5T-xh8Tg_vL8E4LNhlCYc4`F#Hg(a1x858JIy)Ry>{I3Ze9 znX_&Av&OHNj%7O5f2mS=%@biDO2)8g~eTN~b=mRc!Yke(ssA!*iK zXd|ONikfX z!KC}#jhF1bJ-rXVdiu`% KWwrX)r+)x(9ZFUJ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index a78cf11..d610670 100644 --- a/secrets/hydra-github-authorization.age +++ b/secrets/hydra-github-authorization.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw UYOoBfgeJfHWWDn9c6YZx5/eKpcESIZ1x5D7YhAzagQ -OLx4uxTWxL3iQqf7PuM4TzEjglyoWc42vcdCQ9wp2CY --> ssh-ed25519 Otklkw UwQM85450Qyg7FzrEYV75tYuD8xylkixRPfkpy36QQ0 -Tr8JHaK5OvsNrFcKujYjFbCnj4mK6C2FHpqWWwmUdY4 --> \rgn:U-grease >9e'r xm jK|e1 X"X -YvR9JDrsZLbAW2LpDP7j6IbGQCfe/FHk9eDvBsiN25yaKOODExRKr3KBTsc+GxK4 -j7Ulhp+uVGLJWxhI7sREmjfM0jthwwEKphPSNj/f3Qyelj/kxboIqfRZp1A ---- elz+4e81h73AF11NOXuhxNwtA0Qnc40N6/oeMPdIwpU - +,Gp4"AIE;_:Tۋިء% mm(曺g~xf"}&L-A҈܁+v* NJįg/7o@oh=9ݑΌ?P \ No newline at end of file +-> ssh-ed25519 J6ROvw KPY6Uy86G3ixSpmC5jZQccfG931lfJj4ti4rJI4cxDU +mpuAukp6Wbrp+y5/FDeqI8rf30L29VYc3lGHeKOes0g +-> ssh-ed25519 Otklkw gez68dma7MQQ2WAKht9Gakj3XL2seZGusRscwrjcdFw +kLzSfbi3HVws7CBpH71abUe/IItakGZ2W7zGh7UfycA +--- 1eLDLEU93FE2kvXoz+FsgObQpyclU9XVnP/ElbBc0wU +Fw%DW~ɱy@&{gkt8NMq/sB:)*a|Ϣ0'<<9Bg ztY Ppvz* ۓ~6Ǡ}ہ${-697 zs<36t2fzQ :Aͼ)p \ No newline at end of file diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 640ac05..d908a11 100644 --- a/secrets/ifrit-backup-passphrase.age +++ b/secrets/ifrit-backup-passphrase.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 yMjj5g FtHlFiQa2xr57K9GiS2VX+NYI/2kP73wWXVBsr61cD8 -Gokj4dzQP6AB9YWRBvmXL8/Sts7NO6g6wP1hIYkKdp4 --> ssh-ed25519 Otklkw UB1L2gKr0wnsGktaVlnbr+nSUZQ34g7JO4uuHYhuuyM -X4AT5taAJBtFia62IUTDa1cdbZtwaxYRQFCDez8aK8k --> r;DMOG-grease h"Tb e?z^VJ icNa -/0ZIHqI0whHoBw2Qs15bxY7o1sudscitKuUB3ysyFwUVsIG4nzTOS2GFuXTQ1WuD -5pH2CQfp33hvqrqV ---- vji5ZWP7+BLgpmyX2Sxgdv7Ht37NvQ8DuY1/t3cvvuI -]eޛ,% qnAM{DJWLG@/gGo.V4 \ No newline at end of file +-> ssh-ed25519 yMjj5g JOFZJRGtrC1G4btVZ/D/XiKqwqSrpQpOiI6UdfFE+no +1GBByaq2ojp2Xm+FNsIXm3iNcd8BCIo6uBThZEne8/E +-> ssh-ed25519 Otklkw Otqt6BlhQSzreJy5NlCTo/9at9stWnlVN73zNi0xVW8 +5aUfPsoYZEgc8PJXd41wtpeETCTe0LtGPxqAm15Pg90 +--- h2S6vdReOwpqA/C3kr3rnuSeaWKr+3Nvc0vQ53WVNHA +*O%C\[+Vz/GB e3]< *kO?1\i%j \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index 6611b7aa089abeb577c81e8011b04df0c812d410..d7059202b2de26c9d7b6c2c4eb86f181046ab2d3 100644 GIT binary patch delta 701 zcmZo?yURL3r#`AEH!(3N%q-tH*V8C6-Pk+8(BC`PrO47eD!Du?H^SAeJTJ1)(jYwD zlgr7&-zT{&DkICK!oxe;v7p!_px87#%HPq@+{G+aztG4m(l6ZA&p$Y#oJ-eEp}06h zH#Nn`)YQ;Y!M`LsC%arB&@iwl*vQc!!mudNJIlw&vc4kKJTRps+ug4!+0jYcFC!<} z*Eu&i%sDilE8L?f%{$0K+tSfDJHt0COW)C@+&MD6AUh!4G1pK(uh1yO%q6YLurl9~ zOIKG{Aw1V3s30h$Ai%RUH$B~_+%>4wIKtbw$gQHpIVan&(!$%tyjZ(1r$FD4OU-sq zh*qDBNWHm!#ia#T=JQ|YX80J{qsl7#ZRPwuZfxP_gfr*wJblfDm-VUbPL^Wtor=ZN zdyC30{hrm_E8u|sO+ z*Rm`2yuW$n_}iDf;IsGVvSwd^JbML=7g}oM2?n{@LclsQY*0>{e zS76p5F;~UtIt7=b^+$AeN*b(LaOo%4-hY9Dn~wO;yShp|?Na4`+xcD=yCz@PGMuTD zdiRvSNrTAI6}JwHZ(kebds)bM>F$iSiRzv@H$Uz){m;B8L-g(JR&R-YSAKO(V|pS} z_FJC6^rvmLq;tZ)HOy}xvZguc#2m>D+-@x8{QCT>#XH&OcD(lHTCHAe7L;e4{W4RU z>++sgZTs5~aRk4vzIlqpO6ty&lj8H%X0{(o{r2hF(O$jlx3+d)KEI;8RHE?qK0^TQ CN+JdT delta 743 zcmcc1+RipXr`|QM)U+@%D>=xwG}FZ>J2pLa5d>0s`|!_sBRlld4fTt6moGA5HP z+hgMG6BpceHF6m(-J~0%ob^dR<++{nsTrQv6dE3}KP|lPZ_6dCd3}~=e^=t z%=mh(z_;$6vN!h^Y}@hI#9TTvCtm$jiVJIf)EV7>oBngACuQ-@bK32v~QhtfTFP4rCw(RnwO diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age index 32dbcbf2ce1b0961f179ad26bb2a5577f8e340cc..ded499016d73087d35b30f46e0eeaf6d2caacc57 100644 GIT binary patch delta 689 zcmdnOc9C_0PJN_7P(!aYU3sNTi>cw@F!%d1Zk`X0dN@x|egH z1y@#7s;_66pHsPIYKgmfL9wr?i?OzQZjnK%Pei1vMR`taiwWMm3y!S zm#(g^LPcq^i-}{UX>ov2QdU*AMPinpNpgC)lYT~INt#KbQL(deh>?+3MU{mCmsrKz zC1+}i?$wt}?T(tUc;>c@>vofvZ``|_xJI;Z&5;*xC)R6K>VC|!EIqW={?nvt9urAL zqdUnzb?)7r$b8H6Xn0-8uX`HaZPV>ylb`2G-(ySN{9{U@Re{Zl9jokP9w*$9S!={A zd0lu%xRg2Hxzy5dQQ~Q&%WG61zEv$EwJ#&2tgO&FThWd-^5B7RR&Q`l~z+#C{ zW8h5ZjrLY^EV(>I#C18FcWrwi!_Sepey>@b4v%VE2G7pPc1hjaOZ2Yi=`B8W`n%3) ztKvH!eU9IVNb|Bu=B_+uW_8<&|N77Vqav?AGqX#l%({B@AJa_!d1s!a zaN0Az=!;*TsDv?JusSAJ-@4?ZkIYJ`N1K$Q?@8y#$KUa=DB2)Z%lF=R!-DBf+_zWV zo>J$r^OQjS%Nda$PAr|Yj_cI&O(&NsOz#tWJa^UprHA>d^ViC3t~1pPIrih$nqR*b z99n!VqF}~sO|cU`dlv;;W?Fr(iJx)!+v7Q<%1g?2?s#r9t=o;sFKpq=D-E_HTJKIe t?N=zClb+M|xU_x4CI~Rz;M4K~`~LfU|a#wnapcNmf>#pM|q?IhU@TLUD11 zZfc5=si~o*f`3VNPIkG1Yg(?4b74TRc5+T+u~&AHaebt*Tc&qNsz-7_W~EnPv1vd^ zWr~lPiJyBiSA}^RFu0qEskNFQvJ|WkE$rQGRtyPNBu~@tddOMunePoCqu5vtkeQGZKndC%rG+_b5AZ^U0sDx zL&uV&((;fr=g6$ev@HFAN`2$R>_8t=LzgPQ5|8jK180Naq5{L>ib$>pdUg*USIRf^ zu6-N7(qwqq+U5YP2ZeFR$F{l<9p$gGdI~R+rbwu zvU%=1qYF|$zu*0IUEHaw{YS$gxbCIL4R>SSVg~GDLz0T() lO_{kJ_&tx`VPGp>SX3Rk)t^s6CE8@FSp-wL)e4)+BLJ5`MV$Zu diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index 06ff0e0..76b2fab 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw Tuaz2+fgz5f2ZacAYc3TdREIurh+XG5RjjKpaEFgtGo -gB1iaKV+xAv0PGdjZwmBCxMbxgCqZrM2JBDiEWCl//8 --> ssh-ed25519 Otklkw ocyFHtGzclF+7S9I7uSqsfn5weqxj5Wq32y4c6VDiSA -hDX5Viym/WdFZE5rXzToFhqtGvj+Ft3Hh7oiuzCuG/Q --> b&-grease 2u ~R j4C 3|h`M}/ -fdhnmlw+wqO8nb86f8jdDNW2P2SxzdwuljpRrlG/ZxXcC4QxtnO6RwK9NAS9UBQr -OAxJ6v3P+cMYJcsPNLAr90rEzXfTV2VONZgoNwOKN2l5n/JX8aGCt5i/vVI ---- sYjj24oaGUMZPD4TV8JKfjSPHeYOKh+OpueLZT/TxCQ -TO&DdC2ƔW^˻Z &b ssh-ed25519 jUOjpw sM3nHEEUDrSNaDx2kl18pqwabNSVj4Jbl8DXRKpmhjc +pQDiAqXXAxheyYa14lEGmOFs0hrMgJgvU/ChpmZTNVY +-> ssh-ed25519 Otklkw 4hsEjZuZu32qujYfjP6XXbeEqbQqkN0AgO2lM/hMomE +e4tcDQ1NSd78ob9QNKdOOcoov/xbW0DzvOKCkMGM3HM +--- 8H+daxTtO86AApWyBd18ju2Mwquc07I5vOH8Q8FVsmM +$0\eg؃#> l՞QQ [bu,Z5 + 8߃_Q+Y083ؠL*LK0 \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age index be260fe..716f621 100644 --- a/secrets/ninurta-backup-passphrase.age +++ b/secrets/ninurta-backup-passphrase.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw KcokdqclkdrsGZ9qXKbUw+Ewygu/btIG1wp8Zdto7BY -AUIReE3WEkpAFAiiB4nBLpuWIrdgnY1yMxwkrt5cNyc --> ssh-ed25519 Otklkw MO/KVWqohrCV4wcwsaFauzFypDRSwHnU6tz6RZ+1RWU -yJ7leSr7FN2cavJpU19YujUevF+YUxbktoKSnPZxspY --> N8)-grease ! ) -BWnkSuqZDraoIZC2crwtr2uAE0r4AN3ykXJEKy2Ma52VfNgyJXPIpoXngh/eBPOp -1ScTs8U471TjgpwfDw ---- 54cVfZ6HDGsHRxe5tTZqc17rtKD7THHAKaF++J5kFLc -&gF(xRO:J/`3͹ 쎓j҅o 57K \ No newline at end of file +-> ssh-ed25519 J6ROvw bBg0Jetav225RYL3Ck7MD07JIipkn4wZUHuelLT3tAM +wU2v+LX2QHxcMJ9IMrwNS9yzgCbtEdotKZAavawLBn8 +-> ssh-ed25519 Otklkw zAXdEcOs8sBXtjXAIGl8g6HV+UGo/9OmFt/L5dCVbU8 +pKqm8UlBICMkPr40q9p7mzGZD+qIN+bHA4ZKJAfp9vk +--- VdMIW9DbF7ca2D/a0fABz3EhUzuAZ0vKIFWA1FTiBGc +%&1v CUp Ѡ%L#Q8Aw?V1Aw6 pI& \ No newline at end of file diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age index 30a2b2e203856d5cd722e549c17249f84b350695..df1657f6e37807706c2630caa705cb8f02eeb0f6 100644 GIT binary patch delta 709 zcmey)`jmBoPJOAjpP7GET8>e&iAzw9pQ%@2cBn~6PNjEckbZemYJNs!xvRN_Q*o4Y zI#;lMq;p`JSE;MNxr@HGpG97|Yni`6riFn|uBTT>qEVVuR(HTR(N2EXI^q~aB-Dyp-*`} zm#(g^Lb{28QL>SbdxUAOc0^fOzO$F9k%6OsfO)=lPH4VkU|4dLTUn}SqGh%LSClO` z$E0eGkb3d-uwU1>cV(SnUU&Y1O!)eRv)-;YJE0+vd*kC`yLZPvww|t=_C0Yz&xiDa z>$a;8Wi_mSd%yFoRfcNEls#Ej_TF8)OlyAGjhxKw;py8J`s8hKn#}V?%)z;Ep z8ohjvSM2vY`=UO&yVUHHa#4%cFY{7fKlz5}_SChwCA~X; zGTBP%^ofs)PN#i8q28|BS+Qc-WGmiFHX#kaoG#=)nX>20e8%GsAI`B@=e6wQpZ_P0 z#ynHLH|Ijp%G28>tPo{VwObU}7pKWNq-GtnmM`v delta 727 zcmaFL`ki%xPJMAyn0|;wMuA(oYgMvOXh2bDXh}t6sCHtqnX_B2QKW~Pc2R(dPiDT6 zBUgrhXt{}Hd00TOYnV%hcUV?-sh?Yhenvn_MQKDvN?uNYrAKa9QCP7>K9{bYLUD11 zZfc5=si~o*f`3VNPIkG1S%sN-YKmb-rlDm>RDO1dXT5f5WS*<5vxljRaeir1c0@q7 zpSe+bNlugqN9FURJm( z$U1#Pd)@S+)WqUcuCU@jE?r$+g{0IROGCrJ5bvOn+=+Mi4St}f3VGd)cBEmUYOnP`$|VG z164%Q_*X9VD=OmheE(PP=Y-Ad5=w`bTvWX2+IQ z@hj~*8Xrq0-%&M@eO}JI^1Ai`8q6 zplyeOapL=@E>g!XoOrUW=jBU_d1VvUA6q9Eo}hg0mF#lK{`C&OoGSkPojB{2n9`lJ zJ-ZZ-gzWz1eO>p?j{1vJ{Fvf?U-I?Nujq{&aC&oqI5=iCQ dof;jVkit~-e`f8$WL^=5U}J&hw{d zCs$Z-PNadiL12nOm~*hZXOW>xsds3qVOC&}nU{x2im^v{g?o5jwrNFqD3`9CLUD11 zZfc5=si~o*f`3VNPIkG1k&#b$aH?0bMWvBpeo#ezPJOmdd4{8jetuL{kbY5yOL{?B zZlQjKX-;K6SCK_&N`SvhvQc40fM0fGx}$GSv2kI#S8|qqYGJm4iEnV8c3Eh?TV#>} zm#(g^LS}kyM52*}zGZrjS+Q|IPDWHfVybVlcX3!+PI_*7a0 zuaj@T@LpHU+-@^t=7gZWl_F0z)oiFykoX~A@ncfzeKN#$Opp7g0 z!MDGsx+q%)#e)E$Nooq`*~fjNft@?ewDFmO8N2`R?Cn5H@^O> zuV`)`|CMDoyfxoEQcddGQU7$){o9u&=r&!<4lVn5{;RO_J%c|lc3fuoq-b@%>-ioR z|LuQ`(~g&&lN0h=5TR_i^Yp8|X4`r-|JjQdM=`eczkQmKKD+s zch0KnfDqq9F_KzM`|p35pHv-T@apCD^amd|>3$B=p6jV_^ui+5Wg4|_C*~dZ)9PHl uxQVG0)GkUsTW;5q;ya5#Ga delta 859 zcmcb}`ipIXPQ9r|iK}r%u18i$aCuQgNm-SlS5Z<`R!&qzc|}2~L1>|Vwv%^gM1WbS z373gWae898Nv?->nMaC?iFcBJkY_}mW2Je1S#X{~g@voXMPXsEeo&F4BbTn7LUD11 zZfc5=si~o*f`3VNPIkFMl1WZLh+l=TVL)bfZdp~HSAAuLnNMF`bc~-80g_&!(Z+3=}duoPunR|tqQ9)#-vvYY_Xiz|MroK-g z$T}CTF#oIq12x_BqSVCVR0ZoaU)vOgD#e6QEA?mvk$WPa_xK(4gEXXRj3BbmOvMcQ@1UvPhRKGw+f@gG472 zH?9aLPah+bVt4IO-yn;k5SNU?P~*aqe0Mjq6bo;oV#}&b?K~5U&^+(t@W{%PC}-2` zQp2jOOrxYCzj9wkE?r$+g@A(eL^J=wur!nUh$xdVCqwgWZDU{KP=mloA4>~;ay)qI?O&eb^GV94AZ-VDW#SyCZ(< zwimCi^#0G?@ GS_S}}onyQJ diff --git a/secrets/paperless.age b/secrets/paperless.age index d2c2d86e184c4de8be4ef80c6125d9533dc2c02b..9de2ffe698260b627b099c0e0b0217880ff6afaa 100644 GIT binary patch delta 320 zcmeBSe#|sMr#{M~IIqeeqP)n_xXipXDcdtB)3hY3GStmI%G|Hgy(q%X#WN~N+dnYW zgv-?+)S@Ij(7?akHOnQ*EI1%C%fv4!KheL+DaFqtvnt0gxT4e~u{6LjkW1H2p}06h zH#Nn`)YQ;Y!M`LsC%arB*}}}%EG^PE%FVDMEW+13t-d71R6E-&yuvHUx57Li)x@~K zxhTjqA~3_1%hNqCB{$66(ahVe!o@4s(%jI|BPh@y!d1WAJvgr*%3M3iDY&B4FW4lM zOIKG{A=4l%CppqHKR?Ys%SAsgvnVnoBi%2>qR1<#Dm^4wyTBmJ#YwxW(zG;`t0C}& zLd`jCIm_awX4St|l=p=!d*1NefQ|jSk+$}VTgof<6fgR_>(ucHb_}IqN`JH19_{A4 TH}P!rA+Ggavap delta 361 zcmaFN)WbYMr`{|u#3C`JqA0M!-MPZD+{`N~AUnyq*x6S>oJJ0&r)D4;UkI4{-0*VD(DLo{z$fqhhG2AJ;!lEG4AV}NYJJBpN&)coa&Be4NKer$!$GAKn zWSwSuxUYe~ZhBE_VsWZMrmB)ci4#|HX^xYVkE5wmiGF~8qGdUkuCA^^SV={Sg-5Yl zUY1i*j#+Ait4V02Uw)9GbE3YNqh)B0w|=;*wwqseZa_&kS5g>H+4PS6RvWt{6EoBv znEXle^IEddDE7q7YDHDUzYlhLCdSl8r0%aUtdod;wn=GL5z}p*lUY{&_MaZs@7njx F6aYcoeLw&J diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 7750b1cf6c94258bf30d125c19be3d922b5c97e5..e6297c3b8dcfc4a4e8559577ec9b7beb8261cda9 100644 GIT binary patch delta 320 zcmZ3?{FrHiPJLO4tEE@6ce;6AfJKIl1hDSwIMTWUy zGM9;SSYl9Mig%)SVpU2}ZlZQ%p;?YchFh3dP)3D$uBCTml#_p|QI?xmB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1tFv25q<>LRMwUlrqF;tvc70ZfOKO&@b6Rd@NN8oEe_lzB zxpufyW^uSLmtlo(POf)Bl8;xozFVnDSfHPCmcBtmN_M4tenD|YP=-ZTnWIlcWJG2$ zm#(g^f>CyMfth7meppqcYe__^XL_Kkk*Rl}Q&?r9Q-ObefvJCauB($vlwXl6SL1Od z!-wls0xbJBbp-}-F?n`pBxkplnf>^(o=tbcDUKsYqE5-mSAAeR-C3Nh&F}X26!YtQ SU-lefxYkuEyX1$8nLhwF3k1V~K@xpqpnLnq>ov?x3^KEt9xQ-L0OKIW2%`+AeXM4LUD11 zZfc5=si~o*f`3VNPIkFMRJy6Tkx`mYU`}XBN{MGuKz)IBa%8GYsCjvsSFT@pk$+T@ zWoDqGL27m~S7e2=ziX7McTj$AS+aq#sk387PGNypWHUg7RPw%QS&mp{EW1GlZ(p{ zr-)+njL2fHiAv%;hfKpg)=aRBx~s@w`kh@kPJVB1fWPXrt@FLyCcbpM8Oop$B>Lms d?h@G|U#nTSUmh=6cfCpD_@xWZ{~6}Q0|21chCToQ diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index dd41e2881141ac9ee1cdfe6f225fc3c52888654f..0fcacff217b502d9ca98d0254223018dbd665815 100644 GIT binary patch delta 689 zcmX@Zc9C_0PQ6i?ud!#AcTq%vS3zQ+iFUGuzf*ZhaG9^ClRu0L~>D-MM-X1a!PJqma}VyE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1wvk_QNqSOMVW_J|S!!rdaD8f2c(#W}aBzyRp{09CnNw1z zdzxEnMWkCcSBY0}qNho2R77xIu)l|qzLR#IWu$LNn3J)wrB9WUhl_q{dWvDHTVhc; zm#(g^LWG;MxoeVPuBBm~XH;cGNr-DsWLR=yKuB_8ig{vjW^!6;p?+X+nO}(sm#*IT zBiYKLef10${jC4iSbr6~@_+vFTUVdNpLqN9kLO+JTA z6Bg%3JnB`-dh(;#fXia#s}-U4B8OQ^*V%W4o>>3jbn(1jVf9`CW;_PFo-NoBAmKeh zOCYwn_pwfhBgrrzf}EXn>v&1UugNrO)k$jf4+a~X&Ep6U0YN;uWfN;xG%_aO=gZRqn0ys zn9&3K0e z|1{T1h)0yAF1-7z%k^zT&2Q_CUS>7x4=xXBeej^W;Z?JFS+(eNg@z>pQ@r@rZfTx< zKd>WMuJKx2ROLs>gAJea4o}^tm(f05^{UV^qpwq$*BPB$_ON$vMXgD%Kl^(vpO@1< t%kJE@bGo%-?4=VD2mF;J%QQ?X4I&T7&iK?lj$=ROZM21OSBZE%X2Y delta 813 zcmcb}dWLO+PQ8A(SCFA!RY0b`b4XEflxeX?Rat3JR8fdaq;_z2M5ULxadwu4QHWbr zF;{`1Wp;>xNw!OXzqgZHdSbSJqGf?;cBGkUiBGP(Z((vtL3nANexA0eE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1k)eA?hI6T*Z*X~eXmDkKQ@yWWUSfD+ig&PIhI43I9Ka-LS;~-;wW0Ncc*AOmUU0nr}fT~dK%JKqJQ}cYE@WPzXe6!3DugIXZP!nGx zmka|}3vb7qG{3A0UlXnb1Ch3;nUW%Ljo10=_r)1)wY6`woXYp!=GfL{p+@r`G5=5& zNv^x}=k^?hPlo3!EFaaWCtKN8uM4<2^=vNB#h9ARr3dXl^`APo!~aQQ>?n6(O7H&Hs5_<90;(gl|U3jy?=k2VvQf?Xldy#Q1Hf!eC{%yVZ zDd0joOGHBV0`-H5D_BLJyp8v9a7nRZB42AlF0 zySW%}`}!X>qf;^C>YuaD1> KVVUzfsS*H&)K)V9 diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index be57748a9fe32e160c462ee89c2cdeef18ef72eb..5695f548fb6eb9d2d96d60bd71708e678f8d280e 100644 GIT binary patch delta 332 zcmdnT{GMroPJMAoML~&IYNokGM5cMZQ$%5gsfTHjS6QNgzk#87Zg!Y^m9dF&SZGC- zBbT3Bm4%m2o_~ZzVUSsAU_g?oVL(+yqoQm{v%M_8_9endrJ zaH6A2T3A&+mt#q$VOB(iK}tYio_SVYp_zYU?uQe|P=xTD)%4*W>rr*Zt#>W;>h`#@6e)&v%_iUT)~EARmsHlMaWZ4_KHqsNOlt gZGHIdmZ0bl2mf_y-~G5K{jb6Gb-|I(BwAJj00C!vPXGV_ delta 412 zcmaFQw2yg$PJMoQaI#xYu2W@Vuu*}3R$7{&w~4lgU$TE#zKOPPfO)=wSy4u1T2M}K zF;|FlNT!cdP`+FQ2H4K)>MpjI^|3Cl3z` zm!Q!4va$>(k1)&99K-a&@Ph2fEDJ;Z%s?((U0sF5;DXFVXSb^2+)y{|5|bj=lx!zg zBj-q8CxhJ3^6;YUP>-?{ZGRI-_i`@95}!$4JLf38?VZ>fuw{CH)doM)ZzumKWlh<4 zHeKr*Ls8>Jq21Q88|^Y*PyA%FCeqJ;yU9fbr&Xd_{W@24jh^bq9O)C*c;vigOThkR F(*Q~mk&*xa diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index 122adcd..56c3796 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw R+xnmMAoVmaJi9UMYBSX5CKk21LhI9iIionc6Nh8ZWg -eR+OpFfB6BIOzOUeeY5IzmXerCCiqOYS9ZAGIb0UAS0 --> ssh-ed25519 Otklkw HYpIGulRkcfpKhSdb1mF/hbBHiXCUzYR6/b0KspgHTU -1HAtdynQZ10AVgGqh4cw3qDqSh6Suum3zYo6/G7qKw4 --> +YMQ-grease -wyHx9k+fMnxTm1LMDhmmMye/ ---- g1F7i8Y0foxjDp6qbBtjhY3A/vyxM2R/zIQJZTG2F5o -.]n"wjkYd<2{N N0`XUsPxV)nfOg \ No newline at end of file +-> ssh-ed25519 J6ROvw JrDRK2NkcPjUf7Owco978Saj3FlPGLL9RcOW3aSB7Hs +o/WPV/rBvvc89c5qln+XLVslVed65EGZOkQoYeGgvpQ +-> ssh-ed25519 Otklkw fvLeR4YnqmXYGu8krDmCGDLa0Xh+X+HpCTcqodxOtEA +L304iO2/Xq5TJ3Ui8F3EIR0mXVRmAMAleGexBxWoJN8 +--- B71HeCVbIOOnvWXWwMSk0A19qnsE31Lo36lKOkXLQhI +%>TsS(pfAT+ $ R_(NN1xL7F^V +opSj \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index 7528977..c9fc294 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,11 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw wkW16tPBMBW6C6OPU6Dbq9mfk8w1hdTNB1lEP7r3ym4 -oeGp1/oGD5R208ZutBsJUsA+A94hOASnm0JavDjsHvU --> ssh-ed25519 Otklkw AQCgfaxhvd59oOf/nH75WhHtYt6RXuO/U/c+pKemGDQ -Jx5pffK1rX2Yyal+ZvTTGiMm2PsMZQVIRguHpDU2iig --> ^-grease ' -xxEd1+U8pgjgcmgxRJqbLIHNoga8kUdwaSVsypHL1UB+kPAPFIdZF4KMOj7hshzC -vmaUOinUhDiWXQ ---- A5Ig3NOr1MW/FXwh7xDkITEd3o/LU8TxBdrIq5xLsZc -Ce\BN^ġ&.+k,x)TTS:h򎪳SN mgׂٔ _a W -/ \ No newline at end of file +-> ssh-ed25519 J6ROvw Csza+rGQxYUDFvGEYm1fWXWb5LjLgnm40FX6ji8iSwk +6WBO1waHHHtS4JXAIWyeAglajZWC9RBGiL4s8jD27k4 +-> ssh-ed25519 Otklkw XUwET0Fnwhv6ZT/LfRJqgJAbMo/+0/klLXZPO52/gBk +he627Zlp56L+u55f4OiaOvFbYBIfabbpOIcymrgfhBI +--- 1KjO/MX2lKusD1cGiyJCoo7XNwNGrXkoxa36k2ROPB8 +c"tr ,%&|j +$>UZ9&ᏅpeAa^o[Zn9z \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a3255e1..88f46bd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; - stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV1LSH8jeMnXJ/eqhJCebbwxenJmxNoeB6UGrBmRjZk root@stolas"; + stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObI38cB8gTDXmDb5GcK4pLm5xM+nnvGeSfEpB4lVEwE root@stolas"; }; backupSecrets = hostName: { "${hostName}-backup-passphrase.age".publicKeys = [ diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age index ff9d5146f9f253078b6c2230ffce80ac842abec0..ab532e3730c4fd6e5087d85a64162bed8169f69f 100644 GIT binary patch delta 343 zcmey&^qFabYJIquv#*PzLTHt#zfnk`M{rSQmRprsW@TD>ZkmsoQK7f9w^u}HWua?8 zc5!h;N>zv_mqlq&uuHl}V7^;wioa!^o4Jv5pl`O9cY#}OsIgI!Z<1enc9l_BvSW5J zm#&>cadC!jYKoDmsiCEUe@S*ucDX`|uYrY;OH{B+RDDu;n3H9gfrUY(zE_T8PEMtx zmvNPQnp;?;Yeq$8u3;osT9i>zX{BF8W|F0gccs5qT6Uy`mtUwyiLYyNXoYrCXjD#V zkdte0eyIVMuCA^^h+#>Pr9q}=rln_+L6kv;TaurPPjOCOvXQ%IzENh0QJ7~yglm{_ zqP_vw%z&9Y8Qd#w-8=D#@4Ri{hu5E0F5Qv4eG`M?F+RSVrFT=dKa@&M_@FuC--=Jg r7ZmeS3zmMq9~vYj=<)K1+@!QQp_Z&y?F=7ytd&o-`|{}9m+1@uXa9eE delta 343 zcmey&^qFabYQ2BDcSMw zvZZ#AM@mH?S8j4aa;Q&$b6}`%NxpMtNO`7XsF7oYi)mcadC!jYKoDmsiCEUe@S*ucDX`mRZ6h0v9ohoRehjIez`|@cy5tXTBfs^U#XL0 zsX=~TUa?uRNnTEnWmqv+XrM`mQ@Fl~ziClera?tPuu+aQ= zrn!lQccd$quCA^^NnufmcV$$VOL|6$fwxy+luNKnSW2F&kFkY!R91kaQAL!oPgbgT zj;8_Fj{u{toW;%#6aRf#pfUGxpQPVwETq4dEW+m9#n rd^|aK&hvLRzi;nh{iy6V%UtS8qLb>nX%c;ECEIHkl@-O?yb}cgoPmA` diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age index cb98c8df76663f8f4e8d5e50fb5a9ca3f691ecfd..022ef30981a92c26365c6d6a63f8951bb842764d 100644 GIT binary patch delta 696 zcmcb}dXaU4YJIquv#*Pzf?ttunMFWol}S{fdq|>*sYzjuQ$SdbzGGRSubF;!c44`p zp_7xhsd0`gm$_SNQDvf$MY^SNlD}tSNo0Jsk2A6e^O;;xW7@FL4~7ZR7P?# zm#&>cadC!jYKoDmsiCEUe@S*ucDX`@S(sy(X?Q?rP<>8bv1vw{c2#y-q_25)PE>Gs zL7_#sXGNK7dP!!fd3G{ac3D)0qiKpqYMDi4q<@%iMN+xGVO6$YP=ukkahO*`m9vM5 zzGGOad9W*&uCA^^kcYlYVwFXyd%8uKYo2+2XoX*@flH}=k&APMXNbRPmbPb(Z4?}H{XFs7Yu?3#OCJIC~&S#;p6 z?8CmtKPw($ez)|h-&xc4hU&)Pw;cyel3x9hnWePK{Mh<>jyi6ocbCq;F`D=%L*T5N zl8w1yvvIELOW98f<=nRCe`s7{wtus#z+&G|0iLcknND;5MShhqK6U+rt&OPk{(xC? z!sA@E`rgmgdY^d7WT)=TPfs?q7vU#(Ze`q1|> z$IMWXch(m-yga7zqP|;Ia&^EamS5*hf_r}^OoCA`^`UYNUQ%! z&ELdZ8T#(CVAAayr=tAlmPvYS>}`Je{=~s8>!0s?6wp^~z!y`#jju#)v6cu=8e?MQ zg!;W6I~Hx!k~#j||I55)$A7QW&mQ*DUHQVQhs)zDPj937#m7Bg^{$y3Rv+Ifc4xIy wepQm8K}BJ> znNgr`NO^8Cm#<}|VVZtkN?2rGX;z`9OTIx-esZ8|guaDmak@cSo~3ziV6KI?g>j}U zm#&>cadC!jYKoDmsiCEUe@S*ucDaI4My0oJL7IM)MSXd?Q+~N`dPRAXxp{JyrITrr zfqtTSp-D!ev2#Uufq^eqmYYv`T9~;}X0dl@N=cDvu2G(;v4OF7RHm1UcZgSBrDb-0 zsK1Agk54+6uCA_vdtjQUYelA4h?i?%NM34jNLZnpafG>Ja(+>mcCd#%{Mh|+vY#*M%C=H z)~8Lobe$&~OgdF$ZFbaaN7E+hInK7#{c`Hx_c&bHW%w>~^l?{b!B_Tq|GbSJSenmxHs^Ar zKKsY{tS4UZzhtw2WFfa_bCcTk9|ec62F$feZ$JKD%I5O9jD`2av@*SaN(J3ovFGIK z+vkIOl^ox8Xn*I`R#UD2AaUI?t|c(2>+Jtnff+5_kBYyjPy669)n($;E~jPlmTx~A z$GT+p!jqTZGFdbAiq*-UIQNXhKbni__^l50=&vjK*3J1 ssh-ed25519 jUOjpw zb9yidyhlOj2LnVSCjNwq0MBj8Ik7zdT+6vs5k2vdTY -lxFHzj+mUpW8ogGkfpZZWZRPfMp38Sb2GYojBUrxGB0 --> ssh-ed25519 Otklkw G3tj2S2BM+jmGg5ajD2hTIKAWJMAhuHAT4jpFpu2YmQ -XDLRUWirSzXQ55HnWdICzICPQDL8pyJC9SnS9ODwhdM --> v#M-grease -rEp5i85i+0HA+Rx31HR27NU ---- 2Q+j2Vh/Tbv6NYYg614YL1+yP8hff++2zAuWV7dHDe8 -HY\ \;m~qoz85Z̯e9Ia䔝Y \ No newline at end of file +-> ssh-ed25519 jUOjpw hXl01CaHYYlY/orHilx2gv0Fyh1eMXgN1NBzV1vSw1g +B35trnqYoFwg0xhw/QPw56N4VjxMyQAlNGyRFKdHfKE +-> ssh-ed25519 Otklkw SRtMspvRR63U17LRd2aqU0m6f5bnpY7kaUl9uP94hhk +e3XD/s3fY78uxzA7YVs4F4LBFYJOIHZ28Odnnj8Zeac +--- eVNBDHFoU3kBN+SE1osblaJ0yWTv1ZOjJEXKtsI8054 + u'~ʕv'V}nfuE.JͥhxI ^X7Y +E74 \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 7523e7a3e6e10f57997494739baa6e0039f40107..37cb2a54f553d7c132c2a7b6ed743af2d384fff9 100644 GIT binary patch delta 689 zcmbQnc9C_0PQ5`$l8K{vc(ReHg=ukyTY5mcXOLl@XP&!3ctv_hrmJaaX-<|=m8-L1 zBv)o)cu2WlsIg;UplMZ=QBGKXO1N2yk6B1~XkMmgdaz$XiIHKXx1oPZK9{bYLUD11 zZfc5=si~o*f`3VNPIkFMUZO=-fmx(mSdw?HVNhwYWqnmzcA}$KMrK4omak`ea;BwM zfoWlBKv+aFS42>1RdS@EepyaRL0W;UXOyQ)MRHhfW>$emR&Y*IM7VcQQn^KdS)p?= zm#(g^LSbHBnTKygcu0|#slTD6aYcZ$v!hFaf0m=8QFv0elShD~lV47GNLH>1*Quf& zjl;_h*4LNpSezmE+tMlj{!U5$_{J=)`7%=yofX2;`mI%pS1LS{yr|~TVBz>VwRqBu zHQe9#8co;Rbf!^*$LqxD?$vualJe5|oH={ZyyQW*NO?uiV zvVLtew^gr$uXNUwjT-M}`sr9It%$0WGM=*W(l^Vqhi)#r_)V$!w|I=>>#seRjTrh? zp6A%mwSSVtwm;9BpUZuzzw+Ur*&n-k8S|5BgO{|vlU({fC-KV8dxr`f_#2O$cw4sb z=HeAMoo?N2$#eW};rA~kew*5!cb1oL-Zh&2qMubd&+){@=khz;e=uK9xp3l>M;-IK zM*Yj``RwOjoZ4A^J!;GM6qeb{tD>zcG{1#@dAK`n{*j)WP5;?l3-adab$@Tydb(J` tzV&Cg>MWzztDnUN|Jc%`|J;gqWsv>#9OccbLSEMYg4MP@`n1TR2LO?0GU5OL delta 758 zcmcb}I*o0DPJKy9j6PD?e#b#Sb&a<|?{^#(c2#uH9 z&KL@GT?~2YbzUd4-`1J;Vf%`eRRUax*H+AmXJU>M6i?X|BNG}d@G_#J-$|nM9haki zbk_E@rw`uy{$OSE_gNPvuFUwWljrg0Wx&LutPdPFPqv;o!NTIPIQ^*lTrZ}+RYv*G zY)_UPd4E_ZbVdEeTQQehOjfU5^ZEX2jey79(uS4mA&`*Ka7d&KA ztx@s(uzitApJwk`8)>KfMfVK$UrbT$QLboz)pNJR$Sh~|O3s%NZ}VKOH;P=)FKMl^ z+tIZ4*GqvZndfxoKmIQ9W6IsR0@f{dr9QGHFYZ`xeVvM~jX&J-jBgWzS9j89E;~JYRmN zF=WHF7t6MOI=laE?UIEK<}rtVSVq@5Twk9baJs?LQ>1g^a)st2)dHFw%YFu~Ud9uq I%AoQD04mT%2mk;8 diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index c664303a55a0feff21e5efbc94439ac2b7441f74..1e58cc84eaa73f0283d0c1d349e6e0071802ed40 100644 GIT binary patch delta 688 zcmZ3+c7b(*PQ8C|Rk5j?XOx9kc5%A9pL3XVenF;jMN&qIhhdO^qD#J|c4nYOse6V| zGM7biVwPV-YO+sIx_LxVn4epIsFAj7nn9IIl#^Ffig|`>vVVl7r@3iVB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1Z?1DiihEUAMw*{tafwHTXT58cqiK{$K$wM7nQKmVWlo7x zzF%2{r&mZmmybnYV31{4Vp?dKiLbUtp?O3~gl~nmc9w;Ov$0WFk&$mohNWkAKw60b zm#(g^LS})Pxl?&nV4!byNMJy&zE4s`WO7PSSXfk+Ye8y+u}M}$KzX)%c)4*XmzrIy zDBJe;o9d@0iKH{Cf8tB35T9vTBl~Ut?}VkxB)Pb+lONn;xH5`(v5@n5Q>c)1hQ)@)048 o^So0Hx;D9fU(2$p`O+~aY2A~@@-3EfEx0i8{RTBvi6uq505y*tm;e9( delta 774 zcmcb>x{PgtPJM`(X})8!r)ha{xwBVE{ zC$o~`6r*hI!T{3@KVL5w?Ii8U>we6FJj7m8T_e76=|wm9%%rQp{Ex@(-8 zlFjBEyexKn`necare`lVWH&lF`{y0eJnmq8a$-G?gOBUEo*mh_mtSt~mHhL&>}`G0 z^Oenu-Yr~lY^k%}*1$s=mM>;A9@>6YJnlk?0(XgfzzgHrTd8|LP4~{!d&Uxec4Dxh z#44{gy^o zIC0-p&BZ@n2cB3Nd*j3|m-a7eKZ{Nrh-PGDt6UP)=fLqoN^)n5VsFI7)gB(R{o)*DXqJs{WL=Zs6JNYys^2lut2vZI<%(_c znH`STBh!04JR`5SWw!il-Yi%0U-4bLHd`}qUjOM-roV#U%?-coGtHXn%{^7RUU5yO zFL$~6%Jmk)-F}Ja56~nO7Jdq)5G>pmf7tq;rcYGCBH6) XMd;e(Eq_B@;xARGFz;MR zIah{nN_v^4XK0{Xg=KbBs+)zIdrDb^NvNlxhli6%nxji%V3A=^R#C^qicGKt5aSG5@ql$pEBm(s>5zJZ_fJZf#;Oq}!$0B0I`9{>OV delta 368 zcmaFQG?{sVPQ8mqah{W#g{iS`ZgFLL1K<8 z$T~~i^rF()UB)L^e#PS)n&S~@lv2wS7-RoBjx|6CGXM8iodfe)Z(tRr$Ip4 NEQRur`}dRzT>)h)hoJxf From 49722f705ab5bed23a7c304e9a50048e0d65dcd7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:20:12 +0200 Subject: [PATCH 142/165] fix(stolas): disable GS location backup --- nixos/gorgon/configuration.nix | 4 ++++ nixos/modules/profiles/laptop.nix | 5 ----- nixos/stolas/default.nix | 1 + 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d34d0e7..82bb694 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -43,6 +43,10 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; + dadada.backupClient.gs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; + }; nixpkgs.config.android_sdk.accept_license = true; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 8e0b52f..2c5accb 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -50,11 +50,6 @@ with lib; }; services.pulseaudio.enable = false; - dadada.backupClient.gs = { - enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; - }; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 197795e..8f23e9f 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -81,6 +81,7 @@ settings.max-jobs = lib.mkDefault 16; }; + dadada.backupClient.gs.enable = false; dadada.backupClient.backup1.enable = true; dadada.backupClient.backup2 = { enable = true; From a45a48cf17ec3f45c0a5013bfe991f329c5921a1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:21:53 +0200 Subject: [PATCH 143/165] fix(stolas): comment out paperless secrets config --- nixos/stolas/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 8f23e9f..e1f115b 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -154,13 +154,14 @@ }; }; - age.secrets = { - paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; - mode = "700"; - owner = "paperless"; - }; - }; + # TODO + # age.secrets = { + # paperless = { + # file = "${config.dadada.secrets.path}/paperless.age"; + # mode = "700"; + # owner = "paperless"; + # }; + # }; # Create compressing swap space in RAM zramSwap.enable = true; From 215f4313bd67fdd6b0312606ab7b5667eab7f2d5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:25:30 +0200 Subject: [PATCH 144/165] fixup: backup secrets --- nixos/gorgon/configuration.nix | 4 ++++ nixos/modules/profiles/laptop.nix | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 82bb694..16f8130 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -5,6 +5,7 @@ ... }: let + secretsPath = config.dadada.secrets.path; xilinxJtag = pkgs.writeTextFile { name = "xilinx-jtag"; text = '' @@ -48,6 +49,9 @@ in passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; }; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + nixpkgs.config.android_sdk.accept_license = true; programs.ssh.startAgent = true; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 2c5accb..9cdc314 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -5,7 +5,6 @@ }: let inputs = config.dadada.inputs; - secretsPath = config.dadada.secrets.path; in with lib; { @@ -49,7 +48,4 @@ with lib; pulse.enable = true; }; services.pulseaudio.enable = false; - - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } From 77cdf773c0af1726693964fd16e033eec9499044 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 13:43:39 +0200 Subject: [PATCH 145/165] feat(stolas): enable TPM2 LUKS keyslot --- nixos/stolas/default.nix | 2 ++ nixos/stolas/disks.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index e1f115b..3c72921 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -32,6 +32,8 @@ "usb_storage" "sd_mod" ]; + # Ensure that TPM module is loaded + kernelModules = [ "tpm" ]; }; }; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 5d48d17..01cf635 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -30,10 +30,12 @@ content = { type = "luks"; name = "crypted"; - #passwordFile = "/tmp/secret.key"; # Interactive settings = { allowDiscards = true; - #keyFile = "/tmp/secret.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "tpm2-pin=true" + ]; }; #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { From 5f9eac570088bee40057219ad0bd1989e905cddf Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 15:45:37 +0200 Subject: [PATCH 146/165] chore(flake): update lockfile --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 572619e..8c964f5 100644 --- a/flake.lock +++ b/flake.lock @@ -89,11 +89,11 @@ ] }, "locked": { - "lastModified": 1752113600, - "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "owner": "nix-community", "repo": "disko", - "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "type": "github" }, "original": { @@ -204,11 +204,11 @@ ] }, "locked": { - "lastModified": 1752286566, - "narHash": "sha256-A4nftqiNz2bNihz0bKY94Hq/6ydR6UQOcGioeL7iymY=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "392ddb642abec771d63688c49fa7bcbb9d2a5717", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -295,11 +295,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1752298176, - "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", + "lastModified": 1753505055, + "narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", + "rev": "7be0239edbf0783ff959f94f9728db414be73002", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1752055615, - "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", + "lastModified": 1753439394, + "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", + "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf", "type": "github" }, "original": { From 2e8aa80b706e1798b3744af0a6e80dcf5386d128 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 16:04:21 +0200 Subject: [PATCH 147/165] feat(stolas): enable admin module --- nixos/modules/admin.nix | 4 ++-- nixos/modules/profiles/laptop.nix | 2 +- nixos/stolas/default.nix | 13 ++++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 07323da..eb37116 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -97,8 +97,8 @@ in services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; + shell = lib.mkDefault shells."${keys.shell}"; + extraGroups = lib.mkDefault extraGroups; isNormalUser = true; openssh.authorizedKeys.keys = keys.keys; }) cfg.users; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 9cdc314..4d02bb0 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -25,7 +25,7 @@ with lib; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - users.mutableUsers = mkDefault true; + users.mutableUsers = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = mkDefault true; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 3c72921..46ae536 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -83,11 +83,14 @@ settings.max-jobs = lib.mkDefault 16; }; - dadada.backupClient.gs.enable = false; - dadada.backupClient.backup1.enable = true; - dadada.backupClient.backup2 = { - enable = true; - repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + dadada = { + admin.enable = true; + backupClient.gs.enable = false; + backupClient.backup1.enable = true; + backupClient.backup2 = { + enable = true; + repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + }; }; programs = { From cfb4b8d160e5632d803344db61637f77526fa055 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 18:16:17 +0200 Subject: [PATCH 148/165] fix(stolas): wheel needs password to sudo --- nixos/modules/admin.nix | 2 +- nixos/modules/profiles/laptop.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index eb37116..05acc43 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -93,7 +93,7 @@ in services.sshd.enable = true; services.openssh.settings.PasswordAuthentication = false; - security.sudo.wheelNeedsPassword = false; + security.sudo.wheelNeedsPassword = lib.mkDefault false; services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 4d02bb0..7089f4e 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -48,4 +48,5 @@ with lib; pulse.enable = true; }; services.pulseaudio.enable = false; + security.sudo.wheelNeedsPassword = true; } From 8908833eb36982d9c5e7125b730d74f79e0a4ff2 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 18:22:00 +0200 Subject: [PATCH 149/165] feat(stolas): migrate paperless --- nixos/stolas/default.nix | 2 +- nixos/stolas/paperless.nix | 10 +++++++++- secrets/secrets.nix | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 46ae536..5f7dfaf 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -4,7 +4,7 @@ imports = [ ../modules/profiles/laptop.nix ./disks.nix - # TODO ./paperless.nix + ./paperless.nix ]; nixpkgs = { diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix index 7591f0a..a5fa69f 100644 --- a/nixos/stolas/paperless.nix +++ b/nixos/stolas/paperless.nix @@ -1,4 +1,4 @@ -{ config }: +{ config, ... }: { services.paperless = { # TODO migrate DB @@ -17,4 +17,12 @@ "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" ) ]; + + age.secrets = { + paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 88f46bd..f449646 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -46,7 +46,8 @@ in dadada ]; "paperless.age".publicKeys = [ - systems.gorgon + #systems.gorgon + systems.stolas dadada ]; "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ From 651ecbc9c4a9455196294cdef9b860c669fc606c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 18:28:19 +0200 Subject: [PATCH 150/165] chore(secrets): rekey --- secrets/agares-backup-passphrase.age | 13 ++++++------- secrets/agares-backup-ssh-key.age | Bin 741 -> 741 bytes secrets/agares-wg0-key.age | 12 ++++++------ secrets/ddns-credentials.age | Bin 466 -> 466 bytes secrets/etc-ppp-chap-secrets.age | Bin 374 -> 374 bytes secrets/etc-ppp-telekom-secret.age | Bin 370 -> 370 bytes secrets/gorgon-backup-passphrase-gs.age | Bin 343 -> 343 bytes secrets/gorgon-backup-passphrase.age | Bin 372 -> 372 bytes secrets/gorgon-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/hydra-github-authorization.age | Bin 426 -> 426 bytes secrets/ifrit-backup-passphrase.age | 12 ++++++------ secrets/ifrit-backup-ssh-key.age | Bin 733 -> 733 bytes secrets/initrd-surgat-ssh_host_ed25519_key.age | Bin 721 -> 721 bytes secrets/miniflux-admin-credentials.age | 13 ++++++------- secrets/ninurta-backup-passphrase.age | Bin 355 -> 355 bytes secrets/ninurta-backup-ssh-key.age | Bin 741 -> 741 bytes secrets/ninurta-initrd-ssh-key.age | Bin 721 -> 721 bytes secrets/paperless.age | Bin 355 -> 355 bytes secrets/pruflas-backup-passphrase.age | Bin 355 -> 355 bytes secrets/pruflas-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/pruflas-wg-hydra-key.age | 13 +++++++------ secrets/pruflas-wg0-key.age | 13 ++++++------- secrets/pruflas-wg0-preshared-key.age | Bin 367 -> 367 bytes secrets/stolas-backup-passphrase.age | Bin 371 -> 371 bytes secrets/stolas-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/surgat-backup-passphrase.age | 13 ++++++------- secrets/surgat-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 720 -> 720 bytes secrets/wg-privkey-vpn-dadada-li.age | Bin 367 -> 367 bytes 29 files changed, 43 insertions(+), 46 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 3139105..d710a45 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w ZwPKXDj4QV+9GrvwgEI9vwhwwoHgZlnveG5GwpyeAQ0 -f4iPzhbR2HCeAQ8cUDUqcYmVPoQ9vKMvkFQyVo1T/Qo --> ssh-ed25519 Otklkw 3y/RbwOR4wv6Iwq9+jMSZ1ntAD6G5jgeMx0PoBq3UwI -CyHATiRIbyj+yzVyhh8ccnL6j4I8BHhiBi8l3RV+mKs ---- 69+YwES2m/Lz68QMJTANOjgIPWmmjgFTrBGoEdHuaPY - -Lw ssh-ed25519 L7f05w Sof4o2JYLqx59paPpBJWFek1IwCHb4VhuOcPpBkut20 +QNsXS0H2z5NCnKcDuxDVvY+AnTV27/Ijeo/kd12nkoQ +-> ssh-ed25519 Otklkw WZt99A5jBrb7MNqzpCuGiJ8wJ/NxZrJE5Q02hvcVEVo +yYlAifPMGC01CGpke5ABasi/sJ8O4r3+5SyoVpbpmM4 +--- vIe/LRs2QxPpZJUrdOFuTBNanHcMyzh7iAFRalWd2dU ++]GHuUʈQ&3'Eg܃Z‘\~e) 1׻ya \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 67d570eccb08988e2411b3cc47f33ad972613d05..32c7885d624db13191978fe5165a23397a923261 100644 GIT binary patch delta 709 zcmaFL`jmBoPJNZJLAX(+mv>%xh>uIMxodb~Qk9dDad~D=WO`|Cc}7M+c5z;4iLr}Q zIag%3S5{nzw#MRb^JbPpU~+ew0Chae9P7p=WYhP^v*iRj`+%Yn8bp*O~aU zb)hfvdh3H1IXtQ;-ccShU&!+0f~(&;f22ls1(}OUq=lsSP5#NefTfb{f!7IN9+j^x zYO)i)Sou2cpZ}2I_Wb9M3JNN=#PZIW;hnp6!w(a~J@elx-RNDgLu!%o-qdd|Pq*($ zU-RJ9%pl$!Z}puEqVF*6Ve8l?a`MtN&MAxcUpc~d*tm*ayPj2d_b&BYW)iPH?OWb9 z|Mrw5TiJUjzMhmRjZZgZ?|71FcAo7nm)n)^Z3oY@J!vAG6l`| zU$h-v6Z3!9rjM*AVpdEL;E-_CN$P*TvgeXs^4;c8zlJH#8-Kptro#O?orBzcLxbneAqVoj7IbFOK&dhUhw=*%?sr~) z&uxHI>{iEOK_L%(VuBkI?G00s1ZjyMY`gMobr$xFCWXXL#Usd;azWlirGbgjW zKh!_})kTX72X1K!NFKZKF8!_-Yb9S^&rQjF&ji;Mzd92tbIvkoXZNbEs$Wk#?XFBI ziIv%q`uE}Gr1y!@K{GU&%qNR%I_ve-rRDzS7oTfh>)uK3K9IY^G-pc7{B?r;f2V(n PPQ0kBs@#|4Z@n1+MV3OK delta 709 zcmaFL`jmBoPQ9C#MOZ*esdj0hp>b4Rwz*lVi?OMDh`T|)Phw?Nptf_Wzjl70tATH3 zGFO>@V2MRxKyFy6QChL9wrhGuc%qq$d1^pqa#W?aWt3N8MNW2hx>0zP0hg|wLUD11 zZfc5=si~o*f`3VNPIkFMUaE1aV``~Wu5(&JW`>2nMSZx3L9({HpR;$apP5;DmT^*w zi-AkJpO--(mq}8pZ=t?hVWojciNMKemmks9? z{XGU+|LUumFW-IMdZKsE9^b5AQ=MkUEPJr0*|cfu70+vPLUm7NFZ&l2{vc*UcHWoM zokyQ~*d<-uUvN@C{zKjyS-Gy;KYC88v-90*>fW+Qn<1lc>-|4E&$T0-PW|)JFLqI8 z_si9b&$d?QUj5p_eCXDioEN(G(YG}7J=2$qXXHgMcsbiQwf=3S$5O*J1zDPb_VFg~ zYy>C2wtrvrG}L7Bh6{3&-M*Z#oIpFyfjU&^mOTPgERqWFT?&J`Md-n_q-yxl!J`p&b67semt zRT4W@|10+9eLQn@o9nSD^;1`CE6C0jk-xgL_j^pBNrWkT!-VTv z2SjaW9TK&Zcb~x(Y981veym&c{WTV$7~Xx>uIpm5A|k&F*{h{BJKmX-HNj4Os*;LF zdw$5W178lc{CxOq!xvlgm9k ssh-ed25519 L7f05w KLdcD878do/oYEztzNfCgKtfh4QCFmCMSZiapueB5Hg -wnSioiBtYXjASmU+6WUGn26ga6Q3REbFC7DxA29PQno --> ssh-ed25519 Otklkw WstJ3pNxaazVPxNjTx3NsXQFnW8sy51CYoB5WVxwHWo -YOmD3exRcPoNer1y7Me2t3nOtUY9Hc2Oywl5sXMlTWw ---- tCVr+COM2orioyWJZvvwbK4oTlRErsQLywIoCVGrO1Q -/a>0L|3`.@awG֗i}=KƮ$3?rtle ߩb}CqרUbc!P \ No newline at end of file +-> ssh-ed25519 L7f05w Nj0zjzK+5vf4YfUxLPNcBBY4ZC57tH9+rEVCv/ycNWo +5Sk99vaYclDFwTnVKB6IOcTVYJ3SGTuLVJxyjb1W4tM +-> ssh-ed25519 Otklkw ogKGpgcz0Gekw7p4LnmIKU2CEdhlkjypRGVZmFda8TI +nkOU/yc7F5BCBRakevYDXyD8akGqYwD67C+9VDxUgyE +--- zuz8UjdxI+CbMr33Z4P5ga1UoRe+oDXzVWgFUhUH1qE +b#sPDF%|Ul e9f_UZ5oeeK}M`aM!5R@j}~3ZҾ͒\ \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index b306c21d933f5e38ebf3b7953e23b8ddca3f81f3..e749a1b3c4d67f7309b01e4da0d18d906eefa50f 100644 GIT binary patch delta 412 zcmcb_e2IC2PQ6=MWNMB{nU_zFv!lL~Pm)EINuXJYV^U#hYJpF_rFK@4en`HNSGlLN z373gaj)`Ykh_hd1Wny`xWv+j6s(+Y=er1?Zk#k5+vT1siWm!;Ac|~fGCzr0BLUD11 zZfc5=si~o*f|ps4e_6SLab#AcueoP=rdyzUkc(@EnVXYqzL9@!s&}A8rlV7YkwtNO zcA`l{er{MgS5R(BV2Zz4hEs;CYgL6`Mv05FOJSZ_s!2#iUS?FFf3{&(dXZB^h;u>y z#E;_jshOE(5hmFg&VH4imJzO%M*3CWWte<{-MVH5r!G1hQ4VQW`&03+T|tgK|Ueg#^DB$23eMYT+6I?Es5&Sy0A^-K3Cnl z*76-!cd>nXasSi3avsmm%OY3ZeQ@uOa@O=xy|$Dop7R60-iu|G`@hxa@Z*WvPdK=y I1*R(l0JM&j;s5{u delta 412 zcmcb_e2IC2PJLpLTY$E!qkd*aMX6C`T2Pf)dX{flvPrgOR#AqTwsxssQIKa!VP=wX zAeUi)v7v>fYne%^M^2eXxqDhcPF00vx@T0erBhNtSWrodk5i;cs8MFRE0?aFLUD11 zZfc5=si~o*f|ps4e_6RgW?6)Dc0h4%pixjxVOWxDq??~vQBt;HSX78nn5V0&eyM+C zPGWIMszpUPSE+Mil4DwgrKeLwTCSIuX^^&2M5Sd(RBoVlo^yIZmXlwEwxxfnzE_3o z#E;_jIr>?_!Nz%+u8H1Z`9}V3C5CR{Zfg?DOlj)#|5M81okOR}MH zIah92Vw!fSlar5GVxWgjNkLMTQ>CdzQGHs3OJrqYdPY^Gsc}_CNJ)6M zr%6^)rn8YNSCna*n?ZzGxnWj;d03QtUSd^5XpwWekyn7RWpF@JNu+a_k8ze~Xs&ZM zm#(g^Lbj`^kxxiKR%n)IXjyT&Nl|f5QC3EBM3}R7L0WQ@QMRdten3z~R!C+b*PC0B zCY+nM@A4^fJ2<=ftXBG|vy7~>|EGA)K5z)ap|G;-oF3bl2FtC1E diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age index e3ea72bcf1757feb3e73b5893be562449a0ba3f9..ece12f8c5e37605e00319fd5a82aad16c3ab9131 100644 GIT binary patch delta 335 zcmeyw^oePLPJMD!MnQg9d5N~RX_S+Hc&=MeQl+WCadBj5q(OM3No821Sz)nDv5$7R z1y{PKzQ3V!RkD+NVqRc?zq@vxw{~8zc4b9~d4)-SMu~f_Q@N2*m1$X2D3`9CLUD11 zZfc5=si~o*f`3VNPIkG1Ym~EFYMPUqVSsl;MwnrMYrSVya#ntJxJN~nS-zu*S(&zR zSW={OhC!eSSDtsVd0>9Be@c#LQhsD&Nu*mzo`rUSyLXsZQgV_{Np4Y!lc7tpL5Za+ zm#(g^LPe=xhKXU3Uy8nmp`VGidqt^1iBn~imw!Z>er0lsd3btYRz+rcnx{uO*W1Z^ zmhRYa%gw`)>*?p((+QG)D{7B!o4<^e;SZm7%cgHOYg&2E{SErJ&!f)K^RU}|s{o0- jUAY{mKA-XGcb~WWbo1YD1|bI)bxeQyRj%Yp&a&?S%yEBV delta 335 zcmeyw^oePLPJNb%cZExoerA=0muYE=dx&RlhMS3}MS7}JSZTOvXh~I6phDwwY^gIhU@TLUD11 zZfc5=si~o*f`3VNPIkFMMS6y7x^roMsaIZ_Ur~}*R=u%PVN_PJwwqg(U%7dDet3$7 zON3vdZ@yzXS9xA(gr}o_WpZU!c%Z9!PV5p^UWL0n| zm#(g^f~QAdVO2m#uvbY)mW72^SWr=fPld5(q<*q@m}^mKNkK`be|d0FT3NCQmxPVE zscm)MYmcqxT8>>;NxXJK%W!q(dc%3j%PxJq5n!QyPvWL!g3pXi=D*(Cvwp2LTW`80 iOfEP!<>~J1N$KHlJTwB*{`L#LtJeB<^tDb>BL@JHy?XEf diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index 1ee5a873d11148b47401d58a3c9e52d3d6807191..416b011d4f1dc17d3442427c915332a46414e481 100644 GIT binary patch delta 308 zcmcc4be(B}PJOvgs-JnTfv3BRf3{;uiE(P6VWEq8vA(aLS+<{VmcEmISiV7&x4%n> z0atmbr%$}hUlvkRwS*E9ZXjFhnR=R$v zZ<=d%s%1nmSEx&gr&(^2eql&zT47~TMMRKec2;NqBa8NN8bhMP;Nb*P7Xz zGkC&Z&eQegDORj9J__mVpt5AMIY`#>&Ey6^?ZCk?3=Hl0`G9$odADxcEua^Lqo G@+ttG3vY7( delta 308 zcmcc4be(B}PJO0-Zf06(fPaLAV_;O0K~}n1d1QErWoThoVNsQ(fxe@8c2z`rZbVp4 zGM87FQFw^9xtYE}mXoEIM^>(jdyrX_dx(i?Sbng%iEDv(N};!*iEo-?D3`9CLUD11 zZfc5=si~o*f`3VNPIkG1r=eedriq7VX{t$ipr=J)X?&lbH$~8ot3E(4FWDZ{`@-N5;@u3 Go(BLkKWhsB diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index ec7c98de8197f0e8e9264bbccba84a026c167fae..68cc452398bcf4e902958dac2ed5dac0e77bad15 100644 GIT binary patch delta 337 zcmeyu^o41HPJOUpU{S-q2UR*{EyWum@$T2N+)cR;CE zo|mhsx36n4SGbo+Vqv~-szp$VnMHC)WmdAGYl($len4V=u1i>Cwr_DjYI=E*Z1 zm#(g^LV$^BNnufiQ@XcVu5(CmW}dG{Sz%(OX_B!?Mp=n}lz(wrfL}_nlVwsmSKo`U z50a-GIJ|r~B_4Pc&KF#ne&pGa<1ec(cvk4dpKFkj;**!0dX=?v%GV?V`DdIA`eh&g k+5WUUTu`?y%d72_(BTa#Q@%3HoS7EJryk{9cdX$X03}v?B>(^b delta 337 zcmeyu^o41HPQ6oJnPFvddP=fOVr9N}W|l#+VS$rzv5}{CfmuMYWwC)-u#>)@Q%PWW zAXmD1kwJ(@L0O2gdyal(Mp|iVR%v=!S*dGPQjTSLX+d#nU}>_pTb5acE0?aFLUD11 zZfc5=si~o*f`3VNPIkFMXi2`gS#g$&cTs^yo^zUqWqr9%VrfK#c}A95YIt^LsZl|( zv2l)9Ns^-pmyvm8saaZ-t6OBcQDK=|NkExvkV|NRPne&hzjOq8ws~=YV^~qJiC1P;q=9pxNma00HkYoQLUD11 zZfc5=si~o*f`3VNPIkFMNL5~uxxR;UQASBnd3c&jaeZW|rE6iRN3pR{ahAEZX`YF( zc6y|bqh+`+SC+QBQ+P#0esR8+W1xAVOQnUIf22=Hib=AGL1w6FT3VI6b5)6Fij!qB zm#(g^Lb`!|qLX)pOHfF9zHf54NnWC9x=Bh!l0~^^WSXyUa)6t6szsu6v5&JS*W=hr z-xjgvm)6(5=g{I?nio}FZg}R?oeaLPx@Eop*QGMYlbFPWc`Xy|S3+(ev`TE!>lW z*flM>5~ebDZrt`u=lE*2t*md0-4=2``R2SYLHgUDg_bfu>UWf%o7AznvRqHfrJ;2} zNz$Fz;Od2vbCV@}_GfJSi}qaDy+LW}!&7UV9&GGhc6@1K+3(2) zJ~w=>J6!uZ-|7vA^X}Q@?!ogdwycOw}QJ zF0=1foO~S0Z{BI4rM|!_WzF9!yMAsi6*)F_uE5U~8MD)~Ub-J>4Smrfqc73=->r<8o_q!YUcUv-89d+EV!+9@9LpZMr0K?QN)c^nh delta 689 zcmcb}dXaU4PJK>6uy$~;V}-wqg;9P;X=+G7QlW=uo|loCmzQH0lY5F^c6wx>yK|+l zucxJNWo~FOSEfObqeZg0cAXuiXe}0|o(b5%97u`J`*t%FpLRoS9 zWAC4}iZ^C!Z)>Q{*UAa}JA3+?3ufGFTqXJ~Sq)Fid@LzYs=w!&aHVjqbo|q&FXTBo z|0;-XZ*!Nspj&LaZWHU$9R06{-pq9K0-=)2F#VeTV2(@o!@*c zX7<|Cn?vp!Sw_fQKAz_`C+NJF*V5%lcl7>02$gaFC?0CJWx{6PnVt=qYqc~xo32F& zN~ksZ&SjfYH(@8^nk7@~FWr)9xye3RV~T#t(^Sz{p$y+ltFEtnRw}3YblcsNKkpjy z|6qL=eBCAE;^}3gJ^MQT%n=newCLNO7^W8?+R^+W?3TC5qJQ@f@XopB`{3gV^U_eR z8NrbX r-`#`@Rd;Xf*`~qqZ1XSe**B~kr_B4bO0f0n{c`ovmW++t%;HJ`!h|XS diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index d61067028612eced2b1a26fe4c80f7ffb9c32234..ef32814975a317ef885fdd1114fe2d8f4e8a41c1 100644 GIT binary patch delta 392 zcmZ3*yoz~(PQ816YMMc~cR^95e@ddEc3{3^zOj>2nZKL1n|D#Tzh#z-f2L2MhoyO5 zF_%YpzGp;-YOZ?>sRp^K-FNu^(2h(%^jNmXLGYo&>s1(&X!LUD11 zZfc5=si~o*f`3VNPIkG1Pi2O4c6Mm4nUhPpv$wBzQoWhKv2#d7MWl0fo}*`&evqqq zxq*dQrLVCCSFoR_Nv3guqfb_vw|7XCm%e_8tFfDxbGo}%etN30VW_J|zDs_wvu~aW zm#(g^LWH@gVXC>aOQl(Xk#m4=q<3JNw~4oQfq8zIkCS_ahjUJZyHA8yuyc?J*Sh}s z*KP9kF4wP0&8c}KT*}b$_r(cCW|OX`OZ;bDD4bUlq_D*9!2Yy=Z@v=9EUz93L= zGqmO4i|^qZ!W`22^%pR=TVLI_vPCW;@z}5Ox65;~7SztaI5$G6h~L9a-Sg@-?&#$& qOgU!0-x0p5e?hUOxP5R~Ovm+wr<44mmbeJHGQE`k(9|EpC;KoI+w1ULUD11 zZfc5=si~o*f`3VNPIkFMdTN!KMM`d>xo=>gQMjXbMtzB;dt!E$afFXiacY!%X>m|- za(Pi!a*A6ySGG@8a9UEPu}4^WvAMHTfrq(aVp3?TzNcqNVzzsfQMh@Pdxm*vT4k~$ zm#(g^f?=wUi;rulrLmiSYCj>Yfh3=vO#$$*B7_) z<*LFia`oX)>P~K~yw2gER(;~^hxBd7vr9Hvuw3yw?OUi{>|~|6R4cKq=KP|sEC%W} zHkM8z=@WK;m*TA|iTw1AXHtON#)7|PPgYiG@$A1nc|TK~+3^L>4%gmpRC(Mjdb3*B ptXb63ocl>tvCX3daW diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index d908a11..b4e55eb 100644 --- a/secrets/ifrit-backup-passphrase.age +++ b/secrets/ifrit-backup-passphrase.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 yMjj5g JOFZJRGtrC1G4btVZ/D/XiKqwqSrpQpOiI6UdfFE+no -1GBByaq2ojp2Xm+FNsIXm3iNcd8BCIo6uBThZEne8/E --> ssh-ed25519 Otklkw Otqt6BlhQSzreJy5NlCTo/9at9stWnlVN73zNi0xVW8 -5aUfPsoYZEgc8PJXd41wtpeETCTe0LtGPxqAm15Pg90 ---- h2S6vdReOwpqA/C3kr3rnuSeaWKr+3Nvc0vQ53WVNHA -*O%C\[+Vz/GB e3]< *kO?1\i%j \ No newline at end of file +-> ssh-ed25519 yMjj5g pE3otZ4+5k1GxhoU7FocCMvcHZ9PFzTRqRYiVXXq/H4 +aKCBiwVwbfetSTRaTJ31iTRsvNnbm2JYFQnqTOgCyOA +-> ssh-ed25519 Otklkw jn4ZUyWFIeAt+XpxmlqckovK4/jit6SR+Xaouv7gfTU +8yJLyWHk1m9KInOWozqRWXi3kiirgQ7c/ONOwgHk/Z8 +--- 8TS+ZFZfHvgcgOYBE3nzSxbCCmCOtqPWyldlegSu6QU +:{ 4~NtXRl =>$8DQ @G1FAOtΫ \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index d7059202b2de26c9d7b6c2c4eb86f181046ab2d3..9d2879cb605da0ab76611423aea197bf7358c368 100644 GIT binary patch delta 701 zcmcc1dY5&APQ67?xIsmpXJCbKN`Q~ElY6CGQet9Zl~Jm5M3F&hm|IeKiJwKfL1jp$ zFIQ!iNqA;*iMyMrNwTGDXjV>Mfv;C)T1iAkkz0;$N})+upkqj2Vw$gaD3`9CLUD11 zZfc5=si~o*f`3VNPIkFMnMHn)bCq{_R8p~5vPY^@S-roXak;ms<@X8|!C>eyiK5&Z8bC#?#Icxc{$ZgI`i?{pw%mIVZe4{9%REZMEGlMt;t`8WTj> z{(UsuT5#a1Oi}Jt{Y)=qpWtmZsSJ+mCrZ!CGv8SAW#2USvc*jY1E**@$gIDsx3%O@ zdhH0$v>qFs{IK>j@AY+J`&th!kTd-495~r)nd~T}`<;y0C%zCzz$o06t?F6-?LpOUua zd2<|Jy3Vab)ZuIs-vXZEh+H99ZtT5jEW`DbzC{;X9C z#eCMzV?VmKDEQIeMHl4S`t)*km{;4cD?jC@a4J?dZK1Q(xfRQHy)zUkdYOLuiB7B8 z+3#BnuDUFq|L}$I;^5?)tY?FF-ATMK-KYCi#N^a}=WF-8t0{SDAK|;3KirHzf7!`D zuO((KayzpwqE*`?_H4z1-tG<6jE-BkMc3`$XTEIZ`RGY;XaC+|d>(#*cS(Qk@3h)e E03m8H#Q*>R delta 701 zcmcc1dY5&APJL8SZen6km|4DYuBTCCy0LeFp}%*oOOd5{RC0M(ZiK5_d0u3pr9pVQ zCzq3lzfW>mR7RFdg@<>xV?nV=K(T3fl)s~)xrUq(){ zuXAp4m~&`8SGY$}ns<;xoc3VafG*Vky}NHb56ElrG>YPd9ik3PJzB7mzwRK z5UoBLk$Q9eic1Tw%;&$(&G0d@N0n9f+sgTS+}Og;31`mVdHR|QFY8m=oh-%PI~9wk z_ZF31`aP?;SH!WbE%LBzzU)=s>32d!o0My`>>XRSr?{sX#~7cKpT|41--p|&Vu#es zuVq*4d4KcD@wYE|!DsK!WzYO)E3-kJY6xH5Om_{jIoes7qgd+~p}+Gh2YGxHmkcuin=G$&`n zuFsD?R#|+UbM5aw5rtVog&8TQFDoAMSQS4{*Zq)d=H7pE3VSW4+?Osf@ANq)t#L={ zuE4BAVy=qObqX#=>yPN{lr&hg;L=a7z5fCQHy!bxcXgF`+NH|>w)4F#c1^ynWjIqQ z_3kNulLnEaD{dVY-@Z1=_p*@j(%l(t6V*L+ZhqWp`k#4GhUnYbt=i8+!RxZPOF`Stl%i+8fm?Rf3YwOYN{EGW-7`(>sy z*X2F0+V-~};s}0See)EHmDHUlC&lNj&1^rG`t8%TqrH09Z*A?qe11iFsYK!JeTD$m C8zNf( diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age index ded499016d73087d35b30f46e0eeaf6d2caacc57..36c4b0c9e5804a35d70aed58a226074e53afc21c 100644 GIT binary patch delta 689 zcmcb}dXaU4PQ7bDp=*kdxxZhiv$t=QNq9!CIiA#8)iLriwo2iAjt3i}o zHkYw}L5hWktC?wbs*i6-n2EW+fpJkmrjK(~lt)r&hP$U>rJu8Fq-%&pGMBEMLUD11 zZfc5=si~o*f`3VNPIkG1QITdtpBNT5%$ zkDp!SH4L>dAN~xYF=h>q)S<0l5@UEQBYx(uVaQ`riWvgyFo^Ja%zxwN=kkx zm#(g^LU^T1VX?D|vtN*lMNXP|c~D|`M5(u*YekZgv!SuCiAQ0Ed!JmO;`N8z=t)2Dd{XhGbPn@pmI7yDh zbJBf|y!fpSSrabbt$OL|y(D~nY3dc;B!O|)xHT==tMUPpj^Ri#c`ug|1JQ0Srmpb+x+%5Xr z_sc)dowqi)<>{Y!x9vsrc{T3F(r|gc@Z!Tw8>h$w_02HM5Ie?x&twDcsVhqL5&bMEhdwf*#M#pj=nz2sVWl=HkpITn_s7LGT3*Pk$(!aYU3sNTi>cw@F!%d1Zk`X0dN@x|egH z1y@#7s;_66pHsPIYKgmfL9wr?i?OzQZjnK%Pei1vMR`taiwWMm3y!S zm#(g^LPcq^i-}{UX>ov2QdU*AMPinpNpgC)lYT~INt#KbQL(deh>?+3MU{mCmsrKz zC1+}i?$wt}?T(tUc;>c@>vofvZ``|_xJI;Z&5;*xC)R6K>VC|!EIqW={?nvt9urAL zqdUnzb?)7r$b8H6Xn0-8uX`HaZPV>ylb`2G-(ySN{9{U@Re{Zl9jokP9w*$9S!={A zd0lu%xRg2Hxzy5dQQ~Q&%WG61zEv$EwJ#&2tgO&FThWd-^5B7RR&Q`l~z+#C{ zW8h5ZjrLY^EV(>I#C18FcWrwi!_Sepey>@b4v%VE2G7pPc1hjaOZ2Yi=`B8W`n%3) ztKvH!eU9IVNb|Bu=B_+uW_8<&|N77Vqav?AGqX#l%({B@AJa_!d1s!a zaN0Az=!;*TsDv?JusSAJ-@4?ZkIYJ`N1K$Q?@8y#$KUa=DB2)Z%lF=R!-DBf+_zWV zo>J$r^OQjS%Nda$PAr|Yj_cI&O(&NsOz#tWJa^UprHA>d^ViC3t~1pPIrih$nqR*b z99n!VqF}~sO|cU`dlv;;W?Fr(iJx)!+v7Q<%1g?2?s#r9t=o;sFKpq=D-E_HTJKIe t?N=zCl ssh-ed25519 jUOjpw sM3nHEEUDrSNaDx2kl18pqwabNSVj4Jbl8DXRKpmhjc -pQDiAqXXAxheyYa14lEGmOFs0hrMgJgvU/ChpmZTNVY --> ssh-ed25519 Otklkw 4hsEjZuZu32qujYfjP6XXbeEqbQqkN0AgO2lM/hMomE -e4tcDQ1NSd78ob9QNKdOOcoov/xbW0DzvOKCkMGM3HM ---- 8H+daxTtO86AApWyBd18ju2Mwquc07I5vOH8Q8FVsmM -$0\eg؃#> l՞QQ [bu,Z5 - 8߃_Q+Y083ؠL*LK0 \ No newline at end of file +-> ssh-ed25519 jUOjpw 6ThewcuTvg2mn/jC1eqR0KFDXdN8G3JIUBLLiBabkFI +lstfGPvJgaUOp0jriP2nsi4IvgwRjs8dnRye7+ihD/Q +-> ssh-ed25519 Otklkw N0ozjfxbOBq7EIvxP4TRa2XyMQ8fINCiHjK0MFq2X0w +tEeua88G2aN6REaUN6xTlkRLy0GFgNfj7v0VXhqddc4 +--- N9V7UfSDvrOAeOr3MRXiCwIu8JJt3NSL3FrGyPapLrM +E"K?>VÄbXdg!ѹ) B f\=[2LxwXH*l9w \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age index 716f621b44bba11e2ab533e5f094e847f7b581f2..6b89f138fb608501c4fdcf85daeceed46688e0bb 100644 GIT binary patch delta 320 zcmaFN^q6UaPQ6Qxb5**ZdzqzUT1j4DZeek8UX)u@WR!1VR#=Lsc0rPJR<>)nk6DJ1 zD_4+{t8ZASsiRLyn07^4ezsYOrL(hBepZ@iMp95gV5WYRwz;KYfJbIxI+w1ULUD11 zZfc5=si~o*f`3VNPIkG1d2nE$zpHDmn_GFhNuZy73SAln7u0?2$lc%$9c0iGdL7`=Vd2W?^l#6zur=NC`hoec9x0hpDfn`}X zm#(g^LRgBgXSk(HlAC#QqLGV!qCuLYQ=mHk-aF$Hq|+_fak}>1*$&Efd|+B5wdVB?|eGWW|n?ccz~%_nyF8cSGH$qMuAb8PkB&Qxu1c#N1>Nbp|-w@1(&X!LUD11 zZfc5=si~o*f`3VNPIkG1d0|+Hp;1vBOK4^? zm#(g^LWZ+vo_1U9LsfLE>K6qwUY~L8t;JUcuHH?p z{IBl*?D(xMA0j{d=Zt6b!uIqX{9JVK|D#^v8|!8*VVYL&+g05fW^lN3iGD z3kt@yi|)AEx7j#DAYb-p_}^cwzXSOD7Ccr-ylTGv%!ic|3`}{BTv@biqo7P8w-SS~ z)wB0q85R0vSrV4g5v+Cf_G{ycnAa(bbZ1_FH%H}ElIV;OrpvD4ruQ@UCTdQ$6tEAm z{j}9-!_nw#-!9B#P@eF%ZRO;{j|{h0q+6^?(b72M!tlj#qxrONib-48`)XYtX6%Yz z(V@9qOqloM6qj@bH^ewxfZZTP2o9ulIKkZM{>|=7eldSUr(Iq Na_3mR;%PU>M*yPyHAVmc delta 709 zcmaFL`jmBoPJOAjpP7GET8>e&iAzw9pQ%@2cBn~6PNjEckbZemYJNs!xvRN_Q*o4Y zI#;lMq;p`JSE;MNxr@HGpG97|Yni`6riFn|uBTT>qEVVuR(HTR(N2EXI^q~aB-Dyp-*`} zm#(g^Lb{28QL>SbdxUAOc0^fOzO$F9k%6OsfO)=lPH4VkU|4dLTUn}SqGh%LSClO` z$E0eGkb3d-uwU1>cV(SnUU&Y1O!)eRv)-;YJE0+vd*kC`yLZPvww|t=_C0Yz&xiDa z>$a;8Wi_mSd%yFoRfcNEls#Ej_TF8)OlyAGjhxKw;py8J`s8hKn#}V?%)z;Ep z8ohjvSM2vY`=UO&yVUHHa#4%cFY{7fKlz5}_SChwCA~X; zGTBP%^ofs)PN#i8q28|BS+Qc-WGmiFHX#kaoG#=)nX>20e8%GsAI`B@=e6wQpZ_P0 z#ynHLH|Ijp%G28>tPo{VwObU}7pKWNq-G5z&WS@ diff --git a/secrets/ninurta-initrd-ssh-key.age b/secrets/ninurta-initrd-ssh-key.age index 9558a151ac2ff36e9f70a61c466dd8ae766fab61..bdb981ffd84a56374217dabc719fb9317f016f69 100644 GIT binary patch delta 689 zcmcb}dXaU4PQ6KaPHKu-MWTD9OOCUJQ&?$wTCzn%MU-=4S(ZtFe{eyGXJ~Mlms?^; zIhSWhfO&GFw~N1TlwWX4sGmWiW1^E=qIZs~nMIyYrCC)*c(7+mah|bXHkYoQLUD11 zZfc5=si~o*f`3VNPIkG1aaxH_RY_K$U#VMFPI_{2a(zTaQblF5L0MRtk4u$%nuTMs ze|mnIZ$+Rlm#KeLNQ8eyP?^7JahQRpSwT@^VquD3j<$tqm8WZEn2C>{TWDs!g;7R2 zm#(g^LT+TKNmN#`r-?^yxqeltQ?W}~N=3Pset3F8NRoSUs(-LcVp@KBR7FuJ*S0HD zQe*#zeym^87_Jd}qNn_`g!8wmk_^X3F}AyerWMSnzOkp8qhF!g`gEW5PBWPWi{|~C zxXC8yam`Tg$#EJSO;^73DSS$HtIH9CFwbP3N=>aF7q!2t zF|*G4A{l8mZ+fs1mqG(&` z7sa2U3>Eli;;WDWu_x{b;0Fbf4(16GY@z@TcoM|^2_zbOx1VXZq1hc zQkc_or}mC~?ds){e}k0&oyoV{3u?(qnI@SkjuqWxmmd zCs$Z-PNadiL12nOm~*hZXOW>xsds3qVOC&}nU{x2im^v{g?o5jwrNFqD3`9CLUD11 zZfc5=si~o*f`3VNPIkG1k&#b$aH?0bMWvBpeo#ezPJOmdd4{8jetuL{kbY5yOL{?B zZlQjKX-;K6SCK_&N`SvhvQc40fM0fGx}$GSv2kI#S8|qqYGJm4iEnV8c3Eh?TV#>} zm#(g^LS}kyM52*}zGZrjS+Q|IPDWHfVybVlcX3!+PI_*7a0 zuaj@T@LpHU+-@^t=7gZWl_F0z)oiFykoX~A@ncfzeKN#$Opp7g0 z!MDGsx+q%)#e)E$Nooq`*~fjNft@?ewDFmO8N2`R?Cn5H@^O> zuV`)`|CMDoyfxoEQcddGQU7$){o9u&=r&!<4lVn5{;RO_J%c|lc3fuoq-b@%>-ioR z|LuQ`(~g&&lN0h=5TR_i^Yp8|X4`r-|JjQdM=`eczkQmKKD+s zch0KnfDqq9F_KzM`|p35pHv-T@apCD^amd|>3$B=p6jV_^ui+5Wg4|_C*~dZ)9PHl uxQVG0)GkUsTW;5q=XSU6Dt diff --git a/secrets/paperless.age b/secrets/paperless.age index 9de2ffe698260b627b099c0e0b0217880ff6afaa..318a9f94cd6d1ffcfb7acf155c6c3b114041f4c3 100644 GIT binary patch delta 327 zcmaFN^q6UaYJIquv#*Pzf}e|%c9da8LAi%cadC!jYKoDmsiCEUe@S*ucDX{Ok8f~VW=UF7M7_U7VNhYBSGjjZg_%W=fuom4 zaY#|BK}3$9QATNLN_ZrfS7d&=dr7E)k553dSAm~pet529psRs*WwudehF@+)QCND0 zftRmaL53@ruCA^^fqR94MOKDIq?fZxs%u%Md1h3iSwTcmPIUwVkIWpnT;8Rz&dOXSALi~KpBPi!_xN!w+wAx{ ZtCfH4zO8V7(jaxn@B3SaTi(*lH2{c4b^rhX delta 327 zcmaFN^q6UaYP~_Ce_~R)LX<~wUX?*ad6A=WnR#hawr5bLX-QUPsGEC~xnHGwQG}a| zXH=55e_*Hym#aajMM-#|fq%JcmP?XZa6n|1iCcadC!jYKoDmsiCEUe@S*ucDX{bg_*BeTBL83TfJdLScI>6T1kqjcD7k~g;$Vo zg?T`#iE)8*QIKgwV1_G~r+Z#XZkV~FnYUYoi&w6txuK&+P@qACtA4qAa9%-_xptCM za7C$Kut_MFuCA^^ra@Rva-?T|ewu%li+)~aQDjI)x?hS#kylVvdPuT%fkBpwlXg|5 zX=x}|gG1m6g_?8Pa>Y;0s(-C0?+aP>yy3Y48~b%5ZS57elvnO4Ui5d@spAvu7)ryG a{${Z~+Rb-w;@Rj!YHJ(~(vSab{t5uAGX5pve`ToX>0C{PB?~?fd`Kdn1olSn+h5MVE?{t{=;>6S8AvU$@qMOGVnz T&l#dWzUDrO@N!R$S6~4EpCNPe delta 320 zcmaFN^q6UaPJLO4tEE@6ce;6AfJKIl1hDSwIMTWUy zGM9;SSYl9Mig%)SVpU2}ZlZQ%p;?YchFh3dP)3D$uBCTml#_p|QI?xmB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1tFv25q<>LRMwUlrqF;tvc70ZfOKO&@b6Rd@NN8oEe_lzB zxpufyW^uSLmtlo(POf)Bl8;xozFVnDSfHPCmcBtmN_M4tenD|YP=-ZTnWIlcWJG2$ zm#(g^f>CyMfth7meppqcYe__^XL_Kkk*Rl}Q&?r9Q-ObefvJCauB($vlwXl6SL1Od z!-wls0xbJBbp-}-F?n`pBxkplnf>^(o=tbcDUKsYqE5-mSAAeR-C3Nh&F}X26!YtQ SU-lefxYkuEyX1$8nLhx9rE=T= diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 0fcacff217b502d9ca98d0254223018dbd665815..57e57c899c5451bced9ccbc208933dbc1053b44f 100644 GIT binary patch delta 689 zcmcb}dXaU4PJNWNYejINvwmTwepyaJ`XdRi=+&a*#)cNuhRWTAHVc zZ-rrCc44^*SE)r-Q9x;OYI>!=V|J8&dZ~|#Uw&#xv9FPSaiB$Bp|(e)L9wxUx@TB9 zm#(g^LVmHKbAGl(a8X5el}SOMb83#Ud8(_4pJ$MhcAAr`o0+zcMVgVhr(=>Q*R#Hb z=g%|quC4#9#@%atL$Q4E>U|c^=0)FozD2s`#Ak`EKR(;BJ(iyE|GSXRA1BMJq6c3| zh@Lq7=|$+~3daN4wFkPwrhb&ueyDQxT)XkJW8rx@C--sgWdBtC;h^+8T^?n&wVu&Q z29uuc)Y*PDx*+D!(?<=}KO3~ZF-Ly;f4QUZcGZsmg3?n?Zmjyl#=efJwJIB?hK4VRtN zt4)t?=cJ0}uZ(T+eX_~>LH&{LwEQzmmfun8tqZLTJ{tQk_phn}r>BRVf@t}>h@YWd zSNdlhI`Ca(Vfx$mw^Cg;OxP05xA|w=XPsp?C$xPmZw}Vpb>n$Vh2VyNCL#}Q@8+~` zI_Rn;^+tK=fH1m0`bp;n0QiA5DgXcg delta 689 zcmcb}dXaU4PQ6i?ud!#AcTq%vS3zQ+iFUGuzf*ZhaG9^ClRu0L~>D-MM-X1a!PJqma}VyE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1wvk_QNqSOMVW_J|S!!rdaD8f2c(#W}aBzyRp{09CnNw1z zdzxEnMWkCcSBY0}qNho2R77xIu)l|qzLR#IWu$LNn3J)wrB9WUhl_q{dWvDHTVhc; zm#(g^LWG;MxoeVPuBBm~XH;cGNr-DsWLR=yKuB_8ig{vjW^!6;p?+X+nO}(sm#*IT zBiYKLef10${jC4iSbr6~@_+vFTUVdNpLqN9kLO+JTA z6Bg%3JnB`-dh(;#fXia#s}-U4B8OQ^*V%W4o>>3jbn(1jVf9`CW;_PFo-NoBAmKeh zOCYwn_pwfhBgrrzf}EXn>v&1UugNrO)k$jf4+a~X&Ep6U0YN;uWfN;xG%_aO=gZRqn0ys zn9&3K0e z|1{T1h)0yAF1-7z%k^zT&2Q_CUS>7x4=xXBeej^W;Z?JFS+(eNg@z>pQ@r@rZfTx< zKd>WMuJKx2ROLs>gAJea4o}^tm(f05^{UV^qpwq$*BPB$_ON$vMXgD%Kl^(vpO@1< t%kJE@bGo%-?4=VD2mF;J%QQ?X4I&T7&iK?lj$=ROZM21OSh;E%*Qc diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index 5695f54..7c1333d 100644 --- a/secrets/pruflas-wg-hydra-key.age +++ b/secrets/pruflas-wg-hydra-key.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw sdxptJei78Xi7oBXqh5H5bJva0O017mkVGz343VUxjA -NFz8JLnOX8qR6uQPb51PzxYGfg3AW+0nJvO4Ex2/N9M --> ssh-ed25519 Otklkw nyXNF0WhpAk6mezLPiQpdFQbSHqHVm9oXxQSaADfVzo -Ati1jXx0dPQn7jnq6Ol73yKpy90iBlgtoWlXimbbq0s ---- RI/9aP5kvkJVacr5IAx5QCBGR+rLg8f8FybfZ2uGtd8 -ƛ'~ޯ~ dVEMHnmURL\@84% ;R[+g0׮SY \ No newline at end of file +-> ssh-ed25519 J6ROvw xzey0OqH2HSPLdz9sUHX2d9Xb3j/xnvuz0ekjE5MGh8 +cvfzziAX7cVSJAwRr0Avxeaa5ogXhMxz4c6EcpyIrMM +-> ssh-ed25519 Otklkw qlfHwO86ojlvmdfLHtuZwvpIDCxAFgnOQ4tvsz7VTiI +3eVexGX09ALqANLrZm/3WvzZTIhEs/hWLpvYR5oQFYE +--- /+Xv0iaeal+E0g5+Fphqw260kmzHE/BEWA9UWZqkxpM +Q$ +'HQ6E%&҉>0e[Gbg5@oy~ V`yFu~< \ No newline at end of file diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index 56c3796..1312de7 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw JrDRK2NkcPjUf7Owco978Saj3FlPGLL9RcOW3aSB7Hs -o/WPV/rBvvc89c5qln+XLVslVed65EGZOkQoYeGgvpQ --> ssh-ed25519 Otklkw fvLeR4YnqmXYGu8krDmCGDLa0Xh+X+HpCTcqodxOtEA -L304iO2/Xq5TJ3Ui8F3EIR0mXVRmAMAleGexBxWoJN8 ---- B71HeCVbIOOnvWXWwMSk0A19qnsE31Lo36lKOkXLQhI -%>TsS(pfAT+ $ R_(NN1xL7F^V -opSj \ No newline at end of file +-> ssh-ed25519 J6ROvw jC7rwmoizfZqenUwlrMlLRyN9yQnog2X3KIJ2GgRZB8 +yGoiZTNfrPm6+fb1BcZGH6Lzm8Pj4aeyjWtLNYbGSFg +-> ssh-ed25519 Otklkw a2/N7JOiOY/orGyCogBIj48EjTltThv7AAHuMHK7Xzo +PTP9vaEpFf7PXoRobHJgAkNVBh+u3+7rUMKiMj+fadQ +--- KR51LRGHd6jWP4rUWvQqXskwEGfxb0tSCNKtnFT255A +Gw)HkG F&e[{RGh"L{\{H~{.uWMaZ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index c9fc294bd7ebb3f8c6d5409272dd820703c4ca27..94f9a881e2cfc98cacc143846c7cc7682de7fb34 100644 GIT binary patch delta 332 zcmaFQ^qy&gPQANuWl=zAc5Y>`OO#`lQB{FsYEe#Qfon=}X=#*yN>ODf*VmgT z?4EUXO1rkV$RAzvN0YucxI-%Pz%Q5mgq^Z(fy-{NdEw62*= fD!b2{E%~JBUrnWC!w%1<&5z{kTQojim>&WF>K}S% delta 332 zcmaFQ^qy&gPQ7z+Ribv0dtgOmsEb>fyK7{wVOn@Zc#^44mQQ+Ku8DzLgjrUmMP_h$ zHkVnrlfPkkqKAh^NwA4mgrjG8WvXL(PGVM6xU*%DlY6F*NwGzii;;P@374*&LUD11 zZfc5=si~o*f`3VNPIkFML}&KGKpVz-r|qT{~sOoO)yW;lC=r|xuA9T diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age index ab532e3730c4fd6e5087d85a64162bed8169f69f..4b4a687efc68ccff5d2228c8e42b3e7b9ebcdecf 100644 GIT binary patch delta 336 zcmey&^qFabPQ6Efd6}grQlsnQwY%kej2qt6NrJq+xPI zIhU(pQmT=;g`;n2Sz1ViQ%Z`LfmcRkQe=^Lae7&5L{wNnS+J+OlV5?Q0hg|wLUD11 zZfc5=si~o*f`3VNPIkG1qpw9$l5duNsAaO7g`akqOMPN#P-u3UscV>Pd1bhJUXp=N zT7H#FabZs!6Jag}$M0RaCZns((d6n6GzIfWApN zm#(g^g0`D}fN#2SP^nL1ly;JTQHWc1Nw8;8XktlfR7y&KXJUk@OHhPciletHm;6sCm6Hud!F;4n@3AmmKz4C)L`qeN zCznNOQLsz8M_|5NYKp&Qo}0OmbD(dwmv@0%Zm6+Ql5dh8My|VwWs{Y1UuqQzpd|QyoMfEV{#@CiHHdQ=~%XlP&XqMowgr6E^$UA(wx2 z$&H7+vp-4i2yYO+{eSPriB_Gv?b;R?-JSe!%C3aFMv>Fjgx$F%nDOQ7vbc%Mf3h-d zoqM6ZwVksfX5(Rlt&WpS7VbE}Zu@Hcx~FRET$Zsr^RExx=3Rg7S8keROUXXl+>bl@ z3@)AutbOJ--*jnVz~36)h4&TDJQ6iI75KN4#m00&xq$MHM>Ud@YdJF`Wdy@&zoj=a zANUcXc$aC}ymcH8Ps8ZpdDl|XnVy?@c zf}4*89;9X*yq%!_zueg6@2a;s43Wajl?%e-O>~0)#B7^%p>~?by~~dU)@yZVg#U51 rmdoYat?};3|1Xs-5409{xMxL~ zYkEm$sd;uXS9V!chNEeUM{1cxWu$+YZ$(nMzF}3iUr>ahw{e(PM3u9LiN0f4sd=y~ zm#(g^LXd~POJbEpse8Ibm}{PSerSbXs)0+XevylFg=dJrX_mHUlv{>DfTf=+S9lHU zA+76r(e;(fo*H>}^W0SX(LHHt`Ldeer2^B3gz6k=YMEiVzz&?s=#93PXV5;HJMIx{zZP3Fg|ttgRPCI^!|WZbHd|Xwff%A z^ffzpy!vs6A2UO82dA-F_qUUNCtUu8>+~M9Rn|-DajMbj(qFAt!}`$oGRMqNk$2V? zH@rNi@}gT+a&^Eamik}kO@e!Sl&kr8a^gcD=axx&Z0v1*`ToSgE$g4}dlb-DZNL{(zKyR$ZLyXJPa0!l ssh-ed25519 jUOjpw hXl01CaHYYlY/orHilx2gv0Fyh1eMXgN1NBzV1vSw1g -B35trnqYoFwg0xhw/QPw56N4VjxMyQAlNGyRFKdHfKE --> ssh-ed25519 Otklkw SRtMspvRR63U17LRd2aqU0m6f5bnpY7kaUl9uP94hhk -e3XD/s3fY78uxzA7YVs4F4LBFYJOIHZ28Odnnj8Zeac ---- eVNBDHFoU3kBN+SE1osblaJ0yWTv1ZOjJEXKtsI8054 - u'~ʕv'V}nfuE.JͥhxI ^X7Y -E74 \ No newline at end of file +-> ssh-ed25519 jUOjpw FXHC9VzSKIkbJ9JVge5vsGHiGtxBnxB7Nvqqi4OsRHA +1zhd0kCd37fXmWtq9kRx1vQvjTT4i5HsQ9DibyGmNUI +-> ssh-ed25519 Otklkw ZKy9Vbf1W1UpejNy8nh+eGss19XLqJuHL6qJuG1KP20 +t5C0Jw//1vK5iiG3+tJK6bu/SBR7StHRDog9ivlfVAI +--- 08Q8bBFnJF2TFV62trgPig/VL3RwKN0dyw4PBgg5LDU +F` 4tۭ ٧o9~}ق)7#a/W\;l2Рl \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 37cb2a54f553d7c132c2a7b6ed743af2d384fff9..2abfeacb6afea853c955f0b51900d3245325554a 100644 GIT binary patch delta 689 zcmcb}dXaU4PJN}RMU-iZsgpr!n1NT2bB?E1W|>=dsAEoPUV*n^X_;}9ep*<0x_+KV zHdk_mQ<8apVv4zUig{phqFaz_WtM+hl5>z#j)}LnWnf{FMNvwLN4d6sGMBEMLUD11 zZfc5=si~o*f`3VNPIkG1qoajuws)zQkz=BNR!XpOQN3S&v1OQ1nM-1S42cmYOrTWxwcbqp;Nkfnwe2}WRgW_RC=USie+j+o{_$Xr+I}_fNOCi zm#(g^fw1qvt#&hy<{k*Lo zKCI*WE^<$~%l>o730>DGp8{hhzV*$#sN`&ZWw!l|D`h*4;)P;gHMS}GtWp>F`F=;Z z!OigI!nRLmykA>xh`hZuTI*unB86AG9~Q`OPWn{cm80abtv+n?7WG9r3?h7TjeirY z)syDSzC7EJoAUfxKy{VAy4-b>N6VFJlNi3Zs2Vx^yYi!E)$S|ZEH>%pd0$=Sx6aKh zx*Q>`CVM|xX3F`!qMQQZ{H?T&rNHi;{})Se*Ul+;|u zcJBdm7uVmnec4J4B{!^NCY+h%X|W(S)wuhTy_wAwi?ut_tfm!x|7Lt8z2u5rX70WQ z!JO$kv^Ra+`AuGJUbie?g|_>n?GKXcl58uPPu5K&011-SI)iA r@hz4s%20_fZRw6@%?nqgukK0IoNV&u_BHX=_urpPP~DbmdT{{&@RuxD delta 689 zcmcb}dXaU4PQ5`$l8K{vc(ReHg=ukyTY5mcXOLl@XP&!3ctv_hrmJaaX-<|=m8-L1 zBv)o)cu2WlsIg;UplMZ=QBGKXO1N2yk6B1~XkMmgdaz$XiIHKXx1oPZK9{bYLUD11 zZfc5=si~o*f`3VNPIkFMUZO=-fmx(mSdw?HVNhwYWqnmzcA}$KMrK4omak`ea;BwM zfoWlBKv+aFS42>1RdS@EepyaRL0W;UXOyQ)MRHhfW>$emR&Y*IM7VcQQn^KdS)p?= zm#(g^LSbHBnTKygcu0|#slTD6aYcZ$v!hFaf0m=8QFv0elShD~lV47GNLH>1*Quf& zjl;_h*4LNpSezmE+tMlj{!U5$_{J=)`7%=yofX2;`mI%pS1LS{yr|~TVBz>VwRqBu zHQe9#8co;Rbf!^*$LqxD?$vualJe5|oH={ZyyQW*NO?uiV zvVLtew^gr$uXNUwjT-M}`sr9It%$0WGM=*W(l^Vqhi)#r_)V$!w|I=>>#seRjTrh? zp6A%mwSSVtwm;9BpUZuzzw+Ur*&n-k8S|5BgO{|vlU({fC-KV8dxr`f_#2O$cw4sb z=HeAMoo?N2$#eW};rA~kew*5!cb1oL-Zh&2qMubd&+){@=khz;e=uK9xp3l>M;-IK zM*Yj``RwOjoZ4A^J!;GM6qeb{tD>zcG{1#@dAK`n{*j)WP5;?l3-adab$@Tydb(J` tzV&Cg>MWzztDnUN|Jc%`|J;gqWsv>#9OccbLSEMYg4MP@`n1TR2LLURGaLW_ diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 1e58cc84eaa73f0283d0c1d349e6e0071802ed40..7400a57f293740d6889f74b8bb858d55bf1aac5c 100644 GIT binary patch delta 688 zcmcb>dVzICmqnDhS7b@9bCG$9uVZjwrGZa~tC_y3NkK?vZe+GuX;P87M|f1FacV&* zm#(g^LVmERrDsq?idVV0M_{N$PO^)oTWM-yS+ag*Vp(uuRDfepXpWg%kdcKiS7B@v zn?vx^)%AC-Ek5$=lB?#&-}w*k%Sl>#F`xN-iYmK*E%!>aq9Y-@o zw-kKMPM)B-+B}cfBEsOm%_HlUgWq;dWtL`re0_SM`R&Vs%<_Bk+$t7Z_{Gj!ci=6maZ&E(y8{=56K3prlvmQOF~ zeR7d;dD0h7;S&|0+a~bRqK}HA?a%+^%NlE%$I3W` qiNDHwXQx?p{uLYd61FXz`@#bYG-FTv5fedVzIvVVl7r@3iVB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1Z?1DiihEUAMw*{tafwHTXT58cqiK{$K$wM7nQKmVWlo7x zzF%2{r&mZmmybnYV31{4Vp?dKiLbUtp?O3~gl~nmc9w;Ov$0WFk&$mohNWkAKw60b zm#(g^LS})Pxl?&nV4!byNMJy&zE4s`WO7PSSXfk+Ye8y+u}M}$KzX)%c)4*XmzrIy zDBJe;o9d@0iKH{Cf8tB35T9vTBl~Ut?}VkxB)Pb+lONn;xH5`(v5@n5Q>c)1hQ)@)048 o^So0Hx;D9fU(2$p`O+~aY2A~@@-3EfEx0i8{RTBvi6uq50HeSi!2kdN diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age index 479dd4f988e140a5a019bfac8e7e3b9cfb3bc570..4bd9044298b6e50ec3dd263568956efdd00c6235 100644 GIT binary patch delta 332 zcmaFQ^qy&gPJLvie!gd!hlzQSp?PFbWLjuig>k7@Qc7r~PpXe&v2&(LfOC1iMRsT4`W@h)R zIah{nN_v^4XK0{Xg=KbBs+)zIdrDb^NvNlxhli6%nxji%V3A=^R#C^qicGKt5aSG5@ql$pEBm(s>5zJZ_fJZf#;Oq}!$0No#XdH?_b From 66fceb6b15442843cb62c0b54d2448ae802845dc Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 20:12:12 +0200 Subject: [PATCH 151/165] feat(stolas): add snapper snapshots --- nixos/stolas/default.nix | 46 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 5f7dfaf..4383cd0 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -118,6 +118,46 @@ browsing = true; }; tlp.enable = false; + snapper = { + cleanupInterval = "1d"; + snapshotInterval = "hourly"; + configs = { + home = { + SUBVOLUME = "/home/dadada"; + ALLOW_USERS= ["dadada"]; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + var = { + SUBVOLUME = "/var"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + paperless = { + SUBVOLUME = "/var/lib/paperless"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "3600"; + TIMELINE_LIMIT_HOURLY = "10"; + TIMELINE_LIMIT_DAILY = "10"; + TIMELINE_LIMIT_WEEKLY = "10"; + TIMELINE_LIMIT_MONTHLY = "10"; + TIMELINE_LIMIT_YEARLY = "10"; + }; + }; + }; }; system = { @@ -133,6 +173,12 @@ HibernateDelaySec=1h ''; + systemd.tmpfiles.rules = [ + "v /var/.snapshots 0755 root root - -" + "v /var/paperless/.snapshots 0755 root root - -" + "v /home/dadada/.snapshots 0755 root root - -" + ]; + virtualisation.libvirtd.enable = true; users = { From a26418c9c32d3793bffd43b8aba4fed3a5187b19 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 20:18:03 +0200 Subject: [PATCH 152/165] fix(ninurta): only run snapshots daily to limit noise --- nixos/ninurta/configuration.nix | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index d4eed97..46562a8 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -237,33 +237,38 @@ in services.snapper = { cleanupInterval = "1d"; - snapshotInterval = "hourly"; + snapshotInterval = "daily"; configs.home = { SUBVOLUME = "/home"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; }; configs.var = { SUBVOLUME = "/var"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; }; configs.storage = { SUBVOLUME = "/mnt/storage"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_LIMIT_HOURLY = "10"; + TIMELINE_LIMIT_DAILY = "10"; + TIMELINE_LIMIT_WEEKLY = "10"; + TIMELINE_LIMIT_MONTHLY = "10"; + TIMELINE_LIMIT_YEARLY = "10"; }; }; From 5d55e620daf163818cff3ac356ee465d39b50409 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 20:56:40 +0200 Subject: [PATCH 153/165] chore: fix formatting and add treefmt --- .envrc | 2 ++ .github/dependabot.yml | 2 +- .github/workflows/nix-flake-check.yml | 30 ++++++++++++-------------- .github/workflows/nix-flake-update.yml | 3 +-- devshell.nix | 2 +- nixos/configurations.nix | 17 +++++++-------- nixos/stolas/default.nix | 11 +++++++--- outputs.nix | 5 +++-- pkgs/default.nix | 5 +++-- treefmt.nix | 8 +++++++ 10 files changed, 49 insertions(+), 36 deletions(-) create mode 100644 treefmt.nix diff --git a/.envrc b/.envrc index 3140b68..6a37c4f 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,5 @@ +#!/bin/sh + watch_file devshell.nix use flake diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 49f19df..512e01e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,4 @@ updates: directory: "/" schedule: interval: "weekly" - assignees: [ "dadada" ] + assignees: ["dadada"] diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index b0c0fa3..28b1d3c 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -1,26 +1,24 @@ name: Continuous Integration - on: pull_request: push: branches: [main] - jobs: checks: name: "Checks" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v26 - with: - nix_path: nixpkgs=channel:nixos-stable - extra_nix_config: | - experimental-features = nix-command flakes - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v14 - with: - name: dadada - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix flake check + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v26 + with: + nix_path: nixpkgs=channel:nixos-stable + extra_nix_config: | + experimental-features = nix-command flakes + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + system-features = nixos-test benchmark big-parallel kvm + - uses: cachix/cachix-action@v14 + with: + name: dadada + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix flake check diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 9045f91..33843d1 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -3,7 +3,6 @@ on: workflow_dispatch: # allows manual triggering schedule: - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 - jobs: lockfile: runs-on: ubuntu-latest @@ -16,6 +15,6 @@ jobs: uses: DeterminateSystems/update-flake-lock@v21 with: pr-title: "Update flake.lock" # Title of PR to be created - pr-labels: | # Labels to be set on the PR + pr-labels: | # Labels to be set on the PR dependencies automated diff --git a/devshell.nix b/devshell.nix index ebdfb12..1fbad07 100644 --- a/devshell.nix +++ b/devshell.nix @@ -24,7 +24,7 @@ name = "format"; help = "Format the project"; command = '' - nixpkgs-fmt . + treefmt . ''; category = "dev"; } diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 7a4185a..95b894e 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -21,15 +21,14 @@ let nixpkgs.lib.nixosSystem { inherit system; - modules = - [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - } - ] - ++ (nixpkgs.lib.attrValues self.nixosModules) - ++ [ agenix.nixosModules.age ] - ++ extraModules; + modules = [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; }; in { diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 4383cd0..696f55f 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { imports = [ @@ -124,7 +129,7 @@ configs = { home = { SUBVOLUME = "/home/dadada"; - ALLOW_USERS= ["dadada"]; + ALLOW_USERS = [ "dadada" ]; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; TIMELINE_MIN_AGE = "1800"; @@ -213,7 +218,7 @@ # owner = "paperless"; # }; # }; - + # Create compressing swap space in RAM zramSwap.enable = true; } diff --git a/outputs.nix b/outputs.nix index aea7953..c860d3c 100644 --- a/outputs.nix +++ b/outputs.nix @@ -5,12 +5,14 @@ nixpkgs, agenix, devshell, + treefmt-nix, ... }@inputs: (flake-utils.lib.eachDefaultSystem ( system: let pkgs = import nixpkgs { inherit system; }; + treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; in { devShells.default = @@ -26,7 +28,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = pkgs.nixfmt-tree; + formatter = treefmtEval.config.build.wrapper; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; @@ -34,7 +36,6 @@ } )) // { - hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; nixosConfigurations = import ./nixos/configurations.nix inputs; diff --git a/pkgs/default.nix b/pkgs/default.nix index 9cd9053..9f52a8a 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,4 @@ -{ pkgs }: { - citizen-cups = pkgs.callPackage ./citizen-cups.nix {}; +{ pkgs }: +{ + citizen-cups = pkgs.callPackage ./citizen-cups.nix { }; } diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..75acdfa --- /dev/null +++ b/treefmt.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.shellcheck.enable = pkgs.hostPlatform.system != "riscv64-linux"; + programs.shfmt.enable = pkgs.hostPlatform.system != "riscv64-linux"; + programs.yamlfmt.enable = true; +} From 763d8f478343d903b4f873c318d5ba869ae6a678 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 21:21:46 +0200 Subject: [PATCH 154/165] fix(admin): set shell always from admins.nix --- nixos/modules/admin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 05acc43..bd03ba7 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -97,7 +97,7 @@ in services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { - shell = lib.mkDefault shells."${keys.shell}"; + shell = shells."${keys.shell}"; extraGroups = lib.mkDefault extraGroups; isNormalUser = true; openssh.authorizedKeys.keys = keys.keys; From 76f29fae245b723584999732fc9e3187c2f581bf Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 21:22:08 +0200 Subject: [PATCH 155/165] fix(ninurta): remove unused postresql backup --- nixos/ninurta/configuration.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 46562a8..39bdca7 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -149,13 +149,6 @@ in startAt = "daily"; }; - services.postgresqlBackup = { - enable = true; - backupAll = true; - compression = "zstd"; - location = "/var/backup/postgresql"; - }; - age.secrets."ninurta-backup-passphrase" = { file = "${secretsPath}/ninurta-backup-passphrase.age"; mode = "400"; From b12aac6421ad012729cc86d7f770b94206fa9290 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 21:32:35 +0200 Subject: [PATCH 156/165] feat(ninurta): remove hydra --- nixos/ninurta/configuration.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 39bdca7..47c0103 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -14,7 +14,6 @@ let uwuPrivKey = "pruflas-wg0-key"; wgHydraPrivKey = "pruflas-wg-hydra-key"; uwuPresharedKey = "pruflas-wg0-preshared-key"; - hydraGitHubAuth = "hydra-github-authorization"; initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; softServePort = 23231; in @@ -154,34 +153,6 @@ in mode = "400"; }; - age.secrets.${hydraGitHubAuth} = { - file = "${secretsPath}/${hydraGitHubAuth}.age"; - mode = "440"; - owner = "hydra-www"; - group = "hydra"; - }; - - services.hydra = { - enable = false; - package = pkgs.hydra; - hydraURL = "https://hydra.dadada.li"; - notificationSender = "hydra@localhost"; - buildMachinesFiles = [ ]; - useSubstitutes = true; - port = 3000; - listenHost = "10.3.3.3"; - extraConfig = '' - Include ${config.age.secrets."${hydraGitHubAuth}".path} - - - jobs = nix-config:main.* - inputs = nix-config - excludeBuildFromContext = 1 - useShortContext = 1 - - ''; - }; - nix.buildMachines = [ { hostName = "localhost"; From 618a4b3a7331b0c6704bb8f154c96c9c309d49cd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 00:21:39 +0200 Subject: [PATCH 157/165] fix(stolas): suspend from disk and wifi suspend --- nixos/stolas/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 696f55f..016d986 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -23,7 +23,12 @@ pkiBundle = "/var/lib/sbctl"; }; kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + # Hopefully fixes suspend issues with wifi card + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + ]; + extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false @@ -205,7 +210,6 @@ "wireshark" "paperless" ]; - shell = "/run/current-system/sw/bin/zsh"; }; }; }; From 0909933ba9b1f113224f1979e1b5565bbccc1b97 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 00:22:20 +0200 Subject: [PATCH 158/165] chore(stolas): cleanup config --- nixos/stolas/default.nix | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 016d986..4bc3756 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -27,6 +27,7 @@ kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + "resume_offset=533760" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; # Lanzaboote currently replaces the systemd-boot module. @@ -70,10 +71,6 @@ powerManagement = { enable = true; cpuFreqGovernor = "schedutil"; - # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod? - powerUpCommands = '' - echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold - ''; }; networking = { @@ -214,15 +211,6 @@ }; }; - # TODO - # age.secrets = { - # paperless = { - # file = "${config.dadada.secrets.path}/paperless.age"; - # mode = "700"; - # owner = "paperless"; - # }; - # }; - # Create compressing swap space in RAM zramSwap.enable = true; } From 03c6c141ee8a9ad848b97483ca242a9bc801dc78 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 00:55:31 +0200 Subject: [PATCH 159/165] feat(stolas): replace zram with zswap --- nixos/stolas/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 4bc3756..08756ee 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -26,8 +26,8 @@ # Hopefully fixes suspend issues with wifi card kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ - "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" "resume_offset=533760" + "zswap.enabled=1" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; # Lanzaboote currently replaces the systemd-boot module. @@ -210,7 +210,4 @@ }; }; }; - - # Create compressing swap space in RAM - zramSwap.enable = true; } From 9ec068865291b811f4ff25685a03f021bdce4162 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 01:00:17 +0200 Subject: [PATCH 160/165] chore(stolas): remove unused option for combined sleep target --- nixos/stolas/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 08756ee..9c3ed83 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -176,10 +176,6 @@ "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; }; - systemd.sleep.extraConfig = '' - HibernateDelaySec=1h - ''; - systemd.tmpfiles.rules = [ "v /var/.snapshots 0755 root root - -" "v /var/paperless/.snapshots 0755 root root - -" From 712cca59093ec0c103e2573560b141a4dec94923 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 01:23:13 +0200 Subject: [PATCH 161/165] feat(stolas): use larger swapfile --- nixos/stolas/default.nix | 3 ++- nixos/stolas/disks.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 9c3ed83..9ae2d23 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -26,7 +26,8 @@ # Hopefully fixes suspend issues with wifi card kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ - "resume_offset=533760" + "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + "resume_offset=79859524" "zswap.enabled=1" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 01cf635..eff5680 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -86,7 +86,7 @@ }; "/swap" = { mountpoint = "/.swapvol"; - swap.swapfile.size = "64G"; + swap.swapfile.size = "128G"; }; }; }; From 578d4526e5e7c2221bd544e337fa30b8692e4a79 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 15:13:36 +0200 Subject: [PATCH 162/165] chore: clean up nixos configurations Consolidate nixpkgs instances into once for all x86 systems --- flake.lock | 17 --- flake.nix | 1 - home/nixpkgs-config.nix | 7 -- home/pkgs.nix | 1 - hydra-jobs.nix | 4 - nixos/configurations.nix | 175 +++++++++++++------------------ nixos/gorgon/configuration.nix | 5 +- nixos/modules/nixpkgs.nix | 3 - nixos/modules/profiles/cloud.nix | 4 + nixos/modules/profiles/home.nix | 7 ++ nixos/stolas/default.nix | 7 +- outputs.nix | 21 ++-- overlays.nix | 1 - 13 files changed, 92 insertions(+), 161 deletions(-) delete mode 100644 home/nixpkgs-config.nix delete mode 100644 hydra-jobs.nix delete mode 100644 nixos/modules/nixpkgs.nix create mode 100644 nixos/modules/profiles/home.nix delete mode 100644 overlays.nix diff --git a/flake.lock b/flake.lock index 8c964f5..3d0d3f2 100644 --- a/flake.lock +++ b/flake.lock @@ -325,22 +325,6 @@ "type": "github" } }, - "nixpkgs-small": { - "locked": { - "lastModified": 1753505055, - "narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7be0239edbf0783ff959f94f9728db414be73002", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -397,7 +381,6 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-small": "nixpkgs-small", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 73686ce..151f1b5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ description = "dadada's nix flake"; inputs = { - nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; disko = { url = "github:nix-community/disko"; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix deleted file mode 100644 index 6a29a63..0000000 --- a/home/nixpkgs-config.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs }: -{ - allowUnfree = true; - allowUnfreePredicate = pkg: true; - allowBroken = false; - android_sdk.accept_license = true; -} diff --git a/home/pkgs.nix b/home/pkgs.nix index 7a707e1..e980614 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -125,7 +125,6 @@ with pkgs; spotify sqlite sshfs-fuse - steam taplo tcpdump tdesktop diff --git a/hydra-jobs.nix b/hydra-jobs.nix deleted file mode 100644 index 3369943..0000000 --- a/hydra-jobs.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ self, nixpkgs, ... }: -(nixpkgs.lib.mapAttrs' ( - name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel -) self.nixosConfigurations) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 95b894e..220e4d0 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -8,127 +8,92 @@ nixos-hardware, nixos-generators, nixpkgs, - nixpkgs-small, ... }@inputs: let - nixosSystem = + # create a new instance allowing some unfree packages + nixpkgsx86 = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfreePredicate = + pkg: + builtins.elem (nixpkgs.lib.getName pkg) [ + "aspell-dict-en-science" + "brgenml1lpr" + "saleae-logic-2" + "spotify" + ]; + }; + nixosSystem = nixpkgs.lib.nixosSystem; + baseModule = + { lib, ... }: { - nixpkgs, - system ? "x86_64-linux", - extraModules ? [ ], - }: - nixpkgs.lib.nixosSystem { - inherit system; - - modules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - } + _module.args.inputs = inputs; + imports = [ + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + ( + { pkgs, ... }: + { + dadada.homepage.package = homepage; + dadada.pkgs = inputs.self.packages.${pkgs.system}; + dadada.inputs = inputs // { + dadada = inputs.self; + }; + } + ) + inputs.lanzaboote.nixosModules.lanzaboote ] - ++ (nixpkgs.lib.attrValues self.nixosModules) - ++ [ agenix.nixosModules.age ] - ++ extraModules; + ++ (lib.attrValues inputs.self.nixosModules); }; + homeModule = ./modules/profiles/home.nix; in { - stolas = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; + stolas = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + nixos-hardware.nixosModules.framework-amd-ai-300-series + homeModule + ./stolas + ]; + }; - extraModules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - nixos-hardware.nixosModules.framework-amd-ai-300-series - home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./stolas - ]; - }; - - gorgon = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; - - extraModules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./gorgon/configuration.nix - ]; - }; + gorgon = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + homeModule + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { - nixpkgs = nixpkgs-small; - system = "x86_64-linux"; - extraModules = [ - { - dadada.homepage.package = homepage; - } - ./modules/profiles/server.nix + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule ./surgat/configuration.nix ]; }; agares = nixosSystem { - nixpkgs = nixpkgs-small; - extraModules = [ + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule ./agares/configuration.nix ]; }; - installer = - let - nixpkgs = nixpkgs-small; - in - nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - nixos-generators.nixosModules.install-iso - self.nixosModules.admin + installer = nixosSystem { + modules = [ + nixos-generators.nixosModules.install-iso + inputs.self.nixosModules.admin + ( + { lib, ... }: { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux"; + isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso"; networking.tempAddresses = "disabled"; dadada.admin.enable = true; documentation.enable = true; @@ -139,12 +104,14 @@ in keyMap = "us"; }; } - ]; - }; + ) + ]; + }; ninurta = nixosSystem { - nixpkgs = nixpkgs-small; - extraModules = [ + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule ./ninurta/configuration.nix ]; }; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 16f8130..cb99b2a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -52,8 +52,6 @@ in age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; - nixpkgs.config.android_sdk.accept_license = true; - programs.ssh.startAgent = true; nix.extraOptions = '' @@ -85,7 +83,7 @@ in networking.hostName = "gorgon"; dadada = { - steam.enable = true; + steam.enable = false; yubikey.enable = true; }; @@ -154,7 +152,6 @@ in #]; environment.systemPackages = with pkgs; [ - android-studio ghostscript smartmontools diff --git a/nixos/modules/nixpkgs.nix b/nixos/modules/nixpkgs.nix deleted file mode 100644 index 2c5849f..0000000 --- a/nixos/modules/nixpkgs.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - nixpkgs.config.allowUnfreePredicate = pkg: true; -} diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index de57714..1ddbb1e 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -4,6 +4,10 @@ let initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; in { + imports = [ + ./server.nix + ]; + boot.initrd.availableKernelModules = [ "virtio-pci" ]; boot.kernelParams = [ diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix new file mode 100644 index 0000000..a695e8b --- /dev/null +++ b/nixos/modules/profiles/home.nix @@ -0,0 +1,7 @@ +{ pkgs, inputs, ... }: +{ + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules; + home-manager.users.dadada = inputs.self.hmConfigurations.dadada; +} diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 9ae2d23..1c5cc9b 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -12,11 +12,6 @@ ./paperless.nix ]; - nixpkgs = { - hostPlatform = "x86_64-linux"; - config.allowUnfree = true; - }; - boot = { lanzaboote = { enable = true; @@ -58,7 +53,7 @@ # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - enableAllFirmware = true; + enableRedistributableFirmware = true; framework.laptop13.audioEnhancement.enable = true; graphics = { enable = true; diff --git a/outputs.nix b/outputs.nix index c860d3c..08e8ad0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,4 +1,3 @@ -# Adapted from Mic92/dotfiles { self, flake-utils, @@ -11,7 +10,7 @@ (flake-utils.lib.eachDefaultSystem ( system: let - pkgs = import nixpkgs { inherit system; }; + pkgs = nixpkgs.legacyPackages.${system}; treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; in { @@ -31,20 +30,16 @@ formatter = treefmtEval.config.build.wrapper; packages = import ./pkgs { inherit pkgs; } // { - installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; + installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage; }; } )) // { - hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; - - nixosConfigurations = import ./nixos/configurations.nix inputs; - - nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; - - overlays = import ./overlays.nix; - - hydraJobs = import ./hydra-jobs.nix inputs; - checks = import ./checks.nix inputs; + hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; + hmConfigurations = { + dadada = import ./home; + }; + nixosConfigurations = import ./nixos/configurations.nix inputs; + nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; } diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index ffcd441..0000000 --- a/overlays.nix +++ /dev/null @@ -1 +0,0 @@ -{ } From 730a4b80b5f33571f79a82fc3a4d06390e9908a8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 17:14:11 +0200 Subject: [PATCH 163/165] feat(agares): remove unused host --- nixos/agares/configuration.nix | 108 ----------- nixos/agares/ddns.nix | 13 -- nixos/agares/dns.nix | 81 --------- nixos/agares/firewall.nix | 13 -- nixos/agares/network.nix | 323 --------------------------------- nixos/agares/ntp.nix | 12 -- nixos/agares/ppp.nix | 68 ------- nixos/agares/rules.nft | 136 -------------- nixos/configurations.nix | 8 - secrets/secrets.nix | 10 - 10 files changed, 772 deletions(-) delete mode 100644 nixos/agares/configuration.nix delete mode 100644 nixos/agares/ddns.nix delete mode 100644 nixos/agares/dns.nix delete mode 100644 nixos/agares/firewall.nix delete mode 100644 nixos/agares/network.nix delete mode 100644 nixos/agares/ntp.nix delete mode 100644 nixos/agares/ppp.nix delete mode 100644 nixos/agares/rules.nft diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix deleted file mode 100644 index ba00c29..0000000 --- a/nixos/agares/configuration.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - config, - modulesPath, - pkgs, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./ddns.nix - ./dns.nix - ./firewall.nix - ../modules/profiles/server.nix - ./network.nix - ./ntp.nix - ./ppp.nix - ]; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - #fileSystems."/nix/store" = { - # device = "/dev/sda1"; - # fsType = "btrfs"; - # options = [ "subvol=/root/nix" "noatime" ]; - #}; - - fileSystems."/swap" = { - device = "/dev/sda1"; - fsType = "btrfs"; - options = [ - "subvol=/root/swap" - "noatime" - ]; - }; - - #swapDevices = [{ - # device = "/swap/swapfile"; - # size = 32 * 1024; # 32 GByte - #}]; - - hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; - - dadada = { - admin.enable = true; - }; - - services.smartd.enable = true; - - networking.hostName = "agares"; - networking.domain = "bs.dadada.li"; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "ehci_pci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.extraConfig = " - serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 - terminal_input serial - terminal_output serial - "; - - boot.kernelParams = [ - "console=ttyS0,115200" - "amd_iommu=on" - "iommu=pt" - ]; - - boot.kernelModules = [ - "kvm-amd" - "vfio" - "vfio_iommu_type1" - "vfio_pci" - "vfio_virqfd" - ]; - - environment.systemPackages = with pkgs; [ - curl - flashrom - dmidecode - tcpdump - ]; - - services.munin-node = { - enable = true; - extraConfig = '' - host_name ${config.networking.hostName} - cidr_allow 10.3.3.3/32 - ''; - }; - - # Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal. - system.autoUpgrade.allowReboot = false; - - system.stateVersion = "23.05"; -} diff --git a/nixos/agares/ddns.nix b/nixos/agares/ddns.nix deleted file mode 100644 index 9a5948f..0000000 --- a/nixos/agares/ddns.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: -{ - dadada.ddns = { - domains = [ "vpn.dadada.li" ]; - credentialsPath = config.age.secrets."ddns-credentials".path; - interface = "ppp0"; - }; - - age.secrets."ddns-credentials" = { - file = "${config.dadada.secrets.path}/ddns-credentials.age"; - mode = "400"; - }; -} diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix deleted file mode 100644 index fe2843f..0000000 --- a/nixos/agares/dns.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ ... }: -{ - services.unbound = { - enable = true; - localControlSocketPath = "/run/unbound/unbound.ctl"; - settings = { - server = { - access-control = [ - "127.0.0.0/8 allow" - "127.0.0.1/32 allow_snoop" - "192.168.96.0/19 allow" - "192.168.1.0/24 allow" - "172.16.128.0/24 allow" - "::1/128 allow_snoop" - "fd42:9c3b:f96d::/48 allow" - ]; - interface = [ - "127.0.0.1" - "192.168.1.1" - "192.168.100.1" - "192.168.101.1" - "192.168.102.1" - "192.168.103.1" - "192.168.120.1" - "::1" - "fd42:9c3b:f96d:100::1" - "fd42:9c3b:f96d:101::1" - "fd42:9c3b:f96d:102::1" - "fd42:9c3b:f96d:103::1" - "fd42:9c3b:f96d:120::1" - ]; - prefer-ip6 = true; - prefetch = true; - prefetch-key = true; - serve-expired = false; - aggressive-nsec = true; - hide-identity = true; - hide-version = true; - use-caps-for-id = true; - val-permissive-mode = true; - local-data = [ - "\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\"" - "\"danjal.bs.dadada.li. 10800 IN A 192.168.100.108\"" - "\"legion.bs.dadada.li. 10800 IN A 192.168.100.107\"" - "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\"" - "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\"" - "\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" - "\"backup1.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" - ]; - local-zone = [ - "\"168.192.in-addr.arpa.\" nodefault" - "\"d.f.ip6.arpa.\" nodefault" - ]; - }; - forward-zone = [ - { - name = "."; - forward-tls-upstream = "yes"; - forward-addr = [ - "2620:fe::fe@853#dns.quad9.net" - "2620:fe::9@853#dns.quad9.net" - "9.9.9.9@853#dns.quad9.net" - "149.112.112.112@853#dns.quad9.net" - ]; - } - ]; - stub-zone = - let - stubZone = name: addrs: { - name = "${name}"; - stub-addr = addrs; - }; - in - [ - #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) - #(stubZone "d.6.9.f.b.3.c.9.2.4.d.f.ip6.arpa" ["192.168.101.220" "2a01:4f8:c010:a710::1"]) - #(stubZone "168.192.in-addr.arpa" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) - ]; - }; - }; -} diff --git a/nixos/agares/firewall.nix b/nixos/agares/firewall.nix deleted file mode 100644 index 569259f..0000000 --- a/nixos/agares/firewall.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - networking = { - useDHCP = false; - nat.enable = false; - firewall.enable = false; - nftables = { - enable = true; - checkRuleset = true; - ruleset = builtins.readFile ./rules.nft; - }; - }; -} diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix deleted file mode 100644 index 6d86d22..0000000 --- a/nixos/agares/network.nix +++ /dev/null @@ -1,323 +0,0 @@ -{ config, lib, ... }: -let - ulaPrefix = "fd42:9c3b:f96d"; # fd42:9c3b:f96d::/48 - ipv4Prefix = "192.168"; # 192.168.96.0/19 - domain = "bs.dadada.li"; -in -{ - networking.useDHCP = false; - systemd.network = { - enable = true; - links = { - "10-persistent" = { - matchConfig.OriginalName = [ - "enp1s0" - "enp2s0" - ]; # takes search domains from the [Network] - linkConfig.MACAddressPolicy = "persistent"; - }; - }; - netdevs = { - # QoS concentrator - "ifb4ppp0" = { - netdevConfig = { - Kind = "ifb"; - Name = "ifb4ppp0"; - }; - }; - "20-lan" = { - netdevConfig = { - Kind = "vlan"; - Name = "lan.10"; - }; - vlanConfig = { - Id = 10; - }; - }; - "20-freifunk" = { - netdevConfig = { - Kind = "vlan"; - Name = "ff.11"; - }; - vlanConfig = { - Id = 11; - }; - }; - "20-roadw" = { - netdevConfig = { - Kind = "wireguard"; - Name = "roadw"; - }; - wireguardConfig = { - PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; - ListenPort = 51234; - }; - wireguardPeers = [ - { - wireguardPeerConfig = - let - peerAddresses = i: [ - "${ipv4Prefix}.120.${i}/32" - "${ulaPrefix}:120::${i}/128" - ]; - in - { - PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - AllowedIPs = peerAddresses "3"; - }; - } - ]; - }; - "20-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - }; - wireguardConfig = { - PrivateKeyFile = config.age.secrets."wg-privkey-wg0".path; - ListenPort = 51235; - }; - wireguardPeers = lib.singleton { - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - }; - }; - }; - }; - networks = - let - subnet = name: subnetId: { - matchConfig.Name = name; - addresses = [ - { addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; } - { addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; } - ]; - dhcpPrefixDelegationConfig = { - SubnetId = "auto"; - }; - ipv6Prefixes = [ - { - ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64"; - } - ]; - dhcpServerConfig = { - DNS = "_server_address"; - NTP = "_server_address"; - EmitDNS = true; - EmitNTP = true; - EmitRouter = true; - PoolOffset = 100; - PoolSize = 100; - }; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = "_link_local"; - EmitDomains = true; # takes search domains from the [Network] - }; - linkConfig = { - RequiredForOnline = false; - }; - networkConfig = { - Domains = domain; - EmitLLDP = "yes"; - IPv6SendRA = true; - IPv6AcceptRA = false; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - extraConfig = '' - [CAKE] - OverheadBytes = 38 - Bandwidth = 1G - RTT = lan - ''; - }; - in - { - "10-mgmt" = lib.mkMerge [ - (subnet "enp1s0" "100") - { - networkConfig.VLAN = [ - "lan.10" - "ff.11" - ]; - dhcpServerStaticLeases = [ - { - # legion - dhcpServerStaticLeaseConfig = { - Address = "192.168.100.107"; - MACAddress = "80:CC:9C:95:4A:60"; - }; - } - { - # danyal - dhcpServerStaticLeaseConfig = { - Address = "192.168.100.108"; - MACAddress = "c8:9e:43:a3:3d:7f"; - }; - } - ]; - } - ]; - "30-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - routeConfig = { - Destination = "10.3.3.1/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; - } - ]; - }; - "30-lan" = subnet "lan.10" "101" // { - dhcpServerStaticLeases = [ - { - # ninurta - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.184"; - MACAddress = "48:21:0B:3E:9C:FE"; - }; - } - { - # crocell - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.122"; - MACAddress = "9C:C9:EB:4F:3F:0E"; - }; - } - { - # gorgon - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.205"; - MACAddress = "8C:C6:81:6A:39:2F"; - }; - } - ]; - }; - - "30-ff" = subnet "ff.11" "102"; - - "30-ifb4ppp0" = { - name = "ifb4ppp0"; - extraConfig = '' - [CAKE] - OverheadBytes = 65 - Bandwidth = 100M - FlowIsolationMode = triple - RTT = internet - ''; - linkConfig = { - RequiredForOnline = false; - }; - }; - - "30-ppp0" = { - name = "ppp*"; - linkConfig = { - RequiredForOnline = "routable"; - }; - networkConfig = { - KeepConfiguration = "static"; - DefaultRouteOnDevice = true; - LinkLocalAddressing = "ipv6"; - DHCP = "ipv6"; - }; - extraConfig = '' - [CAKE] - OverheadBytes = 65 - Bandwidth = 40M - FlowIsolationMode = triple - NAT=true - RTT = internet - - [DHCPv6] - PrefixDelegationHint= ::/56 - UseAddress = false - UseDelegatedPrefix = true - WithoutRA = solicit - - [DHCPPrefixDelegation] - UplinkInterface=:self - ''; - ipv6SendRAConfig = { - # Let networkd know that we would very much like to use DHCPv6 - # to obtain the "managed" information. Not sure why they can't - # just take that from the upstream RAs. - Managed = true; - }; - }; - # Talk to modem for management - "enp2s0" = { - name = "enp2s0"; - linkConfig = { - RequiredForOnline = false; - }; - networkConfig = { - Address = "192.168.1.254/24"; - EmitLLDP = "yes"; - }; - }; - "10-roadw" = { - matchConfig.Name = "roadw"; - addresses = [ - { addressConfig.Address = "${ipv4Prefix}.120.1/24"; } - { addressConfig.Address = "${ulaPrefix}:120::1/64"; } - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - routeConfig = { - Destination = "${ipv4Prefix}.120.1/24"; - }; - } - { - routeConfig = { - Destination = "${ulaPrefix}::120:1/64"; - }; - } - ]; - }; - }; - }; - - age.secrets."wg-privkey-vpn-dadada-li" = { - file = "${config.dadada.secrets.path}/wg-privkey-vpn-dadada-li.age"; - owner = "systemd-network"; - }; - - age.secrets."wg-privkey-wg0" = { - file = "${config.dadada.secrets.path}/agares-wg0-key.age"; - owner = "systemd-network"; - }; - - boot.kernel.sysctl = { - # Enable forwarding for interface - "net.ipv4.conf.all.forwarding" = "1"; - "net.ipv6.conf.all.forwarding" = "1"; - "net.ipv6.conf.all.accept_ra" = "0"; - "net.ipv6.conf.all.autoconf" = "0"; - # Set via systemd-networkd - #"net.ipv6.conf.${intf}.use_tempaddr" = "0"; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil"; -} diff --git a/nixos/agares/ntp.nix b/nixos/agares/ntp.nix deleted file mode 100644 index c3ec49b..0000000 --- a/nixos/agares/ntp.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - services.chrony = { - enable = true; - extraConfig = '' - allow 192.168.1 - allow 192.168.100 - allow 192.168.101 - allow 192.168.102 - ''; - }; -} diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix deleted file mode 100644 index ffa5bc4..0000000 --- a/nixos/agares/ppp.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - secretsPath = config.dadada.secrets.path; -in -{ - # PPPoE - services.pppd = { - enable = true; - peers = { - telekom = { - enable = true; - autostart = true; - config = '' - debug - - plugin pppoe.so enp2s0 - - noauth - hide-password - call telekom-secret - - linkname ppp0 - - persist - maxfail 0 - holdoff 5 - - noipdefault - defaultroute - - lcp-echo-interval 15 - lcp-echo-failure 3 - ''; - }; - }; - }; - - age.secrets."etc-ppp-telekom-secret" = { - file = "${secretsPath}/etc-ppp-telekom-secret.age"; - owner = "root"; - mode = "700"; - path = "/etc/ppp/peers/telekom-secret"; - }; - - age.secrets."etc-ppp-pap-secrets" = { - # format: client server passphrase - file = "${secretsPath}/etc-ppp-chap-secrets.age"; - owner = "root"; - mode = "700"; - path = "/etc/ppp/pap-secrets"; - }; - - # Hook for QoS via Intermediate Functional Block - environment.etc."ppp/ip-up" = { - mode = "755"; - text = with lib; '' - #!/usr/bin/env sh - ${getBin pkgs.iproute2}/bin/tc qdisc del dev $1 ingress - ${getBin pkgs.iproute2}/bin/tc qdisc add dev $1 handle ffff: ingress - ${getBin pkgs.iproute2}/bin/tc filter add dev $1 parent ffff: matchall action mirred egress redirect dev ifb4ppp0 - ''; - }; -} diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft deleted file mode 100644 index 4b41bea..0000000 --- a/nixos/agares/rules.nft +++ /dev/null @@ -1,136 +0,0 @@ -flush ruleset - -define IF_MGMT = "enp1s0" -define IF_FF = "ff.11" -define IF_LAN = "lan.10" -define IF_WAN = "ppp0" - -# Modem uses this for internet uplink via our WAN -define IF_MODEM = "enp2s0" - -define IF_ROADW = "roadw" - -table inet filter { - # Will give "no such file or directory if hardware does not support flow offloading" - # flowtable f { - # hook ingress priority 0; devices = { enp1s0, enp2s0 }; flags offload; - # } - - chain input_local { - ip6 saddr != ::1/128 log prefix "Dropped IPv6 nonlocalhost packet on loopback:" drop - accept comment "Accept traffic to loopback interface" - } - - chain input_icmp_untrusted { - # Allow ICMP echo - ip protocol icmp icmp type { echo-request } limit rate 1000/second burst 5 packets accept comment "Accept echo request" - - # Allow some ICMPv6 - icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } limit rate 1000/second burst 5 packets accept comment "Allow some ICMPv6" - } - - chain input_modem { - jump input_icmp_untrusted - } - - chain input_wan { - # DHCPv6 client - meta nfproto ipv6 udp sport 547 accept comment "Allow DHCPv6 client" - - jump input_icmp_untrusted - - udp dport 51234 accept comment "Wireguard roadwarriors" - } - - chain input_lan { - counter accept comment "Accept all traffic from LAN" - } - - chain input_mgmt { - counter accept comment "Accept all traffic from MGMT" - } - - chain input_roadw { - counter accept comment "Accept all traffic from roadwarriors" - } - - chain input_ff { - jump input_icmp_untrusted - - # DHCP - meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client" - - # Allow DNS and DHCP from Freifunk - udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk" - } - - chain input_wg0 { - tcp dport 4949 accept comment "Munin node" - } - - chain input { - type filter hook input priority filter; policy drop; - - ct state {established, related} counter accept comment "Accept packets from established and related connections" - ct state invalid counter drop comment "Early drop of invalid packets" - - iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, wg0 : jump input_wg0 } - } - -# Only works if hardware flow offloading is available -# chain offload { -# type filter hook forward priority -100; policy accept; -# ip protocol tcp flow add @f -# counter packets 0 bytes 0 -# } - - chain forward { - type filter hook forward priority filter; policy drop; - - # Accept connections tracked by destination NAT - ct status dnat counter accept comment "Accept connections tracked by DNAT" - - # TCP options - tcp flags syn tcp option maxseg size set rt mtu comment "Remove TCP maximum segment size and set a size based on route information" - - # ICMPv6 - icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem } limit rate 5/second counter accept comment "Forward up to five ICMP messages of allowed types per second" - meta l4proto ipv6-icmp accept comment "Forward ICMP in IPv6" - - # mgmt <-> * - iifname { $IF_LAN, $IF_ROADW } oifname $IF_MGMT counter reject comment "Reject traffic from LAN and roadwarrior to MGMT" - iifname $IF_MGMT oifname { $IF_LAN, $IF_ROADW } counter reject comment "Reject traffic from MGMT to LAN and roadwarrior" - # drop (instead of reject) everything else to MGMT - - # LAN, ROADW -> * (except mgmt) - iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt" - - # FF -> WAN - iifname { $IF_FF } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN" - - # { WAN } -> { FF, LAN, RW } - iifname { $IF_WAN } oifname { $IF_FF, $IF_LAN, $IF_ROADW } ct state established,related counter accept comment "Allow established back from WAN" - } - - chain output { - type filter hook output priority 100; policy accept; - } -} - -table ip nat { - chain prerouting { - type nat hook prerouting priority dstnat; policy accept; - } - - chain postrouting { - type nat hook postrouting priority srcnat; policy accept; - ip saddr { 192.168.96.0/19 } oifname { $IF_WAN } masquerade comment "Masquerade traffic from LANs" - } -} - -table arp filter { - chain input { - type filter hook input priority filter; policy drop; - iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem" - } -} diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 220e4d0..877c6a9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -77,14 +77,6 @@ in ]; }; - agares = nixosSystem { - modules = [ - { nixpkgs.pkgs = nixpkgsx86; } - baseModule - ./agares/configuration.nix - ]; - }; - installer = nixosSystem { modules = [ nixos-generators.nixosModules.install-iso diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f449646..50dd263 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,6 @@ let dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) "; systems = { - agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos"; gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; @@ -63,24 +62,16 @@ in dadada ]; "ddns-credentials.age".publicKeys = [ - systems.agares systems.ninurta dadada ]; "etc-ppp-chap-secrets.age".publicKeys = [ - systems.agares dadada ]; "etc-ppp-telekom-secret.age".publicKeys = [ - systems.agares dadada ]; "wg-privkey-vpn-dadada-li.age".publicKeys = [ - systems.agares - dadada - ]; - "agares-wg0-key.age".publicKeys = [ - systems.agares dadada ]; } @@ -89,5 +80,4 @@ in // backupSecrets "ifrit" // backupSecrets "pruflas" // backupSecrets "surgat" -// backupSecrets "agares" // backupSecrets "stolas" From 67b04a636c2ae470712eda3ce53171837eddb0e3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 17:16:00 +0200 Subject: [PATCH 164/165] fix(checks): formating --- checks.nix | 20 -------------------- devshell.nix | 1 - outputs.nix | 5 ++++- 3 files changed, 4 insertions(+), 22 deletions(-) delete mode 100644 checks.nix diff --git a/checks.nix b/checks.nix deleted file mode 100644 index 9505c35..0000000 --- a/checks.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - self, - flake-utils, - nixpkgs, - ... -}: -(flake-utils.lib.eachDefaultSystem ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - formatter = self.formatter.${system}; - in - { - checks = { - format = pkgs.runCommand "check-format" { - buildInputs = [ formatter ]; - } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; - }; - } -)).checks diff --git a/devshell.nix b/devshell.nix index 1fbad07..3931494 100644 --- a/devshell.nix +++ b/devshell.nix @@ -6,7 +6,6 @@ packages = with pkgs; [ agenix - nixpkgs-fmt nixos-rebuild ]; diff --git a/outputs.nix b/outputs.nix index 08e8ad0..ef7a742 100644 --- a/outputs.nix +++ b/outputs.nix @@ -27,6 +27,10 @@ in import ./devshell.nix { inherit pkgs extraModules; }; + checks = { + formatting = treefmtEval.config.build.check self; + }; + formatter = treefmtEval.config.build.wrapper; packages = import ./pkgs { inherit pkgs; } // { @@ -35,7 +39,6 @@ } )) // { - checks = import ./checks.nix inputs; hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; hmConfigurations = { dadada = import ./home; From 02bcc3ede9be81405963319b6eb2f134a8235c04 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 17:19:13 +0200 Subject: [PATCH 165/165] fix: deprecations --- nixos/gorgon/configuration.nix | 2 +- nixos/modules/steam.nix | 5 +-- nixos/modules/yubikey.nix | 2 +- nixos/ninurta/configuration.nix | 68 +++++++++++++-------------------- nixos/surgat/configuration.nix | 34 ++++++----------- 5 files changed, 42 insertions(+), 69 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index cb99b2a..69e7588 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -261,7 +261,7 @@ in xdg.portal.wlr.enable = false; hardware.bluetooth.enable = true; - hardware.opengl = { + hardware.graphics = { enable = true; extraPackages = with pkgs; [ vaapiVdpau diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index b6b0846..e14add3 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -15,11 +15,8 @@ in }; }; config = mkIf cfg.enable { - nixpkgs.config.allowUnfree = true; - - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport32Bit = true; extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; }; diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 4be4492..47699e1 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -34,7 +34,7 @@ in }; u2f = { control = "sufficient"; - cue = true; + settings.cue = true; }; }; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 47c0103..d4a7bb9 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -270,14 +270,10 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { - Destination = "10.3.3.1/24"; - }; + Destination = "10.3.3.1/24"; } { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; + Destination = "fd42:9c3b:f96d:121::1/64"; } ]; }; @@ -294,14 +290,10 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { - Destination = "10.11.0.0/22"; - }; + Destination = "10.11.0.0/22"; } { - routeConfig = { - Destination = "fc00:1337:dead:beef::10.11.0.0/118"; - }; + Destination = "fc00:1337:dead:beef::10.11.0.0/118"; } ]; }; @@ -341,25 +333,21 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; - PersistentKeepalive = 25; - Endpoint = "surgat.dadada.li:51235"; - }; + PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + AllowedIPs = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; + PersistentKeepalive = 25; + Endpoint = "surgat.dadada.li:51235"; } { - wireguardPeerConfig = { - PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; - Endpoint = "192.168.101.1:51235"; - }; + PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; + AllowedIPs = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; + Endpoint = "192.168.101.1:51235"; } ]; }; @@ -373,17 +361,15 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ - "10.11.0.0/22" - "fc00:1337:dead:beef::10.11.0.0/118" - "192.168.178.0/23" - ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - }; + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ + "10.11.0.0/22" + "fc00:1337:dead:beef::10.11.0.0/118" + "192.168.178.0/23" + ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; } ]; }; @@ -443,7 +429,7 @@ in }) ]; - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ smartmontools diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 5cd9596..5ddef7f 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -74,12 +74,10 @@ in "2a01:4f8:c17:1d70::/64" ]; routes = [ - { routeConfig.Gateway = "fe80::1"; } + { Gateway = "fe80::1"; } { - routeConfig = { - Gateway = "172.31.1.1"; - GatewayOnLink = true; - }; + Gateway = "172.31.1.1"; + GatewayOnLink = true; } ]; linkConfig.RequiredForOnline = "routable"; @@ -95,19 +93,13 @@ in linkConfig.RequiredForOnline = "no"; routes = [ { - routeConfig = { - Destination = "10.3.3.3/24"; - }; + Destination = "10.3.3.3/24"; } { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::/64"; - }; + Destination = "fd42:9c3b:f96d:121::/64"; } { - routeConfig = { - Destination = "fd42:9c3b:f96d:101::/64"; - }; + Destination = "fd42:9c3b:f96d:101::/64"; } ]; }; @@ -124,14 +116,12 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - }; + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" + ]; } ]; };