From 359c18bb5d50a617c091733755e41fe9d7f0b135 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 11:25:24 +0100 Subject: [PATCH 001/988] Update readme --- README.md | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/README.md b/README.md index 2e95a5b..c5dc70a 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,3 @@ # nix configuration -```nix -{ - imports = [ - ./modules/profiles/gorgon.nix - ./private/metis - ]; -} -``` - -```nix -{ config, pkgs, lib, ... }: -let - dadada = import (builtins.fetchGit { - url = "https://github.com/dadada/nix-config.git"; - sha256 = "1a661h3ssy35yha66xnhldlwlr9safzw4h83z5mg82assgbbh9fz"; - }) {}; -in { - imports = [ - ./secrets.nix - ./hardware-configuration.nix - dadada.hosts.ifrit - ]; - - system.stateVersion = "20.03"; -} - -``` +Use at your own risk. From 0a7fa02ecd2fa47ee46d9302a7266099d3ed8f41 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 12:42:01 +0100 Subject: [PATCH 002/988] Add gitea --- hosts/surgat/default.nix | 1 + modules/default.nix | 1 + modules/gitea.nix | 33 +++++++++++++++++++++++++++++++++ modules/module-list.nix | 1 + 4 files changed, 36 insertions(+) create mode 100644 modules/gitea.nix diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index b90d3aa..378f5d8 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -25,6 +25,7 @@ in { }; dadada.element.enable = true; + dadada.gitea.enable = true; dadada.networking.vpnExtension = "4"; dadada.weechat.enable = true; dadada.homePage.enable = true; diff --git a/modules/default.nix b/modules/default.nix index f06bdf1..0b7dfd0 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,6 +5,7 @@ element = ./element.nix; fido2 = ./fido2.nix; fileShare = ./fileShare.nix; + gitea = ./gitea.nix; networking = ./networking.nix; share = ./share.nix; steam = ./steam.nix; diff --git a/modules/gitea.nix b/modules/gitea.nix new file mode 100644 index 0000000..e9c8c51 --- /dev/null +++ b/modules/gitea.nix @@ -0,0 +1,33 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.dadada.gitea; +in { + options.dadada.gitea = { + enable = lib.mkEnableOption "Enable gitea"; + }; + config = lib.mkIf cfg.enable { + services.gitea = { + enable = true; + appName = "dadada Gitea"; + rootUrl = "https://git.dadada.li/"; + log.level = "Error"; + domain = config.networking.domain; + ssh.enable = true; + cookieSecure = true; + enableUnixSocket = true; + database = { + type = "postgres"; + }; + disableRegistration = true; + }; + + services.nginx.virtualHosts."git.${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + proxy_pass unix:/run/gitea/gitea.sock; + ''; + }; + }; +} diff --git a/modules/module-list.nix b/modules/module-list.nix index 4650c02..000d15e 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -4,6 +4,7 @@ ./element.nix ./fido2.nix ./fileShare.nix + ./gitea.nix ./homepage.nix ./networking.nix ./share.nix From 368ed0797deece2f5d30d796f31f331af49e1169 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 13:05:58 +0100 Subject: [PATCH 003/988] Fixup --- modules/gitea.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/gitea.nix b/modules/gitea.nix index e9c8c51..3fb5b61 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -26,7 +26,7 @@ in { forceSSL = true; locations."/".extraConfig = '' - proxy_pass unix:/run/gitea/gitea.sock; + proxy_pass http://unix:/run/gitea/gitea.sock:/; ''; }; }; From 5a734099bfd0e8a891f62ba74f3086236bf42b13 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 14:23:50 +0100 Subject: [PATCH 004/988] Reformat using nixpkgs-fmt --- default.nix | 6 ++-- hosts/ifrit/default.nix | 42 ++++++++++++++--------- hosts/surgat/default.nix | 10 +++--- modules/admin.nix | 24 +++++++------ modules/backup.nix | 13 +++---- modules/element.nix | 5 +-- modules/fido2.nix | 5 +-- modules/fileShare.nix | 4 +-- modules/gitea.nix | 3 +- modules/home/colors.nix | 20 +++++------ modules/home/fish.nix | 31 +++++++++-------- modules/home/gpg.nix | 3 +- modules/home/keyring.nix | 3 +- modules/home/kitty/default.nix | 3 +- modules/home/mako.nix | 5 +-- modules/home/session.nix | 5 +-- modules/home/ssh.nix | 3 +- modules/home/sway/default.nix | 21 ++++++------ modules/home/syncthing.nix | 3 +- modules/home/termite.nix | 14 ++++---- modules/home/tmux.nix | 11 +++--- modules/home/vim/default.nix | 9 +++-- modules/home/xdg.nix | 7 ++-- modules/home/zsh.nix | 25 +++++++------- modules/homepage.nix | 4 +-- modules/networking.nix | 9 ++--- modules/share.nix | 4 +-- modules/steam.nix | 3 +- modules/update.nix | 3 +- modules/vpnServer.nix | 17 +++++---- modules/weechat.nix | 4 +-- overlay.nix | 7 ++-- overlays/tubslatex.nix | 41 +++++++++++----------- pkgs/keys/default.nix | 4 +-- pkgs/tubslatex/default.nix | 4 +-- pkgs/vimPlugins/filetype/ftplugin/nix.vim | 2 ++ 36 files changed, 209 insertions(+), 168 deletions(-) diff --git a/default.nix b/default.nix index 8c06d4a..a2a42ad 100644 --- a/default.nix +++ b/default.nix @@ -12,7 +12,7 @@ rec { hosts = import ./hosts; - tubslatex = callPackage ./pkgs/tubslatex {}; - keys = callPackage ./pkgs/keys {}; - homePage = callPackage ./pkgs/homePage {}; + tubslatex = callPackage ./pkgs/tubslatex { }; + keys = callPackage ./pkgs/keys { }; + homePage = callPackage ./pkgs/homePage { }; } diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index d31c86d..d02d8fc 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -7,7 +7,8 @@ let "media.local" ]; backups = "/mnt/storage/backup"; -in { +in +{ imports = [ ../../modules/profiles/base ]; @@ -107,13 +108,22 @@ in { allowPing = true; allowedTCPPorts = [ 22 # SSH - 80 443 # HTTP(S) - 111 2049 # NFS - 137 138 139 445 # SMB + 80 + 443 # HTTP(S) + 111 + 2049 # NFS + 137 + 138 + 139 + 445 # SMB ]; allowedUDPPorts = [ - 137 138 139 445 # SMB - 111 2049 # NFS + 137 + 138 + 139 + 445 # SMB + 111 + 2049 # NFS 51234 # Wireguard ]; }; @@ -121,16 +131,16 @@ in { security.acme = { email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; acceptTerms = true; - # certs."webchat.dadada.li" = { - # credentialsFile = "/var/lib/lego/acme-joker.env"; - # dnsProvider = "joker"; - # postRun = "systemctl reload nginx.service"; - # }; - # certs."weechat.dadada.li" = { - # credentialsFile = "/var/lib/lego/acme-joker.env"; - # dnsProvider = "joker"; - # postRun = "systemctl reload nginx.service"; - # }; + # certs."webchat.dadada.li" = { + # credentialsFile = "/var/lib/lego/acme-joker.env"; + # dnsProvider = "joker"; + # postRun = "systemctl reload nginx.service"; + # }; + # certs."weechat.dadada.li" = { + # credentialsFile = "/var/lib/lego/acme-joker.env"; + # dnsProvider = "joker"; + # postRun = "systemctl reload nginx.service"; + # }; }; users.users."mist" = { diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 378f5d8..e6537be 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -2,7 +2,8 @@ let hostName = "surgat"; this = import ../.. { inherit pkgs; }; -in { +in +{ imports = [ this.profiles.base ]; networking.hostName = hostName; @@ -43,7 +44,8 @@ in { allowPing = true; allowedTCPPorts = [ 22 # SSH - 80 443 # HTTPS + 80 + 443 # HTTPS ]; allowedUDPPorts = [ 51234 # Wireguard @@ -60,10 +62,10 @@ in { boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; - networking.interfaces."ens3".ipv6.addresses = [ { + networking.interfaces."ens3".ipv6.addresses = [{ address = "2a01:4f8:c17:1d70::"; prefixLength = 64; - } ]; + }]; networking.defaultGateway6 = { address = "fe80::1"; diff --git a/modules/admin.nix b/modules/admin.nix index c826325..198d409 100644 --- a/modules/admin.nix +++ b/modules/admin.nix @@ -3,15 +3,16 @@ with lib; let cfg = config.dadada.admin; -in { +in +{ options.dadada.admin = { enable = mkEnableOption "Enable admin access"; users = mkOption { type = with types; attrsOf (listOf path); - default = []; + default = [ ]; description = '' - List of admin users with root access to all the machine. + List of admin users with root access to all the machine. ''; example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; }; @@ -32,12 +33,14 @@ in { users.mutableUsers = false; - users.users = mapAttrs (user: keys: ( - { - extraGroups = [ "wheel" ]; - isNormalUser = true; - openssh.authorizedKeys.keyFiles = keys; - })) cfg.users; + users.users = mapAttrs + (user: keys: ( + { + extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keyFiles = keys; + })) + cfg.users; networking.firewall.allowedTCPPorts = [ 22 ]; @@ -49,9 +52,8 @@ in { services.tor.hiddenServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [ { port = 22; } ]; + map = [{ port = 22; }]; }; }; }; } - diff --git a/modules/backup.nix b/modules/backup.nix index aa7ad70..c119962 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -1,7 +1,7 @@ -{ config, pkgs, lib, ...}: +{ config, pkgs, lib, ... }: with lib; let - backupExcludes = [ + backupExcludes = [ "/backup" "/dev" "/efi" @@ -20,7 +20,8 @@ let "/var/tmp" ]; cfg = config.dadada.backupClient; -in { +in +{ options.dadada.backupClient = { enable = mkEnableOption "Enable backup client"; gs = mkEnableOption "Enable backup to GS location"; @@ -51,8 +52,8 @@ in { within = "1d"; # Keep all archives from the last day daily = 7; weekly = 2; - monthly = -1; # Keep at least one archive for each month - yearly = -1; # Keep at least one archive for each year + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year }; startAt = "monthly"; }; @@ -63,7 +64,7 @@ in { ]; }; - services.borgbackup.jobs.bs = mkIf cfg.bs{ + services.borgbackup.jobs.bs = mkIf cfg.bs { paths = "/"; exclude = backupExcludes; repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; diff --git a/modules/element.nix b/modules/element.nix index 45e9a48..101e17e 100644 --- a/modules/element.nix +++ b/modules/element.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: let cfg = config.dadada.element; -in { +in +{ options.dadada.element = { enable = lib.mkEnableOption "Enable element webapp"; }; @@ -32,4 +33,4 @@ in { }; }; }; -} +} diff --git a/modules/fido2.nix b/modules/fido2.nix index 3948bdb..f9d7b40 100644 --- a/modules/fido2.nix +++ b/modules/fido2.nix @@ -3,7 +3,8 @@ with lib; let luks = config.dadada.luks; fido2 = config.dadada.fido2; -in { +in +{ options = { dadada.luks = { @@ -43,7 +44,7 @@ in { linuxPackages.acpi_call fido2luks python27Packages.dbus-python - python38Packages.solo-python + python38Packages.solo-python ]); security.pam.u2f = mkIf fido2.enablePam { diff --git a/modules/fileShare.nix b/modules/fileShare.nix index 0abb065..d16e517 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -6,7 +6,8 @@ let ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; allow = "192.168.42.0 fd42:dead:beef::"; -in { +in +{ options.dadada.fileShare = { enable = mkEnableOption "Enable file share server"; }; @@ -47,4 +48,3 @@ in { }; }; } - diff --git a/modules/gitea.nix b/modules/gitea.nix index 3fb5b61..131ba7a 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: let cfg = config.dadada.gitea; -in { +in +{ options.dadada.gitea = { enable = lib.mkEnableOption "Enable gitea"; }; diff --git a/modules/home/colors.nix b/modules/home/colors.nix index 89af392..950fe52 100644 --- a/modules/home/colors.nix +++ b/modules/home/colors.nix @@ -13,21 +13,21 @@ with lib; cursor = "#e8e8e8"; cursorForeground = "#1f2022"; background = "#292b2e"; - color0 = "#1f2022"; - color8 = "#585858"; - color7 = "#a3a3a3"; + color0 = "#1f2022"; + color8 = "#585858"; + color7 = "#a3a3a3"; color15 = "#f8f8f8"; - color1 = "#f2241f"; - color9 = "#f2241f"; - color2 = "#67b11d"; + color1 = "#f2241f"; + color9 = "#f2241f"; + color2 = "#67b11d"; color10 = "#67b11d"; - color3 = "#b1951d"; + color3 = "#b1951d"; color11 = "#b1951d"; - color4 = "#4f97d7"; + color4 = "#4f97d7"; color12 = "#4f97d7"; - color5 = "#a31db1"; + color5 = "#a31db1"; color13 = "#a31db1"; - color6 = "#2d9574"; + color6 = "#2d9574"; color14 = "#2d9574"; color16 = "#ffa500"; color17 = "#b03060"; diff --git a/modules/home/fish.nix b/modules/home/fish.nix index e22b779..89689e8 100644 --- a/modules/home/fish.nix +++ b/modules/home/fish.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.fish; -in { +in +{ options.dadada.home.fish = { enable = mkEnableOption "Enable fish config"; }; @@ -45,21 +46,21 @@ in { #end ''; promptInit = '' - function fish_prompt - set last_status $status - printf '%s %s:%s ' \ - (set_color red - echo $last_status) \ - (set_color green - hostname) \ - (set_color blue - prompt_pwd) - set_color normal - end + function fish_prompt + set last_status $status + printf '%s %s:%s ' \ + (set_color red + echo $last_status) \ + (set_color green + hostname) \ + (set_color blue + prompt_pwd) + set_color normal + end - function fish_right_prompt - printf '%s' (__fish_git_prompt) - end + function fish_right_prompt + printf '%s' (__fish_git_prompt) + end ''; shellAliases = { gst = "git status"; diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix index 2129255..4adc636 100644 --- a/modules/home/gpg.nix +++ b/modules/home/gpg.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.gpg; -in { +in +{ options.dadada.home.gpg = { enable = mkEnableOption "Enable GnuPG config"; }; diff --git a/modules/home/keyring.nix b/modules/home/keyring.nix index 098ee0e..c7eba12 100644 --- a/modules/home/keyring.nix +++ b/modules/home/keyring.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.keyring; -in { +in +{ options.dadada.home.keyring = { enable = mkEnableOption "Enable keyring config"; }; diff --git a/modules/home/kitty/default.nix b/modules/home/kitty/default.nix index e700baa..f968712 100644 --- a/modules/home/kitty/default.nix +++ b/modules/home/kitty/default.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.kitty; -in { +in +{ options.dadada.home.kitty = { enable = mkEnableOption "Enable kitty config"; }; diff --git a/modules/home/mako.nix b/modules/home/mako.nix index 02ba643..b305311 100644 --- a/modules/home/mako.nix +++ b/modules/home/mako.nix @@ -1,8 +1,9 @@ -{ config, lib, pkgs, colors, ...}: +{ config, lib, pkgs, colors, ... }: with lib; let cfg = config.dadada.home.mako; -in { +in +{ options.dadada.home.mako = { enable = mkEnableOption "Enable mako config"; }; diff --git a/modules/home/session.nix b/modules/home/session.nix index d9520a9..7ea0c1f 100644 --- a/modules/home/session.nix +++ b/modules/home/session.nix @@ -2,13 +2,14 @@ with lib; let cfg = config.dadada.home.session; -in { +in +{ options.dadada.home.session = { enable = mkEnableOption "Enable session variable management"; sessionVars = mkOption { description = "Session variables"; type = types.attrs; - default = {}; + default = { }; example = '' EDITOR = "vim"; PAGER = "less"; diff --git a/modules/home/ssh.nix b/modules/home/ssh.nix index b428a8b..b468d08 100644 --- a/modules/home/ssh.nix +++ b/modules/home/ssh.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.ssh; -in { +in +{ options.dadada.home.ssh = { enable = mkEnableOption "Enable SSH config"; }; diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix index 5dfbd09..7c7bf21 100644 --- a/modules/home/sway/default.nix +++ b/modules/home/sway/default.nix @@ -1,8 +1,9 @@ -{ config, pkgs, lib, colors, ...}: +{ config, pkgs, lib, colors, ... }: with lib; let cfg = config.dadada.home.sway; -in { +in +{ options.dadada.home.sway = { enable = mkEnableOption "Enable Sway config"; }; @@ -21,18 +22,18 @@ in { swaylock ]); - wayland.windowManager.sway = { + wayland.windowManager.sway = { enable = true; config = null; extraConfig = (builtins.readFile ./config); extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - # needs qt5.qtwayland in systemPackages - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - # Fix for some Java AWT applications (e.g. Android Studio), - # use this if they aren't displayed properly: - export _JAVA_AWT_WM_NONREPARENTING=1 + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 ''; }; }; diff --git a/modules/home/syncthing.nix b/modules/home/syncthing.nix index 17db865..a184a13 100644 --- a/modules/home/syncthing.nix +++ b/modules/home/syncthing.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.syncthing; -in { +in +{ options.dadada.home.syncthing = { enable = mkEnableOption "Enable Syncthing config"; }; diff --git a/modules/home/termite.nix b/modules/home/termite.nix index 8264024..694b34b 100644 --- a/modules/home/termite.nix +++ b/modules/home/termite.nix @@ -1,14 +1,14 @@ -{ - config, - lib, - pkgs, - colors ? ../../lib/colors.nix, - ... +{ config +, lib +, pkgs +, colors ? ../../lib/colors.nix +, ... }: with lib; let cfg = config.dadada.home.termite; -in { +in +{ options.dadada.home.termite = { enable = mkEnableOption "Enable termite config"; }; diff --git a/modules/home/tmux.nix b/modules/home/tmux.nix index d25eb30..46dfd73 100644 --- a/modules/home/tmux.nix +++ b/modules/home/tmux.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.tmux; -in { +in +{ options.dadada.home.tmux = { enable = mkEnableOption "Enable tmux config"; }; @@ -11,10 +12,10 @@ in { enable = true; terminal = "xterm-256color"; extraConfig = '' - set -g status on - set-option -g set-titles on - set-option -g automatic-rename on - set-window-option -g mode-keys vi + set -g status on + set-option -g set-titles on + set-option -g automatic-rename on + set-window-option -g mode-keys vi ''; }; }; diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 1199c8c..83da01b 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -1,8 +1,8 @@ { config, pkgs, lib, ... }: with lib; -let +let cfg = config.dadada.home.vim; - vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {}; + vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins { }; in { options.dadada.home.vim = { @@ -32,6 +32,9 @@ in #pkgs.vimPlugins.clang_complete ]; }; - home.packages = [ pkgs.languagetool ]; + home.packages = with pkgs; [ + languagetool + nixpkgs-fmt + ]; }; } diff --git a/modules/home/xdg.nix b/modules/home/xdg.nix index d560780..8cba909 100644 --- a/modules/home/xdg.nix +++ b/modules/home/xdg.nix @@ -19,7 +19,8 @@ let "application/pdf" = "org.pwmt.zathura.desktop"; }; cfg = config.dadada.home.xdg; -in { +in +{ options.dadada.home.xdg = { enable = mkEnableOption "Enable XDG config"; }; @@ -32,9 +33,9 @@ in { defaultApplications = apps; }; userDirs = { - download ="\$HOME/tmp"; + download = "\$HOME/tmp"; music = "\$HOME/lib/music"; - videos ="\$HOME/lib/videos"; + videos = "\$HOME/lib/videos"; pictures = "\$HOME/lib/pictures"; documents = "\$HOME/lib"; desktop = "$HOME/tmp"; diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 91ab985..5562403 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.home.zsh; -in { +in +{ options.dadada.home.zsh = { enable = mkEnableOption "Enable ZSH config"; }; @@ -26,19 +27,19 @@ in { plugins = [ ]; initExtra = '' - source ~/.nix-profile/share/zsh-git-prompt/zshrc.sh - source ~/.nix-profile/share/fzf/key-bindings.zsh - source ~/.nix-profile/share/fzf/completion.zsh + source ~/.nix-profile/share/zsh-git-prompt/zshrc.sh + source ~/.nix-profile/share/fzf/key-bindings.zsh + source ~/.nix-profile/share/fzf/completion.zsh - preexec() { echo -n -e "\033]0;$1\007" } + preexec() { echo -n -e "\033]0;$1\007" } - PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " - RPROMPT='$(git_super_status)' - #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" - if [ "$TMUX" = "" ] - then - tmux - fi + PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " + RPROMPT='$(git_super_status)' + #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" + if [ "$TMUX" = "" ] + then + tmux + fi ''; profileExtra = '' ''; diff --git a/modules/homepage.nix b/modules/homepage.nix index 94468ba..e737d05 100644 --- a/modules/homepage.nix +++ b/modules/homepage.nix @@ -1,8 +1,8 @@ { config, pkgs, lib, ... }: - let cfg = config.dadada.homePage; -in with lib; { +in +with lib; { options.dadada.homePage = { enable = mkEnableOption "Enable home page"; }; diff --git a/modules/networking.nix b/modules/networking.nix index badd59d..f60914c 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -1,14 +1,15 @@ -{ config, pkgs, lib, ...}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.dadada.networking; -in { +in +{ options.dadada.networking = { useLocalResolver = mkEnableOption "Enable local caching name server"; wanInterfaces = mkOption { type = with types; listOf str; description = "WAN network interfaces"; - default = []; + default = [ ]; }; vpnExtension = mkOption { type = with types; nullOr str; @@ -73,7 +74,7 @@ in { enable = true; allowedUDPPorts = [ 51234 # Wireguard - 5353 # mDNS + 5353 # mDNS ]; }; }; diff --git a/modules/share.nix b/modules/share.nix index 852ae80..abac5c7 100644 --- a/modules/share.nix +++ b/modules/share.nix @@ -3,7 +3,8 @@ with lib; let cfg = config.dadada.share; -in { +in +{ options.dadada.share = { enable = mkEnableOption "Enable file share"; }; @@ -27,4 +28,3 @@ in { }; }; } - diff --git a/modules/steam.nix b/modules/steam.nix index 273b1c0..f04b8dc 100644 --- a/modules/steam.nix +++ b/modules/steam.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.steam; -in { +in +{ options.dadada.steam = { enable = mkEnableOption "Enable Steam config"; }; diff --git a/modules/update.nix b/modules/update.nix index 4b37227..ace1c03 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.dadada.autoUpgrade; -in { +in +{ options.dadada.autoUpgrade = { enable = mkEnableOption "Enable automatic upgrades"; diff --git a/modules/vpnServer.nix b/modules/vpnServer.nix index 7fb108e..3965496 100644 --- a/modules/vpnServer.nix +++ b/modules/vpnServer.nix @@ -21,13 +21,14 @@ let }; }; }; -in { +in +{ options.dadada.vpnServer = { enable = mkEnableOption "Enable wireguard gateway"; peers = mkOption { description = "Set of extensions and public keys of peers"; type = with types; attrsOf (submodule wgPeer); - default = {}; + default = { }; }; }; config = mkIf cfg.enable { @@ -37,11 +38,13 @@ in { privateKeyFile = "/var/lib/wireguard/wg0-key"; ips = [ "fd42:dead:beef:1337::0/64" ]; listenPort = 51234; - peers = map (peer: ( - { - allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; - publicKey = peer.key; - })) (attrValues cfg.peers); + peers = map + (peer: ( + { + allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; + publicKey = peer.key; + })) + (attrValues cfg.peers); }; }; } diff --git a/modules/weechat.nix b/modules/weechat.nix index 7fabdb8..a32455a 100644 --- a/modules/weechat.nix +++ b/modules/weechat.nix @@ -3,7 +3,8 @@ with lib; let cfg = config.dadada.weechat; -in { +in +{ options.dadada.weechat = { enable = mkEnableOption "Enable weechat relay"; }; @@ -55,4 +56,3 @@ in { }; }; } - diff --git a/overlay.nix b/overlay.nix index 4be40f3..490f56c 100644 --- a/overlay.nix +++ b/overlay.nix @@ -1,11 +1,10 @@ self: super: - let isReserved = n: n == "lib" || n == "overlays" || n == "modules"; nameValuePair = n: v: { name = n; value = v; }; attrs = import ./default.nix { pkgs = super; }; in - builtins.listToAttrs +builtins.listToAttrs (map (n: nameValuePair n attrs.${n}) - (builtins.filter (n: !isReserved n) - (builtins.attrNames attrs))) + (builtins.filter (n: !isReserved n) + (builtins.attrNames attrs))) diff --git a/overlays/tubslatex.nix b/overlays/tubslatex.nix index 121fecc..ba2a1a7 100644 --- a/overlays/tubslatex.nix +++ b/overlays/tubslatex.nix @@ -1,25 +1,26 @@ self: super: { # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 - tubslatex = super.lib.overrideDerivation (super.texlive.combine { - inherit (super.texlive) scheme-full; - tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex {}) ]; - }) (oldAttrs: { - postBuild = '' - # Save the udpmap.cfg because texlive.combine removes it. - cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 - '' + oldAttrs.postBuild + '' - # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it - rm $out/share/texmf/web2c/updmap.cfg || true - cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg - rm $out/share/texmf/web2c/updmap.cfg.1 - perl `type -P mktexlsr.pl` $out/share/texmf - yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true - perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map - # Regenerate .map files. - perl `type -P updmap.pl` --sys - ''; - }); + tubslatex = super.lib.overrideDerivation + (super.texlive.combine { + inherit (super.texlive) scheme-full; + tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex { }) ]; + }) + (oldAttrs: { + postBuild = '' + # Save the udpmap.cfg because texlive.combine removes it. + cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 + '' + oldAttrs.postBuild + '' + # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it + rm $out/share/texmf/web2c/updmap.cfg || true + cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg + rm $out/share/texmf/web2c/updmap.cfg.1 + perl `type -P mktexlsr.pl` $out/share/texmf + yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true + perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map + # Regenerate .map files. + perl `type -P updmap.pl` --sys + ''; + }); } - diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix index 85dc382..6b3552a 100644 --- a/pkgs/keys/default.nix +++ b/pkgs/keys/default.nix @@ -9,8 +9,8 @@ stdenv.mkDerivation rec { buildPhase = ""; installPhase = '' - mkdir $out - cp * $out + mkdir $out + cp * $out ''; meta = with stdenv.lib; { diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix index acb8fc2..2ca8542 100644 --- a/pkgs/tubslatex/default.nix +++ b/pkgs/tubslatex/default.nix @@ -5,8 +5,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ unzip ]; buildInputs = [ unzip ]; installPhase = '' - mkdir -p $out - cp -r * $out/ + mkdir -p $out + cp -r * $out/ ''; pname = "tubslatex"; name = pname; diff --git a/pkgs/vimPlugins/filetype/ftplugin/nix.vim b/pkgs/vimPlugins/filetype/ftplugin/nix.vim index 51f2b56..c0b88cf 100644 --- a/pkgs/vimPlugins/filetype/ftplugin/nix.vim +++ b/pkgs/vimPlugins/filetype/ftplugin/nix.vim @@ -1,3 +1,5 @@ setlocal expandtab setlocal shiftwidth=2 setlocal softtabstop=2 + +let b:ale_fixers = [ 'nixpkgs-fmt', 'remove_trailing_lines', 'trim_whitespace'] From 998f83ff6ab2f6fd03d59ac6dce487628953d29c Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 14:30:50 +0100 Subject: [PATCH 005/988] Disable wayland in firefox Breaks copy-paste in gnome shell --- hosts/gorgon/home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 2a55e72..244f2db 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -31,7 +31,7 @@ in MAILDIR = "\$HOME/.var/mail"; MBLAZE = "\$HOME/.config/mblaze"; NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; - MOZ_ENABLE_WAYLAND= "1"; + MOZ_ENABLE_WAYLAND = "1"; }; }; }; From 288520c18a69dc37de39f23a3ed9065920083be0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 16:02:05 +0100 Subject: [PATCH 006/988] Disable share on surgat --- hosts/surgat/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index e6537be..72236f1 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -30,7 +30,6 @@ in dadada.networking.vpnExtension = "4"; dadada.weechat.enable = true; dadada.homePage.enable = true; - dadada.share.enable = true; dadada.backupClient = { enable = true; bs = true; From a7dee80a716f763e6adf333bf25ccdaaa3bdedb7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 16:04:14 +0100 Subject: [PATCH 007/988] Revert "Disable share on surgat" This reverts commit 288520c18a69dc37de39f23a3ed9065920083be0. --- hosts/surgat/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 72236f1..e6537be 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -30,6 +30,7 @@ in dadada.networking.vpnExtension = "4"; dadada.weechat.enable = true; dadada.homePage.enable = true; + dadada.share.enable = true; dadada.backupClient = { enable = true; bs = true; From cd7ef95c15b2184a95b61111cfaa9ca176c4a055 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 16:09:42 +0100 Subject: [PATCH 008/988] Add pruflas --- hosts/default.nix | 1 + hosts/pruflas/default.nix | 83 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 hosts/pruflas/default.nix diff --git a/hosts/default.nix b/hosts/default.nix index ade7342..e22e9f5 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -2,4 +2,5 @@ ifrit = ./ifrit; gorgon = ./gorgon; surgat = ./surgat; + pruflas = ./pruflas; } diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix new file mode 100644 index 0000000..91e0712 --- /dev/null +++ b/hosts/pruflas/default.nix @@ -0,0 +1,83 @@ +{ config, pkgs, lib, ... }: +let + hostName = "pruflas"; + this = import ../.. { inherit pkgs; }; +in +{ + imports = [ this.profiles.base ]; + + networking.hostName = hostName; + + services.hydra = { + enable = true; + hydraURL = "hydra.dadada.li"; + notificationSender = "hydra@localhost"; + buildMachinesFiles = [ ]; + useSubstitutes = true; + }; + + nix.buildMachines = [ + { + hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + maxJobs = 8; + } + ]; + + services.nginx = { + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + logError = "/dev/null"; + appendHttpConfig = '' + access_log off; + ''; + }; + + dadada.admin = { + enable = true; + users = { + "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; + }; + }; + + dadada.networking.vpnExtension = "5"; + dadada.backupClient = { + enable = true; + bs = true; + }; + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 + 443 # HTTPS + ]; + allowedUDPPorts = [ + 51234 # Wireguard + ]; + }; + + security.acme = { + email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + swapDevices = [ + { + device = "/var/swapfile"; + size = 32768; + } + ]; +} From 13ff1792cbf0b8998123eb8c218bdeb2d50109c6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 16:40:16 +0100 Subject: [PATCH 009/988] Use EFI bootloader --- README.md | 4 ++++ hosts/pruflas/default.nix | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c5dc70a..3ea4a61 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ # nix configuration Use at your own risk. + +## TODO + +- Reverse-proxy Hydra via Wireguard tunnel and nginx diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 91e0712..7eadbf9 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -69,10 +69,11 @@ in acceptTerms = true; }; - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; + boot.kernelModules = [ "kvm-intel" ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; swapDevices = [ { From 032a1d31bcb9cdf36b8c770b0866c56e1d7261b8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 16:45:22 +0100 Subject: [PATCH 010/988] Fixup DHCP --- hosts/pruflas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 7eadbf9..350f867 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -49,7 +49,7 @@ in }; networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; + networking.interfaces.enp3s0.useDHCP = true; networking.firewall = { enable = true; From e1da18608eddc22be2345a97bef1b910b097d4b6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 16:57:41 +0100 Subject: [PATCH 011/988] Fixup DHCP --- hosts/pruflas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 350f867..92fd616 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -49,7 +49,7 @@ in }; networking.useDHCP = false; - networking.interfaces.enp3s0.useDHCP = true; + networking.interfaces."enp0s25".useDHCP = true; networking.firewall = { enable = true; From cae687147fc0716c242dffd3364aefdea502e929 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 17:06:48 +0100 Subject: [PATCH 012/988] Add pruflas VPN --- hosts/ifrit/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index d02d8fc..6bb6939 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -35,6 +35,10 @@ in id = "4"; key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE="; }; + "pruflas" = { + id = "5"; + key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; + }; }; }; From 5b5c0c174b96cb2035454ebe9a8c73fd3a01c207 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 17:17:40 +0100 Subject: [PATCH 013/988] Add pruflas backup --- hosts/ifrit/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 6bb6939..36e9a83 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -62,7 +62,14 @@ in authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/surgat"; - quota = "100G"; + quota = "50G"; + }; + "pruflas" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/pruflas"; + quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; From 1bcfcb26b8c57c0a548473c7c5506b6601a8d357 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 17:42:11 +0100 Subject: [PATCH 014/988] Set up hydra VPN --- hosts/pruflas/default.nix | 17 +++++++++++++++++ hosts/surgat/default.nix | 15 +++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 92fd616..aadcb92 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -81,4 +81,21 @@ in size = 32768; } ]; + + + networking.wireguard.interfaces."hydra" = { + ips = [ "fcde:ad::1/64" ]; + listenPort = 51235; + + privateKeyFile = "/var/lib/wireguard/hydra"; + + peers = [ + { + publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + allowedIPs = [ "fcde:ad::2/128" ]; + endpoint = "surgat.dadada.li:51235"; + persistentKeepalive = 25; + } + ]; + }; } diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index e6537be..c26e8b3 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -86,4 +86,19 @@ in size = 4096; } ]; + + networking.wireguard.interfaces."hydra" = { + ips = [ "fcde:ad::2/64" ]; + listenPort = 51235; + + privateKeyFile = "/var/lib/wireguard/hydra"; + + peers = [ + { + publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; + allowedIPs = [ "fcde:ad::1/128" ]; + persistentKeepalive = 25; + } + ]; + }; } From c3bdc36fc38429980520a76e0812f78ef9da8ea9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 17:44:53 +0100 Subject: [PATCH 015/988] surgat, pruflas: open WG ports --- hosts/pruflas/default.nix | 1 + hosts/surgat/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index aadcb92..cc6ddd3 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -61,6 +61,7 @@ in ]; allowedUDPPorts = [ 51234 # Wireguard + 51235 # Wireguard ]; }; diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index c26e8b3..45ce20c 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -49,6 +49,7 @@ in ]; allowedUDPPorts = [ 51234 # Wireguard + 51235 # Wireguard ]; }; From e3a797a98f81a3712286a87cb080bbe0ef52fd48 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 17:55:25 +0100 Subject: [PATCH 016/988] surgat: hydra proxy-pass --- hosts/pruflas/default.nix | 2 +- hosts/surgat/default.nix | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index cc6ddd3..1e713a2 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -10,7 +10,7 @@ in services.hydra = { enable = true; - hydraURL = "hydra.dadada.li"; + hydraURL = "http://hydra.dadada.li/"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 45ce20c..100a22c 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -18,6 +18,15 @@ in ''; }; + services.nginx.virtualHosts."hydra.${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + proxy_pass http://[fcde:ad:1]:3000; + ''; + }; + dadada.admin = { enable = true; users = { From b444906e42421d5772a093e385cfa1525f5074b0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 18:00:40 +0100 Subject: [PATCH 017/988] pruflas: open hydra port to tunnel --- hosts/pruflas/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 1e713a2..69f947c 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -14,6 +14,8 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; + listenHost = "fcde:ad::1"; + port = 3000; }; nix.buildMachines = [ @@ -58,6 +60,7 @@ in 22 # SSH 80 443 # HTTPS + 3000 # Hydra ]; allowedUDPPorts = [ 51234 # Wireguard From d0470595ffc00a476da7c57188cb71fa6f0916c4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 18:07:16 +0100 Subject: [PATCH 018/988] Fixup --- hosts/pruflas/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 69f947c..dc531f8 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -10,11 +10,12 @@ in services.hydra = { enable = true; - hydraURL = "http://hydra.dadada.li/"; + hydraURL = "https://hydra.dadada.li/"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - listenHost = "fcde:ad::1"; + #listenHost = "[fcde:ad::1]"; + listenHost = "*"; port = 3000; }; From e4bc29ff4a5bbd78a18d55ca82a70b5737a2af5d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 18:14:06 +0100 Subject: [PATCH 019/988] Fixup --- hosts/surgat/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 100a22c..a658e78 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -23,7 +23,7 @@ in forceSSL = true; locations."/".extraConfig = '' - proxy_pass http://[fcde:ad:1]:3000; + proxy_pass http://[fcde:ad:1]:3000/; ''; }; From 800ad1a9e7b1a767539adf778d95e0aaf4921995 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 18:47:51 +0100 Subject: [PATCH 020/988] Use IPv4 inside tunnel because of Hydra --- hosts/pruflas/default.nix | 4 ++-- hosts/surgat/default.nix | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index dc531f8..005aae0 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -89,7 +89,7 @@ in networking.wireguard.interfaces."hydra" = { - ips = [ "fcde:ad::1/64" ]; + ips = [ "10.3.3.1/24" ]; listenPort = 51235; privateKeyFile = "/var/lib/wireguard/hydra"; @@ -97,7 +97,7 @@ in peers = [ { publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - allowedIPs = [ "fcde:ad::2/128" ]; + allowedIPs = [ "10.3.3.3/32" ]; endpoint = "surgat.dadada.li:51235"; persistentKeepalive = 25; } diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index a658e78..9527bf0 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -23,7 +23,7 @@ in forceSSL = true; locations."/".extraConfig = '' - proxy_pass http://[fcde:ad:1]:3000/; + proxy_pass http://10.3.3.3:3000/; ''; }; @@ -98,7 +98,7 @@ in ]; networking.wireguard.interfaces."hydra" = { - ips = [ "fcde:ad::2/64" ]; + ips = [ "10.3.3.1/24" ]; listenPort = 51235; privateKeyFile = "/var/lib/wireguard/hydra"; @@ -106,7 +106,7 @@ in peers = [ { publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; - allowedIPs = [ "fcde:ad::1/128" ]; + allowedIPs = [ "10.3.3.1/32" ]; persistentKeepalive = 25; } ]; From 28f312aa1f3ecfa7f6a74ceffb8ea27019127e02 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 18:51:18 +0100 Subject: [PATCH 021/988] Let Hydra only listen on tunnel --- hosts/pruflas/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 005aae0..51d734d 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -14,8 +14,8 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - #listenHost = "[fcde:ad::1]"; - listenHost = "*"; + listenHost = "10.3.3.3"; + #listenHost = "*"; port = 3000; }; From 6f06fe69a54c3e72c99bf1107426bcf89d0f468d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 18:53:15 +0100 Subject: [PATCH 022/988] Fixup --- hosts/pruflas/default.nix | 4 ++-- hosts/surgat/default.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 51d734d..a5d8717 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -89,7 +89,7 @@ in networking.wireguard.interfaces."hydra" = { - ips = [ "10.3.3.1/24" ]; + ips = [ "10.3.3.3/24" ]; listenPort = 51235; privateKeyFile = "/var/lib/wireguard/hydra"; @@ -97,7 +97,7 @@ in peers = [ { publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - allowedIPs = [ "10.3.3.3/32" ]; + allowedIPs = [ "10.3.3.1/32" ]; endpoint = "surgat.dadada.li:51235"; persistentKeepalive = 25; } diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 9527bf0..fa52e11 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -106,7 +106,7 @@ in peers = [ { publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; - allowedIPs = [ "10.3.3.1/32" ]; + allowedIPs = [ "10.3.3.3/32" ]; persistentKeepalive = 25; } ]; From 5ce05ee534852901f60d006e42c1e03b6515f7f7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:00:04 +0100 Subject: [PATCH 023/988] Fixup proxy --- hosts/surgat/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index fa52e11..632c90a 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -24,6 +24,10 @@ in locations."/".extraConfig = '' proxy_pass http://10.3.3.3:3000/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Request-Base /; ''; }; From aa79902aaddc0862e7402389cc03eec55e35c9f9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:02:12 +0100 Subject: [PATCH 024/988] Fixup --- hosts/pruflas/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index a5d8717..dc125e2 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -17,6 +17,9 @@ in listenHost = "10.3.3.3"; #listenHost = "*"; port = 3000; + extraConfig = '' + using_frontend_proxy 1 + ''; }; nix.buildMachines = [ From 9ab3ac5ed56d7fb8abd99664060843a42bc914b2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:04:28 +0100 Subject: [PATCH 025/988] Fixup --- hosts/surgat/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 632c90a..e4f94f4 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -24,6 +24,7 @@ in locations."/".extraConfig = '' proxy_pass http://10.3.3.3:3000/; + proxy_redirect http://10.3.3.3:3000 https://hydra.dadada.li/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; From c3714e34c93a9e7e4e3b0a666e96ac10579517cd Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:05:49 +0100 Subject: [PATCH 026/988] Fixup --- hosts/surgat/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index e4f94f4..632c90a 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -24,7 +24,6 @@ in locations."/".extraConfig = '' proxy_pass http://10.3.3.3:3000/; - proxy_redirect http://10.3.3.3:3000 https://hydra.dadada.li/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; From 9ce2e1514c02ad7ad8d83150fe220b4eecec37f1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:13:32 +0100 Subject: [PATCH 027/988] Fixup --- hosts/pruflas/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index dc125e2..1c08d60 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -19,6 +19,7 @@ in port = 3000; extraConfig = '' using_frontend_proxy 1 + base_uri hydra.dadada.li ''; }; From fa4708235ffbef75f9d46fb3b0763dc6295b31a6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:16:56 +0100 Subject: [PATCH 028/988] Fixup --- hosts/pruflas/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 1c08d60..d4a2b6c 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -10,17 +10,13 @@ in services.hydra = { enable = true; - hydraURL = "https://hydra.dadada.li/"; + hydraURL = "hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; listenHost = "10.3.3.3"; #listenHost = "*"; port = 3000; - extraConfig = '' - using_frontend_proxy 1 - base_uri hydra.dadada.li - ''; }; nix.buildMachines = [ From dc54552eba6a4955f1558f4df53a81db0836826b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:20:35 +0100 Subject: [PATCH 029/988] Fixup --- hosts/pruflas/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index d4a2b6c..5fd01d4 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -14,8 +14,7 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - listenHost = "10.3.3.3"; - #listenHost = "*"; + listenHost = "*"; port = 3000; }; From f8402f1c702086fc5db5adf9fbc98d6a211f2cf8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:21:53 +0100 Subject: [PATCH 030/988] Fixup --- hosts/pruflas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 5fd01d4..28c8d2c 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -14,7 +14,7 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - listenHost = "*"; + listenHost = "10.3.3.3"; port = 3000; }; From 0472fbefa2fac905f2ff5de1a353e7cbdf0f3cda Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:23:22 +0100 Subject: [PATCH 031/988] Fixup --- hosts/surgat/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 632c90a..d78353d 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -27,7 +27,6 @@ in proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Request-Base /; ''; }; From 4d331d93b6ab834934e3e323e18f560bb0bb6361 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:26:10 +0100 Subject: [PATCH 032/988] Fixup --- hosts/surgat/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index d78353d..9e3e6e6 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -24,6 +24,7 @@ in locations."/".extraConfig = '' proxy_pass http://10.3.3.3:3000/; + proxy_set_header X-Forwared-Host hydra.dadada.li; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; From bc44e473d688b4cdb64c25931ebc1703ab5ac967 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:31:42 +0100 Subject: [PATCH 033/988] Fixup --- hosts/pruflas/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 28c8d2c..c1ff468 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -7,6 +7,9 @@ in imports = [ this.profiles.base ]; networking.hostName = hostName; + networking.hosts = { + "10.3.3.1" = [ "hydra.dadada.li" ]; + }; services.hydra = { enable = true; @@ -14,7 +17,7 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - listenHost = "10.3.3.3"; + listenHost = "hydra.dadada.li"; port = 3000; }; From f09c26e1467a311bbfd2c168f24a7ab94e06b985 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:34:11 +0100 Subject: [PATCH 034/988] Fixup --- hosts/pruflas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index c1ff468..b5d6026 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -8,7 +8,7 @@ in networking.hostName = hostName; networking.hosts = { - "10.3.3.1" = [ "hydra.dadada.li" ]; + "10.3.3.3" = [ "hydra.dadada.li" ]; }; services.hydra = { From 707d83ba45528a65272450fe5b46c13daa3d1068 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:37:19 +0100 Subject: [PATCH 035/988] Fixup --- hosts/pruflas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index b5d6026..9f8b50a 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -13,7 +13,7 @@ in services.hydra = { enable = true; - hydraURL = "hydra.dadada.li"; + hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; From 6e2cba1c8d73978073032d24f355007e736b10a4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:40:46 +0100 Subject: [PATCH 036/988] Fixup --- hosts/surgat/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index 9e3e6e6..ca01562 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -23,8 +23,8 @@ in forceSSL = true; locations."/".extraConfig = '' - proxy_pass http://10.3.3.3:3000/; - proxy_set_header X-Forwared-Host hydra.dadada.li; + proxy_pass http://10.3.3.3:3000; + proxy_redirect http://127.0.0.1:3000 https://hydra.dadada.li proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; From a042a5546e469ff1ab25f872045a0e9253d334ba Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:43:21 +0100 Subject: [PATCH 037/988] Fixup --- hosts/surgat/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index ca01562..bd50d93 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -24,7 +24,7 @@ in locations."/".extraConfig = '' proxy_pass http://10.3.3.3:3000; - proxy_redirect http://127.0.0.1:3000 https://hydra.dadada.li + proxy_redirect http://127.0.0.1:3000 https://hydra.dadada.li; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; From 20cdd676d23190582f107f1c5db2146f9b451f45 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:44:21 +0100 Subject: [PATCH 038/988] Fixup --- hosts/surgat/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index bd50d93..d80caca 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -24,7 +24,7 @@ in locations."/".extraConfig = '' proxy_pass http://10.3.3.3:3000; - proxy_redirect http://127.0.0.1:3000 https://hydra.dadada.li; + proxy_redirect http://10.3.3.3:3000 https://hydra.dadada.li; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; From 0568af61cf7eaa149b4cb4fbc8bbcc88a82feba9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 19:48:50 +0100 Subject: [PATCH 039/988] Fixup --- hosts/pruflas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 9f8b50a..c88411d 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -17,7 +17,7 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - listenHost = "hydra.dadada.li"; + #listenHost = "hydra.dadada.li"; port = 3000; }; From 060c312336f995ab4c660b0a8c65e9bbddd09dea Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 20:00:51 +0100 Subject: [PATCH 040/988] Fixup --- hosts/pruflas/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index c88411d..b5d6026 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -13,11 +13,11 @@ in services.hydra = { enable = true; - hydraURL = "https://hydra.dadada.li"; + hydraURL = "hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - #listenHost = "hydra.dadada.li"; + listenHost = "hydra.dadada.li"; port = 3000; }; From 354d04c8381f1aa6433dabf7ec024e5256795574 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 20:02:22 +0100 Subject: [PATCH 041/988] Fixup --- hosts/pruflas/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index b5d6026..e2e6613 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -14,6 +14,7 @@ in services.hydra = { enable = true; hydraURL = "hydra.dadada.li"; + package = pkgs.hydra-unstable; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; From 92920ebabd11f2060e2368edadd58235ecd2456e Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 20:14:09 +0100 Subject: [PATCH 042/988] Fixup --- hosts/pruflas/default.nix | 3 +-- hosts/surgat/default.nix | 12 ++++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index e2e6613..9f8b50a 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -13,8 +13,7 @@ in services.hydra = { enable = true; - hydraURL = "hydra.dadada.li"; - package = pkgs.hydra-unstable; + hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index d80caca..f52f6b4 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -22,12 +22,16 @@ in enableACME = true; forceSSL = true; + root = "${pkgs.nginx}/html"; + locations."/".extraConfig = '' - proxy_pass http://10.3.3.3:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Server $host; proxy_redirect http://10.3.3.3:3000 https://hydra.dadada.li; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect https://10.3.3.3:3000 https://hydra.dadada.li; + proxy_pass http://10.3.3.3:3000; ''; }; From 1b27c2fb1162168dc40681f1f7f2bb5944749204 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 20:25:47 +0100 Subject: [PATCH 043/988] Fixup --- hosts/surgat/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index f52f6b4..ab4fdfa 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -12,6 +12,8 @@ in recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; + recommendedProxySettings = true; + logError = "/dev/null"; appendHttpConfig = '' access_log off; @@ -24,15 +26,12 @@ in root = "${pkgs.nginx}/html"; - locations."/".extraConfig = '' - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Server $host; - proxy_redirect http://10.3.3.3:3000 https://hydra.dadada.li; - proxy_redirect https://10.3.3.3:3000 https://hydra.dadada.li; - proxy_pass http://10.3.3.3:3000; - ''; + locations."/" = { + proxyPass = "http://10.3.3.3:3000/"; + extraConfig = '' + proxy_redirect default; + ''; + }; }; dadada.admin = { From f923bbb38e1045a95d1f4d21b3dba48f4ca0933a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 20:53:57 +0100 Subject: [PATCH 044/988] Disable lid switch --- hosts/pruflas/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 9f8b50a..640e30b 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -11,6 +11,8 @@ in "10.3.3.3" = [ "hydra.dadada.li" ]; }; + services.logind.lidSwitch = "ignore"; + services.hydra = { enable = true; hydraURL = "https://hydra.dadada.li"; From 16d1b3a2bd7768c98cbe5d5bbefa19f1710bcbef Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 21:40:14 +0100 Subject: [PATCH 045/988] gorgon: fixup --- hosts/gorgon/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 8cbb199..35a0e43 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let this = import ../.. { inherit pkgs; }; - nixos-hardware = buildins.fetchTarball { + nixos-hardware = builtins.fetchTarball { url = "https://github.com/NixOS/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz"; sha256 = "1z4cr5gsyfdpcy31vqg4ikalbxmnnac6jjk1nl8mxj0h0ix7pp36"; }; From 119c0cc49334f0fd7037a9c45f1a7138274aefa0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Jan 2021 23:08:14 +0100 Subject: [PATCH 046/988] pruflas: enable nix flakes --- hosts/pruflas/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 640e30b..a7f1ef8 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -6,6 +6,13 @@ in { imports = [ this.profiles.base ]; + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + networking.hostName = hostName; networking.hosts = { "10.3.3.3" = [ "hydra.dadada.li" ]; @@ -15,6 +22,7 @@ in services.hydra = { enable = true; + package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; From d6a6d8730741b8f841abfcfce1b4d366e0286b93 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jan 2021 12:36:41 +0100 Subject: [PATCH 047/988] Add logo --- hosts/pruflas/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index a7f1ef8..2396c8c 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -2,6 +2,11 @@ let hostName = "pruflas"; this = import ../.. { inherit pkgs; }; + logo = builtins.fetchurl { + sha256 = "1c8y19a3yz4g9dl7hbx7aq4y92jfxl4nrsparzyzwn0wcm9jan27"; + url = "https://openmoji.org/php/download_from_github.php?emoji_hexcode=1F431-200D-1F4BB&emoji_variant=color"; + name = "open-moji-hack-cat"; + }; in { imports = [ this.profiles.base ]; @@ -29,6 +34,7 @@ in useSubstitutes = true; listenHost = "hydra.dadada.li"; port = 3000; + logo = logo; }; nix.buildMachines = [ From 42c91509027397a1acc27a4593849dc3706b0d7d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jan 2021 18:48:43 +0100 Subject: [PATCH 048/988] Enable caching for gitea --- modules/gitea.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/modules/gitea.nix b/modules/gitea.nix index 131ba7a..4581cde 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -1,5 +1,6 @@ { config, pkgs, lib, ... }: let + redisSocket = "127.0.0.1:6379"; cfg = config.dadada.gitea; in { @@ -20,6 +21,36 @@ in type = "postgres"; }; disableRegistration = true; + settings = { + server = { + LANDING_PAGE = "explore"; + OFFLINE_MODE = true; + }; + picture = { + DISABLE_GRAVATAR = true; + REPOSITORY_AVATAR_FALLBACK = "random"; + ENABLE_FEDERATED_AVATAR = false; + }; + other = { + SHOW_FOOTER_BRANDING = false; + SHOW_FOOTER_VERSION = false; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + }; + log = { + DISABLE_ROUTER_LOG = true; + }; + cache = { + ENABLE = true; + ADAPTER = "redis"; + HOST = "network=tcp,addr=${redisSocket},db=0,pool_size=100,idle_timeout=180"; + }; + }; + }; + + services.redis = { + enable = true; + vmOverCommit = true; + #unixSocket = redisSocket; }; services.nginx.virtualHosts."git.${config.networking.domain}" = { From a4a5abc7bb55e91bbdcd9b05d56b01c3473435c3 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jan 2021 09:12:24 +0100 Subject: [PATCH 049/988] Add work profile --- hosts/gorgon/work/default.nix | 51 +++++++++++++++++++++++++++++++++++ hosts/gorgon/work/pkgs.nix | 32 ++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 hosts/gorgon/work/default.nix create mode 100644 hosts/gorgon/work/pkgs.nix diff --git a/hosts/gorgon/work/default.nix b/hosts/gorgon/work/default.nix new file mode 100644 index 0000000..a7e0fb0 --- /dev/null +++ b/hosts/gorgon/work/default.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: +let + this = import ../../.. { inherit pkgs; }; +in +{ + imports = lib.attrValues this.hmModules; + + dadada.home = { + vim.enable = true; + direnv.enable = true; + git.enable = true; + gpg.enable = true; + gtk.enable = true; + keyring.enable = true; + kitty.enable = true; + ssh.enable = true; + tmux.enable = true; + xdg.enable = true; + zsh.enable = true; + + session = { + enable = true; + sessionVars = { + EDITOR = "vim"; + PAGER = "less"; + }; + }; + }; + + # Languagetool server for web extension + systemd.user.services."languagetool-http-server" = { + Unit = { + Description = "Languagetool HTTP server"; + PartOf = [ "graphical-session-pre.target" ]; + After = [ "graphical-session.target" ]; + }; + + Service = { + Type = "simple"; + ExecStart = "${pkgs.languagetool}/bin/languagetool-http-server org.languagetool.server.HTTPServer --allow-origin '*'"; + Restart = "always"; + }; + + Install = { WantedBy = [ "graphical-session.target" ]; }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + home.packages = import ./pkgs.nix { pkgs = pkgs; }; +} diff --git a/hosts/gorgon/work/pkgs.nix b/hosts/gorgon/work/pkgs.nix new file mode 100644 index 0000000..563c158 --- /dev/null +++ b/hosts/gorgon/work/pkgs.nix @@ -0,0 +1,32 @@ +{ pkgs }: +with pkgs; [ + android-studio + chromium + direnv + element-desktop + evince + file + firefox-bin + fzf + git-lfs + gitAndTools.hub + gnome3.gnome-tweak-tool + gnome3.nautilus + gnumake + gnupg + inotify-tools + jq + kitty + ldns + libreoffice + lsof + openssl + pavucontrol + pinentry-gnome + sqlite + sshfs-fuse + thunderbird-bin + unzip + whois + xdg_utils +] From 01f2c749c862667c45c8bd09d2ec418e124d4ecc Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jan 2021 09:12:59 +0100 Subject: [PATCH 050/988] Add unit for languagetool server --- hosts/gorgon/home/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 244f2db..1ccc6c8 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -36,6 +36,23 @@ in }; }; + # Languagetool server for web extension + systemd.user.services."languagetool-http-server" = { + Unit = { + Description = "Languagetool HTTP server"; + PartOf = [ "graphical-session-pre.target" ]; + After = [ "graphical-session.target" ]; + }; + + Service = { + Type = "simple"; + ExecStart = "${pkgs.languagetool}/bin/languagetool-http-server org.languagetool.server.HTTPServer --allow-origin '*'"; + Restart = "always"; + }; + + Install = { WantedBy = [ "graphical-session.target" ]; }; + }; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From eac0b53b62c110608c28f44d9053d7fa3d0ac136 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jan 2021 09:13:31 +0100 Subject: [PATCH 051/988] Cleanup laptop profile --- modules/profiles/laptop/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index bb585a1..de9d869 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -1,9 +1,7 @@ { config, pkgs, lib, ... }: with lib; { - imports = [ - ../base - ]; + networking.domain = mkDefault "dadada.li"; dadada = { networking = { @@ -19,6 +17,12 @@ with lib; time.timeZone = mkDefault "Europe/Berlin"; + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + console = mkDefault { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + programs.zsh = mkDefault { enable = true; autosuggestions.enable = true; @@ -30,8 +34,4 @@ with lib; highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ]; }; }; - - environment.noXlibs = false; - documentation.enable = true; - documentation.nixos.enable = true; } From 458e4838cec5b791becf6b621448bed2c027ebb1 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jan 2021 21:51:15 +0100 Subject: [PATCH 052/988] Add pkgs.lab to installed packages --- hosts/gorgon/home/pkgs.nix | 1 + hosts/gorgon/work/pkgs.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 953364c..b7cf221 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -42,6 +42,7 @@ with pkgs; [ keepassxc #keys kitty + gitAndTools.lab ldns libreoffice libvirt diff --git a/hosts/gorgon/work/pkgs.nix b/hosts/gorgon/work/pkgs.nix index 563c158..94c3be4 100644 --- a/hosts/gorgon/work/pkgs.nix +++ b/hosts/gorgon/work/pkgs.nix @@ -17,6 +17,7 @@ with pkgs; [ inotify-tools jq kitty + gitAndTools.lab ldns libreoffice lsof From 438c05f4eb102bcb0622d1c82ac896320436ed92 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jan 2021 21:52:04 +0100 Subject: [PATCH 053/988] Add mpv and languagetool to work profile --- hosts/gorgon/work/pkgs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/gorgon/work/pkgs.nix b/hosts/gorgon/work/pkgs.nix index 94c3be4..a01f6fc 100644 --- a/hosts/gorgon/work/pkgs.nix +++ b/hosts/gorgon/work/pkgs.nix @@ -18,9 +18,11 @@ with pkgs; [ jq kitty gitAndTools.lab + languagetool ldns libreoffice lsof + mpv openssl pavucontrol pinentry-gnome From e9ccff4b52ada9589f02c34c160c64cdd9040fc0 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 7 Jan 2021 21:47:58 +0100 Subject: [PATCH 054/988] Enable auto-upgrade and newer kernel on laptop --- modules/profiles/laptop/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index de9d869..63987c9 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -1,12 +1,15 @@ { config, pkgs, lib, ... }: with lib; { + boot.kernelPackages = pkgs.linuxPackages_latest; + networking.domain = mkDefault "dadada.li"; dadada = { networking = { useLocalResolver = mkDefault true; }; + autoUpgrade.enable = true; }; services.fwupd.enable = true; From 30549b5e4ec799101f62cbaac0266658242c5479 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 7 Jan 2021 22:01:32 +0100 Subject: [PATCH 055/988] Add system state version --- deploy | 17 +++++++++++------ hosts/gorgon/default.nix | 2 ++ hosts/ifrit/default.nix | 2 ++ hosts/pruflas/default.nix | 2 ++ hosts/surgat/default.nix | 2 ++ 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/deploy b/deploy index c783cfa..3c6b3c5 100755 --- a/deploy +++ b/deploy @@ -20,20 +20,25 @@ function hash { host="${1}" rev="$(git rev-parse HEAD)" -url="https://github.com/dadada/nix-config/archive/${rev}.tar.gz" sha256=$(hash "$rev") -cat < /etc/nixos/deploy.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""' +cat < /etc/nixos/configuration.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""' +let + host = "$host"; + rev = "$rev"; + sha256 = "$sha256"; +in { config, pkgs, lib, ... }: let dadada = import (builtins.fetchTarball { - url = ${url}; - sha256 = "${sha256}"; + url = "https://github.com/dadada/nix-config/archive/\${rev}.tar.gz"; + sha256 = sha256; }) { inherit pkgs; }; -in { +in +{ imports = [ ./hardware-configuration.nix - dadada.hosts."${host}" + dadada.hosts."\${host}" ]; } EOF diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 35a0e43..fedcd66 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -121,4 +121,6 @@ in "192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ]; "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; }; + + system.stateVersion = "20.03"; } diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 36e9a83..8209920 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -166,4 +166,6 @@ in workstation = false; }; }; + + system.stateVersion = "20.03"; } diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 2396c8c..4d6b346 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -121,4 +121,6 @@ in } ]; }; + + system.stateVersion = "20.09"; } diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix index ab4fdfa..1c8578a 100644 --- a/hosts/surgat/default.nix +++ b/hosts/surgat/default.nix @@ -118,4 +118,6 @@ in } ]; }; + + system.stateVersion = "20.09"; } From eb6e32284d1e54102c8698d60c3208c9904a0e3c Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 7 Jan 2021 22:15:25 +0100 Subject: [PATCH 056/988] Clean up arguments to deploy --- deploy | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/deploy b/deploy index 3c6b3c5..0a76c9f 100755 --- a/deploy +++ b/deploy @@ -23,13 +23,11 @@ rev="$(git rev-parse HEAD)" sha256=$(hash "$rev") cat < /etc/nixos/configuration.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""' +{ config, pkgs, ... }: let host = "$host"; rev = "$rev"; sha256 = "$sha256"; -in -{ config, pkgs, lib, ... }: -let dadada = import (builtins.fetchTarball { url = "https://github.com/dadada/nix-config/archive/\${rev}.tar.gz"; sha256 = sha256; From d71ea225fe8b8108609a0ea445c5a2d7a6366d46 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Jan 2021 17:08:28 +0100 Subject: [PATCH 057/988] Add LICENSE --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8f60ca3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Tim Schubert + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From e19bc8eddb16154e111c604a22fcf56fcf40807b Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Jan 2021 17:10:23 +0100 Subject: [PATCH 058/988] Remove todo that is done --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 3ea4a61..c5dc70a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,3 @@ # nix configuration Use at your own risk. - -## TODO - -- Reverse-proxy Hydra via Wireguard tunnel and nginx From 9a5f573be15915083df2653895b935d1261464de Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 16 Jan 2021 18:57:59 +0100 Subject: [PATCH 059/988] Add rollback on failure --- README.md | 8 ++++++++ deploy | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c5dc70a..05bcdf1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,11 @@ # nix configuration Use at your own risk. + +## Deploying + +The `./deploy` script generates a NixOS configuration that pins the current git `HEAD` of this project and copies the resulting `configuration.nix` to the destionation host. Then it tests the new confiurations and rolls back if it fails. + +## TODO + +- Use `nix-copy-closure`? diff --git a/deploy b/deploy index 0a76c9f..10dc47e 100755 --- a/deploy +++ b/deploy @@ -22,7 +22,7 @@ host="${1}" rev="$(git rev-parse HEAD)" sha256=$(hash "$rev") -cat < /etc/nixos/configuration.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""' +cat < /etc/nixos/configuration.nix && (nixos-rebuild test && nixos-rebuild switch) || (nixos-rebuild switch --rollback && exit 1)' { config, pkgs, ... }: let host = "$host"; From 439e5c69539a6642e9cf507ae9edd34786be1eb5 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 16 Jan 2021 19:03:27 +0100 Subject: [PATCH 060/988] Refactor deploy script --- utils/deploy | 14 ++++++++++++++ deploy => utils/gen-config | 19 +++++++------------ 2 files changed, 21 insertions(+), 12 deletions(-) create mode 100755 utils/deploy rename deploy => utils/gen-config (76%) diff --git a/utils/deploy b/utils/deploy new file mode 100755 index 0000000..0e7a87c --- /dev/null +++ b/utils/deploy @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +if [ -z "$1" ] +then + echo "usage: deploy " + exit 1 +fi + +git push + +gen-config $1 | ssh "${host}".dadada.li 'sudo cat - > /etc/nixos/configuration.nix && (nixos-rebuild test && nixos-rebuild switch) || (nixos-rebuild switch --rollback && exit 1)' diff --git a/deploy b/utils/gen-config similarity index 76% rename from deploy rename to utils/gen-config index 10dc47e..dc13b7b 100755 --- a/deploy +++ b/utils/gen-config @@ -1,16 +1,5 @@ #!/usr/bin/env bash -set -e -set -o pipefail - -if [ -z "$1" ] -then - echo "usage: deploy " - exit 1 -fi - -git push - function hash { archive="$(mktemp /tmp/nix-config.XXX.tar.gz)" git archive "$1" | gzip > "$archive" @@ -18,11 +7,17 @@ function hash { rm "$archive" } +if [ -z "$1" ] +then + echo "usage: deploy " + exit 1 +fi + host="${1}" rev="$(git rev-parse HEAD)" sha256=$(hash "$rev") -cat < /etc/nixos/configuration.nix && (nixos-rebuild test && nixos-rebuild switch) || (nixos-rebuild switch --rollback && exit 1)' +cat < Date: Sat, 16 Jan 2021 19:32:56 +0100 Subject: [PATCH 061/988] Add dadada-deploy pkg --- default.nix | 1 + pkgs/deploy.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 pkgs/deploy.nix diff --git a/default.nix b/default.nix index a2a42ad..3025002 100644 --- a/default.nix +++ b/default.nix @@ -15,4 +15,5 @@ rec { tubslatex = callPackage ./pkgs/tubslatex { }; keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; + deploy = callPackage ./pkgs/deploy.nix { }; } diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix new file mode 100644 index 0000000..84be481 --- /dev/null +++ b/pkgs/deploy.nix @@ -0,0 +1,33 @@ +{ stdenv +, git +, openssh +, bash +}: +stdenv.mkDerivation rec { + name = "dadada-deploy"; + version = "0.1"; + + src = ../utils; + + buildInputs = [ + git + openssh + bash + ]; + + installPhase = '' + mkdir -p $out/bin + for script in \ + deploy \ + gen-config + do + install $script $out/bin/ + done + ''; + meta = with stdenv.lib; { + description = "deploy scripts"; + license = licenses.publicDomain; + platforms = platforms.linux; + maintainers = [ "dadada" ]; + }; +} From 939c10aacdd32433d0537ef6246e59cd56093749 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 16 Jan 2021 19:47:36 +0100 Subject: [PATCH 062/988] Add shell.nix --- shell.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 shell.nix diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..5c79b80 --- /dev/null +++ b/shell.nix @@ -0,0 +1,8 @@ +{ pkgs ? import { } }: + +with (import ./default.nix { inherit pkgs; }); +pkgs.mkShell { + buildInputs = [ + deploy + ]; +} From 3bdf95ce2574d14c1275678e543ec62fa9e3a5e2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 16 Jan 2021 19:49:25 +0100 Subject: [PATCH 063/988] Add .envrc --- .envrc | 1 + .gitignore | 1 + 2 files changed, 2 insertions(+) create mode 100644 .envrc diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/.gitignore b/.gitignore index 03f357d..01c6686 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ result *.zip *.qcow2 work.nix +.direnv/ From 9131504b380ba4120ed50367a982e1cbc016e3d1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 16 Jan 2021 20:17:11 +0100 Subject: [PATCH 064/988] Fixup --- utils/deploy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/deploy b/utils/deploy index 0e7a87c..6e3b2df 100755 --- a/utils/deploy +++ b/utils/deploy @@ -11,4 +11,4 @@ fi git push -gen-config $1 | ssh "${host}".dadada.li 'sudo cat - > /etc/nixos/configuration.nix && (nixos-rebuild test && nixos-rebuild switch) || (nixos-rebuild switch --rollback && exit 1)' +gen-config $1 | ssh "$1".dadada.li 'sudo bash -c "cat - > /etc/nixos/configuration.nix && (nixos-rebuild test && nixos-rebuild switch) || (nixos-rebuild switch --rollback && exit 1)"' From de6bad0dcbac083f2aaf3a7c4f2e8484cd3a0062 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 24 Jan 2021 18:20:46 +0100 Subject: [PATCH 065/988] sway: Fix undefined variable --- modules/home/sway/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix index 7c7bf21..604a308 100644 --- a/modules/home/sway/default.nix +++ b/modules/home/sway/default.nix @@ -18,9 +18,8 @@ in termite bemenu xss-lock - ] ++ (with unstable; [ swaylock - ]); + ]; wayland.windowManager.sway = { enable = true; From 4be94e5ed86a35d77875b67cdfe88cfebd2dbcc6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 24 Jan 2021 18:21:13 +0100 Subject: [PATCH 066/988] gorgon/home: rewrite using genAttrs --- hosts/gorgon/home/default.nix | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 1ccc6c8..5afdb78 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -1,6 +1,20 @@ { config, pkgs, lib, ... }: let this = import ../../.. { inherit pkgs; }; + useFeatures = [ + "vim" + "direnv" + "git" + "gpg" + "gtk" + "keyring" + "ssh" + "sway" + "syncthing" + "tmux" + "xdg" + "zsh" + ]; in { nixpkgs.overlays = [ @@ -9,20 +23,7 @@ in imports = lib.attrValues this.hmModules; - dadada.home = { - vim.enable = true; - direnv.enable = true; - git.enable = true; - gpg.enable = true; - gtk.enable = true; - keyring.enable = true; - kitty.enable = true; - ssh.enable = true; - syncthing.enable = true; - tmux.enable = true; - xdg.enable = true; - zsh.enable = true; - + dadada.home = lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { session = { enable = true; sessionVars = { From 73eff3459ec056b1606af90b2494db6f780d88ef Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 24 Jan 2021 19:52:45 +0100 Subject: [PATCH 067/988] Add scripts --- default.nix | 3 ++- hosts/gorgon/home/default.nix | 1 + overlays/default.nix | 3 +++ pkgs/scripts.nix | 9 +++++++++ 4 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 pkgs/scripts.nix diff --git a/default.nix b/default.nix index 3025002..b358736 100644 --- a/default.nix +++ b/default.nix @@ -1,4 +1,4 @@ -{ pkgs }: +{ pkgs ? import { } }: with pkgs; rec { @@ -16,4 +16,5 @@ rec { keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; deploy = callPackage ./pkgs/deploy.nix { }; + scripts = callPackage ./pkgs/scripts.nix { }; } diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 5afdb78..1c52c4b 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -19,6 +19,7 @@ in { nixpkgs.overlays = [ this.overlays.tubslatex + this.overlays.dadadaScripts ]; imports = lib.attrValues this.hmModules; diff --git a/overlays/default.nix b/overlays/default.nix index a49268e..47cf758 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -6,4 +6,7 @@ homePage = self: super: { homePage = super.callPackage ../pkgs/homePage { }; }; + dadadaScripts = self: super: { + dadadaScripts = super.callPackage ../pkgs/scripts.nix { }; + }; } diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix new file mode 100644 index 0000000..98ca55e --- /dev/null +++ b/pkgs/scripts.nix @@ -0,0 +1,9 @@ +{ stdenv }: + +(import + (builtins.fetchGit { + url = "https://git.dadada.li/dadada/scripts.git"; + ref = "main"; + rev = "3393073cd3511d43f622972b891a20ba069fa052"; + }) + { inherit stdenv; }) From dbc2795324acee33e14e65e37e36e3e690267af5 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 25 Jan 2021 22:16:28 +0100 Subject: [PATCH 068/988] Fixup --- hosts/gorgon/home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 1c52c4b..62165ce 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -7,9 +7,9 @@ let "git" "gpg" "gtk" + "kitty" "keyring" "ssh" - "sway" "syncthing" "tmux" "xdg" From bc59bfdac202b8d093377fa21f0c855ce99c6ef5 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Jan 2021 19:11:37 +0100 Subject: [PATCH 069/988] Enable auto-upgrade --- modules/profiles/base/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/profiles/base/default.nix b/modules/profiles/base/default.nix index ec6fc2d..f6c9e45 100644 --- a/modules/profiles/base/default.nix +++ b/modules/profiles/base/default.nix @@ -11,7 +11,7 @@ with lib; "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; }; - #dadada.autoUpgrade = mkDefault true; + dadada.autoUpgrade.enable = mkDefault true; environment.noXlibs = mkDefault true; documentation.enable = mkDefault false; From b178815db6e48d5c79d06d478700afaad1e21c88 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 29 Jan 2021 23:49:42 +0100 Subject: [PATCH 070/988] Fix network manager startup --- hosts/gorgon/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index fedcd66..3e2f066 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -30,7 +30,6 @@ in }; luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; networking = { - wanInterfaces = [ "enp2s0f0" "wlp3s0" ]; enableBsShare = true; vpnExtension = "3"; }; From f2d601dcbe795a1ef5b3bd0ab1d37458fa80c6cf Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 29 Jan 2021 23:50:08 +0100 Subject: [PATCH 071/988] Fix tmux --- modules/home/kitty/config | 2 ++ modules/home/zsh.nix | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/home/kitty/config b/modules/home/kitty/config index 54f0cfc..fda05dc 100644 --- a/modules/home/kitty/config +++ b/modules/home/kitty/config @@ -40,3 +40,5 @@ color18 #282828 color19 #444155 color20 #b8b8b8 color21 #e8e8e8 + +shell tmux diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 5562403..071e989 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -36,10 +36,6 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " RPROMPT='$(git_super_status)' #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" - if [ "$TMUX" = "" ] - then - tmux - fi ''; profileExtra = '' ''; From 81310246851317bcb2af7100ac5d14772fda99c8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 00:21:43 +0100 Subject: [PATCH 072/988] Remove initial password --- hosts/gorgon/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 3e2f066..2095890 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -94,14 +94,12 @@ in isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; shell = "/run/current-system/sw/bin/zsh"; - initialHashedPassword = "nopass"; }; "tim.schubert" = { isNormalUser = true; extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; shell = "/run/current-system/sw/bin/zsh"; - initialHashedPassword = "nopass"; }; }; From 52b62d5575d6398d4e070e84450175f2574f8aa6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 00:22:06 +0100 Subject: [PATCH 073/988] Add vim-buftabline --- modules/home/vim/default.nix | 1 + pkgs/vimPlugins/default.nix | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 83da01b..1d6d53f 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -24,6 +24,7 @@ in pkgs.vimPlugins.vim-airline pkgs.vimPlugins.vim-airline-themes pkgs.vimPlugins.vim-fish + vimPlugins.vim-buftabline vimPlugins.spacemacsTheme vimPlugins.filetype #pkgs.vimPlugins.vim-gnupg diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix index 13f293e..fd8df18 100644 --- a/pkgs/vimPlugins/default.nix +++ b/pkgs/vimPlugins/default.nix @@ -17,4 +17,15 @@ with lib; sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz"; }; }; + + vim-buftabline = pkgs.vimUtils.buildVimPluginFrom2Nix { + pname = "vim-buftabline"; + version = "master"; + src = pkgs.fetchFromGitHub { + owner = "ap"; + repo = "vim-buftabline"; + rev = "73b9ef5dcb6cdf6488bc88adb382f20bc3e3262a"; + sha256 = "1vs4km7fb3di02p0771x42y2bsn1hi4q6iwlbrj0imacd9affv5y"; + }; + }; } From 2c2ce075681eca539a184db75118e28e47f885e0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 00:43:03 +0100 Subject: [PATCH 074/988] Add gitgutter to vim plugins --- modules/home/vim/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index 1d6d53f..ff90179 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -24,13 +24,11 @@ in pkgs.vimPlugins.vim-airline pkgs.vimPlugins.vim-airline-themes pkgs.vimPlugins.vim-fish + pkgs.vimPlugins.vim-gitgutter vimPlugins.vim-buftabline vimPlugins.spacemacsTheme vimPlugins.filetype - #pkgs.vimPlugins.vim-gnupg - #pkgs.vimPlugins.vim-l9 pkgs.vimPlugins.vim-ledger - #pkgs.vimPlugins.clang_complete ]; }; home.packages = with pkgs; [ From bfc765f0318d1dbbb43d2a59291a890d150d2c61 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 15:15:35 +0100 Subject: [PATCH 075/988] Update sway config --- hosts/gorgon/home/default.nix | 1 + modules/home/sway/config | 35 ++++++----------------------------- modules/home/sway/default.nix | 8 ++++++-- 3 files changed, 13 insertions(+), 31 deletions(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 62165ce..6541c9b 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -10,6 +10,7 @@ let "kitty" "keyring" "ssh" + "sway" "syncthing" "tmux" "xdg" diff --git a/modules/home/sway/config b/modules/home/sway/config index f5a8382..610a33b 100644 --- a/modules/home/sway/config +++ b/modules/home/sway/config @@ -1,4 +1,3 @@ -set $wallpaper ~/.config/nixpkgs/modules/sway/wallpaper set $foreground #a3a3a3ff set $background #1f2022e5 set $dark_black #1f2022ff @@ -32,7 +31,7 @@ bindsym $mod+Shift+r restart # the font to be used for i3bar and window decorations font pango:Source Code Pro 8 -bindsym $mod+Return exec termite +bindsym $mod+Return exec kitty bindsym $mod+Space exec bemenu-run # switch keyboard to neo @@ -107,13 +106,13 @@ workspace_layout tabbed workspace_auto_back_and_forth yes # messaging -workspace 2 output LVDS-1 +#workspace 2 output LVDS-1 # web and doc -workspace 1 output VGA-1 +#workspace 1 output VGA-1 # editor and IDE -workspace 3 output DP-2 +#workspace 3 output DP-2 # change focus bindsym $mod+h focus left @@ -197,7 +196,7 @@ mode "$mode_move" { } # lock the screen -bindsym $mod+equal exec ~/bin/lock-session +bindsym $mod+equal exec lock-session # control volume bindsym --locked XF86AudioRaiseVolume exec amixer set 'Master' 5%+ && pkill -RTMIN+10 i3blocks @@ -220,7 +219,7 @@ bindsym --locked XF86MonBrightnessDown exec brightnessctl set -d intel_backlight # Basic bar configuration using the Base16 variables. bar { id bar - status_command i3blocks + status_command i3status mode dock modifier $mod position bottom @@ -265,22 +264,6 @@ input 2:7:SynPS/2_Synaptics_TouchPad { events disabled } -output VGA-1 { - background $wallpaper fill - pos 0 0 -} - -output DP-2 { - background $wallpaper fill - pos 1280 0 -} - -output LVDS-1 { - background $wallpaper fill - pos 3840 0 -} - - seat * { hide_cursor 5000 } @@ -298,9 +281,3 @@ assign [app_id="org.keepassxc.KeePassXC"] workspace 10 exec xset s off exec mako -#exec swayidle -w timeout 300 '$HOME/bin/lock-session' timeout 240 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' before-sleep '$HOME/bin/lock-session' lock '$HOME/bin/lock-session' -#exec redshift -#exec keepassxc -#exec firefox -#exec thunderbird -#exec riot-desktop diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix index 604a308..cd3883f 100644 --- a/modules/home/sway/default.nix +++ b/modules/home/sway/default.nix @@ -14,11 +14,15 @@ in xwayland mako kanshi - i3blocks - termite + kitty + i3status + kitty bemenu xss-lock swaylock + brightnessctl + playerctl + dadadaScripts ]; wayland.windowManager.sway = { From 52a74c426c9805f38d4d94484fd563913ea60951 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 17:38:36 +0100 Subject: [PATCH 076/988] Patch sudo --- modules/default.nix | 2 +- modules/profiles/laptop/default.nix | 2 ++ overlays/default.nix | 1 + overlays/sudo.nix | 11 +++++++++++ 4 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 overlays/sudo.nix diff --git a/modules/default.nix b/modules/default.nix index 0b7dfd0..2941d6d 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -9,7 +9,7 @@ networking = ./networking.nix; share = ./share.nix; steam = ./steam.nix; - update = ./update.nix; + autoUpgrade = ./update.nix; vpnServer = ./vpnServer.nix; weechat = ./weechat.nix; } diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index 63987c9..0c28c29 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -1,6 +1,8 @@ { config, pkgs, lib, ... }: with lib; { + nixpkgs.overlays = attrValues (import ../../../overlays); + boot.kernelPackages = pkgs.linuxPackages_latest; networking.domain = mkDefault "dadada.li"; diff --git a/overlays/default.nix b/overlays/default.nix index 47cf758..ea39702 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -9,4 +9,5 @@ dadadaScripts = self: super: { dadadaScripts = super.callPackage ../pkgs/scripts.nix { }; }; + sudo = import ./sudo.nix; } diff --git a/overlays/sudo.nix b/overlays/sudo.nix new file mode 100644 index 0000000..743931f --- /dev/null +++ b/overlays/sudo.nix @@ -0,0 +1,11 @@ +self: super: +{ + sudo = super.sudo.overrideAttrs (old: rec { + pname = "sudo"; + version = "1.9.5p2"; + src = self.fetchurl { + url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; + sha256 = "0y093z4f3822rc88g9asdch12nljdamp817vjxk04mca7ks2x7jk"; + }; + }); +} From 76240f439293f4c87e8053d5cf20db527511c803 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 17:59:24 +0100 Subject: [PATCH 077/988] Add sudo patch to pruflas --- hosts/pruflas/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/pruflas/default.nix b/hosts/pruflas/default.nix index 4d6b346..edafc29 100644 --- a/hosts/pruflas/default.nix +++ b/hosts/pruflas/default.nix @@ -1,4 +1,5 @@ { config, pkgs, lib, ... }: +with lib; let hostName = "pruflas"; this = import ../.. { inherit pkgs; }; @@ -9,6 +10,8 @@ let }; in { + nixpkgs.overlays = [ this.overlays.sudo ]; + imports = [ this.profiles.base ]; nix = { From bb37feb2302cdc232d2640f8c32f2ac7f4d2ee85 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 22:27:53 +0100 Subject: [PATCH 078/988] Enable VIM mouse support --- modules/home/vim/vimrc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index 3538ae9..6301158 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -45,6 +45,8 @@ set wrap set linebreak set nolist " list disables linebreak +set mouse=a + " Enable syntax highlighting syntax enable From 9d1b8ae533f982f149e8b7e4aff40603c3799f0c Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 23:48:48 +0100 Subject: [PATCH 079/988] Enable easier text selection in tmux --- modules/home/tmux.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home/tmux.nix b/modules/home/tmux.nix index 46dfd73..aa3e4cc 100644 --- a/modules/home/tmux.nix +++ b/modules/home/tmux.nix @@ -12,6 +12,10 @@ in enable = true; terminal = "xterm-256color"; extraConfig = '' + set -g mouse on + set -g set-clipboard on + bind-key -Tcopy-mode v send -X begin-selection + bind-key -Tcopy-mode y send -X copy-selection set -g status on set-option -g set-titles on set-option -g automatic-rename on From 04f3af3fa61b60964328a82bed37cbf18b3c03cc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Jan 2021 23:55:34 +0100 Subject: [PATCH 080/988] Sync vim copy-paste buffer with system --- modules/home/vim/vimrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index 6301158..fabd394 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -16,7 +16,7 @@ set wildmenu set hidden " Clipboard copy & paste -"set clipboard=unnamedplus +set clipboard=unnamedplus " Always show current position set ruler From 5d52018e3684c8794b8a275abef04876e5aee5d0 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 1 Feb 2021 23:09:40 +0100 Subject: [PATCH 081/988] Add filetype config for Perl and Bash --- pkgs/vimPlugins/filetype/ftplugin/bash.vim | 3 +++ pkgs/vimPlugins/filetype/ftplugin/perl.vim | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 pkgs/vimPlugins/filetype/ftplugin/bash.vim create mode 100644 pkgs/vimPlugins/filetype/ftplugin/perl.vim diff --git a/pkgs/vimPlugins/filetype/ftplugin/bash.vim b/pkgs/vimPlugins/filetype/ftplugin/bash.vim new file mode 100644 index 0000000..51f2b56 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/bash.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/perl.vim b/pkgs/vimPlugins/filetype/ftplugin/perl.vim new file mode 100644 index 0000000..51f2b56 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/perl.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 From b6a929c338ad3509278b4f78a8cf02e0938a2552 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 1 Feb 2021 23:14:38 +0100 Subject: [PATCH 082/988] Enable shellcheck and perlcritic --- modules/home/vim/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix index ff90179..31178b2 100644 --- a/modules/home/vim/default.nix +++ b/modules/home/vim/default.nix @@ -34,6 +34,8 @@ in home.packages = with pkgs; [ languagetool nixpkgs-fmt + shellcheck + perl530Packages.PerlCritic ]; }; } From 9e1f423048ff17907c03415ac3b759ccaafb252b Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 23 Feb 2021 10:19:09 +0100 Subject: [PATCH 083/988] Enable docker --- hosts/gorgon/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 2095890..9f3083f 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -16,9 +16,11 @@ in virtualisation = { libvirtd.enable = true; - docker.enable = false; + docker.enable = true; }; + virtualisation.docker.extraOptions = "--bip=192.168.1.5/24"; + networking.hostName = "gorgon"; dadada = { From d143afc023d9233bcdb673180bf4c00682786bf3 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 8 Mar 2021 10:08:22 +0100 Subject: [PATCH 084/988] Sync --- hosts/gorgon/home/default.nix | 1 - hosts/gorgon/home/pkgs.nix | 8 +++++--- modules/home/gtk.nix | 2 +- modules/home/vim/vimrc | 1 + modules/home/xdg.nix | 2 +- modules/profiles/laptop/default.nix | 2 +- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 6541c9b..74b1d5d 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -19,7 +19,6 @@ let in { nixpkgs.overlays = [ - this.overlays.tubslatex this.overlays.dadadaScripts ]; diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index b7cf221..fa2f1fc 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -18,7 +18,7 @@ with pkgs; [ evince ffmpeg file - firefox-bin + firefox fractal fzf gimp @@ -37,6 +37,7 @@ with pkgs; [ inotify-tools irssi jameica + jupyter jq kcachegrind keepassxc @@ -47,6 +48,7 @@ with pkgs; [ libreoffice libvirt lsof + manpages mblaze mkpasswd mpv @@ -74,11 +76,11 @@ with pkgs; [ steam tcpdump tdesktop - tubslatex - thunderbird-bin + thunderbird unzip usbutils virtmanager + vscodium whois wireshark xdg_utils diff --git a/modules/home/gtk.nix b/modules/home/gtk.nix index 8c47571..779dfd3 100644 --- a/modules/home/gtk.nix +++ b/modules/home/gtk.nix @@ -19,7 +19,7 @@ in }; qt = { enable = true; - platformTheme = "gtk"; + platformTheme = "gnome"; }; }; } diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index fabd394..0bc8a24 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -93,6 +93,7 @@ nmap bb :Buffers nmap bl :Buffers nmap bn :bnext nmap bp :bprevious +nmap bd :bdelete nmap ll :Lines nmap mm :Marks diff --git a/modules/home/xdg.nix b/modules/home/xdg.nix index 8cba909..f3014b6 100644 --- a/modules/home/xdg.nix +++ b/modules/home/xdg.nix @@ -42,7 +42,7 @@ in }; }; home.packages = with pkgs; [ - firefox-bin + firefox xdg_utils zathura ]; diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index 0c28c29..d52ab8a 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: with lib; { - nixpkgs.overlays = attrValues (import ../../../overlays); + #nixpkgs.overlays = attrValues (import ../../../overlays); boot.kernelPackages = pkgs.linuxPackages_latest; From 359be73973bfddef8bc3f43a05b6fb253e158884 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 12 Mar 2021 11:26:31 +0100 Subject: [PATCH 085/988] Enable backup on gorgon --- hosts/gorgon/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 9f3083f..4564dce 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -35,6 +35,10 @@ in enableBsShare = true; vpnExtension = "3"; }; + backupClient = { + enable = true; + bs = true; + }; }; boot.kernel.sysctl = { From 66fdba6e77f1ea26fbc26420a02d7b78661180ee Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 12 Mar 2021 15:46:37 +0100 Subject: [PATCH 086/988] Fix default font on hidpi --- modules/profiles/laptop/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index d52ab8a..ee5f6bc 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -23,10 +23,8 @@ with lib; time.timeZone = mkDefault "Europe/Berlin"; i18n.defaultLocale = mkDefault "en_US.UTF-8"; - console = mkDefault { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; + + console.keyMap = mkDefault "us"; programs.zsh = mkDefault { enable = true; From 90e51c3455e62168660a6d4155a62c667bdb3922 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 12 Mar 2021 22:39:12 +0100 Subject: [PATCH 087/988] Remove user tim.schubert --- hosts/gorgon/default.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 4564dce..a84b807 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -101,12 +101,6 @@ in extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; shell = "/run/current-system/sw/bin/zsh"; }; - - "tim.schubert" = { - isNormalUser = true; - extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; - shell = "/run/current-system/sw/bin/zsh"; - }; }; networking.hosts = { From 8d3acd5270e7e1caea4aeb99b51b990afb345066 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 13 Mar 2021 14:08:07 +0100 Subject: [PATCH 088/988] Make users mutable on laptop --- modules/admin.nix | 4 ++-- modules/profiles/laptop/default.nix | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/admin.nix b/modules/admin.nix index 198d409..e9807b2 100644 --- a/modules/admin.nix +++ b/modules/admin.nix @@ -31,8 +31,6 @@ in services.openssh.passwordAuthentication = false; security.sudo.wheelNeedsPassword = false; - users.mutableUsers = false; - users.users = mapAttrs (user: keys: ( { @@ -42,6 +40,8 @@ in })) cfg.users; + users.mutableUsers = mkDefault false; + networking.firewall.allowedTCPPorts = [ 22 ]; environment.systemPackages = with pkgs; [ diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index ee5f6bc..5a7ec7e 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -26,6 +26,8 @@ with lib; console.keyMap = mkDefault "us"; + users.mutableUsers = true; + programs.zsh = mkDefault { enable = true; autosuggestions.enable = true; From 950b23bc40ac5cc8954849c4b94eb03fd94dc8bb Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Mar 2021 21:37:51 +0100 Subject: [PATCH 089/988] Add recipemd --- default.nix | 1 + hosts/gorgon/home/default.nix | 2 + hosts/gorgon/home/pkgs.nix | 1 + overlays/default.nix | 4 ++ overlays/python3-packages.nix | 6 +++ pkgs/python-pkgs/default.nix | 4 ++ pkgs/python-pkgs/recipemd/default.nix | 74 +++++++++++++++++++++++++++ 7 files changed, 92 insertions(+) create mode 100644 overlays/python3-packages.nix create mode 100644 pkgs/python-pkgs/default.nix create mode 100644 pkgs/python-pkgs/recipemd/default.nix diff --git a/default.nix b/default.nix index b358736..03584a0 100644 --- a/default.nix +++ b/default.nix @@ -16,5 +16,6 @@ rec { keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; deploy = callPackage ./pkgs/deploy.nix { }; + recipemd = python3.pkgs.toPythonApplication (python3Packages.callPackage ./pkgs/recipemd { }); scripts = callPackage ./pkgs/scripts.nix { }; } diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 74b1d5d..afa28c7 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -20,6 +20,8 @@ in { nixpkgs.overlays = [ this.overlays.dadadaScripts + this.overlays.python3Packages + this.overlays.recipemd ]; imports = lib.attrValues this.hmModules; diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index fa2f1fc..5d95dee 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -69,6 +69,7 @@ with pkgs; [ python38Packages.dateutil python38Packages.managesieve python38Packages.solo-python + recipemd signal-desktop slurp sqlite diff --git a/overlays/default.nix b/overlays/default.nix index ea39702..848f0e1 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -10,4 +10,8 @@ dadadaScripts = super.callPackage ../pkgs/scripts.nix { }; }; sudo = import ./sudo.nix; + python3Packages = import ./python3-packages.nix; + recipemd = self: super: { + recipemd = super.python3Packages.toPythonApplication super.python3Packages.recipemd; + }; } diff --git a/overlays/python3-packages.nix b/overlays/python3-packages.nix new file mode 100644 index 0000000..9d3ddde --- /dev/null +++ b/overlays/python3-packages.nix @@ -0,0 +1,6 @@ +self: super: +{ + python3Packages = super.python3Packages // super.recurseIntoAttrs ( + super.python3Packages.callPackage ../pkgs/python-pkgs { } + ); +} diff --git a/pkgs/python-pkgs/default.nix b/pkgs/python-pkgs/default.nix new file mode 100644 index 0000000..7c10127 --- /dev/null +++ b/pkgs/python-pkgs/default.nix @@ -0,0 +1,4 @@ +{ callPackage }: +{ + recipemd = callPackage ./recipemd { }; +} diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix new file mode 100644 index 0000000..4c0c41a --- /dev/null +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -0,0 +1,74 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pytestCheckHook +, python3Packages +}: + +buildPythonPackage rec { + pname = "recipemd"; + version = "4.0.5"; + + disabled = false; # requires python version >=3.7,<4 + + src = fetchFromGitHub { + owner = "tstehr"; + repo = "RecipeMD"; + rev = "v${version}"; + sha256 = "17ph5gnbrx6159cryjlpkkp15gvazvxgm6ixcmrbdmsg6rgyqcpn"; + }; + + # # Package conditions to handle + # # might have to sed setup.py and egg.info in patchPhase + # # sed -i "s/...//" + # # Extra packages (may not be necessary) + # pytest-cov==2.8.1 # tests + # tox==3.20.1 # tests + # Sphinx==2.2.2 # docs + # m2r==0.2.1 # docs + # sphinxcontrib.fulltoc==1.2.0 # docs + # sphinxcontrib.autoprogram==0.1.5 # docs + # sphinx_autodoc_typehints==1.10.3 # docs + # sphinxcontrib.apidoc==0.3.0 # docs + # sphinx-autobuild==0.7.1 # docs + # twine==3.1.1 # release + # pytest==5.3.1 # dev + # pytest-cov==2.8.1 # dev + # tox==3.20.1 # dev + # Sphinx==2.2.2 # dev + # m2r==0.2.1 # dev + # sphinxcontrib.fulltoc==1.2.0 # dev + # sphinxcontrib.autoprogram==0.1.5 # dev + # sphinx_autodoc_typehints==1.10.3 # dev + # sphinxcontrib.apidoc==0.3.0 # dev + # sphinx-autobuild==0.7.1 # dev + # twine==3.1.1 # dev + + patchPhase = '' + # Override yarl version + sed -i 's/argcomplete~=1.10.0/yarl~=1.0/' setup.py + sed -i 's/yarl~=1.3.0/yarl~=1.0/' setup.py + ''; + + propagatedBuildInputs = with python3Packages; [ + dataclasses-json + yarl + CommonMark + argcomplete + pyparsing + ]; + + checkInputs = [ + pytestCheckHook + python3Packages.pytestcov + ]; + + doCheck = true; + + meta = with lib; { + description = "Markdown recipe manager, reference implementation of RecipeMD"; + homepage = https://recipemd.org; + license = [ licenses.lgpl3Only ]; + maintainers = [ maintainers.dadada ]; + }; +} From 5297979b92faf0096f854f7b45f9fc63e543bcfb Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Mar 2021 22:18:22 +0100 Subject: [PATCH 090/988] Add pythonPackages --- default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/default.nix b/default.nix index 03584a0..7e6d97a 100644 --- a/default.nix +++ b/default.nix @@ -12,6 +12,8 @@ rec { hosts = import ./hosts; + pythonPackages = ./pkgs/python-pkgs; + tubslatex = callPackage ./pkgs/tubslatex { }; keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; From 7bccc0b7efe120d19afa4f076598b5bcc61a445f Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 15 Mar 2021 18:13:16 +0100 Subject: [PATCH 091/988] Update recipemd package --- pkgs/python-pkgs/recipemd/default.nix | 41 ++++++--------------------- 1 file changed, 8 insertions(+), 33 deletions(-) diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix index 4c0c41a..39937fd 100644 --- a/pkgs/python-pkgs/recipemd/default.nix +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -2,14 +2,16 @@ , buildPythonPackage , fetchFromGitHub , pytestCheckHook -, python3Packages +, pythonPackages +, isPy36 +, isPy27 }: buildPythonPackage rec { pname = "recipemd"; version = "4.0.5"; - disabled = false; # requires python version >=3.7,<4 + disabled = isPy36 || isPy27; src = fetchFromGitHub { owner = "tstehr"; @@ -18,49 +20,22 @@ buildPythonPackage rec { sha256 = "17ph5gnbrx6159cryjlpkkp15gvazvxgm6ixcmrbdmsg6rgyqcpn"; }; - # # Package conditions to handle - # # might have to sed setup.py and egg.info in patchPhase - # # sed -i "s/...//" - # # Extra packages (may not be necessary) - # pytest-cov==2.8.1 # tests - # tox==3.20.1 # tests - # Sphinx==2.2.2 # docs - # m2r==0.2.1 # docs - # sphinxcontrib.fulltoc==1.2.0 # docs - # sphinxcontrib.autoprogram==0.1.5 # docs - # sphinx_autodoc_typehints==1.10.3 # docs - # sphinxcontrib.apidoc==0.3.0 # docs - # sphinx-autobuild==0.7.1 # docs - # twine==3.1.1 # release - # pytest==5.3.1 # dev - # pytest-cov==2.8.1 # dev - # tox==3.20.1 # dev - # Sphinx==2.2.2 # dev - # m2r==0.2.1 # dev - # sphinxcontrib.fulltoc==1.2.0 # dev - # sphinxcontrib.autoprogram==0.1.5 # dev - # sphinx_autodoc_typehints==1.10.3 # dev - # sphinxcontrib.apidoc==0.3.0 # dev - # sphinx-autobuild==0.7.1 # dev - # twine==3.1.1 # dev - patchPhase = '' - # Override yarl version sed -i 's/argcomplete~=1.10.0/yarl~=1.0/' setup.py sed -i 's/yarl~=1.3.0/yarl~=1.0/' setup.py ''; - propagatedBuildInputs = with python3Packages; [ - dataclasses-json - yarl + propagatedBuildInputs = with pythonPackages; [ CommonMark argcomplete + dataclasses-json pyparsing + yarl ]; checkInputs = [ pytestCheckHook - python3Packages.pytestcov + pythonPackages.pytestcov ]; doCheck = true; From f760a9e002210e1c0c6a2fe064651e6f8ec0c19f Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 16 Mar 2021 14:27:05 +0100 Subject: [PATCH 092/988] Make NFS share readonly --- modules/fileShare.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index d16e517..e8b8907 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -19,7 +19,7 @@ in workgroup = WORKGROUP server string = media netbios name = media - security = user + security = user #use sendfile = yes #max protocol = smb2 hosts allow = ${allow} localhost @@ -31,7 +31,7 @@ in public = { path = sharePath; browseable = "yes"; - "read only" = "no"; + "read only" = "yes"; "guest ok" = "yes"; "create mask" = "0644"; "directory mask" = "0755"; From 093787784286395fb67cd2be3961184f8b7f6049 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 16 Mar 2021 14:55:42 +0100 Subject: [PATCH 093/988] Update reserved names of default.nix --- overlay.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/overlay.nix b/overlay.nix index 490f56c..793725a 100644 --- a/overlay.nix +++ b/overlay.nix @@ -1,6 +1,14 @@ self: super: let - isReserved = n: n == "lib" || n == "overlays" || n == "modules"; + isReserved = n: builtins.elem n [ + "lib" + "hosts" + "hmModules" + "modules" + "overlays" + "profiles" + "pythonPackages" + ]; nameValuePair = n: v: { name = n; value = v; }; attrs = import ./default.nix { pkgs = super; }; in From 5a12fd3a96ed34d2c649f35c1f3fea9cb791f169 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 16 Mar 2021 14:56:36 +0100 Subject: [PATCH 094/988] Remove hmModules --- default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/default.nix b/default.nix index 7e6d97a..421a7bf 100644 --- a/default.nix +++ b/default.nix @@ -8,7 +8,6 @@ rec { overlays = import ./overlays; profiles = import ./modules/profiles; - hmProfiles = import ./modules/home/profiles; hosts = import ./hosts; From eb8725974717b59c90a1d7a18b622bdc33d1fac7 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 16 Mar 2021 14:59:22 +0100 Subject: [PATCH 095/988] Fix link to recipemd --- default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.nix b/default.nix index 421a7bf..8eb38d4 100644 --- a/default.nix +++ b/default.nix @@ -17,6 +17,6 @@ rec { keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; deploy = callPackage ./pkgs/deploy.nix { }; - recipemd = python3.pkgs.toPythonApplication (python3Packages.callPackage ./pkgs/recipemd { }); + recipemd = python3.pkgs.toPythonApplication (python3Packages.callPackage ./pkgs/python-pkgs/recipemd { }); scripts = callPackage ./pkgs/scripts.nix { }; } From 3ee34dbdc274847aaac007bebc38a934ed61b46b Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 18 Mar 2021 19:28:36 +0100 Subject: [PATCH 096/988] Fix content remaining in copy-paste buffers --- modules/home/kitty/config | 15 ++++++++++++++- modules/home/tmux.nix | 9 +++++---- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/modules/home/kitty/config b/modules/home/kitty/config index fda05dc..63b8b01 100644 --- a/modules/home/kitty/config +++ b/modules/home/kitty/config @@ -1,4 +1,17 @@ -enable_audio_bell = false; +copy_on_select no +clipboard_control no-append +allow_hyperlinks yes +detect_urls yes +strip_trailing_spaces never +window_alert_on_bell yes +enable_audio_bell = yes +bell_on_tab yes +tab_bar_style hidden +scrollback_lines 0 + +map ctrl+shift+v no_op +map ctrl+shift+p no_op + background #1f2022 foreground #a3a3a3 selection_background #a3a3a3 diff --git a/modules/home/tmux.nix b/modules/home/tmux.nix index aa3e4cc..5cd465e 100644 --- a/modules/home/tmux.nix +++ b/modules/home/tmux.nix @@ -12,14 +12,15 @@ in enable = true; terminal = "xterm-256color"; extraConfig = '' + set -g automatic-rename on + set -g mode-keys vi set -g mouse on set -g set-clipboard on + set -g set-titles on + set -g status on + set-window-option -g mode-keys vi bind-key -Tcopy-mode v send -X begin-selection bind-key -Tcopy-mode y send -X copy-selection - set -g status on - set-option -g set-titles on - set-option -g automatic-rename on - set-window-option -g mode-keys vi ''; }; }; From b498fd2ba00497b7db10679336e78a4ae23262f6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 20 Mar 2021 14:25:56 +0100 Subject: [PATCH 097/988] Add php stuff --- hosts/gorgon/home/pkgs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 5d95dee..f3a3589 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -12,6 +12,7 @@ with pkgs; [ chromium clang clang-tools + php74Packages.composer darcs direnv element-desktop @@ -61,6 +62,7 @@ with pkgs; [ p7zip pass pavucontrol + jetbrains.phpstorm pinentry-gnome playerctl pwgen From cd21dba1372572f14f3220ac6294e9ec82835d60 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 20 Mar 2021 14:26:11 +0100 Subject: [PATCH 098/988] Fix copy-paste in tmux --- modules/home/kitty/config | 11 ++++++++--- modules/home/kitty/default.nix | 5 +---- modules/home/tmux.nix | 4 +--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/home/kitty/config b/modules/home/kitty/config index 63b8b01..4f068db 100644 --- a/modules/home/kitty/config +++ b/modules/home/kitty/config @@ -1,16 +1,21 @@ +font_family Source Code Pro +font_size 10 +bold_font auto +italic_font auto +bold_italic_font auto copy_on_select no -clipboard_control no-append +clipboard_control read-clipboard write-clipboard no-append allow_hyperlinks yes detect_urls yes strip_trailing_spaces never window_alert_on_bell yes -enable_audio_bell = yes +enable_audio_bell yes bell_on_tab yes tab_bar_style hidden scrollback_lines 0 map ctrl+shift+v no_op -map ctrl+shift+p no_op +map ctrl+shift+c no_op background #1f2022 foreground #a3a3a3 diff --git a/modules/home/kitty/default.nix b/modules/home/kitty/default.nix index f968712..0486988 100644 --- a/modules/home/kitty/default.nix +++ b/modules/home/kitty/default.nix @@ -10,11 +10,8 @@ in config = mkIf cfg.enable { programs.kitty = { enable = true; - font = { - package = pkgs.source-code-pro; - name = "Source Code Pro 8"; - }; extraConfig = builtins.readFile ./config; }; + home.packages = [ pkgs.source-code-pro ]; }; } diff --git a/modules/home/tmux.nix b/modules/home/tmux.nix index 5cd465e..6654ccc 100644 --- a/modules/home/tmux.nix +++ b/modules/home/tmux.nix @@ -15,12 +15,10 @@ in set -g automatic-rename on set -g mode-keys vi set -g mouse on - set -g set-clipboard on + set -g set-clipboard external set -g set-titles on set -g status on set-window-option -g mode-keys vi - bind-key -Tcopy-mode v send -X begin-selection - bind-key -Tcopy-mode y send -X copy-selection ''; }; }; From d2d58a7612b886f8df27e6a78ab1a65de82eb3d5 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 20 Mar 2021 15:28:15 +0100 Subject: [PATCH 099/988] Switch from kitty to alacritty --- hosts/gorgon/home/default.nix | 2 +- hosts/gorgon/work/default.nix | 2 +- modules/home/alacritty/default.nix | 69 ++++++++++++++++++++++++++++++ modules/home/default.nix | 1 + modules/home/kitty/config | 12 +++--- 5 files changed, 78 insertions(+), 8 deletions(-) create mode 100644 modules/home/alacritty/default.nix diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index afa28c7..16ef69b 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -2,12 +2,12 @@ let this = import ../../.. { inherit pkgs; }; useFeatures = [ + "alacritty" "vim" "direnv" "git" "gpg" "gtk" - "kitty" "keyring" "ssh" "sway" diff --git a/hosts/gorgon/work/default.nix b/hosts/gorgon/work/default.nix index a7e0fb0..fcdfdcd 100644 --- a/hosts/gorgon/work/default.nix +++ b/hosts/gorgon/work/default.nix @@ -12,7 +12,7 @@ in gpg.enable = true; gtk.enable = true; keyring.enable = true; - kitty.enable = true; + alacritty.enable = true; ssh.enable = true; tmux.enable = true; xdg.enable = true; diff --git a/modules/home/alacritty/default.nix b/modules/home/alacritty/default.nix new file mode 100644 index 0000000..8c9c5b5 --- /dev/null +++ b/modules/home/alacritty/default.nix @@ -0,0 +1,69 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.dadada.home.alacritty; +in +{ + options.dadada.home.alacritty = { + enable = mkEnableOption "Enable alacritty config"; + }; + config = mkIf cfg.enable { + programs.alacritty = { + enable = true; + settings = { + scrolling.history = 0; + font.size = 9; + shell.program = "tmux"; + window.decorations = "none"; + colors = { + # Base16 Spacemacs 256 - alacritty color config + # Nasser Alshammari (https://github.com/nashamri/spacemacs-theme) + # Default colors + primary = { + background = "0x1f2022"; + foreground = "0xa3a3a3"; + }; + + # Colors the cursor will use if `custom_cursor_colors` is true + cursor = { + text = "0x1f2022"; + cursor = "0xa3a3a3"; + }; + + # Normal colors + normal = { + black = "0x1f2022"; + red = "0xf2241f"; + green = "0x67b11d"; + yellow = "0xb1951d"; + blue = "0x4f97d7"; + magenta = "0xa31db1"; + cyan = "0x2d9574"; + white = "0xa3a3a3"; + }; + + # Bright colors + bright = { + black = "0x585858"; + red = "0xf2241f"; + green = "0x67b11d"; + yellow = "0xb1951d"; + blue = "0x4f97d7"; + magenta = "0xa31db1"; + cyan = "0x2d9574"; + white = "0xf8f8f8"; + }; + + indexed_colors = [ + { index = 16; color = "0xffa500"; } + { index = 17; color = "0xb03060"; } + { index = 18; color = "0x282828"; } + { index = 19; color = "0x444155"; } + { index = 20; color = "0xb8b8b8"; } + { index = 21; color = "0xe8e8e8"; } + ]; + }; + }; + }; + }; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index cb610f8..17d41d6 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,4 +1,5 @@ { + alacritty = ./alacritty; colors = ./colors.nix; direnv = ./direnv.nix; fish = ./fish.nix; diff --git a/modules/home/kitty/config b/modules/home/kitty/config index 4f068db..4c73ef6 100644 --- a/modules/home/kitty/config +++ b/modules/home/kitty/config @@ -1,18 +1,18 @@ -font_family Source Code Pro -font_size 10 +font_family monospace +font_size 9 bold_font auto italic_font auto bold_italic_font auto copy_on_select no -clipboard_control read-clipboard write-clipboard no-append +clipboard_control no-append write-clipboard read-clipboard allow_hyperlinks yes detect_urls yes strip_trailing_spaces never window_alert_on_bell yes enable_audio_bell yes bell_on_tab yes -tab_bar_style hidden -scrollback_lines 0 +tab_bar_style hide +scrollback_lines 20000 map ctrl+shift+v no_op map ctrl+shift+c no_op @@ -59,4 +59,4 @@ color19 #444155 color20 #b8b8b8 color21 #e8e8e8 -shell tmux +#shell tmux From 13b59363d52fde1164c6cd6ff0939c38979f6da5 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 11:38:28 +0100 Subject: [PATCH 100/988] Add ghostscript to systemPackages --- hosts/gorgon/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index a84b807..2cf0951 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -65,6 +65,8 @@ in ]; }; + environment.systemPackages = [ pkgs.ghostscript ]; + hardware = { bluetooth.enable = true; pulseaudio = { From f2bd7594939dfb638dbb48c3a58bb195ddd720d0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 18:12:54 +0100 Subject: [PATCH 101/988] Add evolution --- hosts/gorgon/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index f3a3589..98f0e43 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -17,6 +17,7 @@ with pkgs; [ direnv element-desktop evince + gnome3.evolution ffmpeg file firefox From 405888988de4428a653f9a0c330915730a53e50d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 18:13:09 +0100 Subject: [PATCH 102/988] Adapt firewall --- hosts/ifrit/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 8209920..4281542 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -123,16 +123,12 @@ in 443 # HTTP(S) 111 2049 # NFS - 137 - 138 139 445 # SMB ]; allowedUDPPorts = [ 137 138 - 139 - 445 # SMB 111 2049 # NFS 51234 # Wireguard From 77e62d58a757a5a6a8ddad4b624c27461dd72acb Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 21:35:53 +0100 Subject: [PATCH 103/988] samba: fix allowlist --- modules/fileShare.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index e8b8907..33de357 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -5,7 +5,7 @@ let sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; - allow = "192.168.42.0 fd42:dead:beef::"; + allow = "192.168.42. fd42:dead:beef::"; in { options.dadada.fileShare = { From 463041dfa982f3ba031cc7764376ebd17b230c19 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 21:51:59 +0100 Subject: [PATCH 104/988] samba: fix min_protocol --- modules/fileShare.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index 33de357..e37c341 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -22,6 +22,7 @@ in security = user #use sendfile = yes #max protocol = smb2 + min protocol = SMB3 hosts allow = ${allow} localhost hosts deny = 0.0.0.0/0 guest account = nobody From 44495608b9f9dfa86a0d45a3678293e7d3d4bac2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 22:08:43 +0100 Subject: [PATCH 105/988] samba: fixup --- modules/fileShare.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index e37c341..1c5a1d5 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -5,7 +5,7 @@ let sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; - allow = "192.168.42. fd42:dead:beef::"; + allow = "192.168.42 fd42:dead:beef::"; in { options.dadada.fileShare = { From 77252690ca5e680222eff9cffc055fb9ac203eb6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 22:17:51 +0100 Subject: [PATCH 106/988] samba: fixup --- modules/fileShare.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index 1c5a1d5..ed64b11 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -5,7 +5,7 @@ let sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; - allow = "192.168.42 fd42:dead:beef::"; + allow = "192.168.42. fd42:dead:beef::"; in { options.dadada.fileShare = { @@ -24,7 +24,6 @@ in #max protocol = smb2 min protocol = SMB3 hosts allow = ${allow} localhost - hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; From 9fdfd91d4ec290857440913b5e438bac80eec43a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 22:22:21 +0100 Subject: [PATCH 107/988] samba: fixup --- modules/fileShare.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index ed64b11..19116d4 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -23,7 +23,6 @@ in #use sendfile = yes #max protocol = smb2 min protocol = SMB3 - hosts allow = ${allow} localhost guest account = nobody map to guest = bad user ''; From 88ab6a38aec8412e600d867aa4f4c78f85cb9cf0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 22:24:02 +0100 Subject: [PATCH 108/988] samba: fixup --- modules/fileShare.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index 19116d4..c156808 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -22,7 +22,7 @@ in security = user #use sendfile = yes #max protocol = smb2 - min protocol = SMB3 + min protocol = SMB2 guest account = nobody map to guest = bad user ''; From d67ea4585cb2d2686b3f17c9594764d8814f6ed4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 22:32:34 +0100 Subject: [PATCH 109/988] samba: fixup --- modules/fileShare.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index c156808..8fa57d8 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -20,9 +20,6 @@ in server string = media netbios name = media security = user - #use sendfile = yes - #max protocol = smb2 - min protocol = SMB2 guest account = nobody map to guest = bad user ''; From 42113468aaf2c7bbdbd36b64d206a2434c5e2d7e Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 Mar 2021 22:58:10 +0100 Subject: [PATCH 110/988] samba: fixup --- modules/fileShare.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/fileShare.nix b/modules/fileShare.nix index 8fa57d8..d8b36d9 100644 --- a/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -5,7 +5,6 @@ let sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; - allow = "192.168.42. fd42:dead:beef::"; in { options.dadada.fileShare = { @@ -29,10 +28,11 @@ in browseable = "yes"; "read only" = "yes"; "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "username"; - "force group" = "groupname"; + "guest only" = "yes"; + "create mask" = "0660"; + "directory mask" = "2770"; + "force user" = "nobody"; + "force group" = "nobody"; }; }; }; From 5449f8abc50f6ea3c45ad0532517b2a2deb9cc40 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 30 Mar 2021 19:55:34 +0200 Subject: [PATCH 111/988] Reduce number of old generations kept by default --- modules/update.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/update.nix b/modules/update.nix index ace1c03..84e5145 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -16,7 +16,7 @@ in gc = { automatic = true; dates = "weekly"; - options = "--delete-older-than 30d"; + options = "--delete-older-than 7d"; }; }; From 1175edd77a4a2cea94f40933ba0c82bb6056205d Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 1 Apr 2021 18:05:17 +0200 Subject: [PATCH 112/988] Enable gs backup on gorgon --- hosts/gorgon/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 2cf0951..bb79374 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -38,6 +38,7 @@ in backupClient = { enable = true; bs = true; + gs = true; }; }; From 98d20da14bf2964a4d2e2d6da97111e4a7098788 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:10:26 +0200 Subject: [PATCH 113/988] Disable GS backup because of failing mount unit --- hosts/gorgon/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index bb79374..0273041 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -38,7 +38,7 @@ in backupClient = { enable = true; bs = true; - gs = true; + gs = false; }; }; From 075ad734c23f893f0302d58cfec61f3f7fc4daf5 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:11:00 +0200 Subject: [PATCH 114/988] Switch to xwayland backend for Firefox --- hosts/gorgon/home/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 16ef69b..97bf2e2 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -35,7 +35,6 @@ in MAILDIR = "\$HOME/.var/mail"; MBLAZE = "\$HOME/.config/mblaze"; NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; - MOZ_ENABLE_WAYLAND = "1"; }; }; }; From 9513f5883a5f4e2b26f0c1aeeddfa36314024c28 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:11:55 +0200 Subject: [PATCH 115/988] Remove phpstorm from home packages --- hosts/gorgon/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 98f0e43..6c38b3a 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -63,7 +63,6 @@ with pkgs; [ p7zip pass pavucontrol - jetbrains.phpstorm pinentry-gnome playerctl pwgen From 398bcc77e1e16c3a0b4f27fa552a7e8532bfefca Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:12:09 +0200 Subject: [PATCH 116/988] Add ripgrep to env --- hosts/gorgon/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 6c38b3a..9483dba 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -72,6 +72,7 @@ with pkgs; [ python38Packages.managesieve python38Packages.solo-python recipemd + ripgrep signal-desktop slurp sqlite From 9ec46714207d84dcaaeaf1aa3bd142e53043384e Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:12:22 +0200 Subject: [PATCH 117/988] Switch to light theme --- modules/home/alacritty/default.nix | 105 +++++++++++++++++++---------- modules/home/gtk.nix | 2 +- modules/home/vim/vimrc | 4 +- 3 files changed, 72 insertions(+), 39 deletions(-) diff --git a/modules/home/alacritty/default.nix b/modules/home/alacritty/default.nix index 8c9c5b5..da90d35 100644 --- a/modules/home/alacritty/default.nix +++ b/modules/home/alacritty/default.nix @@ -15,54 +15,87 @@ in font.size = 9; shell.program = "tmux"; window.decorations = "none"; + # XTerm's default colors colors = { - # Base16 Spacemacs 256 - alacritty color config - # Nasser Alshammari (https://github.com/nashamri/spacemacs-theme) - # Default colors primary = { - background = "0x1f2022"; - foreground = "0xa3a3a3"; + background = "#ffffff"; + foreground = "#000000"; }; - # Colors the cursor will use if `custom_cursor_colors` is true cursor = { - text = "0x1f2022"; - cursor = "0xa3a3a3"; + text = "#ffffff"; + cursor = "#000000"; }; - - # Normal colors normal = { - black = "0x1f2022"; - red = "0xf2241f"; - green = "0x67b11d"; - yellow = "0xb1951d"; - blue = "0x4f97d7"; - magenta = "0xa31db1"; - cyan = "0x2d9574"; - white = "0xa3a3a3"; + black = "#000000"; + red = "#cd0000"; + green = "#00cd00"; + yellow = "#cdcd00"; + blue = "#0000ee"; + magenta = "#cd00cd"; + cyan = "#00cdcd"; + white = "#e5e5e5"; }; - # Bright colors bright = { - black = "0x585858"; - red = "0xf2241f"; - green = "0x67b11d"; - yellow = "0xb1951d"; - blue = "0x4f97d7"; - magenta = "0xa31db1"; - cyan = "0x2d9574"; - white = "0xf8f8f8"; + black = "#7f7f7f"; + red = "#ff0000"; + green = "#00ff00"; + yellow = "#ffff00"; + blue = "#5c5cff"; + magenta = "#ff00ff"; + cyan = "#00ffff"; + white = "#ffffff"; }; - - indexed_colors = [ - { index = 16; color = "0xffa500"; } - { index = 17; color = "0xb03060"; } - { index = 18; color = "0x282828"; } - { index = 19; color = "0x444155"; } - { index = 20; color = "0xb8b8b8"; } - { index = 21; color = "0xe8e8e8"; } - ]; }; + #colors = { + # # Base16 Spacemacs 256 - alacritty color config + # # Nasser Alshammari (https://github.com/nashamri/spacemacs-theme) + # # Default colors + # primary = { + # background = "0x1f2022"; + # foreground = "0xa3a3a3"; + # }; + + # # Colors the cursor will use if `custom_cursor_colors` is true + # cursor = { + # text = "0x1f2022"; + # cursor = "0xa3a3a3"; + # }; + + # # Normal colors + # normal = { + # black = "0x1f2022"; + # red = "0xf2241f"; + # green = "0x67b11d"; + # yellow = "0xb1951d"; + # blue = "0x4f97d7"; + # magenta = "0xa31db1"; + # cyan = "0x2d9574"; + # white = "0xa3a3a3"; + # }; + + # # Bright colors + # bright = { + # black = "0x585858"; + # red = "0xf2241f"; + # green = "0x67b11d"; + # yellow = "0xb1951d"; + # blue = "0x4f97d7"; + # magenta = "0xa31db1"; + # cyan = "0x2d9574"; + # white = "0xf8f8f8"; + # }; + + # indexed_colors = [ + # { index = 16; color = "0xffa500"; } + # { index = 17; color = "0xb03060"; } + # { index = 18; color = "0x282828"; } + # { index = 19; color = "0x444155"; } + # { index = 20; color = "0xb8b8b8"; } + # { index = 21; color = "0xe8e8e8"; } + # ]; + #}; }; }; }; diff --git a/modules/home/gtk.nix b/modules/home/gtk.nix index 779dfd3..6d10039 100644 --- a/modules/home/gtk.nix +++ b/modules/home/gtk.nix @@ -11,7 +11,7 @@ in gtk = { enable = true; theme.package = pkgs.gnome3.gnome-themes-extra; - theme.name = "Adwaita-dark"; + theme.name = "Adwaita"; iconTheme.package = pkgs.gnome3.adwaita-icon-theme; iconTheme.name = "Adwaita"; font.package = pkgs.cantarell-fonts; diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index 0bc8a24..3d11c48 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -56,8 +56,8 @@ endif set t_Co=256 -set background=dark -colorscheme spacemacs-theme +set background=light +"colorscheme spacemacs-theme " Use tabs for indent set smarttab From e28d0c2bc32f240cdf6a5e99f3f8d7dc7015dd85 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:12:39 +0200 Subject: [PATCH 118/988] recipemd: adapt to upstream changes --- pkgs/python-pkgs/recipemd/default.nix | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix index 39937fd..0b49d22 100644 --- a/pkgs/python-pkgs/recipemd/default.nix +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -1,6 +1,6 @@ { lib , buildPythonPackage -, fetchFromGitHub +, fetchPypi , pytestCheckHook , pythonPackages , isPy36 @@ -9,22 +9,16 @@ buildPythonPackage rec { pname = "recipemd"; - version = "4.0.5"; + version = "4.0.6"; disabled = isPy36 || isPy27; - src = fetchFromGitHub { - owner = "tstehr"; - repo = "RecipeMD"; - rev = "v${version}"; - sha256 = "17ph5gnbrx6159cryjlpkkp15gvazvxgm6ixcmrbdmsg6rgyqcpn"; + src = fetchPypi { + pname = pname; + version = version; + sha256 = "05c185bhrc72a9c3gvjy50npwn6cqml69slis2v4waqj31snps33"; }; - patchPhase = '' - sed -i 's/argcomplete~=1.10.0/yarl~=1.0/' setup.py - sed -i 's/yarl~=1.3.0/yarl~=1.0/' setup.py - ''; - propagatedBuildInputs = with pythonPackages; [ CommonMark argcomplete From 089a73bdb2227b669a75794da6959139843461c3 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 13 Apr 2021 22:41:28 +0200 Subject: [PATCH 119/988] Set font to Source Code Pro --- modules/home/alacritty/default.nix | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/modules/home/alacritty/default.nix b/modules/home/alacritty/default.nix index da90d35..2982817 100644 --- a/modules/home/alacritty/default.nix +++ b/modules/home/alacritty/default.nix @@ -8,11 +8,32 @@ in enable = mkEnableOption "Enable alacritty config"; }; config = mkIf cfg.enable { + home.packages = with pkgs; [ + jetbrains-mono + ]; programs.alacritty = { enable = true; settings = { scrolling.history = 0; - font.size = 9; + font = { + size = 8; + normal = { + family = "Source Code Pro"; + style = "Regular"; + }; + bold = { + family = "Source Code Pro"; + style = "Bold"; + }; + italic = { + family = "Source Code Pro"; + style = "Italic"; + }; + bold_italic = { + family = "Source Code Pro"; + style = "Bold Italic"; + }; + }; shell.program = "tmux"; window.decorations = "none"; # XTerm's default colors From 89d331cd951bf2cfc02fd83c97d82f74e4a89bd3 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 20 Apr 2021 21:33:17 +0200 Subject: [PATCH 120/988] Fix unbearable colors --- modules/home/alacritty/default.nix | 112 +++++++++++------------------ modules/home/gtk.nix | 2 +- modules/home/vim/vimrc | 4 +- 3 files changed, 43 insertions(+), 75 deletions(-) diff --git a/modules/home/alacritty/default.nix b/modules/home/alacritty/default.nix index 2982817..4e33f4f 100644 --- a/modules/home/alacritty/default.nix +++ b/modules/home/alacritty/default.nix @@ -8,15 +8,16 @@ in enable = mkEnableOption "Enable alacritty config"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - jetbrains-mono + fonts.fontconfig.enable = true; + home.packages = [ + pkgs.source-code-pro ]; programs.alacritty = { enable = true; settings = { scrolling.history = 0; font = { - size = 8; + size = 10; normal = { family = "Source Code Pro"; style = "Regular"; @@ -36,87 +37,54 @@ in }; shell.program = "tmux"; window.decorations = "none"; - # XTerm's default colors colors = { + # Base16 Spacemacs 256 - alacritty color config + # Nasser Alshammari (https://github.com/nashamri/spacemacs-theme) + # Default colors primary = { - background = "#ffffff"; - foreground = "#000000"; + background = "0x1f2022"; + foreground = "0xa3a3a3"; }; + # Colors the cursor will use if `custom_cursor_colors` is true cursor = { - text = "#ffffff"; - cursor = "#000000"; + text = "0x1f2022"; + cursor = "0xa3a3a3"; }; + + # Normal colors normal = { - black = "#000000"; - red = "#cd0000"; - green = "#00cd00"; - yellow = "#cdcd00"; - blue = "#0000ee"; - magenta = "#cd00cd"; - cyan = "#00cdcd"; - white = "#e5e5e5"; + black = "0x1f2022"; + red = "0xf2241f"; + green = "0x67b11d"; + yellow = "0xb1951d"; + blue = "0x4f97d7"; + magenta = "0xa31db1"; + cyan = "0x2d9574"; + white = "0xa3a3a3"; }; + # Bright colors bright = { - black = "#7f7f7f"; - red = "#ff0000"; - green = "#00ff00"; - yellow = "#ffff00"; - blue = "#5c5cff"; - magenta = "#ff00ff"; - cyan = "#00ffff"; - white = "#ffffff"; + black = "0x585858"; + red = "0xf2241f"; + green = "0x67b11d"; + yellow = "0xb1951d"; + blue = "0x4f97d7"; + magenta = "0xa31db1"; + cyan = "0x2d9574"; + white = "0xf8f8f8"; }; + + indexed_colors = [ + { index = 16; color = "0xffa500"; } + { index = 17; color = "0xb03060"; } + { index = 18; color = "0x282828"; } + { index = 19; color = "0x444155"; } + { index = 20; color = "0xb8b8b8"; } + { index = 21; color = "0xe8e8e8"; } + ]; }; - #colors = { - # # Base16 Spacemacs 256 - alacritty color config - # # Nasser Alshammari (https://github.com/nashamri/spacemacs-theme) - # # Default colors - # primary = { - # background = "0x1f2022"; - # foreground = "0xa3a3a3"; - # }; - - # # Colors the cursor will use if `custom_cursor_colors` is true - # cursor = { - # text = "0x1f2022"; - # cursor = "0xa3a3a3"; - # }; - - # # Normal colors - # normal = { - # black = "0x1f2022"; - # red = "0xf2241f"; - # green = "0x67b11d"; - # yellow = "0xb1951d"; - # blue = "0x4f97d7"; - # magenta = "0xa31db1"; - # cyan = "0x2d9574"; - # white = "0xa3a3a3"; - # }; - - # # Bright colors - # bright = { - # black = "0x585858"; - # red = "0xf2241f"; - # green = "0x67b11d"; - # yellow = "0xb1951d"; - # blue = "0x4f97d7"; - # magenta = "0xa31db1"; - # cyan = "0x2d9574"; - # white = "0xf8f8f8"; - # }; - - # indexed_colors = [ - # { index = 16; color = "0xffa500"; } - # { index = 17; color = "0xb03060"; } - # { index = 18; color = "0x282828"; } - # { index = 19; color = "0x444155"; } - # { index = 20; color = "0xb8b8b8"; } - # { index = 21; color = "0xe8e8e8"; } - # ]; - #}; }; }; }; diff --git a/modules/home/gtk.nix b/modules/home/gtk.nix index 6d10039..779dfd3 100644 --- a/modules/home/gtk.nix +++ b/modules/home/gtk.nix @@ -11,7 +11,7 @@ in gtk = { enable = true; theme.package = pkgs.gnome3.gnome-themes-extra; - theme.name = "Adwaita"; + theme.name = "Adwaita-dark"; iconTheme.package = pkgs.gnome3.adwaita-icon-theme; iconTheme.name = "Adwaita"; font.package = pkgs.cantarell-fonts; diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index 3d11c48..0bc8a24 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -56,8 +56,8 @@ endif set t_Co=256 -set background=light -"colorscheme spacemacs-theme +set background=dark +colorscheme spacemacs-theme " Use tabs for indent set smarttab From 6e540a51e3e0462e9a0306ce0556f20e9333f7d2 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 20 Apr 2021 21:33:54 +0200 Subject: [PATCH 121/988] Change VIM keybindings --- modules/home/vim/vimrc | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index 0bc8a24..8d02246 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -86,24 +86,23 @@ let mapleader = " " map pp :setlocal paste! " Fast saving -nmap w :w! +nmap w :w " Buffer switching -nmap bb :Buffers nmap bl :Buffers +nmap bd :bdelete nmap bn :bnext nmap bp :bprevious -nmap bd :bdelete +" List things +nmap hl :History/ nmap ll :Lines -nmap mm :Marks -nmap ww :Windows -nmap hh :History/ -nmap rr :reg +nmap ml :Marks +nmap rl :reg +nmap wl :Windows " finding files nmap ff :Files -nmap pp :FufDir set statusline+=%#warningmsg# set statusline+=%{SyntasticStatuslineFlag()} @@ -113,21 +112,23 @@ set statusline+=%* "let g:syntastic_auto_loc_list = 1 "let g:syntastic_check_on_open = 1 "let g:syntastic_check_on_wq = 0 -nmap sp :ALEFindReferences -nmap ss :ALESymbolSearch +nmap fr :ALEFindReferences nmap gd :ALEGoToDefinition -nmap ?? :ALEHover +nmap hh :ALEHover +nmap ss :ALESymbolSearch +nmap rn :ALERename +nmap rf :ALERefactor +nmap ca :ALE " Enable completion where available. " This setting must be set before ALE is loaded. let g:ale_completion_enabled = 1 - -let g:ale_fix_on_save = 1 - +let g:ale_fix_on_save = 0 let g:ale_warn_about_trailing_whitespace = 1 let g:ale_warn_about_trailing_lines = 1 let g:ale_completion_tsserver_autoimport = 1 let g:ale_languagetool_executable = 'languagetool-commandline' +let g:ale_set_quickfix = 1 "let g:ale_lint_on_text_changed = 'never' " You can disable this option too From ca0d3de7261905832f33c7e6158caff90c5d756f Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 20 Apr 2021 21:45:15 +0200 Subject: [PATCH 122/988] vim: bind ALEFix --- modules/home/vim/vimrc | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc index 8d02246..f7e85e9 100644 --- a/modules/home/vim/vimrc +++ b/modules/home/vim/vimrc @@ -119,6 +119,7 @@ nmap ss :ALESymbolSearch nmap rn :ALERename nmap rf :ALERefactor nmap ca :ALE +nmap fx :ALEFix " Enable completion where available. " This setting must be set before ALE is loaded. From 8b198550cb3aa27ae4e4a230b26573b1a0ab9e2a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 24 Apr 2021 14:30:33 +0200 Subject: [PATCH 123/988] Remove sudo overlay --- overlays/default.nix | 1 - overlays/sudo.nix | 11 ----------- 2 files changed, 12 deletions(-) delete mode 100644 overlays/sudo.nix diff --git a/overlays/default.nix b/overlays/default.nix index 848f0e1..b4ed4c4 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -9,7 +9,6 @@ dadadaScripts = self: super: { dadadaScripts = super.callPackage ../pkgs/scripts.nix { }; }; - sudo = import ./sudo.nix; python3Packages = import ./python3-packages.nix; recipemd = self: super: { recipemd = super.python3Packages.toPythonApplication super.python3Packages.recipemd; diff --git a/overlays/sudo.nix b/overlays/sudo.nix deleted file mode 100644 index 743931f..0000000 --- a/overlays/sudo.nix +++ /dev/null @@ -1,11 +0,0 @@ -self: super: -{ - sudo = super.sudo.overrideAttrs (old: rec { - pname = "sudo"; - version = "1.9.5p2"; - src = self.fetchurl { - url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - sha256 = "0y093z4f3822rc88g9asdch12nljdamp817vjxk04mca7ks2x7jk"; - }; - }); -} From 9f6cdf0db4bf937b1fb8f866675a990865f9f213 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 2 May 2021 14:21:07 +0200 Subject: [PATCH 124/988] update homepage --- pkgs/homePage/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix index 1de8811..c9fbee3 100644 --- a/pkgs/homePage/default.nix +++ b/pkgs/homePage/default.nix @@ -3,7 +3,7 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "dadada"; repo = "dadada.li"; - rev = "9aba585da873cd40808616f76b4bf40c1d12d3f5"; + rev = "9dcb016b71abefe5546bc118a618bba87295a859"; sha256 = "0k74kkrvbkxi129ch6yqr1gfmlxpb4661gh9hqhx8w6babsw2zg5"; }; nativeBuildInputs = [ pandoc ]; From f2c80100fee657b755a8ca67d744837eb6ce0d6e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 2 May 2021 14:23:49 +0200 Subject: [PATCH 125/988] update --- hosts/gorgon/home/default.nix | 5 +++-- hosts/gorgon/home/pkgs.nix | 12 +++++++----- pkgs/homePage/default.nix | 2 +- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 97bf2e2..d9c6321 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, unstable, lib, ... }: let this = import ../../.. { inherit pkgs; }; useFeatures = [ @@ -16,6 +16,7 @@ let "xdg" "zsh" ]; + unstable = import {}; in { nixpkgs.overlays = [ @@ -59,5 +60,5 @@ in # Let Home Manager install and manage itself. programs.home-manager.enable = true; - home.packages = import ./pkgs.nix { pkgs = pkgs; }; + home.packages = import ./pkgs.nix { pkgs = pkgs; unstable = unstable; }; } diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 9483dba..38d5d00 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -1,6 +1,5 @@ -{ pkgs }: +{ pkgs, unstable }: with pkgs; [ - android-studio anki aspell aspellDicts.de @@ -23,12 +22,12 @@ with pkgs; [ firefox fractal fzf + gdb gimp - git-lfs - gitAndTools.hub gnome3.gnome-tweak-tool gnome3.nautilus gnome3.vinagre + gnomeExtensions.paperwm gnucash gnumake gnupg @@ -45,7 +44,6 @@ with pkgs; [ keepassxc #keys kitty - gitAndTools.lab ldns libreoffice libvirt @@ -89,4 +87,8 @@ with pkgs; [ wireshark xdg_utils youtube-dl + git-lfs + gitAndTools.hub + gitAndTools.lab + unstable.android-studio ] diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix index c9fbee3..af952ca 100644 --- a/pkgs/homePage/default.nix +++ b/pkgs/homePage/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { owner = "dadada"; repo = "dadada.li"; rev = "9dcb016b71abefe5546bc118a618bba87295a859"; - sha256 = "0k74kkrvbkxi129ch6yqr1gfmlxpb4661gh9hqhx8w6babsw2zg5"; + sha256 = "1d3vz1h66n8dka90br10niiv8n5blpbfqgcvx8dh8y6880sm1fd7"; }; nativeBuildInputs = [ pandoc ]; buildPhase = '' From f72d770fb2dc62242dd70619fe6ab87565af5610 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 2 May 2021 16:38:38 +0200 Subject: [PATCH 126/988] add simple dns update script --- hosts/ifrit/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 4281542..cb7042e 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -163,5 +163,31 @@ in }; }; + environment.systemPackages = [ pkgs.curl ]; + systemd = { + timers.ddns-joker = { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-joker.service" ]; + timerConfig.OnCalendar = "hourly"; + }; + services.ddns-joker = { + serviceConfig.Type = "oneshot"; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } + + IFS=':' + read -r user password < /var/lib/ddns/credentials + unset IFS + + curl_url=$(url "$user" "$password" bs.vpn.dadada.li) + + ${pkgs.curl}/bin/curl -4 "$curl_url" + ${pkgs.curl}/bin/curl -6 "$curl_url" + ''; + }; + }; + system.stateVersion = "20.03"; } From 9486b673d11386c1b8deee03c7d4646a1397f207 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 6 May 2021 20:45:04 +0200 Subject: [PATCH 127/988] replace gnome-shell with sway --- hosts/gorgon/default.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 0273041..7ec3ec4 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -94,7 +94,20 @@ in services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome3.enable = true; + #services.xserver.desktopManager.gnome3.enable = true; + + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; # so that gtk works properly + extraPackages = with pkgs; [ + swaylock + swayidle + wl-clipboard + mako # notification daemon + alacritty # Alacritty is the default terminal in the config + dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native + ]; + }; xdg.mime.enable = true; From 237bd212e60448ae6dc5b2a6cb710709603d2206 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 May 2021 13:11:24 +0200 Subject: [PATCH 128/988] fixup gnome --- hosts/gorgon/default.nix | 3 ++- modules/home/sway/config | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 7ec3ec4..d31063a 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -82,6 +82,7 @@ in services.avahi.enable = true; + networking.networkmanager.enable = true; networking.firewall = { enable = true; allowedTCPPorts = [ @@ -94,7 +95,7 @@ in services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; - #services.xserver.desktopManager.gnome3.enable = true; + services.xserver.desktopManager.gnome3.enable = true; programs.sway = { enable = true; diff --git a/modules/home/sway/config b/modules/home/sway/config index 610a33b..c72960a 100644 --- a/modules/home/sway/config +++ b/modules/home/sway/config @@ -31,7 +31,7 @@ bindsym $mod+Shift+r restart # the font to be used for i3bar and window decorations font pango:Source Code Pro 8 -bindsym $mod+Return exec kitty +bindsym $mod+Return exec alacritty bindsym $mod+Space exec bemenu-run # switch keyboard to neo From b15834cec3c07465ec140e8cab3881a81c03be9c Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 9 May 2021 13:21:55 +0200 Subject: [PATCH 129/988] ifrit: add backup repo for fginfo --- hosts/ifrit/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index cb7042e..9329f71 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -78,6 +78,13 @@ in path = "${backups}/wohnzimmerpi"; quota = "50G"; }; + "fginfo" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/fginfo"; + quota = "20G"; + }; }; networking.hostName = "ifrit"; From f1f2a69dfbf460dab34e37df1b283c67c84522c1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 9 May 2021 13:39:34 +0200 Subject: [PATCH 130/988] add fginfo wg client --- hosts/ifrit/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 9329f71..010d78b 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -39,6 +39,10 @@ in id = "5"; key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; }; + "fginfo" = { + id = "6"; + key = "zadidMDiALJUHdhMrGqAa5RGjPN/x5XJ8aR5elnaeUc="; + }; }; }; From 0151e59f496f027b1e800986efc5660e404e7d30 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 9 May 2021 14:40:43 +0200 Subject: [PATCH 131/988] add fginfo-git to backups --- hosts/ifrit/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 010d78b..7c49556 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -43,6 +43,10 @@ in id = "6"; key = "zadidMDiALJUHdhMrGqAa5RGjPN/x5XJ8aR5elnaeUc="; }; + "fginfoi-git" = { + id = "7"; + key = "5EaLm7uC8XzoN8+BaGzgGRUU4q5shM7gQJcs/d7n+Vo="; + }; }; }; @@ -87,7 +91,14 @@ in authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/fginfo"; - quota = "20G"; + quota = "10G"; + }; + "fginfo-git" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/fginfo-git"; + quota = "10G"; }; }; From 02fecf50d6130ce4a37632a66d043deead22eae0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 9 May 2021 15:05:36 +0200 Subject: [PATCH 132/988] fixup --- hosts/ifrit/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 7c49556..f1f17b0 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -43,7 +43,7 @@ in id = "6"; key = "zadidMDiALJUHdhMrGqAa5RGjPN/x5XJ8aR5elnaeUc="; }; - "fginfoi-git" = { + "fginfo-git" = { id = "7"; key = "5EaLm7uC8XzoN8+BaGzgGRUU4q5shM7gQJcs/d7n+Vo="; }; From 4d7719ea9910ceadc5ed3f465777ed6aa3b98ee5 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 May 2021 11:18:50 +0200 Subject: [PATCH 133/988] ifrit: disable ipv6 temp addresses --- hosts/ifrit/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index f1f17b0..1f84534 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -115,6 +115,9 @@ in "1.0.0.1" ]; + # weird issues with crappy plastic router + networking.interfaces."ens3".tempAddress = "disabled"; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; From 434524e68ddb253236be5cdcb37242ea19c5f01e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 May 2021 11:53:08 +0200 Subject: [PATCH 134/988] networking: reresolve wg dns hourly --- modules/networking.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/networking.nix b/modules/networking.nix index f60914c..757d6ec 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -64,6 +64,19 @@ in }; }; + # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html + systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { + wantedBy = [ "timers.target" ]; + partOf = [ "wg-reresolve-dns.service" ]; + timerConfig.OnCalendar = "hourly"; + }; + systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:dead:beef::/48 + ''; + }; + fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare { device = "media.dadada.li:/mnt/storage/share"; fsType = "nfs"; From b24b412ecf82e0d87a451ebb50bb1255045661f6 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 24 May 2021 16:21:44 +0200 Subject: [PATCH 135/988] pkgs: add jetbrains-idea --- hosts/gorgon/home/pkgs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 38d5d00..684c681 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -38,6 +38,7 @@ with pkgs; [ inotify-tools irssi jameica + jetbrains.idea-community jupyter jq kcachegrind @@ -71,6 +72,7 @@ with pkgs; [ python38Packages.solo-python recipemd ripgrep + rustup signal-desktop slurp sqlite From 06443717451a8f153c3733947803a6bab42cfc7d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 May 2021 01:02:10 +0200 Subject: [PATCH 136/988] gorgon: disable avahi --- hosts/gorgon/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index d31063a..45aefc4 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -80,7 +80,7 @@ in }; }; - services.avahi.enable = true; + services.avahi.enable = false; networking.networkmanager.enable = true; networking.firewall = { From abedd7aa0388472349f6c714243a208ba051c680 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 May 2021 16:47:03 +0200 Subject: [PATCH 137/988] make pythonPackages into lambda instead of path --- default.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/default.nix b/default.nix index 8eb38d4..43763f0 100644 --- a/default.nix +++ b/default.nix @@ -1,6 +1,10 @@ { pkgs ? import { } }: with pkgs; +let + myPythonPackages = import ./pkgs/python-pkgs; + myPython3Packages = myPythonPackages { callPackage = python3Packages.callPackage; }; +in rec { lib = import ./lib { inherit pkgs; }; modules = import ./modules; @@ -11,12 +15,14 @@ rec { hosts = import ./hosts; - pythonPackages = ./pkgs/python-pkgs; + pythonPackages = myPythonPackages; tubslatex = callPackage ./pkgs/tubslatex { }; keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; deploy = callPackage ./pkgs/deploy.nix { }; - recipemd = python3.pkgs.toPythonApplication (python3Packages.callPackage ./pkgs/python-pkgs/recipemd { }); + + recipemd = python3Packages.toPythonApplication myPython3Packages.recipemd; + scripts = callPackage ./pkgs/scripts.nix { }; } From 9f8288895fdd51821dafcedc191be604f689bb71 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 May 2021 16:54:40 +0200 Subject: [PATCH 138/988] remove tubslatex from default --- default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/default.nix b/default.nix index 43763f0..c5ff5dd 100644 --- a/default.nix +++ b/default.nix @@ -17,7 +17,6 @@ rec { pythonPackages = myPythonPackages; - tubslatex = callPackage ./pkgs/tubslatex { }; keys = callPackage ./pkgs/keys { }; homePage = callPackage ./pkgs/homePage { }; deploy = callPackage ./pkgs/deploy.nix { }; From bcb652ce7dbc204e50c6faea61e351746f03c11d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 May 2021 20:11:49 +0200 Subject: [PATCH 139/988] recipemd: generate completions for bash and tcsh --- pkgs/python-pkgs/recipemd/default.nix | 29 ++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix index 0b49d22..5279b48 100644 --- a/pkgs/python-pkgs/recipemd/default.nix +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -3,20 +3,21 @@ , fetchPypi , pytestCheckHook , pythonPackages +, installShellFiles , isPy36 , isPy27 }: buildPythonPackage rec { pname = "recipemd"; - version = "4.0.6"; + version = "4.0.7"; disabled = isPy36 || isPy27; src = fetchPypi { pname = pname; version = version; - sha256 = "05c185bhrc72a9c3gvjy50npwn6cqml69slis2v4waqj31snps33"; + sha256 = "142w5zb2gf8s5z72bflpkmks633ic42z97nsgw491mskl6jg7cvq"; }; propagatedBuildInputs = with pythonPackages; [ @@ -27,12 +28,26 @@ buildPythonPackage rec { yarl ]; - checkInputs = [ - pytestCheckHook - pythonPackages.pytestcov - ]; + nativeBuildInputs = [ installShellFiles ]; - doCheck = true; + postInstall = '' + ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash + installShellCompletion --bash --name recipemd.bash $out/completions.bash + + ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish + installShellCompletion --fish --name recipemd.fish $out/completions.fish + + # The version of argcomplete in nixpkgs-stable does not have support for zsh + #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh + #installShellCompletion --zsh --name _recipemd $out/completions.zsh + ''; + + #checkInputs = [ + # pytestCheckHook + # pythonPackages.pytestcov + #]; + + doCheck = false; meta = with lib; { description = "Markdown recipe manager, reference implementation of RecipeMD"; From e29c3e4cf40c62a0754ebe046dbfb7f8bc1bcecc Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Jun 2021 20:09:32 +0200 Subject: [PATCH 140/988] pkgs: add bash --- hosts/gorgon/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 684c681..a6a2ff7 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -7,6 +7,7 @@ with pkgs; [ aspellDicts.en-computers aspellDicts.en-science aqbanking + bash bluez-tools chromium clang From ba1078adfc94d4463c2ff66b75b5bcf912061673 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Jun 2021 20:09:59 +0200 Subject: [PATCH 141/988] disable tests on recipemd (broken upstream) --- pkgs/python-pkgs/recipemd/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix index 5279b48..86ed301 100644 --- a/pkgs/python-pkgs/recipemd/default.nix +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -42,12 +42,12 @@ buildPythonPackage rec { #installShellCompletion --zsh --name _recipemd $out/completions.zsh ''; - #checkInputs = [ - # pytestCheckHook - # pythonPackages.pytestcov - #]; + checkInputs = [ + pytestCheckHook + pythonPackages.pytestcov + ]; - doCheck = false; + #doCheck = true; meta = with lib; { description = "Markdown recipe manager, reference implementation of RecipeMD"; From 0dd9ecdafee7879e1ff6eea6f175b21e9cdf2647 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Jun 2021 20:20:32 +0200 Subject: [PATCH 142/988] remove references to stdenv and replace with lib --- hosts/gorgon/home/pkgs.nix | 1 - pkgs/deploy.nix | 7 ++++--- pkgs/homePage/default.nix | 5 +++-- pkgs/keys/default.nix | 7 ++++--- pkgs/scripts.nix | 4 ++-- pkgs/tubslatex/default.nix | 5 +++-- 6 files changed, 16 insertions(+), 13 deletions(-) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index a6a2ff7..cdaa46e 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -17,7 +17,6 @@ with pkgs; [ direnv element-desktop evince - gnome3.evolution ffmpeg file firefox diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix index 84be481..43aedf0 100644 --- a/pkgs/deploy.nix +++ b/pkgs/deploy.nix @@ -1,9 +1,10 @@ -{ stdenv +{ lib , git , openssh , bash }: -stdenv.mkDerivation rec { +with lib; +mkDerivation rec { name = "dadada-deploy"; version = "0.1"; @@ -24,7 +25,7 @@ stdenv.mkDerivation rec { install $script $out/bin/ done ''; - meta = with stdenv.lib; { + meta = { description = "deploy scripts"; license = licenses.publicDomain; platforms = platforms.linux; diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix index af952ca..4fd9431 100644 --- a/pkgs/homePage/default.nix +++ b/pkgs/homePage/default.nix @@ -1,5 +1,6 @@ -{ stdenv, pandoc, fetchFromGitHub }: -stdenv.mkDerivation rec { +{ lib, pandoc, fetchFromGitHub }: +with lib; +mkDerivation rec { src = fetchFromGitHub { owner = "dadada"; repo = "dadada.li"; diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix index 6b3552a..1fe1588 100644 --- a/pkgs/keys/default.nix +++ b/pkgs/keys/default.nix @@ -1,6 +1,7 @@ -{ stdenv }: +{ lib }: -stdenv.mkDerivation rec { +with lib; +mkDerivation rec { name = "dadadaKeys"; version = "1"; @@ -13,7 +14,7 @@ stdenv.mkDerivation rec { cp * $out ''; - meta = with stdenv.lib; { + meta = { description = "Public keys for my infrastructure"; license = licenses.publicDomain; platforms = platforms.all; diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix index 98ca55e..62ba05a 100644 --- a/pkgs/scripts.nix +++ b/pkgs/scripts.nix @@ -1,4 +1,4 @@ -{ stdenv }: +{ lib }: (import (builtins.fetchGit { @@ -6,4 +6,4 @@ ref = "main"; rev = "3393073cd3511d43f622972b891a20ba069fa052"; }) - { inherit stdenv; }) + { inherit lib; }) diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix index 2ca8542..f4ac39b 100644 --- a/pkgs/tubslatex/default.nix +++ b/pkgs/tubslatex/default.nix @@ -1,5 +1,6 @@ -{ stdenv, fetchzip, unzip }: -stdenv.mkDerivation rec { +{ lib, fetchzip, unzip }: +with lib; +mkDerivation rec { src = ./tubslatex_1.3.2.tds.zip; sourceRoot = "."; nativeBuildInputs = [ unzip ]; From d62566250f1ac639fd1a6956aec4e1412c4d3c1d Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Jun 2021 20:25:59 +0200 Subject: [PATCH 143/988] Revert "remove references to stdenv and replace with lib" This reverts commit 0dd9ecdafee7879e1ff6eea6f175b21e9cdf2647. --- hosts/gorgon/home/pkgs.nix | 1 + pkgs/deploy.nix | 7 +++---- pkgs/homePage/default.nix | 5 ++--- pkgs/keys/default.nix | 7 +++---- pkgs/scripts.nix | 4 ++-- pkgs/tubslatex/default.nix | 5 ++--- 6 files changed, 13 insertions(+), 16 deletions(-) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index cdaa46e..a6a2ff7 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -17,6 +17,7 @@ with pkgs; [ direnv element-desktop evince + gnome3.evolution ffmpeg file firefox diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix index 43aedf0..84be481 100644 --- a/pkgs/deploy.nix +++ b/pkgs/deploy.nix @@ -1,10 +1,9 @@ -{ lib +{ stdenv , git , openssh , bash }: -with lib; -mkDerivation rec { +stdenv.mkDerivation rec { name = "dadada-deploy"; version = "0.1"; @@ -25,7 +24,7 @@ mkDerivation rec { install $script $out/bin/ done ''; - meta = { + meta = with stdenv.lib; { description = "deploy scripts"; license = licenses.publicDomain; platforms = platforms.linux; diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix index 4fd9431..af952ca 100644 --- a/pkgs/homePage/default.nix +++ b/pkgs/homePage/default.nix @@ -1,6 +1,5 @@ -{ lib, pandoc, fetchFromGitHub }: -with lib; -mkDerivation rec { +{ stdenv, pandoc, fetchFromGitHub }: +stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "dadada"; repo = "dadada.li"; diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix index 1fe1588..6b3552a 100644 --- a/pkgs/keys/default.nix +++ b/pkgs/keys/default.nix @@ -1,7 +1,6 @@ -{ lib }: +{ stdenv }: -with lib; -mkDerivation rec { +stdenv.mkDerivation rec { name = "dadadaKeys"; version = "1"; @@ -14,7 +13,7 @@ mkDerivation rec { cp * $out ''; - meta = { + meta = with stdenv.lib; { description = "Public keys for my infrastructure"; license = licenses.publicDomain; platforms = platforms.all; diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix index 62ba05a..98ca55e 100644 --- a/pkgs/scripts.nix +++ b/pkgs/scripts.nix @@ -1,4 +1,4 @@ -{ lib }: +{ stdenv }: (import (builtins.fetchGit { @@ -6,4 +6,4 @@ ref = "main"; rev = "3393073cd3511d43f622972b891a20ba069fa052"; }) - { inherit lib; }) + { inherit stdenv; }) diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix index f4ac39b..2ca8542 100644 --- a/pkgs/tubslatex/default.nix +++ b/pkgs/tubslatex/default.nix @@ -1,6 +1,5 @@ -{ lib, fetchzip, unzip }: -with lib; -mkDerivation rec { +{ stdenv, fetchzip, unzip }: +stdenv.mkDerivation rec { src = ./tubslatex_1.3.2.tds.zip; sourceRoot = "."; nativeBuildInputs = [ unzip ]; From 2dcf9e12a710bc2f1c36f2dcfa5483b1f1b29a34 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Jun 2021 20:36:24 +0200 Subject: [PATCH 144/988] gnome3 to gnome4 --- hosts/gorgon/home/pkgs.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index a6a2ff7..7f1de33 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -17,7 +17,6 @@ with pkgs; [ direnv element-desktop evince - gnome3.evolution ffmpeg file firefox @@ -25,9 +24,9 @@ with pkgs; [ fzf gdb gimp - gnome3.gnome-tweak-tool - gnome3.nautilus - gnome3.vinagre + gnome4.gnome-tweak-tool + gnome4.nautilus + gnome4.vinagre gnomeExtensions.paperwm gnucash gnumake From 9b8bb5e88d216c1984c6d64408f00b6d75426b56 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Jun 2021 21:38:52 +0200 Subject: [PATCH 145/988] wip --- hosts/gorgon/default.nix | 10 ++++---- hosts/gorgon/home/default.nix | 5 ++-- hosts/gorgon/home/pkgs.nix | 8 +----- modules/home/gtk.nix | 4 --- modules/networking.nix | 35 +++++++++++++++------------ modules/profiles/laptop/default.nix | 3 +++ pkgs/deploy.nix | 3 ++- pkgs/keys/default.nix | 4 +-- pkgs/python-pkgs/recipemd/default.nix | 2 +- pkgs/scripts.nix | 10 ++++---- 10 files changed, 41 insertions(+), 43 deletions(-) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index 45aefc4..ca8203b 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -26,10 +26,10 @@ in dadada = { admin.enable = false; steam.enable = true; - fido2 = { - credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; - enablePam = true; - }; + #fido2 = { + # credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; + # enablePam = true; + #}; luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; networking = { enableBsShare = true; @@ -95,7 +95,7 @@ in services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome3.enable = true; + services.xserver.desktopManager.gnome.enable = true; programs.sway = { enable = true; diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index d9c6321..e106248 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, unstable, lib, ... }: +{ config, pkgs, lib, ... }: let this = import ../../.. { inherit pkgs; }; useFeatures = [ @@ -16,7 +16,6 @@ let "xdg" "zsh" ]; - unstable = import {}; in { nixpkgs.overlays = [ @@ -60,5 +59,5 @@ in # Let Home Manager install and manage itself. programs.home-manager.enable = true; - home.packages = import ./pkgs.nix { pkgs = pkgs; unstable = unstable; }; + home.packages = import ./pkgs.nix { inherit pkgs; }; } diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix index 7f1de33..bf21924 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/hosts/gorgon/home/pkgs.nix @@ -1,4 +1,4 @@ -{ pkgs, unstable }: +{ pkgs }: with pkgs; [ anki aspell @@ -24,10 +24,6 @@ with pkgs; [ fzf gdb gimp - gnome4.gnome-tweak-tool - gnome4.nautilus - gnome4.vinagre - gnomeExtensions.paperwm gnucash gnumake gnupg @@ -69,7 +65,6 @@ with pkgs; [ python3 python38Packages.dateutil python38Packages.managesieve - python38Packages.solo-python recipemd ripgrep rustup @@ -92,5 +87,4 @@ with pkgs; [ git-lfs gitAndTools.hub gitAndTools.lab - unstable.android-studio ] diff --git a/modules/home/gtk.nix b/modules/home/gtk.nix index 779dfd3..b75c7c7 100644 --- a/modules/home/gtk.nix +++ b/modules/home/gtk.nix @@ -17,9 +17,5 @@ in font.package = pkgs.cantarell-fonts; font.name = "Cantarell"; }; - qt = { - enable = true; - platformTheme = "gnome"; - }; }; } diff --git a/modules/networking.nix b/modules/networking.nix index 757d6ec..46d02af 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -23,21 +23,26 @@ in networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true; services.unbound = mkIf cfg.useLocalResolver { enable = true; - allowedAccess = [ - "127.0.0.1/8" - "::1" - ]; - extraConfig = '' - tls-upstream: yes - tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt" - forward-zone: - name: . - forward-tls-upstream: yes - forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com - forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com - forward-addr: 1.1.1.1@853#cloudflare-dns.com - forward-addr: 1.0.0.1@853#cloudflare-dns.com - ''; + settings = { + server.interface = [ + "127.0.0.1" + "::1" + ]; + tls-upstream = "yes"; + tls-cert-bundle = "/etc/ssl/certs/ca-bundle.crt"; + forward-zone = [ + { + name = "."; + forward-tls-upstream = "yes"; + forward-addr = [ + "2606:4700:4700::1001@853#cloudflare-dns.com" + "2606:4700:4700::1111@853#cloudflare-dns.com" + "1.1.1.1@853#cloudflare-dns.com" + "1.0.0.1@853#cloudflare-dns.com" + ]; + } + ]; + }; }; networking.useDHCP = false; diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index 5a7ec7e..18f8feb 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -3,6 +3,9 @@ with lib; { #nixpkgs.overlays = attrValues (import ../../../overlays); + # conflicts with power-management + services.tlp.enable = false; + boot.kernelPackages = pkgs.linuxPackages_latest; networking.domain = mkDefault "dadada.li"; diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix index 84be481..8df97d7 100644 --- a/pkgs/deploy.nix +++ b/pkgs/deploy.nix @@ -1,4 +1,5 @@ { stdenv +, lib , git , openssh , bash @@ -24,7 +25,7 @@ stdenv.mkDerivation rec { install $script $out/bin/ done ''; - meta = with stdenv.lib; { + meta = with lib; { description = "deploy scripts"; license = licenses.publicDomain; platforms = platforms.linux; diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix index 6b3552a..faee440 100644 --- a/pkgs/keys/default.nix +++ b/pkgs/keys/default.nix @@ -1,4 +1,4 @@ -{ stdenv }: +{ stdenv, lib }: stdenv.mkDerivation rec { name = "dadadaKeys"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { cp * $out ''; - meta = with stdenv.lib; { + meta = with lib; { description = "Public keys for my infrastructure"; license = licenses.publicDomain; platforms = platforms.all; diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix index 86ed301..009277f 100644 --- a/pkgs/python-pkgs/recipemd/default.nix +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -47,7 +47,7 @@ buildPythonPackage rec { pythonPackages.pytestcov ]; - #doCheck = true; + doCheck = false; meta = with lib; { description = "Markdown recipe manager, reference implementation of RecipeMD"; diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix index 98ca55e..f1dfe42 100644 --- a/pkgs/scripts.nix +++ b/pkgs/scripts.nix @@ -1,9 +1,9 @@ -{ stdenv }: +{ pkgs, stdenv, lib }: (import - (builtins.fetchGit { + (pkgs.fetchgit { url = "https://git.dadada.li/dadada/scripts.git"; - ref = "main"; - rev = "3393073cd3511d43f622972b891a20ba069fa052"; + sha256 = "0pspybphfqmccl9w97dr89g47dbxk8ly05x8x7c313a5i3pzd5lm"; + rev = "e1a887a658da130c2a513d4c770d5026565c4e69"; }) - { inherit stdenv; }) + { stdenv = stdenv; lib = lib; }) From fde26938db7562f094b66e1df4867b9c62cb188d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 12 Jun 2021 00:10:05 +0200 Subject: [PATCH 146/988] fix zsh highlighting --- modules/home/zsh.nix | 2 ++ modules/profiles/laptop/default.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 071e989..f927f2b 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -31,6 +31,8 @@ in source ~/.nix-profile/share/fzf/key-bindings.zsh source ~/.nix-profile/share/fzf/completion.zsh + bindkey '^n' autosuggest-accept + preexec() { echo -n -e "\033]0;$1\007" } PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix index 18f8feb..e8af493 100644 --- a/modules/profiles/laptop/default.nix +++ b/modules/profiles/laptop/default.nix @@ -39,7 +39,7 @@ with lib; vteIntegration = true; syntaxHighlighting = { enable = true; - highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ]; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; }; }; } From 479e0433402efe42b7c6bc1727a19aa0716c0104 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 12 Jun 2021 00:57:04 +0200 Subject: [PATCH 147/988] fancy exa options --- modules/home/zsh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index f927f2b..1e6c3ee 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -47,8 +47,8 @@ in glo = "git log"; gad = "git add"; ls = "exa"; - ll = "exa -l"; - la = "exa -la"; + la = "exa -a"; + ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\""; mv = "mv -i"; cp = "cp -i"; }; From 8a576e79e7194e7b765d12134c5f431f02274e45 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 12 Jun 2021 01:00:42 +0200 Subject: [PATCH 148/988] git command aliases --- modules/home/zsh.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 1e6c3ee..e22ee57 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -13,6 +13,7 @@ in enable = true; enableAutosuggestions = true; enableCompletion = true; + enableVteIntegration = true; autocd = true; sessionVariables = { EDITOR = "vim"; @@ -42,10 +43,20 @@ in profileExtra = '' ''; shellAliases = { + ga = "git add"; + gc = "git commit"; + gd = "git diff"; + gf = "git fetch"; + gl = "git log"; + gpu = "git push"; + gpul = "git pull"; + grb = "git rebase"; + gre = "git reflog"; + gs = "git status"; + gsh = "git show"; gst = "git status"; - gco = "git commit"; - glo = "git log"; - gad = "git add"; + gsta = "git stash"; + gstap = "git stash apply"; ls = "exa"; la = "exa -a"; ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\""; From 64c49efa5f99fab2875d3e0121d06a6bc64fba75 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 12 Jun 2021 19:04:22 +0200 Subject: [PATCH 149/988] enable nix flakes --- hosts/gorgon/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix index ca8203b..7e0256a 100644 --- a/hosts/gorgon/default.nix +++ b/hosts/gorgon/default.nix @@ -12,6 +12,11 @@ in "${nixos-hardware}/lenovo/thinkpad/t14s" ]; + nix.package = pkgs.nixUnstable; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + boot.kernelModules = [ "kvm-amd" ]; virtualisation = { From b3e8080fe735ecd9efed749ff12782187290c63e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 20 Jun 2021 14:04:22 +0200 Subject: [PATCH 150/988] fix caches 2 --- hosts/ifrit/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 1f84534..b0b428e 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -13,6 +13,11 @@ in ../../modules/profiles/base ]; + nix.binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + ]; + dadada = { admin.enable = true; fileShare.enable = true; From aa9e99557f8aa6e2be9e135a6df13f61c7586455 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jun 2021 13:19:44 +0200 Subject: [PATCH 151/988] add dependabot.yml --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..49f19df --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + assignees: [ "dadada" ] From 1f8922a61e918fd84b4683348332f36d990c514e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 27 Jun 2021 22:01:29 +0200 Subject: [PATCH 152/988] fix homepage --- modules/homepage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/homepage.nix b/modules/homepage.nix index e737d05..25394d7 100644 --- a/modules/homepage.nix +++ b/modules/homepage.nix @@ -12,7 +12,7 @@ with lib; { services.nginx.virtualHosts."dadada.li" = { enableACME = true; forceSSL = true; - root = pkgs.homePage; + root = /var/lib/www/dadada.li; }; }; } From 2d9150098e4b042f314bdf29fbae1b8b8b2e0bb7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 13 Jun 2021 13:43:21 +0200 Subject: [PATCH 153/988] port to flakes --- .envrc | 2 +- .github/workflows/nix-flake-check.yml | 15 +++ .github/workflows/nix-flake-update.yml | 38 ++++++++ default.nix | 27 ------ flake.lock | 92 +++++++++++++++++++ flake.nix | 12 +++ home/configurations.nix | 42 +++++++++ {hosts/gorgon => home}/home/default.nix | 19 ++-- {hosts/gorgon => home}/home/pkgs.nix | 3 +- .../modules}/alacritty/default.nix | 0 {modules/home => home/modules}/colors.nix | 0 {modules/home => home/modules}/default.nix | 0 {modules/home => home/modules}/direnv.nix | 1 - {modules/home => home/modules}/fish.nix | 0 {modules/home => home/modules}/git.nix | 0 {modules/home => home/modules}/gpg.nix | 0 {modules/home => home/modules}/gtk.nix | 0 {modules/home => home/modules}/keyring.nix | 0 {modules/home => home/modules}/kitty/config | 0 .../home => home/modules}/kitty/default.nix | 0 {modules/home => home/modules}/mako.nix | 0 .../home => home/modules}/module-list.nix | 0 {modules/home => home/modules}/session.nix | 0 {modules/home => home/modules}/ssh.nix | 0 {modules/home => home/modules}/sway/config | 0 .../home => home/modules}/sway/default.nix | 1 - {modules/home => home/modules}/syncthing.nix | 0 {modules/home => home/modules}/termite.nix | 0 {modules/home => home/modules}/tmux.nix | 0 .../home => home/modules}/vim/default.nix | 0 {modules/home => home/modules}/vim/vimrc | 0 {modules/home => home/modules}/xdg.nix | 0 {modules/home => home/modules}/zsh.nix | 0 home/nixpkgs-config.nix | 7 ++ {hosts/gorgon => home}/work/default.nix | 5 - {hosts/gorgon => home}/work/pkgs.nix | 1 - hosts/default.nix | 6 -- modules/default.nix | 15 --- modules/module-list.nix | 15 --- modules/profiles/default.nix | 4 - modules/profiles/laptop/default.nix | 45 --------- nixos/configurations.nix | 69 ++++++++++++++ .../gorgon/configuration.nix | 81 ++++++---------- nixos/gorgon/hardware-configuration.nix | 42 +++++++++ .../ifrit/configuration.nix | 2 +- nixos/ifrit/hardware-configuration.nix | 26 ++++++ {modules => nixos/modules}/admin.nix | 36 ++++---- {modules => nixos/modules}/backup.nix | 14 +-- nixos/modules/default.nix | 19 ++++ {modules => nixos/modules}/element.nix | 0 {modules => nixos/modules}/fido2.nix | 1 - {modules => nixos/modules}/fileShare.nix | 0 {modules => nixos/modules}/gitea.nix | 0 nixos/modules/headphones.nix | 25 +++++ {modules => nixos/modules}/homepage.nix | 2 +- {modules => nixos/modules}/networking.nix | 28 +++--- nixos/modules/profiles/laptop.nix | 55 +++++++++++ .../modules/profiles/server.nix | 15 +-- {modules => nixos/modules}/share.nix | 0 {modules => nixos/modules}/steam.nix | 6 +- {modules => nixos/modules}/update.nix | 2 +- {modules => nixos/modules}/vpnServer.nix | 0 {modules => nixos/modules}/weechat.nix | 0 nixos/modules/zsh.nix | 14 +++ .../pruflas/configuration.nix | 29 +----- nixos/pruflas/hardware-configuration.nix | 34 +++++++ .../surgat/configuration.nix | 7 +- nixos/surgat/hardware-configuration.nix | 30 ++++++ outputs.nix | 73 +++++++++++++++ overlay.nix | 18 ---- overlays/default.nix | 28 +++--- pkgs/deploy.nix | 4 +- pkgs/homePage/default.nix | 2 +- pkgs/python-pkgs/recipemd/default.nix | 13 +-- pkgs/scripts.nix | 4 +- shell.nix | 7 +- 76 files changed, 721 insertions(+), 315 deletions(-) create mode 100644 .github/workflows/nix-flake-check.yml create mode 100644 .github/workflows/nix-flake-update.yml delete mode 100644 default.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 home/configurations.nix rename {hosts/gorgon => home}/home/default.nix (79%) rename {hosts/gorgon => home}/home/pkgs.nix (98%) rename {modules/home => home/modules}/alacritty/default.nix (100%) rename {modules/home => home/modules}/colors.nix (100%) rename {modules/home => home/modules}/default.nix (100%) rename {modules/home => home/modules}/direnv.nix (87%) rename {modules/home => home/modules}/fish.nix (100%) rename {modules/home => home/modules}/git.nix (100%) rename {modules/home => home/modules}/gpg.nix (100%) rename {modules/home => home/modules}/gtk.nix (100%) rename {modules/home => home/modules}/keyring.nix (100%) rename {modules/home => home/modules}/kitty/config (100%) rename {modules/home => home/modules}/kitty/default.nix (100%) rename {modules/home => home/modules}/mako.nix (100%) rename {modules/home => home/modules}/module-list.nix (100%) rename {modules/home => home/modules}/session.nix (100%) rename {modules/home => home/modules}/ssh.nix (100%) rename {modules/home => home/modules}/sway/config (100%) rename {modules/home => home/modules}/sway/default.nix (97%) rename {modules/home => home/modules}/syncthing.nix (100%) rename {modules/home => home/modules}/termite.nix (100%) rename {modules/home => home/modules}/tmux.nix (100%) rename {modules/home => home/modules}/vim/default.nix (100%) rename {modules/home => home/modules}/vim/vimrc (100%) rename {modules/home => home/modules}/xdg.nix (100%) rename {modules/home => home/modules}/zsh.nix (100%) create mode 100644 home/nixpkgs-config.nix rename {hosts/gorgon => home}/work/default.nix (92%) rename {hosts/gorgon => home}/work/pkgs.nix (96%) delete mode 100644 hosts/default.nix delete mode 100644 modules/default.nix delete mode 100644 modules/module-list.nix delete mode 100644 modules/profiles/default.nix delete mode 100644 modules/profiles/laptop/default.nix create mode 100644 nixos/configurations.nix rename hosts/gorgon/default.nix => nixos/gorgon/configuration.nix (56%) create mode 100644 nixos/gorgon/hardware-configuration.nix rename hosts/ifrit/default.nix => nixos/ifrit/configuration.nix (99%) create mode 100644 nixos/ifrit/hardware-configuration.nix rename {modules => nixos/modules}/admin.nix (54%) rename {modules => nixos/modules}/backup.nix (88%) create mode 100644 nixos/modules/default.nix rename {modules => nixos/modules}/element.nix (100%) rename {modules => nixos/modules}/fido2.nix (99%) rename {modules => nixos/modules}/fileShare.nix (100%) rename {modules => nixos/modules}/gitea.nix (100%) create mode 100644 nixos/modules/headphones.nix rename {modules => nixos/modules}/homepage.nix (89%) rename {modules => nixos/modules}/networking.nix (80%) create mode 100644 nixos/modules/profiles/laptop.nix rename modules/profiles/base/default.nix => nixos/modules/profiles/server.nix (50%) rename {modules => nixos/modules}/share.nix (100%) rename {modules => nixos/modules}/steam.nix (78%) rename {modules => nixos/modules}/update.nix (93%) rename {modules => nixos/modules}/vpnServer.nix (100%) rename {modules => nixos/modules}/weechat.nix (100%) create mode 100644 nixos/modules/zsh.nix rename hosts/pruflas/default.nix => nixos/pruflas/configuration.nix (73%) create mode 100644 nixos/pruflas/hardware-configuration.nix rename hosts/surgat/default.nix => nixos/surgat/configuration.nix (94%) create mode 100644 nixos/surgat/hardware-configuration.nix create mode 100644 outputs.nix delete mode 100644 overlay.nix diff --git a/.envrc b/.envrc index 1d953f4..3550a30 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use nix +use flake diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml new file mode 100644 index 0000000..4c685c2 --- /dev/null +++ b/.github/workflows/nix-flake-check.yml @@ -0,0 +1,15 @@ +name: "nix flake check" +on: + pull_request: + push: +jobs: + tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v13 + with: + install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install + extra_nix_config: | + experimental-features = nix-command flakes + - run: nix flake check diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml new file mode 100644 index 0000000..b73fbce --- /dev/null +++ b/.github/workflows/nix-flake-update.yml @@ -0,0 +1,38 @@ +name: "Update flakes" +on: + repository_dispatch: + workflow_dispatch: + schedule: + - cron: '10 4 * * 0' +jobs: + createPullRequest: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v13 + with: + install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install + extra_nix_config: | + experimental-features = nix-command flakes + - name: Make changes to pull request + run: nix flake update + - name: Create Pull Request + id: cpr + uses: peter-evans/create-pull-request@v3 + with: + commit-message: Update flakes + committer: GitHub + author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> + signoff: false + branch: flake-updates + delete-branch: true + title: 'Update flakes' + body: | + Update report + - Updated with *today's* date + - Auto-generated by [create-pull-request][1] + [1]: https://github.com/peter-evans/create-pull-request + - name: Check outputs + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" diff --git a/default.nix b/default.nix deleted file mode 100644 index c5ff5dd..0000000 --- a/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs ? import { } }: - -with pkgs; -let - myPythonPackages = import ./pkgs/python-pkgs; - myPython3Packages = myPythonPackages { callPackage = python3Packages.callPackage; }; -in -rec { - lib = import ./lib { inherit pkgs; }; - modules = import ./modules; - hmModules = import ./modules/home; - overlays = import ./overlays; - - profiles = import ./modules/profiles; - - hosts = import ./hosts; - - pythonPackages = myPythonPackages; - - keys = callPackage ./pkgs/keys { }; - homePage = callPackage ./pkgs/homePage { }; - deploy = callPackage ./pkgs/deploy.nix { }; - - recipemd = python3Packages.toPythonApplication myPython3Packages.recipemd; - - scripts = callPackage ./pkgs/scripts.nix { }; -} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..92f3b85 --- /dev/null +++ b/flake.lock @@ -0,0 +1,92 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1624806645, + "narHash": "sha256-f/UWLS34FUlsmL1YhOcpmGhdG808206qiz1MGJd3K1c=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2aeaf65e8f9219c1acdb47bcf278983b3170a344", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1624713701, + "narHash": "sha256-miYoO9/M+ZYlNPknRF9VYh6bQEQCPPz6lM0Pb60jbPk=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "03c60a2db286bcd8ecfac9a8739c50626ca0fd8e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1624447853, + "narHash": "sha256-Zn+vTEa3NE9q6z6ytpcNXrr8jV7HvrKRxMYoD2E6DpE=", + "path": "/nix/store/1iblaav6dxrc5b39b3gbdnbl47sfjxrq-source", + "rev": "1905f5f2e55e0db0bb6244cfe62cb6c0dbda391d", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1624626397, + "narHash": "sha256-+h0ulo5//RqStx6g6MDqD9MzgmBfeZ1VYxwEaSmw/Zs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e1f8852faac7638e88d5e8a5b9ee2a7568685e3f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..167ee01 --- /dev/null +++ b/flake.nix @@ -0,0 +1,12 @@ +{ + description = "dadada's nix flake"; + + inputs = { + flake-utils.url = github:numtide/flake-utils; + nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; + home-manager.url = github:nix-community/home-manager; + nixos-hardware.url = github:NixOS/nixos-hardware/master; + }; + + outputs = { ... } @ args: import ./outputs.nix args; +} diff --git a/home/configurations.nix b/home/configurations.nix new file mode 100644 index 0000000..66ffe89 --- /dev/null +++ b/home/configurations.nix @@ -0,0 +1,42 @@ +{ self +, nixpkgs +, home-manager +}: +let + hmConfiguration = + { homeDirectory ? "/home/dadada" + , extraModules ? [ ] + , overlays ? [ ] + , system ? "x86_64-linux" + , username ? "dadada" + , stateVersion + }: + (home-manager.lib.homeManagerConfiguration { + configuration = { ... }: { + imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; + nixpkgs = { + config = import ./nixpkgs-config.nix { + pkgs = nixpkgs; + }; + overlays = overlays; + }; + }; + inherit system homeDirectory username stateVersion; + }); +in +{ + home = hmConfiguration { + extraModules = [ ./home ]; + overlays = with self.overlays; [ + scripts + ]; + stateVersion = "20.09"; + }; + + work = hmConfiguration rec { + extraModules = [ ./work ]; + homeDirectory = "/home/${username}"; + username = "tim.schubert"; + stateVersion = "20.09"; + }; +} diff --git a/hosts/gorgon/home/default.nix b/home/home/default.nix similarity index 79% rename from hosts/gorgon/home/default.nix rename to home/home/default.nix index e106248..b46d9cf 100644 --- a/hosts/gorgon/home/default.nix +++ b/home/home/default.nix @@ -1,6 +1,5 @@ { config, pkgs, lib, ... }: let - this = import ../../.. { inherit pkgs; }; useFeatures = [ "alacritty" "vim" @@ -9,7 +8,6 @@ let "gpg" "gtk" "keyring" - "ssh" "sway" "syncthing" "tmux" @@ -18,13 +16,16 @@ let ]; in { - nixpkgs.overlays = [ - this.overlays.dadadaScripts - this.overlays.python3Packages - this.overlays.recipemd - ]; + programs.git = { + signing = { + key = "D68C84695C087E0F733A28D0EEB8D1CE62C4DFEA"; + signByDefault = true; + }; + userEmail = "dadada@dadada.li"; + userName = "dadada"; + }; - imports = lib.attrValues this.hmModules; + programs.gpg.settings.default-key = "99658A3EB5CD7C13"; dadada.home = lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { session = { @@ -59,5 +60,5 @@ in # Let Home Manager install and manage itself. programs.home-manager.enable = true; - home.packages = import ./pkgs.nix { inherit pkgs; }; + home.packages = import ./pkgs.nix { pkgs = pkgs; }; } diff --git a/hosts/gorgon/home/pkgs.nix b/home/home/pkgs.nix similarity index 98% rename from hosts/gorgon/home/pkgs.nix rename to home/home/pkgs.nix index bf21924..626eddc 100644 --- a/hosts/gorgon/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,5 +1,6 @@ { pkgs }: with pkgs; [ + ag anki aspell aspellDicts.de @@ -51,6 +52,7 @@ with pkgs; [ mpv mumble ncurses + newsflash nfs-utils niv nmap @@ -65,7 +67,6 @@ with pkgs; [ python3 python38Packages.dateutil python38Packages.managesieve - recipemd ripgrep rustup signal-desktop diff --git a/modules/home/alacritty/default.nix b/home/modules/alacritty/default.nix similarity index 100% rename from modules/home/alacritty/default.nix rename to home/modules/alacritty/default.nix diff --git a/modules/home/colors.nix b/home/modules/colors.nix similarity index 100% rename from modules/home/colors.nix rename to home/modules/colors.nix diff --git a/modules/home/default.nix b/home/modules/default.nix similarity index 100% rename from modules/home/default.nix rename to home/modules/default.nix diff --git a/modules/home/direnv.nix b/home/modules/direnv.nix similarity index 87% rename from modules/home/direnv.nix rename to home/modules/direnv.nix index 12abf88..d546301 100644 --- a/modules/home/direnv.nix +++ b/home/modules/direnv.nix @@ -11,7 +11,6 @@ in programs.direnv = { enable = true; enableZshIntegration = true; - enableNixDirenvIntegration = true; }; }; } diff --git a/modules/home/fish.nix b/home/modules/fish.nix similarity index 100% rename from modules/home/fish.nix rename to home/modules/fish.nix diff --git a/modules/home/git.nix b/home/modules/git.nix similarity index 100% rename from modules/home/git.nix rename to home/modules/git.nix diff --git a/modules/home/gpg.nix b/home/modules/gpg.nix similarity index 100% rename from modules/home/gpg.nix rename to home/modules/gpg.nix diff --git a/modules/home/gtk.nix b/home/modules/gtk.nix similarity index 100% rename from modules/home/gtk.nix rename to home/modules/gtk.nix diff --git a/modules/home/keyring.nix b/home/modules/keyring.nix similarity index 100% rename from modules/home/keyring.nix rename to home/modules/keyring.nix diff --git a/modules/home/kitty/config b/home/modules/kitty/config similarity index 100% rename from modules/home/kitty/config rename to home/modules/kitty/config diff --git a/modules/home/kitty/default.nix b/home/modules/kitty/default.nix similarity index 100% rename from modules/home/kitty/default.nix rename to home/modules/kitty/default.nix diff --git a/modules/home/mako.nix b/home/modules/mako.nix similarity index 100% rename from modules/home/mako.nix rename to home/modules/mako.nix diff --git a/modules/home/module-list.nix b/home/modules/module-list.nix similarity index 100% rename from modules/home/module-list.nix rename to home/modules/module-list.nix diff --git a/modules/home/session.nix b/home/modules/session.nix similarity index 100% rename from modules/home/session.nix rename to home/modules/session.nix diff --git a/modules/home/ssh.nix b/home/modules/ssh.nix similarity index 100% rename from modules/home/ssh.nix rename to home/modules/ssh.nix diff --git a/modules/home/sway/config b/home/modules/sway/config similarity index 100% rename from modules/home/sway/config rename to home/modules/sway/config diff --git a/modules/home/sway/default.nix b/home/modules/sway/default.nix similarity index 97% rename from modules/home/sway/default.nix rename to home/modules/sway/default.nix index cd3883f..b093a5a 100644 --- a/modules/home/sway/default.nix +++ b/home/modules/sway/default.nix @@ -22,7 +22,6 @@ in swaylock brightnessctl playerctl - dadadaScripts ]; wayland.windowManager.sway = { diff --git a/modules/home/syncthing.nix b/home/modules/syncthing.nix similarity index 100% rename from modules/home/syncthing.nix rename to home/modules/syncthing.nix diff --git a/modules/home/termite.nix b/home/modules/termite.nix similarity index 100% rename from modules/home/termite.nix rename to home/modules/termite.nix diff --git a/modules/home/tmux.nix b/home/modules/tmux.nix similarity index 100% rename from modules/home/tmux.nix rename to home/modules/tmux.nix diff --git a/modules/home/vim/default.nix b/home/modules/vim/default.nix similarity index 100% rename from modules/home/vim/default.nix rename to home/modules/vim/default.nix diff --git a/modules/home/vim/vimrc b/home/modules/vim/vimrc similarity index 100% rename from modules/home/vim/vimrc rename to home/modules/vim/vimrc diff --git a/modules/home/xdg.nix b/home/modules/xdg.nix similarity index 100% rename from modules/home/xdg.nix rename to home/modules/xdg.nix diff --git a/modules/home/zsh.nix b/home/modules/zsh.nix similarity index 100% rename from modules/home/zsh.nix rename to home/modules/zsh.nix diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix new file mode 100644 index 0000000..9ed1404 --- /dev/null +++ b/home/nixpkgs-config.nix @@ -0,0 +1,7 @@ +{ pkgs }: +{ + allowUnfree = true; + allowBroken = false; + android_sdk.accept_license = true; + pulseaudio = true; +} diff --git a/hosts/gorgon/work/default.nix b/home/work/default.nix similarity index 92% rename from hosts/gorgon/work/default.nix rename to home/work/default.nix index fcdfdcd..93b6597 100644 --- a/hosts/gorgon/work/default.nix +++ b/home/work/default.nix @@ -1,10 +1,5 @@ { config, pkgs, lib, ... }: -let - this = import ../../.. { inherit pkgs; }; -in { - imports = lib.attrValues this.hmModules; - dadada.home = { vim.enable = true; direnv.enable = true; diff --git a/hosts/gorgon/work/pkgs.nix b/home/work/pkgs.nix similarity index 96% rename from hosts/gorgon/work/pkgs.nix rename to home/work/pkgs.nix index a01f6fc..ac69dee 100644 --- a/hosts/gorgon/work/pkgs.nix +++ b/home/work/pkgs.nix @@ -6,7 +6,6 @@ with pkgs; [ element-desktop evince file - firefox-bin fzf git-lfs gitAndTools.hub diff --git a/hosts/default.nix b/hosts/default.nix deleted file mode 100644 index e22e9f5..0000000 --- a/hosts/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - ifrit = ./ifrit; - gorgon = ./gorgon; - surgat = ./surgat; - pruflas = ./pruflas; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 2941d6d..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - admin = ./admin.nix; - backup = ./backup.nix; - homePage = ./homepage.nix; - element = ./element.nix; - fido2 = ./fido2.nix; - fileShare = ./fileShare.nix; - gitea = ./gitea.nix; - networking = ./networking.nix; - share = ./share.nix; - steam = ./steam.nix; - autoUpgrade = ./update.nix; - vpnServer = ./vpnServer.nix; - weechat = ./weechat.nix; -} diff --git a/modules/module-list.nix b/modules/module-list.nix deleted file mode 100644 index 000d15e..0000000 --- a/modules/module-list.nix +++ /dev/null @@ -1,15 +0,0 @@ -[ - ./admin.nix - ./backup.nix - ./element.nix - ./fido2.nix - ./fileShare.nix - ./gitea.nix - ./homepage.nix - ./networking.nix - ./share.nix - ./steam.nix - ./update.nix - ./vpnServer.nix - ./weechat.nix -] diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix deleted file mode 100644 index 3ae87ed..0000000 --- a/modules/profiles/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - base = ./base; - laptop = ./laptop; -} diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix deleted file mode 100644 index e8af493..0000000 --- a/modules/profiles/laptop/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -{ - #nixpkgs.overlays = attrValues (import ../../../overlays); - - # conflicts with power-management - services.tlp.enable = false; - - boot.kernelPackages = pkgs.linuxPackages_latest; - - networking.domain = mkDefault "dadada.li"; - - dadada = { - networking = { - useLocalResolver = mkDefault true; - }; - autoUpgrade.enable = true; - }; - - services.fwupd.enable = true; - - fonts.fonts = mkDefault (with pkgs; [ - source-code-pro - ]); - - time.timeZone = mkDefault "Europe/Berlin"; - - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - - console.keyMap = mkDefault "us"; - - users.mutableUsers = true; - - programs.zsh = mkDefault { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - histSize = 100000; - vteIntegration = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; - }; - }; -} diff --git a/nixos/configurations.nix b/nixos/configurations.nix new file mode 100644 index 0000000..33cd63a --- /dev/null +++ b/nixos/configurations.nix @@ -0,0 +1,69 @@ +{ self +, nixpkgs +, nixosSystem +, home-manager +, nixos-hardware +}: +let adapterModule = { + imports = [ ./modules ]; + nix.nixPath = [ + "home-manager=${home-manager}" + "nixpkgs=${nixpkgs}" + "dadada=${self}" + ]; + nix.registry = { + home-manager.flake = home-manager; + nixpkgs.flake = nixpkgs; + dadada.flake = self; + }; + nix.binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + ]; + nix.requireSignedBinaryCaches = true; + nix.useSandbox = true; + nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays); +}; +in +{ + gorgon = nixosSystem { + system = "x86_64-linux"; + modules = [ + adapterModule + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + #home-manager.nixosModules.home-manager + #{ + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.users.dadada = self.hmConfigurations.home; + #} + ./modules/profiles/laptop.nix + ./gorgon/configuration.nix + ]; + }; + ifrit = nixosSystem { + system = "x86_64-linux"; + modules = [ + adapterModule + ./modules/profiles/server.nix + ./ifrit/configuration.nix + ]; + }; + + surgat = nixosSystem { + system = "x86_64-linux"; + modules = [ + adapterModule + ./modules/profiles/server.nix + ./surgat/configuration.nix + ]; + }; + pruflas = nixosSystem { + system = "x86_64-linux"; + modules = [ + adapterModule + ./modules/profiles/server.nix + ./pruflas/configuration.nix + ]; + }; +} diff --git a/hosts/gorgon/default.nix b/nixos/gorgon/configuration.nix similarity index 56% rename from hosts/gorgon/default.nix rename to nixos/gorgon/configuration.nix index 7e0256a..4d4dace 100644 --- a/hosts/gorgon/default.nix +++ b/nixos/gorgon/configuration.nix @@ -1,35 +1,38 @@ { config, pkgs, lib, ... }: let - this = import ../.. { inherit pkgs; }; - nixos-hardware = builtins.fetchTarball { - url = "https://github.com/NixOS/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz"; - sha256 = "1z4cr5gsyfdpcy31vqg4ikalbxmnnac6jjk1nl8mxj0h0ix7pp36"; - }; + signHook = pkgs.writeShellScript "/etc/nix/sign-cache.sh" + '' + set -eu + set -f # disable globbing + export IFS=' ' + + echo "Signing paths" $OUT_PATHS + nix store sign --key-file /etc/nix/key.private $OUT_PATHS + ''; in { - imports = (lib.attrValues this.modules) ++ [ - ../../modules/profiles/laptop - "${nixos-hardware}/lenovo/thinkpad/t14s" + imports = [ + ./hardware-configuration.nix ]; nix.package = pkgs.nixUnstable; nix.extraOptions = '' experimental-features = nix-command flakes + post-build-hook = ${signHook} ''; + # conflicts with power-management + services.tlp.enable = false; + + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelModules = [ "kvm-amd" ]; - virtualisation = { - libvirtd.enable = true; - docker.enable = true; - }; - - virtualisation.docker.extraOptions = "--bip=192.168.1.5/24"; - networking.hostName = "gorgon"; dadada = { - admin.enable = false; + autoUpgrade.enable = false; + headphones.enable = true; steam.enable = true; #fido2 = { # credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; @@ -38,6 +41,7 @@ in luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; networking = { enableBsShare = true; + useLocalResolver = true; vpnExtension = "3"; }; backupClient = { @@ -51,14 +55,8 @@ in "vm.swappiness" = 90; }; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - programs.adb.enable = true; - services.fstrim.enable = true; - # Enable CUPS to print documents. services.printing = { enable = true; @@ -71,23 +69,17 @@ in ]; }; - environment.systemPackages = [ pkgs.ghostscript ]; - - hardware = { - bluetooth.enable = true; - pulseaudio = { - enable = true; - extraModules = [ pkgs.pulseaudio-modules-bt ]; - extraConfig = '' - set-source-volume 1 10000 - ''; - package = pkgs.pulseaudioFull; + services.miniflux = { + enable = true; + config = { + CLEANUP_FREQUENCY = "48"; + LISTEN_ADDR = "localhost:8080"; }; + adminCredentialsFile = "/var/lib/miniflux/admin-credentials"; }; - services.avahi.enable = false; + environment.systemPackages = [ pkgs.ghostscript ]; - networking.networkmanager.enable = true; networking.firewall = { enable = true; allowedTCPPorts = [ @@ -98,25 +90,6 @@ in ]; }; - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; # so that gtk works properly - extraPackages = with pkgs; [ - swaylock - swayidle - wl-clipboard - mako # notification daemon - alacritty # Alacritty is the default terminal in the config - dmenu # Dmenu is the default in the config but i recommend wofi since its wayland native - ]; - }; - - xdg.mime.enable = true; - users.users = { dadada = { isNormalUser = true; diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix new file mode 100644 index 0000000..d76db13 --- /dev/null +++ b/nixos/gorgon/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5B90-D460"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0"; + fsType = "ext4"; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; } + ]; + + nix.maxJobs = lib.mkDefault 16; +} diff --git a/hosts/ifrit/default.nix b/nixos/ifrit/configuration.nix similarity index 99% rename from hosts/ifrit/default.nix rename to nixos/ifrit/configuration.nix index 1f84534..0499da5 100644 --- a/hosts/ifrit/default.nix +++ b/nixos/ifrit/configuration.nix @@ -10,7 +10,7 @@ let in { imports = [ - ../../modules/profiles/base + ./hardware-configuration.nix ]; dadada = { diff --git a/nixos/ifrit/hardware-configuration.nix b/nixos/ifrit/hardware-configuration.nix new file mode 100644 index 0000000..ed35046 --- /dev/null +++ b/nixos/ifrit/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix" ) + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; } + ]; + + nix.maxJobs = lib.mkDefault 2; +} diff --git a/modules/admin.nix b/nixos/modules/admin.nix similarity index 54% rename from modules/admin.nix rename to nixos/modules/admin.nix index e9807b2..031f628 100644 --- a/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -5,24 +5,26 @@ let cfg = config.dadada.admin; in { - options.dadada.admin = { - enable = mkEnableOption "Enable admin access"; + options = { + dadada.admin = { + enable = mkEnableOption "Enable admin access"; - users = mkOption { - type = with types; attrsOf (listOf path); - default = [ ]; - description = '' - List of admin users with root access to all the machine. - ''; - example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; - }; + users = mkOption { + type = with types; attrsOf (listOf path); + default = [ ]; + description = '' + List of admin users with root access to all the machine. + ''; + example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; + }; - rat = mkOption { - type = types.bool; - default = false; - description = '' - Enable NAT and firewall traversal for SSH via tor hidden service - ''; + rat = mkOption { + type = types.bool; + default = false; + description = '' + Enable NAT and firewall traversal for SSH via tor hidden service + ''; + }; }; }; @@ -49,7 +51,7 @@ in tmux ]; - services.tor.hiddenServices = { + services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; map = [{ port = 22; }]; diff --git a/modules/backup.nix b/nixos/modules/backup.nix similarity index 88% rename from modules/backup.nix rename to nixos/modules/backup.nix index c119962..314d5ae 100644 --- a/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -21,12 +21,14 @@ let ]; cfg = config.dadada.backupClient; in -{ - options.dadada.backupClient = { - enable = mkEnableOption "Enable backup client"; - gs = mkEnableOption "Enable backup to GS location"; - bs = mkEnableOption "Enable backup to BS location"; - }; + { + options = { + dadada.backupClient = { + enable = mkEnableOption "Enable backup client"; + gs = mkEnableOption "Enable backup to GS location"; + bs = mkEnableOption "Enable backup to BS location"; + }; + }; config = mkIf cfg.enable { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix new file mode 100644 index 0000000..b7d7da6 --- /dev/null +++ b/nixos/modules/default.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + imports = [ + ./admin.nix + ./backup.nix + ./element.nix + ./fido2.nix + ./fileShare.nix + ./gitea.nix + ./headphones.nix + ./homepage.nix + ./networking.nix + ./share.nix + ./steam.nix + ./update.nix + ./vpnServer.nix + ./weechat.nix + ]; +} diff --git a/modules/element.nix b/nixos/modules/element.nix similarity index 100% rename from modules/element.nix rename to nixos/modules/element.nix diff --git a/modules/fido2.nix b/nixos/modules/fido2.nix similarity index 99% rename from modules/fido2.nix rename to nixos/modules/fido2.nix index f9d7b40..a24d906 100644 --- a/modules/fido2.nix +++ b/nixos/modules/fido2.nix @@ -5,7 +5,6 @@ let fido2 = config.dadada.fido2; in { - options = { dadada.luks = { uuid = mkOption { diff --git a/modules/fileShare.nix b/nixos/modules/fileShare.nix similarity index 100% rename from modules/fileShare.nix rename to nixos/modules/fileShare.nix diff --git a/modules/gitea.nix b/nixos/modules/gitea.nix similarity index 100% rename from modules/gitea.nix rename to nixos/modules/gitea.nix diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix new file mode 100644 index 0000000..a8c4a16 --- /dev/null +++ b/nixos/modules/headphones.nix @@ -0,0 +1,25 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.headphones; +in +{ + options = { + dadada.headphones = { + enable = mkEnableOption "Enable bluetooth headphones with more audio codecs."; + }; + }; + config = mkIf cfg.enable { + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraConfig = '' + set-source-volume 1 10000 + ''; + package = pkgs.pulseaudioFull; + }; + }; + }; +} diff --git a/modules/homepage.nix b/nixos/modules/homepage.nix similarity index 89% rename from modules/homepage.nix rename to nixos/modules/homepage.nix index 25394d7..9487197 100644 --- a/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -12,7 +12,7 @@ with lib; { services.nginx.virtualHosts."dadada.li" = { enableACME = true; forceSSL = true; - root = /var/lib/www/dadada.li; + root = "/var/lib/www/dadada.li"; }; }; } diff --git a/modules/networking.nix b/nixos/modules/networking.nix similarity index 80% rename from modules/networking.nix rename to nixos/modules/networking.nix index 46d02af..5878b27 100644 --- a/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -4,19 +4,21 @@ let cfg = config.dadada.networking; in { - options.dadada.networking = { - useLocalResolver = mkEnableOption "Enable local caching name server"; - wanInterfaces = mkOption { - type = with types; listOf str; - description = "WAN network interfaces"; - default = [ ]; + options = { + dadada.networking = { + useLocalResolver = mkEnableOption "Enable local caching name server"; + wanInterfaces = mkOption { + type = with types; listOf str; + description = "WAN network interfaces"; + default = [ ]; + }; + vpnExtension = mkOption { + type = with types; nullOr str; + description = "Last part of VPN address"; + default = null; + }; + enableBsShare = mkEnableOption "Enable network share at BS location"; }; - vpnExtension = mkOption { - type = with types; nullOr str; - description = "Last part of VPN address"; - default = null; - }; - enableBsShare = mkEnableOption "Enable network share at BS location"; }; config = { @@ -75,7 +77,7 @@ in partOf = [ "wg-reresolve-dns.service" ]; timerConfig.OnCalendar = "hourly"; }; - systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { + systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { serviceConfig.Type = "oneshot"; script = '' ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:dead:beef::/48 diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix new file mode 100644 index 0000000..bcf09aa --- /dev/null +++ b/nixos/modules/profiles/laptop.nix @@ -0,0 +1,55 @@ +{ config, pkgs, lib, ... }: +with lib; +{ + networking.domain = mkDefault "dadada.li"; + + services.fwupd.enable = mkDefault true; + + fonts.fonts = mkDefault (with pkgs; [ + source-code-pro + ]); + + time.timeZone = mkDefault "Europe/Berlin"; + + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + + console.keyMap = mkDefault "us"; + + users.mutableUsers = mkDefault true; + + programs.zsh = mkDefault { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + histSize = 100000; + vteIntegration = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; + }; + }; + + virtualisation = { + libvirtd.enable = mkDefault true; + docker.enable = mkDefault true; + }; + + virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24"; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = mkDefault true; + boot.loader.efi.canTouchEfiVariables = mkDefault true; + + services.fstrim.enable = mkDefault true; + + services.avahi.enable = false; + + networking.networkmanager.enable = mkDefault true; + networking.firewall.enable = mkDefault true; + + services.xserver.enable = mkDefault true; + services.xserver.displayManager.gdm.enable = mkDefault true; + services.xserver.desktopManager.gnome.enable = mkDefault true; + + xdg.mime.enable = mkDefault true; +} diff --git a/modules/profiles/base/default.nix b/nixos/modules/profiles/server.nix similarity index 50% rename from modules/profiles/base/default.nix rename to nixos/modules/profiles/server.nix index 8d52b4f..ba796c3 100644 --- a/modules/profiles/base/default.nix +++ b/nixos/modules/profiles/server.nix @@ -1,23 +1,13 @@ { config, pkgs, lib, ... }: with lib; { - - nix.binaryCachePublicKeys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - ]; - - nixpkgs.overlays = attrValues (import ../../../overlays); - - imports = import ../../module-list.nix; - networking.domain = mkDefault "dadada.li"; dadada.admin.users = { - "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; + "dadada" = [ "${pkgs.keys}/dadada.pub" ]; }; - dadada.autoUpgrade.enable = mkDefault true; + dadada.autoUpgrade.enable = mkDefault false; environment.noXlibs = mkDefault true; documentation.enable = mkDefault false; @@ -28,5 +18,4 @@ with lib; font = "Lat2-Terminus16"; keyMap = "us"; }; - } diff --git a/modules/share.nix b/nixos/modules/share.nix similarity index 100% rename from modules/share.nix rename to nixos/modules/share.nix diff --git a/modules/steam.nix b/nixos/modules/steam.nix similarity index 78% rename from modules/steam.nix rename to nixos/modules/steam.nix index f04b8dc..4784c0c 100644 --- a/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -4,8 +4,10 @@ let cfg = config.dadada.steam; in { - options.dadada.steam = { - enable = mkEnableOption "Enable Steam config"; + options = { + dadada.steam = { + enable = mkEnableOption "Enable Steam config"; + }; }; config = mkIf cfg.enable { nixpkgs.config.allowUnfree = true; diff --git a/modules/update.nix b/nixos/modules/update.nix similarity index 93% rename from modules/update.nix rename to nixos/modules/update.nix index 84e5145..726a40e 100644 --- a/modules/update.nix +++ b/nixos/modules/update.nix @@ -11,7 +11,7 @@ in config = mkIf cfg.enable { nix = { - autoOptimiseStore = true; + autoOptimiseStore = false; useSandbox = true; gc = { automatic = true; diff --git a/modules/vpnServer.nix b/nixos/modules/vpnServer.nix similarity index 100% rename from modules/vpnServer.nix rename to nixos/modules/vpnServer.nix diff --git a/modules/weechat.nix b/nixos/modules/weechat.nix similarity index 100% rename from modules/weechat.nix rename to nixos/modules/weechat.nix diff --git a/nixos/modules/zsh.nix b/nixos/modules/zsh.nix new file mode 100644 index 0000000..f63b932 --- /dev/null +++ b/nixos/modules/zsh.nix @@ -0,0 +1,14 @@ +{ config, pkgs, lib, ... }: +{ + programs.zsh = { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + histSize = 100000; + vteIntegration = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; + }; + }; +} diff --git a/hosts/pruflas/default.nix b/nixos/pruflas/configuration.nix similarity index 73% rename from hosts/pruflas/default.nix rename to nixos/pruflas/configuration.nix index ff02f55..3be4880 100644 --- a/hosts/pruflas/default.nix +++ b/nixos/pruflas/configuration.nix @@ -2,28 +2,9 @@ with lib; let hostName = "pruflas"; - this = import ../.. { inherit pkgs; }; - logo = builtins.fetchurl { - sha256 = "1c8y19a3yz4g9dl7hbx7aq4y92jfxl4nrsparzyzwn0wcm9jan27"; - url = "https://openmoji.org/php/download_from_github.php?emoji_hexcode=1F431-200D-1F4BB&emoji_variant=color"; - name = "open-moji-hack-cat"; - }; in { - nix.binaryCachePublicKeys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - ]; - - - imports = [ this.profiles.base ]; - - nix = { - package = pkgs.nixFlakes; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; + imports = [ ./hardware-configuration.nix ]; networking.hostName = hostName; networking.hosts = { @@ -41,7 +22,6 @@ in useSubstitutes = true; listenHost = "hydra.dadada.li"; port = 3000; - logo = logo; }; nix.buildMachines = [ @@ -63,12 +43,7 @@ in ''; }; - dadada.admin = { - enable = true; - users = { - "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; - }; - }; + dadada.admin.enable = true; dadada.networking.vpnExtension = "5"; dadada.backupClient = { diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix new file mode 100644 index 0000000..fcada3e --- /dev/null +++ b/nixos/pruflas/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78"; + fsType = "ext4"; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0494-CB52"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/hosts/surgat/default.nix b/nixos/surgat/configuration.nix similarity index 94% rename from hosts/surgat/default.nix rename to nixos/surgat/configuration.nix index 1c8578a..d5de97d 100644 --- a/hosts/surgat/default.nix +++ b/nixos/surgat/configuration.nix @@ -1,10 +1,11 @@ { config, pkgs, lib, ... }: let hostName = "surgat"; - this = import ../.. { inherit pkgs; }; in { - imports = [ this.profiles.base ]; + imports = [ + ./hardware-configuration.nix + ]; networking.hostName = hostName; @@ -37,7 +38,7 @@ in dadada.admin = { enable = true; users = { - "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; + "dadada" = [ "${pkgs.keys}/dadada.pub" ]; }; }; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix new file mode 100644 index 0000000..c3c4c45 --- /dev/null +++ b/nixos/surgat/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3"; + fsType = "ext2"; + }; + + swapDevices = [ ]; + +} diff --git a/outputs.nix b/outputs.nix new file mode 100644 index 0000000..69967b7 --- /dev/null +++ b/outputs.nix @@ -0,0 +1,73 @@ +# Adapted from Mic92/dotfiles +{ self +, flake-utils +, nixpkgs +, home-manager +, nixos-hardware +, ... +}: +(flake-utils.lib.eachSystem ["x86_64-linux"] (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + selfPkgs = self.packages.${system}; + pythonPackages = import ./pkgs/python-pkgs; + python3Packages = pythonPackages { callPackage = pkgs.python3Packages.callPackage; }; + #lib = import ./lib; + in + { + apps.deploy = { + type = "app"; + program = "${selfPkgs.deploy}/bin/deploy"; + }; + apps.hm-switch = { + type = "app"; + program = toString (pkgs.writeScript "hm-switch" '' + #!${pkgs.runtimeShell} + set -eu -o pipefail -x + tmpdir=$(mktemp -d) + export PATH=${pkgs.lib.makeBinPath [ pkgs.coreutils pkgs.nixFlakes pkgs.jq ]} + trap "rm -rf $tmpdir" EXIT + declare -A profiles=(["gorgon"]="home" ["timsch-nb"]="work") + profile=''${profiles[$HOSTNAME]:-common} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nix build --show-trace --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" + link=$(realpath $tmpdir/result) + $link/activate + ''); + }; + apps.recipemd = { + type = "app"; + program = "${selfPkgs.recipemd}/bin/recipemd"; + }; + devShell = pkgs.callPackage ./shell.nix { + deploy = selfPkgs.deploy; + }; + packages = flake-utils.lib.flattenTree { + deploy = pkgs.callPackage ./pkgs/deploy.nix { }; + scripts = pkgs.callPackage ./pkgs/scripts.nix { }; + keys = pkgs.callPackage ./pkgs/keys { }; + homePage = pkgs.callPackage ./pkgs/homePage { }; + recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd; + }; + })) // { + hmConfigurations = import ./home/configurations.nix { + inherit self nixpkgs home-manager; + }; + hmModules = import ./home/modules; + nixosConfigurations = import ./nixos/configurations.nix { + nixosSystem = nixpkgs.lib.nixosSystem; + inherit self nixpkgs home-manager nixos-hardware; + }; + nixosModule = import ./nixos/modules; + overlays = import ./overlays; + pythonPackages = import ./pkgs/python-pkgs; + + hydraJobs = ( + nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) + self.nixosConfigurations + ) // (nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.activation-script) + self.hmConfigurations + ); +} diff --git a/overlay.nix b/overlay.nix deleted file mode 100644 index 793725a..0000000 --- a/overlay.nix +++ /dev/null @@ -1,18 +0,0 @@ -self: super: -let - isReserved = n: builtins.elem n [ - "lib" - "hosts" - "hmModules" - "modules" - "overlays" - "profiles" - "pythonPackages" - ]; - nameValuePair = n: v: { name = n; value = v; }; - attrs = import ./default.nix { pkgs = super; }; -in -builtins.listToAttrs - (map (n: nameValuePair n attrs.${n}) - (builtins.filter (n: !isReserved n) - (builtins.attrNames attrs))) diff --git a/overlays/default.nix b/overlays/default.nix index b4ed4c4..704511b 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,16 +1,18 @@ -{ - tubslatex = import ./tubslatex.nix; - dadadaKeys = self: super: { - dadadaKeys = super.callPackage ../pkgs/keys { }; - }; - homePage = self: super: { - homePage = super.callPackage ../pkgs/homePage { }; - }; - dadadaScripts = self: super: { - dadadaScripts = super.callPackage ../pkgs/scripts.nix { }; - }; +let python3Packages = import ./python3-packages.nix; - recipemd = self: super: { - recipemd = super.python3Packages.toPythonApplication super.python3Packages.recipemd; +in +{ + #tubslatex = import ./tubslatex.nix; + keys = final: prev: { + keys = prev.callPackage ../pkgs/keys { }; + }; + homePage = final: prev: { + homePage = prev.callPackage ../pkgs/homePage { }; + }; + scripts = final: prev: { + scipts = prev.callPackage ../pkgs/scripts.nix { }; + }; + recipemd = final: prev: { + recipemd = prev.python3Packages.toPythonApplication prev.python3Packages.recipemd; }; } diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix index 8df97d7..9771e79 100644 --- a/pkgs/deploy.nix +++ b/pkgs/deploy.nix @@ -6,7 +6,7 @@ }: stdenv.mkDerivation rec { name = "dadada-deploy"; - version = "0.1"; + version = "0.1.1"; src = ../utils; @@ -28,7 +28,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "deploy scripts"; license = licenses.publicDomain; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = [ "dadada" ]; }; } diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix index af952ca..bcf0318 100644 --- a/pkgs/homePage/default.nix +++ b/pkgs/homePage/default.nix @@ -15,5 +15,5 @@ stdenv.mkDerivation rec { cp -r src/* $out/ ''; name = "dadada.li"; - version = "0.1"; + version = "0.2"; } diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix index 009277f..a604e9a 100644 --- a/pkgs/python-pkgs/recipemd/default.nix +++ b/pkgs/python-pkgs/recipemd/default.nix @@ -1,6 +1,6 @@ { lib , buildPythonPackage -, fetchPypi +, fetchFromGitHub , pytestCheckHook , pythonPackages , installShellFiles @@ -14,10 +14,11 @@ buildPythonPackage rec { disabled = isPy36 || isPy27; - src = fetchPypi { - pname = pname; - version = version; - sha256 = "142w5zb2gf8s5z72bflpkmks633ic42z97nsgw491mskl6jg7cvq"; + src = fetchFromGitHub { + owner = "tstehr"; + repo = "recipemd"; + rev = "v4.0.7"; + sha256 = "sha256-P65CxTaROfvx9kNSJWa5CiCUHCurTMZx8uUH9W9uK1U="; }; propagatedBuildInputs = with pythonPackages; [ @@ -47,7 +48,7 @@ buildPythonPackage rec { pythonPackages.pytestcov ]; - doCheck = false; + doCheck = true; meta = with lib; { description = "Markdown recipe manager, reference implementation of RecipeMD"; diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix index f1dfe42..dd18070 100644 --- a/pkgs/scripts.nix +++ b/pkgs/scripts.nix @@ -3,7 +3,7 @@ (import (pkgs.fetchgit { url = "https://git.dadada.li/dadada/scripts.git"; - sha256 = "0pspybphfqmccl9w97dr89g47dbxk8ly05x8x7c313a5i3pzd5lm"; - rev = "e1a887a658da130c2a513d4c770d5026565c4e69"; + sha256 = "sha256-Kdwb34XXLOl4AaiVmOZ3nlu/KdENMqvH+UwISv8Pyiw="; + rev = "065ff0f0ee9e44234678f0fefbba7961ea42518c"; }) { stdenv = stdenv; lib = lib; }) diff --git a/shell.nix b/shell.nix index 5c79b80..37a2389 100644 --- a/shell.nix +++ b/shell.nix @@ -1,7 +1,8 @@ -{ pkgs ? import { } }: +{ mkShell +, deploy +}: -with (import ./default.nix { inherit pkgs; }); -pkgs.mkShell { +mkShell { buildInputs = [ deploy ]; From abe1adba4942e8d7e622496385ea35af87b1d554 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 27 Jun 2021 23:11:16 +0200 Subject: [PATCH 154/988] update readme --- README.md | 8 +++----- outputs.nix | 5 ++++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 05bcdf1..3d1be2f 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ Use at your own risk. ## Deploying -The `./deploy` script generates a NixOS configuration that pins the current git `HEAD` of this project and copies the resulting `configuration.nix` to the destionation host. Then it tests the new confiurations and rolls back if it fails. - -## TODO - -- Use `nix-copy-closure`? +``` +nix run .#deploy $TARGET_HOST +``` diff --git a/outputs.nix b/outputs.nix index 69967b7..3e6ecab 100644 --- a/outputs.nix +++ b/outputs.nix @@ -17,7 +17,10 @@ { apps.deploy = { type = "app"; - program = "${selfPkgs.deploy}/bin/deploy"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + nixos-rebuild switch --upgrade --flake ".#$1" --target-host "$1.dadada.li" --build-host localhost --use-remote-sudo + ''); }; apps.hm-switch = { type = "app"; From be5e43f9fdf64f19a270be30faa87f83c7b80da8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jul 2021 17:01:17 +0200 Subject: [PATCH 155/988] update flakes --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 92f3b85..e5ba335 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1624806645, - "narHash": "sha256-f/UWLS34FUlsmL1YhOcpmGhdG808206qiz1MGJd3K1c=", + "lastModified": 1625384440, + "narHash": "sha256-WnDK+LZioER6eeC8Sm7GPvbiS6XPyUqn+qtc2lvjLHo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2aeaf65e8f9219c1acdb47bcf278983b3170a344", + "rev": "ac319fd3149b23a3ad8ee24cb2def6e67acf194c", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1624713701, - "narHash": "sha256-miYoO9/M+ZYlNPknRF9VYh6bQEQCPPz6lM0Pb60jbPk=", + "lastModified": 1625333638, + "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "03c60a2db286bcd8ecfac9a8739c50626ca0fd8e", + "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d", "type": "github" }, "original": { @@ -51,10 +51,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624447853, - "narHash": "sha256-Zn+vTEa3NE9q6z6ytpcNXrr8jV7HvrKRxMYoD2E6DpE=", - "path": "/nix/store/1iblaav6dxrc5b39b3gbdnbl47sfjxrq-source", - "rev": "1905f5f2e55e0db0bb6244cfe62cb6c0dbda391d", + "lastModified": 1624626397, + "narHash": "sha256-+h0ulo5//RqStx6g6MDqD9MzgmBfeZ1VYxwEaSmw/Zs=", + "path": "/nix/store/nanws06l7r1avkvjjga5vlv01y2v4n8d-source", + "rev": "e1f8852faac7638e88d5e8a5b9ee2a7568685e3f", "type": "path" }, "original": { @@ -64,11 +64,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1624626397, - "narHash": "sha256-+h0ulo5//RqStx6g6MDqD9MzgmBfeZ1VYxwEaSmw/Zs=", + "lastModified": 1625281901, + "narHash": "sha256-DkZDtTIPzhXATqIps2ifNFpnI+PTcfMYdcrx/oFm00Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1f8852faac7638e88d5e8a5b9ee2a7568685e3f", + "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", "type": "github" }, "original": { From 553749fea46009f03fad02081de7f42360a6fb3e Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 6 Jul 2021 23:26:24 +0200 Subject: [PATCH 156/988] add nvd --- flake.lock | 54 ++++++++++++++++++++++++++++++++++++++++- flake.nix | 1 + home/configurations.nix | 6 +++-- home/home/pkgs.nix | 1 + outputs.nix | 3 ++- 5 files changed, 61 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e5ba335..c198017 100644 --- a/flake.lock +++ b/flake.lock @@ -15,6 +15,21 @@ "type": "github" } }, + "flake-utils_2": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": "nixpkgs" @@ -78,12 +93,49 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1625512941, + "narHash": "sha256-P2POZzfG+Hp8ktIWwkOs/OMB8jSsQvIPQaLO0swpgZo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3e0ce8c5d478d06b37a4faa7a4cc8642c6bb97de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nvd": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1625605432, + "narHash": "sha256-nsFkuko8XqfMMIiszRw2AerDUyZ33ohniEbleqMoHs4=", + "ref": "init-flake", + "rev": "51fab994bcb8898a5e7c6e95608cd64d0a18d6a5", + "revCount": 12, + "type": "git", + "url": "https://gitlab.com/dadada_/nvd.git" + }, + "original": { + "ref": "init-flake", + "type": "git", + "url": "https://gitlab.com/dadada_/nvd.git" + } + }, "root": { "inputs": { "flake-utils": "flake-utils", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "nvd": "nvd" } } }, diff --git a/flake.nix b/flake.nix index 167ee01..8550cb7 100644 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,7 @@ nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; home-manager.url = github:nix-community/home-manager; nixos-hardware.url = github:NixOS/nixos-hardware/master; + nvd.url = git+https://gitlab.com/dadada_/nvd.git?ref=init-flake; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/configurations.nix b/home/configurations.nix index 66ffe89..0df592e 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,6 +1,7 @@ { self , nixpkgs , home-manager +, nvd }: let hmConfiguration = @@ -27,8 +28,9 @@ in { home = hmConfiguration { extraModules = [ ./home ]; - overlays = with self.overlays; [ - scripts + overlays = [ + self.overlays.scripts + (final: prev: { n = nvd; }) ]; stateVersion = "20.09"; }; diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 626eddc..de578e5 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -56,6 +56,7 @@ with pkgs; [ nfs-utils niv nmap + nvd openssl p7zip pass diff --git a/outputs.nix b/outputs.nix index 3e6ecab..2f7ed10 100644 --- a/outputs.nix +++ b/outputs.nix @@ -4,6 +4,7 @@ , nixpkgs , home-manager , nixos-hardware +, nvd , ... }: (flake-utils.lib.eachSystem ["x86_64-linux"] (system: @@ -54,7 +55,7 @@ }; })) // { hmConfigurations = import ./home/configurations.nix { - inherit self nixpkgs home-manager; + inherit self nixpkgs home-manager nvd; }; hmModules = import ./home/modules; nixosConfigurations = import ./nixos/configurations.nix { From 2c0ea20ad5b9a62c68e1f248f363462e772a4d78 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Jul 2021 20:13:02 +0200 Subject: [PATCH 157/988] update flakes --- flake.lock | 43 ++++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index c198017..892f0c2 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1625384440, - "narHash": "sha256-WnDK+LZioER6eeC8Sm7GPvbiS6XPyUqn+qtc2lvjLHo=", + "lastModified": 1625909913, + "narHash": "sha256-ZP3RCGYwPDu4I5rwLYER2/d4aHFxiMTQ5Ioc89WRTow=", "owner": "nix-community", "repo": "home-manager", - "rev": "ac319fd3149b23a3ad8ee24cb2def6e67acf194c", + "rev": "9ed7a73ae23f0d905bd098c6ce71c50289d37928", "type": "github" }, "original": { @@ -66,10 +66,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1624626397, - "narHash": "sha256-+h0ulo5//RqStx6g6MDqD9MzgmBfeZ1VYxwEaSmw/Zs=", - "path": "/nix/store/nanws06l7r1avkvjjga5vlv01y2v4n8d-source", - "rev": "e1f8852faac7638e88d5e8a5b9ee2a7568685e3f", + "lastModified": 1625281901, + "narHash": "sha256-DkZDtTIPzhXATqIps2ifNFpnI+PTcfMYdcrx/oFm00Q=", + "path": "/nix/store/wsfwxm10shvi4yr0ll8p4v1dp7l7wqfl-source", + "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", "type": "path" }, "original": { @@ -79,11 +79,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1625281901, - "narHash": "sha256-DkZDtTIPzhXATqIps2ifNFpnI+PTcfMYdcrx/oFm00Q=", + "lastModified": 1625697353, + "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", + "rev": "87807e64a5ef5206b745a40af118c7be8db73681", "type": "github" }, "original": { @@ -95,18 +95,15 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1625512941, - "narHash": "sha256-P2POZzfG+Hp8ktIWwkOs/OMB8jSsQvIPQaLO0swpgZo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3e0ce8c5d478d06b37a4faa7a4cc8642c6bb97de", - "type": "github" + "lastModified": 1625281901, + "narHash": "sha256-DkZDtTIPzhXATqIps2ifNFpnI+PTcfMYdcrx/oFm00Q=", + "path": "/nix/store/wsfwxm10shvi4yr0ll8p4v1dp7l7wqfl-source", + "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", + "type": "path" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "type": "indirect" } }, "nvd": { @@ -115,10 +112,10 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1625605432, - "narHash": "sha256-nsFkuko8XqfMMIiszRw2AerDUyZ33ohniEbleqMoHs4=", + "lastModified": 1625773975, + "narHash": "sha256-J4bbWBtVrB5tMk6tUKwKsvQotKpQFmbOZRTUr30aJ0M=", "ref": "init-flake", - "rev": "51fab994bcb8898a5e7c6e95608cd64d0a18d6a5", + "rev": "d6cbc5b4acead34f4c4042e6ba6800fecb64fc2e", "revCount": 12, "type": "git", "url": "https://gitlab.com/dadada_/nvd.git" From d63c116b9f0badff23ee4fa990804543004cb01d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Jul 2021 18:52:46 +0200 Subject: [PATCH 158/988] fix nixosModules --- nixos/configurations.nix | 9 ++++----- nixos/modules/default.nix | 31 ++++++++++++++----------------- outputs.nix | 2 +- 3 files changed, 19 insertions(+), 23 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 33cd63a..3beeadd 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -5,7 +5,6 @@ , nixos-hardware }: let adapterModule = { - imports = [ ./modules ]; nix.nixPath = [ "home-manager=${home-manager}" "nixpkgs=${nixpkgs}" @@ -28,7 +27,7 @@ in { gorgon = nixosSystem { system = "x86_64-linux"; - modules = [ + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ adapterModule nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 #home-manager.nixosModules.home-manager @@ -43,7 +42,7 @@ in }; ifrit = nixosSystem { system = "x86_64-linux"; - modules = [ + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ adapterModule ./modules/profiles/server.nix ./ifrit/configuration.nix @@ -52,7 +51,7 @@ in surgat = nixosSystem { system = "x86_64-linux"; - modules = [ + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ adapterModule ./modules/profiles/server.nix ./surgat/configuration.nix @@ -60,7 +59,7 @@ in }; pruflas = nixosSystem { system = "x86_64-linux"; - modules = [ + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ adapterModule ./modules/profiles/server.nix ./pruflas/configuration.nix diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index b7d7da6..8e2b55a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,19 +1,16 @@ -{ ... }: { - imports = [ - ./admin.nix - ./backup.nix - ./element.nix - ./fido2.nix - ./fileShare.nix - ./gitea.nix - ./headphones.nix - ./homepage.nix - ./networking.nix - ./share.nix - ./steam.nix - ./update.nix - ./vpnServer.nix - ./weechat.nix - ]; + admin = import ./admin.nix; + backup = import ./backup.nix; + element = import ./element.nix; + fido2 = import ./fido2.nix; + fileShare = import ./fileShare.nix; + gitea = import ./gitea.nix; + headphones = import ./headphones.nix; + homepage = import ./homepage.nix; + networking = import ./networking.nix; + share = import ./share.nix; + steam = import ./steam.nix; + update = import ./update.nix; + vpnServer = import ./vpnServer.nix; + weechat = import ./weechat.nix; } diff --git a/outputs.nix b/outputs.nix index 2f7ed10..c2c3b0f 100644 --- a/outputs.nix +++ b/outputs.nix @@ -62,7 +62,7 @@ nixosSystem = nixpkgs.lib.nixosSystem; inherit self nixpkgs home-manager nixos-hardware; }; - nixosModule = import ./nixos/modules; + nixosModules = import ./nixos/modules; overlays = import ./overlays; pythonPackages = import ./pkgs/python-pkgs; From cdabd0cc44a87094968a58ed4ea7b24c9ca34f87 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Jul 2021 19:24:05 +0200 Subject: [PATCH 159/988] fix hmModule --- home/modules/default.nix | 39 ++++++++++++++++++++------------------- nixos/modules/default.nix | 1 + outputs.nix | 6 +++--- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/home/modules/default.nix b/home/modules/default.nix index 17d41d6..674289f 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -1,21 +1,22 @@ +{ self, ... }@inputs: { - alacritty = ./alacritty; - colors = ./colors.nix; - direnv = ./direnv.nix; - fish = ./fish.nix; - git = ./git.nix; - gpg = ./gpg.nix; - gtk = ./gtk.nix; - keyring = ./keyring.nix; - kitty = ./kitty; - mako = ./mako.nix; - session = ./session.nix; - ssh = ./ssh.nix; - sway = ./sway; - syncthing = ./syncthing.nix; - termite = ./termite.nix; - tmux = ./tmux.nix; - vim = ./vim; - xdg = ./xdg.nix; - zsh = ./zsh.nix; + alacritty = import ./alacritty; + colors = import ./colors.nix; + direnv = import ./direnv.nix; + fish = import ./fish.nix; + git = import ./git.nix; + gpg = import ./gpg.nix; + gtk = import ./gtk.nix; + keyring = import ./keyring.nix; + kitty = import ./kitty; + mako = import ./mako.nix; + session = import ./session.nix; + ssh = import ./ssh.nix; + sway = import ./sway; + syncthing = import ./syncthing.nix; + termite = import ./termite.nix; + tmux = import ./tmux.nix; + vim = import ./vim; + xdg = import ./xdg.nix; + zsh = import ./zsh.nix; } diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 8e2b55a..522fbd5 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,3 +1,4 @@ +{ ... }@inputs: { admin = import ./admin.nix; backup = import ./backup.nix; diff --git a/outputs.nix b/outputs.nix index c2c3b0f..3eafa42 100644 --- a/outputs.nix +++ b/outputs.nix @@ -6,7 +6,7 @@ , nixos-hardware , nvd , ... -}: +}@inputs: (flake-utils.lib.eachSystem ["x86_64-linux"] (system: let pkgs = nixpkgs.legacyPackages.${system}; @@ -57,12 +57,12 @@ hmConfigurations = import ./home/configurations.nix { inherit self nixpkgs home-manager nvd; }; - hmModules = import ./home/modules; + hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { nixosSystem = nixpkgs.lib.nixosSystem; inherit self nixpkgs home-manager nixos-hardware; }; - nixosModules = import ./nixos/modules; + nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; pythonPackages = import ./pkgs/python-pkgs; From 4c8e42ee1cf698256dc9b8ea243cb34b26f0cea9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Jul 2021 20:55:07 +0200 Subject: [PATCH 160/988] add doom-emacs --- flake.lock | 350 +++++++++++++++++++++++++- flake.nix | 7 +- home/configurations.nix | 3 +- home/home/default.nix | 1 + home/modules/default.nix | 3 +- home/modules/emacs/default.nix | 22 ++ home/modules/emacs/doom.d/config.el | 4 + home/modules/emacs/doom.d/init.el | 188 ++++++++++++++ home/modules/emacs/doom.d/packages.el | 0 outputs.nix | 3 +- 10 files changed, 565 insertions(+), 16 deletions(-) create mode 100644 home/modules/emacs/default.nix create mode 100644 home/modules/emacs/doom.d/config.el create mode 100644 home/modules/emacs/doom.d/init.el create mode 100644 home/modules/emacs/doom.d/packages.el diff --git a/flake.lock b/flake.lock index 892f0c2..9971282 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,133 @@ { "nodes": { + "doom-emacs": { + "flake": false, + "locked": { + "lastModified": 1623114989, + "narHash": "sha256-btRwMu76Gnn9lW7YbzDAgWjlJx61tCT+e3kByNx97aw=", + "owner": "hlissner", + "repo": "doom-emacs", + "rev": "2731685095d1e6101b3215aa689426e1834ce00f", + "type": "github" + }, + "original": { + "owner": "hlissner", + "ref": "develop", + "repo": "doom-emacs", + "type": "github" + } + }, + "doom-snippets": { + "flake": false, + "locked": { + "lastModified": 1622216706, + "narHash": "sha256-Dsl5T1OFPy++md0Lo0pKUqcpCW6T5WDF2sjeB/IVi1g=", + "owner": "hlissner", + "repo": "doom-snippets", + "rev": "bc613f448eed1bd363e61c41691a61e9fd139534", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "doom-snippets", + "type": "github" + } + }, + "emacs-overlay": { + "locked": { + "lastModified": 1625937277, + "narHash": "sha256-JbID1xZBoJrDkcqiwk/i42oXVWh7uXSt0EPbGM4HVpw=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "215fb1596ffc8f317cba6460c45ca3e678b51c1f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-so-long": { + "flake": false, + "locked": { + "lastModified": 1575031854, + "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", + "owner": "hlissner", + "repo": "emacs-so-long", + "rev": "ed666b0716f60e8988c455804de24b55919e71ca", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "emacs-so-long", + "type": "github" + } + }, + "evil-markdown": { + "flake": false, + "locked": { + "lastModified": 1591038520, + "narHash": "sha256-Kt2wxG1XCFowavVWtj0urM/yURKegonpZcxTy/+CrJY=", + "owner": "Somelauw", + "repo": "evil-markdown", + "rev": "064fe9b4767470472356d20bdd08e2f30ebbc9ac", + "type": "github" + }, + "original": { + "owner": "Somelauw", + "repo": "evil-markdown", + "type": "github" + } + }, + "evil-org-mode": { + "flake": false, + "locked": { + "lastModified": 1607203864, + "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", + "owner": "hlissner", + "repo": "evil-org-mode", + "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-org-mode", + "type": "github" + } + }, + "evil-quick-diff": { + "flake": false, + "locked": { + "lastModified": 1575189609, + "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", + "type": "github" + }, + "original": { + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "type": "github" + } + }, + "explain-pause-mode": { + "flake": false, + "locked": { + "lastModified": 1595842060, + "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", + "owner": "lastquestion", + "repo": "explain-pause-mode", + "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", + "type": "github" + }, + "original": { + "owner": "lastquestion", + "repo": "explain-pause-mode", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1623875721, @@ -30,6 +158,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": "nixpkgs" @@ -48,6 +191,60 @@ "type": "github" } }, + "nix-doom-emacs": { + "inputs": { + "doom-emacs": "doom-emacs", + "doom-snippets": "doom-snippets", + "emacs-overlay": [ + "emacs-overlay" + ], + "emacs-so-long": "emacs-so-long", + "evil-markdown": "evil-markdown", + "evil-org-mode": "evil-org-mode", + "evil-quick-diff": "evil-quick-diff", + "explain-pause-mode": "explain-pause-mode", + "flake-utils": "flake-utils_2", + "nix-straight": "nix-straight", + "nixpkgs": "nixpkgs_2", + "nose": "nose", + "ob-racket": "ob-racket", + "org-mode": "org-mode", + "org-yt": "org-yt", + "php-extras": "php-extras", + "revealjs": "revealjs", + "rotate-text": "rotate-text" + }, + "locked": { + "lastModified": 1625001464, + "narHash": "sha256-3RGoNYZ4hAo+iRTfy6qJfQ3YzLMDDFzBIUQNEmCv6Ms=", + "owner": "vlaci", + "repo": "nix-doom-emacs", + "rev": "3893c50877a9d2d5d4aeee524ba1539f22115f1f", + "type": "github" + }, + "original": { + "owner": "vlaci", + "repo": "nix-doom-emacs", + "type": "github" + } + }, + "nix-straight": { + "flake": false, + "locked": { + "lastModified": 1621543597, + "narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=", + "owner": "vlaci", + "repo": "nix-straight.el", + "rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca", + "type": "github" + }, + "original": { + "owner": "vlaci", + "ref": "v2.2.0", + "repo": "nix-straight.el", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1625333638, @@ -66,10 +263,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1625281901, - "narHash": "sha256-DkZDtTIPzhXATqIps2ifNFpnI+PTcfMYdcrx/oFm00Q=", - "path": "/nix/store/wsfwxm10shvi4yr0ll8p4v1dp7l7wqfl-source", - "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", + "lastModified": 1625697353, + "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", + "path": "/nix/store/aa0a8kkfywkgg3hq9njg45rip2ndq5pf-source", + "rev": "87807e64a5ef5206b745a40af118c7be8db73681", "type": "path" }, "original": { @@ -78,6 +275,21 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1624561540, + "narHash": "sha256-izJ2PYZMGMsSkg+e7c9A1x3t/yOLT+qzUM6WQsc2tqo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c6a049a3d32293b24c0f894a840872cf67fd7c11", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixpkgs-unstable", + "type": "indirect" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1625697353, "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", @@ -93,12 +305,12 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1625281901, - "narHash": "sha256-DkZDtTIPzhXATqIps2ifNFpnI+PTcfMYdcrx/oFm00Q=", - "path": "/nix/store/wsfwxm10shvi4yr0ll8p4v1dp7l7wqfl-source", - "rev": "09c38c29f2c719cd76ca17a596c2fdac9e186ceb", + "lastModified": 1625697353, + "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", + "path": "/nix/store/aa0a8kkfywkgg3hq9njg45rip2ndq5pf-source", + "rev": "87807e64a5ef5206b745a40af118c7be8db73681", "type": "path" }, "original": { @@ -106,10 +318,26 @@ "type": "indirect" } }, + "nose": { + "flake": false, + "locked": { + "lastModified": 1400604510, + "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", + "owner": "emacsattic", + "repo": "nose", + "rev": "f8528297519eba911696c4e68fa88892de9a7b72", + "type": "github" + }, + "original": { + "owner": "emacsattic", + "repo": "nose", + "type": "github" + } + }, "nvd": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1625773975, @@ -126,14 +354,112 @@ "url": "https://gitlab.com/dadada_/nvd.git" } }, + "ob-racket": { + "flake": false, + "locked": { + "lastModified": 1584656173, + "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", + "owner": "xchrishawk", + "repo": "ob-racket", + "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", + "type": "github" + }, + "original": { + "owner": "xchrishawk", + "repo": "ob-racket", + "type": "github" + } + }, + "org-mode": { + "flake": false, + "locked": { + "lastModified": 1624525995, + "narHash": "sha256-1eximAnDXKC+midwicoKko1cHF3ElCEOzzkUUWC8G4M=", + "owner": "emacs-straight", + "repo": "org-mode", + "rev": "5c07b279e0737b19e91c1d1b21016d9b4c8ffa62", + "type": "github" + }, + "original": { + "owner": "emacs-straight", + "repo": "org-mode", + "type": "github" + } + }, + "org-yt": { + "flake": false, + "locked": { + "lastModified": 1527381913, + "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", + "owner": "TobiasZawada", + "repo": "org-yt", + "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", + "type": "github" + }, + "original": { + "owner": "TobiasZawada", + "repo": "org-yt", + "type": "github" + } + }, + "php-extras": { + "flake": false, + "locked": { + "lastModified": 1573312690, + "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", + "owner": "arnested", + "repo": "php-extras", + "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", + "type": "github" + }, + "original": { + "owner": "arnested", + "repo": "php-extras", + "type": "github" + } + }, + "revealjs": { + "flake": false, + "locked": { + "lastModified": 1623242337, + "narHash": "sha256-u3gZ13x40cjK1k9HTNnqRrp3io0tDTu6JPGd05mGJGw=", + "owner": "hakimel", + "repo": "reveal.js", + "rev": "ade234576e8ddd683cf16d0d8bb0236f37cf1a99", + "type": "github" + }, + "original": { + "owner": "hakimel", + "repo": "reveal.js", + "type": "github" + } + }, "root": { "inputs": { + "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", + "nix-doom-emacs": "nix-doom-emacs", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nvd": "nvd" } + }, + "rotate-text": { + "flake": false, + "locked": { + "lastModified": 1322962747, + "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", + "owner": "debug-ito", + "repo": "rotate-text.el", + "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", + "type": "github" + }, + "original": { + "owner": "debug-ito", + "repo": "rotate-text.el", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 8550cb7..da37caa 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,15 @@ description = "dadada's nix flake"; inputs = { + emacs-overlay.url = github:nix-community/emacs-overlay; flake-utils.url = github:numtide/flake-utils; - nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; home-manager.url = github:nix-community/home-manager; + nix-doom-emacs = { + url = github:vlaci/nix-doom-emacs; + inputs.emacs-overlay.follows = "emacs-overlay"; + }; nixos-hardware.url = github:NixOS/nixos-hardware/master; + nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; nvd.url = git+https://gitlab.com/dadada_/nvd.git?ref=init-flake; }; diff --git a/home/configurations.nix b/home/configurations.nix index 0df592e..3c9fc8e 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,8 +1,9 @@ { self , nixpkgs , home-manager +, nix-doom-emacs , nvd -}: +}@inputs: let hmConfiguration = { homeDirectory ? "/home/dadada" diff --git a/home/home/default.nix b/home/home/default.nix index b46d9cf..7af7445 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -2,6 +2,7 @@ let useFeatures = [ "alacritty" + "emacs" "vim" "direnv" "git" diff --git a/home/modules/default.nix b/home/modules/default.nix index 674289f..c5fe056 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -1,8 +1,9 @@ -{ self, ... }@inputs: +{ self, nix-doom-emacs, ... }@inputs: { alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; + emacs = import ./emacs { inherit nix-doom-emacs; }; fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix new file mode 100644 index 0000000..febcc9c --- /dev/null +++ b/home/modules/emacs/default.nix @@ -0,0 +1,22 @@ +{ nix-doom-emacs, ... }: +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.home.emacs; +in +{ + imports = [ nix-doom-emacs.hmModule ]; + options.dadada.home.emacs = { + enable = mkEnableOption "Enable dadada emacs config"; + }; + config = mkIf cfg.enable { + programs.doom-emacs = { + enable = true; + doomPrivateDir = ./doom.d; + }; + services.emacs = { + enable = true; + socketActivation.enable = true; + }; + }; +} diff --git a/home/modules/emacs/doom.d/config.el b/home/modules/emacs/doom.d/config.el new file mode 100644 index 0000000..bf82f00 --- /dev/null +++ b/home/modules/emacs/doom.d/config.el @@ -0,0 +1,4 @@ +(setq doom-font (font-spec :family "Source Code Pro" :size 12 :weight 'semi-light)) +(setq org-directory "~/src/notes/org/") +(with-eval-after-load 'treemacs + (define-key treemacs-mode-map [mouse-1] #'treemacs-single-click-expand-action)) diff --git a/home/modules/emacs/doom.d/init.el b/home/modules/emacs/doom.d/init.el new file mode 100644 index 0000000..cf543a7 --- /dev/null +++ b/home/modules/emacs/doom.d/init.el @@ -0,0 +1,188 @@ +;;; init.el -*- lexical-binding: t; -*- + +;; This file controls what Doom modules are enabled and what order they load +;; in. Remember to run 'doom sync' after modifying it! + +;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's +;; documentation. There you'll find a "Module Index" link where you'll find +;; a comprehensive list of Doom's modules and what flags they support. + +;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or +;; 'C-c c k' for non-vim users) to view its documentation. This works on +;; flags as well (those symbols that start with a plus). +;; +;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its +;; directory (for easy access to its source code). + +(doom! :input + ;;chinese + ;;japanese + ;;layout ; auie,ctsrnm is the superior home row + + :completion + company ; the ultimate code completion backend + ;;helm ; the *other* search engine for love and life + ;;ido ; the other *other* search engine... + ivy ; a search engine for love and life + + :ui + ;;deft ; notational velocity for Emacs + doom ; what makes DOOM look the way it does + doom-dashboard ; a nifty splash screen for Emacs + doom-quit ; DOOM quit-message prompts when you quit Emacs + (emoji +unicode) ; 🙂 + ;;fill-column ; a `fill-column' indicator + hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW + hydra + ;;indent-guides ; highlighted indent columns + ;;ligatures ; ligatures and symbols to make your code pretty again + minimap ; show a map of the code on the side + modeline ; snazzy, Atom-inspired modeline, plus API + ;;nav-flash ; blink cursor line after big motions + ;;neotree ; a project drawer, like NERDTree for vim + ophints ; highlight the region an operation acts on + (popup +defaults) ; tame sudden yet inevitable temporary windows + tabs ; a tab bar for Emacs + treemacs ; a project drawer, like neotree but cooler + unicode ; extended unicode support for various languages + vc-gutter ; vcs diff in the fringe + vi-tilde-fringe ; fringe tildes to mark beyond EOB + window-select ; visually switch windows + workspaces ; tab emulation, persistence & separate workspaces + ;;zen ; distraction-free coding or writing + + :editor + (evil +everywhere); come to the dark side, we have cookies + file-templates ; auto-snippets for empty files + fold ; (nigh) universal code folding + ;;(format +onsave) ; automated prettiness + ;;god ; run Emacs commands without modifier keys + ;;lispy ; vim for lisp, for people who don't like vim + multiple-cursors ; editing in many places at once + ;;objed ; text object editing for the innocent + ;;parinfer ; turn lisp into python, sort of + ;;rotate-text ; cycle region at point between text candidates + snippets ; my elves. They type so I don't have to + ;;word-wrap ; soft wrapping with language-aware indent + + :emacs + dired ; making dired pretty [functional] + electric ; smarter, keyword-based electric-indent + ;;ibuffer ; interactive buffer management + undo ; persistent, smarter undo for your inevitable mistakes + vc ; version-control and Emacs, sitting in a tree + + :term + ;;eshell ; the elisp shell that works everywhere + ;;shell ; simple shell REPL for Emacs + ;;term ; basic terminal emulator for Emacs + vterm ; the best terminal emulation in Emacs + + :checkers + syntax ; tasing you for every semicolon you forget + ;;(spell +flyspell) ; tasing you for misspelling mispelling + ;;grammar ; tasing grammar mistake every you make + + :tools + ;;ansible + ;;debugger ; FIXME stepping through code, to help you add bugs + direnv + docker + editorconfig ; let someone else argue about tabs vs spaces + ;;ein ; tame Jupyter notebooks with emacs + (eval +overlay) ; run code, run (also, repls) + ;;gist ; interacting with github gists + lookup ; navigate your code and its documentation + lsp + magit ; a git porcelain for Emacs + ;;make ; run make tasks from Emacs + ;;pass ; password manager for nerds + ;;pdf ; pdf enhancements + ;;prodigy ; FIXME managing external services & code builders + ;;rgb ; creating color strings + ;;taskrunner ; taskrunner for all your projects + ;;terraform ; infrastructure as code + ;;tmux ; an API for interacting with tmux + ;;upload ; map local to remote projects via ssh/ftp + + :os + (:if IS-MAC macos) ; improve compatibility with macOS + ;;tty ; improve the terminal Emacs experience + + :lang + ;;agda ; types of types of types of types... + ;;beancount ; mind the GAAP + cc ; C > C++ == 1 + ;;clojure ; java with a lisp + ;;common-lisp ; if you've seen one lisp, you've seen them all + ;;coq ; proofs-as-programs + ;;crystal ; ruby at the speed of c + ;;csharp ; unity, .NET, and mono shenanigans + ;;data ; config/data formats + ;;(dart +flutter) ; paint ui and not much else + ;;elixir ; erlang done right + ;;elm ; care for a cup of TEA? + emacs-lisp ; drown in parentheses + ;;erlang ; an elegant language for a more civilized age + ;;ess ; emacs speaks statistics + ;;factor + ;;faust ; dsp, but you get to keep your soul + ;;fsharp ; ML stands for Microsoft's Language + ;;fstar ; (dependent) types and (monadic) effects and Z3 + ;;gdscript ; the language you waited for + (go +lsp) ; the hipster dialect + (haskell +dante) ; a language that's lazier than I am + ;;hy ; readability of scheme w/ speed of python + ;;idris ; a language you can depend on + json ; At least it ain't XML + (java +meghanada) ; the poster child for carpal tunnel syndrome + javascript ; all(hope(abandon(ye(who(enter(here)))))) + ;;julia ; a better, faster MATLAB + ;;kotlin ; a better, slicker Java(Script) + latex ; writing papers in Emacs has never been so fun + ;;lean ; for folks with too much to prove + ;;ledger ; be audit you can be + ;;lua ; one-based indices? one-based indices + markdown ; writing docs for people to ignore + ;;nim ; python + lisp at the speed of c + nix ; I hereby declare "nix geht mehr!" + ;;ocaml ; an objective camel + org ; organize your plain life in plain text + php ; perl's insecure younger brother + plantuml ; diagrams for confusing people more + ;;purescript ; javascript, but functional + python ; beautiful is better than ugly + ;;qt ; the 'cutest' gui framework ever + ;;racket ; a DSL for DSLs + ;;raku ; the artist formerly known as perl6 + ;;rest ; Emacs as a REST client + rst ; ReST in peace + ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} + rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap() + ;;scala ; java, but good + ;;(scheme +guile) ; a fully conniving family of lisps + sh ; she sells {ba,z,fi}sh shells on the C xor + ;;sml + ;;solidity ; do you need a blockchain? No. + ;;swift ; who asked for emoji variables? + ;;terra ; Earth and Moon in alignment for performance. + web ; the tubes + yaml ; JSON, but readable + ;;zig ; C, but simpler + + :email + ;;(mu4e +gmail) + ;;notmuch + ;;(wanderlust +gmail) + + :app + ;;calendar + ;;emms + ;;everywhere ; *leave* Emacs!? You must be joking + ;;irc ; how neckbeards socialize + ;;(rss +org) ; emacs as an RSS reader + ;;twitter ; twitter client https://twitter.com/vnought + + :config + ;;literate + (default +bindings +smartparens)) diff --git a/home/modules/emacs/doom.d/packages.el b/home/modules/emacs/doom.d/packages.el new file mode 100644 index 0000000..e69de29 diff --git a/outputs.nix b/outputs.nix index 3eafa42..b982421 100644 --- a/outputs.nix +++ b/outputs.nix @@ -3,6 +3,7 @@ , flake-utils , nixpkgs , home-manager +, nix-doom-emacs , nixos-hardware , nvd , ... @@ -55,7 +56,7 @@ }; })) // { hmConfigurations = import ./home/configurations.nix { - inherit self nixpkgs home-manager nvd; + inherit self nixpkgs home-manager nix-doom-emacs nvd; }; hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { From 5494df6b21d9ac5d36adb58ebbc9e93ac02dac15 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 14 Jul 2021 21:19:45 +0200 Subject: [PATCH 161/988] update flakes --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 9971282..4049ca2 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1625937277, - "narHash": "sha256-JbID1xZBoJrDkcqiwk/i42oXVWh7uXSt0EPbGM4HVpw=", + "lastModified": 1626283458, + "narHash": "sha256-UNV9F0Xn/qCML70r2igyP9rvzrAgfHdV4DzY5ljUWyE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "215fb1596ffc8f317cba6460c45ca3e678b51c1f", + "rev": "08d56ffc152b4500fe061b23340c8b185b3cf140", "type": "github" }, "original": { @@ -178,11 +178,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1625909913, - "narHash": "sha256-ZP3RCGYwPDu4I5rwLYER2/d4aHFxiMTQ5Ioc89WRTow=", + "lastModified": 1626073055, + "narHash": "sha256-vocByfpVu6m9zvtJugDvmd6/9iT2HJuG4tmDICKd0lI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9ed7a73ae23f0d905bd098c6ce71c50289d37928", + "rev": "775cb20bd4af7781fbf336fb201df02ee3d544bb", "type": "github" }, "original": { @@ -291,11 +291,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1625697353, - "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", + "lastModified": 1626046891, + "narHash": "sha256-Zt8saH+hAehXskW0iFAzk+iMillYoFBxvLReYNqGT9E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87807e64a5ef5206b745a40af118c7be8db73681", + "rev": "d8f8f31af9d77a48220e4e8a301d1e79774cb7d2", "type": "github" }, "original": { From a73740239c5b849cd26c4fe2b667606eb64cbbd3 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 19:55:41 +0200 Subject: [PATCH 162/988] reenable gs backup --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 4d4dace..3326f7d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -47,7 +47,7 @@ in backupClient = { enable = true; bs = true; - gs = false; + gs = true; }; }; From 2f0585767180990e7af200d1d8eba5549873d103 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 19:58:37 +0200 Subject: [PATCH 163/988] add nix-community binary cache --- nixos/configurations.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 3beeadd..f4ed6c3 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -15,9 +15,14 @@ let adapterModule = { nixpkgs.flake = nixpkgs; dadada.flake = self; }; + nix.binaryCaches = [ + https://cache.nixos.org/ + https://nix-community.cachix.org/ + ]; nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; nix.requireSignedBinaryCaches = true; nix.useSandbox = true; From c08af9115ac946b6e84cdce8d99ae858d948ba2c Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 20:00:09 +0200 Subject: [PATCH 164/988] update flakes --- flake.lock | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 4049ca2..7e60aee 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1626283458, - "narHash": "sha256-UNV9F0Xn/qCML70r2igyP9rvzrAgfHdV4DzY5ljUWyE=", + "lastModified": 1626972035, + "narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "08d56ffc152b4500fe061b23340c8b185b3cf140", + "rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe", "type": "github" }, "original": { @@ -178,11 +178,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1626073055, - "narHash": "sha256-vocByfpVu6m9zvtJugDvmd6/9iT2HJuG4tmDICKd0lI=", + "lastModified": 1626841047, + "narHash": "sha256-DSS2Wuu9P0oUzVRTwkd9J/AALhS9kA2ZwSlX0u8gGsM=", "owner": "nix-community", "repo": "home-manager", - "rev": "775cb20bd4af7781fbf336fb201df02ee3d544bb", + "rev": "41101d0e62fe3cdb76e8e64349a2650da1433dd4", "type": "github" }, "original": { @@ -263,10 +263,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1625697353, - "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", - "path": "/nix/store/aa0a8kkfywkgg3hq9njg45rip2ndq5pf-source", - "rev": "87807e64a5ef5206b745a40af118c7be8db73681", + "lastModified": 1626046891, + "narHash": "sha256-Zt8saH+hAehXskW0iFAzk+iMillYoFBxvLReYNqGT9E=", + "path": "/nix/store/hv23pdsi6n7z96pkljv25lfrfh1mnzz7-source", + "rev": "d8f8f31af9d77a48220e4e8a301d1e79774cb7d2", "type": "path" }, "original": { @@ -291,11 +291,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1626046891, - "narHash": "sha256-Zt8saH+hAehXskW0iFAzk+iMillYoFBxvLReYNqGT9E=", + "lastModified": 1626852498, + "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8f8f31af9d77a48220e4e8a301d1e79774cb7d2", + "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", "type": "github" }, "original": { @@ -307,10 +307,10 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1625697353, - "narHash": "sha256-/v85RkZ0Z+lxipkG2sjYNRINktc8VySbLQmPbirY0hQ=", - "path": "/nix/store/aa0a8kkfywkgg3hq9njg45rip2ndq5pf-source", - "rev": "87807e64a5ef5206b745a40af118c7be8db73681", + "lastModified": 1626046891, + "narHash": "sha256-Zt8saH+hAehXskW0iFAzk+iMillYoFBxvLReYNqGT9E=", + "path": "/nix/store/hv23pdsi6n7z96pkljv25lfrfh1mnzz7-source", + "rev": "d8f8f31af9d77a48220e4e8a301d1e79774cb7d2", "type": "path" }, "original": { From 5208ff8b7ec7abc34aab6a10195f8df37304a0f1 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 20:03:48 +0200 Subject: [PATCH 165/988] override nixpkgs inputs --- flake.lock | 55 ++++++++++-------------------------------------------- flake.nix | 16 +++++++++++++--- 2 files changed, 23 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 7e60aee..22a267e 100644 --- a/flake.lock +++ b/flake.lock @@ -175,7 +175,9 @@ }, "home-manager": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1626841047, @@ -205,7 +207,9 @@ "explain-pause-mode": "explain-pause-mode", "flake-utils": "flake-utils_2", "nix-straight": "nix-straight", - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "nose": "nose", "ob-racket": "ob-racket", "org-mode": "org-mode", @@ -262,34 +266,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1626046891, - "narHash": "sha256-Zt8saH+hAehXskW0iFAzk+iMillYoFBxvLReYNqGT9E=", - "path": "/nix/store/hv23pdsi6n7z96pkljv25lfrfh1mnzz7-source", - "rev": "d8f8f31af9d77a48220e4e8a301d1e79774cb7d2", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1624561540, - "narHash": "sha256-izJ2PYZMGMsSkg+e7c9A1x3t/yOLT+qzUM6WQsc2tqo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c6a049a3d32293b24c0f894a840872cf67fd7c11", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixpkgs-unstable", - "type": "indirect" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1626852498, "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", @@ -305,19 +281,6 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1626046891, - "narHash": "sha256-Zt8saH+hAehXskW0iFAzk+iMillYoFBxvLReYNqGT9E=", - "path": "/nix/store/hv23pdsi6n7z96pkljv25lfrfh1mnzz7-source", - "rev": "d8f8f31af9d77a48220e4e8a301d1e79774cb7d2", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nose": { "flake": false, "locked": { @@ -337,7 +300,9 @@ "nvd": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1625773975, @@ -441,7 +406,7 @@ "home-manager": "home-manager", "nix-doom-emacs": "nix-doom-emacs", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs", "nvd": "nvd" } }, diff --git a/flake.nix b/flake.nix index da37caa..692e5a1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,16 +2,26 @@ description = "dadada's nix flake"; inputs = { - emacs-overlay.url = github:nix-community/emacs-overlay; + emacs-overlay = { + url = github:nix-community/emacs-overlay; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-utils.url = github:numtide/flake-utils; - home-manager.url = github:nix-community/home-manager; + home-manager = { + url = github:nix-community/home-manager; + inputs.nixpkgs.follows = "nixpkgs"; + }; nix-doom-emacs = { url = github:vlaci/nix-doom-emacs; inputs.emacs-overlay.follows = "emacs-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; - nvd.url = git+https://gitlab.com/dadada_/nvd.git?ref=init-flake; + nvd = { + url = git+https://gitlab.com/dadada_/nvd.git?ref=init-flake; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; From d54b95313bb171dd16e694801d98003304c9b579 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 20:09:20 +0200 Subject: [PATCH 166/988] update nvd url --- flake.lock | 13 ++++++------- flake.nix | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 22a267e..a7184eb 100644 --- a/flake.lock +++ b/flake.lock @@ -305,18 +305,17 @@ ] }, "locked": { - "lastModified": 1625773975, + "lastModified": 1626753471, "narHash": "sha256-J4bbWBtVrB5tMk6tUKwKsvQotKpQFmbOZRTUr30aJ0M=", - "ref": "init-flake", - "rev": "d6cbc5b4acead34f4c4042e6ba6800fecb64fc2e", - "revCount": 12, + "ref": "master", + "rev": "fd059e5b2ef64c27f4062d5438225ac0ebb8e193", + "revCount": 13, "type": "git", - "url": "https://gitlab.com/dadada_/nvd.git" + "url": "https://gitlab.com/khumba/nvd.git" }, "original": { - "ref": "init-flake", "type": "git", - "url": "https://gitlab.com/dadada_/nvd.git" + "url": "https://gitlab.com/khumba/nvd.git" } }, "ob-racket": { diff --git a/flake.nix b/flake.nix index 692e5a1..b1d3c4f 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ nixos-hardware.url = github:NixOS/nixos-hardware/master; nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; nvd = { - url = git+https://gitlab.com/dadada_/nvd.git?ref=init-flake; + url = git+https://gitlab.com/khumba/nvd.git; inputs.nixpkgs.follows = "nixpkgs"; }; }; From ac7eb6fc40b877e296ad5baaa7ac5fcc881d1f83 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 20:14:15 +0200 Subject: [PATCH 167/988] disable printing because tests are broken --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3326f7d..bef809d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -59,7 +59,7 @@ in # Enable CUPS to print documents. services.printing = { - enable = true; + enable = false; browsing = true; drivers = with pkgs; [ hplip From d475af894e1d14956430568ffb808918c8668847 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 22 Jul 2021 20:24:21 +0200 Subject: [PATCH 168/988] vim: fix perlcritic --- home/modules/vim/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/vim/default.nix b/home/modules/vim/default.nix index 31178b2..53bb8a3 100644 --- a/home/modules/vim/default.nix +++ b/home/modules/vim/default.nix @@ -35,7 +35,7 @@ in languagetool nixpkgs-fmt shellcheck - perl530Packages.PerlCritic + perlPackages.PerlCritic ]; }; } From 9084296d3937171226e8389814a90729300ab85f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jul 2021 16:17:02 +0200 Subject: [PATCH 169/988] home: add OBS --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index de578e5..fd6026b 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -57,6 +57,7 @@ with pkgs; [ niv nmap nvd + obs-studio openssl p7zip pass From a343fb0edc9f29c221e00bcef3b7fc41efa625f3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jul 2021 16:19:16 +0200 Subject: [PATCH 170/988] update flakes --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index a7184eb..dda2c58 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1626972035, - "narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=", + "lastModified": 1627205048, + "narHash": "sha256-wlOHxuCHUWgoF4ug9DU0HY6P6+Njtb/ZBsAdE37LRR4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe", + "rev": "f4626ee3cd8fb6081ae30961b86ebac5cc97ed11", "type": "github" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1626841047, - "narHash": "sha256-DSS2Wuu9P0oUzVRTwkd9J/AALhS9kA2ZwSlX0u8gGsM=", + "lastModified": 1627144340, + "narHash": "sha256-RzJ1fFLQ879J1okpH0WbYFY9qgHcglwVDl2bYqlRvw8=", "owner": "nix-community", "repo": "home-manager", - "rev": "41101d0e62fe3cdb76e8e64349a2650da1433dd4", + "rev": "0423a7b40cd29aec0bb02fa30f61ffe60f5dfc19", "type": "github" }, "original": { @@ -251,11 +251,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1625333638, - "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=", + "lastModified": 1627212500, + "narHash": "sha256-KMUQCT3JSqznp+dR6BTvbwLqPFErjNlotVpkp/P/ZmM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d", + "rev": "03e7686c72345f237405c0b46b153dccd3ec9913", "type": "github" }, "original": { @@ -267,11 +267,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1626852498, - "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", + "lastModified": 1627128856, + "narHash": "sha256-yw3lA8zyNFhj309lmxvNByEEymRT1rRy5oE+jEPnsP4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", + "rev": "dd14e5d78e90a2ccd6007e569820de9b4861a6c2", "type": "github" }, "original": { From 9f2ae7286a69df6bfd16d5c8e285cc495ab035e1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jul 2021 17:04:57 +0200 Subject: [PATCH 171/988] fix unbound config --- nixos/modules/networking.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 5878b27..2fe282c 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -30,8 +30,8 @@ in "127.0.0.1" "::1" ]; - tls-upstream = "yes"; - tls-cert-bundle = "/etc/ssl/certs/ca-bundle.crt"; + #tls-upstream = "yes"; + #tls-cert-bundle = "/etc/ssl/certs/ca-bundle.crt"; forward-zone = [ { name = "."; From d31ba406833fa3097c9dea784eb84d88b166447a Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 30 Jul 2021 22:06:05 +0200 Subject: [PATCH 172/988] remove disabled tlp --- nixos/gorgon/configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index bef809d..7b8237f 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -21,9 +21,6 @@ in post-build-hook = ${signHook} ''; - # conflicts with power-management - services.tlp.enable = false; - boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelModules = [ "kvm-amd" ]; From 6faa8eea0d3ca5dfd9be971fe8721727064b32f8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 31 Jul 2021 00:02:36 +0200 Subject: [PATCH 173/988] fix deploy script path --- outputs.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/outputs.nix b/outputs.nix index b982421..da7ba3a 100644 --- a/outputs.nix +++ b/outputs.nix @@ -21,7 +21,9 @@ type = "app"; program = toString (pkgs.writeScript "deploy" '' #!${pkgs.runtimeShell} - nixos-rebuild switch --upgrade --flake ".#$1" --target-host "$1.dadada.li" --build-host localhost --use-remote-sudo + domain='dadada.li' + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo ''); }; apps.hm-switch = { From c5737aba865c8b791acf9ce289e632714d97e759 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 31 Jul 2021 22:12:52 +0200 Subject: [PATCH 174/988] add outputs for each default system --- outputs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.nix b/outputs.nix index da7ba3a..d5588fc 100644 --- a/outputs.nix +++ b/outputs.nix @@ -8,7 +8,7 @@ , nvd , ... }@inputs: -(flake-utils.lib.eachSystem ["x86_64-linux"] (system: +(flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; selfPkgs = self.packages.${system}; From af9cdfe5aeafe6c04112c672c86a2b087aced43d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 31 Jul 2021 22:26:45 +0200 Subject: [PATCH 175/988] add empty set of hydra tests --- outputs.nix | 2 +- tests/default.nix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 tests/default.nix diff --git a/outputs.nix b/outputs.nix index d5588fc..384a590 100644 --- a/outputs.nix +++ b/outputs.nix @@ -76,5 +76,5 @@ ) // (nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.activation-script) self.hmConfigurations - ); + ) // (let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests); } diff --git a/tests/default.nix b/tests/default.nix new file mode 100644 index 0000000..a8b9a52 --- /dev/null +++ b/tests/default.nix @@ -0,0 +1,3 @@ +system: +{ +} From df7004d876fbf5646aa0788343f7f3a5a986fdbc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 31 Jul 2021 23:03:53 +0200 Subject: [PATCH 176/988] remove nix community cache --- nixos/configurations.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f4ed6c3..4805dd4 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -17,12 +17,10 @@ let adapterModule = { }; nix.binaryCaches = [ https://cache.nixos.org/ - https://nix-community.cachix.org/ ]; nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; nix.requireSignedBinaryCaches = true; nix.useSandbox = true; From 7ff1c1922f4ae00917a7e28e00b6b005a428ec94 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 1 Aug 2021 19:18:32 +0200 Subject: [PATCH 177/988] github: disable building in nix flake check --- .github/workflows/nix-flake-check.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 4c685c2..1f992d0 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -12,4 +12,5 @@ jobs: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | experimental-features = nix-command flakes - - run: nix flake check + - run: nix flake check --no-build + - run: nix shell -c echo OK From 1e56cd9c830dd0bf011abad66ef5cb70d42e7739 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 1 Aug 2021 19:28:28 +0200 Subject: [PATCH 178/988] remove scripts package and use flake --- flake.nix | 4 ++++ home/configurations.nix | 3 ++- outputs.nix | 4 ++-- overlays/default.nix | 3 --- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index b1d3c4f..2e9a587 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,10 @@ url = git+https://gitlab.com/khumba/nvd.git; inputs.nixpkgs.follows = "nixpkgs"; }; + scripts = { + url = git+https://git.dadada.li/dadada/scripts.git?ref=main; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/configurations.nix b/home/configurations.nix index 3c9fc8e..63fed20 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -3,6 +3,7 @@ , home-manager , nix-doom-emacs , nvd +, scripts }@inputs: let hmConfiguration = @@ -30,7 +31,7 @@ in home = hmConfiguration { extraModules = [ ./home ]; overlays = [ - self.overlays.scripts + (final: prev: { s = scripts; }) (final: prev: { n = nvd; }) ]; stateVersion = "20.09"; diff --git a/outputs.nix b/outputs.nix index 384a590..3880460 100644 --- a/outputs.nix +++ b/outputs.nix @@ -6,6 +6,7 @@ , nix-doom-emacs , nixos-hardware , nvd +, scripts , ... }@inputs: (flake-utils.lib.eachDefaultSystem (system: @@ -51,14 +52,13 @@ }; packages = flake-utils.lib.flattenTree { deploy = pkgs.callPackage ./pkgs/deploy.nix { }; - scripts = pkgs.callPackage ./pkgs/scripts.nix { }; keys = pkgs.callPackage ./pkgs/keys { }; homePage = pkgs.callPackage ./pkgs/homePage { }; recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd; }; })) // { hmConfigurations = import ./home/configurations.nix { - inherit self nixpkgs home-manager nix-doom-emacs nvd; + inherit self nixpkgs home-manager nix-doom-emacs nvd scripts; }; hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { diff --git a/overlays/default.nix b/overlays/default.nix index 704511b..d4caaa0 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -9,9 +9,6 @@ in homePage = final: prev: { homePage = prev.callPackage ../pkgs/homePage { }; }; - scripts = final: prev: { - scipts = prev.callPackage ../pkgs/scripts.nix { }; - }; recipemd = final: prev: { recipemd = prev.python3Packages.toPythonApplication prev.python3Packages.recipemd; }; From dd8408e5e956bc127ea9692a5e4d8d03e23f34b6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 1 Aug 2021 19:35:57 +0200 Subject: [PATCH 179/988] flake: update lock file --- flake.lock | 121 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 88 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index dda2c58..3c2821a 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1623114989, - "narHash": "sha256-btRwMu76Gnn9lW7YbzDAgWjlJx61tCT+e3kByNx97aw=", + "lastModified": 1626604817, + "narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "2731685095d1e6101b3215aa689426e1834ce00f", + "rev": "46732c0adaef147144418f9f284ca6b1183ab96f", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1622216706, - "narHash": "sha256-Dsl5T1OFPy++md0Lo0pKUqcpCW6T5WDF2sjeB/IVi1g=", + "lastModified": 1625547004, + "narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=", "owner": "hlissner", "repo": "doom-snippets", - "rev": "bc613f448eed1bd363e61c41691a61e9fd139534", + "rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1627205048, - "narHash": "sha256-wlOHxuCHUWgoF4ug9DU0HY6P6+Njtb/ZBsAdE37LRR4=", + "lastModified": 1627838800, + "narHash": "sha256-cirlU0cxMhPvgiCDxs5rTWEIk2xmwRbtxjO2z/vs7z0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f4626ee3cd8fb6081ae30961b86ebac5cc97ed11", + "rev": "c2c7751ea0e1ce19db3db727255166977c76297f", "type": "github" }, "original": { @@ -67,11 +67,11 @@ "evil-markdown": { "flake": false, "locked": { - "lastModified": 1591038520, - "narHash": "sha256-Kt2wxG1XCFowavVWtj0urM/yURKegonpZcxTy/+CrJY=", + "lastModified": 1626852210, + "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", "owner": "Somelauw", "repo": "evil-markdown", - "rev": "064fe9b4767470472356d20bdd08e2f30ebbc9ac", + "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", "type": "github" }, "original": { @@ -173,6 +173,21 @@ "type": "github" } }, + "flake-utils_4": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -180,11 +195,11 @@ ] }, "locked": { - "lastModified": 1627144340, - "narHash": "sha256-RzJ1fFLQ879J1okpH0WbYFY9qgHcglwVDl2bYqlRvw8=", + "lastModified": 1627592512, + "narHash": "sha256-+bauwACGl+/dTQB047XImRz5P6Lp6vxl5ruiKjtENxo=", "owner": "nix-community", "repo": "home-manager", - "rev": "0423a7b40cd29aec0bb02fa30f61ffe60f5dfc19", + "rev": "7f976da06840c268cc291a021bab7532b923713c", "type": "github" }, "original": { @@ -212,18 +227,19 @@ ], "nose": "nose", "ob-racket": "ob-racket", - "org-mode": "org-mode", + "org": "org", + "org-contrib": "org-contrib", "org-yt": "org-yt", "php-extras": "php-extras", "revealjs": "revealjs", "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1625001464, - "narHash": "sha256-3RGoNYZ4hAo+iRTfy6qJfQ3YzLMDDFzBIUQNEmCv6Ms=", + "lastModified": 1627398156, + "narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=", "owner": "vlaci", "repo": "nix-doom-emacs", - "rev": "3893c50877a9d2d5d4aeee524ba1539f22115f1f", + "rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff", "type": "github" }, "original": { @@ -251,11 +267,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1627212500, - "narHash": "sha256-KMUQCT3JSqznp+dR6BTvbwLqPFErjNlotVpkp/P/ZmM=", + "lastModified": 1627666012, + "narHash": "sha256-Dx93VcfFwFlUex2Me4i+lS2IFwNrSVEvTvZuP/vmmXQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "03e7686c72345f237405c0b46b153dccd3ec9913", + "rev": "09ed30ff3bb67f5efe9c77e0d79aca01793526ca", "type": "github" }, "original": { @@ -267,11 +283,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627128856, - "narHash": "sha256-yw3lA8zyNFhj309lmxvNByEEymRT1rRy5oE+jEPnsP4=", + "lastModified": 1627391865, + "narHash": "sha256-tPoWBO9Nzu3wuX37WcnctzL6LoDCErJLnfLGqqmXCm4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd14e5d78e90a2ccd6007e569820de9b4861a6c2", + "rev": "8ecc61c91a596df7d3293603a9c2384190c1b89a", "type": "github" }, "original": { @@ -334,14 +350,14 @@ "type": "github" } }, - "org-mode": { + "org": { "flake": false, "locked": { - "lastModified": 1624525995, - "narHash": "sha256-1eximAnDXKC+midwicoKko1cHF3ElCEOzzkUUWC8G4M=", + "lastModified": 1627155762, + "narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "5c07b279e0737b19e91c1d1b21016d9b4c8ffa62", + "rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237", "type": "github" }, "original": { @@ -350,6 +366,22 @@ "type": "github" } }, + "org-contrib": { + "flake": false, + "locked": { + "lastModified": 1623339452, + "narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=", + "ref": "master", + "rev": "fc81309cf6756607a836f93049a9393c2967c4e0", + "revCount": 2599, + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + }, + "original": { + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + } + }, "org-yt": { "flake": false, "locked": { @@ -385,11 +417,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1623242337, - "narHash": "sha256-u3gZ13x40cjK1k9HTNnqRrp3io0tDTu6JPGd05mGJGw=", + "lastModified": 1625811744, + "narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=", "owner": "hakimel", "repo": "reveal.js", - "rev": "ade234576e8ddd683cf16d0d8bb0236f37cf1a99", + "rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad", "type": "github" }, "original": { @@ -406,7 +438,8 @@ "nix-doom-emacs": "nix-doom-emacs", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nvd": "nvd" + "nvd": "nvd", + "scripts": "scripts" } }, "rotate-text": { @@ -424,6 +457,28 @@ "repo": "rotate-text.el", "type": "github" } + }, + "scripts": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1627838887, + "narHash": "sha256-Ew4I0VynDGTmB+b4ScYcHyt+Vtcvx5L3dSCee0hxvP8=", + "ref": "main", + "rev": "c73d546857270e0e039939df4b09914a3a6d5ae1", + "revCount": 6, + "type": "git", + "url": "https://git.dadada.li/dadada/scripts.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.dadada.li/dadada/scripts.git" + } } }, "root": "root", From 21368019504ed84da2ae0298fd5416538dac90c9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 1 Aug 2021 19:41:02 +0200 Subject: [PATCH 180/988] github: fix action --- .github/workflows/nix-flake-check.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 1f992d0..33671cc 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -13,4 +13,3 @@ jobs: extra_nix_config: | experimental-features = nix-command flakes - run: nix flake check --no-build - - run: nix shell -c echo OK From 9822045da52bb0fc94085306171538e57df6ed39 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 30 Jul 2021 22:08:14 +0200 Subject: [PATCH 181/988] WIP --- home/modules/emacs/doom.d/config.el | 5 +++++ home/modules/emacs/doom.d/packages.el | 2 ++ 2 files changed, 7 insertions(+) diff --git a/home/modules/emacs/doom.d/config.el b/home/modules/emacs/doom.d/config.el index bf82f00..455d12e 100644 --- a/home/modules/emacs/doom.d/config.el +++ b/home/modules/emacs/doom.d/config.el @@ -2,3 +2,8 @@ (setq org-directory "~/src/notes/org/") (with-eval-after-load 'treemacs (define-key treemacs-mode-map [mouse-1] #'treemacs-single-click-expand-action)) +(use-package! tree-sitter + :config + (require 'tree-sitter-langs) + (global-tree-sitter-mode) + (add-hook 'tree-sitter-after-on-hook #'tree-sitter-hl-mode)) diff --git a/home/modules/emacs/doom.d/packages.el b/home/modules/emacs/doom.d/packages.el index e69de29..a341004 100644 --- a/home/modules/emacs/doom.d/packages.el +++ b/home/modules/emacs/doom.d/packages.el @@ -0,0 +1,2 @@ +(package! tree-sitter) +(package! tree-sitter-langs) From 75d78bfb84fac5ed2da91ee6a22e493f2798d912 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 5 Aug 2021 22:32:46 +0200 Subject: [PATCH 182/988] Revert "remove nix community cache" This reverts commit df7004d876fbf5646aa0788343f7f3a5a986fdbc. --- nixos/configurations.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 4805dd4..f4ed6c3 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -17,10 +17,12 @@ let adapterModule = { }; nix.binaryCaches = [ https://cache.nixos.org/ + https://nix-community.cachix.org/ ]; nix.binaryCachePublicKeys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; nix.requireSignedBinaryCaches = true; nix.useSandbox = true; From bb600e1cecb1c07c9cc1376dc0c5af42192ccca6 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 5 Aug 2021 22:33:04 +0200 Subject: [PATCH 183/988] update flakes --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 3c2821a..9be4e93 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1627838800, - "narHash": "sha256-cirlU0cxMhPvgiCDxs5rTWEIk2xmwRbtxjO2z/vs7z0=", + "lastModified": 1628182179, + "narHash": "sha256-W6ZwlXtrcsGLXaLo50XWBNvhZ1/rZ1KO+ej1BHkKp4w=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c2c7751ea0e1ce19db3db727255166977c76297f", + "rev": "690f9a2de09b69091eb430b39d1faa5979c5f04e", "type": "github" }, "original": { @@ -267,11 +267,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1627666012, - "narHash": "sha256-Dx93VcfFwFlUex2Me4i+lS2IFwNrSVEvTvZuP/vmmXQ=", + "lastModified": 1628078080, + "narHash": "sha256-NKYtXUH32TlhOyhi41ZLtkBYh+7z24FpONDOInG4QR8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "09ed30ff3bb67f5efe9c77e0d79aca01793526ca", + "rev": "8296b88560d8ac07a885452e094cd454de90ea9b", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627391865, - "narHash": "sha256-tPoWBO9Nzu3wuX37WcnctzL6LoDCErJLnfLGqqmXCm4=", + "lastModified": 1627942574, + "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8ecc61c91a596df7d3293603a9c2384190c1b89a", + "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", "type": "github" }, "original": { From 1b0c4b3924065e5db071392df01d301e323cd78f Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 5 Aug 2021 22:13:53 +0200 Subject: [PATCH 184/988] fix emacs-tree-sitter --- flake.lock | 118 ++++++++++++++++++-------- flake.nix | 17 ++-- home/modules/emacs/default.nix | 56 +++++++++++- home/modules/emacs/doom.d/config.el | 3 + home/modules/emacs/doom.d/packages.el | 1 + 5 files changed, 149 insertions(+), 46 deletions(-) diff --git a/flake.lock b/flake.lock index 3c2821a..3f25908 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1627838800, - "narHash": "sha256-cirlU0cxMhPvgiCDxs5rTWEIk2xmwRbtxjO2z/vs7z0=", + "lastModified": 1628356768, + "narHash": "sha256-MYnHBDAH1pF3jCvsnxjfECD2PP0t1ODVFH6SnzIc2FQ=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c2c7751ea0e1ce19db3db727255166977c76297f", + "rev": "cd04543c0155979dc019213a434e71734455e903", "type": "github" }, "original": { @@ -190,16 +190,14 @@ }, "home-manager": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1627592512, - "narHash": "sha256-+bauwACGl+/dTQB047XImRz5P6Lp6vxl5ruiKjtENxo=", + "lastModified": 1628287034, + "narHash": "sha256-pWMEpQQcKxBy0OKskFLXJHEyGYJIiMu/BUQjCWxGF38=", "owner": "nix-community", "repo": "home-manager", - "rev": "7f976da06840c268cc291a021bab7532b923713c", + "rev": "b0d769691cc379c9ab91d3acec5d14e75c02c02b", "type": "github" }, "original": { @@ -208,6 +206,22 @@ "type": "github" } }, + "myNixpkgs": { + "locked": { + "lastModified": 1628199198, + "narHash": "sha256-DkMFcm5VdqbausjUjyHWGBlcXNw/EMFiQpiCY5KKtMo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "439b1605227b8adb1357b55ce8529d541abbe9eb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nix-doom-emacs": { "inputs": { "doom-emacs": "doom-emacs", @@ -223,7 +237,7 @@ "flake-utils": "flake-utils_2", "nix-straight": "nix-straight", "nixpkgs": [ - "nixpkgs" + "myNixpkgs" ], "nose": "nose", "ob-racket": "ob-racket", @@ -232,18 +246,20 @@ "org-yt": "org-yt", "php-extras": "php-extras", "revealjs": "revealjs", - "rotate-text": "rotate-text" + "rotate-text": "rotate-text", + "straight": "straight" }, "locked": { - "lastModified": 1627398156, - "narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=", + "lastModified": 1628328518, + "narHash": "sha256-U56ydG0+GQvXc9ivjPwJzIE4U4ovXDOzTLdHqJx6oxo=", "owner": "vlaci", "repo": "nix-doom-emacs", - "rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff", + "rev": "656a3aea172d6fb99a1d6e5c45667121855e5996", "type": "github" }, "original": { "owner": "vlaci", + "ref": "develop", "repo": "nix-doom-emacs", "type": "github" } @@ -251,27 +267,26 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1621543597, - "narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=", + "lastModified": 1628328207, + "narHash": "sha256-ZWdev0HyxmKIdzLetPKiNK7Hh5gBuCnGwqgq95aNf5k=", "owner": "vlaci", "repo": "nix-straight.el", - "rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca", + "rev": "4bb7a6267d0bbb76d7bf4168ada1fb4eec1b735f", "type": "github" }, "original": { "owner": "vlaci", - "ref": "v2.2.0", "repo": "nix-straight.el", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1627666012, - "narHash": "sha256-Dx93VcfFwFlUex2Me4i+lS2IFwNrSVEvTvZuP/vmmXQ=", + "lastModified": 1628078080, + "narHash": "sha256-NKYtXUH32TlhOyhi41ZLtkBYh+7z24FpONDOInG4QR8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "09ed30ff3bb67f5efe9c77e0d79aca01793526ca", + "rev": "8296b88560d8ac07a885452e094cd454de90ea9b", "type": "github" }, "original": { @@ -283,18 +298,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1627391865, - "narHash": "sha256-tPoWBO9Nzu3wuX37WcnctzL6LoDCErJLnfLGqqmXCm4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8ecc61c91a596df7d3293603a9c2384190c1b89a", - "type": "github" + "lastModified": 1627942574, + "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", + "path": "/nix/store/4l9d555va23q26p985kwr2rzfn01n6vw-source", + "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "type": "path" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "type": "indirect" } }, "nose": { @@ -317,7 +329,7 @@ "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": [ - "nixpkgs" + "myNixpkgs" ] }, "locked": { @@ -435,11 +447,15 @@ "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", + "myNixpkgs": "myNixpkgs", "nix-doom-emacs": "nix-doom-emacs", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "myNixpkgs" + ], "nvd": "nvd", - "scripts": "scripts" + "scripts": "scripts", + "unstableNixpkgs": "unstableNixpkgs" } }, "rotate-text": { @@ -462,7 +478,7 @@ "inputs": { "flake-utils": "flake-utils_4", "nixpkgs": [ - "nixpkgs" + "myNixpkgs" ] }, "locked": { @@ -479,6 +495,38 @@ "type": "git", "url": "https://git.dadada.li/dadada/scripts.git" } + }, + "straight": { + "flake": false, + "locked": { + "lastModified": 1623633709, + "narHash": "sha256-taLIYnjs9sD8N8PuGO2F7l+O69u0dNPunwzFVTlXjUM=", + "owner": "raxod502", + "repo": "straight.el", + "rev": "1e27b0590df77a5d478970ca58fd6606971692f5", + "type": "github" + }, + "original": { + "owner": "raxod502", + "repo": "straight.el", + "type": "github" + } + }, + "unstableNixpkgs": { + "locked": { + "lastModified": 1627942574, + "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 2e9a587..eb1c674 100644 --- a/flake.nix +++ b/flake.nix @@ -2,29 +2,32 @@ description = "dadada's nix flake"; inputs = { + myNixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; emacs-overlay = { url = github:nix-community/emacs-overlay; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "myNixpkgs"; }; flake-utils.url = github:numtide/flake-utils; + unstableNixpkgs.url = "github:nixos/nixpkgs?rev=c464dc811babfe316ed4ab7bbc12351122e69dd7"; home-manager = { url = github:nix-community/home-manager; - inputs.nixpkgs.follows = "nixpkgs"; + # broken some commit after c464dc811babfe316ed4ab7bbc12351122e69dd7 + #inputs.nixpkgs.follows = "unstableNixpkgs"; }; nix-doom-emacs = { - url = github:vlaci/nix-doom-emacs; + url = github:vlaci/nix-doom-emacs/develop; inputs.emacs-overlay.follows = "emacs-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "myNixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; - nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; + nixpkgs.follows = "myNixpkgs"; nvd = { url = git+https://gitlab.com/khumba/nvd.git; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "myNixpkgs"; }; scripts = { url = git+https://git.dadada.li/dadada/scripts.git?ref=main; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "myNixpkgs"; }; }; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix index febcc9c..7091a37 100644 --- a/home/modules/emacs/default.nix +++ b/home/modules/emacs/default.nix @@ -13,10 +13,58 @@ in programs.doom-emacs = { enable = true; doomPrivateDir = ./doom.d; + emacsPackagesOverlay = self: super: with pkgs; { + tsc = super.tsc.overrideAttrs (old: + let + libtsc_dyn = rustPlatform.buildRustPackage rec { + pname = "emacs-tree-sitter"; + version = "0.15.1"; + src = fetchFromGitHub { + owner = "ubolonton"; + repo = "emacs-tree-sitter"; + rev = version; + sha256 = "sha256-WgkGtmw63+kRLTRiSEO4bFF2IguH5g4odCujyazkwJc="; + }; + preBuild = '' + export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ + $(< ${stdenv.cc}/nix-support/libc-cflags) \ + $(< ${stdenv.cc}/nix-support/cc-cflags) \ + $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ + ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ + ${lib.optionalString stdenv.cc.isGNU + "-isystem ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include/"} \ + ${lib.optionalString stdenv.cc.isGNU + "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ + $NIX_CFLAGS_COMPILE" + ''; + LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; + cargoHash = "sha256-HB5tFR1slY2D6jb2mt4KrGrGBUUVrxiBjmVycO+qfYY="; + }; + in + { + inherit (libtsc_dyn) src; + preBuild = '' + ext=${stdenv.hostPlatform.extensions.sharedLibrary} + dest=$out/share/emacs/site-lisp/elpa/tsc-${old.version} + install -D ${libtsc_dyn}/lib/libtsc_dyn$ext $dest/tsc-dyn$ext + echo -n "0.15.1" > $dest/DYN-VERSION + ''; + }); + tree-sitter-langs = super.tree-sitter-langs.overrideAttrs (old: { + postInstall = '' + dest=$out/share/emacs/site-lisp/elpa/tree-sitter-langs-${old.version} + echo -n "0.10.2" > $dest/BUNDLE-VERSION + ${lib.concatStringsSep "\n" + (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $dest/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; + ''; + }); + }; }; - services.emacs = { - enable = true; - socketActivation.enable = true; - }; + home.file.".tree-sitter".source = (pkgs.runCommand "grammars" {} '' + mkdir -p $out/bin + echo -n "0.10.2" > $out/BUNDLE-VERSION + ${lib.concatStringsSep "\n" + (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $out/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; + ''); }; } diff --git a/home/modules/emacs/doom.d/config.el b/home/modules/emacs/doom.d/config.el index 455d12e..f940fe0 100644 --- a/home/modules/emacs/doom.d/config.el +++ b/home/modules/emacs/doom.d/config.el @@ -2,8 +2,11 @@ (setq org-directory "~/src/notes/org/") (with-eval-after-load 'treemacs (define-key treemacs-mode-map [mouse-1] #'treemacs-single-click-expand-action)) +(defun fixed-tree-sitter-langs-install-grammars (&optional skip-if-installed version os keep-bundle) ()) +(advice-add 'tree-sitter-langs-install-grammars :override #'fixed-tree-sitter-langs-install-grammars) (use-package! tree-sitter :config + (cl-pushnew (expand-file-name "~/.tree-sitter") tree-sitter-load-path) (require 'tree-sitter-langs) (global-tree-sitter-mode) (add-hook 'tree-sitter-after-on-hook #'tree-sitter-hl-mode)) diff --git a/home/modules/emacs/doom.d/packages.el b/home/modules/emacs/doom.d/packages.el index a341004..1e55f3e 100644 --- a/home/modules/emacs/doom.d/packages.el +++ b/home/modules/emacs/doom.d/packages.el @@ -1,2 +1,3 @@ +(package! direnv) (package! tree-sitter) (package! tree-sitter-langs) From 3df49038a329228a4023b4727aec42e0010f73b2 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 17 Aug 2021 18:30:15 +0200 Subject: [PATCH 185/988] update flakes --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f25908..7056277 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1628356768, - "narHash": "sha256-MYnHBDAH1pF3jCvsnxjfECD2PP0t1ODVFH6SnzIc2FQ=", + "lastModified": 1629192343, + "narHash": "sha256-L7RC+jTIWNm/+scGLNXNsOrU0rm90yESa7LG+Ke/YrE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "cd04543c0155979dc019213a434e71734455e903", + "rev": "c2aa7457ac69ab851c57e1fbd7660f131f343ea0", "type": "github" }, "original": { @@ -193,11 +193,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1628287034, - "narHash": "sha256-pWMEpQQcKxBy0OKskFLXJHEyGYJIiMu/BUQjCWxGF38=", + "lastModified": 1629151238, + "narHash": "sha256-brMNLZLz8u9+6tSJ9J8dWkp1sT2mFiO3g2jQZVu+rtQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0d769691cc379c9ab91d3acec5d14e75c02c02b", + "rev": "ad0fc085c7b954d5813a950cf0db7143e6b049e3", "type": "github" }, "original": { @@ -208,11 +208,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1628199198, - "narHash": "sha256-DkMFcm5VdqbausjUjyHWGBlcXNw/EMFiQpiCY5KKtMo=", + "lastModified": 1629137058, + "narHash": "sha256-rOOLXq8/HcqlKNTJdSiPqB+kbYdcjBaGwqq6pP5IOfQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "439b1605227b8adb1357b55ce8529d541abbe9eb", + "rev": "23485f23ff8536592b5178a5d244f84da770bc87", "type": "github" }, "original": { @@ -250,11 +250,11 @@ "straight": "straight" }, "locked": { - "lastModified": 1628328518, - "narHash": "sha256-U56ydG0+GQvXc9ivjPwJzIE4U4ovXDOzTLdHqJx6oxo=", + "lastModified": 1628865677, + "narHash": "sha256-cIRgrMuLOynvNLMAhMMG3Wm/zkggYx2gSsnANevv+bk=", "owner": "vlaci", "repo": "nix-doom-emacs", - "rev": "656a3aea172d6fb99a1d6e5c45667121855e5996", + "rev": "1020f27f1fab123f0ce3ed5f6e9c0637d888c884", "type": "github" }, "original": { @@ -267,11 +267,11 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1628328207, - "narHash": "sha256-ZWdev0HyxmKIdzLetPKiNK7Hh5gBuCnGwqgq95aNf5k=", + "lastModified": 1628630968, + "narHash": "sha256-eh5QpnX3F8/0iKv1BvyU3KyZ/ksLlRegcd5c41pm/L8=", "owner": "vlaci", "repo": "nix-straight.el", - "rev": "4bb7a6267d0bbb76d7bf4168ada1fb4eec1b735f", + "rev": "e3f8aaff9ba889c6f2ee6c6d349736d21f21c685", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1628078080, - "narHash": "sha256-NKYtXUH32TlhOyhi41ZLtkBYh+7z24FpONDOInG4QR8=", + "lastModified": 1629007385, + "narHash": "sha256-TmLKeB7IACvhmB85/4BCOh84l2cQYc607ZWlKWl/Uec=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8296b88560d8ac07a885452e094cd454de90ea9b", + "rev": "566f4da36652b1fe404346aafcd2cd02fecf7d43", "type": "github" }, "original": { From 6ab7a2683f2c97b320804b521367b44844049b13 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 17 Aug 2021 18:30:43 +0200 Subject: [PATCH 186/988] chromium with hardware accel --- home/home/pkgs.nix | 1 - nixos/gorgon/configuration.nix | 13 ++++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index fd6026b..f3db093 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -10,7 +10,6 @@ with pkgs; [ aqbanking bash bluez-tools - chromium clang clang-tools php74Packages.composer diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 7b8237f..72af629 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -75,7 +75,10 @@ in adminCredentialsFile = "/var/lib/miniflux/admin-credentials"; }; - environment.systemPackages = [ pkgs.ghostscript ]; + environment.systemPackages = with pkgs; [ + chromium + ghostscript + ]; networking.firewall = { enable = true; @@ -111,5 +114,13 @@ in "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; }; + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; + system.stateVersion = "20.03"; } From 53e9374d85ae5da36a5954880d87df7344718df1 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 18 Aug 2021 22:18:25 +0200 Subject: [PATCH 187/988] update flakes --- flake.lock | 72 +++++++++++++++++------------------------------------- flake.nix | 4 +-- 2 files changed, 23 insertions(+), 53 deletions(-) diff --git a/flake.lock b/flake.lock index 7056277..2738396 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1629192343, - "narHash": "sha256-L7RC+jTIWNm/+scGLNXNsOrU0rm90yESa7LG+Ke/YrE=", + "lastModified": 1629307718, + "narHash": "sha256-pmq/5J041I1S1z0ahszO1Od6S5DeCNpxQSGRDigj2L4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c2aa7457ac69ab851c57e1fbd7660f131f343ea0", + "rev": "9498d1febd6b91bfe88d0bd632ff7f5288c4ade9", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", "type": "github" }, "original": { @@ -190,14 +190,16 @@ }, "home-manager": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "myNixpkgs" + ] }, "locked": { - "lastModified": 1629151238, - "narHash": "sha256-brMNLZLz8u9+6tSJ9J8dWkp1sT2mFiO3g2jQZVu+rtQ=", + "lastModified": 1629255483, + "narHash": "sha256-hG6CrmH6ltZbORAWnSLIo+NlRV8ICDN43yhnp03CEWE=", "owner": "nix-community", "repo": "home-manager", - "rev": "ad0fc085c7b954d5813a950cf0db7143e6b049e3", + "rev": "a5c609b4b1cd4e1381ac8ea1b7d5b0792ebde0a3", "type": "github" }, "original": { @@ -208,11 +210,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1629137058, - "narHash": "sha256-rOOLXq8/HcqlKNTJdSiPqB+kbYdcjBaGwqq6pP5IOfQ=", + "lastModified": 1629226339, + "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23485f23ff8536592b5178a5d244f84da770bc87", + "rev": "2435ea48c3b295d9cd490535730bb13ab8cfd8a5", "type": "github" }, "original": { @@ -282,11 +284,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1629007385, - "narHash": "sha256-TmLKeB7IACvhmB85/4BCOh84l2cQYc607ZWlKWl/Uec=", + "lastModified": 1629302925, + "narHash": "sha256-BZUOGUxYk8SXT0rVQIhBkfqUgG1YfStoJadp6iUk9Is=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "566f4da36652b1fe404346aafcd2cd02fecf7d43", + "rev": "878f629005b003fe39c9e619b074e0ff7d9ed0e2", "type": "github" }, "original": { @@ -296,19 +298,6 @@ "type": "github" } }, - "nixpkgs": { - "locked": { - "lastModified": 1627942574, - "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", - "path": "/nix/store/4l9d555va23q26p985kwr2rzfn01n6vw-source", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "nose": { "flake": false, "locked": { @@ -454,8 +443,7 @@ "myNixpkgs" ], "nvd": "nvd", - "scripts": "scripts", - "unstableNixpkgs": "unstableNixpkgs" + "scripts": "scripts" } }, "rotate-text": { @@ -511,22 +499,6 @@ "repo": "straight.el", "type": "github" } - }, - "unstableNixpkgs": { - "locked": { - "lastModified": 1627942574, - "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index eb1c674..ea8c546 100644 --- a/flake.nix +++ b/flake.nix @@ -8,11 +8,9 @@ inputs.nixpkgs.follows = "myNixpkgs"; }; flake-utils.url = github:numtide/flake-utils; - unstableNixpkgs.url = "github:nixos/nixpkgs?rev=c464dc811babfe316ed4ab7bbc12351122e69dd7"; home-manager = { url = github:nix-community/home-manager; - # broken some commit after c464dc811babfe316ed4ab7bbc12351122e69dd7 - #inputs.nixpkgs.follows = "unstableNixpkgs"; + inputs.nixpkgs.follows = "myNixpkgs"; }; nix-doom-emacs = { url = github:vlaci/nix-doom-emacs/develop; From 499b893f3ef78c1036c12f1d1a6e2ed48cda113c Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 27 Aug 2021 17:48:55 +0200 Subject: [PATCH 188/988] update flakes --- flake.lock | 81 ++++++++++++++++++++++++++++++-------- flake.nix | 4 ++ nixos/modules/default.nix | 6 ++- nixos/modules/homepage.nix | 4 +- outputs.nix | 1 + pkgs/homePage/default.nix | 19 --------- 6 files changed, 77 insertions(+), 38 deletions(-) delete mode 100644 pkgs/homePage/default.nix diff --git a/flake.lock b/flake.lock index 2738396..ba9221e 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1629307718, - "narHash": "sha256-pmq/5J041I1S1z0ahszO1Od6S5DeCNpxQSGRDigj2L4=", + "lastModified": 1629739732, + "narHash": "sha256-OcSR9n6B0wR6kViudI42Uhpp3JuRGNHyarxO+KHQ7/Y=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9498d1febd6b91bfe88d0bd632ff7f5288c4ade9", + "rev": "a72e2a008e2551b2e4bcbae0c20e7e6e6f91dfc6", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1629284811, + "lastModified": 1629481132, "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "rev": "997f7efcb746a9c140ce1f13c72263189225f482", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1629284811, + "lastModified": 1629481132, "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "rev": "997f7efcb746a9c140ce1f13c72263189225f482", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1629255483, - "narHash": "sha256-hG6CrmH6ltZbORAWnSLIo+NlRV8ICDN43yhnp03CEWE=", + "lastModified": 1629729582, + "narHash": "sha256-P8bSE0v/alIafhsDVPwIZyBMz4YfHc2H0mOabnsf1so=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5c609b4b1cd4e1381ac8ea1b7d5b0792ebde0a3", + "rev": "9029fd2b9de2147480efab55f351343f4fed73b9", "type": "github" }, "original": { @@ -208,13 +208,48 @@ "type": "github" } }, + "homePage": { + "inputs": { + "hugo-theme-anubis": "hugo-theme-anubis", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1629402604, + "narHash": "sha256-fFyYgBgjZEJiOnoTMMDqw7rx0bJ1jnxt7s/z3tI5788=", + "owner": "dadada", + "repo": "dadada.li", + "rev": "8cc05931e12bd6b96907edc85994da8dfe7ae0f9", + "type": "github" + }, + "original": { + "owner": "dadada", + "repo": "dadada.li", + "type": "github" + } + }, + "hugo-theme-anubis": { + "flake": false, + "locked": { + "lastModified": 1626675855, + "narHash": "sha256-Vj77NcXxPOcatDbLvW+d90hsUpYH+2eyhpyXv82ZTts=", + "owner": "mitrichius", + "repo": "hugo-theme-anubis", + "rev": "5dab60e04a37896c09a32137aefe821c63b3af04", + "type": "github" + }, + "original": { + "owner": "mitrichius", + "repo": "hugo-theme-anubis", + "type": "github" + } + }, "myNixpkgs": { "locked": { - "lastModified": 1629226339, - "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", + "lastModified": 1629292755, + "narHash": "sha256-5xMo32NVLnloY9DveqwJO/Cab1+PbTMPqU4WMmawX5M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2435ea48c3b295d9cd490535730bb13ab8cfd8a5", + "rev": "253aecf69ed7595aaefabde779aa6449195bebb7", "type": "github" }, "original": { @@ -284,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1629302925, - "narHash": "sha256-BZUOGUxYk8SXT0rVQIhBkfqUgG1YfStoJadp6iUk9Is=", + "lastModified": 1629744693, + "narHash": "sha256-guZxgF5v8Avqpdu5M/F3ygZ4f67Y6ruS7y2kA5yUhZE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "878f629005b003fe39c9e619b074e0ff7d9ed0e2", + "rev": "de40acde6c056a7c5f3c9ad4dca0c172fa35d207", "type": "github" }, "original": { @@ -298,6 +333,19 @@ "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1629226339, + "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", + "path": "/nix/store/vy5l0dvdwwhyc988z185f9i7rqbc1n8y-source", + "rev": "2435ea48c3b295d9cd490535730bb13ab8cfd8a5", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nose": { "flake": false, "locked": { @@ -436,6 +484,7 @@ "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", + "homePage": "homePage", "myNixpkgs": "myNixpkgs", "nix-doom-emacs": "nix-doom-emacs", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index ea8c546..b8dffc9 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,10 @@ url = git+https://git.dadada.li/dadada/scripts.git?ref=main; inputs.nixpkgs.follows = "myNixpkgs"; }; + homePage = { + flake = false; + url = github:dadada/dadada.li; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 522fbd5..fef39fb 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,6 @@ -{ ... }@inputs: +{ homePage +, ... +}@inputs: { admin = import ./admin.nix; backup = import ./backup.nix; @@ -7,7 +9,7 @@ fileShare = import ./fileShare.nix; gitea = import ./gitea.nix; headphones = import ./headphones.nix; - homepage = import ./homepage.nix; + homepage = import ./homepage.nix { inherit homePage; }; networking = import ./networking.nix; share = import ./share.nix; steam = import ./steam.nix; diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index 9487197..279fce6 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,6 +1,8 @@ +{ homePage }: { config, pkgs, lib, ... }: let cfg = config.dadada.homePage; + homePagePkg = pkgs.callPackage homePage { }; in with lib; { options.dadada.homePage = { @@ -12,7 +14,7 @@ with lib; { services.nginx.virtualHosts."dadada.li" = { enableACME = true; forceSSL = true; - root = "/var/lib/www/dadada.li"; + root = "${homePagePkg}"; }; }; } diff --git a/outputs.nix b/outputs.nix index 3880460..e6a8e00 100644 --- a/outputs.nix +++ b/outputs.nix @@ -7,6 +7,7 @@ , nixos-hardware , nvd , scripts +, homePage , ... }@inputs: (flake-utils.lib.eachDefaultSystem (system: diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix deleted file mode 100644 index bcf0318..0000000 --- a/pkgs/homePage/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ stdenv, pandoc, fetchFromGitHub }: -stdenv.mkDerivation rec { - src = fetchFromGitHub { - owner = "dadada"; - repo = "dadada.li"; - rev = "9dcb016b71abefe5546bc118a618bba87295a859"; - sha256 = "1d3vz1h66n8dka90br10niiv8n5blpbfqgcvx8dh8y6880sm1fd7"; - }; - nativeBuildInputs = [ pandoc ]; - buildPhase = '' - ./build.sh - ''; - installPhase = '' - mkdir -p $out - cp -r src/* $out/ - ''; - name = "dadada.li"; - version = "0.2"; -} From 6dc0d91f0df7f07c0888e03f6a4a2ff3954e7b40 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 27 Aug 2021 17:49:14 +0200 Subject: [PATCH 189/988] fix homepage --- flake.nix | 1 - home/modules/emacs/doom.d/init.el | 2 +- nixos/configurations.nix | 23 +++++++++++++---------- nixos/gorgon/configuration.nix | 2 +- nixos/modules/default.nix | 2 +- nixos/modules/homepage.nix | 4 +--- nixos/surgat/configuration.nix | 2 +- outputs.nix | 5 ++--- overlays/default.nix | 3 --- 9 files changed, 20 insertions(+), 24 deletions(-) diff --git a/flake.nix b/flake.nix index b8dffc9..8558ff4 100644 --- a/flake.nix +++ b/flake.nix @@ -28,7 +28,6 @@ inputs.nixpkgs.follows = "myNixpkgs"; }; homePage = { - flake = false; url = github:dadada/dadada.li; }; }; diff --git a/home/modules/emacs/doom.d/init.el b/home/modules/emacs/doom.d/init.el index cf543a7..f8e10f6 100644 --- a/home/modules/emacs/doom.d/init.el +++ b/home/modules/emacs/doom.d/init.el @@ -158,7 +158,7 @@ ;;rest ; Emacs as a REST client rst ; ReST in peace ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} - rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap() + rust (+lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() ;;scala ; java, but good ;;(scheme +guile) ; a fully conniving family of lisps sh ; she sells {ba,z,fi}sh shells on the C xor diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f4ed6c3..9aa5c01 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -2,9 +2,10 @@ , nixpkgs , nixosSystem , home-manager +, homePage , nixos-hardware }: -let adapterModule = { +let adapterModule = system: { nix.nixPath = [ "home-manager=${home-manager}" "nixpkgs=${nixpkgs}" @@ -26,14 +27,16 @@ let adapterModule = { ]; nix.requireSignedBinaryCaches = true; nix.useSandbox = true; - nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays); + nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ + (final: prev: { homePage = homePage.defaultPackage.${system}; }) + ]; }; in { - gorgon = nixosSystem { + gorgon = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - adapterModule + (adapterModule system) nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 #home-manager.nixosModules.home-manager #{ @@ -45,27 +48,27 @@ in ./gorgon/configuration.nix ]; }; - ifrit = nixosSystem { + ifrit = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - adapterModule + (adapterModule system) ./modules/profiles/server.nix ./ifrit/configuration.nix ]; }; - surgat = nixosSystem { + surgat = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - adapterModule + (adapterModule system) ./modules/profiles/server.nix ./surgat/configuration.nix ]; }; - pruflas = nixosSystem { + pruflas = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - adapterModule + (adapterModule system) ./modules/profiles/server.nix ./pruflas/configuration.nix ]; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 72af629..5f1c6b8 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -56,7 +56,7 @@ in # Enable CUPS to print documents. services.printing = { - enable = false; + enable = true; browsing = true; drivers = with pkgs; [ hplip diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index fef39fb..7f06ed9 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,7 +9,7 @@ fileShare = import ./fileShare.nix; gitea = import ./gitea.nix; headphones = import ./headphones.nix; - homepage = import ./homepage.nix { inherit homePage; }; + homepage = import ./homepage.nix; networking = import ./networking.nix; share = import ./share.nix; steam = import ./steam.nix; diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index 279fce6..ed03c0b 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,8 +1,6 @@ -{ homePage }: { config, pkgs, lib, ... }: let cfg = config.dadada.homePage; - homePagePkg = pkgs.callPackage homePage { }; in with lib; { options.dadada.homePage = { @@ -14,7 +12,7 @@ with lib; { services.nginx.virtualHosts."dadada.li" = { enableACME = true; forceSSL = true; - root = "${homePagePkg}"; + root = "${pkgs.homePage}"; }; }; } diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index d5de97d..63611ae 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -15,7 +15,7 @@ in recommendedGzipSettings = true; recommendedProxySettings = true; - logError = "/dev/null"; + #logError = "/dev/null"; appendHttpConfig = '' access_log off; ''; diff --git a/outputs.nix b/outputs.nix index e6a8e00..29c2530 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,13 +1,13 @@ # Adapted from Mic92/dotfiles { self , flake-utils +, homePage , nixpkgs , home-manager , nix-doom-emacs , nixos-hardware , nvd , scripts -, homePage , ... }@inputs: (flake-utils.lib.eachDefaultSystem (system: @@ -54,7 +54,6 @@ packages = flake-utils.lib.flattenTree { deploy = pkgs.callPackage ./pkgs/deploy.nix { }; keys = pkgs.callPackage ./pkgs/keys { }; - homePage = pkgs.callPackage ./pkgs/homePage { }; recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd; }; })) // { @@ -64,7 +63,7 @@ hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { nixosSystem = nixpkgs.lib.nixosSystem; - inherit self nixpkgs home-manager nixos-hardware; + inherit self nixpkgs home-manager nixos-hardware homePage; }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; diff --git a/overlays/default.nix b/overlays/default.nix index d4caaa0..4ac07d5 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -6,9 +6,6 @@ in keys = final: prev: { keys = prev.callPackage ../pkgs/keys { }; }; - homePage = final: prev: { - homePage = prev.callPackage ../pkgs/homePage { }; - }; recipemd = final: prev: { recipemd = prev.python3Packages.toPythonApplication prev.python3Packages.recipemd; }; From 572ae2bb819bcaa9b4ec5cddc6a6d17e90553845 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 1 Sep 2021 11:13:13 +0200 Subject: [PATCH 190/988] update flakes --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ba9221e..020799f 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1629739732, - "narHash": "sha256-OcSR9n6B0wR6kViudI42Uhpp3JuRGNHyarxO+KHQ7/Y=", + "lastModified": 1630228697, + "narHash": "sha256-LhwbUdVSha/OdQCTCsuagYCZHeB4aBD47Z/NB4OHShQ=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "a72e2a008e2551b2e4bcbae0c20e7e6e6f91dfc6", + "rev": "0f2e92d0624f5a6887c8a07e1a5ae6ab298e194b", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1629729582, - "narHash": "sha256-P8bSE0v/alIafhsDVPwIZyBMz4YfHc2H0mOabnsf1so=", + "lastModified": 1630030114, + "narHash": "sha256-t5lptbv7rtNSawdwoA2JUAiqXgLYAO+dGqp8KRtOaDA=", "owner": "nix-community", "repo": "home-manager", - "rev": "9029fd2b9de2147480efab55f351343f4fed73b9", + "rev": "33db7cc6a66d1c1cb77c23ae8e18cefd0425a0c8", "type": "github" }, "original": { @@ -214,11 +214,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1629402604, - "narHash": "sha256-fFyYgBgjZEJiOnoTMMDqw7rx0bJ1jnxt7s/z3tI5788=", + "lastModified": 1630233622, + "narHash": "sha256-gXZ3yp7toOTgs2Yhg/JDKiB1fwvfZZKkk/nfFK4JvbE=", "owner": "dadada", "repo": "dadada.li", - "rev": "8cc05931e12bd6b96907edc85994da8dfe7ae0f9", + "rev": "7c92c4c6383750601ebdf34858ea126c16209ebe", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1629292755, - "narHash": "sha256-5xMo32NVLnloY9DveqwJO/Cab1+PbTMPqU4WMmawX5M=", + "lastModified": 1630074300, + "narHash": "sha256-BFM7OiXRs0RvSUZd6NCGAKWVPn3VodgYQ4TUQXxbMBU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "253aecf69ed7595aaefabde779aa6449195bebb7", + "rev": "21c937f8cb1e6adcfeb36dfd6c90d9d9bfab1d28", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1629744693, - "narHash": "sha256-guZxgF5v8Avqpdu5M/F3ygZ4f67Y6ruS7y2kA5yUhZE=", + "lastModified": 1629975021, + "narHash": "sha256-+z4pK5yvoIKAIPGnyxt7I7Y9yX72HFP2krppGENpn6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de40acde6c056a7c5f3c9ad4dca0c172fa35d207", + "rev": "342048461da7fc743e588ee744080c045613a226", "type": "github" }, "original": { From 52bf26db1eaeeb2e4fb3d737a6cf9aab2319c611 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 10 Sep 2021 13:39:36 +0200 Subject: [PATCH 191/988] update flakes --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 020799f..f8bcbf9 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1630228697, - "narHash": "sha256-LhwbUdVSha/OdQCTCsuagYCZHeB4aBD47Z/NB4OHShQ=", + "lastModified": 1631265331, + "narHash": "sha256-B7Z8pPFRGEEh+APOvneIHSLQk33QK9bh5l8gI9tSD74=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "0f2e92d0624f5a6887c8a07e1a5ae6ab298e194b", + "rev": "2ff125e11371b88b1c4edeaa6f96355fbfee96da", "type": "github" }, "original": { @@ -145,11 +145,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1629481132, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "997f7efcb746a9c140ce1f13c72263189225f482", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1630030114, - "narHash": "sha256-t5lptbv7rtNSawdwoA2JUAiqXgLYAO+dGqp8KRtOaDA=", + "lastModified": 1631134124, + "narHash": "sha256-C17wJ2HyuFZllJ/PbpFuuDjkzWvg8np9UIAdSrpuwS0=", "owner": "nix-community", "repo": "home-manager", - "rev": "33db7cc6a66d1c1cb77c23ae8e18cefd0425a0c8", + "rev": "039f786e609fdb3cfd9c5520ff3791750c3eaebf", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1630074300, - "narHash": "sha256-BFM7OiXRs0RvSUZd6NCGAKWVPn3VodgYQ4TUQXxbMBU=", + "lastModified": 1631206977, + "narHash": "sha256-o3Dct9aJ5ht5UaTUBzXrRcK1RZt2eG5/xSlWJuUCVZM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "21c937f8cb1e6adcfeb36dfd6c90d9d9bfab1d28", + "rev": "4f6d8095fd51954120a1d08ea5896fe42dc3923b", "type": "github" }, "original": { @@ -287,11 +287,11 @@ "straight": "straight" }, "locked": { - "lastModified": 1628865677, - "narHash": "sha256-cIRgrMuLOynvNLMAhMMG3Wm/zkggYx2gSsnANevv+bk=", + "lastModified": 1631192516, + "narHash": "sha256-HaS2f8N7uGBz8bGAiC7y9xkWzsrtThpudcoaTsh5OkE=", "owner": "vlaci", "repo": "nix-doom-emacs", - "rev": "1020f27f1fab123f0ce3ed5f6e9c0637d888c884", + "rev": "33064319607745856f488a998ca3db8ffcede865", "type": "github" }, "original": { @@ -402,11 +402,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1627155762, - "narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=", + "lastModified": 1629714870, + "narHash": "sha256-D6gUJtzZMpyJBNNn5EKWDCbDDgIXzxMx54fpcQ3DM2o=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237", + "rev": "a3ba79cd3a120235dae524f49945fbe99df923cf", "type": "github" }, "original": { @@ -466,11 +466,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1625811744, - "narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=", + "lastModified": 1630050533, + "narHash": "sha256-gi+vC71xsKXN06QzwohNhFt07+7g6OqjsThXHwrZ5Q0=", "owner": "hakimel", "repo": "reveal.js", - "rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad", + "rev": "01d8d669bc2b681b595262ccbe27293eec2fcb44", "type": "github" }, "original": { From 01abd840681597f9ddef59d90726c2e78dcb6ae2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 19 Sep 2021 21:02:30 +0200 Subject: [PATCH 192/988] update flakes --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index f8bcbf9..7f537a2 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1631265331, - "narHash": "sha256-B7Z8pPFRGEEh+APOvneIHSLQk33QK9bh5l8gI9tSD74=", + "lastModified": 1632071499, + "narHash": "sha256-1w1KGd8zJBfDyhBHfYneVQ4gUp9+JTz2BJHvOMHH/x4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "2ff125e11371b88b1c4edeaa6f96355fbfee96da", + "rev": "c51b95cce591f58e0631f6c3c2cdc0c9ff96adab", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1629481132, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "owner": "numtide", "repo": "flake-utils", - "rev": "997f7efcb746a9c140ce1f13c72263189225f482", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1629481132, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "owner": "numtide", "repo": "flake-utils", - "rev": "997f7efcb746a9c140ce1f13c72263189225f482", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1631134124, - "narHash": "sha256-C17wJ2HyuFZllJ/PbpFuuDjkzWvg8np9UIAdSrpuwS0=", + "lastModified": 1631740142, + "narHash": "sha256-FnwtaJ+fZw2QzsCqGJW4kJd9hXiPxPgfi+9dwratk28=", "owner": "nix-community", "repo": "home-manager", - "rev": "039f786e609fdb3cfd9c5520ff3791750c3eaebf", + "rev": "371576cdc2580ba93a38e28da8ece2129f558815", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1631206977, - "narHash": "sha256-o3Dct9aJ5ht5UaTUBzXrRcK1RZt2eG5/xSlWJuUCVZM=", + "lastModified": 1631785487, + "narHash": "sha256-VSKEvOtaY/roDxEHFxXh6GguOqqWCJZ3E06fBdKu8+I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4f6d8095fd51954120a1d08ea5896fe42dc3923b", + "rev": "79c444b5bdeaba142d128afddee14c89ecf2a968", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1629975021, - "narHash": "sha256-+z4pK5yvoIKAIPGnyxt7I7Y9yX72HFP2krppGENpn6I=", + "lastModified": 1631875434, + "narHash": "sha256-qmaLTz4ituJJ8DNoHwmrrCRmABMoNqNLJewxWpuZals=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "342048461da7fc743e588ee744080c045613a226", + "rev": "16fca9df230408608846940981b4037762420b1b", "type": "github" }, "original": { From d83db28bc71a645cbb40ab9f8391a08e4a7265b3 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 21 Sep 2021 13:58:21 +0200 Subject: [PATCH 193/988] add shortwave --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index f3db093..060ac4a 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -70,6 +70,7 @@ with pkgs; [ python38Packages.managesieve ripgrep rustup + shortwave signal-desktop slurp sqlite From 614485b66ac999901524289b3ede68e2d4fea3a7 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 21 Sep 2021 15:52:37 +0200 Subject: [PATCH 194/988] update flakes --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 7f537a2..3f9b935 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1632071499, - "narHash": "sha256-1w1KGd8zJBfDyhBHfYneVQ4gUp9+JTz2BJHvOMHH/x4=", + "lastModified": 1632215126, + "narHash": "sha256-TAfCrVb+Otou3VN4fBXMW9FT9EvEwb+8jnilUUPqwJg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c51b95cce591f58e0631f6c3c2cdc0c9ff96adab", + "rev": "ce690d6e577247d0bb77f2ed3956fbb7e5e5aec9", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1631785487, - "narHash": "sha256-VSKEvOtaY/roDxEHFxXh6GguOqqWCJZ3E06fBdKu8+I=", + "lastModified": 1631962327, + "narHash": "sha256-h2fgtNHozEcB42BQ1QVWAJUpQ1FA3gpgq/RrOKAxbfE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "79c444b5bdeaba142d128afddee14c89ecf2a968", + "rev": "bc9b956714ed6eac5f8888322aac5bc41389defa", "type": "github" }, "original": { From 67e321cd65c34bc89809d49111b014816a985431 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 21 Sep 2021 15:52:48 +0200 Subject: [PATCH 195/988] disable some emacs packages --- home/modules/emacs/doom.d/init.el | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/home/modules/emacs/doom.d/init.el b/home/modules/emacs/doom.d/init.el index f8e10f6..a94043f 100644 --- a/home/modules/emacs/doom.d/init.el +++ b/home/modules/emacs/doom.d/init.el @@ -36,7 +36,7 @@ hydra ;;indent-guides ; highlighted indent columns ;;ligatures ; ligatures and symbols to make your code pretty again - minimap ; show a map of the code on the side + ;;minimap ; show a map of the code on the side modeline ; snazzy, Atom-inspired modeline, plus API ;;nav-flash ; blink cursor line after big motions ;;neotree ; a project drawer, like NERDTree for vim @@ -135,8 +135,8 @@ ;;hy ; readability of scheme w/ speed of python ;;idris ; a language you can depend on json ; At least it ain't XML - (java +meghanada) ; the poster child for carpal tunnel syndrome - javascript ; all(hope(abandon(ye(who(enter(here)))))) + ;;(java +meghanada) ; the poster child for carpal tunnel syndrome + ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) ;;julia ; a better, faster MATLAB ;;kotlin ; a better, slicker Java(Script) latex ; writing papers in Emacs has never been so fun @@ -149,7 +149,7 @@ ;;ocaml ; an objective camel org ; organize your plain life in plain text php ; perl's insecure younger brother - plantuml ; diagrams for confusing people more + ;;plantuml ; diagrams for confusing people more ;;purescript ; javascript, but functional python ; beautiful is better than ugly ;;qt ; the 'cutest' gui framework ever @@ -166,7 +166,7 @@ ;;solidity ; do you need a blockchain? No. ;;swift ; who asked for emoji variables? ;;terra ; Earth and Moon in alignment for performance. - web ; the tubes + ;;web ; the tubes yaml ; JSON, but readable ;;zig ; C, but simpler From b897b3ec7be70eee66d3e6c2f32b50dd664cdaae Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Oct 2021 22:27:50 +0200 Subject: [PATCH 196/988] add some packages --- home/home/pkgs.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 060ac4a..15a53fd 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -10,6 +10,7 @@ with pkgs; [ aqbanking bash bluez-tools + binutils clang clang-tools php74Packages.composer @@ -69,6 +70,7 @@ with pkgs; [ python38Packages.dateutil python38Packages.managesieve ripgrep + rust-analyzer rustup shortwave signal-desktop @@ -79,6 +81,7 @@ with pkgs; [ tcpdump tdesktop thunderbird + tor-browser-bundle-bin unzip usbutils virtmanager From 31c5046fe5b08efe86a328aa45338060fc3de88c Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Oct 2021 22:28:15 +0200 Subject: [PATCH 197/988] update flakes --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3f9b935..307c6c6 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1632215126, - "narHash": "sha256-TAfCrVb+Otou3VN4fBXMW9FT9EvEwb+8jnilUUPqwJg=", + "lastModified": 1633362790, + "narHash": "sha256-p0GpcAgaS4DpBbyafz5tUrGKeuJDnLuDExu9cIJDbjc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "ce690d6e577247d0bb77f2ed3956fbb7e5e5aec9", + "rev": "448fd2e006decbb1f56822f199f0580204aedaea", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1631740142, - "narHash": "sha256-FnwtaJ+fZw2QzsCqGJW4kJd9hXiPxPgfi+9dwratk28=", + "lastModified": 1633364404, + "narHash": "sha256-XoCtlQreWVCpBGFwRylpkDkIfuEEgkZGUCxDAda1LBE=", "owner": "nix-community", "repo": "home-manager", - "rev": "371576cdc2580ba93a38e28da8ece2129f558815", + "rev": "81ec2aed8a2438553c6689061eeb45a40883ec24", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1631962327, - "narHash": "sha256-h2fgtNHozEcB42BQ1QVWAJUpQ1FA3gpgq/RrOKAxbfE=", + "lastModified": 1633351077, + "narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc9b956714ed6eac5f8888322aac5bc41389defa", + "rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1631875434, - "narHash": "sha256-qmaLTz4ituJJ8DNoHwmrrCRmABMoNqNLJewxWpuZals=", + "lastModified": 1632990363, + "narHash": "sha256-SNqz+9Vt4yDHqw8u/CMFdzMQTulKoMlVGJdshfcb5O0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "16fca9df230408608846940981b4037762420b1b", + "rev": "0a8b8054c9920368a3c15e6d766188fdf04b736f", "type": "github" }, "original": { From 825501bbd60b86672c06829addc12181b78b205d Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Oct 2021 22:28:54 +0200 Subject: [PATCH 198/988] =?UTF-8?q?fix=20backup=20=F0=9F=A4=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nixos/modules/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 314d5ae..11c0908 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -70,7 +70,7 @@ in paths = "/"; exclude = backupExcludes; repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; - doInit = true; + doInit = false; environment = { BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; }; From ea7ab01ea16274e49761a86dd7b26d90105eaaaa Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Oct 2021 23:06:52 +0200 Subject: [PATCH 199/988] journald: keep at least 2G of free space --- nixos/modules/profiles/server.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index ba796c3..00da89b 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -18,4 +18,8 @@ with lib; font = "Lat2-Terminus16"; keyMap = "us"; }; + + services.journald.extraConfig = '' + SystemKeepFree = 2G + ''; } From dcc567f1cb0986be52f7f7a409794d47c3d7071d Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 18 Oct 2021 19:35:35 +0200 Subject: [PATCH 200/988] update flakes --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 307c6c6..2dfa5dc 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1633362790, - "narHash": "sha256-p0GpcAgaS4DpBbyafz5tUrGKeuJDnLuDExu9cIJDbjc=", + "lastModified": 1634578371, + "narHash": "sha256-63tnbH9Gc8K70dRXO4qYU6KEIlp8UCj7qXVDY+fWL4U=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "448fd2e006decbb1f56822f199f0580204aedaea", + "rev": "0300ad279e332835530ef98e2d6bfd7cc46d8c31", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1633364404, - "narHash": "sha256-XoCtlQreWVCpBGFwRylpkDkIfuEEgkZGUCxDAda1LBE=", + "lastModified": 1634543124, + "narHash": "sha256-sPjP5GjZ0DgTgY8KljhGeix4L5ey7A3L1nm6lDffTh0=", "owner": "nix-community", "repo": "home-manager", - "rev": "81ec2aed8a2438553c6689061eeb45a40883ec24", + "rev": "b5d738b5a3f8c3738433e0aa6482afb4ac635380", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1633351077, - "narHash": "sha256-z38JG4Bb0GtM1aF1pANVdp1dniMP23Yb3HnRoJRy2uU=", + "lastModified": 1634436779, + "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "14aef06d9b3ad1d07626bdbb16083b83f92dc6c1", + "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1632990363, - "narHash": "sha256-SNqz+9Vt4yDHqw8u/CMFdzMQTulKoMlVGJdshfcb5O0=", + "lastModified": 1633793047, + "narHash": "sha256-XSMlHMVPKwcEqyHGdFj/ZeGMeZeKNwVExOfLlxcg4oE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0a8b8054c9920368a3c15e6d766188fdf04b736f", + "rev": "3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f", "type": "github" }, "original": { From 4408b604217608f81b7b21b53b8f1c60cae82fdd Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Oct 2021 21:39:38 +0200 Subject: [PATCH 201/988] update flakes --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2dfa5dc..3df1f90 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1634578371, - "narHash": "sha256-63tnbH9Gc8K70dRXO4qYU6KEIlp8UCj7qXVDY+fWL4U=", + "lastModified": 1635359786, + "narHash": "sha256-G4m8sNfO/IFtcC6gOTi3NQjvEhaXoRRW1MtWswyq7JI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "0300ad279e332835530ef98e2d6bfd7cc46d8c31", + "rev": "d4dbd9ee5d450e17b3a0846345df78f3105e282a", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1634851050, + "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", "type": "github" }, "original": { @@ -160,11 +160,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1634851050, + "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1634543124, - "narHash": "sha256-sPjP5GjZ0DgTgY8KljhGeix4L5ey7A3L1nm6lDffTh0=", + "lastModified": 1635285717, + "narHash": "sha256-CGsOBSkdjIHmKEbUkik1JKQhiKCJ64Hj7dROx7yEDCo=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5d738b5a3f8c3738433e0aa6482afb4ac635380", + "rev": "46a69810cb95d2e7286089830dc535d6719eaa6f", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1634436779, - "narHash": "sha256-D/nrXTWpe1bPIjFy85sgiLHYqu+AeaC6v5/+KlA9PRg=", + "lastModified": 1634782485, + "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9aeeb7574fb784eaf6395f4400705b5f619e6cc3", + "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1633793047, - "narHash": "sha256-XSMlHMVPKwcEqyHGdFj/ZeGMeZeKNwVExOfLlxcg4oE=", + "lastModified": 1635319124, + "narHash": "sha256-Ldh40imhLYF8kGy9wSI2NWW6qiB/9lJ0C6CT2Yr1L6E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f", + "rev": "0bb7b0906c353703c2eea36bd73134f0216f3e62", "type": "github" }, "original": { From d306493bb7e1193d2485c8c332acf9928bde813c Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 29 Oct 2021 22:30:20 +0200 Subject: [PATCH 202/988] Remove GTK theming --- home/home/pkgs.nix | 1 + home/modules/gtk.nix | 6 ------ 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 15a53fd..0cb886f 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -25,6 +25,7 @@ with pkgs; [ fzf gdb gimp + gnome.gnome-tweaks gnucash gnumake gnupg diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index b75c7c7..05c1f36 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -10,12 +10,6 @@ in config = mkIf cfg.enable { gtk = { enable = true; - theme.package = pkgs.gnome3.gnome-themes-extra; - theme.name = "Adwaita-dark"; - iconTheme.package = pkgs.gnome3.adwaita-icon-theme; - iconTheme.name = "Adwaita"; - font.package = pkgs.cantarell-fonts; - font.name = "Cantarell"; }; }; } From fa608a6c28ebe04aafaf5c19c4e391e88b31cdd6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 6 Nov 2021 14:52:34 +0100 Subject: [PATCH 203/988] fix ui stuff --- home/modules/gtk.nix | 1 + home/modules/tmux.nix | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index 05c1f36..91b4c03 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -10,6 +10,7 @@ in config = mkIf cfg.enable { gtk = { enable = true; + theme.name = "Adwaita-dark"; }; }; } diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 6654ccc..ab8b82c 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -13,12 +13,11 @@ in terminal = "xterm-256color"; extraConfig = '' set -g automatic-rename on - set -g mode-keys vi + setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on - set-window-option -g mode-keys vi ''; }; }; From 577cd8c02c5f0f4c04f9f0629e2ac5a7ffba50f4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 6 Nov 2021 14:55:56 +0100 Subject: [PATCH 204/988] update flakes --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 3df1f90..5e9a91d 100644 --- a/flake.lock +++ b/flake.lock @@ -35,11 +35,11 @@ }, "emacs-overlay": { "locked": { - "lastModified": 1635359786, - "narHash": "sha256-G4m8sNfO/IFtcC6gOTi3NQjvEhaXoRRW1MtWswyq7JI=", + "lastModified": 1636190016, + "narHash": "sha256-nx5Jbn4PJHfVatu9ZdV+Q+SB7UVtbc/QZacjRQezX44=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d4dbd9ee5d450e17b3a0846345df78f3105e282a", + "rev": "93fac0add2abcf230b03498b7fa07e10a06a10f2", "type": "github" }, "original": { @@ -195,11 +195,11 @@ ] }, "locked": { - "lastModified": 1635285717, - "narHash": "sha256-CGsOBSkdjIHmKEbUkik1JKQhiKCJ64Hj7dROx7yEDCo=", + "lastModified": 1636044164, + "narHash": "sha256-RI9QjS8NBrfVTp6dzmcEVKNNjxYGBf26+/7ihDA/USc=", "owner": "nix-community", "repo": "home-manager", - "rev": "46a69810cb95d2e7286089830dc535d6719eaa6f", + "rev": "70c5b268e10025c70823767f4fb49e240b40151d", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1634782485, - "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", + "lastModified": 1635844945, + "narHash": "sha256-tZcL307dj28jgEU1Wdn+zwG9neyW0H2+ZjdVhvJxh9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", + "rev": "b67e752c29f18a0ca5534a07661366d6a2c2e649", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1635319124, - "narHash": "sha256-Ldh40imhLYF8kGy9wSI2NWW6qiB/9lJ0C6CT2Yr1L6E=", + "lastModified": 1635449388, + "narHash": "sha256-i7hMiAgpRTGsMPTQKuNCDfW/ftQ+g9N6iaMj+RN6yws=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0bb7b0906c353703c2eea36bd73134f0216f3e62", + "rev": "518b9c2159e7d4b7696ee18b8828f9086012923b", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1626753471, - "narHash": "sha256-J4bbWBtVrB5tMk6tUKwKsvQotKpQFmbOZRTUr30aJ0M=", + "lastModified": 1636163286, + "narHash": "sha256-5JeZTWNPANOxLqqXRys2z3TzpxmZgulF/i1nwWbMR5U=", "ref": "master", - "rev": "fd059e5b2ef64c27f4062d5438225ac0ebb8e193", - "revCount": 13, + "rev": "0d3aba5510d611cdbd4123f7ef6358c19d3f4171", + "revCount": 15, "type": "git", "url": "https://gitlab.com/khumba/nvd.git" }, From 83dc018a4f4effcc491b38a8b048819fcdf9ae4f Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 6 Nov 2021 15:13:00 +0100 Subject: [PATCH 205/988] Enabled automatic upgrades on surgat --- nixos/surgat/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 63611ae..356240e 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -120,5 +120,7 @@ in ]; }; + system.autoUpgrade.flake = "github:dadada/nix-config#${hostName}"; + system.stateVersion = "20.09"; } From 58cc357ad9be5791eed2b5b0975410c06e410839 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Nov 2021 01:05:47 +0100 Subject: [PATCH 206/988] update flakes --- flake.lock | 30 ++++++++++++++---------------- flake.nix | 5 ----- outputs.nix | 2 +- 3 files changed, 15 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 5e9a91d..db1ceff 100644 --- a/flake.lock +++ b/flake.lock @@ -34,12 +34,13 @@ } }, "emacs-overlay": { + "flake": false, "locked": { - "lastModified": 1636190016, - "narHash": "sha256-nx5Jbn4PJHfVatu9ZdV+Q+SB7UVtbc/QZacjRQezX44=", + "lastModified": 1630603742, + "narHash": "sha256-fYX5y18aHZTnYdBizeeW43NOFvCoT3iXk52dLtS43Gs=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "93fac0add2abcf230b03498b7fa07e10a06a10f2", + "rev": "9c69c4d0ef9d8ed0c5a54697e359d7f3a51fcbb1", "type": "github" }, "original": { @@ -195,11 +196,11 @@ ] }, "locked": { - "lastModified": 1636044164, - "narHash": "sha256-RI9QjS8NBrfVTp6dzmcEVKNNjxYGBf26+/7ihDA/USc=", + "lastModified": 1636847964, + "narHash": "sha256-hH2lbDgOPwCtlWDwp0wVCcOK7x0mtLf4nrNWfvUWrA8=", "owner": "nix-community", "repo": "home-manager", - "rev": "70c5b268e10025c70823767f4fb49e240b40151d", + "rev": "accfbdf215dbf39eac2fbae67b574dac0be83d51", "type": "github" }, "original": { @@ -245,11 +246,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1635844945, - "narHash": "sha256-tZcL307dj28jgEU1Wdn+zwG9neyW0H2+ZjdVhvJxh9g=", + "lastModified": 1636623366, + "narHash": "sha256-jOQMlv9qFSj0U66HB+ujZoapty0UbewmSNbX8+3ujUQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b67e752c29f18a0ca5534a07661366d6a2c2e649", + "rev": "c5ed8beb478a8ca035f033f659b60c89500a3034", "type": "github" }, "original": { @@ -263,9 +264,7 @@ "inputs": { "doom-emacs": "doom-emacs", "doom-snippets": "doom-snippets", - "emacs-overlay": [ - "emacs-overlay" - ], + "emacs-overlay": "emacs-overlay", "emacs-so-long": "emacs-so-long", "evil-markdown": "evil-markdown", "evil-org-mode": "evil-org-mode", @@ -319,11 +318,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1635449388, - "narHash": "sha256-i7hMiAgpRTGsMPTQKuNCDfW/ftQ+g9N6iaMj+RN6yws=", + "lastModified": 1636317251, + "narHash": "sha256-u1cWvvtGH5mfGkeIKrqw2usk4IL7wDiRcnJkUSiZq3Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "518b9c2159e7d4b7696ee18b8828f9086012923b", + "rev": "fd6f34afcf062761fb5035230f6297752bfedcba", "type": "github" }, "original": { @@ -481,7 +480,6 @@ }, "root": { "inputs": { - "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", "homePage": "homePage", diff --git a/flake.nix b/flake.nix index 8558ff4..244e1c2 100644 --- a/flake.nix +++ b/flake.nix @@ -3,10 +3,6 @@ inputs = { myNixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; - emacs-overlay = { - url = github:nix-community/emacs-overlay; - inputs.nixpkgs.follows = "myNixpkgs"; - }; flake-utils.url = github:numtide/flake-utils; home-manager = { url = github:nix-community/home-manager; @@ -14,7 +10,6 @@ }; nix-doom-emacs = { url = github:vlaci/nix-doom-emacs/develop; - inputs.emacs-overlay.follows = "emacs-overlay"; inputs.nixpkgs.follows = "myNixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; diff --git a/outputs.nix b/outputs.nix index 29c2530..edbdf73 100644 --- a/outputs.nix +++ b/outputs.nix @@ -39,7 +39,7 @@ declare -A profiles=(["gorgon"]="home" ["timsch-nb"]="work") profile=''${profiles[$HOSTNAME]:-common} flake=$(nix flake metadata --json ${./.} | jq -r .url) - nix build --show-trace --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" + nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" link=$(realpath $tmpdir/result) $link/activate ''); From bd1477f9f84ec0ea688fba8ec137c3bafc6aabde Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Nov 2021 01:26:01 +0100 Subject: [PATCH 207/988] increase font size --- home/modules/alacritty/default.nix | 2 +- home/modules/emacs/doom.d/config.el | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 4e33f4f..82aebab 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in settings = { scrolling.history = 0; font = { - size = 10; + size = 12; normal = { family = "Source Code Pro"; style = "Regular"; diff --git a/home/modules/emacs/doom.d/config.el b/home/modules/emacs/doom.d/config.el index f940fe0..31e15d8 100644 --- a/home/modules/emacs/doom.d/config.el +++ b/home/modules/emacs/doom.d/config.el @@ -1,4 +1,4 @@ -(setq doom-font (font-spec :family "Source Code Pro" :size 12 :weight 'semi-light)) +(setq doom-font (font-spec :family "Source Code Pro" :size 13 :weight 'semi-light)) (setq org-directory "~/src/notes/org/") (with-eval-after-load 'treemacs (define-key treemacs-mode-map [mouse-1] #'treemacs-single-click-expand-action)) From 68e8cac04e0ec9a14cc00e082b85c69701b094cb Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Nov 2021 02:20:07 +0100 Subject: [PATCH 208/988] use home-manager nixos module --- home/configurations.nix | 4 ---- nixos/configurations.nix | 23 +++++++++++++++++------ outputs.nix | 2 +- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/home/configurations.nix b/home/configurations.nix index 63fed20..5ea3d89 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -30,10 +30,6 @@ in { home = hmConfiguration { extraModules = [ ./home ]; - overlays = [ - (final: prev: { s = scripts; }) - (final: prev: { n = nvd; }) - ]; stateVersion = "20.09"; }; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 9aa5c01..cc772d9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -4,6 +4,8 @@ , home-manager , homePage , nixos-hardware +, nvd +, scripts }: let adapterModule = system: { nix.nixPath = [ @@ -29,6 +31,8 @@ let adapterModule = system: { nix.useSandbox = true; nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ (final: prev: { homePage = homePage.defaultPackage.${system}; }) + (final: prev: { s = scripts; }) + (final: prev: { n = nvd; }) ]; }; in @@ -38,12 +42,13 @@ in modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ (adapterModule system) nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - #home-manager.nixosModules.home-manager - #{ - # home-manager.useGlobalPkgs = true; - # home-manager.useUserPackages = true; - # home-manager.users.dadada = self.hmConfigurations.home; - #} + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules); + home-manager.users.dadada = import ../home/home; + } ./modules/profiles/laptop.nix ./gorgon/configuration.nix ]; @@ -63,6 +68,12 @@ in (adapterModule system) ./modules/profiles/server.nix ./surgat/configuration.nix + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules); + home-manager.users.dadada = import ../home/work; + } ]; }; pruflas = nixosSystem rec { diff --git a/outputs.nix b/outputs.nix index edbdf73..1e26531 100644 --- a/outputs.nix +++ b/outputs.nix @@ -63,7 +63,7 @@ hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { nixosSystem = nixpkgs.lib.nixosSystem; - inherit self nixpkgs home-manager nixos-hardware homePage; + inherit self nixpkgs home-manager nixos-hardware nvd scripts homePage; }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; From 521f39cebd1607ab187cd21ab01e0b2ba44a8276 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Nov 2021 02:21:23 +0100 Subject: [PATCH 209/988] prevent warning while switching config --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 5f1c6b8..525ca37 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -44,7 +44,7 @@ in backupClient = { enable = true; bs = true; - gs = true; + gs = false; }; }; From fe0b5710e69121750d69b9de3657bb74bc70356a Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Nov 2021 12:13:06 +0100 Subject: [PATCH 210/988] fix zsh completions and git prompt --- home/modules/zsh.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index e22ee57..69d11c5 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -28,9 +28,9 @@ in plugins = [ ]; initExtra = '' - source ~/.nix-profile/share/zsh-git-prompt/zshrc.sh - source ~/.nix-profile/share/fzf/key-bindings.zsh - source ~/.nix-profile/share/fzf/completion.zsh + source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + source ${pkgs.fzf}/share/fzf/completion.zsh bindkey '^n' autosuggest-accept From 90b549f5a9022abd266d200e2fa232939c718318 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Nov 2021 13:06:18 +0100 Subject: [PATCH 211/988] clean up nix config --- nixos/configurations.nix | 27 --------------------------- nixos/modules/default.nix | 5 ++--- nixos/modules/nix.nix | 30 ++++++++++++++++++++++++++++++ nixos/modules/profiles/server.nix | 2 +- nixos/modules/update.nix | 8 ++++---- nixos/surgat/configuration.nix | 2 -- 6 files changed, 37 insertions(+), 37 deletions(-) create mode 100644 nixos/modules/nix.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index cc772d9..c660f81 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -8,27 +8,6 @@ , scripts }: let adapterModule = system: { - nix.nixPath = [ - "home-manager=${home-manager}" - "nixpkgs=${nixpkgs}" - "dadada=${self}" - ]; - nix.registry = { - home-manager.flake = home-manager; - nixpkgs.flake = nixpkgs; - dadada.flake = self; - }; - nix.binaryCaches = [ - https://cache.nixos.org/ - https://nix-community.cachix.org/ - ]; - nix.binaryCachePublicKeys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - nix.requireSignedBinaryCaches = true; - nix.useSandbox = true; nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ (final: prev: { homePage = homePage.defaultPackage.${system}; }) (final: prev: { s = scripts; }) @@ -68,12 +47,6 @@ in (adapterModule system) ./modules/profiles/server.nix ./surgat/configuration.nix - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules); - home-manager.users.dadada = import ../home/work; - } ]; }; pruflas = nixosSystem rec { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 7f06ed9..1930b23 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,6 +1,4 @@ -{ homePage -, ... -}@inputs: +{ ... }@inputs: { admin = import ./admin.nix; backup = import ./backup.nix; @@ -11,6 +9,7 @@ headphones = import ./headphones.nix; homepage = import ./homepage.nix; networking = import ./networking.nix; + nix = import ./nix.nix inputs; share = import ./share.nix; steam = import ./steam.nix; update = import ./update.nix; diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix new file mode 100644 index 0000000..b9756d9 --- /dev/null +++ b/nixos/modules/nix.nix @@ -0,0 +1,30 @@ +{ self +, home-manager +, nixpkgs +, ... +}: +{ config, pkgs, lib, ... }: +# Global settings for nix daemon +{ + nix.nixPath = [ + "home-manager=${home-manager}" + "nixpkgs=${nixpkgs}" + "dadada=${self}" + ]; + nix.registry = { + home-manager.flake = home-manager; + nixpkgs.flake = nixpkgs; + dadada.flake = self; + }; + nix.binaryCaches = [ + https://cache.nixos.org/ + https://nix-community.cachix.org/ + ]; + nix.binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + nix.requireSignedBinaryCaches = true; + nix.useSandbox = true; +} diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 00da89b..dcad8d2 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -7,7 +7,7 @@ with lib; "dadada" = [ "${pkgs.keys}/dadada.pub" ]; }; - dadada.autoUpgrade.enable = mkDefault false; + dadada.autoUpgrade.enable = mkDefault true; environment.noXlibs = mkDefault true; documentation.enable = mkDefault false; diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix index 726a40e..fda078d 100644 --- a/nixos/modules/update.nix +++ b/nixos/modules/update.nix @@ -11,18 +11,18 @@ in config = mkIf cfg.enable { nix = { - autoOptimiseStore = false; - useSandbox = true; + autoOptimiseStore = true; gc = { automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; + dates = "daily"; + options = "--delete-older-than 3d"; }; }; system.autoUpgrade = { enable = true; dates = "daily"; + flake = "github:dadada/nix-config#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel"; }; }; } diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 356240e..63611ae 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -120,7 +120,5 @@ in ]; }; - system.autoUpgrade.flake = "github:dadada/nix-config#${hostName}"; - system.stateVersion = "20.09"; } From 96e1acbbcbc5e0dbf8a290370c611d1eb9569135 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 18 Nov 2021 22:14:17 +0100 Subject: [PATCH 212/988] update flakes --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index db1ceff..b6f05fb 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1634851050, - "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", "owner": "numtide", "repo": "flake-utils", - "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1634851050, - "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", "owner": "numtide", "repo": "flake-utils", - "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1636847964, - "narHash": "sha256-hH2lbDgOPwCtlWDwp0wVCcOK7x0mtLf4nrNWfvUWrA8=", + "lastModified": 1637249535, + "narHash": "sha256-RCatEYQ+uqsZOZpN4ZOtSoO7CJTiQpHNdPjUA0jtejw=", "owner": "nix-community", "repo": "home-manager", - "rev": "accfbdf215dbf39eac2fbae67b574dac0be83d51", + "rev": "2452979efe92128b03e3c27567267066c2825fab", "type": "github" }, "original": { @@ -246,11 +246,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1636623366, - "narHash": "sha256-jOQMlv9qFSj0U66HB+ujZoapty0UbewmSNbX8+3ujUQ=", + "lastModified": 1636976544, + "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5ed8beb478a8ca035f033f659b60c89500a3034", + "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1636317251, - "narHash": "sha256-u1cWvvtGH5mfGkeIKrqw2usk4IL7wDiRcnJkUSiZq3Q=", + "lastModified": 1637242070, + "narHash": "sha256-/XCFGOriSpAgo0lPxVK12vFBpta567kwfHZr5tNNHyE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fd6f34afcf062761fb5035230f6297752bfedcba", + "rev": "5a7e613703ea349fd46b3fa2f3dfe3bd5444d591", "type": "github" }, "original": { From 86f5cd79d19d3a67baf7f5a1c49b06ce637b7730 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 20 Nov 2021 13:40:01 +0100 Subject: [PATCH 213/988] Switch GTK theme to Adwaita --- home/modules/gtk.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index 91b4c03..c6b99a7 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -10,7 +10,7 @@ in config = mkIf cfg.enable { gtk = { enable = true; - theme.name = "Adwaita-dark"; + theme.name = "Adwaita"; }; }; } From b7344bc03a23126cee7ddfced65a1c5742a6e469 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 20 Nov 2021 13:41:33 +0100 Subject: [PATCH 214/988] Update flakes --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index b6f05fb..ba24e79 100644 --- a/flake.lock +++ b/flake.lock @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1637249535, - "narHash": "sha256-RCatEYQ+uqsZOZpN4ZOtSoO7CJTiQpHNdPjUA0jtejw=", + "lastModified": 1637398047, + "narHash": "sha256-H6yh2VvABMhrkjYrPccc0Buak4L9jtFzsb98FsNDM2Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "2452979efe92128b03e3c27567267066c2825fab", + "rev": "c82bc787b8990c89f2f7d57df652ce2424129b92", "type": "github" }, "original": { @@ -246,11 +246,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "lastModified": 1637155076, + "narHash": "sha256-26ZPNiuzlsnXpt55Q44+yzXvp385aNAfevzVEKbrU5Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", "type": "github" }, "original": { From 302fa702f2249138cb760156490ddb65c8762a67 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 29 Nov 2021 22:53:15 +0100 Subject: [PATCH 215/988] Activated direnv support for nix --- home/modules/direnv.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index d546301..997c9e9 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -11,6 +11,7 @@ in programs.direnv = { enable = true; enableZshIntegration = true; + nix-direnv.enable = true; }; }; } From 2000662eafa0645581ebe2a0226010610d99cade Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 1 Dec 2021 21:03:35 +0100 Subject: [PATCH 216/988] Updated flakes --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ba24e79..2ff18a1 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1637398047, - "narHash": "sha256-H6yh2VvABMhrkjYrPccc0Buak4L9jtFzsb98FsNDM2Q=", + "lastModified": 1638311312, + "narHash": "sha256-OMAd3WZ/VtMK0QQwDrrynP6+jOlWLd1yQtnW56+eZtA=", "owner": "nix-community", "repo": "home-manager", - "rev": "c82bc787b8990c89f2f7d57df652ce2424129b92", + "rev": "f23073f1daa769a28a12ac587eea487aa8afb196", "type": "github" }, "original": { @@ -246,11 +246,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1637155076, - "narHash": "sha256-26ZPNiuzlsnXpt55Q44+yzXvp385aNAfevzVEKbrU5Q=", + "lastModified": 1638286143, + "narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2", + "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1637242070, - "narHash": "sha256-/XCFGOriSpAgo0lPxVK12vFBpta567kwfHZr5tNNHyE=", + "lastModified": 1638182287, + "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "5a7e613703ea349fd46b3fa2f3dfe3bd5444d591", + "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", "type": "github" }, "original": { From f0b7461b0dd3c0512d5035aa59ee8f355861c28b Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 1 Dec 2021 22:36:45 +0100 Subject: [PATCH 217/988] Removed python27.dbus-python from dependencies Not needed anymore and build is broken in nixpkgs. --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 0cb886f..f9a9912 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -66,7 +66,6 @@ with pkgs; [ pinentry-gnome playerctl pwgen - python27Packages.dbus-python python3 python38Packages.dateutil python38Packages.managesieve From 57fd940c0ee4840adf2dee3bb2889fc66e832d53 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Dec 2021 16:23:53 +0100 Subject: [PATCH 218/988] Added spotify --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index f9a9912..4e7d6f5 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -75,6 +75,7 @@ with pkgs; [ shortwave signal-desktop slurp + spotify sqlite sshfs-fuse steam From 397f9ed02e79dd10de37834c6aac4cc37ca3d303 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Dec 2021 16:24:00 +0100 Subject: [PATCH 219/988] Switched to darker theme --- home/modules/gtk.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index c6b99a7..91b4c03 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -10,7 +10,7 @@ in config = mkIf cfg.enable { gtk = { enable = true; - theme.name = "Adwaita"; + theme.name = "Adwaita-dark"; }; }; } From 896c519e90c82c68186083efd24832dfb36a1b74 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 10 Dec 2021 22:22:49 +0100 Subject: [PATCH 220/988] Added glow to packages --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 4e7d6f5..9b5ae29 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -25,6 +25,7 @@ with pkgs; [ fzf gdb gimp + glow gnome.gnome-tweaks gnucash gnumake From 91f626e2d4781368d66583f083bd4a630684177c Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 10 Dec 2021 22:23:05 +0100 Subject: [PATCH 221/988] Changed font to Jetbrains Mono --- home/modules/alacritty/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 82aebab..2ba178e 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -10,16 +10,16 @@ in config = mkIf cfg.enable { fonts.fontconfig.enable = true; home.packages = [ - pkgs.source-code-pro + pkgs.jetbrains-mono ]; programs.alacritty = { enable = true; settings = { scrolling.history = 0; font = { - size = 12; + size = 11; normal = { - family = "Source Code Pro"; + family = "Jetbrains Mono"; style = "Regular"; }; bold = { From d7c51d57e43e4e7ba6088b97c47c308185db4d54 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 20:29:21 +0100 Subject: [PATCH 222/988] Updated flakes --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2ff18a1..8117201 100644 --- a/flake.lock +++ b/flake.lock @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1638311312, - "narHash": "sha256-OMAd3WZ/VtMK0QQwDrrynP6+jOlWLd1yQtnW56+eZtA=", + "lastModified": 1639246679, + "narHash": "sha256-Jom+l4fklkb3/wxITqz5FrOd4LeL47Eg55xmxo1fY2g=", "owner": "nix-community", "repo": "home-manager", - "rev": "f23073f1daa769a28a12ac587eea487aa8afb196", + "rev": "0ebed30a10617bd48dd1bd0ce8697aab1b42d933", "type": "github" }, "original": { @@ -246,11 +246,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1638286143, - "narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=", + "lastModified": 1638986258, + "narHash": "sha256-OceRdctKZRSgqQxVRvvNB0MaEnFMzQqjUffecoDE9eI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea", + "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1638182287, - "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", + "lastModified": 1639240632, + "narHash": "sha256-BAXhgnPOW1COIfZ9EOOFTdolalYS73MFHSRajgrSdZw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", + "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2", "type": "github" }, "original": { From e64c7da47aa8a1ca8a6193723c427fda5db53501 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 21:40:56 +0100 Subject: [PATCH 223/988] Disabled HM documentation --- home/home/pkgs.nix | 1 - nixos/configurations.nix | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 9b5ae29..b707d78 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -83,7 +83,6 @@ with pkgs; [ tcpdump tdesktop thunderbird - tor-browser-bundle-bin unzip usbutils virtmanager diff --git a/nixos/configurations.nix b/nixos/configurations.nix index c660f81..a9559e9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -25,7 +25,9 @@ in { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules); + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { manual.manpages.enable = false;} + ]; home-manager.users.dadada = import ../home/home; } ./modules/profiles/laptop.nix From b5c1342a9c67fba04a6f48b57e50d1946b8370e9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 21:41:19 +0100 Subject: [PATCH 224/988] Fixed documentation updated --- nixos/modules/update.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix index fda078d..1c59a9b 100644 --- a/nixos/modules/update.nix +++ b/nixos/modules/update.nix @@ -22,7 +22,7 @@ in system.autoUpgrade = { enable = true; dates = "daily"; - flake = "github:dadada/nix-config#nixosConfigurations.${config.networking.hostName}.config.system.build.toplevel"; + flake = "github:dadada/nix-config#${config.networking.hostName}"; }; }; } From aca8c411cd1686e902e746219df60adacc7fea66 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 23:13:02 +0100 Subject: [PATCH 225/988] Removed work configuration --- home/configurations.nix | 7 ------- home/work/default.nix | 46 ----------------------------------------- home/work/pkgs.nix | 34 ------------------------------ outputs.nix | 2 +- 4 files changed, 1 insertion(+), 88 deletions(-) delete mode 100644 home/work/default.nix delete mode 100644 home/work/pkgs.nix diff --git a/home/configurations.nix b/home/configurations.nix index 5ea3d89..2091726 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -32,11 +32,4 @@ in extraModules = [ ./home ]; stateVersion = "20.09"; }; - - work = hmConfiguration rec { - extraModules = [ ./work ]; - homeDirectory = "/home/${username}"; - username = "tim.schubert"; - stateVersion = "20.09"; - }; } diff --git a/home/work/default.nix b/home/work/default.nix deleted file mode 100644 index 93b6597..0000000 --- a/home/work/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - dadada.home = { - vim.enable = true; - direnv.enable = true; - git.enable = true; - gpg.enable = true; - gtk.enable = true; - keyring.enable = true; - alacritty.enable = true; - ssh.enable = true; - tmux.enable = true; - xdg.enable = true; - zsh.enable = true; - - session = { - enable = true; - sessionVars = { - EDITOR = "vim"; - PAGER = "less"; - }; - }; - }; - - # Languagetool server for web extension - systemd.user.services."languagetool-http-server" = { - Unit = { - Description = "Languagetool HTTP server"; - PartOf = [ "graphical-session-pre.target" ]; - After = [ "graphical-session.target" ]; - }; - - Service = { - Type = "simple"; - ExecStart = "${pkgs.languagetool}/bin/languagetool-http-server org.languagetool.server.HTTPServer --allow-origin '*'"; - Restart = "always"; - }; - - Install = { WantedBy = [ "graphical-session.target" ]; }; - }; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - home.packages = import ./pkgs.nix { pkgs = pkgs; }; -} diff --git a/home/work/pkgs.nix b/home/work/pkgs.nix deleted file mode 100644 index ac69dee..0000000 --- a/home/work/pkgs.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs }: -with pkgs; [ - android-studio - chromium - direnv - element-desktop - evince - file - fzf - git-lfs - gitAndTools.hub - gnome3.gnome-tweak-tool - gnome3.nautilus - gnumake - gnupg - inotify-tools - jq - kitty - gitAndTools.lab - languagetool - ldns - libreoffice - lsof - mpv - openssl - pavucontrol - pinentry-gnome - sqlite - sshfs-fuse - thunderbird-bin - unzip - whois - xdg_utils -] diff --git a/outputs.nix b/outputs.nix index 1e26531..ca35c14 100644 --- a/outputs.nix +++ b/outputs.nix @@ -36,7 +36,7 @@ tmpdir=$(mktemp -d) export PATH=${pkgs.lib.makeBinPath [ pkgs.coreutils pkgs.nixFlakes pkgs.jq ]} trap "rm -rf $tmpdir" EXIT - declare -A profiles=(["gorgon"]="home" ["timsch-nb"]="work") + declare -A profiles=(["gorgon"]="home") profile=''${profiles[$HOSTNAME]:-common} flake=$(nix flake metadata --json ${./.} | jq -r .url) nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" From ddc4fb3086c34f1c163e19711f81dca1fdb351ba Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 23:15:24 +0100 Subject: [PATCH 226/988] Disabled building of HM configuration in HM configuration exposed by flake --- home/configurations.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/configurations.nix b/home/configurations.nix index 2091726..cc457b5 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -23,6 +23,7 @@ let }; overlays = overlays; }; + manual.manpages.enable = false; }; inherit system homeDirectory username stateVersion; }); From c1fe091ec5bdd60efd06f8a2589a86a4620edec8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 23:20:41 +0100 Subject: [PATCH 227/988] Fixed import-from-derivation when using keys from package --- {pkgs/keys/keys => keys}/dadada.pub | 0 nixos/modules/profiles/server.nix | 6 ++++-- nixos/surgat/configuration.nix | 2 +- outputs.nix | 2 +- overlays/default.nix | 3 --- pkgs/keys/default.nix | 22 ---------------------- 6 files changed, 6 insertions(+), 29 deletions(-) rename {pkgs/keys/keys => keys}/dadada.pub (100%) delete mode 100644 pkgs/keys/default.nix diff --git a/pkgs/keys/keys/dadada.pub b/keys/dadada.pub similarity index 100% rename from pkgs/keys/keys/dadada.pub rename to keys/dadada.pub diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index dcad8d2..996eef7 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,10 +1,12 @@ { config, pkgs, lib, ... }: with lib; -{ +let + keys = [ ../../../keys/dadada.pub ]; +in { networking.domain = mkDefault "dadada.li"; dadada.admin.users = { - "dadada" = [ "${pkgs.keys}/dadada.pub" ]; + "dadada" = keys; }; dadada.autoUpgrade.enable = mkDefault true; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 63611ae..4d0f879 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -38,7 +38,7 @@ in dadada.admin = { enable = true; users = { - "dadada" = [ "${pkgs.keys}/dadada.pub" ]; + "dadada" = [ ../../keys/dadada.pub ]; }; }; diff --git a/outputs.nix b/outputs.nix index ca35c14..decc855 100644 --- a/outputs.nix +++ b/outputs.nix @@ -53,7 +53,6 @@ }; packages = flake-utils.lib.flattenTree { deploy = pkgs.callPackage ./pkgs/deploy.nix { }; - keys = pkgs.callPackage ./pkgs/keys { }; recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd; }; })) // { @@ -68,6 +67,7 @@ nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; pythonPackages = import ./pkgs/python-pkgs; + keys = ./keys; hydraJobs = ( nixpkgs.lib.mapAttrs' diff --git a/overlays/default.nix b/overlays/default.nix index 4ac07d5..ef7b17c 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -3,9 +3,6 @@ let in { #tubslatex = import ./tubslatex.nix; - keys = final: prev: { - keys = prev.callPackage ../pkgs/keys { }; - }; recipemd = final: prev: { recipemd = prev.python3Packages.toPythonApplication prev.python3Packages.recipemd; }; diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix deleted file mode 100644 index faee440..0000000 --- a/pkgs/keys/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv, lib }: - -stdenv.mkDerivation rec { - name = "dadadaKeys"; - version = "1"; - - src = ./keys; - - buildPhase = ""; - - installPhase = '' - mkdir $out - cp * $out - ''; - - meta = with lib; { - description = "Public keys for my infrastructure"; - license = licenses.publicDomain; - platforms = platforms.all; - maintainers = [ "dadada" ]; - }; -} From 1cd04cab0918b5ad0ce6898651002fe8f265ca88 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Dec 2021 23:35:11 +0100 Subject: [PATCH 228/988] Removed old deploy script --- outputs.nix | 5 +---- pkgs/deploy.nix | 34 ---------------------------------- shell.nix | 2 -- 3 files changed, 1 insertion(+), 40 deletions(-) delete mode 100644 pkgs/deploy.nix diff --git a/outputs.nix b/outputs.nix index decc855..b602aac 100644 --- a/outputs.nix +++ b/outputs.nix @@ -48,11 +48,8 @@ type = "app"; program = "${selfPkgs.recipemd}/bin/recipemd"; }; - devShell = pkgs.callPackage ./shell.nix { - deploy = selfPkgs.deploy; - }; + devShell = pkgs.callPackage ./shell.nix { }; packages = flake-utils.lib.flattenTree { - deploy = pkgs.callPackage ./pkgs/deploy.nix { }; recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd; }; })) // { diff --git a/pkgs/deploy.nix b/pkgs/deploy.nix deleted file mode 100644 index 9771e79..0000000 --- a/pkgs/deploy.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ stdenv -, lib -, git -, openssh -, bash -}: -stdenv.mkDerivation rec { - name = "dadada-deploy"; - version = "0.1.1"; - - src = ../utils; - - buildInputs = [ - git - openssh - bash - ]; - - installPhase = '' - mkdir -p $out/bin - for script in \ - deploy \ - gen-config - do - install $script $out/bin/ - done - ''; - meta = with lib; { - description = "deploy scripts"; - license = licenses.publicDomain; - platforms = platforms.unix; - maintainers = [ "dadada" ]; - }; -} diff --git a/shell.nix b/shell.nix index 37a2389..805620f 100644 --- a/shell.nix +++ b/shell.nix @@ -1,9 +1,7 @@ { mkShell -, deploy }: mkShell { buildInputs = [ - deploy ]; } From 9cd63df14650e439ab760671737c8e26b9798677 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Dec 2021 17:46:44 +0100 Subject: [PATCH 229/988] Added nix-index to packages --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index b707d78..ed27a92 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -57,6 +57,7 @@ with pkgs; [ newsflash nfs-utils niv + nix-index nmap nvd obs-studio From 4db6bd1e0ae7e59dff65c3dbb3f83677171efa78 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Dec 2021 15:26:40 +0100 Subject: [PATCH 230/988] Updated flakes --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8117201..985a3b0 100644 --- a/flake.lock +++ b/flake.lock @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1639246679, - "narHash": "sha256-Jom+l4fklkb3/wxITqz5FrOd4LeL47Eg55xmxo1fY2g=", + "lastModified": 1640592198, + "narHash": "sha256-F5dWVGQMscmGyLTzNLocPB1v8Ijp8ONx8Nq9Dmi5PSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "0ebed30a10617bd48dd1bd0ce8697aab1b42d933", + "rev": "0b197562ab7bf114dd5f6716f41d4b5be6ccd357", "type": "github" }, "original": { @@ -246,11 +246,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1638986258, - "narHash": "sha256-OceRdctKZRSgqQxVRvvNB0MaEnFMzQqjUffecoDE9eI=", + "lastModified": 1640540585, + "narHash": "sha256-cCmknKFjWgam9jq+58wSd0Z4REia8mjBP65kXcL3ki8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", + "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1639240632, - "narHash": "sha256-BAXhgnPOW1COIfZ9EOOFTdolalYS73MFHSRajgrSdZw=", + "lastModified": 1640686209, + "narHash": "sha256-6glXUlKRDhEhNuYx6r3fXU6KH2/Vq9mJZjB9oUpwrmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2", + "rev": "46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5", "type": "github" }, "original": { From d9d8d49278d16d4eb59743a5f04450f1ca39564b Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Dec 2021 18:19:57 +0100 Subject: [PATCH 231/988] Updated flakes --- flake.lock | 101 +++++++++++++++++++++++++++-------------------------- flake.nix | 2 +- 2 files changed, 52 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index 985a3b0..8e92760 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1626604817, - "narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=", + "lastModified": 1639786417, + "narHash": "sha256-UgrbF/cNv2qJxK2jwrAsPdgeVTRrjCyU40xeMbyi1sI=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "46732c0adaef147144418f9f284ca6b1183ab96f", + "rev": "af7c1d79bd63d78410aafc410d52ee5c1109ec26", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1625547004, - "narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=", + "lastModified": 1637750904, + "narHash": "sha256-zkKmbl9rros3IzMTX01l9eh1Uzg3E+eYgzuj8+VPBwM=", "owner": "hlissner", "repo": "doom-snippets", - "rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6", + "rev": "3083b2342f95fa55c1fd3b4a16229c5d867a02b0", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1630603742, - "narHash": "sha256-fYX5y18aHZTnYdBizeeW43NOFvCoT3iXk52dLtS43Gs=", + "lastModified": 1640341393, + "narHash": "sha256-E3gQLE5PjOhE/vVCI/VHl45LJIW0fMEKC7M3WSz89KE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9c69c4d0ef9d8ed0c5a54697e359d7f3a51fcbb1", + "rev": "085a34df847458952c13b29d94e12c0333828bbc", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1629481132, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "997f7efcb746a9c140ce1f13c72263189225f482", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -189,6 +189,23 @@ "type": "github" } }, + "format-all": { + "flake": false, + "locked": { + "lastModified": 1581716637, + "narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=", + "owner": "lassik", + "repo": "emacs-format-all-the-code", + "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", + "type": "github" + }, + "original": { + "owner": "lassik", + "repo": "emacs-format-all-the-code", + "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -271,6 +288,7 @@ "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", "flake-utils": "flake-utils_2", + "format-all": "format-all", "nix-straight": "nix-straight", "nixpkgs": [ "myNixpkgs" @@ -282,19 +300,18 @@ "org-yt": "org-yt", "php-extras": "php-extras", "revealjs": "revealjs", - "rotate-text": "rotate-text", - "straight": "straight" + "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1631192516, - "narHash": "sha256-HaS2f8N7uGBz8bGAiC7y9xkWzsrtThpudcoaTsh5OkE=", - "owner": "vlaci", + "lastModified": 1640655392, + "narHash": "sha256-yEQHA0/Po54sGz+72npsKXzQrTte+79H5yJy2obaafg=", + "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "33064319607745856f488a998ca3db8ffcede865", + "rev": "3209f69db760959331e2f8201de17758fbe08015", "type": "github" }, "original": { - "owner": "vlaci", + "owner": "nix-community", "ref": "develop", "repo": "nix-doom-emacs", "type": "github" @@ -303,15 +320,15 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1628630968, - "narHash": "sha256-eh5QpnX3F8/0iKv1BvyU3KyZ/ksLlRegcd5c41pm/L8=", - "owner": "vlaci", + "lastModified": 1639180741, + "narHash": "sha256-3AaUE9Z/Sc5QxK8WtkPzU+9UqcOUaF9klaz8sV8DUu4=", + "owner": "nix-community", "repo": "nix-straight.el", - "rev": "e3f8aaff9ba889c6f2ee6c6d349736d21f21c685", + "rev": "866ef703fa96c970624d6d4ad33110a0708fcfef", "type": "github" }, "original": { - "owner": "vlaci", + "owner": "nix-community", "repo": "nix-straight.el", "type": "github" } @@ -401,11 +418,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1629714870, - "narHash": "sha256-D6gUJtzZMpyJBNNn5EKWDCbDDgIXzxMx54fpcQ3DM2o=", + "lastModified": 1640085226, + "narHash": "sha256-brwgjUsaANVNbxujNi4E+fAtps0SIYpZZUlA1s7Ve+g=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "a3ba79cd3a120235dae524f49945fbe99df923cf", + "rev": "be03334a7e5dae4f04b52a1cd1614024d5473ceb", "type": "github" }, "original": { @@ -417,11 +434,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1623339452, - "narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=", + "lastModified": 1639727892, + "narHash": "sha256-+T6Y87aSAx7kMpigm8d1ODDQIyPBM6a+4qGolXjCEXs=", "ref": "master", - "rev": "fc81309cf6756607a836f93049a9393c2967c4e0", - "revCount": 2599, + "rev": "5766ff1088191e4df5fecd55007ba4271e609bcc", + "revCount": 2611, "type": "git", "url": "https://git.sr.ht/~bzg/org-contrib" }, @@ -465,11 +482,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1630050533, - "narHash": "sha256-gi+vC71xsKXN06QzwohNhFt07+7g6OqjsThXHwrZ5Q0=", + "lastModified": 1640009311, + "narHash": "sha256-RXVvHPKA7vkBzzTRGH2LgL5ywvlcBG1wWRdmwoUtewc=", "owner": "hakimel", "repo": "reveal.js", - "rev": "01d8d669bc2b681b595262ccbe27293eec2fcb44", + "rev": "38b32c66199a29cf21f60f920c30a4ead150c654", "type": "github" }, "original": { @@ -530,22 +547,6 @@ "type": "git", "url": "https://git.dadada.li/dadada/scripts.git" } - }, - "straight": { - "flake": false, - "locked": { - "lastModified": 1623633709, - "narHash": "sha256-taLIYnjs9sD8N8PuGO2F7l+O69u0dNPunwzFVTlXjUM=", - "owner": "raxod502", - "repo": "straight.el", - "rev": "1e27b0590df77a5d478970ca58fd6606971692f5", - "type": "github" - }, - "original": { - "owner": "raxod502", - "repo": "straight.el", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 244e1c2..0e971c8 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpkgs.follows = "myNixpkgs"; }; nix-doom-emacs = { - url = github:vlaci/nix-doom-emacs/develop; + url = github:nix-community/nix-doom-emacs/develop; inputs.nixpkgs.follows = "myNixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; From 0a8480b55554004294a19460168f6043d1ebc05e Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Dec 2021 18:49:02 +0100 Subject: [PATCH 232/988] Updated tmux and zsh configs --- home/modules/tmux.nix | 4 +++- home/modules/zsh.nix | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index ab8b82c..eed1330 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,12 +12,14 @@ in enable = true; terminal = "xterm-256color"; extraConfig = '' - set -g automatic-rename on setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on + set-option -g status-interval 5 + set-option -g automatic-rename on + set-option -g automatic-rename-format '#{b:pane_current_path}' ''; }; }; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 69d11c5..15d84c3 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -32,6 +32,7 @@ in source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh + bindkey -v bindkey '^n' autosuggest-accept preexec() { echo -n -e "\033]0;$1\007" } From 4ddab0af862bc8efdbf53e8576c7c59a25abe8f7 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Dec 2021 23:32:07 +0100 Subject: [PATCH 233/988] Changed opening of tmux windows and panes to open previous directory --- home/modules/tmux.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index eed1330..8ea0faf 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -20,6 +20,9 @@ in set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' + bind '"' split-window -c "#{pane_current_path}" + bind % split-window -h -c "#{pane_current_path}" + bind c new-window -c "#{pane_current_path}" ''; }; }; From e1239fa84d02e8e552e103342428d66ac6604197 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 15 Jan 2022 18:35:35 +0100 Subject: [PATCH 234/988] Disabled vi mode in zsh --- home/modules/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 15d84c3..69d11c5 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -32,7 +32,6 @@ in source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh - bindkey -v bindkey '^n' autosuggest-accept preexec() { echo -n -e "\033]0;$1\007" } From 5f8ab3d8b09bae2b1c37f12824b6a7b937419875 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 15 Jan 2022 18:35:59 +0100 Subject: [PATCH 235/988] Added ghidra-bin to pkgs --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index ed27a92..4b043ff 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -25,6 +25,7 @@ with pkgs; [ fzf gdb gimp + ghidra-bin glow gnome.gnome-tweaks gnucash From 650ff13f74cc4a5513eba86c5912c1c2caaccdf6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 15 Jan 2022 18:36:15 +0100 Subject: [PATCH 236/988] Enabled libvirtd service on gorgon --- nixos/gorgon/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 525ca37..1a74f39 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -90,6 +90,8 @@ in ]; }; + virtualisation.libvirtd.enable = true; + users.users = { dadada = { isNormalUser = true; From 230a5a6dfcc2b800a8d82a22097380c96cce7352 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 15 Jan 2022 18:36:54 +0100 Subject: [PATCH 237/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'home-manager': 'github:nix-community/home-manager/0b197562ab7bf114dd5f6716f41d4b5be6ccd357' (2021-12-27) → 'github:nix-community/home-manager/a5dd5d5f197724f3065fd39c59c7ccea3c8dcb8f' (2022-01-13) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/ac169ec6371f0d835542db654a65e0f2feb07838' (2021-12-26) → 'github:NixOS/nixpkgs/5aaed40d22f0d9376330b6fa413223435ad6fee5' (2022-01-13) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/3209f69db760959331e2f8201de17758fbe08015' (2021-12-28) → 'github:nix-community/nix-doom-emacs/9d05798e16691e832f97aacf2bbb884adbe4bfed' (2022-01-14) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/af7c1d79bd63d78410aafc410d52ee5c1109ec26' (2021-12-18) → 'github:hlissner/doom-emacs/655fb295edc47207a37097c6e4b7ad86cd552e45' (2022-01-14) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/085a34df847458952c13b29d94e12c0333828bbc' (2021-12-24) → 'github:nix-community/emacs-overlay/50c206818dd137d6c28f61143319691fd910b0c7' (2022-01-13) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/be03334a7e5dae4f04b52a1cd1614024d5473ceb' (2021-12-21) → 'github:emacs-straight/org-mode/1537bb402953f6622e087b140eb1b6dd629b1c78' (2022-01-12) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/38b32c66199a29cf21f60f920c30a4ead150c654' (2021-12-20) → 'github:hakimel/reveal.js/f7c59649fe9d72a148860220a66511cefd142907' (2022-01-11) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5' (2021-12-28) → 'github:NixOS/nixos-hardware/87a35a0d58f546dc23f37b4f6af575d0e4be6a7a' (2022-01-12) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 8e92760..8baa508 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1639786417, - "narHash": "sha256-UgrbF/cNv2qJxK2jwrAsPdgeVTRrjCyU40xeMbyi1sI=", + "lastModified": 1642118490, + "narHash": "sha256-qhlHVNHd8QmlQa75DZctd5y/GsDNrOUxprZaUyLmwic=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "af7c1d79bd63d78410aafc410d52ee5c1109ec26", + "rev": "655fb295edc47207a37097c6e4b7ad86cd552e45", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1640341393, - "narHash": "sha256-E3gQLE5PjOhE/vVCI/VHl45LJIW0fMEKC7M3WSz89KE=", + "lastModified": 1642098706, + "narHash": "sha256-31HiVMCUrRLtf6TIO51jfBkHhuuTtBPrZAC8IQQXxG8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "085a34df847458952c13b29d94e12c0333828bbc", + "rev": "50c206818dd137d6c28f61143319691fd910b0c7", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1640592198, - "narHash": "sha256-F5dWVGQMscmGyLTzNLocPB1v8Ijp8ONx8Nq9Dmi5PSw=", + "lastModified": 1642117744, + "narHash": "sha256-/SvxBe/m6JiRSlKIrgD6LQxee9GGewFyq+lsPxoViMY=", "owner": "nix-community", "repo": "home-manager", - "rev": "0b197562ab7bf114dd5f6716f41d4b5be6ccd357", + "rev": "a5dd5d5f197724f3065fd39c59c7ccea3c8dcb8f", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1640540585, - "narHash": "sha256-cCmknKFjWgam9jq+58wSd0Z4REia8mjBP65kXcL3ki8=", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac169ec6371f0d835542db654a65e0f2feb07838", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1640655392, - "narHash": "sha256-yEQHA0/Po54sGz+72npsKXzQrTte+79H5yJy2obaafg=", + "lastModified": 1642124317, + "narHash": "sha256-51SQCJSRExl7MuzenYUJgegC1u87Ag9VfS1vkDnfQf0=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "3209f69db760959331e2f8201de17758fbe08015", + "rev": "9d05798e16691e832f97aacf2bbb884adbe4bfed", "type": "github" }, "original": { @@ -335,11 +335,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1640686209, - "narHash": "sha256-6glXUlKRDhEhNuYx6r3fXU6KH2/Vq9mJZjB9oUpwrmc=", + "lastModified": 1641965797, + "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "46df95ca81e7e4cf3458cdb4b7d1714b5fce9da5", + "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1640085226, - "narHash": "sha256-brwgjUsaANVNbxujNi4E+fAtps0SIYpZZUlA1s7Ve+g=", + "lastModified": 1641997570, + "narHash": "sha256-MLUTqiG7EAhsDQP2IlqyMiFjB2GWEGrfoovuoHwMFoQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "be03334a7e5dae4f04b52a1cd1614024d5473ceb", + "rev": "1537bb402953f6622e087b140eb1b6dd629b1c78", "type": "github" }, "original": { @@ -482,11 +482,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1640009311, - "narHash": "sha256-RXVvHPKA7vkBzzTRGH2LgL5ywvlcBG1wWRdmwoUtewc=", + "lastModified": 1641903864, + "narHash": "sha256-hErGwa8L3gtW4BskFtCsLK+wDuS/Bv5tOFDj57yc4Hw=", "owner": "hakimel", "repo": "reveal.js", - "rev": "38b32c66199a29cf21f60f920c30a4ead150c654", + "rev": "f7c59649fe9d72a148860220a66511cefd142907", "type": "github" }, "original": { From b2645b8cfad595a613aad1b66cfcaa15b15a91cb Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 27 Jan 2022 20:56:51 +0100 Subject: [PATCH 238/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file changes: • Updated input 'flake-utils': 'github:numtide/flake-utils/74f7e4319258e287b0f9cb95426c9853b282730b' (2021-11-28) → 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) • Updated input 'home-manager': 'github:nix-community/home-manager/a5dd5d5f197724f3065fd39c59c7ccea3c8dcb8f' (2022-01-13) → 'github:nix-community/home-manager/4e92ec84f93a293042a64c3ed56ac8aee62fb6e1' (2022-01-27) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/5aaed40d22f0d9376330b6fa413223435ad6fee5' (2022-01-13) → 'github:NixOS/nixpkgs/945ec499041db73043f745fad3b2a3a01e826081' (2022-01-26) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/9d05798e16691e832f97aacf2bbb884adbe4bfed' (2022-01-14) → 'github:nix-community/nix-doom-emacs/2df4f288c7eb9ef9d3984ed458fec24f4f53cdb5' (2022-01-24) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/655fb295edc47207a37097c6e4b7ad86cd552e45' (2022-01-14) → 'github:hlissner/doom-emacs/35865ef5e89442e3809b8095199977053dd4210f' (2022-01-14) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/50c206818dd137d6c28f61143319691fd910b0c7' (2022-01-13) → 'github:nix-community/emacs-overlay/4075922d23e44a2b4c73e8c08f8b008ec6391ef2' (2022-01-20) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/74f7e4319258e287b0f9cb95426c9853b282730b' (2021-11-28) → 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/1537bb402953f6622e087b140eb1b6dd629b1c78' (2022-01-12) → 'github:emacs-straight/org-mode/5d05f5911a9078e8c77851c40dc6a77d2a4c3955' (2022-01-19) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/f7c59649fe9d72a148860220a66511cefd142907' (2022-01-11) → 'github:hakimel/reveal.js/61055ed02bd7dbff30ea827591084cce7c22303c' (2022-01-19) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/74f7e4319258e287b0f9cb95426c9853b282730b' (2021-11-28) → 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 8baa508..6fe3386 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1642118490, - "narHash": "sha256-qhlHVNHd8QmlQa75DZctd5y/GsDNrOUxprZaUyLmwic=", + "lastModified": 1642165074, + "narHash": "sha256-Sl8/Pmq+AZ4y1U0/96Ka/BXRroBDoW1VXQKUKEAyuaA=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "655fb295edc47207a37097c6e4b7ad86cd552e45", + "rev": "35865ef5e89442e3809b8095199977053dd4210f", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1642098706, - "narHash": "sha256-31HiVMCUrRLtf6TIO51jfBkHhuuTtBPrZAC8IQQXxG8=", + "lastModified": 1642703365, + "narHash": "sha256-TgR0xJSGUt0kgk7KiF4NfFNPU7umDrAx/oFVqlvqmmM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "50c206818dd137d6c28f61143319691fd910b0c7", + "rev": "4075922d23e44a2b4c73e8c08f8b008ec6391ef2", "type": "github" }, "original": { @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1642117744, - "narHash": "sha256-/SvxBe/m6JiRSlKIrgD6LQxee9GGewFyq+lsPxoViMY=", + "lastModified": 1643307345, + "narHash": "sha256-xiu7i6Q3Dqu4lLfDNaAL/f2DVewBxL+ysMuAyJiGv+4=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5dd5d5f197724f3065fd39c59c7ccea3c8dcb8f", + "rev": "4e92ec84f93a293042a64c3ed56ac8aee62fb6e1", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1642104392, - "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "lastModified": 1643169865, + "narHash": "sha256-+KIpNRazbc8Gac9jdWCKQkFv9bjceaLaLhlwqUEYu8c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", + "rev": "945ec499041db73043f745fad3b2a3a01e826081", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1642124317, - "narHash": "sha256-51SQCJSRExl7MuzenYUJgegC1u87Ag9VfS1vkDnfQf0=", + "lastModified": 1643035879, + "narHash": "sha256-Cl3sdXOCjit6bvJ95scZAhyCE63CTRMmcvxQRDcx1yM=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "9d05798e16691e832f97aacf2bbb884adbe4bfed", + "rev": "2df4f288c7eb9ef9d3984ed458fec24f4f53cdb5", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1641997570, - "narHash": "sha256-MLUTqiG7EAhsDQP2IlqyMiFjB2GWEGrfoovuoHwMFoQ=", + "lastModified": 1642585054, + "narHash": "sha256-vMHKAC0JInP4pkxPg0DReYXLRTs3eJr0ueK5eq1V6Ik=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "1537bb402953f6622e087b140eb1b6dd629b1c78", + "rev": "5d05f5911a9078e8c77851c40dc6a77d2a4c3955", "type": "github" }, "original": { @@ -482,11 +482,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1641903864, - "narHash": "sha256-hErGwa8L3gtW4BskFtCsLK+wDuS/Bv5tOFDj57yc4Hw=", + "lastModified": 1642612088, + "narHash": "sha256-h/G2+UhyPxW1t0Z7nqIAOXr3lvR4b5dzA5tCgCI6+oE=", "owner": "hakimel", "repo": "reveal.js", - "rev": "f7c59649fe9d72a148860220a66511cefd142907", + "rev": "61055ed02bd7dbff30ea827591084cce7c22303c", "type": "github" }, "original": { From 098012a8ae2dc432f671144d741180e032941990 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jan 2022 21:27:18 +0100 Subject: [PATCH 239/988] Commented out broken packages --- home/home/pkgs.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 4b043ff..e2f7824 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -11,8 +11,8 @@ with pkgs; [ bash bluez-tools binutils - clang - clang-tools + #clang + #clang-tools php74Packages.composer darcs direnv @@ -75,7 +75,7 @@ with pkgs; [ ripgrep rust-analyzer rustup - shortwave + #shortwave signal-desktop slurp spotify From e3f72d719c13981fc5e457c4e9dd1fe73b512f54 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jan 2022 21:27:44 +0100 Subject: [PATCH 240/988] Changed font size --- home/modules/alacritty/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 2ba178e..98a91ae 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in settings = { scrolling.history = 0; font = { - size = 11; + size = 10; normal = { family = "Jetbrains Mono"; style = "Regular"; From 24a082f22cca6fe361863a7ea44f3628f69cde50 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jan 2022 21:43:24 +0100 Subject: [PATCH 241/988] Added git options --- home/modules/git.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index 43047eb..a6bbc58 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -8,6 +8,20 @@ in enable = mkEnableOption "Enable git config"; }; config = mkIf cfg.enable { - programs.git.enable = true; + programs.git = { + enable = true; + extraConfig = { + status = { + short = true; + branch = 1; + }; + commit = { + verbose = 1; + }; + log = { + date = "iso8601-local"; + }; + }; + }; }; } From 2ab386ce5c76af7674fd15f4569ce8a97ce05ec6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 Jan 2022 12:30:08 +0100 Subject: [PATCH 242/988] Added more git config --- home/home/pkgs.nix | 3 --- home/modules/git.nix | 48 +++++++++++++++++++++++++++++++++++++++++--- home/modules/zsh.nix | 1 + 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index e2f7824..5c71cfa 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -93,7 +93,4 @@ with pkgs; [ wireshark xdg_utils youtube-dl - git-lfs - gitAndTools.hub - gitAndTools.lab ] diff --git a/home/modules/git.nix b/home/modules/git.nix index a6bbc58..533a33d 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; let cfg = config.dadada.home.git; @@ -11,17 +11,59 @@ in programs.git = { enable = true; extraConfig = { + core = { + whitespace = { + tab-in-indent = true; + tabwidth = 4; + }; + alias = { + + }; + pager = "delta"; + }; + column = { + ui = "never"; + }; + checkout = { + defaultRemote = "origin"; + }; + delta = { + navigate = true; # use n and N to move between diff sections + }; + diff = { + renames = "copies"; + algorithm = "histogram"; + colorMoved = "default"; + }; + interactive = { + diffFilter = "delta --color-only"; + }; + merge = { + conflictstyle = "diff3"; + }; status = { short = true; - branch = 1; + branch = true; + showUntrackedFiled = "all"; }; commit = { - verbose = 1; + verbose = true; }; log = { date = "iso8601-local"; }; + pull = { + prune = true; + }; }; }; + + home.packages = with pkgs; [ + delta + git-lfs + gitAndTools.hub + gitAndTools.lab + gitAndTools.git-absorb + ]; }; } diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 69d11c5..662782e 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -46,6 +46,7 @@ in ga = "git add"; gc = "git commit"; gd = "git diff"; + gdw = "git diff --color-words"; gf = "git fetch"; gl = "git log"; gpu = "git push"; From dfe9de1d0fe744ba299e555c4f6b2192e558cf30 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 Jan 2022 13:19:40 +0100 Subject: [PATCH 243/988] Fixed terminal true-color --- home/modules/alacritty/default.nix | 3 ++- home/modules/git.nix | 2 ++ home/modules/tmux.nix | 3 ++- home/modules/vim/vimrc | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 98a91ae..395f5ab 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -15,9 +15,10 @@ in programs.alacritty = { enable = true; settings = { + env.TERM = "xterm-256color"; scrolling.history = 0; font = { - size = 10; + size = 9; normal = { family = "Jetbrains Mono"; style = "Regular"; diff --git a/home/modules/git.nix b/home/modules/git.nix index 533a33d..9420ad2 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -29,6 +29,8 @@ in }; delta = { navigate = true; # use n and N to move between diff sections + side-by-side = false; + line-numbers = true; }; diff = { renames = "copies"; diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 8ea0faf..99a28f0 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -10,13 +10,14 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; - terminal = "xterm-256color"; + terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on + set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' diff --git a/home/modules/vim/vimrc b/home/modules/vim/vimrc index f7e85e9..8c8bb88 100644 --- a/home/modules/vim/vimrc +++ b/home/modules/vim/vimrc @@ -51,6 +51,8 @@ set mouse=a syntax enable if (has("termguicolors")) + let &t_8f="\[38;2;%lu;%lu;%lum" + let &t_8b="\[48;2;%lu;%lu;%lum" set termguicolors endif From 62304d38daf1799ce26a4e55212f245e8ed49691 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 Jan 2022 16:27:29 +0100 Subject: [PATCH 244/988] Added even more git options --- home/modules/git.nix | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index 9420ad2..4c17be5 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -16,17 +16,11 @@ in tab-in-indent = true; tabwidth = 4; }; - alias = { - - }; + alias = { }; pager = "delta"; }; - column = { - ui = "never"; - }; - checkout = { - defaultRemote = "origin"; - }; + column.ui = "never"; + checkout.defaultRemote = "origin"; delta = { navigate = true; # use n and N to move between diff sections side-by-side = false; @@ -37,26 +31,24 @@ in algorithm = "histogram"; colorMoved = "default"; }; - interactive = { - diffFilter = "delta --color-only"; - }; - merge = { - conflictstyle = "diff3"; - }; + interactive.diffFilter = "delta --color-only"; + merge.conflictstyle = "diff3"; status = { short = true; branch = true; showUntrackedFiled = "all"; }; - commit = { - verbose = true; - }; - log = { - date = "iso8601-local"; - }; + commit.verbose = true; + log.date = "iso8601-local"; + tag.gpgSign = true; pull = { prune = true; + ff = "only"; + rebase = "interactive"; }; + push.default = "upstream"; + rebase.abbreviateCommands = true; + rerere.enabled = true; }; }; From 558c726efc9491ca6665c4dca2492e691172fc73 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 Jan 2022 16:38:42 +0100 Subject: [PATCH 245/988] Updated unbound config --- nixos/modules/networking.nix | 47 ++++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 2fe282c..2456fa1 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -23,24 +23,51 @@ in config = { networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true; + networking.networkmanager.dns = mkIf cfg.useLocalResolver "unbound"; + services.unbound = mkIf cfg.useLocalResolver { enable = true; settings = { - server.interface = [ - "127.0.0.1" - "::1" - ]; - #tls-upstream = "yes"; - #tls-cert-bundle = "/etc/ssl/certs/ca-bundle.crt"; + server = { + prefer-ip6 = true; + + prefetch = true; + prefetch-key = true; + serve-expired = true; + + aggressive-nsec = true; + hide-identity = true; + hide-version = true; + + use-caps-for-id = true; + + private-address = [ + "127.0.0.0/8" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "169.254.0.0/16" + "fd00::/8" + "fe80::/10" + "::ffff:0:0/96" + ]; + private-domain = [ + "dadada.li" + ]; + interface = [ + "127.0.0.1" + "::1" + ]; + }; forward-zone = [ { name = "."; forward-tls-upstream = "yes"; forward-addr = [ - "2606:4700:4700::1001@853#cloudflare-dns.com" - "2606:4700:4700::1111@853#cloudflare-dns.com" - "1.1.1.1@853#cloudflare-dns.com" - "1.0.0.1@853#cloudflare-dns.com" + "2620:fe::fe@853#dns.quad9.net" + "2620:fe::9@853#dns.quad9.net" + "9.9.9.9@853#dns.quad9.net" + "149.112.112.112@853#dns.quad9.net" ]; } ]; From 3532144ad29d5772ff3728f9ab9af06292eaf03d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 Jan 2022 16:41:07 +0100 Subject: [PATCH 246/988] Activated local resolver for all servers --- nixos/modules/profiles/server.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 996eef7..333ee8d 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -9,6 +9,8 @@ in { "dadada" = keys; }; + dadada.networking.useLocalResolver = true; + dadada.autoUpgrade.enable = mkDefault true; environment.noXlibs = mkDefault true; From fef678283c88d53ef0793362200e8b42b32d4ab9 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 31 Jan 2022 10:30:22 +0100 Subject: [PATCH 247/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/4e92ec84f93a293042a64c3ed56ac8aee62fb6e1' (2022-01-27) → 'github:nix-community/home-manager/95d39e13a4a7a818c87f2701b59820d3ac0e674c' (2022-01-30) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/945ec499041db73043f745fad3b2a3a01e826081' (2022-01-26) → 'github:NixOS/nixpkgs/5bb20f9dc70e9ee16e21cc404b6508654931ce41' (2022-01-28) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/2df4f288c7eb9ef9d3984ed458fec24f4f53cdb5' (2022-01-24) → 'github:nix-community/nix-doom-emacs/ba6ef3c7d5c8b236fb06ddde1c513af804d72f45' (2022-01-29) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/35865ef5e89442e3809b8095199977053dd4210f' (2022-01-14) → 'github:hlissner/doom-emacs/a5ebd0b04778409c2d513830791e919646e6f980' (2022-01-27) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/4075922d23e44a2b4c73e8c08f8b008ec6391ef2' (2022-01-20) → 'github:nix-community/emacs-overlay/011ec0706fa17de340c96d7d393c00af41f65cab' (2022-01-27) • Updated input 'nix-doom-emacs/nix-straight': 'github:nix-community/nix-straight.el/866ef703fa96c970624d6d4ad33110a0708fcfef' (2021-12-10) → 'github:nix-community/nix-straight.el/08d75e5651cb52f8a07e03408ed19e04bee07505' (2022-01-29) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/5d05f5911a9078e8c77851c40dc6a77d2a4c3955' (2022-01-19) → 'github:emacs-straight/org-mode/22e6ed6b89755047b44f8666ac20aac0c50afc34' (2022-01-26) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 6fe3386..5473048 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1642165074, - "narHash": "sha256-Sl8/Pmq+AZ4y1U0/96Ka/BXRroBDoW1VXQKUKEAyuaA=", + "lastModified": 1643305420, + "narHash": "sha256-E4eVkyWdoUvBF904macERWkZ+Ox8dWLzoaRauerFcYg=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "35865ef5e89442e3809b8095199977053dd4210f", + "rev": "a5ebd0b04778409c2d513830791e919646e6f980", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1642703365, - "narHash": "sha256-TgR0xJSGUt0kgk7KiF4NfFNPU7umDrAx/oFVqlvqmmM=", + "lastModified": 1643308453, + "narHash": "sha256-SeOF8D+fYFR5GXOylwdDvj8AZNTgX6tgcLWeCzMkfz4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4075922d23e44a2b4c73e8c08f8b008ec6391ef2", + "rev": "011ec0706fa17de340c96d7d393c00af41f65cab", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1643307345, - "narHash": "sha256-xiu7i6Q3Dqu4lLfDNaAL/f2DVewBxL+ysMuAyJiGv+4=", + "lastModified": 1643567433, + "narHash": "sha256-tyFgodcZRlt0ZshbgyLf4m/Sd/ys9p0AHfeVZQ50WKU=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e92ec84f93a293042a64c3ed56ac8aee62fb6e1", + "rev": "95d39e13a4a7a818c87f2701b59820d3ac0e674c", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1643169865, - "narHash": "sha256-+KIpNRazbc8Gac9jdWCKQkFv9bjceaLaLhlwqUEYu8c=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "945ec499041db73043f745fad3b2a3a01e826081", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1643035879, - "narHash": "sha256-Cl3sdXOCjit6bvJ95scZAhyCE63CTRMmcvxQRDcx1yM=", + "lastModified": 1643476335, + "narHash": "sha256-UR04A3cc0Oi9wbVuyNvTQnSgxjkuB3rdGyZYWsKu28Q=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "2df4f288c7eb9ef9d3984ed458fec24f4f53cdb5", + "rev": "ba6ef3c7d5c8b236fb06ddde1c513af804d72f45", "type": "github" }, "original": { @@ -320,11 +320,11 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1639180741, - "narHash": "sha256-3AaUE9Z/Sc5QxK8WtkPzU+9UqcOUaF9klaz8sV8DUu4=", + "lastModified": 1643475817, + "narHash": "sha256-NpExq5nbPbj/ppkBX3SnETEJuOne1MKJxen8vVHsDFg=", "owner": "nix-community", "repo": "nix-straight.el", - "rev": "866ef703fa96c970624d6d4ad33110a0708fcfef", + "rev": "08d75e5651cb52f8a07e03408ed19e04bee07505", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1642585054, - "narHash": "sha256-vMHKAC0JInP4pkxPg0DReYXLRTs3eJr0ueK5eq1V6Ik=", + "lastModified": 1643227669, + "narHash": "sha256-9tLMILwN8/YwsFCnDg01OQ3IdTm8b1+I0cBmb7cSydc=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "5d05f5911a9078e8c77851c40dc6a77d2a4c3955", + "rev": "22e6ed6b89755047b44f8666ac20aac0c50afc34", "type": "github" }, "original": { From e659af4ae88e70dd585ffe4569536a23dec979a3 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 1 Feb 2022 11:24:14 +0100 Subject: [PATCH 248/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/95d39e13a4a7a818c87f2701b59820d3ac0e674c' (2022-01-30) → 'github:nix-community/home-manager/a52aed72c84a2a10102a92397339fa01fc0fe9cf' (2022-01-30) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/5bb20f9dc70e9ee16e21cc404b6508654931ce41' (2022-01-28) → 'github:NixOS/nixpkgs/efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb' (2022-01-30) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 5473048..a00b12f 100644 --- a/flake.lock +++ b/flake.lock @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1643567433, - "narHash": "sha256-tyFgodcZRlt0ZshbgyLf4m/Sd/ys9p0AHfeVZQ50WKU=", + "lastModified": 1643579427, + "narHash": "sha256-tV4M4+Aqd/3ZjEz1Q07j89KIlkt1oFH34RzpBkUeO/0=", "owner": "nix-community", "repo": "home-manager", - "rev": "95d39e13a4a7a818c87f2701b59820d3ac0e674c", + "rev": "a52aed72c84a2a10102a92397339fa01fc0fe9cf", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1643524588, + "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", "type": "github" }, "original": { From 62e288ea685e542d704c55182bee68fbeb55b65c Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 5 Feb 2022 14:05:13 +0100 Subject: [PATCH 249/988] Added config for uwupn --- nixos/gorgon/configuration.nix | 18 +++++++++++++++++- nixos/modules/networking.nix | 21 +++++++++++++++++---- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 35 insertions(+), 6 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 1a74f39..df7fe26 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -38,7 +38,10 @@ in luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; networking = { enableBsShare = true; - useLocalResolver = true; + localResolver = { + enable= true; + uwu= true; + }; vpnExtension = "3"; }; backupClient = { @@ -116,6 +119,19 @@ in "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; }; + networking.wireguard.interfaces.uwupn = { + ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; + privateKeyFile = "/var/lib/wireguard/uwu"; + peers = [ + { + publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" ]; + endpoint = "53c70r.de:51820"; + persistentKeepalive = 25; + } + ]; + }; + hardware.opengl = { enable = true; extraPackages = with pkgs; [ diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 2456fa1..c9cb220 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -6,7 +6,10 @@ in { options = { dadada.networking = { - useLocalResolver = mkEnableOption "Enable local caching name server"; + localResolver = { + enable = mkEnableOption "Enable local caching name server"; + uwu = mkEnableOption "Enable uwupn"; + }; wanInterfaces = mkOption { type = with types; listOf str; description = "WAN network interfaces"; @@ -22,10 +25,10 @@ in }; config = { - networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true; - networking.networkmanager.dns = mkIf cfg.useLocalResolver "unbound"; + networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true; + networking.networkmanager.dns = mkIf cfg.localResolver.enable "unbound"; - services.unbound = mkIf cfg.useLocalResolver { + services.unbound = mkIf cfg.localResolver.enable { enable = true; settings = { server = { @@ -53,7 +56,9 @@ in ]; private-domain = [ "dadada.li" + (mkIf cfg.localResolver.uwu "uwu") ]; + domain-insecure = mkIf cfg.localResolver.uwu "uwu"; interface = [ "127.0.0.1" "::1" @@ -70,6 +75,14 @@ in "149.112.112.112@853#dns.quad9.net" ]; } + (mkIf cfg.localResolver.uwu { + name = "uwu."; + forward-addr = [ + "fc00:1337:dead:beef::10.11.0.1" + "10.11.0.1" + ]; + } + ) ]; }; }; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 333ee8d..beaa781 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -9,7 +9,7 @@ in { "dadada" = keys; }; - dadada.networking.useLocalResolver = true; + dadada.networking.localResolver.enable = true; dadada.autoUpgrade.enable = mkDefault true; From 68049539aa99d74ad24a6f122c671aab697b6020 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 5 Feb 2022 14:32:29 +0100 Subject: [PATCH 250/988] Added s0 --- nixos/gorgon/configuration.nix | 3 ++- nixos/modules/networking.nix | 14 +++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index df7fe26..ef83274 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -41,6 +41,7 @@ in localResolver = { enable= true; uwu= true; + s0= true; }; vpnExtension = "3"; }; @@ -125,7 +126,7 @@ in peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" ]; + allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; endpoint = "53c70r.de:51820"; persistentKeepalive = 25; } diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index c9cb220..1b549de 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -9,6 +9,7 @@ in localResolver = { enable = mkEnableOption "Enable local caching name server"; uwu = mkEnableOption "Enable uwupn"; + s0 = mkEnableOption "Enable s0"; }; wanInterfaces = mkOption { type = with types; listOf str; @@ -57,8 +58,12 @@ in private-domain = [ "dadada.li" (mkIf cfg.localResolver.uwu "uwu") + (mkIf cfg.localResolver.s0 "s0") + ]; + domain-insecure = [ + (mkIf cfg.localResolver.uwu "uwu") + (mkIf cfg.localResolver.s0 "s0") ]; - domain-insecure = mkIf cfg.localResolver.uwu "uwu"; interface = [ "127.0.0.1" "::1" @@ -83,6 +88,13 @@ in ]; } ) + (mkIf cfg.localResolver.s0 { + name = "s0."; + forward-addr = [ + "192.168.178.1" + ]; + } + ) ]; }; }; From d3642a6525862c75a0a1487956889dc40a425279 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 8 Feb 2022 21:26:27 +0100 Subject: [PATCH 251/988] By default use four spaces to indent --- home/modules/vim/vimrc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/home/modules/vim/vimrc b/home/modules/vim/vimrc index 8c8bb88..31b8fb5 100644 --- a/home/modules/vim/vimrc +++ b/home/modules/vim/vimrc @@ -61,7 +61,10 @@ set t_Co=256 set background=dark colorscheme spacemacs-theme -" Use tabs for indent +set tabstop=4 +set softtabstop=4 +set softtabstop=4 +set expandtab set smarttab set smartindent set autoindent From 18271fd6a0e1eec5eeba8ee18992b5d401101c58 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 8 Feb 2022 21:39:22 +0100 Subject: [PATCH 252/988] Updated ftplugin for go --- pkgs/vimPlugins/default.nix | 2 +- pkgs/vimPlugins/filetype/ftplugin/go.vim | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 pkgs/vimPlugins/filetype/ftplugin/go.vim diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix index fd8df18..85d4c3b 100644 --- a/pkgs/vimPlugins/default.nix +++ b/pkgs/vimPlugins/default.nix @@ -3,7 +3,7 @@ with lib; { filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "dadadaVimFiletype"; - version = "2010-11-06"; + version = "0.2"; src = ./filetype; }; diff --git a/pkgs/vimPlugins/filetype/ftplugin/go.vim b/pkgs/vimPlugins/filetype/ftplugin/go.vim new file mode 100644 index 0000000..13b8558 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/go.vim @@ -0,0 +1,3 @@ +set expandtab& +setlocal shiftwidth=4 +setlocal softtabstop=4 From d0fd572ffe1dc39cb4059d1488a21e7a8b254b8a Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 9 Feb 2022 20:51:21 +0100 Subject: [PATCH 253/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) → 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) • Updated input 'home-manager': 'github:nix-community/home-manager/a52aed72c84a2a10102a92397339fa01fc0fe9cf' (2022-01-30) → 'github:nix-community/home-manager/e2aa1f598674aa9c06f28f5db60b89f37f1e961b' (2022-02-08) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb' (2022-01-30) → 'github:NixOS/nixpkgs/c5051e2b5fe9fab43a64f0e0d06b62c81a890b90' (2022-02-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/87a35a0d58f546dc23f37b4f6af575d0e4be6a7a' (2022-01-12) → 'github:NixOS/nixos-hardware/9886a06e4745edb31587d0e9481ad82d35f0d593' (2022-02-04) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) → 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a00b12f..fdd8b07 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1643579427, - "narHash": "sha256-tV4M4+Aqd/3ZjEz1Q07j89KIlkt1oFH34RzpBkUeO/0=", + "lastModified": 1644346464, + "narHash": "sha256-hS8hwbr/PflMIfTWTmB7Xo5jIrsWhSAqtz5XXxPa0zQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "a52aed72c84a2a10102a92397339fa01fc0fe9cf", + "rev": "e2aa1f598674aa9c06f28f5db60b89f37f1e961b", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1643524588, - "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", + "lastModified": 1644359234, + "narHash": "sha256-u/sBnRgrFrn9W8gZMS6vN3ZnJsoTvbws968TpqwlDJQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", + "rev": "c5051e2b5fe9fab43a64f0e0d06b62c81a890b90", "type": "github" }, "original": { @@ -335,11 +335,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1641965797, - "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", + "lastModified": 1643980037, + "narHash": "sha256-RdVHt2mD408WXMjQIOLvUzy8cSUHu8NAbilDmPVxf7E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", + "rev": "9886a06e4745edb31587d0e9481ad82d35f0d593", "type": "github" }, "original": { From 013a077b905e1a6ad3ea468fab9e23c91346129a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 12 Feb 2022 23:04:03 +0100 Subject: [PATCH 254/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e2aa1f598674aa9c06f28f5db60b89f37f1e961b' (2022-02-08) → 'github:nix-community/home-manager/6d9d9294d09b5e88df65f8c6651efb8a4d7d2476' (2022-02-10) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/c5051e2b5fe9fab43a64f0e0d06b62c81a890b90' (2022-02-08) → 'github:NixOS/nixpkgs/48d63e924a2666baf37f4f14a18f19347fbd54a2' (2022-02-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/9886a06e4745edb31587d0e9481ad82d35f0d593' (2022-02-04) → 'github:NixOS/nixos-hardware/c361b954759195c2ac085fbbed5ad7d513e1585b' (2022-02-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index fdd8b07..119a53a 100644 --- a/flake.lock +++ b/flake.lock @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1644346464, - "narHash": "sha256-hS8hwbr/PflMIfTWTmB7Xo5jIrsWhSAqtz5XXxPa0zQ=", + "lastModified": 1644534280, + "narHash": "sha256-Gzf/Jq/F1vvTp6XkzPU+pBCj3OSAFLiR7f0ptwRseiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e2aa1f598674aa9c06f28f5db60b89f37f1e961b", + "rev": "6d9d9294d09b5e88df65f8c6651efb8a4d7d2476", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1644359234, - "narHash": "sha256-u/sBnRgrFrn9W8gZMS6vN3ZnJsoTvbws968TpqwlDJQ=", + "lastModified": 1644525281, + "narHash": "sha256-D3VuWLdnLmAXIkooWAtbTGSQI9Fc1lkvAr94wTxhnTU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5051e2b5fe9fab43a64f0e0d06b62c81a890b90", + "rev": "48d63e924a2666baf37f4f14a18f19347fbd54a2", "type": "github" }, "original": { @@ -335,11 +335,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1643980037, - "narHash": "sha256-RdVHt2mD408WXMjQIOLvUzy8cSUHu8NAbilDmPVxf7E=", + "lastModified": 1644691988, + "narHash": "sha256-WoZCvPNlQ/ZaOYLmSTPCl1dfCa4mloaUtS1CfBgwPT8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9886a06e4745edb31587d0e9481ad82d35f0d593", + "rev": "c361b954759195c2ac085fbbed5ad7d513e1585b", "type": "github" }, "original": { From 6cb0c987a7bac57815abfc92931a71a0305d47cd Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 13 Feb 2022 00:26:31 +0100 Subject: [PATCH 255/988] Removed kitty --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 5c71cfa..491601d 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -44,7 +44,6 @@ with pkgs; [ kcachegrind keepassxc #keys - kitty ldns libreoffice libvirt From d05d4de09ec03d31e5f96f7780707b3483d4e61d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 13 Feb 2022 00:32:14 +0100 Subject: [PATCH 256/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/6d9d9294d09b5e88df65f8c6651efb8a4d7d2476' (2022-02-10) → 'github:nix-community/home-manager/7c2ae0bdd20ddcaafe41ef669226a1df67f8aa06' (2022-02-12) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 119a53a..851b990 100644 --- a/flake.lock +++ b/flake.lock @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1644534280, - "narHash": "sha256-Gzf/Jq/F1vvTp6XkzPU+pBCj3OSAFLiR7f0ptwRseiI=", + "lastModified": 1644706973, + "narHash": "sha256-xOyxrhc5V79u0ZNmnPmJbY3ngtp43dNISEmrb8Ie6wQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "6d9d9294d09b5e88df65f8c6651efb8a4d7d2476", + "rev": "7c2ae0bdd20ddcaafe41ef669226a1df67f8aa06", "type": "github" }, "original": { From dbc36bb08f0a4c874af68ad5c8bd1afc5d815008 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 13 Feb 2022 10:27:43 +0100 Subject: [PATCH 257/988] Removed packages with build failures --- home/home/default.nix | 1 - home/home/pkgs.nix | 1 - home/modules/sway/default.nix | 1 - 3 files changed, 3 deletions(-) diff --git a/home/home/default.nix b/home/home/default.nix index 7af7445..0a29655 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -9,7 +9,6 @@ let "gpg" "gtk" "keyring" - "sway" "syncthing" "tmux" "xdg" diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 491601d..1521db5 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -86,7 +86,6 @@ with pkgs; [ thunderbird unzip usbutils - virtmanager vscodium whois wireshark diff --git a/home/modules/sway/default.nix b/home/modules/sway/default.nix index b093a5a..45eaee6 100644 --- a/home/modules/sway/default.nix +++ b/home/modules/sway/default.nix @@ -16,7 +16,6 @@ in kanshi kitty i3status - kitty bemenu xss-lock swaylock From 3a8339638f71d0f37cc06f24d92365632e02a946 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 23 Feb 2022 18:43:24 +0100 Subject: [PATCH 258/988] Fixed android studio startup --- home/home/pkgs.nix | 1 + nixos/gorgon/configuration.nix | 29 ++++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 1521db5..b5082a3 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,6 +1,7 @@ { pkgs }: with pkgs; [ ag + androidStudioPackages.stable anki aspell aspellDicts.de diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index ef83274..3f9d57e 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -21,7 +21,7 @@ in post-build-hook = ${signHook} ''; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_5_15; boot.kernelModules = [ "kvm-amd" ]; @@ -133,6 +133,33 @@ in ]; }; + #networking.wireguard.interfaces.mullvad = { + # ips = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; + # privateKeyFile = "/var/lib/wireguard/mullvad"; + # peers = [ + # { + # publicKey = "BLNHNoGO88LjV/wDBa7CUUwUzPq/fO2UwcGLy56hKy4="; + # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + # endpoint = "193.27.14.98:3152"; + # persistentKeepalive = 25; + # } + # ]; + #}; + + networking.wg-quick.interfaces.mullvad = { + address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; + privateKeyFile = "/var/lib/wireguard/mullvad"; + peers = [ + { + publicKey = "BLNHNoGO88LjV/wDBa7CUUwUzPq/fO2UwcGLy56hKy4="; + allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + endpoint = "193.27.14.98:3152"; + persistentKeepalive = 25; + } + ]; + postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.98 lookup main"; + }; + hardware.opengl = { enable = true; extraPackages = with pkgs; [ From fdf8200223bb52483d452345ee51711807c3d598 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 23 Feb 2022 18:43:55 +0100 Subject: [PATCH 259/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/7c2ae0bdd20ddcaafe41ef669226a1df67f8aa06' (2022-02-12) → 'github:nix-community/home-manager/0b1745b4ef4c35ec5d554b176539730fcb5ec141' (2022-02-23) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/48d63e924a2666baf37f4f14a18f19347fbd54a2' (2022-02-10) → 'github:NixOS/nixpkgs/7f9b6e2babf232412682c09e57ed666d8f84ac2d' (2022-02-21) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/ba6ef3c7d5c8b236fb06ddde1c513af804d72f45' (2022-01-29) → 'github:nix-community/nix-doom-emacs/505182141d6176d765347f85b8fb0cc204d8c44e' (2022-02-15) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/a5ebd0b04778409c2d513830791e919646e6f980' (2022-01-27) → 'github:hlissner/doom-emacs/fc868105cefc6ce0091fc61f0fc4d8ccb653a048' (2022-02-14) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/011ec0706fa17de340c96d7d393c00af41f65cab' (2022-01-27) → 'github:nix-community/emacs-overlay/4079646746c264818338cd2733f38c33050f821f' (2022-02-14) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) → 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/22e6ed6b89755047b44f8666ac20aac0c50afc34' (2022-01-26) → 'github:emacs-straight/org-mode/fe4a60dffa80951ab9641ddb034d01c6bc9dd675' (2022-02-13) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/61055ed02bd7dbff30ea827591084cce7c22303c' (2022-01-19) → 'github:hakimel/reveal.js/ff20051861f16da2f69fe9de8cc5dc54b2a79207' (2022-02-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c361b954759195c2ac085fbbed5ad7d513e1585b' (2022-02-12) → 'github:NixOS/nixos-hardware/1ccfe243aa6e94bf80f2a66f6be41d086d37fc87' (2022-02-20) --- flake.lock | 56 +++++++++++++++++----------------- nixos/gorgon/configuration.nix | 13 -------- 2 files changed, 28 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index 851b990..70d68dd 100644 --- a/flake.lock +++ b/flake.lock @@ -3,16 +3,16 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1643305420, - "narHash": "sha256-E4eVkyWdoUvBF904macERWkZ+Ox8dWLzoaRauerFcYg=", + "lastModified": 1644870286, + "narHash": "sha256-iewFbzjrdcTcraxL9jXx5gf6chA0t4QuobMEIobzUxc=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "a5ebd0b04778409c2d513830791e919646e6f980", + "rev": "fc868105cefc6ce0091fc61f0fc4d8ccb653a048", "type": "github" }, "original": { "owner": "hlissner", - "ref": "develop", + "ref": "master", "repo": "doom-emacs", "type": "github" } @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1643308453, - "narHash": "sha256-SeOF8D+fYFR5GXOylwdDvj8AZNTgX6tgcLWeCzMkfz4=", + "lastModified": 1644863141, + "narHash": "sha256-JZaH9yydRtK25WOuuw2/koyh6OWNTdtKl+V13F50ZzE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "011ec0706fa17de340c96d7d393c00af41f65cab", + "rev": "4079646746c264818338cd2733f38c33050f821f", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -213,11 +213,11 @@ ] }, "locked": { - "lastModified": 1644706973, - "narHash": "sha256-xOyxrhc5V79u0ZNmnPmJbY3ngtp43dNISEmrb8Ie6wQ=", + "lastModified": 1646559628, + "narHash": "sha256-WDoqxH/IPTV8CkI15wwzvXYgXq9UPr8xd8WKziuaynw=", "owner": "nix-community", "repo": "home-manager", - "rev": "7c2ae0bdd20ddcaafe41ef669226a1df67f8aa06", + "rev": "afe96e7433c513bf82375d41473c57d1f66b4e68", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1644525281, - "narHash": "sha256-D3VuWLdnLmAXIkooWAtbTGSQI9Fc1lkvAr94wTxhnTU=", + "lastModified": 1646497237, + "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48d63e924a2666baf37f4f14a18f19347fbd54a2", + "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1643476335, - "narHash": "sha256-UR04A3cc0Oi9wbVuyNvTQnSgxjkuB3rdGyZYWsKu28Q=", + "lastModified": 1644894353, + "narHash": "sha256-iZASAaUDspZS3laQY2CT6KhF5pWOKVjTR873V+TdCnA=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "ba6ef3c7d5c8b236fb06ddde1c513af804d72f45", + "rev": "505182141d6176d765347f85b8fb0cc204d8c44e", "type": "github" }, "original": { @@ -335,11 +335,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1644691988, - "narHash": "sha256-WoZCvPNlQ/ZaOYLmSTPCl1dfCa4mloaUtS1CfBgwPT8=", + "lastModified": 1646647249, + "narHash": "sha256-G1qFpuv8FOO7Sjx3kPwVi63emtCFZvTBSta8jODOb/U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c361b954759195c2ac085fbbed5ad7d513e1585b", + "rev": "86fa91c21f911d7cb0427baed3b177744b82e068", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1643227669, - "narHash": "sha256-9tLMILwN8/YwsFCnDg01OQ3IdTm8b1+I0cBmb7cSydc=", + "lastModified": 1644787667, + "narHash": "sha256-dGzFj9wdwb4AHxz+l+08C2xl/gHzkqwGEFVHeBiqAoQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "22e6ed6b89755047b44f8666ac20aac0c50afc34", + "rev": "fe4a60dffa80951ab9641ddb034d01c6bc9dd675", "type": "github" }, "original": { @@ -482,11 +482,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1642612088, - "narHash": "sha256-h/G2+UhyPxW1t0Z7nqIAOXr3lvR4b5dzA5tCgCI6+oE=", + "lastModified": 1644496127, + "narHash": "sha256-d3Rrqi2MAeme9Zwg8L+HEe7ch8gFEJ6XDjmo2xSxPO0=", "owner": "hakimel", "repo": "reveal.js", - "rev": "61055ed02bd7dbff30ea827591084cce7c22303c", + "rev": "ff20051861f16da2f69fe9de8cc5dc54b2a79207", "type": "github" }, "original": { diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3f9d57e..3a22e8c 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -133,19 +133,6 @@ in ]; }; - #networking.wireguard.interfaces.mullvad = { - # ips = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; - # privateKeyFile = "/var/lib/wireguard/mullvad"; - # peers = [ - # { - # publicKey = "BLNHNoGO88LjV/wDBa7CUUwUzPq/fO2UwcGLy56hKy4="; - # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; - # endpoint = "193.27.14.98:3152"; - # persistentKeepalive = 25; - # } - # ]; - #}; - networking.wg-quick.interfaces.mullvad = { address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; privateKeyFile = "/var/lib/wireguard/mullvad"; From bc9ca965468971a7f071477b67bdb877200e1bc6 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 7 Mar 2022 22:04:06 +0100 Subject: [PATCH 260/988] Fixed rename --- home/home/pkgs.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index b5082a3..3603a3c 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,6 +1,5 @@ { pkgs }: with pkgs; [ - ag androidStudioPackages.stable anki aspell @@ -49,7 +48,7 @@ with pkgs; [ libreoffice libvirt lsof - manpages + man-pages mblaze mkpasswd mpv @@ -77,6 +76,7 @@ with pkgs; [ rustup #shortwave signal-desktop + silver-searcher slurp spotify sqlite From 9be4ce98559c9f05219d2b80cc89162291f8f7b3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 12 Mar 2022 20:22:56 +0100 Subject: [PATCH 261/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/062a0c5437b68f950b081bbfc8a699d57a4ee026' (2022-03-05) → 'github:NixOS/nixpkgs/fcd48a5a0693f016a5c370460d0c2a8243b882dc' (2022-03-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/86fa91c21f911d7cb0427baed3b177744b82e068' (2022-03-07) → 'github:NixOS/nixos-hardware/816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1' (2022-03-09) • Updated input 'recipemd': 'github:dadada/recipemd/54103675dd9bb5e5a88e96462efa30311836cb37' (2021-06-24) → 'github:dadada/recipemd/ef3ce521ce4fdc4e2cedb92102433c8a0a9d0335' (2022-03-11) • Updated input 'recipemd/nixpkgs': 'github:NixOS/nixpkgs/1905f5f2e55e0db0bb6244cfe62cb6c0dbda391d' (2021-06-23) → 'path:/nix/store/n04lw5nrskzmz7rv17p09qrnjanfkg5d-source?narHash=sha256-Ccpot1h%2frV8MgcngDp5OrdmLTMaUTbStZTR5%2fsI7zW0=' --- flake.lock | 61 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 54 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 70d68dd..7bbfb03 100644 --- a/flake.lock +++ b/flake.lock @@ -189,6 +189,21 @@ "type": "github" } }, + "flake-utils_5": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "format-all": { "flake": false, "locked": { @@ -263,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1646497237, - "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", + "lastModified": 1646939531, + "narHash": "sha256-bxOjVqcsccCNm+jSmEh/bm0tqfE3SdjwS+p+FZja3ho=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "062a0c5437b68f950b081bbfc8a699d57a4ee026", + "rev": "fcd48a5a0693f016a5c370460d0c2a8243b882dc", "type": "github" }, "original": { @@ -335,11 +350,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1646647249, - "narHash": "sha256-G1qFpuv8FOO7Sjx3kPwVi63emtCFZvTBSta8jODOb/U=", + "lastModified": 1646825982, + "narHash": "sha256-uWvS4UFkdE4Iqk1pXhxkZqPsqI+Z2V9VRmLxGUFejbY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "86fa91c21f911d7cb0427baed3b177744b82e068", + "rev": "816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1", "type": "github" }, "original": { @@ -362,6 +377,17 @@ "type": "indirect" } }, + "nixpkgs_2": { + "locked": { + "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", + "path": "/nix/store/n04lw5nrskzmz7rv17p09qrnjanfkg5d-source", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nose": { "flake": false, "locked": { @@ -479,6 +505,26 @@ "type": "github" } }, + "recipemd": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1647022391, + "narHash": "sha256-TZih8S/GGmmONaEZchFw0sFS6U9pa+BjaGzNUf1ahi4=", + "owner": "dadada", + "repo": "recipemd", + "rev": "ef3ce521ce4fdc4e2cedb92102433c8a0a9d0335", + "type": "github" + }, + "original": { + "owner": "dadada", + "ref": "nix-flake", + "repo": "recipemd", + "type": "github" + } + }, "revealjs": { "flake": false, "locked": { @@ -507,6 +553,7 @@ "myNixpkgs" ], "nvd": "nvd", + "recipemd": "recipemd", "scripts": "scripts" } }, @@ -528,7 +575,7 @@ }, "scripts": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "myNixpkgs" ] From 2b3b2a603caf5c571f3e86b33c393b6901063ca0 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 18 Mar 2022 18:00:59 +0100 Subject: [PATCH 262/988] Moved recipemd package --- flake.nix | 3 +++ home/configurations.nix | 5 ----- home/home/pkgs.nix | 1 + nixos/configurations.nix | 2 ++ nixos/gorgon/configuration.nix | 27 ++++++++++++++------------- outputs.nix | 12 +++--------- overlays/default.nix | 4 ---- 7 files changed, 23 insertions(+), 31 deletions(-) diff --git a/flake.nix b/flake.nix index 0e971c8..10f838b 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,9 @@ homePage = { url = github:dadada/dadada.li; }; + recipemd = { + url = github:dadada/recipemd/nix-flake; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/configurations.nix b/home/configurations.nix index cc457b5..6c2850f 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,15 +1,11 @@ { self , nixpkgs , home-manager -, nix-doom-emacs -, nvd -, scripts }@inputs: let hmConfiguration = { homeDirectory ? "/home/dadada" , extraModules ? [ ] - , overlays ? [ ] , system ? "x86_64-linux" , username ? "dadada" , stateVersion @@ -21,7 +17,6 @@ let config = import ./nixpkgs-config.nix { pkgs = nixpkgs; }; - overlays = overlays; }; manual.manpages.enable = false; }; diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 3603a3c..92e083f 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -71,6 +71,7 @@ with pkgs; [ python3 python38Packages.dateutil python38Packages.managesieve + recipemd ripgrep rust-analyzer rustup diff --git a/nixos/configurations.nix b/nixos/configurations.nix index a9559e9..8180186 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -6,12 +6,14 @@ , nixos-hardware , nvd , scripts +, recipemd }: let adapterModule = system: { nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ (final: prev: { homePage = homePage.defaultPackage.${system}; }) (final: prev: { s = scripts; }) (final: prev: { n = nvd; }) + (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) ]; }; in diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3a22e8c..e90efa2 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -82,6 +82,7 @@ in environment.systemPackages = with pkgs; [ chromium ghostscript + recipemd ]; networking.firewall = { @@ -133,19 +134,19 @@ in ]; }; - networking.wg-quick.interfaces.mullvad = { - address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; - privateKeyFile = "/var/lib/wireguard/mullvad"; - peers = [ - { - publicKey = "BLNHNoGO88LjV/wDBa7CUUwUzPq/fO2UwcGLy56hKy4="; - allowedIPs = [ "0.0.0.0/0" "::0/0" ]; - endpoint = "193.27.14.98:3152"; - persistentKeepalive = 25; - } - ]; - postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.98 lookup main"; - }; + #networking.wg-quick.interfaces.mullvad = { + # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; + # privateKeyFile = "/var/lib/wireguard/mullvad"; + # peers = [ + # { + # publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k="; + # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + # endpoint = "193.27.14.66:51820"; + # persistentKeepalive = 25; + # } + # ]; + # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main"; + #}; hardware.opengl = { enable = true; diff --git a/outputs.nix b/outputs.nix index b602aac..9e67dfb 100644 --- a/outputs.nix +++ b/outputs.nix @@ -8,6 +8,7 @@ , nixos-hardware , nvd , scripts +, recipemd , ... }@inputs: (flake-utils.lib.eachDefaultSystem (system: @@ -44,22 +45,15 @@ $link/activate ''); }; - apps.recipemd = { - type = "app"; - program = "${selfPkgs.recipemd}/bin/recipemd"; - }; devShell = pkgs.callPackage ./shell.nix { }; - packages = flake-utils.lib.flattenTree { - recipemd = pkgs.python3Packages.toPythonApplication python3Packages.recipemd; - }; })) // { hmConfigurations = import ./home/configurations.nix { - inherit self nixpkgs home-manager nix-doom-emacs nvd scripts; + inherit self nixpkgs home-manager recipemd; }; hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { nixosSystem = nixpkgs.lib.nixosSystem; - inherit self nixpkgs home-manager nixos-hardware nvd scripts homePage; + inherit self nixpkgs home-manager nixos-hardware nvd scripts homePage recipemd; }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; diff --git a/overlays/default.nix b/overlays/default.nix index ef7b17c..f902e63 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,8 +2,4 @@ let python3Packages = import ./python3-packages.nix; in { - #tubslatex = import ./tubslatex.nix; - recipemd = final: prev: { - recipemd = prev.python3Packages.toPythonApplication prev.python3Packages.recipemd; - }; } From 6f47c876f650f256adf91b11a510b3c843150272 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 18 Mar 2022 23:05:45 +0100 Subject: [PATCH 263/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/afe96e7433c513bf82375d41473c57d1f66b4e68' (2022-03-06) → 'github:nix-community/home-manager/e2a85ac43f06859a50d067a029f0a303c4ca5264' (2022-03-18) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/fcd48a5a0693f016a5c370460d0c2a8243b882dc' (2022-03-10) → 'github:NixOS/nixpkgs/73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58' (2022-03-14) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/fc868105cefc6ce0091fc61f0fc4d8ccb653a048' (2022-02-14) → 'github:hlissner/doom-emacs/42e5763782fdc1aabb9f2624d468248d6978abe2' (2022-02-23) • Updated input 'nix-doom-emacs/doom-snippets': 'github:hlissner/doom-snippets/3083b2342f95fa55c1fd3b4a16229c5d867a02b0' (2021-11-24) → 'github:hlissner/doom-snippets/f61c23ece1ad47c0522059ac45085fd283ce4452' (2022-03-02) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/4079646746c264818338cd2733f38c33050f821f' (2022-02-14) → 'github:nix-community/emacs-overlay/c875f360337cd71890c6b682cf277cc06218dbfa' (2022-03-10) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/fe4a60dffa80951ab9641ddb034d01c6bc9dd675' (2022-02-13) → 'github:emacs-straight/org-mode/91681fc03334285dc0879fcb9a27583bd7ab9782' (2022-03-03) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/ff20051861f16da2f69fe9de8cc5dc54b2a79207' (2022-02-10) → 'github:hakimel/reveal.js/37861335a225a3cc9f67e98977aceda3c2a9eca9' (2022-03-09) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1' (2022-03-09) → 'github:NixOS/nixos-hardware/32f61571b486efc987baca553fb35df22532ba63' (2022-03-16) --- flake.lock | 55 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 7bbfb03..d0556ce 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1644870286, - "narHash": "sha256-iewFbzjrdcTcraxL9jXx5gf6chA0t4QuobMEIobzUxc=", + "lastModified": 1645634993, + "narHash": "sha256-QeE6aUJxoaqHM28Cpt2rKC817VQvXGuuFUyLzehaC50=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "fc868105cefc6ce0091fc61f0fc4d8ccb653a048", + "rev": "42e5763782fdc1aabb9f2624d468248d6978abe2", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1637750904, - "narHash": "sha256-zkKmbl9rros3IzMTX01l9eh1Uzg3E+eYgzuj8+VPBwM=", + "lastModified": 1646222996, + "narHash": "sha256-YhOnoNSpmcKNJg+aS/829zqXStMkKWXWf1pulHEBcpQ=", "owner": "hlissner", "repo": "doom-snippets", - "rev": "3083b2342f95fa55c1fd3b4a16229c5d867a02b0", + "rev": "f61c23ece1ad47c0522059ac45085fd283ce4452", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1644863141, - "narHash": "sha256-JZaH9yydRtK25WOuuw2/koyh6OWNTdtKl+V13F50ZzE=", + "lastModified": 1646933422, + "narHash": "sha256-yDU9F/LhFVLeyCyXycwnb93bA5lEcCXlj4sldQe92Yw=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "4079646746c264818338cd2733f38c33050f821f", + "rev": "c875f360337cd71890c6b682cf277cc06218dbfa", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1646559628, - "narHash": "sha256-WDoqxH/IPTV8CkI15wwzvXYgXq9UPr8xd8WKziuaynw=", + "lastModified": 1647572216, + "narHash": "sha256-HDOQ/Yq1ga5mbj0eUp/f5FY96TgOxwBjTfIRGsZsAlw=", "owner": "nix-community", "repo": "home-manager", - "rev": "afe96e7433c513bf82375d41473c57d1f66b4e68", + "rev": "e2a85ac43f06859a50d067a029f0a303c4ca5264", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1646939531, - "narHash": "sha256-bxOjVqcsccCNm+jSmEh/bm0tqfE3SdjwS+p+FZja3ho=", + "lastModified": 1647297614, + "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fcd48a5a0693f016a5c370460d0c2a8243b882dc", + "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58", "type": "github" }, "original": { @@ -318,16 +318,15 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1644894353, - "narHash": "sha256-iZASAaUDspZS3laQY2CT6KhF5pWOKVjTR873V+TdCnA=", + "lastModified": 1646961407, + "narHash": "sha256-xt7ikT6iMMDQVS9q4KjfOIDNssk4RhsWqNt5Ioxatko=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "505182141d6176d765347f85b8fb0cc204d8c44e", + "rev": "5b51499d0c776ad4a713a5ef0eb2c605443b5a01", "type": "github" }, "original": { "owner": "nix-community", - "ref": "develop", "repo": "nix-doom-emacs", "type": "github" } @@ -350,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1646825982, - "narHash": "sha256-uWvS4UFkdE4Iqk1pXhxkZqPsqI+Z2V9VRmLxGUFejbY=", + "lastModified": 1647447644, + "narHash": "sha256-Di7ZCXjQKEys+jxgl8Mp7a8nowRSeAbzH8c9QNYkw2k=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1", + "rev": "32f61571b486efc987baca553fb35df22532ba63", "type": "github" }, "original": { @@ -444,11 +443,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1644787667, - "narHash": "sha256-dGzFj9wdwb4AHxz+l+08C2xl/gHzkqwGEFVHeBiqAoQ=", + "lastModified": 1646280299, + "narHash": "sha256-ZNkOfB8o2OHTh2t/ci8uv8aoV3I5IfAgIIOP3azD6eU=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "fe4a60dffa80951ab9641ddb034d01c6bc9dd675", + "rev": "91681fc03334285dc0879fcb9a27583bd7ab9782", "type": "github" }, "original": { @@ -528,11 +527,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1644496127, - "narHash": "sha256-d3Rrqi2MAeme9Zwg8L+HEe7ch8gFEJ6XDjmo2xSxPO0=", + "lastModified": 1646820626, + "narHash": "sha256-J3bcoO/42FcPIqCU7ORiV7dcvJDKtEHG8N7/stEQqDg=", "owner": "hakimel", "repo": "reveal.js", - "rev": "ff20051861f16da2f69fe9de8cc5dc54b2a79207", + "rev": "37861335a225a3cc9f67e98977aceda3c2a9eca9", "type": "github" }, "original": { From 0c4523cbf576343c6e2fa3f082a204fda4768c27 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 18 Mar 2022 23:17:28 +0100 Subject: [PATCH 264/988] Fixed emacs flake --- flake.nix | 2 +- home/modules/emacs/doom.d/init.el | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 10f838b..887f26e 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpkgs.follows = "myNixpkgs"; }; nix-doom-emacs = { - url = github:nix-community/nix-doom-emacs/develop; + url = github:nix-community/nix-doom-emacs; inputs.nixpkgs.follows = "myNixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; diff --git a/home/modules/emacs/doom.d/init.el b/home/modules/emacs/doom.d/init.el index a94043f..bbc96d9 100644 --- a/home/modules/emacs/doom.d/init.el +++ b/home/modules/emacs/doom.d/init.el @@ -136,7 +136,7 @@ ;;idris ; a language you can depend on json ; At least it ain't XML ;;(java +meghanada) ; the poster child for carpal tunnel syndrome - ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) + (javascript +lsp) ; all(hope(abandon(ye(who(enter(here)))))) ;;julia ; a better, faster MATLAB ;;kotlin ; a better, slicker Java(Script) latex ; writing papers in Emacs has never been so fun @@ -166,7 +166,8 @@ ;;solidity ; do you need a blockchain? No. ;;swift ; who asked for emoji variables? ;;terra ; Earth and Moon in alignment for performance. - ;;web ; the tubes + vue-mode + (web +lsp) ; the tubes yaml ; JSON, but readable ;;zig ; C, but simpler From 8924a6c1a323b075d75d669a190e5074d548857e Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 18 Mar 2022 23:23:26 +0100 Subject: [PATCH 265/988] Fixed zsh key bindings --- home/modules/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 662782e..068387a 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -32,7 +32,7 @@ in source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh - bindkey '^n' autosuggest-accept + bindkey -e '^n' autosuggest-accept preexec() { echo -n -e "\033]0;$1\007" } From efefa0c8be1af5918e0f4ee828cf6c78a6738f02 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 19 Mar 2022 00:10:42 +0100 Subject: [PATCH 266/988] Fixed deprecated ale setting --- home/modules/vim/vimrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/vim/vimrc b/home/modules/vim/vimrc index 31b8fb5..aaaaccb 100644 --- a/home/modules/vim/vimrc +++ b/home/modules/vim/vimrc @@ -132,7 +132,7 @@ let g:ale_completion_enabled = 1 let g:ale_fix_on_save = 0 let g:ale_warn_about_trailing_whitespace = 1 let g:ale_warn_about_trailing_lines = 1 -let g:ale_completion_tsserver_autoimport = 1 +let g:ale_completion_autoimport = 1 let g:ale_languagetool_executable = 'languagetool-commandline' let g:ale_set_quickfix = 1 From ff9aa4738bb7b198677bacd7e5ffbb3201119c16 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 19 Mar 2022 00:11:07 +0100 Subject: [PATCH 267/988] Fixed nix renamed options and broken post-build hook --- nixos/gorgon/configuration.nix | 1 - nixos/modules/nix.nix | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index e90efa2..3548c19 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -18,7 +18,6 @@ in nix.package = pkgs.nixUnstable; nix.extraOptions = '' experimental-features = nix-command flakes - post-build-hook = ${signHook} ''; boot.kernelPackages = pkgs.linuxPackages_5_15; diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index b9756d9..bf60194 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -16,15 +16,15 @@ nixpkgs.flake = nixpkgs; dadada.flake = self; }; - nix.binaryCaches = [ + nix.settings.substituters = [ https://cache.nixos.org/ https://nix-community.cachix.org/ ]; - nix.binaryCachePublicKeys = [ + nix.settings.trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; - nix.requireSignedBinaryCaches = true; - nix.useSandbox = true; + nix.settings.require-sigs = true; + nix.settings.sandbox = true; } From 8fdf45fb4163e9879ca85e0cb9116b2de405c8a3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 20 Mar 2022 18:34:14 +0100 Subject: [PATCH 268/988] Fixed docker hanging on reboot --- nixos/modules/profiles/laptop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index bcf09aa..46bd799 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -32,6 +32,7 @@ with lib; virtualisation = { libvirtd.enable = mkDefault true; docker.enable = mkDefault true; + docker.liveRestore = false; }; virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24"; From 633707e81d9b1982156a2e37165266f05aa1a445 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 20 Mar 2022 18:34:32 +0100 Subject: [PATCH 269/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e2a85ac43f06859a50d067a029f0a303c4ca5264' (2022-03-18) → 'github:nix-community/home-manager/57476b5d286aa9416ed4472d19d37bbd93d30191' (2022-03-20) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index d0556ce..4ff212f 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1647572216, - "narHash": "sha256-HDOQ/Yq1ga5mbj0eUp/f5FY96TgOxwBjTfIRGsZsAlw=", + "lastModified": 1647797554, + "narHash": "sha256-V2szrnWB8hscmN86ENXXhzRJ09XEld9Ck+Os49LdqcM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e2a85ac43f06859a50d067a029f0a303c4ca5264", + "rev": "57476b5d286aa9416ed4472d19d37bbd93d30191", "type": "github" }, "original": { From 93ad118b22032fca8c0d82a17cfd15f424344f95 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 20 Mar 2022 18:38:02 +0100 Subject: [PATCH 270/988] Fixed renamed maxJobs option --- nixos/gorgon/hardware-configuration.nix | 2 +- nixos/ifrit/hardware-configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index d76db13..7b30b9e 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -38,5 +38,5 @@ [ { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; } ]; - nix.maxJobs = lib.mkDefault 16; + nix.settings.max-jobs = lib.mkDefault 16; } diff --git a/nixos/ifrit/hardware-configuration.nix b/nixos/ifrit/hardware-configuration.nix index ed35046..71b7225 100644 --- a/nixos/ifrit/hardware-configuration.nix +++ b/nixos/ifrit/hardware-configuration.nix @@ -22,5 +22,5 @@ [ { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; } ]; - nix.maxJobs = lib.mkDefault 2; + nix.settings.max-jobs = lib.mkDefault 2; } From 98eb4e7327b3dc759448fd89d98ad9ac6af9134e Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 25 Mar 2022 20:28:33 +0100 Subject: [PATCH 271/988] Fix audio on laptop --- home/nixpkgs-config.nix | 1 - nixos/gorgon/configuration.nix | 2 +- nixos/modules/profiles/laptop.nix | 9 +++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 9ed1404..1bf42a9 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -3,5 +3,4 @@ allowUnfree = true; allowBroken = false; android_sdk.accept_license = true; - pulseaudio = true; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3548c19..a6a8148 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -28,7 +28,7 @@ in dadada = { autoUpgrade.enable = false; - headphones.enable = true; + #headphones.enable = true; steam.enable = true; #fido2 = { # credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 46bd799..b1a6e03 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -53,4 +53,13 @@ with lib; services.xserver.desktopManager.gnome.enable = mkDefault true; xdg.mime.enable = mkDefault true; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + } From a24fb237a94b1bf8a55b8cf3557908c4599d0f0e Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 25 Mar 2022 20:48:12 +0100 Subject: [PATCH 272/988] Add agares configuration --- nixos/agares/configuration.nix | 39 +++++++++++++++++++++++++ nixos/agares/hardware-configuration.nix | 33 +++++++++++++++++++++ nixos/configurations.nix | 9 ++++++ 3 files changed, 81 insertions(+) create mode 100644 nixos/agares/configuration.nix create mode 100644 nixos/agares/hardware-configuration.nix diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix new file mode 100644 index 0000000..5db0ca4 --- /dev/null +++ b/nixos/agares/configuration.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + ./hardware-configuration.nix + ]; + + dadada = { + admin.enable = true; + networking.localResolver.enable = true; + }; + + networking.hostName = "agares"; + networking.domain = "dadada.li"; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + ]; + }; + + virtualisation.libvirtd.enable = true; + + environment.systemPackages = [ pkgs.curl ]; + + system.stateVersion = "22.05"; +} diff --git a/nixos/agares/hardware-configuration.nix b/nixos/agares/hardware-configuration.nix new file mode 100644 index 0000000..a113934 --- /dev/null +++ b/nixos/agares/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/sda1"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + swapDevices = [ ]; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = lib.mkDefault false; + networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 8180186..71be4c7 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -61,4 +61,13 @@ in ./pruflas/configuration.nix ]; }; + + agares = nixosSystem rec { + system = "x86_64-linux"; + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ + (adapterModule system) + ./modules/profiles/server.nix + ./agares/configuration.nix + ]; + }; } From 5e1a05eba5409cfe60e0f47f09dffbcee9d9e610 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 25 Mar 2022 20:49:02 +0100 Subject: [PATCH 273/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/57476b5d286aa9416ed4472d19d37bbd93d30191' (2022-03-20) → 'github:nix-community/home-manager/ac9404115362c901ffe5c5c215f76f74b79d5eda' (2022-03-23) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58' (2022-03-14) → 'github:NixOS/nixpkgs/1d08ea2bd83abef174fb43cbfb8a856b8ef2ce26' (2022-03-23) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/32f61571b486efc987baca553fb35df22532ba63' (2022-03-16) → 'github:NixOS/nixos-hardware/feceb4d24f582817d8f6e737cd40af9e162dee05' (2022-03-24) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 4ff212f..3d14172 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1647797554, - "narHash": "sha256-V2szrnWB8hscmN86ENXXhzRJ09XEld9Ck+Os49LdqcM=", + "lastModified": 1648078876, + "narHash": "sha256-oa3RA0Z0UwEZ1M5kQOT9oUVd4ew3XePOu2oDTenFd98=", "owner": "nix-community", "repo": "home-manager", - "rev": "57476b5d286aa9416ed4472d19d37bbd93d30191", + "rev": "ac9404115362c901ffe5c5c215f76f74b79d5eda", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1647297614, - "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=", + "lastModified": 1648069223, + "narHash": "sha256-BXzQV8p/RR440EB9qY0ULYfTH0zSW1stjUCYeP4SF+E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58", + "rev": "1d08ea2bd83abef174fb43cbfb8a856b8ef2ce26", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1647447644, - "narHash": "sha256-Di7ZCXjQKEys+jxgl8Mp7a8nowRSeAbzH8c9QNYkw2k=", + "lastModified": 1648141026, + "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "32f61571b486efc987baca553fb35df22532ba63", + "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05", "type": "github" }, "original": { From a855ade5e47a26e2cc19d0630c7c49a37357bbcc Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 25 Mar 2022 21:39:37 +0100 Subject: [PATCH 274/988] Add tty access to agares --- nixos/agares/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 5db0ca4..77cb0a1 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -17,6 +17,8 @@ boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; + boot.kernelParams = [ "console=ttyS0,115200" ]; + i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; From d05c6751e725fca8b15e0d5117ae1db2353ce825 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 26 Mar 2022 13:47:56 +0100 Subject: [PATCH 275/988] Update ifrit address --- nixos/gorgon/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index a6a8148..6410391 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -105,11 +105,11 @@ in }; networking.hosts = { - "fd42:dead:beef:0:5054:ff:fefb:7361" = [ + "fd42:dead:beef:0:5054:ff:fedd:6c2c" = [ "media.dadada.li" "ifrit.dadada.li" ]; - "192.168.42.103" = [ + "192.168.42.5" = [ "media.dadada.li" "ifrit.dadada.li" ]; From 9932e4386c19fc4fd53152b7d71d83e94761e7de Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 26 Mar 2022 13:50:12 +0100 Subject: [PATCH 276/988] Disable file share on ifrit --- nixos/ifrit/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 0499da5..e94310f 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -4,7 +4,6 @@ let "ifrit.dadada.li" "bs.vpn.dadada.li" "media.dadada.li" - "media.local" ]; backups = "/mnt/storage/backup"; in @@ -15,7 +14,7 @@ in dadada = { admin.enable = true; - fileShare.enable = true; + fileShare.enable = false; vpnServer.enable = true; vpnServer.peers = { From 9ca35af57c9ce91e7e001de3b2bd7b90a83c4ea5 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 31 Mar 2022 19:17:28 +0200 Subject: [PATCH 277/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) → 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) • Updated input 'home-manager': 'github:nix-community/home-manager/ac9404115362c901ffe5c5c215f76f74b79d5eda' (2022-03-23) → 'github:nix-community/home-manager/9580f6c42af2535dc7890edb681ead090f5105f2' (2022-03-30) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/1d08ea2bd83abef174fb43cbfb8a856b8ef2ce26' (2022-03-23) → 'github:NixOS/nixpkgs/710fed5a2483f945b14f4a58af2cd3676b42d8c8' (2022-03-30) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) → 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3d14172..739a3bc 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1648078876, - "narHash": "sha256-oa3RA0Z0UwEZ1M5kQOT9oUVd4ew3XePOu2oDTenFd98=", + "lastModified": 1648677361, + "narHash": "sha256-WA7F77XrvIjNaAyW6/D06/xVdbr3TNchHHB+oJbyDio=", "owner": "nix-community", "repo": "home-manager", - "rev": "ac9404115362c901ffe5c5c215f76f74b79d5eda", + "rev": "9580f6c42af2535dc7890edb681ead090f5105f2", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1648069223, - "narHash": "sha256-BXzQV8p/RR440EB9qY0ULYfTH0zSW1stjUCYeP4SF+E=", + "lastModified": 1648632716, + "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d08ea2bd83abef174fb43cbfb8a856b8ef2ce26", + "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", "type": "github" }, "original": { From 71d33dcb7012587e8ec6fe3e7d1e595d17acaf94 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Apr 2022 18:46:31 +0200 Subject: [PATCH 278/988] Automatically add admin users to libvirtd group --- nixos/modules/admin.nix | 5 ++++- nixos/modules/profiles/laptop.nix | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 031f628..dac46e0 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -36,7 +36,10 @@ in users.users = mapAttrs (user: keys: ( { - extraGroups = [ "wheel" ]; + extraGroups = [ + "wheel" + "libvirtd" + ]; isNormalUser = true; openssh.authorizedKeys.keyFiles = keys; })) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index b1a6e03..2ad80ec 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -61,5 +61,5 @@ with lib; alsa.support32Bit = true; pulse.enable = true; }; - + hardware.pulseaudio.enable = false; } From edfd136f260cd2cf505db6d1b299941cfbb7fea7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Apr 2022 19:35:26 +0200 Subject: [PATCH 279/988] Enable AMD IOMMU on agares for PCI passthrough --- nixos/agares/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 77cb0a1..986a236 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -17,7 +17,10 @@ boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; - boot.kernelParams = [ "console=ttyS0,115200" ]; + boot.kernelParams = [ + "console=ttyS0,115200" + "amd_iommu=on" + ]; i18n.defaultLocale = "en_US.UTF-8"; console = { From 7795c68ca0d94b358d5135d0e354ce43f6a7acb1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Apr 2022 19:38:23 +0200 Subject: [PATCH 280/988] Disabled dhcp for interfaces to be passed through --- nixos/agares/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 986a236..768764c 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -22,6 +22,9 @@ "amd_iommu=on" ]; + networking.interfaces.enp2s0.useDHCP = false; + networking.interfaces.enp3s0.useDHCP = false; + i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; From a8548bfdc9e7deea734a3bb14ad933a399d62c7c Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Apr 2022 20:25:30 +0200 Subject: [PATCH 281/988] Added iommu support --- nixos/agares/configuration.nix | 15 ++++++++++++++- nixos/agares/hardware-configuration.nix | 1 - 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 768764c..80769de 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -20,6 +20,15 @@ boot.kernelParams = [ "console=ttyS0,115200" "amd_iommu=on" + "iommu=pt" + ]; + + boot.kernelModules = [ + "kvm-amd" + "vfio" + "vfio_iommu_type1" + "vfio_pci" + "vfio_virqfd" ]; networking.interfaces.enp2s0.useDHCP = false; @@ -41,7 +50,11 @@ virtualisation.libvirtd.enable = true; - environment.systemPackages = [ pkgs.curl ]; + environment.systemPackages = with pkgs; [ + curl + flashrom + dmidecode + ]; system.stateVersion = "22.05"; } diff --git a/nixos/agares/hardware-configuration.nix b/nixos/agares/hardware-configuration.nix index a113934..5642461 100644 --- a/nixos/agares/hardware-configuration.nix +++ b/nixos/agares/hardware-configuration.nix @@ -10,7 +10,6 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; fileSystems."/" = From d6dd36cc253167f4d9f25088905431ac5c4ec20d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 00:59:23 +0200 Subject: [PATCH 282/988] Updated DNS --- nixos/modules/networking.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 1b549de..a66ec4f 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -56,7 +56,7 @@ in "::ffff:0:0/96" ]; private-domain = [ - "dadada.li" + "dyn.dadada.li" (mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.s0 "s0") ]; @@ -95,6 +95,13 @@ in ]; } ) + { + name = "dyn.dadada.li."; + forward-addr = [ + "fd42:9c3b:f96d:101::1" + "192.168.101.1" + ]; + } ]; }; }; From f749d99ed606cc9f2b94f3abd1aa6622af016f37 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 11:34:37 +0200 Subject: [PATCH 283/988] Add vlan vpn to agares --- nixos/agares/configuration.nix | 9 +++++++++ nixos/modules/networking.nix | 1 + 2 files changed, 10 insertions(+) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 80769de..9aca9aa 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -34,6 +34,15 @@ networking.interfaces.enp2s0.useDHCP = false; networking.interfaces.enp3s0.useDHCP = false; + networking.interfaces.enp1s0.useDHCP = true; + networkinng.vlans = { + vpn = { + id = 12; + interface = "enp1s0"; + }; + }; + networking.interfaces.vpn.useDHCP = true; + i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index a66ec4f..76281da 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -61,6 +61,7 @@ in (mkIf cfg.localResolver.s0 "s0") ]; domain-insecure = [ + "dyn.dadada.li" (mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.s0 "s0") ]; From 2e3a548f09ee0ee5da576404c2ce6aa193471ace Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 11:49:15 +0200 Subject: [PATCH 284/988] Fix typo --- nixos/agares/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 9aca9aa..0dcb87b 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -35,7 +35,7 @@ networking.interfaces.enp3s0.useDHCP = false; networking.interfaces.enp1s0.useDHCP = true; - networkinng.vlans = { + networking.vlans = { vpn = { id = 12; interface = "enp1s0"; From f7f6d03ee259a2a7a2c12269118000e1ab5538a9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 11:52:35 +0200 Subject: [PATCH 285/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/9580f6c42af2535dc7890edb681ead090f5105f2' (2022-03-30) → 'github:nix-community/home-manager/f911ebbec927e8e9b582f2e32e2b35f730074cfc' (2022-04-08) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/710fed5a2483f945b14f4a58af2cd3676b42d8c8' (2022-03-30) → 'github:NixOS/nixpkgs/42948b300670223ca8286aaf916bc381f66a5313' (2022-04-08) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/5b51499d0c776ad4a713a5ef0eb2c605443b5a01' (2022-03-11) → 'github:nix-community/nix-doom-emacs/f3f40f333c3214c9614c23b6abd1ae498af3e5b5' (2022-04-09) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/feceb4d24f582817d8f6e737cd40af9e162dee05' (2022-03-24) → 'github:NixOS/nixos-hardware/850308db3ef0bcc7454155063b5fec28b4ffbc8c' (2022-04-09) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 739a3bc..401ec76 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1648677361, - "narHash": "sha256-WA7F77XrvIjNaAyW6/D06/xVdbr3TNchHHB+oJbyDio=", + "lastModified": 1649392573, + "narHash": "sha256-dCPEJZzExz2+i7AjUuViZUgHC+JXDlBBG/IzuSYWCh8=", "owner": "nix-community", "repo": "home-manager", - "rev": "9580f6c42af2535dc7890edb681ead090f5105f2", + "rev": "f911ebbec927e8e9b582f2e32e2b35f730074cfc", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1648632716, - "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", + "lastModified": 1649408932, + "narHash": "sha256-JhTW1OtS5fACcRXLqcTTQyYO5vLkO+bceCqeRms13SY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", + "rev": "42948b300670223ca8286aaf916bc381f66a5313", "type": "github" }, "original": { @@ -318,11 +318,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1646961407, - "narHash": "sha256-xt7ikT6iMMDQVS9q4KjfOIDNssk4RhsWqNt5Ioxatko=", + "lastModified": 1649509049, + "narHash": "sha256-gLmRO2gPqjLPmFBhgFkl1nbBzJlNV0lmXMzapbw9qac=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "5b51499d0c776ad4a713a5ef0eb2c605443b5a01", + "rev": "f3f40f333c3214c9614c23b6abd1ae498af3e5b5", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1648141026, - "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=", + "lastModified": 1649488242, + "narHash": "sha256-GFahTvlMnqotZ8i1AO3J8OtVFrJe4QHcEPxpFH+DIEw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05", + "rev": "850308db3ef0bcc7454155063b5fec28b4ffbc8c", "type": "github" }, "original": { From 04ee4a1507cb86a2ea821e28013efb1f776afdf8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 14:20:56 +0200 Subject: [PATCH 286/988] Updated VPN addresses --- nixos/modules/networking.nix | 6 +++--- nixos/modules/vpnServer.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 76281da..be1a54b 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -115,7 +115,7 @@ in networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { bs = { - ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ]; + ips = [ "fd42:9c3b:f96d::${cfg.vpnExtension}/64" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; @@ -123,7 +123,7 @@ in peers = [ { publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs="; - allowedIPs = [ "fd42:dead:beef::/48" ]; + allowedIPs = [ "fd42:9c3b:f96d::/48" ]; endpoint = "bs.vpn.dadada.li:51234"; persistentKeepalive = 25; } @@ -140,7 +140,7 @@ in systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { serviceConfig.Type = "oneshot"; script = '' - ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:dead:beef::/48 + ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 ''; }; diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 3965496..7c213c8 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -36,12 +36,12 @@ in networking.wireguard.interfaces."wg0" = { allowedIPsAsRoutes = true; privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = [ "fd42:dead:beef:1337::0/64" ]; + ips = [ "fd42:9c3b:f96d:0200::0/64" ]; listenPort = 51234; peers = map (peer: ( { - allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; + allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ]; publicKey = peer.key; })) (attrValues cfg.peers); From 8c404eb2db3caeacf206d249ab5834575a592cfe Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 14:42:52 +0200 Subject: [PATCH 287/988] Fixed vpn prefix --- nixos/modules/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index be1a54b..5520bd7 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -115,7 +115,7 @@ in networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { bs = { - ips = [ "fd42:9c3b:f96d::${cfg.vpnExtension}/64" ]; + ips = [ "fd42:9c3b:f96d:200::${cfg.vpnExtension}/64" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; From f901a0f775f42b3427728949eac894a458d2cc61 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 16:07:17 +0200 Subject: [PATCH 288/988] Update backup config --- nixos/ifrit/configuration.nix | 68 ++++++++++++++--------------------- nixos/modules/backup.nix | 8 +---- 2 files changed, 28 insertions(+), 48 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index e94310f..20cac31 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -4,8 +4,33 @@ let "ifrit.dadada.li" "bs.vpn.dadada.li" "media.dadada.li" + "backup.dadada.li" ]; backups = "/mnt/storage/backup"; + ddns = hostname: { + timers."ddns-${hostname}" = { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${hostname}.service" ]; + timerConfig.OnCalendar = "hourly"; + }; + services."ddns-${hostname}" = { + serviceConfig.Type = "oneshot"; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } + + IFS=':' + read -r user password < /var/lib/ddns/credentials + unset IFS + + curl_url=$(url "$user" "$password" ${hostname}) + + ${pkgs.curl}/bin/curl -4 "$curl_url" + ${pkgs.curl}/bin/curl -6 "$curl_url" + ''; + }; + }; in { imports = [ @@ -49,6 +74,7 @@ in }; }; + users.users.borg.home = "/mnt/storage/backup"; services.borgbackup.repos = { "metis" = { allowSubRepos = false; @@ -109,11 +135,6 @@ in "::1" = hostAliases; }; - networking.nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - # weird issues with crappy plastic router networking.interfaces."ens3".tempAddress = "disabled"; @@ -143,19 +164,6 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH - 80 - 443 # HTTP(S) - 111 - 2049 # NFS - 139 - 445 # SMB - ]; - allowedUDPPorts = [ - 137 - 138 - 111 - 2049 # NFS - 51234 # Wireguard ]; }; @@ -188,30 +196,8 @@ in }; environment.systemPackages = [ pkgs.curl ]; - systemd = { - timers.ddns-joker = { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-joker.service" ]; - timerConfig.OnCalendar = "hourly"; - }; - services.ddns-joker = { - serviceConfig.Type = "oneshot"; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } - IFS=':' - read -r user password < /var/lib/ddns/credentials - unset IFS - - curl_url=$(url "$user" "$password" bs.vpn.dadada.li) - - ${pkgs.curl}/bin/curl -4 "$curl_url" - ${pkgs.curl}/bin/curl -6 "$curl_url" - ''; - }; - }; + systemd = (ddns "bs.vpn.dadada.li") // (ddns "backup0.dadada.li"); system.stateVersion = "20.03"; } diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 11c0908..eecddd8 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -60,16 +60,10 @@ in startAt = "monthly"; }; - networking.hosts = mkIf cfg.bs { - "fd42:dead:beef:0:5054:ff:fefb:7361" = [ - "media.dadada.li" - ]; - }; - services.borgbackup.jobs.bs = mkIf cfg.bs { paths = "/"; exclude = backupExcludes; - repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + repo = "borg@backup0.dadada.li:${config.networking.hostName}"; doInit = false; environment = { BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; From ec63b1c032c0953d117ad6ab579961d0a5226582 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 16:10:04 +0200 Subject: [PATCH 289/988] Update vpn config --- nixos/modules/networking.nix | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 5520bd7..e1ffb9f 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -114,7 +114,7 @@ in })); networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { - bs = { + dadada = { ips = [ "fd42:9c3b:f96d:200::${cfg.vpnExtension}/64" ]; listenPort = 51234; @@ -124,7 +124,7 @@ in { publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs="; allowedIPs = [ "fd42:9c3b:f96d::/48" ]; - endpoint = "bs.vpn.dadada.li:51234"; + endpoint = "vpn.dadada.li:51234"; persistentKeepalive = 25; } ]; @@ -140,22 +140,8 @@ in systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { serviceConfig.Type = "oneshot"; script = '' - ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 + ${pkgs.wireguard-tools}/bin/wg set dadada peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 ''; }; - - fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare { - device = "media.dadada.li:/mnt/storage/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - - networking.firewall = { - enable = true; - allowedUDPPorts = [ - 51234 # Wireguard - 5353 # mDNS - ]; - }; }; } From ee3816fc80c1fe1aa27adeb698a54c63a9fa35c2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 16:27:35 +0200 Subject: [PATCH 290/988] update vlan config --- nixos/agares/configuration.nix | 4 ++++ nixos/ifrit/configuration.nix | 3 +++ 2 files changed, 7 insertions(+) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 0dcb87b..e051ce3 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -40,6 +40,10 @@ id = 12; interface = "enp1s0"; }; + lan = { + id = 13; + interface = "enp1s0"; + }; }; networking.interfaces.vpn.useDHCP = true; diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 20cac31..a60d5c2 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -165,6 +165,9 @@ in allowedTCPPorts = [ 22 # SSH ]; + allowedUDPPorts = [ + 51234 + ]; }; security.acme = { From 85c5e1a744818d2422e536a4fb0065057ce2d81b Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 18:40:26 +0200 Subject: [PATCH 291/988] fix vlan config --- nixos/agares/configuration.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index e051ce3..7f21586 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -31,21 +31,26 @@ "vfio_virqfd" ]; - networking.interfaces.enp2s0.useDHCP = false; - networking.interfaces.enp3s0.useDHCP = false; - - networking.interfaces.enp1s0.useDHCP = true; networking.vlans = { + lan = { + id = 11; + interface = "enp1s0"; + }; vpn = { id = 12; interface = "enp1s0"; }; - lan = { + backup = { id = 13; interface = "enp1s0"; }; }; - networking.interfaces.vpn.useDHCP = true; + networking.interfaces.enp1s0.useDHCP = true; + networking.interfaces.enp2s0.useDHCP = false; + networking.interfaces.enp3s0.useDHCP = false; + networking.interfaces.lan.useDHCP = false; + networking.interfaces.vpn.useDHCP = false; + networking.interfaces.backup.useDHCP = false; i18n.defaultLocale = "en_US.UTF-8"; console = { From 7bd28525cb77aa84334afa85e4596dc8b1540cb9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Apr 2022 21:22:01 +0200 Subject: [PATCH 292/988] Configure bridges --- nixos/agares/configuration.nix | 18 +++++++++++++----- nixos/ifrit/configuration.nix | 1 + 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 7f21586..4fe1a3e 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -45,12 +45,20 @@ interface = "enp1s0"; }; }; + + networking.bridges = { + "br-lan" = { + interfaces = [ "lan" ]; + }; + "br-vpn" = { + interfaces = [ "vpn" ]; + }; + "br-backup" = { + interfaces = [ "backup" ]; + }; + }; + networking.interfaces.enp1s0.useDHCP = true; - networking.interfaces.enp2s0.useDHCP = false; - networking.interfaces.enp3s0.useDHCP = false; - networking.interfaces.lan.useDHCP = false; - networking.interfaces.vpn.useDHCP = false; - networking.interfaces.backup.useDHCP = false; i18n.defaultLocale = "en_US.UTF-8"; console = { diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index a60d5c2..b5e08e3 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -151,6 +151,7 @@ in networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; + networking.interfaces.ens4.useDHCP = true; fileSystems."/mnt/storage" = { device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; From 3bf7ca48b0d9c75fd4a6fd212c96744c4b52175c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Apr 2022 00:40:06 +0000 Subject: [PATCH 293/988] Bump cachix/install-nix-action from 13 to 17 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 13 to 17. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v13...v17) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- .github/workflows/nix-flake-update.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 33671cc..1847f95 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v13 + - uses: cachix/install-nix-action@v17 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index b73fbce..edc343d 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v13 + - uses: cachix/install-nix-action@v17 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | From 5a556254a858ea4fecc48bb9e2daa01116921fdc Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 13 Apr 2022 17:01:05 +0200 Subject: [PATCH 294/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) → 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) • Updated input 'home-manager': 'github:nix-community/home-manager/f911ebbec927e8e9b582f2e32e2b35f730074cfc' (2022-04-08) → 'github:nix-community/home-manager/e39a9d0103e3b2e42059c986a8c633824b96c193' (2022-04-11) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/42948b300670223ca8286aaf916bc381f66a5313' (2022-04-08) → 'github:NixOS/nixpkgs/33772708c6d0e33f697426ba386aa0149cbcbecb' (2022-04-11) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/850308db3ef0bcc7454155063b5fec28b4ffbc8c' (2022-04-09) → 'github:NixOS/nixos-hardware/1a0ccdbf4583ed0fce37eea7955e8ef90f840a9f' (2022-04-13) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) → 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 401ec76..611954a 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1648297722, - "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "lastModified": 1649676176, + "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "owner": "numtide", "repo": "flake-utils", - "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1648297722, - "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "lastModified": 1649676176, + "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "owner": "numtide", "repo": "flake-utils", - "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1649392573, - "narHash": "sha256-dCPEJZzExz2+i7AjUuViZUgHC+JXDlBBG/IzuSYWCh8=", + "lastModified": 1649642044, + "narHash": "sha256-V9ZjTJcbDPgWG+H3rIC6XuPHZAPK1VupBbSsuDbptkQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f911ebbec927e8e9b582f2e32e2b35f730074cfc", + "rev": "e39a9d0103e3b2e42059c986a8c633824b96c193", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1649408932, - "narHash": "sha256-JhTW1OtS5fACcRXLqcTTQyYO5vLkO+bceCqeRms13SY=", + "lastModified": 1649673231, + "narHash": "sha256-1T3AFscfS7s9pkFA+UIDrHH3/RLVjRdYs5ImuLYpOlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42948b300670223ca8286aaf916bc381f66a5313", + "rev": "33772708c6d0e33f697426ba386aa0149cbcbecb", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1649488242, - "narHash": "sha256-GFahTvlMnqotZ8i1AO3J8OtVFrJe4QHcEPxpFH+DIEw=", + "lastModified": 1649849514, + "narHash": "sha256-zQyTr2UebTKUh1KLyLtevhHsM8umPK1LfQLGUGjRjiQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "850308db3ef0bcc7454155063b5fec28b4ffbc8c", + "rev": "1a0ccdbf4583ed0fce37eea7955e8ef90f840a9f", "type": "github" }, "original": { From 6d90e97f9e9dfb0abb8586b5b500478a6a87f1df Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 13 Apr 2022 17:18:02 +0200 Subject: [PATCH 295/988] Updated interface config on ifrit --- nixos/ifrit/configuration.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index b5e08e3..00b8865 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -135,9 +135,6 @@ in "::1" = hostAliases; }; - # weird issues with crappy plastic router - networking.interfaces."ens3".tempAddress = "disabled"; - # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; @@ -149,9 +146,13 @@ in keyMap = "us"; }; + # weird issues with crappy plastic router + networking.interfaces."ens3".tempAddress = "disabled"; + networking.interfaces."ens7".tempAddress = "disabled"; + networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; - networking.interfaces.ens4.useDHCP = true; + networking.interfaces.ens7.useDHCP = true; fileSystems."/mnt/storage" = { device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; From 743b84363c76ffe783e8cc9075ccf8f94cef88bb Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 13 Apr 2022 17:24:21 +0200 Subject: [PATCH 296/988] Disable dhcp on ens7 on ifrit --- nixos/ifrit/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 00b8865..882063b 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -152,7 +152,7 @@ in networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; - networking.interfaces.ens7.useDHCP = true; + networking.interfaces.ens7.useDHCP = false; fileSystems."/mnt/storage" = { device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; From 38e910fb46d56e62f4ccc48eaeea0ad18e1a8348 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 13 Apr 2022 17:26:55 +0200 Subject: [PATCH 297/988] fixup hostname for vpn --- nixos/ifrit/configuration.nix | 34 +++++-------------------- nixos/modules/ddns.nix | 47 +++++++++++++++++++++++++++++++++++ nixos/modules/default.nix | 1 + 3 files changed, 54 insertions(+), 28 deletions(-) create mode 100644 nixos/modules/ddns.nix diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 882063b..ed63375 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -2,35 +2,11 @@ let hostAliases = [ "ifrit.dadada.li" - "bs.vpn.dadada.li" + "vpn.dadada.li" "media.dadada.li" - "backup.dadada.li" + "backup0.dadada.li" ]; backups = "/mnt/storage/backup"; - ddns = hostname: { - timers."ddns-${hostname}" = { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${hostname}.service" ]; - timerConfig.OnCalendar = "hourly"; - }; - services."ddns-${hostname}" = { - serviceConfig.Type = "oneshot"; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } - - IFS=':' - read -r user password < /var/lib/ddns/credentials - unset IFS - - curl_url=$(url "$user" "$password" ${hostname}) - - ${pkgs.curl}/bin/curl -4 "$curl_url" - ${pkgs.curl}/bin/curl -6 "$curl_url" - ''; - }; - }; in { imports = [ @@ -72,6 +48,10 @@ in key = "5EaLm7uC8XzoN8+BaGzgGRUU4q5shM7gQJcs/d7n+Vo="; }; }; + ddns.domains = [ + "vpn.dadada.li" + "backup0.dadada.li" + ]; }; users.users.borg.home = "/mnt/storage/backup"; @@ -202,7 +182,5 @@ in environment.systemPackages = [ pkgs.curl ]; - systemd = (ddns "bs.vpn.dadada.li") // (ddns "backup0.dadada.li"); - system.stateVersion = "20.03"; } diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix new file mode 100644 index 0000000..2c42ce4 --- /dev/null +++ b/nixos/modules/ddns.nix @@ -0,0 +1,47 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.ddns; + ddnsConfig = hostNames: { + systemd.timers = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}" + { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${hostname}.service" ]; + timerConfig.OnCalendar = "hourly"; + })); + + systemd.services = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}" + { + serviceConfig.Type = "oneshot"; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } + + IFS=':' + read -r user password < /var/lib/ddns/credentials + unset IFS + + curl_url=$(url "$user" "$password" ${hostname}) + + ${pkgs.curl}/bin/curl -4 "$curl_url" + ${pkgs.curl}/bin/curl -6 "$curl_url" + ''; + })); + }; +in { + options = { + dadada.ddns.domains = mkOption { + type = types.listOf types.str; + description = '' + Enables DDNS for these domains. + ''; + example = '' + [ "example.com" ] + ''; + default = []; + }; + }; + + config = ddnsConfig cfg.domains; +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 1930b23..bb3cf37 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -2,6 +2,7 @@ { admin = import ./admin.nix; backup = import ./backup.nix; + ddns = import ./ddns.nix; element = import ./element.nix; fido2 = import ./fido2.nix; fileShare = import ./fileShare.nix; From 5419038e7525fca6bb7d19055871fa38a17eb435 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 15 Apr 2022 18:08:38 +0200 Subject: [PATCH 298/988] fix borg behaviour with relative paths by using absolute paths If a relative path is given to a repository that already exists, but borg did not backup to previously, borg tries to create a backup relative to this path. Might also be due to path restrictio in borg serve... --- nixos/modules/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index eecddd8..5274ce0 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -63,7 +63,7 @@ in services.borgbackup.jobs.bs = mkIf cfg.bs { paths = "/"; exclude = backupExcludes; - repo = "borg@backup0.dadada.li:${config.networking.hostName}"; + repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; doInit = false; environment = { BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; From 790d62a58f110ec2b801d16092bf584074176722 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 15 Apr 2022 19:45:58 +0200 Subject: [PATCH 299/988] allow renaming borg backups --- nixos/ifrit/configuration.nix | 2 +- nixos/modules/backup.nix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index ed63375..b566737 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -54,7 +54,7 @@ in ]; }; - users.users.borg.home = "/mnt/storage/backup"; + users.users.borg.home = backups; services.borgbackup.repos = { "metis" = { allowSubRepos = false; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 5274ce0..3ac7fec 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -74,6 +74,9 @@ in }; compression = "auto,lz4"; startAt = "daily"; + environment = { + BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; + }; }; }; } From 7d4f36d831ad15ba615505e61e694706aa06d124 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 16 Apr 2022 08:22:39 +0200 Subject: [PATCH 300/988] add option TCPKeepAlive to borg ssh connection --- nixos/modules/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 3ac7fec..c5855e0 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -66,7 +66,7 @@ in repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; doInit = false; environment = { - BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; + BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; }; encryption = { mode = "repokey"; From d415aa10be122152579297d724a56ff1c5c27e7d Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 20 Apr 2022 23:07:09 +0200 Subject: [PATCH 301/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e39a9d0103e3b2e42059c986a8c633824b96c193' (2022-04-11) → 'github:nix-community/home-manager/93a69d07389311ffd6ce1f4d01836bbc2faec644' (2022-04-20) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/33772708c6d0e33f697426ba386aa0149cbcbecb' (2022-04-11) → 'github:NixOS/nixpkgs/1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887' (2022-04-17) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/f3f40f333c3214c9614c23b6abd1ae498af3e5b5' (2022-04-09) → 'github:nix-community/nix-doom-emacs/f1ca1906a5f0ff319cb08d9ab478cf377e327c92' (2022-04-15) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/42e5763782fdc1aabb9f2624d468248d6978abe2' (2022-02-23) → 'github:hlissner/doom-emacs/0e48c22c3e4d22bdaa4700e9c9f3484d2ce84973' (2022-04-12) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/c875f360337cd71890c6b682cf277cc06218dbfa' (2022-03-10) → 'github:nix-community/emacs-overlay/82f83fbd561c08e83faeb4a8c37fb43375d88bd1' (2022-04-14) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/91681fc03334285dc0879fcb9a27583bd7ab9782' (2022-03-03) → 'github:emacs-straight/org-mode/f6813dbea9ef0c6be19bf68b4d9227ceb64c9449' (2022-04-07) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/37861335a225a3cc9f67e98977aceda3c2a9eca9' (2022-03-09) → 'github:hakimel/reveal.js/9415ad5d7f329ccd8fbc82627789396a57fdbb3d' (2022-04-06) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 611954a..10c0f1c 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1645634993, - "narHash": "sha256-QeE6aUJxoaqHM28Cpt2rKC817VQvXGuuFUyLzehaC50=", + "lastModified": 1649724698, + "narHash": "sha256-qqczsK81uwO0JRpX4+DH4oEmMLAcm+VTp/IdLiUop7w=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "42e5763782fdc1aabb9f2624d468248d6978abe2", + "rev": "0e48c22c3e4d22bdaa4700e9c9f3484d2ce84973", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1646933422, - "narHash": "sha256-yDU9F/LhFVLeyCyXycwnb93bA5lEcCXlj4sldQe92Yw=", + "lastModified": 1649963026, + "narHash": "sha256-2gaQCVa9LWal65+i1ySFDZ6rgAVH07/GqKOf1DKle4A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c875f360337cd71890c6b682cf277cc06218dbfa", + "rev": "82f83fbd561c08e83faeb4a8c37fb43375d88bd1", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1649642044, - "narHash": "sha256-V9ZjTJcbDPgWG+H3rIC6XuPHZAPK1VupBbSsuDbptkQ=", + "lastModified": 1650478719, + "narHash": "sha256-308c2cM4hW9AW6dSQ080ycXGyEJGkG/OwOINkYL9Mnw=", "owner": "nix-community", "repo": "home-manager", - "rev": "e39a9d0103e3b2e42059c986a8c633824b96c193", + "rev": "93a69d07389311ffd6ce1f4d01836bbc2faec644", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1649673231, - "narHash": "sha256-1T3AFscfS7s9pkFA+UIDrHH3/RLVjRdYs5ImuLYpOlE=", + "lastModified": 1650161686, + "narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "33772708c6d0e33f697426ba386aa0149cbcbecb", + "rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887", "type": "github" }, "original": { @@ -318,11 +318,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1649509049, - "narHash": "sha256-gLmRO2gPqjLPmFBhgFkl1nbBzJlNV0lmXMzapbw9qac=", + "lastModified": 1649986019, + "narHash": "sha256-h9GklVWQlxkpavw44mOwAmo6bSdwrdI5pJOApstFdik=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "f3f40f333c3214c9614c23b6abd1ae498af3e5b5", + "rev": "f1ca1906a5f0ff319cb08d9ab478cf377e327c92", "type": "github" }, "original": { @@ -443,11 +443,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1646280299, - "narHash": "sha256-ZNkOfB8o2OHTh2t/ci8uv8aoV3I5IfAgIIOP3azD6eU=", + "lastModified": 1649335886, + "narHash": "sha256-zLSxib7sMmhojF52BmrxHMSf0v4gbCeBTenGMV8h6qM=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "91681fc03334285dc0879fcb9a27583bd7ab9782", + "rev": "f6813dbea9ef0c6be19bf68b4d9227ceb64c9449", "type": "github" }, "original": { @@ -527,11 +527,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1646820626, - "narHash": "sha256-J3bcoO/42FcPIqCU7ORiV7dcvJDKtEHG8N7/stEQqDg=", + "lastModified": 1649243708, + "narHash": "sha256-yBCBpnUTJG6EphpRzID61vVlwqrm5iuKDVQjkAQZTkQ=", "owner": "hakimel", "repo": "reveal.js", - "rev": "37861335a225a3cc9f67e98977aceda3c2a9eca9", + "rev": "9415ad5d7f329ccd8fbc82627789396a57fdbb3d", "type": "github" }, "original": { From b8f2c5c5314ab71b3faf57559cc1b03f68b6ea54 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 19:30:58 +0200 Subject: [PATCH 302/988] enable forwarding on vpn --- nixos/ifrit/configuration.nix | 5 +++++ nixos/modules/vpnServer.nix | 36 +++++++++++++++++++++-------------- 2 files changed, 27 insertions(+), 14 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index b566737..fdb5a57 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -134,6 +134,11 @@ in networking.interfaces.ens3.useDHCP = true; networking.interfaces.ens7.useDHCP = false; + boot.kernel.sysctl = { + # Enable forwarding for VPN + "net.ipv6.conf.ens3.forwarding" = true; + }; + fileSystems."/mnt/storage" = { device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; mountPoint = "/mnt/storage"; diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 7c213c8..91f2182 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, pkgs, lib, ... }: with lib; let @@ -32,19 +32,27 @@ in }; }; config = mkIf cfg.enable { - networking.wireguard.enable = true; - networking.wireguard.interfaces."wg0" = { - allowedIPsAsRoutes = true; - privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = [ "fd42:9c3b:f96d:0200::0/64" ]; - listenPort = 51234; - peers = map - (peer: ( - { - allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ]; - publicKey = peer.key; - })) - (attrValues cfg.peers); + networking.wireguard = { + enable = true; + interfaces."wg0" = { + allowedIPsAsRoutes = true; + privateKeyFile = "/var/lib/wireguard/wg0-key"; + ips = [ "fd42:9c3b:f96d:0200::0/64" ]; + listenPort = 51234; + peers = map + (peer: ( + { + allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ]; + publicKey = peer.key; + })) + (attrValues cfg.peers); + postSetup = '' + wg set wg0 fwmark 51234 + ip rule add table 2468 + ip route add default dev ens3 table 2468 + ip route add fwmark 51234 table 2468 + ''; + }; }; }; } From 23e7c85827e377fc85115cd23c0048ebde5b262f Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 19:40:55 +0200 Subject: [PATCH 303/988] fixup: route -> rule --- nixos/modules/vpnServer.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 91f2182..eba8b82 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -50,7 +50,7 @@ in wg set wg0 fwmark 51234 ip rule add table 2468 ip route add default dev ens3 table 2468 - ip route add fwmark 51234 table 2468 + ip rule add fwmark 51234 table 2468 ''; }; }; From c05dd7536bf1a289826db7242181a5e0c3bd0703 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 19:46:38 +0200 Subject: [PATCH 304/988] add more loggig to wireguard setup --- nixos/modules/vpnServer.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index eba8b82..962254e 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -47,6 +47,7 @@ in })) (attrValues cfg.peers); postSetup = '' + set -x wg set wg0 fwmark 51234 ip rule add table 2468 ip route add default dev ens3 table 2468 From c98f24e703a03ac6e5908894294d8e9d36cb2c44 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 20:17:30 +0200 Subject: [PATCH 305/988] fixup vpn routing config --- nixos/modules/vpnServer.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 962254e..da0f94a 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -49,9 +49,9 @@ in postSetup = '' set -x wg set wg0 fwmark 51234 - ip rule add table 2468 - ip route add default dev ens3 table 2468 - ip rule add fwmark 51234 table 2468 + ip -6 rule add table 2468 + ip -6 route add table 2468 default dev ens3 + ip -6 rule add fwmark 51234 table 2468 ''; }; }; From b698aaea6b86b0a56f2f910dbf0cd26326a61797 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 21:31:10 +0200 Subject: [PATCH 306/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/93a69d07389311ffd6ce1f4d01836bbc2faec644' (2022-04-20) → 'github:nix-community/home-manager/778af87a981eb2bfa3566dff8c3fb510856329ef' (2022-04-26) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887' (2022-04-17) → 'github:NixOS/nixpkgs/e10da1c7f542515b609f8dfbcf788f3d85b14936' (2022-04-26) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/f1ca1906a5f0ff319cb08d9ab478cf377e327c92' (2022-04-15) → 'github:nix-community/nix-doom-emacs/8e818ce70f399fcb11211296cf5bcb332203d7f2' (2022-04-22) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/0e48c22c3e4d22bdaa4700e9c9f3484d2ce84973' (2022-04-12) → 'github:hlissner/doom-emacs/d41cff489f6d8ad326abcb2ccb53d716690b2c16' (2022-04-21) • Updated input 'nix-doom-emacs/doom-snippets': 'github:hlissner/doom-snippets/f61c23ece1ad47c0522059ac45085fd283ce4452' (2022-03-02) → 'github:hlissner/doom-snippets/d1c00c5b12d842dcc786be8dbb129743dc1b68f1' (2022-04-21) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/82f83fbd561c08e83faeb4a8c37fb43375d88bd1' (2022-04-14) → 'github:nix-community/emacs-overlay/fef4e2e46ee8e42b68571cabc0bd73998e0d078f' (2022-04-21) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07) → 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/f6813dbea9ef0c6be19bf68b4d9227ceb64c9449' (2022-04-07) → 'github:emacs-straight/org-mode/adccb81d5415d0288b10b061c186c0c55dba3aa4' (2022-04-21) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/1a0ccdbf4583ed0fce37eea7955e8ef90f840a9f' (2022-04-13) → 'github:NixOS/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 10c0f1c..5c51ff8 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1649724698, - "narHash": "sha256-qqczsK81uwO0JRpX4+DH4oEmMLAcm+VTp/IdLiUop7w=", + "lastModified": 1650579692, + "narHash": "sha256-74zNPQQP9B6GKD58C+vq/iO9OjUq3RF1v554HQ+udJE=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "0e48c22c3e4d22bdaa4700e9c9f3484d2ce84973", + "rev": "d41cff489f6d8ad326abcb2ccb53d716690b2c16", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1646222996, - "narHash": "sha256-YhOnoNSpmcKNJg+aS/829zqXStMkKWXWf1pulHEBcpQ=", + "lastModified": 1650572985, + "narHash": "sha256-8qxVbfB1JGW1VVHofs8+v5UBaNCedolfrVVbxWP1C10=", "owner": "hlissner", "repo": "doom-snippets", - "rev": "f61c23ece1ad47c0522059ac45085fd283ce4452", + "rev": "d1c00c5b12d842dcc786be8dbb129743dc1b68f1", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1649963026, - "narHash": "sha256-2gaQCVa9LWal65+i1ySFDZ6rgAVH07/GqKOf1DKle4A=", + "lastModified": 1650566870, + "narHash": "sha256-FRRO7P5Uf85lhcl7h/z81v94j4Tk83Ncqrry3zl8Vbc=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "82f83fbd561c08e83faeb4a8c37fb43375d88bd1", + "rev": "fef4e2e46ee8e42b68571cabc0bd73998e0d078f", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1649676176, + "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1650478719, - "narHash": "sha256-308c2cM4hW9AW6dSQ080ycXGyEJGkG/OwOINkYL9Mnw=", + "lastModified": 1651007090, + "narHash": "sha256-C/OoQRzTUOWEr1sd3xTKA2GudA1YG1XB3MlL6KfTchg=", "owner": "nix-community", "repo": "home-manager", - "rev": "93a69d07389311ffd6ce1f4d01836bbc2faec644", + "rev": "778af87a981eb2bfa3566dff8c3fb510856329ef", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1650161686, - "narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=", + "lastModified": 1651007983, + "narHash": "sha256-GNay7yDPtLcRcKCNHldug85AhAvBpTtPEJWSSDYBw8U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887", + "rev": "e10da1c7f542515b609f8dfbcf788f3d85b14936", "type": "github" }, "original": { @@ -318,11 +318,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1649986019, - "narHash": "sha256-h9GklVWQlxkpavw44mOwAmo6bSdwrdI5pJOApstFdik=", + "lastModified": 1650592208, + "narHash": "sha256-bnWD7X3hAsJPoORbK7SOew1kIlUdp4S2oMAiEl5DrWE=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "f1ca1906a5f0ff319cb08d9ab478cf377e327c92", + "rev": "8e818ce70f399fcb11211296cf5bcb332203d7f2", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1649849514, - "narHash": "sha256-zQyTr2UebTKUh1KLyLtevhHsM8umPK1LfQLGUGjRjiQ=", + "lastModified": 1650522846, + "narHash": "sha256-SxWHXRI3qJwswyXAtzsi6PKVY3KLNNnb072KaJthII8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1a0ccdbf4583ed0fce37eea7955e8ef90f840a9f", + "rev": "6b4ebea9093c997c5f275c820e679108de4871ab", "type": "github" }, "original": { @@ -443,11 +443,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1649335886, - "narHash": "sha256-zLSxib7sMmhojF52BmrxHMSf0v4gbCeBTenGMV8h6qM=", + "lastModified": 1650542422, + "narHash": "sha256-khWaV6e6q9l216SpwPIjvKBkurdfpvsPpDKZDJS8rLU=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "f6813dbea9ef0c6be19bf68b4d9227ceb64c9449", + "rev": "adccb81d5415d0288b10b061c186c0c55dba3aa4", "type": "github" }, "original": { From 1dc4944d34b7c98038b98eae3137446af9f3d721 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 21:31:47 +0200 Subject: [PATCH 307/988] add virt-manager to home packages list --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 92e083f..ac55542 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -88,6 +88,7 @@ with pkgs; [ thunderbird unzip usbutils + virt-manager vscodium whois wireshark From 34feb8a8a51ce5a6aead6d899ca3bda6568938f0 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 22:53:04 +0200 Subject: [PATCH 308/988] activate ttyS0 on ifrit --- nixos/ifrit/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index fdb5a57..b38a161 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -139,6 +139,10 @@ in "net.ipv6.conf.ens3.forwarding" = true; }; + boot.kernelParams = [ + "console=ttyS0,115200" + ]; + fileSystems."/mnt/storage" = { device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; mountPoint = "/mnt/storage"; From 0308d6668a8617b714a3e1dd757522eb88064c7e Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Apr 2022 22:34:50 +0200 Subject: [PATCH 309/988] fix vpn config --- home/home/default.nix | 2 +- nixos/ifrit/configuration.nix | 17 ----------------- nixos/modules/networking.nix | 11 +++++------ nixos/modules/vpnServer.nix | 13 ++++++++----- 4 files changed, 14 insertions(+), 29 deletions(-) diff --git a/home/home/default.nix b/home/home/default.nix index 0a29655..92ff392 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -2,7 +2,7 @@ let useFeatures = [ "alacritty" - "emacs" + #"emacs" "vim" "direnv" "git" diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index b38a161..4a694f8 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -19,10 +19,6 @@ in vpnServer.enable = true; vpnServer.peers = { - "metis" = { - id = "1"; - key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns="; - }; "morax" = { id = "2"; key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; @@ -39,14 +35,6 @@ in id = "5"; key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; }; - "fginfo" = { - id = "6"; - key = "zadidMDiALJUHdhMrGqAa5RGjPN/x5XJ8aR5elnaeUc="; - }; - "fginfo-git" = { - id = "7"; - key = "5EaLm7uC8XzoN8+BaGzgGRUU4q5shM7gQJcs/d7n+Vo="; - }; }; ddns.domains = [ "vpn.dadada.li" @@ -134,11 +122,6 @@ in networking.interfaces.ens3.useDHCP = true; networking.interfaces.ens7.useDHCP = false; - boot.kernel.sysctl = { - # Enable forwarding for VPN - "net.ipv6.conf.ens3.forwarding" = true; - }; - boot.kernelParams = [ "console=ttyS0,115200" ]; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index e1ffb9f..507318a 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -56,12 +56,12 @@ in "::ffff:0:0/96" ]; private-domain = [ - "dyn.dadada.li" + "dadada.li" (mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.s0 "s0") ]; domain-insecure = [ - "dyn.dadada.li" + "dadada.li" (mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.s0 "s0") ]; @@ -97,10 +97,9 @@ in } ) { - name = "dyn.dadada.li."; + name = "dadada.li."; forward-addr = [ - "fd42:9c3b:f96d:101::1" - "192.168.101.1" + "fd42:9c3b:f96d:201::1" ]; } ]; @@ -115,7 +114,7 @@ in networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { dadada = { - ips = [ "fd42:9c3b:f96d:200::${cfg.vpnExtension}/64" ]; + ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index da0f94a..5e61484 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -37,23 +37,26 @@ in interfaces."wg0" = { allowedIPsAsRoutes = true; privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = [ "fd42:9c3b:f96d:0200::0/64" ]; + ips = [ "fd42:9c3b:f96d:0201::0/64" ]; listenPort = 51234; peers = map (peer: ( { - allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ]; + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; publicKey = peer.key; })) (attrValues cfg.peers); postSetup = '' - set -x wg set wg0 fwmark 51234 - ip -6 rule add table 2468 - ip -6 route add table 2468 default dev ens3 + ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 + ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0 ip -6 rule add fwmark 51234 table 2468 ''; }; }; + boot.kernel.sysctl = { + # Enable forwarding for VPN + "net.ipv6.conf.all.forwarding" = true; + }; }; } From c3c9146e89a89989e4e61881d597dc3032ab0aae Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 2 May 2022 19:20:09 +0200 Subject: [PATCH 310/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/778af87a981eb2bfa3566dff8c3fb510856329ef' (2022-04-26) → 'github:nix-community/home-manager/26858fc0dbed71fa0609490fc2f2643e0d175328' (2022-05-01) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 5c51ff8..3c9b618 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1651007090, - "narHash": "sha256-C/OoQRzTUOWEr1sd3xTKA2GudA1YG1XB3MlL6KfTchg=", + "lastModified": 1651415224, + "narHash": "sha256-O/EzwxUMa1OawWEwhS10Xki7RX3+hSgaJJziHeI4d7c=", "owner": "nix-community", "repo": "home-manager", - "rev": "778af87a981eb2bfa3566dff8c3fb510856329ef", + "rev": "26858fc0dbed71fa0609490fc2f2643e0d175328", "type": "github" }, "original": { From 1f5e1174ab653aed4b958edfddc4e26f6d80b0be Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 4 May 2022 20:46:18 +0200 Subject: [PATCH 311/988] enable unbound control socket --- nixos/modules/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 507318a..a4db63e 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -31,6 +31,7 @@ in services.unbound = mkIf cfg.localResolver.enable { enable = true; + localControlSocketPath = "/run/unbound/unbound.ctl"; settings = { server = { prefer-ip6 = true; From 226e8af7b5e707f4b1996f623982145667ad267e Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 4 May 2022 20:46:31 +0200 Subject: [PATCH 312/988] fix split horizon DNS --- nixos/modules/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index a4db63e..024f84e 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -98,7 +98,7 @@ in } ) { - name = "dadada.li."; + name = "dyn.dadada.li."; forward-addr = [ "fd42:9c3b:f96d:201::1" ]; From f019f023b534035d4a842d0b8172cbaf0a4acc08 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 16 May 2022 18:16:26 +0200 Subject: [PATCH 313/988] install JOSM --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index ac55542..4838ba2 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -39,6 +39,7 @@ with pkgs; [ irssi jameica jetbrains.idea-community + josm jupyter jq kcachegrind From 196e467672ec03cfd1fc8a3eb301517c1259f161 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 16 May 2022 18:16:58 +0200 Subject: [PATCH 314/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) → 'github:numtide/flake-utils/12806d31a381e7cd169a6bac35590e7b36dc5fe5' (2022-05-14) • Updated input 'home-manager': 'github:nix-community/home-manager/26858fc0dbed71fa0609490fc2f2643e0d175328' (2022-05-01) → 'github:nix-community/home-manager/32a7da69dc53c9eb5ad0675eb7fdc58f7fe35272' (2022-05-13) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/e10da1c7f542515b609f8dfbcf788f3d85b14936' (2022-04-26) → 'github:NixOS/nixpkgs/43ff6cb1c027d13dc938b88eb099462210fea52f' (2022-05-14) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/8e818ce70f399fcb11211296cf5bcb332203d7f2' (2022-04-22) → 'github:nix-community/nix-doom-emacs/edbe868dd5f8bf447eaffd4cff85167d0771ce0f' (2022-05-10) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/d41cff489f6d8ad326abcb2ccb53d716690b2c16' (2022-04-21) → 'github:hlissner/doom-emacs/80cd7557e147ccd0abef05ff4eafb93fe9545ad4' (2022-05-05) • Updated input 'nix-doom-emacs/doom-snippets': 'github:hlissner/doom-snippets/d1c00c5b12d842dcc786be8dbb129743dc1b68f1' (2022-04-21) → 'github:hlissner/doom-snippets/2596cead5e03896996b7268d057c1d734180547f' (2022-05-05) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/fef4e2e46ee8e42b68571cabc0bd73998e0d078f' (2022-04-21) → 'github:nix-community/emacs-overlay/1deb4d66be3117dd0d9dbf31fd458035e0f3c4de' (2022-05-05) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/adccb81d5415d0288b10b061c186c0c55dba3aa4' (2022-04-21) → 'github:emacs-straight/org-mode/d2a459d2596a0cfb1389207b117533389fa59e0f' (2022-05-04) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/9415ad5d7f329ccd8fbc82627789396a57fdbb3d' (2022-04-06) → 'github:hakimel/reveal.js/0ca389721c5c7eff5db6f67159cbb1cdd51a3d7f' (2022-05-02) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) → 'github:numtide/flake-utils/12806d31a381e7cd169a6bac35590e7b36dc5fe5' (2022-05-14) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 3c9b618..52ad3df 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1650579692, - "narHash": "sha256-74zNPQQP9B6GKD58C+vq/iO9OjUq3RF1v554HQ+udJE=", + "lastModified": 1651775574, + "narHash": "sha256-ux4bzsQJmSxscLrtLR5h2SbXGlt4mKS0B1ffzvO35Ng=", "owner": "hlissner", "repo": "doom-emacs", - "rev": "d41cff489f6d8ad326abcb2ccb53d716690b2c16", + "rev": "80cd7557e147ccd0abef05ff4eafb93fe9545ad4", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1650572985, - "narHash": "sha256-8qxVbfB1JGW1VVHofs8+v5UBaNCedolfrVVbxWP1C10=", + "lastModified": 1651709822, + "narHash": "sha256-/PJwt5EuTuUwTD8fmt9vYye3PyPVF0Mrco+Ext0KEJ4=", "owner": "hlissner", "repo": "doom-snippets", - "rev": "d1c00c5b12d842dcc786be8dbb129743dc1b68f1", + "rev": "2596cead5e03896996b7268d057c1d734180547f", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1650566870, - "narHash": "sha256-FRRO7P5Uf85lhcl7h/z81v94j4Tk83Ncqrry3zl8Vbc=", + "lastModified": 1651724664, + "narHash": "sha256-/Z0AkB2DAxMdOaFYBSkTPjHrMH2e3kReuLEtpLQZfk4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fef4e2e46ee8e42b68571cabc0bd73998e0d078f", + "rev": "1deb4d66be3117dd0d9dbf31fd458035e0f3c4de", "type": "github" }, "original": { @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1652557277, + "narHash": "sha256-jSes9DaIVMdmwBB78KkFUVrlDzawmD62vrUg0GS2500=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "12806d31a381e7cd169a6bac35590e7b36dc5fe5", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1652557277, + "narHash": "sha256-jSes9DaIVMdmwBB78KkFUVrlDzawmD62vrUg0GS2500=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "12806d31a381e7cd169a6bac35590e7b36dc5fe5", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1651415224, - "narHash": "sha256-O/EzwxUMa1OawWEwhS10Xki7RX3+hSgaJJziHeI4d7c=", + "lastModified": 1652452047, + "narHash": "sha256-O6DI0dMH/5rNM+z9CQ/nqRMNBpNsU7TtLSsafKLZTHY=", "owner": "nix-community", "repo": "home-manager", - "rev": "26858fc0dbed71fa0609490fc2f2643e0d175328", + "rev": "32a7da69dc53c9eb5ad0675eb7fdc58f7fe35272", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1651007983, - "narHash": "sha256-GNay7yDPtLcRcKCNHldug85AhAvBpTtPEJWSSDYBw8U=", + "lastModified": 1652572281, + "narHash": "sha256-UEsrB5XBOj0blVe2ldc0lHvlhLYZJDHroELMHlg7XxA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e10da1c7f542515b609f8dfbcf788f3d85b14936", + "rev": "43ff6cb1c027d13dc938b88eb099462210fea52f", "type": "github" }, "original": { @@ -318,11 +318,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1650592208, - "narHash": "sha256-bnWD7X3hAsJPoORbK7SOew1kIlUdp4S2oMAiEl5DrWE=", + "lastModified": 1652175409, + "narHash": "sha256-8EStP60lqDmVyeRJ9zdH64oAOHAPBlPa8oYqquVrw5Q=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "8e818ce70f399fcb11211296cf5bcb332203d7f2", + "rev": "edbe868dd5f8bf447eaffd4cff85167d0771ce0f", "type": "github" }, "original": { @@ -443,11 +443,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1650542422, - "narHash": "sha256-khWaV6e6q9l216SpwPIjvKBkurdfpvsPpDKZDJS8rLU=", + "lastModified": 1651675049, + "narHash": "sha256-lReN2q3o6CUDT8dDsj+LZ4ptzG9E2PwNv5JWWb5D5B4=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "adccb81d5415d0288b10b061c186c0c55dba3aa4", + "rev": "d2a459d2596a0cfb1389207b117533389fa59e0f", "type": "github" }, "original": { @@ -527,11 +527,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1649243708, - "narHash": "sha256-yBCBpnUTJG6EphpRzID61vVlwqrm5iuKDVQjkAQZTkQ=", + "lastModified": 1651495761, + "narHash": "sha256-B3L8h0CyYgZCen8aWyLiDXHZMugXAzFToLJNg8f2PWU=", "owner": "hakimel", "repo": "reveal.js", - "rev": "9415ad5d7f329ccd8fbc82627789396a57fdbb3d", + "rev": "0ca389721c5c7eff5db6f67159cbb1cdd51a3d7f", "type": "github" }, "original": { From 16b5b70e096059255cac9b96d5dbe13d82e1b5b8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 21 May 2022 20:02:49 +0200 Subject: [PATCH 315/988] update actions --- .github/workflows/nix-flake-check.yml | 2 +- .github/workflows/nix-flake-update.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 1847f95..43e2906 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -6,7 +6,7 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v17 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index edc343d..d1b0b6c 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -8,7 +8,7 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v17 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install From 0655fab82096c803ddedc5ad9a3a993b2e2dbc1f Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 21 May 2022 20:13:57 +0200 Subject: [PATCH 316/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/12806d31a381e7cd169a6bac35590e7b36dc5fe5' (2022-05-14) → 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17) • Updated input 'home-manager': 'github:nix-community/home-manager/32a7da69dc53c9eb5ad0675eb7fdc58f7fe35272' (2022-05-13) → 'github:nix-community/home-manager/94780dd888881bf35165dfdd334a57ef6b14ead8' (2022-05-21) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/43ff6cb1c027d13dc938b88eb099462210fea52f' (2022-05-14) → 'github:NixOS/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/6b4ebea9093c997c5f275c820e679108de4871ab' (2022-04-21) → 'github:NixOS/nixos-hardware/8b5e1bf2fd62adefff05ae67cd49440be93ea193' (2022-05-21) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/12806d31a381e7cd169a6bac35590e7b36dc5fe5' (2022-05-14) → 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 52ad3df..8f2cbbe 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1652557277, - "narHash": "sha256-jSes9DaIVMdmwBB78KkFUVrlDzawmD62vrUg0GS2500=", + "lastModified": 1652776076, + "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", "owner": "numtide", "repo": "flake-utils", - "rev": "12806d31a381e7cd169a6bac35590e7b36dc5fe5", + "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1652557277, - "narHash": "sha256-jSes9DaIVMdmwBB78KkFUVrlDzawmD62vrUg0GS2500=", + "lastModified": 1652776076, + "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", "owner": "numtide", "repo": "flake-utils", - "rev": "12806d31a381e7cd169a6bac35590e7b36dc5fe5", + "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1652452047, - "narHash": "sha256-O6DI0dMH/5rNM+z9CQ/nqRMNBpNsU7TtLSsafKLZTHY=", + "lastModified": 1653153149, + "narHash": "sha256-8B/tWWZziFq4DqnAm9uO7M4Z4PNfllYg5+teX1e5yDQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "32a7da69dc53c9eb5ad0675eb7fdc58f7fe35272", + "rev": "94780dd888881bf35165dfdd334a57ef6b14ead8", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1652572281, - "narHash": "sha256-UEsrB5XBOj0blVe2ldc0lHvlhLYZJDHroELMHlg7XxA=", + "lastModified": 1652885393, + "narHash": "sha256-YIgvvlk4iQ1Hi7KD9o5gsojc+ApB+jiH1d5stK8uXiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "43ff6cb1c027d13dc938b88eb099462210fea52f", + "rev": "48037fd90426e44e4bf03e6479e88a11453b9b66", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1650522846, - "narHash": "sha256-SxWHXRI3qJwswyXAtzsi6PKVY3KLNNnb072KaJthII8=", + "lastModified": 1653145312, + "narHash": "sha256-affCuB0Boa8CDFykoJVPZfhHLBok7Sq+QEOJvo3Xf+k=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "6b4ebea9093c997c5f275c820e679108de4871ab", + "rev": "8b5e1bf2fd62adefff05ae67cd49440be93ea193", "type": "github" }, "original": { From f17c7c67d255bd9bad4a044f68bc96f85e8d5c1b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 21 May 2022 20:24:00 +0200 Subject: [PATCH 317/988] fix nix flake check Also adds a workaround for https://github.com/nix-community/home-manager/issues/2942 --- home/home/pkgs.nix | 2 - home/nixpkgs-config.nix | 1 + nixos/configurations.nix | 1 + outputs.nix | 6 +-- pkgs/python-pkgs/default.nix | 1 - pkgs/python-pkgs/recipemd/default.nix | 59 --------------------------- 6 files changed, 3 insertions(+), 67 deletions(-) delete mode 100644 pkgs/python-pkgs/recipemd/default.nix diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 4838ba2..9b06407 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,6 +1,5 @@ { pkgs }: with pkgs; [ - androidStudioPackages.stable anki aspell aspellDicts.de @@ -72,7 +71,6 @@ with pkgs; [ python3 python38Packages.dateutil python38Packages.managesieve - recipemd ripgrep rust-analyzer rustup diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 1bf42a9..24650fe 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,6 +1,7 @@ { pkgs }: { allowUnfree = true; + allowUnfreePredicate = (pkg: true); allowBroken = false; android_sdk.accept_license = true; } diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 71be4c7..649b882 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -9,6 +9,7 @@ , recipemd }: let adapterModule = system: { + nixpkgs.config.allowUnfreePredicate = (pkg: true); nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ (final: prev: { homePage = homePage.defaultPackage.${system}; }) (final: prev: { s = scripts; }) diff --git a/outputs.nix b/outputs.nix index 9e67dfb..acc8464 100644 --- a/outputs.nix +++ b/outputs.nix @@ -15,9 +15,6 @@ let pkgs = nixpkgs.legacyPackages.${system}; selfPkgs = self.packages.${system}; - pythonPackages = import ./pkgs/python-pkgs; - python3Packages = pythonPackages { callPackage = pkgs.python3Packages.callPackage; }; - #lib = import ./lib; in { apps.deploy = { @@ -48,7 +45,7 @@ devShell = pkgs.callPackage ./shell.nix { }; })) // { hmConfigurations = import ./home/configurations.nix { - inherit self nixpkgs home-manager recipemd; + inherit self nixpkgs home-manager; }; hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { @@ -57,7 +54,6 @@ }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; - pythonPackages = import ./pkgs/python-pkgs; keys = ./keys; hydraJobs = ( diff --git a/pkgs/python-pkgs/default.nix b/pkgs/python-pkgs/default.nix index 7c10127..b9e7043 100644 --- a/pkgs/python-pkgs/default.nix +++ b/pkgs/python-pkgs/default.nix @@ -1,4 +1,3 @@ { callPackage }: { - recipemd = callPackage ./recipemd { }; } diff --git a/pkgs/python-pkgs/recipemd/default.nix b/pkgs/python-pkgs/recipemd/default.nix deleted file mode 100644 index a604e9a..0000000 --- a/pkgs/python-pkgs/recipemd/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, pytestCheckHook -, pythonPackages -, installShellFiles -, isPy36 -, isPy27 -}: - -buildPythonPackage rec { - pname = "recipemd"; - version = "4.0.7"; - - disabled = isPy36 || isPy27; - - src = fetchFromGitHub { - owner = "tstehr"; - repo = "recipemd"; - rev = "v4.0.7"; - sha256 = "sha256-P65CxTaROfvx9kNSJWa5CiCUHCurTMZx8uUH9W9uK1U="; - }; - - propagatedBuildInputs = with pythonPackages; [ - CommonMark - argcomplete - dataclasses-json - pyparsing - yarl - ]; - - nativeBuildInputs = [ installShellFiles ]; - - postInstall = '' - ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash - installShellCompletion --bash --name recipemd.bash $out/completions.bash - - ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish - installShellCompletion --fish --name recipemd.fish $out/completions.fish - - # The version of argcomplete in nixpkgs-stable does not have support for zsh - #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh - #installShellCompletion --zsh --name _recipemd $out/completions.zsh - ''; - - checkInputs = [ - pytestCheckHook - pythonPackages.pytestcov - ]; - - doCheck = true; - - meta = with lib; { - description = "Markdown recipe manager, reference implementation of RecipeMD"; - homepage = https://recipemd.org; - license = [ licenses.lgpl3Only ]; - maintainers = [ maintainers.dadada ]; - }; -} From 539252c8bcb57f87e7c3eaec16f6e5e0272982b9 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 24 May 2022 19:06:26 +0200 Subject: [PATCH 318/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/94780dd888881bf35165dfdd334a57ef6b14ead8' (2022-05-21) → 'github:nix-community/home-manager/e66f0ff69a6c0698b35034b842c4b68814440778' (2022-05-23) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/48037fd90426e44e4bf03e6479e88a11453b9b66' (2022-05-18) → 'github:NixOS/nixpkgs/dfd82985c273aac6eced03625f454b334daae2e8' (2022-05-20) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8f2cbbe..e5d32ab 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1653153149, - "narHash": "sha256-8B/tWWZziFq4DqnAm9uO7M4Z4PNfllYg5+teX1e5yDQ=", + "lastModified": 1653340164, + "narHash": "sha256-t6BPApyasx6FOv2cEVyFBXvkEDrknyUe7bngMbNSBkA=", "owner": "nix-community", "repo": "home-manager", - "rev": "94780dd888881bf35165dfdd334a57ef6b14ead8", + "rev": "e66f0ff69a6c0698b35034b842c4b68814440778", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1652885393, - "narHash": "sha256-YIgvvlk4iQ1Hi7KD9o5gsojc+ApB+jiH1d5stK8uXiw=", + "lastModified": 1653060744, + "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48037fd90426e44e4bf03e6479e88a11453b9b66", + "rev": "dfd82985c273aac6eced03625f454b334daae2e8", "type": "github" }, "original": { From 2c8b80cb2ce45cd1efb9460245baef28dda52cbe Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 24 May 2022 19:45:41 +0200 Subject: [PATCH 319/988] switch to light GTK theme --- home/modules/gtk.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index 91b4c03..c6b99a7 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -10,7 +10,7 @@ in config = mkIf cfg.enable { gtk = { enable = true; - theme.name = "Adwaita-dark"; + theme.name = "Adwaita"; }; }; } From 4ccbfb5206c626cf7f30df7f9e2ac98ac989e159 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 25 May 2022 22:37:07 +0200 Subject: [PATCH 320/988] refine forwarding configuration for vpn --- nixos/modules/vpnServer.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 5e61484..690ab39 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -56,7 +56,8 @@ in }; boot.kernel.sysctl = { # Enable forwarding for VPN - "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.wg0.forwarding" = true; + "net.ipv6.conf.ens3.forwarding" = true; }; }; } From b0a8a8916246fc03240f864b6c89c74c169042d1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 13:30:23 +0200 Subject: [PATCH 321/988] remove old hostfile entries --- nixos/gorgon/configuration.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 6410391..b9ac562 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -105,18 +105,6 @@ in }; networking.hosts = { - "fd42:dead:beef:0:5054:ff:fedd:6c2c" = [ - "media.dadada.li" - "ifrit.dadada.li" - ]; - "192.168.42.5" = [ - "media.dadada.li" - "ifrit.dadada.li" - ]; - "fd42:dead:beef::5054:ff:fe8b:58df" = [ "iot.dadada.li" ]; - "fd42:dead:beef::20d:b9ff:fe4c:c9ac" = [ "agares.dadada.li" ]; - "192.168.42.15" = [ "agares.dadada.li" "agares" ]; - "192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ]; "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; }; From 2bfb0295e6470fd32244e9df8bff286278b53e0f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 13:30:37 +0200 Subject: [PATCH 322/988] disable ipv4 ddns --- nixos/modules/ddns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 2c42ce4..7a45ff3 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -24,7 +24,7 @@ let curl_url=$(url "$user" "$password" ${hostname}) - ${pkgs.curl}/bin/curl -4 "$curl_url" + #${pkgs.curl}/bin/curl -4 "$curl_url" ${pkgs.curl}/bin/curl -6 "$curl_url" ''; })); From d9ea10c4562e50bfbcfb12ea7d6ba4ec22318845 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 13:47:57 +0200 Subject: [PATCH 323/988] reformat ddns script --- nixos/modules/ddns.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 7a45ff3..9247fb8 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -15,7 +15,7 @@ let serviceConfig.Type = "oneshot"; script = '' function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" } IFS=':' @@ -24,7 +24,7 @@ let curl_url=$(url "$user" "$password" ${hostname}) - #${pkgs.curl}/bin/curl -4 "$curl_url" + ${pkgs.curl}/bin/curl -4 "$curl_url" ${pkgs.curl}/bin/curl -6 "$curl_url" ''; })); From aebf32e57380e1ba4593e6dfcba4603c8f7a34c6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 15:20:56 +0200 Subject: [PATCH 324/988] add mag --- nixos/configurations.nix | 9 ++++ nixos/mag/configuration.nix | 74 ++++++++++++++++++++++++++++ nixos/mag/hardware-configuration.nix | 0 3 files changed, 83 insertions(+) create mode 100644 nixos/mag/configuration.nix create mode 100644 nixos/mag/hardware-configuration.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 649b882..a1a0cbe 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -46,6 +46,15 @@ in ]; }; + mag = nixosSystem rec { + system = "x86_64-linux"; + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ + (adapterModule system) + ./modules/profiles/server.nix + ./mag/configuration.nix + ]; + }; + surgat = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ diff --git a/nixos/mag/configuration.nix b/nixos/mag/configuration.nix new file mode 100644 index 0000000..f81b525 --- /dev/null +++ b/nixos/mag/configuration.nix @@ -0,0 +1,74 @@ +{ config, pkgs, lib, ... }: +let + hostAliases = [ + "mag.dadada.li" + "vpn.dadada.li" + ]; +in +{ + imports = [ +# ./hardware-configuration.nix + ]; + + dadada = { + admin.enable = true; + vpnServer = { + enable = true; + peers = { + "morax" = { + id = "2"; + key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; + }; + "gorgon" = { + id = "3"; + key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + }; + "surgat" = { + id = "4"; + key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE="; + }; + "pruflas" = { + id = "5"; + key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; + }; + }; + }; + ddns.domains = [ + "vpn.dadada.li" + ]; + }; + + networking.hostName = "mag"; + + networking.hosts = { + "127.0.0.1" = hostAliases; + "::1" = hostAliases; + }; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + networking.interfaces."ens3".tempAddress = "disabled"; + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + boot.kernelParams = [ + "console=ttyS0,115200" + ]; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + ]; + allowedUDPPorts = [ + 51234 + ]; + }; + + system.stateVersion = "22.05"; +} diff --git a/nixos/mag/hardware-configuration.nix b/nixos/mag/hardware-configuration.nix new file mode 100644 index 0000000..e69de29 From 3f26ad2856178bba782e88292ebd25a5300ab8f6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 15:21:23 +0200 Subject: [PATCH 325/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e66f0ff69a6c0698b35034b842c4b68814440778' (2022-05-23) → 'github:nix-community/home-manager/64831f938bd413cefde0b0cf871febc494afaa4f' (2022-05-25) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/dfd82985c273aac6eced03625f454b334daae2e8' (2022-05-20) → 'github:NixOS/nixpkgs/83658b28fe638a170a19b8933aa008b30640fbd1' (2022-05-26) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/8b5e1bf2fd62adefff05ae67cd49440be93ea193' (2022-05-21) → 'github:NixOS/nixos-hardware/39a7bfc496d2ddfce73fe9542af1f2029ba4fe39' (2022-05-25) • Updated input 'nvd': 'git+https://gitlab.com/khumba/nvd.git?ref=master&rev=0d3aba5510d611cdbd4123f7ef6358c19d3f4171' (2021-11-06) → 'git+https://gitlab.com/khumba/nvd.git?ref=refs%2fheads%2fmaster&rev=b082bd23f54d164765fab1737d40d47d4f649ae2' (2022-05-28) --- flake.lock | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index e5d32ab..ebb325f 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1653340164, - "narHash": "sha256-t6BPApyasx6FOv2cEVyFBXvkEDrknyUe7bngMbNSBkA=", + "lastModified": 1653518057, + "narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=", "owner": "nix-community", "repo": "home-manager", - "rev": "e66f0ff69a6c0698b35034b842c4b68814440778", + "rev": "64831f938bd413cefde0b0cf871febc494afaa4f", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1653060744, - "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", + "lastModified": 1653581809, + "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfd82985c273aac6eced03625f454b334daae2e8", + "rev": "83658b28fe638a170a19b8933aa008b30640fbd1", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1653145312, - "narHash": "sha256-affCuB0Boa8CDFykoJVPZfhHLBok7Sq+QEOJvo3Xf+k=", + "lastModified": 1653463224, + "narHash": "sha256-bUxKhqZhki2vPzFTl8HOo1m7pagF7WzY1MZiso8U5ws=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8b5e1bf2fd62adefff05ae67cd49440be93ea193", + "rev": "39a7bfc496d2ddfce73fe9542af1f2029ba4fe39", "type": "github" }, "original": { @@ -411,11 +411,11 @@ ] }, "locked": { - "lastModified": 1636163286, - "narHash": "sha256-5JeZTWNPANOxLqqXRys2z3TzpxmZgulF/i1nwWbMR5U=", - "ref": "master", - "rev": "0d3aba5510d611cdbd4123f7ef6358c19d3f4171", - "revCount": 15, + "lastModified": 1653711492, + "narHash": "sha256-/jSe9Ix5AO5GDXxc3ugw0mJoYcH98WVcPdM+tOG0WWQ=", + "ref": "refs/heads/master", + "rev": "b082bd23f54d164765fab1737d40d47d4f649ae2", + "revCount": 17, "type": "git", "url": "https://gitlab.com/khumba/nvd.git" }, From c02bea215b04eeb26309d32b16fd5753ada8b403 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 15:40:06 +0200 Subject: [PATCH 326/988] remove vpn config from ifrit --- nixos/ifrit/configuration.nix | 56 ----------------------------------- 1 file changed, 56 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 4a694f8..edb13f4 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -2,7 +2,6 @@ let hostAliases = [ "ifrit.dadada.li" - "vpn.dadada.li" "media.dadada.li" "backup0.dadada.li" ]; @@ -15,29 +14,7 @@ in dadada = { admin.enable = true; - fileShare.enable = false; - - vpnServer.enable = true; - vpnServer.peers = { - "morax" = { - id = "2"; - key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; - }; - "gorgon" = { - id = "3"; - key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - }; - "surgat" = { - id = "4"; - key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE="; - }; - "pruflas" = { - id = "5"; - key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; - }; - }; ddns.domains = [ - "vpn.dadada.li" "backup0.dadada.li" ]; }; @@ -96,7 +73,6 @@ in }; networking.hostName = "ifrit"; - networking.domain = "dadada.li"; networking.hosts = { "127.0.0.1" = hostAliases; @@ -108,19 +84,11 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - # weird issues with crappy plastic router networking.interfaces."ens3".tempAddress = "disabled"; - networking.interfaces."ens7".tempAddress = "disabled"; networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; - networking.interfaces.ens7.useDHCP = false; boot.kernelParams = [ "console=ttyS0,115200" @@ -144,34 +112,10 @@ in ]; }; - security.acme = { - email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; - # certs."webchat.dadada.li" = { - # credentialsFile = "/var/lib/lego/acme-joker.env"; - # dnsProvider = "joker"; - # postRun = "systemctl reload nginx.service"; - # }; - # certs."weechat.dadada.li" = { - # credentialsFile = "/var/lib/lego/acme-joker.env"; - # dnsProvider = "joker"; - # postRun = "systemctl reload nginx.service"; - # }; - }; - users.users."mist" = { isNormalUser = true; }; - services.avahi = { - enable = false; - publish = { - enable = true; - addresses = true; - workstation = false; - }; - }; - environment.systemPackages = [ pkgs.curl ]; system.stateVersion = "20.03"; From 394ce54810b0d21d9a7b54e5f24ea459cf14fb84 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 18:17:07 +0200 Subject: [PATCH 327/988] remove mag --- nixos/configurations.nix | 9 ---- nixos/mag/configuration.nix | 74 ---------------------------- nixos/mag/hardware-configuration.nix | 0 3 files changed, 83 deletions(-) delete mode 100644 nixos/mag/configuration.nix delete mode 100644 nixos/mag/hardware-configuration.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index a1a0cbe..649b882 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -46,15 +46,6 @@ in ]; }; - mag = nixosSystem rec { - system = "x86_64-linux"; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adapterModule system) - ./modules/profiles/server.nix - ./mag/configuration.nix - ]; - }; - surgat = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ diff --git a/nixos/mag/configuration.nix b/nixos/mag/configuration.nix deleted file mode 100644 index f81b525..0000000 --- a/nixos/mag/configuration.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, pkgs, lib, ... }: -let - hostAliases = [ - "mag.dadada.li" - "vpn.dadada.li" - ]; -in -{ - imports = [ -# ./hardware-configuration.nix - ]; - - dadada = { - admin.enable = true; - vpnServer = { - enable = true; - peers = { - "morax" = { - id = "2"; - key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; - }; - "gorgon" = { - id = "3"; - key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - }; - "surgat" = { - id = "4"; - key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE="; - }; - "pruflas" = { - id = "5"; - key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; - }; - }; - }; - ddns.domains = [ - "vpn.dadada.li" - ]; - }; - - networking.hostName = "mag"; - - networking.hosts = { - "127.0.0.1" = hostAliases; - "::1" = hostAliases; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - networking.interfaces."ens3".tempAddress = "disabled"; - - networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; - - boot.kernelParams = [ - "console=ttyS0,115200" - ]; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - ]; - allowedUDPPorts = [ - 51234 - ]; - }; - - system.stateVersion = "22.05"; -} diff --git a/nixos/mag/hardware-configuration.nix b/nixos/mag/hardware-configuration.nix deleted file mode 100644 index e69de29..0000000 From 195bb6f1593fe2109cdde78465a8b0b7a6cfa565 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 18:23:07 +0200 Subject: [PATCH 328/988] update vpn public key --- nixos/modules/networking.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 024f84e..cc50064 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -2,6 +2,7 @@ with lib; let cfg = config.dadada.networking; + vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; in { options = { @@ -122,7 +123,7 @@ in peers = [ { - publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs="; + publicKey = vpnPubKey; allowedIPs = [ "fd42:9c3b:f96d::/48" ]; endpoint = "vpn.dadada.li:51234"; persistentKeepalive = 25; @@ -140,7 +141,7 @@ in systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { serviceConfig.Type = "oneshot"; script = '' - ${pkgs.wireguard-tools}/bin/wg set dadada peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 + ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 ''; }; }; From 7becb4366d462248c984033212af6d72b7a4d146 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 19:30:01 +0200 Subject: [PATCH 329/988] remove vpn bridge --- nixos/agares/configuration.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 4fe1a3e..014c2c3 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -36,10 +36,6 @@ id = 11; interface = "enp1s0"; }; - vpn = { - id = 12; - interface = "enp1s0"; - }; backup = { id = 13; interface = "enp1s0"; @@ -50,9 +46,6 @@ "br-lan" = { interfaces = [ "lan" ]; }; - "br-vpn" = { - interfaces = [ "vpn" ]; - }; "br-backup" = { interfaces = [ "backup" ]; }; From f7b02ad7105922678a690bf78ca734b829948de7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 May 2022 21:40:39 +0200 Subject: [PATCH 330/988] remove wireguard allowed UDP port from ifrit --- nixos/ifrit/configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index edb13f4..79ce141 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -107,9 +107,6 @@ in allowedTCPPorts = [ 22 # SSH ]; - allowedUDPPorts = [ - 51234 - ]; }; users.users."mist" = { From a87df82d84db2d7983e4a741f7449406c5b07f86 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Jun 2022 22:53:48 +0200 Subject: [PATCH 331/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17) → 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) • Updated input 'home-manager': 'github:nix-community/home-manager/64831f938bd413cefde0b0cf871febc494afaa4f' (2022-05-25) → 'github:nix-community/home-manager/20703892473d01c70fb10248442231fe94f4ceb4' (2022-06-05) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/83658b28fe638a170a19b8933aa008b30640fbd1' (2022-05-26) → 'github:NixOS/nixpkgs/236cc2971ac72acd90f0ae3a797f9f83098b17ec' (2022-06-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/39a7bfc496d2ddfce73fe9542af1f2029ba4fe39' (2022-05-25) → 'github:NixOS/nixos-hardware/0cab18a48de7914ef8cad35dca0bb36868f3e1af' (2022-06-01) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17) → 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index ebb325f..bd81aa0 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1653518057, - "narHash": "sha256-cam3Nfae5ADeEs6mRPzr0jXB7+DhyMIXz0/0Q13r/yk=", + "lastModified": 1654422613, + "narHash": "sha256-ZxkMM13AnrMwYOV99ohzcqeTkAOqD9Q2SBdZ9WoFE9Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "64831f938bd413cefde0b0cf871febc494afaa4f", + "rev": "20703892473d01c70fb10248442231fe94f4ceb4", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1653581809, - "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=", + "lastModified": 1654230545, + "narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "83658b28fe638a170a19b8933aa008b30640fbd1", + "rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1653463224, - "narHash": "sha256-bUxKhqZhki2vPzFTl8HOo1m7pagF7WzY1MZiso8U5ws=", + "lastModified": 1654057797, + "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "39a7bfc496d2ddfce73fe9542af1f2029ba4fe39", + "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", "type": "github" }, "original": { From ba255c057fe5b8268dd42a18d8c09f360678bc4e Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 9 Jun 2022 21:25:18 +0200 Subject: [PATCH 332/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/20703892473d01c70fb10248442231fe94f4ceb4' (2022-06-05) → 'github:nix-community/home-manager/70824bb5c790b820b189f62f643f795b1d2ade2e' (2022-06-07) • Added input 'home-manager/flake-compat': 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19) • Added input 'home-manager/nmd': 'gitlab:rycee/nmd/9e7a20e6ee3f6751f699f79c0b299390f81f7bcd' (2022-05-23) • Added input 'home-manager/nmt': 'gitlab:rycee/nmt/d83601002c99b78c89ea80e5e6ba21addcfe12ae' (2022-03-23) • Added input 'home-manager/utils': 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/236cc2971ac72acd90f0ae3a797f9f83098b17ec' (2022-06-03) → 'github:NixOS/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/edbe868dd5f8bf447eaffd4cff85167d0771ce0f' (2022-05-10) → 'github:nix-community/nix-doom-emacs/a7566fc638faa25757b22cfb5108f8e8cda111fa' (2022-06-09) --- flake.lock | 87 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 77 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index bd81aa0..926fdb9 100644 --- a/flake.lock +++ b/flake.lock @@ -129,6 +129,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1653893745, @@ -223,16 +239,20 @@ }, "home-manager": { "inputs": { + "flake-compat": "flake-compat", "nixpkgs": [ "myNixpkgs" - ] + ], + "nmd": "nmd", + "nmt": "nmt", + "utils": "utils" }, "locked": { - "lastModified": 1654422613, - "narHash": "sha256-ZxkMM13AnrMwYOV99ohzcqeTkAOqD9Q2SBdZ9WoFE9Y=", + "lastModified": 1654628474, + "narHash": "sha256-Llm9X8Af15uC9IMStxqjCfO15WgYTqTnsQq8wMcpp5Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "20703892473d01c70fb10248442231fe94f4ceb4", + "rev": "70824bb5c790b820b189f62f643f795b1d2ade2e", "type": "github" }, "original": { @@ -278,11 +298,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1654230545, - "narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=", + "lastModified": 1654682581, + "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec", + "rev": "e0169d7a9d324afebf5679551407756c77af8930", "type": "github" }, "original": { @@ -318,11 +338,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1652175409, - "narHash": "sha256-8EStP60lqDmVyeRJ9zdH64oAOHAPBlPa8oYqquVrw5Q=", + "lastModified": 1654774705, + "narHash": "sha256-qIzv9UZFUGE08JpLRahpQcBcQnzvdWIqdvHhahorGwM=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "edbe868dd5f8bf447eaffd4cff85167d0771ce0f", + "rev": "a7566fc638faa25757b22cfb5108f8e8cda111fa", "type": "github" }, "original": { @@ -387,6 +407,38 @@ "type": "indirect" } }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1653339422, + "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", + "owner": "rycee", + "repo": "nmd", + "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmt": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "nose": { "flake": false, "locked": { @@ -593,6 +645,21 @@ "type": "git", "url": "https://git.dadada.li/dadada/scripts.git" } + }, + "utils": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", From 31b034ec524bd62b881aa296a3eef7ab037d1bf8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Jun 2022 01:16:57 +0200 Subject: [PATCH 333/988] add zotero --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 9b06407..25c84a8 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -93,4 +93,5 @@ with pkgs; [ wireshark xdg_utils youtube-dl + zotero ] From 91dca194ec2fff58a07ff8a98455c12aeacf8feb Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 14 Jun 2022 19:30:38 +0200 Subject: [PATCH 334/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/70824bb5c790b820b189f62f643f795b1d2ade2e' (2022-06-07) → 'github:nix-community/home-manager/87d30c164849a7471d99749aa4d2d28b81564f69' (2022-06-14) • Updated input 'homePage': 'github:dadada/dadada.li/7c92c4c6383750601ebdf34858ea126c16209ebe' (2021-08-29) → 'github:dadada/dadada.li/fa49858d6bc479ab14b5aecdf88c34d3004756fd' (2022-06-14) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08) → 'github:NixOS/nixpkgs/13f08d71ceff5101321e0291854495a1ec153a5e' (2022-06-13) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/a7566fc638faa25757b22cfb5108f8e8cda111fa' (2022-06-09) → 'github:nix-community/nix-doom-emacs/ba55ef6f304969dba4e6db00098a6327d3f76813' (2022-06-12) • Updated input 'nix-doom-emacs/doom-emacs': 'github:hlissner/doom-emacs/80cd7557e147ccd0abef05ff4eafb93fe9545ad4' (2022-05-05) → 'github:doomemacs/doomemacs/bea3cc161c0a803dcf574f32ee555dccf565a5ce' (2022-06-04) • Updated input 'nix-doom-emacs/doom-snippets': 'github:hlissner/doom-snippets/2596cead5e03896996b7268d057c1d734180547f' (2022-05-05) → 'github:doomemacs/snippets/f74b11b1e0fe8481e20f3065e355efe627e635de' (2022-05-05) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/1deb4d66be3117dd0d9dbf31fd458035e0f3c4de' (2022-05-05) → 'github:nix-community/emacs-overlay/a73897fc387a83c8dd2142ed597041113954ec23' (2022-06-12) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/a4b154ebbdc88c8498a5c7b01589addc9e9cb678' (2022-04-11) → 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/d2a459d2596a0cfb1389207b117533389fa59e0f' (2022-05-04) → 'github:emacs-straight/org-mode/ed6f8dc67f5f1abf6b20929bdb571def2c191006' (2022-06-11) • Updated input 'nix-doom-emacs/org-contrib': 'git+https://git.sr.ht/~bzg/org-contrib?ref=master&rev=5766ff1088191e4df5fecd55007ba4271e609bcc' (2021-12-17) → 'git+https://git.sr.ht/~bzg/org-contrib?ref=refs%2fheads%2fmaster&rev=c6aef31ccfc7c4418c3b51e98f7c3bd8e255f5e6' (2022-06-05) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/0ca389721c5c7eff5db6f67159cbb1cdd51a3d7f' (2022-05-02) → 'github:hakimel/reveal.js/039972c730690af7a83a5cb832056a7cc8b565d7' (2022-05-31) --- flake.lock | 86 +++++++++++++++++++++++++++--------------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index 926fdb9..02a5321 100644 --- a/flake.lock +++ b/flake.lock @@ -3,44 +3,44 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1651775574, - "narHash": "sha256-ux4bzsQJmSxscLrtLR5h2SbXGlt4mKS0B1ffzvO35Ng=", - "owner": "hlissner", - "repo": "doom-emacs", - "rev": "80cd7557e147ccd0abef05ff4eafb93fe9545ad4", + "lastModified": 1654347726, + "narHash": "sha256-B4N+UQ0SvnCH0Hqc62Wl1KS6WcTBGLag0BoH3UZGbgo=", + "owner": "doomemacs", + "repo": "doomemacs", + "rev": "bea3cc161c0a803dcf574f32ee555dccf565a5ce", "type": "github" }, "original": { - "owner": "hlissner", + "owner": "doomemacs", "ref": "master", - "repo": "doom-emacs", + "repo": "doomemacs", "type": "github" } }, "doom-snippets": { "flake": false, "locked": { - "lastModified": 1651709822, - "narHash": "sha256-/PJwt5EuTuUwTD8fmt9vYye3PyPVF0Mrco+Ext0KEJ4=", - "owner": "hlissner", - "repo": "doom-snippets", - "rev": "2596cead5e03896996b7268d057c1d734180547f", + "lastModified": 1651768501, + "narHash": "sha256-55mHNFfn3N8k4aWgswX9buATsOhQTJ0L05UaUNNMgDg=", + "owner": "doomemacs", + "repo": "snippets", + "rev": "f74b11b1e0fe8481e20f3065e355efe627e635de", "type": "github" }, "original": { - "owner": "hlissner", - "repo": "doom-snippets", + "owner": "doomemacs", + "repo": "snippets", "type": "github" } }, "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1651724664, - "narHash": "sha256-/Z0AkB2DAxMdOaFYBSkTPjHrMH2e3kReuLEtpLQZfk4=", + "lastModified": 1655032304, + "narHash": "sha256-t0E7c7V+hk6ILXl4+TBLqQfqq8/4IKyb/cFg0a8mqI8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "1deb4d66be3117dd0d9dbf31fd458035e0f3c4de", + "rev": "a73897fc387a83c8dd2142ed597041113954ec23", "type": "github" }, "original": { @@ -162,11 +162,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -248,11 +248,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1654628474, - "narHash": "sha256-Llm9X8Af15uC9IMStxqjCfO15WgYTqTnsQq8wMcpp5Q=", + "lastModified": 1655199284, + "narHash": "sha256-R/g2ZWplGWVOfm2TyB4kR+YcOE/uWkgjkYrl/RYgJ/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "70824bb5c790b820b189f62f643f795b1d2ade2e", + "rev": "87d30c164849a7471d99749aa4d2d28b81564f69", "type": "github" }, "original": { @@ -267,11 +267,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1630233622, - "narHash": "sha256-gXZ3yp7toOTgs2Yhg/JDKiB1fwvfZZKkk/nfFK4JvbE=", + "lastModified": 1655227494, + "narHash": "sha256-GLglKS4pPWOuiFH7e+2c112npURXvehFIT9oB8AOoXc=", "owner": "dadada", "repo": "dadada.li", - "rev": "7c92c4c6383750601ebdf34858ea126c16209ebe", + "rev": "fa49858d6bc479ab14b5aecdf88c34d3004756fd", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1654682581, - "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=", + "lastModified": 1655130522, + "narHash": "sha256-5dzlxE4okyu+M39yeVtHWQXzDZQxFF5rUB1iY9R6Lb4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e0169d7a9d324afebf5679551407756c77af8930", + "rev": "13f08d71ceff5101321e0291854495a1ec153a5e", "type": "github" }, "original": { @@ -338,11 +338,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1654774705, - "narHash": "sha256-qIzv9UZFUGE08JpLRahpQcBcQnzvdWIqdvHhahorGwM=", + "lastModified": 1655058854, + "narHash": "sha256-q69pc4pQrFW4smr/rbqFLauanvdLgC9gduBm1Cd5148=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "a7566fc638faa25757b22cfb5108f8e8cda111fa", + "rev": "ba55ef6f304969dba4e6db00098a6327d3f76813", "type": "github" }, "original": { @@ -495,11 +495,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1651675049, - "narHash": "sha256-lReN2q3o6CUDT8dDsj+LZ4ptzG9E2PwNv5JWWb5D5B4=", + "lastModified": 1654949849, + "narHash": "sha256-1xGPQv2rFF4KglqwjKz+1uzB81nqa+6lgXPpnU3mduE=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "d2a459d2596a0cfb1389207b117533389fa59e0f", + "rev": "ed6f8dc67f5f1abf6b20929bdb571def2c191006", "type": "github" }, "original": { @@ -511,11 +511,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1639727892, - "narHash": "sha256-+T6Y87aSAx7kMpigm8d1ODDQIyPBM6a+4qGolXjCEXs=", - "ref": "master", - "rev": "5766ff1088191e4df5fecd55007ba4271e609bcc", - "revCount": 2611, + "lastModified": 1654411077, + "narHash": "sha256-ywXAI+s+D701PvuDEQljDmFWrTPymqustSYVyf3NYRk=", + "ref": "refs/heads/master", + "rev": "c6aef31ccfc7c4418c3b51e98f7c3bd8e255f5e6", + "revCount": 2622, "type": "git", "url": "https://git.sr.ht/~bzg/org-contrib" }, @@ -579,11 +579,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1651495761, - "narHash": "sha256-B3L8h0CyYgZCen8aWyLiDXHZMugXAzFToLJNg8f2PWU=", + "lastModified": 1653993278, + "narHash": "sha256-X43lsjoLBWmttIKj9Jzut0UP0dZlsue3fYbJ3++ojbU=", "owner": "hakimel", "repo": "reveal.js", - "rev": "0ca389721c5c7eff5db6f67159cbb1cdd51a3d7f", + "rev": "039972c730690af7a83a5cb832056a7cc8b565d7", "type": "github" }, "original": { From 975880707877a2669efd7350a4fb6b7bece21017 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 15 Jun 2022 17:47:15 +0200 Subject: [PATCH 335/988] downgrade nixpkgs to 22.05 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 02a5321..cf3b0a9 100644 --- a/flake.lock +++ b/flake.lock @@ -298,16 +298,16 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1655130522, - "narHash": "sha256-5dzlxE4okyu+M39yeVtHWQXzDZQxFF5rUB1iY9R6Lb4=", + "lastModified": 1655200170, + "narHash": "sha256-/yzkX+10sJhYNIcTtZ5ObS+nh/HrJp01XLaubzbRDcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13f08d71ceff5101321e0291854495a1ec153a5e", + "rev": "9ff91ce2e4c5d70551d4c8fd8830931c6c6b26b8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-22.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 887f26e..e8b2d6a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "dadada's nix flake"; inputs = { - myNixpkgs.url = github:NixOS/nixpkgs/nixos-unstable; + myNixpkgs.url = github:NixOS/nixpkgs/nixos-22.05; flake-utils.url = github:numtide/flake-utils; home-manager = { url = github:nix-community/home-manager; From 21d7e234d5a447064293fa82c7830f2cb83ed8f7 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 20 Jun 2022 23:12:56 +0200 Subject: [PATCH 336/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/87d30c164849a7471d99749aa4d2d28b81564f69' (2022-06-14) → 'github:nix-community/home-manager/3d8265c5efd5e4d3ad8a90686bc81d49353fdb08' (2022-06-19) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/9ff91ce2e4c5d70551d4c8fd8830931c6c6b26b8' (2022-06-14) → 'github:NixOS/nixpkgs/d17a56d90ecbd1b8fc908d49598fb854ef188461' (2022-06-17) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/ba55ef6f304969dba4e6db00098a6327d3f76813' (2022-06-12) → 'github:nix-community/nix-doom-emacs/d296d6d44b27a5090c4096ff9a7ded37803a558d' (2022-06-17) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/a73897fc387a83c8dd2142ed597041113954ec23' (2022-06-12) → 'github:nix-community/emacs-overlay/270d5e914b4c0425a4982cf585c91d6760e78777' (2022-06-16) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/ed6f8dc67f5f1abf6b20929bdb571def2c191006' (2022-06-11) → 'github:emacs-straight/org-mode/e9da29b6fafe63abbc2774e9d485ac13d2811b65' (2022-06-16) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index cf3b0a9..09a3898 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1655032304, - "narHash": "sha256-t0E7c7V+hk6ILXl4+TBLqQfqq8/4IKyb/cFg0a8mqI8=", + "lastModified": 1655408680, + "narHash": "sha256-E6s17Wg3NExV3cxFnVzTEHjcRyBBwvbx6acNEttU40A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "a73897fc387a83c8dd2142ed597041113954ec23", + "rev": "270d5e914b4c0425a4982cf585c91d6760e78777", "type": "github" }, "original": { @@ -248,11 +248,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1655199284, - "narHash": "sha256-R/g2ZWplGWVOfm2TyB4kR+YcOE/uWkgjkYrl/RYgJ/U=", + "lastModified": 1655679417, + "narHash": "sha256-rUM/VDIQAMm0pLAVBizQoR9I8TELRmak7SsJLaO/NBg=", "owner": "nix-community", "repo": "home-manager", - "rev": "87d30c164849a7471d99749aa4d2d28b81564f69", + "rev": "3d8265c5efd5e4d3ad8a90686bc81d49353fdb08", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1655200170, - "narHash": "sha256-/yzkX+10sJhYNIcTtZ5ObS+nh/HrJp01XLaubzbRDcU=", + "lastModified": 1655456688, + "narHash": "sha256-j2trI5gv2fnHdfUQFBy957avCPxxzCqE8R+TOYHPSRE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ff91ce2e4c5d70551d4c8fd8830931c6c6b26b8", + "rev": "d17a56d90ecbd1b8fc908d49598fb854ef188461", "type": "github" }, "original": { @@ -338,11 +338,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1655058854, - "narHash": "sha256-q69pc4pQrFW4smr/rbqFLauanvdLgC9gduBm1Cd5148=", + "lastModified": 1655429822, + "narHash": "sha256-g1uW2GybLSL0vrBOZWrdket7IHBuWu2S1ev++1WUxuA=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "ba55ef6f304969dba4e6db00098a6327d3f76813", + "rev": "d296d6d44b27a5090c4096ff9a7ded37803a558d", "type": "github" }, "original": { @@ -495,11 +495,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1654949849, - "narHash": "sha256-1xGPQv2rFF4KglqwjKz+1uzB81nqa+6lgXPpnU3mduE=", + "lastModified": 1655383862, + "narHash": "sha256-WZLa8ly+WjLVIhiKf0m1hwJ3c1BJVwBZgr9AHAJ6zQw=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "ed6f8dc67f5f1abf6b20929bdb571def2c191006", + "rev": "e9da29b6fafe63abbc2774e9d485ac13d2811b65", "type": "github" }, "original": { From 4abaeff6b22ad22f6378d253548350aaf12b9e23 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 25 Jun 2022 00:57:05 +0200 Subject: [PATCH 337/988] configure tex in vim --- home/modules/vim/default.nix | 1 + pkgs/vimPlugins/filetype/ftplugin/tex.vim | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 pkgs/vimPlugins/filetype/ftplugin/tex.vim diff --git a/home/modules/vim/default.nix b/home/modules/vim/default.nix index 53bb8a3..91d5d9c 100644 --- a/home/modules/vim/default.nix +++ b/home/modules/vim/default.nix @@ -36,6 +36,7 @@ in nixpkgs-fmt shellcheck perlPackages.PerlCritic + texlab ]; }; } diff --git a/pkgs/vimPlugins/filetype/ftplugin/tex.vim b/pkgs/vimPlugins/filetype/ftplugin/tex.vim new file mode 100644 index 0000000..1938004 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/tex.vim @@ -0,0 +1,6 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 + +let b:ale_linters = {'tex': ['texlab']} +let b:ale_fixers = {'tex': ['remove_trailing_lines', 'trim_whitespace', 'texlab']} From 76752373c27987ccbcc1b9ed5823cb4336d6e2f9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 25 Jun 2022 16:18:04 +0200 Subject: [PATCH 338/988] pkgs: add openscad --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 25c84a8..43ef33f 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -61,6 +61,7 @@ with pkgs; [ nmap nvd obs-studio + openscad openssl p7zip pass From c40e6a619467441bed5bd8a12efce506e2988536 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 25 Jun 2022 17:26:34 +0200 Subject: [PATCH 339/988] pkgs: add prusa-slicer --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 43ef33f..ad803ff 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -68,6 +68,7 @@ with pkgs; [ pavucontrol pinentry-gnome playerctl + prusa-slicer pwgen python3 python38Packages.dateutil From 14b875cd41d51f4c97f6c31686bdf695e2ef532c Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Jun 2022 20:33:29 +0200 Subject: [PATCH 340/988] update flake lock --- flake.lock | 81 ++++++++++-------------------------------------------- 1 file changed, 15 insertions(+), 66 deletions(-) diff --git a/flake.lock b/flake.lock index 09a3898..bd04bcc 100644 --- a/flake.lock +++ b/flake.lock @@ -129,29 +129,13 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -177,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -239,20 +223,17 @@ }, "home-manager": { "inputs": { - "flake-compat": "flake-compat", "nixpkgs": [ "myNixpkgs" ], - "nmd": "nmd", - "nmt": "nmt", "utils": "utils" }, "locked": { - "lastModified": 1655679417, - "narHash": "sha256-rUM/VDIQAMm0pLAVBizQoR9I8TELRmak7SsJLaO/NBg=", + "lastModified": 1656367977, + "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d8265c5efd5e4d3ad8a90686bc81d49353fdb08", + "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1", "type": "github" }, "original": { @@ -298,11 +279,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1655456688, - "narHash": "sha256-j2trI5gv2fnHdfUQFBy957avCPxxzCqE8R+TOYHPSRE=", + "lastModified": 1656265786, + "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d17a56d90ecbd1b8fc908d49598fb854ef188461", + "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780", "type": "github" }, "original": { @@ -369,11 +350,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1654057797, - "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", + "lastModified": 1656353817, + "narHash": "sha256-UJEzMQcft/0Ilu4LWV7UH51mr5UCo28GL06BGO+djv4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", + "rev": "78e7c2c397b0376526e83162b58de921362e3399", "type": "github" }, "original": { @@ -407,38 +388,6 @@ "type": "indirect" } }, - "nmd": { - "flake": false, - "locked": { - "lastModified": 1653339422, - "narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=", - "owner": "rycee", - "repo": "nmd", - "rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmt": { - "flake": false, - "locked": { - "lastModified": 1648075362, - "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", - "owner": "rycee", - "repo": "nmt", - "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmt", - "type": "gitlab" - } - }, "nose": { "flake": false, "locked": { From 24e76078a14c68b76bf5bcb4c3902c0f379305d5 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Jun 2022 20:35:39 +0200 Subject: [PATCH 341/988] use home-manager current release --- flake.lock | 25 +++++-------------------- flake.nix | 2 +- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index bd04bcc..02abc07 100644 --- a/flake.lock +++ b/flake.lock @@ -225,19 +225,19 @@ "inputs": { "nixpkgs": [ "myNixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1656367977, - "narHash": "sha256-0hV17V9Up9pnAtPJ+787FhrsPnawxoTPA/VxgjRMrjc=", + "lastModified": 1656169755, + "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bf16c0fd141c28312be52945d1543f9ce557bb1", + "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } @@ -594,21 +594,6 @@ "type": "git", "url": "https://git.dadada.li/dadada/scripts.git" } - }, - "utils": { - "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e8b2d6a..ed6374c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ myNixpkgs.url = github:NixOS/nixpkgs/nixos-22.05; flake-utils.url = github:numtide/flake-utils; home-manager = { - url = github:nix-community/home-manager; + url = github:nix-community/home-manager/release-22.05; inputs.nixpkgs.follows = "myNixpkgs"; }; nix-doom-emacs = { From e49137272e1b33a1bf1ed15f306a38a6e4ccfbc8 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Jun 2022 20:55:51 +0200 Subject: [PATCH 342/988] add kanboard --- nixos/gorgon/configuration.nix | 2 + nixos/modules/default.nix | 1 + nixos/modules/kanboard/default.nix | 55 ++++ nixos/modules/kanboard/kanboard-config.php | 279 +++++++++++++++++++++ 4 files changed, 337 insertions(+) create mode 100644 nixos/modules/kanboard/default.nix create mode 100644 nixos/modules/kanboard/kanboard-config.php diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index b9ac562..d3748aa 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -30,6 +30,7 @@ in autoUpgrade.enable = false; #headphones.enable = true; steam.enable = true; + kanboard.enable = true; #fido2 = { # credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; # enablePam = true; @@ -106,6 +107,7 @@ in networking.hosts = { "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; + "127.0.0.2" = [ "kanboard.dadada.li" ]; }; networking.wireguard.interfaces.uwupn = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index bb3cf37..44d1125 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,6 +9,7 @@ gitea = import ./gitea.nix; headphones = import ./headphones.nix; homepage = import ./homepage.nix; + kanboard = import ./kanboard; networking = import ./networking.nix; nix = import ./nix.nix inputs; share = import ./share.nix; diff --git a/nixos/modules/kanboard/default.nix b/nixos/modules/kanboard/default.nix new file mode 100644 index 0000000..0a9b641 --- /dev/null +++ b/nixos/modules/kanboard/default.nix @@ -0,0 +1,55 @@ +# Source https://github.com/NixOS/nixpkgs/issues/113384 +{ config, lib, pkgs, ... }: +let + cfg = config.dadada.kanboard; +in { + options = { + dadada.kanboard.enable = lib.mkEnableOption "Enable Kanboard"; + }; + + config = lib.mkIf cfg.enable { + services.phpfpm.pools.kanboard = { + user = "kanboard"; + group = "kanboard"; + settings = { + "listen.group" = "nginx"; + "pm" = "static"; + "pm.max_children" = 4; + }; + }; + users.users.kanboard.isSystemUser = true; + users.users.kanboard.group = "kanboard"; + users.groups.kanboard.members = ["kanboard"]; + + services.nginx = { + enable = true; + virtualHosts."kanboard.dadada.li" = { + root = pkgs.buildEnv { + name = "kanboard-configured"; + paths = [ + (pkgs.runCommand "kanboard-over" {meta.priority = 0;} '' + mkdir -p $out + for f in index.php jsonrpc.php ; do + echo " $out/$f + tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \ + | sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f + done + ln -s /var/lib/kanboard $out/data + ln -s ${./kanboard-config.php} $out/config.php + '') + { outPath = "${pkgs.kanboard}/share/kanboard"; meta.priority = 10; } + ]; + }; + locations = { + "/".index = "index.php"; + "~ \\.php$" = { + tryFiles = "$uri =404"; + extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; + ''; + }; + }; + }; + }; + }; +} diff --git a/nixos/modules/kanboard/kanboard-config.php b/nixos/modules/kanboard/kanboard-config.php new file mode 100644 index 0000000..89cb226 --- /dev/null +++ b/nixos/modules/kanboard/kanboard-config.php @@ -0,0 +1,279 @@ + Date: Tue, 28 Jun 2022 21:40:40 +0200 Subject: [PATCH 343/988] override kanban --- overlays/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/overlays/default.nix b/overlays/default.nix index f902e63..8507ceb 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -2,4 +2,14 @@ let python3Packages = import ./python3-packages.nix; in { + kanboard = final: prev: { + kanboard = prev.kanboard.overrideAttrs (oldAttrs: { + src = prev.fetchFromGitHub { + owner = "kanboard"; + repo = "kanboard"; + rev = "v${oldAttrs.version}"; + sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0="; + }; + }); + }; } From 74f63afb19f0632784a6b45a9ab5d636183522c6 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 28 Jun 2022 21:46:29 +0200 Subject: [PATCH 344/988] fix kanboard data dir --- nixos/modules/kanboard/default.nix | 4 ++++ nixos/modules/kanboard/kanboard-config.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/kanboard/default.nix b/nixos/modules/kanboard/default.nix index 0a9b641..086a656 100644 --- a/nixos/modules/kanboard/default.nix +++ b/nixos/modules/kanboard/default.nix @@ -21,6 +21,10 @@ in { users.users.kanboard.group = "kanboard"; users.groups.kanboard.members = ["kanboard"]; + systemd.tmpfiles.rules = [ + "d /var/lib/kanboard/data 0750 kanboard nginx - -" + ]; + services.nginx = { enable = true; virtualHosts."kanboard.dadada.li" = { diff --git a/nixos/modules/kanboard/kanboard-config.php b/nixos/modules/kanboard/kanboard-config.php index 89cb226..8a65351 100644 --- a/nixos/modules/kanboard/kanboard-config.php +++ b/nixos/modules/kanboard/kanboard-config.php @@ -7,7 +7,7 @@ /*******************************************************************/ // Data folder (must be writeable by the web server user and absolute) -define('DATA_DIR', __DIR__.DIRECTORY_SEPARATOR.'data'); +define('DATA_DIR', '/var/lib/kanboard/data'); // Enable/Disable debug define('DEBUG', false); From f33df4daef5607f45f600ad0b7d3ed4cc801f035 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jul 2022 14:33:06 +0200 Subject: [PATCH 345/988] pruflas: set cpu frequency governor to 'performance' --- nixos/pruflas/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index fcada3e..c80f1f0 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -30,5 +30,5 @@ swapDevices = [ ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; } From c5515106aa83db93a716df2fa74ce236345a7d32 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jul 2022 14:33:48 +0200 Subject: [PATCH 346/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/cd90e773eae83ba7733d2377b6cdf84d45558780' (2022-06-26) → 'github:NixOS/nixpkgs/915f5a5b3cc4f8ba206afd0b70e52ba4c6a2796b' (2022-07-01) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/d296d6d44b27a5090c4096ff9a7ded37803a558d' (2022-06-17) → 'github:nix-community/nix-doom-emacs/4717e4e835a424258e526888b3a1f475bfe98805' (2022-07-01) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/bea3cc161c0a803dcf574f32ee555dccf565a5ce' (2022-06-04) → 'github:doomemacs/doomemacs/c2f8476c8641fcc9a1371d873ed3b5924952a059' (2022-06-29) • Updated input 'nix-doom-emacs/doom-snippets': 'github:doomemacs/snippets/f74b11b1e0fe8481e20f3065e355efe627e635de' (2022-05-05) → 'github:doomemacs/snippets/6b2bd5a77c536ed414794ecf71d37a60ebd4663e' (2022-06-22) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/270d5e914b4c0425a4982cf585c91d6760e78777' (2022-06-16) → 'github:nix-community/emacs-overlay/46492f286aefae3a4993d3c65f182618f98956e9' (2022-07-01) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30) → 'github:numtide/flake-utils/bee6a7250dd1b01844a2de7e02e4df7d8a0a206c' (2022-06-24) • Updated input 'nix-doom-emacs/nix-straight': 'github:nix-community/nix-straight.el/08d75e5651cb52f8a07e03408ed19e04bee07505' (2022-01-29) → 'github:nix-community/nix-straight.el/fb8dd5c44cde70abd13380766e40af7a63888942' (2022-07-01) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/e9da29b6fafe63abbc2774e9d485ac13d2811b65' (2022-06-16) → 'github:emacs-straight/org-mode/381a2ae4dd439b5f246873ae6630c1e303c35287' (2022-06-30) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/78e7c2c397b0376526e83162b58de921362e3399' (2022-06-27) → 'github:NixOS/nixos-hardware/c5308381432cdbf14d5b1128747a2845f5c6871e' (2022-07-01) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 02abc07..2b64117 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1654347726, - "narHash": "sha256-B4N+UQ0SvnCH0Hqc62Wl1KS6WcTBGLag0BoH3UZGbgo=", + "lastModified": 1656519163, + "narHash": "sha256-iNg3DnQJB6iIWLBsFGcloFHwwQUgrJeIQeNJHD7nwIo=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "bea3cc161c0a803dcf574f32ee555dccf565a5ce", + "rev": "c2f8476c8641fcc9a1371d873ed3b5924952a059", "type": "github" }, "original": { @@ -20,11 +20,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1651768501, - "narHash": "sha256-55mHNFfn3N8k4aWgswX9buATsOhQTJ0L05UaUNNMgDg=", + "lastModified": 1655900328, + "narHash": "sha256-fEYwFxW2sdzNK14DrS92OCGy8KDPZKewrHljnE/RlzQ=", "owner": "doomemacs", "repo": "snippets", - "rev": "f74b11b1e0fe8481e20f3065e355efe627e635de", + "rev": "6b2bd5a77c536ed414794ecf71d37a60ebd4663e", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1655408680, - "narHash": "sha256-E6s17Wg3NExV3cxFnVzTEHjcRyBBwvbx6acNEttU40A=", + "lastModified": 1656667522, + "narHash": "sha256-20rsPIbX4pihuiBQ0pb/0WrdijUjiHSjgOz1UXhGf68=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "270d5e914b4c0425a4982cf585c91d6760e78777", + "rev": "46492f286aefae3a4993d3c65f182618f98956e9", "type": "github" }, "original": { @@ -146,11 +146,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1656265786, - "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=", + "lastModified": 1656679828, + "narHash": "sha256-akGA97pR1BAQew1FrVTCME3p8qvYxJXB2X3a13aBphs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780", + "rev": "915f5a5b3cc4f8ba206afd0b70e52ba4c6a2796b", "type": "github" }, "original": { @@ -319,11 +319,11 @@ "rotate-text": "rotate-text" }, "locked": { - "lastModified": 1655429822, - "narHash": "sha256-g1uW2GybLSL0vrBOZWrdket7IHBuWu2S1ev++1WUxuA=", + "lastModified": 1656689849, + "narHash": "sha256-0LdzPqMzwVaTI6NC/+khOUN5FAvE4mIJAsESW8s/Nsc=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "d296d6d44b27a5090c4096ff9a7ded37803a558d", + "rev": "4717e4e835a424258e526888b3a1f475bfe98805", "type": "github" }, "original": { @@ -335,11 +335,11 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1643475817, - "narHash": "sha256-NpExq5nbPbj/ppkBX3SnETEJuOne1MKJxen8vVHsDFg=", + "lastModified": 1656684255, + "narHash": "sha256-ZefQiv4Ipu2VkLjs1oyelTLU7kBVJgkcQd+yBpJU0yo=", "owner": "nix-community", "repo": "nix-straight.el", - "rev": "08d75e5651cb52f8a07e03408ed19e04bee07505", + "rev": "fb8dd5c44cde70abd13380766e40af7a63888942", "type": "github" }, "original": { @@ -350,11 +350,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1656353817, - "narHash": "sha256-UJEzMQcft/0Ilu4LWV7UH51mr5UCo28GL06BGO+djv4=", + "lastModified": 1656702262, + "narHash": "sha256-BdVdx6LoGgAeIYrHnzk+AgbtkaVlV3JNcC6+vltLuh0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "78e7c2c397b0376526e83162b58de921362e3399", + "rev": "c5308381432cdbf14d5b1128747a2845f5c6871e", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1655383862, - "narHash": "sha256-WZLa8ly+WjLVIhiKf0m1hwJ3c1BJVwBZgr9AHAJ6zQw=", + "lastModified": 1656574173, + "narHash": "sha256-Qbsa1b/S26ZudQ0XUtV1YB1pVVd7d9ZIo3UFYTQhe5o=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "e9da29b6fafe63abbc2774e9d485ac13d2811b65", + "rev": "381a2ae4dd439b5f246873ae6630c1e303c35287", "type": "github" }, "original": { From 80472613d3dbdf9a28ce8be99b38005c66c3783a Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jul 2022 14:40:15 +0200 Subject: [PATCH 347/988] add some settings to pruflas to allow for media playback --- nixos/pruflas/configuration.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 3be4880..4662870 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -104,5 +104,31 @@ in ]; }; + # Desktop things for media playback + + services.xserver.enable = mkDefault true; + services.xserver.displayManager.gdm.enable = mkDefault true; + services.xserver.desktopManager.gnome.enable = mkDefault true; + + xdg.mime.enable = mkDefault true; + services.avahi.enable = true; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + hardware.pulseaudio.enable = false; + + environment.systemPackages = [ pkgs.spotify pkgs.mpv ]; + + users.users."media" = { + isNormalUser = true; + description = "Media playback user"; + extraGroups = [ "users" "lp" "video" ]; + }; + system.stateVersion = "20.09"; } From b4faf281dcb9f764af48fdd2747c2f7a839b32e2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jul 2022 16:57:28 +0200 Subject: [PATCH 348/988] pruflas: disable printing --- nixos/pruflas/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 4662870..f411d43 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -127,8 +127,10 @@ in users.users."media" = { isNormalUser = true; description = "Media playback user"; - extraGroups = [ "users" "lp" "video" ]; + extraGroups = [ "users" "video" ]; }; + services.printing.enable = false; + system.stateVersion = "20.09"; } From 43ddb876eda04c9e1c3c3a6563b258053bb70c37 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jul 2022 17:05:47 +0200 Subject: [PATCH 349/988] gorgon: use default kernel packages from nixpkgs --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d3748aa..fd6e4e8 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -20,7 +20,7 @@ in experimental-features = nix-command flakes ''; - boot.kernelPackages = pkgs.linuxPackages_5_15; + #boot.kernelPackages = pkgs.linuxPackages_5_15; boot.kernelModules = [ "kvm-amd" ]; From 6d8e2d35c2cc027b46256fede150acb34d942c7b Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Jul 2022 17:25:54 +0200 Subject: [PATCH 350/988] pruflas: switch to lxqt --- nixos/pruflas/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index f411d43..a4ff26e 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -107,8 +107,8 @@ in # Desktop things for media playback services.xserver.enable = mkDefault true; - services.xserver.displayManager.gdm.enable = mkDefault true; - services.xserver.desktopManager.gnome.enable = mkDefault true; + services.xserver.displayManager.lightdm.enable = mkDefault true; + services.xserver.desktopManager.lxqt.enable = mkDefault true; xdg.mime.enable = mkDefault true; services.avahi.enable = true; From bf6591d387ecddebaf064c9fb02ba64d20548a3b Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 21:59:30 +0200 Subject: [PATCH 351/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/bee6a7250dd1b01844a2de7e02e4df7d8a0a206c' (2022-06-24) → 'github:numtide/flake-utils/7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249' (2022-07-04) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/915f5a5b3cc4f8ba206afd0b70e52ba4c6a2796b' (2022-07-01) → 'github:NixOS/nixpkgs/09c32b0bda4db98d6454e910206188e85d5b04cc' (2022-07-02) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c5308381432cdbf14d5b1128747a2845f5c6871e' (2022-07-01) → 'github:NixOS/nixos-hardware/3bf48d3587d3f34f745a19ebc968b002ef5b5c5a' (2022-07-04) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/bee6a7250dd1b01844a2de7e02e4df7d8a0a206c' (2022-06-24) → 'github:numtide/flake-utils/7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249' (2022-07-04) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 2b64117..e6045ef 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1656679828, - "narHash": "sha256-akGA97pR1BAQew1FrVTCME3p8qvYxJXB2X3a13aBphs=", + "lastModified": 1656754140, + "narHash": "sha256-8thJUtZWIimyBtkYQ0tdmmnH0yJvOaw1K5W3OgKc6/A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "915f5a5b3cc4f8ba206afd0b70e52ba4c6a2796b", + "rev": "09c32b0bda4db98d6454e910206188e85d5b04cc", "type": "github" }, "original": { @@ -350,11 +350,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1656702262, - "narHash": "sha256-BdVdx6LoGgAeIYrHnzk+AgbtkaVlV3JNcC6+vltLuh0=", + "lastModified": 1656933710, + "narHash": "sha256-SVG8EqY1OTJWBRY4hpct2ZR2Rk0L8hCFkug3m0ABoZE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5308381432cdbf14d5b1128747a2845f5c6871e", + "rev": "3bf48d3587d3f34f745a19ebc968b002ef5b5c5a", "type": "github" }, "original": { From a88ee196276f63ef915d334e84b9328a3d1eff23 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 22:08:09 +0200 Subject: [PATCH 352/988] pkgs: remove idea. add phpstorm --- home/home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index ad803ff..cbc54b4 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -37,7 +37,7 @@ with pkgs; [ inotify-tools irssi jameica - jetbrains.idea-community + jetbrains.phpstorm josm jupyter jq From b1900734b3d3d520f842e9e2701f85dad22ab25a Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 22:33:17 +0200 Subject: [PATCH 353/988] pruflas: update config --- nixos/pruflas/configuration.nix | 36 +++++---------------------------- 1 file changed, 5 insertions(+), 31 deletions(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index a4ff26e..b3a70c2 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -45,7 +45,6 @@ in dadada.admin.enable = true; - dadada.networking.vpnExtension = "5"; dadada.backupClient = { enable = true; bs = true; @@ -69,11 +68,6 @@ in ]; }; - security.acme = { - email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; - }; - boot.kernelModules = [ "kvm-intel" ]; # Use the systemd-boot EFI boot loader. @@ -87,39 +81,21 @@ in } ]; - - networking.wireguard.interfaces."hydra" = { - ips = [ "10.3.3.3/24" ]; - listenPort = 51235; - - privateKeyFile = "/var/lib/wireguard/hydra"; - - peers = [ - { - publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - allowedIPs = [ "10.3.3.1/32" ]; - endpoint = "surgat.dadada.li:51235"; - persistentKeepalive = 25; - } - ]; - }; - # Desktop things for media playback - services.xserver.enable = mkDefault true; - services.xserver.displayManager.lightdm.enable = mkDefault true; - services.xserver.desktopManager.lxqt.enable = mkDefault true; - - xdg.mime.enable = mkDefault true; - services.avahi.enable = true; + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; security.rtkit.enable = true; + services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; + hardware.pulseaudio.enable = false; environment.systemPackages = [ pkgs.spotify pkgs.mpv ]; @@ -130,7 +106,5 @@ in extraGroups = [ "users" "video" ]; }; - services.printing.enable = false; - system.stateVersion = "20.09"; } From 65d06f563ff772532e76325cd70ca3ffe016724d Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 22:46:21 +0200 Subject: [PATCH 354/988] pruflas: remove hydra --- nixos/pruflas/configuration.nix | 42 +-------------------------------- 1 file changed, 1 insertion(+), 41 deletions(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index b3a70c2..2fb22c1 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,48 +1,10 @@ { config, pkgs, lib, ... }: with lib; -let - hostName = "pruflas"; -in { - imports = [ ./hardware-configuration.nix ]; - - networking.hostName = hostName; - networking.hosts = { - "10.3.3.3" = [ "hydra.dadada.li" ]; - }; + networking.hostName = "pruflas"; services.logind.lidSwitch = "ignore"; - services.hydra = { - enable = true; - package = pkgs.hydra-unstable; - hydraURL = "https://hydra.dadada.li"; - notificationSender = "hydra@localhost"; - buildMachinesFiles = [ ]; - useSubstitutes = true; - listenHost = "hydra.dadada.li"; - port = 3000; - }; - - nix.buildMachines = [ - { - hostName = "localhost"; - system = "x86_64-linux"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; - maxJobs = 8; - } - ]; - - services.nginx = { - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - logError = "/dev/null"; - appendHttpConfig = '' - access_log off; - ''; - }; - dadada.admin.enable = true; dadada.backupClient = { @@ -68,8 +30,6 @@ in ]; }; - boot.kernelModules = [ "kvm-intel" ]; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; From 3ecc8681284de8dd8bf17c0c5c89270af6c7cef4 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 22:54:20 +0200 Subject: [PATCH 355/988] pruflas: import hardware-configuration.nix --- nixos/pruflas/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 2fb22c1..f74e669 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,6 +1,8 @@ { config, pkgs, lib, ... }: with lib; { + imports = [ ./hardware-configuration.nix ]; + networking.hostName = "pruflas"; services.logind.lidSwitch = "ignore"; From 89990f9fd1e39d5200412ffea9a2fc5dee6c1cc1 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 23:13:42 +0200 Subject: [PATCH 356/988] pruflas: update config to work for laptop and do not try to recompile gnome without xlibs --- nixos/configurations.nix | 2 +- nixos/pruflas/configuration.nix | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 649b882..8310fd9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -58,7 +58,7 @@ in system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ (adapterModule system) - ./modules/profiles/server.nix + ./modules/profiles/laptop.nix ./pruflas/configuration.nix ]; }; diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index f74e669..5cf9e09 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,6 +1,8 @@ { config, pkgs, lib, ... }: with lib; -{ +let + keys = [ ../../keys/dadada.pub ]; +in { imports = [ ./hardware-configuration.nix ]; networking.hostName = "pruflas"; @@ -68,5 +70,24 @@ with lib; extraGroups = [ "users" "video" ]; }; + networking.domain = "dadada.li"; + + dadada.admin.users = { + "dadada" = keys; + }; + + users.mutableUsers = true; + + dadada.networking.localResolver.enable = true; + + dadada.autoUpgrade.enable = mkDefault true; + + documentation.enable = false; + documentation.nixos.enable = false; + + services.journald.extraConfig = '' + SystemKeepFree = 2G + ''; + system.stateVersion = "20.09"; } From e3d4675201f559053589925823afdaf50e58eca6 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Jul 2022 23:15:45 +0200 Subject: [PATCH 357/988] Revert "pruflas: remove hydra" This reverts commit 65d06f563ff772532e76325cd70ca3ffe016724d. --- nixos/pruflas/configuration.nix | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 5cf9e09..1709888 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -9,6 +9,36 @@ in { services.logind.lidSwitch = "ignore"; + services.hydra = { + enable = true; + package = pkgs.hydra-unstable; + hydraURL = "https://hydra.dadada.li"; + notificationSender = "hydra@localhost"; + buildMachinesFiles = [ ]; + useSubstitutes = true; + listenHost = "hydra.dadada.li"; + port = 3000; + }; + + nix.buildMachines = [ + { + hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + maxJobs = 8; + } + ]; + + services.nginx = { + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + logError = "/dev/null"; + appendHttpConfig = '' + access_log off; + ''; + }; + dadada.admin.enable = true; dadada.backupClient = { @@ -34,6 +64,8 @@ in { ]; }; + boot.kernelModules = [ "kvm-intel" ]; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; From 02926921ce131e27df1b1c8177c78178b21429cf Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 7 Jul 2022 22:03:10 +0200 Subject: [PATCH 358/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/09c32b0bda4db98d6454e910206188e85d5b04cc' (2022-07-02) → 'github:NixOS/nixpkgs/316b762afdb9e142a803f29c49a88b4a47db80ee' (2022-07-06) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/4717e4e835a424258e526888b3a1f475bfe98805' (2022-07-01) → 'github:nix-community/nix-doom-emacs/2ef02b2c7cebfdce5932192c5c45f588bf00deec' (2022-07-05) • Added input 'nix-doom-emacs/evil-escape': 'github:hlissner/evil-escape/819f1ee1cf3f69a1ae920e6004f2c0baeebbe077' (2020-05-02) • Added input 'nix-doom-emacs/sln-mode': 'github:sensorflo/sln-mode/0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c' (2015-02-12) • Added input 'nix-doom-emacs/ws-butler': 'github:hlissner/ws-butler/572a10c11b6cb88293de48acbb59a059d36f9ba5' (2021-10-17) --- flake.lock | 65 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 58 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index e6045ef..366a8be 100644 --- a/flake.lock +++ b/flake.lock @@ -65,6 +65,22 @@ "type": "github" } }, + "evil-escape": { + "flake": false, + "locked": { + "lastModified": 1588439096, + "narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=", + "owner": "hlissner", + "repo": "evil-escape", + "rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-escape", + "type": "github" + } + }, "evil-markdown": { "flake": false, "locked": { @@ -279,11 +295,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1656754140, - "narHash": "sha256-8thJUtZWIimyBtkYQ0tdmmnH0yJvOaw1K5W3OgKc6/A=", + "lastModified": 1657123678, + "narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "09c32b0bda4db98d6454e910206188e85d5b04cc", + "rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", "type": "github" }, "original": { @@ -299,6 +315,7 @@ "doom-snippets": "doom-snippets", "emacs-overlay": "emacs-overlay", "emacs-so-long": "emacs-so-long", + "evil-escape": "evil-escape", "evil-markdown": "evil-markdown", "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", @@ -316,14 +333,16 @@ "org-yt": "org-yt", "php-extras": "php-extras", "revealjs": "revealjs", - "rotate-text": "rotate-text" + "rotate-text": "rotate-text", + "sln-mode": "sln-mode", + "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1656689849, - "narHash": "sha256-0LdzPqMzwVaTI6NC/+khOUN5FAvE4mIJAsESW8s/Nsc=", + "lastModified": 1657053620, + "narHash": "sha256-SHfPr3jd+hpQw4SW37f1YLpJvVeSdGVBLPMDVu0nxr0=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "4717e4e835a424258e526888b3a1f475bfe98805", + "rev": "2ef02b2c7cebfdce5932192c5c45f588bf00deec", "type": "github" }, "original": { @@ -594,6 +613,38 @@ "type": "git", "url": "https://git.dadada.li/dadada/scripts.git" } + }, + "sln-mode": { + "flake": false, + "locked": { + "lastModified": 1423727528, + "narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=", + "owner": "sensorflo", + "repo": "sln-mode", + "rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c", + "type": "github" + }, + "original": { + "owner": "sensorflo", + "repo": "sln-mode", + "type": "github" + } + }, + "ws-butler": { + "flake": false, + "locked": { + "lastModified": 1634511126, + "narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=", + "owner": "hlissner", + "repo": "ws-butler", + "rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "ws-butler", + "type": "github" + } } }, "root": "root", From a58ac63547c898a12165ee1dceaeabc5537c2ee9 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 7 Jul 2022 22:12:16 +0200 Subject: [PATCH 359/988] disable ipv6 temporary addresses on servers --- nixos/modules/profiles/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index beaa781..fe1bc31 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -4,6 +4,7 @@ let keys = [ ../../../keys/dadada.pub ]; in { networking.domain = mkDefault "dadada.li"; + networking.tempAddresses = "disabled"; dadada.admin.users = { "dadada" = keys; From 4d5b3810c732f9c5202bc140fb36b3dbda137f64 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Jul 2022 13:04:38 +0200 Subject: [PATCH 360/988] prevent garbage collection for dev environments --- nixos/gorgon/configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index fd6e4e8..520998b 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -15,13 +15,13 @@ in ./hardware-configuration.nix ]; - nix.package = pkgs.nixUnstable; nix.extraOptions = '' - experimental-features = nix-command flakes + experimental-features = nix-command flakes + # Prevent garbage collection for nix shell and direnv + keep-outputs = true + keep-derivations = true ''; - #boot.kernelPackages = pkgs.linuxPackages_5_15; - boot.kernelModules = [ "kvm-amd" ]; networking.hostName = "gorgon"; From 1fa8eb896233cef36644472af8d0ead4059715f7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Jul 2022 13:08:22 +0200 Subject: [PATCH 361/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/316b762afdb9e142a803f29c49a88b4a47db80ee' (2022-07-06) → 'github:NixOS/nixpkgs/71d7a4c037dc4f3e98d5c4a81b941933cf5bf675' (2022-07-08) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/2ef02b2c7cebfdce5932192c5c45f588bf00deec' (2022-07-05) → 'github:nix-community/nix-doom-emacs/a59295c11efb6377b0c5eb4c8259bb49d94ec1d5' (2022-07-09) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/c2f8476c8641fcc9a1371d873ed3b5924952a059' (2022-06-29) → 'github:doomemacs/doomemacs/9ec60d9ab9eb5d9b098e2452395156b622cce624' (2022-07-05) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/46492f286aefae3a4993d3c65f182618f98956e9' (2022-07-01) → 'github:nix-community/emacs-overlay/22448c09bae21969ca14d1558a120dafe9853c73' (2022-07-08) • Added input 'nix-doom-emacs/flake-compat': 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/bee6a7250dd1b01844a2de7e02e4df7d8a0a206c' (2022-06-24) → 'github:numtide/flake-utils/7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249' (2022-07-04) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/381a2ae4dd439b5f246873ae6630c1e303c35287' (2022-06-30) → 'github:emacs-straight/org-mode/71359820221ec18d27fab28403d4fd3537ca0491' (2022-07-05) • Updated input 'nix-doom-emacs/org-contrib': 'git+https://git.sr.ht/~bzg/org-contrib?ref=refs%2fheads%2fmaster&rev=c6aef31ccfc7c4418c3b51e98f7c3bd8e255f5e6' (2022-06-05) → 'github:emacsmirror/org-contrib/c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa' (2022-05-15) • Added input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/dcd5b9fe5c2cb72261ff6c714beb8d0198b8522b' (2022-07-06) • Updated input 'nvd': 'git+https://gitlab.com/khumba/nvd.git?ref=refs%2fheads%2fmaster&rev=b082bd23f54d164765fab1737d40d47d4f649ae2' (2022-05-28) → 'git+https://gitlab.com/khumba/nvd.git?ref=master&rev=b082bd23f54d164765fab1737d40d47d4f649ae2' (2022-05-28) --- flake.lock | 90 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 62 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 366a8be..6645eca 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1656519163, - "narHash": "sha256-iNg3DnQJB6iIWLBsFGcloFHwwQUgrJeIQeNJHD7nwIo=", + "lastModified": 1657023376, + "narHash": "sha256-huKtA8twjW3GkfA6NRvCjWMWUEN58ju4sL89rRQxOes=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "c2f8476c8641fcc9a1371d873ed3b5924952a059", + "rev": "9ec60d9ab9eb5d9b098e2452395156b622cce624", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1656667522, - "narHash": "sha256-20rsPIbX4pihuiBQ0pb/0WrdijUjiHSjgOz1UXhGf68=", + "lastModified": 1657275959, + "narHash": "sha256-pg8FB1DRImBpqXHCp/0Y7bIphpVqGmkWgWOcFDMwdTg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "46492f286aefae3a4993d3c65f182618f98956e9", + "rev": "22448c09bae21969ca14d1558a120dafe9853c73", "type": "github" }, "original": { @@ -145,6 +145,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1656928814, @@ -162,11 +178,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1656065134, - "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -295,11 +311,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1657123678, - "narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", + "lastModified": 1657296039, + "narHash": "sha256-Ghh39+aS+pw5sTP/ZO8VIKE6sBhMadDaQZtf+3yu4Vc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", + "rev": "71d7a4c037dc4f3e98d5c4a81b941933cf5bf675", "type": "github" }, "original": { @@ -320,6 +336,7 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", + "flake-compat": "flake-compat", "flake-utils": "flake-utils_2", "format-all": "format-all", "nix-straight": "nix-straight", @@ -335,14 +352,15 @@ "revealjs": "revealjs", "rotate-text": "rotate-text", "sln-mode": "sln-mode", + "ts-fold": "ts-fold", "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1657053620, - "narHash": "sha256-SHfPr3jd+hpQw4SW37f1YLpJvVeSdGVBLPMDVu0nxr0=", + "lastModified": 1657364333, + "narHash": "sha256-PiNZ6Kk/JedMTRDxAmvLkf/O34QRPep7I3ItMEYVllw=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "2ef02b2c7cebfdce5932192c5c45f588bf00deec", + "rev": "a59295c11efb6377b0c5eb4c8259bb49d94ec1d5", "type": "github" }, "original": { @@ -433,7 +451,7 @@ "locked": { "lastModified": 1653711492, "narHash": "sha256-/jSe9Ix5AO5GDXxc3ugw0mJoYcH98WVcPdM+tOG0WWQ=", - "ref": "refs/heads/master", + "ref": "master", "rev": "b082bd23f54d164765fab1737d40d47d4f649ae2", "revCount": 17, "type": "git", @@ -463,11 +481,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1656574173, - "narHash": "sha256-Qbsa1b/S26ZudQ0XUtV1YB1pVVd7d9ZIo3UFYTQhe5o=", + "lastModified": 1657029612, + "narHash": "sha256-enwqnerhZVpyQbeX0uKdZ4IVmZieq9ZgCbkDWy1HlNQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "381a2ae4dd439b5f246873ae6630c1e303c35287", + "rev": "71359820221ec18d27fab28403d4fd3537ca0491", "type": "github" }, "original": { @@ -479,17 +497,17 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1654411077, - "narHash": "sha256-ywXAI+s+D701PvuDEQljDmFWrTPymqustSYVyf3NYRk=", - "ref": "refs/heads/master", - "rev": "c6aef31ccfc7c4418c3b51e98f7c3bd8e255f5e6", - "revCount": 2622, - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" + "lastModified": 1652646857, + "narHash": "sha256-IWIShWyVnbwXqGLQaDNvJ0KoepxhIrXWTjPyGPEkQ14=", + "owner": "emacsmirror", + "repo": "org-contrib", + "rev": "c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa", + "type": "github" }, "original": { - "type": "git", - "url": "https://git.sr.ht/~bzg/org-contrib" + "owner": "emacsmirror", + "repo": "org-contrib", + "type": "github" } }, "org-yt": { @@ -630,6 +648,22 @@ "type": "github" } }, + "ts-fold": { + "flake": false, + "locked": { + "lastModified": 1657091443, + "narHash": "sha256-yr/aW7sYoOxajVb2gTgRrwaDwwg2gtHuP3wdrwjiaxo=", + "owner": "jcs-elpa", + "repo": "ts-fold", + "rev": "dcd5b9fe5c2cb72261ff6c714beb8d0198b8522b", + "type": "github" + }, + "original": { + "owner": "jcs-elpa", + "repo": "ts-fold", + "type": "github" + } + }, "ws-butler": { "flake": false, "locked": { From c0202bbdef1febcaaba5a2da9f62b00041c1436d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Jul 2022 13:41:31 +0200 Subject: [PATCH 362/988] pkgs: add some commandline tools --- home/home/pkgs.nix | 64 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 54 insertions(+), 10 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index cbc54b4..a78b9b9 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,57 +1,84 @@ { pkgs }: with pkgs; [ anki + aqbanking + aria2 aspell aspellDicts.de aspellDicts.en aspellDicts.en-computers aspellDicts.en-science - aqbanking bash - bluez-tools + bat # cat with syntax highlighting and git integration binutils - #clang - #clang-tools - php74Packages.composer + bluez-tools + btop # htop + choose # alternative to cut and awk with more readable syntax + colordiff darcs + delta # feature-rich diff viewer + dig direnv - element-desktop + dstat + duf # disk usage + dyff # diff tool for YAML evince + exa ffmpeg file firefox fractal + fx # themable json viewer + fzf fzf gdb - gimp ghidra-bin + gimp glow + glow # render markdown gnome.gnome-tweaks gnucash gnumake gnupg + gping # ping with graphs graphviz grim + gron # make json grepable + hexyl # hex viewer + htop + http-prompt + httpie + hub + hyperfine # A command-line benchmarking tool. + icdiff imagemagick inkscape inotify-tools + ioping # ping but for block devices + iproute2 + iputils # tracepath irssi jameica + jc # convert output to json jetbrains.phpstorm josm - jupyter jq + jq + jupyter kcachegrind keepassxc - #keys + kubetail ldns + liboping # oping, ping multiple hosts at once libreoffice libvirt lsof + lynis man-pages mblaze mkpasswd mpv + mtr mumble ncurses newsflash @@ -59,26 +86,35 @@ with pkgs; [ niv nix-index nmap + nmon nvd obs-studio openscad openssl p7zip + pandoc # document converter and templater pass pavucontrol + php74Packages.composer pinentry-gnome playerctl + procs # ps in rust prusa-slicer + pv pwgen python3 python38Packages.dateutil python38Packages.managesieve + ranger + reptyr + ripgrep ripgrep rust-analyzer rustup - #shortwave + sd # search and displace like sed but with better syntax signal-desktop silver-searcher + skim # fzf in Rust slurp spotify sqlite @@ -87,13 +123,21 @@ with pkgs; [ tcpdump tdesktop thunderbird + tmux + ttyd unzip + up # ultimate-plumber, interactive pipes usbutils virt-manager + viu # view images from the terminal vscodium whois wireshark xdg_utils + xmlstarlet + xsv # cut for csv + xxh # portable shells youtube-dl zotero + zsh ] From fa2ff2bd39499f4519a0234f285b74d76ba57c81 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 17 Jul 2022 20:40:12 +0200 Subject: [PATCH 363/988] expose the path to the backup passphrase as an option --- nixos/gorgon/configuration.nix | 5 ++--- nixos/modules/backup.nix | 33 +++++++++++++++++++++++++-------- nixos/pruflas/configuration.nix | 3 +-- nixos/surgat/configuration.nix | 3 +-- 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 520998b..10f8778 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -46,9 +46,8 @@ in vpnExtension = "3"; }; backupClient = { - enable = true; - bs = true; - gs = false; + bs.enable = true; + gs.enable = false; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index c5855e0..adb2c15 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -24,14 +24,30 @@ in { options = { dadada.backupClient = { - enable = mkEnableOption "Enable backup client"; - gs = mkEnableOption "Enable backup to GS location"; - bs = mkEnableOption "Enable backup to BS location"; + gs = { + enable = mkEnableOption "Enable backup to GS location"; + passphrasePath = mkOption { + type = with types; nullOr str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/gs/passphrase"; + }; + }; + bs = { + enable = mkEnableOption "Enable backup to BS location"; + passphrasePath = mkOption { + type = with types; nullOr str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/bs/passphrase"; + }; + }; }; }; - config = mkIf cfg.enable { - + config = mkIf cfg.gs.enable { fileSystems = mkIf cfg.gs { "/backup" = { device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; @@ -47,7 +63,7 @@ in doInit = false; encryption = { mode = "repokey"; - passCommand = "cat /var/lib/borgbackup/gs/passphrase"; + passCommand = "cat ${cfg.gs.passphrasePath}"; }; compression = "auto,lz4"; prune.keep = { @@ -58,7 +74,7 @@ in yearly = -1; # Keep at least one archive for each year }; startAt = "monthly"; - }; + } // mkIf cfg.bs.enable { services.borgbackup.jobs.bs = mkIf cfg.bs { paths = "/"; @@ -70,7 +86,7 @@ in }; encryption = { mode = "repokey"; - passCommand = "cat /var/lib/borgbackup/bs/passphrase"; + passCommand = "cat ${cfg.bs.passphrasePath}"; }; compression = "auto,lz4"; startAt = "daily"; @@ -79,4 +95,5 @@ in }; }; }; + }; } diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 1709888..6aca8a7 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -42,8 +42,7 @@ in { dadada.admin.enable = true; dadada.backupClient = { - enable = true; - bs = true; + bs.enable = true; }; networking.useDHCP = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 4d0f879..c1ed89e 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -49,8 +49,7 @@ in dadada.homePage.enable = true; dadada.share.enable = true; dadada.backupClient = { - enable = true; - bs = true; + bs.enable = true; }; networking.useDHCP = false; From d1c7a721cc77cb0ce18cdec0200bd87a4d2e3ece Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 19 Jul 2022 20:27:59 +0200 Subject: [PATCH 364/988] backupClient: add option for SSH identity file --- nixos/modules/backup.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index adb2c15..c741663 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -37,12 +37,19 @@ in bs = { enable = mkEnableOption "Enable backup to BS location"; passphrasePath = mkOption { - type = with types; nullOr str; + type = types.str; description = '' The path to the passphrase file. ''; default = "/var/lib/borgbackup/bs/passphrase"; }; + sshIdentityFile = mkOption { + type = types.str; + description = '' + Path to the SSH key that is used to transmit the backup. + ''; + default = "/var/lib/borgbackup/bs/id_ed25519"; + }; }; }; }; @@ -56,7 +63,7 @@ in }; }; - services.borgbackup.jobs.gs = mkIf cfg.gs { + services.borgbackup.jobs.gs = { paths = "/"; exclude = backupExcludes; repo = "/backup/${config.networking.hostName}"; @@ -76,13 +83,13 @@ in startAt = "monthly"; } // mkIf cfg.bs.enable { - services.borgbackup.jobs.bs = mkIf cfg.bs { + services.borgbackup.jobs.bs = { paths = "/"; exclude = backupExcludes; repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; doInit = false; environment = { - BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; }; encryption = { mode = "repokey"; From 9b01699b0ca1de25297a31c27fee8e029d16d388 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 19 Jul 2022 21:21:37 +0200 Subject: [PATCH 365/988] add app nixos-switch --- outputs.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/outputs.nix b/outputs.nix index acc8464..e86d782 100644 --- a/outputs.nix +++ b/outputs.nix @@ -17,6 +17,14 @@ selfPkgs = self.packages.${system}; in { + apps.nixos-switch = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --flake ".#$1" --use-remote-sudo + ''); + }; apps.deploy = { type = "app"; program = toString (pkgs.writeScript "deploy" '' From cc133ee143c0ee014258380c11fba98dfe0a62a9 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 19 Jul 2022 21:37:51 +0200 Subject: [PATCH 366/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/71d7a4c037dc4f3e98d5c4a81b941933cf5bf675' (2022-07-08) → 'github:NixOS/nixpkgs/e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6' (2022-07-19) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/a59295c11efb6377b0c5eb4c8259bb49d94ec1d5' (2022-07-09) → 'github:nix-community/nix-doom-emacs/7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc' (2022-07-15) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/9ec60d9ab9eb5d9b098e2452395156b622cce624' (2022-07-05) → 'github:doomemacs/doomemacs/33c5f3721a704c72e49efc5960be3785d1a80b81' (2022-07-09) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/22448c09bae21969ca14d1558a120dafe9853c73' (2022-07-08) → 'github:nix-community/emacs-overlay/b51bea50371cc7a98863fb64bf1aaa1126a68a36' (2022-07-14) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/71359820221ec18d27fab28403d4fd3537ca0491' (2022-07-05) → 'github:emacs-straight/org-mode/d9479887226ad79a1a8de739e7be0fc1fffec536' (2022-07-14) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/dcd5b9fe5c2cb72261ff6c714beb8d0198b8522b' (2022-07-06) → 'github:jcs-elpa/ts-fold/33e3fb561e71cf0ab83833d45c55909583fc3899' (2022-07-12) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/3bf48d3587d3f34f745a19ebc968b002ef5b5c5a' (2022-07-04) → 'github:NixOS/nixos-hardware/0015f5cc098fae520aae458b8547e44a38aacf92' (2022-07-19) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 6645eca..debe139 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1657023376, - "narHash": "sha256-huKtA8twjW3GkfA6NRvCjWMWUEN58ju4sL89rRQxOes=", + "lastModified": 1657393840, + "narHash": "sha256-ISaIbqCNKKz9DhrTVKvDS40CzZiqICb2eDepGUdwYQA=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "9ec60d9ab9eb5d9b098e2452395156b622cce624", + "rev": "33c5f3721a704c72e49efc5960be3785d1a80b81", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1657275959, - "narHash": "sha256-pg8FB1DRImBpqXHCp/0Y7bIphpVqGmkWgWOcFDMwdTg=", + "lastModified": 1657840190, + "narHash": "sha256-eg4YXDAUm/6E3zcQW7vebDuWosx2opJ/EgknDTr8cQ4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "22448c09bae21969ca14d1558a120dafe9853c73", + "rev": "b51bea50371cc7a98863fb64bf1aaa1126a68a36", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1657296039, - "narHash": "sha256-Ghh39+aS+pw5sTP/ZO8VIKE6sBhMadDaQZtf+3yu4Vc=", + "lastModified": 1658237535, + "narHash": "sha256-z3Ff9oSXEPSZMfXdM+r29oJxtyKUnlUOc18U9E6Q48g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71d7a4c037dc4f3e98d5c4a81b941933cf5bf675", + "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", "type": "github" }, "original": { @@ -356,11 +356,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1657364333, - "narHash": "sha256-PiNZ6Kk/JedMTRDxAmvLkf/O34QRPep7I3ItMEYVllw=", + "lastModified": 1657850811, + "narHash": "sha256-UeeaT2If2wixWzjRj31QM55lpt5Eq+PM+ZeXYK0Zq0Y=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "a59295c11efb6377b0c5eb4c8259bb49d94ec1d5", + "rev": "7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc", "type": "github" }, "original": { @@ -387,11 +387,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1656933710, - "narHash": "sha256-SVG8EqY1OTJWBRY4hpct2ZR2Rk0L8hCFkug3m0ABoZE=", + "lastModified": 1658227863, + "narHash": "sha256-QoRmU18dCYnZy8ks9cz2ZhsGW+AVo1pioLrs+s/8Tkg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3bf48d3587d3f34f745a19ebc968b002ef5b5c5a", + "rev": "0015f5cc098fae520aae458b8547e44a38aacf92", "type": "github" }, "original": { @@ -481,11 +481,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1657029612, - "narHash": "sha256-enwqnerhZVpyQbeX0uKdZ4IVmZieq9ZgCbkDWy1HlNQ=", + "lastModified": 1657805672, + "narHash": "sha256-AtB0epI4wGsY/kesgX/OshHYYY0uZJq4oTFO8wSWDlU=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "71359820221ec18d27fab28403d4fd3537ca0491", + "rev": "d9479887226ad79a1a8de739e7be0fc1fffec536", "type": "github" }, "original": { @@ -651,11 +651,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1657091443, - "narHash": "sha256-yr/aW7sYoOxajVb2gTgRrwaDwwg2gtHuP3wdrwjiaxo=", + "lastModified": 1657604837, + "narHash": "sha256-ztIkLW/CGh5cOfL9VrbP4N055aXKU0uraipeTFTYFM0=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "dcd5b9fe5c2cb72261ff6c714beb8d0198b8522b", + "rev": "33e3fb561e71cf0ab83833d45c55909583fc3899", "type": "github" }, "original": { From 5b49059af534b63d3d02af0216f2cfaa01e7d038 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 21 Jul 2022 00:43:55 +0200 Subject: [PATCH 367/988] add this flake to registry --- nixos/modules/update.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix index 1c59a9b..6194e8a 100644 --- a/nixos/modules/update.nix +++ b/nixos/modules/update.nix @@ -17,6 +17,22 @@ in dates = "daily"; options = "--delete-older-than 3d"; }; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + registry."dadada" = { + from = { + type = "indirect"; + id = "dadada"; + }; + to = { + type = "github"; + owner = "dadada"; + repo = "nix-config"; + }; + }; }; system.autoUpgrade = { From 68ef923daee575f81fa51e1c74029a37b668e8ce Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 23 Jul 2022 19:09:08 +0200 Subject: [PATCH 368/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6' (2022-07-19) → 'github:NixOS/nixpkgs/e3583ad6e533a9d8dd78f90bfa93812d390ea187' (2022-07-22) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc' (2022-07-15) → 'github:nix-community/nix-doom-emacs/f7fd8620be427c6489f496645513d536e380c50c' (2022-07-22) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/b51bea50371cc7a98863fb64bf1aaa1126a68a36' (2022-07-14) → 'github:nix-community/emacs-overlay/6c868dbad387da912e2a47f63a913c8a62555127' (2022-07-21) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/d9479887226ad79a1a8de739e7be0fc1fffec536' (2022-07-14) → 'github:emacs-straight/org-mode/99681ce38937ba993a0407cee4fd6a7f869211bf' (2022-07-21) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/33e3fb561e71cf0ab83833d45c55909583fc3899' (2022-07-12) → 'github:jcs-elpa/ts-fold/ea554f10e79ed9846662b1639adc4b86783ecfc6' (2022-07-19) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/0015f5cc098fae520aae458b8547e44a38aacf92' (2022-07-19) → 'github:NixOS/nixos-hardware/83009edccc2e24afe3d0165ed98b60ff7471a5f8' (2022-07-21) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index debe139..44e4718 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1657840190, - "narHash": "sha256-eg4YXDAUm/6E3zcQW7vebDuWosx2opJ/EgknDTr8cQ4=", + "lastModified": 1658430126, + "narHash": "sha256-W5zw1NI7c47qT/FCkNAVmahA5On5UUs1pabAL6Tb2iI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b51bea50371cc7a98863fb64bf1aaa1126a68a36", + "rev": "6c868dbad387da912e2a47f63a913c8a62555127", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1658237535, - "narHash": "sha256-z3Ff9oSXEPSZMfXdM+r29oJxtyKUnlUOc18U9E6Q48g=", + "lastModified": 1658500284, + "narHash": "sha256-g7vwZ5UF8PvC9f2/7Zf5O6zxgJiMSuh1CiGZVuuOhEQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6", + "rev": "e3583ad6e533a9d8dd78f90bfa93812d390ea187", "type": "github" }, "original": { @@ -356,11 +356,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1657850811, - "narHash": "sha256-UeeaT2If2wixWzjRj31QM55lpt5Eq+PM+ZeXYK0Zq0Y=", + "lastModified": 1658470797, + "narHash": "sha256-ovk7xcjGqoXgc7fV4m0tlKhiuAglON4TKmt//Bd0fLE=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "7c35a9d90e1c07254c0926fc02e2c27bd0d5d9cc", + "rev": "f7fd8620be427c6489f496645513d536e380c50c", "type": "github" }, "original": { @@ -387,11 +387,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1658227863, - "narHash": "sha256-QoRmU18dCYnZy8ks9cz2ZhsGW+AVo1pioLrs+s/8Tkg=", + "lastModified": 1658401027, + "narHash": "sha256-z/sDfzsFOoWNO9nZGfxDCNjHqXvSVZLDBDSgzr9qDXE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0015f5cc098fae520aae458b8547e44a38aacf92", + "rev": "83009edccc2e24afe3d0165ed98b60ff7471a5f8", "type": "github" }, "original": { @@ -481,11 +481,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1657805672, - "narHash": "sha256-AtB0epI4wGsY/kesgX/OshHYYY0uZJq4oTFO8wSWDlU=", + "lastModified": 1658412564, + "narHash": "sha256-JHiUjc4OAfPtNTWikVYEIkJkba9qV4N3QbtcJpjk4cM=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "d9479887226ad79a1a8de739e7be0fc1fffec536", + "rev": "99681ce38937ba993a0407cee4fd6a7f869211bf", "type": "github" }, "original": { @@ -651,11 +651,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1657604837, - "narHash": "sha256-ztIkLW/CGh5cOfL9VrbP4N055aXKU0uraipeTFTYFM0=", + "lastModified": 1658223568, + "narHash": "sha256-HxUAg+MUbH8nNhKtRzZDeN/a/sCQHSpDRCK2nvvHp8g=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "33e3fb561e71cf0ab83833d45c55909583fc3899", + "rev": "ea554f10e79ed9846662b1639adc4b86783ecfc6", "type": "github" }, "original": { From 1d3cb3d2b42f8646133e308904a8d66d03b06f49 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 26 Jul 2022 16:54:00 +0200 Subject: [PATCH 369/988] update filetype config for latex --- pkgs/vimPlugins/filetype/ftplugin/tex.vim | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkgs/vimPlugins/filetype/ftplugin/tex.vim b/pkgs/vimPlugins/filetype/ftplugin/tex.vim index 1938004..d7dd3f4 100644 --- a/pkgs/vimPlugins/filetype/ftplugin/tex.vim +++ b/pkgs/vimPlugins/filetype/ftplugin/tex.vim @@ -1,6 +1,4 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 +setlocal textwidth=79 let b:ale_linters = {'tex': ['texlab']} let b:ale_fixers = {'tex': ['remove_trailing_lines', 'trim_whitespace', 'texlab']} From 1cbaf0339bafb80c9dc47e2b132393e68d39bd69 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Jul 2022 11:05:52 +0200 Subject: [PATCH 370/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/e3583ad6e533a9d8dd78f90bfa93812d390ea187' (2022-07-22) → 'github:NixOS/nixpkgs/f0fa012b649a47e408291e96a15672a4fe925d65' (2022-07-25) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 44e4718..c92f0fc 100644 --- a/flake.lock +++ b/flake.lock @@ -311,11 +311,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1658500284, - "narHash": "sha256-g7vwZ5UF8PvC9f2/7Zf5O6zxgJiMSuh1CiGZVuuOhEQ=", + "lastModified": 1658777571, + "narHash": "sha256-gJMDUeaRhi47NxtrfFMIejlV5N3Ra2669w16Ndz2Jo0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e3583ad6e533a9d8dd78f90bfa93812d390ea187", + "rev": "f0fa012b649a47e408291e96a15672a4fe925d65", "type": "github" }, "original": { From e9991167e7dc3f2899f880b220710bcde61065cf Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 27 Jul 2022 11:59:35 +0200 Subject: [PATCH 371/988] fix tab expansion in latex --- pkgs/vimPlugins/filetype/ftplugin/tex.vim | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/vimPlugins/filetype/ftplugin/tex.vim b/pkgs/vimPlugins/filetype/ftplugin/tex.vim index d7dd3f4..95f2bec 100644 --- a/pkgs/vimPlugins/filetype/ftplugin/tex.vim +++ b/pkgs/vimPlugins/filetype/ftplugin/tex.vim @@ -1,3 +1,6 @@ +setlocal tabstop=2 +setlocal shiftwidth=2 +setlocal expandtab setlocal textwidth=79 let b:ale_linters = {'tex': ['texlab']} From 674b97f1ace1deeb985bbc8597542d164d943659 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 28 Jul 2022 13:49:04 +0200 Subject: [PATCH 372/988] add vim command Silent Adds a command that executes a subprocess silently and forces a redraw to avoid display issues. --- home/modules/vim/vimrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/modules/vim/vimrc b/home/modules/vim/vimrc index aaaaccb..0ed870d 100644 --- a/home/modules/vim/vimrc +++ b/home/modules/vim/vimrc @@ -152,3 +152,6 @@ packloadall silent! helptags ALL set omnifunc=ale#completion#OmniFunc + +command! -nargs=1 RunBuf execute ':let job = job_start("", {"out_io": "buffer", "out_name": ""})' +autocmd BufWritePost RunBuf make From d3c1c378a756a55913bfa4742a999fa56d58c5c9 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 28 Jul 2022 14:18:39 +0200 Subject: [PATCH 373/988] remove automatic RCE :P --- home/modules/vim/vimrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/modules/vim/vimrc b/home/modules/vim/vimrc index 0ed870d..dc74c3b 100644 --- a/home/modules/vim/vimrc +++ b/home/modules/vim/vimrc @@ -152,6 +152,6 @@ packloadall silent! helptags ALL set omnifunc=ale#completion#OmniFunc - +" +" autocmd BufWritePost RunBuf make command! -nargs=1 RunBuf execute ':let job = job_start("", {"out_io": "buffer", "out_name": ""})' -autocmd BufWritePost RunBuf make From dbaac6fb80eda5b8012375c137d6f47cbe3adf89 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 31 Jul 2022 17:41:51 +0200 Subject: [PATCH 374/988] add admin users to trusted users for nix daemon --- nixos/modules/admin.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index dac46e0..2c0bca6 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -45,6 +45,8 @@ in })) cfg.users; + nix.trustedUsers = builtins.attrNames cfg.users; + users.mutableUsers = mkDefault false; networking.firewall.allowedTCPPorts = [ 22 ]; From e20a4fbf4fce26ede916153a7a14439289e92d5b Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 1 Aug 2022 09:15:14 +0200 Subject: [PATCH 375/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/f0fa012b649a47e408291e96a15672a4fe925d65' (2022-07-25) → 'github:NixOS/nixpkgs/ede02b4ccb13557b95058d66146640a2b0bb198f' (2022-07-31) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/f7fd8620be427c6489f496645513d536e380c50c' (2022-07-22) → 'github:nix-community/nix-doom-emacs/72290846feecd198d3f63181c166ddaa50a2cb70' (2022-07-29) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/33c5f3721a704c72e49efc5960be3785d1a80b81' (2022-07-09) → 'github:doomemacs/doomemacs/35a89bdfa6064e507f8848b1d162433fe92ca829' (2022-07-28) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/6c868dbad387da912e2a47f63a913c8a62555127' (2022-07-21) → 'github:nix-community/emacs-overlay/30a3d95bb4d9812e26822260b6ac45efde0d7700' (2022-07-29) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/99681ce38937ba993a0407cee4fd6a7f869211bf' (2022-07-21) → 'github:emacs-straight/org-mode/d37c0ee5fa7dc4be4bbe3aa9b6f4e79d4b1e638d' (2022-07-28) • Updated input 'nix-doom-emacs/org-contrib': 'github:emacsmirror/org-contrib/c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa' (2022-05-15) → 'github:emacsmirror/org-contrib/39e2abc5629c1be6186bb6489ec4f76524edf82a' (2022-07-28) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/ea554f10e79ed9846662b1639adc4b86783ecfc6' (2022-07-19) → 'github:jcs-elpa/ts-fold/401aad7380c8395e948c7bc8780479ccb0a26b82' (2022-07-29) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/83009edccc2e24afe3d0165ed98b60ff7471a5f8' (2022-07-21) → 'github:NixOS/nixos-hardware/727a099e871ff10ae09a1ebd056a5ba4b9dbe50f' (2022-07-31) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index c92f0fc..a2a65f0 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1657393840, - "narHash": "sha256-ISaIbqCNKKz9DhrTVKvDS40CzZiqICb2eDepGUdwYQA=", + "lastModified": 1659040172, + "narHash": "sha256-cl9CWknGL+PadiFSXTKlf07JQ15b4hkHETQs7z/Ksm0=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "33c5f3721a704c72e49efc5960be3785d1a80b81", + "rev": "35a89bdfa6064e507f8848b1d162433fe92ca829", "type": "github" }, "original": { @@ -36,11 +36,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1658430126, - "narHash": "sha256-W5zw1NI7c47qT/FCkNAVmahA5On5UUs1pabAL6Tb2iI=", + "lastModified": 1659086644, + "narHash": "sha256-VGK2BgT8JHK6m8cJZeNrApZkfEg6ArQVvnHdY8d6CJ0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "6c868dbad387da912e2a47f63a913c8a62555127", + "rev": "30a3d95bb4d9812e26822260b6ac45efde0d7700", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1658777571, - "narHash": "sha256-gJMDUeaRhi47NxtrfFMIejlV5N3Ra2669w16Ndz2Jo0=", + "lastModified": 1659253578, + "narHash": "sha256-9xjr2VFCQEpgCKdfZjOhiaLZ/XozLp+Y3UmUn44wYZg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0fa012b649a47e408291e96a15672a4fe925d65", + "rev": "ede02b4ccb13557b95058d66146640a2b0bb198f", "type": "github" }, "original": { @@ -356,11 +356,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1658470797, - "narHash": "sha256-ovk7xcjGqoXgc7fV4m0tlKhiuAglON4TKmt//Bd0fLE=", + "lastModified": 1659104643, + "narHash": "sha256-0Fujv7GldKanXkIORm1mDgcktv94DsfLYWd/5yqMk6U=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "f7fd8620be427c6489f496645513d536e380c50c", + "rev": "72290846feecd198d3f63181c166ddaa50a2cb70", "type": "github" }, "original": { @@ -387,11 +387,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1658401027, - "narHash": "sha256-z/sDfzsFOoWNO9nZGfxDCNjHqXvSVZLDBDSgzr9qDXE=", + "lastModified": 1659256765, + "narHash": "sha256-RE4l6J+ApJ1vd4QFDhbEasv0M/deTxSK5IsIBYXuHmE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "83009edccc2e24afe3d0165ed98b60ff7471a5f8", + "rev": "727a099e871ff10ae09a1ebd056a5ba4b9dbe50f", "type": "github" }, "original": { @@ -481,11 +481,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1658412564, - "narHash": "sha256-JHiUjc4OAfPtNTWikVYEIkJkba9qV4N3QbtcJpjk4cM=", + "lastModified": 1659011362, + "narHash": "sha256-XTh7hmnd04GxBTiIKBaZnyMjtVaWUDIFHuh/8QHWGT0=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "99681ce38937ba993a0407cee4fd6a7f869211bf", + "rev": "d37c0ee5fa7dc4be4bbe3aa9b6f4e79d4b1e638d", "type": "github" }, "original": { @@ -497,11 +497,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1652646857, - "narHash": "sha256-IWIShWyVnbwXqGLQaDNvJ0KoepxhIrXWTjPyGPEkQ14=", + "lastModified": 1659039737, + "narHash": "sha256-ig8pVl790DopN6ZrCTIrvojt5/0Y+aOsjE87pqIVz8M=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa", + "rev": "39e2abc5629c1be6186bb6489ec4f76524edf82a", "type": "github" }, "original": { @@ -651,11 +651,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1658223568, - "narHash": "sha256-HxUAg+MUbH8nNhKtRzZDeN/a/sCQHSpDRCK2nvvHp8g=", + "lastModified": 1659096966, + "narHash": "sha256-zuKJGMFSmYyWsRZbfGfml4/kqJVQYtDZFNLZIyQzRH4=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "ea554f10e79ed9846662b1639adc4b86783ecfc6", + "rev": "401aad7380c8395e948c7bc8780479ccb0a26b82", "type": "github" }, "original": { From b7a085e167a58c1822883d34a4f440a292f96277 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 1 Aug 2022 11:45:23 +0200 Subject: [PATCH 376/988] install IDEA --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index a78b9b9..b6b78c3 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -60,6 +60,7 @@ with pkgs; [ irssi jameica jc # convert output to json + jetbrains.idea-community jetbrains.phpstorm josm jq From 81c9ecd6dc49be270789fd789075fbe1dcdd7b81 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 4 Aug 2022 20:06:13 +0200 Subject: [PATCH 377/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/ede02b4ccb13557b95058d66146640a2b0bb198f' (2022-07-31) → 'github:NixOS/nixpkgs/478f3cbc8448b5852539d785fbfe9a53304133be' (2022-08-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/727a099e871ff10ae09a1ebd056a5ba4b9dbe50f' (2022-07-31) → 'github:NixOS/nixos-hardware/ea3efc80f8ab83cb73aec39f4e76fe87afb15a08' (2022-08-01) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index a2a65f0..bdec885 100644 --- a/flake.lock +++ b/flake.lock @@ -311,11 +311,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1659253578, - "narHash": "sha256-9xjr2VFCQEpgCKdfZjOhiaLZ/XozLp+Y3UmUn44wYZg=", + "lastModified": 1659526864, + "narHash": "sha256-XFzXrc1+6DZb9hBgHfEzfwylPUSqVFJbQPs8eOgYufU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ede02b4ccb13557b95058d66146640a2b0bb198f", + "rev": "478f3cbc8448b5852539d785fbfe9a53304133be", "type": "github" }, "original": { @@ -387,11 +387,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1659256765, - "narHash": "sha256-RE4l6J+ApJ1vd4QFDhbEasv0M/deTxSK5IsIBYXuHmE=", + "lastModified": 1659356074, + "narHash": "sha256-UwV6hZZEtchvtiTCCD/ODEv1226eam8kEgEyQb7xB0E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "727a099e871ff10ae09a1ebd056a5ba4b9dbe50f", + "rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08", "type": "github" }, "original": { From a055f4fa409f921f3882d1da575519d6c970e59c Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 4 Aug 2022 20:52:43 +0200 Subject: [PATCH 378/988] move admin config to top-level --- admins.nix | 8 ++++ keys/dadada.pub | 1 - nixos/configurations.nix | 28 +++++++++----- nixos/modules/admin.nix | 61 +++++++++++++++++++++++-------- nixos/modules/profiles/server.nix | 10 +---- nixos/pruflas/configuration.nix | 8 +--- nixos/surgat/configuration.nix | 7 ---- outputs.nix | 3 +- 8 files changed, 77 insertions(+), 49 deletions(-) create mode 100644 admins.nix delete mode 100644 keys/dadada.pub diff --git a/admins.nix b/admins.nix new file mode 100644 index 0000000..e83a69a --- /dev/null +++ b/admins.nix @@ -0,0 +1,8 @@ +{ + dadada = { + shell = "zsh"; + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" + ]; + }; +} diff --git a/keys/dadada.pub b/keys/dadada.pub deleted file mode 100644 index 6dfc30f..0000000 --- a/keys/dadada.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 8310fd9..cf5d829 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,4 +1,5 @@ { self +, admins , nixpkgs , nixosSystem , home-manager @@ -8,15 +9,20 @@ , scripts , recipemd }: -let adapterModule = system: { - nixpkgs.config.allowUnfreePredicate = (pkg: true); - nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ - (final: prev: { homePage = homePage.defaultPackage.${system}; }) - (final: prev: { s = scripts; }) - (final: prev: { n = nvd; }) - (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) - ]; -}; +let + adapterModule = system: { + nixpkgs.config.allowUnfreePredicate = (pkg: true); + nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ + (final: prev: { homePage = homePage.defaultPackage.${system}; }) + (final: prev: { s = scripts; }) + (final: prev: { n = nvd; }) + (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) + ]; + }; + lib = nixpkgs.lib; + adminConfig = users: { + dadada.admin.users = lib.getAttrs users admins; + }; in { gorgon = nixosSystem rec { @@ -40,6 +46,7 @@ in ifrit = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/server.nix ./ifrit/configuration.nix @@ -49,6 +56,7 @@ in surgat = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/server.nix ./surgat/configuration.nix @@ -57,6 +65,7 @@ in pruflas = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/laptop.nix ./pruflas/configuration.nix @@ -66,6 +75,7 @@ in agares = nixosSystem rec { system = "x86_64-linux"; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/server.nix ./agares/configuration.nix diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 2c0bca6..56174b8 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -3,6 +3,38 @@ with lib; let cfg = config.dadada.admin; + extraGroups = [ "wheel" "libvirtd" ]; + + shells = { + "bash" = pkgs.bashInteractive; + "zsh" = pkgs.zsh; + "fish" = pkgs.fish; + }; + + shellNames = builtins.attrNames shells; + + adminOpts = { name, config, ... }: { + options = { + keys = mkOption { + type = types.listOf types.str; + default = [ ]; + apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; + description = '' + The keys that should be able to access the account. + ''; + }; + shell = mkOption { + type = types.nullOr types.str; + apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; + default = "zsh"; + defaultText = literalExpression "zsh"; + example = literalExpression "bash"; + description = '' + One of ${builtins.toString shellNames} + ''; + }; + }; + }; in { options = { @@ -10,12 +42,12 @@ in enable = mkEnableOption "Enable admin access"; users = mkOption { - type = with types; attrsOf (listOf path); - default = [ ]; + type = with types; attrsOf (submodule adminOpts); + default = { }; description = '' - List of admin users with root access to all the machine. + Admin users with root access machine. ''; - example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; + example = literalExample "\"user1\" = { shell = pkgs.bashInteractive; keys = [ 'ssh-rsa 123456789' ]; }"; }; rat = mkOption { @@ -29,28 +61,27 @@ in }; config = mkIf cfg.enable { + programs.zsh.enable = mkDefault true; + services.sshd.enable = true; services.openssh.passwordAuthentication = false; security.sudo.wheelNeedsPassword = false; + services.openssh.openFirewall = true; users.users = mapAttrs - (user: keys: ( - { - extraGroups = [ - "wheel" - "libvirtd" - ]; - isNormalUser = true; - openssh.authorizedKeys.keyFiles = keys; - })) + (user: keys: ( + { + shell = shells."${keys.shell}"; + extraGroups = extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + })) cfg.users; nix.trustedUsers = builtins.attrNames cfg.users; users.mutableUsers = mkDefault false; - networking.firewall.allowedTCPPorts = [ 22 ]; - environment.systemPackages = with pkgs; [ vim tmux diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index fe1bc31..b2e48dd 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,17 +1,11 @@ { config, pkgs, lib, ... }: with lib; -let - keys = [ ../../../keys/dadada.pub ]; -in { +{ networking.domain = mkDefault "dadada.li"; networking.tempAddresses = "disabled"; - dadada.admin.users = { - "dadada" = keys; - }; - + dadada.admin.enable = true; dadada.networking.localResolver.enable = true; - dadada.autoUpgrade.enable = mkDefault true; environment.noXlibs = mkDefault true; diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 6aca8a7..d1c3c45 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,8 +1,6 @@ { config, pkgs, lib, ... }: with lib; -let - keys = [ ../../keys/dadada.pub ]; -in { +{ imports = [ ./hardware-configuration.nix ]; networking.hostName = "pruflas"; @@ -103,10 +101,6 @@ in { networking.domain = "dadada.li"; - dadada.admin.users = { - "dadada" = keys; - }; - users.mutableUsers = true; dadada.networking.localResolver.enable = true; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index c1ed89e..d734ae8 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -35,13 +35,6 @@ in }; }; - dadada.admin = { - enable = true; - users = { - "dadada" = [ ../../keys/dadada.pub ]; - }; - }; - dadada.element.enable = true; dadada.gitea.enable = true; dadada.networking.vpnExtension = "4"; diff --git a/outputs.nix b/outputs.nix index e86d782..5a4c13e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -58,12 +58,11 @@ hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { nixosSystem = nixpkgs.lib.nixosSystem; + admins = import ./admins.nix; inherit self nixpkgs home-manager nixos-hardware nvd scripts homePage recipemd; }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; - keys = ./keys; - hydraJobs = ( nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) From 8cd6ed150209afa9ffe508d3018258ed833f8c0f Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 4 Aug 2022 21:05:37 +0200 Subject: [PATCH 379/988] add code formatter and reformat --- flake.nix | 2 +- home/configurations.nix | 50 ++++---- home/home/default.nix | 41 ++++--- home/home/pkgs.nix | 2 +- home/modules/alacritty/default.nix | 43 +++++-- home/modules/colors.nix | 7 +- home/modules/default.nix | 7 +- home/modules/direnv.nix | 13 +- home/modules/emacs/default.nix | 111 ++++++++--------- home/modules/fish.nix | 35 +++--- home/modules/git.nix | 15 ++- home/modules/gpg.nix | 14 ++- home/modules/gtk.nix | 13 +- home/modules/keyring.nix | 14 ++- home/modules/kitty/default.nix | 15 ++- home/modules/mako.nix | 14 ++- home/modules/session.nix | 14 ++- home/modules/ssh.nix | 12 +- home/modules/sway/default.nix | 16 ++- home/modules/syncthing.nix | 13 +- home/modules/termite.nix | 19 ++- home/modules/tmux.nix | 12 +- home/modules/vim/default.nix | 15 ++- home/modules/xdg.nix | 13 +- home/modules/zsh.nix | 13 +- home/nixpkgs-config.nix | 5 +- lib/default.nix | 3 +- nixos/agares/configuration.nix | 10 +- nixos/agares/hardware-configuration.nix | 28 +++-- nixos/configurations.nix | 133 +++++++++++---------- nixos/gorgon/configuration.nix | 40 ++++--- nixos/gorgon/hardware-configuration.nix | 61 +++++----- nixos/ifrit/configuration.nix | 43 +++---- nixos/ifrit/hardware-configuration.nix | 36 +++--- nixos/modules/admin.nix | 36 +++--- nixos/modules/backup.nix | 146 ++++++++++++----------- nixos/modules/ddns.nix | 56 +++++---- nixos/modules/default.nix | 3 +- nixos/modules/element.nix | 11 +- nixos/modules/fido2.nix | 14 ++- nixos/modules/fileShare.nix | 12 +- nixos/modules/gitea.nix | 11 +- nixos/modules/headphones.nix | 15 ++- nixos/modules/homepage.nix | 34 +++--- nixos/modules/kanboard/default.nix | 49 ++++---- nixos/modules/networking.nix | 58 +++++---- nixos/modules/nix.nix | 15 ++- nixos/modules/profiles/laptop.nix | 10 +- nixos/modules/profiles/server.nix | 8 +- nixos/modules/share.nix | 14 ++- nixos/modules/steam.nix | 15 ++- nixos/modules/update.nix | 14 ++- nixos/modules/vpnServer.nix | 32 ++--- nixos/modules/weechat.nix | 14 ++- nixos/modules/zsh.nix | 8 +- nixos/pruflas/configuration.nix | 20 ++-- nixos/pruflas/hardware-configuration.nix | 48 ++++---- nixos/surgat/configuration.nix | 25 ++-- nixos/surgat/hardware-configuration.nix | 41 ++++--- outputs.nix | 127 +++++++++++--------- overlays/default.nix | 3 +- overlays/python3-packages.nix | 11 +- overlays/tubslatex.nix | 40 ++++--- pkgs/python-pkgs/default.nix | 3 +- pkgs/scripts.nix | 13 +- pkgs/tubslatex/default.nix | 10 +- pkgs/vimPlugins/default.nix | 8 +- shell.nix | 4 +- tests/default.nix | 3 +- 69 files changed, 1016 insertions(+), 797 deletions(-) diff --git a/flake.nix b/flake.nix index ed6374c..13660f9 100644 --- a/flake.nix +++ b/flake.nix @@ -30,5 +30,5 @@ }; }; - outputs = { ... } @ args: import ./outputs.nix args; + outputs = {...} @ args: import ./outputs.nix args; } diff --git a/home/configurations.nix b/home/configurations.nix index 6c2850f..0593981 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,31 +1,29 @@ -{ self -, nixpkgs -, home-manager -}@inputs: -let - hmConfiguration = - { homeDirectory ? "/home/dadada" - , extraModules ? [ ] - , system ? "x86_64-linux" - , username ? "dadada" - , stateVersion - }: - (home-manager.lib.homeManagerConfiguration { - configuration = { ... }: { - imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; - nixpkgs = { - config = import ./nixpkgs-config.nix { - pkgs = nixpkgs; - }; - }; - manual.manpages.enable = false; - }; - inherit system homeDirectory username stateVersion; - }); -in { + self, + nixpkgs, + home-manager, +} @ inputs: let + hmConfiguration = { + homeDirectory ? "/home/dadada", + extraModules ? [], + system ? "x86_64-linux", + username ? "dadada", + stateVersion, + }: (home-manager.lib.homeManagerConfiguration { + configuration = {...}: { + imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; + nixpkgs = { + config = import ./nixpkgs-config.nix { + pkgs = nixpkgs; + }; + }; + manual.manpages.enable = false; + }; + inherit system homeDirectory username stateVersion; + }); +in { home = hmConfiguration { - extraModules = [ ./home ]; + extraModules = [./home]; stateVersion = "20.09"; }; } diff --git a/home/home/default.nix b/home/home/default.nix index 92ff392..afcee54 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ... }: -let +{ + config, + pkgs, + lib, + ... +}: let useFeatures = [ "alacritty" #"emacs" @@ -14,8 +18,7 @@ let "xdg" "zsh" ]; -in -{ +in { programs.git = { signing = { key = "D68C84695C087E0F733A28D0EEB8D1CE62C4DFEA"; @@ -27,25 +30,27 @@ in programs.gpg.settings.default-key = "99658A3EB5CD7C13"; - dadada.home = lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { - session = { - enable = true; - sessionVars = { - EDITOR = "vim"; - PAGER = "less"; - MAILDIR = "\$HOME/.var/mail"; - MBLAZE = "\$HOME/.config/mblaze"; - NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; + dadada.home = + lib.attrsets.genAttrs useFeatures (useFeatures: {enable = true;}) + // { + session = { + enable = true; + sessionVars = { + EDITOR = "vim"; + PAGER = "less"; + MAILDIR = "\$HOME/.var/mail"; + MBLAZE = "\$HOME/.config/mblaze"; + NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; + }; }; }; - }; # Languagetool server for web extension systemd.user.services."languagetool-http-server" = { Unit = { Description = "Languagetool HTTP server"; - PartOf = [ "graphical-session-pre.target" ]; - After = [ "graphical-session.target" ]; + PartOf = ["graphical-session-pre.target"]; + After = ["graphical-session.target"]; }; Service = { @@ -54,11 +59,11 @@ in Restart = "always"; }; - Install = { WantedBy = [ "graphical-session.target" ]; }; + Install = {WantedBy = ["graphical-session.target"];}; }; # Let Home Manager install and manage itself. programs.home-manager.enable = true; - home.packages = import ./pkgs.nix { pkgs = pkgs; }; + home.packages = import ./pkgs.nix {pkgs = pkgs;}; } diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index b6b78c3..9ec1fb5 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,4 +1,4 @@ -{ pkgs }: +{pkgs}: with pkgs; [ anki aqbanking diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 395f5ab..2faace4 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -1,9 +1,12 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.dadada.home.alacritty; -in { + pkgs, + lib, + config, + ... +}: +with lib; let + cfg = config.dadada.home.alacritty; +in { options.dadada.home.alacritty = { enable = mkEnableOption "Enable alacritty config"; }; @@ -78,12 +81,30 @@ in }; indexed_colors = [ - { index = 16; color = "0xffa500"; } - { index = 17; color = "0xb03060"; } - { index = 18; color = "0x282828"; } - { index = 19; color = "0x444155"; } - { index = 20; color = "0xb8b8b8"; } - { index = 21; color = "0xe8e8e8"; } + { + index = 16; + color = "0xffa500"; + } + { + index = 17; + color = "0xb03060"; + } + { + index = 18; + color = "0x282828"; + } + { + index = 19; + color = "0x444155"; + } + { + index = 20; + color = "0xb8b8b8"; + } + { + index = 21; + color = "0xe8e8e8"; + } ]; }; }; diff --git a/home/modules/colors.nix b/home/modules/colors.nix index 950fe52..5a2f594 100644 --- a/home/modules/colors.nix +++ b/home/modules/colors.nix @@ -1,6 +1,9 @@ -{ config, lib, ... }: -with lib; { + config, + lib, + ... +}: +with lib; { options.dadada.home.colors = mkOption { type = types.attrs; description = "Color scheme"; diff --git a/home/modules/default.nix b/home/modules/default.nix index c5fe056..4d4eff8 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -1,9 +1,12 @@ -{ self, nix-doom-emacs, ... }@inputs: { + self, + nix-doom-emacs, + ... +} @ inputs: { alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - emacs = import ./emacs { inherit nix-doom-emacs; }; + emacs = import ./emacs {inherit nix-doom-emacs;}; fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index 997c9e9..acc00ea 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.direnv; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.direnv; +in { options.dadada.home.direnv = { enable = mkEnableOption "Enable direnv config"; }; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix index 7091a37..9d13d78 100644 --- a/home/modules/emacs/default.nix +++ b/home/modules/emacs/default.nix @@ -1,11 +1,13 @@ -{ nix-doom-emacs, ... }: -{ config, pkgs, lib, ... }: -with lib; -let +{nix-doom-emacs, ...}: { + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.dadada.home.emacs; -in -{ - imports = [ nix-doom-emacs.hmModule ]; +in { + imports = [nix-doom-emacs.hmModule]; options.dadada.home.emacs = { enable = mkEnableOption "Enable dadada emacs config"; }; @@ -13,58 +15,57 @@ in programs.doom-emacs = { enable = true; doomPrivateDir = ./doom.d; - emacsPackagesOverlay = self: super: with pkgs; { - tsc = super.tsc.overrideAttrs (old: - let - libtsc_dyn = rustPlatform.buildRustPackage rec { - pname = "emacs-tree-sitter"; - version = "0.15.1"; - src = fetchFromGitHub { - owner = "ubolonton"; - repo = "emacs-tree-sitter"; - rev = version; - sha256 = "sha256-WgkGtmw63+kRLTRiSEO4bFF2IguH5g4odCujyazkwJc="; + emacsPackagesOverlay = self: super: + with pkgs; { + tsc = super.tsc.overrideAttrs (old: let + libtsc_dyn = rustPlatform.buildRustPackage rec { + pname = "emacs-tree-sitter"; + version = "0.15.1"; + src = fetchFromGitHub { + owner = "ubolonton"; + repo = "emacs-tree-sitter"; + rev = version; + sha256 = "sha256-WgkGtmw63+kRLTRiSEO4bFF2IguH5g4odCujyazkwJc="; + }; + preBuild = '' + export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ + $(< ${stdenv.cc}/nix-support/libc-cflags) \ + $(< ${stdenv.cc}/nix-support/cc-cflags) \ + $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ + ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ + ${lib.optionalString stdenv.cc.isGNU + "-isystem ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include/"} \ + ${lib.optionalString stdenv.cc.isGNU + "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ + $NIX_CFLAGS_COMPILE" + ''; + LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; + cargoHash = "sha256-HB5tFR1slY2D6jb2mt4KrGrGBUUVrxiBjmVycO+qfYY="; }; + in { + inherit (libtsc_dyn) src; preBuild = '' - export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ - $(< ${stdenv.cc}/nix-support/libc-cflags) \ - $(< ${stdenv.cc}/nix-support/cc-cflags) \ - $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ - ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ - ${lib.optionalString stdenv.cc.isGNU - "-isystem ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include/"} \ - ${lib.optionalString stdenv.cc.isGNU - "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ - $NIX_CFLAGS_COMPILE" + ext=${stdenv.hostPlatform.extensions.sharedLibrary} + dest=$out/share/emacs/site-lisp/elpa/tsc-${old.version} + install -D ${libtsc_dyn}/lib/libtsc_dyn$ext $dest/tsc-dyn$ext + echo -n "0.15.1" > $dest/DYN-VERSION ''; - LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; - cargoHash = "sha256-HB5tFR1slY2D6jb2mt4KrGrGBUUVrxiBjmVycO+qfYY="; - }; - in - { - inherit (libtsc_dyn) src; - preBuild = '' - ext=${stdenv.hostPlatform.extensions.sharedLibrary} - dest=$out/share/emacs/site-lisp/elpa/tsc-${old.version} - install -D ${libtsc_dyn}/lib/libtsc_dyn$ext $dest/tsc-dyn$ext - echo -n "0.15.1" > $dest/DYN-VERSION - ''; - }); - tree-sitter-langs = super.tree-sitter-langs.overrideAttrs (old: { - postInstall = '' - dest=$out/share/emacs/site-lisp/elpa/tree-sitter-langs-${old.version} - echo -n "0.10.2" > $dest/BUNDLE-VERSION - ${lib.concatStringsSep "\n" - (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $dest/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; - ''; - }); - }; + }); + tree-sitter-langs = super.tree-sitter-langs.overrideAttrs (old: { + postInstall = '' + dest=$out/share/emacs/site-lisp/elpa/tree-sitter-langs-${old.version} + echo -n "0.10.2" > $dest/BUNDLE-VERSION + ${lib.concatStringsSep "\n" + (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $dest/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; + ''; + }); + }; }; - home.file.".tree-sitter".source = (pkgs.runCommand "grammars" {} '' - mkdir -p $out/bin - echo -n "0.10.2" > $out/BUNDLE-VERSION - ${lib.concatStringsSep "\n" + home.file.".tree-sitter".source = pkgs.runCommand "grammars" {} '' + mkdir -p $out/bin + echo -n "0.10.2" > $out/BUNDLE-VERSION + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $out/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; - ''); + ''; }; } diff --git a/home/modules/fish.nix b/home/modules/fish.nix index 89689e8..dcbc5fc 100644 --- a/home/modules/fish.nix +++ b/home/modules/fish.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.fish; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.fish; +in { options.dadada.home.fish = { enable = mkEnableOption "Enable fish config"; }; @@ -11,15 +14,17 @@ in config = mkIf cfg.enable { programs.fish = { enable = true; - plugins = with pkgs; [{ - name = "fzf"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "fzf"; - rev = "c3defd4a922e97120503b45e26efa775bc672b50"; - sha256 = "1k5b0nva0mbqc9830qhbcwxsi8d9b2p4ws1fq0bw9nkf2ripyp4p"; - }; - }]; + plugins = with pkgs; [ + { + name = "fzf"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "fzf"; + rev = "c3defd4a922e97120503b45e26efa775bc672b50"; + sha256 = "1k5b0nva0mbqc9830qhbcwxsi8d9b2p4ws1fq0bw9nkf2ripyp4p"; + }; + } + ]; interactiveShellInit = '' # fish git prompt set __fish_git_prompt_show_informative_status 'yes' @@ -75,6 +80,6 @@ in }; }; - home.packages = [ pkgs.exa ]; + home.packages = [pkgs.exa]; }; } diff --git a/home/modules/git.nix b/home/modules/git.nix index 4c17be5..1df4884 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,9 +1,12 @@ -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.dadada.home.git; -in { + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.dadada.home.git; +in { options.dadada.home.git = { enable = mkEnableOption "Enable git config"; }; @@ -16,7 +19,7 @@ in tab-in-indent = true; tabwidth = 4; }; - alias = { }; + alias = {}; pager = "delta"; }; column.ui = "never"; diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index 4adc636..cfe7acb 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -1,9 +1,11 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.gpg; -in { + config, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.gpg; +in { options.dadada.home.gpg = { enable = mkEnableOption "Enable GnuPG config"; }; @@ -29,7 +31,7 @@ in }; programs.git.extraConfig = { - commit = { gpgSign = true; }; + commit = {gpgSign = true;}; }; }; } diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index c6b99a7..5128202 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -1,9 +1,12 @@ -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.dadada.home.gtk; -in { + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.dadada.home.gtk; +in { options.dadada.home.gtk = { enable = mkEnableOption "Enable GTK config"; }; diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index c7eba12..ff00bd7 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -1,16 +1,18 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.keyring; -in { + config, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.keyring; +in { options.dadada.home.keyring = { enable = mkEnableOption "Enable keyring config"; }; config = mkIf cfg.enable { services.gnome-keyring = { enable = false; - components = [ "pkcs11" "secrets" ]; + components = ["pkcs11" "secrets"]; }; }; } diff --git a/home/modules/kitty/default.nix b/home/modules/kitty/default.nix index 0486988..b90a61f 100644 --- a/home/modules/kitty/default.nix +++ b/home/modules/kitty/default.nix @@ -1,9 +1,12 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.dadada.home.kitty; -in { + pkgs, + lib, + config, + ... +}: +with lib; let + cfg = config.dadada.home.kitty; +in { options.dadada.home.kitty = { enable = mkEnableOption "Enable kitty config"; }; @@ -12,6 +15,6 @@ in enable = true; extraConfig = builtins.readFile ./config; }; - home.packages = [ pkgs.source-code-pro ]; + home.packages = [pkgs.source-code-pro]; }; } diff --git a/home/modules/mako.nix b/home/modules/mako.nix index b305311..77d99f7 100644 --- a/home/modules/mako.nix +++ b/home/modules/mako.nix @@ -1,9 +1,13 @@ -{ config, lib, pkgs, colors, ... }: -with lib; -let - cfg = config.dadada.home.mako; -in { + config, + lib, + pkgs, + colors, + ... +}: +with lib; let + cfg = config.dadada.home.mako; +in { options.dadada.home.mako = { enable = mkEnableOption "Enable mako config"; }; diff --git a/home/modules/session.nix b/home/modules/session.nix index 7ea0c1f..61236eb 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -1,15 +1,17 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.session; -in { + config, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.session; +in { options.dadada.home.session = { enable = mkEnableOption "Enable session variable management"; sessionVars = mkOption { description = "Session variables"; type = types.attrs; - default = { }; + default = {}; example = '' EDITOR = "vim"; PAGER = "less"; diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index b468d08..ee4d227 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -1,9 +1,11 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.ssh; -in { + config, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.ssh; +in { options.dadada.home.ssh = { enable = mkEnableOption "Enable SSH config"; }; diff --git a/home/modules/sway/default.nix b/home/modules/sway/default.nix index 45eaee6..e28cc33 100644 --- a/home/modules/sway/default.nix +++ b/home/modules/sway/default.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, colors, ... }: -with lib; -let - cfg = config.dadada.home.sway; -in { + config, + pkgs, + lib, + colors, + ... +}: +with lib; let + cfg = config.dadada.home.sway; +in { options.dadada.home.sway = { enable = mkEnableOption "Enable Sway config"; }; @@ -26,7 +30,7 @@ in wayland.windowManager.sway = { enable = true; config = null; - extraConfig = (builtins.readFile ./config); + extraConfig = builtins.readFile ./config; extraSessionCommands = '' export SDL_VIDEODRIVER=wayland # needs qt5.qtwayland in systemPackages diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix index a184a13..b8ac74b 100644 --- a/home/modules/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.syncthing; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.syncthing; +in { options.dadada.home.syncthing = { enable = mkEnableOption "Enable Syncthing config"; }; diff --git a/home/modules/termite.nix b/home/modules/termite.nix index 694b34b..a3c43db 100644 --- a/home/modules/termite.nix +++ b/home/modules/termite.nix @@ -1,14 +1,13 @@ -{ config -, lib -, pkgs -, colors ? ../../lib/colors.nix -, ... -}: -with lib; -let - cfg = config.dadada.home.termite; -in { + config, + lib, + pkgs, + colors ? ../../lib/colors.nix, + ... +}: +with lib; let + cfg = config.dadada.home.termite; +in { options.dadada.home.termite = { enable = mkEnableOption "Enable termite config"; }; diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 99a28f0..cc68bbe 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -1,9 +1,11 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.tmux; -in { + config, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.tmux; +in { options.dadada.home.tmux = { enable = mkEnableOption "Enable tmux config"; }; diff --git a/home/modules/vim/default.nix b/home/modules/vim/default.nix index 91d5d9c..efc74ab 100644 --- a/home/modules/vim/default.nix +++ b/home/modules/vim/default.nix @@ -1,10 +1,13 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.vim; - vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins { }; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.vim; + vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {}; +in { options.dadada.home.vim = { enable = mkEnableOption "Enable VIM config"; }; diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index f3014b6..85feff5 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -1,6 +1,10 @@ -{ config, pkgs, lib, ... }: -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let apps = { "x-scheme-handler/mailto" = "userapp-Thunderbird-PB7NI0.desktop"; "message/rfc822" = "userapp-Thunderbird-PB7NI0.desktop"; @@ -19,8 +23,7 @@ let "application/pdf" = "org.pwmt.zathura.desktop"; }; cfg = config.dadada.home.xdg; -in -{ +in { options.dadada.home.xdg = { enable = mkEnableOption "Enable XDG config"; }; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 068387a..c192094 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.zsh; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.home.zsh; +in { options.dadada.home.zsh = { enable = mkEnableOption "Enable ZSH config"; }; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 24650fe..8939fc5 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,7 +1,6 @@ -{ pkgs }: -{ +{pkgs}: { allowUnfree = true; - allowUnfreePredicate = (pkg: true); + allowUnfreePredicate = pkg: true; allowBroken = false; android_sdk.accept_license = true; } diff --git a/lib/default.nix b/lib/default.nix index 878d2c0..7b055cd 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,5 +1,4 @@ -{ pkgs }: - +{pkgs}: with pkgs.lib; { # TODO } diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 014c2c3..9c31239 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + ... +}: { imports = [ ./hardware-configuration.nix ]; @@ -44,10 +48,10 @@ networking.bridges = { "br-lan" = { - interfaces = [ "lan" ]; + interfaces = ["lan"]; }; "br-backup" = { - interfaces = [ "backup" ]; + interfaces = ["backup"]; }; }; diff --git a/nixos/agares/hardware-configuration.nix b/nixos/agares/hardware-configuration.nix index 5642461..d15b480 100644 --- a/nixos/agares/hardware-configuration.nix +++ b/nixos/agares/hardware-configuration.nix @@ -1,24 +1,28 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/sda1"; + fileSystems."/" = { + device = "/dev/sda1"; fsType = "btrfs"; - options = [ "subvol=root" ]; + options = ["subvol=root"]; }; - swapDevices = [ ]; + swapDevices = []; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config diff --git a/nixos/configurations.nix b/nixos/configurations.nix index cf5d829..dadf1f9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,84 +1,97 @@ -{ self -, admins -, nixpkgs -, nixosSystem -, home-manager -, homePage -, nixos-hardware -, nvd -, scripts -, recipemd -}: -let +{ + self, + admins, + nixpkgs, + nixosSystem, + home-manager, + homePage, + nixos-hardware, + nvd, + scripts, + recipemd, +}: let adapterModule = system: { - nixpkgs.config.allowUnfreePredicate = (pkg: true); - nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ - (final: prev: { homePage = homePage.defaultPackage.${system}; }) - (final: prev: { s = scripts; }) - (final: prev: { n = nvd; }) - (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) - ]; + nixpkgs.config.allowUnfreePredicate = pkg: true; + nixpkgs.overlays = + (nixpkgs.lib.attrValues self.overlays) + ++ [ + (final: prev: {homePage = homePage.defaultPackage.${system};}) + (final: prev: {s = scripts;}) + (final: prev: {n = nvd;}) + (final: prev: {recipemd = recipemd.defaultPackage.${system};}) + ]; }; lib = nixpkgs.lib; adminConfig = users: { dadada.admin.users = lib.getAttrs users admins; }; -in -{ +in { gorgon = nixosSystem rec { system = "x86_64-linux"; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adapterModule system) - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { manual.manpages.enable = false;} - ]; - home-manager.users.dadada = import ../home/home; - } - ./modules/profiles/laptop.nix - ./gorgon/configuration.nix - ]; + modules = + (nixpkgs.lib.attrValues self.nixosModules) + ++ [ + (adapterModule system) + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = + (nixpkgs.lib.attrValues self.hmModules) + ++ [ + {manual.manpages.enable = false;} + ]; + home-manager.users.dadada = import ../home/home; + } + ./modules/profiles/laptop.nix + ./gorgon/configuration.nix + ]; }; ifrit = nixosSystem rec { system = "x86_64-linux"; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) - (adapterModule system) - ./modules/profiles/server.nix - ./ifrit/configuration.nix - ]; + modules = + (nixpkgs.lib.attrValues self.nixosModules) + ++ [ + (adminConfig ["dadada"]) + (adapterModule system) + ./modules/profiles/server.nix + ./ifrit/configuration.nix + ]; }; surgat = nixosSystem rec { system = "x86_64-linux"; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) - (adapterModule system) - ./modules/profiles/server.nix - ./surgat/configuration.nix - ]; + modules = + (nixpkgs.lib.attrValues self.nixosModules) + ++ [ + (adminConfig ["dadada"]) + (adapterModule system) + ./modules/profiles/server.nix + ./surgat/configuration.nix + ]; }; pruflas = nixosSystem rec { system = "x86_64-linux"; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) - (adapterModule system) - ./modules/profiles/laptop.nix - ./pruflas/configuration.nix - ]; + modules = + (nixpkgs.lib.attrValues self.nixosModules) + ++ [ + (adminConfig ["dadada"]) + (adapterModule system) + ./modules/profiles/laptop.nix + ./pruflas/configuration.nix + ]; }; agares = nixosSystem rec { system = "x86_64-linux"; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) - (adapterModule system) - ./modules/profiles/server.nix - ./agares/configuration.nix - ]; + modules = + (nixpkgs.lib.attrValues self.nixosModules) + ++ [ + (adminConfig ["dadada"]) + (adapterModule system) + ./modules/profiles/server.nix + ./agares/configuration.nix + ]; }; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 10f8778..00bba50 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,6 +1,11 @@ -{ config, pkgs, lib, ... }: -let - signHook = pkgs.writeShellScript "/etc/nix/sign-cache.sh" +{ + config, + pkgs, + lib, + ... +}: let + signHook = + pkgs.writeShellScript "/etc/nix/sign-cache.sh" '' set -eu set -f # disable globbing @@ -9,20 +14,19 @@ let echo "Signing paths" $OUT_PATHS nix store sign --key-file /etc/nix/key.private $OUT_PATHS ''; -in -{ +in { imports = [ ./hardware-configuration.nix ]; nix.extraOptions = '' - experimental-features = nix-command flakes - # Prevent garbage collection for nix shell and direnv - keep-outputs = true - keep-derivations = true + experimental-features = nix-command flakes + # Prevent garbage collection for nix shell and direnv + keep-outputs = true + keep-derivations = true ''; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = ["kvm-amd"]; networking.hostName = "gorgon"; @@ -39,9 +43,9 @@ in networking = { enableBsShare = true; localResolver = { - enable= true; - uwu= true; - s0= true; + enable = true; + uwu = true; + s0 = true; }; vpnExtension = "3"; }; @@ -99,23 +103,23 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; + extraGroups = ["wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker"]; shell = "/run/current-system/sw/bin/zsh"; }; }; networking.hosts = { - "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; - "127.0.0.2" = [ "kanboard.dadada.li" ]; + "10.1.2.9" = ["fgprinter.fginfo.tu-bs.de"]; + "127.0.0.2" = ["kanboard.dadada.li"]; }; networking.wireguard.interfaces.uwupn = { - ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; + ips = ["10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128"]; privateKeyFile = "/var/lib/wireguard/uwu"; peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + allowedIPs = ["10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23"]; endpoint = "53c70r.de:51820"; persistentKeepalive = 25; } diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index 7b30b9e..25a7265 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -1,42 +1,45 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5B90-D460"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5B90-D460"; + fsType = "vfat"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0"; + fsType = "ext4"; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef"; - fsType = "ext4"; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef"; + fsType = "ext4"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db";} + ]; nix.settings.max-jobs = lib.mkDefault 16; } diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 79ce141..5001b9a 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -1,13 +1,16 @@ -{ config, pkgs, lib, ... }: -let +{ + config, + pkgs, + lib, + ... +}: let hostAliases = [ "ifrit.dadada.li" "media.dadada.li" "backup0.dadada.li" ]; backups = "/mnt/storage/backup"; -in -{ +in { imports = [ ./hardware-configuration.nix ]; @@ -23,50 +26,50 @@ in services.borgbackup.repos = { "metis" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/wohnzimmerpi"; quota = "50G"; }; "fginfo" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/fginfo"; quota = "10G"; }; "fginfo-git" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + authorizedKeysAppendOnly = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git"]; + authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; path = "${backups}/fginfo-git"; quota = "10G"; }; @@ -98,7 +101,7 @@ in device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; mountPoint = "/mnt/storage"; neededForBoot = false; - options = [ "nofail" ]; + options = ["nofail"]; }; networking.firewall = { @@ -113,7 +116,7 @@ in isNormalUser = true; }; - environment.systemPackages = [ pkgs.curl ]; + environment.systemPackages = [pkgs.curl]; system.stateVersion = "20.03"; } diff --git a/nixos/ifrit/hardware-configuration.nix b/nixos/ifrit/hardware-configuration.nix index 71b7225..07e3b3f 100644 --- a/nixos/ifrit/hardware-configuration.nix +++ b/nixos/ifrit/hardware-configuration.nix @@ -1,26 +1,30 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix" ) - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485"; + fsType = "ext4"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6";} + ]; nix.settings.max-jobs = lib.mkDefault 2; } diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 56174b8..90123e7 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: - -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.dadada.admin; - extraGroups = [ "wheel" "libvirtd" ]; + extraGroups = ["wheel" "libvirtd"]; shells = { "bash" = pkgs.bashInteractive; @@ -13,11 +16,15 @@ let shellNames = builtins.attrNames shells; - adminOpts = { name, config, ... }: { + adminOpts = { + name, + config, + ... + }: { options = { keys = mkOption { type = types.listOf types.str; - default = [ ]; + default = []; apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; description = '' The keys that should be able to access the account. @@ -35,15 +42,14 @@ let }; }; }; -in -{ +in { options = { dadada.admin = { enable = mkEnableOption "Enable admin access"; users = mkOption { type = with types; attrsOf (submodule adminOpts); - default = { }; + default = {}; description = '' Admin users with root access machine. ''; @@ -68,14 +74,14 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - users.users = mapAttrs - (user: keys: ( - { + users.users = + mapAttrs + (user: keys: { shell = shells."${keys.shell}"; extraGroups = extraGroups; isNormalUser = true; openssh.authorizedKeys.keys = keys.keys; - })) + }) cfg.users; nix.trustedUsers = builtins.attrNames cfg.users; @@ -90,7 +96,7 @@ in services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [{ port = 22; }]; + map = [{port = 22;}]; }; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index c741663..8bfe8bb 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -1,6 +1,10 @@ -{ config, pkgs, lib, ... }: -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let backupExcludes = [ "/backup" "/dev" @@ -20,87 +24,87 @@ let "/var/tmp" ]; cfg = config.dadada.backupClient; -in - { - options = { - dadada.backupClient = { - gs = { - enable = mkEnableOption "Enable backup to GS location"; - passphrasePath = mkOption { - type = with types; nullOr str; - description = '' - The path to the passphrase file. - ''; - default = "/var/lib/borgbackup/gs/passphrase"; - }; +in { + options = { + dadada.backupClient = { + gs = { + enable = mkEnableOption "Enable backup to GS location"; + passphrasePath = mkOption { + type = with types; nullOr str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/gs/passphrase"; }; - bs = { - enable = mkEnableOption "Enable backup to BS location"; - passphrasePath = mkOption { - type = types.str; - description = '' - The path to the passphrase file. - ''; - default = "/var/lib/borgbackup/bs/passphrase"; - }; - sshIdentityFile = mkOption { - type = types.str; - description = '' - Path to the SSH key that is used to transmit the backup. - ''; - default = "/var/lib/borgbackup/bs/id_ed25519"; - }; + }; + bs = { + enable = mkEnableOption "Enable backup to BS location"; + passphrasePath = mkOption { + type = types.str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/bs/passphrase"; + }; + sshIdentityFile = mkOption { + type = types.str; + description = '' + Path to the SSH key that is used to transmit the backup. + ''; + default = "/var/lib/borgbackup/bs/id_ed25519"; }; }; }; + }; config = mkIf cfg.gs.enable { fileSystems = mkIf cfg.gs { "/backup" = { device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; fsType = "ext4"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; }; }; - services.borgbackup.jobs.gs = { - paths = "/"; - exclude = backupExcludes; - repo = "/backup/${config.networking.hostName}"; - doInit = false; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.gs.passphrasePath}"; + services.borgbackup.jobs.gs = + { + paths = "/"; + exclude = backupExcludes; + repo = "/backup/${config.networking.hostName}"; + doInit = false; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.gs.passphrasePath}"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "monthly"; + } + // mkIf cfg.bs.enable { + services.borgbackup.jobs.bs = { + paths = "/"; + exclude = backupExcludes; + repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + doInit = false; + environment = { + BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.bs.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + environment = { + BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; + }; + }; }; - compression = "auto,lz4"; - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 2; - monthly = -1; # Keep at least one archive for each month - yearly = -1; # Keep at least one archive for each year - }; - startAt = "monthly"; - } // mkIf cfg.bs.enable { - - services.borgbackup.jobs.bs = { - paths = "/"; - exclude = backupExcludes; - repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; - doInit = false; - environment = { - BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; - }; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.bs.passphrasePath}"; - }; - compression = "auto,lz4"; - startAt = "daily"; - environment = { - BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; - }; - }; - }; }; } diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 9247fb8..b27dd97 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -1,40 +1,46 @@ -{ config, pkgs, lib, ... }: -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.dadada.ddns; ddnsConfig = hostNames: { - systemd.timers = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}" - { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${hostname}.service" ]; - timerConfig.OnCalendar = "hourly"; - })); + systemd.timers = listToAttrs (forEach hostNames (hostname: + nameValuePair "ddns-${hostname}" + { + wantedBy = ["timers.target"]; + partOf = ["ddns-${hostname}.service"]; + timerConfig.OnCalendar = "hourly"; + })); - systemd.services = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}" - { - serviceConfig.Type = "oneshot"; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } + systemd.services = listToAttrs (forEach hostNames (hostname: + nameValuePair "ddns-${hostname}" + { + serviceConfig.Type = "oneshot"; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } - IFS=':' - read -r user password < /var/lib/ddns/credentials - unset IFS + IFS=':' + read -r user password < /var/lib/ddns/credentials + unset IFS - curl_url=$(url "$user" "$password" ${hostname}) + curl_url=$(url "$user" "$password" ${hostname}) - ${pkgs.curl}/bin/curl -4 "$curl_url" - ${pkgs.curl}/bin/curl -6 "$curl_url" - ''; - })); + ${pkgs.curl}/bin/curl -4 "$curl_url" + ${pkgs.curl}/bin/curl -6 "$curl_url" + ''; + })); }; in { options = { dadada.ddns.domains = mkOption { type = types.listOf types.str; description = '' - Enables DDNS for these domains. + Enables DDNS for these domains. ''; example = '' [ "example.com" ] diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 44d1125..72bff58 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,5 +1,4 @@ -{ ... }@inputs: -{ +{...} @ inputs: { admin = import ./admin.nix; backup = import ./backup.nix; ddns = import ./ddns.nix; diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix index 101e17e..052b0b4 100644 --- a/nixos/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,8 +1,11 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.dadada.element; -in { + config, + pkgs, + lib, + ... +}: let + cfg = config.dadada.element; +in { options.dadada.element = { enable = lib.mkEnableOption "Enable element webapp"; }; diff --git a/nixos/modules/fido2.nix b/nixos/modules/fido2.nix index a24d906..7ec354d 100644 --- a/nixos/modules/fido2.nix +++ b/nixos/modules/fido2.nix @@ -1,10 +1,13 @@ -{ config, pkgs, lib, ... }: -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let luks = config.dadada.luks; fido2 = config.dadada.fido2; -in -{ +in { options = { dadada.luks = { uuid = mkOption { @@ -52,5 +55,4 @@ in cue = true; }; }; - } diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix index d8b36d9..7cd7849 100644 --- a/nixos/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,12 +1,14 @@ -{ config, lib, ... }: -with lib; -let +{ + config, + lib, + ... +}: +with lib; let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; -in -{ +in { options.dadada.fileShare = { enable = mkEnableOption "Enable file share server"; }; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 4581cde..ef40b83 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -let +{ + config, + pkgs, + lib, + ... +}: let redisSocket = "127.0.0.1:6379"; cfg = config.dadada.gitea; -in -{ +in { options.dadada.gitea = { enable = lib.mkEnableOption "Enable gitea"; }; diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix index a8c4a16..105e67b 100644 --- a/nixos/modules/headphones.nix +++ b/nixos/modules/headphones.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.headphones; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.headphones; +in { options = { dadada.headphones = { enable = mkEnableOption "Enable bluetooth headphones with more audio codecs."; @@ -14,7 +17,7 @@ in bluetooth.enable = true; pulseaudio = { enable = true; - extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraModules = [pkgs.pulseaudio-modules-bt]; extraConfig = '' set-source-volume 1 10000 ''; diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index ed03c0b..cd68876 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,18 +1,22 @@ -{ config, pkgs, lib, ... }: -let +{ + config, + pkgs, + lib, + ... +}: let cfg = config.dadada.homePage; in -with lib; { - options.dadada.homePage = { - enable = mkEnableOption "Enable home page"; - }; - config = mkIf cfg.enable { - services.nginx.enable = true; - - services.nginx.virtualHosts."dadada.li" = { - enableACME = true; - forceSSL = true; - root = "${pkgs.homePage}"; + with lib; { + options.dadada.homePage = { + enable = mkEnableOption "Enable home page"; }; - }; -} + config = mkIf cfg.enable { + services.nginx.enable = true; + + services.nginx.virtualHosts."dadada.li" = { + enableACME = true; + forceSSL = true; + root = "${pkgs.homePage}"; + }; + }; + } diff --git a/nixos/modules/kanboard/default.nix b/nixos/modules/kanboard/default.nix index 086a656..f9063d2 100644 --- a/nixos/modules/kanboard/default.nix +++ b/nixos/modules/kanboard/default.nix @@ -1,6 +1,10 @@ # Source https://github.com/NixOS/nixpkgs/issues/113384 -{ config, lib, pkgs, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let cfg = config.dadada.kanboard; in { options = { @@ -32,27 +36,30 @@ in { name = "kanboard-configured"; paths = [ (pkgs.runCommand "kanboard-over" {meta.priority = 0;} '' - mkdir -p $out - for f in index.php jsonrpc.php ; do - echo " $out/$f - tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \ - | sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f - done - ln -s /var/lib/kanboard $out/data - ln -s ${./kanboard-config.php} $out/config.php + mkdir -p $out + for f in index.php jsonrpc.php ; do + echo " $out/$f + tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \ + | sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f + done + ln -s /var/lib/kanboard $out/data + ln -s ${./kanboard-config.php} $out/config.php '') - { outPath = "${pkgs.kanboard}/share/kanboard"; meta.priority = 10; } - ]; - }; - locations = { - "/".index = "index.php"; - "~ \\.php$" = { - tryFiles = "$uri =404"; - extraConfig = '' - fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; - ''; - }; + { + outPath = "${pkgs.kanboard}/share/kanboard"; + meta.priority = 10; + } + ]; + }; + locations = { + "/".index = "index.php"; + "~ \\.php$" = { + tryFiles = "$uri =404"; + extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; + ''; }; + }; }; }; }; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index cc50064..5cf00bd 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -1,10 +1,13 @@ -{ config, pkgs, lib, ... }: -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.dadada.networking; vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; -in -{ +in { options = { dadada.networking = { localResolver = { @@ -15,7 +18,7 @@ in wanInterfaces = mkOption { type = with types; listOf str; description = "WAN network interfaces"; - default = [ ]; + default = []; }; vpnExtension = mkOption { type = with types; nullOr str; @@ -83,20 +86,22 @@ in "149.112.112.112@853#dns.quad9.net" ]; } - (mkIf cfg.localResolver.uwu { - name = "uwu."; - forward-addr = [ - "fc00:1337:dead:beef::10.11.0.1" - "10.11.0.1" - ]; - } + ( + mkIf cfg.localResolver.uwu { + name = "uwu."; + forward-addr = [ + "fc00:1337:dead:beef::10.11.0.1" + "10.11.0.1" + ]; + } ) - (mkIf cfg.localResolver.s0 { - name = "s0."; - forward-addr = [ - "192.168.178.1" - ]; - } + ( + mkIf cfg.localResolver.s0 { + name = "s0."; + forward-addr = [ + "192.168.178.1" + ]; + } ) { name = "dyn.dadada.li."; @@ -110,13 +115,14 @@ in networking.useDHCP = false; - networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i { - useDHCP = true; - })); + networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: + nameValuePair i { + useDHCP = true; + })); networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { dadada = { - ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ]; + ips = ["fd42:9c3b:f96d:201::${cfg.vpnExtension}/64"]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; @@ -124,7 +130,7 @@ in peers = [ { publicKey = vpnPubKey; - allowedIPs = [ "fd42:9c3b:f96d::/48" ]; + allowedIPs = ["fd42:9c3b:f96d::/48"]; endpoint = "vpn.dadada.li:51234"; persistentKeepalive = 25; } @@ -134,8 +140,8 @@ in # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { - wantedBy = [ "timers.target" ]; - partOf = [ "wg-reresolve-dns.service" ]; + wantedBy = ["timers.target"]; + partOf = ["wg-reresolve-dns.service"]; timerConfig.OnCalendar = "hourly"; }; systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index bf60194..e674a4a 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -1,9 +1,14 @@ -{ self -, home-manager -, nixpkgs -, ... +{ + self, + home-manager, + nixpkgs, + ... +}: { + config, + pkgs, + lib, + ... }: -{ config, pkgs, lib, ... }: # Global settings for nix daemon { nix.nixPath = [ diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 2ad80ec..eae911a 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,6 +1,10 @@ -{ config, pkgs, lib, ... }: -with lib; { + config, + pkgs, + lib, + ... +}: +with lib; { networking.domain = mkDefault "dadada.li"; services.fwupd.enable = mkDefault true; @@ -25,7 +29,7 @@ with lib; vteIntegration = true; syntaxHighlighting = { enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; + highlighters = ["main" "brackets" "pattern" "root" "line"]; }; }; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index b2e48dd..ce55e42 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,6 +1,10 @@ -{ config, pkgs, lib, ... }: -with lib; { + config, + pkgs, + lib, + ... +}: +with lib; { networking.domain = mkDefault "dadada.li"; networking.tempAddresses = "disabled"; diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix index abac5c7..914ff14 100644 --- a/nixos/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,10 +1,12 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.dadada.share; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.share; +in { options.dadada.share = { enable = mkEnableOption "Enable file share"; }; diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index 4784c0c..8c83444 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.steam; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.steam; +in { options = { dadada.steam = { enable = mkEnableOption "Enable Steam config"; @@ -15,7 +18,7 @@ in hardware.opengl = { enable = true; driSupport32Bit = true; - extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + extraPackages32 = with pkgs.pkgsi686Linux; [libva]; }; hardware.pulseaudio.support32Bit = true; diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix index 6194e8a..023bfbc 100644 --- a/nixos/modules/update.nix +++ b/nixos/modules/update.nix @@ -1,10 +1,12 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.autoUpgrade; -in { - + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.autoUpgrade; +in { options.dadada.autoUpgrade = { enable = mkEnableOption "Enable automatic upgrades"; }; diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 690ab39..ef0d3ad 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,9 +1,12 @@ -{ config, pkgs, lib, ... }: - -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.dadada.vpnServer; - wgPeer = { name, ... }: { + wgPeer = {name, ...}: { options = { name = mkOption { internal = true; @@ -21,14 +24,13 @@ let }; }; }; -in -{ +in { options.dadada.vpnServer = { enable = mkEnableOption "Enable wireguard gateway"; peers = mkOption { description = "Set of extensions and public keys of peers"; type = with types; attrsOf (submodule wgPeer); - default = { }; + default = {}; }; }; config = mkIf cfg.enable { @@ -37,14 +39,14 @@ in interfaces."wg0" = { allowedIPsAsRoutes = true; privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = [ "fd42:9c3b:f96d:0201::0/64" ]; + ips = ["fd42:9c3b:f96d:0201::0/64"]; listenPort = 51234; - peers = map - (peer: ( - { - allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; - publicKey = peer.key; - })) + peers = + map + (peer: { + allowedIPs = ["fd42:9c3b:f96d:0201::${peer.id}/128"]; + publicKey = peer.key; + }) (attrValues cfg.peers); postSetup = '' wg set wg0 fwmark 51234 diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index a32455a..a5667ef 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,10 +1,12 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.dadada.weechat; -in { + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.dadada.weechat; +in { options.dadada.weechat = { enable = mkEnableOption "Enable weechat relay"; }; diff --git a/nixos/modules/zsh.nix b/nixos/modules/zsh.nix index f63b932..585aa0d 100644 --- a/nixos/modules/zsh.nix +++ b/nixos/modules/zsh.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + ... +}: { programs.zsh = { enable = true; autosuggestions.enable = true; @@ -8,7 +12,7 @@ vteIntegration = true; syntaxHighlighting = { enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; + highlighters = ["main" "brackets" "pattern" "root" "line"]; }; }; } diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index d1c3c45..b7d3b54 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,7 +1,11 @@ -{ config, pkgs, lib, ... }: -with lib; { - imports = [ ./hardware-configuration.nix ]; + config, + pkgs, + lib, + ... +}: +with lib; { + imports = [./hardware-configuration.nix]; networking.hostName = "pruflas"; @@ -12,7 +16,7 @@ with lib; package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; - buildMachinesFiles = [ ]; + buildMachinesFiles = []; useSubstitutes = true; listenHost = "hydra.dadada.li"; port = 3000; @@ -22,7 +26,7 @@ with lib; { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; maxJobs = 8; } ]; @@ -61,7 +65,7 @@ with lib; ]; }; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = ["kvm-intel"]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; @@ -91,12 +95,12 @@ with lib; hardware.pulseaudio.enable = false; - environment.systemPackages = [ pkgs.spotify pkgs.mpv ]; + environment.systemPackages = [pkgs.spotify pkgs.mpv]; users.users."media" = { isNormalUser = true; description = "Media playback user"; - extraGroups = [ "users" "video" ]; + extraGroups = ["users" "video"]; }; networking.domain = "dadada.li"; diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index c80f1f0..d26a55a 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -1,34 +1,38 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78"; + fsType = "ext4"; + }; - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168"; - fsType = "ext4"; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0494-CB52"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0494-CB52"; + fsType = "vfat"; + }; - swapDevices = [ ]; + swapDevices = []; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; } diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index d734ae8..1352303 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,8 +1,11 @@ -{ config, pkgs, lib, ... }: -let - hostName = "surgat"; -in { + config, + pkgs, + lib, + ... +}: let + hostName = "surgat"; +in { imports = [ ./hardware-configuration.nix ]; @@ -72,10 +75,12 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; - networking.interfaces."ens3".ipv6.addresses = [{ - address = "2a01:4f8:c17:1d70::"; - prefixLength = 64; - }]; + networking.interfaces."ens3".ipv6.addresses = [ + { + address = "2a01:4f8:c17:1d70::"; + prefixLength = 64; + } + ]; networking.defaultGateway6 = { address = "fe80::1"; @@ -98,7 +103,7 @@ in ]; networking.wireguard.interfaces."hydra" = { - ips = [ "10.3.3.1/24" ]; + ips = ["10.3.3.1/24"]; listenPort = 51235; privateKeyFile = "/var/lib/wireguard/hydra"; @@ -106,7 +111,7 @@ in peers = [ { publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; - allowedIPs = [ "10.3.3.3/32" ]; + allowedIPs = ["10.3.3.3/32"]; persistentKeepalive = 25; } ]; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix index c3c4c45..8363cbc 100644 --- a/nixos/surgat/hardware-configuration.nix +++ b/nixos/surgat/hardware-configuration.nix @@ -1,30 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11"; + fsType = "ext4"; + }; boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3"; - fsType = "ext2"; - }; - - swapDevices = [ ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3"; + fsType = "ext2"; + }; + swapDevices = []; } diff --git a/outputs.nix b/outputs.nix index 5a4c13e..27f4730 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,57 +1,62 @@ # Adapted from Mic92/dotfiles -{ self -, flake-utils -, homePage -, nixpkgs -, home-manager -, nix-doom-emacs -, nixos-hardware -, nvd -, scripts -, recipemd -, ... -}@inputs: -(flake-utils.lib.eachDefaultSystem (system: - let - pkgs = nixpkgs.legacyPackages.${system}; - selfPkgs = self.packages.${system}; - in - { - apps.nixos-switch = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --flake ".#$1" --use-remote-sudo - ''); - }; - apps.deploy = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - domain='dadada.li' - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo - ''); - }; - apps.hm-switch = { - type = "app"; - program = toString (pkgs.writeScript "hm-switch" '' - #!${pkgs.runtimeShell} - set -eu -o pipefail -x - tmpdir=$(mktemp -d) - export PATH=${pkgs.lib.makeBinPath [ pkgs.coreutils pkgs.nixFlakes pkgs.jq ]} - trap "rm -rf $tmpdir" EXIT - declare -A profiles=(["gorgon"]="home") - profile=''${profiles[$HOSTNAME]:-common} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" - link=$(realpath $tmpdir/result) - $link/activate - ''); - }; - devShell = pkgs.callPackage ./shell.nix { }; - })) // { +{ + self, + flake-utils, + homePage, + nixpkgs, + home-manager, + nix-doom-emacs, + nixos-hardware, + nvd, + scripts, + recipemd, + ... +} @ inputs: +(flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + selfPkgs = self.packages.${system}; + formatter = self.formatter.${system}; +in { + apps.nixos-switch = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --flake ".#$1" --use-remote-sudo + ''); + }; + apps.deploy = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + domain='dadada.li' + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo + ''); + }; + apps.hm-switch = { + type = "app"; + program = toString (pkgs.writeScript "hm-switch" '' + #!${pkgs.runtimeShell} + set -eu -o pipefail -x + tmpdir=$(mktemp -d) + export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]} + trap "rm -rf $tmpdir" EXIT + declare -A profiles=(["gorgon"]="home") + profile=''${profiles[$HOSTNAME]:-common} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" + link=$(realpath $tmpdir/result) + $link/activate + ''); + }; + devShell = pkgs.callPackage ./shell.nix {}; + formatter = nixpkgs.legacyPackages."${system}".alejandra; + checks = { + format = pkgs.runCommand "check-format" {buildInputs = [formatter];} "${formatter}/bin/alejandra -c ${./.} && touch $out"; + }; +})) +// { hmConfigurations = import ./home/configurations.nix { inherit self nixpkgs home-manager; }; @@ -63,12 +68,16 @@ }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; - hydraJobs = ( - nixpkgs.lib.mapAttrs' + hydraJobs = + ( + nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) self.nixosConfigurations - ) // (nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.activation-script) - self.hmConfigurations - ) // (let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests); + ) + // ( + nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.activation-script) + self.hmConfigurations + ) + // (let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests); } diff --git a/overlays/default.nix b/overlays/default.nix index 8507ceb..491a5a3 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,6 @@ let python3Packages = import ./python3-packages.nix; -in -{ +in { kanboard = final: prev: { kanboard = prev.kanboard.overrideAttrs (oldAttrs: { src = prev.fetchFromGitHub { diff --git a/overlays/python3-packages.nix b/overlays/python3-packages.nix index 9d3ddde..5e2371c 100644 --- a/overlays/python3-packages.nix +++ b/overlays/python3-packages.nix @@ -1,6 +1,7 @@ -self: super: -{ - python3Packages = super.python3Packages // super.recurseIntoAttrs ( - super.python3Packages.callPackage ../pkgs/python-pkgs { } - ); +self: super: { + python3Packages = + super.python3Packages + // super.recurseIntoAttrs ( + super.python3Packages.callPackage ../pkgs/python-pkgs {} + ); } diff --git a/overlays/tubslatex.nix b/overlays/tubslatex.nix index ba2a1a7..220029a 100644 --- a/overlays/tubslatex.nix +++ b/overlays/tubslatex.nix @@ -1,26 +1,28 @@ -self: super: -{ +self: super: { # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 - tubslatex = super.lib.overrideDerivation + tubslatex = + super.lib.overrideDerivation (super.texlive.combine { inherit (super.texlive) scheme-full; - tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex { }) ]; + tubslatex.pkgs = [(super.callPackage ../pkgs/tubslatex {})]; }) (oldAttrs: { - postBuild = '' - # Save the udpmap.cfg because texlive.combine removes it. - cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 - '' + oldAttrs.postBuild + '' - # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it - rm $out/share/texmf/web2c/updmap.cfg || true - cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg - rm $out/share/texmf/web2c/updmap.cfg.1 - perl `type -P mktexlsr.pl` $out/share/texmf - yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true - perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map - # Regenerate .map files. - perl `type -P updmap.pl` --sys - ''; + postBuild = + '' + # Save the udpmap.cfg because texlive.combine removes it. + cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 + '' + + oldAttrs.postBuild + + '' + # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it + rm $out/share/texmf/web2c/updmap.cfg || true + cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg + rm $out/share/texmf/web2c/updmap.cfg.1 + perl `type -P mktexlsr.pl` $out/share/texmf + yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true + perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map + # Regenerate .map files. + perl `type -P updmap.pl` --sys + ''; }); - } diff --git a/pkgs/python-pkgs/default.nix b/pkgs/python-pkgs/default.nix index b9e7043..e4c33e6 100644 --- a/pkgs/python-pkgs/default.nix +++ b/pkgs/python-pkgs/default.nix @@ -1,3 +1,2 @@ -{ callPackage }: -{ +{callPackage}: { } diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix index dd18070..c7471be 100644 --- a/pkgs/scripts.nix +++ b/pkgs/scripts.nix @@ -1,9 +1,14 @@ -{ pkgs, stdenv, lib }: - -(import +{ + pkgs, + stdenv, + lib, +}: (import (pkgs.fetchgit { url = "https://git.dadada.li/dadada/scripts.git"; sha256 = "sha256-Kdwb34XXLOl4AaiVmOZ3nlu/KdENMqvH+UwISv8Pyiw="; rev = "065ff0f0ee9e44234678f0fefbba7961ea42518c"; }) - { stdenv = stdenv; lib = lib; }) + { + stdenv = stdenv; + lib = lib; + }) diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix index 2ca8542..e7bb963 100644 --- a/pkgs/tubslatex/default.nix +++ b/pkgs/tubslatex/default.nix @@ -1,9 +1,13 @@ -{ stdenv, fetchzip, unzip }: +{ + stdenv, + fetchzip, + unzip, +}: stdenv.mkDerivation rec { src = ./tubslatex_1.3.2.tds.zip; sourceRoot = "."; - nativeBuildInputs = [ unzip ]; - buildInputs = [ unzip ]; + nativeBuildInputs = [unzip]; + buildInputs = [unzip]; installPhase = '' mkdir -p $out cp -r * $out/ diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix index 85d4c3b..f9eece2 100644 --- a/pkgs/vimPlugins/default.nix +++ b/pkgs/vimPlugins/default.nix @@ -1,6 +1,10 @@ -{ pkgs, lib, fetchFromGitHub, ... }: -with lib; { + pkgs, + lib, + fetchFromGitHub, + ... +}: +with lib; { filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "dadadaVimFiletype"; version = "0.2"; diff --git a/shell.nix b/shell.nix index 805620f..a297003 100644 --- a/shell.nix +++ b/shell.nix @@ -1,6 +1,4 @@ -{ mkShell -}: - +{mkShell}: mkShell { buildInputs = [ ]; diff --git a/tests/default.nix b/tests/default.nix index a8b9a52..15769d2 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -1,3 +1,2 @@ -system: -{ +system: { } From c43341a8b2b3e0065cddb95ad9cb70dcdd2f30b0 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 4 Aug 2022 21:13:54 +0200 Subject: [PATCH 380/988] switch to nixpkgs-fmt --- flake.nix | 2 +- home/configurations.nix | 49 ++++----- home/home/default.nix | 25 ++--- home/home/pkgs.nix | 2 +- home/modules/alacritty/default.nix | 12 +-- home/modules/colors.nix | 7 +- home/modules/default.nix | 9 +- home/modules/direnv.nix | 12 +-- home/modules/emacs/default.nix | 82 +++++++-------- home/modules/fish.nix | 14 +-- home/modules/git.nix | 14 +-- home/modules/gpg.nix | 12 +-- home/modules/gtk.nix | 12 +-- home/modules/keyring.nix | 12 +-- home/modules/kitty/default.nix | 14 +-- home/modules/mako.nix | 14 +-- home/modules/session.nix | 12 +-- home/modules/ssh.nix | 10 +- home/modules/sway/default.nix | 14 +-- home/modules/syncthing.nix | 12 +-- home/modules/termite.nix | 14 +-- home/modules/tmux.nix | 10 +- home/modules/vim/default.nix | 14 +-- home/modules/xdg.nix | 12 +-- home/modules/zsh.nix | 12 +-- home/nixpkgs-config.nix | 2 +- lib/default.nix | 2 +- nixos/agares/configuration.nix | 13 ++- nixos/agares/hardware-configuration.nix | 21 ++-- nixos/configurations.nix | 46 +++++---- nixos/gorgon/configuration.nix | 41 ++++---- nixos/gorgon/hardware-configuration.nix | 21 ++-- nixos/ifrit/configuration.nix | 47 ++++----- nixos/ifrit/hardware-configuration.nix | 21 ++-- nixos/modules/admin.nix | 80 +++++++-------- nixos/modules/backup.nix | 14 +-- nixos/modules/ddns.nix | 52 +++++----- nixos/modules/default.nix | 2 +- nixos/modules/element.nix | 15 +-- nixos/modules/fido2.nix | 12 +-- nixos/modules/fileShare.nix | 10 +- nixos/modules/gitea.nix | 15 +-- nixos/modules/headphones.nix | 14 +-- nixos/modules/homepage.nix | 36 +++---- nixos/modules/kanboard/default.nix | 19 ++-- nixos/modules/networking.nix | 22 ++-- nixos/modules/nix.nix | 20 ++-- nixos/modules/profiles/laptop.nix | 11 +- nixos/modules/profiles/server.nix | 9 +- nixos/modules/share.nix | 12 +-- nixos/modules/steam.nix | 14 +-- nixos/modules/update.nix | 12 +-- nixos/modules/vpnServer.nix | 28 +++--- nixos/modules/weechat.nix | 12 +-- nixos/modules/zsh.nix | 11 +- nixos/pruflas/configuration.nix | 21 ++-- nixos/pruflas/hardware-configuration.nix | 21 ++-- nixos/surgat/configuration.nix | 19 ++-- nixos/surgat/hardware-configuration.nix | 21 ++-- outputs.nix | 123 ++++++++++++----------- overlays/default.nix | 3 +- overlays/python3-packages.nix | 2 +- overlays/tubslatex.nix | 46 ++++----- pkgs/python-pkgs/default.nix | 3 +- pkgs/scripts.nix | 8 +- pkgs/tubslatex/default.nix | 12 +-- pkgs/vimPlugins/default.nix | 9 +- shell.nix | 2 +- tests/default.nix | 3 +- 69 files changed, 664 insertions(+), 665 deletions(-) diff --git a/flake.nix b/flake.nix index 13660f9..ed6374c 100644 --- a/flake.nix +++ b/flake.nix @@ -30,5 +30,5 @@ }; }; - outputs = {...} @ args: import ./outputs.nix args; + outputs = { ... } @ args: import ./outputs.nix args; } diff --git a/home/configurations.nix b/home/configurations.nix index 0593981..60588da 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,29 +1,32 @@ -{ - self, - nixpkgs, - home-manager, -} @ inputs: let - hmConfiguration = { - homeDirectory ? "/home/dadada", - extraModules ? [], - system ? "x86_64-linux", - username ? "dadada", - stateVersion, - }: (home-manager.lib.homeManagerConfiguration { - configuration = {...}: { - imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; - nixpkgs = { - config = import ./nixpkgs-config.nix { - pkgs = nixpkgs; +{ self +, nixpkgs +, home-manager +, +} @ inputs: +let + hmConfiguration = + { homeDirectory ? "/home/dadada" + , extraModules ? [ ] + , system ? "x86_64-linux" + , username ? "dadada" + , stateVersion + , + }: (home-manager.lib.homeManagerConfiguration { + configuration = { ... }: { + imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; + nixpkgs = { + config = import ./nixpkgs-config.nix { + pkgs = nixpkgs; + }; }; + manual.manpages.enable = false; }; - manual.manpages.enable = false; - }; - inherit system homeDirectory username stateVersion; - }); -in { + inherit system homeDirectory username stateVersion; + }); +in +{ home = hmConfiguration { - extraModules = [./home]; + extraModules = [ ./home ]; stateVersion = "20.09"; }; } diff --git a/home/home/default.nix b/home/home/default.nix index afcee54..44f5ca5 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -1,9 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let useFeatures = [ "alacritty" #"emacs" @@ -18,7 +18,8 @@ "xdg" "zsh" ]; -in { +in +{ programs.git = { signing = { key = "D68C84695C087E0F733A28D0EEB8D1CE62C4DFEA"; @@ -31,7 +32,7 @@ in { programs.gpg.settings.default-key = "99658A3EB5CD7C13"; dadada.home = - lib.attrsets.genAttrs useFeatures (useFeatures: {enable = true;}) + lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { session = { enable = true; @@ -49,8 +50,8 @@ in { systemd.user.services."languagetool-http-server" = { Unit = { Description = "Languagetool HTTP server"; - PartOf = ["graphical-session-pre.target"]; - After = ["graphical-session.target"]; + PartOf = [ "graphical-session-pre.target" ]; + After = [ "graphical-session.target" ]; }; Service = { @@ -59,11 +60,11 @@ in { Restart = "always"; }; - Install = {WantedBy = ["graphical-session.target"];}; + Install = { WantedBy = [ "graphical-session.target" ]; }; }; # Let Home Manager install and manage itself. programs.home-manager.enable = true; - home.packages = import ./pkgs.nix {pkgs = pkgs;}; + home.packages = import ./pkgs.nix { pkgs = pkgs; }; } diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 9ec1fb5..b6b78c3 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -1,4 +1,4 @@ -{pkgs}: +{ pkgs }: with pkgs; [ anki aqbanking diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 2faace4..2eacc99 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -1,12 +1,12 @@ -{ - pkgs, - lib, - config, - ... +{ pkgs +, lib +, config +, ... }: with lib; let cfg = config.dadada.home.alacritty; -in { +in +{ options.dadada.home.alacritty = { enable = mkEnableOption "Enable alacritty config"; }; diff --git a/home/modules/colors.nix b/home/modules/colors.nix index 5a2f594..5c197a1 100644 --- a/home/modules/colors.nix +++ b/home/modules/colors.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options.dadada.home.colors = mkOption { diff --git a/home/modules/default.nix b/home/modules/default.nix index 4d4eff8..5e29743 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -1,12 +1,11 @@ -{ - self, - nix-doom-emacs, - ... +{ self +, nix-doom-emacs +, ... } @ inputs: { alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - emacs = import ./emacs {inherit nix-doom-emacs;}; + emacs = import ./emacs { inherit nix-doom-emacs; }; fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index acc00ea..cf36bf1 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.home.direnv; -in { +in +{ options.dadada.home.direnv = { enable = mkEnableOption "Enable direnv config"; }; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix index 9d13d78..ded8f05 100644 --- a/home/modules/emacs/default.nix +++ b/home/modules/emacs/default.nix @@ -1,13 +1,13 @@ -{nix-doom-emacs, ...}: { - config, - pkgs, - lib, - ... -}: +{ nix-doom-emacs, ... }: { config + , pkgs + , lib + , ... + }: with lib; let cfg = config.dadada.home.emacs; -in { - imports = [nix-doom-emacs.hmModule]; +in +{ + imports = [ nix-doom-emacs.hmModule ]; options.dadada.home.emacs = { enable = mkEnableOption "Enable dadada emacs config"; }; @@ -17,40 +17,42 @@ in { doomPrivateDir = ./doom.d; emacsPackagesOverlay = self: super: with pkgs; { - tsc = super.tsc.overrideAttrs (old: let - libtsc_dyn = rustPlatform.buildRustPackage rec { - pname = "emacs-tree-sitter"; - version = "0.15.1"; - src = fetchFromGitHub { - owner = "ubolonton"; - repo = "emacs-tree-sitter"; - rev = version; - sha256 = "sha256-WgkGtmw63+kRLTRiSEO4bFF2IguH5g4odCujyazkwJc="; + tsc = super.tsc.overrideAttrs (old: + let + libtsc_dyn = rustPlatform.buildRustPackage rec { + pname = "emacs-tree-sitter"; + version = "0.15.1"; + src = fetchFromGitHub { + owner = "ubolonton"; + repo = "emacs-tree-sitter"; + rev = version; + sha256 = "sha256-WgkGtmw63+kRLTRiSEO4bFF2IguH5g4odCujyazkwJc="; + }; + preBuild = '' + export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ + $(< ${stdenv.cc}/nix-support/libc-cflags) \ + $(< ${stdenv.cc}/nix-support/cc-cflags) \ + $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ + ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ + ${lib.optionalString stdenv.cc.isGNU + "-isystem ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include/"} \ + ${lib.optionalString stdenv.cc.isGNU + "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ + $NIX_CFLAGS_COMPILE" + ''; + LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; + cargoHash = "sha256-HB5tFR1slY2D6jb2mt4KrGrGBUUVrxiBjmVycO+qfYY="; }; + in + { + inherit (libtsc_dyn) src; preBuild = '' - export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ - $(< ${stdenv.cc}/nix-support/libc-cflags) \ - $(< ${stdenv.cc}/nix-support/cc-cflags) \ - $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ - ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ - ${lib.optionalString stdenv.cc.isGNU - "-isystem ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include/"} \ - ${lib.optionalString stdenv.cc.isGNU - "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ - $NIX_CFLAGS_COMPILE" + ext=${stdenv.hostPlatform.extensions.sharedLibrary} + dest=$out/share/emacs/site-lisp/elpa/tsc-${old.version} + install -D ${libtsc_dyn}/lib/libtsc_dyn$ext $dest/tsc-dyn$ext + echo -n "0.15.1" > $dest/DYN-VERSION ''; - LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; - cargoHash = "sha256-HB5tFR1slY2D6jb2mt4KrGrGBUUVrxiBjmVycO+qfYY="; - }; - in { - inherit (libtsc_dyn) src; - preBuild = '' - ext=${stdenv.hostPlatform.extensions.sharedLibrary} - dest=$out/share/emacs/site-lisp/elpa/tsc-${old.version} - install -D ${libtsc_dyn}/lib/libtsc_dyn$ext $dest/tsc-dyn$ext - echo -n "0.15.1" > $dest/DYN-VERSION - ''; - }); + }); tree-sitter-langs = super.tree-sitter-langs.overrideAttrs (old: { postInstall = '' dest=$out/share/emacs/site-lisp/elpa/tree-sitter-langs-${old.version} @@ -61,7 +63,7 @@ in { }); }; }; - home.file.".tree-sitter".source = pkgs.runCommand "grammars" {} '' + home.file.".tree-sitter".source = pkgs.runCommand "grammars" { } '' mkdir -p $out/bin echo -n "0.10.2" > $out/BUNDLE-VERSION ${lib.concatStringsSep "\n" diff --git a/home/modules/fish.nix b/home/modules/fish.nix index dcbc5fc..e10f6b2 100644 --- a/home/modules/fish.nix +++ b/home/modules/fish.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.home.fish; -in { +in +{ options.dadada.home.fish = { enable = mkEnableOption "Enable fish config"; }; @@ -80,6 +80,6 @@ in { }; }; - home.packages = [pkgs.exa]; + home.packages = [ pkgs.exa ]; }; } diff --git a/home/modules/git.nix b/home/modules/git.nix index 1df4884..c85cdd2 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,12 +1,12 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; let cfg = config.dadada.home.git; -in { +in +{ options.dadada.home.git = { enable = mkEnableOption "Enable git config"; }; @@ -19,7 +19,7 @@ in { tab-in-indent = true; tabwidth = 4; }; - alias = {}; + alias = { }; pager = "delta"; }; column.ui = "never"; diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index cfe7acb..e8c159a 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -1,11 +1,11 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.dadada.home.gpg; -in { +in +{ options.dadada.home.gpg = { enable = mkEnableOption "Enable GnuPG config"; }; @@ -31,7 +31,7 @@ in { }; programs.git.extraConfig = { - commit = {gpgSign = true;}; + commit = { gpgSign = true; }; }; }; } diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index 5128202..dc91693 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -1,12 +1,12 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; let cfg = config.dadada.home.gtk; -in { +in +{ options.dadada.home.gtk = { enable = mkEnableOption "Enable GTK config"; }; diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index ff00bd7..382ca32 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -1,18 +1,18 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.dadada.home.keyring; -in { +in +{ options.dadada.home.keyring = { enable = mkEnableOption "Enable keyring config"; }; config = mkIf cfg.enable { services.gnome-keyring = { enable = false; - components = ["pkcs11" "secrets"]; + components = [ "pkcs11" "secrets" ]; }; }; } diff --git a/home/modules/kitty/default.nix b/home/modules/kitty/default.nix index b90a61f..982d938 100644 --- a/home/modules/kitty/default.nix +++ b/home/modules/kitty/default.nix @@ -1,12 +1,12 @@ -{ - pkgs, - lib, - config, - ... +{ pkgs +, lib +, config +, ... }: with lib; let cfg = config.dadada.home.kitty; -in { +in +{ options.dadada.home.kitty = { enable = mkEnableOption "Enable kitty config"; }; @@ -15,6 +15,6 @@ in { enable = true; extraConfig = builtins.readFile ./config; }; - home.packages = [pkgs.source-code-pro]; + home.packages = [ pkgs.source-code-pro ]; }; } diff --git a/home/modules/mako.nix b/home/modules/mako.nix index 77d99f7..7fd49b6 100644 --- a/home/modules/mako.nix +++ b/home/modules/mako.nix @@ -1,13 +1,13 @@ -{ - config, - lib, - pkgs, - colors, - ... +{ config +, lib +, pkgs +, colors +, ... }: with lib; let cfg = config.dadada.home.mako; -in { +in +{ options.dadada.home.mako = { enable = mkEnableOption "Enable mako config"; }; diff --git a/home/modules/session.nix b/home/modules/session.nix index 61236eb..4da85a8 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -1,17 +1,17 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.dadada.home.session; -in { +in +{ options.dadada.home.session = { enable = mkEnableOption "Enable session variable management"; sessionVars = mkOption { description = "Session variables"; type = types.attrs; - default = {}; + default = { }; example = '' EDITOR = "vim"; PAGER = "less"; diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index ee4d227..96f4ed3 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -1,11 +1,11 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.dadada.home.ssh; -in { +in +{ options.dadada.home.ssh = { enable = mkEnableOption "Enable SSH config"; }; diff --git a/home/modules/sway/default.nix b/home/modules/sway/default.nix index e28cc33..0f99485 100644 --- a/home/modules/sway/default.nix +++ b/home/modules/sway/default.nix @@ -1,13 +1,13 @@ -{ - config, - pkgs, - lib, - colors, - ... +{ config +, pkgs +, lib +, colors +, ... }: with lib; let cfg = config.dadada.home.sway; -in { +in +{ options.dadada.home.sway = { enable = mkEnableOption "Enable Sway config"; }; diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix index b8ac74b..fd566b4 100644 --- a/home/modules/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.home.syncthing; -in { +in +{ options.dadada.home.syncthing = { enable = mkEnableOption "Enable Syncthing config"; }; diff --git a/home/modules/termite.nix b/home/modules/termite.nix index a3c43db..77bb1e6 100644 --- a/home/modules/termite.nix +++ b/home/modules/termite.nix @@ -1,13 +1,13 @@ -{ - config, - lib, - pkgs, - colors ? ../../lib/colors.nix, - ... +{ config +, lib +, pkgs +, colors ? ../../lib/colors.nix +, ... }: with lib; let cfg = config.dadada.home.termite; -in { +in +{ options.dadada.home.termite = { enable = mkEnableOption "Enable termite config"; }; diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index cc68bbe..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -1,11 +1,11 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.dadada.home.tmux; -in { +in +{ options.dadada.home.tmux = { enable = mkEnableOption "Enable tmux config"; }; diff --git a/home/modules/vim/default.nix b/home/modules/vim/default.nix index efc74ab..fa7e60f 100644 --- a/home/modules/vim/default.nix +++ b/home/modules/vim/default.nix @@ -1,13 +1,13 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.home.vim; - vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {}; -in { + vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins { }; +in +{ options.dadada.home.vim = { enable = mkEnableOption "Enable VIM config"; }; diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index 85feff5..a034c87 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let apps = { @@ -23,7 +22,8 @@ with lib; let "application/pdf" = "org.pwmt.zathura.desktop"; }; cfg = config.dadada.home.xdg; -in { +in +{ options.dadada.home.xdg = { enable = mkEnableOption "Enable XDG config"; }; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index c192094..59453c2 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.home.zsh; -in { +in +{ options.dadada.home.zsh = { enable = mkEnableOption "Enable ZSH config"; }; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 8939fc5..83fcdbc 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,4 +1,4 @@ -{pkgs}: { +{ pkgs }: { allowUnfree = true; allowUnfreePredicate = pkg: true; allowBroken = false; diff --git a/lib/default.nix b/lib/default.nix index 7b055cd..0260022 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,4 @@ -{pkgs}: +{ pkgs }: with pkgs.lib; { # TODO } diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 9c31239..7832a55 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { imports = [ ./hardware-configuration.nix @@ -48,10 +47,10 @@ networking.bridges = { "br-lan" = { - interfaces = ["lan"]; + interfaces = [ "lan" ]; }; "br-backup" = { - interfaces = ["backup"]; + interfaces = [ "backup" ]; }; }; diff --git a/nixos/agares/hardware-configuration.nix b/nixos/agares/hardware-configuration.nix index d15b480..fdd49d2 100644 --- a/nixos/agares/hardware-configuration.nix +++ b/nixos/agares/hardware-configuration.nix @@ -1,28 +1,27 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... +{ config +, lib +, pkgs +, modulesPath +, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; - boot.initrd.kernelModules = []; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "btrfs"; - options = ["subvol=root"]; + options = [ "subvol=root" ]; }; - swapDevices = []; + swapDevices = [ ]; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config diff --git a/nixos/configurations.nix b/nixos/configurations.nix index dadf1f9..f7be74d 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,31 +1,33 @@ -{ - self, - admins, - nixpkgs, - nixosSystem, - home-manager, - homePage, - nixos-hardware, - nvd, - scripts, - recipemd, -}: let +{ self +, admins +, nixpkgs +, nixosSystem +, home-manager +, homePage +, nixos-hardware +, nvd +, scripts +, recipemd +, +}: +let adapterModule = system: { nixpkgs.config.allowUnfreePredicate = pkg: true; nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [ - (final: prev: {homePage = homePage.defaultPackage.${system};}) - (final: prev: {s = scripts;}) - (final: prev: {n = nvd;}) - (final: prev: {recipemd = recipemd.defaultPackage.${system};}) + (final: prev: { homePage = homePage.defaultPackage.${system}; }) + (final: prev: { s = scripts; }) + (final: prev: { n = nvd; }) + (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) ]; }; lib = nixpkgs.lib; adminConfig = users: { dadada.admin.users = lib.getAttrs users admins; }; -in { +in +{ gorgon = nixosSystem rec { system = "x86_64-linux"; modules = @@ -40,7 +42,7 @@ in { home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - {manual.manpages.enable = false;} + { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home/home; } @@ -53,7 +55,7 @@ in { modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig ["dadada"]) + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/server.nix ./ifrit/configuration.nix @@ -65,7 +67,7 @@ in { modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig ["dadada"]) + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/server.nix ./surgat/configuration.nix @@ -76,7 +78,7 @@ in { modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig ["dadada"]) + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/laptop.nix ./pruflas/configuration.nix @@ -88,7 +90,7 @@ in { modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig ["dadada"]) + (adminConfig [ "dadada" ]) (adapterModule system) ./modules/profiles/server.nix ./agares/configuration.nix diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 00bba50..6a164ba 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,20 +1,21 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let signHook = pkgs.writeShellScript "/etc/nix/sign-cache.sh" - '' - set -eu - set -f # disable globbing - export IFS=' ' + '' + set -eu + set -f # disable globbing + export IFS=' ' - echo "Signing paths" $OUT_PATHS - nix store sign --key-file /etc/nix/key.private $OUT_PATHS - ''; -in { + echo "Signing paths" $OUT_PATHS + nix store sign --key-file /etc/nix/key.private $OUT_PATHS + ''; +in +{ imports = [ ./hardware-configuration.nix ]; @@ -26,7 +27,7 @@ in { keep-derivations = true ''; - boot.kernelModules = ["kvm-amd"]; + boot.kernelModules = [ "kvm-amd" ]; networking.hostName = "gorgon"; @@ -103,23 +104,23 @@ in { users.users = { dadada = { isNormalUser = true; - extraGroups = ["wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker"]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; shell = "/run/current-system/sw/bin/zsh"; }; }; networking.hosts = { - "10.1.2.9" = ["fgprinter.fginfo.tu-bs.de"]; - "127.0.0.2" = ["kanboard.dadada.li"]; + "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; + "127.0.0.2" = [ "kanboard.dadada.li" ]; }; networking.wireguard.interfaces.uwupn = { - ips = ["10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128"]; + ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; privateKeyFile = "/var/lib/wireguard/uwu"; peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = ["10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23"]; + allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; endpoint = "53c70r.de:51820"; persistentKeepalive = 25; } diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index 25a7265..4155fae 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -1,21 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... +{ config +, lib +, pkgs +, modulesPath +, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = ["dm-snapshot"]; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7"; @@ -38,7 +37,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db";} + { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; } ]; nix.settings.max-jobs = lib.mkDefault 16; diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 5001b9a..0a71801 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -1,16 +1,17 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let hostAliases = [ "ifrit.dadada.li" "media.dadada.li" "backup0.dadada.li" ]; backups = "/mnt/storage/backup"; -in { +in +{ imports = [ ./hardware-configuration.nix ]; @@ -26,50 +27,50 @@ in { services.borgbackup.repos = { "metis" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/wohnzimmerpi"; quota = "50G"; }; "fginfo" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/fginfo"; quota = "10G"; }; "fginfo-git" = { allowSubRepos = false; - authorizedKeysAppendOnly = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git"]; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"]; + authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; path = "${backups}/fginfo-git"; quota = "10G"; }; @@ -101,7 +102,7 @@ in { device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; mountPoint = "/mnt/storage"; neededForBoot = false; - options = ["nofail"]; + options = [ "nofail" ]; }; networking.firewall = { @@ -116,7 +117,7 @@ in { isNormalUser = true; }; - environment.systemPackages = [pkgs.curl]; + environment.systemPackages = [ pkgs.curl ]; system.stateVersion = "20.03"; } diff --git a/nixos/ifrit/hardware-configuration.nix b/nixos/ifrit/hardware-configuration.nix index 07e3b3f..125e24d 100644 --- a/nixos/ifrit/hardware-configuration.nix +++ b/nixos/ifrit/hardware-configuration.nix @@ -1,21 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... +{ config +, lib +, pkgs +, modulesPath +, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485"; @@ -23,7 +22,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6";} + { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; } ]; nix.settings.max-jobs = lib.mkDefault 2; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 90123e7..7dd5eb0 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -1,12 +1,11 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.admin; - extraGroups = ["wheel" "libvirtd"]; + extraGroups = [ "wheel" "libvirtd" ]; shells = { "bash" = pkgs.bashInteractive; @@ -16,40 +15,41 @@ with lib; let shellNames = builtins.attrNames shells; - adminOpts = { - name, - config, - ... - }: { - options = { - keys = mkOption { - type = types.listOf types.str; - default = []; - apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; - description = '' - The keys that should be able to access the account. - ''; - }; - shell = mkOption { - type = types.nullOr types.str; - apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; - default = "zsh"; - defaultText = literalExpression "zsh"; - example = literalExpression "bash"; - description = '' - One of ${builtins.toString shellNames} - ''; + adminOpts = + { name + , config + , ... + }: { + options = { + keys = mkOption { + type = types.listOf types.str; + default = [ ]; + apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; + description = '' + The keys that should be able to access the account. + ''; + }; + shell = mkOption { + type = types.nullOr types.str; + apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; + default = "zsh"; + defaultText = literalExpression "zsh"; + example = literalExpression "bash"; + description = '' + One of ${builtins.toString shellNames} + ''; + }; }; }; - }; -in { +in +{ options = { dadada.admin = { enable = mkEnableOption "Enable admin access"; users = mkOption { type = with types; attrsOf (submodule adminOpts); - default = {}; + default = { }; description = '' Admin users with root access machine. ''; @@ -76,13 +76,13 @@ in { users.users = mapAttrs - (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; - isNormalUser = true; - openssh.authorizedKeys.keys = keys.keys; - }) - cfg.users; + (user: keys: { + shell = shells."${keys.shell}"; + extraGroups = extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + }) + cfg.users; nix.trustedUsers = builtins.attrNames cfg.users; @@ -96,7 +96,7 @@ in { services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [{port = 22;}]; + map = [{ port = 22; }]; }; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 8bfe8bb..8887057 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let backupExcludes = [ @@ -24,7 +23,8 @@ with lib; let "/var/tmp" ]; cfg = config.dadada.backupClient; -in { +in +{ options = { dadada.backupClient = { gs = { @@ -62,7 +62,7 @@ in { "/backup" = { device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; fsType = "ext4"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; }; }; diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index b27dd97..47ecbae 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -1,41 +1,41 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.ddns; ddnsConfig = hostNames: { systemd.timers = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}" - { - wantedBy = ["timers.target"]; - partOf = ["ddns-${hostname}.service"]; - timerConfig.OnCalendar = "hourly"; - })); + { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${hostname}.service" ]; + timerConfig.OnCalendar = "hourly"; + })); systemd.services = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}" - { - serviceConfig.Type = "oneshot"; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } + { + serviceConfig.Type = "oneshot"; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } - IFS=':' - read -r user password < /var/lib/ddns/credentials - unset IFS + IFS=':' + read -r user password < /var/lib/ddns/credentials + unset IFS - curl_url=$(url "$user" "$password" ${hostname}) + curl_url=$(url "$user" "$password" ${hostname}) - ${pkgs.curl}/bin/curl -4 "$curl_url" - ${pkgs.curl}/bin/curl -6 "$curl_url" - ''; - })); + ${pkgs.curl}/bin/curl -4 "$curl_url" + ${pkgs.curl}/bin/curl -6 "$curl_url" + ''; + })); }; -in { +in +{ options = { dadada.ddns.domains = mkOption { type = types.listOf types.str; @@ -45,7 +45,7 @@ in { example = '' [ "example.com" ] ''; - default = []; + default = [ ]; }; }; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 72bff58..814e40e 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,4 @@ -{...} @ inputs: { +{ ... } @ inputs: { admin = import ./admin.nix; backup = import ./backup.nix; ddns = import ./ddns.nix; diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix index 052b0b4..2a45da1 100644 --- a/nixos/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,11 +1,12 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let cfg = config.dadada.element; -in { +in +{ options.dadada.element = { enable = lib.mkEnableOption "Enable element webapp"; }; diff --git a/nixos/modules/fido2.nix b/nixos/modules/fido2.nix index 7ec354d..8405798 100644 --- a/nixos/modules/fido2.nix +++ b/nixos/modules/fido2.nix @@ -1,13 +1,13 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let luks = config.dadada.luks; fido2 = config.dadada.fido2; -in { +in +{ options = { dadada.luks = { uuid = mkOption { diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix index 7cd7849..5b6a0f2 100644 --- a/nixos/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,14 +1,14 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; -in { +in +{ options.dadada.fileShare = { enable = mkEnableOption "Enable file share server"; }; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index ef40b83..8ab8b11 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -1,12 +1,13 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let redisSocket = "127.0.0.1:6379"; cfg = config.dadada.gitea; -in { +in +{ options.dadada.gitea = { enable = lib.mkEnableOption "Enable gitea"; }; diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix index 105e67b..585a5dd 100644 --- a/nixos/modules/headphones.nix +++ b/nixos/modules/headphones.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.headphones; -in { +in +{ options = { dadada.headphones = { enable = mkEnableOption "Enable bluetooth headphones with more audio codecs."; @@ -17,7 +17,7 @@ in { bluetooth.enable = true; pulseaudio = { enable = true; - extraModules = [pkgs.pulseaudio-modules-bt]; + extraModules = [ pkgs.pulseaudio-modules-bt ]; extraConfig = '' set-source-volume 1 10000 ''; diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index cd68876..ea0f8f9 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,22 +1,22 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let cfg = config.dadada.homePage; in - with lib; { - options.dadada.homePage = { - enable = mkEnableOption "Enable home page"; - }; - config = mkIf cfg.enable { - services.nginx.enable = true; +with lib; { + options.dadada.homePage = { + enable = mkEnableOption "Enable home page"; + }; + config = mkIf cfg.enable { + services.nginx.enable = true; - services.nginx.virtualHosts."dadada.li" = { - enableACME = true; - forceSSL = true; - root = "${pkgs.homePage}"; - }; + services.nginx.virtualHosts."dadada.li" = { + enableACME = true; + forceSSL = true; + root = "${pkgs.homePage}"; }; - } + }; +} diff --git a/nixos/modules/kanboard/default.nix b/nixos/modules/kanboard/default.nix index f9063d2..e972977 100644 --- a/nixos/modules/kanboard/default.nix +++ b/nixos/modules/kanboard/default.nix @@ -1,12 +1,13 @@ # Source https://github.com/NixOS/nixpkgs/issues/113384 -{ - config, - lib, - pkgs, - ... -}: let +{ config +, lib +, pkgs +, ... +}: +let cfg = config.dadada.kanboard; -in { +in +{ options = { dadada.kanboard.enable = lib.mkEnableOption "Enable Kanboard"; }; @@ -23,7 +24,7 @@ in { }; users.users.kanboard.isSystemUser = true; users.users.kanboard.group = "kanboard"; - users.groups.kanboard.members = ["kanboard"]; + users.groups.kanboard.members = [ "kanboard" ]; systemd.tmpfiles.rules = [ "d /var/lib/kanboard/data 0750 kanboard nginx - -" @@ -35,7 +36,7 @@ in { root = pkgs.buildEnv { name = "kanboard-configured"; paths = [ - (pkgs.runCommand "kanboard-over" {meta.priority = 0;} '' + (pkgs.runCommand "kanboard-over" { meta.priority = 0; } '' mkdir -p $out for f in index.php jsonrpc.php ; do echo " $out/$f diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 5cf00bd..734f964 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -1,13 +1,13 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.networking; vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; -in { +in +{ options = { dadada.networking = { localResolver = { @@ -18,7 +18,7 @@ in { wanInterfaces = mkOption { type = with types; listOf str; description = "WAN network interfaces"; - default = []; + default = [ ]; }; vpnExtension = mkOption { type = with types; nullOr str; @@ -122,7 +122,7 @@ in { networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { dadada = { - ips = ["fd42:9c3b:f96d:201::${cfg.vpnExtension}/64"]; + ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; @@ -130,7 +130,7 @@ in { peers = [ { publicKey = vpnPubKey; - allowedIPs = ["fd42:9c3b:f96d::/48"]; + allowedIPs = [ "fd42:9c3b:f96d::/48" ]; endpoint = "vpn.dadada.li:51234"; persistentKeepalive = 25; } @@ -140,8 +140,8 @@ in { # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { - wantedBy = ["timers.target"]; - partOf = ["wg-reresolve-dns.service"]; + wantedBy = [ "timers.target" ]; + partOf = [ "wg-reresolve-dns.service" ]; timerConfig.OnCalendar = "hourly"; }; systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index e674a4a..2b2b655 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -1,14 +1,12 @@ -{ - self, - home-manager, - nixpkgs, - ... -}: { - config, - pkgs, - lib, - ... -}: +{ self +, home-manager +, nixpkgs +, ... +}: { config + , pkgs + , lib + , ... + }: # Global settings for nix daemon { nix.nixPath = [ diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index eae911a..f734585 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; { networking.domain = mkDefault "dadada.li"; @@ -29,7 +28,7 @@ with lib; { vteIntegration = true; syntaxHighlighting = { enable = true; - highlighters = ["main" "brackets" "pattern" "root" "line"]; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; }; }; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index ce55e42..487000a 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; { networking.domain = mkDefault "dadada.li"; diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix index 914ff14..a4e5f9c 100644 --- a/nixos/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.share; -in { +in +{ options.dadada.share = { enable = mkEnableOption "Enable file share"; }; diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index 8c83444..82944eb 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.steam; -in { +in +{ options = { dadada.steam = { enable = mkEnableOption "Enable Steam config"; @@ -18,7 +18,7 @@ in { hardware.opengl = { enable = true; driSupport32Bit = true; - extraPackages32 = with pkgs.pkgsi686Linux; [libva]; + extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; }; hardware.pulseaudio.support32Bit = true; diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix index 023bfbc..aff0885 100644 --- a/nixos/modules/update.nix +++ b/nixos/modules/update.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.autoUpgrade; -in { +in +{ options.dadada.autoUpgrade = { enable = mkEnableOption "Enable automatic upgrades"; }; diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index ef0d3ad..6c0513f 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,12 +1,11 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.vpnServer; - wgPeer = {name, ...}: { + wgPeer = { name, ... }: { options = { name = mkOption { internal = true; @@ -24,13 +23,14 @@ with lib; let }; }; }; -in { +in +{ options.dadada.vpnServer = { enable = mkEnableOption "Enable wireguard gateway"; peers = mkOption { description = "Set of extensions and public keys of peers"; type = with types; attrsOf (submodule wgPeer); - default = {}; + default = { }; }; }; config = mkIf cfg.enable { @@ -39,15 +39,15 @@ in { interfaces."wg0" = { allowedIPsAsRoutes = true; privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = ["fd42:9c3b:f96d:0201::0/64"]; + ips = [ "fd42:9c3b:f96d:0201::0/64" ]; listenPort = 51234; peers = map - (peer: { - allowedIPs = ["fd42:9c3b:f96d:0201::${peer.id}/128"]; - publicKey = peer.key; - }) - (attrValues cfg.peers); + (peer: { + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; + publicKey = peer.key; + }) + (attrValues cfg.peers); postSetup = '' wg set wg0 fwmark 51234 ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index a5667ef..340f64c 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,12 +1,12 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; let cfg = config.dadada.weechat; -in { +in +{ options.dadada.weechat = { enable = mkEnableOption "Enable weechat relay"; }; diff --git a/nixos/modules/zsh.nix b/nixos/modules/zsh.nix index 585aa0d..90e32bb 100644 --- a/nixos/modules/zsh.nix +++ b/nixos/modules/zsh.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { programs.zsh = { enable = true; @@ -12,7 +11,7 @@ vteIntegration = true; syntaxHighlighting = { enable = true; - highlighters = ["main" "brackets" "pattern" "root" "line"]; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; }; }; } diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index b7d3b54..f0f3208 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,11 +1,10 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: with lib; { - imports = [./hardware-configuration.nix]; + imports = [ ./hardware-configuration.nix ]; networking.hostName = "pruflas"; @@ -16,7 +15,7 @@ with lib; { package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; - buildMachinesFiles = []; + buildMachinesFiles = [ ]; useSubstitutes = true; listenHost = "hydra.dadada.li"; port = 3000; @@ -26,7 +25,7 @@ with lib; { { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"]; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 8; } ]; @@ -65,7 +64,7 @@ with lib; { ]; }; - boot.kernelModules = ["kvm-intel"]; + boot.kernelModules = [ "kvm-intel" ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; @@ -95,12 +94,12 @@ with lib; { hardware.pulseaudio.enable = false; - environment.systemPackages = [pkgs.spotify pkgs.mpv]; + environment.systemPackages = [ pkgs.spotify pkgs.mpv ]; users.users."media" = { isNormalUser = true; description = "Media playback user"; - extraGroups = ["users" "video"]; + extraGroups = [ "users" "video" ]; }; networking.domain = "dadada.li"; diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index d26a55a..ddb2116 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -1,21 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... +{ config +, lib +, pkgs +, modulesPath +, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78"; @@ -32,7 +31,7 @@ fsType = "vfat"; }; - swapDevices = []; + swapDevices = [ ]; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; } diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 1352303..f7710e6 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,11 +1,12 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let hostName = "surgat"; -in { +in +{ imports = [ ./hardware-configuration.nix ]; @@ -103,7 +104,7 @@ in { ]; networking.wireguard.interfaces."hydra" = { - ips = ["10.3.3.1/24"]; + ips = [ "10.3.3.1/24" ]; listenPort = 51235; privateKeyFile = "/var/lib/wireguard/hydra"; @@ -111,7 +112,7 @@ in { peers = [ { publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; - allowedIPs = ["10.3.3.3/32"]; + allowedIPs = [ "10.3.3.3/32" ]; persistentKeepalive = 25; } ]; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix index 8363cbc..71b7257 100644 --- a/nixos/surgat/hardware-configuration.nix +++ b/nixos/surgat/hardware-configuration.nix @@ -1,21 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... +{ config +, lib +, pkgs +, modulesPath +, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11"; @@ -29,5 +28,5 @@ fsType = "ext2"; }; - swapDevices = []; + swapDevices = [ ]; } diff --git a/outputs.nix b/outputs.nix index 27f4730..abd57e1 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,62 +1,63 @@ # Adapted from Mic92/dotfiles -{ - self, - flake-utils, - homePage, - nixpkgs, - home-manager, - nix-doom-emacs, - nixos-hardware, - nvd, - scripts, - recipemd, - ... +{ self +, flake-utils +, homePage +, nixpkgs +, home-manager +, nix-doom-emacs +, nixos-hardware +, nvd +, scripts +, recipemd +, ... } @ inputs: -(flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; - selfPkgs = self.packages.${system}; - formatter = self.formatter.${system}; -in { - apps.nixos-switch = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --flake ".#$1" --use-remote-sudo - ''); - }; - apps.deploy = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - domain='dadada.li' - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo - ''); - }; - apps.hm-switch = { - type = "app"; - program = toString (pkgs.writeScript "hm-switch" '' - #!${pkgs.runtimeShell} - set -eu -o pipefail -x - tmpdir=$(mktemp -d) - export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]} - trap "rm -rf $tmpdir" EXIT - declare -A profiles=(["gorgon"]="home") - profile=''${profiles[$HOSTNAME]:-common} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" - link=$(realpath $tmpdir/result) - $link/activate - ''); - }; - devShell = pkgs.callPackage ./shell.nix {}; - formatter = nixpkgs.legacyPackages."${system}".alejandra; - checks = { - format = pkgs.runCommand "check-format" {buildInputs = [formatter];} "${formatter}/bin/alejandra -c ${./.} && touch $out"; - }; -})) -// { +(flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + selfPkgs = self.packages.${system}; + formatter = self.formatter.${system}; + in + { + apps.nixos-switch = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --flake ".#$1" --use-remote-sudo + ''); + }; + apps.deploy = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + domain='dadada.li' + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo + ''); + }; + apps.hm-switch = { + type = "app"; + program = toString (pkgs.writeScript "hm-switch" '' + #!${pkgs.runtimeShell} + set -eu -o pipefail -x + tmpdir=$(mktemp -d) + export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]} + trap "rm -rf $tmpdir" EXIT + declare -A profiles=(["gorgon"]="home") + profile=''${profiles[$HOSTNAME]:-common} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" + link=$(realpath $tmpdir/result) + $link/activate + ''); + }; + devShell = pkgs.callPackage ./shell.nix { }; + formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; + checks = { + format = pkgs.runCommand "check-format" { buildInputs = [ formatter ]; } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; + }; + })) + // { hmConfigurations = import ./home/configurations.nix { inherit self nixpkgs home-manager; }; @@ -71,13 +72,13 @@ in { hydraJobs = ( nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) - self.nixosConfigurations + (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) + self.nixosConfigurations ) // ( nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.activation-script) - self.hmConfigurations + (name: config: nixpkgs.lib.nameValuePair name config.activation-script) + self.hmConfigurations ) // (let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests); } diff --git a/overlays/default.nix b/overlays/default.nix index 491a5a3..8507ceb 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,6 +1,7 @@ let python3Packages = import ./python3-packages.nix; -in { +in +{ kanboard = final: prev: { kanboard = prev.kanboard.overrideAttrs (oldAttrs: { src = prev.fetchFromGitHub { diff --git a/overlays/python3-packages.nix b/overlays/python3-packages.nix index 5e2371c..6eca900 100644 --- a/overlays/python3-packages.nix +++ b/overlays/python3-packages.nix @@ -2,6 +2,6 @@ self: super: { python3Packages = super.python3Packages // super.recurseIntoAttrs ( - super.python3Packages.callPackage ../pkgs/python-pkgs {} + super.python3Packages.callPackage ../pkgs/python-pkgs { } ); } diff --git a/overlays/tubslatex.nix b/overlays/tubslatex.nix index 220029a..da6843d 100644 --- a/overlays/tubslatex.nix +++ b/overlays/tubslatex.nix @@ -2,27 +2,27 @@ self: super: { # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 tubslatex = super.lib.overrideDerivation - (super.texlive.combine { - inherit (super.texlive) scheme-full; - tubslatex.pkgs = [(super.callPackage ../pkgs/tubslatex {})]; - }) - (oldAttrs: { - postBuild = - '' - # Save the udpmap.cfg because texlive.combine removes it. - cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 - '' - + oldAttrs.postBuild - + '' - # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it - rm $out/share/texmf/web2c/updmap.cfg || true - cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg - rm $out/share/texmf/web2c/updmap.cfg.1 - perl `type -P mktexlsr.pl` $out/share/texmf - yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true - perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map - # Regenerate .map files. - perl `type -P updmap.pl` --sys - ''; - }); + (super.texlive.combine { + inherit (super.texlive) scheme-full; + tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex { }) ]; + }) + (oldAttrs: { + postBuild = + '' + # Save the udpmap.cfg because texlive.combine removes it. + cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 + '' + + oldAttrs.postBuild + + '' + # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it + rm $out/share/texmf/web2c/updmap.cfg || true + cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg + rm $out/share/texmf/web2c/updmap.cfg.1 + perl `type -P mktexlsr.pl` $out/share/texmf + yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true + perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map + # Regenerate .map files. + perl `type -P updmap.pl` --sys + ''; + }); } diff --git a/pkgs/python-pkgs/default.nix b/pkgs/python-pkgs/default.nix index e4c33e6..c1c7b48 100644 --- a/pkgs/python-pkgs/default.nix +++ b/pkgs/python-pkgs/default.nix @@ -1,2 +1 @@ -{callPackage}: { -} +{ callPackage }: { } diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix index c7471be..9b186db 100644 --- a/pkgs/scripts.nix +++ b/pkgs/scripts.nix @@ -1,7 +1,7 @@ -{ - pkgs, - stdenv, - lib, +{ pkgs +, stdenv +, lib +, }: (import (pkgs.fetchgit { url = "https://git.dadada.li/dadada/scripts.git"; diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix index e7bb963..36b688a 100644 --- a/pkgs/tubslatex/default.nix +++ b/pkgs/tubslatex/default.nix @@ -1,13 +1,13 @@ -{ - stdenv, - fetchzip, - unzip, +{ stdenv +, fetchzip +, unzip +, }: stdenv.mkDerivation rec { src = ./tubslatex_1.3.2.tds.zip; sourceRoot = "."; - nativeBuildInputs = [unzip]; - buildInputs = [unzip]; + nativeBuildInputs = [ unzip ]; + buildInputs = [ unzip ]; installPhase = '' mkdir -p $out cp -r * $out/ diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix index f9eece2..c513c33 100644 --- a/pkgs/vimPlugins/default.nix +++ b/pkgs/vimPlugins/default.nix @@ -1,8 +1,7 @@ -{ - pkgs, - lib, - fetchFromGitHub, - ... +{ pkgs +, lib +, fetchFromGitHub +, ... }: with lib; { filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { diff --git a/shell.nix b/shell.nix index a297003..e2a7c3d 100644 --- a/shell.nix +++ b/shell.nix @@ -1,4 +1,4 @@ -{mkShell}: +{ mkShell }: mkShell { buildInputs = [ ]; diff --git a/tests/default.nix b/tests/default.nix index 15769d2..10daca3 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -1,2 +1 @@ -system: { -} +system: { } From 3fccfe3b671c218000dd79fa27ca85cb9e98f6ae Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 7 Aug 2022 12:50:07 +0200 Subject: [PATCH 381/988] add backup secrets to config for hosts --- flake.lock | 21 +++++++ flake.nix | 4 ++ nixos/configurations.nix | 21 ++++--- nixos/gorgon/configuration.nix | 5 +- nixos/ifrit/configuration.nix | 63 +------------------- nixos/modules/backup.nix | 1 + nixos/modules/borg-server.nix | 81 ++++++++++++++++++++++++++ nixos/modules/default.nix | 1 + nixos/modules/profiles/backup.nix | 11 ++++ nixos/modules/profiles/laptop.nix | 6 ++ nixos/modules/profiles/server.nix | 7 +++ nixos/pruflas/configuration.nix | 1 + outputs.nix | 10 +++- secrets/agares-backup-passphrase.age | 9 +++ secrets/agares-backup-ssh-key.age | Bin 0 -> 892 bytes secrets/gorgon-backup-passphrase.age | 10 ++++ secrets/gorgon-backup-ssh-key.age | Bin 0 -> 868 bytes secrets/ifrit-backup-passphrase.age | 11 ++++ secrets/ifrit-backup-ssh-key.age | Bin 0 -> 803 bytes secrets/pruflas-backup-passphrase.age | 10 ++++ secrets/pruflas-backup-ssh-key.age | Bin 0 -> 784 bytes secrets/secrets.nix | 20 +++++++ secrets/surgat-backup-passphrase.age | 10 ++++ secrets/surgat-backup-ssh-key.age | 12 ++++ shell.nix | 3 +- 25 files changed, 242 insertions(+), 75 deletions(-) create mode 100644 nixos/modules/borg-server.nix create mode 100644 nixos/modules/profiles/backup.nix create mode 100644 secrets/agares-backup-passphrase.age create mode 100644 secrets/agares-backup-ssh-key.age create mode 100644 secrets/gorgon-backup-passphrase.age create mode 100644 secrets/gorgon-backup-ssh-key.age create mode 100644 secrets/ifrit-backup-passphrase.age create mode 100644 secrets/ifrit-backup-ssh-key.age create mode 100644 secrets/pruflas-backup-passphrase.age create mode 100644 secrets/pruflas-backup-ssh-key.age create mode 100644 secrets/secrets.nix create mode 100644 secrets/surgat-backup-passphrase.age create mode 100644 secrets/surgat-backup-ssh-key.age diff --git a/flake.lock b/flake.lock index bdec885..c6dd996 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "agenix": { + "inputs": { + "nixpkgs": [ + "myNixpkgs" + ] + }, + "locked": { + "lastModified": 1652712410, + "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "owner": "ryantm", + "repo": "agenix", + "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "doom-emacs": { "flake": false, "locked": { @@ -580,6 +600,7 @@ }, "root": { "inputs": { + "agenix": "agenix", "flake-utils": "flake-utils", "home-manager": "home-manager", "homePage": "homePage", diff --git a/flake.nix b/flake.nix index ed6374c..501b480 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,10 @@ recipemd = { url = github:dadada/recipemd/nix-flake; }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "myNixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f7be74d..d155ab0 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,5 +1,7 @@ +# TODO refactor adapterModule and redundant module config { self , admins +, agenixModule , nixpkgs , nixosSystem , home-manager @@ -8,6 +10,7 @@ , nvd , scripts , recipemd +, secretsPath , }: let @@ -23,17 +26,16 @@ let ]; }; lib = nixpkgs.lib; - adminConfig = users: { - dadada.admin.users = lib.getAttrs users admins; - }; in { gorgon = nixosSystem rec { system = "x86_64-linux"; + specialArgs = { inherit admins secretsPath; }; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ (adapterModule system) + agenixModule nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 home-manager.nixosModules.home-manager { @@ -52,34 +54,38 @@ in }; ifrit = nixosSystem rec { system = "x86_64-linux"; + specialArgs = { inherit admins secretsPath; }; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) + agenixModule (adapterModule system) ./modules/profiles/server.nix ./ifrit/configuration.nix + ./ifrit/hardware-configuration.nix ]; }; surgat = nixosSystem rec { system = "x86_64-linux"; + specialArgs = { inherit admins secretsPath; }; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) (adapterModule system) + agenixModule ./modules/profiles/server.nix ./surgat/configuration.nix ]; }; pruflas = nixosSystem rec { system = "x86_64-linux"; + specialArgs = { inherit admins secretsPath; }; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) (adapterModule system) + agenixModule ./modules/profiles/laptop.nix ./pruflas/configuration.nix ]; @@ -87,11 +93,12 @@ in agares = nixosSystem rec { system = "x86_64-linux"; + specialArgs = { inherit admins secretsPath; }; modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ - (adminConfig [ "dadada" ]) (adapterModule system) + agenixModule ./modules/profiles/server.nix ./agares/configuration.nix ]; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 6a164ba..fe65a95 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,6 +1,7 @@ { config , pkgs , lib +, secretsPath , ... }: let @@ -50,10 +51,6 @@ in }; vpnExtension = "3"; }; - backupClient = { - bs.enable = true; - gs.enable = false; - }; }; boot.kernel.sysctl = { diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 0a71801..89130f1 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -9,71 +9,12 @@ let "media.dadada.li" "backup0.dadada.li" ]; - backups = "/mnt/storage/backup"; in { - imports = [ - ./hardware-configuration.nix - ]; - dadada = { admin.enable = true; - ddns.domains = [ - "backup0.dadada.li" - ]; - }; - - users.users.borg.home = backups; - services.borgbackup.repos = { - "metis" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/metis"; - quota = "1T"; - }; - "gorgon" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/gorgon"; - quota = "1T"; - }; - "surgat" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/surgat"; - quota = "50G"; - }; - "pruflas" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/pruflas"; - quota = "50G"; - }; - "wohnzimmerpi" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/wohnzimmerpi"; - quota = "50G"; - }; - "fginfo" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/fginfo"; - quota = "10G"; - }; - "fginfo-git" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/fginfo-git"; - quota = "10G"; - }; + borgServer.enable = true; + borgServer.path = "/mnt/storage/backup"; }; networking.hostName = "ifrit"; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 8887057..44087f0 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -19,6 +19,7 @@ with lib; let "/sys" "/tmp" "/var/cache" + "/var/lib/machines" "/var/log" "/var/tmp" ]; diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix new file mode 100644 index 0000000..5da2280 --- /dev/null +++ b/nixos/modules/borg-server.nix @@ -0,0 +1,81 @@ +{ config, lib, admins, ... }: +let + inherit (lib) mkEnableOption mkIf mkOption types; + cfg = config.dadada.borgServer; +in +{ + options = { + dadada.borgServer = { + enable = mkEnableOption "Enable Borg backup server"; + path = mkOption { + type = types.path; + default = "/var/lib/backup"; + example = "/mnt/storage/backup"; + }; + }; + }; + + config = mkIf cfg.enable { + + dadada.ddns.domains = [ + "backup0.dadada.li" + ]; + + users.users.borg.home = cfg.path; + services.borgbackup.repos = { + "metis" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/metis"; + quota = "1T"; + }; + "gorgon" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/gorgon"; + quota = "1T"; + }; + "surgat" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/surgat"; + quota = "50G"; + }; + "pruflas" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/pruflas"; + quota = "50G"; + }; + "wohnzimmerpi" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/wohnzimmerpi"; + quota = "50G"; + }; + "fginfo" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/fginfo"; + quota = "10G"; + }; + "fginfo-git" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; + authorizedKeys = admins.dadada.keys; + path = "${cfg.path}/fginfo-git"; + quota = "10G"; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.path} 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" + ]; + }; +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 814e40e..7813a3a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,6 +1,7 @@ { ... } @ inputs: { admin = import ./admin.nix; backup = import ./backup.nix; + borgServer = import ./borg-server.nix; ddns = import ./ddns.nix; element = import ./element.nix; fido2 = import ./fido2.nix; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix new file mode 100644 index 0000000..0c41380 --- /dev/null +++ b/nixos/modules/profiles/backup.nix @@ -0,0 +1,11 @@ +{ config, secretsPath, ... }: +{ + dadada.backupClient.bs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase.path"; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key.path"; + }; + + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${toString secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${toString secretsPath}/${config.networking.hostName}n-backup-ssh-key.age"; +} diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index f734585..8713a41 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -4,10 +4,16 @@ , ... }: with lib; { + imports = [ + ./backup.nix + ]; + networking.domain = mkDefault "dadada.li"; services.fwupd.enable = mkDefault true; + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + fonts.fonts = mkDefault (with pkgs; [ source-code-pro ]); diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 487000a..d0032f8 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,9 +1,16 @@ { config +, admins , pkgs , lib , ... }: with lib; { + imports = [ + ./backup.nix + ]; + + dadada.admin.users = admins; + networking.domain = mkDefault "dadada.li"; networking.tempAddresses = "disabled"; diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index f0f3208..032425a 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -103,6 +103,7 @@ with lib; { }; networking.domain = "dadada.li"; + networking.tempAddresses = "disabled"; users.mutableUsers = true; diff --git a/outputs.nix b/outputs.nix index abd57e1..8c7de6b 100644 --- a/outputs.nix +++ b/outputs.nix @@ -9,13 +9,18 @@ , nvd , scripts , recipemd +, agenix , ... } @ inputs: +let + secretsPath = ./secrets; +in (flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; selfPkgs = self.packages.${system}; formatter = self.formatter.${system}; + agenix-bin = agenix.packages."${system}".agenix; in { apps.nixos-switch = { @@ -51,7 +56,7 @@ $link/activate ''); }; - devShell = pkgs.callPackage ./shell.nix { }; + devShell = pkgs.callPackage ./shell.nix { inherit agenix-bin; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; checks = { format = pkgs.runCommand "check-format" { buildInputs = [ formatter ]; } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; @@ -63,9 +68,10 @@ }; hmModules = import ./home/modules inputs; nixosConfigurations = import ./nixos/configurations.nix { + agenixModule = agenix.nixosModule; nixosSystem = nixpkgs.lib.nixosSystem; admins = import ./admins.nix; - inherit self nixpkgs home-manager nixos-hardware nvd scripts homePage recipemd; + inherit self secretsPath nixpkgs home-manager nixos-hardware nvd scripts homePage recipemd; }; nixosModules = import ./nixos/modules inputs; overlays = import ./overlays; diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age new file mode 100644 index 0000000..702b900 --- /dev/null +++ b/secrets/agares-backup-passphrase.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w zuSOhGaD5loTrVe42D+9wisBe9uLPVk4jB04aNOnVkE +TPkwqjoryGxiw02PJEOXTU/Ypt3ux5DG0df2FmLVCY0 +-> ssh-ed25519 Otklkw I6aDhKl2KS+JLkKzh1Wh2dlCHsjFaQpfoNvsoudBF38 +HsSCHtawaNCyhd5p8mdXQGiMidCp2PtFydES4frjGY0 +-> C'Lx21-grease "Ab:ca- # +/jYss39MTt1fbOK1t7s +--- ulSvMSFv1Ow1k20uMbgeQCO62S8wRNtuWuJVkjAlx/4 +­u„¼(6'ò4á0½¨Ë°£9)ßU^np5›:ïËÍtdD§æMÓò…å?OD×ÄZÏøZ÷39Á6ÈlüÐÒ \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age new file mode 100644 index 0000000000000000000000000000000000000000..2e6dd67afdfd02231ac62b62c3f5e904df60b8ee GIT binary patch literal 892 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlF;6ovEmsH+339Ho zH1v4|4TRH%v0~DhxF&FEI^q^@?)McF#$6F6Q#Ij3^Bb&j{BqFHZAK za>_0&axcoxNDFpytV*iNNefHM%y&1)^Ygbb_C&YMza%>+yIjG?)Wgf$uQJQYJ)+o0 zTRSVKG|?y7%QLUSutd8&$=xK^$RHrA!X?Ae)tAen)GHv}+bh@DKi{j&!m}#Nsj9%q ztI9vcC^IbCN#97n+|<%gJE+{##{gtoxV^ruvu=7(YGQG!f>v5FS4eTLUyebbd!BZn zesXrGaZZ)9sb!{Pa-n-kwr62kc4B2zp1xmXMM{a0L25}wK&5_Ec#(6ezN@yjnL%W! zCs#&Da(-rLSV?h|d1h8YsfDRaVQyJLQJAxzd1ZEHcxaYUXkLVog^RCod01GENl~7c zWm0BJK%|k0b5Wp0crq84uCA^^fTNE=lzCXDOL}OTUqobDxlx9tK~Pd?NTGYWi@R4* zfuEsku7_cnPmUuO8|S;w)K-~$KV0`(=66@~N^k9*_LlW&^{1O_YCnD7_W0EKj&A@oW7SY_DA28+RADNj;Jd1Wt?~t3lE?C8`EG28M(!sdr2J_iI<(}rK+pnGSF>~q7 z$has6IblK7zZ~|S48p7dv)<0UR{87772mm&XFXR+;eJ(PBxd9owL?~TLLc{&jSaRR zw{?DTi)QBdZdD75af>8_m0z?45s^>->OHybZ1wz{;ryxBH;`f49DC9id| zM}_`#@^S26ebe)i=XAfb;rpfpUA=WI;bxPTt;&&w8y4xl5Li~j@_(vvVJpX;Q|FoI zbl#uozu9V9Y<|T7!CK#2R$64b)q5Aw!bMJ|R|GatAy!y?49on{3Vj=eq&$u0rKm7k$C~ ssh-ed25519 0aOabg 2h4VEFdhUUGkviD4i0wm3NL9944guan9O0BDoz/7mGQ +D9clRO4ibGPMMA5KLOXU9CPlNSulZA9RmKelxUKqy4E +-> ssh-ed25519 Otklkw kG8jXHeM2kYTBTpYfo2N4V/hJx2HdLPlgAXTZRKJmR8 +fesI+DSgCTMIY1pLJMx0q86+va3dF1ZFj3kRK+O0MIc +-> Z7_:1-grease 17g=iG^I #3%B ,.5lz +6YSTWBwtchUxqxCR2EvUic+OfO+XByzyqirtt8hW8eFdF/blR4McETrV3lb6n+xW +8SyICmVL60yGj3QDZWmus/FV8xaXh5hSJLqGNtwPdiM82mez +--- klL1U0W7ki7TRcM/lDsoR+/facAm7PDKTEw7bPWUmvc +L÷F™7[j?EDc™(ÂÍT±4e„i9—Lj6Câs`å8ÿÚ¨2§à"X«5Šø©Yã´ûnB‡ÔáK ŠšÇm0nÄ? `ˆ^ÉYWyøc€¦ \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age new file mode 100644 index 0000000000000000000000000000000000000000..9131537beef801d09bd9234df9da7e143f397081 GIT binary patch literal 868 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSPNc2xkN>|V?s0udl zNi4K1t_=6mcPYy-FU)W>_A~a>FHSe~Fe^-Rjm(KMH1sRZO6RhSst5}5_Vg|_H_l5; zc1_VQOwuk-k4R4qi|`E(&nojsH!lv(t;}=ua7DMxza%>+yIjH4E!aOY*wNI#*u~J< zwKT^#z0%CvJ;2q!!rjBOFv!g`TVFffEZij0&6O+NqtM7%KPT5Kz_6;K+@QeMyfoa> z$oz8dzG(cp1)(HYovd0hNV%kMSg*KrK5jZM1V_Gazs?F zcdDDYX-1i|Q=SQzuCA_vg|Dx7xnpLQe|mvwUP*FVn7ONqS72UnrBQI8d5MLSQIwf! zL8-aEd1gA7n@juFqlFAnO0lnA9#pTNc;z0~k7-O3dVkGZv(d|??oh-WWAOo7qnPyieXK z6Sx_9FztPC^UFx*gkMT0g_}Eze;l2~Q#4Iy(e>Z?OY`Q=m3g`AjqrutOAj+SeL0zC z8~o$^%}8yYw^LGPumxNUc(`wSUTjePx1S%jaJrlC&`q%E6YmY`vo6)Im@_223YyAt!=ii>S#4D~a*k^eAp5C>4H$2yR9SCS` ze)vS-z}0zczHKt~p6!1;^}@RwC%jTR6%Wj;i`nrox!WY9(EZEXsYh>eBs_Wd;^as1 zzT(iu>_!%IJ}LLdv2^TWUt?{UYHgTt#EoZf_S>WTnL^IL%AbGqBI{FCuQFy%EBnhW zZXFj|ug}|~{#C9pX~|>$sFRKP_jexus%a>DX5PauSpwD%ivlI@`&Ww|EN%ZkInv#t z|LqO02mhZ(UO4pGTE@0iKX8)Tvg=+?UaR>2v41W4C)2Yq ssh-ed25519 yMjj5g V9rC+0UIZO6GMFXjsoF3qvSkEnc3iHaqsv9yQHg6XWg +lLkAndMDp8blMYJqviD+6H4l2uEqzsP9fsr8sZVCdXk +-> ssh-ed25519 Otklkw ehLzOysl9JmqPb0MuaSwg8MvNnPg44807PGyMsh5hhA +pf8vtXa85gF1XL2Xm1zCaAzDdCaebNFpZC1wm7lnUCg +-> #|)e#-g[-grease +UPUrPqT4ez2irVMxwsVYiAhM6pEaAzWt8RYNWzMtARHsTDLU9J17+x4 +--- rigjthxdwl7djFf8pSoQuZEZfWLsMa0oWLplrQMOe7c +ý +˜ü6.Ç=ße Â}ÛoŒ¾‹ì(9Ë +ÒµdÀïCÓïÉ«ùV¶š‡…¥9¾z—ܧÎ%J•ßRÒD_¡ \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age new file mode 100644 index 0000000000000000000000000000000000000000..165e75a03b98786c2f1f427c1df565edacf9a3c2 GIT binary patch literal 803 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTy^v%jLO;_;r$|x%? zCNGjtD8NwBQQ&$xX^OEjDn`t};*d z@G%I=PIhxn3JFRwit_dkcJeL{ws6$;Eh=(#F+jJ?za%>+yIdh4%s(tDxiH7oCp^rT$8AlEz6 ztCVN1Qh89j@#D(nT$A%3*aUT5_$chgcd;odA}dlMo&D1ugLUOEV|dn7?^?`p`L4;S zpl|Q~T0gsA(eu*eR>Q(aC98}{XHm|GH5eLj5I z8vBHUTQ)WPY>d9UdG~n>hk{D4WOG5Gh}4exFQ=N<1Zk`}_&sdOlWU89S*KrJ<9>YI zB!P6UD5sbWet}yg5|`Nozf9Y{^V!9}*A_B{Y@AZ`@!{gHBt74EyaLg&UE{q&}X zE+%(ApVfJG*;;Zh&&`j=#XV*e7=5;_WLzWt=*5>!>BqSw!l&0>tMVyZy5Lm`XZAlU zi^c8w;!HaZ&va(X5=oq8cf#V6_3_V@^A#L7EUG)jJdMS#Jm8=~ZDXd+Va>#yM)q$) zj&7Ob;gzxeb2CTJ>{+kbdAA>&yz=6k?pqB<`}fEfY|mbkmV4r5K&|e%)`vHHwEXSs zYO}>1Pp*ya-h1@5w)iKf+s&nkF?~93yx6(p*GSy+Iip-ZuY1imB|gKqpMK46Uh&}e ozf)^Bz2E*l_4cfQ3o-nAf1LQkFpo>G@pVVydMCZP?M=bP0Eo0%8vp ssh-ed25519 thf/Uw PPtflHayBrV0oWfJQr6RW9nJphdVFI9S5XjI+kmRe1M +fnwzt27PMwUYMqS25Z+0zxouC27KjeXaIbN4dYZPRLA +-> ssh-ed25519 Otklkw Ko14b+XMTZHVXMRN/JrfwTUrZA8ndj7bfaxe4O8/BCY +zRt6bLCbZPhoxKuLDglex2SpDwjUxyP6eKFaHzc0zu0 +-> /:G-grease c5#5Vm+\ KX, +nljmCZ+NP2fbmIjzA/OiL4i4A2+UPRBf3KrXe3C6/lJaxiRggeXqdrucy/lLNjda +Y8emrCT5o7DfryEo3QGUQkPujBgUgYvcB4Q/XlaWaLBcsSnW2D4eZQ +--- SYKRV9hejrBWXgVt8pCRKcTxFNljA2IIFkONLn8+nuo +5J-òª· épô³cÜ mJ|ö¸Š!Þ®¨@ñí™…à…T]„Ô=&;Ë5}=9ûª§§ ̽y‚é \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age new file mode 100644 index 0000000000000000000000000000000000000000..9a5ec8a5e721f0857a6df771fd6303b5c5b3ca25 GIT binary patch literal 784 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH$w<==Emv^KtxQff z_Kh@gG|G4K$}$NLF)lLJchfd3$PGwK3^q?GDM_vL(9iXWFyXQ&4GT_5^wm!{_m4`` zPP251bWiq5(bhL}@^^Rj&Pet(PBIA4&M(zB$VRu#za%>+yIdj4C@V7~(j>&(ExCn&?uET_=a zGSj~_Sl{0>)Ya5EG@!uU!@tzsI22@?i>9}3dQoa(aVl3;S*dSSRI+D8vVWANX<(4Q ze^y~il51(ITR}lyuD_#ScvOmqYrdtki&I3oVL>66uCA^^W_U!gcZ9n^YIuH`OGT)m zUui&*bE2VXWU!ZUnSPQ>fR90Vmb+0}VreATUx8kRT}Cr6KPvCE-)@n({LR}b;mhwV zY~s$5cqU=(n{(-lY7`#54ol&yShH}8ZOL@b;|Ys7{I09nsqNd^zjd#yYIXI_ zbP-vnTkEa(6?RO^*{XW&UpMy+`ERpWZWLGeh578C_GID3s>^YwZ!?Nb%u`+#b)fq` zTg7Vi-(~__tU8&em$iQOT&Ns7`>A_s;XI$IYrCu*&6h1mJj|67)%Nzh^m--Vi@E|u zk+ntwB{6>{ysQ56tz@q9%@yk9?w7jwEh;{N!M%k3v`XU9}imom^Q@cy{KBM;n z>wNP$?>{beu{g%}#4K!ve#u2uktauv=FDvqx#XC?s%79!L#hh!S&-(~Nv+sLKV>$QCaubJbTW)Ib6 z7v3se7yR?`#g2?ga+VDTTCG^8S-go{>!PE*pv>tv%ZC?w-`b}tUC)T*tGv(nc<;Vh zO#c>hBrEF#mn7P~{O%Pxz0M| literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..e51cb39 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,20 @@ +let + dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) "; + systems = { + agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos"; + gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; + ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; + pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKnYOgzxZ4DAeFL88MhIVtNmMEHMQhi/pNJDbwFWOJW root@pruflas"; + surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; + }; + backupSecrets = hostName: { + "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ]; + "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ]; + }; +in +{ } // +backupSecrets "gorgon" // +backupSecrets "ifrit" // +backupSecrets "pruflas" // +backupSecrets "surgat" // +backupSecrets "agares" diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age new file mode 100644 index 0000000..be011a6 --- /dev/null +++ b/secrets/surgat-backup-passphrase.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 jUOjpw U3EPRp3r/aE8kSb+D4kd3F2pJyyPgrG13KvJ4ImavUQ +lsWg2WW/nC9FT0JrZfhXPHcHduPfd+wm/vktSpUbRBY +-> ssh-ed25519 Otklkw +Ic/y3KF0l4/hlFGSRCJEQ+HsK1U9eZusMhSsBuIsDc +QE2W7F9fg49UlX3n0baZVEoq9zsahcEr5oEzOk12FMg +-> +'GD%5-grease |:[SW0@b c 36`)g +rvXcBtMeumpqo2OKg4q5wvvIDkCqlnwbdPEzJSqsEXXI2LenSbV0NM1mVjCXyvvr +4pwDLhQkRnQ3DkftGp3veOluxRLmmg +--- PMICHLb+oVMRdtD93FZyDc6lWL35bjvF1QWJYXhP2IY +`õv=ôb>ÏØ”ÈÏm²äò^Ôèùù¡q§5Î ù´¯Ñ9™üs®ƒ2¨c"Jåðçµ5[»qR±zj- \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age new file mode 100644 index 0000000..8e9d15e --- /dev/null +++ b/secrets/surgat-backup-ssh-key.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 jUOjpw tm81EffU7KnPZZwEg1qy/fNr8leqD2y0oJcR5CWXTCs +Rnby8Wipp9jwYmbc0UskdYMRxYQ4t9Yhxa498Wsn8jc +-> ssh-ed25519 Otklkw q99wMvDcRSZzW5Zu7QtJO9ThlyYKpUBf1Rn9w+j7f2M +3aqp1If/L7Db7ikXwBlqsAbKTdcozDat+on9jQip+Zg +-> t1"Uq-grease WXdB"' +EUhZx0b3UqMCazu+zjPWOfWNs8s+rRWyyZh3TvvvYs5fLNJJzSAfAXbG17zfhHMP +DgBwNaTjSvwhMjqAiBYafAbsIzuwxp4bcZA3jRQ+FMUerwhWhHrw +--- sZ0GULTVh54+TtUY+oOfgicZmiDB6RCavVjWkSR7A7s +ë+O€!pÓ¢W¦RÛ?õÿ/dù"ŽÛ%a6ßHm»dY¹W¢Å „íR JÉ|ÌðÓ·¿Î?P 2HÏ´”å+²é€j$0¿Ч“SoUBæ?œ÷Z™'Cå-K +á½lE(ÑýDÀÑر9—óÃë”EKÈ3öл:O´XÙ ³R÷ž¨ð'«mXt}¬M +Aç³ïÔörÎ]ô²Ú¥zApÿt°ÁC·z·l4r‚"3Ç韸Ø"3¯ ™L1E¬ÓWKÏÃŽýŸpÛxqß|dÚî$ð•rI’Fiš@ùZž|l$;¿‹Øë×B¥µEÅgìá˜8¦AŒö^< 7GÂñÑ%-º–™¢Øz›ÇoøéVWOE+Î’Ç<¡„ã]çq€ <þÙ]ËÐrÌžlÁþä`PâÌ‘`™“:O&êýu*â­Šÿ©Ê8fÕo §›U— 7ÄÓ²Å4ÏpVžìªÓ÷"p–ßCÅæyìG‡â¬—5Ù¤ßÙ€—9@iÑh4íµšTÙ5ni4³…?î!ç© \ No newline at end of file diff --git a/shell.nix b/shell.nix index e2a7c3d..1e70b6f 100644 --- a/shell.nix +++ b/shell.nix @@ -1,5 +1,6 @@ -{ mkShell }: +{ agenix-bin, mkShell }: mkShell { buildInputs = [ + agenix-bin ]; } From 1a6ab16854b92ba4d60f65912c8d9886df419452 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 7 Aug 2022 15:13:49 +0200 Subject: [PATCH 382/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249' (2022-07-04) → 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/478f3cbc8448b5852539d785fbfe9a53304133be' (2022-08-03) → 'github:NixOS/nixpkgs/72f492e275fc29d44b3a4daf952fbeffc4aed5b8' (2022-08-06) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/72290846feecd198d3f63181c166ddaa50a2cb70' (2022-07-29) → 'github:nix-community/nix-doom-emacs/b7d44a76ea4f352b751b1ccba18f70f686838622' (2022-08-05) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/30a3d95bb4d9812e26822260b6ac45efde0d7700' (2022-07-29) → 'github:nix-community/emacs-overlay/a151f9ff5b9fa813ac8918f3a3a67c643e7e2edc' (2022-08-04) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/d37c0ee5fa7dc4be4bbe3aa9b6f4e79d4b1e638d' (2022-07-28) → 'github:emacs-straight/org-mode/4702a73031c77ba03b480b0848c137d5d8773e07' (2022-08-03) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/401aad7380c8395e948c7bc8780479ccb0a26b82' (2022-07-29) → 'github:jcs-elpa/ts-fold/17d131f69a717d7e8cc6d3af9dfa7d2b5e2b78ef' (2022-07-30) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249' (2022-07-04) → 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index c6dd996..086fbbd 100644 --- a/flake.lock +++ b/flake.lock @@ -56,11 +56,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1659086644, - "narHash": "sha256-VGK2BgT8JHK6m8cJZeNrApZkfEg6ArQVvnHdY8d6CJ0=", + "lastModified": 1659638214, + "narHash": "sha256-lXa01G06Ey9qgj+rYN7Nzc53FP3p2UMMnAuxpWXu9Ko=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "30a3d95bb4d9812e26822260b6ac45efde0d7700", + "rev": "a151f9ff5b9fa813ac8918f3a3a67c643e7e2edc", "type": "github" }, "original": { @@ -183,11 +183,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -213,11 +213,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -331,11 +331,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1659526864, - "narHash": "sha256-XFzXrc1+6DZb9hBgHfEzfwylPUSqVFJbQPs8eOgYufU=", + "lastModified": 1659768833, + "narHash": "sha256-G1T3le1SfZ0AIsWu4SnWr46A34OEiwFcHDKWHtBfBtg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "478f3cbc8448b5852539d785fbfe9a53304133be", + "rev": "72f492e275fc29d44b3a4daf952fbeffc4aed5b8", "type": "github" }, "original": { @@ -376,11 +376,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1659104643, - "narHash": "sha256-0Fujv7GldKanXkIORm1mDgcktv94DsfLYWd/5yqMk6U=", + "lastModified": 1659734704, + "narHash": "sha256-JDu9llYR5QTyE6+AGydqwKxTosIQYA+AXThnEmOjT78=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "72290846feecd198d3f63181c166ddaa50a2cb70", + "rev": "b7d44a76ea4f352b751b1ccba18f70f686838622", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1659011362, - "narHash": "sha256-XTh7hmnd04GxBTiIKBaZnyMjtVaWUDIFHuh/8QHWGT0=", + "lastModified": 1659533964, + "narHash": "sha256-ipwJjcRzY9iqEjkG4m8EXZ6+8OMdANuXRnSwct2LByQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "d37c0ee5fa7dc4be4bbe3aa9b6f4e79d4b1e638d", + "rev": "4702a73031c77ba03b480b0848c137d5d8773e07", "type": "github" }, "original": { @@ -672,11 +672,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1659096966, - "narHash": "sha256-zuKJGMFSmYyWsRZbfGfml4/kqJVQYtDZFNLZIyQzRH4=", + "lastModified": 1659171920, + "narHash": "sha256-/yY3Ph/BE3PFZhnBIQIHkwOW/43phSI7WeoMvU83TG4=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "401aad7380c8395e948c7bc8780479ccb0a26b82", + "rev": "17d131f69a717d7e8cc6d3af9dfa7d2b5e2b78ef", "type": "github" }, "original": { From 90425a4d187af25660cb95b748617ab574264866 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 7 Aug 2022 15:21:56 +0200 Subject: [PATCH 383/988] allow xlibs to be able to use qemu from substituter --- nixos/agares/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 7832a55..4ab1339 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -7,6 +7,9 @@ ./hardware-configuration.nix ]; + # to be able to use qemu from substituter + environment.noXlibs = false; + dadada = { admin.enable = true; networking.localResolver.enable = true; From a0bf817db100ae0dc567c51adbbe689ba308650d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 13 Aug 2022 11:03:11 +0200 Subject: [PATCH 384/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/72f492e275fc29d44b3a4daf952fbeffc4aed5b8' (2022-08-06) → 'github:NixOS/nixpkgs/5c211b47aeadcc178c5320afd4e74c7eed5c389f' (2022-08-12) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/b7d44a76ea4f352b751b1ccba18f70f686838622' (2022-08-05) → 'github:nix-community/nix-doom-emacs/20ca56a17dc33d67ed7d61b0e84205c617394b5b' (2022-08-10) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/35a89bdfa6064e507f8848b1d162433fe92ca829' (2022-07-28) → 'github:doomemacs/doomemacs/b06fd63dcb686045d0c105f93e07f80cb8de6800' (2022-08-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/ea3efc80f8ab83cb73aec39f4e76fe87afb15a08' (2022-08-01) → 'github:NixOS/nixos-hardware/78f56d8ec2c67a1f80f2de649ca9aadc284f65b6' (2022-08-12) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 086fbbd..d286961 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1659040172, - "narHash": "sha256-cl9CWknGL+PadiFSXTKlf07JQ15b4hkHETQs7z/Ksm0=", + "lastModified": 1659994866, + "narHash": "sha256-6lxvYfoPtzvinBHKvuUDpCz44IJpmZMLfLMy5q9UcFk=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "35a89bdfa6064e507f8848b1d162433fe92ca829", + "rev": "b06fd63dcb686045d0c105f93e07f80cb8de6800", "type": "github" }, "original": { @@ -331,11 +331,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1659768833, - "narHash": "sha256-G1T3le1SfZ0AIsWu4SnWr46A34OEiwFcHDKWHtBfBtg=", + "lastModified": 1660318005, + "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "72f492e275fc29d44b3a4daf952fbeffc4aed5b8", + "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f", "type": "github" }, "original": { @@ -376,11 +376,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1659734704, - "narHash": "sha256-JDu9llYR5QTyE6+AGydqwKxTosIQYA+AXThnEmOjT78=", + "lastModified": 1660129951, + "narHash": "sha256-uY0fxCwUQ5LmfX2CoklqOebKl6GM96qir2Zv1cbHdQI=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "b7d44a76ea4f352b751b1ccba18f70f686838622", + "rev": "20ca56a17dc33d67ed7d61b0e84205c617394b5b", "type": "github" }, "original": { @@ -407,11 +407,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1659356074, - "narHash": "sha256-UwV6hZZEtchvtiTCCD/ODEv1226eam8kEgEyQb7xB0E=", + "lastModified": 1660291411, + "narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08", + "rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", "type": "github" }, "original": { From af679b644fed3914bc928859552faab0c67a335b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 13 Aug 2022 11:43:53 +0200 Subject: [PATCH 385/988] disable jupyter because of CVE-2022-34749 --- home/home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index b6b78c3..5a89bdd 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -65,7 +65,7 @@ with pkgs; [ josm jq jq - jupyter + #jupyter kcachegrind keepassxc kubetail From afb2ca459e98002970b17cdb50d459dc28134231 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 15 Aug 2022 18:52:51 +0200 Subject: [PATCH 386/988] move dev shell to flake --- outputs.nix | 12 +++++++++++- shell.nix | 6 ------ 2 files changed, 11 insertions(+), 7 deletions(-) delete mode 100644 shell.nix diff --git a/outputs.nix b/outputs.nix index 8c7de6b..028195d 100644 --- a/outputs.nix +++ b/outputs.nix @@ -56,7 +56,17 @@ in $link/activate ''); }; - devShell = pkgs.callPackage ./shell.nix { inherit agenix-bin; }; + + devShell = pkgs.callPackage + ({}: + pkgs.mkShell { + buildInputs = [ + agenix-bin + ]; + } + ) + { }; + formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; checks = { format = pkgs.runCommand "check-format" { buildInputs = [ formatter ]; } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 1e70b6f..0000000 --- a/shell.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ agenix-bin, mkShell }: -mkShell { - buildInputs = [ - agenix-bin - ]; -} From 5b978019119cc2dccdf7b2b5e84e0ebc7f0ca822 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 15 Aug 2022 19:33:27 +0200 Subject: [PATCH 387/988] refactor outputs.nix Splits everything into separate files. --- apps.nix | 37 +++++++++++++++++ checks.nix | 9 +++++ dev-shell.nix | 6 +++ home/configurations.nix | 2 +- hydra-jobs.nix | 10 +++++ nixos/configurations.nix | 7 ++-- outputs.nix | 85 ++++++++-------------------------------- 7 files changed, 83 insertions(+), 73 deletions(-) create mode 100644 apps.nix create mode 100644 checks.nix create mode 100644 dev-shell.nix create mode 100644 hydra-jobs.nix diff --git a/apps.nix b/apps.nix new file mode 100644 index 0000000..750e82c --- /dev/null +++ b/apps.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: +{ + nixos-switch = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --flake ".#$1" --use-remote-sudo + ''); + }; + apps.deploy = { + type = "app"; + program = toString (pkgs.writeScript "deploy" '' + #!${pkgs.runtimeShell} + domain='dadada.li' + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo + ''); + }; + hm-switch = { + type = "app"; + program = toString (pkgs.writeScript "hm-switch" '' + #!${pkgs.runtimeShell} + set -eu -o pipefail -x + tmpdir=$(mktemp -d) + export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]} + trap "rm -rf $tmpdir" EXIT + declare -A profiles=(["gorgon"]="home") + profile=''${profiles[$HOSTNAME]:-common} + flake=$(nix flake metadata --json ${./.} | jq -r .url) + nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" + link=$(realpath $tmpdir/result) + $link/activate + ''); + }; +} + diff --git a/checks.nix b/checks.nix new file mode 100644 index 0000000..2c5b12a --- /dev/null +++ b/checks.nix @@ -0,0 +1,9 @@ +{ pkgs, formatter }: +{ + format = pkgs.runCommand + "check-format" + { + buildInputs = [ formatter ]; + } + "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; +} diff --git a/dev-shell.nix b/dev-shell.nix new file mode 100644 index 0000000..4be50f0 --- /dev/null +++ b/dev-shell.nix @@ -0,0 +1,6 @@ +{ pkgs, agenix-bin, ... }: +pkgs.mkShell { + buildInputs = [ + agenix-bin + ]; +} diff --git a/home/configurations.nix b/home/configurations.nix index 60588da..d532d92 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,7 +1,7 @@ { self , nixpkgs , home-manager -, +, ... } @ inputs: let hmConfiguration = diff --git a/hydra-jobs.nix b/hydra-jobs.nix new file mode 100644 index 0000000..6925a86 --- /dev/null +++ b/hydra-jobs.nix @@ -0,0 +1,10 @@ +{ self, nixpkgs, flake-utils, ... }: +(nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) + self.nixosConfigurations +) // +(nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.activation-script) + self.hmConfigurations +) // +(let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index d155ab0..6b9d3fb 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,9 +1,8 @@ # TODO refactor adapterModule and redundant module config { self , admins -, agenixModule +, agenix , nixpkgs -, nixosSystem , home-manager , homePage , nixos-hardware @@ -11,9 +10,11 @@ , scripts , recipemd , secretsPath -, +, ... }: let + nixosSystem = nixpkgs.lib.nixosSystem; + agenixModule = agenix.nixosModule; adapterModule = system: { nixpkgs.config.allowUnfreePredicate = pkg: true; nixpkgs.overlays = diff --git a/outputs.nix b/outputs.nix index 028195d..9c2ad7e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -12,89 +12,36 @@ , agenix , ... } @ inputs: -let - secretsPath = ./secrets; -in (flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; selfPkgs = self.packages.${system}; formatter = self.formatter.${system}; - agenix-bin = agenix.packages."${system}".agenix; + agenix-bin = agenix.defaultPackage."${system}"; in { - apps.nixos-switch = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --flake ".#$1" --use-remote-sudo - ''); - }; - apps.deploy = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - domain='dadada.li' - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo - ''); - }; - apps.hm-switch = { - type = "app"; - program = toString (pkgs.writeScript "hm-switch" '' - #!${pkgs.runtimeShell} - set -eu -o pipefail -x - tmpdir=$(mktemp -d) - export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]} - trap "rm -rf $tmpdir" EXIT - declare -A profiles=(["gorgon"]="home") - profile=''${profiles[$HOSTNAME]:-common} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" - link=$(realpath $tmpdir/result) - $link/activate - ''); - }; + apps = import ./apps.nix { inherit pkgs; }; - devShell = pkgs.callPackage - ({}: - pkgs.mkShell { - buildInputs = [ - agenix-bin - ]; - } - ) - { }; + devShells.default = pkgs.callPackage ./dev-shell.nix { inherit pkgs agenix-bin; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; - checks = { - format = pkgs.runCommand "check-format" { buildInputs = [ formatter ]; } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; - }; + + checks = import ./checks.nix { inherit formatter pkgs; }; })) // { - hmConfigurations = import ./home/configurations.nix { - inherit self nixpkgs home-manager; - }; + + hmConfigurations = import ./home/configurations.nix inputs; + hmModules = import ./home/modules inputs; - nixosConfigurations = import ./nixos/configurations.nix { - agenixModule = agenix.nixosModule; - nixosSystem = nixpkgs.lib.nixosSystem; + + nixosConfigurations = import ./nixos/configurations.nix (inputs // { admins = import ./admins.nix; - inherit self secretsPath nixpkgs home-manager nixos-hardware nvd scripts homePage recipemd; - }; + secretsPath = ./secrets; + }); + nixosModules = import ./nixos/modules inputs; + overlays = import ./overlays; - hydraJobs = - ( - nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) - self.nixosConfigurations - ) - // ( - nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.activation-script) - self.hmConfigurations - ) - // (let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests); + + hydraJobs = import ./hydra-jobs.nix inputs; } From c515110fc9e42b2427b857c5478e28af7455e4c9 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 15 Aug 2022 19:37:38 +0200 Subject: [PATCH 388/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/5c211b47aeadcc178c5320afd4e74c7eed5c389f' (2022-08-12) → 'github:NixOS/nixpkgs/879121648fe522b38cc1cf75aef160a14a1f2e7b' (2022-08-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/78f56d8ec2c67a1f80f2de649ca9aadc284f65b6' (2022-08-12) → 'github:NixOS/nixos-hardware/12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1' (2022-08-13) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d286961..4abc231 100644 --- a/flake.lock +++ b/flake.lock @@ -331,11 +331,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1660318005, - "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=", + "lastModified": 1660496378, + "narHash": "sha256-sgAhmrC1iSnl5T2VPPiMpciH1aRw5c7PYEdXX6jd6Gk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f", + "rev": "879121648fe522b38cc1cf75aef160a14a1f2e7b", "type": "github" }, "original": { @@ -407,11 +407,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660291411, - "narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", + "lastModified": 1660407119, + "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", + "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", "type": "github" }, "original": { From bf33bb336524ad6e25b9e02d5a93118d7814f4b5 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 15 Aug 2022 19:50:56 +0200 Subject: [PATCH 389/988] fix typo --- nixos/modules/profiles/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 0c41380..49d6341 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -7,5 +7,5 @@ }; age.secrets."${config.networking.hostName}-backup-passphrase".file = "${toString secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${toString secretsPath}/${config.networking.hostName}n-backup-ssh-key.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${toString secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } From c244f45636030620c4ede9eaebfb8d63fdca93c5 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 22 Aug 2022 17:12:59 +0200 Subject: [PATCH 390/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/879121648fe522b38cc1cf75aef160a14a1f2e7b' (2022-08-14) → 'github:NixOS/nixpkgs/23534df34c1c499a6c82ce690df06d8c6e4e759d' (2022-08-21) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/20ca56a17dc33d67ed7d61b0e84205c617394b5b' (2022-08-10) → 'github:nix-community/nix-doom-emacs/b62e04967ad303f0395025d5f2340beef8a67a57' (2022-08-19) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/b06fd63dcb686045d0c105f93e07f80cb8de6800' (2022-08-08) → 'github:doomemacs/doomemacs/4c9df9bfc63d2c3a9e20e20deaa854072e379f47' (2022-08-18) • Updated input 'nix-doom-emacs/doom-snippets': 'github:doomemacs/snippets/6b2bd5a77c536ed414794ecf71d37a60ebd4663e' (2022-06-22) → 'github:doomemacs/snippets/f957f8d195872f19c7ab0a777d592c611e10e9bb' (2022-08-07) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/a151f9ff5b9fa813ac8918f3a3a67c643e7e2edc' (2022-08-04) → 'github:nix-community/emacs-overlay/14443210f27375d5efc0cc554ad477d052e47b59' (2022-08-18) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249' (2022-07-04) → 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/4702a73031c77ba03b480b0848c137d5d8773e07' (2022-08-03) → 'github:emacs-straight/org-mode/f28288c255e293591725cbcd02637707bc9a77c2' (2022-08-18) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/039972c730690af7a83a5cb832056a7cc8b565d7' (2022-05-31) → 'github:hakimel/reveal.js/b23d15c4304a9a1b72f484171fc97682e5ed85a3' (2022-08-14) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/17d131f69a717d7e8cc6d3af9dfa7d2b5e2b78ef' (2022-07-30) → 'github:jcs-elpa/ts-fold/f0804a243544fbbf593791e4390d838b5d1187b0' (2022-08-11) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 4abc231..b2ef740 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1659994866, - "narHash": "sha256-6lxvYfoPtzvinBHKvuUDpCz44IJpmZMLfLMy5q9UcFk=", + "lastModified": 1660835296, + "narHash": "sha256-dEg/Ck0S6HZUO3VAVvd5oWyxitaKy7+DLljNq3Slpr0=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "b06fd63dcb686045d0c105f93e07f80cb8de6800", + "rev": "4c9df9bfc63d2c3a9e20e20deaa854072e379f47", "type": "github" }, "original": { @@ -40,11 +40,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1655900328, - "narHash": "sha256-fEYwFxW2sdzNK14DrS92OCGy8KDPZKewrHljnE/RlzQ=", + "lastModified": 1659894476, + "narHash": "sha256-1arRqlTos5uj6N47N4hyzHMMoUBxsxaZ/NK7iN5A+ZY=", "owner": "doomemacs", "repo": "snippets", - "rev": "6b2bd5a77c536ed414794ecf71d37a60ebd4663e", + "rev": "f957f8d195872f19c7ab0a777d592c611e10e9bb", "type": "github" }, "original": { @@ -56,11 +56,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1659638214, - "narHash": "sha256-lXa01G06Ey9qgj+rYN7Nzc53FP3p2UMMnAuxpWXu9Ko=", + "lastModified": 1660819717, + "narHash": "sha256-7tgpawCX0QXUxJd47R/Ziydhja/QAPA098MqgysevsU=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "a151f9ff5b9fa813ac8918f3a3a67c643e7e2edc", + "rev": "14443210f27375d5efc0cc554ad477d052e47b59", "type": "github" }, "original": { @@ -198,11 +198,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -331,11 +331,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1660496378, - "narHash": "sha256-sgAhmrC1iSnl5T2VPPiMpciH1aRw5c7PYEdXX6jd6Gk=", + "lastModified": 1661094678, + "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "879121648fe522b38cc1cf75aef160a14a1f2e7b", + "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", "type": "github" }, "original": { @@ -376,11 +376,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1660129951, - "narHash": "sha256-uY0fxCwUQ5LmfX2CoklqOebKl6GM96qir2Zv1cbHdQI=", + "lastModified": 1660946298, + "narHash": "sha256-XzIcFkcTsScS7blStWdPNXJ74FYPRbgTc30NvKeFzu8=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "20ca56a17dc33d67ed7d61b0e84205c617394b5b", + "rev": "b62e04967ad303f0395025d5f2340beef8a67a57", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1659533964, - "narHash": "sha256-ipwJjcRzY9iqEjkG4m8EXZ6+8OMdANuXRnSwct2LByQ=", + "lastModified": 1660824704, + "narHash": "sha256-rEjxbktmMt1dFlF7Dd6+bo0oAYCOP/ylfcRDeCCgb58=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "4702a73031c77ba03b480b0848c137d5d8773e07", + "rev": "f28288c255e293591725cbcd02637707bc9a77c2", "type": "github" }, "original": { @@ -585,11 +585,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1653993278, - "narHash": "sha256-X43lsjoLBWmttIKj9Jzut0UP0dZlsue3fYbJ3++ojbU=", + "lastModified": 1660499724, + "narHash": "sha256-BhnEmX+8h0MVol7T4Zr2w53A+AmgzcVirpwHCR/G73U=", "owner": "hakimel", "repo": "reveal.js", - "rev": "039972c730690af7a83a5cb832056a7cc8b565d7", + "rev": "b23d15c4304a9a1b72f484171fc97682e5ed85a3", "type": "github" }, "original": { @@ -672,11 +672,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1659171920, - "narHash": "sha256-/yY3Ph/BE3PFZhnBIQIHkwOW/43phSI7WeoMvU83TG4=", + "lastModified": 1660200855, + "narHash": "sha256-y2gouqMbu619qPy48HjAuURLReH96zEKdhvmyIoEZuM=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "17d131f69a717d7e8cc6d3af9dfa7d2b5e2b78ef", + "rev": "f0804a243544fbbf593791e4390d838b5d1187b0", "type": "github" }, "original": { From 7e9b29a502495cb9bfdbcc916ad225c30626ad1b Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 22 Aug 2022 17:21:10 +0200 Subject: [PATCH 391/988] fix typo --- apps.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps.nix b/apps.nix index 750e82c..800db09 100644 --- a/apps.nix +++ b/apps.nix @@ -8,7 +8,8 @@ nixos-rebuild switch --flake ".#$1" --use-remote-sudo ''); }; - apps.deploy = { + + deploy = { type = "app"; program = toString (pkgs.writeScript "deploy" '' #!${pkgs.runtimeShell} @@ -17,6 +18,7 @@ nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo ''); }; + hm-switch = { type = "app"; program = toString (pkgs.writeScript "hm-switch" '' From fb88564fcd4de9bcca850ab9ae52bfec718195ed Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 22 Aug 2022 17:23:20 +0200 Subject: [PATCH 392/988] disable auto-updater --- nixos/modules/update.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix index aff0885..68fc45c 100644 --- a/nixos/modules/update.nix +++ b/nixos/modules/update.nix @@ -36,11 +36,5 @@ in }; }; }; - - system.autoUpgrade = { - enable = true; - dates = "daily"; - flake = "github:dadada/nix-config#${config.networking.hostName}"; - }; }; } From 69f462d3c6e1b6eb04f17a9bf94e2bcb7a9d3daf Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 22 Aug 2022 18:19:04 +0200 Subject: [PATCH 393/988] support multiple hosts in deploy script --- apps.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps.nix b/apps.nix index 800db09..0e15681 100644 --- a/apps.nix +++ b/apps.nix @@ -15,7 +15,11 @@ #!${pkgs.runtimeShell} domain='dadada.li' flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --upgrade --flake "''${flake}#$1" --target-host "''${1}.$domain" --build-host localhost --use-remote-sudo + for host in "$@" + do + echo "=== Deploying ''${host} ===" + nixos-rebuild switch --upgrade --flake "''${flake}#$host" --target-host "''${host}.$domain" --build-host localhost --use-remote-sudo + done ''); }; From 9ccc374d3928c5408a50c85e67da98645b10e21a Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 23 Aug 2022 23:05:41 +0200 Subject: [PATCH 394/988] add deply config for ifrit --- checks.nix | 31 +++++++++++++++++++--------- deploy.nix | 22 ++++++++++++++++++++ dev-shell.nix | 5 +++-- flake.lock | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 4 ++++ outputs.nix | 9 ++++++--- 6 files changed, 112 insertions(+), 15 deletions(-) create mode 100644 deploy.nix diff --git a/checks.nix b/checks.nix index 2c5b12a..66ee350 100644 --- a/checks.nix +++ b/checks.nix @@ -1,9 +1,22 @@ -{ pkgs, formatter }: -{ - format = pkgs.runCommand - "check-format" - { - buildInputs = [ formatter ]; - } - "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; -} +{ self +, deploy-rs +, flake-utils +, nixpkgs +, ... +}: +#builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib // +(flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + formatter = self.formatter.${system}; + in + { + checks = { + format = pkgs.runCommand + "check-format" + { + buildInputs = [ formatter ]; + } + "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; + } // deploy-rs.lib."${system}".deployChecks self.deploy; + })).checks diff --git a/deploy.nix b/deploy.nix new file mode 100644 index 0000000..fd394b8 --- /dev/null +++ b/deploy.nix @@ -0,0 +1,22 @@ +{ self, deploy-rs, ... }: +let + domain = "dadada.li"; + system = "x86_64-linux"; + activateNixos = deploy-rs.lib."${system}".activate.nixos; + configs = self.nixosConfigurations; + daNode = hostname: { + hostname = "${hostname}.${domain}"; + fastConnection = true; + profiles = { + system = { + sshUser = "dadada"; + path = activateNixos configs."${hostname}"; + user = "root"; + }; + }; + }; +in +{ + nodes.ifrit = daNode "ifrit"; +} + diff --git a/dev-shell.nix b/dev-shell.nix index 4be50f0..fc2c720 100644 --- a/dev-shell.nix +++ b/dev-shell.nix @@ -1,6 +1,7 @@ -{ pkgs, agenix-bin, ... }: +{ pkgs, agenix, deploy-rs, system, ... }: pkgs.mkShell { buildInputs = [ - agenix-bin + agenix.defaultPackage."${system}" + deploy-rs.defaultPackage."${system}" ]; } diff --git a/flake.lock b/flake.lock index b2ef740..1f43241 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,28 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "myNixpkgs" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1659725433, + "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "doom-emacs": { "flake": false, "locked": { @@ -166,6 +188,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1650374568, @@ -356,7 +394,7 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_2", "format-all": "format-all", "nix-straight": "nix-straight", @@ -601,6 +639,7 @@ "root": { "inputs": { "agenix": "agenix", + "deploy-rs": "deploy-rs", "flake-utils": "flake-utils", "home-manager": "home-manager", "homePage": "homePage", @@ -685,6 +724,21 @@ "type": "github" } }, + "utils": { + "locked": { + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "ws-butler": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 501b480..a678789 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,10 @@ url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "myNixpkgs"; }; + deploy-rs = { + url = "github:serokell/deploy-rs"; + inputs.nixpkgs.follows = "myNixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/outputs.nix b/outputs.nix index 9c2ad7e..c7965e2 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,5 +1,6 @@ # Adapted from Mic92/dotfiles { self +, deploy-rs , flake-utils , homePage , nixpkgs @@ -17,16 +18,14 @@ pkgs = nixpkgs.legacyPackages.${system}; selfPkgs = self.packages.${system}; formatter = self.formatter.${system}; - agenix-bin = agenix.defaultPackage."${system}"; in { apps = import ./apps.nix { inherit pkgs; }; - devShells.default = pkgs.callPackage ./dev-shell.nix { inherit pkgs agenix-bin; }; + devShells.default = pkgs.callPackage ./dev-shell.nix inputs // { inherit pkgs system; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; - checks = import ./checks.nix { inherit formatter pkgs; }; })) // { @@ -44,4 +43,8 @@ overlays = import ./overlays; hydraJobs = import ./hydra-jobs.nix inputs; + + deploy = import ./deploy.nix inputs; + + checks = import ./checks.nix inputs; } From d1f47534623b5bbb414732ad816727b7959d7bce Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 23 Aug 2022 23:15:36 +0200 Subject: [PATCH 395/988] add deploy config for pruflas --- deploy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy.nix b/deploy.nix index fd394b8..baed09e 100644 --- a/deploy.nix +++ b/deploy.nix @@ -18,5 +18,6 @@ let in { nodes.ifrit = daNode "ifrit"; + nodes.pruflas = daNode "pruflas"; } From 5bdcf5c65873bb5eb84caf7c7e11a5230c0b373b Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 23 Aug 2022 23:51:17 +0200 Subject: [PATCH 396/988] remove old deploy script --- apps.nix | 26 ++------------------------ deploy.nix | 6 ++++-- 2 files changed, 6 insertions(+), 26 deletions(-) diff --git a/apps.nix b/apps.nix index 0e15681..94a2049 100644 --- a/apps.nix +++ b/apps.nix @@ -11,32 +11,10 @@ deploy = { type = "app"; - program = toString (pkgs.writeScript "deploy" '' + program = toString (pkgs.writeScript "self-deploy" '' #!${pkgs.runtimeShell} - domain='dadada.li' flake=$(nix flake metadata --json ${./.} | jq -r .url) - for host in "$@" - do - echo "=== Deploying ''${host} ===" - nixos-rebuild switch --upgrade --flake "''${flake}#$host" --target-host "''${host}.$domain" --build-host localhost --use-remote-sudo - done - ''); - }; - - hm-switch = { - type = "app"; - program = toString (pkgs.writeScript "hm-switch" '' - #!${pkgs.runtimeShell} - set -eu -o pipefail -x - tmpdir=$(mktemp -d) - export PATH=${pkgs.lib.makeBinPath [pkgs.coreutils pkgs.nixFlakes pkgs.jq]} - trap "rm -rf $tmpdir" EXIT - declare -A profiles=(["gorgon"]="home") - profile=''${profiles[$HOSTNAME]:-common} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - nix build --out-link "$tmpdir/result" "$flake#hmConfigurations.''${profile}.activationPackage" "$@" - link=$(realpath $tmpdir/result) - $link/activate + deploy ''${flake} ''); }; } diff --git a/deploy.nix b/deploy.nix index baed09e..473874f 100644 --- a/deploy.nix +++ b/deploy.nix @@ -17,7 +17,9 @@ let }; in { - nodes.ifrit = daNode "ifrit"; - nodes.pruflas = daNode "pruflas"; + nodes = builtins.mapAttrs (hostname: fun: fun hostname) { + ifrit = daNode; + pruflas = daNode; + }; } From f17a0fd99f7e71dec53b1fe341dfed0af9563bbc Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 23 Aug 2022 23:52:37 +0200 Subject: [PATCH 397/988] add remaining nodes to deploy config --- deploy.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy.nix b/deploy.nix index 473874f..5317edb 100644 --- a/deploy.nix +++ b/deploy.nix @@ -18,8 +18,10 @@ let in { nodes = builtins.mapAttrs (hostname: fun: fun hostname) { + agares = daNode; ifrit = daNode; pruflas = daNode; + surgat = daNode; }; } From 8a057c3cdf2e147ce3c71d30539a3db9bfbed12c Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Aug 2022 00:00:24 +0200 Subject: [PATCH 398/988] use system variable from nixos configuration --- deploy.nix | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/deploy.nix b/deploy.nix index 5317edb..6812266 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,20 +1,24 @@ { self, deploy-rs, ... }: let domain = "dadada.li"; - system = "x86_64-linux"; - activateNixos = deploy-rs.lib."${system}".activate.nixos; configs = self.nixosConfigurations; - daNode = hostname: { - hostname = "${hostname}.${domain}"; - fastConnection = true; - profiles = { - system = { - sshUser = "dadada"; - path = activateNixos configs."${hostname}"; - user = "root"; + daNode = hostname: + let + config = self.nixosConfigurations."${hostname}"; + system = config.pkgs.system; + activateNixos = deploy-rs.lib."${system}".activate.nixos; + in + { + hostname = "${hostname}.${domain}"; + fastConnection = true; + profiles = { + system = { + sshUser = "dadada"; + path = activateNixos config; + user = "root"; + }; }; }; - }; in { nodes = builtins.mapAttrs (hostname: fun: fun hostname) { From c2ec59d1cbb7e69d9fe6dfc1c12509d2fe66cc4e Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Aug 2022 00:27:46 +0200 Subject: [PATCH 399/988] fix path to deploy in apps --- apps.nix | 8 ++++++-- outputs.nix | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/apps.nix b/apps.nix index 94a2049..fc725e3 100644 --- a/apps.nix +++ b/apps.nix @@ -1,4 +1,8 @@ -{ pkgs, ... }: +{ pkgs +, deploy-rs +, system +, ... +}: { nixos-switch = { type = "app"; @@ -14,7 +18,7 @@ program = toString (pkgs.writeScript "self-deploy" '' #!${pkgs.runtimeShell} flake=$(nix flake metadata --json ${./.} | jq -r .url) - deploy ''${flake} + ${deploy-rs.apps."${system}".deploy-rs.program} ''${flake} ''); }; } diff --git a/outputs.nix b/outputs.nix index c7965e2..cf41357 100644 --- a/outputs.nix +++ b/outputs.nix @@ -20,7 +20,7 @@ formatter = self.formatter.${system}; in { - apps = import ./apps.nix { inherit pkgs; }; + apps = import ./apps.nix (inputs // { inherit pkgs system; }); devShells.default = pkgs.callPackage ./dev-shell.nix inputs // { inherit pkgs system; }; From 400ec335acf1b05610f1a6ca3d3ea5b2c3a29054 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Aug 2022 00:39:06 +0200 Subject: [PATCH 400/988] actually enable admin access to pruflas --- nixos/pruflas/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 032425a..d5f17b4 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,6 +1,7 @@ { config , pkgs , lib +, admins , ... }: with lib; { @@ -41,6 +42,7 @@ with lib; { }; dadada.admin.enable = true; + dadada.admin.users = admins; dadada.backupClient = { bs.enable = true; From 35f33fbec3f14577c0827b60ccd6460389d925ad Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 6 Sep 2022 20:13:21 +0200 Subject: [PATCH 401/988] remove redundant newline --- outputs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/outputs.nix b/outputs.nix index cf41357..962a41c 100644 --- a/outputs.nix +++ b/outputs.nix @@ -25,7 +25,6 @@ devShells.default = pkgs.callPackage ./dev-shell.nix inputs // { inherit pkgs system; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; - })) // { From eac53060219aab924e75129ef308070bedc03826 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 6 Sep 2022 20:15:26 +0200 Subject: [PATCH 402/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/7e5e58b98c3dcbf497543ff6f22591552ebfe65b' (2022-05-16) → 'github:ryantm/agenix/c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e' (2022-09-03) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/23534df34c1c499a6c82ce690df06d8c6e4e759d' (2022-08-21) → 'github:NixOS/nixpkgs/67e45078141102f45eff1589a831aeaa3182b41e' (2022-09-02) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/b62e04967ad303f0395025d5f2340beef8a67a57' (2022-08-19) → 'github:nix-community/nix-doom-emacs/7b8c1c53537840f2656cacce267697eca7032727' (2022-09-03) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/4c9df9bfc63d2c3a9e20e20deaa854072e379f47' (2022-08-18) → 'github:doomemacs/doomemacs/c44bc81a05f3758ceaa28921dd9c830b9c571e61' (2022-08-19) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/14443210f27375d5efc0cc554ad477d052e47b59' (2022-08-18) → 'github:nix-community/emacs-overlay/6b4445aa659fa26b4f36d9975b34632312699a85' (2022-09-01) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/f28288c255e293591725cbcd02637707bc9a77c2' (2022-08-18) → 'github:emacs-straight/org-mode/e36c3cc21b8b1471e1f7928a118de693819c3f12' (2022-09-01) • Updated input 'nix-doom-emacs/org-contrib': 'github:emacsmirror/org-contrib/39e2abc5629c1be6186bb6489ec4f76524edf82a' (2022-07-28) → 'github:emacsmirror/org-contrib/0740bd3fe69c4b327420185d931dcf0a9900a80e' (2022-08-20) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/f0804a243544fbbf593791e4390d838b5d1187b0' (2022-08-11) → 'github:jcs-elpa/ts-fold/28409a0ceede0751ed9d520c6a19d1f5f1211502' (2022-09-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1' (2022-08-13) → 'github:NixOS/nixos-hardware/504b32caf83986b7e6b9c79c1c13008f83290f19' (2022-09-06) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 1f43241..4f6b9ce 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1652712410, - "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "lastModified": 1662241716, + "narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=", "owner": "ryantm", "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e", "type": "github" }, "original": { @@ -45,11 +45,11 @@ "doom-emacs": { "flake": false, "locked": { - "lastModified": 1660835296, - "narHash": "sha256-dEg/Ck0S6HZUO3VAVvd5oWyxitaKy7+DLljNq3Slpr0=", + "lastModified": 1660901074, + "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "4c9df9bfc63d2c3a9e20e20deaa854072e379f47", + "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61", "type": "github" }, "original": { @@ -78,11 +78,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1660819717, - "narHash": "sha256-7tgpawCX0QXUxJd47R/Ziydhja/QAPA098MqgysevsU=", + "lastModified": 1662056744, + "narHash": "sha256-DSVel5s2LajK2F+bxKwenfbDis63GprQLJjAfpfWgfU=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "14443210f27375d5efc0cc554ad477d052e47b59", + "rev": "6b4445aa659fa26b4f36d9975b34632312699a85", "type": "github" }, "original": { @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1661094678, - "narHash": "sha256-RtaVb6SqfrgCi20gdju1ogS3u1ocyLnhsgolazrCwL0=", + "lastModified": 1662099760, + "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23534df34c1c499a6c82ce690df06d8c6e4e759d", + "rev": "67e45078141102f45eff1589a831aeaa3182b41e", "type": "github" }, "original": { @@ -414,11 +414,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1660946298, - "narHash": "sha256-XzIcFkcTsScS7blStWdPNXJ74FYPRbgTc30NvKeFzu8=", + "lastModified": 1662238434, + "narHash": "sha256-kizN1H6cJqu7TCt+QQxoWw0f1WdO1hU4myhUiETpHsk=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "b62e04967ad303f0395025d5f2340beef8a67a57", + "rev": "7b8c1c53537840f2656cacce267697eca7032727", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660407119, - "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", + "lastModified": 1662458987, + "narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", + "rev": "504b32caf83986b7e6b9c79c1c13008f83290f19", "type": "github" }, "original": { @@ -539,11 +539,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1660824704, - "narHash": "sha256-rEjxbktmMt1dFlF7Dd6+bo0oAYCOP/ylfcRDeCCgb58=", + "lastModified": 1662044935, + "narHash": "sha256-ZpxKw8L/IpxolkGyQMDut6V4i8I1T5za0QBBrztfcts=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "f28288c255e293591725cbcd02637707bc9a77c2", + "rev": "e36c3cc21b8b1471e1f7928a118de693819c3f12", "type": "github" }, "original": { @@ -555,11 +555,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1659039737, - "narHash": "sha256-ig8pVl790DopN6ZrCTIrvojt5/0Y+aOsjE87pqIVz8M=", + "lastModified": 1661026052, + "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "39e2abc5629c1be6186bb6489ec4f76524edf82a", + "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e", "type": "github" }, "original": { @@ -711,11 +711,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1660200855, - "narHash": "sha256-y2gouqMbu619qPy48HjAuURLReH96zEKdhvmyIoEZuM=", + "lastModified": 1662006199, + "narHash": "sha256-gDelW/h2LyknTQNkHODvzCJCKelLdLIQoDh/L1lk3KA=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "f0804a243544fbbf593791e4390d838b5d1187b0", + "rev": "28409a0ceede0751ed9d520c6a19d1f5f1211502", "type": "github" }, "original": { From 305c11f26e5a42523b009c43fc4cf47f180bf8d4 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 6 Sep 2022 20:45:00 +0200 Subject: [PATCH 403/988] surgat: remove vpn client --- nixos/surgat/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index f7710e6..12c0fec 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -41,7 +41,6 @@ in dadada.element.enable = true; dadada.gitea.enable = true; - dadada.networking.vpnExtension = "4"; dadada.weechat.enable = true; dadada.homePage.enable = true; dadada.share.enable = true; From 628edc7e98265a8ef42a1b6a40c39a40c3343e24 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 19:31:19 +0200 Subject: [PATCH 404/988] update hardware config of pruflas --- nixos/pruflas/hardware-configuration.nix | 55 +++++++++++++----------- 1 file changed, 31 insertions(+), 24 deletions(-) diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index ddb2116..2ed6324 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -1,37 +1,44 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78"; - fsType = "ext4"; - }; + fileSystems."/" = + { + device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/0494-CB52"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { + device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; fileSystems."/nix" = { - device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0494-CB52"; - fsType = "vfat"; + device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; }; swapDevices = [ ]; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; } From 7db500680b9bc9b8fd54c771914d2da24a8cb05a Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 20:14:57 +0200 Subject: [PATCH 405/988] update pruflas config --- nixos/pruflas/configuration.nix | 7 ------- nixos/pruflas/hardware-configuration.nix | 14 ++++++++++---- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index d5f17b4..bbf6120 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -72,13 +72,6 @@ with lib; { boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - swapDevices = [ - { - device = "/var/swapfile"; - size = 32768; - } - ]; - # Desktop things for media playback services.xserver.enable = true; diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index 2ed6324..82dcd49 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -14,7 +14,7 @@ { device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; fsType = "btrfs"; - options = [ "subvol=root" ]; + options = [ "subvol=root" "compress=zstd" ]; }; fileSystems."/boot" = @@ -27,16 +27,22 @@ { device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; fsType = "btrfs"; - options = [ "subvol=home" ]; + options = [ "subvol=home" "compress=zstd" ]; }; fileSystems."/nix" = { device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; fsType = "btrfs"; - options = [ "subvol=nix" ]; + options = [ "subvol=nix" "compress=zstd" ]; }; - swapDevices = [ ]; + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; + fsType = "btrfs"; + options = [ "subvol=swap" "noatime" ]; + }; + + swapDevices = [ { device = "/swap/swapfile"; } ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 467d41638b6e340bed6a48d773f4a18bce312ebd Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 20:30:28 +0200 Subject: [PATCH 406/988] pruflas: update efi partition uuid --- nixos/pruflas/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index 82dcd49..4334c35 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -19,7 +19,7 @@ fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0494-CB52"; + device = "/dev/disk/by-uuid/BFF0-B760"; fsType = "vfat"; }; From 3b0e89e2daf48d1b2768ccd92dfebbd390c177e2 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 20:47:53 +0200 Subject: [PATCH 407/988] pruflas: disable network manager --- nixos/pruflas/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index bbf6120..c04f20e 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -100,6 +100,8 @@ with lib; { networking.domain = "dadada.li"; networking.tempAddresses = "disabled"; + networking.networkmanager.enable = false; + users.mutableUsers = true; dadada.networking.localResolver.enable = true; From 7d43dbe5a83d06dc5fabbe686d32413671adc680 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 20:50:23 +0200 Subject: [PATCH 408/988] pruflas: update host key --- secrets/secrets.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e51cb39..7af9e91 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,7 +4,7 @@ let agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos"; gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; - pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKnYOgzxZ4DAeFL88MhIVtNmMEHMQhi/pNJDbwFWOJW root@pruflas"; + pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; }; backupSecrets = hostName: { From 34e89ac8c2b6e7fc81aeccba434f0acdf9e8b5b0 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 20:52:13 +0200 Subject: [PATCH 409/988] rekey --- secrets/agares-backup-passphrase.age | Bin 402 -> 503 bytes secrets/agares-backup-ssh-key.age | Bin 892 -> 876 bytes secrets/gorgon-backup-passphrase.age | 18 +++++++++--------- secrets/gorgon-backup-ssh-key.age | Bin 868 -> 788 bytes secrets/ifrit-backup-passphrase.age | 18 ++++++++---------- secrets/ifrit-backup-ssh-key.age | Bin 803 -> 903 bytes secrets/pruflas-backup-passphrase.age | 17 ++++++++--------- secrets/pruflas-backup-ssh-key.age | Bin 784 -> 872 bytes secrets/surgat-backup-passphrase.age | 17 ++++++++--------- secrets/surgat-backup-ssh-key.age | Bin 862 -> 808 bytes 10 files changed, 33 insertions(+), 37 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 702b9009716ec2cbe7fad94fac10145590a28129..0ce1af60a6d43b7f9df4c540c7404ed61bf1764e 100644 GIT binary patch delta 469 zcmbQl{GEA%PQ7cGdVZmIUVT|&Ku~gia)fJss$-^MuxC+5 zc5a4~U#VLtS89e|fk{?thk<@F z$hzvHpd!7R>PX%6qSVCVR0S)G7#9WK!T=R}g*>GgJ&in<{wq(gfk~pDe_mL& zD_2NBc6nh|eo>`+MP|8yQGl1Le?&;Aeq=$3acPCAi@QNenvq+sPndJ00hg|wLUD11 zZfc5=si~o*f`3VNPIkG1r&*#)hIfvUcd)jXPqueeM!jKphEYn6vqy23TVh~ATE1Ud zaeirvlbf*xmq&51vqwo{d7__lWk!l=fkkdgM4)@7Z)S>ffl)w-TV;xCut{1`mOI2c zXLX+nBSYQvqSVCVR0So+B&*~^T?J(>{jA91Vq;6+kP^eRB!6$i67ym%U0q#;(wyKj z-;7|lGDH7z!)zmiQs1QX)Ieu{GoxUO@*uyG((qERu#{?Sz&l^PGN?RMWKFRkzrOrc7UIuMRsYTaiFo0 z371iJp-WVXe^7S1QD#(GQJTAHU}&(vuc51Xk!xsCagKjwdRVxBPI`%dAeXM4LUD11 zZfc5=si~o*f`3VNPIkFMT6#cAW^%e)o}qEJWlB<{SAB_Lgh8-TMYvCzi<41GcuA(Q zpMQ?Gsb#n;mqkWOfSY%@aZqM)q(OL&c3`4MX+)Y^MLk60<+36W0x%Lh>A3)NOQmPEKhgs z5`FW^ipYu_vkL8s#6pvT;4Bx{Tz!iGFOM?g#B?rQU0sFbg0gZ$m&^$BD8E$Cd|#)c zLc?GaXD8S4%4~DPa5Ix^cWn=UgLI3$YzwaX^_Nw)t!@o!lbSc%xHRs2)@h;XFUtNO z6WDe1()@(835%nzSn{QqOWtJcu)cm@`9Z$=@@bVxCq)WdO*j@5Jg|E^|NNWCuUbDi zY;-#_WKLf@)85suyXtm+d&m#o{^vP+WL8GS)$W>@%d+}v66wdq8V|K4YMS0Zn1DR6yyspnxu0D^dJr2qf` delta 861 zcmaFE_J?hPPJMVtkaLx#p?`#BS%`6}YjSvgkgIpPVUn3wVW?qwiD`(dSCnhEdrq=* zF_))hL}_q%M!0@?ahh+EQ+8pIdr@{qTCkI2RZ>+>T3A|UzPmx5pTC8%Czr0BLUD11 zZfc5=si~o*f`3VNPIkG1kEw^3w_jzJlY2z5kG6JJPJL;jPqLS1UWH+ac6pM!Nv@GW zKvsoIhNG)5mqn>pK)SbAuCaf`>#JDrZy6OvmIx_mXVS!m{kd z%BZ}0eZRlHw@y%&dY^3saZE z+_HkAFlRsW%IwVW&@7|Sya*!;7hmJ@u&^AHqC79lq|B6nNFx*HqCkuAWG*gUU0sC$ zM<0VI^RP^p^w2WDh{&{ZqYO)fprp`{LihA~7k96s0zX67To1!CpBzUnHqLjUsjV{i zez@+n%Q6V<)PDND?eVGe%h!GVyyMz2^Pr16r&J0bPFuFGaMicJ z*AKF*Iejl*%HJSn=NCD93Oie0M}R@W1r1&QjceQY?wi^@J0m z{3*|WEW8>ZDE#I#_XdgWYq`EjY?yX!64QDYz1tmA+cJM9e5qfUTg7wZMacr z-DT5VIhBDaf0*j;R90>_UQ}##X>)nAZT9rlK4wZ@>tv4#{paN4*uVOw=OfSQerLn? zO$oYs>sZ3gCM{c)BMUby(tRPYtcK>Dtr@vu0JW#CoQ!@_4%LX-V+D^ zdGn@u^_%@Vv~8)xLhc=&aXTJ=`2Vv|;^MM@+G>-IMg0Gw^>$UMPT-^uQxdux9{KJz Ijpb+r0NCefasU7T diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index f6532ea..1d64081 100644 --- a/secrets/gorgon-backup-passphrase.age +++ b/secrets/gorgon-backup-passphrase.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg 2h4VEFdhUUGkviD4i0wm3NL9944guan9O0BDoz/7mGQ -D9clRO4ibGPMMA5KLOXU9CPlNSulZA9RmKelxUKqy4E --> ssh-ed25519 Otklkw kG8jXHeM2kYTBTpYfo2N4V/hJx2HdLPlgAXTZRKJmR8 -fesI+DSgCTMIY1pLJMx0q86+va3dF1ZFj3kRK+O0MIc --> Z7_:1-grease 17g=iG^I #3%B ,.5lz -6YSTWBwtchUxqxCR2EvUic+OfO+XByzyqirtt8hW8eFdF/blR4McETrV3lb6n+xW -8SyICmVL60yGj3QDZWmus/FV8xaXh5hSJLqGNtwPdiM82mez ---- klL1U0W7ki7TRcM/lDsoR+/facAm7PDKTEw7bPWUmvc -L÷F™7[j?EDc™(ÂÍT±4e„i9—Lj6Câs`å8ÿÚ¨2§à"X«5Šø©Yã´ûnB‡ÔáK ŠšÇm0nÄ? `ˆ^ÉYWyøc€¦ \ No newline at end of file +-> ssh-ed25519 0aOabg MxtQYFyYyErJW0Uaelu02iRAoksaVDsZD+55ADoNphE +pA0OKXbqXrNWwbc52exj22cbMsFVCjk6hwp7KeWYyyA +-> ssh-ed25519 Otklkw c/v7Ux1D4FtdIa0fzoEkGJSH+/bexN1nJUfLg1Ym7lA +Bi1cIh9wjppaBSpTLh7HdpJX+ZcGOLDjxaDUJXbJ6+I +-> s2,Qn0%_-grease pZM*A 1( +4W6WjHNho1bIzpd+IFh6fHQgo+3d5FK+RO5TOZw+T6A211bvOCoHG0LBZfpohqKy +Q6zFhrMxOtWTne8uvX5hm9yXV2+cd6EbxOuk +--- ZFD001UDd7ZmLNT8tG8ecnVIF0UgW0YQhh15dgUjVJI +XéËÝÁã©-KÕA—üsß¿Î,u-KYo¨ëÚHóÍV$Ba¨¢…à·ú^…À]Kã:UMfwß; +7.#ÑJ^'æ W– GÅFø \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index 9131537beef801d09bd9234df9da7e143f397081..87fbe17ea3c1f62a2f20863bd4714f0f0c143a7f 100644 GIT binary patch delta 756 zcmaFDHid11PJKj@fpeNkRz_5WtG8EvQjm{@NwP<7P-d!kSe~;*p{q$%j+eKAVUTl> zE0?L0g=2`Zb4FmQqorA7QLcY!RhpxjacNnYhk=`$nYl}OL0M*rSx$h30hg|wLUD11 zZfc5=si~o*f`3VNPIkFMP*F*tSwvJ&v2(hmNs@bDMtx;*nvaWHs!x%pYqEu5s!6)B zg?@--gr`$ES8ixTxvz6YnqPWeM6jhnWL}bYP+p>+rK!2OduVWYL6%9dL4;+BYgKtU z$huVB^rF(gvVq>nL%H;giLX#4Y%F3ePWK$RYg7U;5-@xqR(xP1R zRP(@kkCL36Kr_?a(m*ae3-M-NA5V-s^9H}?Yn3Kx&SWT)aBqhyop zg7S!pq9Cv2NKY>L=T$dm-n^V~>+{xz_~>=c4?+w$kFEXn^XBEL`?MnZyc^nM{dBL% z$}otEy0~-&XzF%ZJw4>_W)%Bq>!RN!pSDLHoU)+)TcT%GS-N*s?1VXS^PgoKeDQc^ zYIY^-kXie==DK&qTXjONF1q{QS!qG#6QQGb{m#sovi#$+=fAU!dyVI9t>a`h<(hH% zCfkYnM(6sqN*{lnWZWPUoTzl&iRIP2`HKwoOjk6f{(CyxX!+(FAJ4s$>10rt6x=pZ z{^*>(T-PQ8Sn zD<2P=`ZcauQ2$K$^Y-0bT|H*bRZcUlKeXEiFi+Y3;lZKbw`Oe&%e(-6b0bGD6W8+6;Pi-cFQYUM)540( zs^H}MBJbc5XKjn{P<_+#Fq6DAugvfqvrzpoGYhVeppcSqpR7W+D(~LvR^UQQEH<$LUM++IElwx1K zJg8nj@yb1}AJdp7^!}Q+W}}x&-Jys%#_YT9%dzd4zqw)4-zD8GK6K&Z6tT^Oxq$oh$Ql*BjvryO$nja{6*I%{KVQ`J0j2Ja4C@%wP++81Qi4 z_Pp4j`foo!Y~gs7Q}LRiaYaSg+~AiD?SWtYBWyjl>|a+azt*90L-nuSGuIxCnl__T z-Q@Aw{?_^zlFz?AYl&A}VX)8e_C398_ilKu^*RvH+Whc|z=8U!^VWRZWa>TJ|9I+! zcQ;OWrF1GDm{}LI<6&~QNl2mlm$y@o-sDJl^6tgSkK%pBp^Mp#EarSt?vG>X*u}oa z+A!7HFyn|D&))2}NB1*@oPU)+|L8^5r>b6M%$!#Cms{LAF0@{sw@3Y}Tw&6Z$NW(z z8}sk)JpNVFQ1;BchhMS;tnD5a1xnucuNFO6+WvoXq`O7`+Z$dF{y&eraOktOjBTlY k;3TzW*S(&+R`LB~|624 ssh-ed25519 yMjj5g V9rC+0UIZO6GMFXjsoF3qvSkEnc3iHaqsv9yQHg6XWg -lLkAndMDp8blMYJqviD+6H4l2uEqzsP9fsr8sZVCdXk --> ssh-ed25519 Otklkw ehLzOysl9JmqPb0MuaSwg8MvNnPg44807PGyMsh5hhA -pf8vtXa85gF1XL2Xm1zCaAzDdCaebNFpZC1wm7lnUCg --> #|)e#-g[-grease -UPUrPqT4ez2irVMxwsVYiAhM6pEaAzWt8RYNWzMtARHsTDLU9J17+x4 ---- rigjthxdwl7djFf8pSoQuZEZfWLsMa0oWLplrQMOe7c -ý -˜ü6.Ç=ße Â}ÛoŒ¾‹ì(9Ë -ÒµdÀïCÓïÉ«ùV¶š‡…¥9¾z—ܧÎ%J•ßRÒD_¡ \ No newline at end of file +-> ssh-ed25519 yMjj5g ttkqYb6pJtIgCYrPQtf3zcHiMnCxWmoX6rkkaDq0vx0 ++0VwdBaXpMYsq8ytTNgQ4RaCRusMOf6TTUYVUImQR5g +-> ssh-ed25519 Otklkw 2DbnrQ081f0TsA8wHZ042QMT+KygaXa9L1EseXgfnXA +staPBH7fl6xsN0TVSJNxUzxeTbk+0ngFS1rPSbMkioU +-> `mQ&-grease C[3[ +c(}4#i CEI] +oCW0b9BaO1eyq8Pkakg +--- wV2cbDZ0ddXuUJ2yaeLvxdi/4HWAfOMvXMx9QAhCvjU +q‘¤vKæ¥ÿ¥ŠÁ#BÇÿ¦³«ÝÔ‹!‚ý7=$wZk`£ð?éÉ{Êã¸ïŸiVT·£|ë7ˆKÙ_k¥/ñ \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index 165e75a03b98786c2f1f427c1df565edacf9a3c2..8d5aba81cfdf302875119d3c1145cc2ab3597f6b 100644 GIT binary patch delta 872 zcmZ3?*3Ldbr{1Y7FfueG+bKBAv&bi+yx82VAR?zKGr%Re$|AHfJjdH8Ev-B?)x|O* znJd$%G}p%+J&vn(yc$uBWC(>OO7 zWL-$GpKf|lYGQG!f@49Rf^w<8iiUxvj)H}PVx6{~j(-}Ld3H{5M80K(t9hzng+ZdH zg@IhVFU zs6lCHxuJ7zg{4tmS!986wvVN=t9FQUUV(qOg|?TIxwm_WWtwklu1l_|euaB-sgHAh zvb$M$QgV))kujI4BbTnOu0onYQI2PtlT&fMd!@UZVNOzJaBy;NSW&TarI(?5L2gEH zNN%E$N1#EKb}?7-MyE$hb`&tC&S8|jon&15_qb=9$1P!n!(X!VF7Bw-e#ZZ!>RC6( z>c%VgME8q4SlZp86aD#z)Rj$-_e(W=6^zMS-e$7RH?O4RZJ>#~H}{;1iQBb#If9Fe zt+Z~{Up$bP;J&vw;=$|-RY_?_Qn@F&8idWTvG$)4xY#y4j9)1v$Ia@=2vFt<5xEI-TkVZ zUFEbwvca4`d+MC6`gbn$O|92`lxQ<&g}Xz)`LoW4CvVo@X*+)WSYUVGE0K%c5{C{6 zus(dYWs9os!T;+Pt|%#ThPF6{LJuYfsc>4c)$c>c5F*db}?_ zo$!B?v1nF{LqyY=NYQNH{dOM{9POE{1Hxu)aDREKPyeQ{)87SWPb;#_I`S{->6~@k zODzrD+k$3ZT|WI-=J@U_4;G!0lVo*Qne%>#Wpepvv6auA R7P+yOzY^Xc-Lp~95dg4kVKV># delta 771 zcmZo?U(7Z^r{2>mqpY}~Ak3%S!aujrG9xiNqcY6A)GR#DJ1Mg~BcRwlCn>WyBBZd= zf-Br7H!0h+*uX`*$~@V_#~>&>+08jABq+%!%G*EK$-6w*!cp6|sL0jDfJ@g-p}06h zH#Nn`)YQ;Y!M`LsC%arBAk053D!DMn)h9gDJTTACx!%}6*tFCz$1*_Q$SF#@wAjnn z(j_Fo!n{0`%f-tiDyPgV+_Weuz^x?GKf}*7uQa48$-FYe%_q#)(jql8-?BWiz_>UY zWSvHZZhBE_VsWZMj=fW5o>zntm$^@=X|{H0m2%N(c-B(eu*eR>Q(aC98}{XHm|GH5eLj5I8vBHUTQ)WPY>d9UdG~n>hk{D4 zWOG5Gh}4exFQ=N<1Zk`}_&sdOlWU89S*KrJ<9>YIB!P6UD5sbWet}yg5|`Nozf9Y{ z^V!9}*A_B{Y@AYG^zq^1=ToLF5EbsbxkBg09sTsChb|^}KA+WjcG+5TFVD@7$HhHn z6c~NBtz=vy{piJ)P3gzEB*LfHUaRscTe{#?3TO5|D~rYL`r=GG4$pLE%MwYPWp~2j zllAe>mGc!GH!P|<#XOD0uRP$OL2YBE&SA~OoksR=LXK{kDN8)-Xy}9j8!Nvf#Bu~Ep diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index fab2fdf..482c190 100644 --- a/secrets/pruflas-backup-passphrase.age +++ b/secrets/pruflas-backup-passphrase.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 thf/Uw PPtflHayBrV0oWfJQr6RW9nJphdVFI9S5XjI+kmRe1M -fnwzt27PMwUYMqS25Z+0zxouC27KjeXaIbN4dYZPRLA --> ssh-ed25519 Otklkw Ko14b+XMTZHVXMRN/JrfwTUrZA8ndj7bfaxe4O8/BCY -zRt6bLCbZPhoxKuLDglex2SpDwjUxyP6eKFaHzc0zu0 --> /:G-grease c5#5Vm+\ KX, -nljmCZ+NP2fbmIjzA/OiL4i4A2+UPRBf3KrXe3C6/lJaxiRggeXqdrucy/lLNjda -Y8emrCT5o7DfryEo3QGUQkPujBgUgYvcB4Q/XlaWaLBcsSnW2D4eZQ ---- SYKRV9hejrBWXgVt8pCRKcTxFNljA2IIFkONLn8+nuo -5J-òª· épô³cÜ mJ|ö¸Š!Þ®¨@ñí™…à…T]„Ô=&;Ë5}=9ûª§§ ̽y‚é \ No newline at end of file +-> ssh-ed25519 IXCPDQ VpRlsUErxZEZErq6I00VT68UmldZxwvNUNThtyHk018 +P73fCgVg9K9ZFdvl3Zrmm1GGcTlDLi5mfsEcHxCbcJk +-> ssh-ed25519 Otklkw p06KPkqvFXvB07/yXkZmSzmzZASA2IJpNCY3hKqnUVo +e6O2NH4KVtqPQfew4++pprbcHANsvemybeqB9SEhEYI +-> q%f1-grease dRH3(# Y)tQV [: \xNgmi4+ +QKbFPHhDVSUTqidH0FrlhCMqoKT/ySgPXSAMVEQYVl3aQbBvX6/4nUac +--- 8bt7MoQ9fprGESqngxXUiOdQvCdssgoiF4rUKj6BeS4 +󋃂q·ivý‹Šûµ•ø½UuÉÏ5û–Ë°®Ñ¢+û„nú¹lj¤Ç2x•49žïÆ!0ÎO~%t \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 9a5ec8a5e721f0857a6df771fd6303b5c5b3ca25..d8326b0e8e643a88d364b8622d3fe26431f76537 100644 GIT binary patch delta 848 zcmbQh_JVDKYQ1NKbAU^rLUBNOh@ne$Fak*<$MT$vKRDP1XyK{L^Qe;({w^LGPl}ToPNU)_N zm#&>cadC!jYKoDmsiCEUe@S*ucDX`nm2tAGQ(hP(-RnX<oiGm9MOj1r%;kR)%jz{HBY#6rV@^1vv!FxQeGvrIqJ2xp%x zE-qbNT?KzrlTbq^7cUdfynvjH#FS!hFAw8-&us6~0K-V%@Cxr7pD0&nud*=blt8Yh zSA$jyStM*bbuZA7;ZOIiE2?j|95rRuE$Z-HIn}*aq%icHQAF+CC$WpBZC)bF>GU`4 zcTu`f(*6`}zISG}ddyelnYx+XripHltWih~H%L#OTBg13G+VRUqF_Hy)~>2-Tlbk9 z4i9J78zfyYW1pzY7N6a^eZr>~4+ReXX?w^V@3s29#KF?XlD>Br#AJ1@p2Xe}t#e5` z%~E-1io^v?zno1b+gYpSwdP;o^YGDW%+b0RDtPeA!w)L`+%g5q(?897=IhYQ)l)zB zkLz!z;3-GWFdFD&^K#Z&%1SM-j+}hCOhR?eO-92n=j->~K6!@E&f{gIhOXb^yalD} zL>*pqTvT>`(RAhNCz*fupWE_lIZe3n^~Ozou8w1VDM81NPFdQdzE0`LO}pkN3;Mp* zab^nnSS~qGqVdA(+Jq+k3%48FPqn)(nUta0|K0eTo$R6A)rZQY!h4Shd+{9DhtbFwCSneUcSv;Sr2JHa~ZsLqBLuODYN q8gKY!p*nqA^u}qQrj*<6eVTYr`lhwlZINAX>TfeFTz=G5K>z@VtWe|t delta 759 zcmaFCHi2z|YJEvYnto`xf=g~?azL}H1yQ_CbvafNHL4bCCslGur zm#&>cadC!jYKoDmsiCEUe@S*ucDX{7QC4O~q)CXmTYZ3eWKeQuWLA!!Ntvr#zG;EK zcVdozWtq8!Yhi9#nOi7Vri*!)vA=$pv7586mrqcJpIJ_!sb!{rX|TS(XQ->Gb7(+; zyN7?NyKyMUIu}iE-Snc=#Nt%0sERJVeHyj*`r zzwoH~6c5*YOJ^6Sh;qY%LM~lhU4_i>h+^*ucZ1aM{4$q{P(#1cfFkEaL(|A$FXJ-( zB$ogmgYYbOqqM}*NUpyEy$rjIW?p_&-f6$xB60bfw^PEG-&xqiog>HR`9kqb!rC|I z(ihbzJbE3L!dJ0o;TGGH>72(C7IXMrSF=;wx3#~1>t0#a>gt{8BC<}m)?4u_?3k9b zRrT7xZtffM-)6DgD6a4e^VvV`$-;|Om*Y;~W)z#4r@SocK=*yNiq-1B%>=kubuv#c zYyIrGP&sz?Q}@)uc|KFuc3C-^FI$j!m@6l$?d^H#^-8`Mbp?tdYmEd-V*X5cSN-Q( z$z0`|E7Z&1PpXgIXnAAR5$oiejIt@S^+gJ{6+4&Rmffbb6gf#-#f^Y!m;zn(N6c#J=_Ef{(fZml^AJd|Z9`RRYKF;G>!nTh^@EW|+Aq ILBiY)08Ml|7XSbN diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index be011a6..b2ce621 100644 --- a/secrets/surgat-backup-passphrase.age +++ b/secrets/surgat-backup-passphrase.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw U3EPRp3r/aE8kSb+D4kd3F2pJyyPgrG13KvJ4ImavUQ -lsWg2WW/nC9FT0JrZfhXPHcHduPfd+wm/vktSpUbRBY --> ssh-ed25519 Otklkw +Ic/y3KF0l4/hlFGSRCJEQ+HsK1U9eZusMhSsBuIsDc -QE2W7F9fg49UlX3n0baZVEoq9zsahcEr5oEzOk12FMg --> +'GD%5-grease |:[SW0@b c 36`)g -rvXcBtMeumpqo2OKg4q5wvvIDkCqlnwbdPEzJSqsEXXI2LenSbV0NM1mVjCXyvvr -4pwDLhQkRnQ3DkftGp3veOluxRLmmg ---- PMICHLb+oVMRdtD93FZyDc6lWL35bjvF1QWJYXhP2IY -`õv=ôb>ÏØ”ÈÏm²äò^Ôèùù¡q§5Î ù´¯Ñ9™üs®ƒ2¨c"Jåðçµ5[»qR±zj- \ No newline at end of file +-> ssh-ed25519 jUOjpw ikxbgvfWvYiUFTLNy5xUrKC8s1kgan3QIrETluUkmGU +Y5LQz7aPC4g88U0MkVAoir5CKWpekwJEVZJwdDfW4wk +-> ssh-ed25519 Otklkw QBxsdqftDsU5+DEPH0zj3WSidosaoA6IepyNK+zw/mc +fbf7lsPi+AIcRBWwe82ZUlmXHsEbN58iV6/jjk7XIcQ +-> qY<-grease A zw lCw +FJORgHmIMl1Lz71zMvlrCcSTfGb5QEwl6gv0Z3tMurt6gIGiXIs +--- DmTEAWa//clLZyqQlAF9mi7ypBdmhsNC/h9ptJc8m2I +Žùß|1à ë͘âáú%ûHÿµòÄÆóqyŦ"P€õZãĶ[-깄·œ_]‰yÏ æ(Yª¾ËÉí \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 8e9d15eefda8e347740c63a3aadb5e1046bea35d..2f9958156a817fad7050f5fa8c1a73ac5a3cc29e 100644 GIT binary patch delta 777 zcmcb|wt{VfPJOOVv88r|xp$(WWk6oJiE*)WerZavWr#s&mVaJiO0s8VzIKLrMM_#$ zGM8nkZ-sk$d0>8id1|`3epFUQSY=UKeuzb`Q>lfeo43AGUZGcNajIWhHkYoQLUD11 zZfc5=si~o*f`3VNPIkG1QB*);P`GD!SGs3XMrf8rRb_fqxMjMFf0BMsrL$$Ro2h=fUy{CslWRswwr6=|m~SB1 zx~g2=^rF`_im1`*MW}EiR+Tu%ytOfaH?Gv~r82ii`qhr!=Do zZ})l=v#6llf@Jp!?Fv&fZA;gD!=UV9Prs4~50k*maxPt6U4~xb< zgRsPs^c0`m%8*K5%SbPu>@uecmr(!Aywc#Ta;{mwGE{$`j$56@XV7Yzu zYVYqH{d?I-MW{2jNhJtO{T3;*{#(N_K>ozL6O zeqNLRhiw7(^gq7uwL4Dut#Wz z_ilU(xox(n+>2S^IJb?4o}i}a;+b-*-R5<)#pnyp;5=Jt(N-_^<@yaZO~!Vgi<}G8 zc62Z|Rn2PbU44jsdO**NC9czSpC{_Ro~5S2v@?S5cX@Tz>bVt1ont@7+=^$8Te8)~ zUN8P?ig3D+;9C9w*}97syw47qHX1JfmT0NBTtBMrXy4f%Jvz_V+zC15!LRdT^=;WQ X;WdKdvhU_E-)6RU`OKELOfA0wZy-Jp delta 831 zcmZ3%c8_g>PJKzPg`sO&TBx~qUO-e-xof&%VWobWUy(&lYN3l!r9r+|a*(NWctnVE zF;`GtQl&+BWKph<~kWJX1ziKRt&ah^q1GMBEMLUD11 zZfc5=si~o*f`3VNPIkFMp`~THZ<$MSP;gXLxM@_Wd3|7sm%n95MowjKN;Ii@z->gE% zOsB}iG{>Z3&#Kb$iUO0QVuh+?%GaoK*-+xZZK0t`uNW_EheE*gy zPg#VtHwnLN$Wk$o+|N4q!t%+%;`yOY&+O-XkD96O%rE^^*IRmB<2YsKn;)D9?+=!CeHNISq&o{rn z@~!Ax?3YcqmR30yNdGU{aL{>s)po`llcFXifq+QKtS+HD8 zZg%K&UU~B)mp2_XIbRTFacJI~RhPdj6->MDeDqo68~1jBM{8uKo8DY<|7OE<7E6cB ciy001iJ{pa1{> From 651a1600ed46a241601c17658d993b22ac5b7c6f Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Sep 2022 20:54:02 +0200 Subject: [PATCH 410/988] reformat --- nixos/pruflas/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix index 4334c35..7f39bd7 100644 --- a/nixos/pruflas/hardware-configuration.nix +++ b/nixos/pruflas/hardware-configuration.nix @@ -42,7 +42,7 @@ options = [ "subvol=swap" "noatime" ]; }; - swapDevices = [ { device = "/swap/swapfile"; } ]; + swapDevices = [{ device = "/swap/swapfile"; }]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 789feac618d46d2bd37fd6ad9d352ea0a3a8fddc Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 14:23:10 +0200 Subject: [PATCH 411/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/67e45078141102f45eff1589a831aeaa3182b41e' (2022-09-02) → 'github:NixOS/nixpkgs/45b56b5321aed52d4464dc9af94dc1b20d477ac5' (2022-09-09) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/7b8c1c53537840f2656cacce267697eca7032727' (2022-09-03) → 'github:nix-community/nix-doom-emacs/acbf1b70335d4fd6a6c05bc417d7f3ca44739437' (2022-09-10) • Updated input 'nix-doom-emacs/doom-snippets': 'github:doomemacs/snippets/f957f8d195872f19c7ab0a777d592c611e10e9bb' (2022-08-07) → 'github:doomemacs/snippets/03a62fe7edf7e87fdbd925713fbd3bf292d14b00' (2022-09-08) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/6b4445aa659fa26b4f36d9975b34632312699a85' (2022-09-01) → 'github:nix-community/emacs-overlay/70e241d5b189982dabc1fe55829475c5c483c89d' (2022-09-08) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/e36c3cc21b8b1471e1f7928a118de693819c3f12' (2022-09-01) → 'github:emacs-straight/org-mode/eb5ef0ae1424a725f933ef3929e5396a2ab727ab' (2022-09-08) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/b23d15c4304a9a1b72f484171fc97682e5ed85a3' (2022-08-14) → 'github:hakimel/reveal.js/8a97ad58b04045fe5a9c964aa31659bd27e665c5' (2022-09-05) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/28409a0ceede0751ed9d520c6a19d1f5f1211502' (2022-09-01) → 'github:jcs-elpa/ts-fold/017402713bd2f1fd7a691aa48afb4330f5397432' (2022-09-05) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/504b32caf83986b7e6b9c79c1c13008f83290f19' (2022-09-06) → 'github:NixOS/nixos-hardware/1fec8fda86dac5701146c77d5f8a414b14ed1ff6' (2022-09-09) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 4f6b9ce..ff7cb8d 100644 --- a/flake.lock +++ b/flake.lock @@ -62,11 +62,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1659894476, - "narHash": "sha256-1arRqlTos5uj6N47N4hyzHMMoUBxsxaZ/NK7iN5A+ZY=", + "lastModified": 1662645711, + "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=", "owner": "doomemacs", "repo": "snippets", - "rev": "f957f8d195872f19c7ab0a777d592c611e10e9bb", + "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00", "type": "github" }, "original": { @@ -78,11 +78,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1662056744, - "narHash": "sha256-DSVel5s2LajK2F+bxKwenfbDis63GprQLJjAfpfWgfU=", + "lastModified": 1662654452, + "narHash": "sha256-mrr161UOnVNx2pzR9ePmhVlxapzQ57ZDSLb9BRgW0bo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "6b4445aa659fa26b4f36d9975b34632312699a85", + "rev": "70e241d5b189982dabc1fe55829475c5c483c89d", "type": "github" }, "original": { @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1662099760, - "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=", + "lastModified": 1662739455, + "narHash": "sha256-nfUkPoIIhSXZFxvN2TU7LL7k5CbC1iuSaSkLGgViMvE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67e45078141102f45eff1589a831aeaa3182b41e", + "rev": "45b56b5321aed52d4464dc9af94dc1b20d477ac5", "type": "github" }, "original": { @@ -414,11 +414,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1662238434, - "narHash": "sha256-kizN1H6cJqu7TCt+QQxoWw0f1WdO1hU4myhUiETpHsk=", + "lastModified": 1662839665, + "narHash": "sha256-TGSRXMmRTn4eza3q0XvqpuPoeCnkktPeD0TaM/V1pZ0=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "7b8c1c53537840f2656cacce267697eca7032727", + "rev": "acbf1b70335d4fd6a6c05bc417d7f3ca44739437", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1662458987, - "narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=", + "lastModified": 1662714967, + "narHash": "sha256-IOTq5tAGGmBFj7tQbkcyLE261JUeTUucEE3p0WLZ4qM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "504b32caf83986b7e6b9c79c1c13008f83290f19", + "rev": "1fec8fda86dac5701146c77d5f8a414b14ed1ff6", "type": "github" }, "original": { @@ -539,11 +539,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1662044935, - "narHash": "sha256-ZpxKw8L/IpxolkGyQMDut6V4i8I1T5za0QBBrztfcts=", + "lastModified": 1662614940, + "narHash": "sha256-9eAqhKXpTfZQH3bn19ien3HIzF100h8z97iHqs/QUgY=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "e36c3cc21b8b1471e1f7928a118de693819c3f12", + "rev": "eb5ef0ae1424a725f933ef3929e5396a2ab727ab", "type": "github" }, "original": { @@ -623,11 +623,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1660499724, - "narHash": "sha256-BhnEmX+8h0MVol7T4Zr2w53A+AmgzcVirpwHCR/G73U=", + "lastModified": 1662369032, + "narHash": "sha256-1BZWA3W77YbNZUj+7vJbkTeWY8O4jjPg7t5PvlEVDYA=", "owner": "hakimel", "repo": "reveal.js", - "rev": "b23d15c4304a9a1b72f484171fc97682e5ed85a3", + "rev": "8a97ad58b04045fe5a9c964aa31659bd27e665c5", "type": "github" }, "original": { @@ -711,11 +711,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1662006199, - "narHash": "sha256-gDelW/h2LyknTQNkHODvzCJCKelLdLIQoDh/L1lk3KA=", + "lastModified": 1662386895, + "narHash": "sha256-pYW2hcHgkr9KYdRvX2EkpOt/OL8yl+mkZ21JbMKWc8Q=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "28409a0ceede0751ed9d520c6a19d1f5f1211502", + "rev": "017402713bd2f1fd7a691aa48afb4330f5397432", "type": "github" }, "original": { From fdd2030235f369a19de0ac92e3437148a3c724c3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 14:29:18 +0200 Subject: [PATCH 412/988] add update script --- apps.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/apps.nix b/apps.nix index fc725e3..b667c5b 100644 --- a/apps.nix +++ b/apps.nix @@ -6,20 +6,28 @@ { nixos-switch = { type = "app"; - program = toString (pkgs.writeScript "deploy" '' + program = toString (pkgs.writeScript "nixos-switch" '' #!${pkgs.runtimeShell} flake=$(nix flake metadata --json ${./.} | jq -r .url) - nixos-rebuild switch --flake ".#$1" --use-remote-sudo + ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake ".#$1" --use-remote-sudo ''); }; deploy = { type = "app"; - program = toString (pkgs.writeScript "self-deploy" '' + program = toString (pkgs.writeScript "deploy" '' #!${pkgs.runtimeShell} flake=$(nix flake metadata --json ${./.} | jq -r .url) ${deploy-rs.apps."${system}".deploy-rs.program} ''${flake} ''); }; + + update = { + type = "app"; + program = toString (pkgs.writeScript "update" '' + #!${pkgs.runtimeShell} + ${pkgs.nix}/bin/nix flake update --commit-lock-file + ''); + }; } From fcb17cc9d1ba4706b498a25d3b65ca936077b3ef Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 14:31:10 +0200 Subject: [PATCH 413/988] add legacy utility scripts --- utils/deploy | 14 -------------- utils/gen-config | 37 ------------------------------------- 2 files changed, 51 deletions(-) delete mode 100755 utils/deploy delete mode 100755 utils/gen-config diff --git a/utils/deploy b/utils/deploy deleted file mode 100755 index 6e3b2df..0000000 --- a/utils/deploy +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail - -if [ -z "$1" ] -then - echo "usage: deploy " - exit 1 -fi - -git push - -gen-config $1 | ssh "$1".dadada.li 'sudo bash -c "cat - > /etc/nixos/configuration.nix && (nixos-rebuild test && nixos-rebuild switch) || (nixos-rebuild switch --rollback && exit 1)"' diff --git a/utils/gen-config b/utils/gen-config deleted file mode 100755 index dc13b7b..0000000 --- a/utils/gen-config +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash - -function hash { - archive="$(mktemp /tmp/nix-config.XXX.tar.gz)" - git archive "$1" | gzip > "$archive" - nix-prefetch-url --unpack --type sha256 "file:$archive" 2>/dev/null - rm "$archive" -} - -if [ -z "$1" ] -then - echo "usage: deploy " - exit 1 -fi - -host="${1}" -rev="$(git rev-parse HEAD)" -sha256=$(hash "$rev") - -cat < Date: Sun, 11 Sep 2022 14:32:06 +0200 Subject: [PATCH 414/988] clean up commented out line --- checks.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/checks.nix b/checks.nix index 66ee350..3978881 100644 --- a/checks.nix +++ b/checks.nix @@ -4,7 +4,6 @@ , nixpkgs , ... }: -#builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib // (flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; From 9df7faaaf93a82ff2ad4542bfc6065941112d18a Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 14:33:30 +0200 Subject: [PATCH 415/988] remove unused tests.nix --- hydra-jobs.nix | 3 +-- tests/default.nix | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) delete mode 100644 tests/default.nix diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 6925a86..d195e99 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -6,5 +6,4 @@ (nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.activation-script) self.hmConfigurations -) // -(let tests = import ./tests; in flake-utils.lib.eachDefaultSystem tests) +) diff --git a/tests/default.nix b/tests/default.nix deleted file mode 100644 index 10daca3..0000000 --- a/tests/default.nix +++ /dev/null @@ -1 +0,0 @@ -system: { } From 02f0a5d8bd8e5a00a28a02ae277b10b6ba27bb7d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 14:34:14 +0200 Subject: [PATCH 416/988] remove unused lib --- lib/default.nix | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 lib/default.nix diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 0260022..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs }: -with pkgs.lib; { - # TODO -} From 533e70633e6970e2d0257b726ee0335a9fb45b3d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 14:44:22 +0200 Subject: [PATCH 417/988] clean up packages and overlays --- outputs.nix | 2 +- overlays.nix | 41 +++++++++++++++++++++++++++++++++++ overlays/default.nix | 15 ------------- overlays/python3-packages.nix | 7 ------ overlays/tubslatex.nix | 28 ------------------------ pkgs/python-pkgs/default.nix | 1 - 6 files changed, 42 insertions(+), 52 deletions(-) create mode 100644 overlays.nix delete mode 100644 overlays/default.nix delete mode 100644 overlays/python3-packages.nix delete mode 100644 overlays/tubslatex.nix delete mode 100644 pkgs/python-pkgs/default.nix diff --git a/outputs.nix b/outputs.nix index 962a41c..54db6f2 100644 --- a/outputs.nix +++ b/outputs.nix @@ -39,7 +39,7 @@ nixosModules = import ./nixos/modules inputs; - overlays = import ./overlays; + overlays = import ./overlays.nix; hydraJobs = import ./hydra-jobs.nix inputs; diff --git a/overlays.nix b/overlays.nix new file mode 100644 index 0000000..6d636ec --- /dev/null +++ b/overlays.nix @@ -0,0 +1,41 @@ +{ + tubslatex = final: prev: { + # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 + tubslatex = + prev.lib.overrideDerivation + (prev.texlive.combine { + inherit (prev.texlive) scheme-full; + tubslatex.pkgs = [ (prev.callPackage ../pkgs/tubslatex { }) ]; + }) + (oldAttrs: { + postBuild = + '' + # Save the udpmap.cfg because texlive.combine removes it. + cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 + '' + + oldAttrs.postBuild + + '' + # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it + rm $out/share/texmf/web2c/updmap.cfg || true + cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg + rm $out/share/texmf/web2c/updmap.cfg.1 + perl `type -P mktexlsr.pl` $out/share/texmf + yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true + perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map + # Regenerate .map files. + perl `type -P updmap.pl` --sys + ''; + }); + }; + + kanboard = final: prev: { + kanboard = prev.kanboard.overrideAttrs (oldAttrs: { + src = prev.fetchFromGitHub { + owner = "kanboard"; + repo = "kanboard"; + rev = "v${oldAttrs.version}"; + sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0="; + }; + }); + }; +} diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index 8507ceb..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -let - python3Packages = import ./python3-packages.nix; -in -{ - kanboard = final: prev: { - kanboard = prev.kanboard.overrideAttrs (oldAttrs: { - src = prev.fetchFromGitHub { - owner = "kanboard"; - repo = "kanboard"; - rev = "v${oldAttrs.version}"; - sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0="; - }; - }); - }; -} diff --git a/overlays/python3-packages.nix b/overlays/python3-packages.nix deleted file mode 100644 index 6eca900..0000000 --- a/overlays/python3-packages.nix +++ /dev/null @@ -1,7 +0,0 @@ -self: super: { - python3Packages = - super.python3Packages - // super.recurseIntoAttrs ( - super.python3Packages.callPackage ../pkgs/python-pkgs { } - ); -} diff --git a/overlays/tubslatex.nix b/overlays/tubslatex.nix deleted file mode 100644 index da6843d..0000000 --- a/overlays/tubslatex.nix +++ /dev/null @@ -1,28 +0,0 @@ -self: super: { - # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 - tubslatex = - super.lib.overrideDerivation - (super.texlive.combine { - inherit (super.texlive) scheme-full; - tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex { }) ]; - }) - (oldAttrs: { - postBuild = - '' - # Save the udpmap.cfg because texlive.combine removes it. - cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 - '' - + oldAttrs.postBuild - + '' - # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it - rm $out/share/texmf/web2c/updmap.cfg || true - cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg - rm $out/share/texmf/web2c/updmap.cfg.1 - perl `type -P mktexlsr.pl` $out/share/texmf - yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true - perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map - # Regenerate .map files. - perl `type -P updmap.pl` --sys - ''; - }); -} diff --git a/pkgs/python-pkgs/default.nix b/pkgs/python-pkgs/default.nix deleted file mode 100644 index c1c7b48..0000000 --- a/pkgs/python-pkgs/default.nix +++ /dev/null @@ -1 +0,0 @@ -{ callPackage }: { } From 742abb1a8177c890ca13d383d989ff1567fb0cea Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 11 Sep 2022 15:03:17 +0200 Subject: [PATCH 418/988] fix nixos module warnings redis and acme --- nixos/modules/gitea.nix | 5 +++-- nixos/surgat/configuration.nix | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 8ab8b11..b9dd73e 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -52,9 +52,10 @@ in }; services.redis = { - enable = true; + servers."gitea" = { + enable = true; + }; vmOverCommit = true; - #unixSocket = redisSocket; }; services.nginx.virtualHosts."git.${config.networking.domain}" = { diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 12c0fec..f6cdf3e 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -66,7 +66,7 @@ in }; security.acme = { - email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; acceptTerms = true; }; From f0ab5d3d97b2e49c98fe5c1a70a4f573d09f6250 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 12 Sep 2022 20:58:37 +0200 Subject: [PATCH 419/988] add deployment scripts to dev-shell --- dev-shell.nix | 12 ++++++++---- home/modules/gtk.nix | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/dev-shell.nix b/dev-shell.nix index fc2c720..c59aad0 100644 --- a/dev-shell.nix +++ b/dev-shell.nix @@ -1,7 +1,11 @@ -{ pkgs, agenix, deploy-rs, system, ... }: +{ self, pkgs, agenix, deploy-rs, system, ... }: +let + selfApp = app: self.apps."${app}"; +in pkgs.mkShell { - buildInputs = [ - agenix.defaultPackage."${system}" - deploy-rs.defaultPackage."${system}" + buildInputs = pkgs.lib.catAttrs "system" [ + agenix.defaultPackage + deploy-rs.defaultPackage + (pkgs.lib.getAttrs [ "deploy" "update" "nixos-switch" ] self.apps) ]; } diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index dc91693..bf0ccdc 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -13,7 +13,7 @@ in config = mkIf cfg.enable { gtk = { enable = true; - theme.name = "Adwaita"; + theme.name = "Adwaita-dark"; }; }; } From aa609943bdb9b22366bbcc45975a5b16939c7f3f Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 15 Sep 2022 18:51:22 +0200 Subject: [PATCH 420/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/45b56b5321aed52d4464dc9af94dc1b20d477ac5' (2022-09-09) → 'github:NixOS/nixpkgs/d86a4619b7e80bddb6c01bc01a954f368c56d1df' (2022-09-13) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/1fec8fda86dac5701146c77d5f8a414b14ed1ff6' (2022-09-09) → 'github:NixOS/nixos-hardware/a0df6cd6e199df4a78c833c273781ea92fa62cfb' (2022-09-15) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index ff7cb8d..edb76d9 100644 --- a/flake.lock +++ b/flake.lock @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1662739455, - "narHash": "sha256-nfUkPoIIhSXZFxvN2TU7LL7k5CbC1iuSaSkLGgViMvE=", + "lastModified": 1663067291, + "narHash": "sha256-1BTrqhLMamWf53sJobtMiUDI91PEw6xF8YEwg2VE8w4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "45b56b5321aed52d4464dc9af94dc1b20d477ac5", + "rev": "d86a4619b7e80bddb6c01bc01a954f368c56d1df", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1662714967, - "narHash": "sha256-IOTq5tAGGmBFj7tQbkcyLE261JUeTUucEE3p0WLZ4qM=", + "lastModified": 1663229557, + "narHash": "sha256-1uU4nsDLXKG0AHc/VCsNBAEPkTA/07juYhcEWRb1O1E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fec8fda86dac5701146c77d5f8a414b14ed1ff6", + "rev": "a0df6cd6e199df4a78c833c273781ea92fa62cfb", "type": "github" }, "original": { From d016cc67bc20bca2555e10ca1739a05a54c8629f Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Sep 2022 18:15:12 +0200 Subject: [PATCH 421/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/d86a4619b7e80bddb6c01bc01a954f368c56d1df' (2022-09-13) → 'github:NixOS/nixpkgs/178fea1414ae708a5704490f4c49ec3320be9815' (2022-09-15) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index edb76d9..49aa146 100644 --- a/flake.lock +++ b/flake.lock @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1663067291, - "narHash": "sha256-1BTrqhLMamWf53sJobtMiUDI91PEw6xF8YEwg2VE8w4=", + "lastModified": 1663244735, + "narHash": "sha256-+EukKkeAx6ithOLM1u5x4D12ZFuoi6vpPYjhNDmLz1o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d86a4619b7e80bddb6c01bc01a954f368c56d1df", + "rev": "178fea1414ae708a5704490f4c49ec3320be9815", "type": "github" }, "original": { From 2aafcc9b4985e1607c94647907bbe7b34b13ee98 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Sep 2022 17:26:06 +0200 Subject: [PATCH 422/988] refactor configuration --- home/configurations.nix | 6 +- home/modules/default.nix | 7 +- home/modules/emacs/default.nix | 12 +-- nixos/configurations.nix | 142 +++++++++++++----------------- nixos/gorgon/configuration.nix | 2 +- nixos/modules/admin.nix | 9 +- nixos/modules/borg-server.nix | 9 +- nixos/modules/default.nix | 7 +- nixos/modules/homepage.nix | 6 +- nixos/modules/nix.nix | 61 +++++++------ nixos/modules/nixpkgs.nix | 3 + nixos/modules/packages.nix | 10 +++ nixos/modules/profiles/backup.nix | 5 +- nixos/modules/profiles/server.nix | 3 - nixos/modules/secrets.nix | 10 +++ nixos/pruflas/configuration.nix | 2 - outputs.nix | 9 +- 17 files changed, 154 insertions(+), 149 deletions(-) create mode 100644 nixos/modules/nixpkgs.nix create mode 100644 nixos/modules/packages.nix create mode 100644 nixos/modules/secrets.nix diff --git a/home/configurations.nix b/home/configurations.nix index d532d92..9e65949 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -1,6 +1,7 @@ { self , nixpkgs , home-manager +, nix-doom-emacs , ... } @ inputs: let @@ -10,15 +11,16 @@ let , system ? "x86_64-linux" , username ? "dadada" , stateVersion - , }: (home-manager.lib.homeManagerConfiguration { configuration = { ... }: { imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; + nixpkgs = { config = import ./nixpkgs-config.nix { pkgs = nixpkgs; }; }; + manual.manpages.enable = false; }; inherit system homeDirectory username stateVersion; @@ -26,7 +28,7 @@ let in { home = hmConfiguration { - extraModules = [ ./home ]; + extraModules = [ ./home nix-doom-emacs.hmModule ]; stateVersion = "20.09"; }; } diff --git a/home/modules/default.nix b/home/modules/default.nix index 5e29743..f4d841c 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -1,11 +1,8 @@ -{ self -, nix-doom-emacs -, ... -} @ inputs: { +{ alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - emacs = import ./emacs { inherit nix-doom-emacs; }; + emacs = import ./emacs; fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix index ded8f05..2fa0b0f 100644 --- a/home/modules/emacs/default.nix +++ b/home/modules/emacs/default.nix @@ -1,16 +1,16 @@ -{ nix-doom-emacs, ... }: { config - , pkgs - , lib - , ... - }: +{ config +, pkgs +, lib +, ... +}: with lib; let cfg = config.dadada.home.emacs; in { - imports = [ nix-doom-emacs.hmModule ]; options.dadada.home.emacs = { enable = mkEnableOption "Enable dadada emacs config"; }; + config = mkIf cfg.enable { programs.doom-emacs = { enable = true; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 6b9d3fb..7d0a307 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,4 @@ -# TODO refactor adapterModule and redundant module config { self -, admins , agenix , nixpkgs , home-manager @@ -9,99 +7,79 @@ , nvd , scripts , recipemd -, secretsPath , ... -}: +}@inputs: let - nixosSystem = nixpkgs.lib.nixosSystem; - agenixModule = agenix.nixosModule; - adapterModule = system: { - nixpkgs.config.allowUnfreePredicate = pkg: true; - nixpkgs.overlays = - (nixpkgs.lib.attrValues self.overlays) - ++ [ - (final: prev: { homePage = homePage.defaultPackage.${system}; }) - (final: prev: { s = scripts; }) - (final: prev: { n = nvd; }) - (final: prev: { recipemd = recipemd.defaultPackage.${system}; }) - ]; + getDefaultPkgs = system: flakes: nixpkgs.lib.mapAttrs (_: value: nixpkgs.lib.getAttr system value.defaultPackage) flakes; + + nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { + inherit system; + + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModule ] ++ extraModules; }; - lib = nixpkgs.lib; in { gorgon = nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = - (nixpkgs.lib.attrValues self.hmModules) - ++ [ - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home/home; - } - ./modules/profiles/laptop.nix - ./gorgon/configuration.nix - ]; + + extraModules = [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = getDefaultPkgs system { + inherit scripts nvd recipemd; + }; + + # Add flakes to registry and nix path. + dadada.inputs = inputs // { dadada = self; }; + } + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home/home; + } + + ./modules/profiles/laptop.nix + ./gorgon/configuration.nix + ]; }; - ifrit = nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - agenixModule - (adapterModule system) - ./modules/profiles/server.nix - ./ifrit/configuration.nix - ./ifrit/hardware-configuration.nix - ]; + + ifrit = nixosSystem { + extraModules = [ + ./modules/profiles/server.nix + ./ifrit/configuration.nix + ./ifrit/hardware-configuration.nix + ]; }; surgat = nixosSystem rec { system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - ./modules/profiles/server.nix - ./surgat/configuration.nix - ]; - }; - pruflas = nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - ./modules/profiles/laptop.nix - ./pruflas/configuration.nix - ]; + extraModules = [ + { + dadada.homePage.package = homePage.defaultPackage.${system}; + } + ./modules/profiles/server.nix + ./surgat/configuration.nix + ]; }; - agares = nixosSystem rec { - system = "x86_64-linux"; - specialArgs = { inherit admins secretsPath; }; - modules = - (nixpkgs.lib.attrValues self.nixosModules) - ++ [ - (adapterModule system) - agenixModule - ./modules/profiles/server.nix - ./agares/configuration.nix - ]; + pruflas = nixosSystem { + extraModules = [ + ./modules/profiles/laptop.nix + ./pruflas/configuration.nix + ]; + }; + + agares = nixosSystem { + extraModules = [ + ./modules/profiles/server.nix + ./agares/configuration.nix + ]; }; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index fe65a95..c5ac787 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -83,7 +83,7 @@ in environment.systemPackages = with pkgs; [ chromium ghostscript - recipemd + config.dadada.pkgs.recipemd ]; networking.firewall = { diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 7dd5eb0..fcdf9f8 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -49,7 +49,7 @@ in users = mkOption { type = with types; attrsOf (submodule adminOpts); - default = { }; + default = import ../../admins.nix; description = '' Admin users with root access machine. ''; @@ -67,6 +67,13 @@ in }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.users != [ ]; + message = "Must provide at least one admin, if the admin module is enabled."; + } + ]; + programs.zsh.enable = mkDefault true; services.sshd.enable = true; diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index 5da2280..b55cf63 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -1,4 +1,4 @@ -{ config, lib, admins, ... }: +{ config, lib, ... }: let inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.dadada.borgServer; @@ -26,49 +26,42 @@ in "metis" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/wohnzimmerpi"; quota = "50G"; }; "fginfo" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/fginfo"; quota = "10G"; }; "fginfo-git" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; - authorizedKeys = admins.dadada.keys; path = "${cfg.path}/fginfo-git"; quota = "10G"; }; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 7813a3a..3928d3a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,4 @@ -{ ... } @ inputs: { +{ admin = import ./admin.nix; backup = import ./backup.nix; borgServer = import ./borg-server.nix; @@ -11,7 +11,10 @@ homepage = import ./homepage.nix; kanboard = import ./kanboard; networking = import ./networking.nix; - nix = import ./nix.nix inputs; + nix = import ./nix.nix; + nixpkgs = import ./nixpkgs.nix; + packages = import ./packages.nix; + secrets = import ./secrets.nix; share = import ./share.nix; steam = import ./steam.nix; update = import ./update.nix; diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index ea0f8f9..32e166a 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -9,6 +9,10 @@ in with lib; { options.dadada.homePage = { enable = mkEnableOption "Enable home page"; + package = mkOption { + type = lib.types.package; + description = "Package containing the homepage"; + }; }; config = mkIf cfg.enable { services.nginx.enable = true; @@ -16,7 +20,7 @@ with lib; { services.nginx.virtualHosts."dadada.li" = { enableACME = true; forceSSL = true; - root = "${pkgs.homePage}"; + root = "${cfg.package}"; }; }; } diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index 2b2b655..85954b4 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -1,33 +1,36 @@ -{ self -, home-manager -, nixpkgs +{ config +, pkgs +, lib , ... -}: { config - , pkgs - , lib - , ... - }: -# Global settings for nix daemon +}: +let + cfg = config.dadada.inputs; +in { - nix.nixPath = [ - "home-manager=${home-manager}" - "nixpkgs=${nixpkgs}" - "dadada=${self}" - ]; - nix.registry = { - home-manager.flake = home-manager; - nixpkgs.flake = nixpkgs; - dadada.flake = self; + options = { + dadada.inputs = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + description = "Flake inputs that should be available inside Nix modules"; + default = { }; + }; + }; + + config = { + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg; + nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg; + + nix.settings.substituters = [ + https://cache.nixos.org/ + https://nix-community.cachix.org/ + ]; + + nix.settings.trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + + nix.settings.require-sigs = true; + nix.settings.sandbox = true; }; - nix.settings.substituters = [ - https://cache.nixos.org/ - https://nix-community.cachix.org/ - ]; - nix.settings.trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - nix.settings.require-sigs = true; - nix.settings.sandbox = true; } diff --git a/nixos/modules/nixpkgs.nix b/nixos/modules/nixpkgs.nix new file mode 100644 index 0000000..2c5849f --- /dev/null +++ b/nixos/modules/nixpkgs.nix @@ -0,0 +1,3 @@ +{ + nixpkgs.config.allowUnfreePredicate = pkg: true; +} diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix new file mode 100644 index 0000000..4db8af2 --- /dev/null +++ b/nixos/modules/packages.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + options = { + dadada.pkgs = lib.mkOption { + type = lib.types.attrsOf lib.types.package; + description = "Additional packages that are not sourced from nixpkgs"; + default = { }; + }; + }; +} diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 49d6341..1f41b17 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -1,4 +1,7 @@ -{ config, secretsPath, ... }: +{ config, ... }: +let + secretsPath = config.dadada.secrets.path; +in { dadada.backupClient.bs = { enable = true; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index d0032f8..2f34704 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,5 +1,4 @@ { config -, admins , pkgs , lib , ... @@ -9,8 +8,6 @@ with lib; { ./backup.nix ]; - dadada.admin.users = admins; - networking.domain = mkDefault "dadada.li"; networking.tempAddresses = "disabled"; diff --git a/nixos/modules/secrets.nix b/nixos/modules/secrets.nix new file mode 100644 index 0000000..5b74f5b --- /dev/null +++ b/nixos/modules/secrets.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + options = { + dadada.secrets.path = lib.mkOption { + type = lib.types.path; + description = "Path to encrypted secrets files"; + default = ../../secrets; + }; + }; +} diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index c04f20e..e98b5e6 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -1,7 +1,6 @@ { config , pkgs , lib -, admins , ... }: with lib; { @@ -42,7 +41,6 @@ with lib; { }; dadada.admin.enable = true; - dadada.admin.users = admins; dadada.backupClient = { bs.enable = true; diff --git a/outputs.nix b/outputs.nix index 54db6f2..46968d8 100644 --- a/outputs.nix +++ b/outputs.nix @@ -30,14 +30,11 @@ hmConfigurations = import ./home/configurations.nix inputs; - hmModules = import ./home/modules inputs; + hmModules = import ./home/modules; - nixosConfigurations = import ./nixos/configurations.nix (inputs // { - admins = import ./admins.nix; - secretsPath = ./secrets; - }); + nixosConfigurations = import ./nixos/configurations.nix inputs; - nixosModules = import ./nixos/modules inputs; + nixosModules = import ./nixos/modules; overlays = import ./overlays.nix; From 59f636f216765e47b636161b3ea478bb6b5985b9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Sep 2022 17:32:46 +0200 Subject: [PATCH 423/988] disable emacs module --- home/modules/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/home/modules/default.nix b/home/modules/default.nix index f4d841c..f9aaa93 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -2,7 +2,10 @@ alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - emacs = import ./emacs; + + # Disable because can't get importing the module to work + #emacs = import ./emacs; + fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; From e69ffedc067de43b146b94d68011da5d0059a6a0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Sep 2022 18:08:33 +0200 Subject: [PATCH 424/988] fixup devshell --- dev-shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-shell.nix b/dev-shell.nix index c59aad0..6bd48b7 100644 --- a/dev-shell.nix +++ b/dev-shell.nix @@ -3,7 +3,7 @@ let selfApp = app: self.apps."${app}"; in pkgs.mkShell { - buildInputs = pkgs.lib.catAttrs "system" [ + buildInputs = pkgs.lib.catAttrs system [ agenix.defaultPackage deploy-rs.defaultPackage (pkgs.lib.getAttrs [ "deploy" "update" "nixos-switch" ] self.apps) From cf6ed4a87e272715f00a368d32927dc2c9df655b Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Sep 2022 18:17:59 +0200 Subject: [PATCH 425/988] agenix: import server.nix --- nixos/agares/configuration.nix | 1 + nixos/configurations.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 4ab1339..7bde1ab 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -4,6 +4,7 @@ , ... }: { imports = [ + ../modules/profiles/server.nix ./hardware-configuration.nix ]; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 7d0a307..92b4a35 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -78,7 +78,6 @@ in agares = nixosSystem { extraModules = [ - ./modules/profiles/server.nix ./agares/configuration.nix ]; }; From 8fb158edcec7d53302bb31159be569d647758795 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Sep 2022 18:22:12 +0200 Subject: [PATCH 426/988] fix path to back secrets --- nixos/modules/profiles/backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 1f41b17..dfa3f2e 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -9,6 +9,6 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key.path"; }; - age.secrets."${config.networking.hostName}-backup-passphrase".file = "${toString secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${toString secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } From fda6dd5da25c68a1a1c745ca47c22cf8a293657c Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 2 Oct 2022 22:40:20 +0200 Subject: [PATCH 427/988] set plain-text password of public media playback user --- nixos/pruflas/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index e98b5e6..5ed0631 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -93,6 +93,8 @@ with lib; { isNormalUser = true; description = "Media playback user"; extraGroups = [ "users" "video" ]; + # allow anyone with physical access to log in + password = "media"; }; networking.domain = "dadada.li"; From 4c4b642f6272f3e730620355372fd885bb0ffd54 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 7 Oct 2022 22:17:32 +0200 Subject: [PATCH 428/988] add TODO --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3d1be2f..105bf2d 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,7 @@ Use at your own risk. ``` nix run .#deploy $TARGET_HOST ``` + +## TODO + +- make private keys in networking module into options and store keys with agenix From 7f36dee66bb3213b16c77ea7077a612ce8555b50 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 7 Oct 2022 19:18:48 +0200 Subject: [PATCH 429/988] add pruflas vpn --- nixos/pruflas/configuration.nix | 31 ++++++++++++++++++++++++++- secrets/pruflas-wg0-key.age | 9 ++++++++ secrets/pruflas-wg0-preshared-key.age | 10 +++++++++ secrets/secrets.nix | 5 ++++- 4 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 secrets/pruflas-wg0-key.age create mode 100644 secrets/pruflas-wg0-preshared-key.age diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 5ed0631..be881ef 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -3,7 +3,13 @@ , lib , ... }: -with lib; { +with lib; +let + secretsPath = config.dadada.secrets.path; + wg0PrivKey = "${config.networking.hostName}-wg0-key"; + wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; +in +{ imports = [ ./hardware-configuration.nix ]; networking.hostName = "pruflas"; @@ -46,6 +52,27 @@ with lib; { bs.enable = true; }; + age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; + age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; + + networking.wireguard = { + enable = true; + interfaces.uwupn = { + allowedIPsAsRoutes = true; + privateKeyFile = config.age.secrets.${wg0PrivKey}.path; + ips = [ "10.11.0.39/32" "fc00:1337:dead:beef::10.11.0.39/128" ]; + peers = [ + { + publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + endpoint = "53c70r.de:51820"; + persistentKeepalive = 25; + presharedKeyFile = config.age.secrets.${wg0PresharedKey}.path; + } + ]; + }; + }; + networking.useDHCP = false; networking.interfaces."enp0s25".useDHCP = true; @@ -105,6 +132,8 @@ with lib; { users.mutableUsers = true; dadada.networking.localResolver.enable = true; + dadada.networking.localResolver.uwu = true; + dadada.networking.localResolver.s0 = true; dadada.autoUpgrade.enable = mkDefault true; diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age new file mode 100644 index 0000000..fdefc94 --- /dev/null +++ b/secrets/pruflas-wg0-key.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 IXCPDQ yZsU7q89HVxP6Ldup2noEaGy5+SzFzuMtA4/+4mQfUU +w1cM4NXL+M9RjRjuYswEWYhtiWPgjlJEdwm9wQ9GF5Q +-> ssh-ed25519 Otklkw O8jQnBDmaBnKLHU4nAIeRwkXE3ovdw7Y6vmZcmwqpUc +rM5wbfCSQhA0wxfRPVLB7dVl8L8aiB9eWhTX/ARV1YE +-> pJ-grease ~4C{og l_ +pXTBa1xB/KJU5w +--- +w4Zc/+fVRky0Nzu0R9cc1MKAOgig1swtCLDrb6M4WM +³_Í LJ ´îŽî Õï ú²pÆB„´ûÓ$Ÿ£fÓ’xw}îAÕÎ6Þ¤6°P²Æ-{+öE±þÜ[FßÖaýWœ,ØÂ…Žl¶­Ž& \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age new file mode 100644 index 0000000..2756e64 --- /dev/null +++ b/secrets/pruflas-wg0-preshared-key.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 IXCPDQ Q0ETN6DFshfo+YouSf/YWX7u8otnnAqZr/Y7qxCRiTI +5LVB4bzpysObZJkmJJw2kgE57lZKs2XA8BVSwS7y/VM +-> ssh-ed25519 Otklkw Lgo+x/ODCP6e3SHg2rZVNNLZkHCCT7YMC7MT0Fa4dHc +bX+Bja0SeGBzNQS3vUGj+GVDAYVTgyGQtPw5I0DWPdU +-> 7&'U\;\-grease ot 7f'PU3CA +O2UHtKXSTN5TrfVh7ROQ8x9YLynOFvrxK+1kSW42hGbTstOdhBAlNfKMdiIM4Itn +k7Jshx6UTqa8dF8QIw2cme0jFkF8JUioj7uQuusGBG/WZg +--- Wau438nNnP4srJ16gRGC/9jUdCB6TjBgxc2kZVRsvn0 +´fÛð¯m7¬ºöÛã\ûÐVÚÚhðê¥ëMeöm¾^õ?EkfPû7ÔÄh¥ôäu]ÝnÅ+n.>†É Date: Fri, 7 Oct 2022 23:06:53 +0200 Subject: [PATCH 430/988] fix dev-shell --- .envrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.envrc b/.envrc index 3550a30..11f188f 100644 --- a/.envrc +++ b/.envrc @@ -1 +1 @@ -use flake +use flake .#default From 4607ebdd9819236068b4fae0c7adfaccbea2c53f Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 7 Oct 2022 23:08:25 +0200 Subject: [PATCH 431/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e' (2022-09-03) → 'github:ryantm/agenix/6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0' (2022-09-25) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/178fea1414ae708a5704490f4c49ec3320be9815' (2022-09-15) → 'github:NixOS/nixpkgs/ed9b904c5eba055a6d6f5c1ccb89ba8f0a056dc6' (2022-10-06) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/acbf1b70335d4fd6a6c05bc417d7f3ca44739437' (2022-09-10) → 'github:nix-community/nix-doom-emacs/b65e204ce9d20b376acc38ec205d08007eccdaef' (2022-10-01) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/70e241d5b189982dabc1fe55829475c5c483c89d' (2022-09-08) → 'github:nix-community/emacs-overlay/6c78924bc5b6daaf98c0dbe63bdfcf80e6433f4b' (2022-09-29) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/eb5ef0ae1424a725f933ef3929e5396a2ab727ab' (2022-09-08) → 'github:emacs-straight/org-mode/fe1f4f2ccf040deff9c57288d987f17cc2da321f' (2022-09-29) • Updated input 'nix-doom-emacs/org-contrib': 'github:emacsmirror/org-contrib/0740bd3fe69c4b327420185d931dcf0a9900a80e' (2022-08-20) → 'github:emacsmirror/org-contrib/aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f' (2022-09-27) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/8a97ad58b04045fe5a9c964aa31659bd27e665c5' (2022-09-05) → 'github:hakimel/reveal.js/468132320d6e072abd1297d7cc24766a2b7a832d' (2022-09-24) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/017402713bd2f1fd7a691aa48afb4330f5397432' (2022-09-05) → 'github:jcs-elpa/ts-fold/c3da5520b988720f7f6e9e5e11b60746598112e0' (2022-09-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a0df6cd6e199df4a78c833c273781ea92fa62cfb' (2022-09-15) → 'github:NixOS/nixos-hardware/47fd70289491c1f0c0d9a1f44fb5a9e2801120c9' (2022-10-06) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 49aa146..415ec2f 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1662241716, - "narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { @@ -78,11 +78,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1662654452, - "narHash": "sha256-mrr161UOnVNx2pzR9ePmhVlxapzQ57ZDSLb9BRgW0bo=", + "lastModified": 1664478431, + "narHash": "sha256-XTPklm/+e2UfIitB0+s/fKTheMJSw3G1p+t0SsBCuo4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "70e241d5b189982dabc1fe55829475c5c483c89d", + "rev": "6c78924bc5b6daaf98c0dbe63bdfcf80e6433f4b", "type": "github" }, "original": { @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1663244735, - "narHash": "sha256-+EukKkeAx6ithOLM1u5x4D12ZFuoi6vpPYjhNDmLz1o=", + "lastModified": 1665066044, + "narHash": "sha256-mkO0LMHVunMFRWLcJhHT0fBf2v6RlH3vg7EVpfSIAFc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "178fea1414ae708a5704490f4c49ec3320be9815", + "rev": "ed9b904c5eba055a6d6f5c1ccb89ba8f0a056dc6", "type": "github" }, "original": { @@ -414,11 +414,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1662839665, - "narHash": "sha256-TGSRXMmRTn4eza3q0XvqpuPoeCnkktPeD0TaM/V1pZ0=", + "lastModified": 1664622347, + "narHash": "sha256-pJTnEG68PhrXjpkfz/784BlcxaHgV06b1cUVGRxhMdw=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "acbf1b70335d4fd6a6c05bc417d7f3ca44739437", + "rev": "b65e204ce9d20b376acc38ec205d08007eccdaef", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1663229557, - "narHash": "sha256-1uU4nsDLXKG0AHc/VCsNBAEPkTA/07juYhcEWRb1O1E=", + "lastModified": 1665040200, + "narHash": "sha256-glqL6yj3aUm40y92inzRmowGt9aIrUrpBX7eBAMic4I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a0df6cd6e199df4a78c833c273781ea92fa62cfb", + "rev": "47fd70289491c1f0c0d9a1f44fb5a9e2801120c9", "type": "github" }, "original": { @@ -539,11 +539,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1662614940, - "narHash": "sha256-9eAqhKXpTfZQH3bn19ien3HIzF100h8z97iHqs/QUgY=", + "lastModified": 1664493874, + "narHash": "sha256-8zLosjfQX0aR5HprtCeiSqN1pfB+GEUF9AULk6WRcR4=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "eb5ef0ae1424a725f933ef3929e5396a2ab727ab", + "rev": "fe1f4f2ccf040deff9c57288d987f17cc2da321f", "type": "github" }, "original": { @@ -555,11 +555,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1661026052, - "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=", + "lastModified": 1664301003, + "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e", + "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", "type": "github" }, "original": { @@ -623,11 +623,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1662369032, - "narHash": "sha256-1BZWA3W77YbNZUj+7vJbkTeWY8O4jjPg7t5PvlEVDYA=", + "lastModified": 1664012352, + "narHash": "sha256-Pu5p6HqIO2wvWiTEhsQyIuwlWEIa1GjO3EDXosznyYE=", "owner": "hakimel", "repo": "reveal.js", - "rev": "8a97ad58b04045fe5a9c964aa31659bd27e665c5", + "rev": "468132320d6e072abd1297d7cc24766a2b7a832d", "type": "github" }, "original": { @@ -711,11 +711,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1662386895, - "narHash": "sha256-pYW2hcHgkr9KYdRvX2EkpOt/OL8yl+mkZ21JbMKWc8Q=", + "lastModified": 1663136308, + "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "017402713bd2f1fd7a691aa48afb4330f5397432", + "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", "type": "github" }, "original": { From 103d8497915621c8f58c03a644586199a8661f65 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 7 Oct 2022 23:15:46 +0200 Subject: [PATCH 432/988] pruflas: add web server --- nixos/pruflas/configuration.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index be881ef..f0e2878 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -44,8 +44,20 @@ in appendHttpConfig = '' access_log off; ''; + + virtualHosts."pruflas.uwu" = { + enableACME = false; + forceSSL = false; + root = "/var/www/pruflas.uwu"; + index = "index.html"; + locations."/".tryFiles = "$uri $uri/ = 404"; + }; }; + systemd.tmpfiles.rules = [ + "d /var/www/pruflas.uwu 0551 nginx nginx - -" + ]; + dadada.admin.enable = true; dadada.backupClient = { From a7a49bff689254e6fcdbbc6bd638b54c07e7e0a3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 12:25:09 +0200 Subject: [PATCH 433/988] pruflas: connect hydra to proxy --- nixos/pruflas/configuration.nix | 16 ++++++++++++++++ nixos/surgat/configuration.nix | 2 +- secrets/pruflas-wg-hydra-key.age | 10 ++++++++++ secrets/secrets.nix | 1 + 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 secrets/pruflas-wg-hydra-key.age diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index f0e2878..6bfbb8d 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -7,6 +7,7 @@ with lib; let secretsPath = config.dadada.secrets.path; wg0PrivKey = "${config.networking.hostName}-wg0-key"; + wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; in { @@ -67,6 +68,8 @@ in age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; + age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; + networking.wireguard = { enable = true; interfaces.uwupn = { @@ -83,6 +86,19 @@ in } ]; }; + interfaces.hydra = { + allowedIPsAsRoutes = true; + privateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; + ips = [ "10.3.3.3/32" ]; + peers = [ + { + publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + allowedIPs = [ "10.3.3.1/32" ]; + endpoint = "hydra.dadada.li:51235"; + persistentKeepalive = 25; + } + ]; + }; }; networking.useDHCP = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index f6cdf3e..02a7fe8 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -110,7 +110,7 @@ in peers = [ { - publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw="; + publicKey = "MEFz5bbCtUX/v6pMwRf/H3q3Wo8dG1XwcKzJKXi4VGU="; allowedIPs = [ "10.3.3.3/32" ]; persistentKeepalive = 25; } diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age new file mode 100644 index 0000000..ca95e6c --- /dev/null +++ b/secrets/pruflas-wg-hydra-key.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 IXCPDQ 6+CrklvnvWtZDN5Z4rHu8tgyB2+TJtZqu2TbA4TuzBE +XmCvEAgEEL3z1gFqQ8r6pUuQTYWjhQK+ZsSWWMUZ6n4 +-> ssh-ed25519 Otklkw B61xlgJCn+y0KsFH0wLTsD2L/sVBocuW2+hXfm+iAng +0aDLbZysdaynxHDVEAas9aUQqTN2nYCzM4Wm60YRda8 +-> ]duY0-grease ZVwc .o`( +itvofJfdMKtJwMY8RclR6vNkAZgLUIS56Oi2Yvp+fgGzOhK2doc/MeX05HuU36kh +O6icXsIueao +--- 7IihWX7WhSQG5LSVdt/nq3JnKpiojHTKpNOgm+WVU4o +©?æüCƒ@Ã8haöL¢u1'6TN[4É-  Å~*¢ð4 ØÏÿ²þKG—Ú«X´Ô'73²` k“r­HWÕ%P~ ¹– \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 92f7025..b13b73d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,6 +15,7 @@ in { "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ]; "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ]; + "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // From ff50c0d632f7f0858a2547a7b3d8ea44845062e3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 13:01:42 +0200 Subject: [PATCH 434/988] pruflas: fixup webserver --- nixos/pruflas/configuration.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 6bfbb8d..6ad390f 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -38,6 +38,7 @@ in ]; services.nginx = { + enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; @@ -50,8 +51,10 @@ in enableACME = false; forceSSL = false; root = "/var/www/pruflas.uwu"; - index = "index.html"; - locations."/".tryFiles = "$uri $uri/ = 404"; + locations."/" = { + tryFiles = "$uri $uri/ = 404"; + index = "index.html"; + }; }; }; @@ -109,7 +112,7 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH - 80 + 80 # HTTP 443 # HTTPS 3000 # Hydra ]; From 2da7cc10be9306f7e7fb9bd636e902c0579f0c6b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 13:11:43 +0200 Subject: [PATCH 435/988] pruflas: fixup hydra listen host --- nixos/pruflas/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 6ad390f..dee8401 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -24,8 +24,8 @@ in notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; useSubstitutes = true; - listenHost = "hydra.dadada.li"; port = 3000; + listenHost = "10.3.3.3"; }; nix.buildMachines = [ From e13a5a6b89f7a5c0113473366e422a7f38c4eb17 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 13:21:22 +0200 Subject: [PATCH 436/988] pruflas: update keys --- nixos/surgat/configuration.nix | 2 +- secrets/pruflas-wg-hydra-key.age | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 02a7fe8..b0a4d6b 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -110,7 +110,7 @@ in peers = [ { - publicKey = "MEFz5bbCtUX/v6pMwRf/H3q3Wo8dG1XwcKzJKXi4VGU="; + publicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; allowedIPs = [ "10.3.3.3/32" ]; persistentKeepalive = 25; } diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index ca95e6c..bd05039 100644 --- a/secrets/pruflas-wg-hydra-key.age +++ b/secrets/pruflas-wg-hydra-key.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ 6+CrklvnvWtZDN5Z4rHu8tgyB2+TJtZqu2TbA4TuzBE -XmCvEAgEEL3z1gFqQ8r6pUuQTYWjhQK+ZsSWWMUZ6n4 --> ssh-ed25519 Otklkw B61xlgJCn+y0KsFH0wLTsD2L/sVBocuW2+hXfm+iAng -0aDLbZysdaynxHDVEAas9aUQqTN2nYCzM4Wm60YRda8 --> ]duY0-grease ZVwc .o`( -itvofJfdMKtJwMY8RclR6vNkAZgLUIS56Oi2Yvp+fgGzOhK2doc/MeX05HuU36kh -O6icXsIueao ---- 7IihWX7WhSQG5LSVdt/nq3JnKpiojHTKpNOgm+WVU4o -©?æüCƒ@Ã8haöL¢u1'6TN[4É-  Å~*¢ð4 ØÏÿ²þKG—Ú«X´Ô'73²` k“r­HWÕ%P~ ¹– \ No newline at end of file +-> ssh-ed25519 IXCPDQ FRY6uw3eRrqUYZcnick1yxcSyEHuWkM6TMkOWPFuq0I +GLZMQFHoi4eJfbxz8kqECoj7ju0+scyNgWyILwGuJGw +-> ssh-ed25519 Otklkw nznkiropYOdg3MMMEXmRn7GKkb4GycoNtKqsWwhGF3Q +77AEvdNpqQrppOm4ZQJAM4WPXtE+ekAufBSAMBO9oYY +-> 26-grease Z Sz rY0V d\j0aR[ +f+yb +--- fluVV/qz+D6+MaIbIvzWCDWEhWHjC1TmgsD4FweilGQ +³µ"ƒSá-‚àÑp&‚àY“HfS»HêU9(Áï}æd°n‡øcU$/Éy&œU0v±Ð##!Æ=ñ©­ÿ·üIÍaád° l¶ \ No newline at end of file From dc03d3f41e526cae48b95676c497638767240472 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 15:31:37 +0200 Subject: [PATCH 437/988] pruflas: allow some inputs in nix when running in restricted mode (Hydra) --- flake.nix | 4 ++-- nixos/pruflas/configuration.nix | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index a678789..0eaf205 100644 --- a/flake.nix +++ b/flake.nix @@ -29,11 +29,11 @@ url = github:dadada/recipemd/nix-flake; }; agenix = { - url = "github:ryantm/agenix"; + url = github:ryantm/agenix; inputs.nixpkgs.follows = "myNixpkgs"; }; deploy-rs = { - url = "github:serokell/deploy-rs"; + url = github:serokell/deploy-rs; inputs.nixpkgs.follows = "myNixpkgs"; }; }; diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index dee8401..2d570df 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -37,6 +37,10 @@ in } ]; + nix.extraOptions = '' + allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git + ''; + services.nginx = { enable = true; recommendedTlsSettings = true; From f5b63983fb4814deafc3bd02f2a6405936115b84 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 15:55:15 +0200 Subject: [PATCH 438/988] remove scripts package --- pkgs/scripts.nix | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 pkgs/scripts.nix diff --git a/pkgs/scripts.nix b/pkgs/scripts.nix deleted file mode 100644 index 9b186db..0000000 --- a/pkgs/scripts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs -, stdenv -, lib -, -}: (import - (pkgs.fetchgit { - url = "https://git.dadada.li/dadada/scripts.git"; - sha256 = "sha256-Kdwb34XXLOl4AaiVmOZ3nlu/KdENMqvH+UwISv8Pyiw="; - rev = "065ff0f0ee9e44234678f0fefbba7961ea42518c"; - }) - { - stdenv = stdenv; - lib = lib; - }) From 85b2bbcf46e7d8d5c153f342532ef09af26afc9c Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 16:18:03 +0200 Subject: [PATCH 439/988] gitea: hopefully fix redis connection --- nixos/modules/gitea.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index b9dd73e..28c9983 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -4,7 +4,6 @@ , ... }: let - redisSocket = "127.0.0.1:6379"; cfg = config.dadada.gitea; in { @@ -46,14 +45,15 @@ in cache = { ENABLE = true; ADAPTER = "redis"; - HOST = "network=tcp,addr=${redisSocket},db=0,pool_size=100,idle_timeout=180"; + HOST = "network=unix,addr=${config.services.redis.servers.gitea.unixSocket},db=0,pool_size=100,idle_timeout=180"; }; }; }; services.redis = { - servers."gitea" = { + servers.gitea = { enable = true; + user = config.services.gitea.user; }; vmOverCommit = true; }; From 6655fc776fe137df296704fe27fb42b6ea4f7378 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 16:40:47 +0200 Subject: [PATCH 440/988] hydra-jobs: run checks in CI --- hydra-jobs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-jobs.nix b/hydra-jobs.nix index d195e99..078386e 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -6,4 +6,4 @@ (nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.activation-script) self.hmConfigurations -) +) // self.checks.x86_64-linux From f65d24bf1e29aad3bbdaea6cbb0ba7edc3db8010 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 17:48:24 +0200 Subject: [PATCH 441/988] set up gihubstatus --- nixos/pruflas/configuration.nix | 13 +++++++++++++ secrets/hydra-github-authorization.age | 10 ++++++++++ secrets/secrets.nix | 1 + 3 files changed, 24 insertions(+) create mode 100644 secrets/hydra-github-authorization.age diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 2d570df..554bc5a 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -9,6 +9,7 @@ let wg0PrivKey = "${config.networking.hostName}-wg0-key"; wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; + hydraGitHubAuth = "hydra-github-authorization"; in { imports = [ ./hardware-configuration.nix ]; @@ -17,6 +18,8 @@ in services.logind.lidSwitch = "ignore"; + age.secrets.${hydraGitHubAuth}.file = "${secretsPath}/${hydraGitHubAuth}.age"; + services.hydra = { enable = true; package = pkgs.hydra-unstable; @@ -26,6 +29,16 @@ in useSubstitutes = true; port = 3000; listenHost = "10.3.3.3"; + extraConfig = '' + Include ${config.age.secrets."${hydraGitHubAuth}".path} + + + jobs = nix-config:nix-config.* + inputs = nix-config + excludeBuildFromContext = 1 + useShortContext = 1 + + ''; }; nix.buildMachines = [ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age new file mode 100644 index 0000000..ceeadef --- /dev/null +++ b/secrets/hydra-github-authorization.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 IXCPDQ FIIoY8iq2Eg0Vw/SNSeBWDOwbecffHz11T0SlhRTMjo +5bFPVivYR720P43uQ/c+y4TUX2iSnhoPcaIsgB6hePk +-> ssh-ed25519 Otklkw od+LuwSv3xq+Z9Y8HSWXoJ5Zv07uzwRnBUPZErzha3c +Qr+4ofsEnP0TwCc+j7S1Rtu/X8Gq30eYnkJFzDFv194 +-> K\f7-grease -3R # +DmUr0gWgtRXwnabANCq+pgjmNoAkmPlghI5Y308SR7DQtNGdyZpuSQdZ7xF4PYGS +c7UBBjPRBW0 +--- fswZzO7E/Hwsb1lH4bbgvPaVCQzHfsdz1tLDuyBzLm8 +3GoPöØÌAóözuÎ(Ð)’#EMÿ9=a•]·¶|—c3ä[“œ‡aÞÕ“ÃèuG# ‰™wn ¤«é -ò½ \QÎ1C:˜sÛ*Ò¨§8ÿËï̺uwÍ$ØñaqQSç…O:>ÔsˆɨÐØzñ ÑåÂOíÈñMÂk¥}^ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b13b73d..d10ec43 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,6 +16,7 @@ in "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ]; "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ]; "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ]; + "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // From 502171ec574a037f1c3b13143ae5e53c8461ae02 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 18:00:01 +0200 Subject: [PATCH 442/988] fixup permissions --- nixos/pruflas/configuration.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 554bc5a..d96bfdf 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -18,7 +18,11 @@ in services.logind.lidSwitch = "ignore"; - age.secrets.${hydraGitHubAuth}.file = "${secretsPath}/${hydraGitHubAuth}.age"; + age.secrets.${hydraGitHubAuth} = { + file = "${secretsPath}/${hydraGitHubAuth}.age"; + owner = "hydra-www"; + group = "hydra"; + }; services.hydra = { enable = true; From f43f6a68943ce09156032a7d472ca52ab9f09211 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 8 Oct 2022 18:10:44 +0200 Subject: [PATCH 443/988] make github token accessible to hydra-notify --- nixos/pruflas/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index d96bfdf..20d9f53 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -20,6 +20,7 @@ in age.secrets.${hydraGitHubAuth} = { file = "${secretsPath}/${hydraGitHubAuth}.age"; + mode = "440"; owner = "hydra-www"; group = "hydra"; }; From b164977b2ef00aeae1125a8b3ef71e10d9e8c5b6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 15:19:57 +0200 Subject: [PATCH 444/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0' (2022-09-25) → 'github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288' (2022-10-15) • Updated input 'home-manager': 'github:nix-community/home-manager/4a3d01fb53f52ac83194081272795aa4612c2381' (2022-06-25) → 'github:nix-community/home-manager/17208be516fc36e2ab0ceb064d931e90eb88b2a3' (2022-10-11) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/ed9b904c5eba055a6d6f5c1ccb89ba8f0a056dc6' (2022-10-06) → 'github:NixOS/nixpkgs/78a37aa630faa41944060a966607d4f1128ea94b' (2022-10-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/47fd70289491c1f0c0d9a1f44fb5a9e2801120c9' (2022-10-06) → 'github:NixOS/nixos-hardware/674d05f9ae2249d606a0e6fc63e522d2031a27ac' (2022-10-15) • Updated input 'nvd': 'git+https://gitlab.com/khumba/nvd.git?ref=master&rev=b082bd23f54d164765fab1737d40d47d4f649ae2' (2022-05-28) → 'git+https://gitlab.com/khumba/nvd.git?ref=master&rev=f87f29530beb039d283530ab533d700c53120b83' (2022-10-15) --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 415ec2f..370787b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1664140963, - "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", + "lastModified": 1665870395, + "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", "owner": "ryantm", "repo": "agenix", - "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", + "rev": "a630400067c6d03c9b3e0455347dc8559db14288", "type": "github" }, "original": { @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1656169755, - "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", + "lastModified": 1665475263, + "narHash": "sha256-T4at7d+KsQNWh5rfjvOtQCaIMWjSDlSgQZKvxb+LcEY=", "owner": "nix-community", "repo": "home-manager", - "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", + "rev": "17208be516fc36e2ab0ceb064d931e90eb88b2a3", "type": "github" }, "original": { @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1665066044, - "narHash": "sha256-mkO0LMHVunMFRWLcJhHT0fBf2v6RlH3vg7EVpfSIAFc=", + "lastModified": 1665763903, + "narHash": "sha256-znGWY4x688cZ3Ii01qLnhl+mSKpQ9iCufGxfdV6oBOc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed9b904c5eba055a6d6f5c1ccb89ba8f0a056dc6", + "rev": "78a37aa630faa41944060a966607d4f1128ea94b", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1665040200, - "narHash": "sha256-glqL6yj3aUm40y92inzRmowGt9aIrUrpBX7eBAMic4I=", + "lastModified": 1665839131, + "narHash": "sha256-0KYo13PfwvPw5i/SC+hGy3hsgR++Co7SIzv+0e9YOnM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "47fd70289491c1f0c0d9a1f44fb5a9e2801120c9", + "rev": "674d05f9ae2249d606a0e6fc63e522d2031a27ac", "type": "github" }, "original": { @@ -507,11 +507,11 @@ ] }, "locked": { - "lastModified": 1653711492, - "narHash": "sha256-/jSe9Ix5AO5GDXxc3ugw0mJoYcH98WVcPdM+tOG0WWQ=", + "lastModified": 1665876905, + "narHash": "sha256-rZJuhvO7hIPezbwFESOEdGm+ZJldrEiPIvyhICJ6xoQ=", "ref": "master", - "rev": "b082bd23f54d164765fab1737d40d47d4f649ae2", - "revCount": 17, + "rev": "f87f29530beb039d283530ab533d700c53120b83", + "revCount": 25, "type": "git", "url": "https://gitlab.com/khumba/nvd.git" }, From d6d7a20b3f9f484531657e931a297d5fedaa08f1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 16:39:18 +0200 Subject: [PATCH 445/988] add hydra jobsets spec --- default.nix | 7 +++++++ jobsets.nix | 27 +++++++++++++++++++++++++++ nixos/pruflas/configuration.nix | 2 +- outputs.nix | 17 +++++++++++++++++ spec.json | 15 +++++++++++++++ 5 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 default.nix create mode 100644 jobsets.nix create mode 100644 spec.json diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..0bd1bf9 --- /dev/null +++ b/default.nix @@ -0,0 +1,7 @@ +{ nixpkgs, declInput, projectName, ... }: +let + pkgs = import nixpkgs { }; +in +{ + jobsets = import ./jobsets.nix { inherit pkgs declInput projectName; }; +} diff --git a/jobsets.nix b/jobsets.nix new file mode 100644 index 0000000..a869a03 --- /dev/null +++ b/jobsets.nix @@ -0,0 +1,27 @@ +{ pkgs +, declInput +, projectName +, ... +}: +pkgs.runCommand "spec.json" { } '' + cat < $out < - jobs = nix-config:nix-config.* + jobs = nix-config:main.* inputs = nix-config excludeBuildFromContext = 1 useShortContext = 1 diff --git a/outputs.nix b/outputs.nix index 46968d8..4bfa0f7 100644 --- a/outputs.nix +++ b/outputs.nix @@ -25,6 +25,23 @@ devShells.default = pkgs.callPackage ./dev-shell.nix inputs // { inherit pkgs system; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; + + jobsets = (import ./jobsets.nix { + inherit pkgs; + projectName = "nix-config"; + declInput = { + src = { + type = "git"; + value = "git://github.com/dadada/nix-config.git main"; + emailresponsible = false; + }; + nixpkgs = { + type = "git"; + value = "git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"; + emailresponsible = false; + }; + }; + }); })) // { diff --git a/spec.json b/spec.json new file mode 100644 index 0000000..a2a97a8 --- /dev/null +++ b/spec.json @@ -0,0 +1,15 @@ +{ + "main": { + "enabled": 1, + "hidden": false, + "description": "nix-config", + "flakeuri": "github:dadada/nix-config/main", + "checkinterval": 300, + "schedulingshares": 1, + "enableemail": false, + "emailoverride": "", + "keepnr": 3, + "type": "flake", + "inputs": {"nixpkgs":{"emailresponsible":false,"type":"git","value":"git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"},"src":{"emailresponsible":false,"type":"git","value":"git://github.com/dadada/nix-config.git main"}} + } +} From 7518b75c23aa9c24b51261d6f8bebd6617c37ed3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 17:30:06 +0200 Subject: [PATCH 446/988] fixup spec.json --- spec.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/spec.json b/spec.json index a2a97a8..36a44b4 100644 --- a/spec.json +++ b/spec.json @@ -1,5 +1,4 @@ { - "main": { "enabled": 1, "hidden": false, "description": "nix-config", @@ -11,5 +10,4 @@ "keepnr": 3, "type": "flake", "inputs": {"nixpkgs":{"emailresponsible":false,"type":"git","value":"git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"},"src":{"emailresponsible":false,"type":"git","value":"git://github.com/dadada/nix-config.git main"}} - } } From 2f0d803f2158094a054ee81b3cf69b619a6a179f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 17:39:49 +0200 Subject: [PATCH 447/988] fixup: spec.json --- spec.json | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/spec.json b/spec.json index 36a44b4..2f6b7a0 100644 --- a/spec.json +++ b/spec.json @@ -1,13 +1,16 @@ { "enabled": 1, "hidden": false, - "description": "nix-config", - "flakeuri": "github:dadada/nix-config/main", + "description": "nix-config Jobsets", + "nixexprinput": "src", + "nixexprpath": "default.nix", "checkinterval": 300, "schedulingshares": 1, "enableemail": false, "emailoverride": "", "keepnr": 3, - "type": "flake", - "inputs": {"nixpkgs":{"emailresponsible":false,"type":"git","value":"git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"},"src":{"emailresponsible":false,"type":"git","value":"git://github.com/dadada/nix-config.git main"}} + "inputs": { + "nixpkgs":{"emailresponsible":false,"type":"git","value":"git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"}, + "src":{"emailresponsible":false,"type":"git","value":"git://github.com/dadada/nix-config.git main"} + } } From 5c9706685a0e65a10ed41e958fc6831a6dd90223 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 17:54:38 +0200 Subject: [PATCH 448/988] fixup: spec.json --- spec.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec.json b/spec.json index 2f6b7a0..a2a3a43 100644 --- a/spec.json +++ b/spec.json @@ -10,7 +10,7 @@ "emailoverride": "", "keepnr": 3, "inputs": { - "nixpkgs":{"emailresponsible":false,"type":"git","value":"git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"}, - "src":{"emailresponsible":false,"type":"git","value":"git://github.com/dadada/nix-config.git main"} + "nixpkgs":{"emailresponsible":false,"type":"git","value":"https://github.com/NixOS/nixpkgs.git nixpkgs-22.05"}, + "src":{"emailresponsible":false,"type":"git","value":"https://github.com/dadada/nix-config.git main"} } } From 611204f03659a552881c11ee242d779e85999267 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 18:33:21 +0200 Subject: [PATCH 449/988] allow dokuwiki-plugin-icalevents in inputs --- nixos/pruflas/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 9dd0849..6de6188 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -56,7 +56,7 @@ in ]; nix.extraOptions = '' - allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git + allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents ''; services.nginx = { From 55a4cfe1e248d39494f41b7252b9176c98fc751d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 16 Oct 2022 18:56:49 +0200 Subject: [PATCH 450/988] hydra: allow dokuwiki-template-bootstrap3 --- nixos/pruflas/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 6de6188..d53867c 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -56,7 +56,7 @@ in ]; nix.extraOptions = '' - allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents + allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents https://github.com/giterlizzi/dokuwiki-template-bootstrap3 ''; services.nginx = { From c00a6f612a928b9f54a60dcb18c115257a4749d7 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 21 Oct 2022 18:53:16 +0200 Subject: [PATCH 451/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/17208be516fc36e2ab0ceb064d931e90eb88b2a3' (2022-10-11) → 'github:nix-community/home-manager/b81e128fc053ab3159d7b464d9b7dedc9d6a6891' (2022-10-17) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/78a37aa630faa41944060a966607d4f1128ea94b' (2022-10-14) → 'github:NixOS/nixpkgs/44fc3cb097324c9f9f93313dd3f103e78d722968' (2022-10-20) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/674d05f9ae2249d606a0e6fc63e522d2031a27ac' (2022-10-15) → 'github:NixOS/nixos-hardware/0e6593630071440eb89cd97a52921497482b22c6' (2022-10-17) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 370787b..d09333b 100644 --- a/flake.lock +++ b/flake.lock @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1665475263, - "narHash": "sha256-T4at7d+KsQNWh5rfjvOtQCaIMWjSDlSgQZKvxb+LcEY=", + "lastModified": 1665996265, + "narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=", "owner": "nix-community", "repo": "home-manager", - "rev": "17208be516fc36e2ab0ceb064d931e90eb88b2a3", + "rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891", "type": "github" }, "original": { @@ -369,11 +369,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1665763903, - "narHash": "sha256-znGWY4x688cZ3Ii01qLnhl+mSKpQ9iCufGxfdV6oBOc=", + "lastModified": 1666249138, + "narHash": "sha256-CzK8NA8xEMKAhvHXB8UMODckcH97sZXm6lziKNWLv0M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78a37aa630faa41944060a966607d4f1128ea94b", + "rev": "44fc3cb097324c9f9f93313dd3f103e78d722968", "type": "github" }, "original": { @@ -445,11 +445,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1665839131, - "narHash": "sha256-0KYo13PfwvPw5i/SC+hGy3hsgR++Co7SIzv+0e9YOnM=", + "lastModified": 1665987993, + "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "674d05f9ae2249d606a0e6fc63e522d2031a27ac", + "rev": "0e6593630071440eb89cd97a52921497482b22c6", "type": "github" }, "original": { From c4ed80d6672bbc6240c67edaba89cec301ca5fc0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 Oct 2022 15:36:05 +0200 Subject: [PATCH 452/988] map: init at 0.1.1 --- outputs.nix | 2 ++ pkgs/default.nix | 6 ++++++ pkgs/map.nix | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 pkgs/default.nix create mode 100644 pkgs/map.nix diff --git a/outputs.nix b/outputs.nix index 4bfa0f7..42a8d80 100644 --- a/outputs.nix +++ b/outputs.nix @@ -42,6 +42,8 @@ }; }; }); + + packages = import ./pkgs (inputs // { inherit pkgs; }); })) // { diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..a7ce200 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,6 @@ +{ pkgs +, ... +} @ inputs: +{ + map = pkgs.callPackage ./map.nix { }; +} diff --git a/pkgs/map.nix b/pkgs/map.nix new file mode 100644 index 0000000..8cb9a39 --- /dev/null +++ b/pkgs/map.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchFromGitHub }: +stdenv.mkDerivation rec { + pname = "map"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "soveran"; + repo = pname; + rev = "0.1.1"; + sha256 = "sha256-yGzmhZwv1qKy0JNcSzqL996APQO8OGWQ1GBkEkKTOXA="; + }; + + makefile = "makefile"; + + installPhase = '' + export PREFIX="$out"; + mkdir -p "$out" + make install + ''; + + checkPhase = '' + make test + ''; + + meta = with lib; { + description = "Map lines from stdin to commands"; + license = licenses.bsd2; + homepage = "https://github.com/soveran/map"; + platforms = platforms.all; + maintainers = with maintainers; [ dadada ]; + }; +} From 6e82d7dee6e205e3a27ddf0bc74eda062e9ff86d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 Oct 2022 18:25:01 +0200 Subject: [PATCH 453/988] add package map to config --- nixos/configurations.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 92b4a35..ddd892e 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -25,9 +25,9 @@ in extraModules = [ { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = getDefaultPkgs system { + dadada.pkgs = (getDefaultPkgs system { inherit scripts nvd recipemd; - }; + }) // self.packages.${system}; # Add flakes to registry and nix path. dadada.inputs = inputs // { dadada = self; }; From a440500b0c7a706ab027e5cc073133c526eeab07 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 Oct 2022 18:26:25 +0200 Subject: [PATCH 454/988] install `map` on gorgon --- nixos/gorgon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index c5ac787..cdc1854 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -84,6 +84,7 @@ in chromium ghostscript config.dadada.pkgs.recipemd + config.dadada.pkgs.map ]; networking.firewall = { From c781508deef1cfcd9de18efe6f867e7ea4971471 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 28 Oct 2022 16:52:49 +0200 Subject: [PATCH 455/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Added input 'devshell': 'github:numtide/devshell/c8ce8ed81726079c398f5f29c4b68a7d6a3c2fa2' (2022-10-23) • Added input 'devshell/flake-utils': 'github:numtide/flake-utils/846b2ae0fc4cc943637d3d1def4454213e203cba' (2022-01-20) • Added input 'devshell/nixpkgs': follows 'myNixpkgs' • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/44fc3cb097324c9f9f93313dd3f103e78d722968' (2022-10-20) → 'github:NixOS/nixpkgs/c132d0837dfb9035701dcd8fc91786c605c855c3' (2022-10-27) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/b65e204ce9d20b376acc38ec205d08007eccdaef' (2022-10-01) → 'github:nix-community/nix-doom-emacs/17673891a41c747d485b9407cb3b50b3156395ee' (2022-10-25) • Updated input 'nix-doom-emacs/doom-emacs': 'github:doomemacs/doomemacs/c44bc81a05f3758ceaa28921dd9c830b9c571e61' (2022-08-19) → 'github:doomemacs/doomemacs/3853dff5e11655e858d0bfae64b70cb12ef685ac' (2022-09-06) • Added input 'nix-doom-emacs/doom-modeline': 'github:seagle0128/doom-modeline/ce9899f00af40edb78f58b9af5c3685d67c8eed2' (2022-03-28) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/6c78924bc5b6daaf98c0dbe63bdfcf80e6433f4b' (2022-09-29) → 'github:nix-community/emacs-overlay/b8e24cec99ff68f8a875b6f842a10b6b2ab398d3' (2022-10-20) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/fe1f4f2ccf040deff9c57288d987f17cc2da321f' (2022-09-29) → 'github:emacs-straight/org-mode/98cae03b7d9a612334d5ea461e73ac0b37b0285d' (2022-10-20) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/468132320d6e072abd1297d7cc24766a2b7a832d' (2022-09-24) → 'github:hakimel/reveal.js/f6f657b627f9703e32414d8d3f16fb49d41031cb' (2022-10-17) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/0e6593630071440eb89cd97a52921497482b22c6' (2022-10-17) → 'github:NixOS/nixos-hardware/419dcc0ec767803182ed01a326f134230578bf60' (2022-10-27) --- flake.lock | 117 +++++++++++++++++++++++++++++++++++++++-------------- flake.nix | 4 ++ 2 files changed, 90 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index d09333b..d5aa088 100644 --- a/flake.lock +++ b/flake.lock @@ -42,20 +42,58 @@ "type": "github" } }, + "devshell": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "myNixpkgs" + ] + }, + "locked": { + "lastModified": 1666548262, + "narHash": "sha256-4DyN4KXqQQsCw0vCXkMThw4b5Q4/q87ZZgRb4st8COc=", + "owner": "numtide", + "repo": "devshell", + "rev": "c8ce8ed81726079c398f5f29c4b68a7d6a3c2fa2", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "doom-emacs": { "flake": false, "locked": { - "lastModified": 1660901074, - "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=", + "lastModified": 1662497747, + "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=", "owner": "doomemacs", "repo": "doomemacs", - "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", "type": "github" }, "original": { "owner": "doomemacs", - "ref": "master", "repo": "doomemacs", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", + "type": "github" + } + }, + "doom-modeline": { + "flake": false, + "locked": { + "lastModified": 1648449595, + "narHash": "sha256-HjULFxtNDAJ7PDpy/e2bhoDYgBjwGpBdBoTY135puYA=", + "owner": "seagle0128", + "repo": "doom-modeline", + "rev": "ce9899f00af40edb78f58b9af5c3685d67c8eed2", + "type": "github" + }, + "original": { + "owner": "seagle0128", + "repo": "doom-modeline", + "rev": "ce9899f00af40edb78f58b9af5c3685d67c8eed2", "type": "github" } }, @@ -78,11 +116,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1664478431, - "narHash": "sha256-XTPklm/+e2UfIitB0+s/fKTheMJSw3G1p+t0SsBCuo4=", + "lastModified": 1666298449, + "narHash": "sha256-y1SRRRK2eTVuh/HRCxwDSInMwGv0d5cPIp4YDlbcM30=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "6c78924bc5b6daaf98c0dbe63bdfcf80e6433f4b", + "rev": "b8e24cec99ff68f8a875b6f842a10b6b2ab398d3", "type": "github" }, "original": { @@ -221,11 +259,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -265,6 +303,21 @@ } }, "flake-utils_4": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -279,7 +332,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_6": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -369,11 +422,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1666249138, - "narHash": "sha256-CzK8NA8xEMKAhvHXB8UMODckcH97sZXm6lziKNWLv0M=", + "lastModified": 1666867875, + "narHash": "sha256-3nD7iQXd/J6KjkT8IjozTuA5p8qjiLKTxvOUmH+AzNM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44fc3cb097324c9f9f93313dd3f103e78d722968", + "rev": "c132d0837dfb9035701dcd8fc91786c605c855c3", "type": "github" }, "original": { @@ -386,6 +439,7 @@ "nix-doom-emacs": { "inputs": { "doom-emacs": "doom-emacs", + "doom-modeline": "doom-modeline", "doom-snippets": "doom-snippets", "emacs-overlay": "emacs-overlay", "emacs-so-long": "emacs-so-long", @@ -395,7 +449,7 @@ "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "format-all": "format-all", "nix-straight": "nix-straight", "nixpkgs": [ @@ -414,11 +468,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1664622347, - "narHash": "sha256-pJTnEG68PhrXjpkfz/784BlcxaHgV06b1cUVGRxhMdw=", + "lastModified": 1666731850, + "narHash": "sha256-yyCrh5vPqxJNj+2wt4IxHAk7blnYxwC/zkSKw/y0hg8=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "b65e204ce9d20b376acc38ec205d08007eccdaef", + "rev": "17673891a41c747d485b9407cb3b50b3156395ee", "type": "github" }, "original": { @@ -445,11 +499,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1665987993, - "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=", + "lastModified": 1666873549, + "narHash": "sha256-a6Eu1Qv/EndjepSMja5SvcG+4vM5Rl2gzJD7xscRHss=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0e6593630071440eb89cd97a52921497482b22c6", + "rev": "419dcc0ec767803182ed01a326f134230578bf60", "type": "github" }, "original": { @@ -501,7 +555,7 @@ }, "nvd": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "myNixpkgs" ] @@ -539,11 +593,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1664493874, - "narHash": "sha256-8zLosjfQX0aR5HprtCeiSqN1pfB+GEUF9AULk6WRcR4=", + "lastModified": 1666258795, + "narHash": "sha256-k2FbWk4OJKZbih3pTvJYxkaXuauWsuaXXthV54UFqCM=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "fe1f4f2ccf040deff9c57288d987f17cc2da321f", + "rev": "98cae03b7d9a612334d5ea461e73ac0b37b0285d", "type": "github" }, "original": { @@ -602,7 +656,7 @@ }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": "nixpkgs_2" }, "locked": { @@ -623,11 +677,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1664012352, - "narHash": "sha256-Pu5p6HqIO2wvWiTEhsQyIuwlWEIa1GjO3EDXosznyYE=", + "lastModified": 1665992801, + "narHash": "sha256-bqNgaBT6WPfumhdG1VPZ6ngn0QA9RDuVtVJtVwxbOd4=", "owner": "hakimel", "repo": "reveal.js", - "rev": "468132320d6e072abd1297d7cc24766a2b7a832d", + "rev": "f6f657b627f9703e32414d8d3f16fb49d41031cb", "type": "github" }, "original": { @@ -640,7 +694,8 @@ "inputs": { "agenix": "agenix", "deploy-rs": "deploy-rs", - "flake-utils": "flake-utils", + "devshell": "devshell", + "flake-utils": "flake-utils_2", "home-manager": "home-manager", "homePage": "homePage", "myNixpkgs": "myNixpkgs", @@ -672,7 +727,7 @@ }, "scripts": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "nixpkgs": [ "myNixpkgs" ] diff --git a/flake.nix b/flake.nix index 0eaf205..92b3992 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,10 @@ url = github:serokell/deploy-rs; inputs.nixpkgs.follows = "myNixpkgs"; }; + devshell = { + url = github:numtide/devshell; + inputs.nixpkgs.follows = "myNixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; From 771e7183359bd1eba81526e473fb67dae3bb4dd7 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 28 Oct 2022 17:00:34 +0200 Subject: [PATCH 456/988] add devshell cli --- .envrc | 4 +++- dev-shell.nix | 11 ----------- devshell.nix | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ outputs.nix | 16 +++++++++++++--- 4 files changed, 66 insertions(+), 15 deletions(-) delete mode 100644 dev-shell.nix create mode 100644 devshell.nix diff --git a/.envrc b/.envrc index 11f188f..3140b68 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,3 @@ -use flake .#default +watch_file devshell.nix + +use flake diff --git a/dev-shell.nix b/dev-shell.nix deleted file mode 100644 index 6bd48b7..0000000 --- a/dev-shell.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ self, pkgs, agenix, deploy-rs, system, ... }: -let - selfApp = app: self.apps."${app}"; -in -pkgs.mkShell { - buildInputs = pkgs.lib.catAttrs system [ - agenix.defaultPackage - deploy-rs.defaultPackage - (pkgs.lib.getAttrs [ "deploy" "update" "nixos-switch" ] self.apps) - ]; -} diff --git a/devshell.nix b/devshell.nix new file mode 100644 index 0000000..e18efe9 --- /dev/null +++ b/devshell.nix @@ -0,0 +1,50 @@ +{ pkgs, ... }: +(pkgs.devshell.mkShell { + name = "dadada/nix-config"; + + packages = with pkgs; [ + agenix + nixpkgs-fmt + nixos-rebuild + ]; + + commands = [ + { + name = "switch"; + help = "Switch the configuration on the current system."; + command = '' + flake=$(nix flake metadata --json ${./.} | jq -r .url) + ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake ".#" --use-remote-sudo + ''; + category = "deploy"; + } + { + name = "format"; + help = "Format the project"; + command = '' + nixpkgs-fmt . + ''; + category = "dev"; + } + { + name = "update"; + help = "Update the project"; + command = '' + nix flake update --commit-lock-file + ''; + category = "dev"; + } + { + name = "deploy"; + help = "Deploy this flake"; + package = "deploy-rs"; + category = "deploy"; + } + { + name = "check"; + help = "Run checks"; + category = "dev"; + command = "nix flake check"; + } + ]; +}) diff --git a/outputs.nix b/outputs.nix index 42a8d80..caae297 100644 --- a/outputs.nix +++ b/outputs.nix @@ -11,6 +11,7 @@ , scripts , recipemd , agenix +, devshell , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: @@ -20,9 +21,18 @@ formatter = self.formatter.${system}; in { - apps = import ./apps.nix (inputs // { inherit pkgs system; }); - - devShells.default = pkgs.callPackage ./dev-shell.nix inputs // { inherit pkgs system; }; + devShells.default = + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + agenix.overlay + (final: prev: { deploy-rs = deploy-rs.defaultPackage.${system}; }) + devshell.overlay + ]; + }; + in + import ./devshell.nix { inherit pkgs; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; From 845b7e0a58eca758d59f5f2bb14a0d8b47e4f59e Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 28 Oct 2022 22:09:21 +0200 Subject: [PATCH 457/988] add pre-push hook --- devshell.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/devshell.nix b/devshell.nix index e18efe9..9d446a9 100644 --- a/devshell.nix +++ b/devshell.nix @@ -47,4 +47,8 @@ command = "nix flake check"; } ]; + + git.hooks = { + pre-push = "nix flake check"; + }; }) From 2fd3cbdd6d0cd46ae024bb5c47dd9510cd337988 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 28 Oct 2022 22:14:22 +0200 Subject: [PATCH 458/988] add missing module to devshell --- devshell.nix | 6 ++++-- outputs.nix | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/devshell.nix b/devshell.nix index 9d446a9..139bb20 100644 --- a/devshell.nix +++ b/devshell.nix @@ -1,5 +1,7 @@ -{ pkgs, ... }: +{ pkgs, extraModules, ... }: (pkgs.devshell.mkShell { + imports = extraModules; + name = "dadada/nix-config"; packages = with pkgs; [ @@ -49,6 +51,6 @@ ]; git.hooks = { - pre-push = "nix flake check"; + pre-push.text = "nix flake check"; }; }) diff --git a/outputs.nix b/outputs.nix index caae297..83be7d9 100644 --- a/outputs.nix +++ b/outputs.nix @@ -31,8 +31,9 @@ devshell.overlay ]; }; + extraModules = [ "${devshell}/extra/git.nix" ]; in - import ./devshell.nix { inherit pkgs; }; + import ./devshell.nix { inherit pkgs extraModules; }; formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; From 3c3868c88b1e735190f761088d3325eb325860d7 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 28 Oct 2022 22:15:42 +0200 Subject: [PATCH 459/988] add correct module --- outputs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.nix b/outputs.nix index 83be7d9..67cc54a 100644 --- a/outputs.nix +++ b/outputs.nix @@ -31,7 +31,7 @@ devshell.overlay ]; }; - extraModules = [ "${devshell}/extra/git.nix" ]; + extraModules = [ "${devshell}/extra/git/hooks.nix" ]; in import ./devshell.nix { inherit pkgs extraModules; }; From 8f4ffd1d453163c757f4bd01b405bf06c2fac829 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Oct 2022 13:04:17 +0200 Subject: [PATCH 460/988] miniflux: move into module --- nixos/gorgon/configuration.nix | 9 ------ nixos/modules/default.nix | 1 + nixos/modules/miniflux.nix | 39 +++++++++++++++++++++++++ nixos/modules/profiles/base.nix | 7 +++++ nixos/modules/profiles/laptop.nix | 1 + nixos/modules/profiles/server.nix | 1 + nixos/surgat/configuration.nix | 6 +--- secrets/agares-backup-passphrase.age | Bin 503 -> 449 bytes secrets/agares-backup-ssh-key.age | Bin 876 -> 757 bytes secrets/gorgon-backup-passphrase.age | 18 ++++++------ secrets/gorgon-backup-ssh-key.age | Bin 788 -> 772 bytes secrets/hydra-github-authorization.age | Bin 524 -> 592 bytes secrets/ifrit-backup-passphrase.age | Bin 408 -> 422 bytes secrets/ifrit-backup-ssh-key.age | Bin 903 -> 853 bytes secrets/miniflux-admin-credentials.age | 9 ++++++ secrets/pruflas-backup-passphrase.age | 17 ++++++----- secrets/pruflas-backup-ssh-key.age | Bin 872 -> 840 bytes secrets/pruflas-wg-hydra-key.age | 17 ++++++----- secrets/pruflas-wg0-key.age | 17 ++++++----- secrets/pruflas-wg0-preshared-key.age | 19 ++++++------ secrets/secrets.nix | 1 + secrets/surgat-backup-passphrase.age | 16 +++++----- secrets/surgat-backup-ssh-key.age | Bin 808 -> 873 bytes 23 files changed, 114 insertions(+), 64 deletions(-) create mode 100644 nixos/modules/miniflux.nix create mode 100644 nixos/modules/profiles/base.nix create mode 100644 secrets/miniflux-admin-credentials.age diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index cdc1854..9c5fe21 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -71,15 +71,6 @@ in ]; }; - services.miniflux = { - enable = true; - config = { - CLEANUP_FREQUENCY = "48"; - LISTEN_ADDR = "localhost:8080"; - }; - adminCredentialsFile = "/var/lib/miniflux/admin-credentials"; - }; - environment.systemPackages = with pkgs; [ chromium ghostscript diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 3928d3a..834470e 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -10,6 +10,7 @@ headphones = import ./headphones.nix; homepage = import ./homepage.nix; kanboard = import ./kanboard; + miniflux = import ./miniflux.nix; networking = import ./networking.nix; nix = import ./nix.nix; nixpkgs = import ./nixpkgs.nix; diff --git a/nixos/modules/miniflux.nix b/nixos/modules/miniflux.nix new file mode 100644 index 0000000..6afc735 --- /dev/null +++ b/nixos/modules/miniflux.nix @@ -0,0 +1,39 @@ +{ config, lib, ... }: +let + cfg = config.dadada.miniflux; + domain = "miniflux.${config.networking.domain}"; + adminCredentialsFile = "miniflux-admin-credentials"; +in +{ + + options.dadada.miniflux = { + enable = lib.mkEnableOption "Enable miniflux RSS aggregator"; + }; + + config = lib.mkIf cfg.enable { + services.miniflux = { + enable = true; + config = { + CLEANUP_FREQUENCY = "48"; + LISTEN_ADDR = "localhost:8080"; + }; + adminCredentialsFile = config.age.secrets.${adminCredentialsFile}.path; + }; + + services.nginx.virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + proxy_pass http://localhost:8080/; + ''; + }; + + age.secrets.${adminCredentialsFile} = { + file = "${config.dadada.secrets.path}/${adminCredentialsFile}.age"; + owner = config.systemd.services.miniflux.serviceConfig.User; + group = "root"; + mode = "0700"; + }; + }; +} diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix new file mode 100644 index 0000000..146c443 --- /dev/null +++ b/nixos/modules/profiles/base.nix @@ -0,0 +1,7 @@ +{ config, ... }: +{ + security.acme = { + defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; +} diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 8713a41..ad8a84c 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -6,6 +6,7 @@ with lib; { imports = [ ./backup.nix + ./base.nix ]; networking.domain = mkDefault "dadada.li"; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 2f34704..42740d0 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -6,6 +6,7 @@ with lib; { imports = [ ./backup.nix + ./base.nix ]; networking.domain = mkDefault "dadada.li"; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index b0a4d6b..f80b215 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -41,6 +41,7 @@ in dadada.element.enable = true; dadada.gitea.enable = true; + dadada.miniflux.enable = true; dadada.weechat.enable = true; dadada.homePage.enable = true; dadada.share.enable = true; @@ -65,11 +66,6 @@ in ]; }; - security.acme = { - defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; - }; - # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 0ce1af60a6d43b7f9df4c540c7404ed61bf1764e..c4e6b96c4a5e8db2dc17b983d88ed68626a71082 100644 GIT binary patch delta 415 zcmey)e2{s9PJM(|L3x&Gk(YBuNwRZ^xtX@Np;K14vtf3HpGihah*^4AUWQYFTe4?W zAXl)ti?)wfVWpdAiJwtLhPInql&h~%R9cW@rdfGWVopG~Z=|1#Q>A-mB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1L6S?TZ>3XKzQ0jcU_f3vuAjMMaG+yQm_ewvc9CatN|IAWpZQFuH4{of8%V^ zOq105g4EI=6 z^MF*-cGdVZmIUVT|&Ku~gia)fJss$-^MuxC+5 zc5a4~U#VLtS89e|fk{?thk<@F z$hzvHpd!7R>PX%6qSVCVR0S)G7#9WK!T=R}g*>GgJ&inGlN9rc41ZHIKi@D&#w`6y+aGvxR*|$2kV%gFiN31w4F8^F-SfG3PIq!)oR>AX?Hy>2amtwda(RhFM zkK;D4tS%-nbLc#pdBCk~BWwEI_nKEy-D?E3m?AEwdDlyQl-${sD{*<1pkz~>cn`N3 z+m}yHc6)0cp17yKY_IPBjnWhSBF?x@v@i6Ok-PSw-G77Or8kb;M~>X#V{MSnUDtf3 zO2)MNwQM)%#f|H)&xxP)uA^v18Q+B-$y&vW2X3>P2TwXad)DlmFHQ6& delta 845 zcmey$`i5#{?Sz&l^PGN?RMWKFRkzrOrc7UIuMRsYTaiFo0 z371iJp-WVXe^7S1QD#(GQJTAHU}&(vuc51Xk!xsCagKjwdRVxBPI`%dAeXM4LUD11 zZfc5=si~o*f`3VNPIkFMT6#cAW^%e)o}qEJWlB<{SAB_Lgh8-TMYvCzi<41GcuA(Q zpMQ?Gsb#n;mqkWOfSY%@aZqM)q(OL&c3`4MX+)Y^MLk60<+36W0x%Lh>A3)NOQmPEKhgs z5`FW^ipYu_vkL8s#6pvT;4Bx{Tz!iGFOM?g#B?rQU0sFbg0gZ$m&^$BD8E$Cd|#)c zLc?GaXD8S4%4~DPa5Ix^cWn=UgLI3$YzwaX^_Nw)t!@o!lbSc%xHRs2)@h;XFUtNO z6WDe1()@(835%nzSn{QqOWtJcu)cm@`9Z$=@@bVxCq)WdO*j@5Jg|E^|NNWCuUbDi zY;-#_WKLf@)85suyXtm+d&m#o{^vP+WL8GS)$W>@%d+}v66wdq8V|K4YMS0Zn1DR6yyspnxu0B8|yod5s; diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index 1d64081..eebc180 100644 --- a/secrets/gorgon-backup-passphrase.age +++ b/secrets/gorgon-backup-passphrase.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg MxtQYFyYyErJW0Uaelu02iRAoksaVDsZD+55ADoNphE -pA0OKXbqXrNWwbc52exj22cbMsFVCjk6hwp7KeWYyyA --> ssh-ed25519 Otklkw c/v7Ux1D4FtdIa0fzoEkGJSH+/bexN1nJUfLg1Ym7lA -Bi1cIh9wjppaBSpTLh7HdpJX+ZcGOLDjxaDUJXbJ6+I --> s2,Qn0%_-grease pZM*A 1( -4W6WjHNho1bIzpd+IFh6fHQgo+3d5FK+RO5TOZw+T6A211bvOCoHG0LBZfpohqKy -Q6zFhrMxOtWTne8uvX5hm9yXV2+cd6EbxOuk ---- ZFD001UDd7ZmLNT8tG8ecnVIF0UgW0YQhh15dgUjVJI -XéËÝÁã©-KÕA—üsß¿Î,u-KYo¨ëÚHóÍV$Ba¨¢…à·ú^…À]Kã:UMfwß; +7.#ÑJ^'æ W– GÅFø \ No newline at end of file +-> ssh-ed25519 0aOabg 9925sO5KCINg9I0lFyD7I83Q/inYVtVvtzskAo0UnW4 +7WrwhYtGh4tGV1MOMN5Ok/1xqOy0mek2SOjC3gQvPOI +-> ssh-ed25519 Otklkw l+H64LT7yh+tXhBqxkI+C+U6/6boKV41YVay2cGLNX8 +nCsvh1IIFiQDeNjdkurHwxT0VEZt8yBkvQoYKacZB7g +-> SZr0-grease +AVV51s2iYes+DKhlYlNDzaXs7BPXaqwzjJLzMapEK31iuOs7mRKK +--- NlKhbaqBp78g2+PLSHhm4RE2CT40JFxEIpQCrNwAtsI +ôCÞŽø ðè‚urY—#Êç(ËþC  Ä{$q2{0;p}06h zH#Nn`)YQ;Y!M`LsC%ass#LvjgD=pEzFe}{CG}BQ(q~6cP*gw}P(mg68%qg=nDy_t+ zD$Ok|%q2IUE8R8Fv8>1?HQmh8I5ari*~rDEG{;TfHNY$|xHKf&E8Q!_(n32oGDqJR zWL=GJdQoa(ajHVRLRDm5VqjvXC0AydNrAaVX>e%1sefvuzG;@ek5^t=iF=Y?IhU@k zu7YoUMz&K?US3J2pG&4`a8`kSif2}6UZk;Op1Zb(Td9AtL7-`Frkk5tP$bukIvKWw zv37ej+2>tg2yx*xl&uuE?<;(qf1RCwkL7O#)9{$5GpDZUk_*_Q=6XuiTI;0Unouz( z!9_DQ&n@UXp>6BC#&M44r8CSORaXQ3w>zmVVbiF;8fX8~V7}$)8I!l3k+|uzNB&v) zqtYj}uF`H9NhW0nZyb~OVpYoYa`_9Pj^~SB+Ht3Df3&b2yltuuX6Ep7|U4hguGHvOyFCz<&LjmgU1 zlXd*I+3tH%!l^rVeo$H#A7j>|%wvDPOch(fzDLjOg?*3g4PM8fSsEttjt&9rEoOJ_ ztr9M(-DLA~tM%O(kM12W4(Bm>mGZfUUvc}KD<#|ACRz1zXtxH?)s{aMaGCvA@8KSg`D74Ge6n3J&{02c{0LjV8( delta 756 zcmZo+o5D6hr#>Rdz&Xt%DpQv+}F7x%`ZJKBG}R(GB3$HC@;~^($w7CJv2DHAj>4!Ai^@mwW_=v zWL>ImdQoa(ajHVTtAe7oLb`%Su`yRrWpaLMp-G8HWo1!tvZ;%HL3v`3Z(w$DX;H3u zs(E0&M@ddjpqXiIX&{%buC79OWpaU;Q&m}^qlcrjv5C2ln|pzOg^NdEvQu%6QL;&P zL3u<)QIJ=1q$ijB^Qs#&Z(h#0^?7SUeDpf!2O$QW$JYM(dGqqreOeKH-VN=se!ACW zWf(+7U0k{XG^;w0!f8kLTXWbTTMR3T~Sy z|5@|qH#wtynb+%YOY0fknO%9eBJIM(H3Ab{dHZgzt{yYzDyNy&AKL8$n5S(2@ZiwzTeG|CYX9c1XLvlS|i5p}06h zH#Nn`)YQ;Y!M`LsC%at1EVSG^!_(1MKg6KeGsM-xq~6f0*eoz2+%YIw+c3&3$jQ?` z!!^n?Io!#UD>UCJ#55>9zc8oJpfIT-KegB}Gu1h}uq?UEGtbp9G1$>OBD}IPJ2lr8 zWSy~wda7=EQEFmws)BcFR#jfUrp zc4%5sgj0H^S4Nq?w|ilvk3n)yzL|fZWp0i|NtL_1VXD8Eo4J3sMOA=twzsoqdWLp{ zMM_dmKvhIaIhU@ku0pn1x7o72Qe?aK^$%W6k7xZ`*FJwBgOil3SYXOb3>HO2b z9f?#Gej5tzVAoc#a47epNlUg8#YB6u(3}0MR$f AnE(I) delta 490 zcmcb>(!(-Ar{2xeGe6QIv(U&j-5{)7KiDrg)hXP?zdR{5IW5hj%Fr;xAUG!@D8x4_ zpUX7KEg&qjEHcR4$RNPPxHM2dS-a9CBs9V(GdM3JKOi~LvpC(!EF(1_n@iVDp}06h zH#Nn`)YQ;Y!M`LsC%arBKSkT8v^==XxS~)y$}-Zzqdqu1BHzn2s?5N=w5mKP&nYw@ z%C)E}BhfgSE3io0BtNa#H7~#*q}(}KJIg%SFsP(dKf=Pj(AXd~GB4Z9t;)r%%+S&V zWSw_Rnz?RzQEFmws)DX@kb*LoOKxb9L3((4Nl-+2USg7?pL3yhL3&oMU%q2@Za_|Y zhNo$Lq_KfTaFDr6V2Pi5N@Y|*X>edllzD}lNkF7~Fjum9sFPDxK#)_o0hg|>u0mRI zc~q6ZxvRcMd2y0qj)zH7QhHfHVwiJal}B1}N|j-Wk4tH#Qzdy69l)3z@%8ieSg<^rh&s+Vi i?5-4daGYFmq4!4BN8XE15Ba}6@zM8Cw!qTbICcQ4-LuvJ diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 9caba1ae70b57a1b8a5a68a7c695a774c01820d6..1ab7e0e0c236d98439cfbec6f8ae505d60d2c79f 100644 GIT binary patch delta 387 zcmbQiyo`B*PQ7PnMVM2Nk42_?WLT7mNp@kNUxjhHi%WrFcvVHAsj*X)SBY_YP+5Mq z1y{IZMY&tHvs-XlhI4RoM3QT1m}8MgNwS%Hah9i1dSGO#xv9IOc5r@{Ku;5&$|@I2lkmvk zvJ{sZ=PLiQ@S@DDyeKYRU0sD-*PxPcM?#ov7bRmSg@C0MQBw;YDiMHwn1LHTd-kKKyZ?8c4mGk z$hw5wKsDX;qSVCVR0Zc~<7fr#WQ|%A%EVNkvWk>UeG`vx$25Q6vIyS_%Rt8r=d!F&E}6oK zOUk^TE&ac=>!7mJ@&6*rHm|;WrCUg`>94shp9;TNc~o}7;t%#OPgb9LyyN}+%&-uN S?Tc$(n|FBMjL%-G{}BLc9)Bv6G|JVvxT-K$-{0G#vdlOw&%GksFUh;8v^cxc zkt;0J$2hal+_F;J$hRmx-=efg-^0*detV;GXKG)^ zRYS9X7iuP#t~nGmK{l#ngI37=6`$%#F0h9FcUrRj*%^u3kJ8laHysIyD|*|^rrR9# z#Y={tH+s{LfJ2L#^<84FAKucmXVKhqO5VTi?#<%5?%Forz^wl0^M93-*4|jZqLoqN zTb#APcgf$6+J&vn(yc$uBWC(>OO7 zWL-$GpKf|lYGQG!f@49Rf^w<8iiUxvj)H}PVx6{~j(-}Ld3H{5M80K(t9hzng+ZdH zg@IhVFU zs6lCHxuJ7zg{4tmS!986wvVN=t9FQUUV(qOg|?TIxwm_WWtwklu1l_|euaB-sgHAh zvb$M$QgV))kujI4BbTnOu0onYQI2PtlT&fMd!@UZVNOzJaBy;NSW&TarI(?5L2gEH zNN%E$N1#EKb}?7-MyE$hb`&tC&S8|jon&15_qb=9$1P!n!(X!VF7Bw-e#ZZ!>RC6( z>c%VgME8q4SlZp86aD#z)Rj$-_e(W=6^zMS-e$7RH?O4RZJ>#~H}{;1iQBb#If9Fe zt+Z~{Up$bP;J&vw;=$|-RY_?_Qn@F&8idWTvG$)4xY#y4j9)1v$Ia@=2vFt<5xEI-TkVZ zUFEbwvca4`d+MC6`gbn$O|92`lxQ<&g}Xz)`LoW4CvVo@X*+)WSYUVGE0K%c5{C{6 zus(dYWs9os!T;+Pt|%#ThPF6{LJuYfsc>4c)$c>c5F*db}?_ zo$!B?v1nF{LqyY=NYQNH{dOM{9POE{1Hxu)aDREKPyeQ{)87SWPb;#_I`S{->6~@k zODzrD+k$3ZT|WI-=J@U_4;G!0lVo*Qne%>#Wpepvv6auA R7P+yOzY^Xc-Lp~95dd1tVPyaS diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age new file mode 100644 index 0000000..7efca8c --- /dev/null +++ b/secrets/miniflux-admin-credentials.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 jUOjpw HIvtQ2CaS+Ptl06tKVCwMzoi4UZm0GcNO+dJJjGZm3g +JZ68fxpbY55B2xMG+QG3yNYMMQgBxtTVMtHoXOqUlrQ +-> ssh-ed25519 Otklkw kUySbDgMFgWVEwL7rXs15FDISicEMH06qXIxudO/2jY +VbVX2/4wYojcWm/GKnZAP3uxQygcm6BcNO+iphqIos8 +-> o>]-grease d%oS;Ov l + +--- /LWxjPTlr/au9B1Kn6+apBZnTROxCqs8WKmtPINbDko +t/0‡Ðc®ì—Ü#Nþãߦäé@Íù¶±\ß3åi,5²á3Avæ¶mrœw*ÒµÒ;þ«$•¥áŸtƒaåä¤î£‰îMg®éñƵaæÉô \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 482c190..8762e91 100644 --- a/secrets/pruflas-backup-passphrase.age +++ b/secrets/pruflas-backup-passphrase.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ VpRlsUErxZEZErq6I00VT68UmldZxwvNUNThtyHk018 -P73fCgVg9K9ZFdvl3Zrmm1GGcTlDLi5mfsEcHxCbcJk --> ssh-ed25519 Otklkw p06KPkqvFXvB07/yXkZmSzmzZASA2IJpNCY3hKqnUVo -e6O2NH4KVtqPQfew4++pprbcHANsvemybeqB9SEhEYI --> q%f1-grease dRH3(# Y)tQV [: \xNgmi4+ -QKbFPHhDVSUTqidH0FrlhCMqoKT/ySgPXSAMVEQYVl3aQbBvX6/4nUac ---- 8bt7MoQ9fprGESqngxXUiOdQvCdssgoiF4rUKj6BeS4 -󋃂q·ivý‹Šûµ•ø½UuÉÏ5û–Ë°®Ñ¢+û„nú¹lj¤Ç2x•49žïÆ!0ÎO~%t \ No newline at end of file +-> ssh-ed25519 IXCPDQ VbUG0IRip4izfPy6N+F2pqf6x4I+1sNCHBoXIFkeDgc +6GpwDE1gyZ0ZY1xwxXevfaKbBgxf3ejl5u7tAQy1po8 +-> ssh-ed25519 Otklkw Z5ijymE5Hxf5swuOk3ZMDnnCY58AJDW72Xvtm6PNSRQ +WfNQD1CQFjddq2HVFzVucYMggZpMFLFrIGhL5iVHFFU +-> 81Dzfax-grease zDYB +O0b1HCDGNbuzc8FB0dmmWCGsKn+XaJ0Evs6Fk/fUqnznZ3q0X5ROyNNvMaLhuW3c +V/q2AhaXNAnTpTr8/v+e +--- kkf90OQdUMEyJPyQNOVoQauX3RceUvD6eawbr4rYrow +àîQ|¡®wW¯VØ G¹+*X¶['ÁD‘ñ ææÀóP¡W¡3RX¦€=°Sò£IE©ø ªÂò¾ÓP U \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index d8326b0e8e643a88d364b8622d3fe26431f76537..0d48b910e133ed6668737cec86ec46fe1ed99c3d 100644 GIT binary patch delta 809 zcmaFCc7kn!PQ7bZn1{1vo`G*vs%c)RQF>lPwo`$phlN{!yG5c$kXf#mNmP-siMw%j zHdj?tdS!O7sjFL(Wr2%jg-K*qda-d)ex*l>pHp5&c%{E_X;N5~rKMp+B$uw8LUD11 zZfc5=si~o*f`3VNPIkFMp^LU*g;S7=iG`z6K%P&&YkgR1YH(^ng>h(pMy`L9Uyf_3 zv#DWVN@|q_SEP1khHuYpfcVx*&&c}a)` z$hx|^G#e+S(hS}7qSVCVR0U^~DuuN40EHTbfC5#eT&~KBM8}|%F#k-qoV=>M5T|fs zlQggTGGp)TsKmmOyim)MSX^cMOmP+@+rgTcRIKEa!;>YWAQF0f=fB)>aouxa$K?3a8&h;sPAoLAe*f{x`KebJo%STzEso!5 z>eRz|+~?rMO=}n@{Skd){bbXUfNg@`O$%-ALLGO?bBD{NnpC-e(DtW G%V_}bR##R4 delta 841 zcmX@X_JVDKPJMAed5ED)ep*z7UzE3-aX?6rVMa!hM@o`wW=5`dzE4DXRDff6S-D|G zHdlseW{7rvS(H(FS#h~*R7HwOP*i@BySsCFP*P-7nzvI@W|c{1en_yTBbTn7LUD11 zZfc5=si~o*f`3VNPIkFMX_axZt5acda;`^aYIs>hP<=$IM`>Y3aClL^rFlhpkxNcl zhPi%}L12Y1mv(waQeL1}V40aokYARQNtHoFv5`fTdx)1uxM7NOMPQ(jmx+Isg;9Do z$htgj-Snc=#Nt#1r+AqT))w9Q{Bi zze=C_(v+-F!!+O2fDVlTr` zZDSLEOOvuF6Elk(=Zq4cw2&lkv%tiPyu?Dog7Uy9w=ma|AhS$A(+FpuEG{lxU0nr# zQ?7-|!0W9G@sxXRop_=afLMr&ohk3t1#= zJ9RJ6k>OAGtt+Z;w;VNP)-CGrT{+dgSEMlXoKZyW-6ye&rfps#%jxtt?RQbSP}2Ss zZN7JAwtCE0<(ayf-KL3dkgQQi4mU_oo?528?lfDo+M-}TPu8xgY+Lu491ag>8zfyY zW1py7&laEEx_!c@7Y_vv{%L#29PhRIy~M%N$CAEx7sO>qH%1bX-(+ ze$jO0>L;0h_n+JHYdKB0@%6?{eXfpUekno6k4{)M1S{R_7n+fTK-Et!;|+W+17o1N^T-PMc%Dgte+UAf^ujM)@oX1JXE(`Vb? zt!{9#7q1^@HX3jEW}!NL jTlB_hpQe=C?tPkgPx_{{*KLtqZ|ZL|EL?unRY3p%{ijbe diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index bd05039..48f69c7 100644 --- a/secrets/pruflas-wg-hydra-key.age +++ b/secrets/pruflas-wg-hydra-key.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ FRY6uw3eRrqUYZcnick1yxcSyEHuWkM6TMkOWPFuq0I -GLZMQFHoi4eJfbxz8kqECoj7ju0+scyNgWyILwGuJGw --> ssh-ed25519 Otklkw nznkiropYOdg3MMMEXmRn7GKkb4GycoNtKqsWwhGF3Q -77AEvdNpqQrppOm4ZQJAM4WPXtE+ekAufBSAMBO9oYY --> 26-grease Z Sz rY0V d\j0aR[ -f+yb ---- fluVV/qz+D6+MaIbIvzWCDWEhWHjC1TmgsD4FweilGQ -³µ"ƒSá-‚àÑp&‚àY“HfS»HêU9(Áï}æd°n‡øcU$/Éy&œU0v±Ð##!Æ=ñ©­ÿ·üIÍaád° l¶ \ No newline at end of file +-> ssh-ed25519 IXCPDQ uawIdwF9OtTw/T+fxwxkqdCRq64HL1UeMQnWK0u+Z3g +zEKpu/bdSapYM0piNoqiLNuUit1exx6ZIiXmsEDX8CE +-> ssh-ed25519 Otklkw ilkLObEIp+/4VfZM8Xt927xh6ZF/dBF+PInbyi6RZC4 +9t65163vGEnbApN4OQ639JNLrwEQHDH0nikou3jHlnc +-> 0FJN$-grease X!M kI~E|gX +mGoZVxbAOLq5LXGj9hPjMNLJxUZK4jpYa/wsyiVgkxTm09AUN3tmlYFjhDClpRfT +Id1zRQ1+ +--- slPVZ1Tqz9Vr2drSyuTarmm0Et9FvjAjsXvR2DSGRPk +ÏEŠµÖ–¶„¡;1ä„Óøà–ȉ†­³ûVãJ¾Þ „lj@jò®šAÔ6æv9Ü·0앯×u’Y¬Whžú\yjØü}Ö`# \ No newline at end of file diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index fdefc94..09d3f43 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ yZsU7q89HVxP6Ldup2noEaGy5+SzFzuMtA4/+4mQfUU -w1cM4NXL+M9RjRjuYswEWYhtiWPgjlJEdwm9wQ9GF5Q --> ssh-ed25519 Otklkw O8jQnBDmaBnKLHU4nAIeRwkXE3ovdw7Y6vmZcmwqpUc -rM5wbfCSQhA0wxfRPVLB7dVl8L8aiB9eWhTX/ARV1YE --> pJ-grease ~4C{og l_ -pXTBa1xB/KJU5w ---- +w4Zc/+fVRky0Nzu0R9cc1MKAOgig1swtCLDrb6M4WM -³_Í LJ ´îŽî Õï ú²pÆB„´ûÓ$Ÿ£fÓ’xw}îAÕÎ6Þ¤6°P²Æ-{+öE±þÜ[FßÖaýWœ,ØÂ…Žl¶­Ž& \ No newline at end of file +-> ssh-ed25519 IXCPDQ Qg6xQfJx/eBP+UkFRGoH/GJf4z8/DN4YVVZm58woLH4 +0VRw46oFMdPXyZZfuWSfWAwcprKKUj/O+8pURvrRdYg +-> ssh-ed25519 Otklkw y0cWlk4UO1NmKfTOVJF4z6QcKO96sLnw3NuuCNEZzC4 +3bvuqHug5Rsi69tM1kUnEDIZjJLsbqKt9UsEsQ36Xg4 +-> /-grease 5B 9m!v/n_ +Ye655SZ1lLXBsz3ST95H7SqG3+CYNpiF/X5jm8BoTkATh25f6011oYyzfja8DI9V +bDPP/4qtq1IaNtOarW4 +--- SF8+5srzcd3gzC0/pCC90QFIAyfX98B33/Vu6xAFVok +8HÞŠ3 Ú˜:Žƒ?¹ßŽ"6Ì”hg‰ôhû‹-½Ðm¢§–4ÄŽÿXKÇ`"Ù3‡šmNY¿ ²õ'ÄlçÛ\µH¶‘«$¹E \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index 2756e64..37749a7 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ Q0ETN6DFshfo+YouSf/YWX7u8otnnAqZr/Y7qxCRiTI -5LVB4bzpysObZJkmJJw2kgE57lZKs2XA8BVSwS7y/VM --> ssh-ed25519 Otklkw Lgo+x/ODCP6e3SHg2rZVNNLZkHCCT7YMC7MT0Fa4dHc -bX+Bja0SeGBzNQS3vUGj+GVDAYVTgyGQtPw5I0DWPdU --> 7&'U\;\-grease ot 7f'PU3CA -O2UHtKXSTN5TrfVh7ROQ8x9YLynOFvrxK+1kSW42hGbTstOdhBAlNfKMdiIM4Itn -k7Jshx6UTqa8dF8QIw2cme0jFkF8JUioj7uQuusGBG/WZg ---- Wau438nNnP4srJ16gRGC/9jUdCB6TjBgxc2kZVRsvn0 -´fÛð¯m7¬ºöÛã\ûÐVÚÚhðê¥ëMeöm¾^õ?EkfPû7ÔÄh¥ôäu]ÝnÅ+n.>†É ssh-ed25519 IXCPDQ 26Tx0J994O7tNFH/Du/0+aXIm2Piv/E3XR+3S6zi53E +/gQsKKxvXxGZ3Ij2SDlDwVQ7l+dP49OSXjGksd4jxs4 +-> ssh-ed25519 Otklkw TDSrNWf7714IaGoiCWVeUkzRvlL5GY6jPXdRFTEVkQY +IXWZf+V/3l1Z96pkepS7e26YAGxA5tXczBT19Ate0Qc +-> B2G_Mqi-grease C(c0D U|eF%E NI[cL Hcv>G;E; +tn4gxjXc36nwxhH/+27mr75yL/bEMtrzycrNseEDBa/spBI0zKX6Kaqvo002kJ0O +ZoBuqZtD0C7aSFuJnThgvEdoezY4+poRGc7qs9eM +--- 5nN5k3/r28YT65sq5yG32gU/l9C0Edq1LeBt+DTWvOY +–¬h0uò&bÇÃýÝ…’ÃÝâ ®4™iâpé¹q¦&A(ü¤Y†ËQ~L»ŽÜ»ÄÊ'•EÎ’#) +O³å[}­ÑIÜ O@Ü \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d10ec43..b236900 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,6 +17,7 @@ in "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ]; "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ]; "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ]; + "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index b2ce621..420726b 100644 --- a/secrets/surgat-backup-passphrase.age +++ b/secrets/surgat-backup-passphrase.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw ikxbgvfWvYiUFTLNy5xUrKC8s1kgan3QIrETluUkmGU -Y5LQz7aPC4g88U0MkVAoir5CKWpekwJEVZJwdDfW4wk --> ssh-ed25519 Otklkw QBxsdqftDsU5+DEPH0zj3WSidosaoA6IepyNK+zw/mc -fbf7lsPi+AIcRBWwe82ZUlmXHsEbN58iV6/jjk7XIcQ --> qY<-grease A zw lCw -FJORgHmIMl1Lz71zMvlrCcSTfGb5QEwl6gv0Z3tMurt6gIGiXIs ---- DmTEAWa//clLZyqQlAF9mi7ypBdmhsNC/h9ptJc8m2I -Žùß|1à ë͘âáú%ûHÿµòÄÆóqyŦ"P€õZãĶ[-깄·œ_]‰yÏ æ(Yª¾ËÉí \ No newline at end of file +-> ssh-ed25519 jUOjpw u4ifSfdgxQsYbHtedN+O6YYvTAcOfNgUdI9k6GwJ424 +iFE/eNTbfRhDvAZhfbEcqE8HwgWaaymw4SvoMDdjoCo +-> ssh-ed25519 Otklkw NSp+/vP+bTKUBhuqOO8+0fSpVZWybLCj55BXcKXcsCo +4nsPRCiW7jsPxdONrfYc+2Nn7IshzIanAJx8z7hGCCU +-> %)-grease ER#$IBufm=m*YGtLiQAL%ZUrtbQSy5qBB$uw8LUD11 zZfc5=si~o*f`3VNPIkFMdZd1MYJ^X6m`PoBq6|;dz;LIC&>{nq z5a*P7&&u%doJ_C6a^HZ6+{zT~QcLZsY;RA)?9iy9GRpv8BM-k&&k{4AvS2^13Payq zcdzgyPe*OHFxMPoZMOn_|AG>4gHX39m*8Myr(&0)$n?Zei@c1Ge9NQ^k4RrGU0q!T z6aN4w0?ik!k+GYfrRuFYFLlRtHw zTXxub`E_otoBgIjjN0E9DX)*2-M^?n(T|riy?3|8qR_)xVGsB3ayAGo+x5nhJ7I~t zVWevC`Gt(%?30h^d@K1L>Um`4x-H8sPaY1O6uxi&0p?3*EPg8Q;jwvVlWG}gr2;kdG?@@c-_C7xcqujijCI`WinebnJV z{;$6or}NC%k+i+$-pk+H!;@MaLVtM9nNYgpuKnin^rJBj^|y0O7~6iv&o$uEIHHkX zuz}CA{K)j0S&b`Vw6C39+jioQ`<@-~PA~T`IPbJdc$6)_cW&tEcMFW3Y2CbF#C81Y z%H>H3-x)Z+Ge3>Hvpx0KwJ)1Gi@sJ&_Fu1)EUEq>HnJu^Z2iM3qhC?0`l`EH{@>ft z=Ke8WQX}Qr^B>EjveiF3$Gcfs#5Qs)Vz?!wU3l)G`RAP0EVcB=En@esuU6w^53K!Y ns`!z6>XY=&wf+)ko~BjT9!*wud(C%2x_9D1qvaF7pScMDECgBZ delta 777 zcmaFKwt{VfPJOOVv88r|xp$(WWk6oJiE*)WerZavWr#s&mVaJiO0s8VzIKLrMM_#$ zGM8nkZ-sk$d0>8id1|`3epFUQSY=UKeuzb`Q>lfeo43AGUZGcNajIWhHkYoQLUD11 zZfc5=si~o*f`3VNPIkG1QB*);P`GD!SGs3XMrf8rRb_fqxMjMFf0BMsrL$$Ro2h=fUy{CslWRswwr6=|m~SB1 zx~g2=^rF`_im1`*MW}EiR+Tu%ytOfaH?Gv~r82ii`qhr!=Do zZ})l=v#6llf@Jp!?Fv&fZA;gD!=UV9Prs4~50k*maxPt6U4~xb< zgRsPs^c0`m%8*K5%SbPu>@uecmr(!Aywc#Ta;{mwGE{$`j$56@XV7Yzu zYVYqH{d?I-MW{2jNhJtO{T3;*{#(N_K>ozL6O zeqNLRhiw7(^gq7uwL4Dut#Wz z_ilU(xox(n+>2S^IJb?4o}i}a;+b-*-R5<)#pnyp;5=Jt(N-_^<@yaZO~!Vgi<}G8 zc62Z|Rn2PbU44jsdO**NC9czSpC{_Ro~5S2v@?S5cX@Tz>bVt1ont@7+=^$8Te8)~ zUN8P?ig3D+;9C9w*}97syw47qHX1JfmT0NBTtBMrXy4f%Jvz_V+zC15!LRdT^=;WQ X;WdKdvhU_E-)6RU`OKELOfA0wkb^!O From 4982dbdb5ae6d1d01935029afcb55389f3f85184 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 31 Oct 2022 14:39:23 +0100 Subject: [PATCH 461/988] add config for sway --- home/home/default.nix | 3 +++ nixos/gorgon/configuration.nix | 1 + nixos/modules/default.nix | 1 + nixos/modules/sway.nix | 40 ++++++++++++++++++++++++++++++++++ 4 files changed, 45 insertions(+) create mode 100644 nixos/modules/sway.nix diff --git a/home/home/default.nix b/home/home/default.nix index 44f5ca5..ada8352 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -31,6 +31,9 @@ in programs.gpg.settings.default-key = "99658A3EB5CD7C13"; + # Sway is configured in .#nixosModules.dadada.sway + home.file.".config/sway/config" = ../modules/sway/config; + dadada.home = lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9c5fe21..438a2db 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -51,6 +51,7 @@ in }; vpnExtension = "3"; }; + sway.enable = true; }; boot.kernel.sysctl = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 834470e..9b0bbc9 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -18,6 +18,7 @@ secrets = import ./secrets.nix; share = import ./share.nix; steam = import ./steam.nix; + sway = import ./sway.nix; update = import ./update.nix; vpnServer = import ./vpnServer.nix; weechat = import ./weechat.nix; diff --git a/nixos/modules/sway.nix b/nixos/modules/sway.nix new file mode 100644 index 0000000..190d13e --- /dev/null +++ b/nixos/modules/sway.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.dadada.sway; +in +{ + options = { + dadada.sway.enable = lib.mkEnableOption "Enable sway"; + }; + + config = lib.mkIf cfg.enable { + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + wrapperFeatures.base = true; + extraPackages = with pkgs; [ + qt5.qtwayland + swayidle + xwayland + mako + kanshi + kitty + i3status + bemenu + xss-lock + swaylock + brightnessctl + playerctl + ]; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; + }; + }; +} From 6e6424bddf002d5664392b023416a993d5a4def9 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 31 Oct 2022 15:10:58 +0100 Subject: [PATCH 462/988] gorgon: disable sway --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 438a2db..b35e3d9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -51,7 +51,7 @@ in }; vpnExtension = "3"; }; - sway.enable = true; + sway.enable = false; }; boot.kernel.sysctl = { From 0ee7ca426a6fbdc6a1e5966025568aaffa424d77 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 31 Oct 2022 15:12:23 +0100 Subject: [PATCH 463/988] remove sway config from home --- home/home/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/home/home/default.nix b/home/home/default.nix index ada8352..44f5ca5 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -31,9 +31,6 @@ in programs.gpg.settings.default-key = "99658A3EB5CD7C13"; - # Sway is configured in .#nixosModules.dadada.sway - home.file.".config/sway/config" = ../modules/sway/config; - dadada.home = lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) // { From 4aa4296d23e2e96a690bd8cb0848892289120a56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 15:23:29 +0100 Subject: [PATCH 464/988] build(deps): bump cachix/install-nix-action from 17 to 18 (#23) Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 17 to 18. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v17...v18) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/nix-flake-check.yml | 2 +- .github/workflows/nix-flake-update.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 43e2906..9680d2a 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v17 + - uses: cachix/install-nix-action@v18 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index d1b0b6c..651feb4 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v17 + - uses: cachix/install-nix-action@v18 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | From f70053b110e3f234dd23315c318b2bf30f6c45a1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 1 Nov 2022 19:14:49 +0100 Subject: [PATCH 465/988] home: add config for helix (#24) --- home/home/default.nix | 1 + home/modules/default.nix | 1 + home/modules/helix/config/config.toml | 6 ++++++ home/modules/helix/config/languages.toml | 2 ++ home/modules/helix/default.nix | 11 +++++++++++ 5 files changed, 21 insertions(+) create mode 100644 home/modules/helix/config/config.toml create mode 100644 home/modules/helix/config/languages.toml create mode 100644 home/modules/helix/default.nix diff --git a/home/home/default.nix b/home/home/default.nix index 44f5ca5..235ca59 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -17,6 +17,7 @@ let "tmux" "xdg" "zsh" + "helix" ]; in { diff --git a/home/modules/default.nix b/home/modules/default.nix index f9aaa93..7120aa8 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -10,6 +10,7 @@ git = import ./git.nix; gpg = import ./gpg.nix; gtk = import ./gtk.nix; + helix = import ./helix; keyring = import ./keyring.nix; kitty = import ./kitty; mako = import ./mako.nix; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml new file mode 100644 index 0000000..c7e26b7 --- /dev/null +++ b/home/modules/helix/config/config.toml @@ -0,0 +1,6 @@ +theme = "dracula" + +[editor] +line-number = "relative" +mouse = true +auto-completion = true diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml new file mode 100644 index 0000000..b7280d4 --- /dev/null +++ b/home/modules/helix/config/languages.toml @@ -0,0 +1,2 @@ +[[language]] +name = "rust" diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix new file mode 100644 index 0000000..4278343 --- /dev/null +++ b/home/modules/helix/default.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.dadada.home.helix; +in { + options.dadada.home.helix.enable = lib.mkEnableOption "Enable helix editor"; + + config = lib.mkIf cfg.enable { + home.file.".config/helix".source = ./config; + home.packages = [ pkgs.helix ]; + }; +} From 16666b8adf3cd73873ebb1737c42362e8b0b56b7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 1 Nov 2022 19:38:55 +0100 Subject: [PATCH 466/988] Fix cs (#25) * fix format * make pre-push hook into pre-commit-hook --- devshell.nix | 2 +- home/modules/helix/default.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/devshell.nix b/devshell.nix index 139bb20..f9bd67a 100644 --- a/devshell.nix +++ b/devshell.nix @@ -51,6 +51,6 @@ ]; git.hooks = { - pre-push.text = "nix flake check"; + pre-commit.text = "nix flake check"; }; }) diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 4278343..b8b6711 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: let cfg = config.dadada.home.helix; -in { +in +{ options.dadada.home.helix.enable = lib.mkEnableOption "Enable helix editor"; config = lib.mkIf cfg.enable { From 0695685e739ecf16d850904ad132ef8fd3a24bb2 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Nov 2022 11:13:06 +0100 Subject: [PATCH 467/988] override helix with newer version --- flake.lock | 243 ++++++++++++++++++++++- flake.nix | 1 + home/configurations.nix | 1 + home/modules/helix/config/languages.toml | 4 + home/modules/helix/default.nix | 11 +- nixos/configurations.nix | 2 + outputs.nix | 1 + 7 files changed, 253 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index d5aa088..b9b9cca 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,39 @@ "type": "github" } }, + "all-cabal-json": { + "flake": false, + "locked": { + "lastModified": 1665552503, + "narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=", + "owner": "nix-community", + "repo": "all-cabal-json", + "rev": "d7c0434eebffb305071404edcf9d5cd99703878e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "hackage", + "repo": "all-cabal-json", + "type": "github" + } + }, + "crane": { + "flake": false, + "locked": { + "lastModified": 1661875961, + "narHash": "sha256-f1h/2c6Teeu1ofAHWzrS8TwBPcnN+EEu+z1sRVmMQTk=", + "owner": "ipetkov", + "repo": "crane", + "rev": "d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -63,6 +96,22 @@ "type": "github" } }, + "devshell_2": { + "flake": false, + "locked": { + "lastModified": 1667210711, + "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", + "owner": "numtide", + "repo": "devshell", + "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "doom-emacs": { "flake": false, "locked": { @@ -113,6 +162,66 @@ "type": "github" } }, + "dream2nix": { + "inputs": { + "alejandra": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], + "all-cabal-json": "all-cabal-json", + "crane": "crane", + "devshell": [ + "helix", + "nixCargoIntegration", + "devshell" + ], + "flake-utils-pre-commit": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], + "ghc-utils": "ghc-utils", + "gomod2nix": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], + "mach-nix": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], + "nixpkgs": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], + "poetry2nix": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], + "pre-commit-hooks": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1667251335, + "narHash": "sha256-nb2H2lsHQt8BQkX/uILJbJ2H80v+Dd9HbkYgWlASqdk=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "4b3a139c506582f40ce733eb4a91988242e17358", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, "emacs-overlay": { "flake": false, "locked": { @@ -318,6 +427,21 @@ } }, "flake-utils_5": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -332,7 +456,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -364,6 +488,43 @@ "type": "github" } }, + "ghc-utils": { + "flake": false, + "locked": { + "lastModified": 1662774800, + "narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=", + "ref": "refs/heads/master", + "rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea", + "revCount": 1072, + "type": "git", + "url": "https://gitlab.haskell.org/bgamari/ghc-utils" + }, + "original": { + "type": "git", + "url": "https://gitlab.haskell.org/bgamari/ghc-utils" + } + }, + "helix": { + "inputs": { + "nixCargoIntegration": "nixCargoIntegration", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1662052066, + "narHash": "sha256-tMO4wFXVRE/TPxOtaEpgu95Hff8PekqXZPt4e+5Di78=", + "owner": "helix-editor", + "repo": "helix", + "rev": "66276ce630cead06c84394768927fe20490d0638", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "ref": "22.08.1", + "repo": "helix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -388,7 +549,7 @@ "homePage": { "inputs": { "hugo-theme-anubis": "hugo-theme-anubis", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1655227494, @@ -449,7 +610,7 @@ "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "format-all": "format-all", "nix-straight": "nix-straight", "nixpkgs": [ @@ -497,6 +658,33 @@ "type": "github" } }, + "nixCargoIntegration": { + "inputs": { + "devshell": "devshell_2", + "dream2nix": "dream2nix", + "nixpkgs": [ + "helix", + "nixpkgs" + ], + "rust-overlay": [ + "helix", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1667369867, + "narHash": "sha256-G7SyCunGnO+pWSJJDJP+RtF653Fz+B3jhX9Murd9JEY=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "b89e3d7b0f7e2d0301891586456267435fc54aaa", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1666873549, @@ -514,6 +702,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1667231093, + "narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1629226339, "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", @@ -526,7 +730,7 @@ "type": "indirect" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", "path": "/nix/store/n04lw5nrskzmz7rv17p09qrnjanfkg5d-source", @@ -555,7 +759,7 @@ }, "nvd": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "myNixpkgs" ] @@ -656,8 +860,8 @@ }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_6", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1647022391, @@ -696,6 +900,7 @@ "deploy-rs": "deploy-rs", "devshell": "devshell", "flake-utils": "flake-utils_2", + "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", "myNixpkgs": "myNixpkgs", @@ -725,9 +930,31 @@ "type": "github" } }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1667184938, + "narHash": "sha256-/kuCiXuAxiD0c0zrfDvJ1Yba3FuVdRk/ROfb393AeX4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8f81faec35508647ced65c44fd3e8648a5518afb", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "scripts": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_7", "nixpkgs": [ "myNixpkgs" ] diff --git a/flake.nix b/flake.nix index 92b3992..823729e 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,7 @@ url = github:numtide/devshell; inputs.nixpkgs.follows = "myNixpkgs"; }; + helix.url = github:helix-editor/helix/22.08.1; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/configurations.nix b/home/configurations.nix index 9e65949..7b086a8 100644 --- a/home/configurations.nix +++ b/home/configurations.nix @@ -2,6 +2,7 @@ , nixpkgs , home-manager , nix-doom-emacs +, helix , ... } @ inputs: let diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index b7280d4..0777ac4 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -1,2 +1,6 @@ [[language]] name = "rust" + +[[language]] +name = "nix" +formatter = "nixpkgs-fmt" \ No newline at end of file diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index b8b6711..a95f9f1 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -3,10 +3,17 @@ let cfg = config.dadada.home.helix; in { - options.dadada.home.helix.enable = lib.mkEnableOption "Enable helix editor"; + options.dadada.home.helix = { + enable = lib.mkEnableOption "Enable helix editor"; + package = lib.mkOption { + type = lib.types.package; + description = "Helix editor package to use"; + default = pkgs.helix; + }; + }; config = lib.mkIf cfg.enable { home.file.".config/helix".source = ./config; - home.packages = [ pkgs.helix ]; + home.packages = [ cfg.package ]; }; } diff --git a/nixos/configurations.nix b/nixos/configurations.nix index ddd892e..f692226 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -7,6 +7,7 @@ , nvd , scripts , recipemd +, helix , ... }@inputs: let @@ -40,6 +41,7 @@ in home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = builtins.trace helix.packages.${system} helix.packages.${system}.helix; } { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home/home; diff --git a/outputs.nix b/outputs.nix index 67cc54a..7b78694 100644 --- a/outputs.nix +++ b/outputs.nix @@ -12,6 +12,7 @@ , recipemd , agenix , devshell +, helix , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: From 0003ee9ca0ea2555a8c5f2460e57bf64d1899da0 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 2 Nov 2022 12:01:35 +0100 Subject: [PATCH 468/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/c8ce8ed81726079c398f5f29c4b68a7d6a3c2fa2' (2022-10-23) → 'github:numtide/devshell/96a9dd12b8a447840cc246e17a47b81a4268bba7' (2022-10-31) • Updated input 'flake-utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29) • Updated input 'helix/nixCargoIntegration': 'github:yusdacra/nix-cargo-integration/b89e3d7b0f7e2d0301891586456267435fc54aaa' (2022-11-02) → 'github:yusdacra/nix-cargo-integration/9eb74345b30cd2e536d9dac9d4435d3c475605c7' (2022-06-28) • Updated input 'helix/nixCargoIntegration/devshell': 'github:numtide/devshell/96a9dd12b8a447840cc246e17a47b81a4268bba7' (2022-10-31) → 'github:numtide/devshell/899ca4629020592a13a46783587f6e674179d1db' (2022-06-23) • Updated input 'helix/nixCargoIntegration/dream2nix': 'github:nix-community/dream2nix/4b3a139c506582f40ce733eb4a91988242e17358' (2022-10-31) → 'github:nix-community/dream2nix/4e75e665ec3a1cddae5266bed0dd72fce0b74a23' (2022-06-23) • Removed input 'helix/nixCargoIntegration/dream2nix/all-cabal-json' • Updated input 'helix/nixCargoIntegration/dream2nix/crane': 'github:ipetkov/crane/d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24' (2022-08-30) → 'github:ipetkov/crane/db5482bf225acc3160899124a1df5a617cfa27b5' (2022-06-05) • Removed input 'helix/nixCargoIntegration/dream2nix/ghc-utils' • Added input 'helix/nixCargoIntegration/dream2nix/node2nix': follows 'helix/nixCargoIntegration/nixpkgs' • Updated input 'helix/nixpkgs': 'github:nixos/nixpkgs/d40fea9aeb8840fea0d377baa4b38e39b9582458' (2022-10-31) → 'github:nixos/nixpkgs/0d68d7c857fe301d49cdcd56130e0beea4ecd5aa' (2022-06-19) • Updated input 'helix/rust-overlay': 'github:oxalica/rust-overlay/8f81faec35508647ced65c44fd3e8648a5518afb' (2022-10-31) → 'github:oxalica/rust-overlay/8159585609a772b041cce6019d5c21d240709244' (2022-06-21) • Updated input 'helix/rust-overlay/flake-utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4' (2021-11-15) • Updated input 'home-manager': 'github:nix-community/home-manager/b81e128fc053ab3159d7b464d9b7dedc9d6a6891' (2022-10-17) → 'github:nix-community/home-manager/f0ecd4b1db5e15103e955b18cb94bea4296e5c45' (2022-11-01) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/c132d0837dfb9035701dcd8fc91786c605c855c3' (2022-10-27) → 'github:NixOS/nixpkgs/b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3' (2022-11-01) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/17673891a41c747d485b9407cb3b50b3156395ee' (2022-10-25) → 'github:nix-community/nix-doom-emacs/e9a0c496d813c79857e38511708eefc80ea1f4fe' (2022-10-29) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/b8e24cec99ff68f8a875b6f842a10b6b2ab398d3' (2022-10-20) → 'github:nix-community/emacs-overlay/b3f81bcbda84bf2ef957cfff6cf89aedbdfa2be9' (2022-10-27) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/98cae03b7d9a612334d5ea461e73ac0b37b0285d' (2022-10-20) → 'github:emacs-straight/org-mode/48b237d9e21a4edf528d4bd1ed99d1f3757e4931' (2022-10-24) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/419dcc0ec767803182ed01a326f134230578bf60' (2022-10-27) → 'github:NixOS/nixos-hardware/18934557eeba8fa2e575b0fd4ab95186e2e3bde3' (2022-11-01) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29) --- flake.lock | 136 +++++++++-------------- home/modules/helix/config/languages.toml | 6 - home/modules/helix/default.nix | 5 +- nixos/configurations.nix | 2 +- 4 files changed, 58 insertions(+), 91 deletions(-) diff --git a/flake.lock b/flake.lock index b9b9cca..f88e60c 100644 --- a/flake.lock +++ b/flake.lock @@ -20,31 +20,14 @@ "type": "github" } }, - "all-cabal-json": { - "flake": false, - "locked": { - "lastModified": 1665552503, - "narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=", - "owner": "nix-community", - "repo": "all-cabal-json", - "rev": "d7c0434eebffb305071404edcf9d5cd99703878e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "hackage", - "repo": "all-cabal-json", - "type": "github" - } - }, "crane": { "flake": false, "locked": { - "lastModified": 1661875961, - "narHash": "sha256-f1h/2c6Teeu1ofAHWzrS8TwBPcnN+EEu+z1sRVmMQTk=", + "lastModified": 1654444508, + "narHash": "sha256-4OBvQ4V7jyt7afs6iKUvRzJ1u/9eYnKzVQbeQdiamuY=", "owner": "ipetkov", "repo": "crane", - "rev": "d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24", + "rev": "db5482bf225acc3160899124a1df5a617cfa27b5", "type": "github" }, "original": { @@ -83,11 +66,11 @@ ] }, "locked": { - "lastModified": 1666548262, - "narHash": "sha256-4DyN4KXqQQsCw0vCXkMThw4b5Q4/q87ZZgRb4st8COc=", + "lastModified": 1667210711, + "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", "owner": "numtide", "repo": "devshell", - "rev": "c8ce8ed81726079c398f5f29c4b68a7d6a3c2fa2", + "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", "type": "github" }, "original": { @@ -99,11 +82,11 @@ "devshell_2": { "flake": false, "locked": { - "lastModified": 1667210711, - "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", + "lastModified": 1655976588, + "narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=", "owner": "numtide", "repo": "devshell", - "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", + "rev": "899ca4629020592a13a46783587f6e674179d1db", "type": "github" }, "original": { @@ -169,7 +152,6 @@ "nixCargoIntegration", "nixpkgs" ], - "all-cabal-json": "all-cabal-json", "crane": "crane", "devshell": [ "helix", @@ -181,7 +163,6 @@ "nixCargoIntegration", "nixpkgs" ], - "ghc-utils": "ghc-utils", "gomod2nix": [ "helix", "nixCargoIntegration", @@ -197,6 +178,11 @@ "nixCargoIntegration", "nixpkgs" ], + "node2nix": [ + "helix", + "nixCargoIntegration", + "nixpkgs" + ], "poetry2nix": [ "helix", "nixCargoIntegration", @@ -209,11 +195,11 @@ ] }, "locked": { - "lastModified": 1667251335, - "narHash": "sha256-nb2H2lsHQt8BQkX/uILJbJ2H80v+Dd9HbkYgWlASqdk=", + "lastModified": 1655975833, + "narHash": "sha256-g8sdfuglIZ24oWVbntVzniNTJW+Z3n9DNL9w9Tt+UCE=", "owner": "nix-community", "repo": "dream2nix", - "rev": "4b3a139c506582f40ce733eb4a91988242e17358", + "rev": "4e75e665ec3a1cddae5266bed0dd72fce0b74a23", "type": "github" }, "original": { @@ -225,11 +211,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1666298449, - "narHash": "sha256-y1SRRRK2eTVuh/HRCxwDSInMwGv0d5cPIp4YDlbcM30=", + "lastModified": 1666900021, + "narHash": "sha256-KEDx6LhRMxEdLXL1jF1LNIm+QCtOCcKcFmTJrA/iU3E=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b8e24cec99ff68f8a875b6f842a10b6b2ab398d3", + "rev": "b3f81bcbda84bf2ef957cfff6cf89aedbdfa2be9", "type": "github" }, "original": { @@ -383,11 +369,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667077288, + "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", "type": "github" }, "original": { @@ -398,11 +384,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", "type": "github" }, "original": { @@ -428,11 +414,11 @@ }, "flake-utils_5": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667077288, + "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", "type": "github" }, "original": { @@ -488,22 +474,6 @@ "type": "github" } }, - "ghc-utils": { - "flake": false, - "locked": { - "lastModified": 1662774800, - "narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=", - "ref": "refs/heads/master", - "rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea", - "revCount": 1072, - "type": "git", - "url": "https://gitlab.haskell.org/bgamari/ghc-utils" - }, - "original": { - "type": "git", - "url": "https://gitlab.haskell.org/bgamari/ghc-utils" - } - }, "helix": { "inputs": { "nixCargoIntegration": "nixCargoIntegration", @@ -532,11 +502,11 @@ ] }, "locked": { - "lastModified": 1665996265, - "narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=", + "lastModified": 1667299227, + "narHash": "sha256-vAJPFSDYUq3DdCL8OzTg4xObRNW+yA1Pt+NzbhGu1f8=", "owner": "nix-community", "repo": "home-manager", - "rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891", + "rev": "f0ecd4b1db5e15103e955b18cb94bea4296e5c45", "type": "github" }, "original": { @@ -583,11 +553,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1666867875, - "narHash": "sha256-3nD7iQXd/J6KjkT8IjozTuA5p8qjiLKTxvOUmH+AzNM=", + "lastModified": 1667318659, + "narHash": "sha256-mRXqCdlnxPgm3Wk7mNAOanl7B3Q3U5scYTEiyYmNEOE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c132d0837dfb9035701dcd8fc91786c605c855c3", + "rev": "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3", "type": "github" }, "original": { @@ -629,11 +599,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1666731850, - "narHash": "sha256-yyCrh5vPqxJNj+2wt4IxHAk7blnYxwC/zkSKw/y0hg8=", + "lastModified": 1667054602, + "narHash": "sha256-U3Q3opq5mGaHZijdwbM+GUziELb31LJKW6/dvO9yzRQ=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "17673891a41c747d485b9407cb3b50b3156395ee", + "rev": "e9a0c496d813c79857e38511708eefc80ea1f4fe", "type": "github" }, "original": { @@ -672,11 +642,11 @@ ] }, "locked": { - "lastModified": 1667369867, - "narHash": "sha256-G7SyCunGnO+pWSJJDJP+RtF653Fz+B3jhX9Murd9JEY=", + "lastModified": 1656453541, + "narHash": "sha256-ZCPVnS6zJOZJvIlwU3rKR8MBVm6A3F4/0mA7G1lQ3D0=", "owner": "yusdacra", "repo": "nix-cargo-integration", - "rev": "b89e3d7b0f7e2d0301891586456267435fc54aaa", + "rev": "9eb74345b30cd2e536d9dac9d4435d3c475605c7", "type": "github" }, "original": { @@ -687,11 +657,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1666873549, - "narHash": "sha256-a6Eu1Qv/EndjepSMja5SvcG+4vM5Rl2gzJD7xscRHss=", + "lastModified": 1667283320, + "narHash": "sha256-qHvB/6XBKVjjJJCUM+z6/t9HzUC7J55wdY3KJ/ZWSHo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "419dcc0ec767803182ed01a326f134230578bf60", + "rev": "18934557eeba8fa2e575b0fd4ab95186e2e3bde3", "type": "github" }, "original": { @@ -703,11 +673,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1667231093, - "narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=", + "lastModified": 1655624069, + "narHash": "sha256-7g1zwTdp35GMTERnSzZMWJ7PG3QdDE8VOX3WsnOkAtM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458", + "rev": "0d68d7c857fe301d49cdcd56130e0beea4ecd5aa", "type": "github" }, "original": { @@ -797,11 +767,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1666258795, - "narHash": "sha256-k2FbWk4OJKZbih3pTvJYxkaXuauWsuaXXthV54UFqCM=", + "lastModified": 1666586252, + "narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "98cae03b7d9a612334d5ea461e73ac0b37b0285d", + "rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931", "type": "github" }, "original": { @@ -939,11 +909,11 @@ ] }, "locked": { - "lastModified": 1667184938, - "narHash": "sha256-/kuCiXuAxiD0c0zrfDvJ1Yba3FuVdRk/ROfb393AeX4=", + "lastModified": 1655779671, + "narHash": "sha256-6feeiGa6fb7ZPVHR71uswkmN1701TAJpwYQA8QffmRk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8f81faec35508647ced65c44fd3e8648a5518afb", + "rev": "8159585609a772b041cce6019d5c21d240709244", "type": "github" }, "original": { diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 0777ac4..e69de29 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -1,6 +0,0 @@ -[[language]] -name = "rust" - -[[language]] -name = "nix" -formatter = "nixpkgs-fmt" \ No newline at end of file diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index a95f9f1..3ce4fce 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -14,6 +14,9 @@ in config = lib.mkIf cfg.enable { home.file.".config/helix".source = ./config; - home.packages = [ cfg.package ]; + home.packages = [ + cfg.package + pkgs.rnix-lsp + ]; }; } diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f692226..01a0094 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -41,7 +41,7 @@ in home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = builtins.trace helix.packages.${system} helix.packages.${system}.helix; } + { dadada.home.helix.package = helix.packages.${system}.helix; } { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home/home; From 6898659149e243e9272c146cd6453d4d4099538f Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 3 Nov 2022 13:47:11 +0100 Subject: [PATCH 469/988] update EDITOR --- home/home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/home/default.nix b/home/home/default.nix index 235ca59..6968409 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -38,7 +38,7 @@ in session = { enable = true; sessionVars = { - EDITOR = "vim"; + EDITOR = "hx"; PAGER = "less"; MAILDIR = "\$HOME/.var/mail"; MBLAZE = "\$HOME/.config/mblaze"; From 7a925ab44757d161664891f4371c365d1374f0d5 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 3 Nov 2022 18:11:58 +0100 Subject: [PATCH 470/988] switch to onedark theme --- home/modules/helix/config/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index c7e26b7..bfaa40e 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "dracula" +theme = "onedark" [editor] line-number = "relative" From 08f2d58fb2b635e003467f8710b64c96f8625efa Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 3 Nov 2022 18:39:02 +0100 Subject: [PATCH 471/988] use default theme --- home/modules/helix/config/config.toml | 2 -- 1 file changed, 2 deletions(-) diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index bfaa40e..458abea 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,5 +1,3 @@ -theme = "onedark" - [editor] line-number = "relative" mouse = true From b571f1d1eb9dfb18c756a09ce530a6ad7531e3e7 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 4 Nov 2022 11:37:04 +0100 Subject: [PATCH 472/988] helix: add command to reflow paragraph --- home/modules/helix/config/config.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 458abea..1f7138e 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -2,3 +2,6 @@ line-number = "relative" mouse = true auto-completion = true + +[keys.normal] +C-q = [ "goto_prev_paragraph", "goto_next_paragraph", ":reflow 80" ] \ No newline at end of file From f8333ce2882215c5ea81f9a5c6801f258b2144ed Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 5 Nov 2022 15:31:10 +0100 Subject: [PATCH 473/988] home: add GitHub cli --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 5a89bdd..bca6a42 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -32,6 +32,7 @@ with pkgs; [ fzf fzf gdb + gh ghidra-bin gimp glow From 14a5877b506825f29715ba4a8101edce91b52bb4 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 7 Nov 2022 16:32:53 +0100 Subject: [PATCH 474/988] switch to simpler color scheme --- home/modules/alacritty/colors.toml | 26 ++++++++++ home/modules/alacritty/default.nix | 73 ++------------------------- home/modules/git.nix | 1 + home/modules/gtk.nix | 1 - home/modules/helix/config/config.toml | 4 +- 5 files changed, 34 insertions(+), 71 deletions(-) create mode 100644 home/modules/alacritty/colors.toml diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml new file mode 100644 index 0000000..12e8fa2 --- /dev/null +++ b/home/modules/alacritty/colors.toml @@ -0,0 +1,26 @@ +# The 'GNOME Light" theme from GNOME terminal. + +[primary] +foreground = '#171421' +background = '#ffffea' +bright_foreground = '#5e5c64' + +[normal] +black = '#171421' +red = '#c01c28' +green = '#26a269' +yellow = '#a2734c' +blue = '#12488b' +magenta = '#a347ba' +cyan = '#2aa1b3' +white = '#d0cfcc' + +[bright] +black = '#5e5c64' +red = '#f66151' +green = '#33d17a' +yellow = '#e9ad0c' +blue = '#2a7bde' +magenta = '#c061cb' +cyan = '#33c7de' +white = '#ffffff' diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 2eacc99..e0cb7e0 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -27,86 +27,21 @@ in style = "Regular"; }; bold = { - family = "Source Code Pro"; + family = "Jetbrains Mono"; style = "Bold"; }; italic = { - family = "Source Code Pro"; + family = "Jetbrains Mono"; style = "Italic"; }; bold_italic = { - family = "Source Code Pro"; + family = "Jetbrains Mono"; style = "Bold Italic"; }; }; shell.program = "tmux"; window.decorations = "none"; - colors = { - # Base16 Spacemacs 256 - alacritty color config - # Nasser Alshammari (https://github.com/nashamri/spacemacs-theme) - # Default colors - primary = { - background = "0x1f2022"; - foreground = "0xa3a3a3"; - }; - - # Colors the cursor will use if `custom_cursor_colors` is true - cursor = { - text = "0x1f2022"; - cursor = "0xa3a3a3"; - }; - - # Normal colors - normal = { - black = "0x1f2022"; - red = "0xf2241f"; - green = "0x67b11d"; - yellow = "0xb1951d"; - blue = "0x4f97d7"; - magenta = "0xa31db1"; - cyan = "0x2d9574"; - white = "0xa3a3a3"; - }; - - # Bright colors - bright = { - black = "0x585858"; - red = "0xf2241f"; - green = "0x67b11d"; - yellow = "0xb1951d"; - blue = "0x4f97d7"; - magenta = "0xa31db1"; - cyan = "0x2d9574"; - white = "0xf8f8f8"; - }; - - indexed_colors = [ - { - index = 16; - color = "0xffa500"; - } - { - index = 17; - color = "0xb03060"; - } - { - index = 18; - color = "0x282828"; - } - { - index = 19; - color = "0x444155"; - } - { - index = 20; - color = "0xb8b8b8"; - } - { - index = 21; - color = "0xe8e8e8"; - } - ]; - }; + colors = lib.trivial.importTOML ./colors.toml; }; }; }; diff --git a/home/modules/git.nix b/home/modules/git.nix index c85cdd2..990cd42 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -28,6 +28,7 @@ in navigate = true; # use n and N to move between diff sections side-by-side = false; line-numbers = true; + light = true; }; diff = { renames = "copies"; diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index bf0ccdc..eb6dae8 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -13,7 +13,6 @@ in config = mkIf cfg.enable { gtk = { enable = true; - theme.name = "Adwaita-dark"; }; }; } diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 1f7138e..53eaf05 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,7 +1,9 @@ +theme = "acme" + [editor] line-number = "relative" mouse = true auto-completion = true [keys.normal] -C-q = [ "goto_prev_paragraph", "goto_next_paragraph", ":reflow 80" ] \ No newline at end of file +C-q = [ "goto_prev_paragraph", "goto_next_paragraph", ":reflow 80" ] From 5f4ef64f6cb129df86612a607183b0bbce7bfd19 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 8 Nov 2022 20:29:04 +0100 Subject: [PATCH 475/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) • Updated input 'home-manager': 'github:nix-community/home-manager/f0ecd4b1db5e15103e955b18cb94bea4296e5c45' (2022-11-01) → 'github:nix-community/home-manager/6639e3a837fc5deb6f99554072789724997bc8e5' (2022-11-08) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3' (2022-11-01) → 'github:NixOS/nixpkgs/ebf65554b18ee053311f43e5faa5a3f36626c52e' (2022-11-07) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/e9a0c496d813c79857e38511708eefc80ea1f4fe' (2022-10-29) → 'github:nix-community/nix-doom-emacs/c38ccd08345f58001cac2c2578e71d3f29b59bc0' (2022-11-06) • Removed input 'nix-doom-emacs/doom-modeline' • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/b3f81bcbda84bf2ef957cfff6cf89aedbdfa2be9' (2022-10-27) → 'github:nix-community/emacs-overlay/ccefa5f7ddbb036656d8617ed2862fe057d60fb4' (2022-11-03) • Updated input 'nix-doom-emacs/flake-utils': 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) • Updated input 'nix-doom-emacs/nix-straight': 'github:nix-community/nix-straight.el/fb8dd5c44cde70abd13380766e40af7a63888942' (2022-07-01) → 'github:nix-community/nix-straight.el/ad10364d64f472c904115fd38d194efe1c3f1226' (2022-10-28) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/18934557eeba8fa2e575b0fd4ab95186e2e3bde3' (2022-11-01) → 'github:NixOS/nixos-hardware/f6483e0def85efb9c1e884efbaff45a5e7aabb34' (2022-11-06) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817' (2022-10-29) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) --- flake.lock | 72 ++++++++++++++++++++---------------------------------- 1 file changed, 27 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index f88e60c..896087b 100644 --- a/flake.lock +++ b/flake.lock @@ -112,23 +112,6 @@ "type": "github" } }, - "doom-modeline": { - "flake": false, - "locked": { - "lastModified": 1648449595, - "narHash": "sha256-HjULFxtNDAJ7PDpy/e2bhoDYgBjwGpBdBoTY135puYA=", - "owner": "seagle0128", - "repo": "doom-modeline", - "rev": "ce9899f00af40edb78f58b9af5c3685d67c8eed2", - "type": "github" - }, - "original": { - "owner": "seagle0128", - "repo": "doom-modeline", - "rev": "ce9899f00af40edb78f58b9af5c3685d67c8eed2", - "type": "github" - } - }, "doom-snippets": { "flake": false, "locked": { @@ -211,11 +194,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1666900021, - "narHash": "sha256-KEDx6LhRMxEdLXL1jF1LNIm+QCtOCcKcFmTJrA/iU3E=", + "lastModified": 1667507825, + "narHash": "sha256-Tss8NXLO5HIqcY+v+lMy/tcdBKNwKxW5Lb4PkuS5rmY=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b3f81bcbda84bf2ef957cfff6cf89aedbdfa2be9", + "rev": "ccefa5f7ddbb036656d8617ed2862fe057d60fb4", "type": "github" }, "original": { @@ -369,11 +352,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1667077288, - "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -399,11 +382,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -414,11 +397,11 @@ }, "flake-utils_5": { "locked": { - "lastModified": 1667077288, - "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -502,11 +485,11 @@ ] }, "locked": { - "lastModified": 1667299227, - "narHash": "sha256-vAJPFSDYUq3DdCL8OzTg4xObRNW+yA1Pt+NzbhGu1f8=", + "lastModified": 1667907331, + "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", "owner": "nix-community", "repo": "home-manager", - "rev": "f0ecd4b1db5e15103e955b18cb94bea4296e5c45", + "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", "type": "github" }, "original": { @@ -553,11 +536,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1667318659, - "narHash": "sha256-mRXqCdlnxPgm3Wk7mNAOanl7B3Q3U5scYTEiyYmNEOE=", + "lastModified": 1667821506, + "narHash": "sha256-u4HKBBfTOPpFsGnM7sjS0+F67Hmf2or3uHKNVxXZtiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3", + "rev": "ebf65554b18ee053311f43e5faa5a3f36626c52e", "type": "github" }, "original": { @@ -570,7 +553,6 @@ "nix-doom-emacs": { "inputs": { "doom-emacs": "doom-emacs", - "doom-modeline": "doom-modeline", "doom-snippets": "doom-snippets", "emacs-overlay": "emacs-overlay", "emacs-so-long": "emacs-so-long", @@ -599,11 +581,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1667054602, - "narHash": "sha256-U3Q3opq5mGaHZijdwbM+GUziELb31LJKW6/dvO9yzRQ=", + "lastModified": 1667731647, + "narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "e9a0c496d813c79857e38511708eefc80ea1f4fe", + "rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0", "type": "github" }, "original": { @@ -615,11 +597,11 @@ "nix-straight": { "flake": false, "locked": { - "lastModified": 1656684255, - "narHash": "sha256-ZefQiv4Ipu2VkLjs1oyelTLU7kBVJgkcQd+yBpJU0yo=", + "lastModified": 1666982610, + "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", "owner": "nix-community", "repo": "nix-straight.el", - "rev": "fb8dd5c44cde70abd13380766e40af7a63888942", + "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", "type": "github" }, "original": { @@ -657,11 +639,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1667283320, - "narHash": "sha256-qHvB/6XBKVjjJJCUM+z6/t9HzUC7J55wdY3KJ/ZWSHo=", + "lastModified": 1667768008, + "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "18934557eeba8fa2e575b0fd4ab95186e2e3bde3", + "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34", "type": "github" }, "original": { From a1f033c4cb3dd9de3c10013b795531c24d58074d Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 15 Nov 2022 12:08:10 +0100 Subject: [PATCH 476/988] enable avahi --- nixos/gorgon/configuration.nix | 2 ++ nixos/modules/profiles/laptop.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index b35e3d9..c4cd428 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -60,6 +60,8 @@ in programs.adb.enable = true; + services.avahi.enable = true; + # Enable CUPS to print documents. services.printing = { enable = true; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index ad8a84c..f6f7935 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -53,7 +53,7 @@ with lib; { services.fstrim.enable = mkDefault true; - services.avahi.enable = false; + services.avahi.enable = mkDefault false; networking.networkmanager.enable = mkDefault true; networking.firewall.enable = mkDefault true; From f5a8805a860fc98b9159223852601da4fb26cfaa Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 21 Nov 2022 21:23:43 +0100 Subject: [PATCH 477/988] update colors --- home/modules/alacritty/colors.toml | 10 +++++----- home/modules/git.nix | 2 +- home/modules/helix/config/config.toml | 2 -- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index 12e8fa2..7e16607 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,9 +1,9 @@ # The 'GNOME Light" theme from GNOME terminal. [primary] -foreground = '#171421' -background = '#ffffea' -bright_foreground = '#5e5c64' +foreground = '#d0cfcc' +background = '#171421' +bright_foreground = '#ffffff' [normal] black = '#171421' @@ -18,9 +18,9 @@ white = '#d0cfcc' [bright] black = '#5e5c64' red = '#f66151' -green = '#33d17a' +green = '#33d17a' yellow = '#e9ad0c' blue = '#2a7bde' magenta = '#c061cb' cyan = '#33c7de' -white = '#ffffff' +white = '#ffffff' \ No newline at end of file diff --git a/home/modules/git.nix b/home/modules/git.nix index 990cd42..a0ea0af 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -28,7 +28,7 @@ in navigate = true; # use n and N to move between diff sections side-by-side = false; line-numbers = true; - light = true; + light = false; }; diff = { renames = "copies"; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 53eaf05..fa585ce 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,5 +1,3 @@ -theme = "acme" - [editor] line-number = "relative" mouse = true From 6319224d52a4881b0fc8a0b5cdf6a3d07c54b02d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 27 Nov 2022 16:35:41 +0100 Subject: [PATCH 478/988] update CI --- .github/workflows/nix-flake-check.yml | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 9680d2a..0cb3567 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -1,15 +1,26 @@ -name: "nix flake check" +name: Continuous Integration + on: pull_request: push: + branches: [main] + jobs: - tests: + checks: + name: Checks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v15 with: - install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install + nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | experimental-features = nix-command flakes - - run: nix flake check --no-build + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + system-features = nixos-test benchmark big-parallel kvm + - uses: cachix/cachix-action@v11 + with: + name: nix-config + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - name: Checks + run: nix flake check From 01d1abdb3641198c9f5b353dd53d197ab8befef3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 27 Nov 2022 16:36:11 +0100 Subject: [PATCH 479/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/41f15759dd8b638e7b4f299730d94d5aa46ab7eb' (2022-08-05) → 'github:serokell/deploy-rs/2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce' (2022-11-18) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/ebf65554b18ee053311f43e5faa5a3f36626c52e' (2022-11-07) → 'github:NixOS/nixpkgs/695b3515251873e0a7e2021add4bba643c56cde3' (2022-11-25) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/c38ccd08345f58001cac2c2578e71d3f29b59bc0' (2022-11-06) → 'github:nix-community/nix-doom-emacs/3c02175dd06714c15ddd2f73708de9b4dacc6aa9' (2022-11-25) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/ccefa5f7ddbb036656d8617ed2862fe057d60fb4' (2022-11-03) → 'github:nix-community/emacs-overlay/49d5cbd389a3fb843793cd7503ad7abdb4f40a9d' (2022-11-24) • Updated input 'nix-doom-emacs/flake-compat': 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19) → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/48b237d9e21a4edf528d4bd1ed99d1f3757e4931' (2022-10-24) → 'github:emacs-straight/org-mode/0737112852afe835a5a5833a2dd0a6852c04e0f0' (2022-11-19) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/f6f657b627f9703e32414d8d3f16fb49d41031cb' (2022-10-17) → 'github:hakimel/reveal.js/9f1f7789bfbf689d9c1615e523d5c6262771e90f' (2022-11-17) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/f6483e0def85efb9c1e884efbaff45a5e7aabb34' (2022-11-06) → 'github:NixOS/nixos-hardware/0099253ad0b5283f06ffe31cf010af3f9ad7837d' (2022-11-22) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 896087b..f2340f8 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1659725433, - "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", + "lastModified": 1668797197, + "narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=", "owner": "serokell", "repo": "deploy-rs", - "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", + "rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce", "type": "github" }, "original": { @@ -194,11 +194,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1667507825, - "narHash": "sha256-Tss8NXLO5HIqcY+v+lMy/tcdBKNwKxW5Lb4PkuS5rmY=", + "lastModified": 1669319842, + "narHash": "sha256-JSfABiy5/7usgQSy/ua3XbsjJ6F9Dd3P4nJiE56gFME=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "ccefa5f7ddbb036656d8617ed2862fe057d60fb4", + "rev": "49d5cbd389a3fb843793cd7503ad7abdb4f40a9d", "type": "github" }, "original": { @@ -322,11 +322,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -536,11 +536,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1667821506, - "narHash": "sha256-u4HKBBfTOPpFsGnM7sjS0+F67Hmf2or3uHKNVxXZtiM=", + "lastModified": 1669418739, + "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebf65554b18ee053311f43e5faa5a3f36626c52e", + "rev": "695b3515251873e0a7e2021add4bba643c56cde3", "type": "github" }, "original": { @@ -581,11 +581,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1667731647, - "narHash": "sha256-E/Y5yxX8u0RlLt07PJoQ+QAYMbbL19WayLU/SJDtnMw=", + "lastModified": 1669340080, + "narHash": "sha256-/YLYpng6mZ2/NgaCiL3BCQK1cegbUNrQx1Cc1i+nQ8E=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "c38ccd08345f58001cac2c2578e71d3f29b59bc0", + "rev": "3c02175dd06714c15ddd2f73708de9b4dacc6aa9", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1667768008, - "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=", + "lastModified": 1669146234, + "narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34", + "rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d", "type": "github" }, "original": { @@ -749,11 +749,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1666586252, - "narHash": "sha256-cwYEMnsv8kreTPKslM2yz59I4zm331w4WU4OHGzcslc=", + "lastModified": 1668865287, + "narHash": "sha256-q7TfqUuEdZsD+JkF8Cr0Lnn0po6qo2zXMZDieocLpeQ=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "48b237d9e21a4edf528d4bd1ed99d1f3757e4931", + "rev": "0737112852afe835a5a5833a2dd0a6852c04e0f0", "type": "github" }, "original": { @@ -833,11 +833,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1665992801, - "narHash": "sha256-bqNgaBT6WPfumhdG1VPZ6ngn0QA9RDuVtVJtVwxbOd4=", + "lastModified": 1668674340, + "narHash": "sha256-JEXPS67bgKnnRdA37mC18PyGm4EWVQ/BrWeBZLVKPvU=", "owner": "hakimel", "repo": "reveal.js", - "rev": "f6f657b627f9703e32414d8d3f16fb49d41031cb", + "rev": "9f1f7789bfbf689d9c1615e523d5c6262771e90f", "type": "github" }, "original": { From 37750df89a3bb93751bfadfdad4802c9e7be8099 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 27 Nov 2022 16:43:22 +0100 Subject: [PATCH 480/988] fix conflicting defaults --- nixos/modules/profiles/laptop.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index f6f7935..1ceca94 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -53,7 +53,7 @@ with lib; { services.fstrim.enable = mkDefault true; - services.avahi.enable = mkDefault false; + services.avahi.enable = mkDefault true; networking.networkmanager.enable = mkDefault true; networking.firewall.enable = mkDefault true; From d4b144c523d745dcf2b9c018ddc16fa6973d0023 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 27 Nov 2022 17:16:12 +0100 Subject: [PATCH 481/988] fix cache name --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 0cb3567..275a23c 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -20,7 +20,7 @@ jobs: system-features = nixos-test benchmark big-parallel kvm - uses: cachix/cachix-action@v11 with: - name: nix-config + name: dadada authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Checks run: nix flake check From b970326df961643176664eb5ac642ad500819842 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 29 Nov 2022 11:54:23 +0100 Subject: [PATCH 482/988] install cachix --- nixos/gorgon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index c4cd428..6121011 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -79,6 +79,7 @@ in ghostscript config.dadada.pkgs.recipemd config.dadada.pkgs.map + cachix ]; networking.firewall = { From b207e698d836f1dc94fef54770e54571daea3e0e Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Dec 2022 20:59:01 +0100 Subject: [PATCH 483/988] update to nixpkgs release 22.11 --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index f2340f8..e193815 100644 --- a/flake.lock +++ b/flake.lock @@ -536,16 +536,16 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1669418739, - "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=", + "lastModified": 1670009809, + "narHash": "sha256-yt/dQ32Vz4WenDLu4XeHbnXFxiHbTcnU0WwiLW5Ce6c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "695b3515251873e0a7e2021add4bba643c56cde3", + "rev": "660e7737851506374da39c0fa550c202c824a17c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 823729e..5882872 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "dadada's nix flake"; inputs = { - myNixpkgs.url = github:NixOS/nixpkgs/nixos-22.05; + myNixpkgs.url = github:NixOS/nixpkgs/nixos-22.11; flake-utils.url = github:numtide/flake-utils; home-manager = { url = github:nix-community/home-manager/release-22.05; From e87cabaf6c877ced6bfda6679964f9bc08e1fecd Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Dec 2022 21:06:29 +0100 Subject: [PATCH 484/988] pkgs: remove PHP 7.4 composer --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index bca6a42..d6a4fb6 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -97,7 +97,6 @@ with pkgs; [ pandoc # document converter and templater pass pavucontrol - php74Packages.composer pinentry-gnome playerctl procs # ps in rust From 3e7b2775786e35773b0200d69c7057dd226ed0b4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Dec 2022 21:50:39 +0100 Subject: [PATCH 485/988] pkgs: remove jetbrains IDEs --- home/home/pkgs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index d6a4fb6..05828b9 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -61,8 +61,6 @@ with pkgs; [ irssi jameica jc # convert output to json - jetbrains.idea-community - jetbrains.phpstorm josm jq jq From d271d95e78ffbcd29dd83a23ed7ce4b6262db264 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 8 Dec 2022 17:00:01 +0100 Subject: [PATCH 486/988] use clippy in rust-analyzer and use hx as EDITOR --- home/modules/helix/config/languages.toml | 3 +++ home/modules/session.nix | 2 +- home/modules/zsh.nix | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index e69de29..7b576c0 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -0,0 +1,3 @@ +[[language]] +name = "rust" +config = { rust-analyzer = { checkOnSave = { command = "clippy" } } } diff --git a/home/modules/session.nix b/home/modules/session.nix index 4da85a8..879400d 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -13,7 +13,7 @@ in type = types.attrs; default = { }; example = '' - EDITOR = "vim"; + EDITOR = "hx"; PAGER = "less"; ''; }; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 59453c2..1e73c0a 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -19,7 +19,7 @@ in enableVteIntegration = true; autocd = true; sessionVariables = { - EDITOR = "vim"; + EDITOR = "hx"; }; history = { extended = true; From 69259f389bb09f6e8f3a83c850b33575086fb209 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Dec 2022 12:02:53 +0100 Subject: [PATCH 487/988] migrate gitea settings --- nixos/agares/configuration.nix | 3 +++ nixos/modules/gitea.nix | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 7bde1ab..0b2e4ed 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -11,6 +11,9 @@ # to be able to use qemu from substituter environment.noXlibs = false; + # libvirtd + security.polkit.enable = true; + dadada = { admin.enable = true; networking.localResolver.enable = true; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 28c9983..bc4c6a0 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -17,7 +17,6 @@ in rootUrl = "https://git.dadada.li/"; log.level = "Error"; domain = config.networking.domain; - ssh.enable = true; cookieSecure = true; enableUnixSocket = true; database = { @@ -28,6 +27,7 @@ in server = { LANDING_PAGE = "explore"; OFFLINE_MODE = true; + DISABLE_SSH = false; }; picture = { DISABLE_GRAVATAR = true; From c4ed2cbad990fbc68ed441551504a22e8b9fa0cc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Dec 2022 12:09:09 +0100 Subject: [PATCH 488/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/660e7737851506374da39c0fa550c202c824a17c' (2022-12-02) → 'github:NixOS/nixpkgs/7a6a010c3a1d00f8470a5ca888f2f927f1860a19' (2022-12-08) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/3c02175dd06714c15ddd2f73708de9b4dacc6aa9' (2022-11-25) → 'github:nix-community/nix-doom-emacs/c852431c25a9d2b8f9322505a38868d4cee6b8d6' (2022-12-09) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/49d5cbd389a3fb843793cd7503ad7abdb4f40a9d' (2022-11-24) → 'github:nix-community/emacs-overlay/1b6e5b25af402e9f2fd49cf210cada9444c32504' (2022-12-08) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/9f1f7789bfbf689d9c1615e523d5c6262771e90f' (2022-11-17) → 'github:hakimel/reveal.js/4fe3946cb43de57f79aaa7b646aee7e78f4bcc75' (2022-12-07) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/c3da5520b988720f7f6e9e5e11b60746598112e0' (2022-09-14) → 'github:jcs-elpa/ts-fold/fb91989a9489755b890bf9e1957e5f29eaef59f6' (2022-12-04) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/0099253ad0b5283f06ffe31cf010af3f9ad7837d' (2022-11-22) → 'github:NixOS/nixos-hardware/9d87bc030a0bf3f00e953dbf095a7d8e852dab6b' (2022-12-04) • Updated input 'nvd': 'git+https://gitlab.com/khumba/nvd.git?ref=master&rev=f87f29530beb039d283530ab533d700c53120b83' (2022-10-15) → 'git+https://gitlab.com/khumba/nvd.git?ref=refs%2fheads%2fmaster&rev=f87f29530beb039d283530ab533d700c53120b83' (2022-10-15) --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index e193815..78d245f 100644 --- a/flake.lock +++ b/flake.lock @@ -194,11 +194,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1669319842, - "narHash": "sha256-JSfABiy5/7usgQSy/ua3XbsjJ6F9Dd3P4nJiE56gFME=", + "lastModified": 1670523171, + "narHash": "sha256-T8NRgu8jgyNwkwC6Ew31MIXM7RZ17ShA556ZgV5D9N0=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "49d5cbd389a3fb843793cd7503ad7abdb4f40a9d", + "rev": "1b6e5b25af402e9f2fd49cf210cada9444c32504", "type": "github" }, "original": { @@ -536,11 +536,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1670009809, - "narHash": "sha256-yt/dQ32Vz4WenDLu4XeHbnXFxiHbTcnU0WwiLW5Ce6c=", + "lastModified": 1670543317, + "narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "660e7737851506374da39c0fa550c202c824a17c", + "rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19", "type": "github" }, "original": { @@ -581,11 +581,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1669340080, - "narHash": "sha256-/YLYpng6mZ2/NgaCiL3BCQK1cegbUNrQx1Cc1i+nQ8E=", + "lastModified": 1670549573, + "narHash": "sha256-2kQkcmfQPbDkCIJKiG7dsYGCSSzSxL5MFXTS7j5cbLQ=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "3c02175dd06714c15ddd2f73708de9b4dacc6aa9", + "rev": "c852431c25a9d2b8f9322505a38868d4cee6b8d6", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1669146234, - "narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=", + "lastModified": 1670174919, + "narHash": "sha256-XdQr3BUnrvVLRFunLWrZORhwYHDG0+9jUUe0Jv1pths=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d", + "rev": "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b", "type": "github" }, "original": { @@ -719,7 +719,7 @@ "locked": { "lastModified": 1665876905, "narHash": "sha256-rZJuhvO7hIPezbwFESOEdGm+ZJldrEiPIvyhICJ6xoQ=", - "ref": "master", + "ref": "refs/heads/master", "rev": "f87f29530beb039d283530ab533d700c53120b83", "revCount": 25, "type": "git", @@ -833,11 +833,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1668674340, - "narHash": "sha256-JEXPS67bgKnnRdA37mC18PyGm4EWVQ/BrWeBZLVKPvU=", + "lastModified": 1670408834, + "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=", "owner": "hakimel", "repo": "reveal.js", - "rev": "9f1f7789bfbf689d9c1615e523d5c6262771e90f", + "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75", "type": "github" }, "original": { @@ -945,11 +945,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1663136308, - "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", + "lastModified": 1670179791, + "narHash": "sha256-BxgHT8xw+3W655YvbeLDUMFs6gTAMPX5CxJUWt/38ds=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", + "rev": "fb91989a9489755b890bf9e1957e5f29eaef59f6", "type": "github" }, "original": { From 62db411fddcd8e522319d93d8b8724572c01d5d7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Dec 2022 12:09:55 +0100 Subject: [PATCH 489/988] update home-manager --- flake.lock | 26 +++++++++++++++++++++----- flake.nix | 2 +- home/configurations.nix | 35 ----------------------------------- home/home/default.nix | 2 ++ hydra-jobs.nix | 4 ---- outputs.nix | 2 -- 6 files changed, 24 insertions(+), 47 deletions(-) delete mode 100644 home/configurations.nix diff --git a/flake.lock b/flake.lock index 78d245f..e59a885 100644 --- a/flake.lock +++ b/flake.lock @@ -482,19 +482,20 @@ "inputs": { "nixpkgs": [ "myNixpkgs" - ] + ], + "utils": "utils_2" }, "locked": { - "lastModified": 1667907331, - "narHash": "sha256-bHkAwkYlBjkupPUFcQjimNS8gxWSWjOTevEuwdnp5m0=", + "lastModified": 1670253003, + "narHash": "sha256-/tJIy4+FbsQyslq1ipyicZ2psOEd8dvl4OJ9lfisjd0=", "owner": "nix-community", "repo": "home-manager", - "rev": "6639e3a837fc5deb6f99554072789724997bc8e5", + "rev": "0e8125916b420e41bf0d23a0aa33fadd0328beb3", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.05", + "ref": "release-22.11", "repo": "home-manager", "type": "github" } @@ -973,6 +974,21 @@ "type": "github" } }, + "utils_2": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "ws-butler": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 5882872..4bc1215 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ myNixpkgs.url = github:NixOS/nixpkgs/nixos-22.11; flake-utils.url = github:numtide/flake-utils; home-manager = { - url = github:nix-community/home-manager/release-22.05; + url = github:nix-community/home-manager/release-22.11; inputs.nixpkgs.follows = "myNixpkgs"; }; nix-doom-emacs = { diff --git a/home/configurations.nix b/home/configurations.nix deleted file mode 100644 index 7b086a8..0000000 --- a/home/configurations.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ self -, nixpkgs -, home-manager -, nix-doom-emacs -, helix -, ... -} @ inputs: -let - hmConfiguration = - { homeDirectory ? "/home/dadada" - , extraModules ? [ ] - , system ? "x86_64-linux" - , username ? "dadada" - , stateVersion - }: (home-manager.lib.homeManagerConfiguration { - configuration = { ... }: { - imports = (nixpkgs.lib.attrValues self.hmModules) ++ extraModules; - - nixpkgs = { - config = import ./nixpkgs-config.nix { - pkgs = nixpkgs; - }; - }; - - manual.manpages.enable = false; - }; - inherit system homeDirectory username stateVersion; - }); -in -{ - home = hmConfiguration { - extraModules = [ ./home nix-doom-emacs.hmModule ]; - stateVersion = "20.09"; - }; -} diff --git a/home/home/default.nix b/home/home/default.nix index 6968409..a870c6b 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -21,6 +21,8 @@ let ]; in { + home.stateVersion = "20.09"; + programs.git = { signing = { key = "D68C84695C087E0F733A28D0EEB8D1CE62C4DFEA"; diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 078386e..135b95e 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -2,8 +2,4 @@ (nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) self.nixosConfigurations -) // -(nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.activation-script) - self.hmConfigurations ) // self.checks.x86_64-linux diff --git a/outputs.nix b/outputs.nix index 7b78694..dff9822 100644 --- a/outputs.nix +++ b/outputs.nix @@ -59,8 +59,6 @@ })) // { - hmConfigurations = import ./home/configurations.nix inputs; - hmModules = import ./home/modules; nixosConfigurations = import ./nixos/configurations.nix inputs; From 7855de6a3efd4d5de8093c63c36e2b8d0b016f59 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Dec 2022 02:36:12 +0100 Subject: [PATCH 490/988] fix backup --- nixos/modules/backup.nix | 46 +++++++++++++++---------------- nixos/modules/profiles/backup.nix | 4 +-- 2 files changed, 24 insertions(+), 26 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 44087f0..0adeafe 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -58,8 +58,8 @@ in }; }; - config = mkIf cfg.gs.enable { - fileSystems = mkIf cfg.gs { + config = { + fileSystems = mkIf cfg.gs.enable { "/backup" = { device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; fsType = "ext4"; @@ -67,8 +67,7 @@ in }; }; - services.borgbackup.jobs.gs = - { + services.borgbackup.jobs.gs = mkIf cfg.gs.enable { paths = "/"; exclude = backupExcludes; repo = "/backup/${config.networking.hostName}"; @@ -86,26 +85,25 @@ in yearly = -1; # Keep at least one archive for each year }; startAt = "monthly"; - } - // mkIf cfg.bs.enable { - services.borgbackup.jobs.bs = { - paths = "/"; - exclude = backupExcludes; - repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; - doInit = false; - environment = { - BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; - }; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.bs.passphrasePath}"; - }; - compression = "auto,lz4"; - startAt = "daily"; - environment = { - BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; - }; - }; + }; + + services.borgbackup.jobs.bs = mkIf cfg.bs.enable { + paths = "/"; + exclude = backupExcludes; + repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + doInit = false; + environment = { + BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.bs.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + environment = { + BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; + }; + }; }; } diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index dfa3f2e..88dfab5 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -5,8 +5,8 @@ in { dadada.backupClient.bs = { enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase.path"; - sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key.path"; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; From 2277e25eca806a0a6f40403d46f47e1db1db0874 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Dec 2022 03:36:59 +0100 Subject: [PATCH 491/988] fix formatting --- nixos/modules/backup.nix | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 0adeafe..49df52b 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -68,23 +68,23 @@ in }; services.borgbackup.jobs.gs = mkIf cfg.gs.enable { - paths = "/"; - exclude = backupExcludes; - repo = "/backup/${config.networking.hostName}"; - doInit = false; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.gs.passphrasePath}"; - }; - compression = "auto,lz4"; - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 2; - monthly = -1; # Keep at least one archive for each month - yearly = -1; # Keep at least one archive for each year - }; - startAt = "monthly"; + paths = "/"; + exclude = backupExcludes; + repo = "/backup/${config.networking.hostName}"; + doInit = false; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.gs.passphrasePath}"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "monthly"; }; services.borgbackup.jobs.bs = mkIf cfg.bs.enable { From 157c109a00ec6854c1341e1beea05fe1b4547f44 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Dec 2022 13:42:15 +0100 Subject: [PATCH 492/988] exclude borg config directory from backups --- nixos/modules/backup.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 49df52b..198651c 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -15,6 +15,7 @@ with lib; let "/mnt" "/nix" "/proc" + "/root" "/run" "/sys" "/tmp" From 01b5fdb887ad77a3544d00699e0db57956a00030 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 20 Dec 2022 13:26:06 +0100 Subject: [PATCH 493/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/96a9dd12b8a447840cc246e17a47b81a4268bba7' (2022-10-31) → 'github:numtide/devshell/5aa3a8039c68b4bf869327446590f4cdf90bb634' (2022-12-19) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/7a6a010c3a1d00f8470a5ca888f2f927f1860a19' (2022-12-08) → 'github:NixOS/nixpkgs/0938d73bb143f4ae037143572f11f4338c7b2d1c' (2022-12-17) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/c852431c25a9d2b8f9322505a38868d4cee6b8d6' (2022-12-09) → 'github:nix-community/nix-doom-emacs/2150fd40b2110bbd11dcb62fa5f307ec345b0fb0' (2022-12-16) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/1b6e5b25af402e9f2fd49cf210cada9444c32504' (2022-12-08) → 'github:nix-community/emacs-overlay/c873175c2f8d96cd77c5b6552f411ddd0959e483' (2022-12-15) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/0737112852afe835a5a5833a2dd0a6852c04e0f0' (2022-11-19) → 'github:emacs-straight/org-mode/42153ea2fec66f90c1623be25d6774d96ecf8062' (2022-12-10) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/fb91989a9489755b890bf9e1957e5f29eaef59f6' (2022-12-04) → 'github:jcs-elpa/ts-fold/85db0117ead108213cc2a4210f72746d8ad8d20a' (2022-12-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/9d87bc030a0bf3f00e953dbf095a7d8e852dab6b' (2022-12-04) → 'github:NixOS/nixos-hardware/25010a042c23695ae457a97aad60e9b1d49f2ecc' (2022-12-19) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index e59a885..effd3e3 100644 --- a/flake.lock +++ b/flake.lock @@ -66,11 +66,11 @@ ] }, "locked": { - "lastModified": 1667210711, - "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", + "lastModified": 1671489820, + "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=", "owner": "numtide", "repo": "devshell", - "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", + "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634", "type": "github" }, "original": { @@ -194,11 +194,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1670523171, - "narHash": "sha256-T8NRgu8jgyNwkwC6Ew31MIXM7RZ17ShA556ZgV5D9N0=", + "lastModified": 1671128331, + "narHash": "sha256-oa3HZNgyAWEx09eElSISpRCltgYqHshjphJ9eeTO6As=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "1b6e5b25af402e9f2fd49cf210cada9444c32504", + "rev": "c873175c2f8d96cd77c5b6552f411ddd0959e483", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1670543317, - "narHash": "sha256-4mMR56rtxKr+Gwz399jFr4i76SQZxsLWxxyfQlPXRm0=", + "lastModified": 1671313200, + "narHash": "sha256-itZTrtHeDJjV696+ur0/TzkTqb5y3Eb57WRLRPK3rwA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7a6a010c3a1d00f8470a5ca888f2f927f1860a19", + "rev": "0938d73bb143f4ae037143572f11f4338c7b2d1c", "type": "github" }, "original": { @@ -582,11 +582,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1670549573, - "narHash": "sha256-2kQkcmfQPbDkCIJKiG7dsYGCSSzSxL5MFXTS7j5cbLQ=", + "lastModified": 1671154105, + "narHash": "sha256-OI6M2/Kcd1bJuodxV6rV5KtDJMUeewsqKy1B2PLNVys=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "c852431c25a9d2b8f9322505a38868d4cee6b8d6", + "rev": "2150fd40b2110bbd11dcb62fa5f307ec345b0fb0", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1670174919, - "narHash": "sha256-XdQr3BUnrvVLRFunLWrZORhwYHDG0+9jUUe0Jv1pths=", + "lastModified": 1671467847, + "narHash": "sha256-eIeZIQbbW0QYDW0nhDaieokw6VakPO3TyJ3RmxqGHOs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b", + "rev": "25010a042c23695ae457a97aad60e9b1d49f2ecc", "type": "github" }, "original": { @@ -750,11 +750,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1668865287, - "narHash": "sha256-q7TfqUuEdZsD+JkF8Cr0Lnn0po6qo2zXMZDieocLpeQ=", + "lastModified": 1670680538, + "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "0737112852afe835a5a5833a2dd0a6852c04e0f0", + "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062", "type": "github" }, "original": { @@ -946,11 +946,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1670179791, - "narHash": "sha256-BxgHT8xw+3W655YvbeLDUMFs6gTAMPX5CxJUWt/38ds=", + "lastModified": 1670681486, + "narHash": "sha256-Ss1FWOq51+0FQpQWXPiSWHmNYU6NurUvI2wAjOGV/kA=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "fb91989a9489755b890bf9e1957e5f29eaef59f6", + "rev": "85db0117ead108213cc2a4210f72746d8ad8d20a", "type": "github" }, "original": { From d91116448809f1b7621d659c02c144783e6590f2 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 20 Dec 2022 19:44:32 +0100 Subject: [PATCH 494/988] fix DNS search domain in space --- nixos/modules/networking.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 734f964..e47be1d 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -63,12 +63,12 @@ in private-domain = [ "dadada.li" (mkIf cfg.localResolver.uwu "uwu") - (mkIf cfg.localResolver.s0 "s0") + (mkIf cfg.localResolver.s0 "space.stratum0.net") ]; domain-insecure = [ "dadada.li" (mkIf cfg.localResolver.uwu "uwu") - (mkIf cfg.localResolver.s0 "s0") + (mkIf cfg.localResolver.s0 "space.stratum0.net") ]; interface = [ "127.0.0.1" @@ -97,7 +97,7 @@ in ) ( mkIf cfg.localResolver.s0 { - name = "s0."; + name = "space.stratum0.net."; forward-addr = [ "192.168.178.1" ]; From 7fb03dbe2e5d81eef7a3f96e9254b39b52b0d0b1 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 29 Dec 2022 14:21:25 +0100 Subject: [PATCH 495/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/0e8125916b420e41bf0d23a0aa33fadd0328beb3' (2022-12-05) → 'github:nix-community/home-manager/89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706' (2022-12-28) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/0938d73bb143f4ae037143572f11f4338c7b2d1c' (2022-12-17) → 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/2150fd40b2110bbd11dcb62fa5f307ec345b0fb0' (2022-12-16) → 'github:nix-community/nix-doom-emacs/85a48dbec84e9c26785b58fecdefa1cfc580aea7' (2022-12-23) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/c873175c2f8d96cd77c5b6552f411ddd0959e483' (2022-12-15) → 'github:nix-community/emacs-overlay/9c95614e0b1a2f6a3f4cf9b99b17439887ea0373' (2022-12-22) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/85db0117ead108213cc2a4210f72746d8ad8d20a' (2022-12-10) → 'github:jcs-elpa/ts-fold/a64f5252a66253852bef1c627cea9e39928e6392' (2022-12-19) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/25010a042c23695ae457a97aad60e9b1d49f2ecc' (2022-12-19) → 'github:NixOS/nixos-hardware/9577ab1eaf01a738b015a7a7ab2a4616e158b6cd' (2022-12-21) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index effd3e3..957c6ef 100644 --- a/flake.lock +++ b/flake.lock @@ -194,11 +194,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1671128331, - "narHash": "sha256-oa3HZNgyAWEx09eElSISpRCltgYqHshjphJ9eeTO6As=", + "lastModified": 1671729646, + "narHash": "sha256-crrTM9K1q8zGZ2gibEPJAudAnr0bMqPiLr1I8P+I5ls=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c873175c2f8d96cd77c5b6552f411ddd0959e483", + "rev": "9c95614e0b1a2f6a3f4cf9b99b17439887ea0373", "type": "github" }, "original": { @@ -486,11 +486,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1670253003, - "narHash": "sha256-/tJIy4+FbsQyslq1ipyicZ2psOEd8dvl4OJ9lfisjd0=", + "lastModified": 1672244468, + "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", "owner": "nix-community", "repo": "home-manager", - "rev": "0e8125916b420e41bf0d23a0aa33fadd0328beb3", + "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1671313200, - "narHash": "sha256-itZTrtHeDJjV696+ur0/TzkTqb5y3Eb57WRLRPK3rwA=", + "lastModified": 1671883564, + "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0938d73bb143f4ae037143572f11f4338c7b2d1c", + "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", "type": "github" }, "original": { @@ -582,11 +582,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1671154105, - "narHash": "sha256-OI6M2/Kcd1bJuodxV6rV5KtDJMUeewsqKy1B2PLNVys=", + "lastModified": 1671758850, + "narHash": "sha256-B6us/CLIIPJRJgjn/hVp7N07j90kil4HmjUVj8TBhKE=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "2150fd40b2110bbd11dcb62fa5f307ec345b0fb0", + "rev": "85a48dbec84e9c26785b58fecdefa1cfc580aea7", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1671467847, - "narHash": "sha256-eIeZIQbbW0QYDW0nhDaieokw6VakPO3TyJ3RmxqGHOs=", + "lastModified": 1671631481, + "narHash": "sha256-LP6NvQQNKdqDpXngECo6oCiWfYRb0KPGM5+D5lu7mPw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "25010a042c23695ae457a97aad60e9b1d49f2ecc", + "rev": "9577ab1eaf01a738b015a7a7ab2a4616e158b6cd", "type": "github" }, "original": { @@ -946,11 +946,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1670681486, - "narHash": "sha256-Ss1FWOq51+0FQpQWXPiSWHmNYU6NurUvI2wAjOGV/kA=", + "lastModified": 1671426601, + "narHash": "sha256-NrvSK+olbi4P+9q5KOomNHGgmrRtI9cW9ZqkdU4n0Sc=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "85db0117ead108213cc2a4210f72746d8ad8d20a", + "rev": "a64f5252a66253852bef1c627cea9e39928e6392", "type": "github" }, "original": { From 43bf42992959de9ea88d36e78c0fbb9c9155b8fb Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 1 Jan 2023 14:58:34 +0100 Subject: [PATCH 496/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce' (2022-11-18) → 'github:serokell/deploy-rs/a5619f5660a00f58c2b7c16d89058e92327ac9b8' (2022-12-29) • Updated input 'deploy-rs/flake-compat': 'github:edolstra/flake-compat/64a525ee38886ab9028e6f61790de0832aa3ef03' (2022-03-25) → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) • Updated input 'deploy-rs/utils': 'github:numtide/flake-utils/0f8662f1319ad6abf89b3380dd2722369fc51ade' (2022-03-26) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24) → 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/9577ab1eaf01a738b015a7a7ab2a4616e158b6cd' (2022-12-21) → 'github:NixOS/nixos-hardware/0517e81e8ce24a0f4f9eebedbd7bbefcac97c058' (2023-01-01) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 957c6ef..2fee42f 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1668797197, - "narHash": "sha256-0w6iD3GSSQbIeSFVDzAAQZB+hDq670ZTms3d9XI+BtM=", + "lastModified": 1672327199, + "narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=", "owner": "serokell", "repo": "deploy-rs", - "rev": "2a3c5f70eee04a465aa534d8bd4fcc9bb3c4a8ce", + "rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8", "type": "github" }, "original": { @@ -306,11 +306,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1648199409, - "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1671883564, - "narHash": "sha256-C15oAtyupmLB3coZY7qzEHXjhtUx/+77olVdqVMruAg=", + "lastModified": 1672353432, + "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dac57a4eccf1442e8bf4030df6fcbb55883cb682", + "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1671631481, - "narHash": "sha256-LP6NvQQNKdqDpXngECo6oCiWfYRb0KPGM5+D5lu7mPw=", + "lastModified": 1672566874, + "narHash": "sha256-/lmz3/xzdghGSFeCcTiKMjbj0uRmUqTZhh4HHeUJ++g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9577ab1eaf01a738b015a7a7ab2a4616e158b6cd", + "rev": "0517e81e8ce24a0f4f9eebedbd7bbefcac97c058", "type": "github" }, "original": { @@ -961,11 +961,11 @@ }, "utils": { "locked": { - "lastModified": 1648297722, - "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { From 7cde861e0bdc2f1bb42cd45db8653e9f49de053f Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 2 Jan 2023 20:27:00 +0100 Subject: [PATCH 497/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/913a47cd064cc06440ea84e5e0452039a85781f0' (2022-12-29) → 'github:NixOS/nixpkgs/6a0d2701705c3cf6f42c15aa92b7885f1f8a477f' (2022-12-30) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/0517e81e8ce24a0f4f9eebedbd7bbefcac97c058' (2023-01-01) → 'github:NixOS/nixos-hardware/ca29e25c39b8e117d4d76a81f1e229824a9b3a26' (2023-01-02) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2fee42f..c96d6c6 100644 --- a/flake.lock +++ b/flake.lock @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1672353432, - "narHash": "sha256-oZfgp/44/o2tWiylV30cR+DLyWTJ+5dhsdWZVpzs3e4=", + "lastModified": 1672441588, + "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "913a47cd064cc06440ea84e5e0452039a85781f0", + "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1672566874, - "narHash": "sha256-/lmz3/xzdghGSFeCcTiKMjbj0uRmUqTZhh4HHeUJ++g=", + "lastModified": 1672644464, + "narHash": "sha256-RYlvRMcQNT7FDoDkViijQBHg9g+blsB+U6AvL/gAsPI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0517e81e8ce24a0f4f9eebedbd7bbefcac97c058", + "rev": "ca29e25c39b8e117d4d76a81f1e229824a9b3a26", "type": "github" }, "original": { From 40d4500f9d5eaf4c3c7df983156cc6b1703f6377 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 3 Jan 2023 11:36:10 +0100 Subject: [PATCH 498/988] disable serving expired DNS entries This should be fine, since popular names are prefetched and should therefore not expire that often. --- nixos/modules/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index e47be1d..07ad57d 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -42,7 +42,7 @@ in prefetch = true; prefetch-key = true; - serve-expired = true; + serve-expired = false; aggressive-nsec = true; hide-identity = true; From 7192681abefd0c93753860216781bbf0d7ba0435 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 12 Jan 2023 10:34:56 +0100 Subject: [PATCH 499/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288' (2022-10-15) → 'github:ryantm/agenix/42d371d861a227149dc9a7e03350c9ab8b8ddd68' (2023-01-09) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/6a0d2701705c3cf6f42c15aa92b7885f1f8a477f' (2022-12-30) → 'github:NixOS/nixpkgs/54644f409ab471e87014bb305eac8c50190bcf48' (2023-01-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/ca29e25c39b8e117d4d76a81f1e229824a9b3a26' (2023-01-02) → 'github:NixOS/nixos-hardware/88016c96c3c338aa801695cdd9f186820bcfe4d6' (2023-01-11) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c96d6c6..1460b13 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1665870395, - "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", + "lastModified": 1673301561, + "narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=", "owner": "ryantm", "repo": "agenix", - "rev": "a630400067c6d03c9b3e0455347dc8559db14288", + "rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1672441588, - "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", + "lastModified": 1673345971, + "narHash": "sha256-4DfFcKLRfVUTyuGrGNNmw37IeIZSoku9tgTVmu/iD98=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a0d2701705c3cf6f42c15aa92b7885f1f8a477f", + "rev": "54644f409ab471e87014bb305eac8c50190bcf48", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1672644464, - "narHash": "sha256-RYlvRMcQNT7FDoDkViijQBHg9g+blsB+U6AvL/gAsPI=", + "lastModified": 1673440569, + "narHash": "sha256-FQ5o0yI+MH9MgfseeGDsVIIpIqv3BCgq+0NzncuZ9Zo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ca29e25c39b8e117d4d76a81f1e229824a9b3a26", + "rev": "88016c96c3c338aa801695cdd9f186820bcfe4d6", "type": "github" }, "original": { From 979d013d9dd0795ca448008587d0de42612fdc55 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 12 Jan 2023 10:52:11 +0100 Subject: [PATCH 500/988] disable docker and libvirtd --- nixos/modules/profiles/laptop.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 1ceca94..07e93b6 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -40,8 +40,8 @@ with lib; { }; virtualisation = { - libvirtd.enable = mkDefault true; - docker.enable = mkDefault true; + libvirtd.enable = mkDefault false; + docker.enable = mkDefault false; docker.liveRestore = false; }; From 0ad2548567e037d7c4eee7005eef0fd02c86a08d Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 13 Jan 2023 16:41:49 +0100 Subject: [PATCH 501/988] fix accessing Zynq via JTAG --- nixos/gorgon/configuration.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 6121011..daf9f6e 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -15,6 +15,13 @@ let echo "Signing paths" $OUT_PATHS nix store sign --key-file /etc/nix/key.private $OUT_PATHS ''; + noMtpUdevRules = pkgs.writeTextFile { + name = "no-mtp-probe"; + text = '' + ATTR{idVendor}=="0403", ATTR{idProduct}=="6010", ENV{MTP_NO_PROBE}="1", GROUP="dialout", MODE="0666" + ''; + destination = "/etc/udev/rules.d/00-no-mtp.rules"; + }; in { imports = [ @@ -91,13 +98,18 @@ in 21027 # Syncthing ]; }; - + + systemd.services.modem-manager.enable = lib.mkForce false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + + services.udev.packages= [ noMtpUdevRules ]; + virtualisation.libvirtd.enable = true; users.users = { dadada = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" ]; shell = "/run/current-system/sw/bin/zsh"; }; }; From bf4b918fb560bdd9227f929fbf5d97065731767c Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 13 Jan 2023 17:04:29 +0100 Subject: [PATCH 502/988] improve udev rule for xilinx JTAG --- nixos/gorgon/configuration.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index daf9f6e..8e2461f 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -15,12 +15,13 @@ let echo "Signing paths" $OUT_PATHS nix store sign --key-file /etc/nix/key.private $OUT_PATHS ''; - noMtpUdevRules = pkgs.writeTextFile { - name = "no-mtp-probe"; + + xilinxJtag = pkgs.writeTextFile { + name = "xilinx-jtag"; text = '' - ATTR{idVendor}=="0403", ATTR{idProduct}=="6010", ENV{MTP_NO_PROBE}="1", GROUP="dialout", MODE="0666" + ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", TAG+="uaccess" ''; - destination = "/etc/udev/rules.d/00-no-mtp.rules"; + destination = "/etc/udev/rules.d/61-xilinx-jtag.rules"; }; in { @@ -102,7 +103,7 @@ in systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - services.udev.packages= [ noMtpUdevRules ]; + services.udev.packages= [ xilinxJtag ];#noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From 62c6956182b024cef428e35ca6f5cd12e5a7f87e Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 13 Jan 2023 19:44:07 +0100 Subject: [PATCH 503/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/54644f409ab471e87014bb305eac8c50190bcf48' (2023-01-10) → 'github:NixOS/nixpkgs/6a3f9996408c970b99b8b992b11bb249d1455b62' (2023-01-12) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 1460b13..0c316ab 100644 --- a/flake.lock +++ b/flake.lock @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1673345971, - "narHash": "sha256-4DfFcKLRfVUTyuGrGNNmw37IeIZSoku9tgTVmu/iD98=", + "lastModified": 1673527292, + "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54644f409ab471e87014bb305eac8c50190bcf48", + "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", "type": "github" }, "original": { From b253f2b6b4a3e5becae309390f3db93b57029f99 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 16 Jan 2023 12:01:21 +0100 Subject: [PATCH 504/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/6a3f9996408c970b99b8b992b11bb249d1455b62' (2023-01-12) → 'github:NixOS/nixpkgs/a83ed85c14fcf242653df6f4b0974b7e1c73c6c6' (2023-01-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/88016c96c3c338aa801695cdd9f186820bcfe4d6' (2023-01-11) → 'github:NixOS/nixos-hardware/7bd6b87b3712e68007823e8dd5c37ee9b114fee3' (2023-01-15) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0c316ab..6a28903 100644 --- a/flake.lock +++ b/flake.lock @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1673527292, - "narHash": "sha256-903EpRSDCfUvic7Hsiqwy+h7zlMTLAUbCXkEGGriCfM=", + "lastModified": 1673704454, + "narHash": "sha256-5Wdj1MgdOgn3+dMFIBtg+IAYZApjF8JzwLWDPieg0C4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a3f9996408c970b99b8b992b11bb249d1455b62", + "rev": "a83ed85c14fcf242653df6f4b0974b7e1c73c6c6", "type": "github" }, "original": { @@ -640,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1673440569, - "narHash": "sha256-FQ5o0yI+MH9MgfseeGDsVIIpIqv3BCgq+0NzncuZ9Zo=", + "lastModified": 1673803274, + "narHash": "sha256-zaJDlHFXewT4KUsidMpRcPE+REymGH1Y3Eoc3Pjv4Xs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "88016c96c3c338aa801695cdd9f186820bcfe4d6", + "rev": "7bd6b87b3712e68007823e8dd5c37ee9b114fee3", "type": "github" }, "original": { From 4d380ff601d5e30a37730a0b369fff46e239dd82 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 22 Jan 2023 14:15:15 +0100 Subject: [PATCH 505/988] fix gs backup --- nixos/gorgon/configuration.nix | 8 ++++---- nixos/modules/backup.nix | 2 ++ nixos/modules/profiles/backup.nix | 6 ++++++ secrets/gorgon-backup-gs-passphrase.age | 10 ++++++++++ secrets/secrets.nix | 1 + 5 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 secrets/gorgon-backup-gs-passphrase.age diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 8e2461f..34da64e 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -99,12 +99,12 @@ in 21027 # Syncthing ]; }; - + systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - - services.udev.packages= [ xilinxJtag ];#noMtpUdevRules ]; - + + services.udev.packages = [ xilinxJtag ]; #noMtpUdevRules ]; + virtualisation.libvirtd.enable = true; users.users = { diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 198651c..06cf81d 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -88,6 +88,8 @@ in startAt = "monthly"; }; + systemd.timers."borgbackup-job-gs".enable = false; + services.borgbackup.jobs.bs = mkIf cfg.bs.enable { paths = "/"; exclude = backupExcludes; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 88dfab5..dc57f96 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -9,6 +9,12 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; + dadada.backupClient.gs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; + }; + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/secrets/gorgon-backup-gs-passphrase.age b/secrets/gorgon-backup-gs-passphrase.age new file mode 100644 index 0000000..56e974e --- /dev/null +++ b/secrets/gorgon-backup-gs-passphrase.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 0aOabg 9911l+glO4IHD+/KEqVMfJHNHAxP/iShTVpGHgKC/TY +9g7vLb+T2079yst1ZKXKlwAVhF9zQd79vl/UWpnBJq8 +-> ssh-ed25519 Otklkw egRNXEFrQMSJ5rZTM4ND5LgJjkIW66YKtCeWQ1rkNTE +YQViNMFpP/S3Tpc1yvIHIWud7QHTnO0RK3FQbPlQ8N4 +-> xV2q-grease +2HGDr4IOqMcYh5ud219N73Gq8lyOWX4irrjCnNe1CR8dpjWN+rnDnCFbEB3Troqp +4zVnSNw +--- dPWJpPMiJkxAA+H8HmahTdMCGa5HaglmYmgUzhctgUo +@ÌB¾t]šøzïï‘øy*}ˆ‰§îþõ-A’¾×ÁPbÈvÙØhúnŠß =`-Âà4Ò \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b236900..7650525 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,6 +18,7 @@ in "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ]; "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ]; "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; + "gorgon-backup-gs-passphrase.age".publicKeys = [ systems.gorgon dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // From 81f0db14ac4c2e71cda48d729f1bfd785c6d74d8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 22 Jan 2023 14:37:50 +0100 Subject: [PATCH 506/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'deploy-rs': 'github:serokell/deploy-rs/a5619f5660a00f58c2b7c16d89058e92327ac9b8' (2022-12-29) → 'github:serokell/deploy-rs/8c9ea9605eed20528bf60fae35a2b613b901fd77' (2023-01-19) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/a83ed85c14fcf242653df6f4b0974b7e1c73c6c6' (2023-01-14) → 'github:NixOS/nixpkgs/cdead16a444a3e5de7bc9b0af8e198b11bb01804' (2023-01-20) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/85a48dbec84e9c26785b58fecdefa1cfc580aea7' (2022-12-23) → 'github:nix-community/nix-doom-emacs/cac2195c172b084562f028542cd2332ef6d6f27c' (2023-01-20) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/9c95614e0b1a2f6a3f4cf9b99b17439887ea0373' (2022-12-22) → 'github:nix-community/emacs-overlay/fa7dedfa5e1171a76ff78a1260064e1b20ec93bb' (2023-01-19) • Updated input 'nix-doom-emacs/flake-compat': 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) → 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17) • Updated input 'nix-doom-emacs/org': 'github:emacs-straight/org-mode/42153ea2fec66f90c1623be25d6774d96ecf8062' (2022-12-10) → 'github:emacs-straight/org-mode/ecb62e2e317b1a4b5b8a6c0f111ed7ef18413040' (2023-01-12) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/4fe3946cb43de57f79aaa7b646aee7e78f4bcc75' (2022-12-07) → 'github:hakimel/reveal.js/6510916b9f55a8f3110030bcdd1aee1b7fb77b6f' (2023-01-18) • Updated input 'nix-doom-emacs/ts-fold': 'github:jcs-elpa/ts-fold/a64f5252a66253852bef1c627cea9e39928e6392' (2022-12-19) → 'github:jcs-elpa/ts-fold/75d6f9ed317b042b5bc7cb21503596d1c7a1b8c0' (2023-01-10) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6a28903..f0b79ae 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1672327199, - "narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=", + "lastModified": 1674127017, + "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", "owner": "serokell", "repo": "deploy-rs", - "rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8", + "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", "type": "github" }, "original": { @@ -194,11 +194,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1671729646, - "narHash": "sha256-crrTM9K1q8zGZ2gibEPJAudAnr0bMqPiLr1I8P+I5ls=", + "lastModified": 1674151952, + "narHash": "sha256-c0dwSGWi8LH2uBsv7ZJK11To1w8oFjTs+d2dtiusGug=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "9c95614e0b1a2f6a3f4cf9b99b17439887ea0373", + "rev": "fa7dedfa5e1171a76ff78a1260064e1b20ec93bb", "type": "github" }, "original": { @@ -322,11 +322,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -537,11 +537,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1673704454, - "narHash": "sha256-5Wdj1MgdOgn3+dMFIBtg+IAYZApjF8JzwLWDPieg0C4=", + "lastModified": 1674242456, + "narHash": "sha256-yBy7rCH7EiBe9+CHZm9YB5ii5GRa+MOxeW0oDEBO8SE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a83ed85c14fcf242653df6f4b0974b7e1c73c6c6", + "rev": "cdead16a444a3e5de7bc9b0af8e198b11bb01804", "type": "github" }, "original": { @@ -582,11 +582,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1671758850, - "narHash": "sha256-B6us/CLIIPJRJgjn/hVp7N07j90kil4HmjUVj8TBhKE=", + "lastModified": 1674178427, + "narHash": "sha256-3bSxHYmHET/6VVnSSzAEGRCV2ZoKCbVAvn/NXnDYOwM=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "85a48dbec84e9c26785b58fecdefa1cfc580aea7", + "rev": "cac2195c172b084562f028542cd2332ef6d6f27c", "type": "github" }, "original": { @@ -750,11 +750,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1670680538, - "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=", + "lastModified": 1673519709, + "narHash": "sha256-XtGk32Lw2iGDgH5Q4Rjhig0Iq5hpIM0EKQoptJ+nT3k=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062", + "rev": "ecb62e2e317b1a4b5b8a6c0f111ed7ef18413040", "type": "github" }, "original": { @@ -834,11 +834,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1670408834, - "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=", + "lastModified": 1674035434, + "narHash": "sha256-z+XxEX+GVcnKt4GAollnHTEHA8YkQfVOLLUuHka6EtA=", "owner": "hakimel", "repo": "reveal.js", - "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75", + "rev": "6510916b9f55a8f3110030bcdd1aee1b7fb77b6f", "type": "github" }, "original": { @@ -946,11 +946,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1671426601, - "narHash": "sha256-NrvSK+olbi4P+9q5KOomNHGgmrRtI9cW9ZqkdU4n0Sc=", + "lastModified": 1673328482, + "narHash": "sha256-6yQ35uJDAK531QNQZgloQaOQayRa8azOlOMbO8lXsHE=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "a64f5252a66253852bef1c627cea9e39928e6392", + "rev": "75d6f9ed317b042b5bc7cb21503596d1c7a1b8c0", "type": "github" }, "original": { From c5a07ff3cb10a26b0682e4073fdf51357a92baf2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 22 Jan 2023 14:43:51 +0100 Subject: [PATCH 507/988] enable auto-deploy --- nixos/modules/admin.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index fcdf9f8..a271b4c 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -81,6 +81,13 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; + system.autoUpgrade = { + enable = true; + flake = "github:dadada/nix-config.git#${config.networking.hostName}"; + allowReboot = true; + randomizedDelaySec = "45min"; + }; + users.users = mapAttrs (user: keys: { From bde44cff9b6a0c0e733671392f7302550648a750 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 22 Jan 2023 20:18:15 +0100 Subject: [PATCH 508/988] fix backup auto-mount --- nixos/modules/backup.nix | 25 +++++++++++++------ ...se.age => gorgon-backup-passphrase-gs.age} | 0 secrets/secrets.nix | 2 +- 3 files changed, 19 insertions(+), 8 deletions(-) rename secrets/{gorgon-backup-gs-passphrase.age => gorgon-backup-passphrase-gs.age} (100%) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 06cf81d..e0d6417 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -60,15 +60,24 @@ in }; config = { - fileSystems = mkIf cfg.gs.enable { - "/backup" = { - device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; - fsType = "ext4"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - }; + systemd.mounts = mkIf cfg.gs.enable [ + { + type = "ext4"; + what = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; + where = "/backup"; + options = "nofail noauto"; + } + ]; + + systemd.automounts = mkIf cfg.gs.enable [ + { + where = "/backup"; + automountConfig.TimeoutIdleSec = "600"; + } + ]; services.borgbackup.jobs.gs = mkIf cfg.gs.enable { + removableDevice = true; paths = "/"; exclude = backupExcludes; repo = "/backup/${config.networking.hostName}"; @@ -88,6 +97,8 @@ in startAt = "monthly"; }; + systemd.services."borgbackup-job-gs".enable = false; + systemd.services."borgbackup-job-gs".wants = [ "backup.mount" ]; systemd.timers."borgbackup-job-gs".enable = false; services.borgbackup.jobs.bs = mkIf cfg.bs.enable { diff --git a/secrets/gorgon-backup-gs-passphrase.age b/secrets/gorgon-backup-passphrase-gs.age similarity index 100% rename from secrets/gorgon-backup-gs-passphrase.age rename to secrets/gorgon-backup-passphrase-gs.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7650525..3fd977e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,7 +18,7 @@ in "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ]; "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ]; "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; - "gorgon-backup-gs-passphrase.age".publicKeys = [ systems.gorgon dadada ]; + "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // From ce130e2d0c2a9ca64121c054554b1402b71c918c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Jan 2023 21:00:41 +0100 Subject: [PATCH 509/988] build(deps): bump cachix/install-nix-action from 15 to 18 (#26) Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 15 to 18. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v15...v18) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 275a23c..6db59e6 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v15 + - uses: cachix/install-nix-action@v18 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | From e4583f784fcfbed7460bcef134c25db47237d3f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Jan 2023 21:00:58 +0100 Subject: [PATCH 510/988] build(deps): bump cachix/cachix-action from 11 to 12 (#27) Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 11 to 12. - [Release notes](https://github.com/cachix/cachix-action/releases) - [Commits](https://github.com/cachix/cachix-action/compare/v11...v12) --- updated-dependencies: - dependency-name: cachix/cachix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 6db59e6..d42a902 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -18,7 +18,7 @@ jobs: experimental-features = nix-command flakes access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v11 + - uses: cachix/cachix-action@v12 with: name: dadada authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From d9b0ccc12e96892ee602443f6cb74695ba0afbe4 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Jan 2023 20:56:44 +0100 Subject: [PATCH 511/988] update and remove deploy-rs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/42d371d861a227149dc9a7e03350c9ab8b8ddd68' (2023-01-09) → 'github:ryantm/agenix/49798e535ebc07fec82256b283d35be36d8c6c9a' (2023-01-29) • Updated input 'home-manager': 'github:nix-community/home-manager/89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706' (2022-12-28) → 'github:nix-community/home-manager/65c47ced082e3353113614f77b1bc18822dc731f' (2023-01-23) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/cdead16a444a3e5de7bc9b0af8e198b11bb01804' (2023-01-20) → 'github:NixOS/nixpkgs/f413457e0dd7a42adefdbcea4391dd9751509025' (2023-01-30) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/cac2195c172b084562f028542cd2332ef6d6f27c' (2023-01-20) → 'github:nix-community/nix-doom-emacs/e92e5b6021b1ad4290e051111010ba51921507cd' (2023-01-27) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/fa7dedfa5e1171a76ff78a1260064e1b20ec93bb' (2023-01-19) → 'github:nix-community/emacs-overlay/acff9f41c4962704acb8008e5ff5b90a43cf7758' (2023-01-26) • Updated input 'nix-doom-emacs/revealjs': 'github:hakimel/reveal.js/6510916b9f55a8f3110030bcdd1aee1b7fb77b6f' (2023-01-18) → 'github:hakimel/reveal.js/b1a9842b2f4544a2fda546383db38cc7a81f6b74' (2023-01-25) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/7bd6b87b3712e68007823e8dd5c37ee9b114fee3' (2023-01-15) → 'github:NixOS/nixos-hardware/b7ac0a56029e4f9e6743b9993037a5aaafd57103' (2023-01-24) --- checks.nix | 3 +- deploy.nix | 31 ------------ devshell.nix | 6 --- flake.lock | 100 +++++++++------------------------------ flake.nix | 4 -- nixos/configurations.nix | 2 +- outputs.nix | 6 +-- 7 files changed, 26 insertions(+), 126 deletions(-) delete mode 100644 deploy.nix diff --git a/checks.nix b/checks.nix index 3978881..65d3493 100644 --- a/checks.nix +++ b/checks.nix @@ -1,5 +1,4 @@ { self -, deploy-rs , flake-utils , nixpkgs , ... @@ -17,5 +16,5 @@ buildInputs = [ formatter ]; } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; - } // deploy-rs.lib."${system}".deployChecks self.deploy; + }; })).checks diff --git a/deploy.nix b/deploy.nix deleted file mode 100644 index 6812266..0000000 --- a/deploy.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ self, deploy-rs, ... }: -let - domain = "dadada.li"; - configs = self.nixosConfigurations; - daNode = hostname: - let - config = self.nixosConfigurations."${hostname}"; - system = config.pkgs.system; - activateNixos = deploy-rs.lib."${system}".activate.nixos; - in - { - hostname = "${hostname}.${domain}"; - fastConnection = true; - profiles = { - system = { - sshUser = "dadada"; - path = activateNixos config; - user = "root"; - }; - }; - }; -in -{ - nodes = builtins.mapAttrs (hostname: fun: fun hostname) { - agares = daNode; - ifrit = daNode; - pruflas = daNode; - surgat = daNode; - }; -} - diff --git a/devshell.nix b/devshell.nix index f9bd67a..ebdfb12 100644 --- a/devshell.nix +++ b/devshell.nix @@ -36,12 +36,6 @@ ''; category = "dev"; } - { - name = "deploy"; - help = "Deploy this flake"; - package = "deploy-rs"; - category = "deploy"; - } { name = "check"; help = "Run checks"; diff --git a/flake.lock b/flake.lock index f0b79ae..f235587 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1673301561, - "narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=", + "lastModified": 1675030834, + "narHash": "sha256-e1/7Z7rVRqy2NuEOxrRm560wc/Kn8NU7gz8CDfmu9F0=", "owner": "ryantm", "repo": "agenix", - "rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68", + "rev": "49798e535ebc07fec82256b283d35be36d8c6c9a", "type": "github" }, "original": { @@ -36,28 +36,6 @@ "type": "github" } }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "myNixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1674127017, - "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, "devshell": { "inputs": { "flake-utils": "flake-utils", @@ -194,11 +172,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1674151952, - "narHash": "sha256-c0dwSGWi8LH2uBsv7ZJK11To1w8oFjTs+d2dtiusGug=", + "lastModified": 1674756934, + "narHash": "sha256-rbXnloG12DB0fY7wqBJ8JtN8Vqd47WQBdQ1lsHdoAh4=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fa7dedfa5e1171a76ff78a1260064e1b20ec93bb", + "rev": "acff9f41c4962704acb8008e5ff5b90a43cf7758", "type": "github" }, "original": { @@ -304,22 +282,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1673956053, @@ -483,14 +445,14 @@ "nixpkgs": [ "myNixpkgs" ], - "utils": "utils_2" + "utils": "utils" }, "locked": { - "lastModified": 1672244468, - "narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=", + "lastModified": 1674440933, + "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", "owner": "nix-community", "repo": "home-manager", - "rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706", + "rev": "65c47ced082e3353113614f77b1bc18822dc731f", "type": "github" }, "original": { @@ -537,11 +499,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1674242456, - "narHash": "sha256-yBy7rCH7EiBe9+CHZm9YB5ii5GRa+MOxeW0oDEBO8SE=", + "lastModified": 1675061157, + "narHash": "sha256-F7/F65ZFWbq7cKSiV3K2acxCv64jKaZZ/K0A3VNT2kA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cdead16a444a3e5de7bc9b0af8e198b11bb01804", + "rev": "f413457e0dd7a42adefdbcea4391dd9751509025", "type": "github" }, "original": { @@ -562,7 +524,7 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "flake-utils": "flake-utils_4", "format-all": "format-all", "nix-straight": "nix-straight", @@ -582,11 +544,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1674178427, - "narHash": "sha256-3bSxHYmHET/6VVnSSzAEGRCV2ZoKCbVAvn/NXnDYOwM=", + "lastModified": 1674782939, + "narHash": "sha256-mf+RaqdCqqLraVVOQ5c8LRj+9ChnVzsUNlOjJSPdBbc=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "cac2195c172b084562f028542cd2332ef6d6f27c", + "rev": "e92e5b6021b1ad4290e051111010ba51921507cd", "type": "github" }, "original": { @@ -640,11 +602,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1673803274, - "narHash": "sha256-zaJDlHFXewT4KUsidMpRcPE+REymGH1Y3Eoc3Pjv4Xs=", + "lastModified": 1674550793, + "narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7bd6b87b3712e68007823e8dd5c37ee9b114fee3", + "rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103", "type": "github" }, "original": { @@ -834,11 +796,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1674035434, - "narHash": "sha256-z+XxEX+GVcnKt4GAollnHTEHA8YkQfVOLLUuHka6EtA=", + "lastModified": 1674652670, + "narHash": "sha256-ViqeZlOjQTlY0KM7YcOOjdgkxRLPMZrRKXTqtyc1I00=", "owner": "hakimel", "repo": "reveal.js", - "rev": "6510916b9f55a8f3110030bcdd1aee1b7fb77b6f", + "rev": "b1a9842b2f4544a2fda546383db38cc7a81f6b74", "type": "github" }, "original": { @@ -850,7 +812,6 @@ "root": { "inputs": { "agenix": "agenix", - "deploy-rs": "deploy-rs", "devshell": "devshell", "flake-utils": "flake-utils_2", "helix": "helix", @@ -974,21 +935,6 @@ "type": "github" } }, - "utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "ws-butler": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 4bc1215..a6eb1f8 100644 --- a/flake.nix +++ b/flake.nix @@ -32,10 +32,6 @@ url = github:ryantm/agenix; inputs.nixpkgs.follows = "myNixpkgs"; }; - deploy-rs = { - url = github:serokell/deploy-rs; - inputs.nixpkgs.follows = "myNixpkgs"; - }; devshell = { url = github:numtide/devshell; inputs.nixpkgs.follows = "myNixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 01a0094..f920ac1 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -16,7 +16,7 @@ let nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { inherit system; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModule ] ++ extraModules; + modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in { diff --git a/outputs.nix b/outputs.nix index dff9822..76d2343 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,6 +1,5 @@ # Adapted from Mic92/dotfiles { self -, deploy-rs , flake-utils , homePage , nixpkgs @@ -27,8 +26,7 @@ pkgs = import nixpkgs { inherit system; overlays = [ - agenix.overlay - (final: prev: { deploy-rs = deploy-rs.defaultPackage.${system}; }) + agenix.overlays.default devshell.overlay ]; }; @@ -69,7 +67,5 @@ hydraJobs = import ./hydra-jobs.nix inputs; - deploy = import ./deploy.nix inputs; - checks = import ./checks.nix inputs; } From 3a704f62c42c83b1ac95bc0ecc21ccf1dc478242 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 2 Feb 2023 12:23:54 +0100 Subject: [PATCH 512/988] home: add picocom --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 05828b9..20cacaa 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -95,6 +95,7 @@ with pkgs; [ pandoc # document converter and templater pass pavucontrol + picocom pinentry-gnome playerctl procs # ps in rust From 73cb3311661614ee83f96a4d9185c023cd2bf54a Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Feb 2023 18:41:31 +0100 Subject: [PATCH 513/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/49798e535ebc07fec82256b283d35be36d8c6c9a' (2023-01-29) → 'github:ryantm/agenix/b7ffcfe77f817d9ee992640ba1f270718d197f28' (2023-01-31) • Added input 'agenix/darwin': 'github:lnl7/nix-darwin/87b9d090ad39b25b2400029c64825fc2a8868943' (2023-01-09) • Added input 'agenix/darwin/nixpkgs': follows 'agenix/nixpkgs' • Updated input 'devshell': 'github:numtide/devshell/5aa3a8039c68b4bf869327446590f4cdf90bb634' (2022-12-19) → 'github:numtide/devshell/2e19b92980a79118351ec12496a81c49bd674d8a' (2023-02-02) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/f413457e0dd7a42adefdbcea4391dd9751509025' (2023-01-30) → 'github:NixOS/nixpkgs/285b3ff0660640575186a4086e1f8dc0df2874b5' (2023-02-01) • Updated input 'nix-doom-emacs': 'github:nix-community/nix-doom-emacs/e92e5b6021b1ad4290e051111010ba51921507cd' (2023-01-27) → 'github:nix-community/nix-doom-emacs/8de922e4e23158790970a266234a853305b1928d' (2023-02-03) • Updated input 'nix-doom-emacs/emacs-overlay': 'github:nix-community/emacs-overlay/acff9f41c4962704acb8008e5ff5b90a43cf7758' (2023-01-26) → 'github:nix-community/emacs-overlay/a018577287e390e01654a8b44d57d183a51b72b2' (2023-02-02) --- flake.lock | 53 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index f235587..ae1e29a 100644 --- a/flake.lock +++ b/flake.lock @@ -2,16 +2,17 @@ "nodes": { "agenix": { "inputs": { + "darwin": "darwin", "nixpkgs": [ "myNixpkgs" ] }, "locked": { - "lastModified": 1675030834, - "narHash": "sha256-e1/7Z7rVRqy2NuEOxrRm560wc/Kn8NU7gz8CDfmu9F0=", + "lastModified": 1675176355, + "narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=", "owner": "ryantm", "repo": "agenix", - "rev": "49798e535ebc07fec82256b283d35be36d8c6c9a", + "rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28", "type": "github" }, "original": { @@ -36,6 +37,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devshell": { "inputs": { "flake-utils": "flake-utils", @@ -44,11 +67,11 @@ ] }, "locked": { - "lastModified": 1671489820, - "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=", + "lastModified": 1675340818, + "narHash": "sha256-GAzTgOvonq4K3CVyyKZGbCnqdLi6nRe78t8ko/mLxL0=", "owner": "numtide", "repo": "devshell", - "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634", + "rev": "2e19b92980a79118351ec12496a81c49bd674d8a", "type": "github" }, "original": { @@ -172,11 +195,11 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1674756934, - "narHash": "sha256-rbXnloG12DB0fY7wqBJ8JtN8Vqd47WQBdQ1lsHdoAh4=", + "lastModified": 1675362118, + "narHash": "sha256-11CqDTkQA9P5I4InVCXmj/IaHvz4nUJaLNFiDiHVvIg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "acff9f41c4962704acb8008e5ff5b90a43cf7758", + "rev": "a018577287e390e01654a8b44d57d183a51b72b2", "type": "github" }, "original": { @@ -499,11 +522,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1675061157, - "narHash": "sha256-F7/F65ZFWbq7cKSiV3K2acxCv64jKaZZ/K0A3VNT2kA=", + "lastModified": 1675237434, + "narHash": "sha256-YoFR0vyEa1HXufLNIFgOGhIFMRnY6aZ0IepZF5cYemo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f413457e0dd7a42adefdbcea4391dd9751509025", + "rev": "285b3ff0660640575186a4086e1f8dc0df2874b5", "type": "github" }, "original": { @@ -544,11 +567,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1674782939, - "narHash": "sha256-mf+RaqdCqqLraVVOQ5c8LRj+9ChnVzsUNlOjJSPdBbc=", + "lastModified": 1675387812, + "narHash": "sha256-fGjWMg97w1mP0cDIR9Y8qCa77sEtiIdYzqiRB+P2YcM=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "e92e5b6021b1ad4290e051111010ba51921507cd", + "rev": "8de922e4e23158790970a266234a853305b1928d", "type": "github" }, "original": { From f20b488b4f800a8963d8aaba5a0f37a54edbd4d6 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Feb 2023 19:20:25 +0100 Subject: [PATCH 514/988] fix flake update url --- nixos/modules/admin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index a271b4c..4f7d4b6 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -83,7 +83,7 @@ in system.autoUpgrade = { enable = true; - flake = "github:dadada/nix-config.git#${config.networking.hostName}"; + flake = "github:dadada/nix-config#${config.networking.hostName}"; allowReboot = true; randomizedDelaySec = "45min"; }; From 75234938904e78d3bead534672056b92866313fd Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Feb 2023 19:26:10 +0100 Subject: [PATCH 515/988] move GS backup client config --- nixos/modules/profiles/backup.nix | 6 ------ nixos/modules/profiles/laptop.nix | 7 +++++++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index dc57f96..88dfab5 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -9,12 +9,6 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; - dadada.backupClient.gs = { - enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; - }; - age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 07e93b6..b7264cd 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -72,4 +72,11 @@ with lib; { pulse.enable = true; }; hardware.pulseaudio.enable = false; + + dadada.backupClient.gs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; + }; + + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } From 8f05af8f4b3eecb16330ab93c743cf9f9647988c Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Feb 2023 20:05:23 +0100 Subject: [PATCH 516/988] install evolution --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 20cacaa..f438413 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -23,6 +23,7 @@ with pkgs; [ duf # disk usage dyff # diff tool for YAML evince + evolution exa ffmpeg file From 71176977a3f2903a7820413e6bf63d439ce4ed53 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Feb 2023 20:10:17 +0100 Subject: [PATCH 517/988] fix secrets path --- nixos/modules/profiles/laptop.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index b7264cd..a517ede 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -3,7 +3,9 @@ , lib , ... }: -with lib; { +let + secretsPath = config.dadada.secrets.path; +in with lib; { imports = [ ./backup.nix ./base.nix From 738b86369a1d88178209c8d5a176cb0d521839fd Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Feb 2023 20:14:52 +0100 Subject: [PATCH 518/988] remove thunderbird --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index f438413..b194f92 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -123,7 +123,6 @@ with pkgs; [ steam tcpdump tdesktop - thunderbird tmux ttyd unzip From f252b99469ae29b94d8ee13063a1e52dcfa286c6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Feb 2023 16:08:50 +0100 Subject: [PATCH 519/988] refactor profiles --- flake.lock | 37 ++++++++++++++++++++ flake.nix | 5 +++ nixos/agares/configuration.nix | 6 ---- nixos/configurations.nix | 20 +++++++++++ nixos/gorgon/configuration.nix | 1 - nixos/modules/admin.nix | 9 +---- nixos/modules/default.nix | 3 +- nixos/modules/inputs.nix | 19 +++++++++++ nixos/modules/nix.nix | 36 ------------------- nixos/modules/profiles/base.nix | 57 ++++++++++++++++++++++++++++--- nixos/modules/profiles/laptop.nix | 29 ++-------------- nixos/modules/profiles/server.nix | 20 +++++++---- nixos/modules/update.nix | 40 ---------------------- nixos/pruflas/configuration.nix | 2 -- 14 files changed, 151 insertions(+), 133 deletions(-) create mode 100644 nixos/modules/inputs.nix delete mode 100644 nixos/modules/nix.nix delete mode 100644 nixos/modules/update.nix diff --git a/flake.lock b/flake.lock index ae1e29a..cc7a0a0 100644 --- a/flake.lock +++ b/flake.lock @@ -623,6 +623,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1674666581, + "narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1674550793, @@ -842,6 +878,7 @@ "homePage": "homePage", "myNixpkgs": "myNixpkgs", "nix-doom-emacs": "nix-doom-emacs", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": [ "myNixpkgs" diff --git a/flake.nix b/flake.nix index a6eb1f8..7ff1357 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,11 @@ inputs.nixpkgs.follows = "myNixpkgs"; }; helix.url = github:helix-editor/helix/22.08.1; + + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 0b2e4ed..f1a5828 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -63,12 +63,6 @@ networking.interfaces.enp1s0.useDHCP = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - networking.firewall = { enable = true; allowPing = true; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index f920ac1..1e99485 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -8,6 +8,7 @@ , scripts , recipemd , helix +, nixos-generators , ... }@inputs: let @@ -83,4 +84,23 @@ in ./agares/configuration.nix ]; }; + + installer = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + modules = [ + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = false; + documentation.nixos.enable = false; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 34da64e..9c55b8c 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -41,7 +41,6 @@ in networking.hostName = "gorgon"; dadada = { - autoUpgrade.enable = false; #headphones.enable = true; steam.enable = true; kanboard.enable = true; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 4f7d4b6..87d9573 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -81,13 +81,6 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - system.autoUpgrade = { - enable = true; - flake = "github:dadada/nix-config#${config.networking.hostName}"; - allowReboot = true; - randomizedDelaySec = "45min"; - }; - users.users = mapAttrs (user: keys: { @@ -98,7 +91,7 @@ in }) cfg.users; - nix.trustedUsers = builtins.attrNames cfg.users; + nix.settings.trusted-users = builtins.attrNames cfg.users; users.mutableUsers = mkDefault false; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 9b0bbc9..0d63712 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -12,14 +12,13 @@ kanboard = import ./kanboard; miniflux = import ./miniflux.nix; networking = import ./networking.nix; - nix = import ./nix.nix; + inputs = import ./inputs.nix; nixpkgs = import ./nixpkgs.nix; packages = import ./packages.nix; secrets = import ./secrets.nix; share = import ./share.nix; steam = import ./steam.nix; sway = import ./sway.nix; - update = import ./update.nix; vpnServer = import ./vpnServer.nix; weechat = import ./weechat.nix; } diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix new file mode 100644 index 0000000..4db219c --- /dev/null +++ b/nixos/modules/inputs.nix @@ -0,0 +1,19 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.dadada.inputs; +in +{ + options = { + dadada.inputs = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + description = "Flake inputs that should be available inside Nix modules"; + default = { }; + }; + }; + + config = { }; +} diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix deleted file mode 100644 index 85954b4..0000000 --- a/nixos/modules/nix.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -let - cfg = config.dadada.inputs; -in -{ - options = { - dadada.inputs = lib.mkOption { - type = lib.types.attrsOf lib.types.attrs; - description = "Flake inputs that should be available inside Nix modules"; - default = { }; - }; - }; - - config = { - nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") cfg; - nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) cfg; - - nix.settings.substituters = [ - https://cache.nixos.org/ - https://nix-community.cachix.org/ - ]; - - nix.settings.trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - - nix.settings.require-sigs = true; - nix.settings.sandbox = true; - }; -} diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 146c443..2d221b3 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,7 +1,56 @@ -{ config, ... }: +{ config, lib, ... }: +let + mkDefault = lib.mkDefault; + inputs = config.dadada.inputs; +in { - security.acme = { - defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + console = mkDefault { + font = "Lat2-Terminus16"; + keyMap = "us"; }; + + time.timeZone = mkDefault "Europe/Berlin"; + + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; + + nix.settings.substituters = [ + https://cache.nixos.org/ + https://nix-community.cachix.org/ + ]; + + nix.settings.trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + + nix.settings.require-sigs = true; + + nix.settings.auto-optimise-store = true; + + nix.gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 3d"; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + programs.zsh = mkDefault { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + histSize = 100000; + vteIntegration = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "pattern" "root" "line" ]; + }; + }; + } + diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index a517ede..fc6813f 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -5,7 +5,8 @@ }: let secretsPath = config.dadada.secrets.path; -in with lib; { +in +with lib; { imports = [ ./backup.nix ./base.nix @@ -21,34 +22,8 @@ in with lib; { source-code-pro ]); - time.timeZone = mkDefault "Europe/Berlin"; - - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - - console.keyMap = mkDefault "us"; - users.mutableUsers = mkDefault true; - programs.zsh = mkDefault { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - histSize = 100000; - vteIntegration = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; - }; - }; - - virtualisation = { - libvirtd.enable = mkDefault false; - docker.enable = mkDefault false; - docker.liveRestore = false; - }; - - virtualisation.docker.extraOptions = mkDefault "--bip=192.168.1.5/24"; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = mkDefault true; boot.loader.efi.canTouchEfiVariables = mkDefault true; diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 42740d0..2bb73ec 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -14,19 +14,25 @@ with lib; { dadada.admin.enable = true; dadada.networking.localResolver.enable = true; - dadada.autoUpgrade.enable = mkDefault true; environment.noXlibs = mkDefault true; documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - console = mkDefault { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - services.journald.extraConfig = '' SystemKeepFree = 2G ''; + + system.autoUpgrade = { + enable = true; + flake = "github:dadada/nix-config#${config.networking.hostName}"; + allowReboot = true; + randomizedDelaySec = "45min"; + }; + + security.acme = { + defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; + } diff --git a/nixos/modules/update.nix b/nixos/modules/update.nix deleted file mode 100644 index 68fc45c..0000000 --- a/nixos/modules/update.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - cfg = config.dadada.autoUpgrade; -in -{ - options.dadada.autoUpgrade = { - enable = mkEnableOption "Enable automatic upgrades"; - }; - - config = mkIf cfg.enable { - nix = { - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 3d"; - }; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - registry."dadada" = { - from = { - type = "indirect"; - id = "dadada"; - }; - to = { - type = "github"; - owner = "dadada"; - repo = "nix-config"; - }; - }; - }; - }; -} diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index d53867c..5b8e592 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -188,8 +188,6 @@ in dadada.networking.localResolver.uwu = true; dadada.networking.localResolver.s0 = true; - dadada.autoUpgrade.enable = mkDefault true; - documentation.enable = false; documentation.nixos.enable = false; From 9c27dbc6c3e87c16f51ec1c86013266f2684ddf6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Feb 2023 17:54:21 +0100 Subject: [PATCH 520/988] surgat: add sshd to initrd --- nixos/modules/profiles/cloud.nix | 34 ++++++++++++++++++++++++ nixos/modules/profiles/server.nix | 2 +- nixos/surgat/configuration.nix | 2 ++ secrets/secrets.nix | 1 + secrets/surgat-ssh_host_ed25519_key.age | Bin 0 -> 802 bytes 5 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/profiles/cloud.nix create mode 100644 secrets/surgat-ssh_host_ed25519_key.age diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix new file mode 100644 index 0000000..39e5bf1 --- /dev/null +++ b/nixos/modules/profiles/cloud.nix @@ -0,0 +1,34 @@ +{ config, lib, ... }: +let + secretsPath = config.dadada.secrets.path; + initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; +in +{ + boot.initrd.availableKernelModules = [ "virtio-pci" ]; + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 43235; + hostKeys = [ + age.secrets."${initrdHostKey}" + ]; + authorizedKeys = with lib; + concatLists (mapAttrsToList + (name: user: + if elem "wheel" user.extraGroups then + user.openssh.authorizedKeys.keys + else + [ ]) + config.users.users); + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + + age.secrets."${initrdHostKey}" = { + file = "${secretsPath}/${initrdHostKey}"; + mode = "600"; + }; +} diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 2bb73ec..31086f2 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -26,7 +26,7 @@ with lib; { system.autoUpgrade = { enable = true; flake = "github:dadada/nix-config#${config.networking.hostName}"; - allowReboot = true; + allowReboot = mkDefault true; randomizedDelaySec = "45min"; }; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index f80b215..4e73860 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -113,5 +113,7 @@ in ]; }; + system.autoUpgrade.allowReboot = false; + system.stateVersion = "20.09"; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3fd977e..1ff2383 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,6 +19,7 @@ in "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ]; "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; + "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age new file mode 100644 index 0000000000000000000000000000000000000000..48860abc4509595f5ba0a220929eb2dd90564a8f GIT binary patch literal 802 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73iZz_C|AgFH4FDD zbv6w)aLzFeC{MRA4u~wv4>k*RD)MqQ%L&O(^7r;AbSW!!OXn&Ki_AB5%<(cX_Dqkg zND9s~baZ#}_9*f*^EZr23UN$JDYQ%p3H0#Ea7DMxza%>+yIdh9v&b(ept#b=u_8Dp zINUKYtkSGFu`DT|!ptYxz`(+|Al0)ZFV8JI+<>bvBr4M*G9}7C-y_*8)W_7r)iJv$ zs=~)IC@m_-qs%$g*+00r+@~tZ-vne^oNjtiYGQG!f`x&pmuf_IDOb9me|}k5XktaV zVR?p2KxkUAiJ@^)UZ!8DN2Ou9gZW0+^KwqJ^uxd)f7 zuC9VbW$sl3uSbW!GZ*6wphG(&Y&Ov(?+uGwv;z{0+NZd(1R+}Ot|AH)M=_ZiPM^KzI} z`X@#G{6s!-9Nz&9-Y1zE!;x+BUJ7RC;mbfW=X84oa@p9rHk96)b zpR7-22X0%i?p8|X)Hv65@}PC+)hnfoKi@aAltL9Tkt6)6m%IG7L(tmDP zY`9CJTkYA=%_etumW6%dXLGK4{bXje^tvxIWW&2d=an4H`y=h{Wb%0RtrtoSf`U02 zf45(6yU=&J;^Wz)4bf3z1;_I5z+cG z*U)apqI@_0%PvhE+E1Q$Uf6iCW`15x<+m^Mdz{toZ2u$Ye!BS7<&;~p9P2c5)njZ! zL)EvMeAs5qS-hyBV7gR`O<ADe3}EWA+ts9?1D+! Date: Sat, 4 Feb 2023 18:00:29 +0100 Subject: [PATCH 521/988] disable noXlibs Causes recompilation of many things... --- nixos/modules/profiles/cloud.nix | 4 ++-- nixos/modules/profiles/server.nix | 1 - nixos/surgat/configuration.nix | 14 +++++--------- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 39e5bf1..5f33513 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -11,7 +11,7 @@ in enable = true; port = 43235; hostKeys = [ - age.secrets."${initrdHostKey}" + config.age.secrets."${initrdHostKey}".path ]; authorizedKeys = with lib; concatLists (mapAttrsToList @@ -28,7 +28,7 @@ in }; age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/${initrdHostKey}"; + file = "${secretsPath}/${initrdHostKey}.age"; mode = "600"; }; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 31086f2..5652560 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -15,7 +15,6 @@ with lib; { dadada.admin.enable = true; dadada.networking.localResolver.enable = true; - environment.noXlibs = mkDefault true; documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 4e73860..e25c9ab 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -9,6 +9,7 @@ in { imports = [ ./hardware-configuration.nix + ../modules/profiles/cloud.nix ]; networking.hostName = hostName; @@ -50,7 +51,10 @@ in }; networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; + networking.interfaces.ens3 = { + useDHCP = true; + ipv4.addresses = [{ address = "49.12.3.98"; prefixLength = 32; }]; + }; networking.firewall = { enable = true; @@ -83,14 +87,6 @@ in interface = "ens3"; }; - #boot.initrd.network.ssh = { - # enable = true; - # port = 22; - # authorizedKeys = "${keys}/dadada.pub"; - # hostKeys = [ - # ]; - #}; - swapDevices = [ { device = "/var/swapfile"; From 920bfc1da5a98cc120e845b4dbddc0c95a8ca606 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Feb 2023 18:38:01 +0100 Subject: [PATCH 522/988] rekey secrets --- secrets/agares-backup-passphrase.age | 16 ++++++++-------- secrets/agares-backup-ssh-key.age | Bin 757 -> 811 bytes secrets/gorgon-backup-passphrase-gs.age | 18 +++++++++--------- secrets/gorgon-backup-passphrase.age | 17 ++++++++--------- secrets/gorgon-backup-ssh-key.age | Bin 772 -> 819 bytes secrets/hydra-github-authorization.age | Bin 592 -> 530 bytes secrets/ifrit-backup-passphrase.age | Bin 422 -> 500 bytes secrets/ifrit-backup-ssh-key.age | Bin 853 -> 795 bytes secrets/miniflux-admin-credentials.age | 17 +++++++++-------- secrets/pruflas-backup-passphrase.age | 19 ++++++++++--------- secrets/pruflas-backup-ssh-key.age | Bin 840 -> 748 bytes secrets/pruflas-wg-hydra-key.age | Bin 469 -> 467 bytes secrets/pruflas-wg0-key.age | 17 ++++++++--------- secrets/pruflas-wg0-preshared-key.age | 18 ++++++++---------- secrets/surgat-backup-passphrase.age | 16 ++++++++-------- secrets/surgat-backup-ssh-key.age | Bin 873 -> 780 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 802 -> 850 bytes 17 files changed, 68 insertions(+), 70 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index c4e6b96..da779d0 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w XJpwj5rJChtcCt76+K1BjWC1kxN4hdT6gVnhBpFcIzQ -S7D+LJqyFItN2xh+FFZEM2ZfRAi6wralPWMYNDByGiY --> ssh-ed25519 Otklkw 0bDUMyBjoO2jQPndkTHcbUZVHYWSWYFaTA7R6MNjLU4 -6p3mN7ASQARV0U++rIcdbBxqFaMHDzpJ/7KsGbp8Ab8 --> %RpI)9)-grease qEewi KLqjtphe 9|(5 M12#cxc -mSWO3k5i4epeuR3dy48PdTYI5g4PUtjgkZfI/i62MKq7XLM ---- rQlBjQ7Pe5cP4Wu4901Ri+OVZI1fqORJbKBMu+OxNeE -Äq«{¢Å- P|´¢Üؤÿté—æ&‘ ‹ÀºPÒ~”}®æH¢ðºC\Ÿ‹&Xó$åCŠ¿!ü¸ \ No newline at end of file +-> ssh-ed25519 L7f05w k17Rcu8afxtsYBqKw8/ozsG77ph9o8jjNL94v0YzUys +22EzyXzXTQbgYyAOfnKKaxQkAySXvb4gRlVC+r65DYc +-> ssh-ed25519 Otklkw vJ5n6j544Sx2fAUt3qd5qrx8WLrSyBd9KqDO9P/TO0c +PmXMzhPIZZfwlEOeLfmOhqSvrCTOnqajRWh4UMcasTo +-> `-grease ICY R 7OPPl qDtH +jQXY50ws3ZTOxYA/FgQWbxF/QF0sbYCJ55rZ8EtgG+oKquEKnQ +--- aOsR2vAeGjZqNDofgL4/NdLsJU2fTh3/4b2vQEjWJBw +V. ¾¥+¨IáÐ~8À3c!væÀÀ[0d›Ž7wàž®©ï¿+ÉãÇ(‹ÍБ}âü÷vÊDž–лªÞE \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 99b3652aad3080316cf28f5182deb2c498ec3511..98eae37a93b4fcea89ae78158e4f2ce35efcb721 100644 GIT binary patch delta 780 zcmey$x|(f*PJL0NQ+}a&VsSv2pGkN`WRgi@RgRBmT4Z)rmUfzdVo_m*K~!E!x{pz? zCzqM8cDjG5VX%LJaiVd!cdm;2^K!Y_1bOCrOR*x3#+Wt`~pJ`{Q?EU#iB&w4iLuUN{EFn4*;Coiy4Q zV7h#H`wzwBZFfF(q=;b9HulWprD7`{XIy z%o+{BhGsq+%k1mDxXT_0Jl``}Y)3=#?Dvao7HmzJbzJD^+`rr8G~T`~pY?T8)QuiT zy(^o3#2-4dZ-LWR&cHhci7PKoYn@jw*YY}5c6tS`z_irOTAS+TJ9r7nPTpNpas2(< zip%dL4|pW(h~0Q|**w!NOWY?O$h%bWX2uo1gvYvPfB#MR<=km{g6Vg?LeTV$AD1Lt z=6+-Id7gaV+lD8(nl^P8%01Ga3D(Fzp6$6|&b5jkYVXbeO_1X0xwqrNwZyNpOn)?A zKH9-+SXvh5u=MfmnY;95R@yb${E&FBHc@WBg^9G+^xCz$kx5;%y~O4$eIh0B-NHIA gH!IogA$I0QQqoZ2$lO delta 725 zcmZ3@_LX&lPJKY8rKed|h;OQIo@=JRfqrGlN9rc41ZHIKi@D&#w`6y+aGvxR*|$2kV%gFiN31w4F8^F-SfG3PIq!)oR>AX?Hy>2amtwda(RhFM zkK;D4tS%-nbLc#pdBCk~BWwEI_nKEy-D?E3m?AEwdDlyQl-${sD{*<1pkz~>cn`N3 z+m}yHc6)0cp17yKY_IPBjnWhSBF?x@v@i6Ok-PSw-G77Or8kb;M~>X#V{MSnUDtf3 zO2)MNwQM)%#f|H)&xxP)uA^v18Q+B-$y&vW2X3>P2TwXad)DlmFHQ ssh-ed25519 0aOabg 9911l+glO4IHD+/KEqVMfJHNHAxP/iShTVpGHgKC/TY -9g7vLb+T2079yst1ZKXKlwAVhF9zQd79vl/UWpnBJq8 --> ssh-ed25519 Otklkw egRNXEFrQMSJ5rZTM4ND5LgJjkIW66YKtCeWQ1rkNTE -YQViNMFpP/S3Tpc1yvIHIWud7QHTnO0RK3FQbPlQ8N4 --> xV2q-grease -2HGDr4IOqMcYh5ud219N73Gq8lyOWX4irrjCnNe1CR8dpjWN+rnDnCFbEB3Troqp -4zVnSNw ---- dPWJpPMiJkxAA+H8HmahTdMCGa5HaglmYmgUzhctgUo -@ÌB¾t]šøzïï‘øy*}ˆ‰§îþõ-A’¾×ÁPbÈvÙØhúnŠß =`-Âà4Ò \ No newline at end of file +-> ssh-ed25519 0aOabg 5RZ60MaxiVLo1RON9rlM3Mr6D56uABXkbNOFMHJrOTU +0ftc+WkPqbrnHAAIGlxPGkq0RQ73tb5FSRKbEeHO1Qk +-> ssh-ed25519 Otklkw /kGvNvyw1aaNxdhgyOvGiFv6Xp1LM6YqMk/p8oNFsn0 +ZiBt04NUizfvf7kzmpLPZhuLEYPuM2TmWOgvgWsOAPI +-> 03-grease i#K] |/*L 2n"-7n'N 9q%L5%bh +NbF8lL6P5nq1FF44nW0CB/Sv6FXtvOOi9z/6Xpcebj4bbME1X71N6HfsGOlG3rHc ++NyBz0cJDYj0M38cXHv8itmf4kOP8cozzJmqw/UKAUYJ5BILHfWKcxeJew +--- 7nYwuIFfAQ2Ge1j7Ousv2uyTRN7jzrg2YLAyCA++w+s +ä¦<¤¥dÚ¬Èïº}s¥ÑÚ>®“òŒ³¾ŸRR/Ç(ÞT‚Dz»¥S0`cXŸîù´O3û§ \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index eebc180..95efdac 100644 --- a/secrets/gorgon-backup-passphrase.age +++ b/secrets/gorgon-backup-passphrase.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg 9925sO5KCINg9I0lFyD7I83Q/inYVtVvtzskAo0UnW4 -7WrwhYtGh4tGV1MOMN5Ok/1xqOy0mek2SOjC3gQvPOI --> ssh-ed25519 Otklkw l+H64LT7yh+tXhBqxkI+C+U6/6boKV41YVay2cGLNX8 -nCsvh1IIFiQDeNjdkurHwxT0VEZt8yBkvQoYKacZB7g --> SZr0-grease -AVV51s2iYes+DKhlYlNDzaXs7BPXaqwzjJLzMapEK31iuOs7mRKK ---- NlKhbaqBp78g2+PLSHhm4RE2CT40JFxEIpQCrNwAtsI -ôCÞŽø ðè‚urY—#Êç(ËþC  Ä{$q2{0; ssh-ed25519 0aOabg PPBNQDSPVGgR/VtEPl+Oex+00Ye+y780ArIbUeUYEEI +IZ4vkcDONKcMQTnlWSqzvledPMdHKUrwe+I0XfLGnY0 +-> ssh-ed25519 Otklkw ktXr1I6bS2la6Q5vr/r8EssCWt5kQXmXMZOGbYzHens +w3Aaodj73uj91YV4Vhx1z6mUuVeZk0aUSGnEb1DXYQM +-> aeJ8-grease xx' +0g +--- Zkoyt2uI2cxg3Qka+okJIM4S7z17EnCPqS6ggKBHq34 +HN=.êóV¤ñÛèë1±„rÐå+*Oà;ÛO42íÁ!ÏÎÌÔz?ókýscbú˜p§S[<Ÿ7oBó6)$l› QN d¸PK Ó²á \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index de60b0848099724996fbf680c3202c6ceb60ef1c..20cec4209be17224152ff5c9036ce80837e9b66c 100644 GIT binary patch delta 788 zcmZo++srmWr`|NwI4r~6Jj~3`%Q?s|J;$@i*W2AZy)Zk+up}>}Dpkb+sEC-uQaQuD9P14F(u5)tIRktHz3WcD9R$rlS|i5p}06h zH#Nn`)YQ;Y!M`LsC%arBEy^d|)I2CJqBO(Huq4CKx!yA(KeZ}6$-=QBFw(%wvCJvi z+gm$b-y$cO%iqG$HQUcG$U7pUD4--KSUW1mB(aag2VPPRcnXkdr@vdCQAAK-Xii38rh!3fVL*vfSb9lVP>5S)RIzCVmsg&)2bZp{u0m*1 zX^Cf9iJ5+Wp@Cy?j<;EQW~z}RxQ>q932c4z8C-vzxH+ zrKx6&XP7ouy~%?qaUc0vwjbqoPv)$N3N_VRvFAX*)x&)p8yOhXavutCewANza2Zdh zTHu)_p6e1f)|`oyV@h6qZ=r?6w?^wPAASpOFu9T9e?E0tF(=Q?y0cfy`5mfKnU?%z zu&ub_r>*rv;qk&=#y0=8F@D!&O)60;?k~_sw~)XRqj7_A_N&`r*GjzXJfp}06h zH#Nn`)YQ;Y!M`LsC%ass#LvjgD=pEzFe}{CG}BQ(q~6cP*gw}P(mg68%qg=nDy_t+ zD$Ok|%q2IUE8R8Fv8>1?HQmh8I5ari*~rDEG{;TfHNY$|xHKf&E8Q!_(n32oGDqJR zWL=GJdQoa(ajHVRLRDm5VqjvXC0AydNrAaVX>e%1sefvuzG;@ek5^t=iF=Y?IhU@k zu7YoUMz&K?US3J2pG&4`a8`kSif2}6UZk;Op1Zb(Td9AtL7-`Frkk5tP$bukIvKWw zv37ej+2>tg2yx*xl&uuE?<;(qf1RCwkL7O#)9{$5GpDZUk_*_Q=6XuiTI;0Unouz( z!9_DQ&n@UXp>6BC#&M44r8CSORaXQ3w>zmVVbiF;8fX8~V7}$)8I!l3k+|uzNB&v) zqtYj}uF`H9NhW0nZyb~OVpYoYa`_9Pj^~SB+Ht3Df3&b2yltuuX6Ep7|U4hguGHvOyFCz<&LjmgU1 zlXd*I+3tH%!l^rVeo$H#A7j>|%wvDPOch(fzDLjOg?*3g4PM8fSsEttjt&9rEoOJ_ ztr9M(-DLA~tM%O(kM12W4(Bm>mGZfUUvc}KD<#|ACRz1zXtxH?)s{aMaGCvA@8KSg`D74Ge6n3J&{0C1%>VgLXD diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index 8245d99655531f6429205569e331894887a4a0a3..a82842517242cba8f6dffc2a99fb307a942c9ef3 100644 GIT binary patch delta 496 zcmcb>GKpn^PJO7WyO(xBSxS|WMRAIcZ(fqSpJlR1Qh1tUdU1tUq>qP3K&h`;X^?5T zBUgcic2S{kSWswGrmstSVxVbAslJDCn3I=LX>qD+NlvPCTfK{CR&j+%UU_9jg`1C2dVscf zU_fC(R(4)8S5RP1o?Eh0RjIadgi%mZnPEw4NI_nNcZ#;7WqMU|h+{#eNl9g8V0czK z$hr_sRaI9--Snc=#Nt$iN(Tj93zM=kEd{ms)O-co{NS=Wb3;EalafNSyigZjA z6KA)2b3-F-FTZR@kE$vUU(3+2)RY1*6a8YBl!`pp2$!P3@T|mO&uqV(AeZpODz|bj zU0q!TBjaL^B=;~s?+W95uSj>32>T`k^OCl$AiV@PU;GOTrGpNmL3&6VDkONQ}dd( pkKfL51ZM17b!EHwSEld}{mxG!)^3Wc-m%TI?!$&8l^L7{a{y(_x;X#< delta 559 zcmbQla)D)nPQ6) zhHI2(a=4QxS7^Rdh-pxIeqm0bL19uwermB{W~y^`VOesSXP&EJVz8rmM0jOoc51FG z$U0*U^;F&TqSVCVR0Z$Utg5_xPc?-gg?PRVxxThTz5yy5TEeWL}#vG z?a;KO2&eQ+uZ%K(Z}-ATAA{tad^7(*%iJ7`k}7w1!&HASH*^1Ni>d(QY;R}J^bG9? zi)NHOu>CMcsS=)cMpG}HdZnXN!tez-V>3yrScBQRUooe;+!Sn~a?Ds9};!JP3 zeTyO2eM|IWeSJOSsaL{g^3I&$FF51r{(#W+lMA17FX-_sUdVJ}nVR6u*8&=6)A^@= zI}qXXU*nAM;rL$WKOQzY8~0E2+y8s(i9a2BTE86E@f;8E{i=Fy1^;uMDSnA|0Nzo` Ap8x;= diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 1ab7e0e0c236d98439cfbec6f8ae505d60d2c79f..7c18954c397fd490bcad205c18a7533de447dc3f 100644 GIT binary patch delta 466 zcmZ3+{DpafPQ5{irCCO4v8TS9QA$OIe`#fYWx7kciG_PcfxbmxzPYb^WsZrvX@#>< zBv*P?s(WHtv6pGGdAL`JM|f41zh#7_L57oiR8FRIx{-TQrDuR!L3vtOD3`9CLUD11 zZfc5=si~o*f`3VNPIkFMqJf8Yly|;Gl%-RqPoj&tdA+}PRz-+`N0CXAb84D)m`O%% zo_?aGi+_$MS5A6bg|mlipqZ;-s!LV2t6REDR$6Xpd9GKPd6}iQcbRsHMSgj?XK0!) z$hxGQ0^RhY)WqUch2lVKg~ZJ0IEB=hL>I4AJ14GmH+|QjDDwcnTvrbZ3*VIN++6K) z^MJhiT>Y}Ntca-MfTVC2gNTfj4ELyHGo#ET1NU6Vtb&l>oKkZiQ+*R3E|c8sP{**8 zyj0Vw+zOWxg9xJt$AE(TGD{OAmbuE?r$+1xrJJk8It=P6{t03}SqtRCf6tmMd&u$Y HOFK>g@5`dw delta 387 zcmeyuyo`B*PQ7PnMVM2Nk42_?WLT7mNp@kNUxjhHi%WrFcvVHAsj*X)SBY_YP+5Mq z1y{IZMY&tHvs-XlhI4RoM3QT1m}8MgNwS%Hah9i1dSGO#xv9IOc5r@{Ku;5&$|@I2lkmvk zvJ{sZ=PLiQ@S@DDyeKYRU0sD-*PxPcM?_qo>y_8 zCs&SPNqDhAYDSQ^w!2SYai(KYL`j6PSx#wUXt;-akfl?Zn`u~tfsuz}D3`9CLUD11 zZfc5=si~o*f`3VNPIkFMv1eqqcUic0kh8l*SVly7XuW%}cS@+GvtgQwy~v=m!E}aiEmXzYPPW_ z$U2h{6&(lN^rFa2fRZ#rlYkVD zDA(-zpiIN6P%d3vT?NOye7BHP-zeV-{U}SPpkOZpbL~>o2y^WmuVgpZfPjqBBwtJI z^q_QaU#^W6NeA~IIC_~;;Yug7b<2glbNRYgT>Mq5cOmKYuUY5!J-lBOJyTRzC{m;U zuDp)n57skpweN{KOs!63`?OH-C(H8Yl*e3(HJR-7){}OeT(S0&+v|dv9s2vKs_t@a z`msNHXM}>uJA;T7Z&OxG%CWWDm8B}eE`2k-@6p+vd;Kk3o_nZnljEPUMM1bCO7EbL zaH9J&R;k(dSQ>unr*%HB*m!BJ+2N3ytjyCqMmcFqCC(`D%?ampS>eRCF7Z3#9p;ek ze%0OgELEnx`%%CDviRN~yICsQK73!deX+5iqS*5Z0VlRtDzqMZ6`wdWGG*g-X13+Y zx+}DK>i*AaPrKv2n(gU(2d0l_PJY~#v5~QQ!qLmpqFYWkw`MQuS>!GLzxyte{9=p! zD|J?dG4Z!#Su3P`n0Qod@4E)Y+?BZp=g#eJ(0P12%kT~Vjo_W#drMr7#xqPHLl;fabLDPGkE#Jin)yO zir&6evC_Y<^1qU1O?>=Y=w-0|2}6g7<5AZa-%jVyDg9q0VDjzTQKmZ%A0mYR=v5}_ Nwr&=?HBbAOFaU}=KlT6s delta 822 zcmbQuc9m^{PJKbPt4EqardL@;R%EKBX_TvTaaCcizQ4CeWtnkWo_j^MUy^rGX>oR? zBUf0ck8x(9xn-rck#A9YzC~$~zK5fEK~QLUWtz5IP^oizQLu*uxp}IRX}7; zj)kvzS$TvbS71@DTe^R`et2j>QJ_<@Pef^Gi9wWcaHzYBw|81nRk3G&sh3fhb7f^Q z$T~;e^rF~-(ve4iht{h`SU$1OqZ)2l~>|7sr_gp{ol8_vWywoD+ z5OYiSlDwcu_q;;aWc_q5U0q!TBMUFj;1pl4fc#XiY|8=zXU7QVU}JrY)O_ENh)9>* zv|vwH%jBf|@_<0DmJ?~&cG1T#z1gexsPg{V`p41Q4bR;rELZRDt$Z>ouH>qwW5W58 zLrTjp#BCFvFE3xWFYEqI@l@|w5%YuUPJQ2!D(f}((eKnc$z@MhRi+)2O;v6vXQ(^l zIN#(S`_J>rdfG>_Qm1TZ^fq3XI?MU5ZA@a#HZ`}eLVvdCb{yaI_W6EMiG1FtoV*Uq z*Z$2YTkBJAz;^Y%Rm}7AtyNFO%a<2DP=5bDcgp&9Ua9C6do|tkcg~u_{PsrW&eXn+ ztA=L(F4RmeU2`aCf^1aD2Cb0!D?ZhgTwo3T@3dt5vojL6AEl|;Z#ohZSM;`-O}9Df zi$}8UKfI-B&!V~Kl)Qi2-J8XA-L-ALfm!|0=l?1vt-Y~+MJuDk zw>WEo?~=bC$#s`E?3u{)R!DQ+?e&u^g*fKiIn2Gl#3TY1e@?F!fKIy->MMYn3{rqEAEIYOcJXc-B&UD;fEakY*odtj6cN-)cY%tpV Vab3OHlg!Ct>>{^a-<;8U2mlEdU6=p> diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index 7efca8c..8c11c71 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw HIvtQ2CaS+Ptl06tKVCwMzoi4UZm0GcNO+dJJjGZm3g -JZ68fxpbY55B2xMG+QG3yNYMMQgBxtTVMtHoXOqUlrQ --> ssh-ed25519 Otklkw kUySbDgMFgWVEwL7rXs15FDISicEMH06qXIxudO/2jY -VbVX2/4wYojcWm/GKnZAP3uxQygcm6BcNO+iphqIos8 --> o>]-grease d%oS;Ov l - ---- /LWxjPTlr/au9B1Kn6+apBZnTROxCqs8WKmtPINbDko -t/0‡Ðc®ì—Ü#Nþãߦäé@Íù¶±\ß3åi,5²á3Avæ¶mrœw*ÒµÒ;þ«$•¥áŸtƒaåä¤î£‰îMg®éñƵaæÉô \ No newline at end of file +-> ssh-ed25519 jUOjpw IS6b4o7dy38LfWxv/mwFHzNb51cSW83n3n2LQrjSJlA +z959I7N3sF+/rBkBjvotzQaiYhVUNaib9cxiXdyGFrM +-> ssh-ed25519 Otklkw vDQ1RaD6ZIn1cq6Oqg+5J/IT4V6BvvBxP4cIcvF00G0 +qB4SR+DqWyufPo92tpXOnk9w3B1sDNKsFWGbbAsHKqU +-> E|`-grease sH9 +JlIn1Xxp0z+R/dcvT++5zOMUzW2e3dTbqmUXbnB3kJKutC4xwfActgXC//NXsF8e ++tDR7tRFz8xHP08uQAteLg +--- 0UrVGiZaKV6wxbFATboLo8WsEI9qer6K1aZKRhzIGjI +“÷ÓQ_zÃë=ßENfJg]û ,°¼ùâÇã< ð”»ûH»ÿ%€±—#ïm9’øH7E¦~Ëh/tË­7³ÅÁêtZè>wÕ6Cí®«o/á \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 8762e91..3362bb5 100644 --- a/secrets/pruflas-backup-passphrase.age +++ b/secrets/pruflas-backup-passphrase.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ VbUG0IRip4izfPy6N+F2pqf6x4I+1sNCHBoXIFkeDgc -6GpwDE1gyZ0ZY1xwxXevfaKbBgxf3ejl5u7tAQy1po8 --> ssh-ed25519 Otklkw Z5ijymE5Hxf5swuOk3ZMDnnCY58AJDW72Xvtm6PNSRQ -WfNQD1CQFjddq2HVFzVucYMggZpMFLFrIGhL5iVHFFU --> 81Dzfax-grease zDYB -O0b1HCDGNbuzc8FB0dmmWCGsKn+XaJ0Evs6Fk/fUqnznZ3q0X5ROyNNvMaLhuW3c -V/q2AhaXNAnTpTr8/v+e ---- kkf90OQdUMEyJPyQNOVoQauX3RceUvD6eawbr4rYrow -àîQ|¡®wW¯VØ G¹+*X¶['ÁD‘ñ ææÀóP¡W¡3RX¦€=°Sò£IE©ø ªÂò¾ÓP U \ No newline at end of file +-> ssh-ed25519 IXCPDQ q4jeKfIwyTGzg3fteKRCPmXnFrxtzCv8sNVGe2ZmeWQ +ah8dFtzOh9Qmw7hO6o5m/o4wNwGp3zcqcu9yU2j4vCI +-> ssh-ed25519 Otklkw mOudX3O2Pd+d55JzUhN8JdujXRuKY70Muszdg/+BcWM +dyJu3G14Bbi7XbqUBwyDx3rrU3tMvVUlR2qJMFKySLo +-> _M0-grease G! Y7J F5 S" +CqkYzOCT419pYCp1BKDwhnlzpn+NGYfrVF8sdlsYdkulLFkXWwxUEh2Si3nMjZBk +xz1+0prLIxzg7mlgEpVkLfjSGoclEyDw3D9Y+ybal5oaERBU +--- zB0wLjnIMgXaqkZTW4+TigSya60MM7p2+l5ZHWbgQVI +ÆÉÒˆE¤Adðp&jáQõTÒq`Ì­WœÅpúþI£×vÂ’®mʱª¦© +8(GX}¸öC9*©zpÇ•¦>} \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 0d48b910e133ed6668737cec86ec46fe1ed99c3d..1227d47133837ed66fa896a99eeaeef505ce527f 100644 GIT binary patch delta 716 zcmX@X_J(zWPQ9^VpwRdNq%BdxIsun zI#*#-lzW&#eyW$BQC_l>v9E_~Nl31Lj#pV=uxn*XnT4Nka%x^qNNQS<1(&X!LUD11 zZfc5=si~o*f`3VNPIkFMic7e!OHpD;UZsVjshgX2a(!uPS)yO2n?-qKUV4OyrMF>7 zM0&YVVN|*amrFrNly`2Pn}w%krnZrORIssrlzx?|k3ng;S9X%OMMi0rvzeKnM_^Vt z$htU_65aHo)WqUc1!V;lBYUp$(loZqv)#TQFy!*t&hvfWf%81(-=067e1-FjcUhxM|FS-nkG&FYzPt`y zH}7v^QeSP5lQ>!O#k%WHPcPUkS^anU2ctbW z?6#grc>S$t$*j~LYq}qIy#Kc^fw3a~OgP8Q+r4FTZ#%!@m)@lWyiJ)YVc=GnQd?~dQ0y5-^+Sl8NScF7M0t!Bs*x2`~`uE z^M)=KH{PAK+*zHx-@HEdvbfTP&j)_)kttMLZ=n3|pV!5H#+%QVow%bSV6)ul^2)~D;wiKiQnv;?M$u8?(-(cX0VBg@k@?UVh_gu5P#&MT7r zB)&?5+d1IN{O5m#R{bfqnep)P=j&+|-+g*mAFe*7b8Cyf7n5qJy@P6ff6v;vl98{y TJ5DFrWz5;%9TcJZ=l%--B2Yf$ delta 809 zcmaFEdV+0&PQ7bZn1{1vo`G*vs%c)RQF>lPwo`$phlN{!yG5c$kXf#mNmP-siMw%j zHdj?tdS!O7sjFL(Wr2%jg-K*qda-d)ex*l>pHp5&c%{E_X;N5~rKMp+B$uw8LUD11 zZfc5=si~o*f`3VNPIkFMp^LU*g;S7=iG`z6K%P&&YkgR1YH(^ng>h(pMy`L9Uyf_3 zv#DWVN@|q_SEP1khHuYpfcVx*&&c}a)` z$hx|^G#e+S(hS}7qSVCVR0U^~DuuN40EHTbfC5#eT&~KBM8}|%F#k-qoV=>M5T|fs zlQggTGGp)TsKmmOyim)MSX^cMOmP+@+rgTcRIKEa!;>YWAQF0f=fB)>aouxa$K?3a8&h;sPAoLAe*f{x`KebJo%STzEso!5 z>eRz|+~?rMO=}n@{Skd){bbXUfNg@`O$%-ALLGO?bBD{NnpC-e(DtW G%V_}k(pOmk diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index 48f69c775549199cbd8cff7bf836126973f4d165..e5f37bad184082d6e21a4ea8afa8758d57a271c6 100644 GIT binary patch delta 433 zcmcc0e3^NIPJMQvp@p`0Qif?}Re@)AL||sQuSJ+^mVtqxS%86`tBb#dSDLx2seVyt zK9_!4U~qVdM^>?cTWEMnqL+bZQmLhPntoPdfk}~RRX|FzUzM|VPNrLlFPE;JLUD11 zZfc5=si~o*f`3VNPIkFMMx{xfN0w=-W2HfeUrwN_e|=U?Qn`Q(?ZF zYldTlnOlS-m#JS$ieGkteyUkfVR)HEdS0PfU_pVQe`-aLe~3#|RY<9CUO;4cU|?uE z$hvS-U)}Vg)WqUc1!Gf%sI*vZ(>gnaG{>@}s8Drpg__`$Qr$X#Ev^6yON&yY;IxQ< z)WpPkZ}(z1kD$QR$gB_p@7zl5jEsC!N2AEd>}>rcf5VI_S0kr@Vz2Tdb5m0;U0q#; zqU2Odmt@Dvw8V(~z+_*S%HkYLpFj^+SNEJSgPe4IeV_7(klfU)9Op%)I|q blY(Cy{rhaPNcpuCuhN4J$xh1`uxhFO%Geu|Tuc7SJI zQe~!DP?WO?mt~2WsiB#1nY(LVl4F6NiGQG(v89)vPf@vRpofcxL0)EdeyMSmM^0Wc z$T|ZzFFzIC^rFW8|f}pezF3%Lhs-QqaZ7yA1 zU4`PDfUqdTkisg)9$ZkFQ}vu9 ssh-ed25519 IXCPDQ Qg6xQfJx/eBP+UkFRGoH/GJf4z8/DN4YVVZm58woLH4 -0VRw46oFMdPXyZZfuWSfWAwcprKKUj/O+8pURvrRdYg --> ssh-ed25519 Otklkw y0cWlk4UO1NmKfTOVJF4z6QcKO96sLnw3NuuCNEZzC4 -3bvuqHug5Rsi69tM1kUnEDIZjJLsbqKt9UsEsQ36Xg4 --> /-grease 5B 9m!v/n_ -Ye655SZ1lLXBsz3ST95H7SqG3+CYNpiF/X5jm8BoTkATh25f6011oYyzfja8DI9V -bDPP/4qtq1IaNtOarW4 ---- SF8+5srzcd3gzC0/pCC90QFIAyfX98B33/Vu6xAFVok -8HÞŠ3 Ú˜:Žƒ?¹ßŽ"6Ì”hg‰ôhû‹-½Ðm¢§–4ÄŽÿXKÇ`"Ù3‡šmNY¿ ²õ'ÄlçÛ\µH¶‘«$¹E \ No newline at end of file +-> ssh-ed25519 IXCPDQ eZBX3Bp+df8y0/305T5S2ACPkoy2EZ/l40QRgkvNXhU +kYQFF+dU6TMZRm4by4FQoh6dVkpQP0QLs8apFo32IP8 +-> ssh-ed25519 Otklkw 254quKvlqSzn7E97Ae9MIqpVA3JSAYn5gRSEpbV1/Ek +aYOhAXuwLtayScWy1wgdzl3hmvKQoesaYNuxPMMACuk +-> /bt?C-grease +vysQw/I5A2BuH/BLHtRQAku0h2W3knPG9Ik +--- SVEgz3n4QUMFs5p548c52W8A2QVH77BObBr96V/uRDU +Ú07úü/pbÒûvFå‰_E‹m~Ö)¤"¥Ps›Dp‚ ƒ Š²w¥ï•ÔS€÷\UäW~øqj±€ßdëθ̚ÀV˜ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index 37749a7..c725f66 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ 26Tx0J994O7tNFH/Du/0+aXIm2Piv/E3XR+3S6zi53E -/gQsKKxvXxGZ3Ij2SDlDwVQ7l+dP49OSXjGksd4jxs4 --> ssh-ed25519 Otklkw TDSrNWf7714IaGoiCWVeUkzRvlL5GY6jPXdRFTEVkQY -IXWZf+V/3l1Z96pkepS7e26YAGxA5tXczBT19Ate0Qc --> B2G_Mqi-grease C(c0D U|eF%E NI[cL Hcv>G;E; -tn4gxjXc36nwxhH/+27mr75yL/bEMtrzycrNseEDBa/spBI0zKX6Kaqvo002kJ0O -ZoBuqZtD0C7aSFuJnThgvEdoezY4+poRGc7qs9eM ---- 5nN5k3/r28YT65sq5yG32gU/l9C0Edq1LeBt+DTWvOY -–¬h0uò&bÇÃýÝ…’ÃÝâ ®4™iâpé¹q¦&A(ü¤Y†ËQ~L»ŽÜ»ÄÊ'•EÎ’#) -O³å[}­ÑIÜ O@Ü \ No newline at end of file +-> ssh-ed25519 IXCPDQ 7EL3WqB4mjWhC8/EWLnO5l3ZeTK05/u9cMLzpwc2dmU +6FkS6Q+m+7dvWLI5N8+uuPj1RWAt08w32ZbbfntClK4 +-> ssh-ed25519 Otklkw AEFR9cXvz5CWU4rqQNBde6jrj1NzIJfjx4y2PNyL32s +4FOEYmGXhG/sr88R64rN61TMxYueQ0k3xEJHfO6LHCo +-> utYF4M-grease g;y VB V8U_WP *QILi" +9SnnWLuUWkDAz9G/b7+e/F5beJJyz5u1ZGfpOMnGUDMHXgndH6P01g +--- C7CyvSL/YiPxinB7vyzbvxWmOxrDl4+X8xQKKn0hKw0 +¿ñîîŽáû8”°dÚ?.zÝ¥)Qæ‚oVR{æ 2æ4×;xY[ÆÊCT®0Âɶ,¦$^ó5Z‘Ù¿E;b]ˆø…jÜ´¦ \ No newline at end of file diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index 420726b..24da50e 100644 --- a/secrets/surgat-backup-passphrase.age +++ b/secrets/surgat-backup-passphrase.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw u4ifSfdgxQsYbHtedN+O6YYvTAcOfNgUdI9k6GwJ424 -iFE/eNTbfRhDvAZhfbEcqE8HwgWaaymw4SvoMDdjoCo --> ssh-ed25519 Otklkw NSp+/vP+bTKUBhuqOO8+0fSpVZWybLCj55BXcKXcsCo -4nsPRCiW7jsPxdONrfYc+2Nn7IshzIanAJx8z7hGCCU --> %)-grease ER#$ ssh-ed25519 jUOjpw WaBK/2/iaaBPzNTHWX9uGUN0/1puxRF+3QPsPz+P4x4 +Q+HzI4IznqL4K4mr7XwVadpkWXYVrkXBjGFdIHVtTLM +-> ssh-ed25519 Otklkw olh+r/Ip2189Nca5PNYz4HPLYwJswGY2qve4XM+yKA0 +qgnWhJaeUl+D8XpnQMUE6uOLcimS1+VhdyTcQWSmwvI +-> L%lwG-grease ]7m?_SO! ? +SdGjyt27HGw5ZiqN7Nmb+hPwGGE6mv4VH3ht45wMxpqlVDfa+MfNv+5jX038JK4 +--- O1ZffeErNjHVrGsuESPoKNo1DCsif2oqcKgEzuZ4q/E +3õm.\€‡Þ“†ÁI~µª²nø¤5zc+À>2ÛérfQ!Ò'/BíkôHn’ô¨©où¯’a4 ˜Y \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index b6b409802faa874feb4540a749f269ec61bd2c34..ac1f9b2e182520cde81afac9a8aeea3ea73a25bd 100644 GIT binary patch delta 748 zcmaFK*26YIr#>h=!^gx~+rJ<(Iou~8(lpT^D#$<8#3etyurSLtJGtE4Kcdn!Dp;I3Oy(G0`Hu+$=K7f=ky}=uD(}=NnVAgrBOtBK}1!7yIV4U>uB!zlU8-0Q$jocAp1sl zKkaP=3$IVuazOO@t)7n-;XJE!milr{GXHktRQhA16*>7`M)mvsPTaoCx`K;!Zm;W? zl`1MaxsU5VpZevu@$#R~DY9+5eBG4Qy*qYxt9_iaO-!oTy5-rn4pt@er>jD{*IrGZ z5xRP5!iFo?&enTQdUtLft3lX{z6HC_F>-8R+u9oC^5aO7j=Mr|^tII|vy3Cc&AZ=L zZSwecv&m$V2;1EMN-n>ZPBkpnN&nIo(OMALF8V&nfZJO)$XAp%f0M^PU4!dig0qe{ zyysNa?tJv{+nbe(Pcu2PW;HBbep$|WmB#jp4_!MdTGuhG=yo`rDlye_<)w8==E8@1 zv_B=T&8=E8VeZYUo%6#y0 delta 842 zcmeBSd&xFIr#>pk%`iC2tk}XOIj<_h$KN71r!>VUGc&oMI3PbSu-M1N!o48Ty)+~+ zoy*k3Kc`qf(;zBMJ2k@DIixB#v#2t-z^x)YwX#y%sG`cyFDIzDtf(+5l1tZ4p}06h zH#Nn`)YQ;Y!M`LsC%arBJyJhBHNq!3%%n0PI54v^s@}|{+$A}+FxbO6%f~08%)HFl zBPumL%c(q+E5gw?Jh0NkHOMn3Fd`+WqM|HMJ2>3D%*og{IoC9&%01IJEugsE$;ZnA zWSwc6c35S$ZhBE_VsWa1hJuGmlDa~jl|!JWf=P^_9+$qkr)8*5QHG~!V7OC6XpwM-n-jkQRv~Uu!sA1IU59)?RsO$ov_5+ zFj6)6{6fZW_Q^+dzLk6r^*pk2-InE+Cl3cs3g5T?0Q03Y7C)8u@YuY_zr+xE(z0fW z;O&gFH|wwJXXb6N_C!X8sY@4J4`F&G8f#+ia9r6``7~ee5>GGQ*Yi&m9eK*PKI(8F z|JUD)(|Km>NZMX=@8$39;YqCyp+7w5Oeo!P*M4((`q3DN`rA1sjBP*T=NfQn9MQ-x z*uZC5eq?&hti}~F+Sg95Z9DPDeb0_~r`>)qYmQ?=`8(EVdw*Fz2(XXggebrqp|L^T+ zbN?7Gsgd&R`H$sM+3KI2_h-8=E1(ejDk&)ft6&)r$l diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 48860abc4509595f5ba0a220929eb2dd90564a8f..9b5993c207ba0293689e7fc9f123e21d4e3b03db 100644 GIT binary patch delta 819 zcmZ3)c8P6*PJOPSmsxV6i(9@=K(=E*W>I;fQoctn+dNJM#MP)4R>Xr!NEPKa4zutz{es*#_*MUihg z$huhF^rFUB{GGj+KM>BU1 ze?Rkj^JLEwi)<&eqH>o=Z?hz`yhuyKV2eaw!=wtIY?ng)NY657Z4<8SsB+`H%G^pf z_hh$RZDWg|{Or6+=MtaFj4byuNAJSiaxPt6U4_Idx4;xvkFvDlWXohr%SfY8w=#>2 zkeo92;^Z*xs2n$Arxe3r^U4T66E5ag0n2#nL!Z_z4t8u)h<>Hj`YrIHG{dyxPG2s$ zELoadeKXS5|KKlP<0%quv9sS^J|lniRl$YrmUWG?-?DX%HLLz?K7PO;Sw@DP`_IwX zRPRWk2CtYOOD)^vx&iACzF*{N}@`)nuNC|3Ja#s4es+tqm2!UHdr=TyE}__Hk`N}+U8 zbHQxJr=1&a?z(oe;qT1-qG@3j{VQtMPGtYE$aj5J@yR8!p)cw$_dP1DQ+HUj$XL=? zUeQeP+8>@h(=Hb%U(#A4cc%~fYPaVCT9?{SCwQgV*UC`^-}N_>(v|i*#h3Hf4M?U*68-ziUxn=;kv!`}+$Nyf|e}Kbm_|vTTpL Rx5&-49IN;Cr*X|O0{|VWWK3mj+cS4XL@8sQgEK3qq~#0N0FbIzhP8Th+|qxp=C-)podR}E0?aFLUD11 zZfc5=si~o*f`3VNPIkFMN@kH?PC#*`kz+-0PH?zmVtrVpS#e@nQb2{7PqKl5g>gZu zXGvb3TXwhsS7At0rblE-lz+ZQvR9~&sfVj$c2QJ?k7ZC=RE|fPbE>m{aB;a$Rg%96 z$htV)^rF6i0o3XbU*+6vary^igLs943~h=v|nfhSEz@jMd8KjaqRj2A-RF*IhU%)A zlpmB`v)fLAg?<0rwE9!Iv5!?ghzG{*GoEYa64AmC;8grT^Tp*l?Fbx7xF#n@#TSEDQU@&*oh9 z`pL{_>2+Ub)XRoRT_A8UzJ%GX8GA-gcqya>d89M;oG}#0rk* zXXv!QFZ8%p(At`(A9+5n?)=$LX|?t*?u&ij&tkD#&EdBAq$BD3uKmBpvX-xTMf#$K zzz17)d_10}G1=}&{wyCGmarvrBCZLjFT0r+D Date: Sat, 4 Feb 2023 23:28:16 +0100 Subject: [PATCH 523/988] switch to last agenix release --- flake.lock | 36 +++++++------------------------- flake.nix | 2 +- nixos/modules/miniflux.nix | 4 +--- nixos/modules/profiles/cloud.nix | 4 +++- outputs.nix | 2 +- 5 files changed, 13 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index cc7a0a0..e4979a9 100644 --- a/flake.lock +++ b/flake.lock @@ -2,21 +2,21 @@ "nodes": { "agenix": { "inputs": { - "darwin": "darwin", "nixpkgs": [ "myNixpkgs" ] }, "locked": { - "lastModified": 1675176355, - "narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { "owner": "ryantm", + "ref": "0.13.0", "repo": "agenix", "type": "github" } @@ -37,28 +37,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "devshell": { "inputs": { "flake-utils": "flake-utils", @@ -522,11 +500,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1675237434, - "narHash": "sha256-YoFR0vyEa1HXufLNIFgOGhIFMRnY6aZ0IepZF5cYemo=", + "lastModified": 1675512093, + "narHash": "sha256-u1CY4feK14B57E6T+0Bhkuoj8dpBxCPrWO+SP87UVP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "285b3ff0660640575186a4086e1f8dc0df2874b5", + "rev": "8e8240194eda25b61449f29bb5131e02b28a5486", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7ff1357..b484b51 100644 --- a/flake.nix +++ b/flake.nix @@ -29,7 +29,7 @@ url = github:dadada/recipemd/nix-flake; }; agenix = { - url = github:ryantm/agenix; + url = github:ryantm/agenix/0.13.0; inputs.nixpkgs.follows = "myNixpkgs"; }; devshell = { diff --git a/nixos/modules/miniflux.nix b/nixos/modules/miniflux.nix index 6afc735..6898f34 100644 --- a/nixos/modules/miniflux.nix +++ b/nixos/modules/miniflux.nix @@ -31,9 +31,7 @@ in age.secrets.${adminCredentialsFile} = { file = "${config.dadada.secrets.path}/${adminCredentialsFile}.age"; - owner = config.systemd.services.miniflux.serviceConfig.User; - group = "root"; - mode = "0700"; + mode = "0600"; }; }; } diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 5f33513..98314c7 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -9,7 +9,7 @@ in enable = true; ssh = { enable = true; - port = 43235; + port = 22; hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; @@ -30,5 +30,7 @@ in age.secrets."${initrdHostKey}" = { file = "${secretsPath}/${initrdHostKey}.age"; mode = "600"; + path = "/etc/initrd/${initrdHostKey}"; + symlink = false; }; } diff --git a/outputs.nix b/outputs.nix index 76d2343..5ba64ae 100644 --- a/outputs.nix +++ b/outputs.nix @@ -26,7 +26,7 @@ pkgs = import nixpkgs { inherit system; overlays = [ - agenix.overlays.default + agenix.overlay devshell.overlay ]; }; From dfcbbcf70bde22c64f64e0707deadff399d2ad5c Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Feb 2023 23:53:24 +0100 Subject: [PATCH 524/988] always use IPv6 for borg connections There is no A record for backup0 --- nixos/modules/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index e0d6417..facb53f 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -107,7 +107,7 @@ in repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; doInit = false; environment = { - BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + BORG_RSH = "ssh -6 -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; }; encryption = { mode = "repokey"; From a5ce8ed73e6c0ffc89a1d5da67e73a3c1b6c485f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Feb 2023 15:46:50 +0100 Subject: [PATCH 525/988] add ninurta --- nixos/configurations.nix | 2 + nixos/modules/profiles/server.nix | 3 - nixos/ninurta/configuration.nix | 200 +++++++++++++++++++++++ nixos/ninurta/hardware-configuration.nix | 65 ++++++++ 4 files changed, 267 insertions(+), 3 deletions(-) create mode 100644 nixos/ninurta/configuration.nix create mode 100644 nixos/ninurta/hardware-configuration.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 1e99485..9eb2b1e 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -103,4 +103,6 @@ in } ]; }; + + ninurta = nixosSystem { extraModules = [ ./ninurta/configuration.nix ]; }; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 5652560..87190ff 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -13,8 +13,6 @@ with lib; { networking.tempAddresses = "disabled"; dadada.admin.enable = true; - dadada.networking.localResolver.enable = true; - documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; @@ -33,5 +31,4 @@ with lib; { defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; acceptTerms = true; }; - } diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix new file mode 100644 index 0000000..406e371 --- /dev/null +++ b/nixos/ninurta/configuration.nix @@ -0,0 +1,200 @@ +{ config, pkgs, lib, ... }: +let + hostAliases = [ + "ifrit.dadada.li" + "media.dadada.li" + "backup0.dadada.li" + ]; + secretsPath = config.dadada.secrets.path; + wg0PrivKey = "${config.networking.hostName}-wg0-key"; + wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; + wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; + hydraGitHubAuth = "hydra-github-authorization"; +in +{ + imports = [ + ../modules/profiles/server.nix + ./hardware-configuration.nix + ]; + + networking.hostName = "ninurta"; + + networking.useDHCP = false; + networking.interfaces.enp86s0.useDHCP = true; + + networking.hosts = { + "127.0.0.1" = hostAliases; + "::1" = hostAliases; + }; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # TODO enable + # fileSystems."/mnt/storage" = { + # device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; + # mountPoint = "/mnt/storage"; + # neededForBoot = false; + # options = [ "nofail" ]; + # }; + + # TODO enable + # dadada.borgServer = { + # enable = true; + # path = "/mnt/storage/backup"; + # }; + + age.secrets.${hydraGitHubAuth} = { + file = "${secretsPath}/${hydraGitHubAuth}.age"; + mode = "440"; + owner = "hydra-www"; + group = "hydra"; + }; + + services.hydra = { + enable = true; + package = pkgs.hydra-unstable; + hydraURL = "https://hydra.dadada.li"; + notificationSender = "hydra@localhost"; + buildMachinesFiles = [ ]; + useSubstitutes = true; + port = 3000; + listenHost = "10.3.3.3"; + extraConfig = '' + Include ${config.age.secrets."${hydraGitHubAuth}".path} + + + jobs = nix-config:main.* + inputs = nix-config + excludeBuildFromContext = 1 + useShortContext = 1 + + ''; + }; + + nix.buildMachines = [ + { + hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + maxJobs = 16; + } + ]; + + nix.extraOptions = '' + allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents https://github.com/giterlizzi/dokuwiki-template-bootstrap3 + ''; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + logError = "/dev/null"; + appendHttpConfig = '' + access_log off; + ''; + + virtualHosts."pruflas.uwu" = { + enableACME = false; + forceSSL = false; + root = "/var/www/pruflas.uwu"; + locations."/" = { + tryFiles = "$uri $uri/ = 404"; + index = "index.html"; + }; + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/www/pruflas.uwu 0551 nginx nginx - -" + ]; + + age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; + age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; + age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; + + networking.wireguard = { + enable = true; + interfaces.uwupn = { + allowedIPsAsRoutes = true; + privateKeyFile = config.age.secrets.${wg0PrivKey}.path; + ips = [ "10.11.0.39/32" "fc00:1337:dead:beef::10.11.0.39/128" ]; + peers = [ + { + publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + endpoint = "53c70r.de:51820"; + persistentKeepalive = 25; + presharedKeyFile = config.age.secrets.${wg0PresharedKey}.path; + } + ]; + }; + interfaces.hydra = { + allowedIPsAsRoutes = true; + privateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; + ips = [ "10.3.3.3/32" ]; + peers = [ + { + publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + allowedIPs = [ "10.3.3.1/32" ]; + endpoint = "hydra.dadada.li:51235"; + persistentKeepalive = 25; + } + ]; + }; + }; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 # HTTP + 443 # HTTPS + 3000 # Hydra + ]; + allowedUDPPorts = [ + 51234 # Wireguard + 51235 # Wireguard + ]; + }; + + networking.networkmanager.enable = false; + + dadada.networking.localResolver.enable = true; + dadada.networking.localResolver.uwu = true; + dadada.networking.localResolver.s0 = true; + + # Desktop things for media playback + + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + hardware.pulseaudio.enable = false; + + environment.systemPackages = [ pkgs.firefox pkgs.spotify pkgs.mpv ]; + + users.users."media" = { + isNormalUser = true; + description = "Media playback user"; + extraGroups = [ "users" "video" ]; + # allow anyone with physical access to log in + password = "media"; + }; + + documentation.enable = true; + documentation.nixos.enable = true; + + system.stateVersion = "22.11"; +} diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix new file mode 100644 index 0000000..ea01f13 --- /dev/null +++ b/nixos/ninurta/hardware-configuration.nix @@ -0,0 +1,65 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.initrd.luks.devices."dm-ninurta".device = "/dev/disk/by-uuid/a64f1e3f-ea13-43b6-83de-2ba4e45e8a3f"; + + fileSystems."/" = + { + device = "/dev/disk/by-label/ninurta"; + fsType = "btrfs"; + options = [ "compress=zstd,subvol=root" ]; + }; + + fileSystems."/home" = + { + device = "/dev/disk/by-label/ninurta"; + fsType = "btrfs"; + options = [ "compress=zstd,subvol=home" ]; + }; + + fileSystems."/var" = + { device = "/dev/disk/by-label/ninurta"; + fsType = "btrfs"; + options = [ "subvol=var" ]; + }; + + fileSystems."/nix" = + { + device = "/dev/disk/by-label/ninurta"; + fsType = "btrfs"; + options = [ "compress=zstd,noatime,subvol=nix" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; + + swapDevices = [ + { device = "/var/swapfile"; size = 65536; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp86s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 8942c542515908f8917cc60033dac0577da6242c Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Feb 2023 15:21:30 +0100 Subject: [PATCH 526/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/2e19b92980a79118351ec12496a81c49bd674d8a' (2023-02-02) → 'github:numtide/devshell/6fe837bb4f540a1832522ec54604c453757836b2' (2023-02-07) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/8e8240194eda25b61449f29bb5131e02b28a5486' (2023-02-04) → 'github:NixOS/nixpkgs/103fe0800b9d739c279997561c9da9d242d5b6b8' (2023-02-11) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b7ac0a56029e4f9e6743b9993037a5aaafd57103' (2023-01-24) → 'github:NixOS/nixos-hardware/44ae00e02e8036a66c08f4decdece7e3bbbefee2' (2023-02-09) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e4979a9..baa0735 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1675340818, - "narHash": "sha256-GAzTgOvonq4K3CVyyKZGbCnqdLi6nRe78t8ko/mLxL0=", + "lastModified": 1675790942, + "narHash": "sha256-UfXATFXxACtdMQmwRZIdOc6CT4mwgbZBAnGxiUkgUM4=", "owner": "numtide", "repo": "devshell", - "rev": "2e19b92980a79118351ec12496a81c49bd674d8a", + "rev": "6fe837bb4f540a1832522ec54604c453757836b2", "type": "github" }, "original": { @@ -500,11 +500,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1675512093, - "narHash": "sha256-u1CY4feK14B57E6T+0Bhkuoj8dpBxCPrWO+SP87UVP8=", + "lastModified": 1676094287, + "narHash": "sha256-z2gc84Hs9JmzmSmQ/n3Ano/uhYPS4uF8jZPcgKDTfb8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e8240194eda25b61449f29bb5131e02b28a5486", + "rev": "103fe0800b9d739c279997561c9da9d242d5b6b8", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1674550793, - "narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=", + "lastModified": 1675933606, + "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103", + "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2", "type": "github" }, "original": { From 0854dcc1302f1c7f42aaee7613775aa6383c9ab1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Feb 2023 16:09:03 +0100 Subject: [PATCH 527/988] fix formatting --- nixos/ninurta/hardware-configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index ea01f13..0561294 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -29,7 +29,8 @@ }; fileSystems."/var" = - { device = "/dev/disk/by-label/ninurta"; + { + device = "/dev/disk/by-label/ninurta"; fsType = "btrfs"; options = [ "subvol=var" ]; }; From f55b129a65ccfb2f852af449ba53ce25a4cc7abe Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 21 Feb 2023 19:52:56 +0100 Subject: [PATCH 528/988] add element-desktop and librewolf --- home/home/pkgs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index b194f92..6b02b204 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -22,6 +22,7 @@ with pkgs; [ dstat duf # disk usage dyff # diff tool for YAML + element-desktop evince evolution exa @@ -72,6 +73,7 @@ with pkgs; [ ldns liboping # oping, ping multiple hosts at once libreoffice + librewolf libvirt lsof lynis From 02359f7303bba4c5768bfacf2cfe968aa0843642 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 21 Feb 2023 19:53:55 +0100 Subject: [PATCH 529/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/6fe837bb4f540a1832522ec54604c453757836b2' (2023-02-07) → 'github:numtide/devshell/71e3022e3ab20bbf1342640547ef5bc14fb43bf4' (2023-02-13) • Updated input 'flake-utils': 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) → 'github:numtide/flake-utils/3db36a8b464d0c4532ba1c7dda728f4576d6d073' (2023-02-13) • Updated input 'home-manager': 'github:nix-community/home-manager/65c47ced082e3353113614f77b1bc18822dc731f' (2023-01-23) → 'github:nix-community/home-manager/2cb27c79117a2a75ff3416c3199a2dc57af6a527' (2023-02-13) • Updated input 'myNixpkgs': 'github:NixOS/nixpkgs/103fe0800b9d739c279997561c9da9d242d5b6b8' (2023-02-11) → 'github:NixOS/nixpkgs/e19f25b587f15871d26442cfa1abe4418a815d7d' (2023-02-20) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/6a5dc1d3d557ea7b5c19b15ff91955124d0400fa' (2023-01-25) → 'github:nix-community/nixos-generators/1e0a05219f2a557d4622bc38f542abb360518795' (2023-02-13) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/44ae00e02e8036a66c08f4decdece7e3bbbefee2' (2023-02-09) → 'github:NixOS/nixos-hardware/d24ea777c57b69c6b143cf11d83184ef71b0dbbf' (2023-02-20) • Updated input 'nvd/flake-utils': 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02) → 'github:numtide/flake-utils/3db36a8b464d0c4532ba1c7dda728f4576d6d073' (2023-02-13) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index baa0735..9133923 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1675790942, - "narHash": "sha256-UfXATFXxACtdMQmwRZIdOc6CT4mwgbZBAnGxiUkgUM4=", + "lastModified": 1676293499, + "narHash": "sha256-uIOTlTxvrXxpKeTvwBI1JGDGtCxMXE3BI0LFwoQMhiQ=", "owner": "numtide", "repo": "devshell", - "rev": "6fe837bb4f540a1832522ec54604c453757836b2", + "rev": "71e3022e3ab20bbf1342640547ef5bc14fb43bf4", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -360,11 +360,11 @@ }, "flake-utils_5": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -449,11 +449,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1674440933, - "narHash": "sha256-CASRcD/rK3fn5vUCti3jzry7zi0GsqRsBohNq9wPgLs=", + "lastModified": 1676257154, + "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", "owner": "nix-community", "repo": "home-manager", - "rev": "65c47ced082e3353113614f77b1bc18822dc731f", + "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", "type": "github" }, "original": { @@ -500,11 +500,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1676094287, - "narHash": "sha256-z2gc84Hs9JmzmSmQ/n3Ano/uhYPS4uF8jZPcgKDTfb8=", + "lastModified": 1676895851, + "narHash": "sha256-xdhBKw2el790G+88tZYpRWlP9VjQC9OLR5Jx84VPe08=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "103fe0800b9d739c279997561c9da9d242d5b6b8", + "rev": "e19f25b587f15871d26442cfa1abe4418a815d7d", "type": "github" }, "original": { @@ -624,11 +624,11 @@ ] }, "locked": { - "lastModified": 1674666581, - "narHash": "sha256-KNI2s/xrL7WOYaPJAWKBtb7cCH3335rLfsL+B+ssuGY=", + "lastModified": 1676297861, + "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "6a5dc1d3d557ea7b5c19b15ff91955124d0400fa", + "rev": "1e0a05219f2a557d4622bc38f542abb360518795", "type": "github" }, "original": { @@ -639,11 +639,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1675933606, - "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=", + "lastModified": 1676924492, + "narHash": "sha256-78278eyP55JRFe7UCpmFwdkrTY6H2arzTpVeteWo8kM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2", + "rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf", "type": "github" }, "original": { From 33e5ba912375bd2820b92e30a9fe7c8c2aac230c Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Mar 2023 13:30:14 +0100 Subject: [PATCH 530/988] update nixpkgs and install saleae-logic-2 --- flake.lock | 73 +++++++++++++++++++++++----------------------- home/home/pkgs.nix | 1 + outputs.nix | 2 +- 3 files changed, 39 insertions(+), 37 deletions(-) diff --git a/flake.lock b/flake.lock index 9133923..4c1feef 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1676293499, - "narHash": "sha256-uIOTlTxvrXxpKeTvwBI1JGDGtCxMXE3BI0LFwoQMhiQ=", + "lastModified": 1677576895, + "narHash": "sha256-EtV2sOcIxqZUVijAb5HyCIq7Oft72bgQ3Me8YlKd5jE=", "owner": "numtide", "repo": "devshell", - "rev": "71e3022e3ab20bbf1342640547ef5bc14fb43bf4", + "rev": "05a1e4a4b02cb7bfc8d031064f9d5a2cc27c8847", "type": "github" }, "original": { @@ -94,11 +94,11 @@ "doom-snippets": { "flake": false, "locked": { - "lastModified": 1662645711, - "narHash": "sha256-XKpPCtECGZQ5bFPPDUX3oAltXOJNwAI/OktxiLnADRE=", + "lastModified": 1676839496, + "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", "owner": "doomemacs", "repo": "snippets", - "rev": "03a62fe7edf7e87fdbd925713fbd3bf292d14b00", + "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", "type": "github" }, "original": { @@ -173,16 +173,17 @@ "emacs-overlay": { "flake": false, "locked": { - "lastModified": 1675362118, - "narHash": "sha256-11CqDTkQA9P5I4InVCXmj/IaHvz4nUJaLNFiDiHVvIg=", + "lastModified": 1676366521, + "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "a018577287e390e01654a8b44d57d183a51b72b2", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" } }, @@ -345,11 +346,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -449,11 +450,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1676257154, - "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", + "lastModified": 1677711157, + "narHash": "sha256-6/c88G/5i/SzjTcGix4e9d60aIRDlTZ0aVJ2iXSO/DA=", "owner": "nix-community", "repo": "home-manager", - "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", + "rev": "a7d3f51e9e01cecebe9e00bf417bc2111c2a9202", "type": "github" }, "original": { @@ -500,11 +501,11 @@ }, "myNixpkgs": { "locked": { - "lastModified": 1676895851, - "narHash": "sha256-xdhBKw2el790G+88tZYpRWlP9VjQC9OLR5Jx84VPe08=", + "lastModified": 1677624842, + "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e19f25b587f15871d26442cfa1abe4418a815d7d", + "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", "type": "github" }, "original": { @@ -545,11 +546,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1675387812, - "narHash": "sha256-fGjWMg97w1mP0cDIR9Y8qCa77sEtiIdYzqiRB+P2YcM=", + "lastModified": 1677326276, + "narHash": "sha256-dfKLWggIQ6F0/WXa52ZBO6NGrCpwVKU4WcLvZwbOHJg=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "8de922e4e23158790970a266234a853305b1928d", + "rev": "c283bcf19b64aba8c50d5618cb58457967f6cdb7", "type": "github" }, "original": { @@ -639,11 +640,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1676924492, - "narHash": "sha256-78278eyP55JRFe7UCpmFwdkrTY6H2arzTpVeteWo8kM=", + "lastModified": 1677591639, + "narHash": "sha256-DMlAyge+u3K+JOFLA5YfdjqagdAYJf29YGBWpy5izg4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d24ea777c57b69c6b143cf11d83184ef71b0dbbf", + "rev": "77de4cd09db4dbee9551ed2853cfcf113d7dc5ce", "type": "github" }, "original": { @@ -749,11 +750,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1673519709, - "narHash": "sha256-XtGk32Lw2iGDgH5Q4Rjhig0Iq5hpIM0EKQoptJ+nT3k=", + "lastModified": 1677145298, + "narHash": "sha256-r5hCcLiBYspW7mTK1cHyLktcPMRTVs8FYI44iK85A0o=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "ecb62e2e317b1a4b5b8a6c0f111ed7ef18413040", + "rev": "351279ffaead08398002fd29801eaad688ccf239", "type": "github" }, "original": { @@ -765,11 +766,11 @@ "org-contrib": { "flake": false, "locked": { - "lastModified": 1664301003, - "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=", + "lastModified": 1675694242, + "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", "owner": "emacsmirror", "repo": "org-contrib", - "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f", + "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", "type": "github" }, "original": { @@ -833,11 +834,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1674652670, - "narHash": "sha256-ViqeZlOjQTlY0KM7YcOOjdgkxRLPMZrRKXTqtyc1I00=", + "lastModified": 1677036091, + "narHash": "sha256-mHAl+kWxSVfYTQjwbhAHuxAwnm4gAPb4plHIn12gXcg=", "owner": "hakimel", "repo": "reveal.js", - "rev": "b1a9842b2f4544a2fda546383db38cc7a81f6b74", + "rev": "cd019514f3d4924bae6caaaf5383a068cc1320d7", "type": "github" }, "original": { @@ -945,11 +946,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1673328482, - "narHash": "sha256-6yQ35uJDAK531QNQZgloQaOQayRa8azOlOMbO8lXsHE=", + "lastModified": 1677013151, + "narHash": "sha256-ssKzQ4VBeE2IBz8NZ35u3tnLMABdpBOQ8TCUWsYt3nE=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "75d6f9ed317b042b5bc7cb21503596d1c7a1b8c0", + "rev": "9d9e0c5cf7b5397e06571bb6bf497598dc8796a8", "type": "github" }, "original": { diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 6b02b204..e9b752a 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -114,6 +114,7 @@ with pkgs; [ ripgrep rust-analyzer rustup + saleae-logic-2 sd # search and displace like sed but with better syntax signal-desktop silver-searcher diff --git a/outputs.nix b/outputs.nix index 5ba64ae..1e10599 100644 --- a/outputs.nix +++ b/outputs.nix @@ -27,7 +27,7 @@ inherit system; overlays = [ agenix.overlay - devshell.overlay + devshell.overlays.default ]; }; extraModules = [ "${devshell}/extra/git/hooks.nix" ]; From 9a2feac45db6bbcd8f3fcc61e15e7277a5e4ed9a Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 3 Mar 2023 13:34:54 +0100 Subject: [PATCH 531/988] add rules for saleae logic analyzer --- nixos/gorgon/configuration.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9c55b8c..76b5d71 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -23,6 +23,14 @@ let ''; destination = "/etc/udev/rules.d/61-xilinx-jtag.rules"; }; + saleaeLogic = pkgs.writeTextFile { + name = "saleae-logic"; + text = '' + # Saleae Logic analyzer (USB Based) + ATTRS{idVendor}=="21a9", ATTRS{idProduct}=="1006", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/61-saleae-logic.rules"; + }; in { imports = [ @@ -102,7 +110,7 @@ in systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - services.udev.packages = [ xilinxJtag ]; #noMtpUdevRules ]; + services.udev.packages = [ xilinxJtag saleaeLogic ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From fad936a040c68b48e999d18fe6c85c58fcec4475 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Feb 2023 01:19:00 +0000 Subject: [PATCH 532/988] build(deps): bump cachix/install-nix-action from 18 to 19 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 18 to 19. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v18...v19) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- .github/workflows/nix-flake-update.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index d42a902..2b94866 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@v19 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 651feb4..04cc034 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v18 + - uses: cachix/install-nix-action@v19 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | From 3e1e140f8de8e0ea598141d8388dbe8a5b7b8982 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Mar 2023 11:27:05 +0100 Subject: [PATCH 533/988] update cachix CI action --- .github/workflows/nix-flake-check.yml | 29 +++++++++++++-------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 2b94866..3b0e441 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -7,20 +7,19 @@ on: jobs: checks: - name: Checks + name: "Checks" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: cachix/install-nix-action@v19 - with: - nix_path: nixpkgs=channel:nixos-stable - extra_nix_config: | - experimental-features = nix-command flakes - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v12 - with: - name: dadada - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - name: Checks - run: nix flake check + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v20 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: cachix/cachix-action@v12 + with: + name: mycache + # If you chose signing key for write access + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + # If you chose API tokens for write access OR if you have a private cache + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix-build + - run: nix-shell --run "echo OK" From 79767236bb0c87060a8cd98bc52468964160a854 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Mar 2023 11:32:01 +0100 Subject: [PATCH 534/988] use flakes in ci --- .github/workflows/nix-flake-check.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 3b0e441..6d899ea 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -13,13 +13,14 @@ jobs: - uses: actions/checkout@v3 - uses: cachix/install-nix-action@v20 with: - nix_path: nixpkgs=channel:nixos-unstable + nix_path: nixpkgs=channel:nixos-stable + extra_nix_config: | + experimental-features = nix-command flakes + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + system-features = nixos-test benchmark big-parallel kvm - uses: cachix/cachix-action@v12 with: name: mycache - # If you chose signing key for write access signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - # If you chose API tokens for write access OR if you have a private cache authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix-build - - run: nix-shell --run "echo OK" + - run: nix flake check From ebfe5f8dd23a1463434a49d273395f3b623f35a1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Mar 2023 12:03:11 +0100 Subject: [PATCH 535/988] remove some flake inputs --- flake.lock | 682 +++++---------------------------------- flake.nix | 27 +- home/home/pkgs.nix | 1 - hydra-jobs.nix | 2 +- nixos/configurations.nix | 4 +- outputs.nix | 13 +- pkgs/default.nix | 4 +- 7 files changed, 93 insertions(+), 640 deletions(-) diff --git a/flake.lock b/flake.lock index 4c1feef..d810d52 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,7 @@ "agenix": { "inputs": { "nixpkgs": [ - "myNixpkgs" + "nixpkgs" ] }, "locked": { @@ -24,11 +24,11 @@ "crane": { "flake": false, "locked": { - "lastModified": 1654444508, - "narHash": "sha256-4OBvQ4V7jyt7afs6iKUvRzJ1u/9eYnKzVQbeQdiamuY=", + "lastModified": 1661875961, + "narHash": "sha256-f1h/2c6Teeu1ofAHWzrS8TwBPcnN+EEu+z1sRVmMQTk=", "owner": "ipetkov", "repo": "crane", - "rev": "db5482bf225acc3160899124a1df5a617cfa27b5", + "rev": "d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24", "type": "github" }, "original": { @@ -41,15 +41,15 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "myNixpkgs" + "nixpkgs" ] }, "locked": { - "lastModified": 1677576895, - "narHash": "sha256-EtV2sOcIxqZUVijAb5HyCIq7Oft72bgQ3Me8YlKd5jE=", + "lastModified": 1677856503, + "narHash": "sha256-TW8my47VpavO/PXA5hIumUcX80cj0AufojjUTdUonLw=", "owner": "numtide", "repo": "devshell", - "rev": "05a1e4a4b02cb7bfc8d031064f9d5a2cc27c8847", + "rev": "643d1857fea4e71e7f251cb574f59b1d63778085", "type": "github" }, "original": { @@ -61,11 +61,11 @@ "devshell_2": { "flake": false, "locked": { - "lastModified": 1655976588, - "narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=", + "lastModified": 1667210711, + "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", "owner": "numtide", "repo": "devshell", - "rev": "899ca4629020592a13a46783587f6e674179d1db", + "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", "type": "github" }, "original": { @@ -74,94 +74,58 @@ "type": "github" } }, - "doom-emacs": { - "flake": false, - "locked": { - "lastModified": 1662497747, - "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=", - "owner": "doomemacs", - "repo": "doomemacs", - "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", - "type": "github" - }, - "original": { - "owner": "doomemacs", - "repo": "doomemacs", - "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", - "type": "github" - } - }, - "doom-snippets": { - "flake": false, - "locked": { - "lastModified": 1676839496, - "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", - "owner": "doomemacs", - "repo": "snippets", - "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", - "type": "github" - }, - "original": { - "owner": "doomemacs", - "repo": "snippets", - "type": "github" - } - }, "dream2nix": { "inputs": { "alejandra": [ "helix", - "nixCargoIntegration", - "nixpkgs" + "nci" + ], + "all-cabal-json": [ + "helix", + "nci" ], "crane": "crane", "devshell": [ "helix", - "nixCargoIntegration", + "nci", "devshell" ], "flake-utils-pre-commit": [ "helix", - "nixCargoIntegration", - "nixpkgs" + "nci" + ], + "ghc-utils": [ + "helix", + "nci" ], "gomod2nix": [ "helix", - "nixCargoIntegration", - "nixpkgs" + "nci" ], "mach-nix": [ "helix", - "nixCargoIntegration", - "nixpkgs" + "nci" ], "nixpkgs": [ "helix", - "nixCargoIntegration", - "nixpkgs" - ], - "node2nix": [ - "helix", - "nixCargoIntegration", + "nci", "nixpkgs" ], "poetry2nix": [ "helix", - "nixCargoIntegration", - "nixpkgs" + "nci" ], "pre-commit-hooks": [ "helix", - "nixCargoIntegration", - "nixpkgs" + "nci" ] }, "locked": { - "lastModified": 1655975833, - "narHash": "sha256-g8sdfuglIZ24oWVbntVzniNTJW+Z3n9DNL9w9Tt+UCE=", + "lastModified": 1668851003, + "narHash": "sha256-X7RCQQynbxStZR2m7HW38r/msMQwVl3afD6UXOCtvx4=", "owner": "nix-community", "repo": "dream2nix", - "rev": "4e75e665ec3a1cddae5266bed0dd72fce0b74a23", + "rev": "c77e8379d8fe01213ba072e40946cbfb7b58e628", "type": "github" }, "original": { @@ -170,135 +134,6 @@ "type": "github" } }, - "emacs-overlay": { - "flake": false, - "locked": { - "lastModified": 1676366521, - "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=", - "owner": "nix-community", - "repo": "emacs-overlay", - "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "emacs-overlay", - "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", - "type": "github" - } - }, - "emacs-so-long": { - "flake": false, - "locked": { - "lastModified": 1575031854, - "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", - "owner": "hlissner", - "repo": "emacs-so-long", - "rev": "ed666b0716f60e8988c455804de24b55919e71ca", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "emacs-so-long", - "type": "github" - } - }, - "evil-escape": { - "flake": false, - "locked": { - "lastModified": 1588439096, - "narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=", - "owner": "hlissner", - "repo": "evil-escape", - "rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "evil-escape", - "type": "github" - } - }, - "evil-markdown": { - "flake": false, - "locked": { - "lastModified": 1626852210, - "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", - "owner": "Somelauw", - "repo": "evil-markdown", - "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", - "type": "github" - }, - "original": { - "owner": "Somelauw", - "repo": "evil-markdown", - "type": "github" - } - }, - "evil-org-mode": { - "flake": false, - "locked": { - "lastModified": 1607203864, - "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", - "owner": "hlissner", - "repo": "evil-org-mode", - "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "evil-org-mode", - "type": "github" - } - }, - "evil-quick-diff": { - "flake": false, - "locked": { - "lastModified": 1575189609, - "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", - "owner": "rgrinberg", - "repo": "evil-quick-diff", - "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", - "type": "github" - }, - "original": { - "owner": "rgrinberg", - "repo": "evil-quick-diff", - "type": "github" - } - }, - "explain-pause-mode": { - "flake": false, - "locked": { - "lastModified": 1595842060, - "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", - "owner": "lastquestion", - "repo": "explain-pause-mode", - "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", - "type": "github" - }, - "original": { - "owner": "lastquestion", - "repo": "explain-pause-mode", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1642700792, @@ -331,11 +166,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -345,36 +180,6 @@ } }, "flake-utils_4": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -389,55 +194,25 @@ "type": "github" } }, - "flake-utils_7": { - "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "format-all": { - "flake": false, - "locked": { - "lastModified": 1581716637, - "narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=", - "owner": "lassik", - "repo": "emacs-format-all-the-code", - "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", - "type": "github" - }, - "original": { - "owner": "lassik", - "repo": "emacs-format-all-the-code", - "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", - "type": "github" - } - }, "helix": { "inputs": { - "nixCargoIntegration": "nixCargoIntegration", - "nixpkgs": "nixpkgs", + "nci": "nci", + "nixpkgs": [ + "nixpkgs" + ], "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1662052066, - "narHash": "sha256-tMO4wFXVRE/TPxOtaEpgu95Hff8PekqXZPt4e+5Di78=", + "lastModified": 1670381690, + "narHash": "sha256-0VPEA2XixJ+5NGS0zcnntcDWDByUQD4EFuoSSE+Q7yk=", "owner": "helix-editor", "repo": "helix", - "rev": "66276ce630cead06c84394768927fe20490d0638", + "rev": "96ff64a84a4948b0aa85a453276cb0091fb9c792", "type": "github" }, "original": { "owner": "helix-editor", - "ref": "22.08.1", + "ref": "22.12", "repo": "helix", "type": "github" } @@ -445,16 +220,16 @@ "home-manager": { "inputs": { "nixpkgs": [ - "myNixpkgs" + "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1677711157, - "narHash": "sha256-6/c88G/5i/SzjTcGix4e9d60aIRDlTZ0aVJ2iXSO/DA=", + "lastModified": 1677757546, + "narHash": "sha256-tA1ukoluctzLVyWRaKtD4KlTwgXbUsGB5vcyni1OJ9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7d3f51e9e01cecebe9e00bf417bc2111c2a9202", + "rev": "86bb69b0b1e10d99a30c4352f230f03106dd0f8a", "type": "github" }, "original": { @@ -467,7 +242,7 @@ "homePage": { "inputs": { "hugo-theme-anubis": "hugo-theme-anubis", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1655227494, @@ -499,83 +274,7 @@ "type": "github" } }, - "myNixpkgs": { - "locked": { - "lastModified": 1677624842, - "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nix-doom-emacs": { - "inputs": { - "doom-emacs": "doom-emacs", - "doom-snippets": "doom-snippets", - "emacs-overlay": "emacs-overlay", - "emacs-so-long": "emacs-so-long", - "evil-escape": "evil-escape", - "evil-markdown": "evil-markdown", - "evil-org-mode": "evil-org-mode", - "evil-quick-diff": "evil-quick-diff", - "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_4", - "format-all": "format-all", - "nix-straight": "nix-straight", - "nixpkgs": [ - "myNixpkgs" - ], - "nose": "nose", - "ob-racket": "ob-racket", - "org": "org", - "org-contrib": "org-contrib", - "org-yt": "org-yt", - "php-extras": "php-extras", - "revealjs": "revealjs", - "rotate-text": "rotate-text", - "sln-mode": "sln-mode", - "ts-fold": "ts-fold", - "ws-butler": "ws-butler" - }, - "locked": { - "lastModified": 1677326276, - "narHash": "sha256-dfKLWggIQ6F0/WXa52ZBO6NGrCpwVKU4WcLvZwbOHJg=", - "owner": "nix-community", - "repo": "nix-doom-emacs", - "rev": "c283bcf19b64aba8c50d5618cb58457967f6cdb7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-doom-emacs", - "type": "github" - } - }, - "nix-straight": { - "flake": false, - "locked": { - "lastModified": 1666982610, - "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", - "owner": "nix-community", - "repo": "nix-straight.el", - "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-straight.el", - "type": "github" - } - }, - "nixCargoIntegration": { + "nci": { "inputs": { "devshell": "devshell_2", "dream2nix": "dream2nix", @@ -589,11 +288,11 @@ ] }, "locked": { - "lastModified": 1656453541, - "narHash": "sha256-ZCPVnS6zJOZJvIlwU3rKR8MBVm6A3F4/0mA7G1lQ3D0=", + "lastModified": 1669011203, + "narHash": "sha256-Lymj4HktNEFmVXtwI0Os7srDXHZbZW0Nzw3/+5Hf8ko=", "owner": "yusdacra", "repo": "nix-cargo-integration", - "rev": "9eb74345b30cd2e536d9dac9d4435d3c475605c7", + "rev": "c5133b91fc1d549087c91228bd213f2518728a4b", "type": "github" }, "original": { @@ -604,11 +303,11 @@ }, "nixlib": { "locked": { - "lastModified": 1636849918, - "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "lastModified": 1677373009, + "narHash": "sha256-kxhz4QUP8tXa/yVSpEzDDZSEp9FvhzRqZzb+SeUaekw=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "rev": "c9d4f2476046c6a7a2ce3c2118c48455bf0272ea", "type": "github" }, "original": { @@ -625,11 +324,11 @@ ] }, "locked": { - "lastModified": 1676297861, - "narHash": "sha256-YECUmK34xzg0IERpnbCnaO6z6YgfecJlstMWX7dqOZ8=", + "lastModified": 1677834279, + "narHash": "sha256-JHKdz4+KtDcCuIxt7jl03/wv3gMVCN5cHuED7SYS75c=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "1e0a05219f2a557d4622bc38f542abb360518795", + "rev": "59d63c5bb0574048d3519c268fccf73e57220bf5", "type": "github" }, "original": { @@ -655,22 +354,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1655624069, - "narHash": "sha256-7g1zwTdp35GMTERnSzZMWJ7PG3QdDE8VOX3WsnOkAtM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0d68d7c857fe301d49cdcd56130e0beea4ecd5aa", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1629226339, "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", @@ -683,6 +366,22 @@ "type": "indirect" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1677779205, + "narHash": "sha256-6DBjL9wjq86p2GczmwnHtFRnWPBPItc67gapWENBgX8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "96e18717904dfedcd884541e5a92bf9ff632cf39", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_3": { "locked": { "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", @@ -694,126 +393,9 @@ "type": "indirect" } }, - "nose": { - "flake": false, - "locked": { - "lastModified": 1400604510, - "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", - "owner": "emacsattic", - "repo": "nose", - "rev": "f8528297519eba911696c4e68fa88892de9a7b72", - "type": "github" - }, - "original": { - "owner": "emacsattic", - "repo": "nose", - "type": "github" - } - }, - "nvd": { - "inputs": { - "flake-utils": "flake-utils_5", - "nixpkgs": [ - "myNixpkgs" - ] - }, - "locked": { - "lastModified": 1665876905, - "narHash": "sha256-rZJuhvO7hIPezbwFESOEdGm+ZJldrEiPIvyhICJ6xoQ=", - "ref": "refs/heads/master", - "rev": "f87f29530beb039d283530ab533d700c53120b83", - "revCount": 25, - "type": "git", - "url": "https://gitlab.com/khumba/nvd.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/khumba/nvd.git" - } - }, - "ob-racket": { - "flake": false, - "locked": { - "lastModified": 1584656173, - "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", - "owner": "xchrishawk", - "repo": "ob-racket", - "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", - "type": "github" - }, - "original": { - "owner": "xchrishawk", - "repo": "ob-racket", - "type": "github" - } - }, - "org": { - "flake": false, - "locked": { - "lastModified": 1677145298, - "narHash": "sha256-r5hCcLiBYspW7mTK1cHyLktcPMRTVs8FYI44iK85A0o=", - "owner": "emacs-straight", - "repo": "org-mode", - "rev": "351279ffaead08398002fd29801eaad688ccf239", - "type": "github" - }, - "original": { - "owner": "emacs-straight", - "repo": "org-mode", - "type": "github" - } - }, - "org-contrib": { - "flake": false, - "locked": { - "lastModified": 1675694242, - "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", - "owner": "emacsmirror", - "repo": "org-contrib", - "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", - "type": "github" - }, - "original": { - "owner": "emacsmirror", - "repo": "org-contrib", - "type": "github" - } - }, - "org-yt": { - "flake": false, - "locked": { - "lastModified": 1527381913, - "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", - "owner": "TobiasZawada", - "repo": "org-yt", - "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", - "type": "github" - }, - "original": { - "owner": "TobiasZawada", - "repo": "org-yt", - "type": "github" - } - }, - "php-extras": { - "flake": false, - "locked": { - "lastModified": 1573312690, - "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", - "owner": "arnested", - "repo": "php-extras", - "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", - "type": "github" - }, - "original": { - "owner": "arnested", - "repo": "php-extras", - "type": "github" - } - }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_3" }, "locked": { @@ -831,22 +413,6 @@ "type": "github" } }, - "revealjs": { - "flake": false, - "locked": { - "lastModified": 1677036091, - "narHash": "sha256-mHAl+kWxSVfYTQjwbhAHuxAwnm4gAPb4plHIn12gXcg=", - "owner": "hakimel", - "repo": "reveal.js", - "rev": "cd019514f3d4924bae6caaaf5383a068cc1320d7", - "type": "github" - }, - "original": { - "owner": "hakimel", - "repo": "reveal.js", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -855,32 +421,10 @@ "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", - "myNixpkgs": "myNixpkgs", - "nix-doom-emacs": "nix-doom-emacs", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": [ - "myNixpkgs" - ], - "nvd": "nvd", - "recipemd": "recipemd", - "scripts": "scripts" - } - }, - "rotate-text": { - "flake": false, - "locked": { - "lastModified": 1322962747, - "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", - "owner": "debug-ito", - "repo": "rotate-text.el", - "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", - "type": "github" - }, - "original": { - "owner": "debug-ito", - "repo": "rotate-text.el", - "type": "github" + "nixpkgs": "nixpkgs_2", + "recipemd": "recipemd" } }, "rust-overlay": { @@ -892,11 +436,11 @@ ] }, "locked": { - "lastModified": 1655779671, - "narHash": "sha256-6feeiGa6fb7ZPVHR71uswkmN1701TAJpwYQA8QffmRk=", + "lastModified": 1668998422, + "narHash": "sha256-G/BklIplCHZEeDIabaaxqgITdIXtMolRGlwxn9jG2/Q=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8159585609a772b041cce6019d5c21d240709244", + "rev": "68ab029c93f8f8eed4cf3ce9a89a9fd4504b2d6e", "type": "github" }, "original": { @@ -905,60 +449,6 @@ "type": "github" } }, - "scripts": { - "inputs": { - "flake-utils": "flake-utils_7", - "nixpkgs": [ - "myNixpkgs" - ] - }, - "locked": { - "lastModified": 1627838887, - "narHash": "sha256-Ew4I0VynDGTmB+b4ScYcHyt+Vtcvx5L3dSCee0hxvP8=", - "ref": "main", - "rev": "c73d546857270e0e039939df4b09914a3a6d5ae1", - "revCount": 6, - "type": "git", - "url": "https://git.dadada.li/dadada/scripts.git" - }, - "original": { - "ref": "main", - "type": "git", - "url": "https://git.dadada.li/dadada/scripts.git" - } - }, - "sln-mode": { - "flake": false, - "locked": { - "lastModified": 1423727528, - "narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=", - "owner": "sensorflo", - "repo": "sln-mode", - "rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c", - "type": "github" - }, - "original": { - "owner": "sensorflo", - "repo": "sln-mode", - "type": "github" - } - }, - "ts-fold": { - "flake": false, - "locked": { - "lastModified": 1677013151, - "narHash": "sha256-ssKzQ4VBeE2IBz8NZ35u3tnLMABdpBOQ8TCUWsYt3nE=", - "owner": "jcs-elpa", - "repo": "ts-fold", - "rev": "9d9e0c5cf7b5397e06571bb6bf497598dc8796a8", - "type": "github" - }, - "original": { - "owner": "jcs-elpa", - "repo": "ts-fold", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1667395993, @@ -973,22 +463,6 @@ "repo": "flake-utils", "type": "github" } - }, - "ws-butler": { - "flake": false, - "locked": { - "lastModified": 1634511126, - "narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=", - "owner": "hlissner", - "repo": "ws-butler", - "rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5", - "type": "github" - }, - "original": { - "owner": "hlissner", - "repo": "ws-butler", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index b484b51..228de40 100644 --- a/flake.nix +++ b/flake.nix @@ -2,26 +2,13 @@ description = "dadada's nix flake"; inputs = { - myNixpkgs.url = github:NixOS/nixpkgs/nixos-22.11; + nixpkgs.url = github:NixOS/nixpkgs/nixos-22.11; flake-utils.url = github:numtide/flake-utils; home-manager = { url = github:nix-community/home-manager/release-22.11; - inputs.nixpkgs.follows = "myNixpkgs"; - }; - nix-doom-emacs = { - url = github:nix-community/nix-doom-emacs; - inputs.nixpkgs.follows = "myNixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; - nixpkgs.follows = "myNixpkgs"; - nvd = { - url = git+https://gitlab.com/khumba/nvd.git; - inputs.nixpkgs.follows = "myNixpkgs"; - }; - scripts = { - url = git+https://git.dadada.li/dadada/scripts.git?ref=main; - inputs.nixpkgs.follows = "myNixpkgs"; - }; homePage = { url = github:dadada/dadada.li; }; @@ -30,14 +17,16 @@ }; agenix = { url = github:ryantm/agenix/0.13.0; - inputs.nixpkgs.follows = "myNixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { url = github:numtide/devshell; - inputs.nixpkgs.follows = "myNixpkgs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + helix = { + url = github:helix-editor/helix/22.12; + inputs.nixpkgs.follows = "nixpkgs"; }; - helix.url = github:helix-editor/helix/22.08.1; - nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index e9b752a..aa2d17f 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -90,7 +90,6 @@ with pkgs; [ nix-index nmap nmon - nvd obs-studio openscad openssl diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 135b95e..86205e7 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -2,4 +2,4 @@ (nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) self.nixosConfigurations -) // self.checks.x86_64-linux +) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 9eb2b1e..9c32756 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -4,8 +4,6 @@ , home-manager , homePage , nixos-hardware -, nvd -, scripts , recipemd , helix , nixos-generators @@ -28,7 +26,7 @@ in { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = (getDefaultPkgs system { - inherit scripts nvd recipemd; + inherit recipemd; }) // self.packages.${system}; # Add flakes to registry and nix path. diff --git a/outputs.nix b/outputs.nix index 1e10599..960cb90 100644 --- a/outputs.nix +++ b/outputs.nix @@ -4,10 +4,7 @@ , homePage , nixpkgs , home-manager -, nix-doom-emacs , nixos-hardware -, nvd -, scripts , recipemd , agenix , devshell @@ -16,9 +13,7 @@ } @ inputs: (flake-utils.lib.eachDefaultSystem (system: let - pkgs = nixpkgs.legacyPackages.${system}; - selfPkgs = self.packages.${system}; - formatter = self.formatter.${system}; + pkgs = import nixpkgs { inherit system; }; in { devShells.default = @@ -34,7 +29,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = nixpkgs.legacyPackages."${system}".nixpkgs-fmt; + formatter = pkgs.nixpkgs-fmt; jobsets = (import ./jobsets.nix { inherit pkgs; @@ -47,13 +42,13 @@ }; nixpkgs = { type = "git"; - value = "git://github.com/NixOS/nixpkgs.git nixpkgs-22.05"; + value = "git://github.com/NixOS/nixpkgs.git nixpkgs-22.11"; emailresponsible = false; }; }; }); - packages = import ./pkgs (inputs // { inherit pkgs; }); + packages = import ./pkgs { inherit pkgs; }; })) // { diff --git a/pkgs/default.nix b/pkgs/default.nix index a7ce200..a9983e9 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,6 +1,4 @@ -{ pkgs -, ... -} @ inputs: +{ pkgs }: { map = pkgs.callPackage ./map.nix { }; } From 56dc4fcaeeb6b89aa7c74e489a26394bcb7635d2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Mar 2023 12:08:58 +0100 Subject: [PATCH 536/988] fix cache name --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 6d899ea..7e97204 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -20,7 +20,7 @@ jobs: system-features = nixos-test benchmark big-parallel kvm - uses: cachix/cachix-action@v12 with: - name: mycache + name: dadada signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - run: nix flake check From fb9a0076e88ff05c0708799b79af28df60e3b302 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Mar 2023 12:30:16 +0100 Subject: [PATCH 537/988] disable reboot after upgrade on agares --- nixos/agares/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index f1a5828..a695ba6 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -79,5 +79,8 @@ dmidecode ]; + # Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal. + system.autoUpgrade.allowReboot = false; + system.stateVersion = "22.05"; } From fc2dd0ac42f6a0c496b1828e53a31cd2b101e06c Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Mar 2023 13:04:29 +0100 Subject: [PATCH 538/988] install fractal-next --- home/home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index aa2d17f..476ef7b 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -29,7 +29,7 @@ with pkgs; [ ffmpeg file firefox - fractal + fractal-next fx # themable json viewer fzf fzf From bf64dc2c90189d51554cee56bb54766bcaeeeb46 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Mar 2023 13:06:26 +0100 Subject: [PATCH 539/988] uninstall element-desktop --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 476ef7b..6d0dd46 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -22,7 +22,6 @@ with pkgs; [ dstat duf # disk usage dyff # diff tool for YAML - element-desktop evince evolution exa From ee5ecc47f710c6f76c766768b1f8516ea5374610 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 8 Mar 2023 17:42:45 +0100 Subject: [PATCH 540/988] enable wireshark --- nixos/gorgon/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 76b5d71..1b7bdb1 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -75,6 +75,8 @@ in programs.adb.enable = true; + programs.wireshark.enable = true; + services.avahi.enable = true; # Enable CUPS to print documents. @@ -117,7 +119,7 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" ]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" ]; shell = "/run/current-system/sw/bin/zsh"; }; }; From 9118d608c94831d8e35eb16fecc8cba7e9c12fe1 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 9 Mar 2023 20:38:15 +0100 Subject: [PATCH 541/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/86bb69b0b1e10d99a30c4352f230f03106dd0f8a' (2023-03-02) → 'github:nix-community/home-manager/b0be47978de5cfd729a79c3f57ace4c86364ff45' (2023-03-08) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/59d63c5bb0574048d3519c268fccf73e57220bf5' (2023-03-03) → 'github:nix-community/nixos-generators/0c043999b16caba6fb571af2d228775729829943' (2023-03-09) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/77de4cd09db4dbee9551ed2853cfcf113d7dc5ce' (2023-02-28) → 'github:NixOS/nixos-hardware/22ef358f5fc72445bb920ae1395f5258e9838df7' (2023-03-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/96e18717904dfedcd884541e5a92bf9ff632cf39' (2023-03-02) → 'github:NixOS/nixpkgs/a7cc81913bb3cd1ef05ed0ece048b773e1839e51' (2023-03-07) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index d810d52..f8f0bbb 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1677757546, - "narHash": "sha256-tA1ukoluctzLVyWRaKtD4KlTwgXbUsGB5vcyni1OJ9I=", + "lastModified": 1678285456, + "narHash": "sha256-2rIk5OFGQmoFX1MWntKGPVCZvy5yQMX3ZCYz7i8+yb0=", "owner": "nix-community", "repo": "home-manager", - "rev": "86bb69b0b1e10d99a30c4352f230f03106dd0f8a", + "rev": "b0be47978de5cfd729a79c3f57ace4c86364ff45", "type": "github" }, "original": { @@ -324,11 +324,11 @@ ] }, "locked": { - "lastModified": 1677834279, - "narHash": "sha256-JHKdz4+KtDcCuIxt7jl03/wv3gMVCN5cHuED7SYS75c=", + "lastModified": 1678351966, + "narHash": "sha256-tRFEU0lu3imZb3dtELBY+UbEhWXbb0xlBrsIlpICb+A=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "59d63c5bb0574048d3519c268fccf73e57220bf5", + "rev": "0c043999b16caba6fb571af2d228775729829943", "type": "github" }, "original": { @@ -339,11 +339,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1677591639, - "narHash": "sha256-DMlAyge+u3K+JOFLA5YfdjqagdAYJf29YGBWpy5izg4=", + "lastModified": 1678389441, + "narHash": "sha256-k7DgWCNPfeNK1CmDHmL0t/qV7Bl47OU/eE04ZHhbfzI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "77de4cd09db4dbee9551ed2853cfcf113d7dc5ce", + "rev": "22ef358f5fc72445bb920ae1395f5258e9838df7", "type": "github" }, "original": { @@ -368,11 +368,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1677779205, - "narHash": "sha256-6DBjL9wjq86p2GczmwnHtFRnWPBPItc67gapWENBgX8=", + "lastModified": 1678230755, + "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96e18717904dfedcd884541e5a92bf9ff632cf39", + "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51", "type": "github" }, "original": { From a3fb63cff6c635f3cfc589d28487d53c7d439d5e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Mar 2023 01:06:16 +0000 Subject: [PATCH 542/988] build(deps): bump cachix/install-nix-action from 19 to 20 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 19 to 20. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v19...v20) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 04cc034..a9160ad 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v19 + - uses: cachix/install-nix-action@v20 with: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install extra_nix_config: | From c75427cf6911ba66eb9bbf14dcc49efecf848075 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 17 Mar 2023 23:40:29 +0100 Subject: [PATCH 543/988] pin flake registry --- flake.lock | 17 +++++++++++++++++ flake.nix | 4 ++++ nixos/modules/profiles/base.nix | 1 + 3 files changed, 22 insertions(+) diff --git a/flake.lock b/flake.lock index f8f0bbb..bc71d02 100644 --- a/flake.lock +++ b/flake.lock @@ -134,6 +134,22 @@ "type": "github" } }, + "flake-registry": { + "flake": false, + "locked": { + "lastModified": 1674218164, + "narHash": "sha256-oLNWhwrV252kiy2tGQwwJNKFR+iG0fjsw0GSE/XVTR8=", + "owner": "NixOS", + "repo": "flake-registry", + "rev": "507c028d8d189b6647592dfd10ee677578de45a1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-registry", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1642700792, @@ -417,6 +433,7 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", + "flake-registry": "flake-registry", "flake-utils": "flake-utils_2", "helix": "helix", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 228de40..ad805a4 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,10 @@ url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; + flake-registry = { + url = "github:NixOS/flake-registry"; + flake = false; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 2d221b3..67febdb 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -14,6 +14,7 @@ in nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; + nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; nix.settings.substituters = [ https://cache.nixos.org/ From 1f9e5444786abe1f05c642977bb2f950637401dc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 18 Mar 2023 13:51:38 +0100 Subject: [PATCH 544/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/643d1857fea4e71e7f251cb574f59b1d63778085' (2023-03-03) → 'github:numtide/devshell/3e0e60ab37cd0bf7ab59888f5c32499d851edb47' (2023-03-16) • Updated input 'flake-utils': 'github:numtide/flake-utils/3db36a8b464d0c4532ba1c7dda728f4576d6d073' (2023-02-13) → 'github:numtide/flake-utils/93a2b84fc4b70d9e089d029deacc3583435c2ed6' (2023-03-15) • Updated input 'home-manager': 'github:nix-community/home-manager/b0be47978de5cfd729a79c3f57ace4c86364ff45' (2023-03-08) → 'github:nix-community/home-manager/9154cd519a8942728038819682d6b3ff33f321bb' (2023-03-17) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/22ef358f5fc72445bb920ae1395f5258e9838df7' (2023-03-09) → 'github:NixOS/nixos-hardware/994584bb26ffa1deeaf56099601ef4bcc487273e' (2023-03-17) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a7cc81913bb3cd1ef05ed0ece048b773e1839e51' (2023-03-07) → 'github:NixOS/nixpkgs/cd34d6ed7ba7d5c4e44b04a53dc97edb52f2766c' (2023-03-16) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index bc71d02..4cc6f5a 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ ] }, "locked": { - "lastModified": 1677856503, - "narHash": "sha256-TW8my47VpavO/PXA5hIumUcX80cj0AufojjUTdUonLw=", + "lastModified": 1678957337, + "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=", "owner": "numtide", "repo": "devshell", - "rev": "643d1857fea4e71e7f251cb574f59b1d63778085", + "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47", "type": "github" }, "original": { @@ -167,11 +167,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", "owner": "numtide", "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", "type": "github" }, "original": { @@ -241,11 +241,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1678285456, - "narHash": "sha256-2rIk5OFGQmoFX1MWntKGPVCZvy5yQMX3ZCYz7i8+yb0=", + "lastModified": 1679067101, + "narHash": "sha256-tMI1inGT9u4KWQml0w30dhWqQPlth1e9K/68sfDkEQA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0be47978de5cfd729a79c3f57ace4c86364ff45", + "rev": "9154cd519a8942728038819682d6b3ff33f321bb", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1678389441, - "narHash": "sha256-k7DgWCNPfeNK1CmDHmL0t/qV7Bl47OU/eE04ZHhbfzI=", + "lastModified": 1679075297, + "narHash": "sha256-8TwS7NPQWW9iPejBwWzmjLnK8bQhdOMPpsj3KPAL6x8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "22ef358f5fc72445bb920ae1395f5258e9838df7", + "rev": "994584bb26ffa1deeaf56099601ef4bcc487273e", "type": "github" }, "original": { @@ -384,11 +384,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1678230755, - "narHash": "sha256-SFAXgNjNTXzcAideXcP0takfUGVft/VR5CACmYHg+Fc=", + "lastModified": 1678972866, + "narHash": "sha256-YV8BcNWfNVgS449B6hFYFUg4kwVIQMNehZP+FNDs1LY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a7cc81913bb3cd1ef05ed0ece048b773e1839e51", + "rev": "cd34d6ed7ba7d5c4e44b04a53dc97edb52f2766c", "type": "github" }, "original": { From 59a932672907cc5df3305ef7953701960a7e279a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 18 Mar 2023 14:17:07 +0100 Subject: [PATCH 545/988] fix flake inputs --- nixos/configurations.nix | 9 +++++---- outputs.nix | 1 + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 9c32756..9081b2f 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -7,6 +7,7 @@ , recipemd , helix , nixos-generators +, flake-registry , ... }@inputs: let @@ -15,7 +16,10 @@ let nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { inherit system; - modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; + modules = [{ + # Add flakes to registry and nix path. + dadada.inputs = inputs // { dadada = self; }; + }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in { @@ -28,9 +32,6 @@ in dadada.pkgs = (getDefaultPkgs system { inherit recipemd; }) // self.packages.${system}; - - # Add flakes to registry and nix path. - dadada.inputs = inputs // { dadada = self; }; } nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 diff --git a/outputs.nix b/outputs.nix index 960cb90..3393da0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,6 +1,7 @@ # Adapted from Mic92/dotfiles { self , flake-utils +, flake-registry , homePage , nixpkgs , home-manager From f2d472d3c8ea620d1c4cfed07c8585e68a1faf14 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 30 Mar 2023 21:38:35 +0200 Subject: [PATCH 546/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/9154cd519a8942728038819682d6b3ff33f321bb' (2023-03-17) → 'github:nix-community/home-manager/83110c259889230b324bb2d35bef78bf5f214a1f' (2023-03-25) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/0c043999b16caba6fb571af2d228775729829943' (2023-03-09) → 'github:nix-community/nixos-generators/d5cd198c80ee62a801a078ad991c99c0175971cf' (2023-03-22) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/c9d4f2476046c6a7a2ce3c2118c48455bf0272ea' (2023-02-26) → 'github:nix-community/nixpkgs.lib/44214417fe4595438b31bdb9469be92536a61455' (2023-03-19) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/994584bb26ffa1deeaf56099601ef4bcc487273e' (2023-03-17) → 'github:NixOS/nixos-hardware/a6aa8174fa61e55bd7e62d35464d3092aefe0421' (2023-03-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cd34d6ed7ba7d5c4e44b04a53dc97edb52f2766c' (2023-03-16) → 'github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f' (2023-03-29) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 4cc6f5a..6b13733 100644 --- a/flake.lock +++ b/flake.lock @@ -241,11 +241,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1679067101, - "narHash": "sha256-tMI1inGT9u4KWQml0w30dhWqQPlth1e9K/68sfDkEQA=", + "lastModified": 1679738842, + "narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=", "owner": "nix-community", "repo": "home-manager", - "rev": "9154cd519a8942728038819682d6b3ff33f321bb", + "rev": "83110c259889230b324bb2d35bef78bf5f214a1f", "type": "github" }, "original": { @@ -319,11 +319,11 @@ }, "nixlib": { "locked": { - "lastModified": 1677373009, - "narHash": "sha256-kxhz4QUP8tXa/yVSpEzDDZSEp9FvhzRqZzb+SeUaekw=", + "lastModified": 1679187309, + "narHash": "sha256-H8udmkg5wppL11d/05MMzOMryiYvc403axjDNZy1/TQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c9d4f2476046c6a7a2ce3c2118c48455bf0272ea", + "rev": "44214417fe4595438b31bdb9469be92536a61455", "type": "github" }, "original": { @@ -340,11 +340,11 @@ ] }, "locked": { - "lastModified": 1678351966, - "narHash": "sha256-tRFEU0lu3imZb3dtELBY+UbEhWXbb0xlBrsIlpICb+A=", + "lastModified": 1679464055, + "narHash": "sha256-RiZpwkbm1GeKRqrTtGGsEDieJyplMSRG1bQzOZgY378=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "0c043999b16caba6fb571af2d228775729829943", + "rev": "d5cd198c80ee62a801a078ad991c99c0175971cf", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1679075297, - "narHash": "sha256-8TwS7NPQWW9iPejBwWzmjLnK8bQhdOMPpsj3KPAL6x8=", + "lastModified": 1680070330, + "narHash": "sha256-aoT2YZCd9LEtiEULFLIF0ykKydgE72X8gw/k9/pRS5I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "994584bb26ffa1deeaf56099601ef4bcc487273e", + "rev": "a6aa8174fa61e55bd7e62d35464d3092aefe0421", "type": "github" }, "original": { @@ -384,11 +384,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1678972866, - "narHash": "sha256-YV8BcNWfNVgS449B6hFYFUg4kwVIQMNehZP+FNDs1LY=", + "lastModified": 1680122840, + "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd34d6ed7ba7d5c4e44b04a53dc97edb52f2766c", + "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", "type": "github" }, "original": { From 52d316a56f64c393c5e8ad6baea0afa8cb301ab4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 2 Apr 2023 21:32:10 +0200 Subject: [PATCH 547/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f' (2023-03-29) → 'github:NixOS/nixpkgs/884e3b68be02ff9d61a042bc9bd9dd2a358f95da' (2023-04-01) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6b13733..bdf8d1e 100644 --- a/flake.lock +++ b/flake.lock @@ -384,11 +384,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1680122840, - "narHash": "sha256-zCQ/9iFHzCW5JMYkkHMwgK1/1/kTMgCMHq4THPINpAU=", + "lastModified": 1680334310, + "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a575c243c23e2851b78c00e9fa245232926ec32f", + "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", "type": "github" }, "original": { From d2b756a6938feef61aa844d351bc439177137f9e Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 10 Apr 2023 08:22:57 +0200 Subject: [PATCH 548/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-registry': 'github:NixOS/flake-registry/507c028d8d189b6647592dfd10ee677578de45a1' (2023-01-20) → 'github:NixOS/flake-registry/4ea5076e347dda44283714b8f4d580f6922064e9' (2023-04-09) • Updated input 'flake-utils': 'github:numtide/flake-utils/93a2b84fc4b70d9e089d029deacc3583435c2ed6' (2023-03-15) → 'github:numtide/flake-utils/033b9f258ca96a10e543d4442071f614dc3f8412' (2023-04-09) • Added input 'flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Updated input 'home-manager': 'github:nix-community/home-manager/83110c259889230b324bb2d35bef78bf5f214a1f' (2023-03-25) → 'github:nix-community/home-manager/d6f3ba090ed090ae664ab5bac329654093aae725' (2023-04-03) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d5cd198c80ee62a801a078ad991c99c0175971cf' (2023-03-22) → 'github:nix-community/nixos-generators/15ae4065acbf414989a8677097804326fe7c0532' (2023-04-06) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/44214417fe4595438b31bdb9469be92536a61455' (2023-03-19) → 'github:nix-community/nixpkgs.lib/b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a' (2023-04-02) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a6aa8174fa61e55bd7e62d35464d3092aefe0421' (2023-03-29) → 'github:NixOS/nixos-hardware/3006d2860a6ed5e01b0c3e7ffb730e9b293116e2' (2023-04-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/884e3b68be02ff9d61a042bc9bd9dd2a358f95da' (2023-04-01) → 'github:NixOS/nixpkgs/48dcbaf7fa799509cbec85d55b8d62dcf1477d57' (2023-04-09) --- flake.lock | 60 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index bdf8d1e..f57e671 100644 --- a/flake.lock +++ b/flake.lock @@ -137,11 +137,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1674218164, - "narHash": "sha256-oLNWhwrV252kiy2tGQwwJNKFR+iG0fjsw0GSE/XVTR8=", + "lastModified": 1681032461, + "narHash": "sha256-3xrrC7YpoajVynlvj0+iQev6PWJRjS213ulTi3HNLeo=", "owner": "NixOS", "repo": "flake-registry", - "rev": "507c028d8d189b6647592dfd10ee677578de45a1", + "rev": "4ea5076e347dda44283714b8f4d580f6922064e9", "type": "github" }, "original": { @@ -166,12 +166,15 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1681037374, + "narHash": "sha256-XL6X3VGbEFJZDUouv2xpKg2Aljzu/etPLv5e1FPt1q0=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "033b9f258ca96a10e543d4442071f614dc3f8412", "type": "github" }, "original": { @@ -241,11 +244,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1679738842, - "narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=", + "lastModified": 1680555990, + "narHash": "sha256-Tu/i5sd0hk4c4VtWO8XpY3c9KmHDcOWF5Y2GSCh3LXA=", "owner": "nix-community", "repo": "home-manager", - "rev": "83110c259889230b324bb2d35bef78bf5f214a1f", + "rev": "d6f3ba090ed090ae664ab5bac329654093aae725", "type": "github" }, "original": { @@ -319,11 +322,11 @@ }, "nixlib": { "locked": { - "lastModified": 1679187309, - "narHash": "sha256-H8udmkg5wppL11d/05MMzOMryiYvc403axjDNZy1/TQ=", + "lastModified": 1680397293, + "narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "44214417fe4595438b31bdb9469be92536a61455", + "rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a", "type": "github" }, "original": { @@ -340,11 +343,11 @@ ] }, "locked": { - "lastModified": 1679464055, - "narHash": "sha256-RiZpwkbm1GeKRqrTtGGsEDieJyplMSRG1bQzOZgY378=", + "lastModified": 1680764424, + "narHash": "sha256-2tNAE9zWbAK3JvQnhlnB1uzHzhwbA9zF6A17CoTjnbk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d5cd198c80ee62a801a078ad991c99c0175971cf", + "rev": "15ae4065acbf414989a8677097804326fe7c0532", "type": "github" }, "original": { @@ -355,11 +358,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1680070330, - "narHash": "sha256-aoT2YZCd9LEtiEULFLIF0ykKydgE72X8gw/k9/pRS5I=", + "lastModified": 1680876084, + "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a6aa8174fa61e55bd7e62d35464d3092aefe0421", + "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", "type": "github" }, "original": { @@ -384,11 +387,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1680334310, - "narHash": "sha256-ISWz16oGxBhF7wqAxefMPwFag6SlsA9up8muV79V9ck=", + "lastModified": 1681041438, + "narHash": "sha256-NmRGMklxBZ8Ol47CKMQxAU1F+v8ySpsHAAiC7ZL4vxY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "884e3b68be02ff9d61a042bc9bd9dd2a358f95da", + "rev": "48dcbaf7fa799509cbec85d55b8d62dcf1477d57", "type": "github" }, "original": { @@ -466,6 +469,21 @@ "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, From f4d514b492f68dfcb3b5eb92b1ccfdd2e2274f52 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 10 Apr 2023 16:31:42 +0200 Subject: [PATCH 549/988] use firefox module from nixpkgs instead home-manager --- home/home/pkgs.nix | 1 - nixos/gorgon/configuration.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 6d0dd46..e01dfbe 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -27,7 +27,6 @@ with pkgs; [ exa ffmpeg file - firefox fractal-next fx # themable json viewer fzf diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 1b7bdb1..b590900 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -74,7 +74,7 @@ in }; programs.adb.enable = true; - + programs.firefox.enable = true; programs.wireshark.enable = true; services.avahi.enable = true; From 15f62ba841bf7766200a8a336099998873b4b863 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 10 Apr 2023 16:40:07 +0200 Subject: [PATCH 550/988] use firefox with wayland backend --- nixos/gorgon/configuration.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index b590900..9946bff 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -74,7 +74,12 @@ in }; programs.adb.enable = true; - programs.firefox.enable = true; + + programs.firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + programs.wireshark.enable = true; services.avahi.enable = true; From 62567d1f902a0f3fe72147cfa6a3566881189b0b Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 13 Apr 2023 22:16:26 +0200 Subject: [PATCH 551/988] server: enable smartd --- nixos/modules/profiles/server.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 87190ff..43134ed 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -31,4 +31,6 @@ with lib; { defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; acceptTerms = true; }; + + services.smartd.enable = true; } From 8ffb48fd0fc9eb122e7beb119f4bc6b03844c7ed Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 14 Apr 2023 17:24:48 +0200 Subject: [PATCH 552/988] enable smartd on all hosts --- nixos/modules/profiles/base.nix | 1 + nixos/modules/profiles/server.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 67febdb..169f78e 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -53,5 +53,6 @@ in }; }; + services.smartd.enable = mkDefault true; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 43134ed..839cc5d 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -32,5 +32,4 @@ with lib; { acceptTerms = true; }; - services.smartd.enable = true; } From aede09aa16c1eeec2a5f9cda9523d4d915e10ce4 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 14 Apr 2023 17:48:19 +0200 Subject: [PATCH 553/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-utils': 'github:numtide/flake-utils/033b9f258ca96a10e543d4442071f614dc3f8412' (2023-04-09) → 'github:numtide/flake-utils/cfacdce06f30d2b68473a46042957675eebb3401' (2023-04-11) • Updated input 'home-manager': 'github:nix-community/home-manager/d6f3ba090ed090ae664ab5bac329654093aae725' (2023-04-03) → 'github:nix-community/home-manager/f9edbedaf015013eb35f8caacbe0c9666bbc16af' (2023-04-10) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/15ae4065acbf414989a8677097804326fe7c0532' (2023-04-06) → 'github:nix-community/nixos-generators/5ad9f98194cfe7aa990929fb8cae28c500da7620' (2023-04-14) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a' (2023-04-02) → 'github:nix-community/nixpkgs.lib/367c0e1086a4eb4502b24d872cea2c7acdd557f4' (2023-04-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/48dcbaf7fa799509cbec85d55b8d62dcf1477d57' (2023-04-09) → 'github:NixOS/nixpkgs/87edbd74246ccdfa64503f334ed86fa04010bab9' (2023-04-12) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index f57e671..55beeca 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1681037374, - "narHash": "sha256-XL6X3VGbEFJZDUouv2xpKg2Aljzu/etPLv5e1FPt1q0=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "033b9f258ca96a10e543d4442071f614dc3f8412", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -244,11 +244,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1680555990, - "narHash": "sha256-Tu/i5sd0hk4c4VtWO8XpY3c9KmHDcOWF5Y2GSCh3LXA=", + "lastModified": 1681092193, + "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", "owner": "nix-community", "repo": "home-manager", - "rev": "d6f3ba090ed090ae664ab5bac329654093aae725", + "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", "type": "github" }, "original": { @@ -322,11 +322,11 @@ }, "nixlib": { "locked": { - "lastModified": 1680397293, - "narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", + "lastModified": 1681001314, + "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a", + "rev": "367c0e1086a4eb4502b24d872cea2c7acdd557f4", "type": "github" }, "original": { @@ -343,11 +343,11 @@ ] }, "locked": { - "lastModified": 1680764424, - "narHash": "sha256-2tNAE9zWbAK3JvQnhlnB1uzHzhwbA9zF6A17CoTjnbk=", + "lastModified": 1681464810, + "narHash": "sha256-G7AD9qMvD7lU+5K7tTZpUMXvQa0kFR5KKY9y/okcX+w=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "15ae4065acbf414989a8677097804326fe7c0532", + "rev": "5ad9f98194cfe7aa990929fb8cae28c500da7620", "type": "github" }, "original": { @@ -387,11 +387,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681041438, - "narHash": "sha256-NmRGMklxBZ8Ol47CKMQxAU1F+v8ySpsHAAiC7ZL4vxY=", + "lastModified": 1681269223, + "narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48dcbaf7fa799509cbec85d55b8d62dcf1477d57", + "rev": "87edbd74246ccdfa64503f334ed86fa04010bab9", "type": "github" }, "original": { From 1995291712390fd4093773b575348746c651c905 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 14 Apr 2023 18:41:24 +0200 Subject: [PATCH 554/988] update helix --- flake.lock | 45 +++++++++++++++++++++++++++++++++++++++++---- flake.nix | 2 +- 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 55beeca..82e29fc 100644 --- a/flake.lock +++ b/flake.lock @@ -219,19 +219,20 @@ "nixpkgs": [ "nixpkgs" ], + "parts": "parts", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1670381690, - "narHash": "sha256-0VPEA2XixJ+5NGS0zcnntcDWDByUQD4EFuoSSE+Q7yk=", + "lastModified": 1680250441, + "narHash": "sha256-Qrn3mB6bb1DSvKxOJ9oAlxuMk64Fzg2W4BVmk6y3deA=", "owner": "helix-editor", "repo": "helix", - "rev": "96ff64a84a4948b0aa85a453276cb0091fb9c792", + "rev": "3cf037237f1d080fdcb7990250955701389ae072", "type": "github" }, "original": { "owner": "helix-editor", - "ref": "22.12", + "ref": "23.03", "repo": "helix", "type": "github" } @@ -385,6 +386,24 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1680213900, + "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1681269223, @@ -412,6 +431,24 @@ "type": "indirect" } }, + "parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "recipemd": { "inputs": { "flake-utils": "flake-utils_4", diff --git a/flake.nix b/flake.nix index ad805a4..273b18d 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; helix = { - url = github:helix-editor/helix/22.12; + url = github:helix-editor/helix/23.03; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-generators = { From 1febc53be28e36acde7bab4d70c372c4349d0150 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 14 Apr 2023 19:00:10 +0200 Subject: [PATCH 555/988] update helix --- flake.lock | 219 +-------------------------------------- flake.nix | 4 - nixos/configurations.nix | 21 ++-- outputs.nix | 1 - 4 files changed, 11 insertions(+), 234 deletions(-) diff --git a/flake.lock b/flake.lock index 82e29fc..3ec58e7 100644 --- a/flake.lock +++ b/flake.lock @@ -21,22 +21,6 @@ "type": "github" } }, - "crane": { - "flake": false, - "locked": { - "lastModified": 1661875961, - "narHash": "sha256-f1h/2c6Teeu1ofAHWzrS8TwBPcnN+EEu+z1sRVmMQTk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "d9f394e4e20e97c2a60c3ad82c2b6ef99be19e24", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "devshell": { "inputs": { "flake-utils": "flake-utils", @@ -58,82 +42,6 @@ "type": "github" } }, - "devshell_2": { - "flake": false, - "locked": { - "lastModified": 1667210711, - "narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=", - "owner": "numtide", - "repo": "devshell", - "rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "dream2nix": { - "inputs": { - "alejandra": [ - "helix", - "nci" - ], - "all-cabal-json": [ - "helix", - "nci" - ], - "crane": "crane", - "devshell": [ - "helix", - "nci", - "devshell" - ], - "flake-utils-pre-commit": [ - "helix", - "nci" - ], - "ghc-utils": [ - "helix", - "nci" - ], - "gomod2nix": [ - "helix", - "nci" - ], - "mach-nix": [ - "helix", - "nci" - ], - "nixpkgs": [ - "helix", - "nci", - "nixpkgs" - ], - "poetry2nix": [ - "helix", - "nci" - ], - "pre-commit-hooks": [ - "helix", - "nci" - ] - }, - "locked": { - "lastModified": 1668851003, - "narHash": "sha256-X7RCQQynbxStZR2m7HW38r/msMQwVl3afD6UXOCtvx4=", - "owner": "nix-community", - "repo": "dream2nix", - "rev": "c77e8379d8fe01213ba072e40946cbfb7b58e628", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "dream2nix", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -184,21 +92,6 @@ } }, "flake-utils_3": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -213,30 +106,6 @@ "type": "github" } }, - "helix": { - "inputs": { - "nci": "nci", - "nixpkgs": [ - "nixpkgs" - ], - "parts": "parts", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1680250441, - "narHash": "sha256-Qrn3mB6bb1DSvKxOJ9oAlxuMk64Fzg2W4BVmk6y3deA=", - "owner": "helix-editor", - "repo": "helix", - "rev": "3cf037237f1d080fdcb7990250955701389ae072", - "type": "github" - }, - "original": { - "owner": "helix-editor", - "ref": "23.03", - "repo": "helix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -294,33 +163,6 @@ "type": "github" } }, - "nci": { - "inputs": { - "devshell": "devshell_2", - "dream2nix": "dream2nix", - "nixpkgs": [ - "helix", - "nixpkgs" - ], - "rust-overlay": [ - "helix", - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1669011203, - "narHash": "sha256-Lymj4HktNEFmVXtwI0Os7srDXHZbZW0Nzw3/+5Hf8ko=", - "owner": "yusdacra", - "repo": "nix-cargo-integration", - "rev": "c5133b91fc1d549087c91228bd213f2518728a4b", - "type": "github" - }, - "original": { - "owner": "yusdacra", - "repo": "nix-cargo-integration", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1681001314, @@ -386,24 +228,6 @@ "type": "indirect" } }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1680213900, - "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1681269223, @@ -431,27 +255,9 @@ "type": "indirect" } }, - "parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1680392223, - "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_3" }, "locked": { @@ -475,7 +281,6 @@ "devshell": "devshell", "flake-registry": "flake-registry", "flake-utils": "flake-utils_2", - "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", "nixos-generators": "nixos-generators", @@ -484,28 +289,6 @@ "recipemd": "recipemd" } }, - "rust-overlay": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": [ - "helix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1668998422, - "narHash": "sha256-G/BklIplCHZEeDIabaaxqgITdIXtMolRGlwxn9jG2/Q=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "68ab029c93f8f8eed4cf3ce9a89a9fd4504b2d6e", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 273b18d..53fcacc 100644 --- a/flake.nix +++ b/flake.nix @@ -23,10 +23,6 @@ url = github:numtide/devshell; inputs.nixpkgs.follows = "nixpkgs"; }; - helix = { - url = github:helix-editor/helix/23.03; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 9081b2f..8af4202 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -5,7 +5,6 @@ , homePage , nixos-hardware , recipemd -, helix , nixos-generators , flake-registry , ... @@ -37,16 +36,16 @@ in nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = helix.packages.${system}.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home/home; - } - + ({ pkgs, lib, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home/home; + }) ./modules/profiles/laptop.nix ./gorgon/configuration.nix ]; diff --git a/outputs.nix b/outputs.nix index 3393da0..568cd3d 100644 --- a/outputs.nix +++ b/outputs.nix @@ -9,7 +9,6 @@ , recipemd , agenix , devshell -, helix , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: From 7041edcc55644a2a780cbecebeb1cd6421802caa Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 14 Apr 2023 19:02:23 +0200 Subject: [PATCH 556/988] remove librewolf from profile --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index e01dfbe..d582c8a 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -71,7 +71,6 @@ with pkgs; [ ldns liboping # oping, ping multiple hosts at once libreoffice - librewolf libvirt lsof lynis From 9b2a6ee723d8d19dad850c1b832a2deeb3c7c416 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 Apr 2023 11:36:47 +0200 Subject: [PATCH 557/988] use local resolver on surgat --- nixos/modules/networking.nix | 10 ++++++++++ nixos/surgat/configuration.nix | 3 +++ 2 files changed, 13 insertions(+) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 07ad57d..4187cc7 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -64,11 +64,13 @@ in "dadada.li" (mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.s0 "space.stratum0.net") + (mkIf cfg.localResolver.s0 "s0") ]; domain-insecure = [ "dadada.li" (mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.s0 "space.stratum0.net") + (mkIf cfg.localResolver.s0 "s0") ]; interface = [ "127.0.0.1" @@ -103,6 +105,14 @@ in ]; } ) + ( + mkIf cfg.localResolver.s0 { + name = "s0."; + forward-addr = [ + "192.168.178.1" + ]; + } + ) { name = "dyn.dadada.li."; forward-addr = [ diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index e25c9ab..3aa2320 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -109,6 +109,9 @@ in ]; }; + services.resolved.enable = true; + networking.resolvconf.useLocalResolver = true; + system.autoUpgrade.allowReboot = false; system.stateVersion = "20.09"; From 050593d91929b0d0753b49971160f184a475ad10 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 Apr 2023 11:39:57 +0200 Subject: [PATCH 558/988] enable smartd only on hosts with spinning disks --- nixos/agares/configuration.nix | 2 ++ nixos/ifrit/configuration.nix | 2 ++ nixos/modules/profiles/base.nix | 2 -- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index a695ba6..67b6c90 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -19,6 +19,8 @@ networking.localResolver.enable = true; }; + services.smartd.enable = true; + networking.hostName = "agares"; networking.domain = "dadada.li"; diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 89130f1..9f1665a 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -60,5 +60,7 @@ in environment.systemPackages = [ pkgs.curl ]; + services.smartd.enable = true; + system.stateVersion = "20.03"; } diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 169f78e..52b43ad 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -52,7 +52,5 @@ in highlighters = [ "main" "brackets" "pattern" "root" "line" ]; }; }; - - services.smartd.enable = mkDefault true; } From e4cdc83a1f077c62fd0a61db21d9abfa6493b012 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 23 Apr 2023 19:00:42 +0200 Subject: [PATCH 559/988] add rule to allow access to keychron keyboard --- nixos/gorgon/configuration.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9946bff..0441cc9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -31,6 +31,14 @@ let ''; destination = "/etc/udev/rules.d/61-saleae-logic.rules"; }; + keychron = pkgs.writeTextFile { + name = "keychron"; + text = '' + # Saleae Logic analyzer (USB Based) + ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0280", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/61-keychron.rules"; + }; in { imports = [ @@ -117,7 +125,7 @@ in systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - services.udev.packages = [ xilinxJtag saleaeLogic ]; #noMtpUdevRules ]; + services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From 90476f057d2602375b85aba00445ed05b6ba24a3 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 25 Apr 2023 10:01:59 +0200 Subject: [PATCH 560/988] uwupn -> wg-quick --- nixos/gorgon/configuration.nix | 7 ++++--- nixos/modules/networking.nix | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0441cc9..427fa10 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -68,7 +68,7 @@ in networking = { enableBsShare = true; localResolver = { - enable = true; + enable = false; uwu = true; s0 = true; }; @@ -142,9 +142,10 @@ in "127.0.0.2" = [ "kanboard.dadada.li" ]; }; - networking.wireguard.interfaces.uwupn = { - ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; + networking.wg-quick.interfaces.uwupn = { + address = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; privateKeyFile = "/var/lib/wireguard/uwu"; + dns = [ "10.11.0.1" ]; peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 4187cc7..4a0df4d 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -30,7 +30,7 @@ in }; config = { - networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true; + #networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true; networking.networkmanager.dns = mkIf cfg.localResolver.enable "unbound"; services.unbound = mkIf cfg.localResolver.enable { From 320a8864b76b9e50f877152bd6fa74e148236eb3 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 26 Apr 2023 11:23:04 +0200 Subject: [PATCH 561/988] gorgon: disable local resolver --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 3ec58e7..eb25b12 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1681032461, - "narHash": "sha256-3xrrC7YpoajVynlvj0+iQev6PWJRjS213ulTi3HNLeo=", + "lastModified": 1682423975, + "narHash": "sha256-zvOBrH3hwCedgpaWiOSHYSt+fgF/RhaJs8R5qOX6AYc=", "owner": "NixOS", "repo": "flake-registry", - "rev": "4ea5076e347dda44283714b8f4d580f6922064e9", + "rev": "8054bfa00d60437297d670ab3296a117e7059a10", "type": "github" }, "original": { @@ -186,11 +186,11 @@ ] }, "locked": { - "lastModified": 1681464810, - "narHash": "sha256-G7AD9qMvD7lU+5K7tTZpUMXvQa0kFR5KKY9y/okcX+w=", + "lastModified": 1682332772, + "narHash": "sha256-GMoWhChQdeNM2FFqVbEZgBABSdi/+JgSP6v+jUz5b24=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "5ad9f98194cfe7aa990929fb8cae28c500da7620", + "rev": "d774aeedc0685e5871be1e1ee0511900deeb21c2", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1681269223, - "narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=", + "lastModified": 1682303062, + "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87edbd74246ccdfa64503f334ed86fa04010bab9", + "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", "type": "github" }, "original": { From 2fdf3fd5e85d845b9541748f257660fad294e7e8 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 26 Apr 2023 12:09:18 +0200 Subject: [PATCH 562/988] Revert "uwupn -> wg-quick" This reverts commit 90476f057d2602375b85aba00445ed05b6ba24a3. --- nixos/gorgon/configuration.nix | 7 +++---- nixos/modules/networking.nix | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 427fa10..0441cc9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -68,7 +68,7 @@ in networking = { enableBsShare = true; localResolver = { - enable = false; + enable = true; uwu = true; s0 = true; }; @@ -142,10 +142,9 @@ in "127.0.0.2" = [ "kanboard.dadada.li" ]; }; - networking.wg-quick.interfaces.uwupn = { - address = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; + networking.wireguard.interfaces.uwupn = { + ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; privateKeyFile = "/var/lib/wireguard/uwu"; - dns = [ "10.11.0.1" ]; peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 4a0df4d..4187cc7 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -30,7 +30,7 @@ in }; config = { - #networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true; + networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true; networking.networkmanager.dns = mkIf cfg.localResolver.enable "unbound"; services.unbound = mkIf cfg.localResolver.enable { From b3f3916ff2e0a562bfc1564be9802366394b788f Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 26 Apr 2023 12:09:55 +0200 Subject: [PATCH 563/988] gorgon: disable local resolver --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0441cc9..292cf4f 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -68,7 +68,7 @@ in networking = { enableBsShare = true; localResolver = { - enable = true; + enable = false; uwu = true; s0 = true; }; From a81a68713d62ef873550757b8ad9fcea76163852 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 3 May 2023 20:39:04 +0200 Subject: [PATCH 564/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/3e0e60ab37cd0bf7ab59888f5c32499d851edb47' (2023-03-16) → 'github:numtide/devshell/fb6673fe9fe4409e3f43ca86968261e970918a83' (2023-04-28) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d774aeedc0685e5871be1e1ee0511900deeb21c2' (2023-04-24) → 'github:nix-community/nixos-generators/8e981bbc0f146e87ac5e8cc98a84dd6702648adb' (2023-05-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/3006d2860a6ed5e01b0c3e7ffb730e9b293116e2' (2023-04-07) → 'github:NixOS/nixos-hardware/7dc46304675f4ff2d6be921ef60883efd31363c4' (2023-05-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f5364316e314436f6b9c8fd50592b18920ab18f9' (2023-04-24) → 'github:NixOS/nixpkgs/5dab6490fe6d72b3f120ae8660181e20f396fbdf' (2023-05-02) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index eb25b12..11501b0 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ ] }, "locked": { - "lastModified": 1678957337, - "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=", + "lastModified": 1682700442, + "narHash": "sha256-qjaAAcCYgp1pBBG7mY9z95ODUBZMtUpf0Qp3Gt/Wha0=", "owner": "numtide", "repo": "devshell", - "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47", + "rev": "fb6673fe9fe4409e3f43ca86968261e970918a83", "type": "github" }, "original": { @@ -186,11 +186,11 @@ ] }, "locked": { - "lastModified": 1682332772, - "narHash": "sha256-GMoWhChQdeNM2FFqVbEZgBABSdi/+JgSP6v+jUz5b24=", + "lastModified": 1682946851, + "narHash": "sha256-YoEtcS8oRurXdrYW1ceF3LaqBeJDp33+NqyqsQAh96c=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d774aeedc0685e5871be1e1ee0511900deeb21c2", + "rev": "8e981bbc0f146e87ac5e8cc98a84dd6702648adb", "type": "github" }, "original": { @@ -201,11 +201,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1680876084, - "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", + "lastModified": 1683009613, + "narHash": "sha256-jJh8JaoHOLlk7iFLgZk1PlxCCNA2KTKfOLMLCa9mduA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", + "rev": "7dc46304675f4ff2d6be921ef60883efd31363c4", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1682303062, - "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", + "lastModified": 1683028696, + "narHash": "sha256-saPKTDj+HB9aPvB59wGcJ64CifRuiIt2CHvSbh7UHz8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", + "rev": "5dab6490fe6d72b3f120ae8660181e20f396fbdf", "type": "github" }, "original": { From c649f0f3c26c86a43153c688cd958724a77ffde9 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 12 May 2023 18:35:28 +0200 Subject: [PATCH 565/988] Install helix from master branch --- flake.lock | 278 ++++++++++++++++++++++- flake.nix | 1 + home/modules/helix/config/config.toml | 4 + home/modules/helix/config/languages.toml | 7 + nixos/configurations.nix | 3 +- nixos/modules/profiles/base.nix | 2 + outputs.nix | 1 + 7 files changed, 289 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 11501b0..6beef74 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,22 @@ "type": "github" } }, + "crane": { + "flake": false, + "locked": { + "lastModified": 1670900067, + "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", + "owner": "ipetkov", + "repo": "crane", + "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "devshell": { "inputs": { "flake-utils": "flake-utils", @@ -42,6 +58,78 @@ "type": "github" } }, + "dream2nix": { + "inputs": { + "alejandra": [ + "helix", + "nci" + ], + "all-cabal-json": [ + "helix", + "nci" + ], + "crane": "crane", + "devshell": [ + "helix", + "nci" + ], + "flake-parts": [ + "helix", + "nci", + "parts" + ], + "flake-utils-pre-commit": [ + "helix", + "nci" + ], + "ghc-utils": [ + "helix", + "nci" + ], + "gomod2nix": [ + "helix", + "nci" + ], + "mach-nix": [ + "helix", + "nci" + ], + "nix-pypi-fetcher": [ + "helix", + "nci" + ], + "nixpkgs": [ + "helix", + "nci", + "nixpkgs" + ], + "poetry2nix": [ + "helix", + "nci" + ], + "pre-commit-hooks": [ + "helix", + "nci" + ], + "pruned-racket-catalog": [ + "helix", + "nci" + ] + }, + "locked": { + "lastModified": 1677289985, + "narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -92,6 +180,21 @@ } }, "flake-utils_3": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -106,6 +209,28 @@ "type": "github" } }, + "helix": { + "inputs": { + "nci": "nci", + "nixpkgs": "nixpkgs", + "parts": "parts_2", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1680250441, + "narHash": "sha256-Qrn3mB6bb1DSvKxOJ9oAlxuMk64Fzg2W4BVmk6y3deA=", + "owner": "helix-editor", + "repo": "helix", + "rev": "3cf037237f1d080fdcb7990250955701389ae072", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "ref": "23.03", + "repo": "helix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -131,7 +256,7 @@ "homePage": { "inputs": { "hugo-theme-anubis": "hugo-theme-anubis", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1655227494, @@ -163,6 +288,50 @@ "type": "github" } }, + "mk-naked-shell": { + "flake": false, + "locked": { + "lastModified": 1676572903, + "narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, + "nci": { + "inputs": { + "dream2nix": "dream2nix", + "mk-naked-shell": "mk-naked-shell", + "nixpkgs": [ + "helix", + "nixpkgs" + ], + "parts": "parts", + "rust-overlay": [ + "helix", + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1677297103, + "narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1681001314, @@ -216,6 +385,40 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1677063315, + "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1675183161, + "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1629226339, "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", @@ -228,7 +431,7 @@ "type": "indirect" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1683028696, "narHash": "sha256-saPKTDj+HB9aPvB59wGcJ64CifRuiIt2CHvSbh7UHz8=", @@ -244,7 +447,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", "path": "/nix/store/n04lw5nrskzmz7rv17p09qrnjanfkg5d-source", @@ -255,10 +458,50 @@ "type": "indirect" } }, + "parts": { + "inputs": { + "nixpkgs-lib": [ + "helix", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1675933616, + "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1647022391, @@ -281,14 +524,37 @@ "devshell": "devshell", "flake-registry": "flake-registry", "flake-utils": "flake-utils_2", + "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "recipemd": "recipemd" } }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1677292251, + "narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 53fcacc..068d8bf 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,7 @@ url = "github:NixOS/flake-registry"; flake = false; }; + helix.url = "github:helix-editor/helix/23.03"; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index fa585ce..722b1b2 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -3,5 +3,9 @@ line-number = "relative" mouse = true auto-completion = true +[editor.soft-wrap] +enable = true + [keys.normal] C-q = [ "goto_prev_paragraph", "goto_next_paragraph", ":reflow 80" ] + diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 7b576c0..52e15bc 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -1,3 +1,10 @@ [[language]] name = "rust" config = { rust-analyzer = { checkOnSave = { command = "clippy" } } } + +[[language]] +name = "latex" +language-server = { command = "ltex-ls" } +file-types = ["tex"] +scope = "source.latex" +roots = [] diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 8af4202..bb6c4bf 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -7,6 +7,7 @@ , recipemd , nixos-generators , flake-registry +, helix , ... }@inputs: let @@ -41,7 +42,7 @@ in home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } + { dadada.home.helix.package = helix.packages.${system}.helix; } { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home/home; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 52b43ad..060b2c6 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -17,11 +17,13 @@ in nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; nix.settings.substituters = [ + https://helix.cachix.org/ https://cache.nixos.org/ https://nix-community.cachix.org/ ]; nix.settings.trusted-public-keys = [ + "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" diff --git a/outputs.nix b/outputs.nix index 568cd3d..3393da0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -9,6 +9,7 @@ , recipemd , agenix , devshell +, helix , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: From 4b1ca22b9f9f4d17e6b4de1f0e0bb07ca03ba1ea Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 12 May 2023 19:03:34 +0200 Subject: [PATCH 566/988] Setup paperless --- nixos/gorgon/configuration.nix | 11 +++++++++++ secrets/paperless.age | Bin 0 -> 402 bytes secrets/secrets.nix | 1 + 3 files changed, 12 insertions(+) create mode 100644 secrets/paperless.age diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 292cf4f..31849c8 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -92,6 +92,17 @@ in services.avahi.enable = true; + services.paperless = { + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + + age.secrets.paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + # Enable CUPS to print documents. services.printing = { enable = true; diff --git a/secrets/paperless.age b/secrets/paperless.age new file mode 100644 index 0000000000000000000000000000000000000000..32af229809f0f61bbdedd0d5dd51e347fec0b431 GIT binary patch literal 402 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSPNc2xkN>}hV@(;*M zbIULcD2_6T%ruKI)z1sa@-uc$3QF-a%P+T#GByp(ElsvCPUkYqH_S4$tn_nF&UY?M zD=qYK_S5$>axpe63wFv*3^k9)@ei`pPpYi+4Mn%jza%>+yIi3%E7duoB;B#7#3RYV zDWX!_Ak*B!}Xs Date: Fri, 12 May 2023 20:12:05 +0200 Subject: [PATCH 567/988] Enable paperless group to put files into consumption directory for paperless --- nixos/gorgon/configuration.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 31849c8..d2f839c 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -97,8 +97,16 @@ in passwordFile = config.age.secrets.paperless.path; }; + systemd.tmpfiles.rules = let cfg = config.services.paperless; in [ + (if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; + age.secrets.paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; + file = "${config.dadada.secrets.path}/paperless.age"; mode = "700"; owner = "paperless"; }; @@ -143,7 +151,7 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" ]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ]; shell = "/run/current-system/sw/bin/zsh"; }; }; From 4dcaef4d00821158cac77c5a0f2ed9d8152d2cb5 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 18 May 2023 14:19:34 +0200 Subject: [PATCH 568/988] Fix backup Enable citrix_workspace --- home/home/pkgs.nix | 1 + nixos/modules/backup.nix | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index d582c8a..473e1d6 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -13,6 +13,7 @@ with pkgs; [ binutils bluez-tools btop # htop + citrix_workspace choose # alternative to cut and awk with more readable syntax colordiff darcs diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index facb53f..786201a 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -65,7 +65,7 @@ in type = "ext4"; what = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; where = "/backup"; - options = "nofail noauto"; + options = "nofail,noauto"; } ]; @@ -97,9 +97,9 @@ in startAt = "monthly"; }; - systemd.services."borgbackup-job-gs".enable = false; + systemd.services."borgbackup-job-gs".enable = true; systemd.services."borgbackup-job-gs".wants = [ "backup.mount" ]; - systemd.timers."borgbackup-job-gs".enable = false; + systemd.timers."borgbackup-job-gs".enable = true; services.borgbackup.jobs.bs = mkIf cfg.bs.enable { paths = "/"; From af2092ced202d12985bd32e16cab1ec97ba96f61 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 18 May 2023 19:24:10 +0200 Subject: [PATCH 569/988] Update colors --- home/modules/alacritty/colors.toml | 43 ++++++++++++++------------- home/modules/helix/config/config.toml | 2 ++ 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index 7e16607..82d6ae7 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,26 +1,27 @@ -# The 'GNOME Light" theme from GNOME terminal. - +# XTerm's default colors [primary] -foreground = '#d0cfcc' -background = '#171421' -bright_foreground = '#ffffff' +# Default colors +background = '0xffffff' +foreground = '0x000000' [normal] -black = '#171421' -red = '#c01c28' -green = '#26a269' -yellow = '#a2734c' -blue = '#12488b' -magenta = '#a347ba' -cyan = '#2aa1b3' -white = '#d0cfcc' +# Normal colors +black = '0x000000' +red = '0xcd0000' +green = '0x00cd00' +yellow = '0xcdcd00' +blue = '0x0000ee' +magenta = '0xcd00cd' +cyan = '0x00cdcd' +white = '0xe5e5e5' [bright] -black = '#5e5c64' -red = '#f66151' -green = '#33d17a' -yellow = '#e9ad0c' -blue = '#2a7bde' -magenta = '#c061cb' -cyan = '#33c7de' -white = '#ffffff' \ No newline at end of file +# Bright colors +black = '0x7f7f7f' +red = '0xff0000' +green = '0x00ff00' +yellow = '0xffff00' +blue = '0x5c5cff' +magenta = '0xff00ff' +cyan = '0x00ffff' +white = '0xffffff' diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 722b1b2..ecd46a6 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,3 +1,5 @@ +theme = "emacs" + [editor] line-number = "relative" mouse = true From 14b0840ba45110fbe5bdf5e5ce6999a33d0ba1bd Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 18 May 2023 19:30:09 +0200 Subject: [PATCH 570/988] Fix color in diff viewer --- home/modules/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index a0ea0af..bd7e79e 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -20,7 +20,7 @@ in tabwidth = 4; }; alias = { }; - pager = "delta"; + pager = "delta --light"; }; column.ui = "never"; checkout.defaultRemote = "origin"; @@ -35,7 +35,7 @@ in algorithm = "histogram"; colorMoved = "default"; }; - interactive.diffFilter = "delta --color-only"; + interactive.diffFilter = "delta --color-only --light"; merge.conflictstyle = "diff3"; status = { short = true; From 59d7c03022814d62009378b2cdefcc8deb3b975b Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 18 May 2023 19:33:25 +0200 Subject: [PATCH 571/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/fb6673fe9fe4409e3f43ca86968261e970918a83' (2023-04-28) → 'github:numtide/devshell/5143ea68647c4cf5227e4ad2100db6671fc4c369' (2023-05-09) • Removed input 'devshell/flake-utils' • Added input 'devshell/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/8e981bbc0f146e87ac5e8cc98a84dd6702648adb' (2023-05-01) → 'github:nix-community/nixos-generators/10079333313ff62446e6f2b0e7c5231c7431d269' (2023-05-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/7dc46304675f4ff2d6be921ef60883efd31363c4' (2023-05-02) → 'github:NixOS/nixos-hardware/71ce85372a614d418d5e303dd5702a79d1545c04' (2023-05-15) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5dab6490fe6d72b3f120ae8660181e20f396fbdf' (2023-05-02) → 'github:NixOS/nixpkgs/6c591e7adc514090a77209f56c9d0c551ab8530d' (2023-05-16) --- flake.lock | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index 6beef74..49a8516 100644 --- a/flake.lock +++ b/flake.lock @@ -39,17 +39,17 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1682700442, - "narHash": "sha256-qjaAAcCYgp1pBBG7mY9z95ODUBZMtUpf0Qp3Gt/Wha0=", + "lastModified": 1683635384, + "narHash": "sha256-9goJTd05yOyD/McaMqZ4BUB8JW+mZMnZQJZ7VQ6C/Lw=", "owner": "numtide", "repo": "devshell", - "rev": "fb6673fe9fe4409e3f43ca86968261e970918a83", + "rev": "5143ea68647c4cf5227e4ad2100db6671fc4c369", "type": "github" }, "original": { @@ -147,23 +147,8 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1681202837, @@ -179,7 +164,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -194,7 +179,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -355,11 +340,11 @@ ] }, "locked": { - "lastModified": 1682946851, - "narHash": "sha256-YoEtcS8oRurXdrYW1ceF3LaqBeJDp33+NqyqsQAh96c=", + "lastModified": 1683530131, + "narHash": "sha256-R0RSqj6JdZfru2x/cM19KJMHsU52OjtyxI5cccd+uFc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8e981bbc0f146e87ac5e8cc98a84dd6702648adb", + "rev": "10079333313ff62446e6f2b0e7c5231c7431d269", "type": "github" }, "original": { @@ -370,11 +355,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1683009613, - "narHash": "sha256-jJh8JaoHOLlk7iFLgZk1PlxCCNA2KTKfOLMLCa9mduA=", + "lastModified": 1684169666, + "narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7dc46304675f4ff2d6be921ef60883efd31363c4", + "rev": "71ce85372a614d418d5e303dd5702a79d1545c04", "type": "github" }, "original": { @@ -433,11 +418,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1683028696, - "narHash": "sha256-saPKTDj+HB9aPvB59wGcJ64CifRuiIt2CHvSbh7UHz8=", + "lastModified": 1684280442, + "narHash": "sha256-nC1/kfh6tpMQSLQalbNTNnireIlxvLLugrjZdasNh+I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5dab6490fe6d72b3f120ae8660181e20f396fbdf", + "rev": "6c591e7adc514090a77209f56c9d0c551ab8530d", "type": "github" }, "original": { @@ -500,7 +485,7 @@ }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_4" }, "locked": { @@ -523,7 +508,7 @@ "agenix": "agenix", "devshell": "devshell", "flake-registry": "flake-registry", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", @@ -535,7 +520,7 @@ }, "rust-overlay": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "helix", "nixpkgs" @@ -570,6 +555,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, From b2b874ac6f70c66289c8300e64218e3f2d5a0640 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 20 May 2023 14:54:28 +0200 Subject: [PATCH 572/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6c591e7adc514090a77209f56c9d0c551ab8530d' (2023-05-16) → 'github:NixOS/nixpkgs/628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c' (2023-05-18) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 49a8516..04f7018 100644 --- a/flake.lock +++ b/flake.lock @@ -418,11 +418,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1684280442, - "narHash": "sha256-nC1/kfh6tpMQSLQalbNTNnireIlxvLLugrjZdasNh+I=", + "lastModified": 1684398685, + "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c591e7adc514090a77209f56c9d0c551ab8530d", + "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", "type": "github" }, "original": { From 3c5b875c5badb9275ea50888afe5229ed8873acd Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 May 2023 18:01:33 +0200 Subject: [PATCH 573/988] Install offlineimap --- home/home/default.nix | 34 ++++++++++++++++++++++++++++++++++ home/home/pkgs.nix | 1 + 2 files changed, 35 insertions(+) diff --git a/home/home/default.nix b/home/home/default.nix index a870c6b..026afd8 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -66,6 +66,40 @@ in Install = { WantedBy = [ "graphical-session.target" ]; }; }; + programs.offlineimap.enable = false; + xdg.configFile."offlineimap/config".text = '' + [general] + accounts = tu-bs,mailbox + + [Account tu-bs] + localrepository = tu-bs-local + remoterepository = tu-bs-remote + + [Repository tu-bs-local] + type = Maildir + localfolders = ~/lib/backup/y0067212@tu-bs.de + + [Repository tu-bs-remote] + type = IMAP + remotehost = mail.tu-braunschweig.de + remoteuser = y0067212 + sslcacertfile = /etc/ssl/certs/ca-certificates.crt + + [Account mailbox] + localrepository = mailbox-local + remoterepository = mailbox-remote + + [Repository mailbox-local] + type = Maildir + localfolders = ~/lib/backup/mailbox.org + + [Repository mailbox-remote] + type = IMAP + remotehost = imap.mailbox.org + remoteuser = dadada@dadada.li + sslcacertfile = /etc/ssl/certs/ca-certificates.crt + ''; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 473e1d6..ad4e020 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -89,6 +89,7 @@ with pkgs; [ nmap nmon obs-studio + offlineimap openscad openssl p7zip From b31f32d57caab16ba64b161d8689a0f9b711e981 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 00:58:07 +0000 Subject: [PATCH 574/988] build(deps): bump peter-evans/create-pull-request from 3 to 5 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 5. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v5) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index a9160ad..d31623c 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -18,7 +18,7 @@ jobs: run: nix flake update - name: Create Pull Request id: cpr - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v5 with: commit-message: Update flakes committer: GitHub From 417eb390998c45bbf187354bb4aec09a75a4f50d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 24 May 2023 21:30:09 +0200 Subject: [PATCH 575/988] Update nix-flake-update.yml --- .github/workflows/nix-flake-update.yml | 47 ++++++++------------------ 1 file changed, 15 insertions(+), 32 deletions(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index d31623c..a053e8c 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -1,38 +1,21 @@ -name: "Update flakes" +name: update-flake-lock on: - repository_dispatch: - workflow_dispatch: + workflow_dispatch: # allows manual triggering schedule: - - cron: '10 4 * * 0' + - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 + jobs: - createPullRequest: + lockfile: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - name: Checkout repository + uses: actions/checkout@v2 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v1 + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@vX with: - install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20210604_8e6ee1b/install - extra_nix_config: | - experimental-features = nix-command flakes - - name: Make changes to pull request - run: nix flake update - - name: Create Pull Request - id: cpr - uses: peter-evans/create-pull-request@v5 - with: - commit-message: Update flakes - committer: GitHub - author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> - signoff: false - branch: flake-updates - delete-branch: true - title: 'Update flakes' - body: | - Update report - - Updated with *today's* date - - Auto-generated by [create-pull-request][1] - [1]: https://github.com/peter-evans/create-pull-request - - name: Check outputs - run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + pr-title: "Update flake.lock" # Title of PR to be created + pr-labels: | # Labels to be set on the PR + dependencies + automated From ec51a9fd8a79b38fa222935d99fe75718e0eb8ef Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 May 2023 00:03:32 +0200 Subject: [PATCH 576/988] Switch to gnome color scheme --- home/home/pkgs.nix | 1 + home/modules/alacritty/colors.toml | 40 ++++++++++++++---------------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index ad4e020..744e08b 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -122,6 +122,7 @@ with pkgs; [ sqlite sshfs-fuse steam + taplo tcpdump tdesktop tmux diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index 82d6ae7..6d3ca2a 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,27 +1,23 @@ -# XTerm's default colors [primary] -# Default colors -background = '0xffffff' -foreground = '0x000000' +background = "0xffffff" +foreground = "0x1e1e1e" [normal] -# Normal colors -black = '0x000000' -red = '0xcd0000' -green = '0x00cd00' -yellow = '0xcdcd00' -blue = '0x0000ee' -magenta = '0xcd00cd' -cyan = '0x00cdcd' -white = '0xe5e5e5' +black = "0x171421" +red = "0xc01c28" +green = "0x26a269" +yellow = "0xa2734c" +blue = "0x12488b" +magenta = "0xa347ba" +cyan = "0x2aa1b3" +white = "0xd0cfcc" [bright] -# Bright colors -black = '0x7f7f7f' -red = '0xff0000' -green = '0x00ff00' -yellow = '0xffff00' -blue = '0x5c5cff' -magenta = '0xff00ff' -cyan = '0x00ffff' -white = '0xffffff' +black = "0x535c64" +red = "0xf66151" +green = "0x33d17a" +yellow = "0xe9ad0c" +blue = "0x2a7bde" +magenta = "0xc061cb" +cyan = "0x33c7de" +white = "0xffffff" From adeba61fd527087033bc2b97be9b970778031bd8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 May 2023 01:19:41 +0200 Subject: [PATCH 577/988] enable podman --- nixos/gorgon/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d2f839c..55b13ea 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -148,6 +148,12 @@ in virtualisation.libvirtd.enable = true; + virtualisation.podman = { + enable = true; + dockerCompat = true; + defaultNetwork.dnsname.enable = true; + }; + users.users = { dadada = { isNormalUser = true; From 5152b7c9bb856c8fe827dee066e3e6befc881c9d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 27 May 2023 01:27:16 +0200 Subject: [PATCH 578/988] gorgon: upgrade systemState --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 55b13ea..935e888 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -202,5 +202,5 @@ in ]; }; - system.stateVersion = "20.03"; + system.stateVersion = "22.11"; } From 7f1a46c0dd0895823437a4a5f2298034450f3be1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 28 May 2023 00:13:05 +0200 Subject: [PATCH 579/988] Upgrade to 23.05 --- flake.lock | 46 ++-- flake.nix | 4 +- home/home/pkgs.nix | 1 - nixos/agares/configuration.nix | 1 - nixos/gorgon/configuration.nix | 2 - nixos/ifrit/configuration.nix | 1 - nixos/modules/admin.nix | 2 +- nixos/modules/default.nix | 1 - nixos/modules/gitea.nix | 17 +- nixos/modules/kanboard/default.nix | 67 ----- nixos/modules/kanboard/kanboard-config.php | 279 --------------------- nixos/surgat/configuration.nix | 1 - 12 files changed, 29 insertions(+), 393 deletions(-) delete mode 100644 nixos/modules/kanboard/default.nix delete mode 100644 nixos/modules/kanboard/kanboard-config.php diff --git a/flake.lock b/flake.lock index 04f7018..549f598 100644 --- a/flake.lock +++ b/flake.lock @@ -220,20 +220,19 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "utils": "utils" + ] }, "locked": { - "lastModified": 1681092193, - "narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=", + "lastModified": 1685189510, + "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=", "owner": "nix-community", "repo": "home-manager", - "rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af", + "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "home-manager", "type": "github" } @@ -340,11 +339,11 @@ ] }, "locked": { - "lastModified": 1683530131, - "narHash": "sha256-R0RSqj6JdZfru2x/cM19KJMHsU52OjtyxI5cccd+uFc=", + "lastModified": 1685000237, + "narHash": "sha256-pm+2xP9g9sh6wapk1ulg7/1DdENkTNDB7Kx+6lwGs/k=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "10079333313ff62446e6f2b0e7c5231c7431d269", + "rev": "05bef004794f352ea12475a89f3f55b4102c0728", "type": "github" }, "original": { @@ -355,11 +354,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1684169666, - "narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=", + "lastModified": 1684899633, + "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "71ce85372a614d418d5e303dd5702a79d1545c04", + "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", "type": "github" }, "original": { @@ -418,16 +417,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1684398685, - "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=", + "lastModified": 1685094109, + "narHash": "sha256-u+awry81RAVV+fJBCZt+GKWsISSLJKUNbVwKccHeaPU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c", + "rev": "551a52bfdd02e7b75be5faf9b42f864112d88654", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } @@ -569,21 +568,6 @@ "repo": "default", "type": "github" } - }, - "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 068d8bf..e56834b 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,10 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = github:NixOS/nixpkgs/nixos-22.11; + nixpkgs.url = github:NixOS/nixpkgs/nixos-23.05; flake-utils.url = github:numtide/flake-utils; home-manager = { - url = github:nix-community/home-manager/release-22.11; + url = github:nix-community/home-manager/release-23.05; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = github:NixOS/nixos-hardware/master; diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 744e08b..832491f 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -110,7 +110,6 @@ with pkgs; [ reptyr ripgrep ripgrep - rust-analyzer rustup saleae-logic-2 sd # search and displace like sed but with better syntax diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 67b6c90..f49b083 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -26,7 +26,6 @@ # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; - boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; boot.kernelParams = [ diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 935e888..ee3485b 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -59,7 +59,6 @@ in dadada = { #headphones.enable = true; steam.enable = true; - kanboard.enable = true; #fido2 = { # credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; # enablePam = true; @@ -151,7 +150,6 @@ in virtualisation.podman = { enable = true; dockerCompat = true; - defaultNetwork.dnsname.enable = true; }; users.users = { diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 9f1665a..5927c60 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -26,7 +26,6 @@ in # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; - boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; # weird issues with crappy plastic router diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 87d9573..8a6818e 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -77,7 +77,7 @@ in programs.zsh.enable = mkDefault true; services.sshd.enable = true; - services.openssh.passwordAuthentication = false; + services.openssh.settings.PasswordAuthentication = false; security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 0d63712..9b8864e 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,7 +9,6 @@ gitea = import ./gitea.nix; headphones = import ./headphones.nix; homepage = import ./homepage.nix; - kanboard = import ./kanboard; miniflux = import ./miniflux.nix; networking = import ./networking.nix; inputs = import ./inputs.nix; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index bc4c6a0..f566024 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -14,20 +14,24 @@ in services.gitea = { enable = true; appName = "dadada Gitea"; - rootUrl = "https://git.dadada.li/"; - log.level = "Error"; - domain = config.networking.domain; - cookieSecure = true; - enableUnixSocket = true; database = { type = "postgres"; }; - disableRegistration = true; + settings = { + service = { + DISABLE_REGISTRATION = true; + }; + sessions = { + COOKIE_SECURE = true; + }; server = { + ROOT_URL = "https://git.dadada.li/"; + PROTOCOL = "http+unix"; LANDING_PAGE = "explore"; OFFLINE_MODE = true; DISABLE_SSH = false; + DOMAIN = "git.dadada.li"; }; picture = { DISABLE_GRAVATAR = true; @@ -41,6 +45,7 @@ in }; log = { DISABLE_ROUTER_LOG = true; + LEVEL = "Error"; }; cache = { ENABLE = true; diff --git a/nixos/modules/kanboard/default.nix b/nixos/modules/kanboard/default.nix deleted file mode 100644 index e972977..0000000 --- a/nixos/modules/kanboard/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -# Source https://github.com/NixOS/nixpkgs/issues/113384 -{ config -, lib -, pkgs -, ... -}: -let - cfg = config.dadada.kanboard; -in -{ - options = { - dadada.kanboard.enable = lib.mkEnableOption "Enable Kanboard"; - }; - - config = lib.mkIf cfg.enable { - services.phpfpm.pools.kanboard = { - user = "kanboard"; - group = "kanboard"; - settings = { - "listen.group" = "nginx"; - "pm" = "static"; - "pm.max_children" = 4; - }; - }; - users.users.kanboard.isSystemUser = true; - users.users.kanboard.group = "kanboard"; - users.groups.kanboard.members = [ "kanboard" ]; - - systemd.tmpfiles.rules = [ - "d /var/lib/kanboard/data 0750 kanboard nginx - -" - ]; - - services.nginx = { - enable = true; - virtualHosts."kanboard.dadada.li" = { - root = pkgs.buildEnv { - name = "kanboard-configured"; - paths = [ - (pkgs.runCommand "kanboard-over" { meta.priority = 0; } '' - mkdir -p $out - for f in index.php jsonrpc.php ; do - echo " $out/$f - tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \ - | sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f - done - ln -s /var/lib/kanboard $out/data - ln -s ${./kanboard-config.php} $out/config.php - '') - { - outPath = "${pkgs.kanboard}/share/kanboard"; - meta.priority = 10; - } - ]; - }; - locations = { - "/".index = "index.php"; - "~ \\.php$" = { - tryFiles = "$uri =404"; - extraConfig = '' - fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket}; - ''; - }; - }; - }; - }; - }; -} diff --git a/nixos/modules/kanboard/kanboard-config.php b/nixos/modules/kanboard/kanboard-config.php deleted file mode 100644 index 8a65351..0000000 --- a/nixos/modules/kanboard/kanboard-config.php +++ /dev/null @@ -1,279 +0,0 @@ - Date: Mon, 29 May 2023 18:00:39 +0200 Subject: [PATCH 580/988] Make surgat use networkd --- nixos/surgat/configuration.nix | 88 +++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 32 deletions(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 35de95b..0802447 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -50,10 +50,62 @@ in bs.enable = true; }; - networking.useDHCP = false; - networking.interfaces.ens3 = { - useDHCP = true; - ipv4.addresses = [{ address = "49.12.3.98"; prefixLength = 32; }]; + systemd.network = { + enable = true; + networks = { + "10-wan" = { + matchConfig.Name = "ens3"; + networkConfig.DHCP = "ipv4"; + address = [ + "49.12.3.98/32" + "2a01:4f8:c17:1d70::/64" + ]; + routes = [ + { routeConfig.Gateway = "fe80::1"; } + { + routeConfig = { + Gateway = "172.31.1.1"; + GatewayOnLink = true; + }; + } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + "10-hydra" = { + matchConfig.Name = "hydra"; + address = [ "10.3.3.1/24" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = "no"; + routes = [ + { + routeConfig = { + Gateway = "10.3.3.3"; + Destination = "10.3.3.3/24"; + }; + } + ]; + }; + }; + netdevs = { + "10-hydra" = { + netdevConfig = { + Kind = "wireguard"; + Name = "hydra"; + }; + wireguardConfig = { + PrivateKeyFile = "/var/lib/wireguard/hydra"; + ListenPort = 51235; + }; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ "10.3.3.3/32" ]; + PersistentKeepalive = 25; + }; + }]; + }; + }; }; networking.firewall = { @@ -74,18 +126,6 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; - networking.interfaces."ens3".ipv6.addresses = [ - { - address = "2a01:4f8:c17:1d70::"; - prefixLength = 64; - } - ]; - - networking.defaultGateway6 = { - address = "fe80::1"; - interface = "ens3"; - }; - swapDevices = [ { device = "/var/swapfile"; @@ -93,23 +133,7 @@ in } ]; - networking.wireguard.interfaces."hydra" = { - ips = [ "10.3.3.1/24" ]; - listenPort = 51235; - - privateKeyFile = "/var/lib/wireguard/hydra"; - - peers = [ - { - publicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - allowedIPs = [ "10.3.3.3/32" ]; - persistentKeepalive = 25; - } - ]; - }; - services.resolved.enable = true; - networking.resolvconf.useLocalResolver = true; system.autoUpgrade.allowReboot = false; From 5c61ed2479014950d9a7208cefc898aed596bd57 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 29 May 2023 18:12:45 +0200 Subject: [PATCH 581/988] configure fallback DNS --- nixos/surgat/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 0802447..2172bbb 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -133,7 +133,10 @@ in } ]; - services.resolved.enable = true; + services.resolved = { + enable = true; + fallbackDns = [ "9.9.9.9" "2620:fe::fe"]; + }; system.autoUpgrade.allowReboot = false; From 9014457aad9fdee8f661c5bd1b26abb81d048753 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 30 May 2023 19:04:36 +0200 Subject: [PATCH 582/988] ifrit: use networkd and resolved --- nixos/ifrit/configuration.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 5927c60..6688019 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -31,8 +31,18 @@ in # weird issues with crappy plastic router networking.interfaces."ens3".tempAddress = "disabled"; - networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; + services.resolved.enable = true; + + systemd.network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "ens*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; boot.kernelParams = [ "console=ttyS0,115200" From 0d79e63ff6eb45c356f1019a6e53f7b66c2f978a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 01:05:42 +0000 Subject: [PATCH 583/988] build(deps): bump cachix/install-nix-action from 20 to 21 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 20 to 21. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v20...v21) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 7e97204..a1e1849 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v21 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | From af283c57641e801d7a490204068338805a783520 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 01:05:37 +0000 Subject: [PATCH 584/988] build(deps): bump DeterminateSystems/nix-installer-action from 1 to 3 Bumps [DeterminateSystems/nix-installer-action](https://github.com/DeterminateSystems/nix-installer-action) from 1 to 3. - [Release notes](https://github.com/DeterminateSystems/nix-installer-action/releases) - [Commits](https://github.com/DeterminateSystems/nix-installer-action/compare/v1...v3) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index a053e8c..05e6a19 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v1 + uses: DeterminateSystems/nix-installer-action@v3 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@vX with: From 3da66c1cd324f9dfdc2bb4f34886bb4da0355ad0 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 30 May 2023 22:20:40 +0200 Subject: [PATCH 585/988] fix formatting --- nixos/surgat/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 2172bbb..50f0653 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -135,7 +135,7 @@ in services.resolved = { enable = true; - fallbackDns = [ "9.9.9.9" "2620:fe::fe"]; + fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; }; system.autoUpgrade.allowReboot = false; From 5344688a20505af84129c565cdd9d5f5929bb7c2 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 31 May 2023 22:20:31 +0200 Subject: [PATCH 586/988] add more caches and nixd --- devshell.nix | 1 + flake.lock | 58 ++++++++++++++++++++++++ flake.nix | 10 ++++ home/modules/helix/config/languages.toml | 5 ++ outputs.nix | 2 + 5 files changed, 76 insertions(+) diff --git a/devshell.nix b/devshell.nix index ebdfb12..fd2bf2a 100644 --- a/devshell.nix +++ b/devshell.nix @@ -8,6 +8,7 @@ agenix nixpkgs-fmt nixos-rebuild + nixd ]; commands = [ diff --git a/flake.lock b/flake.lock index 549f598..d3517a0 100644 --- a/flake.lock +++ b/flake.lock @@ -130,6 +130,24 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1683560683, + "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "006c75898cf814ef9497252b022e91c946ba8e17", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -316,6 +334,27 @@ "type": "github" } }, + "nixd": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1685534829, + "narHash": "sha256-erGWtKbSJQ0aulFYX0nPMJqub4qPnlWctnc35mdvfQI=", + "owner": "nix-community", + "repo": "nixd", + "rev": "8f3251fc2d8d1e3cac140e20e785ac733d76ed4a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixd", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1681001314, @@ -402,6 +441,24 @@ "type": "github" } }, + "nixpkgs-lib_2": { + "locked": { + "dir": "lib", + "lastModified": 1682879489, + "narHash": "sha256-sASwo8gBt7JDnOOstnps90K1wxmVfyhsTPPNTGBPjjg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "da45bf6ec7bbcc5d1e14d3795c025199f28e0de0", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1629226339, @@ -511,6 +568,7 @@ "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", + "nixd": "nixd", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", diff --git a/flake.nix b/flake.nix index e56834b..4560b95 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,17 @@ flake = false; }; helix.url = "github:helix-editor/helix/23.03"; + nixd = { + url = "github:nix-community/nixd"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; + + nixConfig = { + extra-trusted-public-keys = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="; + extra-substituters = "https://nix-community.cachix.org/ https://helix.cachix.org/"; + extra-trusted-substituters = "https://nix-community.cachix.org/ https://helix.cachix.org/"; + }; } diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 52e15bc..b9ed5e7 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -8,3 +8,8 @@ language-server = { command = "ltex-ls" } file-types = ["tex"] scope = "source.latex" roots = [] + +[[language]] +name = "nix" +file-types = ["nix"] +language-server = { command = "nixd" } diff --git a/outputs.nix b/outputs.nix index 3393da0..58812e0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -10,6 +10,7 @@ , agenix , devshell , helix +, nixd , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: @@ -24,6 +25,7 @@ overlays = [ agenix.overlay devshell.overlays.default + (final: prev: { nixd = nixd.packages.${system}.nixd; }) ]; }; extraModules = [ "${devshell}/extra/git/hooks.nix" ]; From 4587a396201ebfec43e15c1fb48a25d29cfea4c7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Jun 2023 15:11:29 +0200 Subject: [PATCH 587/988] Add package for installer iso image --- nixos/configurations.nix | 5 +++-- outputs.nix | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index bb6c4bf..5582534 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -90,10 +90,11 @@ in nixos-generators.nixosModules.install-iso self.nixosModules.admin { + isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; networking.tempAddresses = "disabled"; dadada.admin.enable = true; - documentation.enable = false; - documentation.nixos.enable = false; + documentation.enable = true; + documentation.nixos.enable = true; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; diff --git a/outputs.nix b/outputs.nix index 58812e0..a775153 100644 --- a/outputs.nix +++ b/outputs.nix @@ -51,7 +51,9 @@ }; }); - packages = import ./pkgs { inherit pkgs; }; + packages = import ./pkgs { inherit pkgs; } // { + installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; + }; })) // { From 295a2e9b3ba6a71df77967dca6803148d1b63b08 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Jun 2023 17:54:55 +0200 Subject: [PATCH 588/988] Update ninurta config --- nixos/ninurta/configuration.nix | 164 +++++++++++++----- nixos/ninurta/hardware-configuration.nix | 58 ++++--- .../ninurta-initrd_ssh_host_ed25519_key.age | 12 ++ secrets/secrets.nix | 2 + 4 files changed, 174 insertions(+), 62 deletions(-) create mode 100644 secrets/ninurta-initrd_ssh_host_ed25519_key.age diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 406e371..e74d6a7 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -10,6 +10,7 @@ let wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; + initrdPrivateKey = "${config.networking.hostName}-initrd_ssh_host_ed25519_key.age"; in { imports = [ @@ -19,9 +20,6 @@ in networking.hostName = "ninurta"; - networking.useDHCP = false; - networking.interfaces.enp86s0.useDHCP = true; - networking.hosts = { "127.0.0.1" = hostAliases; "::1" = hostAliases; @@ -30,13 +28,43 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # TODO enable - # fileSystems."/mnt/storage" = { - # device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; - # mountPoint = "/mnt/storage"; - # neededForBoot = false; - # options = [ "nofail" ]; - # }; + assertions = lib.singleton { + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + + boot.initrd = let initrdKeyPath = "/etc/ssh/a_initrd_ssh_host_ed25519_key"; in { + network = { + enable = true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; + authorizedKeys = config.dadada.admin.users.dadada.keys; + hostKeys = [ config.age.secrets.${initrdPrivateKey}.path ]; + }; + }; + systemd = { + enable = true; + network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "enp*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + }; + }; + + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; + mountPoint = "/mnt/storage"; + neededForBoot = false; + options = [ "nofail" ]; + }; # TODO enable # dadada.borgServer = { @@ -113,35 +141,90 @@ in age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; + age.secrets.${initrdPrivateKey}.file = "${secretsPath}/${initrdPrivateKey}.age"; - networking.wireguard = { - enable = true; - interfaces.uwupn = { - allowedIPsAsRoutes = true; - privateKeyFile = config.age.secrets.${wg0PrivKey}.path; - ips = [ "10.11.0.39/32" "fc00:1337:dead:beef::10.11.0.39/128" ]; - peers = [ - { - publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; - endpoint = "53c70r.de:51820"; - persistentKeepalive = 25; - presharedKeyFile = config.age.secrets.${wg0PresharedKey}.path; - } - ]; + services.snapper = { + cleanupInterval = "1d"; + snapshotInterval = "hourly"; + configs.var = { + SUBVOLUME = "/var"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_LIMIT_HOURLY = 24; + TIMELINE_LIMIT_DAILY = 13; + TIMELINE_LIMIT_WEEKLY = 6; + TIMELINE_LIMIT_MONTHLY = 3; }; - interfaces.hydra = { - allowedIPsAsRoutes = true; - privateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; - ips = [ "10.3.3.3/32" ]; - peers = [ - { - publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - allowedIPs = [ "10.3.3.1/32" ]; - endpoint = "hydra.dadada.li:51235"; - persistentKeepalive = 25; - } - ]; + }; + + services.smartd.enable = true; + + systemd.network = { + enable = true; + networks = { + "10-lan" = { + matchConfig.Name = "enp*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + "10-hydra" = { + matchConfig.Name = "hydra"; + address = [ "10.3.3.1/24" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = "no"; + routes = [ + { routeConfig = { Gateway = "10.3.3.3"; Destination = "10.3.3.3/32"; }; } + ]; + }; + "10-uwu" = { + matchConfig.Name = "uwu"; + address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = "no"; + routes = [ + { routeConfig = { Destination = "10.11.0.0/22"; }; } + { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } + ]; + }; + }; + netdevs = { + "10-hydra" = { + netdevConfig = { + Kind = "wireguard"; + Name = "hydra"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; + ListenPort = 51235; + }; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + AllowedIPs = [ "10.3.3.1/32" ]; + PersistentKeepalive = 25; + }; + }]; + }; + "10-uwu" = { + netdevConfig = { + Kind = "wireguard"; + Name = "uwu"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets.${wg0PrivKey}.path; + }; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${wg0PresharedKey}.path; + Endpoint = "53c70r.de:51820"; + }; + }]; + }; }; }; @@ -160,12 +243,9 @@ in ]; }; + services.resolved.enable = true; networking.networkmanager.enable = false; - dadada.networking.localResolver.enable = true; - dadada.networking.localResolver.uwu = true; - dadada.networking.localResolver.s0 = true; - # Desktop things for media playback services.xserver.enable = true; @@ -196,5 +276,5 @@ in documentation.enable = true; documentation.nixos.enable = true; - system.stateVersion = "22.11"; + system.stateVersion = "23.05"; } diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index 0561294..902d33f 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -2,63 +2,81 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: + { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - boot.initrd.luks.devices."dm-ninurta".device = "/dev/disk/by-uuid/a64f1e3f-ea13-43b6-83de-2ba4e45e8a3f"; fileSystems."/" = { - device = "/dev/disk/by-label/ninurta"; + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; fsType = "btrfs"; - options = [ "compress=zstd,subvol=root" ]; + options = [ "compress=zstd" ]; }; - fileSystems."/home" = - { - device = "/dev/disk/by-label/ninurta"; - fsType = "btrfs"; - options = [ "compress=zstd,subvol=home" ]; - }; + boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; - fileSystems."/var" = + fileSystems."/swap" = { - device = "/dev/disk/by-label/ninurta"; + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; fsType = "btrfs"; - options = [ "subvol=var" ]; + options = [ "subvol=swap" "noatime" ]; }; fileSystems."/nix" = { - device = "/dev/disk/by-label/ninurta"; + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; fsType = "btrfs"; - options = [ "compress=zstd,noatime,subvol=nix" ]; + options = [ "subvol=nix" "noatime" "compress=zstd" ]; + }; + + fileSystems."/var" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=var" "compress=zstd" ]; + }; + + fileSystems."/home" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/root" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; }; fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; + device = "/dev/disk/by-uuid/2E20-49CB"; fsType = "vfat"; }; - swapDevices = [ - { device = "/var/swapfile"; size = 65536; } - ]; + swapDevices = [{ + device = "/swap/swapfile"; + size = 32 * 1024; # 32 GByte + }]; + # TODO systemd networkd # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp86s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/secrets/ninurta-initrd_ssh_host_ed25519_key.age b/secrets/ninurta-initrd_ssh_host_ed25519_key.age new file mode 100644 index 0000000..ede305d --- /dev/null +++ b/secrets/ninurta-initrd_ssh_host_ed25519_key.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 J6ROvw 9g8A25DusoNFdNBRMiVXi99j+P2G/ZAoHq2kFD6tKEA +pS5yrQhW8IvNG/v1z0JKOROaJmdQGCRXHGHci/BrrhI +-> ssh-ed25519 Otklkw 9heLCSrhZs0PzOSX2C+RufrQML5QVMFXpeE2raTrQ24 +Pks8xA8BI89Cb9PzCyPKYwOfGfITX14ZTbcyQbcT3oA +-> E`3VAEs-grease Jkxdo0~ +WhLwTnCoplc8L5WegLX2A37lppw/De0alZgOuGPv9JYqFIS1DPNPBYz5aVNWUk7z +FYGtHrYTbg0ylTZ+e4mcSA +--- c3gW3L9HNYcqdnz7IptzALRR4YtjWJvXo9/0MEmcXn4 +5xXG,»©òpAøÀ~á\¨‚­•Êœ×æìâüº@CXo{7Ö˜{ ÎEÙCC´×~Ë|Žpêw3‘mÜ°.­°p»ÖIL~ø°†N䊺:ˆ“p`fˆþq3‰KIŸ6ˆGF@1—íeXó„ …ú¿¾|×'OŠïuØö…´ -SÊBàRÄS„EÃCs‘ä1[·¯YÍ +0nXlgacJ¿P Ž']¬qmBµkàÊc¬%Œ{5Ÿ:>¼y ;æ¿wKïǯ!‹Ú¥¸‡Pû`%ë&Ut+Ô8qœÐ¹Qš¸g»û`ÿ¶Z¬(=®ÿ´Á;Þ¦ §˜èŸþù5éŽv£rL²9Ž~»þ·åËGÝ(s.ljίò}PL¶-ïð^VóBíJ)íÈHWÄ“ÝK‘ `è)I/ÃðÝU_C™T~u†1æ»û’­¿Í™Ÿ·þÙü§Å?â5h®`~ +u_…Êb¯Ë;Ä_ÎÎeÍï”â}´§°ÅAÊz_ª¯d‘ÖâÝši,&Ž˜ªª¹¨^ÌbH<›jR \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c340b8b..bf98808 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -4,6 +4,7 @@ let agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos"; gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; + ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; }; @@ -21,6 +22,7 @@ in "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "ninurta-initrd_ssh_host_ed25519_key.age".publicKeys = [ systems.ninurta dadada ]; } // backupSecrets "gorgon" // backupSecrets "ifrit" // From 5dfb385d54d9b1fdec8ae8479c39a78fd6de072d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Jun 2023 19:18:25 +0200 Subject: [PATCH 589/988] ninurta: update private key location for initrd --- nixos/ninurta/configuration.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index e74d6a7..f160cf1 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -10,7 +10,7 @@ let wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; - initrdPrivateKey = "${config.networking.hostName}-initrd_ssh_host_ed25519_key.age"; + initrdPrivateKey = "/etc/ssh/initrd_ssh_host_ed25519_key"; in { imports = [ @@ -33,7 +33,7 @@ in message = "Refusing to store private keys in store"; }; - boot.initrd = let initrdKeyPath = "/etc/ssh/a_initrd_ssh_host_ed25519_key"; in { + boot.initrd = { network = { enable = true; flushBeforeStage2 = true; @@ -41,7 +41,7 @@ in enable = true; port = 2222; authorizedKeys = config.dadada.admin.users.dadada.keys; - hostKeys = [ config.age.secrets.${initrdPrivateKey}.path ]; + hostKeys = [ initrdPrivateKey ]; }; }; systemd = { @@ -141,7 +141,6 @@ in age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; - age.secrets.${initrdPrivateKey}.file = "${secretsPath}/${initrdPrivateKey}.age"; services.snapper = { cleanupInterval = "1d"; From af47fff022a9f972ea3d09eee91e5eea60c1ee78 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Jun 2023 23:19:18 +0200 Subject: [PATCH 590/988] ninurta: configure networking in initrd and persistent MAC --- nixos/ninurta/configuration.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index f160cf1..e20b010 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -49,11 +49,21 @@ in network = { enable = true; networks = { - "10-lan" = { + "10-lan-enp" = { matchConfig.Name = "enp*"; networkConfig.DHCP = "ipv4"; linkConfig.RequiredForOnline = "routable"; }; + "10-lan-eth" = { + matchConfig.Name = "eth*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + "10-lan-ens" = { + matchConfig.Name = "ens*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; }; }; }; @@ -160,6 +170,12 @@ in systemd.network = { enable = true; + links = { + "10-lan" = { + matchConfig.Name = "enp*"; + linkConfig.MACAddressPolicy = "persistent"; + }; + }; networks = { "10-lan" = { matchConfig.Name = "enp*"; From 8678193fc2263fe2f732fdce5c1c081d4ac7ce17 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 00:24:01 +0200 Subject: [PATCH 591/988] ninurta: configure persistent MAC address policy and no suspending --- nixos/ninurta/configuration.nix | 41 ++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index e20b010..ef27313 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -48,19 +48,15 @@ in enable = true; network = { enable = true; + links = { + "10-lan" = { + matchConfig.Name = "e*"; + linkConfig.MACAddressPolicy = "persistent"; + }; + }; networks = { - "10-lan-enp" = { - matchConfig.Name = "enp*"; - networkConfig.DHCP = "ipv4"; - linkConfig.RequiredForOnline = "routable"; - }; - "10-lan-eth" = { - matchConfig.Name = "eth*"; - networkConfig.DHCP = "ipv4"; - linkConfig.RequiredForOnline = "routable"; - }; - "10-lan-ens" = { - matchConfig.Name = "ens*"; + "10-lan" = { + matchConfig.Name = "e*"; networkConfig.DHCP = "ipv4"; linkConfig.RequiredForOnline = "routable"; }; @@ -265,7 +261,26 @@ in services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.gnome = { + enable = true; + extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + extraGSettingsOverrides = '' + [org.gnome.desktop.screensaver] + lock-delay=3600 + lock-enabled='true' + + [org.gnome.desktop.session] + idle-delay=900 + + [org.gnome.settings-daemon.plugins.power] + power-button-action='nothing' + idle-dim=true + sleep-inactive-battery-type='nothing' + sleep-inactive-ac-timeout=3600 + sleep-inactive-ac-type='nothing' + sleep-inactive-battery-timeout=1800 + ''; + }; security.rtkit.enable = true; From 26463da687226f4211f1e05091864e1d6436412f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 00:37:30 +0200 Subject: [PATCH 592/988] ninurta: fix gnome config --- nixos/ninurta/configuration.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index ef27313..afff09f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -266,19 +266,18 @@ in extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; extraGSettingsOverrides = '' [org.gnome.desktop.screensaver] - lock-delay=3600 - lock-enabled='true' + lock-delay=uint32 30 + lock-enabled=true [org.gnome.desktop.session] - idle-delay=900 + idle-delay=uint32 0 [org.gnome.settings-daemon.plugins.power] - power-button-action='nothing' - idle-dim=true - sleep-inactive-battery-type='nothing' - sleep-inactive-ac-timeout=3600 + idle-dim=false + power-button-action='interactive' + power-saver-profile-on-low-battery=false sleep-inactive-ac-type='nothing' - sleep-inactive-battery-timeout=1800 + sleep-inactive-battery-type='nothing' ''; }; From 4614971ab37977d1de87803a5d81d9fdc176ba21 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 01:41:33 +0200 Subject: [PATCH 593/988] ninurta: disable stage1 systemd --- nixos/ninurta/configuration.nix | 40 +++++++++++++++++---------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index afff09f..7ef83a5 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -33,6 +33,7 @@ in message = "Refusing to store private keys in store"; }; + boot.kernelParams = [ "ip=dhcp" ]; boot.initrd = { network = { enable = true; @@ -44,25 +45,26 @@ in hostKeys = [ initrdPrivateKey ]; }; }; - systemd = { - enable = true; - network = { - enable = true; - links = { - "10-lan" = { - matchConfig.Name = "e*"; - linkConfig.MACAddressPolicy = "persistent"; - }; - }; - networks = { - "10-lan" = { - matchConfig.Name = "e*"; - networkConfig.DHCP = "ipv4"; - linkConfig.RequiredForOnline = "routable"; - }; - }; - }; - }; + # Kinda does not work? + # systemd = { + # enable = true; + # network = { + # enable = true; + # links = { + # "10-lan" = { + # matchConfig.Name = "e*"; + # linkConfig.MACAddressPolicy = "persistent"; + # }; + # }; + # networks = { + # "10-lan" = { + # matchConfig.Name = "e*"; + # networkConfig.DHCP = "ipv4"; + # linkConfig.RequiredForOnline = "routable"; + # }; + # }; + # }; + # }; }; fileSystems."/mnt/storage" = { From 589516b23038979b56ee2abbe3092ba29ee9cf1e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 01:48:08 +0200 Subject: [PATCH 594/988] secrets: rekey for ninurta --- secrets/agares-backup-passphrase.age | 16 ++++++++-------- secrets/agares-backup-ssh-key.age | Bin 811 -> 854 bytes secrets/gorgon-backup-passphrase-gs.age | 18 +++++++++--------- secrets/gorgon-backup-passphrase.age | 16 ++++++++-------- secrets/gorgon-backup-ssh-key.age | Bin 819 -> 822 bytes secrets/hydra-github-authorization.age | Bin 530 -> 532 bytes secrets/ifrit-backup-passphrase.age | Bin 500 -> 515 bytes secrets/ifrit-backup-ssh-key.age | Bin 795 -> 777 bytes secrets/miniflux-admin-credentials.age | 18 +++++++++--------- .../ninurta-initrd_ssh_host_ed25519_key.age | Bin 833 -> 818 bytes secrets/paperless.age | Bin 402 -> 481 bytes secrets/pruflas-backup-passphrase.age | 18 ++++++++---------- secrets/pruflas-backup-ssh-key.age | Bin 748 -> 872 bytes secrets/pruflas-wg-hydra-key.age | Bin 467 -> 478 bytes secrets/pruflas-wg0-key.age | 17 +++++++++-------- secrets/pruflas-wg0-preshared-key.age | 17 +++++++++-------- secrets/secrets.nix | 8 ++++---- secrets/surgat-backup-passphrase.age | Bin 446 -> 416 bytes secrets/surgat-backup-ssh-key.age | Bin 780 -> 781 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 850 -> 836 bytes 20 files changed, 64 insertions(+), 64 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index da779d0..a2d6445 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w k17Rcu8afxtsYBqKw8/ozsG77ph9o8jjNL94v0YzUys -22EzyXzXTQbgYyAOfnKKaxQkAySXvb4gRlVC+r65DYc --> ssh-ed25519 Otklkw vJ5n6j544Sx2fAUt3qd5qrx8WLrSyBd9KqDO9P/TO0c -PmXMzhPIZZfwlEOeLfmOhqSvrCTOnqajRWh4UMcasTo --> `-grease ICY R 7OPPl qDtH -jQXY50ws3ZTOxYA/FgQWbxF/QF0sbYCJ55rZ8EtgG+oKquEKnQ ---- aOsR2vAeGjZqNDofgL4/NdLsJU2fTh3/4b2vQEjWJBw -V. ¾¥+¨IáÐ~8À3c!væÀÀ[0d›Ž7wàž®©ï¿+ÉãÇ(‹ÍБ}âü÷vÊDž–лªÞE \ No newline at end of file +-> ssh-ed25519 L7f05w /yLs/wBR7u98lIKy7VZXm+wN+zaGzQpYO6Q0cydEGFQ +xBobHUHmeTNvvYY3SnCDo+nVCst4r4UPDIK9NzjUkhI +-> ssh-ed25519 Otklkw jQaseyREyzaaXjV/yIslG09PkMU6rmpn4Yggox+/kWw +tbk355+WPMA0iTK6gnp+MogBBus3Pp/GCHQ7lkK9oJU +-> Aat$o[TK-grease Lzk"&$ 2hKm W 34G6L +7bTOH8YTjHkY59FsgEp5Zwij+ZY +--- NoNWoCl2Qmc/k17e+IkMIAqvOjiDsL0uQISs82D+zt8 +çÝ"§›>Ž7%²5hÜ3 ‹™Á›¨ý(@ÌZê`ïÒ•;5}ŠÍHM$œ,u"-Mª@0ÿ–uÓSÁ¢m\ \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 98eae37a93b4fcea89ae78158e4f2ce35efcb721..1c2f163a7793b9b4e71aa80329970182dc53ee52 100644 GIT binary patch delta 823 zcmZ3@c8zUP!gW0Aj)Nq&i$dq#@3ain`iW>i>U zIhUJ%T2XkSccg!DaZq`%ejcJz?huf+|&;S|hT= zpP2lv@4J)wHuCK2%qN2K3l_XMmHooXW%+}Oyl-bdFPvR>R^#Szb#iNO z;>kp9H>0zn&B`Iuv-mU9_Roube7Jqerf`QhEAHJ~=o1@ntr=DC?ffL@$JLJ9g*I`~ zD%%oDQf_72UitXl(@RHhnTpla7Qd*3$y$cX)+alZaXvIrK9TsNQD9GP*h#(5Hm97; zLtad}-gY=xg2(oSw*8$=6+6~DB^RBlH+8t2>+j6;puzCYmJ?-dA-6-mzVvpjRzJ4h zLn=kfL;0W3A6A<~OgY)51{bc*(n)IaT`wruB`vz$qJAcaN>SndY7LWqjlEY(gQ9~N T!*^_y=8)R?ZeE^Wd|NaC=igC0 delta 780 zcmcb{wwi5%PJL0NQ+}a&VsSv2pGkN`WRgi@RgRBmT4Z)rmUfzdVo_m*K~!E!x{pz? zCzqM8cDjG5VX%LJaiVd!cdm;2^K!Y_1bOCrOR*x3#+Wt`~pJ`{Q?EU#iB&w4iLuUN{EFn4*;Coiy4Q zV7h#H`wzwBZFfF(q=;b9HulWprD7`{XIy z%o+{BhGsq+%k1mDxXT_0Jl``}Y)3=#?Dvao7HmzJbzJD^+`rr8G~T`~pY?T8)QuiT zy(^o3#2-4dZ-LWR&cHhci7PKoYn@jw*YY}5c6tS`z_irOTAS+TJ9r7nPTpNpas2(< zip%dL4|pW(h~0Q|**w!NOWY?O$h%bWX2uo1gvYvPfB#MR<=km{g6Vg?LeTV$AD1Lt z=6+-Id7gaV+lD8(nl^P8%01Ga3D(Fzp6$6|&b5jkYVXbeO_1X0xwqrNwZyNpOn)?A zKH9-+SXvh5u=MfmnY;95R@yb${E&FBHc@WBg^9G+^xCz$kx5;%y~O4$eIh0B-NHIA gH!IogA$I0GldOPXGV_ diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index dc4d3e0..d2d4760 100644 --- a/secrets/gorgon-backup-passphrase-gs.age +++ b/secrets/gorgon-backup-passphrase-gs.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg 5RZ60MaxiVLo1RON9rlM3Mr6D56uABXkbNOFMHJrOTU -0ftc+WkPqbrnHAAIGlxPGkq0RQ73tb5FSRKbEeHO1Qk --> ssh-ed25519 Otklkw /kGvNvyw1aaNxdhgyOvGiFv6Xp1LM6YqMk/p8oNFsn0 -ZiBt04NUizfvf7kzmpLPZhuLEYPuM2TmWOgvgWsOAPI --> 03-grease i#K] |/*L 2n"-7n'N 9q%L5%bh -NbF8lL6P5nq1FF44nW0CB/Sv6FXtvOOi9z/6Xpcebj4bbME1X71N6HfsGOlG3rHc -+NyBz0cJDYj0M38cXHv8itmf4kOP8cozzJmqw/UKAUYJ5BILHfWKcxeJew ---- 7nYwuIFfAQ2Ge1j7Ousv2uyTRN7jzrg2YLAyCA++w+s -ä¦<¤¥dÚ¬Èïº}s¥ÑÚ>®“òŒ³¾ŸRR/Ç(ÞT‚Dz»¥S0`cXŸîù´O3û§ \ No newline at end of file +-> ssh-ed25519 0aOabg NA2EIkPe3Etbp3gLlU7ACdPTcxqOSEWiKNmJBtvpdiA +/+LE6FPMwSnRKNl7TDBUTzNdgFoUIqR5k9HudrOrtkU +-> ssh-ed25519 Otklkw ixTmLiN+rX13mHtEKZv3BY+RhlmGBYu4Y4kYZUiNHGQ +JeKiE58IL5A6B04gfHmCkOx2metsT/oNU+6wyj1kt7Y +-> M>%o*-grease #dO-(e 2QLFvm ' ~7yjQ;+ +vF5PRbggDaJlFUl1PPlt7pncU0goxMnyJwGkvxyP7QewvhLaqa0 +--- WyVx1Wef1RN8MK2Uhca3Nuia9DjiQg+GpM5iRNz+Jl0 +åÚÏï +ÕMA(<ÊÐÀö°EÔŠ==:ÏÓoz/÷>`R¥/¤#$—Ò?‰Î2B's¬ \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index 95efdac..4d82d14 100644 --- a/secrets/gorgon-backup-passphrase.age +++ b/secrets/gorgon-backup-passphrase.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg PPBNQDSPVGgR/VtEPl+Oex+00Ye+y780ArIbUeUYEEI -IZ4vkcDONKcMQTnlWSqzvledPMdHKUrwe+I0XfLGnY0 --> ssh-ed25519 Otklkw ktXr1I6bS2la6Q5vr/r8EssCWt5kQXmXMZOGbYzHens -w3Aaodj73uj91YV4Vhx1z6mUuVeZk0aUSGnEb1DXYQM --> aeJ8-grease xx' -0g ---- Zkoyt2uI2cxg3Qka+okJIM4S7z17EnCPqS6ggKBHq34 -HN=.êóV¤ñÛèë1±„rÐå+*Oà;ÛO42íÁ!ÏÎÌÔz?ókýscbú˜p§S[<Ÿ7oBó6)$l› QN d¸PK Ó²á \ No newline at end of file +-> ssh-ed25519 0aOabg +jm4AHnuuiW4Y6FHBpH9haLSvqLg4xyGhqfCdTAtFBU +pJCyZLiTg5LBfPz+RfE5f8MIqKt85T0KpIhxIqMKXv4 +-> ssh-ed25519 Otklkw toSN7UKCaA/iDcEXnX0I8/Ruy6PT8L6RL++hNGC5WDM +QJB/uf4qK+QFPE09HVhycspMfvLt0Gw/okhaotfHCIc +-> eUGG-grease ^Dqq&we A + +--- 9BHYdiWKAPWewE639dUlQIPXvJ3mbU8pLdAz5kIRcPM +î3Þ† a¿}†Ã@9œí;ÖØÔ7WMUÐ]6»2AÀÞ†±øN.q‹dÃ};óÇiݤ°„ómnÖ‚Ó=ÝJõVîh»–h`¡lI½ ¡€ \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index 20cec4209be17224152ff5c9036ce80837e9b66c..0412bd775e4e47c6ffa8845f06a39ca0c9794f92 100644 GIT binary patch delta 791 zcmdnYwvBCqPJL;Cx0kQCSDIt zI#*FdYDPqPlxs?%Z;4lwXINNdx~WBmp-Za2cV3ZmPPtiBWqP`kw`FdU0hg|wLUD11 zZfc5=si~o*f`3VNPIkFMP+n@ehlz`2ML>pEUXH$FRDF7dYj9vzu%&BBXkt{Ep?{uh zajKuGwyAL>SAj=Zx<{mIengPJvvx*_c|k~GiEmMf_uLe(Gy@M~6RzyyOc$dh;~>XCE?r$+ zh2#u_ko?@tu&7`UzbIelsvIZxJny2MG*`>?l%&9n;=~+(GkCFq^7*=*Z)bfYH! zYi7nH^@mt4@jC3D)Vg3ji?nPTJIm@B;@_f@t|^@65b6?bouOQiRHMDzI4fGo!G6<> z)LCiOzJ>MaAFnY#S+`Vpg38~S=kiWmJ<^yvZ(I1SPuYSokMv5 delta 788 zcmdnSwwY~$PQ7WUaae}Cd6=1>mvfL`dX8t2ueZB-dSP~sVM$&{Rj_`6OF=|Mg@Ips zHdjtyhPJ7zcVtD1fxB}>wvW4uUujlRQIe~9VoI2oSDA5QZa|t>QItiLCzr0BLUD11 zZfc5=si~o*f`3VNPIkFMT9i+^sd-RdL}`YXVM&IebG>Ioeri>Cl7(YMV5EVUW0_O3 zx3_k>zC}(lm%oLhYqptY& z$U3_K=a3{rD{tNOqSVCVRE1Qf^bmKY*hH?JN_VG%;;=}!oNR-D(8!d?VwWUyPj7Qi zU;q625-*o@Pk*;Oqllow(436GOap_|!hjN|u=J9!pb)ppsAAI!F0VXo4=!C@U4_u3 z(h|?I5;Oh$LIcO(9B;Gq%v2+z%A`#1{EEmD-!Lz4?Oc<>BvKAM7oyvrWE5h3j%I)nvBfLIRe%J9Atv4ReeY9Hm)V6%tV$XqqtB3nIHZm}%|tT_`Y$CSMK-a-qBZ;jSpKKvHmU~(hH|9tAQVosi&b!V@Z^E*_fGA;Sb zU|Vs;Ph0DU!sCU#jBWmFWBjh!MjoGV>YJ`lX^{bA=Eg$Louc)3-h6uG{pIVby+7L` zvy{a}&;GHDRLi=$R(Hj|Ga@VRvQA)cj+f%UmQmANvUD@^iV}@0Q|@)SoSl)nZ0*cN ziYr1VzI}TmsCE1L#;|oOqMknrF+V@?&qN8vYiugB?%K-i__rd0eT~+kT26+bUmlw# m3mA!9Sbsxu){!aB1y)B~?wj*o&tB2F>}Sfl^uvF5eg^<`drJoZ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index a82842517242cba8f6dffc2a99fb307a942c9ef3..a99144d7701ae5014fa5fa4bc44fc81be0d312f8 100644 GIT binary patch delta 505 zcmbQlGKFP=YQ2|PkbhaZLX>lIT7X%gS7@Y{OL~4@nrnKPS*TN5fQ4~zdPRU^M4@q* zvr%GlX<$e(S9)4*QlMX=M`=i|xpt7ZQGQ0CiN8TeV4{Jqwx@GgxtniJsYhXYo?&Px zm#&>cadC!jYKoDmsiCEUe@S*ucDX{jr(G9fjKb`^Zt%^WM+j+&Slq2=Bi;=@Ib`cadC!jYKoDmsiCEUe@S*ucDaIaVUTlSVpdj=VSRd0lyh>Cn~P^wafL}dx)4oORaZsb^rF``1-1CpdZjA6K6MbLnCc3zida3swxj(%h0gYlmagk{bHAtiagf{m!iP%ti)i?Y`>f! zm+-_Yw{k9BU0nqu<6@5__b@;23gdjQNOzM6|Mc)slhoAIf~@jDR}(WQOVjc~eLqu| zDp#&4PA{GRxZJNglPh|JVX0L~-a)%N5mwsY3!W_aCw_C0eThw1W$p9e$3~|o2tJRQZ^{cVTGgT>}f>I#2cErYa{9u+)b w^8LkA^P0Ag-_CIaX6#yZWxM!SrtlB_&QBuNZi=hkvCXsY!-gc48Jq@l0H+4K<^TWy diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 7c18954c397fd490bcad205c18a7533de447dc3f..be1a22d42cc78033b4f8a2531356b1dcc61c955c 100644 GIT binary patch delta 481 zcmeyu+{`jTr{2U*KP1O1EnVNj-=xshw<4@O&!8yOJtQ;H*h@b%yU3?JvcNOB&@?2> zge%80C`&)tskkyUEj_HrJi$ImFjvphdIvBb|WzuqsuAi&$XB*mg2skF$cpd=#A zFF7cpG~GF$t02p&$T=^y*$lPzre>Z!>u?H zWL>ImdQoa(ajHU@Wl*I~LTSE2ez7iBL3(mXh>M4|ahiTWNmPWPSCpeyka1qIiC3j| zM3iNHhPkh~i<@b#k)vsOes;J^p_hkGRalBorHe;}g}+Bt7+0#Rk+X|aiMEqRm40$c zWO-#&NJwtJUs!3Oi(^Q+LAbfMS+-}oc}k#BdUA@nc~WAOt9y2NrE#c9ly^vIa5-0i zX;=W4uCA^^eyLw^s&leiu4`gukg=hgQHV)YzN>4NQB+uld7`_4Z$Xt;rlF~kr*TC- zS5A{(n}K!K!Rwi~&T;`NBLwr{18%(k!F2*i+xlD5WC9zqB&HGTkNJ#KJwJK;I%T-`v-|GRMT-w8Gga zk}Ewc)jhGS*vmB8Jlw0qBfKih-!j6|Aj8Q$Dksx9-N-$u(lfxVpgb)sluOr6p}06h zH#Nn`)YQ;Y!M`LsC%arB(ZEAH$~)g8%F-#*C(*^+yx!kCt0Kg}qsS!5IW zPe0Mp#XrZBDOoBZmxE@ zc|cx$u6|isRzy^BKvKAiK}1GMhI>@9nNenvfqSlFRzXN`PN}(%slJI1mq~7RsAE`4 zUaDzTZiP#UL4;9+V?aTEnWd3MN|tXyV6mxxkat#rk6)p`rH8%+m#(g^f~BFqN49ZA zo?%gKL4dYN(H@y1z8v$m-R?uxLo&(A$r{ZKCPb+fuj{{%6gtOau6zh_OBJ>>ZH Hr5z^#vF4(= diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index f4770c8462f73fbe3f0058829613a5460c055fe7..ae17e33623e55251a388fa50b2dcc8ff5f923948 100644 GIT binary patch delta 745 zcmbQu*2y+Or#?^H!_qj)tI*BcqA=enDLFf!$~+{%O}oq_z%0$b*fP+m%DqV6tE9l) zmn*Qs!_y)nKhHQb$u-=>#3em3ptQKCJgFdD+oC8VL^~tU$UU!I-#p6MlS|i5p}06h zH#Nn`)YQ;Y!M`LsC%ass(A&ewJSWFk-#sfeEH&7~wLY{Y#LqdvCEL_gKf}{JFEJy_ zvLfHYvM|e)t1=@)+c-HiIVwEJ&B)BvH6*AkJG?BctUSj(r#vdCD90tr#~{rlEZGfg zowAp1dQoa(aVl3pQA9>gae-x0u3=Phg-K+nv0192zNda_Nl1RFBbTnOu7Y!gS5TC( zzE6Fyp?OJWV7_BUN^q5bVR&AVrxIKiUpUBhRDs+QGqTxX0DsG znNH8#bhNS6>hrv4kH?|D6I>q(vPMnRIgl!Is`}KMZ!07hAH8jTOz-ol4HivIy4`Y; z4|CsM-<~7?dV$8HGduV)#5>Oa+RK>B;K5)fe6ynduE_cbMRkccS50=rlucUx5q19EeLg?Zceu!zuY6*&`sa#{LmsalnV5e6bi#+fC(XnY`&zDzC3I7*{b@euBp8?M{Gp)mPZHPyP(FSV-vXipnYxLys%l;2XbRCPjY%& zAhy_Z^4Y`NmefDVC*Lw}ID12B#=AqwXV)Z_ANbZAwl2kl?e+pa zTN!UJ!TMhf3G06;?d1}?`fKMNL)Q-#EW6s)M{QgoE^(5x_uu9;{-l}TE4O_!zB2s_ z<8sY82dAXWIPmykgR-07-<|JQiRZh0-ap~&E9<`<1wRiiV-~QVv(RD7{N2@aTx@@6 uz6q+IsdA&jEPUOa*n{2PKB@dm13y{JvNrg1+Ji@QQ^9{7XBH-@R~rH5PCsn` delta 763 zcmeBVo6R;sr@qYBFe5js$jdV_xZE?R(%B`%D=Q=0&pXoB#5>vFE8D`{z0%1)&#O4l zlPkxtB)r%lH6zGd+ubLyIMcBxq9nrDET=RvG~B~I$kM6I%`_~+z{tZfluOr6p}06h zH#Nn`)YQ;Y!M`LsC%ass*fTQQyDVHg$l2W@EF+>kwBEhgJ0;Z8*)Yw_CoA70)S$$( zG|Me9s>(f^E8Dch(iDK%R=xiqb+)YGymxXRK`+t|{`%g@5I#J4IUHQU$| zWSvQfijISBdQoa(ajHUOh^eo8xPp;er9w$cNM&{smq|sLafrKzzH4GhKuMaRNkEE6 zlxucN(SF)RHKtM)mlCPz9 zdQiHzFW1J3q=Wkp9KFn_aHW&ky5+*&xqRI#F8-?3yO4DH*R1pV9^NmCo+&CU6sggF zS6;{P2kV))+V?~qrdFr2eOf5^lVy2x%406YnoRb3>q$FKu2_4??RCM-4*h*qRd=~I z{n#J9GeW`Sok7Hkw<#+o<=9&7%2E|!m%f?a_vq}-z5W(1&plMP$??zFq99xmrFYOr zIMMwXtJLg!EDb;P(>kA5Y`nDA>~Kg;R_19Qqnxy*5@!_n=7e*)tZ-smm-wCW4s%F% zzv}LLmMYWU{ixr6S$yx0-7FPtAHJ{KzSvk$QSAAIfD>CR6h&Gz)Y1JlPdCqM4W*vMEt;pk;)(JiN&TeBDSEb= zl{%}!nD|?=tQAr|Ogt*K_g#Zx?#kSQbLVz9=sdoiW%!2wM)1z=y(KP3;~6Hb(Tn6) zJn?!;@8cWOzV-=D63R2}=H&gwcmBoC>l4HBPHq3S@(!<`8rN^#xG!6t8N7U9#azaC zMQ`7#Sn1za`Cm!1CO-Zx^fK7~grP&k@u=&IZ>MwUl>RRgF!}cFDAOH>4-vwD^ePi| NTQ`f{ny39s7yzfIKdJx# diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index 8c11c71..b306dd0 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw IS6b4o7dy38LfWxv/mwFHzNb51cSW83n3n2LQrjSJlA -z959I7N3sF+/rBkBjvotzQaiYhVUNaib9cxiXdyGFrM --> ssh-ed25519 Otklkw vDQ1RaD6ZIn1cq6Oqg+5J/IT4V6BvvBxP4cIcvF00G0 -qB4SR+DqWyufPo92tpXOnk9w3B1sDNKsFWGbbAsHKqU --> E|`-grease sH9 -JlIn1Xxp0z+R/dcvT++5zOMUzW2e3dTbqmUXbnB3kJKutC4xwfActgXC//NXsF8e -+tDR7tRFz8xHP08uQAteLg ---- 0UrVGiZaKV6wxbFATboLo8WsEI9qer6K1aZKRhzIGjI -“÷ÓQ_zÃë=ßENfJg]û ,°¼ùâÇã< ð”»ûH»ÿ%€±—#ïm9’øH7E¦~Ëh/tË­7³ÅÁêtZè>wÕ6Cí®«o/á \ No newline at end of file +-> ssh-ed25519 jUOjpw WjtK3TwJJcT1+CARwXu/8pCfJlA+iYMriWEifEAjSEA +VzJ2aTBU0spMQ/MpVCNwRJv03KdGEv/GeYoIKQcd/pA +-> ssh-ed25519 Otklkw SUYR/Xo3kQdQVzOmQ1qSdpR6mfI9Zh7EWj+UzbLv7nU +ptoJ7lagfRnL7IzNJfyVj2/I5f3psmzvpiI/xb8XJyg +-> Dff7g;-grease R?$ .DiZvg ]tF < +Tn9FgnJOCz5oAicAXGMyc+aDQdkDSw +--- bRQP01wHrls+2i4081FtpR7Ui2N8LCBj+CkLCaLwDZg + bµ1µ#ÜJͯ1H‰ä²Þt–/å0G£Z¾^”mD;ídrCö$Å!#×ÜHZágáX5Ióu½¯Úf5e€wÇæâ +"H \ No newline at end of file diff --git a/secrets/ninurta-initrd_ssh_host_ed25519_key.age b/secrets/ninurta-initrd_ssh_host_ed25519_key.age index ede305d3bdd7de0ac2b672dbf81b72af66007f89..093f81cb96285e2e410af6fbce98b74bc0d56655 100644 GIT binary patch delta 787 zcmX@ewuxSzcZGA6TY90pPj05anYWKgQhB9+zE60tWq4?kFPE;JLUD11 zZfc5=si~o*f`3VNPIkFMh;dR#xw%PImWzI{Wlm~Zc72(9kawo5zki9Tw{Mwug|nkc zk*iCHr&)G3SF*o;P)4SSr-6}Ak$+G|d9bBrxO-7rPI98BzC}o6QE6VNTdrrAVW?9! z$ht(0BrVgdrq`B85##$-;5awO%|C&E3r{2ZSRMqU)5pE-ir{`{mOi0=7{r*pU zj)=GNOBLxkxpHC&e?H98XEIvobGz<`yxR3IYc6`T1k39Deh|k$d*VN%#Ow}F+f}^l z>m8K7+?^-UY28T6S?ex*UFmWEnZP zFP!??{y_67#@#9o6Xx)*zO$1t_nM~gy-!L{zP}K*oA_v_h-;|g_eh1cE8jEzemPr^ zZ=&O$0~XiK3U}&Fcz5pNw_o2=qz`*OO3Px1dzV&knkATPYJX#~>~5WNdlJ(myL*4E zMXHjdZ}hCrxpP=fa|Y+f|F7e<9JYqCYV5y!GwGVboJ1!N_nx}PP2KA%e0L~#gj+-e j1vzmpYfHB)U)C$?cZui3VjjzvEA#K@{l~|{DPch3m?<))O4Q+BS&NNoPvUK zeV5dFgT$PubpKNKfHF(3$U-;IU_+MxzW}GmD$~R;zwpp(^C~X4NcR$tqR5b>bc4#A zkSOg`licKBM=o7mU4>-h^l)PzOAo)uh zQLJ~o^W6GRwE;fcbl-o73;XQ!)=Ts42}uu;@FSD&dQVi~OkjGU>8XEM{=?nSc&UEp znIUzhZH7!T&vy6zp0sxVS>c)UxBt8OXZcYn`$wi3>k{g?N*Uu@PbIBCZG9yE+_}`V y@25yUs@<}DgY;3yQ&sV+q@~xVOuY8!?yO85wZ0jvBv$QQ5qBoZ!$y2|RuBM)I86)y diff --git a/secrets/paperless.age b/secrets/paperless.age index 32af229809f0f61bbdedd0d5dd51e347fec0b431..61e8707a47e92a58491e18b220d7629dc67521e7 100644 GIT binary patch delta 447 zcmbQl{E&HqPQ8(@rCVO9zqxj)S6-lxnW2k`NqVqZKwyB0TX|%TeqyAvuTxTmbC!vV zD_4P=VN$kXo_A_mq(P{8aA>$|m|?2FQJ{fgzGH}wMTWL_QGQmUWm0~2F_*5LLUD11 zZfc5=si~o*f`3VNPIkG1nX6lgucuE|c(9{Mh^u8*Sbb@DSfG1EP(g}kxOR4=TauZ! zYjJLwiFc?4muFRWm0@L;dt_psL3*A+kbbziwu`%aV4;PPvx#L{YH>(*ak*oR#{rnQ6YztSXyaI32 zu;Bdq)L=6c)5N3;jA3q}_PcB_uU4@d8(vtKHj~r81^MJrAKa&tMFV9j(FMr=k zuL^hXK$Dc52>+~-G6PpbPp&npKXr73{Pky8#IO9)_jR-C>L&Fw|5(;0Ce)NXxVcH- nuEK2t=f1S1>$(pWKFfcvIP>fez|3ov1w>-X|jcJ zI+t0#VV0p~rJs9pzH?z(X`zp^pT3`wi?Lx@uv2zosCh(=e~_hqQe~xYD3`9CLUD11 zZfc5=si~o*f`3VNPIkFMWmc+lL`k}1QHe*Ag;PYOcD+HSxtm#JWq^BFxre2;TR@fM_oyUO3oczw>$>pzQxQ&}t`x41U_+?u-lZ$g&ZKij+BG7qE ssh-ed25519 IXCPDQ q4jeKfIwyTGzg3fteKRCPmXnFrxtzCv8sNVGe2ZmeWQ -ah8dFtzOh9Qmw7hO6o5m/o4wNwGp3zcqcu9yU2j4vCI --> ssh-ed25519 Otklkw mOudX3O2Pd+d55JzUhN8JdujXRuKY70Muszdg/+BcWM -dyJu3G14Bbi7XbqUBwyDx3rrU3tMvVUlR2qJMFKySLo --> _M0-grease G! Y7J F5 S" -CqkYzOCT419pYCp1BKDwhnlzpn+NGYfrVF8sdlsYdkulLFkXWwxUEh2Si3nMjZBk -xz1+0prLIxzg7mlgEpVkLfjSGoclEyDw3D9Y+ybal5oaERBU ---- zB0wLjnIMgXaqkZTW4+TigSya60MM7p2+l5ZHWbgQVI -ÆÉÒˆE¤Adðp&jáQõTÒq`Ì­WœÅpúþI£×vÂ’®mʱª¦© -8(GX}¸öC9*©zpÇ•¦>} \ No newline at end of file +-> ssh-ed25519 IXCPDQ Y+EFA5UHFSVH8gYseuvdFQYM50WRfQ7kAbDd0VDNWlc +C7sTgIKLh8WN3SeB3l6U8GVjKPQcTJHcdsMEIGizK/A +-> ssh-ed25519 Otklkw 9uTnFZ2s0XINtxCm+RdMa5eoEu+Py2ciUMeTDlYvZyc +9eEshprOqF1Owmr7ccEgEjmBbaY/k68r3SM6yeQi5+M +-> A>-grease 6^Yh,lh% +Jz1t6HBXsEqECUhllROJzEuF +--- W3P83c88soXqGBoBC6Kq6p8YtOT7iDaavKhGYTneg5E +V¿<1 iáuh()íªýwu(zÚM 彶'«`WÂbʃÁO({¿wÖªPB®i•;4“ê+)Ò¤.-ž®’À \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 1227d47133837ed66fa896a99eeaeef505ce527f..99a4f397ca023a60e9d6de0e42d17808f2f80d3f 100644 GIT binary patch delta 841 zcmaFE`hsnOPJOtsQ<=GwNxo}}X@)^=c&2+uN=0CZMPi|uUrKs@qIYs}Qm~PKnyaak zE0;w?iF-w+qj{*AtCw-9zmKU`YFeU;PjEz3adtteQJzn6indo#iMv}-IhU@TLUD11 zZfc5=si~o*f`3VNPIkG1TSY~Al&6uKalVg>M^sLZaeaVGMoyGxX=$-`L};Rim!o;O zi-~b%l|^nkS8`;8n@?bIKv+qkr*EZKcDQF?YN>^pc3F0&eqL~(vx}jnv0rkLU#Md? z$htg5x9mLKAl>w$)WqUcuFRs8)MRf?)7S=m|}e{W$MFqFAqsQU?_~joOK5ypBOpTu9YVt0| zve2qJUG-Aw3x+*gX72rxbxQI;ZqmIg-X^;y$e!q8_CGMYtX_J7NRQN%r8V~%vnmzJ zN;~eJdAiNJqj<@-FQThn-O+fPYrALCnnTZ}{tD=KCM)v1Y2)s#ZD?5%?7h79@P;^z z{h38&ZnzA-lrFD%Qg4L-x*u|ITWvN+wVpwRdNq%BdxIsun zI#*#-lzW&#eyW$BQC_l>v9E_~Nl31Lj#pV=uxn*XnT4Nka%x^qNNQS<1(&X!LUD11 zZfc5=si~o*f`3VNPIkFMic7e!OHpD;UZsVjshgX2a(!uPS)yO2n?-qKUV4OyrMF>7 zM0&YVVN|*amrFrNly`2Pn}w%krnZrORIssrlzx?|k3ng;S9X%OMMi0rvzeKnM_^Vt z$htU_65aHo)WqUc1!V;lBYUp$(loZqv)#TQFy!*t&hvfWf%81(-=067e1-FjcUhxM|FS-nkG&FYzPt`y zH}7v^QeSP5lQ>!O#k%WHPcPUkS^anU2ctbW z?6#grc>S$t$*j~LYq}qIy#Kc^fw3a~OgP8Q+r4FTZ#%!@m)@lWyiJ)YVc=GnQd?~dQ0y5-^+Sl8NScF7M0t!Bs*x2`~`uE z^M)=KH{PAK+*zHx-@HEdvbfTP&j)_)kttMLZ=n3|pV!5H#+%QVow%bSV6)ul^2)~D;wiKiQnv;?M$u8?(-(cX0VBg@k@?UVh_gu5P#&MT7r zB)&?5+d1IN{O5m#R{bfqnep)P=j&+|-+g*mAFe*7b8Cyf7n5qJy@P6ff6v;vl98{y TJ5DFrWz5;%9TcJZ=l%--d(b}w diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index e5f37bad184082d6e21a4ea8afa8758d57a271c6..391bd9856f07493a221d5259cf6c6a1fb0ce3e05 100644 GIT binary patch delta 451 zcmcc2e2;m8YQ2|PkbhaZLS|`HmQO)uN=1-mdU05kc}Y%Efk|Ltd6-E`sY!a4Q(&f< zdAVt>laEU}SCnI(TSY)rXoY@qMnPt7o?(85zkii$VV=H=nTxM}KuK0rvWbCcadC!jYKoDmsiCEUe@S*ucDX`SV4`fU|pLcRqv0Ft} zhL1Pp_z)bk`Ek$gDum zti*bwu;3!&GE*b%q726(w}2p@tSpPbQnOI!Bp09L%reI)1Fpz|KqoK#+;s1`K#+hzQdhgCbvp z@DQ`goUk+#F0HRVvRcAt3%@e^wjR$>O*>;V^|hj1DH8N-c9y*7{sbB-1^bGVy!X&jas3` delta 440 zcmcb|e3^NIYQ1NKbAU^rLUy5{g|>H6hG}M1foFC^U}m|mMVM=rfq|h}fPtT@i@$|e znz^f~eo<&XmwsAcaCnGERcadC!jYKoDmsiCEUe@S*ucDX`ErAeMgmT9VEWxYX&UrwN_e^yRXxsQpvMVOPN zTVj$^VZNJdhGT@8TZAK*sb5NpUv`0hs##HCc$r0dUZGiFL4l!vYDJKLh)YyeNU3jL zKxBAeU}!qXx^Pop-Snc=#Nt#1V^f8wv{-G^Iy;3l$FiiTP<3yGn&6aD-8z3Qt^f;5 zi&CTd;IxQ<)Wk$@_hL7Xpup6~tPlh5+)C|?jC@l^qsYkYZ2csE!;C6dBd363uks>u zQ&TQoU0sEu ssh-ed25519 IXCPDQ eZBX3Bp+df8y0/305T5S2ACPkoy2EZ/l40QRgkvNXhU -kYQFF+dU6TMZRm4by4FQoh6dVkpQP0QLs8apFo32IP8 --> ssh-ed25519 Otklkw 254quKvlqSzn7E97Ae9MIqpVA3JSAYn5gRSEpbV1/Ek -aYOhAXuwLtayScWy1wgdzl3hmvKQoesaYNuxPMMACuk --> /bt?C-grease -vysQw/I5A2BuH/BLHtRQAku0h2W3knPG9Ik ---- SVEgz3n4QUMFs5p548c52W8A2QVH77BObBr96V/uRDU -Ú07úü/pbÒûvFå‰_E‹m~Ö)¤"¥Ps›Dp‚ ƒ Š²w¥ï•ÔS€÷\UäW~øqj±€ßdëθ̚ÀV˜ \ No newline at end of file +-> ssh-ed25519 J6ROvw YsE+O4kV7E24d9jnxDfQoj7IJeK6dKSU8YsZW1TN/HE +dU/U8KmVRxzmoaD6nIR+N3MzYpwgiGtMNMJSvYIYFJ8 +-> ssh-ed25519 Otklkw L/Z9NwuJX1MbyxBGWbDGoomXQ6WlU8/8NnY8gf4hKAg +CK2qXl5u+bOI/7d1RnrxvwomJcXZ/9Pl1qOWD2Vnp4w +-> <[-grease /&'!6M -:! +8ZvoNEdAXFX0+Wc1wYa+az0i2h9tI0QU6R94sVtYOsinz5fmquQRmlcts6EHG6ii +Yznsj0moTeUE+vF6Zxowfbml7DpQlVW2bHAgVDe0j4iA+Rl0tg +--- E3MD+BnZNQJt4DuGfSTg0aYWqc1REs9fF2ZUzE9cEgw +¯‡†‘ÑÂÛT9Óéùr ¾EÁé­…ÍÞ=8däõ˜²&d¡‚q‡GþÆï¾1h× ÅòŽjlÈc]á!²Ùc D¥'t@ÍL59Ê6ÿ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index c725f66..a4fe478 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ 7EL3WqB4mjWhC8/EWLnO5l3ZeTK05/u9cMLzpwc2dmU -6FkS6Q+m+7dvWLI5N8+uuPj1RWAt08w32ZbbfntClK4 --> ssh-ed25519 Otklkw AEFR9cXvz5CWU4rqQNBde6jrj1NzIJfjx4y2PNyL32s -4FOEYmGXhG/sr88R64rN61TMxYueQ0k3xEJHfO6LHCo --> utYF4M-grease g;y VB V8U_WP *QILi" -9SnnWLuUWkDAz9G/b7+e/F5beJJyz5u1ZGfpOMnGUDMHXgndH6P01g ---- C7CyvSL/YiPxinB7vyzbvxWmOxrDl4+X8xQKKn0hKw0 -¿ñîîŽáû8”°dÚ?.zÝ¥)Qæ‚oVR{æ 2æ4×;xY[ÆÊCT®0Âɶ,¦$^ó5Z‘Ù¿E;b]ˆø…jÜ´¦ \ No newline at end of file +-> ssh-ed25519 J6ROvw c7XI1hoe9mxWJmscp2Smtgf0Kmxh5kJTGsyhStP9HjU +CjDiMR4xNrp6Lj2+NFt4WzI4QaaI4Bi8pGuGiU4n6HY +-> ssh-ed25519 Otklkw oVVxFhim3EzVKdUus1EXZhKR+3HyrIDtCetIGq/iK2k +u7PtOS+K75sKlUyHuPpajAd41Ve2ju0jZf1ccBSJ0zI +-> 9N-grease S $b oi +jXfmhq26mNY6w1F+2yIPg01NnkyliLtl6P+778aqM+xAMZIGshYEOov2IwTJzSUD +H9+3YodoChRN97KGgZ2ATLGSRdwvgY/8V6zg+0Xugzo93j0qK9b4ZvpZIQ +--- tAhoy8OwlX+93M9RlqWnDQHo3xO4v7gQ+FxI+9+poYg +*ë£Â?üÏ“1Öú5$§;øshúµŸ_K!š—ÙNT:$…½ÐŠ ÷èš®®áߘ‡ŸÞµ­–Ëоpâ>È÷2ˆÝg<ó^íœÏ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index bf98808..6de896e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,10 +14,10 @@ let }; in { - "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ]; - "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ]; - "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ]; - "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ]; + "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ]; + "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ]; + "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ]; + "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ]; "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index 24da50e7172770987e01773c3e785e9a07013d31..e363be0d0c79e98ec28d0fa0fcaff0dc2a168ac9 100644 GIT binary patch delta 381 zcmdnTynuOvPQ9avU$#MVV0falVMva%L7BdfZ&rc3m$q9(fUCZ*K~|PQiA9c~NwG;* zC|8oPXGN%ilZ&gbms??aRB@zNh;dk0khfuSMRHVFrk`J7nTdX8nNOgfFPE;JLUD11 zZfc5=si~o*f`3VNPIkFMday}aXr6IIL4J{YV1|c}Z@rU#MP7KBt50ffak#OIMWwrO zc0q_~rgw-dSFvNHsh34!dQgyORcdOkxu0`bVTfUgw|TB_ihsCoK!s^onzMdpcCfDj z$hz{#%8=|F-Snc=#Nt#1lQ_3{EjKH!aEnNH*NDWbG^Zjz?@UMYu+W?=%K`&;{bE1g zkl?(s;`9;&E?r$+1%F2$%haF@lknsKS8sz-U!&mQz+i2^&}>f^ZNrj6r>c~^f};G4 zPpK)qjNm5E1yPh`1Qak+b>QDIrC zNrbOOV_pHhiBXbY;a?_~HLO*lA+$8OcfO217iy>Zxb$EU0nr#!>F{hRM#TE zERV1v_u^95;DCH@zkEX%=i{_xL8a9rUc* zx=MOe-j5}{rd7$>2keY)zbs0V2~-rmq^|GuRy6yI2VdT#FM=yp=KowjDbYlbTW&@q E0O2}}g#Z8m diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index ac1f9b2e182520cde81afac9a8aeea3ea73a25bd..a4a21af69a026c5fc04e8c90c4b16ed89aba601f 100644 GIT binary patch delta 749 zcmeBS>t&muQ=ek#RPJr$78L4KY8K^e>7U_Uk!9`^ni%9}mTzh1T#@SP8d?(Q>YZtn z%#~ak?CbB8XIhzQk?7?bXck^&mS~h`Y~X9|9G;$QY2l@9kR0OS=4D!F!li4cP+Xj$ zo0?)|YHDby;9ruRlU=T05bhln>R}jBZXBLo;#-gyRiB#eov-h2QWj8XX=G$t7~vk` zTauiSnO^0{<>T%b7T}&ySZW%notf*DZ&^{|6r7V?X%UoEUSi_q=U3qyR$`e`Y#ZnbQ2RQn_^_IH}= zlyX8kMV4zZ***v?NGX4~Z`qDj#}+;}F)o{GlrVMk{%sZW`9!<&%r;(}qreU;oji^Ea<^*MGCAr)NxlQGV!W?C(YL-cIK87Ul6=m%XrEI4kn_!OQn^ z@5R=9OfsJP(A#=dl$74RzQvO#eEhQF>NhiE{=LVq?u%Hv)a`|o{^kys=ZO~%pK{Z5 z-M=U=cb3Ag$TgiScd1Nmk0@HU!q!LNPC)()&jeLBL$(d8CQI$gNZTj4(6Q*^)Fk7` zlnooVWX?ABjqC3@8m+~8>)fqv0vFzW559UQO+%BdOK$phUG;^Q$8=Y&S!tc;xOv;{ x7y4&S{Tn+bE;$riw#hyI-_E^n*wWI<&v7`!t(ko*@>a6^1*1ACm2;_9l>nkyJH-G1 delta 748 zcmeBW>tUOqQy&zb;bY>g?Oza?9PSekX_{yd73804;*y_USeWISom_72A5m$V6_OH~ z%;l9GVBqNQxcsQIb&^91s=Ym}rq+ZWftk!KG`bP+Xj$ zo0?)|YHDby;9ruRlU=S5kl|`(tet9Bkm;UhRFQ9%RPU}GkegVP>>p7WRiSTI;p}0W zXKGn!UgeU_Rcz!I;uz{?Y95|e;%gXG8D!vMQI%De8(^4~6{1}nQWX(t;2TkvUziED z&ZtH=y(l%YI90)_E;~qv%cRQC)g?Tjs3_B;DmS|_SKq6`B(K8L(kLRmAfl?k-K``q zIj}y&lS@}uSD_@(DI(CTC^OhAG&{V|)yUPTq{2ABG$X&zFDxLbEXvE(#n7cZ)X+06 zkZZ1~-V*Jlmz-8zo00Qq(aK%({)DUzZJfM_^JtVr+=FMGPQMMeZp=unxaOS885E(w z66SFKjpo*-!+qRtA}dM+4n_a{d+KIVd9g>w;@$O6vpM9wbu{<?IaYlAnpi@SnZ;pF(9Vh2(&oZveJnzsTpKRmwFvlYIe3vABZO^PKU+3hY z4EK2-A|tw0sNSNS}&KpF&HYOy3;C()9cyuEM~oRI}{7(h`3Y z_tIcLi3JcD$usT`l~$5>p84Ke#)>$*C=DeU6)`sWV{4j*VYdA0uUib=`*JYA2?kFDAN z$>+_puq%hoGk<%koSXFD+@iBr)JMKO^Wf224_{xHo7xcjXoB6b-Cy#A%@YK2dDIQ& z#QCh`o4TiZ_bcVYZ0}wF9Zy!g*cF;wnarxTa?=(&#rnLz53kk>1*z|mIP+@9lB*}< zS|@YQIV~Dg@6>EBcJ2G`#dn`CIl5KI`-as|u6O%O4xd_Pa(~6QXW#wQRbQNa8~nWM z(>eCq8B%q7=2zYOx#O;k!?X0&kr(;19q${h+<7+ViXU73b*6`c{^mBJ>xvS4TP*z7 zu`a7#se9|((;Zt+blpxY`*N~Var$>*_cNQnDFv0U))KI>cr_)v{_Tt1sTH+dK4R&c ztu8+j*ud7kY)X33c5d^c%!sp6Y7f+mgWf(@*t&T3o3l|n0*ej5c|>Hr?>T%~-#@QD zGfkjlV#(AGZ;w>VF!)RM9p;%3&Rg+YI@N-g?d<2qKr!!~!V!H>-mf#e66@fnC3_<5 z``Rh_H#aDGFPv_7>I0K`^&z>NjlI*4%$>5Oec%49xra{i{VJNZZ`c1F1x@aO`u}zT E0K!{c_W%F@ delta 819 zcmX@Yc8P6*PJOPSmsxV6i(9@=K(=E*W>I;fQoctn+dNJM#MP)4R>Xr!NEPKa4zutz{es*#_*MUihg z$huhF^rFUB{GGj+KM>BU1 ze?Rkj^JLEwi)<&eqH>o=Z?hz`yhuyKV2eaw!=wtIY?ng)NY657Z4<8SsB+`H%G^pf z_hh$RZDWg|{Or6+=MtaFj4byuNAJSiaxPt6U4_Idx4;xvkFvDlWXohr%SfY8w=#>2 zkeo92;^Z*xs2n$Arxe3r^U4T66E5ag0n2#nL!Z_z4t8u)h<>Hj`YrIHG{dyxPG2s$ zELoadeKXS5|KKlP<0%quv9sS^J|lniRl$YrmUWG?-?DX%HLLz?K7PO;Sw@DP`_IwX zRPRWk2CtYOOD)^vx&iACzF*{N}@`)nuNC|3Ja#s4es+tqm2!UHdr=TyE}__Hk`N}+U8 zbHQxJr=1&a?z(oe;qT1-qG@3j{VQtMPGtYE$aj5J@yR8!p)cw$_dP1DQ+HUj$XL=? zUeQeP+8>@h(=Hb%U(#A4cc%~fYPaVCT9?{SCwQgV*UC`^-}N_>(v|i*#h3Hf4M?U*68-ziUxn=;kv!`}+$Nyf|e}Kbm_|vTTpL Rx5&-49IN;Cr*X|O0|1JdRYCv& From a89dc8a8ec66e3bbf882ec3b1e5e1297bcabcddf Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 01:52:19 +0200 Subject: [PATCH 595/988] ninurta: fix path to secrets --- nixos/ninurta/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 7ef83a5..8c6595b 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -6,9 +6,9 @@ let "backup0.dadada.li" ]; secretsPath = config.dadada.secrets.path; - wg0PrivKey = "${config.networking.hostName}-wg0-key"; - wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; - wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; + wg0PrivKey = "pruflas-wg0-key"; + wgHydraPrivKey = "pruflas-wg-hydra-key"; + wg0PresharedKey = "pruflas-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; initrdPrivateKey = "/etc/ssh/initrd_ssh_host_ed25519_key"; in From 5e105bdbfca035b8e19db61d46f86f08ea503dae Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 01:57:03 +0200 Subject: [PATCH 596/988] ninurta: disable backups for now --- nixos/modules/profiles/backup.nix | 4 ++-- nixos/ninurta/configuration.nix | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 88dfab5..3fe4fc3 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -1,10 +1,10 @@ -{ config, ... }: +{ config, lib, ... }: let secretsPath = config.dadada.secrets.path; in { dadada.backupClient.bs = { - enable = true; + enable = lib.mkDefault true; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 8c6595b..ec505b7 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -18,6 +18,8 @@ in ./hardware-configuration.nix ]; + dadada.backupClient.bs.enable = false; + networking.hostName = "ninurta"; networking.hosts = { From 1524f02094ff614ed2097f255c3291673c05384f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 02:04:30 +0200 Subject: [PATCH 597/988] secrets: add backup keys for ninurta --- secrets/agares-backup-passphrase.age | 17 ++++++++------- secrets/agares-backup-ssh-key.age | 20 ++++++++++-------- secrets/gorgon-backup-passphrase-gs.age | 19 +++++++++-------- secrets/gorgon-backup-passphrase.age | Bin 398 -> 513 bytes secrets/gorgon-backup-ssh-key.age | Bin 822 -> 756 bytes secrets/hydra-github-authorization.age | Bin 532 -> 496 bytes secrets/ifrit-backup-passphrase.age | Bin 515 -> 506 bytes secrets/ifrit-backup-ssh-key.age | Bin 777 -> 866 bytes secrets/miniflux-admin-credentials.age | 19 +++++++++-------- secrets/ninurta-backup-passphrase.age | 9 ++++++++ secrets/ninurta-backup-ssh-key.age | Bin 0 -> 808 bytes .../ninurta-initrd_ssh_host_ed25519_key.age | Bin 818 -> 808 bytes secrets/paperless.age | 19 +++++++++-------- secrets/pruflas-backup-passphrase.age | 17 ++++++++------- secrets/pruflas-backup-ssh-key.age | Bin 872 -> 850 bytes secrets/pruflas-wg-hydra-key.age | Bin 478 -> 437 bytes secrets/pruflas-wg0-key.age | 18 ++++++++-------- secrets/pruflas-wg0-preshared-key.age | Bin 512 -> 503 bytes secrets/secrets.nix | 1 + secrets/surgat-backup-passphrase.age | Bin 416 -> 394 bytes secrets/surgat-backup-ssh-key.age | Bin 781 -> 798 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 836 -> 852 bytes 22 files changed, 78 insertions(+), 61 deletions(-) create mode 100644 secrets/ninurta-backup-passphrase.age create mode 100644 secrets/ninurta-backup-ssh-key.age diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index a2d6445..02c7ab4 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w /yLs/wBR7u98lIKy7VZXm+wN+zaGzQpYO6Q0cydEGFQ -xBobHUHmeTNvvYY3SnCDo+nVCst4r4UPDIK9NzjUkhI --> ssh-ed25519 Otklkw jQaseyREyzaaXjV/yIslG09PkMU6rmpn4Yggox+/kWw -tbk355+WPMA0iTK6gnp+MogBBus3Pp/GCHQ7lkK9oJU --> Aat$o[TK-grease Lzk"&$ 2hKm W 34G6L -7bTOH8YTjHkY59FsgEp5Zwij+ZY ---- NoNWoCl2Qmc/k17e+IkMIAqvOjiDsL0uQISs82D+zt8 -çÝ"§›>Ž7%²5hÜ3 ‹™Á›¨ý(@ÌZê`ïÒ•;5}ŠÍHM$œ,u"-Mª@0ÿ–uÓSÁ¢m\ \ No newline at end of file +-> ssh-ed25519 L7f05w Abw2CFB7VbXxMVpEBl3Cc0KBX+YbHrHyrHFdsc8mNH0 +agiGSRMq4wsUBvGFdsoNXqoisNy0pT7e7sqtxp/USbQ +-> ssh-ed25519 Otklkw 0LMyVk8RrF2FrzHksbUO3WgcQKv+ZkQfkCBzdMYyqww +cCuPZksxQi0t314U6+bsCQRP5aYKPnWTLu9mC2p+SOU +-> :G'-grease Ppi]s 9(e +55/tUS8uyOs7eIgvRcKp7gykDUhddX9hANpRqlPOExKEs8VLbStJU0EwGZ3W4t4p +zNqgeqesBOVTbOMeZP70Md5OKtv1ZuVSVMWXmF3Yvsc +--- +3bHMnryrJeVYvbvygQomRCHNNpUnT5LXsqQb/0xah4 +;ÜYŸgŒTô¿ 6Þ~Sßr§ hX¬§ÇÐx.¬Ž„û;]Ì¥rW²h 7¨€„üÒ3xæ‡; Ü=õ¹ \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 1c2f163..fb698cc 100644 --- a/secrets/agares-backup-ssh-key.age +++ b/secrets/agares-backup-ssh-key.age @@ -1,10 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w RuqlTOgvynm59qtOEWdrrIArOL4ot6Ghd+3YGxiZVQw -FOfrWaKYOssRwWO6aR3HjYE9lSr/K4AMkTxQk7mC6is --> ssh-ed25519 Otklkw DcpsOsfRJ8pY2FJg5CeWPvyS/z94eDAqf6M1Y3ZBk3s -Uj8+e/P6FzeDtKJf43gAIiC1/IbULAbqFa6OfMsxSzU --> ]#^._635-grease }4 '^.0 N) !}$9R -an4CyIFUU20XP1xHBSfdt+N34zO6O+ZSUn5gjFJNpO6knGkVmRJj+1J4/JOVT5xz -LQrH5VSATjU ---- diRfQBzdoC1pw+HG9EXPrDTfTcdtm1P6hHG2Df3iKHk -Æeið>%€aÃï/ÿ!ìZ¥A2d ´T»¨Ì ZÆf¦ÃR<§226hïY¸„úÃ5¡”«AMSþÄWíªA]AÄ”ËúO”듸vQ7ÞIK²Æ[Œ×[ÿA˜ã"â:ù±üöÛ2 ijÌ §çû`ÔtN]‰~¹|Óyï;KH)·›ÖdçnJõ–›3’´\ñºš7O¦ icŸ,Â/9àûpcñMšÀ§@.Cà$z²…Xjä4ûŽÜeíYÍëiä  èÊkè:D§àxnöÌó¡›~Í(ëÉ´éó§‡ïZɵaÉa+F2̓#T—jif¿ž]ãÇ”²W@ì¨ÞÙ¡L]_;)ZKCäRøÕˆm¡<^[$¶`tdÚk=Ôñ÷IJ,.¦$:•„NZ`“*1¦¯c@v á4#Èaø¼}VÉ.ó<ÊC7Tè’׆ÃS =è+?ܲx¸¯BcrÊ5@ÓmOCà€1Ü´Èv†TÛTõéKE{'ƯHd*H#þü<ÂlkuÐÕš,b‚M¯Š·8™$rq¿{(4(½ÕuR[RW¸±¹îžnN_†[ \ No newline at end of file +-> ssh-ed25519 L7f05w oXCUz/Snp43A2IFA33+QKIYNIQUXuUsDijU5AwAXCTk +jcp41ZdI5/dLE1WfwBCP2qp1aNJrXEToZJ1YvOAfbJo +-> ssh-ed25519 Otklkw trlUKs/tT2NsG49vkVvK69T2opwm0rUwFNOXILO6zB4 +RkubE/+0a5kbgQOjntpPHbO6lmVRRDRHZzcqH8Lr3F4 +-> !kT-grease 7V!tUPF| L1 _O[fss= } +wHWxXDTxxRDI +--- CqFl226YA4/T/tlw0xblBOq9TEn9TnZIuXCNOH+OMvw +\§o¾ƒ´²E½FN5~˜Å§9žY5u¾ß§ºüœ\’o͸ÜûR lËKˆ‘ÄY‹rÔ£+â©çrÊöAf1‹µøûçUôÃUþ§Ðâ˜'±/¬Y‚9—įò"˜—Åç&óÆöAOìùv†UòšÃâw¹É®öKFñæ=< ÂòF¤änON!YZ1B„Z7”ÔÕübß½ídCb½ÌF;wõ`°7±?Ð÷œ3ó‚Ŝῠ+{ÈRܼ€‘pJ 5¾Sß<5W¿­`úIÏ33l?îÃ8’´‰öV½·¸{C½ºs^ÜÞôc&Ô‘Ä¥W$þ&ûÿ@ŒcfF,±ípÍYBW‰ä‹ÍYÓ²ÿ]{j‚õ¦g2µ&¨Ç™uáLÙÜ›ݹñqÄëˆ@þà?µ%Œq‡íÈØ¥¦‡{…JÌøa –âöê±[mÔ=HT4¬‹{‹Z]‚»ž÷PÆËÉ#Oô–oöj‹Ç m†YLbAöÍ!scJ§õ`Þ 0*:k~iD“nPeÛJ¿%®ÖÝh:ŽÞ +Œ_ö QP +|cq4,bƒš‚:Bë9ã¯ßcvddˆâÉù?£ \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index d2d4760..ae47239 100644 --- a/secrets/gorgon-backup-passphrase-gs.age +++ b/secrets/gorgon-backup-passphrase-gs.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg NA2EIkPe3Etbp3gLlU7ACdPTcxqOSEWiKNmJBtvpdiA -/+LE6FPMwSnRKNl7TDBUTzNdgFoUIqR5k9HudrOrtkU --> ssh-ed25519 Otklkw ixTmLiN+rX13mHtEKZv3BY+RhlmGBYu4Y4kYZUiNHGQ -JeKiE58IL5A6B04gfHmCkOx2metsT/oNU+6wyj1kt7Y --> M>%o*-grease #dO-(e 2QLFvm ' ~7yjQ;+ -vF5PRbggDaJlFUl1PPlt7pncU0goxMnyJwGkvxyP7QewvhLaqa0 ---- WyVx1Wef1RN8MK2Uhca3Nuia9DjiQg+GpM5iRNz+Jl0 -åÚÏï -ÕMA(<ÊÐÀö°EÔŠ==:ÏÓoz/÷>`R¥/¤#$—Ò?‰Î2B's¬ \ No newline at end of file +-> ssh-ed25519 0aOabg aHRfTdTx3nknFDmJTLtU9UhQFpDfNV8GzmSNIzq4Rz0 +WWa2QmUB5tAgE2WquZsu1yaZq8OXuwSUDsKmZwE7y0A +-> ssh-ed25519 Otklkw S+a8KMJPnmgiStjWK1oNZcMbtSJMTPkgHPRfOLy+nww +fGMU/8UqF6KWag6NWDJz8vUN3+rVRQYV3forOYtKs3Y +-> sdl3P*.7-grease +8gmhsNiPphYbh4NdxVx6ZwjkhwywD2u13mfsDSBcRvfiiUk0OHAoH4/vg7mP0IV0 +ehZfN+AYSVj/pgki5L+SldaR9nJujLhfxYluoiOrBNtaU8FXYzeX +--- xTDZHc7XD20L+xxzn/TWWf313sF4zQt6ex+KCzeoG9w +Û÷³Ø +`µû dæu \:É4‰[KZ6µæ ùÏÄÆxˆ.ŽA<…E¾Èò¹kÍ;þÖâV \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index 4d82d148cb659f6866772b8c48ad2691217ca98f..2f0c222b6a52fbfbddf15987ffb9ae21c2b059b5 100644 GIT binary patch delta 479 zcmeBUZe*FDQ*Z9)VeT1eUghB&;ce;SlV}uS}GwZswVr z&E?|ao@*4Go$8ivY@F%kTIAwc=oS{>m=&IBmX}lRpPp`3mF1EhnrcxT$fawiP+Xj$ zo0?)|YHDby;9ruRlU=Tm?{AS^W$YR1=HpQkU>q1&TyK$T=~j^B9$8+PWaRIvUtwnI zSDG1O>0@lbmFyH!5)|fZ=$UBY6`E%nY-kkZ>K+gn7U3D{l$0FkSL9O; zvaY<;F-bSQC^fM-RUsm_JW|Ozgv%)3-?GRj%fsBUJj=-|#jT*CqN2ht$Tz|}L_5=@ z%G9jh%h$cgHN`m7-KfkvBit>yz$2~HAkjHEH!sT9&&!W1ySUK2!Z5|EFg&x;#Mm{(FVxkqC_BT8OIKG{A=_2o+|@K7Gs`j6 zDJjg~tH?LKETE*yEL}g#H8IP{DKj)JsU#@E*UhConXB_}Q~161ov~Nn*ZHZgWayi{ z+>Gta4Y8f?{@w9C{BLFGM~_7jrLr^k8a2+^GK;5s%CDd24X)&Gv|8P@+j0HQGfFGn VGt}4i$IeaJWNp+GeenCzVgPadtL*>) delta 363 zcmZo<>0_RtQ?H$sYvSmUS6Z4GZW3wc=HXP}VVRNW6I@p4lWtN`>7G%T=A07ZSmNds z%2nXyTp8t)8Io@5sjbsVqqF$;9cOEQQ=wW>m5;M!li4cP+Xj$ zo0?)|YHDby;9ruRlU=S*k{|469_sC!=%}CRlI$9hS07>EX`vrfT4@##V&P*J-7T{`N=@FJunOt1pn^xviV&Gn`pP!wPm|v3S;p~|V zvMx2$-CZ}mC^fM-RUyu$uu!c$Rl$*qOIKG{!P3biG9@$I+c6+KwcORr*fJ$FC(tt> zqRcDBI5#QOqQED`vC1^tGblO0m+PJJy*AFo{k4K^haD{EytTe2$9F^gig~zi=!ICb z-A0Z=2ky0P{Nblp*qw5?*821D%)3iAu(f;^$nDL$)^yqSu2L%HS8`scx1qORYPoNvZ+Ve_QJ7P%xkqSKWm1)+p|NG5he?D{P^EKGrMpu$ z$hrb^)3CJiXl>o}qSVCVR0R#&yb!L+Vt-E`*Zhp!KrUTfU4={|-*U&Y#Kf?~VDrd` z@bL8d@>Eaf5MyJb&@3lMH;){rNJs5J9}`o5|8%Z6UhAft+5&5491JjtUi0SjlQZlg z5tpyjw9k3_drm+U!_235R&Ne=H}1xs{<#seGmA$+C%WA`K$iY zSA5b>CNDF4{KG{in=RTR<^A^y%+s{vA~IL29<+YCW6g~}DKFd;W8P)8FP5DZ_xSS9 zpiQ&?@${SwsI|X#GhE0xOlr*y_0NKTTVnpcT)}(3SMlB=`@agsci%tD6e=s%+B{uR z-{1P2+tCB=_xx_v*D%>XTfsZoKXU!sK*suGoR8}or`p$x-8SjmtehgSLd9RE_FI;M zz)U-4`THh)k4-u*99zS4Ho$(>#qZJe&ZBu@vGnFvn+#@^bPZzDNZ@xPYB1J-XM0$t zI#*FdYDPqPlxs?%Z;4lwXINNdx~WBmp-Za2cV3ZmPPtiBWqP`kw`FdU0hg|wLUD11 zZfc5=si~o*f`3VNPIkFMP+n@ehlz`2ML>pEUXH$FRDF7dYj9vzu%&BBXkt{Ep?{uh zajKuGwyAL>SAj=Zx<{mIengPJvvx*_c|k~GiEmMf_uLe(Gy@M~6RzyyOc$dh;~>XCE?r$+ zh2#u_ko?@tu&7`UzbIelsvIZxJny2MG*`>?l%&9n;=~+(GkCFq^7*=*Z)bfYH! zYi7nH^@mt4@jC3D)Vg3ji?nPTJIm@B;@_f@t|^@65b6?bouOQiRHMDzI4fGo!G6<> z)LCiOzJ>MaAFnY#S+`Vpg38~S=kiWmJ<^yvZ(I1SPuXtZ9};L diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index a99144d7701ae5014fa5fa4bc44fc81be0d312f8..5a7e1282711ce9077368fca05ccca760dc68bfc9 100644 GIT binary patch delta 462 zcmbQj@_~7RPQ89%RaAPur&~yfMWscyM^R}~WQw^#YE(g_iAP?gmw$$Ka8b5LP_}+{ zIaj7xfxk;?T4a%du}N7{v88ric7bz#WLSo4UcPBWq@PiSWm!aqOQ?@mHkYoQLUD11 zZfc5=si~o*f`3VNPIkG1M_NWviceC8YnWeTn59o>RK1U3u%l;oPL!{?w{ccwrfFD7 zWM){Fw{KP;mywTeg-3};h=*}vfm=nmaj{#DQE{QUqp6EQsF#sbfm>0rrBRYckg>T1 z$hzc|3f=Ug)WqUcg$PwHqrxDs$V_*?3d<_fWDB=~ymEaL&!})qkEBeGw2+cAeYccw z-^k4RijrK{Li3^&OMkC&4=!C@U4_JQGcWC|Opk2iNPQ=#Y(LAg%hU~?F@|Pw(WM+TjUt;skcP>>fZWPn?TcFR^sc}P1=}QUHfdY)luD3`9CLUD11 zZfc5=si~o*f`3VNPIkFMx~F4mX^KI(cR{3qZRGsyyPrb?Tpg=63bM-oUGzNL+>hW{qihd z55K^AUtia(M6dLWBF~)gGOtYcjHEncSFVUM595Fo(}4Uk3zO8+3WJKmprAyf$ZSvV zP%d3vT?N;2b8~m?%y6TmDo5=suaMl-h!jH?(>za0C$ln36VIGN17|PGOnvt>SFT4~ zIn95}`Za#cY>0aK>X+b>Z|id=AsWYE${W00Z{MOTbhp*Sno4_KmU2Nf9<7sDJNPqvI rB&&1D_{|(E+m4!;7@_6f8{)%7j{BDh)`WSP?C#d86RiEX=AteDR(-j< diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index be1a22d42cc78033b4f8a2531356b1dcc61c955c..ce9d2fba8a992759aeedfbdc922b580420b7fda0 100644 GIT binary patch delta 472 zcmZo>`Ncdzr{2&!sKBGZJ*p@xuOv4-%*9wg!mJ?6Ejz@*-_tPB-!mto+%P3MFE}F9 zk*hStG&s?~FuTObBBRp6Am1#j%EQppGALQ!EXUuwu(-6?GB33xDKgKy5>EW^p!)ydMu(6d0hz#yxvDqG(($;=`**CaI6F*wl7JtC^y&&fX$ zWL>FhlBu7XwQhP*YGQG!f`_6(0auVql54t4RA_pIMMRZhNLrPJg;!>POPXU&xSyl1 zTXJ%}Q-qnnQ9+1>sjGIRpLSrenWIr+WSED!c5+Uop<@!4w|Q1XVU=%XW@3)9wnLOQmaSu#;I)h_Q!$XsDN8g@H>!fRUkhKvqCzX zRhYM%M^urkS9VCaxq(q>P?d9~pGRU22?w>lQ=TR4R))9sbfz86UknX?S0 M+c5~q+x%z;00Q=#`Tzg` delta 481 zcmeyx+{`jTr{2U*KP1O1EnVNj-=xshw<4@O&!8yOJtQ;H*h@b%yU3?JvcNOB&@?2> zge%80C`&)tskkyUEj_HrJi$ImFjvphdIvBb|WzuqsuAi&$XB*mg2skF$cpd=#A zFF7cpG~GF$t02p&$T=^y*$lPzre>Z!>u?H zWL>ImdQoa(ajHU@Wl*I~LTSE2ez7iBL3(mXh>M4|ahiTWNmPWPSCpeyka1qIiC3j| zM3iNHhPkh~i<@b#k)vsOes;J^p_hkGRalBorHe;}g}+Bt7+0#Rk+X|aiMEqRm40$c zWO-#&NJwtJUs!3Oi(^Q+LAbfMS+-}oc}k#BdUA@nc~WAOt9y2NrE#c9ly^vIa5-0i zX;=W4uCA^^eyLw^s&leiu4`gukg=hgQHV)YzN>4NQB+uld7`_4Z$Xt;rlF~kr*TC- zS5A{(n}K!K!Rwi~&T;S7ZhBE_VsWZMc2SsiutFJ^bA^{-zENpqVMK6>acNP6Yd~gjev*r2s9$PQP^C$x zr-^HQewvF#K!Hh-zjtM5Wr1T+N{+W>Vxe2Avu}B^7gs=TPDo~YW=gn)fu*ZudSFPg ze?e|&s-;0eT2f+SRenxbRAIQGL5guvmakblm#(g^LPc&yo`+k$qrPjok85ISp_gfz zQEot9nq_3Ren~)Saj1Efsb5}6Xn9yVmug}C{XKV+t#zy>nx*-P?7l2(eLw7(!ZfAT zLEIOGN>7{UXdApTVn|rzxOl3A(WKPlj>WuL{046r-pWR9QeSC2XVdw*m{Q@jS@%C* z`PTN;j&aG~R_2+(xh;8C{{zf}zfbB}qq->L_Otm(N?HBxWeSyVHiVk!ep%OGag00Z zPB)kE$@&$HDqC2YSoXOE{gJN!^LO*Hzl@)XSUe{M#3&ffx+QM5eAeIm0=a#^r)T|$ z=+8-H{OK*!FY6-XJ|%R8?Fqj3IK9#&r3`iX7xjMa}8YZrY!Sue$Pw>+^rJ%RD^?N4>C=G~H$CaRnj_D{Gd znY>iS#PfO#i~O==J=XJT&5re&-=eJU#B`V@vp@c!s$9agYn3>ELws+2;e1ZtbJ^=w zhaN0A^?Btn@du|j^@ delta 745 zcmaFF*2y+Or#?^H!_qj)tI*BcqA=enDLFf!$~+{%O}oq_z%0$b*fP+m%DqV6tE9l) zmn*Qs!_y)nKhHQb$u-=>#3em3ptQKCJgFdD+oC8VL^~tU$UU!I-#p6MlS|i5p}06h zH#Nn`)YQ;Y!M`LsC%ass(A&ewJSWFk-#sfeEH&7~wLY{Y#LqdvCEL_gKf}{JFEJy_ zvLfHYvM|e)t1=@)+c-HiIVwEJ&B)BvH6*AkJG?BctUSj(r#vdCD90tr#~{rlEZGfg zowAp1dQoa(aVl3pQA9>gae-x0u3=Phg-K+nv0192zNda_Nl1RFBbTnOu7Y!gS5TC( zzE6Fyp?OJWV7_BUN^q5bVR&AVrxIKiUpUBhRDs+QGqTxX0DsG znNH8#bhNS6>hrv4kH?|D6I>q(vPMnRIgl!Is`}KMZ!07hAH8jTOz-ol4HivIy4`Y; z4|CsM-<~7?dV$8HGduV)#5>Oa+RK>B;K5)fe6ynduE_cbMRkccS50=rlucUx5q19EeLg?Zceu!zuY6*&`sa#{LmsalnV5e6bi#+fC(XnY`&zDzC3I7*{b@euBp8?M{Gp)mPZHPyP(FSV-vXipnYxLys%l;2XbRCPjY%& zAhy_Z^4Y`NmefDVC*Lw}ID12B#=AqwXV)Z_ANbZAwl2kl?e+pa zTN!UJ!TMhf3G06;?d1}?`fKMNL)Q-#EW6s)M{QgoE^(5x_uu9;{-l}TE4O_!zB2s_ z<8sY82dAXWIPmykgR-07-<|JQiRZh0-ap~&E9<`<1wRiiV-~QVv(RD7{N2@aTx@@6 uz6q+IsdA&jEPUOa*n{2PKB@dm13y{JvNrg1+Ji@QQ^9{7XBH-@R~rGe{6Dk+ diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index b306dd0..be2c084 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw WjtK3TwJJcT1+CARwXu/8pCfJlA+iYMriWEifEAjSEA -VzJ2aTBU0spMQ/MpVCNwRJv03KdGEv/GeYoIKQcd/pA --> ssh-ed25519 Otklkw SUYR/Xo3kQdQVzOmQ1qSdpR6mfI9Zh7EWj+UzbLv7nU -ptoJ7lagfRnL7IzNJfyVj2/I5f3psmzvpiI/xb8XJyg --> Dff7g;-grease R?$ .DiZvg ]tF < -Tn9FgnJOCz5oAicAXGMyc+aDQdkDSw ---- bRQP01wHrls+2i4081FtpR7Ui2N8LCBj+CkLCaLwDZg - bµ1µ#ÜJͯ1H‰ä²Þt–/å0G£Z¾^”mD;ídrCö$Å!#×ÜHZágáX5Ióu½¯Úf5e€wÇæâ -"H \ No newline at end of file +-> ssh-ed25519 jUOjpw wErajK607XvMRNfofLJMsTpqbQ8cr/gTt3K/sqa6q1k +joRcoL6w9SkLdPKi0anHos2NJd0+lj7Ktv4dDn3BcGM +-> ssh-ed25519 Otklkw 1YicL7JM/T7XcTpFxCz1aWIRxyY/o/YBVO2LZY1Lf3M +4238tXhCEgF3c1byx0JlU5CIVU/TVNEVaF7Xm84q40U +-> =Zi-grease [ g:6c +Qx8Ug2gzPfaIihYZvRC6q7uChqLgbjKRD//eH96fkmorC1h/xMjVzB9HxIICNMLC +9dxYl6UIP+YjcX3Aqy6eqXPyyN3XbJeuv5Mp3BRONOE +--- PW1yzuCjJwv6ugSBdRCR7i/KbQikiQoQhBdHATzQ694 +äOÓ÷vÉaöÿ +šúA·*±¯.Ó2#ãø–&*ãZʦòB«bбÀ‘—„öŸÞIäÃ^8æwc–7EE°Ý¸6’uçµ–Ï&€“rt \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age new file mode 100644 index 0000000..323e95b --- /dev/null +++ b/secrets/ninurta-backup-passphrase.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 J6ROvw Su0yj9ggXIAkxB8ong9b9Laa85G9vbX91pKzxV8fiwI +o649XO/C+fmcu02g0/ZA1jyp7PIuwsSQxm5U7jquPpk +-> ssh-ed25519 Otklkw XrNhXexWicoB+G5x+A9DCNGouoS+CbqAeeaqX276AmA +b6q+ya491tmkaRAklmh1MZyfNXUxI1DuZNMFdmOIGNU +-> W,A)%4U-grease +lzcgJfHnVk7zl9FSGphAWuKq+U4 +--- 39Ztp59LHSuw5S4QMsJuGsXACsLFIaD8sK2hAMLz4PQ +3Û À_-ή¸æ­|ò÷üºTÅ„ôAãéu C€SÎQˆð¸ñ9wNŠ •˜›š7Y§#Û,ÎÏô¦“)= \ No newline at end of file diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age new file mode 100644 index 0000000000000000000000000000000000000000..de4538f6034e3b797ae6a971f105100567cc70b4 GIT binary patch literal 808 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlG7IuAD_6+KPBwP+ z^)?F*4@>l~3M=%EGAtD9x%cG7QX23-pRI(05BKt8y;)uk+yIdi~C(_a}xi~m9&s*Cm zvcfYxD6}HnIVCXFps2{LNZ-q`Fx#-q*F@jMBao}4!XnZwz*O7ZDa*y(!z9Yc)!*A9 z(mTSZGC8?CyEw0?s?sbky~sZ~I22@?YjvhmrfzysYGQG!LX>h=Mo3VYLPTnrXS9}r zjdi@Cn}TbBnzN26mt|T~q)Tp)MQ}xMfJLQSR7sGTX>AE}h>4T}u+X_oJ-T9L^PeSgY zh~ne5QsMjW1Ze&udcVYci!clx6)moG1gsk(%GKECjPNg@^;C~lZp&8 zvRy>OHMUO+OZm0Rg>Ak4KYN?0lYa0n+H||G;Qgmn#wEOI&MyKR!xCZyO8>jJ{#ehz z(=pqpE1luSo`?x-(>uKP$v@Xk_B+0H*1y`w1uW5J2@Ttq&PtE9OI|a}isQAI`M>HX z8NxIBW>*~C9lc@ye~HjZ3-pe0RiwRncYpq6nY`y#d%1T%ym0ME<%d01^&8F4q}Xvj tQ#0Rbd((P*)YAvEtTI1;x;bG&#=I@ruZp&P>ygV{rhYX3IfsCf69D5qTonKS literal 0 HcmV?d00001 diff --git a/secrets/ninurta-initrd_ssh_host_ed25519_key.age b/secrets/ninurta-initrd_ssh_host_ed25519_key.age index 093f81cb96285e2e410af6fbce98b74bc0d56655..20e4971e72e2c4bb02c23167f7270d2c1f372f83 100644 GIT binary patch delta 777 zcmdnQwt{VfPJM}Sp?6f2U!iMes%cO_a;~|XSxLD|zL$BbVPJ7yfRBrQPG)doxru9_ zFIQTIc|m%ZiA#8pd2*3UhIUS7exQ-3XJN64hl^K~zk9fOgnp!9qG@oUCzr0BLUD11 zZfc5=si~o*f`3VNPIkG1i>Z53q-kQRyMBs)S*d$cNxi#%d9YJ=aDbmnK~7GnPl$0yYPMlws;fs}W~9DZk+x$o z$U1Xl-Snc=#Nt$iwD20M>MT8T1=V0XJq-ozES+KpZ3Xu*XUmu>hdM4(=P2_s&y>pS z5O1UUWaBiqH20v;)ZpCoiY&(v;~XEKh~(s~N{=j0pUjAGE?r$+1&bU@kIKyalCwu_9{O&WBpxU8bAIJ% z(^dYl`&D(fawz92=zZS5bl=t&!7FuVFTXoa?Q(tg&MVxL<#nSZ?gad`*3(_{PosRN zNS}eD)A_$+dnM;?U;Hh*ar(*+N48#Q`LcJe-yJq~9$!C(*PkB#i!bmkvi8v3{(J!; z=5KOO)ifF+uJ&k3?NLnjH*0ujpmsj)`O4>-=Nj^ld^If8EcW#04r4BhDtx(*x5U)w zuEQedJM(|D8f5*C$yx3syJ?0He}B`g56ixUp1Cknp#ANN2}@1u6+`MJ6ZYlBhNSIk zFYtKp@Gg;0LX1a7U1lnK-tw!Ku7Rwg_IDPZ^w;ORY|p+^u;|JB>#X;5&Q0!7J7+nO z!>{4N{x^a3+qWwQFVf_3W!Z6ukL!Z|{R6XB-J8K3>^WnD?Z=rXIXs`Wg_a*%n|?6m ZX-~zbeJbm{thTNYR1>Xuf10T|9st8YJrDo@ delta 787 zcmZ3%wuxSzcZGA6TY90pPj05anYWKgQhB9+zE60tWq4?kFPE;JLUD11 zZfc5=si~o*f`3VNPIkFMh;dR#xw%PImWzI{Wlm~Zc72(9kawo5zki9Tw{Mwug|nkc zk*iCHr&)G3SF*o;P)4SSr-6}Ak$+G|d9bBrxO-7rPI98BzC}o6QE6VNTdrrAVW?9! z$ht(0BrVgdrq`B85##$-;5awO%|C&E3r{2ZSRMqU)5pE-ir{`{mOi0=7{r*pU zj)=GNOBLxkxpHC&e?H98XEIvobGz<`yxR3IYc6`T1k39Deh|k$d*VN%#Ow}F+f}^l z>m8K7+?^-UY28T6S?ex*UFmWEnZP zFP!??{y_67#@#9o6Xx)*zO$1t_nM~gy-!L{zP}K*oA_v_h-;|g_eh1cE8jEzemPr^ zZ=&O$0~XiK3U}&Fcz5pNw_o2=qz`*OO3Px1dzV&knkATPYJX#~>~5WNdlJ(myL*4E zMXHjdZ}hCrxpP=fa|Y+f|F7e<9JYqCYV5y!GwGVboJ1!N_nx}PP2KA%e0L~#gj+-e j1vzmpYfHB)U)C$?cZui3VjjzvEA#K ssh-ed25519 0aOabg 2M9FnuO7+uJnQL61D44gS6PQP4FwYl/aYCMBbxCj4DE -pF1bk1nKefY0U7SUWEV1eO2Q01oATL8h+Kroja9boks --> ssh-ed25519 Otklkw 6EFtMILjWSA4TE9jVuWVQGXRpdIW+kYFb6+Esmv4KU8 -Izkz1yjGYan0gn0R/W7+DGGQq82C49vesTkswAg3zDo --> 8Tc;ezlI-grease CP c+3 \k -v3Jxsfk3k/OP/ot2k8EBnpK5VSoeS645abhDl2G80LObzn72slfnSweMeSCsuQiI -VzfkE2Vkig2yRsG+9bVvnN9xEzLN22I ---- ttutghHl5E7PQzN4T6JIuAJOMyJxGKQ4dlXOjtv0E1I -¬%ù,,O/˜_©ôŽõ³%«‚'Ìþ­a`|tàÙ²Ý Û0CŽf¥®‹Âqæoï%™…‚qU5fùž fV:ž· \ No newline at end of file +-> ssh-ed25519 0aOabg DypB1WxqSedqB0NJbedHMlVqwRiTspt9opExQf14+Gg +4WsUwu0eDLYq4yE7dGIl5QkwWifUevLoDbujMQWt/y8 +-> ssh-ed25519 Otklkw /PbEkdjbH0uKqppP+MslF8sIVXSy9OTW36WWsaTGeEo +EgUJDl22ye7cEDlbUbR4XUdZuJHHoj3TC5Su5xVFang +-> [vjDXA-grease +@rf ##RVQ2* [B*u +rrv9iydA0FRxfu6b7YHkl/md/Q +--- VFYFojX5CmUCy+a54ovZNB4bfPLkoAlDxTwFCIJYT6A +l˜@åXFý¼l¦Îð’·TÌÛ¥UÑí¸GÀ~~ +$^nºÒw‰·`Òd6™1-„–ìPò‡¹³ +´ü<Çê¶ \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 9191fd5..07592db 100644 --- a/secrets/pruflas-backup-passphrase.age +++ b/secrets/pruflas-backup-passphrase.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ Y+EFA5UHFSVH8gYseuvdFQYM50WRfQ7kAbDd0VDNWlc -C7sTgIKLh8WN3SeB3l6U8GVjKPQcTJHcdsMEIGizK/A --> ssh-ed25519 Otklkw 9uTnFZ2s0XINtxCm+RdMa5eoEu+Py2ciUMeTDlYvZyc -9eEshprOqF1Owmr7ccEgEjmBbaY/k68r3SM6yeQi5+M --> A>-grease 6^Yh,lh% -Jz1t6HBXsEqECUhllROJzEuF ---- W3P83c88soXqGBoBC6Kq6p8YtOT7iDaavKhGYTneg5E -V¿<1 iáuh()íªýwu(zÚM 彶'«`WÂbʃÁO({¿wÖªPB®i•;4“ê+)Ò¤.-ž®’À \ No newline at end of file +-> ssh-ed25519 IXCPDQ pZDDwpibSJ5f5vIXQQ0xvRiU3xr4NF3SeAmAI4EJXRU +FAuIgBB0snsm2u21tRNSf0eAcFYaLOE9oIgTpA7M4fE +-> ssh-ed25519 Otklkw Z+7NYqkSOoftoQkHy4ZroE6vRq8jEltcKQnWPdr6B3w +DOKwwKxihgwgPPFb3IRENzK1m4UT4HQpGzUiJYd8/h0 +-> eC|"S%-grease +kXO7dpsYu2namKB8HcJZZC0sqrWhTTZc69oCJtBm1SWdz7601pPZ/RpixVVIl6zh +EIgC/eSJqMBdfQFx1AxF73AcAxQJ/I9D0I2NVjoELmLJ +--- oa+EPYjOi4/kFAFcouviggd6rEPMX9Dti6g6wdWTV6s +ÊR[FÖBº¨ÑB…Úim:dÀ04îvÎëůÁz„÷HÃ\P¯{Ù.ÔúÌÈÉ–ä‘*µV‚ɖB¶³ \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 99a4f397ca023a60e9d6de0e42d17808f2f80d3f..3d77b53f3b6fd573849c4d8a1535a2b296803dd9 100644 GIT binary patch delta 819 zcmaFCc8P6*PJNVrZgymac}0|;QKn;Qk&#!bqm#c+dVz&`L{LV4c#(;vcdBctd16Gk zFISM0Z&F}-P-U{WU!ZqcVq|u)QMhq-QC@jiNTh*lvQN3IS%zV5nWw2&AeXM4LUD11 zZfc5=si~o*f`3VNPIkFMcBW;StA(~vPHt7Yu|1V2)+BX^DPHQkJWKa$rbe zMs{R=u5(a1SB_DnNmW%)Vs>evcBOV?WL~nHc0qoCwp)3owuPUgVOXKDXGm~Fer85C z$ht(QY8yM<^rFbUtm&GeWOQ1d_|KK6ANg4wy?XNfkwQ+d z8|N3CZLNQs`@1abn`YvTCx=&@*0Cv=sJ{9FpJCj!opN3C+IK3xy;H%a{_^ZQ^RNc4 z%Ny8A{CgI5U%tWQ7J695gp2>PK=27(t#coib+MgX^62uuJe{88I(4fZ%tGhGSo7o- zY(A#`XX$tTwVllh+HG=^b6h4#@TCidUH|*jukCHfIi`25^{p3<1b;qxSLalARLYk$ znH^12Bu|vd{o8b@V@+j;^C?fIw_Mc*!J)_gWStGaceHiCR@6$-z3tcUzp~|gzp?Z7 ze8m9&yoqb|TmPPA;kn}#xo4|%=H5RX*CMmb4A)N8lT(?mY7u?eB#q%1t3cbsl~?QB zm#%2OvQT%r34_{RiIj&ryOntUp5t?Hd_OM^sLZaeaVGMoyGxX=$-`L};Rim!o;O zi-~b%l|^nkS8`;8n@?bIKv+qkr*EZKcDQF?YN>^pc3F0&eqL~(vx}jnv0rkLU#Md? z$htg5x9mLKAl>w$)WqUcuFRs8)MRf?)7S=m|}e{W$MFqFAqsQU?_~joOK5ypBOpTu9YVt0| zve2qJUG-Aw3x+*gX72rxbxQI;ZqmIg-X^;y$e!q8_CGMYtX_J7NRQN%r8V~%vnmzJ zN;~eJdAiNJqj<@-FQThn-O+fPYrALCnnTZ}{tD=KCM)v1Y2)s#ZD?5%?7h79@P;^z z{h38&ZnzA-lrFD%Qg4L-x*u|ITWvN+wM}1LhQAw^-NJ*}@SD<@=MObOD zx3gzJWpa8bS6PmUV_;QDa)C!qQK_4|Wu<IOuEen5V3)uu6TgDcvOq6wQ{#a0 zR5#1|Tr<;jqY@AOAV-(fVlG`>T?OydKz|n_LoZMBjLdNNjEelEQB6BD^|hj1}0FF_gdH?_b diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index 567b765..d3df33f 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw YsE+O4kV7E24d9jnxDfQoj7IJeK6dKSU8YsZW1TN/HE -dU/U8KmVRxzmoaD6nIR+N3MzYpwgiGtMNMJSvYIYFJ8 --> ssh-ed25519 Otklkw L/Z9NwuJX1MbyxBGWbDGoomXQ6WlU8/8NnY8gf4hKAg -CK2qXl5u+bOI/7d1RnrxvwomJcXZ/9Pl1qOWD2Vnp4w --> <[-grease /&'!6M -:! -8ZvoNEdAXFX0+Wc1wYa+az0i2h9tI0QU6R94sVtYOsinz5fmquQRmlcts6EHG6ii -Yznsj0moTeUE+vF6Zxowfbml7DpQlVW2bHAgVDe0j4iA+Rl0tg ---- E3MD+BnZNQJt4DuGfSTg0aYWqc1REs9fF2ZUzE9cEgw -¯‡†‘ÑÂÛT9Óéùr ¾EÁé­…ÍÞ=8däõ˜²&d¡‚q‡GþÆï¾1h× ÅòŽjlÈc]á!²Ùc D¥'t@ÍL59Ê6ÿ \ No newline at end of file +-> ssh-ed25519 J6ROvw vhM4sPWz14HTrKdQxiWLYBm/TXo/1l6CwiaJ7EmYJU8 +TCctAq+Qfla80DytVMJDQkC1RaK9WAf5fcMPDmDmhlg +-> ssh-ed25519 Otklkw Y1BP4NJgArz3nkVpGi6sOTro9i1c+uDK0PSJmVlU6lc +Ef+o71ZjIfcZGSHRVr1NyruXfL8224EGr2XJJPhwx5Q +-> Tu&N-grease o=E _Ck;Cb (8W %P4 +Q55c8ypTe4XJMIPF +--- NKZwSzey137gDyVkvOx/xtflph72P3i7FHOJn+y57pc +À…{-¡è/¸wV;=B Ùøä)%pÐèj^¸5™‚§0)vSPáí²J:ùcÀ@†^RwçXcÊB‰Ø‘ú¨mˆ£{ñ8ÌD +–ýs \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index a4fe478fd4032f10413c3ab16a2613f143909c49..004986c6de30b0b209b8312b4999b06311f3ae4d 100644 GIT binary patch delta 469 zcmZo*`OZ8+r`|c;H8j}Ru_!0oJUuuw%P};^xZJqXz%)C;$eb(s4B}StH?1V zl*^(#qRJ`V&9U6a)7&&Yw7}fQ)u*J&-#aYaDBUQ^($K@j-Ne1p&Dbv_kW1H2p}06h zH#Nn`)YQ;Y!M`LsC%at1GS{~vCCt~~v^Xre(zwt#w>~%7IM~I+FU;IMC@a(_C)cPd zzrZUgCEU=J%fhSB!!OO(&&R{e*d*K4+o>|Z%QdU0G{vVdF)`eyBHy&iG&t1P(ZIAE zWSwzxy0WjbZhBE_VsWZMY*=EPe}Jk&icz^$wnCnQdmvY8Ww5EYzORd+X;NT>Us%3= zVOep#zlnZinV&^axW1WpNJN!Wq(MruM^uStdSF;pcBrvmzIRAcg?nUvTDegKm!W~b zyPs=Ru4{0xc|o?5f3|OBmA|)-pSE{!a(YIferX_=uCA^^sjG2>QJ_g_sz+gx6 Kvv|?D7w!Pp>Yzse delta 478 zcmey)+`uwHr#{&{!qYG#Kh-j~BHSytIJv+mIJYD{&A>aiBEvM>E5yCHG9$Poz|tct zl*>8GCDS*^q{6SLz|1GhNZZe?#3a1R(NZZ(>vdGh=#5uLZ z)4fnX)7vPUtJFN8#6MWu+uXF+J14Z#qcor(G0QQ<#4s$?D67;UD=N(}IoT=L%b>~= zWSym-ZhBE_VsWZMu!2gGLVhM!RzzBEMxl{eu3w~CxuKi3QKe@X_dvQjjtABo(k!N{`S5Rl2r8L}_|ezNK-NL7}&0l1WrqL6m18m#(g^LWyHWex-$f zc}|43rLnJNP)=cZo=c!dzHx=WNttm7#LdFpJv`9A#5^D=D?2kR#3;)nBRC{KBdAc{G0?e8->WFS$S}m9 zoGa8XG1NCJ#NWHzI5E-PJ*_az$tMAlWq1!noMiFsQ&WH?uq) zWL6V?I28kZXRV`dgW^S;y4TD^mn&Rm5v-coB6v3 E06}VgqyPW_ delta 381 zcmeBTUcfv-r{2-TFWVqFFg(%OFeJy>piJM#H><$iOWQ3Xz*XPZAS=tD#3IMgq}U`Y zlq<>Dvm(^M$;H*z%dIdysyNas#5gQ0$lEZvA~`B7)6cK4%tSx4%qP&#mrK`9p}06h zH#Nn`)YQ;Y!M`LsC%arBJ=i2IG|xDqAiu~xFvG*gx86y=A}_qm)h9K#INaF9qSDuhKtJpEp)XO3FDW{V6WZfewMLZT$Y7$ Z|2jYVWSB6cODSi8iq zoGZs%KRGBhEvX`b@5GoUCVJRmcm zI3&{CFR0vr%go0p$JIO1*FDG6%*ijMGA$&58LSU|fYlcFSeXUYjSyCuhTB^T6TA)XGwrgo+aYRsg zMw)lMzEg;oxuHd1j;VQ?sdt`1l$)_5m#(g^LZE+gVMb}1aY#UrpMg(`mzzgUM4@M} zg;{B!Q&L8tdx>Y7c1m(qN_vqimyq4VIELQ}=Y4JnG92B&XR^uWhT^*J&y9a}{?HI< z^L1P>-B(d{!Bfp$x?f(e@4CpJH$N{XGJIXl^UL*HHQr8oeNVCbgGyA_rITx4du%q_ zarElD2YUq$FqIVD6n6OPeCSP#RnO9=jAk!nzgGWY^kd{y_x&-$B;q}D=y&(&TvI+q z_pIn#7q70{b))k7fegNHx9^%Xx9$37zu>fM#2l5g_X4Y}HGd|)ZokU5-COMNJh@9T z?xK2XUtj;aQdK|i$&9qE^L=94oboEmDwPj!`KUK}PWr9H+ZqaWYg02PE9`o+%joj4 ze@=SybM8&@n6l-E7W1w+G4|(LS=LU;uXe28UVE)YFr#t>JIAT1>^lz5t}ed8YuNXp z>XP}qHfqh=W)u7TkaSd1(`lU-o?oR!O|=wPo~|?dC!pV6&U`y5;q<5J62&SLKV>yq zYn~~~Q<^PjxJrDM^1Dp=D8ralsgHMv1W&j6QrrBcxonOA@57X9d$}^~pWXGG@bJ)t PxEH2+GfYmk@NNVEn)*Pv delta 749 zcmbQo*2^|Qr#{8fsodMhEhyBf)GW%`(m%tyBFo$-G%?7{EZ@@1xgyooHMAtq)jQKD znJc+8*w^1F&$KerBGJn=&@8;lEYT>>*udA^IXper(!xvIAUVXt&C9gVgiF^>p}06h zH#Nn`)YQ;Y!M`LsC%at1Aly4D)Wa~M+&DbF#J3EWkaZu+%hCJ2TfQ-?E~_DL5y)(jq9Syu`%I&#%Hati&>>$fF!= zoo;kwx=E0tyKZ_>YGQG!LY-z{Twaa3i9(HkcA!N{VyJ?aLV9_Dy^e`i3Rifpqh+~C zkyE|CsRfs=uC794RZ?O=UT~s+ly9D6PJni4N}z#HfsbXVkC#VEeok3bP?B>|ewjIe2E^(|0zJ4ZoUpz-^KgAqwF#j9x)mR>GjTTNl&>lFVQ{l zzQBiH%G36gb{PNB-QTdjA#B3O%2x}2%JyGql&e>`wOsj48CRrlg6H>o(e58CybMP^ z?cP?nFR7*Q%i{YPUI$L9zBgBWo4bCNy!@eER%vs;#hS0{h>Tse-D=t5sP;)-?C&(! zDdmK8iY(V+vV9O(kW&6|-?AO6jxBs{Vq7-WC}Ha6{o5+$^NDulnQgo{M~7$gWZOdV zH_WRyt`0x`zW$?2=Wkx;uK#9JPtTbAqWsX$*x!rfy`9YGEz0A$E_-3Sa8~5;gO~5; z-ixjIm}ETnp||y_C@H;reTyeg`1obT)o*6T{CkgI-50TTsoM)F{mmUN&l4{kKINwA zx_?n#?kt5}k!w0v?oyfB9#OPxg{_akoq+rqo(ZaMhHM*FO_th~k+x58p<~g-sY%9> zDH}F!$((KM8`s}+G+K-G*122T1TMV$9(?sqnuaD@m)!L2y6OupkLj*lv(h@xar3s@ xFZ9ov`Zsn=TyiM3Y?FKZzny#Eu%)GypW|?dTQmDsc4xW|dJWS3!w;m{DbfbCg$dx^rf+se4ILnSqN*W}0c9rK6jdnWKksNlJ=im9{}S z$T~Y;^8|lG-Snc=#Nt$i+)yi(BF{WUE_dJ10?*>$&~oo8^Q=k_gYqnkqT;mh{1Pv> zyxjcyqLT1(S8XGYus|cz%FKw!0!N>aY}2S5BcnpMsz`TV=OQlcLL-;Zv;zN>z!cYX zf6rteA5Sx~f`YIl1^e>>Rt{`glbmU%r%)A9t3 z_@-;*shj$qntEZL7`xQ3sZK>}O|Q)~Y@2GpIq{_AM)`ZCPsJ98ORwj)*sQQEfbC%C zBc9mlGV^k)b}O!URJ^t6q57)0mwIum8cQX3bk3I_vvgj%`jzPvq8RNWqsb)=Le*Iq%iok#~65gXY7MsS1BuUjCLe zJi-*s*pK|VE*ug#qC|kF}?IaYlAnpi@SnZ;pF(9Vh2(&oZveJnzsTpKRmwFvlYIe3vABZO^PKU+3hY z4EK2-A|tw0sNSNS}&KpF&HYOy3;C()9cyuEM~oRI}{7(h`3Y z_tIcLi3JcD$usT`l~$5>p84Ke#)>$*C=DeU6)`sWV{4j*VYdA0uUib=`*JYA2?kFDAN z$>+_puq%hoGk<%koSXFD+@iBr)JMKO^Wf224_{xHo7xcjXoB6b-Cy#A%@YK2dDIQ& z#QCh`o4TiZ_bcVYZ0}wF9Zy!g*cF;wnarxTa?=(&#rnLz53kk>1*z|mIP+@9lB*}< zS|@YQIV~Dg@6>EBcJ2G`#dn`CIl5KI`-as|u6O%O4xd_Pa(~6QXW#wQRbQNa8~nWM z(>eCq8B%q7=2zYOx#O;k!?X0&kr(;19q${h+<7+ViXU73b*6`c{^mBJ>xvS4TP*z7 zu`a7#se9|((;Zt+blpxY`*N~Var$>*_cNQnDFv0U))KI>cr_)v{_Tt1sTH+dK4R&c ztu8+j*ud7kY)X33c5d^c%!sp6Y7f+mgWf(@*t&T3o3l|n0*ej5c|>Hr?>T%~-#@QD zGfkjlV#(AGZ;w>VF!)RM9p;%3&Rg+YI@N-g?d<2qKr!!~!V!H>-mf#e66@fnC3_<5 z``Rh_H#aDGFPv_7>I0K`^&z>NjlI*4%$>5Oec%49xra{i{VJNZZ`c1F1x@aO`u}zT E0LZ0X`2YX_ From 41dc68ae6ff959f494473476823713f728939e66 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 02:38:42 +0200 Subject: [PATCH 598/988] ninurta: use initrd ssh key from agenix --- nixos/ninurta/configuration.nix | 46 ++++++++++-------- secrets/ninurta-initrd-ssh-key.age | Bin 0 -> 767 bytes .../ninurta-initrd_ssh_host_ed25519_key.age | Bin 808 -> 0 bytes secrets/secrets.nix | 2 +- 4 files changed, 26 insertions(+), 22 deletions(-) create mode 100644 secrets/ninurta-initrd-ssh-key.age delete mode 100644 secrets/ninurta-initrd_ssh_host_ed25519_key.age diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index ec505b7..686be96 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -10,7 +10,7 @@ let wgHydraPrivKey = "pruflas-wg-hydra-key"; wg0PresharedKey = "pruflas-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; - initrdPrivateKey = "/etc/ssh/initrd_ssh_host_ed25519_key"; + initrdSshKey = "ninurta-initrd-ssh-key"; in { imports = [ @@ -44,29 +44,29 @@ in enable = true; port = 2222; authorizedKeys = config.dadada.admin.users.dadada.keys; - hostKeys = [ initrdPrivateKey ]; + hostKeys = [ age.secrets.${initrdSshKey}.path ]; }; }; # Kinda does not work? - # systemd = { - # enable = true; - # network = { - # enable = true; - # links = { - # "10-lan" = { - # matchConfig.Name = "e*"; - # linkConfig.MACAddressPolicy = "persistent"; - # }; - # }; - # networks = { - # "10-lan" = { - # matchConfig.Name = "e*"; - # networkConfig.DHCP = "ipv4"; - # linkConfig.RequiredForOnline = "routable"; - # }; - # }; - # }; - # }; + systemd = { + enable = true; + network = { + enable = true; + links = { + "10-lan" = { + matchConfig.Name = "e*"; + linkConfig.MACAddressPolicy = "persistent"; + }; + }; + networks = { + "10-lan" = { + matchConfig.Name = "e*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + }; }; fileSystems."/mnt/storage" = { @@ -151,6 +151,10 @@ in age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; + age.secrets.${initrdSshKey} = { + file = "${secretsPath}/${initrdSshKey}.age"; + mode = "700"; + }; services.snapper = { cleanupInterval = "1d"; diff --git a/secrets/ninurta-initrd-ssh-key.age b/secrets/ninurta-initrd-ssh-key.age new file mode 100644 index 0000000000000000000000000000000000000000..4a51114329499f0c78d80a3715154bf1e008965a GIT binary patch literal 767 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlG7IuAD_2N0_e{-C z()M*Vs|<6?3iAlfarSacbBnZ$C@M-y$tgAVcMFZGG7pFdGT<^zF)4F$%P2JTEv>RB z&klDpv2-%ct@23oE_5!*OgHs6DlLjMu*mW(%0{=%za%>+yIdj5G9|^uEjXjtCq2#4 zQrq0kqTIsV&pE|V-@m{pKQhfLu*}IRtT3ydm%b+J#0ZhBE_VsR>0ak8O%qCrVmL~x?HPl#t$ zn74bdd3I=2zPoR}VLF$tuC79PxJ#OARYs7DcWPOAU?tX}tH+RjtMU_j?)UKQ3D7G`G#Yqfalu zK5mAH;2pWZzQAucFSu96b?e92iF$rN%<{>rbECJy^Q?f6&r42g+g(*zQ2I1Pw8PXc zrqS=D&ZP&j`sx;8%_h5fJ;a!gwY{u2xb?(D?xX7QO%vzc^qIMQw(lz;gWTgahtcBjiny`&`zl{pMOpv_LqyslWQS4I})N2(Vmu`aO+pi<&|e2 zE#0wpAxpB=j|n%jyqER3%h}ehJaFSM uTcO02_T@$}@FRE-u;^zIHy%&C8W=+C!0CMz^~Whg)th4inN`a|!_b CN<;|& literal 0 HcmV?d00001 diff --git a/secrets/ninurta-initrd_ssh_host_ed25519_key.age b/secrets/ninurta-initrd_ssh_host_ed25519_key.age deleted file mode 100644 index 20e4971e72e2c4bb02c23167f7270d2c1f372f83..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 808 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlG7IuAD_1BnF7%Fy z@+)-BOf?M(NX|8PGb<@~$@el(H4H4y3-EE#&&do+yIjG=)IBNEG%?j(KgGYS z)IF)hUB5ioDLbIZIoaLIvZTbsG(EAXDl^gX6u^42Vxv_3~QEFmwszO?Lja7A)p1Fc*u$`WUf_9cp zv4ggPdziCjOqD|&m#K4IvzOnUr*=7e z=N0bB^14wHcLM%e>*=ofr%}FBq|d<7>3m_Um(aFXPxJYd=FPq#E7iaFLL?)5dg`Jh ze_iYXuk*jyaD3tGZ4pLyHqPEDzW=DJ$24WZy^?dcFaDO@IDO@ZBU>-DeAzqK?+zO~ zkFOuY>rW5=#TR_OcYR`^zvQw!Yq_0Fgb|+AcFDm*>+u zPUWzeO&!20dm6@wRP^0>0>xWmVFLI3`NS*z~N;12ej qvBCD^%#$3R&)P!EkF8BVnDVrzV$(jA^ Date: Sun, 4 Jun 2023 02:39:36 +0200 Subject: [PATCH 599/988] secrets: rekey for ninurta --- secrets/agares-backup-passphrase.age | 18 +++++++++--------- secrets/agares-backup-ssh-key.age | Bin 790 -> 860 bytes secrets/gorgon-backup-passphrase-gs.age | 18 ++++++++---------- secrets/gorgon-backup-passphrase.age | Bin 513 -> 470 bytes secrets/gorgon-backup-ssh-key.age | Bin 756 -> 863 bytes secrets/hydra-github-authorization.age | Bin 496 -> 575 bytes secrets/ifrit-backup-passphrase.age | Bin 506 -> 409 bytes secrets/ifrit-backup-ssh-key.age | Bin 866 -> 826 bytes secrets/miniflux-admin-credentials.age | 19 +++++++++---------- secrets/ninurta-backup-passphrase.age | 18 ++++++++++-------- secrets/ninurta-backup-ssh-key.age | Bin 808 -> 804 bytes secrets/ninurta-initrd-ssh-key.age | Bin 767 -> 780 bytes secrets/paperless.age | 18 ++++++++---------- secrets/pruflas-backup-passphrase.age | 19 ++++++++++--------- secrets/pruflas-backup-ssh-key.age | Bin 850 -> 872 bytes secrets/pruflas-wg-hydra-key.age | Bin 437 -> 461 bytes secrets/pruflas-wg0-key.age | 17 ++++++++--------- secrets/pruflas-wg0-preshared-key.age | Bin 503 -> 455 bytes secrets/surgat-backup-passphrase.age | Bin 394 -> 414 bytes secrets/surgat-backup-ssh-key.age | Bin 798 -> 769 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 852 -> 815 bytes 21 files changed, 62 insertions(+), 65 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 02c7ab4..9905cef 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w Abw2CFB7VbXxMVpEBl3Cc0KBX+YbHrHyrHFdsc8mNH0 -agiGSRMq4wsUBvGFdsoNXqoisNy0pT7e7sqtxp/USbQ --> ssh-ed25519 Otklkw 0LMyVk8RrF2FrzHksbUO3WgcQKv+ZkQfkCBzdMYyqww -cCuPZksxQi0t314U6+bsCQRP5aYKPnWTLu9mC2p+SOU --> :G'-grease Ppi]s 9(e -55/tUS8uyOs7eIgvRcKp7gykDUhddX9hANpRqlPOExKEs8VLbStJU0EwGZ3W4t4p -zNqgeqesBOVTbOMeZP70Md5OKtv1ZuVSVMWXmF3Yvsc ---- +3bHMnryrJeVYvbvygQomRCHNNpUnT5LXsqQb/0xah4 -;ÜYŸgŒTô¿ 6Þ~Sßr§ hX¬§ÇÐx.¬Ž„û;]Ì¥rW²h 7¨€„üÒ3xæ‡; Ü=õ¹ \ No newline at end of file +-> ssh-ed25519 L7f05w 3oYJG2mkd3gXIQQgGm9D89xl1Gq4JmnrJWQHiyygXEw +s26fjzm2jnlxPW07fmU6KPfrxHZKItkwBm9tE73JgRI +-> ssh-ed25519 Otklkw pS1oY6ol+1qOIjVnkIBEkddomqTYhHJWoP7LIADRF2c +zNExDxtDV4oITTXgK6jlpgxmu38KdwoN6R9IA5+Xmu4 +-> >\Wl3_-grease heRj:U+ oLyZ\~+" (*d +FmNGqf0mDfPmSs1m4yBiMcrCUiKeGuNUsBJIvacjwVicuBzn0rW5wSM7x/ReQgOF +vyK+s3fi4wbgkPO4z7+8NC0h3T7opeYMrQ +--- DupcVi2vFfXdeQGE1NdoDq8xw8xxKfqLjjbHhoqgLm8 +8"žo>XuÙÔίңóÕ'øtmZ‡aMµƒ†Œ8¦¬µYð½cF©ÞÍ» $\ÄTÝƯΘR \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index fb698ccdedc283fb18f30ea0259ba70c869a87d3..6abb3ff3dacbfebcad88db1913e1b567202f6a28 100644 GIT binary patch delta 829 zcmbQnc86_(PJM7vWr&BFxwdJ9aZ+Mpp>KI&sgs9USZQvqw`sU`NMV#oab&7Vs83Kx zBv(jfM2LP_M51SEuv<_@u}67MQg%>rQLvv&No8V$tC_E{eokeQfuTueIhU@TLUD11 zZfc5=si~o*f`3VNPIkG1w~tq_Wqv?nMoxBMhxqggqw+%wpn3i zg;!xlv1_g`mvg1Ruc3cYrG9vNy1rqGskukFc2s_OMp1UKp_yThi@AkoSh#11M`}?h z$U2AWK;87B)WqUc1;u!U5IY;)fO6e8V&-8#q z^URV63p0PSQnT{FuwpJMw9~Su(E;;_cjX{qYHD#)ycE3L7R$ z*K!#C6;s^$#JfT`W7|@%AP>8@Y&DVDx1X*5yzS(APq|G2-c`TUk4xgu*Apt(f797GxC2qdS&fOBfr-l`2LkSX04dN;ZoVkYN53WCtv>F zzu*4KXYGge+w|>rxI1ot`FUPku_wct&~-J*Glfm=bnynO^xvC*ZlnDF+P4i{hXnj1 z{RO4|ad`PuZj#+_fOS)j+g^2xJyUaJk6cPiV7_#D@4eL(`{HN6WjMFr%%Y@5;l_-f z-Ev$rzpgVf{QcL{#Ex0YIl1(#n53z7;inD$|6SPG_lN|2%dcNInIp<}exmzQ<-Nar zPdsv*U2C(yyXTnG+X!C!qupOuycM2*;rf1q{3TvV8?$}N-u}E1^J4vtgPzko7#FCo z&@^y5ZP;3KyBJgb!e7_LIkGoTw7$?|_wAj= zoRp?T#|raKaHPC`y!1;Ai`jYql{TizbC_Bi?ZmRAf7S(blnWmGceieW;qxmEE6rp! b@cM3^Af$J!{9D9|C-p+h>>5hyNP94c70fxx0z*#QGP*ru0c^~xtpJV zgr|?cS(TFsS5S6olB>S9L857PQhK0&R$fU#fJc(QSx#@TIM^sgEp@)S}k+GWz z$U4RB5Z&~m)WqUc1@kb)lF$IR8U-Iig?RtywBll0g<7t1kMN2Jmyn8zAQw+AU0q!T z=R&vo93vyMNJkU>5dD&za)XMb94G%m%MjN*%aFV%&(a8IKYtHxf8VllF4>sn`TLr; zY;xV(@8(x;S~ue;+j7gf^CC@4`S;ylzDwrMoR~@ZXLsEB9kd`v^t5-!#3Pa2MOPMU zKdN6T^}OiRH^(%??yWz5Kc5@=<*;mX=)dI`9?ekSSg*gPH?qlc`jPdYlx9pn`dsbv zv2Tw4Z+@1wg?^fK_)+=Jlk2{*dAoglW^2QH=#!k=k|%t5GX8#wkx_ ssh-ed25519 0aOabg aHRfTdTx3nknFDmJTLtU9UhQFpDfNV8GzmSNIzq4Rz0 -WWa2QmUB5tAgE2WquZsu1yaZq8OXuwSUDsKmZwE7y0A --> ssh-ed25519 Otklkw S+a8KMJPnmgiStjWK1oNZcMbtSJMTPkgHPRfOLy+nww -fGMU/8UqF6KWag6NWDJz8vUN3+rVRQYV3forOYtKs3Y --> sdl3P*.7-grease -8gmhsNiPphYbh4NdxVx6ZwjkhwywD2u13mfsDSBcRvfiiUk0OHAoH4/vg7mP0IV0 -ehZfN+AYSVj/pgki5L+SldaR9nJujLhfxYluoiOrBNtaU8FXYzeX ---- xTDZHc7XD20L+xxzn/TWWf313sF4zQt6ex+KCzeoG9w -Û÷³Ø -`µû dæu \:É4‰[KZ6µæ ùÏÄÆxˆ.ŽA<…E¾Èò¹kÍ;þÖâV \ No newline at end of file +-> ssh-ed25519 0aOabg N5d+lkvPh/tR3Xfp5XeRZjmYTpDW+BrBtXOk0jT6kSo +WpC1tzU6xs5Jk079r447MURYHmXTyl9Mli7T7hC5xxs +-> ssh-ed25519 Otklkw onPlIst8twtnhH9Epo5TFNjWOemHgwpXPdFgzF9FviY +Dk+98+XlnS6tmtx2y1ECT9P4+KXqwC8UDRCUSyP+gxo +-> x)wDBp}06h zH#Nn`)YQ;Y!M`LsC%at1-Oa}=G~C;$ureYg$vM?Ius%DlG&kHOF}S?SHQm|0BG|G# zJhRAMKg&IzD?B&TqbMsVHQC%d(JRrz**U<{$1u&?rOGKi&&@w7FV!O1-^a%})uYlE zWL-{LuKT^qSgQQP%H!`oue&@krt9nJI=-*` eKiL;=WO$wUZCPyi#JolCO!l1Fv0KUd)L{U?WeBq+?+&@<7(D>TnE$i=9jJkQj%*w84*)jc3EEW$I?DJeP7ugIqy zWLASAdsgxvz6bQo2WBq;W++o?%dcxuvsVL26-Yo<&JOxqFUbXnC@?X+UHs z$T~-t98cZ!qSVCVR0XRlE`x9vpS(O%-&AeOP&c;#M^}qVm*7gzin1KnP?KWq5?>2L zudLGgG7JCQC@=Ta9HY>ZJoCsZZ4ZxZ_ke7F?Gi3C{o*M9tSE19myigP(xB{oqdb#h zcmEQ%G`Et_q)|!5hBggVIcVqYPKrUTfT?LbDkIE!{mt-?v z%Ob<<5OV{w>_W%z0Eyk>}YOwVWDHcgU_@X6#=_v zxjfP}zQMKixZmBP)o)}yFByhA6{VlrbT2>b(lHmAd6qXHt&fY{Jmc$vfa}{W+Yagd z-L;45mtByEbf|y~tUF9b6@_iwqd)9y~+Q@fid&)=xOdo`MUl6L<6HxCv&fBUhsQH8D0;l)+coGXg+ zk97a7x3pfgrlR~w>4{wmk<~@I0s&F6v#-onkez)XJ?fU0M1s-pDetU4EtK4TaocG- zEupLP&12rJKQ6Ox-im;|H!M{IGhJWK-CMlNZJ9!puFQ4KjY%!a;aUz6eo7nJvqQ^P e-;-SU_0%7ZQl^9*d%x!McGdklpKvAJ>ni}#30i{y delta 724 zcmcc5_JwtVPJLOqwu@neS7f4hk)x5nmw%eSYiM9`xwpGhq<3PDQAK!uR(Y^jK$%a5 z0asvgWqMdpcy4lPR;EW*Xj!6xi%(jTuU|xZMxmK!u2*7JdWwZxYE^nsK9{bYLUD11 zZfc5=si~o*f`3VNPIkG1TdJX3zMq?Gp;4ZNL1;jPf4!-1sF|^TWL0W}iFdkdqGhIU zd5%+Pp>L%HS8`scx1qORYPoNvZ+Ve_QJ7P%xkqSKWm1)+p|NG5he?D{P^EKGrMpu$ z$hrb^)3CJiXl>o}qSVCVR0R#&yb!L+Vt-E`*Zhp!KrUTfU4={|-*U&Y#Kf?~VDrd` z@bL8d@>Eaf5MyJb&@3lMH;){rNJs5J9}`o5|8%Z6UhAft+5&5491JjtUi0SjlQZlg z5tpyjw9k3_drm+U!_235R&Ne=H}1xs{<#seGmA$+C%WA`K$iY zSA5b>CNDF4{KG{in=RTR<^A^y%+s{vA~IL29<+YCW6g~}DKFd;W8P)8FP5DZ_xSS9 zpiQ&?@${SwsI|X#GhE0xOlr*y_0NKTTVnpcT)}(3SMlB=`@agsci%tD6e=s%+B{uR z-{1P2+tCB=_xx_v*D%>XTfsZoKXU!sK*suGoR8}or`p$x-8SjmtehgSLd9RE_FI;M zz)U-4`THh)k4-u*99zS4Ho$(>#qZJe&ZBu@vGnFvn+#@^bPZzDNZ@xPYB1J-XM0$z%Bv9_;?hqj9e z$ht5a^XiD0f=u1?qSVCVRD}}1>{vg2g#xcYvvRd~PX!aMG8gl#DkrBB3*W>FL$`v6 zaQ({qoS-r%A7AhAQlE^F6c4}P;D|``#47W$oPeOBjcfU-7Jg0mwpHy=TV^iPM)bzmmpsGZF|0qX`WRJ>_bS}rX-WrSCjb<~K zYo4koPLx_qnie>EA1%(w~x~08JcAvNC(;u^6k1`4uD;{u+zCYWm&P~xreQxp> zWsakg7i#$@8QiRU7`J6!%Bh=rt<&#aUE9!Q7XNVO{iWUY9cj($U1dZcZHQi7@W10^ il+V5EoZ`%Ne$lr$t6~++y$|dvUzmA!nP1Vagnj^UXU5h5 delta 462 zcmdnb@_~7RPQ89%RaAPur&~yfMWscyM^R}~WQw^#YE(g_iAP?gmw$$Ka8b5LP_}+{ zIaj7xfxk;?T4a%du}N7{v88ric7bz#WLSo4UcPBWq@PiSWm!aqOQ?@mHkYoQLUD11 zZfc5=si~o*f`3VNPIkG1M_NWviceC8YnWeTn59o>RK1U3u%l;oPL!{?w{ccwrfFD7 zWM){Fw{KP;mywTeg-3};h=*}vfm=nmaj{#DQE{QUqp6EQsF#sbfm>0rrBRYckg>T1 z$hzc|3f=Ug)WqUcg$PwHqrxDs$V_*?3d<_fWDB=~ymEaL&!})qkEBeGw2+cAeYccw z-^k4RijrK{Li3^&OMkC&4=!C@U4_JQGcWC|Opk2iNPQ=#Y(LAg%hU~?F@|Pw(WM+TjUt;skcP>>fZWPn?TcFR^sc}P1=}QUHfV`!>>NquN(woh?!g_nzWh;e>izM*%P zQ?_w(L0*O5H!^*6ZKy9~_psIY=WM@AEU!ROnCuh%c zE?wPxT?MbI%F;9^SHmWr7mxJJpi0kdPp-4M z7n#>ueE((g`gTVJKX0fV=iP9TGGh)!hbs=9vx2hCbPw}{B`1gSOmDrYz1=?a4(DdE SmM?3Y|DM>Xv~G6u!~+0#FoYTa delta 472 zcmbQq{EK;lPQ9UdP=QB*dsIg)}VRng=MMkBCLB3g5m4~6HWl*xdS&qMVVR31(WnOAYQe>WyCzr0BLUD11 zZfc5=si~o*f`3VNPIkG1caeXHW0|L)S(Zs?YNU~)Q+<%1M~S6*Wk7m(q)%D0d9XpC zSD{f=pkH7%S8!H%S%#CdtCOXRp=W`1fk9STRkprol9@$ru1RRBV{o9Edqh;ZpOb$i z$huP1BvU^%Yu)ss)WqUc1rJ4o0vU?;Pp5MvMh&`>YG3Imsd03$>1fUJPb(zI-YwA2d6AV)4;U0ns& zsxWUikEkM7uk4U;a|5H&pepA|Kaa$!NZ<58R|DhBWVig>EKA?eh%^hX8W}cGLnYfD zlc%QHChOO&%4{y%yVPescXaTdbb%>?9lk5 z$T}x|TaQHD^rF3bfbtAm$W1c z6La_ayxihUbA5f2(lDdEWb@LHH0`Q1ALk&`yvhjI#7eKwG>?>YE?r$+1#|ae*Zc^l zfb`HD%e0Kds^S1g7gICW;;@QJlVbNsvv5m;imFUAGoLC0u1Uq0{jB%{cdsopzjz{a z-4k8SpSnVeyu>E>OmxY*TFmU0JdAr3-e*RE z-OC?Q4c$|uU#9w=IQVj{$lodF*ixA!1>dS%IQ@pjq$FEz;eN;M-1jxV2+k^s$f7t`7j+-n3@8~=NE%Kx%%?y>B7Hv^*HHTy9=Ogc|*oLAkG={(TtuM&r=e_t#%9{dsj)`}7++!F=!UZqt{MkBFWA z_k<23vY|iTW40jGc4Nfruk!0uVPa7-KB3f8rj4P{oeU)>)yoLtpW^NRMrVd zp6D}~-}vE9{(P$sCdQHg_tP@&Ev?@lpx^ delta 835 zcmdnR_K0nQPQ9y3SXo4Id0<(DMMinJTfTFcf4ZA?Qlz(uxoK8LNcYak;ie-{^cABYnHkYoQLUD11 zZfc5=si~o*f`3VNPIkFMiAiF9WkppmXqvZil|huLk-l3w z$hulD-Snc=#Nt$i?4mI3V1+U+=L#>we52CJ!ieA$c#YzQ^c{j#pX;uv?* zoo+7Sll3bYRkpA)vFvjT`XgQc=kMlYe;Gd&v3O1jh*2<{bxYiA`K-VB1#*ZGbR73^0IB0_A4xN^8b{T zb$9K*zfbRfJgmI5^%L9X8LJ;H)-L*dvR;boZh2yLdIIC++n?%O&ATNhO;kB6?4NK^ zGI^hsED;tx)zwAlPxc7DyJV!b=3BTAHcS`)>NSpH~CouwACuF~t|lReGuGrUWA e#VySLPItOkblur_{!5?Z40EO*ICJlX>3aZFWK~fB diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index be2c084..cbba7f9 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,11 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw wErajK607XvMRNfofLJMsTpqbQ8cr/gTt3K/sqa6q1k -joRcoL6w9SkLdPKi0anHos2NJd0+lj7Ktv4dDn3BcGM --> ssh-ed25519 Otklkw 1YicL7JM/T7XcTpFxCz1aWIRxyY/o/YBVO2LZY1Lf3M -4238tXhCEgF3c1byx0JlU5CIVU/TVNEVaF7Xm84q40U --> =Zi-grease [ g:6c -Qx8Ug2gzPfaIihYZvRC6q7uChqLgbjKRD//eH96fkmorC1h/xMjVzB9HxIICNMLC -9dxYl6UIP+YjcX3Aqy6eqXPyyN3XbJeuv5Mp3BRONOE ---- PW1yzuCjJwv6ugSBdRCR7i/KbQikiQoQhBdHATzQ694 -äOÓ÷vÉaöÿ -šúA·*±¯.Ó2#ãø–&*ãZʦòB«bбÀ‘—„öŸÞIäÃ^8æwc–7EE°Ý¸6’uçµ–Ï&€“rt \ No newline at end of file +-> ssh-ed25519 jUOjpw d+ewrTffuDTrDGMAVBwXszaQqBt6aA8J3bMfbTNVvWo +vZV37WeAf/bzXUb0cb7bs+dbk5yzKeiq2hquEwh3J9s +-> ssh-ed25519 Otklkw jIWG/sMTjNOUWrNJV6O0pGcpoyvRWHOsQe1HEna3Qgw +2RttRJg0rCieYNK6nTOElUJsoHtsXD92CYUnitcSf7k +-> $`L/b-grease ;a(}2 54=BCmQ" B +sazWN71LU9GIQx/1M5A +--- FQ4iNKBIpJW1/ws3AXTolze5gMZnA7pBJLKsTZ5uMEo +—%¬AËŒm +JᑆB´Ýé‰]h~GâØãÏw£•Pe›³<ØÕ9õ=Tía£5I‡¬Û. î¼´^ó²=–¯!Jk!ã½mµéíu¹½ø: \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age index 323e95b..b65d024 100644 --- a/secrets/ninurta-backup-passphrase.age +++ b/secrets/ninurta-backup-passphrase.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw Su0yj9ggXIAkxB8ong9b9Laa85G9vbX91pKzxV8fiwI -o649XO/C+fmcu02g0/ZA1jyp7PIuwsSQxm5U7jquPpk --> ssh-ed25519 Otklkw XrNhXexWicoB+G5x+A9DCNGouoS+CbqAeeaqX276AmA -b6q+ya491tmkaRAklmh1MZyfNXUxI1DuZNMFdmOIGNU --> W,A)%4U-grease -lzcgJfHnVk7zl9FSGphAWuKq+U4 ---- 39Ztp59LHSuw5S4QMsJuGsXACsLFIaD8sK2hAMLz4PQ -3Û À_-ή¸æ­|ò÷üºTÅ„ôAãéu C€SÎQˆð¸ñ9wNŠ •˜›š7Y§#Û,ÎÏô¦“)= \ No newline at end of file +-> ssh-ed25519 J6ROvw GTbDtpvCIduDVhXzS/hlmsCXnJAMlsmLTtvhPT05Ch0 +rKGnlc3LMYusf6WPcfh+fhbjgHsklmWP3OrZD73RX44 +-> ssh-ed25519 Otklkw wL/LrkmeKNxBHXzfcTK4jJzyn39KB+4F5PSsr8+4y3A +4nM9NAod5eOES/K1XcSvw3G0F4xBcrvybd+S64tMbyc +-> AtruK-grease !ClKe IjQO|`3 +1rMt6Za1rZCBEg3IcSrDaxwu47O8KOoFcrOlzFDR6RgYmNUhuxs1EcNsN7BzkGkO +3aOdKdXEpurSHWC8ofGGMEeSizlioTm+9mJM82k3Ip7BKG2b5I7adrXfBTLvoFKY +C59u +--- ys7zpcdIIPbUeBfPGs11aRHOl4a0vNnXrV2rZfpeuns +,j*¾'†I´óbOâ5ðù ÍH¦ kS†þ½˜Š &¢†S¸I7Ç‘à%®Ùÿá6Nµí>º \ No newline at end of file diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age index de4538f6034e3b797ae6a971f105100567cc70b4..46bc4c80f47583a2921a489ae6032f5a62902d97 100644 GIT binary patch delta 772 zcmZ3%wuEhhPJM(yk$#k=lZ$s!WMY-OqeZyCNqA<4K}EPlc8N)PU_q8wuCuXzVYyjI zIajKsQDSOPSV6gKd3JVqcut|Ae@eDfX|YjSkiTnLVOdIKVMbwUc9CUeAeXM4LUD11 zZfc5=si~o*f`3VNPIkG1g=KDLW>kTZeuz(!en56XXnkNnWsbj-PjHxFeqcbklciZw zX;F%{etJYGSD|T8exj?BwsxjpkWXfaudlI_QE7;`VOge=WkgCwNNJ+BWp=*5i?N|6 z$U2+M8oLOsY~A#t)WqUc1$TvGC+#E?T2|$kpKIlGPguVo`?Nv%dj);r4F?jKz5lmqruKgf z&QI*y^fl-9`V#R?irN(pAC7KRtNARvdlvKY=&<^L(C(6_|OpSRFX^Z{v2s+E?G- zH-(&dEBA8dqWWV@|80wEoL8M`+xPRT)V&<;cP}3pKV4p)rZMY*@xjUSzb`GGDPZ)* z(Kud`pkyLhnE>U0q!T-^5~{%xv>~Keq_~GV_Sa;Lwi;jwSU$RdRSs~dH?LXi@)tJ-^z@u*L}MB=D7%q zEc@OapWMG+D4TQBb$9C12UC}~6_#$g^Cxkhgxte=5yi)A%b)hIw&B^E`svoH%eRid zerb0kno;NJoxeqTp_^qceQKQ^@wjil^)J3dp-pke^OPSMhweU8`mn?Q1mAaa_QV+n zwtqRin8ohuZ>vwDqUOs)^OmKF7EJxA7TT}u_kBV5sdIw=YiBP0y|gOYed3eiCgp2J zFY6aZOkSN}b?Qld>s-J3ld_>6!98EU>0RyEyv+ZSkGjFHC*M!=hntj_OVz3V+{QY+ z#a>-+ZSTCxJ8z}CK4YxA=A^Sdg-!fpr{wLDmnRh&W@NjFhHGq}7MAjBl?&T?`+xQ} zQz!l4U9{xX3@zt2A7{AS}x<$S0uO#k4TWx6Crx%)K-7jF(*90 z-z?J2Be}|iE6v-h*do%eq@=>b-PEY6$Un)&#Wm2fA~o12q|)5QFT~QMDkZ}*G&nOE zWL=qVdQoa(aVnQ(u1lG-OL)Gcsi%{HS5A1UPl&&nt5;%HlwXdIr?aPVg?YJ8l7E?h zShiukrz4lHuC9WwXKG<;sbjc7Wl2?Pm{E{plBITPL`7sqP(gl9af)%MPjX0LW}an) zwh32c*mYqgrOtm37?x}Qy>QN)aq5bHXBV)%*(lm8Fz1Y?*2b)dJ3?FD)_sdxWK?^3 z&B{A+|4wpDlB?BPw^(uNmJMus9xH~o*f<@UUUuYpedq2)dd(vK;d3mnTRW@F?Oi7` z^OB~&boaVhU+?}pmmNE~&1UxEQ}2(v)m&na-@c>XLUgP7qWKFf4|9kv*=)}F++$O5BW)o$#b{#txW##^I>p?OXTsJ>sR;+&1cop z%DVXK*QvwIHY`u;CwIwpURYeGJ<;g=jaNIe7brzDyJaZZOMQ1ToHldExr?{IL^moY zee(UD(|1nMKCJg?MAMdka?(0w7iSkVJYk-(Z$qkh%f^KB%x9P_Z$18Us6Iif{y^`Z zC2~DGXXvvE+9|FqOxtaAyz$VpFD6C0oGUZ$K8)GuPEz&Zgs3<8Vr_|WrEi|giJRl;- zfXg(+q|C`JqtMW|w92A9JKW90(#bTp$|KFY(77Zt-PGTxv?$WRBFnQVn@iVDp}06h zH#Nn`)YQ;Y!M`LsC%arB%Q7X!#Vt6a*e5;B(Nf#ot=^*C!rad}#ZceBz$ia5%`33X z$tkQbtH7|BE5OrO->fjQBp^7@%gx(0(mN`^+{djl%sJIO(8<*)H88)b*gvVlGT0~? zWSw=fPl;}NQEFmwDpzr`p?ji1NmxX1qPb6qXI7ZEd$4(SXjHztZ@ytVm#(g^LV37L znrl^kMv#klYFW5va9C2lkztm*hg*@cg?@61i&tnxNmjUVkda$iAXoJ!NxwfopZ=Y7 zwYG4vq?xi{zpD4~kd-HY^A;`o_E9;jd|Pv!eaJV-*N^Y-FV-~Le^KbCHGjb4EjOlU z^i|5~yZt_Cy!X;ot;PTMdl}|GE?Vg{x6QqyPcOi}K5mAH;2pWZzQAucFSu96b?e92 ziF$rN%<{>rbECJy^Q?f6&r42g+g(*zQ2I1Pw8PXcrqS=D&ZP&j`sx;8%_h5fJ;a!g zwY{u2xb?(D?xX7QO%vzc^qIMQw(lz;gWTgahtcBjiny`&`zl{ zpMOpv_LqyslWX-MIXe=v<}HXd7tx-Uo^b0|&E=J6A1&Rnb|Fi$)sG1`vb>k|xXanr zt~_w#Fwd!?t9KlkcU=>|axbcEN8;xFp1l`-UuI3#kzhMgoOj%JfpM43x&>+}t#Q-( zcP6%elzv$MS}kZ2D`#x#_rU3W74^%m&M8(-_-_3(Lpl40w$MI1=LnAZk1qFpT7PBJ z;W~rkk`@sacbH#RExEUpp^MLd$>;6&uX}QRUVr339e3uws=2;)1;(2nF1y4b%cY#e k+Hp=TY4v{QFI!ih*k5^=Z$~T3{VRuCZZ8fK(p+;20Pq<*5C8xG diff --git a/secrets/paperless.age b/secrets/paperless.age index 4150a3a..8b138a9 100644 --- a/secrets/paperless.age +++ b/secrets/paperless.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg DypB1WxqSedqB0NJbedHMlVqwRiTspt9opExQf14+Gg -4WsUwu0eDLYq4yE7dGIl5QkwWifUevLoDbujMQWt/y8 --> ssh-ed25519 Otklkw /PbEkdjbH0uKqppP+MslF8sIVXSy9OTW36WWsaTGeEo -EgUJDl22ye7cEDlbUbR4XUdZuJHHoj3TC5Su5xVFang --> [vjDXA-grease +@rf ##RVQ2* [B*u -rrv9iydA0FRxfu6b7YHkl/md/Q ---- VFYFojX5CmUCy+a54ovZNB4bfPLkoAlDxTwFCIJYT6A -l˜@åXFý¼l¦Îð’·TÌÛ¥UÑí¸GÀ~~ -$^nºÒw‰·`Òd6™1-„–ìPò‡¹³ -´ü<Çê¶ \ No newline at end of file +-> ssh-ed25519 0aOabg eFftyw71xc389uIX9ot4FfXHxs8wm0gP02YU1m08UlE +oco0zG3lr1bsZ00EPy4wQcVlJcikCTIosr1IMGnWReQ +-> ssh-ed25519 Otklkw ltt9Qle5WFIZ+HJ0ChRgH3HRAd2Fe8LnbKMhm39gaB0 +TAtlk9zipuyy5uJfJxFhPTEDyT2f4mHZe8fQO8KPmsg +-> N7.-grease +AJ+nT0UYSra0V2jtsrcJBCnrU+I07Hju42wdnfQeUHKyvC3IwfiARA +--- rvzpsKM512EroJBT2JhcI5ScmqfCcZnJxihIX8xB+3s +7+Ûñú)wü1ñA<±/U÷ãìïÙ7¿ T#-¬>Œ^Yhd¦ÆЯ׋ßç:XG4[¡Á¤´øóGÌX \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 07592db..19c60f7 100644 --- a/secrets/pruflas-backup-passphrase.age +++ b/secrets/pruflas-backup-passphrase.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 IXCPDQ pZDDwpibSJ5f5vIXQQ0xvRiU3xr4NF3SeAmAI4EJXRU -FAuIgBB0snsm2u21tRNSf0eAcFYaLOE9oIgTpA7M4fE --> ssh-ed25519 Otklkw Z+7NYqkSOoftoQkHy4ZroE6vRq8jEltcKQnWPdr6B3w -DOKwwKxihgwgPPFb3IRENzK1m4UT4HQpGzUiJYd8/h0 --> eC|"S%-grease -kXO7dpsYu2namKB8HcJZZC0sqrWhTTZc69oCJtBm1SWdz7601pPZ/RpixVVIl6zh -EIgC/eSJqMBdfQFx1AxF73AcAxQJ/I9D0I2NVjoELmLJ ---- oa+EPYjOi4/kFAFcouviggd6rEPMX9Dti6g6wdWTV6s -ÊR[FÖBº¨ÑB…Úim:dÀ04îvÎëůÁz„÷HÃ\P¯{Ù.ÔúÌÈÉ–ä‘*µV‚ɖB¶³ \ No newline at end of file +-> ssh-ed25519 IXCPDQ cNSHSe+T1UqDKm83P0qSKZp8vno87ju03m9WyiJ+Riw +tEzazbb3FylVaKLO5gnyeS3rNQHXsn5YTwr2OFgXG4I +-> ssh-ed25519 Otklkw jVyrr7ZxEj8sCfm5Ehzd2QAh+OM7GpHSLzk8X6Bl+18 +SPOMv8ZscMiGwNhHN9vqQFle+TBmZikND0vuqqkAdzs +-> d/2L|-grease R%"/'] +DjR1vYE0RnmlJ5OSH3ar/tdTTpOxYRcOExkSE1AwabafQr09XfFVwPJXmw6FIhTT +K4PUR/F/Y5jgGnMrDyb4tJtp9ZwbEWa7PDcMUDqK9dlCyQwVeYPSYVDbkFSnHZB1 + +--- jfeKMacijnLf6HfDk8g6h/fia3f1TBAWUxjNDQnsLlo +ÅZÆÈ1Ãñ(!íœÔ~Ù¸”¾lN¹‚Ip“ù7¡¤œkªßU@jËëÑsµwÛêÜÔp£Ïø»i³šÑDám \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 3d77b53f3b6fd573849c4d8a1535a2b296803dd9..021f9e29ea586f29a3e96c268f374457d3646624 100644 GIT binary patch delta 841 zcmcb__JVDKPJN0=xwco5d1RPzV2EdKSeTEQzHwNDd6K?YroM}lPhzQgS%5{TpNE%6 zF;|5}WL2e4S%G`0S*}}>Z&j*!ihrJCRiJ;ViEm(jsk2F0hQEn_QDQ_;IhU@TLUD11 zZfc5=si~o*f`3VNPIkG1S#qeOag>>to4=t;s(Vg>M}4VhTDg9uZ%Cj=KvhU?d6Y|O zUTBm_MTCbhSH5X!l1FwR65WRj6tiFtBnKvY#xcv+?+ z$T}Nq1KsqZ)WqUch2%H|cgxBeuJEjMgXEO*qL6}M{T$z%49_U@vP3UW-<)i1%gBmE zOAG({&?2uA_aJRk#}G%e()5a=kTO5R#G>MC*Syf8Qg<$2k5D6@syy!yH*?P{BZHj8 zkifK1rxdTKw4~x9pTFi1Olsu=29{l+qwyeFM)bkD|zsV2ePmr2TVluJxN< z7m;#k2p{p{Yi1GoP;bIeV#X#r(*wi*q-%8y%YGTe|;DGHl9QRx`I)DD{_o>R3Z_j_4&A6G<;Z)N1q@GVN7|aai zxb4>OpYz(RNX2Jj>wlBz`zP+ztXam{bluC=JGz0rNF?ZSeaori&H~MfCH+1%=RPaP zlpHIKR8leMsZk(BR#4y3hQgo8^#aB^t%{+BgZv08Mz49|jh4-R= z!_GD}>9FkC0{|$8UwHrk delta 819 zcmaFCc8P6*PJNVrZgymac}0|;QKn;Qk&#!bqm#c+dVz&`L{LV4c#(;vcdBctd16Gk zFISM0Z&F}-P-U{WU!ZqcVq|u)QMhq-QC@jiNTh*lvQN3IS%zV5nWw2&AeXM4LUD11 zZfc5=si~o*f`3VNPIkFMcBW;StA(~vPHt7Yu|1V2)+BX^DPHQkJWKa$rbe zMs{R=u5(a1SB_DnNmW%)Vs>evcBOV?WL~nHc0qoCwp)3owuPUgVOXKDXGm~Fer85C z$ht(QY8yM<^rFbUtm&GeWOQ1d_|KK6ANg4wy?XNfkwQ+d z8|N3CZLNQs`@1abn`YvTCx=&@*0Cv=sJ{9FpJCj!opN3C+IK3xy;H%a{_^ZQ^RNc4 z%Ny8A{CgI5U%tWQ7J695gp2>PK=27(t#coib+MgX^62uuJe{88I(4fZ%tGhGSo7o- zY(A#`XX$tTwVllh+HG=^b6h4#@TCidUH|*jukCHfIi`25^{p3<1b;qxSLalARLYk$ znH^12Bu|vd{o8b@V@+j;^C?fIw_Mc*!J)_gWStGaceHiCR@6$-z3tcUzp~|gzp?Z7 ze8m9&yoqb|TmPPA;kn}#xo4|%=H5RX*CMmb4A)N8lT(?mY7u?eB#q%1t3cbsl~?QB zm#%2OvQT%r34_{RiIj&ryOntUp5t?Hd_OZjrZ#pL=pv zK37FrW{E|*Pf0~cg`0nIj%$u-sJDfQx38aHS#g?vlwU?gh<8?ow|kObB$uw8LUD11 zZfc5=si~o*f`3VNPIkFMNM?FOc4=rtScJK|X>f8*MZHO~zo|)9qH(fwV6e7HadD!F zS8+&CW{$BVSFVwMacEjrVroQ+zgbYWS4Kc?fn$28K}k@Kx0$xDL3UPBcCl}0NN%Dp z$U4i=uu_je-Snc=#Nt%0;?!gxqh!m_luD;^<5K7HU>|P-9PBK6Z*rc$ U&}n6KUwYQx4B35lvy?Ql0a|I9Qvd(} delta 403 zcmX@hyp?%^PJMB%LAi;3c7S(YR=B@wS&mmhaFkzURC%~Xu3?rzfq`dPa-zRwcCv49 zGFMqeg=Mm1xJ9bFS*E3_p{tXVQ+{%8l1W~YcbP?%c7SD}Z)93#xRM}1LhQAw^-NJ*}@SD<@=MObOD zx3gzJWpa8bS6PmUV_;QDa)C!qQK_4|Wu<IOuEen5V3)uu6TgDcvOq6wQ{#a0 zR5#1|Tr<;jqY@AOAV-(fVlG`>T?OydKz|n_LoZMBjLdNNjEelE ssh-ed25519 J6ROvw vhM4sPWz14HTrKdQxiWLYBm/TXo/1l6CwiaJ7EmYJU8 -TCctAq+Qfla80DytVMJDQkC1RaK9WAf5fcMPDmDmhlg --> ssh-ed25519 Otklkw Y1BP4NJgArz3nkVpGi6sOTro9i1c+uDK0PSJmVlU6lc -Ef+o71ZjIfcZGSHRVr1NyruXfL8224EGr2XJJPhwx5Q --> Tu&N-grease o=E _Ck;Cb (8W %P4 -Q55c8ypTe4XJMIPF ---- NKZwSzey137gDyVkvOx/xtflph72P3i7FHOJn+y57pc -À…{-¡è/¸wV;=B Ùøä)%pÐèj^¸5™‚§0)vSPáí²J:ùcÀ@†^RwçXcÊB‰Ø‘ú¨mˆ£{ñ8ÌD -–ýs \ No newline at end of file +-> ssh-ed25519 J6ROvw 6xTpzGZVzHkMht//QBfpGaBCCWfahuCf0BBKutsD4Rg +NoNCHpNncTcMWu2AElA0tRDCMPPt5xiXnH6Vm+I+U0Y +-> ssh-ed25519 Otklkw OYeDdk4Z5Fr/5GVpFHNU2ex/VmfPjkKlJq4Dpw7S5yI +GKRG8UeD1/ML3mn/DWujqUFuusd1nC8hPZlVLaQh8ZY +-> 7-grease [T4tw\ GY6J ;HK= ?D# +1K7b5AWo/MBZHOx+WIMRwRTpT91TZhWniGlYxmoTrPrWQHxT4A +--- +weZ6uZG5+mxQJJWqBYxJ5Uhgor9VklLLOCkO1syoVw +GÓY –Än­6Oè \|aÜz ¹WöàH`€yÚ)Ñïm×ǃCãIs3é±kRI 0bE¦<ÜÂ5•ùÈj›ª.!Q8ûI¯ø \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index 004986c6de30b0b209b8312b4999b06311f3ae4d..f67c2db0803e72de72c7a1d75381d0ac661eb23f 100644 GIT binary patch delta 421 zcmey)e4KfLPJN=WNpVn6Qel!;QLv|Pfpc(aWp1{Kr)6r8S4NISg^`=1L6n(OMrlZn zCs%n!m9b@Fm`}2oMWkU?N`ZT&QHZBwxv6ELk$0qdcwt^iSx7-(NU4!~GMBEMLUD11 zZfc5=si~o*f`3VNPIkG1rCC~8QL(9qVX$_nr9rrvcfGH9hMB*IX^6LxX^MVIW^sz8 zv8!)tVu?X0m$Ok&ScG4izqv(;pLuvdR%o(oQei-9rKwSJZf2&pkylB0uA{5BTfPa{ zIvw3Cm1ylM-Snc=#Nt$i0C!7G1r@Hui0mjQW0%SdeRur~AMMH@pB#^DWAienvh?)q zRP%aE&q7Bh?~Dw?%8Dw(WLKx4AZ=%DOCwiU0sE6ALpow0E3{+?Br~3 zM}OnI(mYpJ-}JBygNX7FZwqI?3@=A**U-WupJcAN!ELFB_g`6kqR&_^&LBGV`@9n+ z9mP|Hq88d%Z85FXHF0jqaacLuh10i9vbelU?)~HBo39^#P`c}T-C#C{vY?rdm!8wH M$2o685^@#906IsHEC2ui delta 469 zcmX@k{GEA%PQ7!wYiO{sV^L1Fd3tbWmSbp+ak+7&foXPxkwHOVv5B#nQB{^vR*_>! zD3?WfM3qyzn`60;r@3i*Xo0zpt4~Rlzjs);QMyr-rJ;w5yNP?Ho3UR=AeXM4LUD11 zZfc5=si~o*f`3VNPIkG1Wv*{UN|>*|X>nL`rE#HgZhdaDaj=VtUzoXjP*$ih2oqk(BT z$U5WXbY)*<-Snc=#Nt$i*s#Pn{{U5m6r*yhY=t}p_du@H%3xD(eP0(t)1<%%zp#A$ z!m{Fee-r)4GCzx;aD6lHkccX$NQ0DQkEjyQ^uVyH>`-IBeD9E?3irtTv~r^eE<*!< zcR$ytT-V@W^MY(A|7_pNDt~VuKW*>e$qd=3=RFA?y1MLF$ zyfU}U{QRN-FQ-aVZv(S@*PvjJbYD{^56f~tE}_3i15{s0_RJAe*50V;z4AZvlC@sy z+0Ugqyu}WR-<^HDmll+Ah;wqBEs3-$GxI5GBT&a%*CjpAm7tG*~h;!IVmH`B-|;_ zmn+1;v$7z-Ji^>K)GWly-_hU0&okdCFeo>}wbDJ(CCNO$&`IAgKg&PcgiF^>p}06h zH#Nn`)YQ;Y!M`LsC%at1A}grSKPNjWEX6#)Akfbzy*{uiD=0bBG26>HKe*U5-yk5o zz_TdTuqdRQ%hKK5qtv6!DAzbW+0{MYwY(%eC?cf5&Dqp1rKB{tJi|9%Kh>n9BrPQr zWSymRgl>9KYGQG!f_9p6oi$g6nVC9iJwtm zWoBiGUpbequC9W2jz?-lXp*;ka9Ubuwu@6hPm7#LdFpJv`9A#5^D=D?2kR#3;)nBRC{KBdAc{G0?e8->WFS$S}m9 zoGa8XG1NCJ#NWHzI5E-PJ*_az$tMAlWq1!noMiFsQ&WH?uq) zWL6V?I28kZXRV`dgW^S;y4TD^mn&Rm5v-coB6v3 E06v_4q5uE@ diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index e7fd620045a88064adc83cf0bd65ef8ab98a85ef..fadb481610fb0de825941a46acf54e36181df24d 100644 GIT binary patch delta 737 zcmbQo*2p$Nr#>SmC^y|a+$1W~rOeyeIoqkiGRPpHG_%;>F}p0q-M}%;G0Y$-CBV=r zl&d7a$jL`LAlEE3ry#WkzzLM}d!@S#hq1g^6W^w@*lMd48!&MWSbZu(K=I+shNO7U*{r z7&HHvR9w6=c=A)T8!m}&))q2wdI$u*cWs!q^XTVg2BPj#k>{3d2@$$vd3p9LL+_ds zPcO=g&+@wTF>Sf^+NS>khtpj`RZp{VtD5rYU3N99e{$}KrcJ<{OG&-Qjn4kE-yJ{c zdS`)9=Z6>T*Wa&lJLlal_vpvH%k!%beN+iOR(|NlC$E~hJKZI=KP?J8;rH}#O$(#y zqrywuL=HPOT=dtvsedDNk(s|$arDX^8;-p$u0EcznQ`aRlCO__{>5cD)~f#r~O#nL8~k|4!S!y79|~ zD2Bqv`t9{hRhH3r7ag7RbMvD8*}Yq>UWG5veOCEa{f)Lu9M{*rua9lMco+Lt)D}m~ zsQDV|oTgRs;AY-o#YI`0?W8`YMYeILC?7t$+-1Rm8I#U@3+@+LVki?;aOAV;rz@gW z$0xHfOK>{Wx#U0CTvc;=t@8S?viVo-Ev&mzF9=WZNn-wVa#Q0 nd$jf~*VE@tQ#&R$2_D|?<61QTKK1D@3+>q6XZ*Al{%`;Q%p5>_ delta 766 zcmZocODSi8iq zoGZs%KRGBhEvX`b@5GoUCVJRmcm zI3&{CFR0vr%go0p$JIO1*FDG6%*ijMGA$&58LSU|fYlcFSeXUYjSyCuhTB^T6TA)XGwrgo+aYRsg zMw)lMzEg;oxuHd1j;VQ?sdt`1l$)_5m#(g^LZE+gVMb}1aY#UrpMg(`mzzgUM4@M} zg;{B!Q&L8tdx>Y7c1m(qN_vqimyq4VIELQ}=Y4JnG92B&XR^uWhT^*J&y9a}{?HI< z^L1P>-B(d{!Bfp$x?f(e@4CpJH$N{XGJIXl^UL*HHQr8oeNVCbgGyA_rITx4du%q_ zarElD2YUq$FqIVD6n6OPeCSP#RnO9=jAk!nzgGWY^kd{y_x&-$B;q}D=y&(&TvI+q z_pIn#7q70{b))k7fegNHx9^%Xx9$37zu>fM#2l5g_X4Y}HGd|)ZokU5-COMNJh@9T z?xK2XUtj;aQdK|i$&9qE^L=94oboEmDwPj!`KUK}PWr9H+ZqaWYg02PE9`o+%joj4 ze@=SybM8&@n6l-E7W1w+G4|(LS=LU;uXe28UVE)YFr#t>JIAT1>^lz5t}ed8YuNXp z>XP}qHfqh=W)u7TkaSd1(`lU-o?oR!O|=wPo~|?dC!pV6&U`y5;q<5J62&SLKV>yq zYn~~~Q<^PjxJrDM^1Dp=D8ralsgHMv1W&j6QrrBcxonOA@57X9d$}^~pWXGG@bJ)t PxEH2+GfYmk@NNVEcM?FX diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 38f4bebe50467fe648957e99fc6d01bbe67b1cf0..780999bd2c3995dd89f1700935611c180142365e 100644 GIT binary patch delta 784 zcmcb@ww`T*PJN=6sk5(9p1xDIms4P{PqDL8WQ1{Op@p`IcdA=OxtF6~K~+kHzd=M! zF_)KnVQEBYp}BEoS%GnSR9ZW_?(xpIKEzU_oeZrg^YOaY#V8 zPjaw}Q?`>USBYt=tA41llTnqENqL!RREc9*REC#hv7viVa$Z_#T4Hvvud{KHMUa;( z$U1dT@4PZiZQb;u)WqUcg@ST*9iOt`Vugq(D+h&=TrI9}vz)@TaJR5Dcc+~6^vJCI zqT-5r_bPY4M8{x%Ki4deQ0>TUmway@M{mo*z#t>{lI(K*$V|(Elt3i1b7c z^W><2qP$3F{i=v$b0>@BkkHV~V145dgRD#+A4{(g*I?J2fPAjh0PZCl%FTGSSS90c zn$^#ARlKX47Ib)Gi=??%@#O&L)m&<&*KfKlt$!;)Puzx2bT8M|g}?6IN!Cbb zKInbZv+7@7VXrz%P;}4wqPU4YRUgd?R&dR<%k7Z}l$_)LRbpFa&7$cs2L%m7_Hiug zYpVRcJv09f-@{-2kIo-V^xUP#Ke2h$V^#T2a`WAs^VV(HR$mfX`72Ioy_v^~mvt*e z{TIgNSaNjP-+$Tl@9Ke5TsJw{f|dN7YvRc4xW|dJWS3!w;m{DbfbCg$dx^rf+se4ILnSqN*W}0c9rK6jdnWKksNlJ=im9{}S z$T~Y;^8|lG-Snc=#Nt$i+)yi(BF{WUE_dJ10?*>$&~oo8^Q=k_gYqnkqT;mh{1Pv> zyxjcyqLT1(S8XGYus|cz%FKw!0!N>aY}2S5BcnpMsz`TV=OQlcLL-;Zv;zN>z!cYX zf6rteA5Sx~f`YIl1^e>>Rt{`glbmU%r%)A9t3 z_@-;*shj$qntEZL7`xQ3sZK>}O|Q)~Y@2GpIq{_AM)`ZCPsJ98ORwj)*sQQEfbC%C zBc9mlGV^k)b}O!URJ^t6q57)0mwIum8cQX3bk3I_vvgj%`jzPvq8RNWqsb)=Le*Iq%iok#~65gXY7MsS1BuUjCLe zJi-*s*pK|VE*ug#qC|kF} Date: Sun, 4 Jun 2023 02:44:15 +0200 Subject: [PATCH 600/988] ninurta: fixup --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 686be96..ebf0007 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -44,7 +44,7 @@ in enable = true; port = 2222; authorizedKeys = config.dadada.admin.users.dadada.keys; - hostKeys = [ age.secrets.${initrdSshKey}.path ]; + hostKeys = [ config.age.secrets.${initrdSshKey}.path ]; }; }; # Kinda does not work? From d26c08e27fa89f9944dfd2507800ad4c8b63b5f8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 02:57:09 +0200 Subject: [PATCH 601/988] secrets: rekey for ninurta --- secrets/agares-backup-passphrase.age | 18 +++++++++--------- secrets/agares-backup-ssh-key.age | Bin 860 -> 828 bytes secrets/gorgon-backup-passphrase-gs.age | 16 ++++++++-------- secrets/gorgon-backup-passphrase.age | Bin 470 -> 394 bytes secrets/gorgon-backup-ssh-key.age | Bin 863 -> 813 bytes secrets/hydra-github-authorization.age | Bin 575 -> 507 bytes secrets/ifrit-backup-passphrase.age | Bin 409 -> 398 bytes secrets/ifrit-backup-ssh-key.age | Bin 826 -> 753 bytes secrets/miniflux-admin-credentials.age | Bin 427 -> 456 bytes secrets/ninurta-backup-passphrase.age | Bin 520 -> 518 bytes secrets/ninurta-backup-ssh-key.age | Bin 804 -> 785 bytes secrets/ninurta-initrd-ssh-key.age | Bin 780 -> 767 bytes secrets/paperless.age | 17 +++++++++-------- secrets/pruflas-backup-passphrase.age | 18 ++++++++---------- secrets/pruflas-backup-ssh-key.age | Bin 872 -> 878 bytes secrets/pruflas-wg-hydra-key.age | 17 ++++++++--------- secrets/pruflas-wg0-key.age | 16 ++++++++-------- secrets/pruflas-wg0-preshared-key.age | 16 ++++++++-------- secrets/surgat-backup-passphrase.age | Bin 414 -> 427 bytes secrets/surgat-backup-ssh-key.age | Bin 769 -> 877 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 815 -> 817 bytes 21 files changed, 58 insertions(+), 60 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 9905cef..91b4ca8 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w 3oYJG2mkd3gXIQQgGm9D89xl1Gq4JmnrJWQHiyygXEw -s26fjzm2jnlxPW07fmU6KPfrxHZKItkwBm9tE73JgRI --> ssh-ed25519 Otklkw pS1oY6ol+1qOIjVnkIBEkddomqTYhHJWoP7LIADRF2c -zNExDxtDV4oITTXgK6jlpgxmu38KdwoN6R9IA5+Xmu4 --> >\Wl3_-grease heRj:U+ oLyZ\~+" (*d -FmNGqf0mDfPmSs1m4yBiMcrCUiKeGuNUsBJIvacjwVicuBzn0rW5wSM7x/ReQgOF -vyK+s3fi4wbgkPO4z7+8NC0h3T7opeYMrQ ---- DupcVi2vFfXdeQGE1NdoDq8xw8xxKfqLjjbHhoqgLm8 -8"žo>XuÙÔίңóÕ'øtmZ‡aMµƒ†Œ8¦¬µYð½cF©ÞÍ» $\ÄTÝƯΘR \ No newline at end of file +-> ssh-ed25519 L7f05w d7GeMCNl1yWxfvLlNsZrIDb4OxSADD6D4nvYfYZz7Vo +Xe0xWD8Q6tKR7uIDFkD+/jgfUzUOX4CrxZB5o9bM2zk +-> ssh-ed25519 Otklkw kek8jZrI0Qz8s7G/uxuV4VUYs67TrUd/+/ZAUD9/k1k +v0C/+QO8x2ThAlH+/IdVorUFwnNrHwbCU3zWt5TEwqw +-> y'2X-grease t2m2yjI ag|Z +mhPGDYZmjg1cnxZVTyGYh8H4cnO9mSCcWUSFAHy9JgPwWPi3LyfUkhBsnWpkE7zx +9AqAUKb5e2Ezqtx1g1l5G1mxmA +--- NJLZT2v75GVUojKNuRKa7YEM5LxiC/Fd48YTbRrLFsU +tý¨ÈÚyxÉö…g€í3âW·°ø1ðœŒø´j(·åû¤x½”ܨբTnãJ¦ e×9¼R \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 6abb3ff3dacbfebcad88db1913e1b567202f6a28..0cc83ff50264771089bd73f427480c42ec9c95b9 100644 GIT binary patch delta 797 zcmcb^wufzkPJKyohOV zI#+>_NlvC^c2>TplVPH#K|!)fda+SqvROcuYrc`WuZLSkvS(6ON?M+IIhU@TLUD11 zZfc5=si~o*f`3VNPIkFMPF`AYxq)X|j!9a+lXh~YV|}=xW3H!vYFJK4WOi7DYgkoD zsGC=yxqG?+SCCt-fq!y%a6nL)agjx+QIcU*uzPt)Xr@V4hFhsoNVZ>PvT0tDlSf%H z$htZmMT6SfU{&4pqSVCVR4#MBx5Ay=|9P|9bLc>h+vaqVCBBv_%kW7CrKSwTIU0nr}(9n{!B42&43ImHA zL$CaDH%q7VD$~+rzo?MF!VuS}6wh)4XOj%mpmMIc6K`0b+Rx3T=aKg<{DR-n-`$2= z-?g_W1ZaH7Kex^O(t11L(S2B(@uC88(Q_< z`Y`EP!@D_EzfL^6+rF!R&a3X#df~DU-dnK;u881~Xkpt^=J##hLc=}3?YbUcZFhXs z(8l5tcGT#qaI#-ZYn{!x(%joE-`*zPvahnOS{Wd9?ANa{#hRUGs(6@Byo_~T`rdzO z^s39xtcxpu)EBu-%JxbUP3MVqxD;<)VIDH!D$~r1Y^-XlB^GQy+5Y*wJa4tm%xxci zE;CsdCor|V`|EhiI%ARZqRvexCLX=VEG%y3vWUf9QRCxQR!O(q?T2p|7pq?gkgn+y zP|o3)<)W!`pVR5i#}CsM?2wb4?nTl@SQ_@?&5=1>4vLhJvJUHIP<=0_P4s$Cprm< zg&JJ>eK{vI)5OoNIOJ=y)m5cJ=H(L`uG5Sy@>_XtMtEcyE-u|s62fP-KC)*?7MH=B sM3?!}X}bh3{re@Y;Vm4|C+6hZP`K&vyqC;TGJz$+Qg;1vPqn;j03%>ZHUIzs delta 829 zcmdnPc86_(PJM7vWr&BFxwdJ9aZ+Mpp>KI&sgs9USZQvqw`sU`NMV#oab&7Vs83Kx zBv(jfM2LP_M51SEuv<_@u}67MQg%>rQLvv&No8V$tC_E{eokeQfuTueIhU@TLUD11 zZfc5=si~o*f`3VNPIkG1w~tq_Wqv?nMoxBMhxqggqw+%wpn3i zg;!xlv1_g`mvg1Ruc3cYrG9vNy1rqGskukFc2s_OMp1UKp_yThi@AkoSh#11M`}?h z$U2AWK;87B)WqUc1;u!U5IY;)fO6e8V&-8#q z^URV63p0PSQnT{FuwpJMw9~Su(E;;_cjX{qYHD#)ycE3L7R$ z*K!#C6;s^$#JfT`W7|@%AP>8@Y&DVDx1X*5yzS(APq|G2-c`TUk4xgu*Apt(f797GxC2qdS&fOBfr-l`2LkSX04dN;ZoVkYN53WCtv>F zzu*4KXYGge+w|>rxI1ot`FUPku_wct&~-J*Glfm=bnynO^xvC*ZlnDF+P4i{hXnj1 z{RO4|ad`PuZj#+_fOS)j+g^2xJyUaJk6cPiV7_#D@4eL(`{HN6WjMFr%%Y@5;l_-f z-Ev$rzpgVf{QcL{#Ex0YIl1(#n53z7;inD$|6SPG_lN|2%dcNInIp<}exmzQ<-Nar zPdsv*U2C(yyXTnG+X!C!qupOuycM2*;rf1q{3TvV8?$}N-u}E1^J4vtgPzko7#FCo z&@^y5ZP;3KyBJgb!e7_LIkGoTw7$?|_wAj= zoRp?T#|raKaHPC`y!1;Ai`jYql{TizbC_Bi?ZmRAf7S(blnWmGceieW;qxmEE6rp! b@cM3^Af$J!{9D9|C- ssh-ed25519 0aOabg N5d+lkvPh/tR3Xfp5XeRZjmYTpDW+BrBtXOk0jT6kSo -WpC1tzU6xs5Jk079r447MURYHmXTyl9Mli7T7hC5xxs --> ssh-ed25519 Otklkw onPlIst8twtnhH9Epo5TFNjWOemHgwpXPdFgzF9FviY -Dk+98+XlnS6tmtx2y1ECT9P4+KXqwC8UDRCUSyP+gxo --> x)w ssh-ed25519 0aOabg SlLjQm5KXoSUiZE/gUhMBRJNBIdoS18yoIhXI6c8kHU +fC9td4CcMGEAPpVI5HeCuRCXHyBAFpklI5JYyNGJYHM +-> ssh-ed25519 Otklkw DXkfO8o4nSTK/zXcL7HveSOTI1Okn2h9hfWsjCm40BA +Bo5/7HsSRnlKooC5HDI82sLnOv5iBXAXJpmMYCi8UMA +-> )1($Pr/*-grease )%t3pR9; zoVOMcW ?h!a 8f'|6Jp +ZuTOkvbe +--- KezSp75LjDnglcw0drLfRbXGtuy1LdK9irYZLd6tfl4 +âõ·:Ÿ?e²lÚ‰;*¹³¤X̯ñÉÐÛ5ùMæg^TƒOþzÔä’\7¬ÁPó·`á \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index 7606243fbb92809dd01d68dfcc40628702cef38a..72e5a50af36eb7a03bc50167099cfd3c8c0ab63d 100644 GIT binary patch delta 359 zcmcb{+{HXWr{1V2$TB^*G`S?BEXpX^FWlF=DlsfD&9N*hz0A`jtK!JlrhQ&oeDFQ#-FBl1tZ4p}06h zH#Nn`)YQ;Y!M`LsC%assJU>0aIoHe6$=}J>EZN*Rt3KQ<&&@O-x5y>mveMNj-%UTe z!pGA%syxh>E5IPk!p9=qJId49Iol__A}J`_GBL!lsKUTKJtHbK$z8v~Cq2i$er|GRW_F+vm#(g^LTF@|TX}_hS*5#WzM-XAMtMktS9VrdaFKR~ zdx>L0ly+clR6wGMpGRh3HW%Nz)iLVRR#r%S5_f3)A?tp9{?taz+^40_J(*kbi*CVlDsr%jp&Qdbd2wbB%w#n)80|+L(3QZNqYZTn_bUU2#8M*t7L&w70E2 E0345kiU0rr delta 436 zcmeBTzQ#O3r@q)SIl?uDBp}06h zH#Nn`)YQ;Y!M`LsC%at1-Oa}=G~C;$ureYg$vM?Ius%DlG&kHOF}S?SHQm|0BG|G# zJhRAMKg&IzD?B&TqbMsVHQC%d(JRrz**U<{$1u&?rOGKi&&@w7FV!O1-^a%})uYlE zWL-{LuKT^qSgQQP%H!`oue&@krt9nJI=-*` eKiL;=WO$wUZCPyi#JolCO!l1Fv0KUd)L{V5gqu77 diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index d89b034f248207b789ce9d70b29b16ffccfba02b..43c53c49c0d0ac9ddc47acb3cb33a486a6f2ce03 100644 GIT binary patch delta 782 zcmcc5ww7&zPJL;lzH3CNNls{rmw8BpPl;nyu}h$HkVj}*hM`GbMrxsPfMHN&WU5bC zC|9m&WN~?_i4o@Yv$abTcvR&uCzF_*5LLUD11 zZfc5=si~o*f`3VNPIkFMdX}Y8US)(uihf~LL}H|QO1-g5Rz`(sdU27TX{ocPL3)x& zV6k6dRa#y)mw~opMplrCd#Z_XWSPI8qi>p*X?cW4giC=zdX`~9Ww~Ecl8;+>uy&X$ z$hv?;Ki%}A)WqUch2#itw+aO%uGDnL9Cw#U%M>H$pn|}NN~e^Z6b}pI;DDT>T$Aw1 zF#nMHND~9IWG4%4?K0EItkg8^97nfu%gn-}N_Xwl%yO>a%wRJvU0q!TS0h8G9Pf%q zb7RxY?7Z@<;*`(=ePe^DJoCJCBklZB%S^{S-_**qiojy7A0fF*o;h4|@!Rpitn*9$ zuIsPowr@44vpO+X-FoT$iako6YA&v7``o1tT&?Hdb4gnMljE_Yo+r|MH@s%&;@!LT zZJz8QhnZ!cLOdr29k!Wo$)mNSo_j9n-8mfX8h4T`J_kT zs)+wxbBk_k^KUkC*!gg$ee>J%rzP&bShgVf3PF_yB zz4d$4uI9^pGJf@&O@dwhs!g|BH(a!4U2|~G{`}LoRN@o!&6q2~#11Vyk?+fQU|+_g zl-2u0QutSx{J3wZA^LRIvlfoIes6^=KF@#pSoU(@UKgz`woAiXJp9||<;{LNJ#^2d zMx7da2G;bvg7BgqTgcA&WVf%&k<$QFKT#+E delta 832 zcmZ3>cAss6PJOChgio2fhk<38X+(LZTV8o&zN1N4X105#Tco8=fw!@Dsdi+PrF(I< z30HDOX@q~7S!kL?nR}U=c|eG#M}V(asgqHLbB?7`PENLaQfj!db3kd9Czr0BLUD11 zZfc5=si~o*f`3VNPIkFMh(~BxMM`jRQmJ-gL`gwdR(+OsVp^)UtATz+vc8c~VTPGw zMns5fzPD>ASAdsgxvz6bQo2WBq;W++o?%dcxuvsVL26-Yo<&JOxqFUbXnC@?X+UHs z$T~-t98cZ!qSVCVR0XRlE`x9vpS(O%-&AeOP&c;#M^}qVm*7gzin1KnP?KWq5?>2L zudLGgG7JCQC@=Ta9HY>ZJoCsZZ4ZxZ_ke7F?Gi3C{o*M9tSE19myigP(xB{oqdb#h zcmEQ%G`Et_q)|!5hBggVIcVqYPKrUTfT?LbDkIE!{mt-?v z%Ob<<5OV{w>_W%z0Eyk>}YOwVWDHcgU_@X6#=_v zxjfP}zQMKixZmBP)o)}yFByhA6{VlrbT2>b(lHmAd6qXHt&fY{Jmc$vfa}{W+Yagd z-L;45mtByEbf|y~tUF9b6@_iwqd)9y~+Q@fid&)=xOdo`MUl6L<6HxCv&fBUhsQH8D0;l)+coGXg+ zk97a7x3pfgrlR~w>4{wmk<~@I0s&F6v#-onkez)XJ?fU0M1s-pDetU4EtK4TaocG- zEupLP&12rJKQ6Ox-im;|H!M{IGhJWK-CMlNZJ9!puFQ4KjY%!a;aUz6eo7nJvqQ^P e-;-SU_0%7ZQl^9*d%x!McGdklpKvAJ>ni~6d0IUH diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index 4616b46b7f81c861ecdb41122f1e80af376fd552..f0c396e8746b42ac3fc25d83ae81785181a47fb8 100644 GIT binary patch delta 473 zcmdnb@|$^rPJObrQ(k&tR*JW|mx*s#VpK|CzE@g=iCJ!bU|vS9NqDMpqH1UadJhdu~~3oxmQMVP+oS9VX?1okiT(uS(32< z$T|nz^rFNhH6W>(lY<(k3%iy4l2=l@$ z$MV8@!?dKZFoU$foG@>TB*Q!(zf@P3@?u9WE?r$+h4M)6K;yK6a_xYCa(^H9(o}c- z;7Dy(eMe9K)SN1R)6DD;!|cq^s*1Egu5aIWUdWe`G^+EN7S#OUzTx{02N5pWCuz~X zNs|`vPT4YjZyE1b6%Ca-_G4V?w|SJKWnWFbJvpfE+*7emkEQQ5quy=h+J8loYweLa zJ-b$3)ZmKY6xkCva}wjyz@|?#=6kvHy^%QXeoU$?f#;_kOYGGb=Za1+tO;LH&YaiD R>;9sYi*-_a^{&kPXaJ16tB(Kx delta 542 zcmey(yq{%)PQ6d1VWfLxd2XJIS+-@GsdG|JX-HCz%Bv9_;?hqj9e z$ht5a^XiD0f=u1?qSVCVRD}}1>{vg2g#xcYvvRd~PX!aMG8gl#DkrBB3*W>FL$`v6 zaQ({qoS-r%A7AhAQlE^F6c4}P;D|``#47W$oPeOBjcfU-7Jg0mwpHy=TV^iPM)bzmmpsGZF|0qX`WRJ>_bS}rX-WrSCjb<~K zYo4koPLx_qnie>EA1%(w~x~08JcAvNC(;u^6k1`4uD;{u+zCYWm&P~xreQxp> zWsakg7i#$@8QiRU7`J6!%Bh=rt<&#aUE9!Q7XNVO{iWUY9cj($U1dZcZHQi7@W10^ il+V5EoZ`%Ne$lr$t6~++y$|dvUzmA!nP1Vagnj^rvBu#5 diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 968cc9f31d8b9257dad87c64d06f2f2b36b4d4e3..74ff2bbc6359e6e9b3dceeeb5a5225d09673069a 100644 GIT binary patch delta 363 zcmbQq+{ZjYr@qW1u{1QxBFrzyF(lVAD=^j5*s{Pa)iFCDFwo!EtuWPF-y+AT*v%k2 zlFP|7D%>?P)6pl%slYKZ$;~Op+cd{8G}Ev&DY8(%+}lw<(!?~-KP@mbn@iVDp}06h zH#Nn`)YQ;Y!M`LsC%arBG$+L~$g3pWFDuW;DaR!&x8A*^*fc0O-_Rt_-6$YJKPe~4 zy(+n~B01fHE2^R-zsRt%R6ok8GAYO}EiB5z-P|)dK;IzW#5uV%$JivRd{w;XlRD9L3X5biC4B?U}CUkP)T5wiEmCyN@aw1c`?__BX58EJ!?)_aohWW z-T|8jU0dax?)=PVxEo#lWF3FPC$Oxl(#z7!Bs(uRRlmSEF(k!1-!v=SC*QN&IMgsC+_lm@ zlB+1+z$q=OJln^}GAOUotJozy$}~4Pywo7l%-=L5%DFfw)5$TUDmgMdl1tZ4p}06h zH#Nn`)YQ;Y!M`LsC%arB$TB1_pu)|sD9=0+GrTk-#jn!DF`%l#C@tS5)Wg-J+#}a0Fg3+7s4SzTs65N1u%sj( zWSvopPO6KgnQnSfYGQG!f_jW0mtlyDpPy5pVP#fHptf5|P*uKbva_FouTMs(le1?z zm#%KUu7X!pWoep|t6`dvS%^othhI)wgiDcsj(KuqVQzSNg>$&Ri${89P^D+KC)e5B zi_B{+zW*|LeY>NApEuNw^KQ6EnK6f=!xe|lSwY!mx`%nfl9NMurng?y-fkayhjX)7 S%a^sye^2aGS~t6S;sF5JS%aL7Bg=qeq&luXmVFWPM4nVS2tvNl|d2TSS;qx^G5E zMo^GzVPaM?m#=oVc5!lUScFMvRbZ;6p<#JYp_hTPpP}gwNh;aYH@B(Lje;?m` z_vF(0kle(~@}vTDX?t@c7BccK*e8rvGfT)-(PcbGY{r8>R{j#( z(!br^yY<>H1y_#3deH~V9~yps{$i8+x-DKjdQ*P;yq0)9&6(k{?2cBOuur=zgtLRV zE2c)7b@8udpPNv7+PmSnxkluL4+62@lFD*#XmM;far{dDS(i->@5Okp>~%HYnf_ZMxeDL33XOJ36JK6_)3CQs+g z6UX#zWlLIkN^d=}jZ~R!9Hll-?T_q-XL8}m7XtqU?4Qu|Lt9+J_1oF@NM?D3`I*K) WzesFYxA#j;_R z$T}x|TaQHD^rF3bfbtAm$W1c z6La_ayxihUbA5f2(lDdEWb@LHH0`Q1ALk&`yvhjI#7eKwG>?>YE?r$+1#|ae*Zc^l zfb`HD%e0Kds^S1g7gICW;;@QJlVbNsvv5m;imFUAGoLC0u1Uq0{jB%{cdsopzjz{a z-4k8SpSnVeyu>E>OmxY*TFmU0JdAr3-e*RE z-OC?Q4c$|uU#9w=IQVj{$lodF*ixA!1>dS%IQ@pjq$FEz;eN;M-1jxV2+k^s$f7t`7j+-n3@8~=NE%Kx%%?y>B7Hv^*HHTy9=Ogc|*oLAkG={(TtuM&r=e_t#%9{dsj)`}7++!F=!UZqt{MkBFWA z_k<23vY|iTW40jGc4Nfruk!0uVPa7-KB3f8rj4P{oeU)>)yoLtpW^NRMrVd zp6D}~-}vE9{(P$sCdQHg_tP@&EwZY*H8i diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index cbba7f9f59a2230e48772b8c83f707f02d2ebae1..a9487bc493b5c142160a54675e0bdece14318106 100644 GIT binary patch delta 422 zcmZ3@e1ds`PJMP%kV!;(ZjQcDc~peEeqMk@Qbtjgv9p7vb(mKTY9OXenmlWnQ2+1mw!-Mp?`RBXhd2* z$U2os!^)DVG~M)~)WqUch4K)tr~)6SsE`zAi`0-b!>SDb{HTz?+|;mSv*MrNY`5~DsQk>_%1rGLS4YPT%p8zN)74?6emC?fgHS zA`TWiy@^_M?6caVUXMPmpJk>ej_DsiBo`&}Dpmel!g)QpecL#d6V6_9e%BsS!=Ul9 PD?YfntlVql?DiCLnfg_m)XZ(34_Uszdq zK37>(n6Y_ys$-gdQdLA~l0kBkc~Y@a9IWtDeoW}#6=VX13*hOw7rF_*5LLUD11 zZfc5=si~o*f`3VNPIkFMmS?!Tez9*zmY;uUc#)r1SiPCQL4kX6L4IXfP`HPGabT*U zhihJ&haGH5G z$U2n-AN?fV^rF4}=`cmmi*!=^vhw9F`JX7HR6FpY3bm;^&@}>Ej<^>Q@n*Y-a4} z%B7$06z1if7owk%l3VIoQV^9{Am;#r(j=C5y=8|<1*vEnN;OuRFza-;g*sfmgl0M=bWAET4rGY zvaYby#KpbFM>oAFHL*BV!Ajd+AwJbFDqkVGKq1nE%h)BiTt6bYFr=^`%Q-bYASyXD zB+;Ti*)`R>s?;?%DkRst$XL57wJg`ausE&QD5EmhwahEBBE2BJFeS&uGnFeU)x|V7 zy&%B1*rzhXG^{+!DPOS63maFw!N$#o55X)XO*6ry?a*+gm#-JIuf}HOwL`FgMUVKey7`rKBI(nVfEObh6L9+{em{=li>Fbuq9C Z3;fBievpj! delta 486 zcmZo;>0p_lQ|}&<l=IohL>JpX_Q5CG8k&|2O9Fgbc=$liV>l0E^mJtwQVCtM< zz*Xe!o|lts?Bg3*TAXGU9*~@tp`DhIl$GvLoSl;!9$@TW6y;)W928+J>>F1cAVw&pj8m#Ya7?B)YR&MNW;AT?clw4F+nUta(Y-Up8n^c($ zvd*!jsMK3Gy(l%YI8{N>ImbIy!80q+zb3($%dp6|#4IY&uqeve$u-^BGdZ}(C9$Hs z)Wp2r-@@BJ-z~YwKc~vgCCDr&Ju=rXG^4bl*w8iEuh`GrsVdt&+n>ug(LcpICBn6! zv?$mk+}R>O&E4JCH8nW1Dkn2PBv;!q*UQ(!DBIYxz}(5(-6+Y_(>yVyC?d@%#HTFZ z%{!9I+0?R>OIKG{p|aS#svtSV(=#9`G}S3SEx^6l&@eH`!#~F)(V)yPFQO>Ss3y_R aQ&7yD{rJQOs_Sn4e<)?WJ%Et=^L$;4HjBY@zzx?JX|i zOw18x%01sDZ@3&+3fiJ6zWrR~F2}e{w~Upiq~_Ew+F5#Srm;f)hr&lMN}u^fi&(t* z{QTLzS&ln*%<7eSy;^oVZ}!tzlPIN2FKqQa{--&fS24NE-O{e3k-krObAwAjOHq;4 znJQ(54C%CQtrFGyH+0$?c2&Qa)AHNCHT&a!)!W8aQ|1|cliS($Tb+;P)?K+x$7lWuxlqp(Y0INru=l^s+BmM_^uVnVt&JNuaxOjn z>{p(D;UrZ2l0x5Okz@AaK7t30` znI3w#W9Rbf@(I?0Z-w5}{aM&CnT7NAr};~dSKN%>=j`VY`m1dD%dCsJhs7HKO=C2# delta 772 zcmbQpwuEhhPJM(yk$#k=lZ$s!WMY-OqeZyCNqA<4K}EPlc8N)PU_q8wuCuXzVYyjI zIajKsQDSOPSV6gKd3JVqcut|Ae@eDfX|YjSkiTnLVOdIKVMbwUc9CUeAeXM4LUD11 zZfc5=si~o*f`3VNPIkG1g=KDLW>kTZeuz(!en56XXnkNnWsbj-PjHxFeqcbklciZw zX;F%{etJYGSD|T8exj?BwsxjpkWXfaudlI_QE7;`VOge=WkgCwNNJ+BWp=*5i?N|6 z$U2+M8oLOsY~A#t)WqUc1$TvGC+#E?T2|$kpKIlGPguVo`?Nv%dj);r4F?jKz5lmqruKgf z&QI*y^fl-9`V#R?irN(pAC7KRtNARvdlvKY=&<^L(C(6_|OpSRFX^Z{v2s+E?G- zH-(&dEBA8dqWWV@|80wEoL8M`+xPRT)V&<;cP}3pKV4p)rZMY*@xjUSzb`GGDPZ)* z(0q$u0G$UP+2JG3OnpfoTq zpR3r_$IT+k(5WJ-Ffb^~sL;hX)uhPGxZET$!Xs5XJFzl3$0N_(yC~BykW1H2p}06h zH#Nn`)YQ;Y!M`LsC%at1FkRa*JKW2l)HTs7t)#F(zdkQ3**#D{(%ao7u*}UTUpp;5 zBEw7HJv=a(D>yLR-NG_5-PqT%vZN%nD5ES{KexElC_K?D&D|+2IMFpTD$=VsBR?+` zWL;27ZBa~sv2J=%YGQG!LPEJ&ESGOsVPv4AMY(UTS5<_Qd1_ffVt8I4m#(g^La1+U zUSUanRY_%@pP{y4RAgF6d8SiYkwtj0QDU)nW|5OuN_wPeMU-J$K9^$3vbk;Nba{l9 zx~yM&tHkPBc&5t{n?v!7_T6*b+1GGq$uo&=QAftPPtS0F2sT~cIKl2so#?uKE7go^ zqZeOV9H6;klkX%2?t^RZxyRJTvJ1F*m)_iZEYdWpzTf4iR)=liG$sZG?feaQ#2BaC zuV1Vi)YbX>%1o`BQ;&o{uWJ;)GEuHP;h=1a|Hiey6n2IP_->aB;W;_aws+gEfA`jl zMQwj=x;7+ci^t}rlCxFIlWm^8KHa?8e(pa@)fwBoXJ>agOh`Gm?Cz#Df_v9LnNU`7 z&yBTFxBlee_W$?l{YB3Ax!-x%zh%H zS4%bHDOMtXyo}6?o)-k*Bt4O*xnMby_3P< zM?KqmT^Gq^n|39%oe1eyp54g)oNdvvCjl+T`#b!N+XU3#ThDYly*lg5>thBYW;L=O l6y_?l%y}vqAHDIJ)zfp^PI1+_r+Mrzn#}7u`KjvXg8<2ILgoMf delta 748 zcmey*+QT+Mr@q|7P~SAbBrD0tsnEULptzvG!_dn!yfV_mB-1S1*ey*zE!SN?JET0f zm@6f@+#@5>xX3@zt2A7{AS}x<$S0uO#k4TWx6Crx%)K-7jF(*90 z-z?J2Be}|iE6v-h*do%eq@=>b-PEY6$Un)&#Wm2fA~o12q|)5QFT~QMDkZ}*G&nOE zWL=qVdQoa(aVnQ(u1lG-OL)Gcsi%{HS5A1UPl&&nt5;%HlwXdIr?aPVg?YJ8l7E?h zShiukrz4lHuC9WwXKG<;sbjc7Wl2?Pm{E{plBITPL`7sqP(gl9af)%MPjX0LW}an) zwh32c*mYqgrOtm37?x}Qy>QN)aq5bHXBV)%*(lm8Fz1Y?*2b)dJ3?FD)_sdxWK?^3 z&B{A+|4wpDlB?BPw^(uNmJMus9xH~o*f<@UUUuYpedq2)dd(vK;d3mnTRW@F?Oi7` z^OB~&boaVhU+?}pmmNE~&1UxEQ}2(v)m&na-@c>XLUgP7qWKFf4|9kv*=)}F++$O5BW)o$#b{#txW##^I>p?OXTsJ>sR;+&1cop z%DVXK*QvwIHY`u;CwIwpURYeGJ<;g=jaNIe7brzDyJaZZOMQ1ToHldExr?{IL^moY zee(UD(|1nMKCJg?MAMdka?(0w7iSkVJYk-(Z$qkh%f^KB%x9P_Z$18Us6Iif{y^`Z zC2~DGXXvvE+9|FqOxtaAyz$VpFD6C0oGUZ$K8)GuP ssh-ed25519 0aOabg eFftyw71xc389uIX9ot4FfXHxs8wm0gP02YU1m08UlE -oco0zG3lr1bsZ00EPy4wQcVlJcikCTIosr1IMGnWReQ --> ssh-ed25519 Otklkw ltt9Qle5WFIZ+HJ0ChRgH3HRAd2Fe8LnbKMhm39gaB0 -TAtlk9zipuyy5uJfJxFhPTEDyT2f4mHZe8fQO8KPmsg --> N7.-grease -AJ+nT0UYSra0V2jtsrcJBCnrU+I07Hju42wdnfQeUHKyvC3IwfiARA ---- rvzpsKM512EroJBT2JhcI5ScmqfCcZnJxihIX8xB+3s -7+Ûñú)wü1ñA<±/U÷ãìïÙ7¿ T#-¬>Œ^Yhd¦ÆЯ׋ßç:XG4[¡Á¤´øóGÌX \ No newline at end of file +-> ssh-ed25519 0aOabg deIgXn8a+arzwGBlDr/jSwh/yoZ4yNUieqiDOEVeqQc +MTYJWoYqvLCVh2Nw0b0dLyYR++kfUSVVGQuVlcXa3XI +-> ssh-ed25519 Otklkw gVXAVxWtkBp3qi4afl5/8X62iXM0lmj3qU1hzdLpoRI +0JNv0Gb3MrUODDjO9yO6+IUoP5wTrd9cu3B9r20umsM +-> U^y7-grease +u vsf{`Z$r +OPfX961ZFMCMEq5kxV2XmOS2ahq5xCrvLkORHK2xzhcYlN/7aVz2jkkzkkKxsLS7 +J1tpba10ZnC7 +--- C79gzWZZ5DM+/mEApSfkI6CcsWxEbYY3zq4mFMxsgSY +ÒrÕ ssh-ed25519 IXCPDQ cNSHSe+T1UqDKm83P0qSKZp8vno87ju03m9WyiJ+Riw -tEzazbb3FylVaKLO5gnyeS3rNQHXsn5YTwr2OFgXG4I --> ssh-ed25519 Otklkw jVyrr7ZxEj8sCfm5Ehzd2QAh+OM7GpHSLzk8X6Bl+18 -SPOMv8ZscMiGwNhHN9vqQFle+TBmZikND0vuqqkAdzs --> d/2L|-grease R%"/'] -DjR1vYE0RnmlJ5OSH3ar/tdTTpOxYRcOExkSE1AwabafQr09XfFVwPJXmw6FIhTT -K4PUR/F/Y5jgGnMrDyb4tJtp9ZwbEWa7PDcMUDqK9dlCyQwVeYPSYVDbkFSnHZB1 - ---- jfeKMacijnLf6HfDk8g6h/fia3f1TBAWUxjNDQnsLlo -ÅZÆÈ1Ãñ(!íœÔ~Ù¸”¾lN¹‚Ip“ù7¡¤œkªßU@jËëÑsµwÛêÜÔp£Ïø»i³šÑDám \ No newline at end of file +-> ssh-ed25519 IXCPDQ 7au8ttVRFBm1kmctLmGaEjH7D78NXDaqc3cV4yrJjjc +NBvtKrO3g4DlOEVzij8CqmLRVYQw/1dCt+9pFf7DRJw +-> ssh-ed25519 Otklkw kOFFSGZZfn+RAWP25cvPEw4XBYMyZ4fOko08MPDG8Qc +IpgpLCEnyVpQ6CZNZ9n3m5ylEhF9+OHsy0UI4DWpW+w +-> Wm?F-grease +vR5u7NsQMWovp1rY4E1qna+DdkaftC69l2ap4fASgPA +--- D2UKeLDiMJFkGHfJeHSRMHE3yHF8ei0CSv7DdJUkjaQ +u™ËŠwtÐÄ›I[øÉÔÄ%ðkÓë |Ú’Ùu… ¯¼?—¹4À+TìÞ6ª^Æ©¶`^-]³ã'4w×kC;— \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 021f9e29ea586f29a3e96c268f374457d3646624..20028f10cf61a9cb96409285ee3d49efcf6072de 100644 GIT binary patch delta 847 zcmaFC_Kt0WPJM}~g=cP2icv;HSXxoCM^b=URgqz7xmQ_XzOQ4kZ@z1lTWDpWyLUyE z371=OWtLa5yI-k^eo{tih-` zM_7 z$U1W~55+)lHQn^0)WqUcg+hzK1Pk3*9R)=@WA~6MPk#l)=&(qYz_2u~+>}f=->i_l zFxRB|lyL3bJRetIzZ|!uQa8hppnT)7Fax8!0wXt*UA!5YwzEU#^7( zCH)LsmAcCQcM8O;7q6XXxuVxq-%pX3OHx+O=2E0TM`*&L88;T17R^~LA)w8j=s7Lo zsDpTq>sBK%CoO>q5ew>Xu47)+WAaU|n_&W9kz#azszQtN(GQ-7Tu??%g^&Ik50wab}k{cj1J~4-F<~Mm+q{ z&?lwRtoQtWM1s;m-5+={SFg!DF pS-1F2`wwpXJL3*JndKj5TK<6PLe%Dor*3)so#0gs3(Eg~3IK`gO??0W delta 841 zcmaFI_JVDKPJN0=xwco5d1RPzV2EdKSeTEQzHwNDd6K?YroM}lPhzQgS%5{TpNE%6 zF;|5}WL2e4S%G`0S*}}>Z&j*!ihrJCRiJ;ViEm(jsk2F0hQEn_QDQ_;IhU@TLUD11 zZfc5=si~o*f`3VNPIkG1S#qeOag>>to4=t;s(Vg>M}4VhTDg9uZ%Cj=KvhU?d6Y|O zUTBm_MTCbhSH5X!l1FwR65WRj6tiFtBnKvY#xcv+?+ z$T}Nq1KsqZ)WqUch2%H|cgxBeuJEjMgXEO*qL6}M{T$z%49_U@vP3UW-<)i1%gBmE zOAG({&?2uA_aJRk#}G%e()5a=kTO5R#G>MC*Syf8Qg<$2k5D6@syy!yH*?P{BZHj8 zkifK1rxdTKw4~x9pTFi1Olsu=29{l+qwyeFM)bkD|zsV2ePmr2TVluJxN< z7m;#k2p{p{Yi1GoP;bIeV#X#r(*wi*q-%8y%YGTe|;DGHl9QRx`I)DD{_o>R3Z_j_4&A6G<;Z)N1q@GVN7|aai zxb4>OpYz(RNX2Jj>wlBz`zP+ztXam{bluC=JGz0rNF?ZSeaori&H~MfCH+1%=RPaP zlpHIKR8leMsZk(BR#4y3hQgo8^#aB^t%{+BgZv08Mz49|jh4-R= z!_GD}>9FkC0|11BUzGp= diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index e025f22..4dea193 100644 --- a/secrets/pruflas-wg-hydra-key.age +++ b/secrets/pruflas-wg-hydra-key.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw ByTB0Opyn8zf37r+kFhERwEZ1PzLZkqr9TmrKHNGcjo -xfit8gLtxTxFOslEl5UK84KMNNvsf/ZNhxTKjhKGbNY --> ssh-ed25519 Otklkw TigXkuUXVX7G5Sclx4cO54ja3cCQS+4ssa4JsTRil3A -m2/sUfjaeXdO6RkJhPmpAgU0tRlK6+M0kjbksMUTmaM --> 9UVuHQ-grease -secL2c9UdyBw3uCwSLK03iYMqs9S/x+uFirDTqCKyw6D+bc3ZleJF3f7AVMA3aCU -ELC8un6gFEY ---- yomG/W1kgewa+9MQ4KfIzKB4Tb0zkaIQyxdCepmYd6w -gte îô@»k~떸š}Ö·9°°¾d9Ù ÏЉ:2ßšýh¾>š"(k \ No newline at end of file +-> ssh-ed25519 J6ROvw NhnJG8rl7DqkPSDEhFAT8MoscmXkCcEG5IqyxLJwylE +Zk01YcwnP8KHyGS7Mle1UFWkzlYUnxqpQEg71iNFCkw +-> ssh-ed25519 Otklkw 0YA4JDFw2v6rZPd0zpDng/pxFXhI06Ys6Kte/rR75DA +DOronQJ6uW7D21bmRh8X3zUgxJbpwf+4g7eqwsFuMVw +-> Dh"]-grease kpC=cm +F084+U14rrqu +--- RXi5LwAAMah04DGTP1BYTkQreDzTJ1lcif2ZE4sFjfo + ï¼³ÃjÁyÀó[ãõu:àSž‚Ü ssh-ed25519 J6ROvw 6xTpzGZVzHkMht//QBfpGaBCCWfahuCf0BBKutsD4Rg -NoNCHpNncTcMWu2AElA0tRDCMPPt5xiXnH6Vm+I+U0Y --> ssh-ed25519 Otklkw OYeDdk4Z5Fr/5GVpFHNU2ex/VmfPjkKlJq4Dpw7S5yI -GKRG8UeD1/ML3mn/DWujqUFuusd1nC8hPZlVLaQh8ZY --> 7-grease [T4tw\ GY6J ;HK= ?D# -1K7b5AWo/MBZHOx+WIMRwRTpT91TZhWniGlYxmoTrPrWQHxT4A ---- +weZ6uZG5+mxQJJWqBYxJ5Uhgor9VklLLOCkO1syoVw -GÓY –Än­6Oè \|aÜz ¹WöàH`€yÚ)Ñïm×ǃCãIs3é±kRI 0bE¦<ÜÂ5•ùÈj›ª.!Q8ûI¯ø \ No newline at end of file +-> ssh-ed25519 J6ROvw eX4e1/ZgiIHwzU/wdJmAizVoLdWTIdBfXFy/RATM5Ho +BV9z3gp3LniSjx0425xy7NrVmt7KpOlduj77QkuV+Kw +-> ssh-ed25519 Otklkw YVZRmNQdFB9k/dim3UXMwMW1YJSBbMtk+kJ5urooDxA +V7tLGiQo88RI5X0ViSmAWxDubLdFzQ7VM8nf2PXcAgs +-> 24-grease +M4DzbwlJ7iM9dE0Ug/NS2iRU +--- l2RGwwSUcOpt/YRG/l3aYBiMMF28SoVNUc3nl2A++38 +5×þ”Т‰°H½ë}+`g˜Ë} Ûbœ‚aú¸)¨œ‹ËíÔjî6 9¿k‚³_Eˆ­ÉyS*ÍvÛÿÕJzbwGmp…DPÜC \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index f67c2db..d7389e5 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw a34sRRbqbJrSIMpCSuymk4I9eRJhl8x2FA0Z6BhuTlI -whz39aVLcJ8Y1jdpGy2TIAw59q2KY7WqntvTpQTu2Gc --> ssh-ed25519 Otklkw 96fvrs5H1S+U90W6KM7h6OH5TK25d/disd93EMeat0U -C2RVXNfO78tN7WPjUcEbqPey52cmiiK2JtWmAEKFo4c --> ,-j$[+z-grease PG9) $ -aXkZB3Dyh/G/hL+yRLlHk37vBvggke79IqABKhh1yxz1cEBRR+C+92E0pRT9Rg ---- WLCZxP0RikckKAO3nunEEMgVh0XwTK8CNhJA+EUqrLc -S†eÿԫȎ3^0[e÷žÈtˆs•Z¡<:´5y-4C„l@©ŸD M†swŠïãcÙëãð"ÝM×0›#6LJ.BÆãlìT`m  \ No newline at end of file +-> ssh-ed25519 J6ROvw RSmOQps1P364OmALB8CDN3a3opjVnjRetSrRNwRWwj4 +amGBdoyL0ZKnoNc3+uDYLCJxasM7fe8kMBpc27YDQXI +-> ssh-ed25519 Otklkw COlRXvKrV5S2p4BNiiO8+KTYXa4GueT+HpKLCIjxzgM +ui82jT1CSKUBhDzUcebhGhTBr6GyirgSkbqWrVrJXx4 +-> %KN@wF-grease 9Y'V@{E: :] +4OY+tb7//oCAEInx2fvw3MKp8yPIjXqLqtU +--- 0I3N//LfWrBi+pssXEPxmmbBfsvQ31MCG9UFAkisTMw +ʶ¢0™¼J–o5E¯Ö\ö—hå,D”Õ¯ß×J4WYôàÅNCŸ8$üã6R-¥ÀWeT”îd«IZÖ'R˜Â%‘ëõË& \ No newline at end of file diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index a5dcd3c90bc584d9776b4d5aecb505728a8e1df4..7107bfa3b6c2ef6ec02e8cc4ca63ae2342071e3f 100644 GIT binary patch delta 393 zcmbQoyqbA}PQ6!=SCn^DaZ;#uzMG|cP;Nw8xq(SiK|zFJq;qDOes-oulv|EbM0!-N z1(#u(mv@D)Uy83qfm5KniHUh|ly6a$43A}2RrQ}4)vO6R=doV;INz`=Mul-K*vBX9uI>G7ZqKe)4|eB`RC^g>Fdm&r82olaAEZgJ!eDX;^SJ0 l{P7>Sw_dw(&*pma-);TvN7}DM25=iKp4Ytmh6NKxGyq!lhFJgr delta 379 zcmZ3@Jdb&TPJL!XRdSAtL2yZKM1-@uk9$RBWMoc-nTt_HLB6MXvX6gda#BW=Nw`y< zFIR|xXJtWvd4#!fs9A`YzoWm0pJ%>PU{G#`Yo&XnOOknhp_9I0ewKf>374*&LUD11 zZfc5=si~o*f`3VNPIkG1MOILue@=E%Sc-XoL7<;cdVOG3R#0-LW44!ZesHmAzCl2E zfoD;wVNpmqm!-SAN2y1dQLb@%va5T(Yk5g{P((<9o3p83N=a#Od4_MkeyT}HNm@!M z$T~~s2;KCe)WqUc1?@EDI%}>BGc%ubU&jbHvx>;95VOQ6gOJ2T*8=w{Lw5uJ5RY!|11p!8fHi}HxXB=4~7j1nJ5GjFr9$k60+ zgL1B=23k4#lONprWwYq`wnEj)6N1h{!nPOoY@aWt^O-H{>gD^ZU(AbYDK4p*^L^R0 YK*QH&922kPUtvgaKc6w@Usp{70ENVdod5s; diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index fadb481610fb0de825941a46acf54e36181df24d..66f3f4923db673334371859a033b0579c4df9136 100644 GIT binary patch delta 846 zcmZoEvM4l(9PG+Eg;1xn@iVDp}06h zH#Nn`)YQ;Y!M`LsC%assG$7o^J;f)mBrMn4(%UN|t==mwr@}n5G&jRJI6I|4+tb&` zH!Z-_B|W2<%OE^3H8`Tw(JLw^$SuMx-#EiPKg&4C(XHG&&oMm8Co0+8C@a)0(4-_8 zWSw47RGN!_v~GG)YGQG!f}O2qkz<69nu1%Jj$?s_LV3DkuCpn1Mexo3%gR*_qUUvNmFSD;CXd%1T|QLv}GPidlQNUCL2 zUSSnig=22Mp-EtgM}b9|zmsQjaCop~WRAI6QND}6hhvgkg++Riv9GU}n`gddqE|YX zuCA^^U_pwPVRop$bCO?fzP_JfzGhTo#tVzuQ(x@T3qKM(efQ@RbEYg` z`EG7tp6u=)x3@34q_$!Ci`gX{@m5YLA`)*T*5|N+rtR@_a}?9;?37Kd z6%stEef1~u^DCa;m*?UM-J3a~Cfcs`Z**DZovi}pSAI=Rn(h&O_V*^gC2j?|qO%U( z*?H4ijB&z(;2Q>ECDGcfT^z2A`%n9pz?m_IvkyZUrTO>5;_6Ptbs|2Y`I*Oc)3 zf!DuNjz^u$uge&AI9!{^Y5wogPSC=lv1MCPD?di&kDaQuKJ{(@&A98@_3U6)X8a zicJdmUl*XgVz)rVYfI+fkOK*+a+9B^l+^cz9GiJ#Uen6X)!k{4!l7G!*G^L@jJnop zV|*<(BW~VXyS{Iqo!pOb3M~8K+!4XOMOg_ p_Gy%M=cgI<=PMgu>`?x7WP2s&0*Tda=Iebv?$8l(nWItV002skRRRD2 delta 737 zcmaFM*2p$Nr#>SmC^y|a+$1W~rOeyeIoqkiGRPpHG_%;>F}p0q-M}%;G0Y$-CBV=r zl&d7a$jL`LAlEE3ry#WkzzLM}d!@S#hq1g^6W^w@*lMd48!&MWSbZu(K=I+shNO7U*{r z7&HHvR9w6=c=A)T8!m}&))q2wdI$u*cWs!q^XTVg2BPj#k>{3d2@$$vd3p9LL+_ds zPcO=g&+@wTF>Sf^+NS>khtpj`RZp{VtD5rYU3N99e{$}KrcJ<{OG&-Qjn4kE-yJ{c zdS`)9=Z6>T*Wa&lJLlal_vpvH%k!%beN+iOR(|NlC$E~hJKZI=KP?J8;rH}#O$(#y zqrywuL=HPOT=dtvsedDNk(s|$arDX^8;-p$u0EcznQ`aRlCO__{>5cD)~f#r~O#nL8~k|4!S!y79|~ zD2Bqv`t9{hRhH3r7ag7RbMvD8*}Yq>UWG5veOCEa{f)Lu9M{*rua9lMco+Lt)D}m~ zsQDV|oTgRs;AY-o#YI`0?W8`YMYeILC?7t$+-1Rm8I#U@3+@+LVki?;aOAV;rz@gW z$0xHfOK>{Wx#U0CTvc;=t@8S?viVo-Ev&mzF9=WZNn-wVa#Q0 nd$jf~*VE@tQ#&R$2_D|?<61QTKK1D@3+>q6XZ*Al{%`;QubM#0 diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 780999bd2c3995dd89f1700935611c180142365e..168ea1be758898d2917e369e958af8ac459e171a 100644 GIT binary patch delta 786 zcmZ3_wvlauPQ96bxMgralv{;sPL^-3r%9w!P*kv2zF%>rfw4)UZ@!~C zAXlY#gs-o5aYbmJYiU44c51Lsq>px3L`hYavy)SbQGk+4v`pW`%vAF{?=TC0=hTP-Z;v$B^3aO3$=R{dR8 zG9!ayNkF>G^pZ7y+s?V%)~@V1#?zk3s1aZ$S#NeuPqD4A?YE(a$Fh@3`?9Xgc)Q=^ zqTBj?vp4piWqHp1x8j~mf?B72JzLznk^`Y{Wo5G${8ya&w$mpl{>#nW<*g>}lj^ts z-TJGxtL#eHhyGc|zt3HSjx=mq5$#QI5{}fmC@8|jV+jCvq{l0%=Rv@0lx+a;ffsAoF6?TQ6_> zIL7HL_fFis>(~9D`gLytG$a0azIeI+yL0w0cc0pz$|{RZn|nT=4^3L_#-sd5;?c$M jX)ZFMO{WC1mX^Al{d{WLacgb{YlX!h431~}Y|8)ugiJ`% delta 784 zcmdnUww`T*PJN=6sk5(9p1xDIms4P{PqDL8WQ1{Op@p`IcdA=OxtF6~K~+kHzd=M! zF_)KnVQEBYp}BEoS%GnSR9ZW_?(xpIKEzU_oeZrg^YOaY#V8 zPjaw}Q?`>USBYt=tA41llTnqENqL!RREc9*REC#hv7viVa$Z_#T4Hvvud{KHMUa;( z$U1dT@4PZiZQb;u)WqUcg@ST*9iOt`Vugq(D+h&=TrI9}vz)@TaJR5Dcc+~6^vJCI zqT-5r_bPY4M8{x%Ki4deQ0>TUmway@M{mo*z#t>{lI(K*$V|(Elt3i1b7c z^W><2qP$3F{i=v$b0>@BkkHV~V145dgRD#+A4{(g*I?J2fPAjh0PZCl%FTGSSS90c zn$^#ARlKX47Ib)Gi=??%@#O&L)m&<&*KfKlt$!;)Puzx2bT8M|g}?6IN!Cbb zKInbZv+7@7VXrz%P;}4wqPU4YRUgd?R&dR<%k7Z}l$_)LRbpFa&7$cs2L%m7_Hiug zYpVRcJv09f-@{-2kIo-V^xUP#Ke2h$V^#T2a`WAs^VV(HR$mfX`72Ioy_v^~mvt*e z{TIgNSaNjP-+$Tl@9Ke5TsJw{f|dN7YvR Date: Sun, 4 Jun 2023 03:13:48 +0200 Subject: [PATCH 602/988] ninurta: Update path to key --- nixos/ninurta/configuration.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index ebf0007..4078389 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -10,7 +10,7 @@ let wgHydraPrivKey = "pruflas-wg-hydra-key"; wg0PresharedKey = "pruflas-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; - initrdSshKey = "ninurta-initrd-ssh-key"; + initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; in { imports = [ @@ -44,7 +44,7 @@ in enable = true; port = 2222; authorizedKeys = config.dadada.admin.users.dadada.keys; - hostKeys = [ config.age.secrets.${initrdSshKey}.path ]; + hostKeys = [ initrdSshKey ]; }; }; # Kinda does not work? @@ -151,10 +151,12 @@ in age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; - age.secrets.${initrdSshKey} = { - file = "${secretsPath}/${initrdSshKey}.age"; - mode = "700"; - }; + + # This does not work, since the key is needed earlier than run-agenix.mount. + # age.secrets.${initrdSshKey} = { + # file = "${secretsPath}/${initrdSshKey}.age"; + # mode = "700"; + # }; services.snapper = { cleanupInterval = "1d"; From 224570ac3fc27ee25bb3cb51e64b9ae20253604e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 04:24:31 +0200 Subject: [PATCH 603/988] ninurta: directly ask for password on ssh --- nixos/ninurta/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 4078389..76b0df3 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -46,6 +46,9 @@ in authorizedKeys = config.dadada.admin.users.dadada.keys; hostKeys = [ initrdSshKey ]; }; + postCommands = '' + echo 'systemctl restart systemd-cryptsetup@luks.service' >> /root/.profile + ''; }; # Kinda does not work? systemd = { From 0e0415e81ef001c8bfe370eb47680e197068d453 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 19:01:57 +0200 Subject: [PATCH 604/988] Fix per link DNS resolvers --- nixos/agares/configuration.nix | 2 +- nixos/gorgon/configuration.nix | 10 +++++----- nixos/ifrit/configuration.nix | 1 + nixos/modules/networking.nix | 6 ++++-- nixos/modules/profiles/base.nix | 3 +++ nixos/ninurta/configuration.nix | 7 +++++-- 6 files changed, 19 insertions(+), 10 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index f49b083..6857930 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -22,7 +22,7 @@ services.smartd.enable = true; networking.hostName = "agares"; - networking.domain = "dadada.li"; + networking.domain = "bs.dadada.li"; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index ee3485b..cbfefea 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -66,11 +66,6 @@ in luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; networking = { enableBsShare = true; - localResolver = { - enable = false; - uwu = true; - s0 = true; - }; vpnExtension = "3"; }; sway.enable = false; @@ -168,6 +163,11 @@ in networking.wireguard.interfaces.uwupn = { ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; privateKeyFile = "/var/lib/wireguard/uwu"; + + postSetup = '' + ${pkgs.systemd}/bin/resolvectl domain uwupn ~uwu + ${pkgs.systemd}/bin/resolvectl dns uwupn 10.0.0.1 + ''; peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 6688019..9240083 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -18,6 +18,7 @@ in }; networking.hostName = "ifrit"; + networking.domain = "bs.dadada.li"; networking.hosts = { "127.0.0.1" = hostAliases; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 4187cc7..6e3a216 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -134,9 +134,11 @@ in dadada = { ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ]; listenPort = 51234; - privateKeyFile = "/var/lib/wireguard/privkey"; - + postSetup = '' + ${pkgs.systemd}/bin/resolvectl domain dadada ~bs.dadada.li + ${pkgs.systemd}/bin/resolvectl dns dadada fd42:9c3b:f96d:201:: + ''; peers = [ { publicKey = vpnPubKey; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 060b2c6..b60f01b 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -54,5 +54,8 @@ in highlighters = [ "main" "brackets" "pattern" "root" "line" ]; }; }; + + networking.networkmanager.dns = mkDefault "systemd-resolved"; + services.resolved.enable = mkDefault true; } diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 76b0df3..9f62b8d 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -21,6 +21,7 @@ in dadada.backupClient.bs.enable = false; networking.hostName = "ninurta"; + networking.domain = "bs.dadada.li"; networking.hosts = { "127.0.0.1" = hostAliases; @@ -47,8 +48,8 @@ in hostKeys = [ initrdSshKey ]; }; postCommands = '' - echo 'systemctl restart systemd-cryptsetup@luks.service' >> /root/.profile - ''; + echo 'systemctl restart systemd-cryptsetup@luks.service' >> /root/.profile + ''; }; # Kinda does not work? systemd = { @@ -204,6 +205,8 @@ in "10-uwu" = { matchConfig.Name = "uwu"; address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; + dns = [ "10.11.0.1::%uwu#uwu" ]; + domains = [ "uwu" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = "no"; From 0c52861ef8bc2a101153bb028ceebc6f0be6f90d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Jun 2023 19:52:01 +0200 Subject: [PATCH 605/988] Enable IPv4 routing via VPN --- nixos/modules/networking.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 6e3a216..4ce6b4f 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -132,7 +132,7 @@ in networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { dadada = { - ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ]; + ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/24" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; postSetup = '' @@ -142,7 +142,7 @@ in peers = [ { publicKey = vpnPubKey; - allowedIPs = [ "fd42:9c3b:f96d::/48" ]; + allowedIPs = [ "fd42:9c3b:f96d::/48" "192.168.120.0/24" ]; endpoint = "vpn.dadada.li:51234"; persistentKeepalive = 25; } From 7cc9501220aafd74f0c7796fd6fbebae5fd57195 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 9 Jun 2023 00:46:55 +0200 Subject: [PATCH 606/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/5143ea68647c4cf5227e4ad2100db6671fc4c369' (2023-05-09) → 'github:numtide/devshell/6b2554d28d46bfa6e24b941e999a145760dad0e1' (2023-06-05) • Updated input 'flake-utils': 'github:numtide/flake-utils/cfacdce06f30d2b68473a46042957675eebb3401' (2023-04-11) → 'github:numtide/flake-utils/a1720a10a6cfe8234c0e93907ffe81be440f4cef' (2023-05-31) • Updated input 'home-manager': 'github:nix-community/home-manager/2d963854ae2499193c0c72fd67435fee34d3e4fd' (2023-05-27) → 'github:nix-community/home-manager/93db05480c0c0f30382d3e80779e8386dcb4f9dd' (2023-06-01) • Updated input 'nixd': 'github:nix-community/nixd/8f3251fc2d8d1e3cac140e20e785ac733d76ed4a' (2023-05-31) → 'github:nix-community/nixd/b5079c4d79905048d3c0b39e1a2a6a66067f1111' (2023-06-08) • Updated input 'nixd/flake-parts': 'github:hercules-ci/flake-parts/006c75898cf814ef9497252b022e91c946ba8e17' (2023-05-08) → 'github:hercules-ci/flake-parts/71fb97f0d875fd4de4994dfb849f2c75e17eb6c3' (2023-06-01) • Updated input 'nixd/flake-parts/nixpkgs-lib': 'github:NixOS/nixpkgs/da45bf6ec7bbcc5d1e14d3795c025199f28e0de0?dir=lib' (2023-04-30) → 'github:NixOS/nixpkgs/4f53efe34b3a8877ac923b9350c874e3dcd5dc0a?dir=lib' (2023-05-31) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/05bef004794f352ea12475a89f3f55b4102c0728' (2023-05-25) → 'github:nix-community/nixos-generators/122dcc32cadf14c5015aa021fae8882c5058263a' (2023-06-05) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/367c0e1086a4eb4502b24d872cea2c7acdd557f4' (2023-04-09) → 'github:nix-community/nixpkgs.lib/961e99baaaa57f5f7042fe7ce089a88786c839f4' (2023-06-04) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/4cc688ee711159b9bcb5a367be44007934e1a49d' (2023-05-24) → 'github:NixOS/nixos-hardware/e4b34b90f27696ec3965fa15dcbacc351293dc67' (2023-06-08) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/551a52bfdd02e7b75be5faf9b42f864112d88654' (2023-05-26) → 'github:NixOS/nixpkgs/a558f7ac29f50c4b937fb5c102f587678ae1c9fb' (2023-06-06) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index d3517a0..8d0ef0c 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1683635384, - "narHash": "sha256-9goJTd05yOyD/McaMqZ4BUB8JW+mZMnZQJZ7VQ6C/Lw=", + "lastModified": 1685972731, + "narHash": "sha256-VpwVUthxs3AFgvWxGTHu+KVDnS/zT3xkCtmjX2PjNQs=", "owner": "numtide", "repo": "devshell", - "rev": "5143ea68647c4cf5227e4ad2100db6671fc4c369", + "rev": "6b2554d28d46bfa6e24b941e999a145760dad0e1", "type": "github" }, "original": { @@ -135,11 +135,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1683560683, - "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=", + "lastModified": 1685662779, + "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "006c75898cf814ef9497252b022e91c946ba8e17", + "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", "type": "github" }, "original": { @@ -169,11 +169,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1685518550, + "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", "type": "github" }, "original": { @@ -241,11 +241,11 @@ ] }, "locked": { - "lastModified": 1685189510, - "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=", + "lastModified": 1685599623, + "narHash": "sha256-Tob4CMOVHue0D3RzguDBCtUmX5ji2PsdbQDbIOIKvsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd", + "rev": "93db05480c0c0f30382d3e80779e8386dcb4f9dd", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1685534829, - "narHash": "sha256-erGWtKbSJQ0aulFYX0nPMJqub4qPnlWctnc35mdvfQI=", + "lastModified": 1686235158, + "narHash": "sha256-xnp65zqxlX4CaeWSbH2rRakSq2fgz8ukep/R3ga8UXA=", "owner": "nix-community", "repo": "nixd", - "rev": "8f3251fc2d8d1e3cac140e20e785ac733d76ed4a", + "rev": "b5079c4d79905048d3c0b39e1a2a6a66067f1111", "type": "github" }, "original": { @@ -357,11 +357,11 @@ }, "nixlib": { "locked": { - "lastModified": 1681001314, - "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", + "lastModified": 1685840432, + "narHash": "sha256-VJIbiKsY7Xy4E4WcgwUt/UiwYDmN5BAk8tngAjcWsqY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "367c0e1086a4eb4502b24d872cea2c7acdd557f4", + "rev": "961e99baaaa57f5f7042fe7ce089a88786c839f4", "type": "github" }, "original": { @@ -378,11 +378,11 @@ ] }, "locked": { - "lastModified": 1685000237, - "narHash": "sha256-pm+2xP9g9sh6wapk1ulg7/1DdENkTNDB7Kx+6lwGs/k=", + "lastModified": 1685943944, + "narHash": "sha256-GpaQwOkvwkmSWxvWaZqbMKyyOSaBAwgdEcHCqLW/240=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "05bef004794f352ea12475a89f3f55b4102c0728", + "rev": "122dcc32cadf14c5015aa021fae8882c5058263a", "type": "github" }, "original": { @@ -393,11 +393,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1684899633, - "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", + "lastModified": 1686217350, + "narHash": "sha256-Nb9b3m/GEK8jyFsYfUkXGsqj6rH05GgJ2QWcNNbK7dw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", + "rev": "e4b34b90f27696ec3965fa15dcbacc351293dc67", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "nixpkgs-lib_2": { "locked": { "dir": "lib", - "lastModified": 1682879489, - "narHash": "sha256-sASwo8gBt7JDnOOstnps90K1wxmVfyhsTPPNTGBPjjg=", + "lastModified": 1685564631, + "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da45bf6ec7bbcc5d1e14d3795c025199f28e0de0", + "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a", "type": "github" }, "original": { @@ -474,11 +474,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1685094109, - "narHash": "sha256-u+awry81RAVV+fJBCZt+GKWsISSLJKUNbVwKccHeaPU=", + "lastModified": 1686059680, + "narHash": "sha256-sp0WlCIeVczzB0G8f8iyRg3IYW7KG31mI66z7HIZwrI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "551a52bfdd02e7b75be5faf9b42f864112d88654", + "rev": "a558f7ac29f50c4b937fb5c102f587678ae1c9fb", "type": "github" }, "original": { From 51c656a344d4ee59f7c7c080c7b98de622fbf545 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 9 Jun 2023 00:50:36 +0200 Subject: [PATCH 607/988] Fix DNSSEC on VPN --- nixos/gorgon/configuration.nix | 1 + nixos/modules/networking.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index cbfefea..2b03923 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -167,6 +167,7 @@ in postSetup = '' ${pkgs.systemd}/bin/resolvectl domain uwupn ~uwu ${pkgs.systemd}/bin/resolvectl dns uwupn 10.0.0.1 + ${pkgs.systemd}/bin/resolvectl dnssec uwupn false ''; peers = [ { diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 4ce6b4f..a27f102 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -138,6 +138,7 @@ in postSetup = '' ${pkgs.systemd}/bin/resolvectl domain dadada ~bs.dadada.li ${pkgs.systemd}/bin/resolvectl dns dadada fd42:9c3b:f96d:201:: + ${pkgs.systemd}/bin/resolvectl dnssec dadada false ''; peers = [ { From 6b7642dc76175dd8adcb8509a20d07d6e3c599f0 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 9 Jun 2023 00:50:52 +0200 Subject: [PATCH 608/988] update and replace nixd with nil --- devshell.nix | 2 +- flake.lock | 58 ------------------------ flake.nix | 4 -- home/modules/helix/config/languages.toml | 2 +- outputs.nix | 2 - 5 files changed, 2 insertions(+), 66 deletions(-) diff --git a/devshell.nix b/devshell.nix index fd2bf2a..27b9799 100644 --- a/devshell.nix +++ b/devshell.nix @@ -8,7 +8,7 @@ agenix nixpkgs-fmt nixos-rebuild - nixd + nil ]; commands = [ diff --git a/flake.lock b/flake.lock index 8d0ef0c..428f571 100644 --- a/flake.lock +++ b/flake.lock @@ -130,24 +130,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1685662779, - "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -334,27 +316,6 @@ "type": "github" } }, - "nixd": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1686235158, - "narHash": "sha256-xnp65zqxlX4CaeWSbH2rRakSq2fgz8ukep/R3ga8UXA=", - "owner": "nix-community", - "repo": "nixd", - "rev": "b5079c4d79905048d3c0b39e1a2a6a66067f1111", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixd", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1685840432, @@ -441,24 +402,6 @@ "type": "github" } }, - "nixpkgs-lib_2": { - "locked": { - "dir": "lib", - "lastModified": 1685564631, - "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1629226339, @@ -568,7 +511,6 @@ "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", - "nixd": "nixd", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", diff --git a/flake.nix b/flake.nix index 4560b95..1248697 100644 --- a/flake.nix +++ b/flake.nix @@ -32,10 +32,6 @@ flake = false; }; helix.url = "github:helix-editor/helix/23.03"; - nixd = { - url = "github:nix-community/nixd"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index b9ed5e7..07f8344 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -12,4 +12,4 @@ roots = [] [[language]] name = "nix" file-types = ["nix"] -language-server = { command = "nixd" } +language-server = { command = "nil" } diff --git a/outputs.nix b/outputs.nix index a775153..90e3305 100644 --- a/outputs.nix +++ b/outputs.nix @@ -10,7 +10,6 @@ , agenix , devshell , helix -, nixd , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: @@ -25,7 +24,6 @@ overlays = [ agenix.overlay devshell.overlays.default - (final: prev: { nixd = nixd.packages.${system}.nixd; }) ]; }; extraModules = [ "${devshell}/extra/git/hooks.nix" ]; From e3da8eabd7cbf7b130684f4da2189647e8c22e07 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 9 Jun 2023 19:31:42 +0200 Subject: [PATCH 609/988] remove global additional binary caches --- nixos/modules/profiles/base.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index b60f01b..ad83c1d 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -16,17 +16,11 @@ in nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; - nix.settings.substituters = [ - https://helix.cachix.org/ - https://cache.nixos.org/ - https://nix-community.cachix.org/ - ]; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ - "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; nix.settings.require-sigs = true; From dcab8483da02832a729e8e75bd2d22bd86c67bfc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Jun 2023 11:12:38 +0200 Subject: [PATCH 610/988] Revert "ninurta: directly ask for password on ssh" This reverts commit 224570ac3fc27ee25bb3cb51e64b9ae20253604e. --- nixos/ninurta/configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 9f62b8d..18dd57c 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -47,9 +47,6 @@ in authorizedKeys = config.dadada.admin.users.dadada.keys; hostKeys = [ initrdSshKey ]; }; - postCommands = '' - echo 'systemctl restart systemd-cryptsetup@luks.service' >> /root/.profile - ''; }; # Kinda does not work? systemd = { From a3053b98c797b64cef17dd46d83825a55dbd6358 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Jun 2023 11:13:10 +0200 Subject: [PATCH 611/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/6b2554d28d46bfa6e24b941e999a145760dad0e1' (2023-06-05) → 'github:numtide/devshell/fd6223370774dd9c33354e87a007004b5fd36442' (2023-06-13) • Updated input 'home-manager': 'github:nix-community/home-manager/93db05480c0c0f30382d3e80779e8386dcb4f9dd' (2023-06-01) → 'github:nix-community/home-manager/61e5d1c38ef04ba30a9119825b159bce9c6010be' (2023-06-13) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/122dcc32cadf14c5015aa021fae8882c5058263a' (2023-06-05) → 'github:nix-community/nixos-generators/a54683aa7eff00ee5b33dec225525d0eb6ab02de' (2023-06-16) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e4b34b90f27696ec3965fa15dcbacc351293dc67' (2023-06-08) → 'github:NixOS/nixos-hardware/429f232fe1dc398c5afea19a51aad6931ee0fb89' (2023-06-15) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a558f7ac29f50c4b937fb5c102f587678ae1c9fb' (2023-06-06) → 'github:NixOS/nixpkgs/c7ff1b9b95620ce8728c0d7bd501c458e6da9e04' (2023-06-16) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 428f571..738429b 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1685972731, - "narHash": "sha256-VpwVUthxs3AFgvWxGTHu+KVDnS/zT3xkCtmjX2PjNQs=", + "lastModified": 1686680692, + "narHash": "sha256-SsLZz3TDleraAiJq4EkmdyewSyiv5g0LZYc6vaLZOMQ=", "owner": "numtide", "repo": "devshell", - "rev": "6b2554d28d46bfa6e24b941e999a145760dad0e1", + "rev": "fd6223370774dd9c33354e87a007004b5fd36442", "type": "github" }, "original": { @@ -223,11 +223,11 @@ ] }, "locked": { - "lastModified": 1685599623, - "narHash": "sha256-Tob4CMOVHue0D3RzguDBCtUmX5ji2PsdbQDbIOIKvsc=", + "lastModified": 1686693375, + "narHash": "sha256-1Smjo0E8WI9PeVGmmCjpQWRX04aQvz5gAGXfdanIjgw=", "owner": "nix-community", "repo": "home-manager", - "rev": "93db05480c0c0f30382d3e80779e8386dcb4f9dd", + "rev": "61e5d1c38ef04ba30a9119825b159bce9c6010be", "type": "github" }, "original": { @@ -339,11 +339,11 @@ ] }, "locked": { - "lastModified": 1685943944, - "narHash": "sha256-GpaQwOkvwkmSWxvWaZqbMKyyOSaBAwgdEcHCqLW/240=", + "lastModified": 1686924781, + "narHash": "sha256-6r3Hm2Fxf4F7LIWRYKU9bsS/xJwlG6L2+/I/pdffvOs=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "122dcc32cadf14c5015aa021fae8882c5058263a", + "rev": "a54683aa7eff00ee5b33dec225525d0eb6ab02de", "type": "github" }, "original": { @@ -354,11 +354,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1686217350, - "narHash": "sha256-Nb9b3m/GEK8jyFsYfUkXGsqj6rH05GgJ2QWcNNbK7dw=", + "lastModified": 1686838567, + "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e4b34b90f27696ec3965fa15dcbacc351293dc67", + "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", "type": "github" }, "original": { @@ -417,11 +417,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1686059680, - "narHash": "sha256-sp0WlCIeVczzB0G8f8iyRg3IYW7KG31mI66z7HIZwrI=", + "lastModified": 1686921029, + "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a558f7ac29f50c4b937fb5c102f587678ae1c9fb", + "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", "type": "github" }, "original": { From 0c9c4ef70474a4c01956550656a3e7e5cd8164f7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Jun 2023 20:55:17 +0200 Subject: [PATCH 612/988] Fix routing via VPN --- nixos/gorgon/configuration.nix | 2 +- nixos/modules/networking.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 2b03923..ba4988a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -172,7 +172,7 @@ in peers = [ { publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" ]; endpoint = "53c70r.de:51820"; persistentKeepalive = 25; } diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index a27f102..43ddd8c 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -132,7 +132,7 @@ in networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { dadada = { - ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/24" ]; + ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/17" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; postSetup = '' @@ -143,7 +143,7 @@ in peers = [ { publicKey = vpnPubKey; - allowedIPs = [ "fd42:9c3b:f96d::/48" "192.168.120.0/24" ]; + allowedIPs = [ "fd42:9c3b:f96d::/48" "192.168.0.0/17" ]; endpoint = "vpn.dadada.li:51234"; persistentKeepalive = 25; } From d8f717cf2391f999c7f2761d30babba81d8ffe2f Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Jun 2023 21:35:06 +0200 Subject: [PATCH 613/988] ninurta: Add storage --- nixos/ninurta/configuration.nix | 9 +-------- nixos/ninurta/hardware-configuration.nix | 23 +++++++++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 18dd57c..06f8945 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -70,13 +70,6 @@ in }; }; - fileSystems."/mnt/storage" = { - device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; - mountPoint = "/mnt/storage"; - neededForBoot = false; - options = [ "nofail" ]; - }; - # TODO enable # dadada.borgServer = { # enable = true; @@ -91,7 +84,7 @@ in }; services.hydra = { - enable = true; + enable = false; package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index 902d33f..f0f1f94 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -69,14 +69,21 @@ size = 32 * 1024; # 32 GByte }]; - # TODO systemd networkd - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp86s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + fileSystems."/mnt/storage" = + { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + + fileSystems."/mnt/storage/backup" = + { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ "subvol=backups" "noatime" ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; From 1f13ba60197a3fb94577a06c11ac1e53290cfe16 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 01:34:40 +0200 Subject: [PATCH 614/988] ninurta: spin down disks after 10 min and activate backup server --- nixos/ifrit/configuration.nix | 5 +++ nixos/modules/borg-server.nix | 5 --- nixos/ninurta/configuration.nix | 39 +++++++++++++++++++----- nixos/ninurta/hardware-configuration.nix | 2 +- 4 files changed, 38 insertions(+), 13 deletions(-) diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix index 9240083..1640e8f 100644 --- a/nixos/ifrit/configuration.nix +++ b/nixos/ifrit/configuration.nix @@ -17,6 +17,11 @@ in borgServer.path = "/mnt/storage/backup"; }; + + dadada.ddns.domains = [ + "backup0.dadada.li" + ]; + networking.hostName = "ifrit"; networking.domain = "bs.dadada.li"; diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index b55cf63..d704a4a 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -16,11 +16,6 @@ in }; config = mkIf cfg.enable { - - dadada.ddns.domains = [ - "backup0.dadada.li" - ]; - users.users.borg.home = cfg.path; services.borgbackup.repos = { "metis" = { diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 06f8945..ca6af65 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -3,7 +3,7 @@ let hostAliases = [ "ifrit.dadada.li" "media.dadada.li" - "backup0.dadada.li" + "backup1.dadada.li" ]; secretsPath = config.dadada.secrets.path; wg0PrivKey = "pruflas-wg0-key"; @@ -70,11 +70,12 @@ in }; }; - # TODO enable - # dadada.borgServer = { - # enable = true; - # path = "/mnt/storage/backup"; - # }; + dadada.ddns.domains = [ "backup1.dadada.li" ]; + + dadada.borgServer = { + enable = true; + path = "/mnt/storage/backups"; + }; age.secrets.${hydraGitHubAuth} = { file = "${secretsPath}/${hydraGitHubAuth}.age"; @@ -287,6 +288,24 @@ in ''; }; + + + powerManagement = { + enable = true; + cpuFreqGovernor = "powersave"; + # powertop autotune + powertop.enable = true; + # This generally means no power management for SCSI + scsiLinkPolicy = "med_power_with_dipm"; + # Configure the disks to spin down after 10 min of inactivity. + powerUpCommands = '' + find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 120 + ''; + powerDownCommands = '' + find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 0 + ''; + }; + security.rtkit.enable = true; services.pipewire = { @@ -298,7 +317,13 @@ in hardware.pulseaudio.enable = false; - environment.systemPackages = [ pkgs.firefox pkgs.spotify pkgs.mpv ]; + environment.systemPackages = with pkgs; [ + firefox + spotify + mpv + smartmontools + hdparm + ]; users.users."media" = { isNormalUser = true; diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index f0f1f94..f99ce28 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -78,7 +78,7 @@ }; - fileSystems."/mnt/storage/backup" = + fileSystems."/mnt/storage/backups" = { device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; fsType = "btrfs"; From 175413771d6719526e7707897ff30ae239c24ef9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 10:14:09 +0200 Subject: [PATCH 615/988] Prevent automatic reboot for encrypted systems --- nixos/modules/profiles/server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 839cc5d..a7e28fb 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -23,7 +23,7 @@ with lib; { system.autoUpgrade = { enable = true; flake = "github:dadada/nix-config#${config.networking.hostName}"; - allowReboot = mkDefault true; + allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From b18260a8a6b56773a4aca2c380ecd31f944ae0fa Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 10:42:00 +0200 Subject: [PATCH 616/988] ninurta: Activate hydra. Snapper on storage. Do not wait for wlan to come online --- nixos/ninurta/configuration.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index ca6af65..e205c7e 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -85,7 +85,7 @@ in }; services.hydra = { - enable = false; + enable = true; package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; @@ -165,6 +165,15 @@ in TIMELINE_LIMIT_WEEKLY = 6; TIMELINE_LIMIT_MONTHLY = 3; }; + configs.storage = { + SUBVOLUME = "/mnt/storage"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_LIMIT_HOURLY = 24; + TIMELINE_LIMIT_DAILY = 13; + TIMELINE_LIMIT_WEEKLY = 6; + TIMELINE_LIMIT_MONTHLY = 3; + }; }; services.smartd.enable = true; @@ -178,6 +187,14 @@ in }; }; networks = { + "10-wlan" = { + matchConfig.Name = "wlan*"; + linkConfig.RequiredForOnline = false; + }; + "10-wlo" = { + matchConfig.Name = "wlo*"; + linkConfig.RequiredForOnline = false; + }; "10-lan" = { matchConfig.Name = "enp*"; networkConfig.DHCP = "ipv4"; From 7945f2ef0c941121dc3e6d825c4f502347367a33 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 11:49:06 +0200 Subject: [PATCH 617/988] ninurta: Make backups --- nixos/ninurta/configuration.nix | 41 +++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index e205c7e..cc4cc61 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -77,6 +77,47 @@ in path = "/mnt/storage/backups"; }; + services.borgbackup.jobs."backup1.bs.dadada.li" = { + removableDevice = true; + paths = [ + "/var/backup" + "/var/lib" + "/var/www" + "/home" + ]; + exclude = [ + "/home/*/.cache" + "/var/lib/machines" + ]; + repo = "/mnt/storage/backups/${config.networking.hostName}"; + doInit = true; + encryption = { + mode = "repokey"; + passCommand = "cat ${config.age.secrets.ninurta-backup-passphrase.path}"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "daily"; + }; + + services.postgresqlBackup = { + enable = true; + backupAll = true; + compression = "zstd"; + location = "/var/backup/postgresql"; + }; + + age.secrets."ninurta-backup-passphrase" = { + file = "${secretsPath}/ninurta-backup-passphrase.age"; + mode = "400"; + }; + age.secrets.${hydraGitHubAuth} = { file = "${secretsPath}/${hydraGitHubAuth}.age"; mode = "440"; From d70b976f87171e6d781d4c8a3e5a618070136ec1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 12:00:58 +0200 Subject: [PATCH 618/988] Fix backup client --- nixos/modules/backup.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 786201a..af26165 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -97,9 +97,9 @@ in startAt = "monthly"; }; - systemd.services."borgbackup-job-gs".enable = true; - systemd.services."borgbackup-job-gs".wants = [ "backup.mount" ]; - systemd.timers."borgbackup-job-gs".enable = true; + systemd.services."borgbackup-job-gs".enable = mkIf cfg.gs.enable true; + systemd.services."borgbackup-job-gs".wants = mkIf cfg.gs.enable [ "backup.mount" ]; + systemd.timers."borgbackup-job-gs".enable = mkIf cfg.gs.enable true; services.borgbackup.jobs.bs = mkIf cfg.bs.enable { paths = "/"; From 2f032a07f9bcf1dae0679e66cdf8153ba728804c Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 12:38:12 +0200 Subject: [PATCH 619/988] ninurta: Fix tunnels --- nixos/ninurta/configuration.nix | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index cc4cc61..cd8d11b 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -48,7 +48,6 @@ in hostKeys = [ initrdSshKey ]; }; }; - # Kinda does not work? systemd = { enable = true; network = { @@ -126,7 +125,7 @@ in }; services.hydra = { - enable = true; + enable = false; package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; @@ -182,11 +181,21 @@ in systemd.tmpfiles.rules = [ "d /var/www/pruflas.uwu 0551 nginx nginx - -" + "d /mnt/storage/backups/ninurta 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" ]; - age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; - age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; - age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; + age.secrets.${wg0PrivKey} = { + file = "${secretsPath}/${wg0PrivKey}.age"; + owner = "systemd-network"; + }; + age.secrets.${wg0PresharedKey} = { + file = "${secretsPath}/${wg0PresharedKey}.age"; + owner = "systemd-network"; + }; + age.secrets.${wgHydraPrivKey} = { + file = "${secretsPath}/${wgHydraPrivKey}.age"; + owner = "systemd-network"; + }; # This does not work, since the key is needed earlier than run-agenix.mount. # age.secrets.${initrdSshKey} = { @@ -243,12 +252,12 @@ in }; "10-hydra" = { matchConfig.Name = "hydra"; - address = [ "10.3.3.1/24" ]; + address = [ "10.3.3.3/24" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = "no"; + linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Gateway = "10.3.3.3"; Destination = "10.3.3.3/32"; }; } + { routeConfig = { Gateway = "10.3.3.1"; Destination = "10.3.3.3/32"; }; } ]; }; "10-uwu" = { @@ -258,7 +267,7 @@ in domains = [ "uwu" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = "no"; + linkConfig.RequiredForOnline = false; routes = [ { routeConfig = { Destination = "10.11.0.0/22"; }; } { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } From 423bc19958fccdefc5e5322d2c127b995c5ca7fe Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 12:43:44 +0200 Subject: [PATCH 620/988] ninurta: index.txt --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index cd8d11b..1cf7bff 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -174,7 +174,7 @@ in root = "/var/www/pruflas.uwu"; locations."/" = { tryFiles = "$uri $uri/ = 404"; - index = "index.html"; + index = "index.txt"; }; }; }; From 8dcc5a1f2fc559feb3324aae6d3244de6d9ef400 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 13:37:17 +0200 Subject: [PATCH 621/988] ninurta: activate the hydra --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 1cf7bff..acf4489 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -125,7 +125,7 @@ in }; services.hydra = { - enable = false; + enable = true; package = pkgs.hydra-unstable; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; From 57d04d981f373c7df4ec41fd5f437e3146dc1b64 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 14:34:42 +0200 Subject: [PATCH 622/988] gorgon: set up offsite backup --- nixos/configurations.nix | 1 - nixos/gorgon/configuration.nix | 8 ++++++++ nixos/modules/backup.nix | 37 ++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 5582534..7c61ccd 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -47,7 +47,6 @@ in ]; home-manager.users.dadada = import ../home/home; }) - ./modules/profiles/laptop.nix ./gorgon/configuration.nix ]; }; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index ba4988a..55018e5 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -42,9 +42,17 @@ let in { imports = [ + ../modules/profiles/laptop.nix ./hardware-configuration.nix ]; + dadada.backupClient.backup2 = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; + }; + nix.extraOptions = '' experimental-features = nix-command flakes # Prevent garbage collection for nix shell and direnv diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index af26165..7ed5510 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -56,6 +56,24 @@ in default = "/var/lib/borgbackup/bs/id_ed25519"; }; }; + backup2 = { + enable = mkEnableOption "Enable backup to Hetzner storage box"; + passphrasePath = mkOption { + type = types.str; + description = "The path to the passphrase file."; + default = "/var/lib/borgbackup/backup2/passphrase"; + }; + sshIdentityFile = mkOption { + type = types.str; + description = "Path to the SSH key that is used to transmit the backup."; + default = "/var/lib/borgbackup/backup2/id_ed25519"; + }; + repo = mkOption { + type = types.str; + description = "URL to the repo inside the sub-account."; + example = "u355513-sub1@u355513-sub1.your-storagebox.de:borg"; + }; + }; }; }; @@ -119,5 +137,24 @@ in BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; }; }; + + services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { + paths = "/"; + exclude = backupExcludes; + repo = cfg.backup2.repo; + doInit = true; + environment = { + BORG_RSH = "ssh -6 -p23 -i ${cfg.backup2.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.backup2.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + environment = { + BORG_RELOCATED_REPO_ACCESS_IS_OK = "no"; + }; + }; }; } From f40634e545d9dde7484b50bc44894b3d09858615 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 18:53:36 +0200 Subject: [PATCH 623/988] activate backup to new location --- nixos/modules/backup.nix | 33 +++++++++++++++++++++++++++++++ nixos/modules/profiles/backup.nix | 6 ++++++ 2 files changed, 39 insertions(+) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 7ed5510..4c956ea 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -56,6 +56,23 @@ in default = "/var/lib/borgbackup/bs/id_ed25519"; }; }; + backup1 = { + enable = mkEnableOption "Enable backup to new BS location"; + passphrasePath = mkOption { + type = types.str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/backup1/passphrase"; + }; + sshIdentityFile = mkOption { + type = types.str; + description = '' + Path to the SSH key that is used to transmit the backup. + ''; + default = "/var/lib/borgbackup/backup1/id_ed25519"; + }; + }; backup2 = { enable = mkEnableOption "Enable backup to Hetzner storage box"; passphrasePath = mkOption { @@ -138,6 +155,22 @@ in }; }; + services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable { + paths = "/"; + exclude = backupExcludes; + repo = "borg@backup1.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + doInit = false; + environment = { + BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.backup1.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + }; + services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { paths = "/"; exclude = backupExcludes; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index 3fe4fc3..e6df660 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -9,6 +9,12 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; + dadada.backupClient.backup1 = { + enable = lib.mkDefault true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + }; + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } From 414e596e99353e098c5c2bb400935f9b815b19dd Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 19:19:08 +0200 Subject: [PATCH 624/988] ninurta: offsite backup --- nixos/ninurta/configuration.nix | 7 +++++++ secrets/ninurta-backup-ssh-key.age | Bin 785 -> 812 bytes 2 files changed, 7 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index acf4489..35731d9 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -19,6 +19,13 @@ in ]; dadada.backupClient.bs.enable = false; + dadada.backupClient.backup1.enable = false; + dadada.backupClient.backup2 = { + enable = false; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + repo = "u355513-sub2@u355513-sub2.your-storagebox.de:/home/backup"; + }; networking.hostName = "ninurta"; networking.domain = "bs.dadada.li"; diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age index 316168c053bd63847cac29637e33bee397955080..ec2c19eab1831151fb18f80af9410499bfd6fb74 100644 GIT binary patch delta 781 zcmbQpwuWtjPJKpLcy69+zMqMAv4?A(g`bmUeu;0smsv!%d!?&>a*=*TX@z65w^zPF zBv)E;YCw**d0Kjep<_{bPQFV{c!_gZUP*p(dRUorMp}_iYEnv~yHi<^1(&X!LUD11 zZfc5=si~o*f`3VNPIkG1hrV}WWPpKlqK~C}fxnr)N4=SMj=qn1aZrgzkhV{1R9Z$w zWR_W4Rz;O3S5TOfQL&?UPOyntnq#oBS7oxkS59_VhL3S#dA^Z_c4=XWv8QQLp^IlW z$U6U;$~fKhqSVCVRE1*CymAF21>JOq*doJ<7zL+{5Uz@Vs^I*RvgFDN^NdWdBz><4 zpGedCaP#6!KOg_3kc_g*v;sdaU0q!T?c`LScI57t`}6#lMeqKQezl|_ zkLluSUoNSqQ7ac(J@b1v@2l{Sp1Esox(Ukd)&Kp*rb3kCoYj+zxpvN%mfhNZG)dL^ z?k$$~3nJcSccp60pH4REozgJ(oG1(5>Dexu`odP%AD2n?t8qVY%y!;WC##Yz=Vz-P zx7YICRS@+%LEv<~TJ+poFWlD7zqch$XJ<(KjV!IBQcK^N)rzMZ%P*@);d2-Bwv98& zU`t-QaiZ1T*3yN+ZJ!(r>q@3)eNEZkrQz>%{rH0RUM~v|ne6NvTTCxZ(eJsGJ*nPX zc233=mhZE*PcAmguzp|py=%v|O)F)t)ibW0qG{J6eQ=_GVMXZu!urFHgxF3VHrc3u z&~x*OMKg~T`S4gT^kIvNVBa!XQq#N2cAK>VlXCmp4UzXJOgwjlOR;F*^V*X5ic04~ zChz%oHUF{}?|oCTdfI%^eGArGm85oj>AB?Vy~BFl&4o`N?k+oCuCHeBUbA}2`Gzj0 gW9N=sQB^s`Q6SX9nE1u@zVf`^Y?E$Qt^8gN0DW3b00000 delta 753 zcmZ3(Hj!WJ%Et=^L$;4HjBY@zzx?JX|i zOw18x%01sDZ@3&+3fiJ6zWrR~F2}e{w~Upiq~_Ew+F5#Srm;f)hr&lMN}u^fi&(t* z{QTLzS&ln*%<7eSy;^oVZ}!tzlPIN2FKqQa{--&fS24NE-O{e3k-krObAwAjOHq;4 znJQ(54C%CQtrFGyH+0$?c2&Qa)AHNCHT&a!)!W8aQ|1|cliS($Tb+;P)?K+x$7lWuxlqp(Y0INru=l^s+BmM_^uVnVt&JNuaxOjn z>{p(D;UrZ2l0x5Okz@AaK7t30` znI3w#W9Rbf@(I?0Z-w5}{aM&CnT7NAr};~dSKN%>=j`VY`m1dD%dCsJhs7HKWa~7y From 61bed7f861f5876e79e4fd61ab8230f1257bbb76 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 19:25:14 +0200 Subject: [PATCH 625/988] backup1: Fixup backup path --- nixos/modules/backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 4c956ea..1e6d5d6 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -158,8 +158,8 @@ in services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable { paths = "/"; exclude = backupExcludes; - repo = "borg@backup1.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; - doInit = false; + repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}"; + doInit = true; environment = { BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; }; From af8ce81c90bbaa1a8a3abb2fa85764e4ff70fd89 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 19:36:14 +0200 Subject: [PATCH 626/988] ninurta: backup to backup2 --- nixos/modules/backup.nix | 1 + nixos/modules/profiles/backup.nix | 6 ++++++ nixos/ninurta/configuration.nix | 5 ++--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 1e6d5d6..c18aeb8 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -23,6 +23,7 @@ with lib; let "/var/lib/machines" "/var/log" "/var/tmp" + "/swapfile" ]; cfg = config.dadada.backupClient; in diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index e6df660..a69a89c 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -15,6 +15,12 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; + dadada.backupClient.backup2 = { + enable = lib.mkDefault false; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + }; + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 35731d9..1217619 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -20,10 +20,9 @@ in dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; + dadada.backupClient.backup2 = { - enable = false; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + enable = true; repo = "u355513-sub2@u355513-sub2.your-storagebox.de:/home/backup"; }; From fc64fa0cf7aa7ddb59a34f8cef799e4a8e740652 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 18 Jun 2023 19:51:26 +0200 Subject: [PATCH 627/988] Add missing newline --- secrets/ninurta-backup-ssh-key.age | Bin 812 -> 858 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age index ec2c19eab1831151fb18f80af9410499bfd6fb74..86ba2ec2b0deedb281c0f8a96f9e707dbbaa20cd 100644 GIT binary patch delta 827 zcmZ3(c8hI-PQ7bxq^EYWd4YkiwzHG7qorGhTaHJeg>OMXXkclcUwLR^T26Y7bFO!U z1y@l-Zc3@UV}?nZnT2IqWJHd(i>HZxk!eVoS4p~gmT|hXt9g=da#~2KFPE;JLUD11 zZfc5=si~o*f`3VNPIkFMMU_u#R&Z{qUrCZdRFJQ;LA{}GzL90BNr_K>R$h*YVUmeS zN_u#bv36!Umr;IdxPHE8N}_+RslRzuXu4UFex_@rrIDj!nvaWtn_;M#b7@|rpFy?> z$U1v<-Snc=#Nt#13u{e3g^<#^8fPa3H9hrMN4F}jPz#r=fRHlxs1$wuV*lX$;0W`g zv{dc-^1#AkBWKTINA02vcVG9)T({)Nf^4^_oQmYCWW&_7{3KJ0Qg1i?O0II>LVvR~ z|DYs`vXUI5q+BycE?r$+g|dJof42DrVv|x6uCuS!Z*kppr7e50;l|sGx6d%{uYY8^MkO+YA^yd?C^-{J#;~Ld4KgcU z$vshTE4FT4rm11XV?JfqhGU;P_10^3-Z>aN=S=kR4?iA%YhT={Z&$Q><&N&srEioq zSB1#V&B#6YP>3jsN1S_7+4g*&daHP<`LbAnyBbkXcGYKYD*oc# ze9VH^%u2hSb?tqw8+QcbRYMxwC;T>;W8oNgCtO-#n%lo~livK_9`3*C)E+V4t8YqQ z8XkV0-qUUIK($vleB0tZ7kwfgZ_!%6Yta_xNVd<%&%C%Oe=GR7Y{2i80%E~`PR;o+ zVX=!ve}jcsDDTi5Ho=5xa zkf0iUa4=Z*?{4G+TbP;N5SZzc0KI YeCBU)Ysu`qGN delta 781 zcmcb`wuWtjPJKpLcy69+zMqMAv4?A(g`bmUeu;0smsv!%d!?&>a*=*TX@z65w^zPF zBv)E;YCw**d0Kjep<_{bPQFV{c!_gZUP*p(dRUorMp}_iYEnv~yHi<^1(&X!LUD11 zZfc5=si~o*f`3VNPIkG1hrV}WWPpKlqK~C}fxnr)N4=SMj=qn1aZrgzkhV{1R9Z$w zWR_W4Rz;O3S5TOfQL&?UPOyntnq#oBS7oxkS59_VhL3S#dA^Z_c4=XWv8QQLp^IlW z$U6U;$~fKhqSVCVRE1*CymAF21>JOq*doJ<7zL+{5Uz@Vs^I*RvgFDN^NdWdBz><4 zpGedCaP#6!KOg_3kc_g*v;sdaU0q!T?c`LScI57t`}6#lMeqKQezl|_ zkLluSUoNSqQ7ac(J@b1v@2l{Sp1Esox(Ukd)&Kp*rb3kCoYj+zxpvN%mfhNZG)dL^ z?k$$~3nJcSccp60pH4REozgJ(oG1(5>Dexu`odP%AD2n?t8qVY%y!;WC##Yz=Vz-P zx7YICRS@+%LEv<~TJ+poFWlD7zqch$XJ<(KjV!IBQcK^N)rzMZ%P*@);d2-Bwv98& zU`t-QaiZ1T*3yN+ZJ!(r>q@3)eNEZkrQz>%{rH0RUM~v|ne6NvTTCxZ(eJsGJ*nPX zc233=mhZE*PcAmguzp|py=%v|O)F)t)ibW0qG{J6eQ=_GVMXZu!urFHgxF3VHrc3u z&~x*OMKg~T`S4gT^kIvNVBa!XQq#N2cAK>VlXCmp4UzXJOgwjlOR;F*^V*X5ic04~ zChz%oHUF{}?|oCTdfI%^eGArGm85oj>AB?Vy~BFl&4o`N?k+oCuCHeBUbA}2`Gzj0 gW9N=sQB^s`Q6SX9nE1u@zVf`^Y?E$Qt^8gN09+nTNdN!< From 685e2e6fd1854ca5dd38e4f84269eb74ae3c93e7 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 13:43:29 +0200 Subject: [PATCH 628/988] Remove old git modules --- .gitmodules | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 .gitmodules diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 64b9dbd..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "nur-packages"] - path = nur-packages - url = git@github.com:dadada/nur-packages.git From 0dfbe5e35b91c2eeb5a46c0f7677a73cc4fcb1e0 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 13:46:41 +0200 Subject: [PATCH 629/988] surgat: Change backup location --- nixos/surgat/configuration.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 50f0653..3215645 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -47,7 +47,11 @@ in dadada.homePage.enable = true; dadada.share.enable = true; dadada.backupClient = { - bs.enable = true; + backup1.enable = true; + backup2 = { + enable = true; + repo = "u355513-sub3@u355513-sub3.your-storagebox.de:/home/backup"; + }; }; systemd.network = { From 68702a27da110853fe48d1c1394cee776e6a1d4b Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 14:01:24 +0200 Subject: [PATCH 630/988] surgat: make postgressql backups --- nixos/surgat/configuration.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 3215645..a3b750c 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,6 +1,5 @@ { config , pkgs -, lib , ... }: let @@ -54,6 +53,13 @@ in }; }; + services.postgresqlBackup = { + enable = true; + backupAll = true; + compression = "zstd"; + location = "/var/backup/postgresql"; + }; + systemd.network = { enable = true; networks = { From eed2c88bcc62936d5c44f5082998f01fb0ef401f Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 14:27:49 +0200 Subject: [PATCH 631/988] Add interface and credentials path options for DDNS client --- nixos/modules/ddns.nix | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 47ecbae..23db98b 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -5,17 +5,17 @@ }: with lib; let cfg = config.dadada.ddns; - ddnsConfig = hostNames: { - systemd.timers = listToAttrs (forEach hostNames (hostname: - nameValuePair "ddns-${hostname}" + ddnsConfig = { domains, credentialsPath, interface }: { + systemd.timers = listToAttrs (forEach domains (domain: + nameValuePair "ddns-${domain}" { wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${hostname}.service" ]; + partOf = [ "ddns-${domain}.service" ]; timerConfig.OnCalendar = "hourly"; })); - systemd.services = listToAttrs (forEach hostNames (hostname: - nameValuePair "ddns-${hostname}" + systemd.services = listToAttrs (forEach domains (domain: + nameValuePair "ddns-${domain}" { serviceConfig.Type = "oneshot"; script = '' @@ -24,13 +24,13 @@ with lib; let } IFS=':' - read -r user password < /var/lib/ddns/credentials + read -r user password < ${credentialsPath} unset IFS - curl_url=$(url "$user" "$password" ${hostname}) + curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl -4 "$curl_url" - ${pkgs.curl}/bin/curl -6 "$curl_url" + ${pkgs.curl}/bin/curl -4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} + ${pkgs.curl}/bin/curl -6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} ''; })); }; @@ -47,7 +47,17 @@ in ''; default = [ ]; }; + dadada.ddns.credentialsPath = mkOption { + type = types.path; + description = "Credentials file"; + default = "/var/lib/ddns/credentials"; + }; + dadada.ddns.interface = mkOption { + type = types.nullOr types.str; + description = "Source interface to use"; + default = null; + }; }; - config = ddnsConfig cfg.domains; + config = with cfg; ddnsConfig { inherit domains interface credentialsPath; }; } From 7a8203e58c26f9533d2a7195ab1ae6d8b51ec812 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 15:04:41 +0200 Subject: [PATCH 632/988] use backup VLAN and configure DDNS --- nixos/ninurta/configuration.nix | 23 +++++++++++++++++++++++ secrets/ddns-credentials.age | 11 +++++++++++ secrets/secrets.nix | 1 + 3 files changed, 35 insertions(+) create mode 100644 secrets/ddns-credentials.age diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 1217619..f128c54 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -76,6 +76,8 @@ in }; dadada.ddns.domains = [ "backup1.dadada.li" ]; + dadada.ddns.credentialsPath = config.age.secrets."ddns-credentials".path; + dadada.ddns.interface = "backup"; dadada.borgServer = { enable = true; @@ -118,6 +120,11 @@ in location = "/var/backup/postgresql"; }; + age.secrets."ddns-credentials" = { + file = "${secretsPath}/ddns-credentials.age"; + mode = "400"; + }; + age.secrets."ninurta-backup-passphrase" = { file = "${secretsPath}/ninurta-backup-passphrase.age"; mode = "400"; @@ -241,6 +248,10 @@ in matchConfig.Name = "enp*"; linkConfig.MACAddressPolicy = "persistent"; }; + "20-backup" = { + matchConfig.Name = "backup"; + linkConfig.MACAddressPolicy = "persistent"; + }; }; networks = { "10-wlan" = { @@ -256,6 +267,11 @@ in networkConfig.DHCP = "ipv4"; linkConfig.RequiredForOnline = "routable"; }; + "20-backup" = { + matchConfig.Name = "backup"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = false; + }; "10-hydra" = { matchConfig.Name = "hydra"; address = [ "10.3.3.3/24" ]; @@ -316,6 +332,13 @@ in }; }]; }; + "20-backup" = { + netdevConfig = { + Name = "backup"; + Kind = "vlan"; + }; + vlanConfig.Id = 13; + }; }; }; diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age new file mode 100644 index 0000000..f7b00b0 --- /dev/null +++ b/secrets/ddns-credentials.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 J6ROvw BhBy5hKm+udUmCgQOhVnFFaGSGOOKqxOkaZUcp7Wy3k +itvOOCUKNo0IseolH//6Uj1zEDt207HleT1YWnDogAg +-> ssh-ed25519 Otklkw /5YCYZwTZ//JfGJzIIizcwhqem1P/ZTDdhJFfEjQQX4 +z7WS/uHDKGyuUP+ZKVVVc8b4bybsaQH6XrxOO3vOg1Q +-> n\fdBI(-grease -PZuR<|s w,[Y J* h~ +mwA80O5+Q8KqYJSYneiqKcP5tbDgA0GI9AuDOjbFPFcb8evizd0RJxHdw9lDtIf1 +EBddBaL+m0/JjzvGE+Y +--- ybCpT9fTz498c//mW49ziO5Qcpl+hJGly/qm9lzZR4s +Žùœ7#„ä:EPÍb5Ç2«è@ÿŽKùU†¡»VMÒ¿UAP_¤…J xà‚Ð0>–™3 á +°„¬-¦f™´’ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fe31719..3cdc77b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,6 +23,7 @@ in "paperless.age".publicKeys = [ systems.gorgon dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; + "ddns-credentials.age".publicKeys = [ systems.ninurta dadada ]; } // backupSecrets "ninurta" // backupSecrets "gorgon" // From f763d99273928e3870e5eff110a7d4f5a7beb243 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 15:42:55 +0200 Subject: [PATCH 633/988] ninurta: fix network config --- nixos/ninurta/configuration.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index f128c54..001352f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -248,10 +248,6 @@ in matchConfig.Name = "enp*"; linkConfig.MACAddressPolicy = "persistent"; }; - "20-backup" = { - matchConfig.Name = "backup"; - linkConfig.MACAddressPolicy = "persistent"; - }; }; networks = { "10-wlan" = { @@ -265,11 +261,14 @@ in "10-lan" = { matchConfig.Name = "enp*"; networkConfig.DHCP = "ipv4"; + networkConfig.VLAN = [ "backup" ]; + networkConfig.IPv6PrivacyExtensions = false; linkConfig.RequiredForOnline = "routable"; }; "20-backup" = { matchConfig.Name = "backup"; networkConfig.DHCP = "ipv4"; + networkConfig.IPv6PrivacyExtensions = false; linkConfig.RequiredForOnline = false; }; "10-hydra" = { From 4da21e0649ba9331229df335a2115739cf4e94f7 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 15:46:33 +0200 Subject: [PATCH 634/988] Fix DNS server address --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 001352f..65ae5de 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -284,7 +284,7 @@ in "10-uwu" = { matchConfig.Name = "uwu"; address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; - dns = [ "10.11.0.1::%uwu#uwu" ]; + dns = [ "10.11.0.1%uwu#uwu" ]; domains = [ "uwu" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; From f3098f45b6acbc4cfa266ba8ae1a840e80838abd Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 16:20:35 +0200 Subject: [PATCH 635/988] Drop legacy IP from DDNS client --- nixos/modules/ddns.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 23db98b..3b6abb2 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -29,7 +29,6 @@ with lib; let curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl -4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} ${pkgs.curl}/bin/curl -6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} ''; })); From dc83848eb098046a52c3827b1b15e3509044cc23 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 21 Jun 2023 16:31:51 +0200 Subject: [PATCH 636/988] Sanbox ddns service and fix auth problems --- nixos/modules/ddns.nix | 15 ++++++++++++++- secrets/ddns-credentials.age | 19 +++++++++---------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 3b6abb2..807949e 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -17,7 +17,20 @@ with lib; let systemd.services = listToAttrs (forEach domains (domain: nameValuePair "ddns-${domain}" { - serviceConfig.Type = "oneshot"; + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + PrivateMounts = true; + PrivateIPC = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + BindReadOnlyPaths = [ credentialsPath ]; + NoNewPrivileges = true; + CapabilitBoundingSet = [ ]; + }; script = '' function url() { echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index f7b00b0..bd19e1d 100644 --- a/secrets/ddns-credentials.age +++ b/secrets/ddns-credentials.age @@ -1,11 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw BhBy5hKm+udUmCgQOhVnFFaGSGOOKqxOkaZUcp7Wy3k -itvOOCUKNo0IseolH//6Uj1zEDt207HleT1YWnDogAg --> ssh-ed25519 Otklkw /5YCYZwTZ//JfGJzIIizcwhqem1P/ZTDdhJFfEjQQX4 -z7WS/uHDKGyuUP+ZKVVVc8b4bybsaQH6XrxOO3vOg1Q --> n\fdBI(-grease -PZuR<|s w,[Y J* h~ -mwA80O5+Q8KqYJSYneiqKcP5tbDgA0GI9AuDOjbFPFcb8evizd0RJxHdw9lDtIf1 -EBddBaL+m0/JjzvGE+Y ---- ybCpT9fTz498c//mW49ziO5Qcpl+hJGly/qm9lzZR4s -Žùœ7#„ä:EPÍb5Ç2«è@ÿŽKùU†¡»VMÒ¿UAP_¤…J xà‚Ð0>–™3 á -°„¬-¦f™´’ \ No newline at end of file +-> ssh-ed25519 J6ROvw GVvNIMXLPbV2vCUusgXXhbX5NiFBHiDEKcsKfmoyzkU +5DPaglRaORrOfzNkjUCSxGEUxxFb4+4LKU/AZlBvUa8 +-> ssh-ed25519 Otklkw 6OI2jcEMolDqSXT/lDDn/Bmzl7TuSi3nzSjJPr1Fyno +evOwwYz0VNf+CSlQBv9M/M+BgW2+VffXk3Oei6rJJzE +-> 'v-grease X +ZsnRwQ1kbRM6a34 +--- E7ofwcMOJacS72nThz3xl/kOvgy0698mvRiJNmIorAc +rd{U] +æÃ:&liѼ|YåwËó¨RµïR5gE‹ÚðüR ½—û§ÿ!ïlŽ6eµ(R™1öˆàèr’˜ \ No newline at end of file From fa9e81589bacb3d013f3f6f2a1c5aa6c2db2aef1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jun 2023 21:35:31 +0200 Subject: [PATCH 637/988] fix hydra networking and remove unused hydra config files --- default.nix | 7 ------- hydra-jobs.nix | 2 +- jobsets.nix | 27 --------------------------- nixos/ninurta/configuration.nix | 3 ++- nixos/surgat/configuration.nix | 6 +----- outputs.nix | 17 ----------------- spec.json | 16 ---------------- 7 files changed, 4 insertions(+), 74 deletions(-) delete mode 100644 default.nix delete mode 100644 jobsets.nix delete mode 100644 spec.json diff --git a/default.nix b/default.nix deleted file mode 100644 index 0bd1bf9..0000000 --- a/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ nixpkgs, declInput, projectName, ... }: -let - pkgs = import nixpkgs { }; -in -{ - jobsets = import ./jobsets.nix { inherit pkgs declInput projectName; }; -} diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 86205e7..1d7dde7 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -1,4 +1,4 @@ -{ self, nixpkgs, flake-utils, ... }: +{ self, nixpkgs, ... }: (nixpkgs.lib.mapAttrs' (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) self.nixosConfigurations diff --git a/jobsets.nix b/jobsets.nix deleted file mode 100644 index a869a03..0000000 --- a/jobsets.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs -, declInput -, projectName -, ... -}: -pkgs.runCommand "spec.json" { } '' - cat < $out < Date: Sun, 25 Jun 2023 21:38:07 +0200 Subject: [PATCH 638/988] Remove emacs config --- home/modules/default.nix | 4 - home/modules/emacs/default.nix | 73 ---------- home/modules/emacs/doom.d/config.el | 12 -- home/modules/emacs/doom.d/init.el | 189 -------------------------- home/modules/emacs/doom.d/packages.el | 3 - 5 files changed, 281 deletions(-) delete mode 100644 home/modules/emacs/default.nix delete mode 100644 home/modules/emacs/doom.d/config.el delete mode 100644 home/modules/emacs/doom.d/init.el delete mode 100644 home/modules/emacs/doom.d/packages.el diff --git a/home/modules/default.nix b/home/modules/default.nix index 7120aa8..9d0427c 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -2,10 +2,6 @@ alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - - # Disable because can't get importing the module to work - #emacs = import ./emacs; - fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; diff --git a/home/modules/emacs/default.nix b/home/modules/emacs/default.nix deleted file mode 100644 index 2fa0b0f..0000000 --- a/home/modules/emacs/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - cfg = config.dadada.home.emacs; -in -{ - options.dadada.home.emacs = { - enable = mkEnableOption "Enable dadada emacs config"; - }; - - config = mkIf cfg.enable { - programs.doom-emacs = { - enable = true; - doomPrivateDir = ./doom.d; - emacsPackagesOverlay = self: super: - with pkgs; { - tsc = super.tsc.overrideAttrs (old: - let - libtsc_dyn = rustPlatform.buildRustPackage rec { - pname = "emacs-tree-sitter"; - version = "0.15.1"; - src = fetchFromGitHub { - owner = "ubolonton"; - repo = "emacs-tree-sitter"; - rev = version; - sha256 = "sha256-WgkGtmw63+kRLTRiSEO4bFF2IguH5g4odCujyazkwJc="; - }; - preBuild = '' - export BINDGEN_EXTRA_CLANG_ARGS="$(< ${stdenv.cc}/nix-support/libc-crt1-cflags) \ - $(< ${stdenv.cc}/nix-support/libc-cflags) \ - $(< ${stdenv.cc}/nix-support/cc-cflags) \ - $(< ${stdenv.cc}/nix-support/libcxx-cxxflags) \ - ${lib.optionalString stdenv.cc.isClang "-idirafter ${stdenv.cc.cc}/lib/clang/${lib.getVersion stdenv.cc.cc}/include"} \ - ${lib.optionalString stdenv.cc.isGNU - "-isystem ${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.config}/${lib.getVersion stdenv.cc.cc}/include/"} \ - ${lib.optionalString stdenv.cc.isGNU - "-isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc} -isystem ${stdenv.cc.cc}/include/c++/${lib.getVersion stdenv.cc.cc}/${stdenv.hostPlatform.config}"} \ - $NIX_CFLAGS_COMPILE" - ''; - LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; - cargoHash = "sha256-HB5tFR1slY2D6jb2mt4KrGrGBUUVrxiBjmVycO+qfYY="; - }; - in - { - inherit (libtsc_dyn) src; - preBuild = '' - ext=${stdenv.hostPlatform.extensions.sharedLibrary} - dest=$out/share/emacs/site-lisp/elpa/tsc-${old.version} - install -D ${libtsc_dyn}/lib/libtsc_dyn$ext $dest/tsc-dyn$ext - echo -n "0.15.1" > $dest/DYN-VERSION - ''; - }); - tree-sitter-langs = super.tree-sitter-langs.overrideAttrs (old: { - postInstall = '' - dest=$out/share/emacs/site-lisp/elpa/tree-sitter-langs-${old.version} - echo -n "0.10.2" > $dest/BUNDLE-VERSION - ${lib.concatStringsSep "\n" - (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $dest/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; - ''; - }); - }; - }; - home.file.".tree-sitter".source = pkgs.runCommand "grammars" { } '' - mkdir -p $out/bin - echo -n "0.10.2" > $out/BUNDLE-VERSION - ${lib.concatStringsSep "\n" - (lib.mapAttrsToList (name: src: "name=${name}; ln -s ${src}/parser $out/bin/\${name#tree-sitter-}.so") pkgs.tree-sitter.builtGrammars)}; - ''; - }; -} diff --git a/home/modules/emacs/doom.d/config.el b/home/modules/emacs/doom.d/config.el deleted file mode 100644 index 31e15d8..0000000 --- a/home/modules/emacs/doom.d/config.el +++ /dev/null @@ -1,12 +0,0 @@ -(setq doom-font (font-spec :family "Source Code Pro" :size 13 :weight 'semi-light)) -(setq org-directory "~/src/notes/org/") -(with-eval-after-load 'treemacs - (define-key treemacs-mode-map [mouse-1] #'treemacs-single-click-expand-action)) -(defun fixed-tree-sitter-langs-install-grammars (&optional skip-if-installed version os keep-bundle) ()) -(advice-add 'tree-sitter-langs-install-grammars :override #'fixed-tree-sitter-langs-install-grammars) -(use-package! tree-sitter - :config - (cl-pushnew (expand-file-name "~/.tree-sitter") tree-sitter-load-path) - (require 'tree-sitter-langs) - (global-tree-sitter-mode) - (add-hook 'tree-sitter-after-on-hook #'tree-sitter-hl-mode)) diff --git a/home/modules/emacs/doom.d/init.el b/home/modules/emacs/doom.d/init.el deleted file mode 100644 index bbc96d9..0000000 --- a/home/modules/emacs/doom.d/init.el +++ /dev/null @@ -1,189 +0,0 @@ -;;; init.el -*- lexical-binding: t; -*- - -;; This file controls what Doom modules are enabled and what order they load -;; in. Remember to run 'doom sync' after modifying it! - -;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's -;; documentation. There you'll find a "Module Index" link where you'll find -;; a comprehensive list of Doom's modules and what flags they support. - -;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or -;; 'C-c c k' for non-vim users) to view its documentation. This works on -;; flags as well (those symbols that start with a plus). -;; -;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its -;; directory (for easy access to its source code). - -(doom! :input - ;;chinese - ;;japanese - ;;layout ; auie,ctsrnm is the superior home row - - :completion - company ; the ultimate code completion backend - ;;helm ; the *other* search engine for love and life - ;;ido ; the other *other* search engine... - ivy ; a search engine for love and life - - :ui - ;;deft ; notational velocity for Emacs - doom ; what makes DOOM look the way it does - doom-dashboard ; a nifty splash screen for Emacs - doom-quit ; DOOM quit-message prompts when you quit Emacs - (emoji +unicode) ; 🙂 - ;;fill-column ; a `fill-column' indicator - hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW - hydra - ;;indent-guides ; highlighted indent columns - ;;ligatures ; ligatures and symbols to make your code pretty again - ;;minimap ; show a map of the code on the side - modeline ; snazzy, Atom-inspired modeline, plus API - ;;nav-flash ; blink cursor line after big motions - ;;neotree ; a project drawer, like NERDTree for vim - ophints ; highlight the region an operation acts on - (popup +defaults) ; tame sudden yet inevitable temporary windows - tabs ; a tab bar for Emacs - treemacs ; a project drawer, like neotree but cooler - unicode ; extended unicode support for various languages - vc-gutter ; vcs diff in the fringe - vi-tilde-fringe ; fringe tildes to mark beyond EOB - window-select ; visually switch windows - workspaces ; tab emulation, persistence & separate workspaces - ;;zen ; distraction-free coding or writing - - :editor - (evil +everywhere); come to the dark side, we have cookies - file-templates ; auto-snippets for empty files - fold ; (nigh) universal code folding - ;;(format +onsave) ; automated prettiness - ;;god ; run Emacs commands without modifier keys - ;;lispy ; vim for lisp, for people who don't like vim - multiple-cursors ; editing in many places at once - ;;objed ; text object editing for the innocent - ;;parinfer ; turn lisp into python, sort of - ;;rotate-text ; cycle region at point between text candidates - snippets ; my elves. They type so I don't have to - ;;word-wrap ; soft wrapping with language-aware indent - - :emacs - dired ; making dired pretty [functional] - electric ; smarter, keyword-based electric-indent - ;;ibuffer ; interactive buffer management - undo ; persistent, smarter undo for your inevitable mistakes - vc ; version-control and Emacs, sitting in a tree - - :term - ;;eshell ; the elisp shell that works everywhere - ;;shell ; simple shell REPL for Emacs - ;;term ; basic terminal emulator for Emacs - vterm ; the best terminal emulation in Emacs - - :checkers - syntax ; tasing you for every semicolon you forget - ;;(spell +flyspell) ; tasing you for misspelling mispelling - ;;grammar ; tasing grammar mistake every you make - - :tools - ;;ansible - ;;debugger ; FIXME stepping through code, to help you add bugs - direnv - docker - editorconfig ; let someone else argue about tabs vs spaces - ;;ein ; tame Jupyter notebooks with emacs - (eval +overlay) ; run code, run (also, repls) - ;;gist ; interacting with github gists - lookup ; navigate your code and its documentation - lsp - magit ; a git porcelain for Emacs - ;;make ; run make tasks from Emacs - ;;pass ; password manager for nerds - ;;pdf ; pdf enhancements - ;;prodigy ; FIXME managing external services & code builders - ;;rgb ; creating color strings - ;;taskrunner ; taskrunner for all your projects - ;;terraform ; infrastructure as code - ;;tmux ; an API for interacting with tmux - ;;upload ; map local to remote projects via ssh/ftp - - :os - (:if IS-MAC macos) ; improve compatibility with macOS - ;;tty ; improve the terminal Emacs experience - - :lang - ;;agda ; types of types of types of types... - ;;beancount ; mind the GAAP - cc ; C > C++ == 1 - ;;clojure ; java with a lisp - ;;common-lisp ; if you've seen one lisp, you've seen them all - ;;coq ; proofs-as-programs - ;;crystal ; ruby at the speed of c - ;;csharp ; unity, .NET, and mono shenanigans - ;;data ; config/data formats - ;;(dart +flutter) ; paint ui and not much else - ;;elixir ; erlang done right - ;;elm ; care for a cup of TEA? - emacs-lisp ; drown in parentheses - ;;erlang ; an elegant language for a more civilized age - ;;ess ; emacs speaks statistics - ;;factor - ;;faust ; dsp, but you get to keep your soul - ;;fsharp ; ML stands for Microsoft's Language - ;;fstar ; (dependent) types and (monadic) effects and Z3 - ;;gdscript ; the language you waited for - (go +lsp) ; the hipster dialect - (haskell +dante) ; a language that's lazier than I am - ;;hy ; readability of scheme w/ speed of python - ;;idris ; a language you can depend on - json ; At least it ain't XML - ;;(java +meghanada) ; the poster child for carpal tunnel syndrome - (javascript +lsp) ; all(hope(abandon(ye(who(enter(here)))))) - ;;julia ; a better, faster MATLAB - ;;kotlin ; a better, slicker Java(Script) - latex ; writing papers in Emacs has never been so fun - ;;lean ; for folks with too much to prove - ;;ledger ; be audit you can be - ;;lua ; one-based indices? one-based indices - markdown ; writing docs for people to ignore - ;;nim ; python + lisp at the speed of c - nix ; I hereby declare "nix geht mehr!" - ;;ocaml ; an objective camel - org ; organize your plain life in plain text - php ; perl's insecure younger brother - ;;plantuml ; diagrams for confusing people more - ;;purescript ; javascript, but functional - python ; beautiful is better than ugly - ;;qt ; the 'cutest' gui framework ever - ;;racket ; a DSL for DSLs - ;;raku ; the artist formerly known as perl6 - ;;rest ; Emacs as a REST client - rst ; ReST in peace - ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} - rust (+lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() - ;;scala ; java, but good - ;;(scheme +guile) ; a fully conniving family of lisps - sh ; she sells {ba,z,fi}sh shells on the C xor - ;;sml - ;;solidity ; do you need a blockchain? No. - ;;swift ; who asked for emoji variables? - ;;terra ; Earth and Moon in alignment for performance. - vue-mode - (web +lsp) ; the tubes - yaml ; JSON, but readable - ;;zig ; C, but simpler - - :email - ;;(mu4e +gmail) - ;;notmuch - ;;(wanderlust +gmail) - - :app - ;;calendar - ;;emms - ;;everywhere ; *leave* Emacs!? You must be joking - ;;irc ; how neckbeards socialize - ;;(rss +org) ; emacs as an RSS reader - ;;twitter ; twitter client https://twitter.com/vnought - - :config - ;;literate - (default +bindings +smartparens)) diff --git a/home/modules/emacs/doom.d/packages.el b/home/modules/emacs/doom.d/packages.el deleted file mode 100644 index 1e55f3e..0000000 --- a/home/modules/emacs/doom.d/packages.el +++ /dev/null @@ -1,3 +0,0 @@ -(package! direnv) -(package! tree-sitter) -(package! tree-sitter-langs) From e53a688e5139d7a0068f828a8d851b51d4cbe928 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jun 2023 22:15:30 +0200 Subject: [PATCH 639/988] Upgrade flake.nix --- flake.lock | 8 ++++---- flake.nix | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 738429b..2c4daed 100644 --- a/flake.lock +++ b/flake.lock @@ -202,16 +202,16 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1680250441, - "narHash": "sha256-Qrn3mB6bb1DSvKxOJ9oAlxuMk64Fzg2W4BVmk6y3deA=", + "lastModified": 1684393286, + "narHash": "sha256-Ws9uWtZLvTwL5HNonFr4YwyPoTU8QlCvhs6IJ92aLDw=", "owner": "helix-editor", "repo": "helix", - "rev": "3cf037237f1d080fdcb7990250955701389ae072", + "rev": "7f5940be80eaa3aec7903903072b7108f41dd97b", "type": "github" }, "original": { "owner": "helix-editor", - "ref": "23.03", + "ref": "23.05", "repo": "helix", "type": "github" } diff --git a/flake.nix b/flake.nix index 1248697..12b866e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,25 +2,25 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = github:NixOS/nixpkgs/nixos-23.05; - flake-utils.url = github:numtide/flake-utils; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + flake-utils.url = "github:numtide/flake-utils"; home-manager = { - url = github:nix-community/home-manager/release-23.05; + url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-hardware.url = github:NixOS/nixos-hardware/master; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homePage = { - url = github:dadada/dadada.li; + url = "github:dadada/dadada.li"; }; recipemd = { - url = github:dadada/recipemd/nix-flake; + url = "github:dadada/recipemd/nix-flake"; }; agenix = { - url = github:ryantm/agenix/0.13.0; + url = "github:ryantm/agenix/0.13.0"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { - url = github:numtide/devshell; + url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-generators = { @@ -31,7 +31,7 @@ url = "github:NixOS/flake-registry"; flake = false; }; - helix.url = "github:helix-editor/helix/23.03"; + helix.url = "github:helix-editor/helix/23.05"; }; outputs = { ... } @ args: import ./outputs.nix args; From 575fed844375b40d7aa9344743d747c14e737e87 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jun 2023 22:17:50 +0200 Subject: [PATCH 640/988] Use helix from nixpkgs --- flake.lock | 278 +-------------------------------------- flake.nix | 7 +- nixos/configurations.nix | 6 +- outputs.nix | 1 - 4 files changed, 11 insertions(+), 281 deletions(-) diff --git a/flake.lock b/flake.lock index 2c4daed..760f79d 100644 --- a/flake.lock +++ b/flake.lock @@ -21,22 +21,6 @@ "type": "github" } }, - "crane": { - "flake": false, - "locked": { - "lastModified": 1670900067, - "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", - "owner": "ipetkov", - "repo": "crane", - "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "devshell": { "inputs": { "nixpkgs": [ @@ -58,78 +42,6 @@ "type": "github" } }, - "dream2nix": { - "inputs": { - "alejandra": [ - "helix", - "nci" - ], - "all-cabal-json": [ - "helix", - "nci" - ], - "crane": "crane", - "devshell": [ - "helix", - "nci" - ], - "flake-parts": [ - "helix", - "nci", - "parts" - ], - "flake-utils-pre-commit": [ - "helix", - "nci" - ], - "ghc-utils": [ - "helix", - "nci" - ], - "gomod2nix": [ - "helix", - "nci" - ], - "mach-nix": [ - "helix", - "nci" - ], - "nix-pypi-fetcher": [ - "helix", - "nci" - ], - "nixpkgs": [ - "helix", - "nci", - "nixpkgs" - ], - "poetry2nix": [ - "helix", - "nci" - ], - "pre-commit-hooks": [ - "helix", - "nci" - ], - "pruned-racket-catalog": [ - "helix", - "nci" - ] - }, - "locked": { - "lastModified": 1677289985, - "narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=", - "owner": "nix-community", - "repo": "dream2nix", - "rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "dream2nix", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -165,21 +77,6 @@ } }, "flake-utils_2": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "locked": { "lastModified": 1623875721, "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", @@ -194,28 +91,6 @@ "type": "github" } }, - "helix": { - "inputs": { - "nci": "nci", - "nixpkgs": "nixpkgs", - "parts": "parts_2", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1684393286, - "narHash": "sha256-Ws9uWtZLvTwL5HNonFr4YwyPoTU8QlCvhs6IJ92aLDw=", - "owner": "helix-editor", - "repo": "helix", - "rev": "7f5940be80eaa3aec7903903072b7108f41dd97b", - "type": "github" - }, - "original": { - "owner": "helix-editor", - "ref": "23.05", - "repo": "helix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -240,7 +115,7 @@ "homePage": { "inputs": { "hugo-theme-anubis": "hugo-theme-anubis", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1655227494, @@ -272,50 +147,6 @@ "type": "github" } }, - "mk-naked-shell": { - "flake": false, - "locked": { - "lastModified": 1676572903, - "narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=", - "owner": "yusdacra", - "repo": "mk-naked-shell", - "rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57", - "type": "github" - }, - "original": { - "owner": "yusdacra", - "repo": "mk-naked-shell", - "type": "github" - } - }, - "nci": { - "inputs": { - "dream2nix": "dream2nix", - "mk-naked-shell": "mk-naked-shell", - "nixpkgs": [ - "helix", - "nixpkgs" - ], - "parts": "parts", - "rust-overlay": [ - "helix", - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1677297103, - "narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=", - "owner": "yusdacra", - "repo": "nix-cargo-integration", - "rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2", - "type": "github" - }, - "original": { - "owner": "yusdacra", - "repo": "nix-cargo-integration", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1685840432, @@ -369,40 +200,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1677063315, - "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "988cc958c57ce4350ec248d2d53087777f9e1949", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1675183161, - "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1629226339, "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", @@ -415,7 +212,7 @@ "type": "indirect" } }, - "nixpkgs_3": { + "nixpkgs_2": { "locked": { "lastModified": 1686921029, "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", @@ -431,7 +228,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", "path": "/nix/store/n04lw5nrskzmz7rv17p09qrnjanfkg5d-source", @@ -442,50 +239,10 @@ "type": "indirect" } }, - "parts": { - "inputs": { - "nixpkgs-lib": [ - "helix", - "nci", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1647022391, @@ -508,37 +265,14 @@ "devshell": "devshell", "flake-registry": "flake-registry", "flake-utils": "flake-utils", - "helix": "helix", "home-manager": "home-manager", "homePage": "homePage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "recipemd": "recipemd" } }, - "rust-overlay": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "helix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1677292251, - "narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 12b866e..3016008 100644 --- a/flake.nix +++ b/flake.nix @@ -31,14 +31,13 @@ url = "github:NixOS/flake-registry"; flake = false; }; - helix.url = "github:helix-editor/helix/23.05"; }; outputs = { ... } @ args: import ./outputs.nix args; nixConfig = { - extra-trusted-public-keys = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="; - extra-substituters = "https://nix-community.cachix.org/ https://helix.cachix.org/"; - extra-trusted-substituters = "https://nix-community.cachix.org/ https://helix.cachix.org/"; + extra-trusted-public-keys = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; + extra-substituters = "https://nix-community.cachix.org/"; + extra-trusted-substituters = "https://nix-community.cachix.org/"; }; } diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 7c61ccd..821ad22 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -6,8 +6,6 @@ , nixos-hardware , recipemd , nixos-generators -, flake-registry -, helix , ... }@inputs: let @@ -42,7 +40,7 @@ in home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = helix.packages.${system}.helix; } + { dadada.home.helix.package = pkgs.helix; } { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home/home; @@ -83,7 +81,7 @@ in ]; }; - installer = nixpkgs.lib.nixosSystem rec { + installer = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ nixos-generators.nixosModules.install-iso diff --git a/outputs.nix b/outputs.nix index 6f2a1a2..ca14c83 100644 --- a/outputs.nix +++ b/outputs.nix @@ -9,7 +9,6 @@ , recipemd , agenix , devshell -, helix , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: From 4c032f7ceba389ebb31a762baec654ad76e8b9e0 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 25 Jun 2023 23:13:56 +0200 Subject: [PATCH 641/988] home: remove citrix --- home/home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 832491f..fefba2f 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -13,7 +13,6 @@ with pkgs; [ binutils bluez-tools btop # htop - citrix_workspace choose # alternative to cut and awk with more readable syntax colordiff darcs From 4225de2ae9915b6290ffde83998c922f68041f0b Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 7 Jul 2023 20:47:54 +0200 Subject: [PATCH 642/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/fd6223370774dd9c33354e87a007004b5fd36442' (2023-06-13) → 'github:numtide/devshell/f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205' (2023-07-03) • Updated input 'flake-utils': 'github:numtide/flake-utils/a1720a10a6cfe8234c0e93907ffe81be440f4cef' (2023-05-31) → 'github:numtide/flake-utils/dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7' (2023-06-25) • Updated input 'home-manager': 'github:nix-community/home-manager/61e5d1c38ef04ba30a9119825b159bce9c6010be' (2023-06-13) → 'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/a54683aa7eff00ee5b33dec225525d0eb6ab02de' (2023-06-16) → 'github:nix-community/nixos-generators/9191c85aab6b1a7ad395c13d340f2aa0e3ddf552' (2023-07-07) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/961e99baaaa57f5f7042fe7ce089a88786c839f4' (2023-06-04) → 'github:nix-community/nixpkgs.lib/a92befce80a487380ea5e92ae515fe33cebd3ac6' (2023-07-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c7ff1b9b95620ce8728c0d7bd501c458e6da9e04' (2023-06-16) → 'github:NixOS/nixpkgs/e11142026e2cef35ea52c9205703823df225c947' (2023-07-05) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 760f79d..9bf8ebc 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1686680692, - "narHash": "sha256-SsLZz3TDleraAiJq4EkmdyewSyiv5g0LZYc6vaLZOMQ=", + "lastModified": 1688380630, + "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", "owner": "numtide", "repo": "devshell", - "rev": "fd6223370774dd9c33354e87a007004b5fd36442", + "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", "type": "github" }, "original": { @@ -63,11 +63,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1685518550, - "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", + "lastModified": 1687709756, + "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "owner": "numtide", "repo": "flake-utils", - "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef", + "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", "type": "github" }, "original": { @@ -98,11 +98,11 @@ ] }, "locked": { - "lastModified": 1686693375, - "narHash": "sha256-1Smjo0E8WI9PeVGmmCjpQWRX04aQvz5gAGXfdanIjgw=", + "lastModified": 1687871164, + "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", "owner": "nix-community", "repo": "home-manager", - "rev": "61e5d1c38ef04ba30a9119825b159bce9c6010be", + "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixlib": { "locked": { - "lastModified": 1685840432, - "narHash": "sha256-VJIbiKsY7Xy4E4WcgwUt/UiwYDmN5BAk8tngAjcWsqY=", + "lastModified": 1688259758, + "narHash": "sha256-CYVbYQfIm3vwciCf6CCYE+WOOLE3vcfxfEfNHIfKUJQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "961e99baaaa57f5f7042fe7ce089a88786c839f4", + "rev": "a92befce80a487380ea5e92ae515fe33cebd3ac6", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1686924781, - "narHash": "sha256-6r3Hm2Fxf4F7LIWRYKU9bsS/xJwlG6L2+/I/pdffvOs=", + "lastModified": 1688738567, + "narHash": "sha256-yax5BYOfpE0+95kyJmEcfKEdZBaFvCENDogBB4VQB3Q=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a54683aa7eff00ee5b33dec225525d0eb6ab02de", + "rev": "9191c85aab6b1a7ad395c13d340f2aa0e3ddf552", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1686921029, - "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=", + "lastModified": 1688594934, + "narHash": "sha256-3dUo20PsmUd57jVZRx5vgKyIN1tv+v/JQweZsve5q/A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04", + "rev": "e11142026e2cef35ea52c9205703823df225c947", "type": "github" }, "original": { From 9480ab324611a7c5c1b980740ed8bdf269baecde Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 9 Jul 2023 01:11:47 +0200 Subject: [PATCH 643/988] Install soft-serve on ninurta --- nixos/configurations.nix | 7 +- nixos/modules/default.nix | 1 + nixos/modules/networking.nix | 2 +- nixos/modules/soft-serve.nix | 212 ++++++++++++++++++++++++++++++++ nixos/ninurta/configuration.nix | 22 +++- overlays.nix | 4 + pkgs/soft-serve.nix | 37 ++++++ 7 files changed, 280 insertions(+), 5 deletions(-) create mode 100644 nixos/modules/soft-serve.nix create mode 100644 pkgs/soft-serve.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 821ad22..6c8f9da 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -17,6 +17,7 @@ let modules = [{ # Add flakes to registry and nix path. dadada.inputs = inputs // { dadada = self; }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in @@ -101,5 +102,9 @@ in ]; }; - ninurta = nixosSystem { extraModules = [ ./ninurta/configuration.nix ]; }; + ninurta = nixosSystem { + extraModules = [ + ./ninurta/configuration.nix + ]; + }; } diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 9b8864e..f89d4ce 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -16,6 +16,7 @@ packages = import ./packages.nix; secrets = import ./secrets.nix; share = import ./share.nix; + soft-serve = import ./soft-serve.nix; steam = import ./steam.nix; sway = import ./sway.nix; vpnServer = import ./vpnServer.nix; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix index 43ddd8c..b58fb2d 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking.nix @@ -132,7 +132,7 @@ in networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { dadada = { - ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/17" ]; + ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/24" ]; listenPort = 51234; privateKeyFile = "/var/lib/wireguard/privkey"; postSetup = '' diff --git a/nixos/modules/soft-serve.nix b/nixos/modules/soft-serve.nix new file mode 100644 index 0000000..a2e1a27 --- /dev/null +++ b/nixos/modules/soft-serve.nix @@ -0,0 +1,212 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + cfg = config.services.soft-serve; + configFile = format.generate "config.yaml" cfg.settings; + exe = getExe cfg.package; + format = pkgs.formats.yaml { }; + user = "soft-serve"; +in +{ + options = { + services.soft-serve = { + enable = mkEnableOption "Enable soft-serve service"; + + package = mkPackageOption pkgs "soft-serve" { }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/soft-serve"; + description = lib.mdDoc '' + The absolute path to the data directory. + + See . + ''; + }; + + user = mkOption { + type = types.str; + default = user; + description = lib.mdDoc "User account under which soft-serve runs."; + }; + + group = mkOption { + type = types.str; + default = user; + description = lib.mdDoc "Group account under which soft-serve runs."; + }; + + settings = mkOption { + type = format.type; + default = { }; + description = lib.mdDoc '' + The contents of the configuration file. + + See . + ''; + example = literalExpression '' + { + # Soft Serve Server configurations + + # The name of the server. + # This is the name that will be displayed in the UI. + name = "Soft Serve"; + + # Log format to use. Valid values are "json", "logfmt", and "text". + log_format = "text"; + + # The SSH server configuration. + ssh = { + # The address on which the SSH server will listen. + listen_addr = ":23231"; + + # The public URL of the SSH server. + # This is the address that will be used to clone repositories. + public_url = "ssh://localhost:23231"; + + # The path to the SSH server's private key. + key_path = "ssh/soft_serve_host"; + + # The path to the SSH server's client private key. + # This key will be used to authenticate the server to make git requests to + # ssh remotes. + client_key_path = "ssh/soft_serve_client"; + + # The maximum number of seconds a connection can take. + # A value of 0 means no timeout. + max_timeout = 0; + + # The number of seconds a connection can be idle before it is closed. + idle_timeout = 120; + }; + # The Git daemon configuration. + git = { + # The address on which the Git daemon will listen. + listen_addr = ":9418"; + + # The maximum number of seconds a connection can take. + # A value of 0 means no timeout. + max_timeout = 0; + + # The number of seconds a connection can be idle before it is closed. + idle_timeout = 3; + + # The maximum number of concurrent connections. + max_connections = 32; + }; + + # The HTTP server configuration. + http = { + # The address on which the HTTP server will listen. + listen_addr = ":23232"; + + # The path to the TLS private key. + tls_key_path = ""; + + # The path to the TLS certificate. + tls_cert_path = ""; + + # The public URL of the HTTP server. + # This is the address that will be used to clone repositories. + # Make sure to use https:// if you are using TLS. + public_url = "http://localhost:23232"; + + }; + + # The stats server configuration. + stats = { + # The address on which the stats server will listen. + listen_addr = ":23233"; + }; + # Additional admin keys. + initial_admin_keys = [ + "ssh-rsa AAAAB3NzaC1yc2..." + ]; + }; + ''; + }; + }; + }; + + config = let stateDir = cfg.stateDir; in mkIf cfg.enable { + users.users = mkIf (cfg.user == "soft-serve") { + soft-serve = { + description = "soft-serve service"; + home = cfg.stateDir; + useDefaultShell = true; + group = cfg.group; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "soft-serve") { + soft-serve = { }; + }; + + systemd.tmpfiles.rules = [ + "d '${stateDir}' 0750 ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.soft-serve = { + description = "Soft Serve git server ðŸ¦"; + documentation = [ "https://github.com/charmbracelet/soft-serve" ]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + SOFT_SERVE_DATA_PATH = stateDir; + }; + + preStart = '' + # Link the settings file into the data directory. + ln -fs ${configFile} ${stateDir}/config.yaml + ''; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + Restart = "always"; + RestartSec = "1"; + ExecStart = "${exe} serve"; + WorkingDirectory = stateDir; + RuntimeDirectory = "soft-serve"; + RuntimeDirectoryMode = "0750"; + ProcSubset = "pid"; + ProtectProc = "invisible"; + ReadWritePaths = [ stateDir ]; + UMask = "0027"; + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap" + ]; + }; + }; + }; + + meta.maintainers = [ maintainers.dadada ]; +} diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index b198253..de73b3c 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -11,6 +11,7 @@ let wg0PresharedKey = "pruflas-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; + softServePort = 23231; in { imports = [ @@ -18,6 +19,22 @@ in ./hardware-configuration.nix ]; + services.soft-serve = { + enable = true; + settings = { + name = "dadada's repos"; + log_format = "text"; + ssh = { + listen_addr = ":${toString softServePort}"; + public_url = "ssh://soft-serve.dadada.li:${toString softServePort}"; + max_timeout = 30; + idle_timeout = 120; + }; + stats.listen_addr = ":23233"; + initial_admin_keys = config.dadada.admin.users.dadada.keys; + }; + }; + dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -75,7 +92,7 @@ in }; }; - dadada.ddns.domains = [ "backup1.dadada.li" ]; + dadada.ddns.domains = [ "backup1.dadada.li" "soft-serve.dadada.li" ]; dadada.ddns.credentialsPath = config.age.secrets."ddns-credentials".path; dadada.ddns.interface = "backup"; @@ -350,6 +367,7 @@ in 80 # HTTP 443 # HTTPS 3000 # Hydra + softServePort ]; allowedUDPPorts = [ 51234 # Wireguard @@ -384,8 +402,6 @@ in ''; }; - - powerManagement = { enable = true; cpuFreqGovernor = "powersave"; diff --git a/overlays.nix b/overlays.nix index 6d636ec..7432ba5 100644 --- a/overlays.nix +++ b/overlays.nix @@ -38,4 +38,8 @@ }; }); }; + + soft-serve = final: prev: { + soft-serve = prev.callPackage ./pkgs/soft-serve.nix { }; + }; } diff --git a/pkgs/soft-serve.nix b/pkgs/soft-serve.nix new file mode 100644 index 0000000..a6fc8ac --- /dev/null +++ b/pkgs/soft-serve.nix @@ -0,0 +1,37 @@ +# Borrowed from nixpkgs. +# See https://github.com/NixOS/nixpkgs/issues/86349 +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, git }: + +buildGoModule rec { + pname = "soft-serve"; + version = "0.5.4"; + + src = fetchFromGitHub { + owner = "charmbracelet"; + repo = "soft-serve"; + rev = "v${version}"; + sha256 = "sha256-pVUkmia6W5CVYLjrE6Ie2OVme3y2pmhMMxCYS5qyhgs="; + }; + + vendorHash = "sha256-wf2Dfo4uWHg/h2+EfEW5oGUgqf1kAgiTq7ivczI1w+c="; + + doCheck = false; + + ldflags = [ "-s" "-w" "-X=main.Version=${version}" ]; + + nativeBuildInputs = [ makeWrapper ]; + + postInstall = '' + wrapProgram $out/bin/soft \ + --prefix PATH : "${lib.makeBinPath [ git ]}" + ''; + + meta = with lib; { + description = "A tasty, self-hosted Git server for the command line"; + homepage = "https://github.com/charmbracelet/soft-serve"; + changelog = "https://github.com/charmbracelet/soft-serve/releases/tag/v${version}"; + mainProgram = "soft"; + license = licenses.mit; + maintainers = with maintainers; [ penguwin ]; + }; +} From 22365053c572ebf4bdc4484a0e33b371b06cec2e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 9 Jul 2023 02:26:14 +0200 Subject: [PATCH 644/988] soft-serve: fix missing bash --- pkgs/soft-serve.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/soft-serve.nix b/pkgs/soft-serve.nix index a6fc8ac..8e9df46 100644 --- a/pkgs/soft-serve.nix +++ b/pkgs/soft-serve.nix @@ -1,6 +1,6 @@ # Borrowed from nixpkgs. # See https://github.com/NixOS/nixpkgs/issues/86349 -{ lib, buildGoModule, fetchFromGitHub, makeWrapper, git }: +{ lib, buildGoModule, fetchFromGitHub, makeWrapper, git, bash }: buildGoModule rec { pname = "soft-serve"; @@ -23,7 +23,7 @@ buildGoModule rec { postInstall = '' wrapProgram $out/bin/soft \ - --prefix PATH : "${lib.makeBinPath [ git ]}" + --prefix PATH : "${lib.makeBinPath [ git bash ]}" ''; meta = with lib; { From ea0f94ea494d8a35c9418aed6559e6aec5c6ae78 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 12 Jul 2023 22:21:28 +0200 Subject: [PATCH 645/988] fix formatting --- overlays.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlays.nix b/overlays.nix index 7432ba5..97be0e4 100644 --- a/overlays.nix +++ b/overlays.nix @@ -38,7 +38,7 @@ }; }); }; - + soft-serve = final: prev: { soft-serve = prev.callPackage ./pkgs/soft-serve.nix { }; }; From 14934251b92aa96f314c3ed6b245861d907c2c54 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 13 Jul 2023 19:05:37 +0200 Subject: [PATCH 646/988] dark theme --- home/modules/git.nix | 2 +- home/modules/helix/config/config.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index bd7e79e..977953e 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -20,7 +20,7 @@ in tabwidth = 4; }; alias = { }; - pager = "delta --light"; + pager = "delta"; }; column.ui = "never"; checkout.defaultRemote = "origin"; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index ecd46a6..625fc49 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "emacs" +theme = "autumn" [editor] line-number = "relative" From e81b73157f710158d6dda71e96a0b361efbd3a2a Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 13 Jul 2023 21:41:15 +0200 Subject: [PATCH 647/988] borg-server: increase quotas --- nixos/modules/borg-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index d704a4a..aec4a13 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -52,13 +52,13 @@ in allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; path = "${cfg.path}/fginfo"; - quota = "10G"; + quota = "50G"; }; "fginfo-git" = { allowSubRepos = false; authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; path = "${cfg.path}/fginfo-git"; - quota = "10G"; + quota = "50G"; }; }; From 241ad618969717a41cd4576f007d80fa5a60a369 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 01:03:24 +0000 Subject: [PATCH 648/988] build(deps): bump DeterminateSystems/nix-installer-action from 3 to 4 Bumps [DeterminateSystems/nix-installer-action](https://github.com/DeterminateSystems/nix-installer-action) from 3 to 4. - [Release notes](https://github.com/DeterminateSystems/nix-installer-action/releases) - [Commits](https://github.com/DeterminateSystems/nix-installer-action/compare/v3...v4) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 05e6a19..a122a2f 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v3 + uses: DeterminateSystems/nix-installer-action@v4 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@vX with: From 76c8a45ba67fb3320f438602951d050de4379655 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jun 2023 01:01:34 +0000 Subject: [PATCH 649/988] build(deps): bump cachix/install-nix-action from 21 to 22 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 21 to 22. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v21...v22) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index a1e1849..c0f87c7 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v21 + - uses: cachix/install-nix-action@v22 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | From a429417650bc189204d763138d7d5d91154278ff Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 18 Jul 2023 19:07:25 +0200 Subject: [PATCH 650/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-registry': 'github:NixOS/flake-registry/8054bfa00d60437297d670ab3296a117e7059a10' (2023-04-25) → 'github:NixOS/flake-registry/5d8dc3eb692809ffd9a2f22cdb8015aa11972905' (2023-07-14) • Updated input 'flake-utils': 'github:numtide/flake-utils/dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7' (2023-06-25) → 'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/9191c85aab6b1a7ad395c13d340f2aa0e3ddf552' (2023-07-07) → 'github:nix-community/nixos-generators/11c98929963a95ad3830960a9216d00e2f792502' (2023-07-17) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/a92befce80a487380ea5e92ae515fe33cebd3ac6' (2023-07-02) → 'github:nix-community/nixpkgs.lib/02fea408f27186f139153e1ae88f8ab2abd9c22c' (2023-07-16) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/429f232fe1dc398c5afea19a51aad6931ee0fb89' (2023-06-15) → 'github:NixOS/nixos-hardware/d4ea64f2063820120c05f6ba93ee02e6d4671d6b' (2023-07-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e11142026e2cef35ea52c9205703823df225c947' (2023-07-05) → 'github:NixOS/nixpkgs/53657afe29748b3e462f1f892287b7e254c26d77' (2023-07-17) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 9bf8ebc..2eb4d3a 100644 --- a/flake.lock +++ b/flake.lock @@ -45,11 +45,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1682423975, - "narHash": "sha256-zvOBrH3hwCedgpaWiOSHYSt+fgF/RhaJs8R5qOX6AYc=", + "lastModified": 1689333397, + "narHash": "sha256-g1Nn0sgH/hR/gEAQ1q6bloU+Q+V+Y4HlBBH6CBxC0HM=", "owner": "NixOS", "repo": "flake-registry", - "rev": "8054bfa00d60437297d670ab3296a117e7059a10", + "rev": "5d8dc3eb692809ffd9a2f22cdb8015aa11972905", "type": "github" }, "original": { @@ -63,11 +63,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1687709756, - "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixlib": { "locked": { - "lastModified": 1688259758, - "narHash": "sha256-CYVbYQfIm3vwciCf6CCYE+WOOLE3vcfxfEfNHIfKUJQ=", + "lastModified": 1689469483, + "narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a92befce80a487380ea5e92ae515fe33cebd3ac6", + "rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1688738567, - "narHash": "sha256-yax5BYOfpE0+95kyJmEcfKEdZBaFvCENDogBB4VQB3Q=", + "lastModified": 1689558522, + "narHash": "sha256-diNpqSRebzvT3P4fLX+40VWZbf2H2hraJDDdg5NJSj0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "9191c85aab6b1a7ad395c13d340f2aa0e3ddf552", + "rev": "11c98929963a95ad3830960a9216d00e2f792502", "type": "github" }, "original": { @@ -185,11 +185,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1686838567, - "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", + "lastModified": 1689320556, + "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", + "rev": "d4ea64f2063820120c05f6ba93ee02e6d4671d6b", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1688594934, - "narHash": "sha256-3dUo20PsmUd57jVZRx5vgKyIN1tv+v/JQweZsve5q/A=", + "lastModified": 1689605451, + "narHash": "sha256-u2qp2k9V1smCfk6rdUcgMKvBj3G9jVvaPHyeXinjN9E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e11142026e2cef35ea52c9205703823df225c947", + "rev": "53657afe29748b3e462f1f892287b7e254c26d77", "type": "github" }, "original": { From a0351bb03c640b46aee9d41a3bef2ffcf3abb03e Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 18 Jul 2023 19:07:49 +0200 Subject: [PATCH 651/988] Update README --- README.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/README.md b/README.md index 105bf2d..c5dc70a 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,3 @@ # nix configuration Use at your own risk. - -## Deploying - -``` -nix run .#deploy $TARGET_HOST -``` - -## TODO - -- make private keys in networking module into options and store keys with agenix From 0d02c7ddd8c2a9db7b76354943b110814100818b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jul 2023 15:37:31 +0200 Subject: [PATCH 652/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/11c98929963a95ad3830960a9216d00e2f792502' (2023-07-17) → 'github:nix-community/nixos-generators/b1171de4d362c022130c92d7c8adc4bf2b83d586' (2023-07-23) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/d4ea64f2063820120c05f6ba93ee02e6d4671d6b' (2023-07-14) → 'github:NixOS/nixos-hardware/ba9650b14e83b365fb9e731f7d7c803f22d2aecf' (2023-07-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/53657afe29748b3e462f1f892287b7e254c26d77' (2023-07-17) → 'github:NixOS/nixpkgs/48e82fe1b1c863ee26a33ce9bd39621d2ada0a33' (2023-07-28) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2eb4d3a..7ed5962 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1689558522, - "narHash": "sha256-diNpqSRebzvT3P4fLX+40VWZbf2H2hraJDDdg5NJSj0=", + "lastModified": 1690133435, + "narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "11c98929963a95ad3830960a9216d00e2f792502", + "rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586", "type": "github" }, "original": { @@ -185,11 +185,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1689320556, - "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", + "lastModified": 1690200740, + "narHash": "sha256-aRkEXGmCbAGcvDcdh/HB3YN+EvoPoxmJMOaqRZmf6vM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d4ea64f2063820120c05f6ba93ee02e6d4671d6b", + "rev": "ba9650b14e83b365fb9e731f7d7c803f22d2aecf", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1689605451, - "narHash": "sha256-u2qp2k9V1smCfk6rdUcgMKvBj3G9jVvaPHyeXinjN9E=", + "lastModified": 1690558459, + "narHash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53657afe29748b3e462f1f892287b7e254c26d77", + "rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33", "type": "github" }, "original": { From fae51f11c9f8c531bf5ace9cd0338462f39b73c1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jul 2023 17:17:10 +0200 Subject: [PATCH 653/988] ninurta: create snapshots subvolumes for snapper See also https://github.com/NixOS/nixpkgs/pull/78046 --- nixos/ninurta/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index de73b3c..079a6e1 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -212,6 +212,10 @@ in systemd.tmpfiles.rules = [ "d /var/www/pruflas.uwu 0551 nginx nginx - -" "d /mnt/storage/backups/ninurta 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" + "v /var/.snapshots 0755 root root - -" + "v /home/.snapshots 0755 root root - -" + "v /mnt/storage/.snapshots 0755 root root - -" + "v /mnt/storage/backups 0755 root root - -" ]; age.secrets.${wg0PrivKey} = { @@ -236,6 +240,15 @@ in services.snapper = { cleanupInterval = "1d"; snapshotInterval = "hourly"; + configs.home = { + SUBVOLUME = "/home"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_LIMIT_HOURLY = 24; + TIMELINE_LIMIT_DAILY = 13; + TIMELINE_LIMIT_WEEKLY = 6; + TIMELINE_LIMIT_MONTHLY = 3; + }; configs.var = { SUBVOLUME = "/var"; TIMELINE_CREATE = true; From ed0dd8fa36753195410c72cf176fda521c8af481 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jul 2023 17:19:18 +0200 Subject: [PATCH 654/988] ninurta: remove unused reference --- nixos/ninurta/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index f99ce28..8de34e8 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = From f699d43eeb0cd2773c550c38483c3314b18de998 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jul 2023 17:22:38 +0200 Subject: [PATCH 655/988] git: use dark theme for diff viewer --- home/modules/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index 977953e..a0ea0af 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -35,7 +35,7 @@ in algorithm = "histogram"; colorMoved = "default"; }; - interactive.diffFilter = "delta --color-only --light"; + interactive.diffFilter = "delta --color-only"; merge.conflictstyle = "diff3"; status = { short = true; From 7fe3575f0d81e89c282a87bbf125108ff57c0d6d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 29 Jul 2023 18:58:15 +0200 Subject: [PATCH 656/988] flake: fix rtw89 firmware dependency --- flake.lock | 12 ++++++------ flake.nix | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 7ed5962..a8dd0c1 100644 --- a/flake.lock +++ b/flake.lock @@ -185,16 +185,16 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1690200740, - "narHash": "sha256-aRkEXGmCbAGcvDcdh/HB3YN+EvoPoxmJMOaqRZmf6vM=", - "owner": "NixOS", + "lastModified": 1690648710, + "narHash": "sha256-Je0cdqxMjhnaPG2Hf6/iuG86q3O8Wt8QFkwzR+c03b4=", + "owner": "dadada", "repo": "nixos-hardware", - "rev": "ba9650b14e83b365fb9e731f7d7c803f22d2aecf", + "rev": "debee0861ec3f155dc3b18e69eeff533d9c3f97d", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "master", + "owner": "dadada", + "ref": "fix-linux-firmware", "repo": "nixos-hardware", "type": "github" } diff --git a/flake.nix b/flake.nix index 3016008..66c4187 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + nixos-hardware.url = "github:dadada/nixos-hardware/fix-linux-firmware"; homePage = { url = "github:dadada/dadada.li"; }; From 7ac3e6add613f709bd8caa817c1a7ac3ac4a1972 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 30 Jul 2023 13:03:31 +0200 Subject: [PATCH 657/988] inputs: switch back to nixos-hardware master branch --- flake.lock | 12 ++++++------ flake.nix | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index a8dd0c1..87092df 100644 --- a/flake.lock +++ b/flake.lock @@ -185,16 +185,16 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1690648710, - "narHash": "sha256-Je0cdqxMjhnaPG2Hf6/iuG86q3O8Wt8QFkwzR+c03b4=", - "owner": "dadada", + "lastModified": 1690704397, + "narHash": "sha256-sgIWjcz0e+x87xlKg324VtHgH55J5rIuFF0ZWRDvQoE=", + "owner": "NixOS", "repo": "nixos-hardware", - "rev": "debee0861ec3f155dc3b18e69eeff533d9c3f97d", + "rev": "96e5a0a0e8568c998135ea05575a9ed2c87f5492", "type": "github" }, "original": { - "owner": "dadada", - "ref": "fix-linux-firmware", + "owner": "NixOS", + "ref": "master", "repo": "nixos-hardware", "type": "github" } diff --git a/flake.nix b/flake.nix index 66c4187..3016008 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-hardware.url = "github:dadada/nixos-hardware/fix-linux-firmware"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homePage = { url = "github:dadada/dadada.li"; }; From cf221f554e1c14e06c95d16ca1654c325dd9b90a Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 13 Aug 2023 17:54:32 +0200 Subject: [PATCH 658/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/96e5a0a0e8568c998135ea05575a9ed2c87f5492' (2023-07-30) → 'github:NixOS/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/48e82fe1b1c863ee26a33ce9bd39621d2ada0a33' (2023-07-28) → 'github:NixOS/nixpkgs/3fe694c4156b84dac12627685c7ae592a71e2206' (2023-08-12) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 87092df..b5f1496 100644 --- a/flake.lock +++ b/flake.lock @@ -185,11 +185,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1690704397, - "narHash": "sha256-sgIWjcz0e+x87xlKg324VtHgH55J5rIuFF0ZWRDvQoE=", + "lastModified": 1691871742, + "narHash": "sha256-6yDNjfbAMpwzWL4y75fxs6beXHRANfYX8BNSPjYehck=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "96e5a0a0e8568c998135ea05575a9ed2c87f5492", + "rev": "430a56dd16fe583a812b2df44dca002acab2f4f6", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1690558459, - "narHash": "sha256-5W7y1l2cLYPkpJGNlAja7XW2X2o9rjf0O1mo9nxS9jQ=", + "lastModified": 1691831739, + "narHash": "sha256-6e12VCvA7jOjhzJ1adLiUV1GTPXGBcCfhggsDwiuNB4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48e82fe1b1c863ee26a33ce9bd39621d2ada0a33", + "rev": "3fe694c4156b84dac12627685c7ae592a71e2206", "type": "github" }, "original": { From ff447a0cc3a9af74afd59a02bafa03b5b93bdefb Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Sep 2023 19:52:55 +0200 Subject: [PATCH 659/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205' (2023-07-03) → 'github:numtide/devshell/65114ea495a8d3cc1352368bf170d67ef005aa5a' (2023-09-04) • Updated input 'flake-registry': 'github:NixOS/flake-registry/5d8dc3eb692809ffd9a2f22cdb8015aa11972905' (2023-07-14) → 'github:NixOS/flake-registry/3f641cbae15d3c74370aa9b97fd0ac478a114305' (2023-08-23) • Updated input 'flake-utils': 'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11) → 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23) • Updated input 'home-manager': 'github:nix-community/home-manager/07c347bb50994691d7b0095f45ebd8838cf6bc38' (2023-06-27) → 'github:nix-community/home-manager/5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c' (2023-08-28) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/b1171de4d362c022130c92d7c8adc4bf2b83d586' (2023-07-23) → 'github:nix-community/nixos-generators/8ee78470029e641cddbd8721496da1316b47d3b4' (2023-09-04) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/02fea408f27186f139153e1ae88f8ab2abd9c22c' (2023-07-16) → 'github:nix-community/nixpkgs.lib/f5af57d3ef9947a70ac86e42695231ac1ad00c25' (2023-09-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/430a56dd16fe583a812b2df44dca002acab2f4f6' (2023-08-12) → 'github:NixOS/nixos-hardware/793de77d9f83418b428e8ba70d1e42c6507d0d35' (2023-09-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3fe694c4156b84dac12627685c7ae592a71e2206' (2023-08-12) → 'github:NixOS/nixpkgs/da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc' (2023-09-03) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index b5f1496..df7a234 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1688380630, - "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=", + "lastModified": 1693833206, + "narHash": "sha256-wHOY0nnD6gWj8u9uI85/YlsganYyWRK1hLFZulZwfmY=", "owner": "numtide", "repo": "devshell", - "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205", + "rev": "65114ea495a8d3cc1352368bf170d67ef005aa5a", "type": "github" }, "original": { @@ -45,11 +45,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1689333397, - "narHash": "sha256-g1Nn0sgH/hR/gEAQ1q6bloU+Q+V+Y4HlBBH6CBxC0HM=", + "lastModified": 1692779116, + "narHash": "sha256-erTXdDToRA8whxURoEgBGWj550vcUirO6adEFIjQ0M0=", "owner": "NixOS", "repo": "flake-registry", - "rev": "5d8dc3eb692809ffd9a2f22cdb8015aa11972905", + "rev": "3f641cbae15d3c74370aa9b97fd0ac478a114305", "type": "github" }, "original": { @@ -63,11 +63,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -98,11 +98,11 @@ ] }, "locked": { - "lastModified": 1687871164, - "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", + "lastModified": 1693208669, + "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", + "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", "type": "github" }, "original": { @@ -149,11 +149,11 @@ }, "nixlib": { "locked": { - "lastModified": 1689469483, - "narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=", + "lastModified": 1693701915, + "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c", + "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1690133435, - "narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=", + "lastModified": 1693791338, + "narHash": "sha256-wHmtB5H8AJTUaeGHw+0hsQ6nU4VyvVrP2P4NeCocRzY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586", + "rev": "8ee78470029e641cddbd8721496da1316b47d3b4", "type": "github" }, "original": { @@ -185,11 +185,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1691871742, - "narHash": "sha256-6yDNjfbAMpwzWL4y75fxs6beXHRANfYX8BNSPjYehck=", + "lastModified": 1693718952, + "narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "430a56dd16fe583a812b2df44dca002acab2f4f6", + "rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1691831739, - "narHash": "sha256-6e12VCvA7jOjhzJ1adLiUV1GTPXGBcCfhggsDwiuNB4=", + "lastModified": 1693771906, + "narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3fe694c4156b84dac12627685c7ae592a71e2206", + "rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc", "type": "github" }, "original": { From bd68216219cba9410c101c430e9d99d16158fc8f Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 10 Sep 2023 13:59:02 +0200 Subject: [PATCH 660/988] update alacritty colors --- home/modules/alacritty/colors.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index 6d3ca2a..badc153 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,6 +1,6 @@ [primary] -background = "0xffffff" -foreground = "0x1e1e1e" +background = "0x1e1e1e" +foreground = "0xffffff" [normal] black = "0x171421" From 43f46c1fdcff9541e1d41900bc7636fcde8e1dea Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 14 Sep 2023 21:07:56 +0200 Subject: [PATCH 661/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/65114ea495a8d3cc1352368bf170d67ef005aa5a' (2023-09-04) → 'github:numtide/devshell/f6aec2e8b1cdddcab10ce7fc2eac66886e3deaad' (2023-09-11) • Updated input 'flake-utils': 'github:numtide/flake-utils/f9e7cf818399d17d347f847525c5a5a8032e4e44' (2023-08-23) → 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12) • Updated input 'home-manager': 'github:nix-community/home-manager/5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c' (2023-08-28) → 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/793de77d9f83418b428e8ba70d1e42c6507d0d35' (2023-09-03) → 'github:NixOS/nixos-hardware/570256327eb6ca6f7bebe8d93af49459092a0c43' (2023-09-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc' (2023-09-03) → 'github:NixOS/nixpkgs/e5f018cf150e29aac26c61dac0790ea023c46b24' (2023-09-12) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index df7a234..7a58f5a 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1693833206, - "narHash": "sha256-wHOY0nnD6gWj8u9uI85/YlsganYyWRK1hLFZulZwfmY=", + "lastModified": 1694435990, + "narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=", "owner": "numtide", "repo": "devshell", - "rev": "65114ea495a8d3cc1352368bf170d67ef005aa5a", + "rev": "f6aec2e8b1cdddcab10ce7fc2eac66886e3deaad", "type": "github" }, "original": { @@ -63,11 +63,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -98,11 +98,11 @@ ] }, "locked": { - "lastModified": 1693208669, - "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", + "lastModified": 1694465129, + "narHash": "sha256-8BQiuobMrCfCbGM7w6Snx+OBYdtTIm0+cGVaKwQ5BFg=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", + "rev": "9787dffff5d315c9593d3f9fb0f9bf2097e1b57b", "type": "github" }, "original": { @@ -185,11 +185,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1693718952, - "narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=", + "lastModified": 1694710316, + "narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35", + "rev": "570256327eb6ca6f7bebe8d93af49459092a0c43", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693771906, - "narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=", + "lastModified": 1694499547, + "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc", + "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", "type": "github" }, "original": { From 4f9349afce945070b249f093909e4afd23d6a1de Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 17 Sep 2023 19:50:19 +0200 Subject: [PATCH 662/988] Deduplicate some inputs --- flake.lock | 53 ++++++++++------------------------------------------- flake.nix | 3 +++ 2 files changed, 13 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index 7a58f5a..0ac8fc2 100644 --- a/flake.lock +++ b/flake.lock @@ -76,21 +76,6 @@ "type": "github" } }, - "flake-utils_2": { - "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -115,7 +100,9 @@ "homePage": { "inputs": { "hugo-theme-anubis": "hugo-theme-anubis", - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1655227494, @@ -200,19 +187,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1629226339, - "narHash": "sha256-szvgmQcUJM3Kv/wNyIn+wtMrrvsks0bk9JOqI2Ij8Ao=", - "path": "/nix/store/vy5l0dvdwwhyc988z185f9i7rqbc1n8y-source", - "rev": "2435ea48c3b295d9cd490535730bb13ab8cfd8a5", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_2": { "locked": { "lastModified": 1694499547, "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", @@ -228,21 +202,14 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "narHash": "sha256-Ccpot1h/rV8MgcngDp5OrdmLTMaUTbStZTR5/sI7zW0=", - "path": "/nix/store/n04lw5nrskzmz7rv17p09qrnjanfkg5d-source", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, "recipemd": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3" + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1647022391, @@ -269,7 +236,7 @@ "homePage": "homePage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "recipemd": "recipemd" } }, diff --git a/flake.nix b/flake.nix index 3016008..e92996e 100644 --- a/flake.nix +++ b/flake.nix @@ -11,9 +11,12 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homePage = { url = "github:dadada/dadada.li"; + inputs.nixpkgs.follows = "nixpkgs"; }; recipemd = { url = "github:dadada/recipemd/nix-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; }; agenix = { url = "github:ryantm/agenix/0.13.0"; From 41f3ade99f1fb2385ab1bde5f3c7b7a05c2f02d4 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 18 Sep 2023 18:11:38 +0200 Subject: [PATCH 663/988] Install jujutsu git frontend --- home/modules/git.nix | 5 +++++ home/modules/jjconfig.toml | 8 ++++++++ 2 files changed, 13 insertions(+) create mode 100644 home/modules/jjconfig.toml diff --git a/home/modules/git.nix b/home/modules/git.nix index a0ea0af..a9fbf6c 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -56,12 +56,17 @@ in }; }; + home.file.".jjconfig.toml".source = ./jjconfig.toml; + home.packages = with pkgs; [ delta + git-branchless git-lfs gitAndTools.hub gitAndTools.lab gitAndTools.git-absorb + jujutsu + meld ]; }; } diff --git a/home/modules/jjconfig.toml b/home/modules/jjconfig.toml new file mode 100644 index 0000000..43fbcbd --- /dev/null +++ b/home/modules/jjconfig.toml @@ -0,0 +1,8 @@ +[user] +name = "Tim Schubert" +email = "dadada@dadada.li" + +[ui] +diff-editor = ["scm-diff-editor", "--dir-diff", "$left", "$right"] +diff-instructions = false +merge-editor = ["meld"] From 703c86352a4298b64275abe8eedafcfca81488b3 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 18 Sep 2023 19:37:49 +0200 Subject: [PATCH 664/988] use newer jj version fix dependencies of homepage --- flake.lock | 62 +++++++++++++++++++++++++--- flake.nix | 5 +++ home/home/default.nix | 2 + home/{modules => home}/jjconfig.toml | 0 home/home/pkgs.nix | 1 + home/modules/git.nix | 3 -- nixos/configurations.nix | 16 +++---- nixos/gorgon/configuration.nix | 2 - outputs.nix | 1 + overlays.nix | 4 ++ 10 files changed, 78 insertions(+), 18 deletions(-) rename home/{modules => home}/jjconfig.toml (100%) diff --git a/flake.lock b/flake.lock index 0ac8fc2..34f28ec 100644 --- a/flake.lock +++ b/flake.lock @@ -105,11 +105,11 @@ ] }, "locked": { - "lastModified": 1655227494, - "narHash": "sha256-GLglKS4pPWOuiFH7e+2c112npURXvehFIT9oB8AOoXc=", + "lastModified": 1695058498, + "narHash": "sha256-YgKWk75O7hIEmNgbTS5WXG+oBas+068grW1hcE37ykc=", "owner": "dadada", "repo": "dadada.li", - "rev": "fa49858d6bc479ab14b5aecdf88c34d3004756fd", + "rev": "30c1ee54d94622da2d582e3767c0baf5abe2cf3f", "type": "github" }, "original": { @@ -121,11 +121,11 @@ "hugo-theme-anubis": { "flake": false, "locked": { - "lastModified": 1626675855, - "narHash": "sha256-Vj77NcXxPOcatDbLvW+d90hsUpYH+2eyhpyXv82ZTts=", + "lastModified": 1693734155, + "narHash": "sha256-/saWnt2ryheBvW9aHqpjAE4aNBhEhkrD62Ch8CI2GvM=", "owner": "mitrichius", "repo": "hugo-theme-anubis", - "rev": "5dab60e04a37896c09a32137aefe821c63b3af04", + "rev": "e4e2c0bc4145ee152a32fdd940ed398ab0b77e6c", "type": "github" }, "original": { @@ -134,6 +134,30 @@ "type": "github" } }, + "jujutsu": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1695053459, + "narHash": "sha256-gQ1ydO1DKhJbXXU7/nbG6HD0zficKu2UHIchNgjNtPw=", + "owner": "martinvonz", + "repo": "jj", + "rev": "39c0f0d2d568adb0149fbe5532b0cf10c52e0a17", + "type": "github" + }, + "original": { + "owner": "martinvonz", + "repo": "jj", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1693701915, @@ -234,12 +258,38 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "homePage": "homePage", + "jujutsu": "jujutsu", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "recipemd": "recipemd" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "jujutsu", + "flake-utils" + ], + "nixpkgs": [ + "jujutsu", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1691719735, + "narHash": "sha256-GhPn5EIhGt7aFwgC6RELZJC7mUIol9O0k7Dsf2Hu0AM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "ac9d8b2e9acc153145e6fa3c78f9ba458ae517bf", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index e92996e..070c654 100644 --- a/flake.nix +++ b/flake.nix @@ -34,6 +34,11 @@ url = "github:NixOS/flake-registry"; flake = false; }; + jujutsu = { + url = "github:martinvonz/jj"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; }; outputs = { ... } @ args: import ./outputs.nix args; diff --git a/home/home/default.nix b/home/home/default.nix index 026afd8..0cf8aa6 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -100,6 +100,8 @@ in sslcacertfile = /etc/ssl/certs/ca-certificates.crt ''; + home.file.".jjconfig.toml".source = ./jjconfig.toml; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/modules/jjconfig.toml b/home/home/jjconfig.toml similarity index 100% rename from home/modules/jjconfig.toml rename to home/home/jjconfig.toml diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index fefba2f..c04f127 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -62,6 +62,7 @@ with pkgs; [ jameica jc # convert output to json josm + jujutsu jq jq #jupyter diff --git a/home/modules/git.nix b/home/modules/git.nix index a9fbf6c..e7ec38e 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -56,8 +56,6 @@ in }; }; - home.file.".jjconfig.toml".source = ./jjconfig.toml; - home.packages = with pkgs; [ delta git-branchless @@ -65,7 +63,6 @@ in gitAndTools.hub gitAndTools.lab gitAndTools.git-absorb - jujutsu meld ]; }; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 6c8f9da..d88868c 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -4,12 +4,16 @@ , home-manager , homePage , nixos-hardware -, recipemd , nixos-generators , ... }@inputs: let - getDefaultPkgs = system: flakes: nixpkgs.lib.mapAttrs (_: value: nixpkgs.lib.getAttr system value.defaultPackage) flakes; + more-packages = system: { + more-packages = final: prev: { + recipemd = inputs.recipemd.packages.${system}.recipemd; + jujutsu = inputs.jujutsu.packages.${system}.jujutsu; + }; + }; nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { inherit system; @@ -17,7 +21,7 @@ let modules = [{ # Add flakes to registry and nix path. dadada.inputs = inputs // { dadada = self; }; - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + nixpkgs.overlays = nixpkgs.lib.attrValues (self.overlays // (more-packages system)); }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in @@ -28,9 +32,7 @@ in extraModules = [ { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = (getDefaultPkgs system { - inherit recipemd; - }) // self.packages.${system}; + dadada.pkgs = self.packages.${system}; } nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 @@ -62,7 +64,7 @@ in system = "x86_64-linux"; extraModules = [ { - dadada.homePage.package = homePage.defaultPackage.${system}; + dadada.homePage.package = homePage.packages.${system}.homePage; } ./modules/profiles/server.nix ./surgat/configuration.nix diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 55018e5..420dfc8 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,8 +128,6 @@ in environment.systemPackages = with pkgs; [ chromium ghostscript - config.dadada.pkgs.recipemd - config.dadada.pkgs.map cachix ]; diff --git a/outputs.nix b/outputs.nix index ca14c83..94979f0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -9,6 +9,7 @@ , recipemd , agenix , devshell +, jujutsu , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: diff --git a/overlays.nix b/overlays.nix index 97be0e4..636893e 100644 --- a/overlays.nix +++ b/overlays.nix @@ -42,4 +42,8 @@ soft-serve = final: prev: { soft-serve = prev.callPackage ./pkgs/soft-serve.nix { }; }; + + map = final: prev: { + map = prev.callPackage ./pkgs/map.nix { }; + }; } From 719c251d6ed74ffe0a47ee00ff4f084b1b622078 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 26 Sep 2023 18:07:54 +0200 Subject: [PATCH 665/988] Replace exa with eza Override inputs to keep number of transitive inputs small --- flake.lock | 100 ++++++++++++++++++++++++++++++++------- flake.nix | 29 +++++++++++- nixos/configurations.nix | 2 + outputs.nix | 1 + 4 files changed, 114 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 34f28ec..8b39c83 100644 --- a/flake.lock +++ b/flake.lock @@ -26,7 +26,9 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems" + "systems": [ + "systems" + ] }, "locked": { "lastModified": 1694435990, @@ -42,6 +44,38 @@ "type": "github" } }, + "eza": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "naersk": [ + "naersk" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ], + "treefmt-nix": [ + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1695708797, + "narHash": "sha256-XTlIx8Qmp9g2yOm+uONwUWYgeaxCY8xOVKqdcec0Z2w=", + "owner": "eza-community", + "repo": "eza", + "rev": "cdf22c57c58c234257176c3a0ec0d6423b787716", + "type": "github" + }, + "original": { + "owner": "eza-community", + "repo": "eza", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -60,7 +94,9 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": [ + "systems" + ] }, "locked": { "lastModified": 1694529238, @@ -142,7 +178,9 @@ "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { "lastModified": 1695053459, @@ -158,6 +196,26 @@ "type": "github" } }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1694081375, + "narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=", + "owner": "nix-community", + "repo": "naersk", + "rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1693701915, @@ -254,34 +312,37 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", + "eza": "eza", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", "homePage": "homePage", "jujutsu": "jujutsu", + "naersk": "naersk", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "recipemd": "recipemd" + "recipemd": "recipemd", + "rust-overlay": "rust-overlay", + "systems": "systems", + "treefmt-nix": "treefmt-nix" } }, "rust-overlay": { "inputs": { "flake-utils": [ - "jujutsu", "flake-utils" ], "nixpkgs": [ - "jujutsu", "nixpkgs" ] }, "locked": { - "lastModified": 1691719735, - "narHash": "sha256-GhPn5EIhGt7aFwgC6RELZJC7mUIol9O0k7Dsf2Hu0AM=", + "lastModified": 1695694299, + "narHash": "sha256-0CucEiOZzOVHwmGDJKNXLj7aDYOqbRtqChp9nbGrh18=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ac9d8b2e9acc153145e6fa3c78f9ba458ae517bf", + "rev": "c89a55d2d91cf55234466934b25deeffa365188a", "type": "github" }, "original": { @@ -305,18 +366,23 @@ "type": "github" } }, - "systems_2": { + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "lastModified": 1695290086, + "narHash": "sha256-ol6licpIAzc9oMsEai/9YZhgSMcrnlnD/3ulMLGNKL0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "e951529be2e7c669487de78f5aef8597bbae5fca", "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } } diff --git a/flake.nix b/flake.nix index 070c654..038f146 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,10 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; - flake-utils.url = "github:numtide/flake-utils"; + flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; home-manager = { url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; @@ -25,6 +28,7 @@ devshell = { url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.systems.follows = "systems"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; @@ -34,10 +38,33 @@ url = "github:NixOS/flake-registry"; flake = false; }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + naersk = { + url = "github:nix-community/naersk"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + eza = { + url = "github:eza-community/eza"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + inputs.rust-overlay.follows = "rust-overlay"; + inputs.naersk.follows = "naersk"; + inputs.treefmt-nix.follows = "treefmt-nix"; + }; jujutsu = { url = "github:martinvonz/jj"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; + inputs.rust-overlay.follows = "rust-overlay"; + }; + systems.url = "github:nix-systems/default"; + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index d88868c..1e1fa1e 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,5 +1,6 @@ { self , agenix +, eza , nixpkgs , home-manager , homePage @@ -10,6 +11,7 @@ let more-packages = system: { more-packages = final: prev: { + exa = inputs.eza.packages.${system}.default; recipemd = inputs.recipemd.packages.${system}.recipemd; jujutsu = inputs.jujutsu.packages.${system}.jujutsu; }; diff --git a/outputs.nix b/outputs.nix index 94979f0..4783575 100644 --- a/outputs.nix +++ b/outputs.nix @@ -10,6 +10,7 @@ , agenix , devshell , jujutsu +, eza , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: From 23cbf5c1cb4f53c51110ae045e0e8e204675dcef Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 26 Sep 2023 18:16:49 +0200 Subject: [PATCH 666/988] alias exa=eza --- home/modules/zsh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 1e73c0a..1f88e8e 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -61,6 +61,7 @@ in gst = "git status"; gsta = "git stash"; gstap = "git stash apply"; + exa = "eza"; ls = "exa"; la = "exa -a"; ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\""; From 1f27149cd938787a15f0e5798cd61fe130924084 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 26 Sep 2023 18:18:51 +0200 Subject: [PATCH 667/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/f6aec2e8b1cdddcab10ce7fc2eac66886e3deaad' (2023-09-11) → 'github:numtide/devshell/05d40d17bf3459606316e3e9ec683b784ff28f16' (2023-09-20) • Updated input 'home-manager': 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11) → 'github:nix-community/home-manager/07682fff75d41f18327a871088d20af2710d4744' (2023-09-19) • Updated input 'jujutsu': 'github:martinvonz/jj/39c0f0d2d568adb0149fbe5532b0cf10c52e0a17' (2023-09-18) → 'github:martinvonz/jj/9938051d99cc7cbe13e577437afe07717a20d66d' (2023-09-26) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/570256327eb6ca6f7bebe8d93af49459092a0c43' (2023-09-14) → 'github:NixOS/nixos-hardware/61283b30d11f27d5b76439d43f20d0c0c8ff5296' (2023-09-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e5f018cf150e29aac26c61dac0790ea023c46b24' (2023-09-12) → 'github:NixOS/nixpkgs/261abe8a44a7e8392598d038d2e01f7b33cf26d0' (2023-09-24) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 8b39c83..1a535be 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1694435990, - "narHash": "sha256-yLQPD2eZGepu3yvdwABXrR3GhAqWRWTj9rn3a4knYuk=", + "lastModified": 1695195896, + "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=", "owner": "numtide", "repo": "devshell", - "rev": "f6aec2e8b1cdddcab10ce7fc2eac66886e3deaad", + "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16", "type": "github" }, "original": { @@ -119,11 +119,11 @@ ] }, "locked": { - "lastModified": 1694465129, - "narHash": "sha256-8BQiuobMrCfCbGM7w6Snx+OBYdtTIm0+cGVaKwQ5BFg=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "9787dffff5d315c9593d3f9fb0f9bf2097e1b57b", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1695053459, - "narHash": "sha256-gQ1ydO1DKhJbXXU7/nbG6HD0zficKu2UHIchNgjNtPw=", + "lastModified": 1695742096, + "narHash": "sha256-TrHLwudMXPg1oQY5QzX223vgDuqHL8hmFOzaICH013w=", "owner": "martinvonz", "repo": "jj", - "rev": "39c0f0d2d568adb0149fbe5532b0cf10c52e0a17", + "rev": "9938051d99cc7cbe13e577437afe07717a20d66d", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1694710316, - "narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=", + "lastModified": 1695541019, + "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "570256327eb6ca6f7bebe8d93af49459092a0c43", + "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694499547, - "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", + "lastModified": 1695559356, + "narHash": "sha256-kXZ1pUoImD9OEbPCwpTz4tHsNTr4CIyIfXb3ocuR8sI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", + "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0", "type": "github" }, "original": { From 43a20d60f6b5d85db6d55f526751b8604210cf82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 01:14:40 +0000 Subject: [PATCH 668/988] build(deps): bump cachix/install-nix-action from 22 to 23 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 22 to 23. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v22...v23) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index c0f87c7..f38126e 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v23 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | From 76052cb73136872f647b6a85e14a619ab00327f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Sep 2023 17:11:52 +0000 Subject: [PATCH 669/988] build(deps): bump actions/checkout from 2 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- .github/workflows/nix-flake-update.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index f38126e..360b57f 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -10,7 +10,7 @@ jobs: name: "Checks" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v23 with: nix_path: nixpkgs=channel:nixos-stable diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index a122a2f..15130d7 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@v4 - name: Update flake.lock From 75cb0fb634e972b6ffbd5039cf6464cfc6997468 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 30 Sep 2023 19:39:29 +0200 Subject: [PATCH 670/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/05d40d17bf3459606316e3e9ec683b784ff28f16' (2023-09-20) → 'github:numtide/devshell/cd4e2fda3150dd2f689caeac07b7f47df5197c31' (2023-09-29) • Updated input 'eza': 'github:eza-community/eza/cdf22c57c58c234257176c3a0ec0d6423b787716' (2023-09-26) → 'github:eza-community/eza/522d20c8d2b86db0412e10bdc41780c9a83c790d' (2023-09-30) • Updated input 'jujutsu': 'github:martinvonz/jj/9938051d99cc7cbe13e577437afe07717a20d66d' (2023-09-26) → 'github:martinvonz/jj/f0f1d72cf3a5542309839d27f578aa315b998407' (2023-09-30) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/8ee78470029e641cddbd8721496da1316b47d3b4' (2023-09-04) → 'github:nix-community/nixos-generators/150f38bd1e09e20987feacb1b0d5991357532fb5' (2023-09-30) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/61283b30d11f27d5b76439d43f20d0c0c8ff5296' (2023-09-24) → 'github:NixOS/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/261abe8a44a7e8392598d038d2e01f7b33cf26d0' (2023-09-24) → 'github:NixOS/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e' (2023-09-27) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/c89a55d2d91cf55234466934b25deeffa365188a' (2023-09-26) → 'github:oxalica/rust-overlay/a4c3c904ab29e04a20d3a6da6626d66030385773' (2023-09-30) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/e951529be2e7c669487de78f5aef8597bbae5fca' (2023-09-21) → 'github:numtide/treefmt-nix/720bd006d855b08e60664e4683ccddb7a9ff614a' (2023-09-27) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 1a535be..b9fd5d7 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1695195896, - "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=", + "lastModified": 1695973661, + "narHash": "sha256-BP2H4c42GThPIhERtTpV1yCtwQHYHEKdRu7pjrmQAwo=", "owner": "numtide", "repo": "devshell", - "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16", + "rev": "cd4e2fda3150dd2f689caeac07b7f47df5197c31", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1695708797, - "narHash": "sha256-XTlIx8Qmp9g2yOm+uONwUWYgeaxCY8xOVKqdcec0Z2w=", + "lastModified": 1696092044, + "narHash": "sha256-rX8IlBNfaBItPmGVW/jTofo9dJ7P5whoHkif0b6zP4k=", "owner": "eza-community", "repo": "eza", - "rev": "cdf22c57c58c234257176c3a0ec0d6423b787716", + "rev": "522d20c8d2b86db0412e10bdc41780c9a83c790d", "type": "github" }, "original": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1695742096, - "narHash": "sha256-TrHLwudMXPg1oQY5QzX223vgDuqHL8hmFOzaICH013w=", + "lastModified": 1696042955, + "narHash": "sha256-+ImP9HZDKFnJMW9cjRfGN9BAPIcUs8os0QHw/0crp6A=", "owner": "martinvonz", "repo": "jj", - "rev": "9938051d99cc7cbe13e577437afe07717a20d66d", + "rev": "f0f1d72cf3a5542309839d27f578aa315b998407", "type": "github" }, "original": { @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1693791338, - "narHash": "sha256-wHmtB5H8AJTUaeGHw+0hsQ6nU4VyvVrP2P4NeCocRzY=", + "lastModified": 1696058303, + "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8ee78470029e641cddbd8721496da1316b47d3b4", + "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1695541019, - "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=", + "lastModified": 1695887975, + "narHash": "sha256-u3+5FR12dI305jCMb0fJNQx2qwoQ54lv1tPoEWp0hmg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296", + "rev": "adcfd6aa860d1d129055039696bc457af7d50d0e", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695559356, - "narHash": "sha256-kXZ1pUoImD9OEbPCwpTz4tHsNTr4CIyIfXb3ocuR8sI=", + "lastModified": 1695825837, + "narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "261abe8a44a7e8392598d038d2e01f7b33cf26d0", + "rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1695694299, - "narHash": "sha256-0CucEiOZzOVHwmGDJKNXLj7aDYOqbRtqChp9nbGrh18=", + "lastModified": 1696039808, + "narHash": "sha256-7TbAr9LskWG6ISPhUdyp6zHboT7FsFrME5QsWKybPTA=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "c89a55d2d91cf55234466934b25deeffa365188a", + "rev": "a4c3c904ab29e04a20d3a6da6626d66030385773", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1695290086, - "narHash": "sha256-ol6licpIAzc9oMsEai/9YZhgSMcrnlnD/3ulMLGNKL0=", + "lastModified": 1695822946, + "narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e951529be2e7c669487de78f5aef8597bbae5fca", + "rev": "720bd006d855b08e60664e4683ccddb7a9ff614a", "type": "github" }, "original": { From 49245cee2eac550ca1ff394cebd5462bde524f56 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 7 Oct 2023 18:22:44 +0200 Subject: [PATCH 671/988] Enable yubikey and upgrade keys --- admins.nix | 1 + home/home/default.nix | 2 +- home/modules/git.nix | 1 + home/modules/gpg.nix | 4 -- home/modules/keyring.nix | 2 +- nixos/gorgon/configuration.nix | 27 +++++--------- nixos/modules/default.nix | 1 + nixos/modules/yubikey.nix | 67 ++++++++++++++++++++++++++++++++++ 8 files changed, 81 insertions(+), 24 deletions(-) create mode 100644 nixos/modules/yubikey.nix diff --git a/admins.nix b/admins.nix index e83a69a..a49c355 100644 --- a/admins.nix +++ b/admins.nix @@ -3,6 +3,7 @@ shell = "zsh"; keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada " ]; }; } diff --git a/home/home/default.nix b/home/home/default.nix index 0cf8aa6..039b064 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -25,7 +25,7 @@ in programs.git = { signing = { - key = "D68C84695C087E0F733A28D0EEB8D1CE62C4DFEA"; + key = "~/.ssh/dadada-git-signing"; signByDefault = true; }; userEmail = "dadada@dadada.li"; diff --git a/home/modules/git.nix b/home/modules/git.nix index e7ec38e..ede60eb 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -45,6 +45,7 @@ in commit.verbose = true; log.date = "iso8601-local"; tag.gpgSign = true; + gpg.format = "ssh"; pull = { prune = true; ff = "only"; diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index e8c159a..2e77ad0 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -29,9 +29,5 @@ in enableSshSupport = false; pinentryFlavor = "gnome3"; }; - - programs.git.extraConfig = { - commit = { gpgSign = true; }; - }; }; } diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index 382ca32..e82d476 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -12,7 +12,7 @@ in config = mkIf cfg.enable { services.gnome-keyring = { enable = false; - components = [ "pkcs11" "secrets" ]; + components = [ "secrets" ]; }; }; } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 420dfc8..64443e2 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,21 +1,9 @@ { config , pkgs , lib -, secretsPath , ... }: let - signHook = - pkgs.writeShellScript "/etc/nix/sign-cache.sh" - '' - set -eu - set -f # disable globbing - export IFS=' ' - - echo "Signing paths" $OUT_PATHS - nix store sign --key-file /etc/nix/key.private $OUT_PATHS - ''; - xilinxJtag = pkgs.writeTextFile { name = "xilinx-jtag"; text = '' @@ -65,13 +53,16 @@ in networking.hostName = "gorgon"; dadada = { - #headphones.enable = true; steam.enable = true; - #fido2 = { - # credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; - # enablePam = true; - #}; - luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; + yubikey = { + enable = true; + #luksUuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; + fido2Credentials = [ + "0295c215865e4d988cf5148db9197ae58bc26b0838b35e2b35bafdb837e9f8b103309466d7cfa8c71d6c01d4908e2708" + "f8a4359e4a67d8a149a72ad5fb2db0fbc11e2480102e5a2e353297dce5e1ad53419acade31eb4a4bd803b808c29ba0b4" + ]; + }; + networking = { enableBsShare = true; vpnExtension = "3"; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index f89d4ce..3448a55 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -21,4 +21,5 @@ sway = import ./sway.nix; vpnServer = import ./vpnServer.nix; weechat = import ./weechat.nix; + yubikey = import ./yubikey.nix; } diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix new file mode 100644 index 0000000..9d1b117 --- /dev/null +++ b/nixos/modules/yubikey.nix @@ -0,0 +1,67 @@ +{ config +, pkgs +, lib +, ... +}: +with lib; let + yubikey = config.dadada.yubikey; +in +{ + options = { + dadada.yubikey = { + enable = mkEnableOption "Enable Yubikey"; + fido2Credentials = mkOption { + type = with types; listOf str; + description = "FIDO2 credential strings"; + default = [ ]; + }; + luksUuid = mkOption { + type = with types; nullOr str; + description = "Device UUID"; + default = null; + }; + }; + }; + + config = mkIf yubikey.enable { + boot.initrd.luks = { + fido2Support = true; + devices = mkIf (yubikey.luksUuid != null) { + root = { + device = "/dev/disk/by-uuid/${yubikey.luksUuid}"; + preLVM = true; + allowDiscards = true; + fido2 = mkIf (yubikey.fido2Credentials != [ ]) { + credentials = yubikey.fido2Credentials; + passwordLess = true; + }; + }; + }; + }; + + security.pam = { + # Keys must be placed in $XDG_CONFIG_HOME/Yubico/u2f_keys + services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + u2f = { + control = "sufficient"; + cue = true; + }; + }; + + services.pcscd.enable = true; + + services.udev.packages = [ pkgs.yubikey-personalization ]; + + environment.systemPackages = with pkgs; [ + fido2luks + linuxPackages.acpi_call + pam_u2f + pamtester + yubikey-manager + yubikey-manager-qt + ]; + }; +} From 3ae6b7619bf8de228624ec1ca80da6435ed5de82 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 7 Oct 2023 23:22:14 +0200 Subject: [PATCH 672/988] Add backup key --- admins.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/admins.nix b/admins.nix index a49c355..eb3b493 100644 --- a/admins.nix +++ b/admins.nix @@ -4,6 +4,7 @@ keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada " + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM8ROKVEwEJlSzlRr/l5T505UZuBn3uCCTNHIhG5n+nTAAAABHNzaDo= dadada Backup " ]; }; } From 34db2b30987ca60c496876d822d6789f1b9a9040 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 7 Oct 2023 23:24:04 +0200 Subject: [PATCH 673/988] Add backup key --- admins.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/admins.nix b/admins.nix index eb3b493..82f6cef 100644 --- a/admins.nix +++ b/admins.nix @@ -2,9 +2,8 @@ dadada = { shell = "zsh"; keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada " - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM8ROKVEwEJlSzlRr/l5T505UZuBn3uCCTNHIhG5n+nTAAAABHNzaDo= dadada Backup " + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada " ]; }; } From c29d21b1865349f2ccf09715874de77d231b18f1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 8 Oct 2023 00:23:33 +0200 Subject: [PATCH 674/988] Use ssh-agent --- home/home/default.nix | 9 --------- home/modules/git.nix | 23 ++++++++++++++++++++--- nixos/modules/profiles/laptop.nix | 2 ++ 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/home/home/default.nix b/home/home/default.nix index 039b064..213effa 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -23,15 +23,6 @@ in { home.stateVersion = "20.09"; - programs.git = { - signing = { - key = "~/.ssh/dadada-git-signing"; - signByDefault = true; - }; - userEmail = "dadada@dadada.li"; - userName = "dadada"; - }; - programs.gpg.settings.default-key = "99658A3EB5CD7C13"; dadada.home = diff --git a/home/modules/git.nix b/home/modules/git.nix index ede60eb..778671d 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -5,6 +5,12 @@ }: with lib; let cfg = config.dadada.home.git; + allowedSigners = pkgs.writeTextFile { + name = "allowed-signers"; + text = '' + dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada + ''; + }; in { options.dadada.home.git = { @@ -14,6 +20,20 @@ in programs.git = { enable = true; extraConfig = { + commit = { + gpgSign = true; + verbose = true; + }; + gpg = { + format = "ssh"; + ssh.allowedSignersFile = "${allowedSigners}"; + }; + tag.gpgSign = true; + user = { + email = "dadada@dadada.li"; + name = "dadada"; + signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada "; + }; core = { whitespace = { tab-in-indent = true; @@ -42,10 +62,7 @@ in branch = true; showUntrackedFiled = "all"; }; - commit.verbose = true; log.date = "iso8601-local"; - tag.gpgSign = true; - gpg.format = "ssh"; pull = { prune = true; ff = "only"; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index fc6813f..ff68072 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -15,6 +15,8 @@ with lib; { networking.domain = mkDefault "dadada.li"; services.fwupd.enable = mkDefault true; + programs.ssh.startAgent = true; + programs.ssh.enableAskPassword = true; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; From c09793669b361b76285b62cfbb292a5c65943fd4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 8 Oct 2023 00:42:44 +0200 Subject: [PATCH 675/988] Fix updates --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 15130d7..589d9a4 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -13,7 +13,7 @@ jobs: - name: Install Nix uses: DeterminateSystems/nix-installer-action@v4 - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@vX + uses: DeterminateSystems/update-flake-lock@v20 with: pr-title: "Update flake.lock" # Title of PR to be created pr-labels: | # Labels to be set on the PR From b4907407fcbc2d650a000881cf7bc4546f929d12 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 8 Oct 2023 12:14:51 +0200 Subject: [PATCH 676/988] Switch to systemd stage 1 --- nixos/gorgon/configuration.nix | 31 ++++++++++-------- nixos/modules/default.nix | 1 - nixos/modules/fido2.nix | 58 ---------------------------------- nixos/modules/yubikey.nix | 19 ++--------- 4 files changed, 20 insertions(+), 89 deletions(-) delete mode 100644 nixos/modules/fido2.nix diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 64443e2..8cd368c 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -48,20 +48,29 @@ in keep-derivations = true ''; - boot.kernelModules = [ "kvm-amd" ]; + boot = { + kernelModules = [ "kvm-amd" ]; + initrd = { + systemd.enable = true; + luks.devices = { + root = { + device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; + preLVM = true; + allowDiscards = true; + crypttabExtraOpts = ["fido2-device=auto"]; + }; + }; + }; + kernel.sysctl = { + "vm.swappiness" = 90; + }; + }; networking.hostName = "gorgon"; dadada = { steam.enable = true; - yubikey = { - enable = true; - #luksUuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; - fido2Credentials = [ - "0295c215865e4d988cf5148db9197ae58bc26b0838b35e2b35bafdb837e9f8b103309466d7cfa8c71d6c01d4908e2708" - "f8a4359e4a67d8a149a72ad5fb2db0fbc11e2480102e5a2e353297dce5e1ad53419acade31eb4a4bd803b808c29ba0b4" - ]; - }; + yubikey.enable = true; networking = { enableBsShare = true; @@ -70,10 +79,6 @@ in sway.enable = false; }; - boot.kernel.sysctl = { - "vm.swappiness" = 90; - }; - programs.adb.enable = true; programs.firefox = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 3448a55..e558aa2 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -4,7 +4,6 @@ borgServer = import ./borg-server.nix; ddns = import ./ddns.nix; element = import ./element.nix; - fido2 = import ./fido2.nix; fileShare = import ./fileShare.nix; gitea = import ./gitea.nix; headphones = import ./headphones.nix; diff --git a/nixos/modules/fido2.nix b/nixos/modules/fido2.nix deleted file mode 100644 index 8405798..0000000 --- a/nixos/modules/fido2.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - luks = config.dadada.luks; - fido2 = config.dadada.fido2; -in -{ - options = { - dadada.luks = { - uuid = mkOption { - type = with types; nullOr str; - description = "Device UUID"; - default = null; - }; - }; - - dadada.fido2 = { - enablePam = mkEnableOption "Enable PAM U2F"; - credential = mkOption { - type = with types; nullOr str; - description = "FIDO2 credential string"; - default = null; - }; - }; - }; - - config = { - boot.initrd.luks.devices = mkIf (luks.uuid != null) { - root = { - device = "/dev/disk/by-uuid/${luks.uuid}"; - preLVM = true; - allowDiscards = true; - fido2 = mkIf (fido2.credential != null) { - credential = fido2.credential; - passwordLess = true; - }; - }; - }; - - boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true; - - environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [ - linuxPackages.acpi_call - fido2luks - python27Packages.dbus-python - python38Packages.solo-python - ]); - - security.pam.u2f = mkIf fido2.enablePam { - enable = true; - control = "sufficient"; - cue = true; - }; - }; -} diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 9d1b117..3df9499 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -24,21 +24,6 @@ in }; config = mkIf yubikey.enable { - boot.initrd.luks = { - fido2Support = true; - devices = mkIf (yubikey.luksUuid != null) { - root = { - device = "/dev/disk/by-uuid/${yubikey.luksUuid}"; - preLVM = true; - allowDiscards = true; - fido2 = mkIf (yubikey.fido2Credentials != [ ]) { - credentials = yubikey.fido2Credentials; - passwordLess = true; - }; - }; - }; - }; - security.pam = { # Keys must be placed in $XDG_CONFIG_HOME/Yubico/u2f_keys services = { @@ -56,8 +41,8 @@ in services.udev.packages = [ pkgs.yubikey-personalization ]; environment.systemPackages = with pkgs; [ - fido2luks - linuxPackages.acpi_call + #fido2luks + #linuxPackages.acpi_call pam_u2f pamtester yubikey-manager From 56bdafd54a5aceb8152dee2541794e9c56f15ac4 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 9 Oct 2023 00:19:52 +0200 Subject: [PATCH 677/988] Fix formatting --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 8cd368c..b020aa3 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -57,7 +57,7 @@ in device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; preLVM = true; allowDiscards = true; - crypttabExtraOpts = ["fido2-device=auto"]; + crypttabExtraOpts = [ "fido2-device=auto" ]; }; }; }; From 5891c3e4de6cd96af7721401253a94ffb685b80e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 00:19:33 +0000 Subject: [PATCH 678/988] build(deps): bump DeterminateSystems/nix-installer-action from 4 to 5 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 4 to 5. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v4...v5) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 589d9a4..f5ad6a1 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v4 + uses: DeterminateSystems/nix-installer-action@v5 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v20 with: From 7a5425217267bf57617287d9dedeea17e26fba64 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 12 Oct 2023 21:31:09 +0200 Subject: [PATCH 679/988] Switch alacritty color scheme to blue for more readable blue color --- home/modules/alacritty/colors.toml | 50 +++++++++++++++++------------- home/modules/alacritty/default.nix | 2 +- 2 files changed, 30 insertions(+), 22 deletions(-) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index badc153..0c459b7 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,23 +1,31 @@ -[primary] -background = "0x1e1e1e" -foreground = "0xffffff" +[colors.primary] +background = "0x0d1117" +foreground = "0xb3b1ad" -[normal] -black = "0x171421" -red = "0xc01c28" -green = "0x26a269" -yellow = "0xa2734c" -blue = "0x12488b" -magenta = "0xa347ba" -cyan = "0x2aa1b3" -white = "0xd0cfcc" +[colors.normal] +black = "0x484f58" +red = "0xff7b72" +green = "0x3fb950" +yellow = "0xd29922" +blue = "0x58a6ff" +magenta = "0xbc8cff" +cyan = "0x39c5cf" +white = "0xb1bac4" -[bright] -black = "0x535c64" -red = "0xf66151" -green = "0x33d17a" -yellow = "0xe9ad0c" -blue = "0x2a7bde" -magenta = "0xc061cb" -cyan = "0x33c7de" -white = "0xffffff" +[colors.bright] +black = "0x6e7681" +red = "0xffa198" +green = "0x56d364" +yellow = "0xe3b341" +blue = "0x79c0ff" +magenta = "0xd2a8ff" +cyan = "0x56d4dd" +white = "0xf0f6fc" + +[[colors.indexed_colors]] +index = 16 +color = "0xd18616" + +[[colors.indexed_colors]] +index = 17 +color = "0xffa198" diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index e0cb7e0..0b84642 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -41,7 +41,7 @@ in }; shell.program = "tmux"; window.decorations = "none"; - colors = lib.trivial.importTOML ./colors.toml; + colors = (lib.trivial.importTOML ./colors.toml).colors; }; }; }; From bee36981a9ff30bbcc039a36c0e7dfdd73e9cc8c Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 12 Oct 2023 21:33:19 +0200 Subject: [PATCH 680/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'eza': 'github:eza-community/eza/522d20c8d2b86db0412e10bdc41780c9a83c790d' (2023-09-30) → 'github:eza-community/eza/7b743992578a9cb1f666f118d8b4edc218d60577' (2023-10-12) • Updated input 'jujutsu': 'github:martinvonz/jj/f0f1d72cf3a5542309839d27f578aa315b998407' (2023-09-30) → 'github:martinvonz/jj/69a30b47aff18e9d6caacaec8c539cc0b463d3c7' (2023-10-12) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28) → 'github:NixOS/nixos-hardware/fb6af288f6cf0f00d3af60cf9d5110433b954565' (2023-10-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e' (2023-09-27) → 'github:NixOS/nixpkgs/bd1cde45c77891214131cbbea5b1203e485a9d51' (2023-10-11) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/a4c3c904ab29e04a20d3a6da6626d66030385773' (2023-09-30) → 'github:oxalica/rust-overlay/aa7584f5bbf5947716ad8ec14eccc0334f0d28f0' (2023-10-12) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/720bd006d855b08e60664e4683ccddb7a9ff614a' (2023-09-27) → 'github:numtide/treefmt-nix/0b2ffeb3ae1a7449a48a952f3e731cfa41eaf780' (2023-10-11) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index b9fd5d7..790c2d8 100644 --- a/flake.lock +++ b/flake.lock @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1696092044, - "narHash": "sha256-rX8IlBNfaBItPmGVW/jTofo9dJ7P5whoHkif0b6zP4k=", + "lastModified": 1697098100, + "narHash": "sha256-eST70KMdGgbTo4FNL3K5YGn9lwIGroG4y4ExKDb30hU=", "owner": "eza-community", "repo": "eza", - "rev": "522d20c8d2b86db0412e10bdc41780c9a83c790d", + "rev": "7b743992578a9cb1f666f118d8b4edc218d60577", "type": "github" }, "original": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1696042955, - "narHash": "sha256-+ImP9HZDKFnJMW9cjRfGN9BAPIcUs8os0QHw/0crp6A=", + "lastModified": 1697097009, + "narHash": "sha256-aFoi7j25b4m8+EEIu25DSYLaNT17cEFylGwTBf6IQQQ=", "owner": "martinvonz", "repo": "jj", - "rev": "f0f1d72cf3a5542309839d27f578aa315b998407", + "rev": "69a30b47aff18e9d6caacaec8c539cc0b463d3c7", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1695887975, - "narHash": "sha256-u3+5FR12dI305jCMb0fJNQx2qwoQ54lv1tPoEWp0hmg=", + "lastModified": 1697100850, + "narHash": "sha256-qSAzJVzNRIo+r3kBjL8TcpJctcgcHlnZyqdzpWgtg0M=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "adcfd6aa860d1d129055039696bc457af7d50d0e", + "rev": "fb6af288f6cf0f00d3af60cf9d5110433b954565", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695825837, - "narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=", + "lastModified": 1696983906, + "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e", + "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1696039808, - "narHash": "sha256-7TbAr9LskWG6ISPhUdyp6zHboT7FsFrME5QsWKybPTA=", + "lastModified": 1697076655, + "narHash": "sha256-NcCtVUOd0X81srZkrdP8qoA1BMsPdO2tGtlZpsGijeU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "a4c3c904ab29e04a20d3a6da6626d66030385773", + "rev": "aa7584f5bbf5947716ad8ec14eccc0334f0d28f0", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1695822946, - "narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=", + "lastModified": 1697018566, + "narHash": "sha256-tOhoeq621JQOULO9X2U+Io03PK/TQrYFYB4sJFaDCuQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "720bd006d855b08e60664e4683ccddb7a9ff614a", + "rev": "0b2ffeb3ae1a7449a48a952f3e731cfa41eaf780", "type": "github" }, "original": { From ee6531b01c00bd728b00a181ac90d102def5e23d Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 18 Oct 2023 16:05:24 +0200 Subject: [PATCH 681/988] Enable tor for remote admin on fginfo --- home/home/pkgs.nix | 1 + nixos/gorgon/configuration.nix | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index c04f127..020e1e9 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -117,6 +117,7 @@ with pkgs; [ silver-searcher skim # fzf in Rust slurp + socat spotify sqlite sshfs-fuse diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index b020aa3..e5e66be 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -90,6 +90,11 @@ in services.avahi.enable = true; + services.tor = { + enable = true; + client.enable = true; + }; + services.paperless = { enable = true; passwordFile = config.age.secrets.paperless.path; From 6ff38c30d9d919f824a3286b4df8ec064286fa54 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 20 Oct 2023 17:39:34 +0200 Subject: [PATCH 682/988] Set ayu_dark theme in helix --- home/modules/helix/config/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 625fc49..94d8b3c 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "autumn" +theme = "ayu_dark" [editor] line-number = "relative" From 118daab4491722b9c950e5eb5ccbb04a83345be5 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 20 Oct 2023 17:42:49 +0200 Subject: [PATCH 683/988] home: install fluffychat --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 020e1e9..153a811 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -27,6 +27,7 @@ with pkgs; [ exa ffmpeg file + fluffychat fractal-next fx # themable json viewer fzf From c996f8c153328b5ea4410ac92014f2307fece804 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 27 Oct 2023 23:17:02 +0200 Subject: [PATCH 684/988] ninurta: spin-down disks more aggressively --- nixos/gorgon/configuration.nix | 1 + nixos/ninurta/configuration.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index e5e66be..3e5940a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -50,6 +50,7 @@ in boot = { kernelModules = [ "kvm-amd" ]; + kernelParams = [ "resume=/dev/disk/by-label/swap" ]; initrd = { systemd.enable = true; luks.devices = { diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 079a6e1..9ad21ec 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -424,7 +424,8 @@ in scsiLinkPolicy = "med_power_with_dipm"; # Configure the disks to spin down after 10 min of inactivity. powerUpCommands = '' - find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 120 + # 5 minutes = 300 seconds (1-240 is multiples of 5 seconds) + find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 60 ''; powerDownCommands = '' find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 0 From 990a8892c2ad68e9f865a8dd47c3b08af8fc7b07 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 27 Oct 2023 23:58:17 +0200 Subject: [PATCH 685/988] ninurta: wait for LUKS2 passphrase from SSH --- nixos/ninurta/configuration.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 9ad21ec..d7c469e 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -59,7 +59,16 @@ in message = "Refusing to store private keys in store"; }; - boot.kernelParams = [ "ip=dhcp" ]; + boot.kernelParams = [ + # Use the in-kernel DHCP client (yes that exists) + "ip=dhcp" + + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; boot.initrd = { network = { enable = true; From 01d1eea0ccf5a745313f1ebb58114bb3f8277655 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Oct 2023 01:00:49 +0000 Subject: [PATCH 686/988] build(deps): bump DeterminateSystems/nix-installer-action from 5 to 6 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 5 to 6. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v5...v6) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index f5ad6a1..7a1a9e0 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v5 + uses: DeterminateSystems/nix-installer-action@v6 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v20 with: From dc685affee718b6385e52bf40dbdb506d602ca50 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 Oct 2023 18:42:06 +0100 Subject: [PATCH 687/988] Remove non-existent hosts --- nixos/configurations.nix | 16 -- nixos/ifrit/configuration.nix | 81 --------- nixos/ifrit/hardware-configuration.nix | 29 ---- nixos/pruflas/configuration.nix | 199 ----------------------- nixos/pruflas/hardware-configuration.nix | 50 ------ 5 files changed, 375 deletions(-) delete mode 100644 nixos/ifrit/configuration.nix delete mode 100644 nixos/ifrit/hardware-configuration.nix delete mode 100644 nixos/pruflas/configuration.nix delete mode 100644 nixos/pruflas/hardware-configuration.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 1e1fa1e..a6871f4 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,5 @@ { self , agenix -, eza , nixpkgs , home-manager , homePage @@ -54,14 +53,6 @@ in ]; }; - ifrit = nixosSystem { - extraModules = [ - ./modules/profiles/server.nix - ./ifrit/configuration.nix - ./ifrit/hardware-configuration.nix - ]; - }; - surgat = nixosSystem rec { system = "x86_64-linux"; extraModules = [ @@ -73,13 +64,6 @@ in ]; }; - pruflas = nixosSystem { - extraModules = [ - ./modules/profiles/laptop.nix - ./pruflas/configuration.nix - ]; - }; - agares = nixosSystem { extraModules = [ ./agares/configuration.nix diff --git a/nixos/ifrit/configuration.nix b/nixos/ifrit/configuration.nix deleted file mode 100644 index 1640e8f..0000000 --- a/nixos/ifrit/configuration.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -let - hostAliases = [ - "ifrit.dadada.li" - "media.dadada.li" - "backup0.dadada.li" - ]; -in -{ - dadada = { - admin.enable = true; - borgServer.enable = true; - borgServer.path = "/mnt/storage/backup"; - }; - - - dadada.ddns.domains = [ - "backup0.dadada.li" - ]; - - networking.hostName = "ifrit"; - networking.domain = "bs.dadada.li"; - - networking.hosts = { - "127.0.0.1" = hostAliases; - "::1" = hostAliases; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - - # weird issues with crappy plastic router - networking.interfaces."ens3".tempAddress = "disabled"; - - services.resolved.enable = true; - - systemd.network = { - enable = true; - networks = { - "10-lan" = { - matchConfig.Name = "ens*"; - networkConfig.DHCP = "ipv4"; - linkConfig.RequiredForOnline = "routable"; - }; - }; - }; - - boot.kernelParams = [ - "console=ttyS0,115200" - ]; - - fileSystems."/mnt/storage" = { - device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; - mountPoint = "/mnt/storage"; - neededForBoot = false; - options = [ "nofail" ]; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - ]; - }; - - users.users."mist" = { - isNormalUser = true; - }; - - environment.systemPackages = [ pkgs.curl ]; - - services.smartd.enable = true; - - system.stateVersion = "20.03"; -} diff --git a/nixos/ifrit/hardware-configuration.nix b/nixos/ifrit/hardware-configuration.nix deleted file mode 100644 index 125e24d..0000000 --- a/nixos/ifrit/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485"; - fsType = "ext4"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; } - ]; - - nix.settings.max-jobs = lib.mkDefault 2; -} diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix deleted file mode 100644 index 5b8e592..0000000 --- a/nixos/pruflas/configuration.nix +++ /dev/null @@ -1,199 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; -let - secretsPath = config.dadada.secrets.path; - wg0PrivKey = "${config.networking.hostName}-wg0-key"; - wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key"; - wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key"; - hydraGitHubAuth = "hydra-github-authorization"; -in -{ - imports = [ ./hardware-configuration.nix ]; - - networking.hostName = "pruflas"; - - services.logind.lidSwitch = "ignore"; - - age.secrets.${hydraGitHubAuth} = { - file = "${secretsPath}/${hydraGitHubAuth}.age"; - mode = "440"; - owner = "hydra-www"; - group = "hydra"; - }; - - services.hydra = { - enable = true; - package = pkgs.hydra-unstable; - hydraURL = "https://hydra.dadada.li"; - notificationSender = "hydra@localhost"; - buildMachinesFiles = [ ]; - useSubstitutes = true; - port = 3000; - listenHost = "10.3.3.3"; - extraConfig = '' - Include ${config.age.secrets."${hydraGitHubAuth}".path} - - - jobs = nix-config:main.* - inputs = nix-config - excludeBuildFromContext = 1 - useShortContext = 1 - - ''; - }; - - nix.buildMachines = [ - { - hostName = "localhost"; - system = "x86_64-linux"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; - maxJobs = 8; - } - ]; - - nix.extraOptions = '' - allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents https://github.com/giterlizzi/dokuwiki-template-bootstrap3 - ''; - - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - logError = "/dev/null"; - appendHttpConfig = '' - access_log off; - ''; - - virtualHosts."pruflas.uwu" = { - enableACME = false; - forceSSL = false; - root = "/var/www/pruflas.uwu"; - locations."/" = { - tryFiles = "$uri $uri/ = 404"; - index = "index.html"; - }; - }; - }; - - systemd.tmpfiles.rules = [ - "d /var/www/pruflas.uwu 0551 nginx nginx - -" - ]; - - dadada.admin.enable = true; - - dadada.backupClient = { - bs.enable = true; - }; - - age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age"; - age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age"; - - age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age"; - - networking.wireguard = { - enable = true; - interfaces.uwupn = { - allowedIPsAsRoutes = true; - privateKeyFile = config.age.secrets.${wg0PrivKey}.path; - ips = [ "10.11.0.39/32" "fc00:1337:dead:beef::10.11.0.39/128" ]; - peers = [ - { - publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; - endpoint = "53c70r.de:51820"; - persistentKeepalive = 25; - presharedKeyFile = config.age.secrets.${wg0PresharedKey}.path; - } - ]; - }; - interfaces.hydra = { - allowedIPsAsRoutes = true; - privateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; - ips = [ "10.3.3.3/32" ]; - peers = [ - { - publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - allowedIPs = [ "10.3.3.1/32" ]; - endpoint = "hydra.dadada.li:51235"; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.useDHCP = false; - networking.interfaces."enp0s25".useDHCP = true; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - 80 # HTTP - 443 # HTTPS - 3000 # Hydra - ]; - allowedUDPPorts = [ - 51234 # Wireguard - 51235 # Wireguard - ]; - }; - - boot.kernelModules = [ "kvm-intel" ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Desktop things for media playback - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - hardware.pulseaudio.enable = false; - - environment.systemPackages = [ pkgs.spotify pkgs.mpv ]; - - users.users."media" = { - isNormalUser = true; - description = "Media playback user"; - extraGroups = [ "users" "video" ]; - # allow anyone with physical access to log in - password = "media"; - }; - - networking.domain = "dadada.li"; - networking.tempAddresses = "disabled"; - - networking.networkmanager.enable = false; - - users.mutableUsers = true; - - dadada.networking.localResolver.enable = true; - dadada.networking.localResolver.uwu = true; - dadada.networking.localResolver.s0 = true; - - documentation.enable = false; - documentation.nixos.enable = false; - - services.journald.extraConfig = '' - SystemKeepFree = 2G - ''; - - system.stateVersion = "20.09"; -} diff --git a/nixos/pruflas/hardware-configuration.nix b/nixos/pruflas/hardware-configuration.nix deleted file mode 100644 index 7f39bd7..0000000 --- a/nixos/pruflas/hardware-configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/BFF0-B760"; - fsType = "vfat"; - }; - - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" ]; - }; - - fileSystems."/swap" = { - device = "/dev/disk/by-uuid/767a84ad-4157-4e9f-a3db-145449edd3bc"; - fsType = "btrfs"; - options = [ "subvol=swap" "noatime" ]; - }; - - swapDevices = [{ device = "/swap/swapfile"; }]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; -} From e4c9dee5756b107652f51b264e9e84e53446736d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 Oct 2023 19:05:04 +0100 Subject: [PATCH 688/988] Remove networking module --- nixos/agares/configuration.nix | 1 - nixos/gorgon/configuration.nix | 24 +++-- nixos/modules/default.nix | 1 - nixos/modules/networking.nix | 167 -------------------------------- nixos/modules/profiles/base.nix | 5 +- 5 files changed, 22 insertions(+), 176 deletions(-) delete mode 100644 nixos/modules/networking.nix diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 6857930..099d65d 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -16,7 +16,6 @@ dadada = { admin.enable = true; - networking.localResolver.enable = true; }; services.smartd.enable = true; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3e5940a..01f98c9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -72,12 +72,6 @@ in dadada = { steam.enable = true; yubikey.enable = true; - - networking = { - enableBsShare = true; - vpnExtension = "3"; - }; - sway.enable = false; }; programs.adb.enable = true; @@ -187,6 +181,24 @@ in ]; }; + # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html + systemd.timers.wg-reresolve-dns = { + wantedBy = [ "timers.target" ]; + partOf = [ "wg-reresolve-dns.service" ]; + timerConfig.OnCalendar = "hourly"; + }; + + systemd.services.wg-reresolve-dns = + let + vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; + in + { + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 + ''; + }; + #networking.wg-quick.interfaces.mullvad = { # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; # privateKeyFile = "/var/lib/wireguard/mullvad"; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index e558aa2..6d8f98b 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,7 +9,6 @@ headphones = import ./headphones.nix; homepage = import ./homepage.nix; miniflux = import ./miniflux.nix; - networking = import ./networking.nix; inputs = import ./inputs.nix; nixpkgs = import ./nixpkgs.nix; packages = import ./packages.nix; diff --git a/nixos/modules/networking.nix b/nixos/modules/networking.nix deleted file mode 100644 index b58fb2d..0000000 --- a/nixos/modules/networking.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - cfg = config.dadada.networking; - vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; -in -{ - options = { - dadada.networking = { - localResolver = { - enable = mkEnableOption "Enable local caching name server"; - uwu = mkEnableOption "Enable uwupn"; - s0 = mkEnableOption "Enable s0"; - }; - wanInterfaces = mkOption { - type = with types; listOf str; - description = "WAN network interfaces"; - default = [ ]; - }; - vpnExtension = mkOption { - type = with types; nullOr str; - description = "Last part of VPN address"; - default = null; - }; - enableBsShare = mkEnableOption "Enable network share at BS location"; - }; - }; - - config = { - networking.resolvconf.useLocalResolver = mkIf cfg.localResolver.enable true; - networking.networkmanager.dns = mkIf cfg.localResolver.enable "unbound"; - - services.unbound = mkIf cfg.localResolver.enable { - enable = true; - localControlSocketPath = "/run/unbound/unbound.ctl"; - settings = { - server = { - prefer-ip6 = true; - - prefetch = true; - prefetch-key = true; - serve-expired = false; - - aggressive-nsec = true; - hide-identity = true; - hide-version = true; - - use-caps-for-id = true; - - private-address = [ - "127.0.0.0/8" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - "169.254.0.0/16" - "fd00::/8" - "fe80::/10" - "::ffff:0:0/96" - ]; - private-domain = [ - "dadada.li" - (mkIf cfg.localResolver.uwu "uwu") - (mkIf cfg.localResolver.s0 "space.stratum0.net") - (mkIf cfg.localResolver.s0 "s0") - ]; - domain-insecure = [ - "dadada.li" - (mkIf cfg.localResolver.uwu "uwu") - (mkIf cfg.localResolver.s0 "space.stratum0.net") - (mkIf cfg.localResolver.s0 "s0") - ]; - interface = [ - "127.0.0.1" - "::1" - ]; - }; - forward-zone = [ - { - name = "."; - forward-tls-upstream = "yes"; - forward-addr = [ - "2620:fe::fe@853#dns.quad9.net" - "2620:fe::9@853#dns.quad9.net" - "9.9.9.9@853#dns.quad9.net" - "149.112.112.112@853#dns.quad9.net" - ]; - } - ( - mkIf cfg.localResolver.uwu { - name = "uwu."; - forward-addr = [ - "fc00:1337:dead:beef::10.11.0.1" - "10.11.0.1" - ]; - } - ) - ( - mkIf cfg.localResolver.s0 { - name = "space.stratum0.net."; - forward-addr = [ - "192.168.178.1" - ]; - } - ) - ( - mkIf cfg.localResolver.s0 { - name = "s0."; - forward-addr = [ - "192.168.178.1" - ]; - } - ) - { - name = "dyn.dadada.li."; - forward-addr = [ - "fd42:9c3b:f96d:201::1" - ]; - } - ]; - }; - }; - - networking.useDHCP = false; - - networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: - nameValuePair i { - useDHCP = true; - })); - - networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { - dadada = { - ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" "192.168.120.${cfg.vpnExtension}/24" ]; - listenPort = 51234; - privateKeyFile = "/var/lib/wireguard/privkey"; - postSetup = '' - ${pkgs.systemd}/bin/resolvectl domain dadada ~bs.dadada.li - ${pkgs.systemd}/bin/resolvectl dns dadada fd42:9c3b:f96d:201:: - ${pkgs.systemd}/bin/resolvectl dnssec dadada false - ''; - peers = [ - { - publicKey = vpnPubKey; - allowedIPs = [ "fd42:9c3b:f96d::/48" "192.168.0.0/17" ]; - endpoint = "vpn.dadada.li:51234"; - persistentKeepalive = 25; - } - ]; - }; - }; - - # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html - systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { - wantedBy = [ "timers.target" ]; - partOf = [ "wg-reresolve-dns.service" ]; - timerConfig.OnCalendar = "hourly"; - }; - systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { - serviceConfig.Type = "oneshot"; - script = '' - ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 - ''; - }; - }; -} diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index ad83c1d..d6b9ef9 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -50,6 +50,9 @@ in }; networking.networkmanager.dns = mkDefault "systemd-resolved"; - services.resolved.enable = mkDefault true; + services.resolved = { + enable = mkDefault true; + fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; + }; } From f218b39961fccd291b5d3937c62031760776a4d4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sun, 29 Oct 2023 01:18:55 +0000 Subject: [PATCH 689/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/cd4e2fda3150dd2f689caeac07b7f47df5197c31' (2023-09-29) → 'github:numtide/devshell/1aed986e3c81a4f6698e85a7452cbfcc4b31a36e' (2023-10-27) • Updated input 'eza': 'github:eza-community/eza/7b743992578a9cb1f666f118d8b4edc218d60577' (2023-10-12) → 'github:eza-community/eza/73298f0b0afc9cd11aa45aa4be20c244b9e61ca8' (2023-10-26) • Updated input 'jujutsu': 'github:martinvonz/jj/69a30b47aff18e9d6caacaec8c539cc0b463d3c7' (2023-10-12) → 'github:martinvonz/jj/e5fa5910f22337d2828eab19b2cd09bc808c7e8a' (2023-10-29) • Updated input 'naersk': 'github:nix-community/naersk/3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89' (2023-09-07) → 'github:nix-community/naersk/aeb58d5e8faead8980a807c840232697982d47b9' (2023-10-27) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/fb6af288f6cf0f00d3af60cf9d5110433b954565' (2023-10-12) → 'github:NixOS/nixos-hardware/80d98a7d55c6e27954a166cb583a41325e9512d7' (2023-10-23) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/bd1cde45c77891214131cbbea5b1203e485a9d51' (2023-10-11) → 'github:NixOS/nixpkgs/60b9db998f71ea49e1a9c41824d09aa274be1344' (2023-10-26) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/aa7584f5bbf5947716ad8ec14eccc0334f0d28f0' (2023-10-12) → 'github:oxalica/rust-overlay/571fee291b386dd6fe0d125bc20a7c7b3ad042ac' (2023-10-28) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/0b2ffeb3ae1a7449a48a952f3e731cfa41eaf780' (2023-10-11) → 'github:numtide/treefmt-nix/5deb8dc125a9f83b65ca86cf0c8167c46593e0b1' (2023-10-27) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 790c2d8..aba80cc 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1695973661, - "narHash": "sha256-BP2H4c42GThPIhERtTpV1yCtwQHYHEKdRu7pjrmQAwo=", + "lastModified": 1698410321, + "narHash": "sha256-MphuSlgpmKwtJncGMohryHiK55J1n6WzVQ/OAfmfoMc=", "owner": "numtide", "repo": "devshell", - "rev": "cd4e2fda3150dd2f689caeac07b7f47df5197c31", + "rev": "1aed986e3c81a4f6698e85a7452cbfcc4b31a36e", "type": "github" }, "original": { @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1697098100, - "narHash": "sha256-eST70KMdGgbTo4FNL3K5YGn9lwIGroG4y4ExKDb30hU=", + "lastModified": 1698320022, + "narHash": "sha256-GovkmMjxHWP9nl0z1LwQrIgT6TkMaYY1wEwAABAYNK0=", "owner": "eza-community", "repo": "eza", - "rev": "7b743992578a9cb1f666f118d8b4edc218d60577", + "rev": "73298f0b0afc9cd11aa45aa4be20c244b9e61ca8", "type": "github" }, "original": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1697097009, - "narHash": "sha256-aFoi7j25b4m8+EEIu25DSYLaNT17cEFylGwTBf6IQQQ=", + "lastModified": 1698538480, + "narHash": "sha256-kGHjL0YwwpzhaucCnPqmn1Y2uMGcC7f63oh5+4XMJfE=", "owner": "martinvonz", "repo": "jj", - "rev": "69a30b47aff18e9d6caacaec8c539cc0b463d3c7", + "rev": "e5fa5910f22337d2828eab19b2cd09bc808c7e8a", "type": "github" }, "original": { @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1694081375, - "narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=", + "lastModified": 1698420672, + "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=", "owner": "nix-community", "repo": "naersk", - "rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89", + "rev": "aeb58d5e8faead8980a807c840232697982d47b9", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1697100850, - "narHash": "sha256-qSAzJVzNRIo+r3kBjL8TcpJctcgcHlnZyqdzpWgtg0M=", + "lastModified": 1698053470, + "narHash": "sha256-sP8D/41UiwC2qn0X40oi+DfuVzNHMROqIWdSdCI/AYA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fb6af288f6cf0f00d3af60cf9d5110433b954565", + "rev": "80d98a7d55c6e27954a166cb583a41325e9512d7", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1696983906, - "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=", + "lastModified": 1698288402, + "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51", + "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1697076655, - "narHash": "sha256-NcCtVUOd0X81srZkrdP8qoA1BMsPdO2tGtlZpsGijeU=", + "lastModified": 1698458995, + "narHash": "sha256-nF8E8Ur5NggwPQNp3w/fddWmQrNEwCm0dgz6tk8Ew6E=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "aa7584f5bbf5947716ad8ec14eccc0334f0d28f0", + "rev": "571fee291b386dd6fe0d125bc20a7c7b3ad042ac", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1697018566, - "narHash": "sha256-tOhoeq621JQOULO9X2U+Io03PK/TQrYFYB4sJFaDCuQ=", + "lastModified": 1698438538, + "narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0b2ffeb3ae1a7449a48a952f3e731cfa41eaf780", + "rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1", "type": "github" }, "original": { From 9ab1221dc06f195850bfa393e64fc696d907bbff Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 Oct 2023 20:01:37 +0100 Subject: [PATCH 690/988] Remove zotero (marked as insecure) --- home/home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 153a811..e3d3d3c 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -141,6 +141,6 @@ with pkgs; [ xsv # cut for csv xxh # portable shells youtube-dl - zotero + # zotero Marked as insecure zsh ] From 4944d5790b6b2bc18248c1fc88b267ef579d3d19 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 Oct 2023 20:03:14 +0100 Subject: [PATCH 691/988] Remove apps.nix File was not referenced --- apps.nix | 33 --------------------------------- 1 file changed, 33 deletions(-) delete mode 100644 apps.nix diff --git a/apps.nix b/apps.nix deleted file mode 100644 index b667c5b..0000000 --- a/apps.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs -, deploy-rs -, system -, ... -}: -{ - nixos-switch = { - type = "app"; - program = toString (pkgs.writeScript "nixos-switch" '' - #!${pkgs.runtimeShell} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake ".#$1" --use-remote-sudo - ''); - }; - - deploy = { - type = "app"; - program = toString (pkgs.writeScript "deploy" '' - #!${pkgs.runtimeShell} - flake=$(nix flake metadata --json ${./.} | jq -r .url) - ${deploy-rs.apps."${system}".deploy-rs.program} ''${flake} - ''); - }; - - update = { - type = "app"; - program = toString (pkgs.writeScript "update" '' - #!${pkgs.runtimeShell} - ${pkgs.nix}/bin/nix flake update --commit-lock-file - ''); - }; -} - From e135f57101cf05bb06fe48cfdd17df047b81edd1 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 Oct 2023 23:59:08 +0100 Subject: [PATCH 692/988] Replace power-up and power-down snippets with udev rule --- nixos/ninurta/configuration.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index d7c469e..4fabd86 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -432,13 +432,6 @@ in # This generally means no power management for SCSI scsiLinkPolicy = "med_power_with_dipm"; # Configure the disks to spin down after 10 min of inactivity. - powerUpCommands = '' - # 5 minutes = 300 seconds (1-240 is multiples of 5 seconds) - find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 60 - ''; - powerDownCommands = '' - find /dev -regextype sed -regex '/dev/sd[a-z]$' | xargs ${pkgs.hdparm}/sbin/hdparm -S 0 - ''; }; security.rtkit.enable = true; @@ -450,6 +443,16 @@ in pulse.enable = true; }; + services.udev.packages = [ + (pkgs.writeTextFile { + name = "60-hdparm"; + text = '' + ACTION=="add|change", KERNEL=="sd[a-z]", ATTRS{queue/rotational}=="1", RUN+="/usr/bin/hdparm -S 60 /dev/%k" + ''; + destination = "/etc/udev/rules.d/60-hdparm.rules"; + }) + ]; + hardware.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ From 2083708a45ba416a0dc414d65d52256d2e19f6ca Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Oct 2023 14:57:08 +0100 Subject: [PATCH 693/988] ninurta: enable printer sharing --- nixos/ninurta/configuration.nix | 3 +++ nixos/ninurta/printing.nix | 42 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 nixos/ninurta/printing.nix diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 4fabd86..35b4fb5 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -17,6 +17,7 @@ in imports = [ ../modules/profiles/server.nix ./hardware-configuration.nix + ./printing.nix ]; services.soft-serve = { @@ -388,10 +389,12 @@ in 22 # SSH 80 # HTTP 443 # HTTPS + 631 # Printing (TODO only allow from some networks) 3000 # Hydra softServePort ]; allowedUDPPorts = [ + 631 # Printing (TODO only allow from some networks) 51234 # Wireguard 51235 # Wireguard ]; diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix new file mode 100644 index 0000000..68e5c69 --- /dev/null +++ b/nixos/ninurta/printing.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: +{ + services.printing = { + enable = true; + drivers = [ pkgs.brlaser ]; + # Remove all state at the start of the service + stateless = true; + }; + + hardware = { + printers = { + ensurePrinters = [ + { + name = "Brother_HL-L2310D"; + model = "drv:///brlaser.drv/brl2320d.ppd"; + location = "BS"; + deviceUri = "usb://Brother/HL-L2310D%20series?serial=E78096H3N771439"; + ppdOptions = { + PageSize = "A4"; + Duplex = "DuplexNoTumble"; + }; + } + ]; + }; + }; + + services.avahi = { + enable = true; + nssmdns = true; + openFirewall = true; + publish = { + enable = true; + userServices = true; + }; + }; + services.printing = { + listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ]; + allowFrom = [ "from 192.168.101.0/24" ]; + browsing = true; + defaultShared = true; + }; +} From db86e3902b40207b913fe8f23846ba9dd11da231 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 31 Oct 2023 03:03:58 +0100 Subject: [PATCH 694/988] Backup keepassxc DB --- home/home/default.nix | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/home/home/default.nix b/home/home/default.nix index 213effa..a2492ac 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -1,5 +1,4 @@ -{ config -, pkgs +{ pkgs , lib , ... }: @@ -93,6 +92,22 @@ in home.file.".jjconfig.toml".source = ./jjconfig.toml; + systemd.user.timers."backup-keepassxc" = { + Unit.Description = "Backup password DB"; + Timer = { + OnBootSec= "15min"; + OnUnitActiveSec = "1d"; + }; + Install.WantedBy = [ "timers.target" ]; + }; + + systemd.user.services."backup-keepassxc" = { + Unit.Description = "Backup password DB"; + Unit.Type = "oneshot"; + Service.ExecStart = "${pkgs.openssh}/bin/scp -P 23 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx u355513-sub4@u355513-sub4.your-storagebox.de:Personal.kdbx"; + Install.WantedBy = [ "multi-user.target" ]; + }; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 4ca056cc2860cd52847325fe65363bc484a70447 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Nov 2023 14:33:07 +0100 Subject: [PATCH 695/988] home: remove fluffychat and fractal-next, add element-desktop --- home/home/pkgs.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index e3d3d3c..7ad5a68 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -22,13 +22,12 @@ with pkgs; [ dstat duf # disk usage dyff # diff tool for YAML + element-desktop evince evolution exa ffmpeg file - fluffychat - fractal-next fx # themable json viewer fzf fzf From afe3d8683cadc26341c596982ff3ede9914e8cc7 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Nov 2023 14:39:20 +0100 Subject: [PATCH 696/988] Update agenix --- flake.lock | 55 ++++++++++++++++++++++++++++++++++++++++++++++++----- flake.nix | 2 +- outputs.nix | 2 +- 3 files changed, 52 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index aba80cc..6d3a4b8 100644 --- a/flake.lock +++ b/flake.lock @@ -2,25 +2,49 @@ "nodes": { "agenix": { "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1664140963, - "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", + "lastModified": 1694733633, + "narHash": "sha256-/o/OubAsPMbxqru59tLlWzUI7LBNDaoW4rFwQ2Smxcg=", "owner": "ryantm", "repo": "agenix", - "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", + "rev": "54693c91d923fecb4cf04c4535e3d84f8dec7919", "type": "github" }, "original": { "owner": "ryantm", - "ref": "0.13.0", + "ref": "0.14.0", "repo": "agenix", "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -113,6 +137,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -315,7 +360,7 @@ "eza": "eza", "flake-registry": "flake-registry", "flake-utils": "flake-utils", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "homePage": "homePage", "jujutsu": "jujutsu", "naersk": "naersk", diff --git a/flake.nix b/flake.nix index 038f146..94442c1 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,7 @@ inputs.flake-utils.follows = "flake-utils"; }; agenix = { - url = "github:ryantm/agenix/0.13.0"; + url = "github:ryantm/agenix/0.14.0"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { diff --git a/outputs.nix b/outputs.nix index 4783575..8c0d9ac 100644 --- a/outputs.nix +++ b/outputs.nix @@ -23,7 +23,7 @@ pkgs = import nixpkgs { inherit system; overlays = [ - agenix.overlay + agenix.overlays.default devshell.overlays.default ]; }; From 684f27eca69399f53b5a4f3ab0ec27de4f0e7a12 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Nov 2023 14:40:34 +0100 Subject: [PATCH 697/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'eza': 'github:eza-community/eza/73298f0b0afc9cd11aa45aa4be20c244b9e61ca8' (2023-10-26) → 'github:eza-community/eza/0c75e4cc971d6f79160f527024d399829ff1e0a8' (2023-11-04) • Added input 'eza/advisory-db': 'github:rustsec/advisory-db/088ec034cfc17c918d8c1d4f9fbb832b935011b0' (2023-11-02) • Added input 'eza/pre-commit-hooks': 'http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz?narHash=sha256-Fi5H9jbaQLmLw9qBi%2fmkR33CoFjNbobo5xWdX4tKz1Q=' • Added input 'eza/pre-commit-hooks/flake-compat': 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17) • Added input 'eza/pre-commit-hooks/flake-utils': follows 'eza/flake-utils' • Added input 'eza/pre-commit-hooks/gitignore': 'github:hercules-ci/gitignore.nix/a20de23b925fd8264fd7fad6454652e142fd7f73' (2022-08-14) • Added input 'eza/pre-commit-hooks/gitignore/nixpkgs': follows 'eza/pre-commit-hooks/nixpkgs' • Added input 'eza/pre-commit-hooks/nixpkgs': follows 'eza/nixpkgs' • Added input 'eza/pre-commit-hooks/nixpkgs-stable': 'github:NixOS/nixpkgs/c37ca420157f4abc31e26f436c1145f8951ff373' (2023-06-03) • Updated input 'jujutsu': 'github:martinvonz/jj/e5fa5910f22337d2828eab19b2cd09bc808c7e8a' (2023-10-29) → 'github:martinvonz/jj/e701b08f4294811429e5222f95c1ad27d24292d8' (2023-11-04) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/80d98a7d55c6e27954a166cb583a41325e9512d7' (2023-10-23) → 'github:NixOS/nixos-hardware/87f8403371fa74d9ad21ed677403cc235f37b96c' (2023-11-03) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/60b9db998f71ea49e1a9c41824d09aa274be1344' (2023-10-26) → 'github:NixOS/nixpkgs/621f51253edffa1d6f08d5fce4f08614c852d17e' (2023-11-02) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/571fee291b386dd6fe0d125bc20a7c7b3ad042ac' (2023-10-28) → 'github:oxalica/rust-overlay/321affd863e3e4e669990a1db5fdabef98387b95' (2023-11-03) --- flake.lock | 126 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 111 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 6d3a4b8..a2a88ed 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "advisory-db": { + "flake": false, + "locked": { + "lastModified": 1698930228, + "narHash": "sha256-ewxEUkQljd/D6jJyixlgQi0ZBFzYrhIY1EuoPylxkag=", + "owner": "rustsec", + "repo": "advisory-db", + "rev": "088ec034cfc17c918d8c1d4f9fbb832b935011b0", + "type": "github" + }, + "original": { + "owner": "rustsec", + "repo": "advisory-db", + "type": "github" + } + }, "agenix": { "inputs": { "darwin": "darwin", @@ -70,6 +86,7 @@ }, "eza": { "inputs": { + "advisory-db": "advisory-db", "flake-utils": [ "flake-utils" ], @@ -79,6 +96,7 @@ "nixpkgs": [ "nixpkgs" ], + "pre-commit-hooks": "pre-commit-hooks", "rust-overlay": [ "rust-overlay" ], @@ -87,11 +105,11 @@ ] }, "locked": { - "lastModified": 1698320022, - "narHash": "sha256-GovkmMjxHWP9nl0z1LwQrIgT6TkMaYY1wEwAABAYNK0=", + "lastModified": 1699101090, + "narHash": "sha256-C7vF+D81spKj0rbo28x0bOfK1B17ibSatE1KGP6yjLA=", "owner": "eza-community", "repo": "eza", - "rev": "73298f0b0afc9cd11aa45aa4be20c244b9e61ca8", + "rev": "0c75e4cc971d6f79160f527024d399829ff1e0a8", "type": "github" }, "original": { @@ -100,6 +118,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -136,6 +170,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "eza", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -228,11 +284,11 @@ ] }, "locked": { - "lastModified": 1698538480, - "narHash": "sha256-kGHjL0YwwpzhaucCnPqmn1Y2uMGcC7f63oh5+4XMJfE=", + "lastModified": 1699064137, + "narHash": "sha256-JUAxgp7ovocGqhkk/26GqPFp1izDHJFYwVnAqaPUgUM=", "owner": "martinvonz", "repo": "jj", - "rev": "e5fa5910f22337d2828eab19b2cd09bc808c7e8a", + "rev": "e701b08f4294811429e5222f95c1ad27d24292d8", "type": "github" }, "original": { @@ -299,11 +355,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1698053470, - "narHash": "sha256-sP8D/41UiwC2qn0X40oi+DfuVzNHMROqIWdSdCI/AYA=", + "lastModified": 1699044561, + "narHash": "sha256-3uHmbq74CicpBPP40a6NHp830S7Rvh33uFgfIIC+7nw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "80d98a7d55c6e27954a166cb583a41325e9512d7", + "rev": "87f8403371fa74d9ad21ed677403cc235f37b96c", "type": "github" }, "original": { @@ -315,11 +371,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698288402, - "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=", + "lastModified": 1698942558, + "narHash": "sha256-/UmnB+mEd6Eg3mJBrAgqRcyZX//RSjHphcCO7Ig9Bpk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344", + "rev": "621f51253edffa1d6f08d5fce4f08614c852d17e", "type": "github" }, "original": { @@ -329,6 +385,46 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1685801374, + "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "eza", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "eza", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "type": "tarball", + "url": "http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz" + }, + "original": { + "type": "tarball", + "url": "http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz" + } + }, "recipemd": { "inputs": { "flake-utils": [ @@ -383,11 +479,11 @@ ] }, "locked": { - "lastModified": 1698458995, - "narHash": "sha256-nF8E8Ur5NggwPQNp3w/fddWmQrNEwCm0dgz6tk8Ew6E=", + "lastModified": 1698977568, + "narHash": "sha256-bnbCqPDFdOUcSANJv9Br3q/b1LyK9vyB1I7os5T4jXI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "571fee291b386dd6fe0d125bc20a7c7b3ad042ac", + "rev": "321affd863e3e4e669990a1db5fdabef98387b95", "type": "github" }, "original": { From 572d813eed8b04dfd3b19c73c6e59f4093505cf2 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Nov 2023 15:10:29 +0100 Subject: [PATCH 698/988] home: fix formatting --- home/home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/home/default.nix b/home/home/default.nix index a2492ac..6b2a28f 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -95,7 +95,7 @@ in systemd.user.timers."backup-keepassxc" = { Unit.Description = "Backup password DB"; Timer = { - OnBootSec= "15min"; + OnBootSec = "15min"; OnUnitActiveSec = "1d"; }; Install.WantedBy = [ "timers.target" ]; From 21add79ffa2e79e1683df9697d14b66bd579c81b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 14 Oct 2023 14:01:06 +0200 Subject: [PATCH 699/988] agares: use as router --- nixos/agares/configuration.nix | 84 ++++---- nixos/agares/ddns.nix | 13 ++ nixos/agares/dns.nix | 69 +++++++ nixos/agares/firewall.nix | 13 ++ nixos/agares/hardware-configuration.nix | 35 ---- nixos/agares/network.nix | 252 ++++++++++++++++++++++++ nixos/agares/ntp.nix | 12 ++ nixos/agares/ppp.nix | 63 ++++++ nixos/agares/rules.nft | 140 +++++++++++++ secrets/etc-ppp-chap-secrets.age | 11 ++ secrets/etc-ppp-telekom-secret.age | 9 + secrets/secrets.nix | 5 +- secrets/wg-privkey-vpn-dadada-li.age | 10 + 13 files changed, 640 insertions(+), 76 deletions(-) create mode 100644 nixos/agares/ddns.nix create mode 100644 nixos/agares/dns.nix create mode 100644 nixos/agares/firewall.nix delete mode 100644 nixos/agares/hardware-configuration.nix create mode 100644 nixos/agares/network.nix create mode 100644 nixos/agares/ntp.nix create mode 100644 nixos/agares/ppp.nix create mode 100644 nixos/agares/rules.nft create mode 100644 secrets/etc-ppp-chap-secrets.age create mode 100644 secrets/etc-ppp-telekom-secret.age create mode 100644 secrets/wg-privkey-vpn-dadada-li.age diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 099d65d..c28a4f8 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,18 +1,45 @@ { config -, pkgs , lib +, modulesPath +, pkgs , ... -}: { +}: +{ imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ./ddns.nix + ./dns.nix + ./firewall.nix ../modules/profiles/server.nix - ./hardware-configuration.nix + ./network.nix + ./ntp.nix + ./ppp.nix ]; - # to be able to use qemu from substituter - environment.noXlibs = false; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; - # libvirtd - security.polkit.enable = true; + #fileSystems."/nix/store" = { + # device = "/dev/sda1"; + # fsType = "btrfs"; + # options = [ "subvol=/root/nix" "noatime" ]; + #}; + + fileSystems."/swap" = { + device = "/dev/sda1"; + fsType = "btrfs"; + options = [ "subvol=/root/swap" "noatime" ]; + }; + + #swapDevices = [{ + # device = "/swap/swapfile"; + # size = 32 * 1024; # 32 GByte + #}]; + + hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; dadada = { admin.enable = true; @@ -23,9 +50,17 @@ networking.hostName = "agares"; networking.domain = "bs.dadada.li"; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.extraConfig = " + serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 + terminal_input serial + terminal_output serial + "; boot.kernelParams = [ "console=ttyS0,115200" @@ -41,46 +76,15 @@ "vfio_virqfd" ]; - networking.vlans = { - lan = { - id = 11; - interface = "enp1s0"; - }; - backup = { - id = 13; - interface = "enp1s0"; - }; - }; - - networking.bridges = { - "br-lan" = { - interfaces = [ "lan" ]; - }; - "br-backup" = { - interfaces = [ "backup" ]; - }; - }; - - networking.interfaces.enp1s0.useDHCP = true; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - ]; - }; - - virtualisation.libvirtd.enable = true; - environment.systemPackages = with pkgs; [ curl flashrom dmidecode + tcpdump ]; # Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal. system.autoUpgrade.allowReboot = false; - system.stateVersion = "22.05"; + system.stateVersion = "23.05"; } diff --git a/nixos/agares/ddns.nix b/nixos/agares/ddns.nix new file mode 100644 index 0000000..6f47853 --- /dev/null +++ b/nixos/agares/ddns.nix @@ -0,0 +1,13 @@ +{ config, ... }: +{ + dadada.ddns = { + domains = [ "vpn.dadada.li" ]; + credentialsPath = config.age.secrets."ddns-credentials".path; + interface = "wan"; + }; + + age.secrets."ddns-credentials" = { + file = "${config.dadada.secrets.path}/ddns-credentials.age"; + mode = "400"; + }; +} diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix new file mode 100644 index 0000000..fefcf70 --- /dev/null +++ b/nixos/agares/dns.nix @@ -0,0 +1,69 @@ +{ ... }: +{ + services.unbound = { + enable = true; + localControlSocketPath = "/run/unbound/unbound.ctl"; + settings = { + server = { + access-control = [ + "127.0.0.0/8 allow" + "127.0.0.1/32 allow_snoop" + "192.168.100.0/24 allow" + "192.168.101.0/24 allow" + "192.168.102.0/24 allow" + "192.168.103.0/24 allow" + "192.168.1.0/24 allow" + "172.16.128.0/24 allow" + "::1/128 allow_snoop" + "fd42:9c3b:f96d::/48 allow" + ]; + interface = [ + "127.0.0.1" + "192.168.1.1" + "192.168.100.1" + "192.168.101.1" + "192.168.102.1" + "::1" + "fd42:9c3b:f96d:100::1" + "fd42:9c3b:f96d:101::1" + "fd42:9c3b:f96d:102::1" + "fd42:9c3b:f96d:103::1" + ]; + prefer-ip6 = true; + prefetch = true; + prefetch-key = true; + serve-expired = false; + aggressive-nsec = true; + hide-identity = true; + hide-version = true; + use-caps-for-id = true; + val-permissive-mode = true; + local-zone = [ + "\"168.192.in-addr.arpa.\" nodefault" + "\"d.f.ip6.arpa.\" nodefault" + ]; + }; + forward-zone = [ + { + name = "."; + forward-tls-upstream = "yes"; + forward-addr = [ + "2620:fe::fe@853#dns.quad9.net" + "2620:fe::9@853#dns.quad9.net" + "9.9.9.9@853#dns.quad9.net" + "149.112.112.112@853#dns.quad9.net" + ]; + } + ]; + stub-zone = + let + stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; }; + in + [ + #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) + #(stubZone "d.6.9.f.b.3.c.9.2.4.d.f.ip6.arpa" ["192.168.101.220" "2a01:4f8:c010:a710::1"]) + #(stubZone "168.192.in-addr.arpa" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) + ]; + }; + }; +} diff --git a/nixos/agares/firewall.nix b/nixos/agares/firewall.nix new file mode 100644 index 0000000..569259f --- /dev/null +++ b/nixos/agares/firewall.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + useDHCP = false; + nat.enable = false; + firewall.enable = false; + nftables = { + enable = true; + checkRuleset = true; + ruleset = builtins.readFile ./rules.nft; + }; + }; +} diff --git a/nixos/agares/hardware-configuration.nix b/nixos/agares/hardware-configuration.nix deleted file mode 100644 index fdd49d2..0000000 --- a/nixos/agares/hardware-configuration.nix +++ /dev/null @@ -1,35 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - swapDevices = [ ]; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = lib.mkDefault false; - networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix new file mode 100644 index 0000000..b51dfae --- /dev/null +++ b/nixos/agares/network.nix @@ -0,0 +1,252 @@ +{ config, lib, ... }: +let + mergeAttrsList = lib.attrsets.mergeAttrsList; + map = builtins.map; + ulaPrefix = "fd42:9c3b:f96d"; # fd42:9c3b:f96d::/48 + ipv4Prefix = "192.168"; # 192.168.96.0/19 + domain = "bs.dadada.li"; +in +{ + systemd.network = { + enable = true; + links = { + "10-persistent" = { + matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; + linkConfig.MACAddressPolicy = "persistent"; + }; + }; + netdevs = { + # QoS concentrator + "ifb4ppp0" = { + netdevConfig = { + Kind = "ifb"; + Name = "ifb4ppp0"; + }; + }; + "20-lan" = { + netdevConfig = { + Kind = "vlan"; + Name = "lan.10"; + }; + vlanConfig = { + Id = 10; + }; + }; + "20-freifunk" = { + netdevConfig = { + Kind = "vlan"; + Name = "ff.11"; + }; + vlanConfig = { + Id = 11; + }; + }; + "20-srv" = { + netdevConfig = { + Kind = "vlan"; + Name = "srv.13"; + }; + vlanConfig = { + Id = 13; + }; + }; + "20-roadw" = { + netdevConfig = { + Kind = "wireguard"; + Name = "roadw"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; + ListenPort = 51234; + }; + wireguardPeers = [{ + wireguardPeerConfig = + let + peerAddresses = i: [ + "${ipv4Prefix}.120.${i}/32" + "${ulaPrefix}:120::${i}/128" + ]; + in + { + PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + AllowedIPs = peerAddresses "3"; + }; + }]; + }; + }; + networks = let + subnet = name: subnetId: { + matchConfig.Name = name; + addresses = [ + { addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; } + { addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; } + ]; + dhcpPrefixDelegationConfig = { + SubnetId = "0x${subnetId}"; + }; + ipv6Prefixes = [ + { + ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64"; + } + ]; + dhcpServerConfig = { + DNS = "${ipv4Prefix}.${subnetId}.1"; + NTP = "${ipv4Prefix}.${subnetId}.1"; + EmitDNS = true; + EmitNTP = true; + EmitRouter = true; + PoolOffset = 100; + PoolSize = 100; + SendOption = "12:string:${domain}"; + }; + linkConfig = { + RequiredForOnline = "no"; + }; + networkConfig = { + Domains = domain; + EmitLLDP = "yes"; + IPv6SendRA = true; + IPv6AcceptRA = false; + DHCPPrefixDelegation = true; + DHCPServer = true; + }; + extraConfig = '' + [CAKE] + OverheadBytes = 38 + Bandwidth = 1G + ''; + }; + in { + "10-mgmt" = subnet "enp1s0" "100" // { + networkConfig.VLAN = [ "lan.10" "ff.11" "srv.13" ]; + dhcpServerStaticLeases = [ + { + # legion + dhcpServerStaticLeaseConfig = { + Address = "192.168.100.107"; + MACAddress = "80:CC:9C:95:4A:60"; + }; + } + ]; + }; + "30-lan" = subnet "lan.10" "101" // { + dhcpServerStaticLeases = [ + { + # ninurta + dhcpServerStaticLeaseConfig = { + Address = "192.168.101.184"; + MACAddress = "48:21:0B:3E:9C:FE"; + }; + } + { + # crocell + dhcpServerStaticLeaseConfig = { + Address = "192.168.101.122"; + MACAddress = "9C:C9:EB:4F:3F:0E"; + }; + } + { + # gorgon + dhcpServerStaticLeaseConfig = { + Address = "192.168.101.205"; + MACAddress = "8C:C6:81:6A:39:2F"; + }; + } + ]; + }; + + "30-ff" = subnet "ff.11" "102"; + + "30-srv" = subnet "srv.13" "103"; + + "30-ifb4ppp0" = { + name = "ifb4ppp0"; + extraConfig = '' + [CAKE] + OverheadBytes = 65 + Bandwidth = 95M + FlowIsolationMode = triple + ''; + }; + + # TODO does not work + "30-ppp0" = { + name = "ppp*"; + linkConfig = { + RequiredForOnline = "routable"; + }; + networkConfig = { + KeepConfiguration = "static"; + DefaultRouteOnDevice = true; + LinkLocalAddressing = "ipv6"; + DHCP = "ipv6"; + }; + extraConfig = '' + [CAKE] + OverheadBytes = 65 + Bandwidth = 36M + FlowIsolationMode = triple + [DHCPv6] + PrefixDelegationHint= ::/56 + UseAddress = false + UseDelegatedPrefix = true + WithoutRA = solicit + [DHCPPrefixDelegation] + UplinkInterface=:self + ''; + ipv6SendRAConfig = { + # Let networkd know that we would very much like to use DHCPv6 + # to obtain the "managed" information. Not sure why they can't + # just take that from the upstream RAs. + Managed = true; + }; + }; + # Talk to modem for management + "enp2s0" = { + name = "enp2s0"; + linkConfig = { + RequiredForOnline = "no"; + }; + networkConfig = { + Address = "192.168.1.254/24"; + EmitLLDP = "yes"; + }; + }; + "10-roadw" = { + matchConfig.Name = "roadw"; + address = [ + "${ipv4Prefix}.120.1/32" + "${ulaPrefix}:120::1/128" + ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = "no"; + routes = [ + { + routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; + } + { + routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; + } + ]; + }; + }; + }; + + age.secrets."wg-privkey-vpn-dadada-li" = { + file = "${config.dadada.secrets.path}/wg-privkey-vpn-dadada-li.age"; + owner = "systemd-network"; + }; + + boot.kernel.sysctl = { + # Enable forwarding for interface + "net.ipv4.conf.all.forwarding" = "1"; + "net.ipv6.conf.all.forwarding" = "1"; + "net.ipv6.conf.all.accept_ra" = "0"; + "net.ipv6.conf.all.autoconf" = "0"; + # Set via systemd-networkd + #"net.ipv6.conf.${intf}.use_tempaddr" = "0"; + }; + + powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil"; +} diff --git a/nixos/agares/ntp.nix b/nixos/agares/ntp.nix new file mode 100644 index 0000000..c3ec49b --- /dev/null +++ b/nixos/agares/ntp.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + services.chrony = { + enable = true; + extraConfig = '' + allow 192.168.1 + allow 192.168.100 + allow 192.168.101 + allow 192.168.102 + ''; + }; +} diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix new file mode 100644 index 0000000..dc26e46 --- /dev/null +++ b/nixos/agares/ppp.nix @@ -0,0 +1,63 @@ +{ pkgs, lib, config, ... }: +let + secretsPath = config.dadada.secrets.path; +in +{ + # PPPoE + services.pppd = { + enable = true; + peers = { + telekom = { + enable = true; + autostart = true; + config = '' + debug + + plugin pppoe.so enp2s0 + + noauth + hide-password + call telekom-secret + + linkname ppp0 + + persist + maxfail 0 + holdoff 5 + + noipdefault + defaultroute + + lcp-echo-interval 15 + lcp-echo-failure 3 + ''; + }; + }; + }; + + age.secrets."etc-ppp-telekom-secret" = { + file = "${secretsPath}/etc-ppp-telekom-secret.age"; + owner = "root"; + mode = "700"; + path = "/etc/ppp/peers/telekom-secret"; + }; + + age.secrets."etc-ppp-pap-secrets" = { + # format: client server passphrase + file = "${secretsPath}/etc-ppp-chap-secrets.age"; + owner = "root"; + mode = "700"; + path = "/etc/ppp/pap-secrets"; + }; + + # Hook for QoS via Intermediate Functional Block + environment.etc."ppp/ip-up" = { + mode = "755"; + text = with lib; '' + #!/usr/bin/env sh + ${getBin pkgs.iproute2}/bin/tc qdisc del dev $1 ingress + ${getBin pkgs.iproute2}/bin/tc qdisc add dev $1 handle ffff: ingress + ${getBin pkgs.iproute2}/bin/tc filter add dev $1 parent ffff: matchall action mirred egress redirect dev ifb4ppp0 + ''; + }; +} diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft new file mode 100644 index 0000000..733ef57 --- /dev/null +++ b/nixos/agares/rules.nft @@ -0,0 +1,140 @@ +flush ruleset + +define IF_MGMT = "enp1s0" +define IF_FF = "ff.11" +define IF_LAN = "lan.10" +define IF_WAN = "ppp0" +define IF_SRV = "srv.13" + +# Modem uses this for internet uplink via our WAN +define IF_MODEM = "enp2s0" + +define IF_ROADW = "roadwarrior" + +table inet filter { + # Will give "no such file or directory if hardware does not support flow offloading" + # flowtable f { + # hook ingress priority 0; devices = { enp1s0, enp2s0 }; flags offload; + # } + + chain input_local { + ip6 saddr != ::1/128 log prefix "Dropped IPv6 nonlocalhost packet on loopback:" drop + accept comment "Accept traffic to loopback interface" + } + + chain input_icmp_untrusted { + # Allow ICMP echo + ip protocol icmp icmp type { echo-request } limit rate 1000/second burst 5 packets accept comment "Accept echo request" + + # Allow some ICMPv6 + icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } limit rate 1000/second burst 5 packets accept comment "Allow some ICMPv6" + } + + chain input_modem { + jump input_icmp_untrusted + } + + chain input_wan { + # DHCPv6 client + meta nfproto ipv6 udp sport 547 accept comment "Allow DHCPv6 client" + + jump input_icmp_untrusted + + udp dport 51234 accept comment "Wireguard roadwarriors" + } + + chain input_lan { + counter accept comment "Accept all traffic from LAN" + } + + chain input_mgmt { + counter accept comment "Accept all traffic from MGMT" + } + + chain input_srv { + counter accept comment "Accept all traffic from services" + } + + chain input_roadw { + counter accept comment "Accept all traffic from roadwarriors" + } + + chain input_ff { + jump input_icmp_untrusted + + # DHCP + meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client" + + # Allow DNS and DHCP from Freifunk + udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk" + } + + chain input { + type filter hook input priority filter; policy drop; + + ct state {established, related} counter accept comment "Accept packets from established and related connections" + ct state invalid counter drop comment "Early drop of invalid packets" + + iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt } + } + +# Only works if hardware flow offloading is available +# chain offload { +# type filter hook forward priority -100; policy accept; +# ip protocol tcp flow add @f +# counter packets 0 bytes 0 +# } + + chain forward { + type filter hook forward priority filter; policy drop; + + # Accept connections tracked by destination NAT + ct status dnat counter accept comment "Accept connections tracked by DNAT" + + # TCP options + tcp flags syn tcp option maxseg size set rt mtu comment "Remove TCP maximum segment size and set a size based on route information" + + # ICMPv6 + icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem } limit rate 5/second counter accept comment "Forward up to five ICMP messages of allowed types per second" + meta l4proto ipv6-icmp accept comment "Forward ICMP in IPv6" + + # mgmt <-> * + iifname { $IF_LAN, $IF_ROADW } oifname $IF_MGMT counter reject comment "Reject traffic from LAN and roadwarrior to MGMT" + iifname $IF_MGMT oifname { $IF_LAN, $IF_ROADW } counter reject comment "Reject traffic from MGMT to LAN and roadwarrior" + # drop (instead of reject) everything else to MGMT + + # LAN, ROADW -> * (except mgmt) + iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt" + + # FF -> WAN + iifname $IF_FF oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk to WAN" + + # { WAN, SRV } -> { FF, LAN, RW, SRV } + iifname { $IF_WAN, $IF_SRV } oifname { $IF_FF, $IF_LAN, $IF_ROADW, $IF_SRV } ct state established,related counter accept comment "Allow established back from WAN and SRV" + + # WAN -> SRV + iifname $IF_WAN oifname $IF_SRV tcp dport ssh accept comment "Allow all SSH traffic forwarding from WAN to services" + } + + chain output { + type filter hook output priority 100; policy accept; + } +} + +table ip nat { + chain prerouting { + type nat hook prerouting priority dstnat; policy accept; + } + + chain postrouting { + type nat hook postrouting priority srcnat; policy accept; + ip saddr { 192.168.96.0/19 } oifname { $IF_WAN } masquerade comment "Masquerade traffic from LANs" + } +} + +table arp filter { + chain input { + type filter hook input priority filter; policy drop; + iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem" + } +} diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age new file mode 100644 index 0000000..8e50189 --- /dev/null +++ b/secrets/etc-ppp-chap-secrets.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w xkw7tPnkvX1TGG2/Urocw8mQe6r2/Fpxkvs1Nr3cVXs +eJyvIUrFp0mGWXcmHjP1+5YW9cgs9m8bqUnwgm8iMi0 +-> ssh-ed25519 Otklkw 1IfE9jxV6gz7yfPmSmXsTWsB36RFHmdpjw5eUlElTCo +GyTNhYhDbD2olE6DiKkr47Mu9NMBMHsO5/pTkcx8WXk +-> ~6#g&f-grease +lIbAZllBnOK9YRMIQfPX/veMc111/u5w83pQGuMMWUSyaHT0xwxp8IYn+R9m9iV0 +haQXgTSuQxPhGUJg+1wwncJwnYgzDcCPruprrFTmf0s5HZDr +--- n9uSP8ZmTTZ89mlRiNKtRfAEz7NV7Yn0ZQhzP4uh4fo +‚#Ôü¿¯K²¥Ý~l¨Y‚_!Ï1!fz€î@ +O¦FИ(öÃZ«!Ȣʟ8aBÒ^¢ç!CFP•»[h$òOaf‡ÕÂýe(l:X®â*póÚÅ \ No newline at end of file diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age new file mode 100644 index 0000000..613016e --- /dev/null +++ b/secrets/etc-ppp-telekom-secret.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w HrgIGi6lUHRxv9JkCfrZaEHYlB0uBOhwVrE7FA7fWR0 +YJEklSLR9XWt9Z3Vwjgc9hR7JgcYr7l1lxCCU4TJeOw +-> ssh-ed25519 Otklkw ght72AYlMNBSIdVFjgEmmtNvn0fAfmJSJv6ipacc8XQ +M8qx5eXPdKQo+S1iBGuH3UtOCZxKNpgkMVd5hYaC4/k +-> W)K(iXJ-grease B=`{E +52GLQ+oAwz2AphOjy9U5s9m4rn+YLqauNMvZHQy0l4aEijJr/xdkrgizKs7QpA +--- WG1fXgkKmTl1uge3LGCQFa40X1noXQcMDr21hlhfAu8 +OmU’Á¥ ªí–sG m ;<>jIü‡pÊ㘦x[Ån—Ý•™л!n— W´nšž=„0Z¿ÝÆœ½«I£Úw-Ïò %£46 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3cdc77b..0328299 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,7 +23,10 @@ in "paperless.age".publicKeys = [ systems.gorgon dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; - "ddns-credentials.age".publicKeys = [ systems.ninurta dadada ]; + "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; + "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ]; + "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ]; + "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ]; } // backupSecrets "ninurta" // backupSecrets "gorgon" // diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age new file mode 100644 index 0000000..43f6549 --- /dev/null +++ b/secrets/wg-privkey-vpn-dadada-li.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w 626jkdszE7nFjXsB8InmF9c7z0g6Lx45rXviJJVipgk +HOo5D8bIXEUWN+OQOrAtsheqEFpoTEljiQN9iLsGYFw +-> ssh-ed25519 Otklkw MoBeg8zEAs7S8yRN4kMWFmh1wpFG9a3sIl7B3933U0I +KHbNqlQgIfC4oOaXnCHuiXxlmqjwrnR72IdTd18yCVQ +-> ~\AYPd-grease +[i?zA& +k2qPi9GkmpHdaMnPqWsMPWdqa00MdrneQSDEixtbPmedrzPD1w +--- R5nczLpf0MEbOrJBfTOM2mHkh3zbWxZRAn6Ke4PsHSg +[V$·ôãÂðžq + ¬@“<_–ÅèTˆYfxMž «|£Ø)ú¼Uøkœ”]93½Rý î¶]­…Äúâ ß!rĬ¹»¤„K \ No newline at end of file From 972f729438a3166b054fad439532ef53c6a86414 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Nov 2023 23:51:26 +0100 Subject: [PATCH 700/988] secrets: rekey --- nixos/agares/network.nix | 293 ++++++++++++------------ secrets/agares-backup-passphrase.age | 18 +- secrets/agares-backup-ssh-key.age | Bin 828 -> 898 bytes secrets/ddns-credentials.age | Bin 387 -> 521 bytes secrets/etc-ppp-chap-secrets.age | 20 +- secrets/etc-ppp-telekom-secret.age | Bin 457 -> 407 bytes secrets/gorgon-backup-passphrase-gs.age | Bin 401 -> 403 bytes secrets/gorgon-backup-passphrase.age | 17 +- secrets/gorgon-backup-ssh-key.age | Bin 813 -> 791 bytes secrets/hydra-github-authorization.age | Bin 507 -> 587 bytes secrets/ifrit-backup-passphrase.age | Bin 398 -> 471 bytes secrets/ifrit-backup-ssh-key.age | Bin 753 -> 775 bytes secrets/miniflux-admin-credentials.age | Bin 456 -> 530 bytes secrets/ninurta-backup-passphrase.age | Bin 518 -> 457 bytes secrets/ninurta-backup-ssh-key.age | Bin 858 -> 759 bytes secrets/ninurta-initrd-ssh-key.age | Bin 767 -> 890 bytes secrets/paperless.age | 17 +- secrets/pruflas-backup-passphrase.age | Bin 414 -> 419 bytes secrets/pruflas-backup-ssh-key.age | Bin 878 -> 844 bytes secrets/pruflas-wg-hydra-key.age | Bin 402 -> 446 bytes secrets/pruflas-wg0-key.age | 17 +- secrets/pruflas-wg0-preshared-key.age | 18 +- secrets/surgat-backup-passphrase.age | 16 +- secrets/surgat-backup-ssh-key.age | Bin 877 -> 790 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 817 -> 806 bytes secrets/wg-privkey-vpn-dadada-li.age | 17 +- 26 files changed, 218 insertions(+), 215 deletions(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index b51dfae..c7e250b 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -74,163 +74,164 @@ in }]; }; }; - networks = let - subnet = name: subnetId: { - matchConfig.Name = name; - addresses = [ - { addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; } - { addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; } - ]; - dhcpPrefixDelegationConfig = { - SubnetId = "0x${subnetId}"; + networks = + let + subnet = name: subnetId: { + matchConfig.Name = name; + addresses = [ + { addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; } + { addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; } + ]; + dhcpPrefixDelegationConfig = { + SubnetId = "auto"; + }; + ipv6Prefixes = [ + { + ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64"; + } + ]; + dhcpServerConfig = { + DNS = "${ipv4Prefix}.${subnetId}.1"; + NTP = "${ipv4Prefix}.${subnetId}.1"; + EmitDNS = true; + EmitNTP = true; + EmitRouter = true; + PoolOffset = 100; + PoolSize = 100; + SendOption = "12:string:${domain}"; + }; + linkConfig = { + RequiredForOnline = "no"; + }; + networkConfig = { + Domains = domain; + EmitLLDP = "yes"; + IPv6SendRA = true; + IPv6AcceptRA = false; + DHCPPrefixDelegation = true; + DHCPServer = true; + }; + extraConfig = '' + [CAKE] + OverheadBytes = 38 + Bandwidth = 1G + ''; }; - ipv6Prefixes = [ - { - ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64"; - } - ]; - dhcpServerConfig = { - DNS = "${ipv4Prefix}.${subnetId}.1"; - NTP = "${ipv4Prefix}.${subnetId}.1"; - EmitDNS = true; - EmitNTP = true; - EmitRouter = true; - PoolOffset = 100; - PoolSize = 100; - SendOption = "12:string:${domain}"; + in + { + "10-mgmt" = subnet "enp1s0" "100" // { + networkConfig.VLAN = [ "lan.10" "ff.11" "srv.13" ]; + dhcpServerStaticLeases = [ + { + # legion + dhcpServerStaticLeaseConfig = { + Address = "192.168.100.107"; + MACAddress = "80:CC:9C:95:4A:60"; + }; + } + ]; }; - linkConfig = { - RequiredForOnline = "no"; + "30-lan" = subnet "lan.10" "101" // { + dhcpServerStaticLeases = [ + { + # ninurta + dhcpServerStaticLeaseConfig = { + Address = "192.168.101.184"; + MACAddress = "48:21:0B:3E:9C:FE"; + }; + } + { + # crocell + dhcpServerStaticLeaseConfig = { + Address = "192.168.101.122"; + MACAddress = "9C:C9:EB:4F:3F:0E"; + }; + } + { + # gorgon + dhcpServerStaticLeaseConfig = { + Address = "192.168.101.205"; + MACAddress = "8C:C6:81:6A:39:2F"; + }; + } + ]; }; - networkConfig = { - Domains = domain; - EmitLLDP = "yes"; - IPv6SendRA = true; - IPv6AcceptRA = false; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - extraConfig = '' - [CAKE] - OverheadBytes = 38 - Bandwidth = 1G - ''; - }; - in { - "10-mgmt" = subnet "enp1s0" "100" // { - networkConfig.VLAN = [ "lan.10" "ff.11" "srv.13" ]; - dhcpServerStaticLeases = [ - { - # legion - dhcpServerStaticLeaseConfig = { - Address = "192.168.100.107"; - MACAddress = "80:CC:9C:95:4A:60"; - }; - } - ]; - }; - "30-lan" = subnet "lan.10" "101" // { - dhcpServerStaticLeases = [ - { - # ninurta - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.184"; - MACAddress = "48:21:0B:3E:9C:FE"; - }; - } - { - # crocell - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.122"; - MACAddress = "9C:C9:EB:4F:3F:0E"; - }; - } - { - # gorgon - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.205"; - MACAddress = "8C:C6:81:6A:39:2F"; - }; - } - ]; - }; - "30-ff" = subnet "ff.11" "102"; + "30-ff" = subnet "ff.11" "102"; - "30-srv" = subnet "srv.13" "103"; + "30-srv" = subnet "srv.13" "103"; - "30-ifb4ppp0" = { - name = "ifb4ppp0"; - extraConfig = '' - [CAKE] - OverheadBytes = 65 - Bandwidth = 95M - FlowIsolationMode = triple - ''; - }; + "30-ifb4ppp0" = { + name = "ifb4ppp0"; + extraConfig = '' + [CAKE] + OverheadBytes = 65 + Bandwidth = 95M + FlowIsolationMode = triple + ''; + }; - # TODO does not work - "30-ppp0" = { - name = "ppp*"; - linkConfig = { - RequiredForOnline = "routable"; + "30-ppp0" = { + name = "ppp*"; + linkConfig = { + RequiredForOnline = "routable"; + }; + networkConfig = { + KeepConfiguration = "static"; + DefaultRouteOnDevice = true; + LinkLocalAddressing = "ipv6"; + DHCP = "ipv6"; + }; + extraConfig = '' + [CAKE] + OverheadBytes = 65 + Bandwidth = 36M + FlowIsolationMode = triple + [DHCPv6] + PrefixDelegationHint= ::/56 + UseAddress = false + UseDelegatedPrefix = true + WithoutRA = solicit + [DHCPPrefixDelegation] + UplinkInterface=:self + ''; + ipv6SendRAConfig = { + # Let networkd know that we would very much like to use DHCPv6 + # to obtain the "managed" information. Not sure why they can't + # just take that from the upstream RAs. + Managed = true; + }; }; - networkConfig = { - KeepConfiguration = "static"; - DefaultRouteOnDevice = true; - LinkLocalAddressing = "ipv6"; - DHCP = "ipv6"; + # Talk to modem for management + "enp2s0" = { + name = "enp2s0"; + linkConfig = { + RequiredForOnline = "no"; + }; + networkConfig = { + Address = "192.168.1.254/24"; + EmitLLDP = "yes"; + }; }; - extraConfig = '' - [CAKE] - OverheadBytes = 65 - Bandwidth = 36M - FlowIsolationMode = triple - [DHCPv6] - PrefixDelegationHint= ::/56 - UseAddress = false - UseDelegatedPrefix = true - WithoutRA = solicit - [DHCPPrefixDelegation] - UplinkInterface=:self - ''; - ipv6SendRAConfig = { - # Let networkd know that we would very much like to use DHCPv6 - # to obtain the "managed" information. Not sure why they can't - # just take that from the upstream RAs. - Managed = true; + "10-roadw" = { + matchConfig.Name = "roadw"; + address = [ + "${ipv4Prefix}.120.1/32" + "${ulaPrefix}:120::1/128" + ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = "no"; + routes = [ + { + routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; + } + { + routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; + } + ]; }; }; - # Talk to modem for management - "enp2s0" = { - name = "enp2s0"; - linkConfig = { - RequiredForOnline = "no"; - }; - networkConfig = { - Address = "192.168.1.254/24"; - EmitLLDP = "yes"; - }; - }; - "10-roadw" = { - matchConfig.Name = "roadw"; - address = [ - "${ipv4Prefix}.120.1/32" - "${ulaPrefix}:120::1/128" - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = "no"; - routes = [ - { - routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; - } - { - routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; - } - ]; - }; - }; }; age.secrets."wg-privkey-vpn-dadada-li" = { diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 91b4ca8..d538c5a 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w d7GeMCNl1yWxfvLlNsZrIDb4OxSADD6D4nvYfYZz7Vo -Xe0xWD8Q6tKR7uIDFkD+/jgfUzUOX4CrxZB5o9bM2zk --> ssh-ed25519 Otklkw kek8jZrI0Qz8s7G/uxuV4VUYs67TrUd/+/ZAUD9/k1k -v0C/+QO8x2ThAlH+/IdVorUFwnNrHwbCU3zWt5TEwqw --> y'2X-grease t2m2yjI ag|Z -mhPGDYZmjg1cnxZVTyGYh8H4cnO9mSCcWUSFAHy9JgPwWPi3LyfUkhBsnWpkE7zx -9AqAUKb5e2Ezqtx1g1l5G1mxmA ---- NJLZT2v75GVUojKNuRKa7YEM5LxiC/Fd48YTbRrLFsU -tý¨ÈÚyxÉö…g€í3âW·°ø1ðœŒø´j(·åû¤x½”ܨբTnãJ¦ e×9¼R \ No newline at end of file +-> ssh-ed25519 L7f05w RayKtknLNvFu88aFp4QL7ZMLAh5VmHmlr1DWVsWBziE +rckeFrazZJ3TxY/yD2wlzRVLh9L4x1bV2Nk7Q0S/RWM +-> ssh-ed25519 Otklkw oub7OICQalIkCqAZh4/FfXB9PPBe7j2IpBP7WF/UXGk +gAwxU97b0Js6UPv59/1389/qdPGQb4koa49R14c3UjA +-> mU.rG&?F-grease V? d a}mj5 ^&dc?\ +B0k6BjXmH0cm74+rjQrzJwKa1dcFwTdmlgltZ70oHctwA3+E4/CQ1ChH9UHzkHGG +Fb62klB5XYePywsvxLo2nIGVIvhBgsfIvUpq +--- ONLpuXfKtuCB+VD5IQ5KeSPyqgEb4a2y26+n5E8Ph3E +uîD{¨r íÚ˜¡°†RÊ9õP¦ j?hDÃ<™ØOÓœÝáè> ‡Ä-Œu¹áý#…Fñ2N +Ysò\ õ \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 0cc83ff50264771089bd73f427480c42ec9c95b9..15eab186e0713d815e0cb1b552e19a374a3c1a1a 100644 GIT binary patch delta 867 zcmdnP*2F$Rr`|U!JT0f(B)~mgJ1n@sBp}n(qC7LlzbMexFUiHbAlEtF(%&gxJ2JXAZQEZZ`%Jge9{BR9myJwMIU(K|88+ae{)tjr)E zWL=t*bx@G2ZhBE_VsWZMxTBqZY@SUdSCW}imaDe8Z&*cMp^L9+NRgjodSG~FV0Khu zWTA6?MN(O0kfpI%u0>Fko1sahc5Z2slet?`uw`MsL7AVEu@9HGzf(q*cT~Qqeqy9$ zaAu{Sb8dLLkDqx#XrxPuk#m@5T2*3HXkngbexb3pS5;P$Sw@L=rjK@INWPnPRk$w~ zm#(g^LV=@Kg}daYtEmNW@^%L;xwbA4yWWTOdFCRD%NCuq-i{f(CSWuqNM$_sx^YY3Lv z65D_ALj8mCg4arMS6(ZIJ-R097e3<=>*w&(6Vm3(G8}IIHI3nY0%zH;?S=_6{~n$C zTTAPB+pi}q_x^heTy}j~DtLTP;@e+25ifu2So1qA;`rWA@!NGaT;ZJkHU8EGqidh5 z49eNJC{;c8NN}j0HBar?C;6tIX_=BHf3o$u+V>^w`&6E?tG+=g{PvfO$&us&P}F@by9H+_UOQZNXzht(J&D_=iywTylJ(Q#c)m@6eKYFQ z5r^bM$*zHmpRV` z2^7Zix4!V`Us&+E{44Y1U8-#r$`iS=o!@z@_L}_?I(c!PbFI=k+1moFM|bmHHa#X> NucEW!@0;3|1^_M^Y)k+E delta 797 zcmZo--@`URr@kaP!`UOuqr501G2JsaIW;3YJTg5s+sm^wIU+K|G1SH7qA2GCM57HLR*6 z)Xgi<+&$fZE66R^z&|-WI3Os@xX2>ZD9NxY*uA_YG}9z2!>!aPB-^ht*)%W7$)hY8 zWL=$(qCstKu&Qo)QEFmwDwnx_c3??By0ddqnR~W#RE|q%aG{4sL~4b9RzQ?dVMv;` zS$<-DQmDDUhk1c}j(L7zp<$+ZSy)w6kyDj>NTxrRpCgy9uC9VfXlO}Vk*~g2g@Hwm zp;vyno265Fm1$|RUsOn7VTfx~if6fjvq^?&P&wD!i8riI?dN9F^T_)ae!=hP?{34b z@7h}w0yIA4pWEhsX}u|PdDkP$<6E4HZtU9;8B<>s+r$^zt9Vbhq2}nmX(v344Xyfa zeVFvD;oY37Unid3ZQs>D=T-M=y>QtF@2%JaS48kgw6N_d^ZPb$q2Zq2c3qFJwmUv* zXk&2+J8E=QIN7hIwa(^TY3}WoZ*LQC*;mWf?^WqT!wrt`!)T#C1@Fb|n-p0`?O=C+SM zmzk`K6PQ}w{dK%$ow3MyQRk);6OZ0w78W;iS;XS5sPS>BTlX{B7!=qzM11*;KG2iqk3k zVUwBAJb%yKFV6OSczRQE#`Eycho9JN_|Bm{ckw~1bi-A$9vcr8oOxe0`&(V>6P<*_ zLJh9`zMK=9Y2s&B9P+i<>Z(#9^YV!e*J;KU`K`P+BRsMU7nklR3E{I^AK9}ci_73m sqRV{gv|WOi{{52H@D`5f6LWHHDBN^--b>~vnZOcZDZ75Tr&``M01i7z-2eap diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index bd19e1d331641011d88a54b9ce16e2edd1aea29e..9ae8b774111398e0cee5d98039d21bb154a69c3e 100644 GIT binary patch delta 494 zcmZo>?qr#uTJK|?W?)*bpzq;0jWEzs1ca=@0(##mY(4pQE5_UW|&BBHHCsgL;YGi1$)n|8V#-rQ-kD814n~ozhYC* zaxPt6U4>#ppMpSr({zuN5)1Rvj8H=Zx9svvXQRq;57V5oD8m59$U?)A2;+R`$VjeL za~}NUJoMq~`K@v6Z=TfO=>IGozgzXeb@3TLjGZ4oED8x{QSJU(P<~P7`eTN5^KG{1 VY-MC$JV%Y=CzJfrbuy_XKL9;Ps~-RW delta 339 zcmeBVX=a|F8s}veX+%}YZHd zotB$lS(P2iW$F@;n4S}q=pR(%pH}6UofYaFT;c8-T2bMaWTI{2;~lE+7?tBx7Mf@= z@uPUXnZKt|R{wy}R|rdg4fSCuQ5uAPEflKmD0~MbOswL8j@h-M2pc l3F7PJ5aixF{r7Ud|BCN(`pi4-82|-cdMW?_ diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age index 8e50189..6a4d954 100644 --- a/secrets/etc-ppp-chap-secrets.age +++ b/secrets/etc-ppp-chap-secrets.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w xkw7tPnkvX1TGG2/Urocw8mQe6r2/Fpxkvs1Nr3cVXs -eJyvIUrFp0mGWXcmHjP1+5YW9cgs9m8bqUnwgm8iMi0 --> ssh-ed25519 Otklkw 1IfE9jxV6gz7yfPmSmXsTWsB36RFHmdpjw5eUlElTCo -GyTNhYhDbD2olE6DiKkr47Mu9NMBMHsO5/pTkcx8WXk --> ~6#g&f-grease -lIbAZllBnOK9YRMIQfPX/veMc111/u5w83pQGuMMWUSyaHT0xwxp8IYn+R9m9iV0 -haQXgTSuQxPhGUJg+1wwncJwnYgzDcCPruprrFTmf0s5HZDr ---- n9uSP8ZmTTZ89mlRiNKtRfAEz7NV7Yn0ZQhzP4uh4fo -‚#Ôü¿¯K²¥Ý~l¨Y‚_!Ï1!fz€î@ -O¦FИ(öÃZ«!Ȣʟ8aBÒ^¢ç!CFP•»[h$òOaf‡ÕÂýe(l:X®â*póÚÅ \ No newline at end of file +-> ssh-ed25519 L7f05w 6Ct4ARdph2N0g7ZFljPbEAg4R2gP5z2qMupI288AF3c +NaQUNkEt7XsV0A4nNR5uguwK6C2KN26FJjeNB0mtz8U +-> ssh-ed25519 Otklkw uyRTZRjgzleuEFqGJDiO84c5yXFV0XtQci7PdroNzAE +vl80LseOwmKyR+d+VXWseuszqao56GjnbyN6XzETKt0 +-> {D^ar+U-grease bvk{ `4v Tc? Fv +m/JnzLsIbh8nYWSIvbBl7GwnZQPvAyuHSbmNWiN5pzS7O+wFs9xWwl26Vn6Y/lEf +JL9+Ra5MHsiR7C9XRf7or1rd62SPuIKyaWlq+Z4Vqr4Of4jWyJqQtNo +--- 5cNGpnlhGc0NNriUIZ5KYGR7Erh/fPqV8/8qnpqEn+8 +sqD&Ÿù‰L“‡=7Úämä¦Êií½Ø£%Sf(ž#éreãÎë’)Ú§›^†v÷ãc$g„¥yïyíA•»k6ý¢Ì¦íFñ8¾J=ôôJø +W \ No newline at end of file diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age index 613016e1ff7d144d057c5dc0bf3001c0c2641653..a97dc40a488de8c7f143cbcc249894bf34c88c55 100644 GIT binary patch delta 372 zcmX@fJe_%hPJL01W14<|Q&FBzWO{a{QDTmPpJ7s>U#ex6MWAtHWqM^cX{u+qaiwK>MNx)FctlZ!Yi?wwueU{5rjKiKdS#iZV`xUEzllYdE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1v3XFbX+WS`m}8!iWqGBaYkjDbr)jxGm4}gqe~Q0PUUs6s zZ*s0%Zdil?S7b?&Nw}lGc}S4Cp=EeMv16%GnWt+-s$WWxr$=yTl74uUM@~qliDwYl zx|rN>%PQUUqSVCVRD~K9CACO}+G* Q!NcckrG7_lU3EPH03p+a1poj5 delta 423 zcmbQve3E&BPQ6D_x~F@lSx%@&P(_)gSGIFnQB}bDkH~&4F9Z3%TUu|%UqM9JncxI z!o<>gKi{$_kHAWU9Fs)X%q*`W{fdP%Lq3%eC3|NdKx%gJO Q?)gu=jH-)SO<2uX0R-ZbssI20 diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index ad2fd69973444359f175a5db83511af7a8149339..24beb4001c319a7a7f2465532add0d647fa78741 100644 GIT binary patch delta 368 zcmbQpJehfdPJL2xd0?rrQ%GuINJOM@MsiuAYlUfLYF1%No@sHBSF&$tkWp4ZrbR(u zAXm1diLYtCetw!!xL1mKwsEDGS7MSuPKsxFluxNgSwvZmUwTn#W|B*(Czr0BLUD11 zZfc5=si~o*f`3VNPIkFMa-wmhL1IBvP=QNmNLENvdVOM2fnjBmr$@f0Q<%S_MNvk6 zdWlzPSz=W_SD1fVaD|7zNtUZYva^waSCoEkqhe>2m>46lOHe4mK$2un+!uqf?-$kOskA8n`bDDAv5 zUw!RNqw;hvU0q!TkAPr*wAsdq$vaA; zC|8=ZWl4&ObF#0yt7AYxn5U^ns&i?ObA(5wlcQTfc8;g1S7fE1yH})#FPE;JLUD11 zZfc5=si~o*f`3VNPIkG1OGI{>zeT=DUT}!FepN)WPrbQES!%F3cYeOJsfUZFg;B9jo`0EXrc;DtgjYeXZ=`dkMX0YM z$U03!4V8c*eJ$PeqSVCVR0U1d661m(OKXLy{4jst ssh-ed25519 0aOabg 2rR9gmucthvZ2cNWMKzaVQfAvZgvI4fy7gYi5+AEpVE -b4neKeY8BadfOdPqasjkR0xmaPTtv97W6UNIfUi+nxY --> ssh-ed25519 Otklkw wogPCmJIBOBM6c73jWFnF5PmrDo9yELoF/kxLI3ZwVM -P0V8L8WKZICCkLgxbRk9aTArx0GghZUbG/xLglL4+l8 --> +R-grease -/mciikQ2 ---- UYVFwxGvyG9o196hwTXJkjVSr+hGtAZ+QmZPa4NHiQk -®«\'–©xò@øGן•)måuçI„orÛf|6—l”‘}¯Ógxo.ÚIwm3ùêœï½­\®·=VmøÓUH…¨ßgI…Õ[K=? \ No newline at end of file +-> ssh-ed25519 0aOabg rRJrTkyZU+Fmx05c4FvTCW2xrGKVzqqkECywb99OLwg +AELU54TN2oUxQ9r2Zx2CltVvyKh+7kCJnccnENtAZyE +-> ssh-ed25519 Otklkw i9UGmqESZAaz3x1B5OjJq/ILEQnDRWsGbgHtnICrBl4 +plEjZljaiRmeOhqFxblzfFcy/VqViE18hSwPrxgHm6Q +-> Ukp-grease CP.W +MZp3tfA9p0SwGxc1gaphv1XUPi3jj4dfeiBmiVl/FB7DYubrLzbJZ2Zviz3S2h5l +upLMFRZsTyhskVQ0lCfXFXb86xLXTc6pXM0klBwGajJrJFbF5Q +--- JZS2Vh+BBv5memqLMM+onaaldFUFm6keKFQooGSmL04 +.oçÄTŠ ó2¦«’bºÂ‹k²,¥—·Î·E‡“áÜØÌÄx|•óÑôg‹ÍÅø1­¥˜h;\}“ê¡8¾=e)л±'ïJp(¾ \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index 43c53c49c0d0ac9ddc47acb3cb33a486a6f2ce03..64ae67527617004f823eec7b5ba94e69efcb3782 100644 GIT binary patch delta 759 zcmZ3>Hl1yPPJLdHZ+=0zk$#STYGIyxSa67QTAoX(ex<*svv*=esF_)6ML>9ng>gYf zD3`vrPnlm}QLb~KkC8z}QhI56Ubd;RS)g%Qka4banwwLavtM$OdrGoTAeXM4LUD11 zZfc5=si~o*f`3VNPIkFMp^r;Isb5}!LAr5rp;uW(P`#P6f4*UOxPC-vhDo?~dP-ql zu3=7Ul2b$=m%e3oRfTg=U|x}hZ+LK3RG5WddQg;WfSFfOl)p)ohkK^6VNq&osi|c? z$U2?GDDO%e-Snc=#Nt$iBEy^#9j>&*jIcb@3ZD>5M*|lVkKD*AM<0LxJSS%ZLzBwl zitN1l#GEh>qcmr4CnrO%axPt6T?Ic!edn_B)DTB6=a51tU!Te}1JB$@6YubJ!%EK( z=fEm$eG`x3$YS#XSFY}}2X{?6^PtbxBHi(i6g(_q=2B(zY1T~ z9xu9@^yb*oJAXe%%#Ajj-Ek(prZ+_3vU>ln`-MLB8#YQ#yLjUC>b+WJy)W)`9$I=d zi)GKF4@=lSeF^{S(D!-Oy*)R)Y-R;>p7oyUyxR2j(#ub_7VJJ#I7{XI6g_2wW8p2n zLZ;_lPH$T+Cv?h5Dkg5T-xh8Tg_vL8E4LNhlCYc4`F#Hg(a1x858JIy)Ry>{I3Ze9 znX_&Av&OHNj%7O5f2mS=%@biDO2)8g~eTN~b=mRc!Yke(ssA!*iK zXd|ONikfX z!KC}#jhF1bJ-rXVdiu`% KWwrX)r+)wmS4uMg delta 782 zcmbQvww7&zPJL;lzH3CNNls{rmw8BpPl;nyu}h$HkVj}*hM`GbMrxsPfMHN&WU5bC zC|9m&WN~?_i4o@Yv$abTcvR&uCzF_*5LLUD11 zZfc5=si~o*f`3VNPIkFMdX}Y8US)(uihf~LL}H|QO1-g5Rz`(sdU27TX{ocPL3)x& zV6k6dRa#y)mw~opMplrCd#Z_XWSPI8qi>p*X?cW4giC=zdX`~9Ww~Ecl8;+>uy&X$ z$hv?;Ki%}A)WqUch2#itw+aO%uGDnL9Cw#U%M>H$pn|}NN~e^Z6b}pI;DDT>T$Aw1 zF#nMHND~9IWG4%4?K0EItkg8^97nfu%gn-}N_Xwl%yO>a%wRJvU0q!TS0h8G9Pf%q zb7RxY?7Z@<;*`(=ePe^DJoCJCBklZB%S^{S-_**qiojy7A0fF*o;h4|@!Rpitn*9$ zuIsPowr@44vpO+X-FoT$iako6YA&v7``o1tT&?Hdb4gnMljE_Yo+r|MH@s%&;@!LT zZJz8QhnZ!cLOdr29k!Wo$)mNSo_j9n-8mfX8h4T`J_kT zs)+wxbBk_k^KUkC*!gg$ee>J%rzP&bShgVf3PF_yB zz4d$4uI9^pGJf@&O@dwhs!g|BH(a!4U2|~G{`}LoRN@o!&6q2~#11Vyk?+fQU|+_g zl-2u0QutSx{J3wZA^LRIvlfoIes6^=KF@#pSoU(@UKgz`woAiXJp9||<;{LNJ#^2d zMx7da2G;bvg7BgqTgcA&WVf%&k<$QpKv3WS diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index f0c396e8746b42ac3fc25d83ae81785181a47fb8..a78cf11f11c95c78a3d4acd519754dd44758fba4 100644 GIT binary patch delta 554 zcmey(e41r~PJL*kf4);%da75NM|ikPo@KIGWK@NzeyVptvTLwslwpObi+N;*V^v~$ zAeX;Sg-K~eNO*;hab{p)nt4E}uSrOiYgT$rWqx?FiBVZ{igTc4d4Z90B$uw8LUD11 zZfc5=si~o*f`3VNPIkFMXnCNog{g_DL11ONxm#6{Ykg#xxoJscsf$HLWlnZxMNmLm zc0r}FSzw?6S4feCmq((vsef6qUy)m~cWG8+mRpi@UY1F&x0$n%n@2%mczAhkXiB6B z$hw%K^gOFj-Snc=#Nt#1JIhq{B87@vg)HxyR6~Ubr3kLbvLH(@m!je*pCrd{BcB47 z0Q0PRGtVUVKX^)SN8+?24p(&%(5z zr~*SrE?r$+h18rXZIe_B!whp{M>j)5KmUmO(u@kf@)Adbz`SG=13xqU{8Zn76wmU4 zP_Bmb(<{OvAJcflHH1UadJhdu~~3oxmQMVP+oS9VX?1okiT(uS(32< z$T|nz^rFNhH6W>(lY<(k3%iy4l2=l@$ z$MV8@!?dKZFoU$foG@>TB*Q!(zf@P3@?u9WE?r$+h4M)6K;yK6a_xYCa(^H9(o}c- z;7Dy(eMe9K)SN1R)6DD;!|cq^s*1Egu5aIWUdWe`G^+EN7S#OUzTx{02N5pWCuz~X zNs|`vPT4YjZyE1b6%Ca-_G4V?w|SJKWnWFbJvpfE+*7emkEQQ5quy=h+J8loYweLa zJ-b$3)ZmKY6xkCva}wjyz@|?#=6kvHy^%QXeoU$?f#;_kOYGGb=Za1+tO;LH&YaiD R>;9sYi*-_a^{&kPXaJ(;tD67- diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 74ff2bbc6359e6e9b3dceeeb5a5225d09673069a..640ac05baee8b962a326590d7e9b1000addd50eb 100644 GIT binary patch delta 437 zcmeBUzRo;Br{1l^BgZW>Fwv-@$kg21(mgZSC@ezTFVa)rC_BL1xI8=}%&EA@%rM!- zg3CQWJIf@cDlovz(aAD0JjkgmH^Rq4Ke(jW+|S=E-K;#oFvBx4+dHMegiF^>p}06h zH#Nn`)YQ;Y!M`LsC%arB)XC7tDBZirpggbGJ-Z|^tUf0%sYp97I5aBI*d*QD%ipB5 z)FU#Zw6xNfE5gJv#Iz*Q(aWjCEi=)~$TKv=CDAZBB`K<;Jh37&DA3K>CAG>T(c2;$ zWL=T9i?6@CZhBE_VsWZMhEhn9LaKdLT$q%XjrkQyGdSEh<~t=yIW~QNT6YOsSB5BfrpWE zU|NB(aYk8TQDGRDuCA^^SyrZLRCs{7wv$hKL2hM)QE)|iN}0JwiLtp~S)heWX{4ck ziE(mSS*a&i?BCO=ZHw0k@0i_rZ}w&#)lP*%y)W}8J$jng+v4b3E#)$C!7;D!XFijf ewl}&vY?<@v)jVeX^d|Q$!c6&lKj?)WHUR*|37C%n delta 363 zcmcc4+{ZjYr@qW1u{1QxBFrzyF(lVAD=^j5*s{Pa)iFCDFwo!EtuWPF-y+AT*v%k2 zlFP|7D%>?P)6pl%slYKZ$;~Op+cd{8G}Ev&DY8(%+}lw<(!?~-KP@mbn@iVDp}06h zH#Nn`)YQ;Y!M`LsC%arBG$+L~$g3pWFDuW;DaR!&x8A*^*fc0O-_Rt_-6$YJKPe~4 zy(+n~B01fHE2^R-zsRt%R6ok8GAYO}EiB5z-P|)dK;IzW#5uV%$JivRd{w;XlRD9L3X5biC4B?U}CUkP)T5wiEmCyN@aw1c`?__BX58EJ!?)_aohWW z-T|8jU0dax?)=PVxEo#lWF3F=xwG}FZ>J2pLa5d>0s`|!_sBRlld4fTt6moGA5HP z+hgMG6BpceHF6m(-J~0%ob^dR<++{nsTrQv6dE3}KP|lPZ_6dCd3}~=e^=t z%=mh(z_;$6vN!h^Y}@hI#9TTvCtm$jiVJIf)EV7>oBngACuQ-@bK32v~QhtfTFP4rCw3zRph delta 721 zcmZo?`^Y*$r#`4EG{P{rBBdxvKf=AFJTy4dQs1Y{$Iv(2H7Yo{&^0mHza+)QBfKcn zmCLdu&AZ4qtkB)WFsV4tH7zhC(XlcsB+SvnD8$6v-@?c@G1oXerP#UBlS|i5p}06h zH#Nn`)YQ;Y!M`LsC%arBud>Rcpv>Rb(Id^&*E`H7vc4qPFg@R-q$s%1Eh5Y)-8Um7 zBPhtVFfl8c%U3&FyEr*FEW#wTDlpa3(6BtH(96Kt&@J30D$=k#GR!Y1BQLzv*C00? zWL>VdZhBE_VsR>$V^wByQXrSEuC79ER7!}xr*C3mT6St`sB5@sM7V!pc!9INzmIRe zdva-gNN!?gc~XH_Rz^BkQJUKAGkvRV%qDcIOCAlkbZj?Rc>LsJJOAQ4)Bn3DUG-iV zANyO`_=N1&ZrOPn!AozdAHHGZxufzBpGG^AS(tG2j(HA|+w%G|mt1^SKjWInjmMvl z&WmCDeJbtmmZmGd3?7#YXD?DOW4M2jr$BLvv|mi6W_>pE{yHC}qPppGkLlz+NV@X! z(eqm(PTSm=r9WPB)o?ZTK6IyufoWOR|8>tcDon8d>a)+u%5IvVbB@95`ETbj)g1fj zkQT4gla`)xPvq%!HTyW;iNY=)<{O42Zqa%)>*Z2e@!j_%b?+{a=rW!oHsiq`D}RY? z>EG_|-Foepf-6U1z37AG4-G#*f3eAZ-4-t%y(zzaUQ4{5=FD(ec1NpC*r#0g!WNmb+fH2~y(OJb8|4zUimL`-`^KlpF4xB`@i9pS>|ilc#g$ ziDUYLtn0AF@nL&ViN>)^Pu9I_xZ&F3Nb754GuaTFNOQvhMbB?~g1(&X!LUD11 zZfc5=si~o*f`3VNPIkFMesZOoM~Qn?a*ms}d9bCYd3|YcVR2fXX?bd4MV4uJp|Me= zNwQg(OJ=YmSB6W3X;@}uu6}rmTa>G5QAAZpzFS6NiF;X=wp)p@M}~QRW@(jksk?q4 z$hsso-Snc=#Nt#1qf&*sAcZUwX9eS$j0E3WeXg{WjJ({Oa_#a$e~Y{%3$rwftP~f& zaHD{Fqu`3Fl=9M?tb(AT9C!Vwiil)qlfa6SJb$yGa&JpN$6(7)r@$gEf5!?hvohlV z?PT9bujJwYKOe^;OM@cUs))3ZFrzSkzo_(lzjA+XKcgJeJbkYSi$r(l64OlmvM^6B zU0q#;;>fHlBa{3@_fX%c02h;xFbgm5w5;IF0FTs2fA0)!|ANv~pQsT1kP7EOuGt~} zYIA|_$EI+ok5maAYK=N0HIY5@T27qF24 delta 422 zcmbQla)Nn+PJMP%kV!;(ZjQcDc~peEeqMk@Qbtjgv9p7vb(mKTY9OXenmlWnQ2+1mw!-Mp?`RBXhd2* z$U2os!^)DVG~M)~)WqUch4K)tr~)6SsE`zAi`0-b!>SDb{HTz?+|;mSv*MrNY`5~DsQk>_%1rGLS4YPT%p8zN)74?6emC?fgHS zA`TWiy@^_M?6caVUXMPmpJk>ej_DsiBo`&}Dpmel!g)QpecL#d6V6_9e%BsS!=Ul9 PD?YfnDBp}06h zH#Nn`)YQ;Y!M`LsC%at1*I(Z|EW9v3qsTeTq&&I2xIWP>v9!vqvcM%MxZEQz)U2e+ zEGSCbFep5ftJ2FnCpEap+|AD@IkC*EAk@$@vNS6+waiUBGPEKoyCmN`I4>ZoqPQRu zWSyUdrfzysYGQG!f}(;Zms5CNc5rE7luJ=!zGsxPQF2jvNs&>hqpLxYiKCx!Wp;#@ zt9NC+k#C}@QCON^dZkxHfM-E|L|%G^eyUS|e*u?aaB@hoMW~6nVMtbbL3x@>IhU@k zu7asaa#&iFnTLyeu}4rvs%c3`RAI8Ac~ObCi+PBLhog6*o3^%>X||hBGMAd{$E7dY zZ>96O&CrnDRIxtDf3a1&*CPEj36nofG44LQQ$gYOo4(0eO_y4a=1YD*`1=+2jn8}g QP2X+V^WNP1j^IWf0AYQZ4gdfE delta 484 zcmX@f+{Q9Nr@kWD+1b*?FF!md(?2{VIV>f(EYj3TKik*B#m_w{)5kx;)UP5q+059{ zl}kV0Da^||FGN2jCAZYGq#!D@$S{FV`YHnM>DBp}06h zH#Nn`)YQ;Y!M`LsC%ass(8$Tr+tMXG%+swRC@s*uqTV2^G%Tpt(LFQ8MLVLb(8a7E zsMIeqF{CP)%ilOC#Irc5%wOL!H`q0!BF(ERGpWkSs4A(v!Yw5|EYC$h&pA8Swamf* zWL;sYiHm!Uk8XNVYGQG!f|a(tLVT)URK7xVfkLDSm$6H3xqd`)VMt*?mUC))KvZ&Q zNTNl3vTLe$RjF%kR7kFOk+F7FYFVy-VR2fqQATC1YnfMMMS4McVM>mRXDU}zs*7oE zdO?71u}@`&X;^udQ@(zsXHiu|ZmChYr?-1ig;|-4vv*EZN?}fTNO)3#enyq6Wpa5y zl4pjwp#_(&uC78-VWdlhi?e}&sh4lCPen?swzqavc9?-{YM4b>U~Zs!er~0=OG#x) zYGN_h#re;ie$Gqn>%DM$hUCJ>3%PftdQJ=ZRacVnGdbPn=wzRHxsR0@&-ZuV>SACO Z7Wk82{UrbO^fd{Ubye5;?H;bR2LLzut|b5f diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age index 86ba2ec2b0deedb281c0f8a96f9e707dbbaa20cd..30a2b2e203856d5cd722e549c17249f84b350695 100644 GIT binary patch delta 727 zcmcb`_MLTtPJMAyn0|;wMuA(oYgMvOXh2bDXh}t6sCHtqnX_B2QKW~Pc2R(dPiDT6 zBUgrhXt{}Hd00TOYnV%hcUV?-sh?Yhenvn_MQKDvN?uNYrAKa9QCP7>K9{bYLUD11 zZfc5=si~o*f`3VNPIkG1S%sN-YKmb-rlDm>RDO1dXT5f5WS*<5vxljRaeir1c0@q7 zpSe+bNlugqN9FURJm( z$U1#Pd)@S+)WqUcuCU@jE?r$+g{0IROGCrJ5bvOn+=+Mi4St}f3VGd)cBEmUYOnP`$|VG z164%Q_*X9VD=OmheE(PP=Y-Ad5=w`bTvWX2+IQ z@hj~*8Xrq0-%&M@eO}JI^1Ai`8q6 zplyeOapL=@E>g!XoOrUW=jBU_d1VvUA6q9Eo}hg0mF#lK{`C&OoGSkPojB{2n9`lJ zJ-ZZ-gzWz1eO>p?j{1vJ{Fvf?U-I?Nujq{&aC&oqI5=iCQ dof;jVkit~-e`f8$WL^=5U}J&hw{PQ7bxq^EYWd4YkiwzHG7qorGhTaHJeg>OMXXkclcUwLR^T26Y7bFO!U z1y@l-Zc3@UV}?nZnT2IqWJHd(i>HZxk!eVoS4p~gmT|hXt9g=da#~2KFPE;JLUD11 zZfc5=si~o*f`3VNPIkFMMU_u#R&Z{qUrCZdRFJQ;LA{}GzL90BNr_K>R$h*YVUmeS zN_u#bv36!Umr;IdxPHE8N}_+RslRzuXu4UFex_@rrIDj!nvaWtn_;M#b7@|rpFy?> z$U1v<-Snc=#Nt#13u{e3g^<#^8fPa3H9hrMN4F}jPz#r=fRHlxs1$wuV*lX$;0W`g zv{dc-^1#AkBWKTINA02vcVG9)T({)Nf^4^_oQmYCWW&_7{3KJ0Qg1i?O0II>LVvR~ z|DYs`vXUI5q+BycE?r$+g|dJof42DrVv|x6uCuS!Z*kppr7e50;l|sGx6d%{uYY8^MkO+YA^yd?C^-{J#;~Ld4KgcU z$vshTE4FT4rm11XV?JfqhGU;P_10^3-Z>aN=S=kR4?iA%YhT={Z&$Q><&N&srEioq zSB1#V&B#6YP>3jsN1S_7+4g*&daHP<`LbAnyBbkXcGYKYD*oc# ze9VH^%u2hSb?tqw8+QcbRYMxwC;T>;W8oNgCtO-#n%lo~livK_9`3*C)E+V4t8YqQ z8XkV0-qUUIK($vleB0tZ7kwfgZ_!%6Yta_xNVd<%&%C%Oe=GR7Y{2i80%E~`PR;o+ zVX=!ve}jcsDDTi5Ho=5xa zkf0iUa4=Z*?{4G+TbP;N5SZzc0KI YeCBU)Ysu`qGN|Vwv%^gM1WbS z373gWae898Nv?->nMaC?iFcBJkY_}mW2Je1S#X{~g@voXMPXsEeo&F4BbTn7LUD11 zZfc5=si~o*f`3VNPIkFMl1WZLh+l=TVL)bfZdp~HSAAuLnNMF`bc~-80g_&!(Z+3=}duoPunR|tqQ9)#-vvYY_Xiz|MroK-g z$T}CTF#oIq12x_BqSVCVR0ZoaU)vOgD#e6QEA?mvk$WPa_xK(4gEXXRj3BbmOvMcQ@1UvPhRKGw+f@gG472 zH?9aLPah+bVt4IO-yn;k5SNU?P~*aqe0Mjq6bo;oV#}&b?K~5U&^+(t@W{%PC}-2` zQp2jOOrxYCzj9wkE?r$+g@A(eL^J=wur!nUh$xdVCqwgWZDU{KP=mloA4>~;ay)qI?O&eb^GV94AZ-VDW#SyCZ(< zwimCi^#0G?@ GS_S|(24m^~ delta 735 zcmeyx_MdfvPJKmEvR84bVRBNgM~HVowr6E!WqCzFez3n~Nl~_Wk$Xt4cW6nDL1|!K zK3B1;kDEo7p;JXvVPH^}QK5@(s!5TVak)uigh#4&c4B36jz^xmcTuKaAeXM4LUD11 zZfc5=si~o*f`3VNPIkG1VY;?scDR>8scWKFT1jDnetlk6vU{L@q_?|EV40gwzIIxA zM245Xdw5_nS8!msyM<+By0NciWl2eDQASy^er|E8QFx+Rn!8h4aH4BwRHRpNMt)u> z$hx4E+M<{MW8L(k)WqUcg@kgmST5hN!pJ~Ji*nywuc`GB9I zby>gmR*BWM@JyE@HizOD?Yrl=v#;UKl4la#qK=GnpPu3V5Nx`>af02OI?;9eR;n4- zMlZg!I6!m7Cf`X4+y~d*bC0QwWfySsF1@++SfpuGeZR|3tq$A3X-o_X+W8yqh%rvN zU%yy4sH^k$m6=*MrydD^Ue_poWujbp!a>;-|BY*ZDeMdp@ZByM!gF$-ZSS^S|L(09 zi`xF$bZtn?7LUzKC1UA+1*WR1oy6gGNG*E zo*QeUZvDx_?f>u9`-`0KbHDSjf6Y>x&6`VX-_Mw*^2t8?!?cg(dtJ8NUwLprQ$_gW zNh^NNiv2(NTkfY{kN>C#sdn~1T3s%c(KIbbJUaaDrKz{J-H+b8S7C;dXJWSYyXvdY zua;~!=2-h%ak7b%kc0b&O7pvQ5?emEy!o<$Yr>pP(a7^D+@}h6uQ}2mvArc=dnbdz zk9xNCx-OE-HtkAiI}y^aJiC$oIoqOTPXbzw_jmXkw+X1fx1Q;AdUe*9*T)P*%xYvm lD9lx8ne$XKK6>LbtEcC-o#LuA8%2LT0NLsS3& diff --git a/secrets/paperless.age b/secrets/paperless.age index a61e12c..d2c2d86 100644 --- a/secrets/paperless.age +++ b/secrets/paperless.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 0aOabg deIgXn8a+arzwGBlDr/jSwh/yoZ4yNUieqiDOEVeqQc -MTYJWoYqvLCVh2Nw0b0dLyYR++kfUSVVGQuVlcXa3XI --> ssh-ed25519 Otklkw gVXAVxWtkBp3qi4afl5/8X62iXM0lmj3qU1hzdLpoRI -0JNv0Gb3MrUODDjO9yO6+IUoP5wTrd9cu3B9r20umsM --> U^y7-grease +u vsf{`Z$r -OPfX961ZFMCMEq5kxV2XmOS2ahq5xCrvLkORHK2xzhcYlN/7aVz2jkkzkkKxsLS7 -J1tpba10ZnC7 ---- C79gzWZZ5DM+/mEApSfkI6CcsWxEbYY3zq4mFMxsgSY -ÒrÕ ssh-ed25519 0aOabg 6QT8adxrQxGCx9w6JZPkbCsCM/Vos+D41JoEQ19h0AY +UaXt2lE7VnhaQ4McdCIGo8kdaYrPyg3ne8MIBCt7NXE +-> ssh-ed25519 Otklkw GJQj739xwoeP9xTLpLrCxANx3/Ebipnr345xKSFLf3w +xtQBgTYrLzkaWBkx8pi0R+GKa6inKFzFD5tompll3wo +-> )gWM0O-grease i%" tB +culBBLA5Bt/POa9w +--- Vtxd8HsFnjBl6eXE4UYNoR1Ca/JA9UlK/WE+FNkmPtk +bV v—ˆ¿:±Šah&à4üfNJ¤¡2]ÈÙ{!%1ýà¹Ia\}Xe¿x1~_æ²"šrÛ,Éj:O?òẾö5 \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 51febeee6f5f8daadaf2152ed1d22e4c3c698ad0..7750b1cf6c94258bf30d125c19be3d922b5c97e5 100644 GIT binary patch delta 384 zcmbQoyqI}{PQ7PZX12DEZ>3k1V~K@xpqpnLnq>ov?x3^KEt9xQ-L0OKIW2%`+AeXM4LUD11 zZfc5=si~o*f`3VNPIkFMRJy6Tkx`mYU`}XBN{MGuKz)IBa%8GYsCjvsSFT@pk$+T@ zWoDqGL27m~S7e2=ziX7McTj$AS+aq#sk387PGNypWHUg7RPw%QS&mp{EW1GlZ(p{ zr-)+njL2fHiAv%;hfKpg)=aRBx~s@w`kh@kPJVB1fWPXrt@FLyCcbpM8Oop$B>Lms d?h@G|U#nTSUmh=6cfCpD_@xWZ{~6}Q0{}YKh57&h delta 379 zcmZ3?Jdb&TPQ7_zsYOXiSdg1ju3>g=a*0o_d!lQWhq;Tngzx9Pf%E7V7b0wigSs!Wr16oxl52&IhU@TLUD11 zZfc5=si~o*f`3VNPIkFMw!fQOuzOTgTAp^0V|aj(X?=28fNQx)gj1w%Wt2&pe|Els zg>Qh1yG39!muEqGfseCmUS(K8pqX=&UzBB@ajt1)j%$XSrMACEaiu}1r-@5=LAW;9 zy6{|kH{JB2)WqUcuCgH0QggrJK;Q8EvI4`RNE27X!n{Onmz3T;2>WQSK~?#H;dFv1Lxo}bC(pa(Cn1Jsw&wANC_Px`0njFv;3wd+TY*pN` XmD>{HbU9)-KUOzkE5DxYY&{(SXwHQc diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 20028f10cf61a9cb96409285ee3d49efcf6072de..dd41e2881141ac9ee1cdfe6f225fc3c52888654f 100644 GIT binary patch delta 813 zcmaFIc7|<&PQ8A(SCFA!RY0b`b4XEflxeX?Rat3JR8fdaq;_z2M5ULxadwu4QHWbr zF;{`1Wp;>xNw!OXzqgZHdSbSJqGf?;cBGkUiBGP(Z((vtL3nANexA0eE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1k)eA?hI6T*Z*X~eXmDkKQ@yWWUSfD+ig&PIhI43I9Ka-LS;~-;wW0Ncc*AOmUU0nr}fT~dK%JKqJQ}cYE@WPzXe6!3DugIXZP!nGx zmka|}3vb7qG{3A0UlXnb1Ch3;nUW%Ljo10=_r)1)wY6`woXYp!=GfL{p+@r`G5=5& zNv^x}=k^?hPlo3!EFaaWCtKN8uM4<2^=vNB#h9ARr3dXl^`APo!~aQQ>?n6(O7H&Hs5_<90;(gl|U3jy?=k2VvQf?Xldy#Q1Hf!eC{%yVZ zDd0joOGHBV0`-H5D_BLJyp8v9a7nRZB42AlF0 zySW%}`}!X>qf;^C>YuaD1> KVVUzfsS*I@8CFpM delta 847 zcmX@Z_Kt0WPJM}~g=cP2icv;HSXxoCM^b=URgqz7xmQ_XzOQ4kZ@z1lTWDpWyLUyE z371=OWtLa5yI-k^eo{tih-` zM_7 z$U1W~55+)lHQn^0)WqUcg+hzK1Pk3*9R)=@WA~6MPk#l)=&(qYz_2u~+>}f=->i_l zFxRB|lyL3bJRetIzZ|!uQa8hppnT)7Fax8!0wXt*UA!5YwzEU#^7( zCH)LsmAcCQcM8O;7q6XXxuVxq-%pX3OHx+O=2E0TM`*&L88;T17R^~LA)w8j=s7Lo zsDpTq>sBK%CoO>q5ew>Xu47)+WAaU|n_&W9kz#azszQtN(GQ-7Tu??%g^&Ik50wab}k{cj1J~4-F<~Mm+q{ z&?lwRtoQtWM1s;m-5+={SFg!DF pS-1F2`wwpXJL3*JndKj5TK<6PLe%Dor*3)so#0gs3(Eg~3IHufO<@24 diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index 4dea193d1957d2c95dca8f8b4debdd4a228a64f5..be57748a9fe32e160c462ee89c2cdeef18ef72eb 100644 GIT binary patch delta 412 zcmbQlypMT;PJMoQaI#xYu2W@Vuu*}3R$7{&w~4lgU$TE#zKOPPfO)=wSy4u1T2M}K zF;|FlNT!cdP`+FQ2H4K)>MpjI^|3Cl3z` zm!Q!4va$>(k1)&99K-a&@Ph2fEDJ;Z%s?((U0sF5;DXFVXSb^2+)y{|5|bj=lx!zg zBj-q8CxhJ3^6;YUP>-?{ZGRI-_i`@95}!$4JLf38?VZ>fuw{CH)doM)ZzumKWlh<4 zHeKr*Ls8>Jq21Q88|^Y*PyA%FCeqJ;yU9fbr&Xd_{W@24jh^bq9O)C*c;vigOThkR F(*U*dkv0GT delta 367 zcmdnTJc)UNPQ717o|n5tQI5GwVRk^Ui))6PV~B-sesOYcM7DFXtGlUZVP%DnS9xWQ zD_2yufnj8Fd0v2pw@0OWu(@wes$r;Gcy?7zWN2PRVL_m4y18MdpPO@bIhU@TLUD11 zZfc5=si~o*f`3VNPIkG1L8POJmy27uQJGm$R6vSBRega=Ub=okgHv ssh-ed25519 J6ROvw eX4e1/ZgiIHwzU/wdJmAizVoLdWTIdBfXFy/RATM5Ho -BV9z3gp3LniSjx0425xy7NrVmt7KpOlduj77QkuV+Kw --> ssh-ed25519 Otklkw YVZRmNQdFB9k/dim3UXMwMW1YJSBbMtk+kJ5urooDxA -V7tLGiQo88RI5X0ViSmAWxDubLdFzQ7VM8nf2PXcAgs --> 24-grease -M4DzbwlJ7iM9dE0Ug/NS2iRU ---- l2RGwwSUcOpt/YRG/l3aYBiMMF28SoVNUc3nl2A++38 -5×þ”Т‰°H½ë}+`g˜Ë} Ûbœ‚aú¸)¨œ‹ËíÔjî6 9¿k‚³_Eˆ­ÉyS*ÍvÛÿÕJzbwGmp…DPÜC \ No newline at end of file +-> ssh-ed25519 J6ROvw R+xnmMAoVmaJi9UMYBSX5CKk21LhI9iIionc6Nh8ZWg +eR+OpFfB6BIOzOUeeY5IzmXerCCiqOYS9ZAGIb0UAS0 +-> ssh-ed25519 Otklkw HYpIGulRkcfpKhSdb1mF/hbBHiXCUzYR6/b0KspgHTU +1HAtdynQZ10AVgGqh4cw3qDqSh6Suum3zYo6/G7qKw4 +-> +YMQ-grease +wyHx9k+fMnxTm1LMDhmmMye/ +--- g1F7i8Y0foxjDp6qbBtjhY3A/vyxM2R/zIQJZTG2F5o +.Ìþ]ÃnéŸå"wjkYd<2Ï{Nš íN 0òÊÿ©`ÈX³¾¢U”sPxÉV)nš£fO‹g¤µä \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index d7389e5..7528977 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,9 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw RSmOQps1P364OmALB8CDN3a3opjVnjRetSrRNwRWwj4 -amGBdoyL0ZKnoNc3+uDYLCJxasM7fe8kMBpc27YDQXI --> ssh-ed25519 Otklkw COlRXvKrV5S2p4BNiiO8+KTYXa4GueT+HpKLCIjxzgM -ui82jT1CSKUBhDzUcebhGhTBr6GyirgSkbqWrVrJXx4 --> %KN@wF-grease 9Y'V@{E: :] -4OY+tb7//oCAEInx2fvw3MKp8yPIjXqLqtU ---- 0I3N//LfWrBi+pssXEPxmmbBfsvQ31MCG9UFAkisTMw -ʶ¢0™¼J–o5E¯Ö\ö—hå,D”Õ¯ß×J4WYôàÅNCŸ8$üã6R-¥ÀWeT”îd«IZÖ'R˜Â%‘ëõË& \ No newline at end of file +-> ssh-ed25519 J6ROvw wkW16tPBMBW6C6OPU6Dbq9mfk8w1hdTNB1lEP7r3ym4 +oeGp1/oGD5R208ZutBsJUsA+A94hOASnm0JavDjsHvU +-> ssh-ed25519 Otklkw AQCgfaxhvd59oOf/nH75WhHtYt6RXuO/U/c+pKemGDQ +Jx5pffK1rX2Yyal+ZvTTGiMm2PsMZQVIRguHpDU2iig +-> ^-grease ' +xxEd1+U8pgjgcmgxRJqbLIHNoga8kUdwaSVsypHL1UB+kPAPFIdZF4KMOj7hshzC +vmaUOinUhDiWXQ +--- A5Ig3NOr1MW/FXwh7xDkITEd3o/LU8TxBdrIq5xLsZc +Ce\BN^Ä¡ª¯´ &.…º½+âk°âÇ,ÿØxÃ)T¦´TS™:hòŽª³SN ±Úmgׂٔ —¯–_aÐ WŒž¢ +/Öõ \ No newline at end of file diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age index 7107bfa..2c9bd49 100644 --- a/secrets/surgat-backup-passphrase.age +++ b/secrets/surgat-backup-passphrase.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw JrJZKZsbU+oF9GRmXfw04bppX1YCiv/kiHZFl2XgZm8 -1fJKxMNdM8pBQG447SZMrnNswBVjbDefv30YERMzjyM --> ssh-ed25519 Otklkw j9I9FVJI1Y/WsO3Z8/NcEhUT6qU36r1O3M7rNWdwgVo -GQOyogjb68YflICPEJ1ZiEyXjMVf0kFg75Fh5vb1k/U --> n-grease L 5zCO]bn j1@tCG -JPGxlhedGFtqxORJCqyabQvObTurBFM5KYpyCnscjw ---- EPR6lMAI7VtKjeYhrk9AG1ZYMQdevgubSVlrCtNsQAQ - H0xD$- ËS‚oÏŸ/,Ÿš$“r¡{Ø.C13sÇ*a_ð µÖØÞ<×cý¶‡Ä‡ÔYP 2£žƒ§Ø8[ \ No newline at end of file +-> ssh-ed25519 jUOjpw zb9yidyhlOj2LnVSCjNwq0MBj8Ik7zdT+6vs5k2vdTY +lxFHzj+mUpW8ogGkfpZZWZRPfMp38Sb2GYojBUrxGB0 +-> ssh-ed25519 Otklkw G3tj2S2BM+jmGg5ajD2hTIKAWJMAhuHAT4jpFpu2YmQ +XDLRUWirSzXQ55HnWdICzICPQDL8pyJC9SnS9ODwhdM +-> v#M-grease +rEp5i85i+0HA+Rx31HR27NU +--- 2Q+j2Vh/Tbv6NYYg614YL1+yP8hff++2zAuWV7dHDe8 +HôY÷¢¿\ê¥ ¬õž˜\;î¶m~qoà´—»®z8•5ÁZ‘±ÁËÄ«ûà̯e9IûÅaä”éY« \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 66f3f4923db673334371859a033b0579c4df9136..7523e7a3e6e10f57997494739baa6e0039f40107 100644 GIT binary patch delta 758 zcmaFMHjQn9PJKy9j6PD?e#b#Sb&a<|?{^#(c2#uH9 z&KL@GT?~2YbzUd4-`1J;Vf%`eRRUax*H+AmXJU>M6i?X|BNG}d@G_#J-$|nM9haki zbk_E@rw`uy{$OSE_gNPvuFUwWljrg0Wx&LutPdPFPqv;o!NTIPIQ^*lTrZ}+RYv*G zY)_UPd4E_ZbVdEeTQQehOjfU5^ZEX2jey79(uS4mA&`*Ka7d&KA ztx@s(uzitApJwk`8)>KfMfVK$UrbT$QLboz)pNJR$Sh~|O3s%NZ}VKOH;P=)FKMl^ z+tIZ4*GqvZndfxoKmIQ9W6IsR0@f{dr9QGHFYZ`xeVvM~jX&J-jBgWzS9j89E;~JYRmN zF=WHF7t6MOI=laE?UIEK<}rtVSVq@5Twk9baJs?LQ>1g^a)st2)dHFw%YFu~Ud9uq I%AoQD0D!GVB>(^b delta 846 zcmbQn_LgmePQ5{9X;eU>Q(0t4M6SD~yIFolWU`}=TexLjlx0Sdo3m-MslSnVgnL+( zBUe(nQL#_3c1~$VMwFLfQmBDXag<4wr&~aJhF@S%T27_8p_{LtTR@6YHkYoQLUD11 zZfc5=si~o*f`3VNPIkFMX+XG-dx}qBNm#D8rMFi`TD@0VPK9}9X>NvdaCS<8wx_R= zZ(4w_M6Yx% zU0q#;z=9Mn!|YIh=On+}e0@K|eA7HvZTFOV@1VTIB#XQ-Ls$PuZT+yYh%BQ(u85R7 zFTOtff7>u!=g?}EHMKj`6qq-0cZ&aMtyFyWX%@rFjTaWRr@q*w7k(so`tHvs=1f_> z^4;9PJlWkpZf{?7No~XO7qd$^;;o!gL?qrwtj}QyQ(d2AnpTytOxxq<<|wAw*(sY^ zD-{`W+J6i?Hul$;tG~FZm?C(u}OWX=_MQ0tn zv-7647~_Nm!8Z)TN}{z{yEt4K_oYZ%F`wZ)Fn@O7cJ=9wn%2s*v|FmDQYenw*z(nN`Vp|Ki!P&if;hO@s<^7p=T6j=7dx%rC2v~M}uYc`yyEqjses&jnPneVbw1d2^%m-?6< p?b9gj&QCMy&sR3S*rELE$o5Lk1rn><%-8#T+@T}nGDoAz0RWHmRTlsN diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 168ea1be758898d2917e369e958af8ac459e171a..c664303a55a0feff21e5efbc94439ac2b7441f74 100644 GIT binary patch delta 774 zcmdnUwv26pPJM`(X})8!r)ha{xwBVE{ zC$o~`6r*hI!T{3@KVL5w?Ii8U>we6FJj7m8T_e76=|wm9%%rQp{Ex@(-8 zlFjBEyexKn`necare`lVWH&lF`{y0eJnmq8a$-G?gOBUEo*mh_mtSt~mHhL&>}`G0 z^Oenu-Yr~lY^k%}*1$s=mM>;A9@>6YJnlk?0(XgfzzgHrTd8|LP4~{!d&Uxec4Dxh z#44{gy^o zIC0-p&BZ@n2cB3Nd*j3|m-a7eKZ{Nrh-PGDt6UP)=fLqoN^)n5VsFI7)gB(R{o)*DXqJs{WL=Zs6JNYys^2lut2vZI<%(_c znH`STBh!04JR`5SWw!il-Yi%0U-4bLHd`}qUjOM-roV#U%?-coGtHXn%{^7RUU5yO zFL$~6%Jmk)-F}Ja56~nO7Jdq)5G>pmf7tq;rcYGCBH6) XMd;e(Eq_B@;xARGFz;Mrfw4)UZ@!~C zAXlY#gs-o5aYbmJYiU44c51Lsq>px3L`hYavy)SbQGk+4v`pW`%vAF{?=TC0=hTP-Z;v$B^3aO3$=R{dR8 zG9!ayNkF>G^pZ7y+s?V%)~@V1#?zk3s1aZ$S#NeuPqD4A?YE(a$Fh@3`?9Xgc)Q=^ zqTBj?vp4piWqHp1x8j~mf?B72JzLznk^`Y{Wo5G${8ya&w$mpl{>#nW<*g>}lj^ts z-TJGxtL#eHhyGc|zt3HSjx=mq5$#QI5{}fmC@8|jV+jCvq{l0%=Rv@0lx+a;ffsAoF6?TQ6_> zIL7HL_fFis>(~9D`gLytG$a0azIeI+yL0w0cc0pz$|{RZn|nT=4^3L_#-sd5;?c$M jX)ZFMO{WC1mX^Al{d{WLacgb{YlX!h431~}Y|8)uXsSrb diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age index 43f6549..b956b5e 100644 --- a/secrets/wg-privkey-vpn-dadada-li.age +++ b/secrets/wg-privkey-vpn-dadada-li.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w 626jkdszE7nFjXsB8InmF9c7z0g6Lx45rXviJJVipgk -HOo5D8bIXEUWN+OQOrAtsheqEFpoTEljiQN9iLsGYFw --> ssh-ed25519 Otklkw MoBeg8zEAs7S8yRN4kMWFmh1wpFG9a3sIl7B3933U0I -KHbNqlQgIfC4oOaXnCHuiXxlmqjwrnR72IdTd18yCVQ --> ~\AYPd-grease +[i?zA& -k2qPi9GkmpHdaMnPqWsMPWdqa00MdrneQSDEixtbPmedrzPD1w ---- R5nczLpf0MEbOrJBfTOM2mHkh3zbWxZRAn6Ke4PsHSg -[V$·ôãÂðžq - ¬@“<_–ÅèTˆYfxMž «|£Ø)ú¼Uøkœ”]93½Rý î¶]­…Äúâ ß!rĬ¹»¤„K \ No newline at end of file +-> ssh-ed25519 L7f05w DHsnBF853MmsymLqLiF0nNe2ont+At8LZYE/yqHfBQ8 +mVJGzwz40Zqd5SkPNRDj+rFhUVwTiuzDXdTy2OJ+3yY +-> ssh-ed25519 Otklkw TPuqHErGEA3YkU2W235Q5y0JNIBJ+nFEqxt3UETcPWM +RlJi5xyX6LtBIuhkEhoIS3d2cGqjqMYXegQVyPa0alE +-> 9-grease +CGq2mKa9tcpbfwJal5EVowc +--- +XubXWyX7sV8y+iK+jxCxTIFhJO4s/dkwsznKxKCCfw +Ål©ÁÕ¾g{êa€'ÌIó[Ïz<ää´©’L'‰Ëœeµªœ¥Æ:Š5¹ÒQ:Š‰WùÄwÿ–c¼.j_ܪU8ÝI0Pfš wTßÞ"qE \ No newline at end of file From 39a33ac0d28ebf748890d0912770141d0f26bfc3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Nov 2023 00:57:05 +0100 Subject: [PATCH 701/988] agares: add firewall rules allowing some traffic from services --- nixos/agares/rules.nft | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft index 733ef57..b531759 100644 --- a/nixos/agares/rules.nft +++ b/nixos/agares/rules.nft @@ -69,13 +69,23 @@ table inet filter { udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk" } + chain input_srv { + jump input_icmp_untrusted + + # DHCP + meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client" + + # Allow DNS and DHCP from SRV + udp dport { 53, 67 } accept comment "Allow DNS and DHCP from services" + } + chain input { type filter hook input priority filter; policy drop; ct state {established, related} counter accept comment "Accept packets from established and related connections" ct state invalid counter drop comment "Early drop of invalid packets" - iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt } + iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, $IF_SRV : jump input_srv } } # Only works if hardware flow offloading is available @@ -107,7 +117,7 @@ table inet filter { iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt" # FF -> WAN - iifname $IF_FF oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk to WAN" + iifname { $IF_FF, $IF_SRV } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN" # { WAN, SRV } -> { FF, LAN, RW, SRV } iifname { $IF_WAN, $IF_SRV } oifname { $IF_FF, $IF_LAN, $IF_ROADW, $IF_SRV } ct state established,related counter accept comment "Allow established back from WAN and SRV" @@ -135,6 +145,6 @@ table ip nat { table arp filter { chain input { type filter hook input priority filter; policy drop; - iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem" + iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_SRV, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, SRV, modem" } } From 7614142c11a94cb4e0fd28cbab29495f4d5d536a Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 5 Nov 2023 00:57:34 +0100 Subject: [PATCH 702/988] ninurta: fix path to binary in udev rule --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 35b4fb5..47b25bb 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -450,7 +450,7 @@ in (pkgs.writeTextFile { name = "60-hdparm"; text = '' - ACTION=="add|change", KERNEL=="sd[a-z]", ATTRS{queue/rotational}=="1", RUN+="/usr/bin/hdparm -S 60 /dev/%k" + ACTION=="add|change", KERNEL=="sd[a-z]", ATTRS{queue/rotational}=="1", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k" ''; destination = "/etc/udev/rules.d/60-hdparm.rules"; }) From a6b9c42d4795f545d0582a50f270a5310102dec4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Nov 2023 13:51:02 +0100 Subject: [PATCH 703/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'eza': 'github:eza-community/eza/0c75e4cc971d6f79160f527024d399829ff1e0a8' (2023-11-04) → 'github:eza-community/eza/9683862a42089a7ffc30948d5c246893056e150a' (2023-11-09) • Updated input 'jujutsu': 'github:martinvonz/jj/e701b08f4294811429e5222f95c1ad27d24292d8' (2023-11-04) → 'github:martinvonz/jj/9533177422e788c1bc8ada48f22b91dd0d72ce0d' (2023-11-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/87f8403371fa74d9ad21ed677403cc235f37b96c' (2023-11-03) → 'github:NixOS/nixos-hardware/b689465d0c5d88e158e7d76094fca08cc0223aad' (2023-11-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/621f51253edffa1d6f08d5fce4f08614c852d17e' (2023-11-02) → 'github:NixOS/nixpkgs/41de143fda10e33be0f47eab2bfe08a50f234267' (2023-11-06) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/321affd863e3e4e669990a1db5fdabef98387b95' (2023-11-03) → 'github:oxalica/rust-overlay/efd15e11c8954051a47679e7718b4c2a9b68ce27' (2023-11-11) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/5deb8dc125a9f83b65ca86cf0c8167c46593e0b1' (2023-10-27) → 'github:numtide/treefmt-nix/8b25ad882a6fc9905fa515c2b61d196b42ca79a3' (2023-11-10) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index a2a88ed..797e0d4 100644 --- a/flake.lock +++ b/flake.lock @@ -105,11 +105,11 @@ ] }, "locked": { - "lastModified": 1699101090, - "narHash": "sha256-C7vF+D81spKj0rbo28x0bOfK1B17ibSatE1KGP6yjLA=", + "lastModified": 1699514214, + "narHash": "sha256-V0PuiF8N5ubNO4/EmGFx6qL0k1ziTVVKe+0rpMTMVlg=", "owner": "eza-community", "repo": "eza", - "rev": "0c75e4cc971d6f79160f527024d399829ff1e0a8", + "rev": "9683862a42089a7ffc30948d5c246893056e150a", "type": "github" }, "original": { @@ -284,11 +284,11 @@ ] }, "locked": { - "lastModified": 1699064137, - "narHash": "sha256-JUAxgp7ovocGqhkk/26GqPFp1izDHJFYwVnAqaPUgUM=", + "lastModified": 1699653811, + "narHash": "sha256-hujPrvzd73veHL/MtRXrQs9WpCs/YFSAlxRGRdGucjI=", "owner": "martinvonz", "repo": "jj", - "rev": "e701b08f4294811429e5222f95c1ad27d24292d8", + "rev": "9533177422e788c1bc8ada48f22b91dd0d72ce0d", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1699044561, - "narHash": "sha256-3uHmbq74CicpBPP40a6NHp830S7Rvh33uFgfIIC+7nw=", + "lastModified": 1699701045, + "narHash": "sha256-mDzUXK7jNO/utInWpSWEX1NgEEunVIpJg+LyPsDTfy0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "87f8403371fa74d9ad21ed677403cc235f37b96c", + "rev": "b689465d0c5d88e158e7d76094fca08cc0223aad", "type": "github" }, "original": { @@ -371,11 +371,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1698942558, - "narHash": "sha256-/UmnB+mEd6Eg3mJBrAgqRcyZX//RSjHphcCO7Ig9Bpk=", + "lastModified": 1699291058, + "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "621f51253edffa1d6f08d5fce4f08614c852d17e", + "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", "type": "github" }, "original": { @@ -479,11 +479,11 @@ ] }, "locked": { - "lastModified": 1698977568, - "narHash": "sha256-bnbCqPDFdOUcSANJv9Br3q/b1LyK9vyB1I7os5T4jXI=", + "lastModified": 1699669856, + "narHash": "sha256-OIb0WAoEMUA1EH70AwpWabdEpvYt/kJChBnb7XiXAJs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "321affd863e3e4e669990a1db5fdabef98387b95", + "rev": "efd15e11c8954051a47679e7718b4c2a9b68ce27", "type": "github" }, "original": { @@ -514,11 +514,11 @@ ] }, "locked": { - "lastModified": 1698438538, - "narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=", + "lastModified": 1699656829, + "narHash": "sha256-aqz/YOrllfsUF88FG+xhm+ywB+KxSE8FpPWSY6QnDvY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1", + "rev": "8b25ad882a6fc9905fa515c2b61d196b42ca79a3", "type": "github" }, "original": { From 2b11e2acb9ef0ca24aab60f4161f3117b8867f4c Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Nov 2023 15:30:07 +0100 Subject: [PATCH 704/988] agares: fix CAKE settings --- nixos/agares/network.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index c7e250b..11f1aa2 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -166,7 +166,7 @@ in extraConfig = '' [CAKE] OverheadBytes = 65 - Bandwidth = 95M + Bandwidth = 40M FlowIsolationMode = triple ''; }; @@ -185,13 +185,16 @@ in extraConfig = '' [CAKE] OverheadBytes = 65 - Bandwidth = 36M + Bandwidth = 40M FlowIsolationMode = triple + NAT=true + [DHCPv6] PrefixDelegationHint= ::/56 UseAddress = false UseDelegatedPrefix = true WithoutRA = solicit + [DHCPPrefixDelegation] UplinkInterface=:self ''; From 0e35ae1108695a88db20fb5b1d52d3cb099319dc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 11 Nov 2023 15:32:27 +0100 Subject: [PATCH 705/988] agares: clean up unused definitions --- nixos/agares/network.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 11f1aa2..37ad724 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -1,7 +1,5 @@ { config, lib, ... }: let - mergeAttrsList = lib.attrsets.mergeAttrsList; - map = builtins.map; ulaPrefix = "fd42:9c3b:f96d"; # fd42:9c3b:f96d::/48 ipv4Prefix = "192.168"; # 192.168.96.0/19 domain = "bs.dadada.li"; From d39b08468caad06ea5ecd6f01f9acfd6d38cfe1d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Nov 2023 13:31:52 +0100 Subject: [PATCH 706/988] ninurta: disable nginx --- nixos/agares/configuration.nix | 1 - nixos/ninurta/configuration.nix | 28 ++-------------------------- nixos/ninurta/printing.nix | 1 + 3 files changed, 3 insertions(+), 27 deletions(-) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index c28a4f8..edf7e9e 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,5 +1,4 @@ { config -, lib , modulesPath , pkgs , ... diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 47b25bb..5512b1f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -198,29 +198,7 @@ in allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents https://github.com/giterlizzi/dokuwiki-template-bootstrap3 ''; - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - logError = "/dev/null"; - appendHttpConfig = '' - access_log off; - ''; - - virtualHosts."pruflas.uwu" = { - enableACME = false; - forceSSL = false; - root = "/var/www/pruflas.uwu"; - locations."/" = { - tryFiles = "$uri $uri/ = 404"; - index = "index.txt"; - }; - }; - }; - systemd.tmpfiles.rules = [ - "d /var/www/pruflas.uwu 0551 nginx nginx - -" "d /mnt/storage/backups/ninurta 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" "v /var/.snapshots 0755 root root - -" "v /home/.snapshots 0755 root root - -" @@ -387,14 +365,12 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH - 80 # HTTP - 443 # HTTPS - 631 # Printing (TODO only allow from some networks) + 631 # Printing 3000 # Hydra softServePort ]; allowedUDPPorts = [ - 631 # Printing (TODO only allow from some networks) + 631 # Printing 51234 # Wireguard 51235 # Wireguard ]; diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index 68e5c69..2551683 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -33,6 +33,7 @@ userServices = true; }; }; + services.printing = { listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ]; allowFrom = [ "from 192.168.101.0/24" ]; From 8247b5a51cdcf5ca29b20aa63ee2e02da9657933 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Nov 2023 14:08:30 +0100 Subject: [PATCH 707/988] Update input homePage --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 797e0d4..bf06908 100644 --- a/flake.lock +++ b/flake.lock @@ -242,11 +242,11 @@ ] }, "locked": { - "lastModified": 1695058498, - "narHash": "sha256-YgKWk75O7hIEmNgbTS5WXG+oBas+068grW1hcE37ykc=", + "lastModified": 1699794442, + "narHash": "sha256-2QXlIxcUYHu9ukUfIqJ3BE3Fd1u9yevIe4YmUuULNEs=", "owner": "dadada", "repo": "dadada.li", - "rev": "30c1ee54d94622da2d582e3767c0baf5abe2cf3f", + "rev": "6c6b4017837b5885d89576cfb7efe13e7f30fdea", "type": "github" }, "original": { From c7998f489f774e02c544e99859e6922252056161 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Nov 2023 14:21:58 +0100 Subject: [PATCH 708/988] Update homePage input --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index bf06908..6d89949 100644 --- a/flake.lock +++ b/flake.lock @@ -242,11 +242,11 @@ ] }, "locked": { - "lastModified": 1699794442, - "narHash": "sha256-2QXlIxcUYHu9ukUfIqJ3BE3Fd1u9yevIe4YmUuULNEs=", + "lastModified": 1699795243, + "narHash": "sha256-rBonL9sYcTX5db1PehLVbaf9cFJWB6n4vv522IG1n70=", "owner": "dadada", "repo": "dadada.li", - "rev": "6c6b4017837b5885d89576cfb7efe13e7f30fdea", + "rev": "0793a08c126688cbc6df047156f830bb152bd163", "type": "github" }, "original": { From 470c600e90a14c91809eaa54ec23d2129a906d2e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Nov 2023 19:08:02 +0100 Subject: [PATCH 709/988] agares: fix interface for DDNS client --- nixos/agares/ddns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/agares/ddns.nix b/nixos/agares/ddns.nix index 6f47853..9a5948f 100644 --- a/nixos/agares/ddns.nix +++ b/nixos/agares/ddns.nix @@ -3,7 +3,7 @@ dadada.ddns = { domains = [ "vpn.dadada.li" ]; credentialsPath = config.age.secrets."ddns-credentials".path; - interface = "wan"; + interface = "ppp0"; }; age.secrets."ddns-credentials" = { From 1ab59d7994f4514c02a51cf1794e9c9f8b0907ca Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 12 Nov 2023 22:50:19 +0100 Subject: [PATCH 710/988] soft-serve: update --- pkgs/soft-serve.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/soft-serve.nix b/pkgs/soft-serve.nix index 8e9df46..0a397dc 100644 --- a/pkgs/soft-serve.nix +++ b/pkgs/soft-serve.nix @@ -4,16 +4,16 @@ buildGoModule rec { pname = "soft-serve"; - version = "0.5.4"; + version = "0.7.1"; src = fetchFromGitHub { owner = "charmbracelet"; repo = "soft-serve"; rev = "v${version}"; - sha256 = "sha256-pVUkmia6W5CVYLjrE6Ie2OVme3y2pmhMMxCYS5qyhgs="; + sha256 = "sha256-PY/BHfuDRHXpzyUawzZhDr1m0c1tWqawW7GP9muhYAs="; }; - vendorHash = "sha256-wf2Dfo4uWHg/h2+EfEW5oGUgqf1kAgiTq7ivczI1w+c="; + vendorHash = "sha256-jtEiikjEOThTSrd+UIEInxQmt2z5YVyksuTC17VmdkA="; doCheck = false; From 6d25719a61ccb21fe73a258e358032a9fe105533 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 13 Nov 2023 21:57:02 +0100 Subject: [PATCH 711/988] Update website --- flake.lock | 23 +---------------------- flake.nix | 2 +- nixos/configurations.nix | 2 +- nixos/modules/homepage.nix | 5 ++--- 4 files changed, 5 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 6d89949..16a7b35 100644 --- a/flake.lock +++ b/flake.lock @@ -235,12 +235,7 @@ } }, "homePage": { - "inputs": { - "hugo-theme-anubis": "hugo-theme-anubis", - "nixpkgs": [ - "nixpkgs" - ] - }, + "flake": false, "locked": { "lastModified": 1699795243, "narHash": "sha256-rBonL9sYcTX5db1PehLVbaf9cFJWB6n4vv522IG1n70=", @@ -255,22 +250,6 @@ "type": "github" } }, - "hugo-theme-anubis": { - "flake": false, - "locked": { - "lastModified": 1693734155, - "narHash": "sha256-/saWnt2ryheBvW9aHqpjAE4aNBhEhkrD62Ch8CI2GvM=", - "owner": "mitrichius", - "repo": "hugo-theme-anubis", - "rev": "e4e2c0bc4145ee152a32fdd940ed398ab0b77e6c", - "type": "github" - }, - "original": { - "owner": "mitrichius", - "repo": "hugo-theme-anubis", - "type": "github" - } - }, "jujutsu": { "inputs": { "flake-utils": [ diff --git a/flake.nix b/flake.nix index 94442c1..48892c5 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homePage = { url = "github:dadada/dadada.li"; - inputs.nixpkgs.follows = "nixpkgs"; + flake = false; }; recipemd = { url = "github:dadada/recipemd/nix-flake"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index a6871f4..8b664e1 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -57,7 +57,7 @@ in system = "x86_64-linux"; extraModules = [ { - dadada.homePage.package = homePage.packages.${system}.homePage; + dadada.homePage.package = homePage; } ./modules/profiles/server.nix ./surgat/configuration.nix diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index 32e166a..4508cc7 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,5 +1,4 @@ { config -, pkgs , lib , ... }: @@ -10,8 +9,8 @@ with lib; { options.dadada.homePage = { enable = mkEnableOption "Enable home page"; package = mkOption { - type = lib.types.package; - description = "Package containing the homepage"; + type = lib.types.path; + description = "Path containing the homepage"; }; }; config = mkIf cfg.enable { From 9d9be054e81df598d597243541846152958bbc4d Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 13 Nov 2023 22:08:50 +0100 Subject: [PATCH 712/988] Update dependencies --- flake.lock | 104 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 84 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 16a7b35..2cb5b88 100644 --- a/flake.lock +++ b/flake.lock @@ -96,6 +96,7 @@ "nixpkgs": [ "nixpkgs" ], + "powertest": "powertest", "pre-commit-hooks": "pre-commit-hooks", "rust-overlay": [ "rust-overlay" @@ -105,11 +106,11 @@ ] }, "locked": { - "lastModified": 1699514214, - "narHash": "sha256-V0PuiF8N5ubNO4/EmGFx6qL0k1ziTVVKe+0rpMTMVlg=", + "lastModified": 1699894927, + "narHash": "sha256-H679IyWzGASpeFwi1o9QRGRnLF2rxkHGIvCMj2Ry49k=", "owner": "eza-community", "repo": "eza", - "rev": "9683862a42089a7ffc30948d5c246893056e150a", + "rev": "cf0c57d7ad160f3b73462892609cc9185964b298", "type": "github" }, "original": { @@ -151,6 +152,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": [ "systems" @@ -220,11 +239,11 @@ ] }, "locked": { - "lastModified": 1695108154, - "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", + "lastModified": 1699748081, + "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=", "owner": "nix-community", "repo": "home-manager", - "rev": "07682fff75d41f18327a871088d20af2710d4744", + "rev": "04bac349d585c9df38d78e0285b780a140dc74a4", "type": "github" }, "original": { @@ -263,11 +282,11 @@ ] }, "locked": { - "lastModified": 1699653811, - "narHash": "sha256-hujPrvzd73veHL/MtRXrQs9WpCs/YFSAlxRGRdGucjI=", + "lastModified": 1699890771, + "narHash": "sha256-h3ZvdOsnKRxUeF0wRXtlB35UjQI+rYaXETuNBkF7+R8=", "owner": "martinvonz", "repo": "jj", - "rev": "9533177422e788c1bc8ada48f22b91dd0d72ce0d", + "rev": "ab214145eb617d7c5305647bada62d4d3312c415", "type": "github" }, "original": { @@ -350,11 +369,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699291058, - "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", + "lastModified": 1699596684, + "narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", + "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", "type": "github" }, "original": { @@ -380,6 +399,36 @@ "type": "github" } }, + "powertest": { + "inputs": { + "flake-utils": "flake-utils", + "naersk": [ + "eza", + "naersk" + ], + "nixpkgs": [ + "eza", + "nixpkgs" + ], + "rust-overlay": [ + "eza", + "rust-overlay" + ], + "treefmt-nix": [ + "eza", + "treefmt-nix" + ] + }, + "locked": { + "narHash": "sha256-DaBLTu/GCq7lDWyR9HKj9H1t5mfX7T1eFwrIwJICXZo=", + "type": "tarball", + "url": "http://rime.cx/v1/github/eza-community/powertest/b/main.tar.gz" + }, + "original": { + "type": "tarball", + "url": "http://rime.cx/v1/github/eza-community/powertest/b/main.tar.gz" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -434,7 +483,7 @@ "devshell": "devshell", "eza": "eza", "flake-registry": "flake-registry", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "home-manager": "home-manager_2", "homePage": "homePage", "jujutsu": "jujutsu", @@ -444,7 +493,7 @@ "nixpkgs": "nixpkgs", "recipemd": "recipemd", "rust-overlay": "rust-overlay", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -458,11 +507,11 @@ ] }, "locked": { - "lastModified": 1699669856, - "narHash": "sha256-OIb0WAoEMUA1EH70AwpWabdEpvYt/kJChBnb7XiXAJs=", + "lastModified": 1699841702, + "narHash": "sha256-EG1Fpw732KmcyFJB0tUNsvreRomwTI/H5ngqlGrfB1Y=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "efd15e11c8954051a47679e7718b4c2a9b68ce27", + "rev": "05c34b45e276a9939d1170b025faafe7a5fab2c8", "type": "github" }, "original": { @@ -486,6 +535,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -493,11 +557,11 @@ ] }, "locked": { - "lastModified": 1699656829, - "narHash": "sha256-aqz/YOrllfsUF88FG+xhm+ywB+KxSE8FpPWSY6QnDvY=", + "lastModified": 1699786194, + "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8b25ad882a6fc9905fa515c2b61d196b42ca79a3", + "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", "type": "github" }, "original": { From ca17dccf512ddbdb094cfb399e8ffe888998cf70 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 13 Nov 2023 22:10:52 +0100 Subject: [PATCH 713/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'homePage': 'github:dadada/dadada.li/0793a08c126688cbc6df047156f830bb152bd163' (2023-11-12) → 'github:dadada/dadada.li/eeac83e13265b4f8562e0fada86b8f8f756023bf' (2023-11-13) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 2cb5b88..9c60f2b 100644 --- a/flake.lock +++ b/flake.lock @@ -256,11 +256,11 @@ "homePage": { "flake": false, "locked": { - "lastModified": 1699795243, - "narHash": "sha256-rBonL9sYcTX5db1PehLVbaf9cFJWB6n4vv522IG1n70=", + "lastModified": 1699908660, + "narHash": "sha256-SOqKn5BFqLQno4KG4w5BsiIRqaedTrasZITSmOnUrWY=", "owner": "dadada", "repo": "dadada.li", - "rev": "0793a08c126688cbc6df047156f830bb152bd163", + "rev": "eeac83e13265b4f8562e0fada86b8f8f756023bf", "type": "github" }, "original": { From 2375e4ed4ddabb13ce86d1bbbd3721958d7e4cb7 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 14 Nov 2023 19:03:42 +0100 Subject: [PATCH 714/988] home: Install prettier --- home/home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index 7ad5a68..f42e138 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -88,6 +88,7 @@ with pkgs; [ nix-index nmap nmon + nodePackages.prettier obs-studio offlineimap openscad From e1a78e75083c181394f512d95c2a1fcf14626d09 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 14 Nov 2023 19:07:42 +0100 Subject: [PATCH 715/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'homePage': 'github:dadada/dadada.li/eeac83e13265b4f8562e0fada86b8f8f756023bf' (2023-11-13) → 'github:dadada/dadada.li/210dc82ee943943377500667a182046ff647ab9e' (2023-11-14) • Updated input 'jujutsu': 'github:martinvonz/jj/ab214145eb617d7c5305647bada62d4d3312c415' (2023-11-13) → 'github:martinvonz/jj/39b065f7ab16f95174c4239842f45c6a6dc9a50e' (2023-11-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b689465d0c5d88e158e7d76094fca08cc0223aad' (2023-11-11) → 'github:NixOS/nixos-hardware/df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b' (2023-11-14) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/05c34b45e276a9939d1170b025faafe7a5fab2c8' (2023-11-13) → 'github:oxalica/rust-overlay/e485313fc485700a9f1f9b8b272ddc0621d08357' (2023-11-14) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 9c60f2b..ea02367 100644 --- a/flake.lock +++ b/flake.lock @@ -256,11 +256,11 @@ "homePage": { "flake": false, "locked": { - "lastModified": 1699908660, - "narHash": "sha256-SOqKn5BFqLQno4KG4w5BsiIRqaedTrasZITSmOnUrWY=", + "lastModified": 1699985207, + "narHash": "sha256-7M02sURdqIRwRApZ19Q52sBDwXj1hgZmXGpDI66Cb1w=", "owner": "dadada", "repo": "dadada.li", - "rev": "eeac83e13265b4f8562e0fada86b8f8f756023bf", + "rev": "210dc82ee943943377500667a182046ff647ab9e", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1699890771, - "narHash": "sha256-h3ZvdOsnKRxUeF0wRXtlB35UjQI+rYaXETuNBkF7+R8=", + "lastModified": 1699950927, + "narHash": "sha256-DgBcgQy4YeGH1CbWxeW9WgIIfo7FYrJLUY8XcUZxqzM=", "owner": "martinvonz", "repo": "jj", - "rev": "ab214145eb617d7c5305647bada62d4d3312c415", + "rev": "39b065f7ab16f95174c4239842f45c6a6dc9a50e", "type": "github" }, "original": { @@ -353,11 +353,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1699701045, - "narHash": "sha256-mDzUXK7jNO/utInWpSWEX1NgEEunVIpJg+LyPsDTfy0=", + "lastModified": 1699954245, + "narHash": "sha256-CSnfeOHc/wco8amdA0j268OaLrMcI5gGtK6Zm+y3lT0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b689465d0c5d88e158e7d76094fca08cc0223aad", + "rev": "df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b", "type": "github" }, "original": { @@ -507,11 +507,11 @@ ] }, "locked": { - "lastModified": 1699841702, - "narHash": "sha256-EG1Fpw732KmcyFJB0tUNsvreRomwTI/H5ngqlGrfB1Y=", + "lastModified": 1699928012, + "narHash": "sha256-7WfRTTBdkRJgjiJRsSShMXlfmOG1X0FqNdHaLATAL+w=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "05c34b45e276a9939d1170b025faafe7a5fab2c8", + "rev": "e485313fc485700a9f1f9b8b272ddc0621d08357", "type": "github" }, "original": { From 2da556f18c372639cf52bed65289c5cbfc8f1881 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Dec 2023 16:06:46 +0100 Subject: [PATCH 716/988] add upgrade-pg-cluster --- nixos/modules/profiles/base.nix | 4 +++ nixos/modules/profiles/upgrade-pg-cluster.nix | 32 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 nixos/modules/profiles/upgrade-pg-cluster.nix diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index d6b9ef9..ca22bec 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -4,6 +4,10 @@ let inputs = config.dadada.inputs; in { + imports = [ + ./upgrade-pg-cluster.nix + ]; + i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { font = "Lat2-Terminus16"; diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix new file mode 100644 index 0000000..3042265 --- /dev/null +++ b/nixos/modules/profiles/upgrade-pg-cluster.nix @@ -0,0 +1,32 @@ +{ config, pkgs, lib, ... }: +{ + environment.systemPackages = lib.mkIf config.services.postgresql.enable [ + ( + let + # Do not forget to list the extensions you need. + newPostgres = pkgs.postgresql_15.withPackages (pp: [ ]); + in + pkgs.writeScriptBin "upgrade-pg-cluster" '' + set -eux + # XXX it's perhaps advisable to stop all services that depend on postgresql + systemctl stop postgresql + + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + + export NEWBIN="${newPostgres}/bin" + + export OLDDATA="${config.services.postgresql.dataDir}" + export OLDBIN="${config.services.postgresql.package}/bin" + + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" + + sudo -u postgres $NEWBIN/pg_upgrade \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-bindir $OLDBIN --new-bindir $NEWBIN \ + "$@" + '' + ) + ]; +} From 2c0f9dd7f86dc3667f562b58f9e6504aded73697 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Dec 2023 16:10:03 +0100 Subject: [PATCH 717/988] surgat: update state version 20.09 -> 23.05 --- nixos/surgat/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index b2bed8b..ee79fd5 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -146,5 +146,7 @@ in system.autoUpgrade.allowReboot = false; - system.stateVersion = "20.09"; + services.postgresql.package = pkgs.postgresql_15; + + system.stateVersion = "23.05"; } From eb9cd9d8cf136b8f7c04734f0e39975019d81377 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Dec 2023 15:48:36 +0100 Subject: [PATCH 718/988] updgrade to 23.11 --- flake.lock | 16 +- flake.nix | 4 +- home/home/default.nix | 1 - home/home/pkgs.nix | 1 + home/modules/default.nix | 1 - home/modules/module-list.nix | 1 - home/modules/vim/default.nix | 45 ---- home/modules/vim/vimrc | 157 ------------- home/modules/xdg.nix | 1 - nixos/agares/network.nix | 1 + nixos/modules/admin.nix | 2 +- nixos/modules/default.nix | 1 - nixos/modules/profiles/laptop.nix | 2 +- nixos/modules/soft-serve.nix | 212 ------------------ nixos/ninurta/configuration.nix | 1 + nixos/surgat/configuration.nix | 2 + overlays.nix | 8 - pkgs/default.nix | 4 +- pkgs/map.nix | 32 --- pkgs/soft-serve.nix | 37 --- pkgs/vimPlugins/default.nix | 34 --- pkgs/vimPlugins/filetype/ftplugin/bash.vim | 3 - pkgs/vimPlugins/filetype/ftplugin/cpp.vim | 11 - pkgs/vimPlugins/filetype/ftplugin/css.vim | 3 - pkgs/vimPlugins/filetype/ftplugin/fish.vim | 2 - pkgs/vimPlugins/filetype/ftplugin/foo.kt | 3 - pkgs/vimPlugins/filetype/ftplugin/go.vim | 3 - pkgs/vimPlugins/filetype/ftplugin/html.vim | 3 - .../filetype/ftplugin/javascript.vim | 5 - pkgs/vimPlugins/filetype/ftplugin/kotlin.vim | 5 - pkgs/vimPlugins/filetype/ftplugin/ledger.vim | 3 - pkgs/vimPlugins/filetype/ftplugin/markdown.md | 2 - pkgs/vimPlugins/filetype/ftplugin/nix.vim | 5 - pkgs/vimPlugins/filetype/ftplugin/perl.vim | 3 - pkgs/vimPlugins/filetype/ftplugin/python.vim | 4 - pkgs/vimPlugins/filetype/ftplugin/rust.vim | 2 - pkgs/vimPlugins/filetype/ftplugin/scss.vim | 3 - pkgs/vimPlugins/filetype/ftplugin/tex.vim | 7 - .../filetype/ftplugin/typescript.vim | 5 - pkgs/vimPlugins/filetype/ftplugin/yaml.vim | 4 - 40 files changed, 18 insertions(+), 621 deletions(-) delete mode 100644 home/modules/vim/default.nix delete mode 100644 home/modules/vim/vimrc delete mode 100644 nixos/modules/soft-serve.nix delete mode 100644 pkgs/map.nix delete mode 100644 pkgs/soft-serve.nix delete mode 100644 pkgs/vimPlugins/default.nix delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/bash.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/cpp.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/css.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/fish.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/foo.kt delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/go.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/html.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/javascript.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/kotlin.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/ledger.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/markdown.md delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/nix.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/perl.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/python.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/rust.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/scss.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/tex.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/typescript.vim delete mode 100644 pkgs/vimPlugins/filetype/ftplugin/yaml.vim diff --git a/flake.lock b/flake.lock index ea02367..e2ec65c 100644 --- a/flake.lock +++ b/flake.lock @@ -239,16 +239,16 @@ ] }, "locked": { - "lastModified": 1699748081, - "narHash": "sha256-MOmMapBydd7MTjhX4eeQZzKlCABWw8W6iSHSG4OeFKE=", + "lastModified": 1700814205, + "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=", "owner": "nix-community", "repo": "home-manager", - "rev": "04bac349d585c9df38d78e0285b780a140dc74a4", + "rev": "aeb2232d7a32530d3448318790534d196bf9427a", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.05", + "ref": "release-23.11", "repo": "home-manager", "type": "github" } @@ -369,16 +369,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1699596684, - "narHash": "sha256-XSXP8zjBZJBVvpNb2WmY0eW8O2ce+sVyj1T0/iBRIvg=", + "lastModified": 1701389149, + "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da4024d0ead5d7820f6bd15147d3fe2a0c0cec73", + "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 48892c5..ee4b473 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,13 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager/release-23.05"; + url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; diff --git a/home/home/default.nix b/home/home/default.nix index 6b2a28f..27902db 100644 --- a/home/home/default.nix +++ b/home/home/default.nix @@ -6,7 +6,6 @@ let useFeatures = [ "alacritty" #"emacs" - "vim" "direnv" "git" "gpg" diff --git a/home/home/pkgs.nix b/home/home/pkgs.nix index f42e138..910ceb1 100644 --- a/home/home/pkgs.nix +++ b/home/home/pkgs.nix @@ -89,6 +89,7 @@ with pkgs; [ nmap nmon nodePackages.prettier + map-cmd obs-studio offlineimap openscad diff --git a/home/modules/default.nix b/home/modules/default.nix index 9d0427c..093c10b 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -16,7 +16,6 @@ syncthing = import ./syncthing.nix; termite = import ./termite.nix; tmux = import ./tmux.nix; - vim = import ./vim; xdg = import ./xdg.nix; zsh = import ./zsh.nix; } diff --git a/home/modules/module-list.nix b/home/modules/module-list.nix index bffa457..bbe6b3f 100644 --- a/home/modules/module-list.nix +++ b/home/modules/module-list.nix @@ -14,7 +14,6 @@ ./syncthing.nix ./termite.nix ./tmux.nix - ./vim ./xdg.nix ./zsh.nix ] diff --git a/home/modules/vim/default.nix b/home/modules/vim/default.nix deleted file mode 100644 index fa7e60f..0000000 --- a/home/modules/vim/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - cfg = config.dadada.home.vim; - vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins { }; -in -{ - options.dadada.home.vim = { - enable = mkEnableOption "Enable VIM config"; - }; - - config = mkIf cfg.enable { - programs.vim = { - enable = true; - extraConfig = builtins.readFile ./vimrc; - plugins = [ - pkgs.vimPlugins.vim-nix - #pkgs.vimPlugins.kotlin-vim - pkgs.vimPlugins.ale - pkgs.vimPlugins.fzf-vim - pkgs.vimPlugins.rust-vim - pkgs.vimPlugins.base16-vim - pkgs.vimPlugins.typescript-vim - pkgs.vimPlugins.vim-airline - pkgs.vimPlugins.vim-airline-themes - pkgs.vimPlugins.vim-fish - pkgs.vimPlugins.vim-gitgutter - vimPlugins.vim-buftabline - vimPlugins.spacemacsTheme - vimPlugins.filetype - pkgs.vimPlugins.vim-ledger - ]; - }; - home.packages = with pkgs; [ - languagetool - nixpkgs-fmt - shellcheck - perlPackages.PerlCritic - texlab - ]; - }; -} diff --git a/home/modules/vim/vimrc b/home/modules/vim/vimrc deleted file mode 100644 index dc74c3b..0000000 --- a/home/modules/vim/vimrc +++ /dev/null @@ -1,157 +0,0 @@ -filetype plugin on -filetype indent on - -set autoread -" :W sudo saves the file -" (useful for handling the permission-denied error) -command W w !sudo tee % > /dev/null - -" no command execution from modeline -set nomodeline - -" Turn on the Wild menu -set wildmenu - -" Enable hidden buffers -set hidden - -" Clipboard copy & paste -set clipboard=unnamedplus - -" Always show current position -set ruler - -" When searching try to be smart about cases -set smartcase - -" Highlight search results -set hlsearch - -" Inenteremental search -set incsearch - -" Don't redraw while executing macros (good performance config) -set lazyredraw - -" Do not show matching brackets when text indicator is over them -" set noshowmatch -" let loaded_matchparen = 1 - -" No annoying sound on errors -set noerrorbells -set novisualbell - -set wrap -set linebreak -set nolist " list disables linebreak - -set mouse=a - -" Enable syntax highlighting -syntax enable - -if (has("termguicolors")) - let &t_8f="\[38;2;%lu;%lu;%lum" - let &t_8b="\[48;2;%lu;%lu;%lum" - set termguicolors -endif - -set t_Co=256 - -set background=dark -colorscheme spacemacs-theme - -set tabstop=4 -set softtabstop=4 -set softtabstop=4 -set expandtab -set smarttab -set smartindent -set autoindent -set copyindent -set preserveindent - -set wildmode=longest,list,full -set wildmenu - -set cursorline -set number -set relativenumber - -" Transparency -"hi Normal guibg=NONE ctermbg=NONE - -"set list! -"set listchars=trail:⛤,extends:⟩,precedes:⟨,nbsp:â£,conceal:… - -" Map leader to do extra key combinations -let mapleader = " " - -" Toggle paste mode on and off -map pp :setlocal paste! - -" Fast saving -nmap w :w - -" Buffer switching -nmap bl :Buffers -nmap bd :bdelete -nmap bn :bnext -nmap bp :bprevious - -" List things -nmap hl :History/ -nmap ll :Lines -nmap ml :Marks -nmap rl :reg -nmap wl :Windows - -" finding files -nmap ff :Files - -set statusline+=%#warningmsg# -set statusline+=%{SyntasticStatuslineFlag()} -set statusline+=%* - -"let g:syntastic_always_populate_loc_list = 1 -"let g:syntastic_auto_loc_list = 1 -"let g:syntastic_check_on_open = 1 -"let g:syntastic_check_on_wq = 0 -nmap fr :ALEFindReferences -nmap gd :ALEGoToDefinition -nmap hh :ALEHover -nmap ss :ALESymbolSearch -nmap rn :ALERename -nmap rf :ALERefactor -nmap ca :ALE -nmap fx :ALEFix - -" Enable completion where available. -" This setting must be set before ALE is loaded. -let g:ale_completion_enabled = 1 -let g:ale_fix_on_save = 0 -let g:ale_warn_about_trailing_whitespace = 1 -let g:ale_warn_about_trailing_lines = 1 -let g:ale_completion_autoimport = 1 -let g:ale_languagetool_executable = 'languagetool-commandline' -let g:ale_set_quickfix = 1 - -"let g:ale_lint_on_text_changed = 'never' -" You can disable this option too -" if you don't want linters to run on opening a file -"let g:ale_lint_on_enter = 0 - -" Set airline theme -let g:airline_theme='base16_spacemacs' - -" Load all plugins now. -" Plugins need to be added to runtimepath before helptags can be generated. -packloadall -" Load all of the helptags now, after plugins have been loaded. -" All messages and errors will be ignored. -silent! helptags ALL - -set omnifunc=ale#completion#OmniFunc -" -" autocmd BufWritePost RunBuf make -command! -nargs=1 RunBuf execute ':let job = job_start("", {"out_io": "buffer", "out_name": ""})' diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index a034c87..e9f0c0d 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -18,7 +18,6 @@ with lib; let "application/xhtml+xml" = "firefox.desktop"; "application/x-extension-xhtml" = "firefox.desktop"; "application/x-extension-xht" = "firefox.desktop"; - "text/plain" = "vim.desktop"; "application/pdf" = "org.pwmt.zathura.desktop"; }; cfg = config.dadada.home.xdg; diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 37ad724..cd6640f 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -5,6 +5,7 @@ let domain = "bs.dadada.li"; in { + networking.useDHCP = false; systemd.network = { enable = true; links = { diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 8a6818e..873832d 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -96,7 +96,7 @@ in users.mutableUsers = mkDefault false; environment.systemPackages = with pkgs; [ - vim + helix tmux ]; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 6d8f98b..c2b27dc 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -14,7 +14,6 @@ packages = import ./packages.nix; secrets = import ./secrets.nix; share = import ./share.nix; - soft-serve = import ./soft-serve.nix; steam = import ./steam.nix; sway = import ./sway.nix; vpnServer = import ./vpnServer.nix; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index ff68072..551cfc2 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -20,7 +20,7 @@ with lib; { age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - fonts.fonts = mkDefault (with pkgs; [ + fonts.packages = mkDefault (with pkgs; [ source-code-pro ]); diff --git a/nixos/modules/soft-serve.nix b/nixos/modules/soft-serve.nix deleted file mode 100644 index a2e1a27..0000000 --- a/nixos/modules/soft-serve.nix +++ /dev/null @@ -1,212 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.services.soft-serve; - configFile = format.generate "config.yaml" cfg.settings; - exe = getExe cfg.package; - format = pkgs.formats.yaml { }; - user = "soft-serve"; -in -{ - options = { - services.soft-serve = { - enable = mkEnableOption "Enable soft-serve service"; - - package = mkPackageOption pkgs "soft-serve" { }; - - stateDir = mkOption { - type = types.path; - default = "/var/lib/soft-serve"; - description = lib.mdDoc '' - The absolute path to the data directory. - - See . - ''; - }; - - user = mkOption { - type = types.str; - default = user; - description = lib.mdDoc "User account under which soft-serve runs."; - }; - - group = mkOption { - type = types.str; - default = user; - description = lib.mdDoc "Group account under which soft-serve runs."; - }; - - settings = mkOption { - type = format.type; - default = { }; - description = lib.mdDoc '' - The contents of the configuration file. - - See . - ''; - example = literalExpression '' - { - # Soft Serve Server configurations - - # The name of the server. - # This is the name that will be displayed in the UI. - name = "Soft Serve"; - - # Log format to use. Valid values are "json", "logfmt", and "text". - log_format = "text"; - - # The SSH server configuration. - ssh = { - # The address on which the SSH server will listen. - listen_addr = ":23231"; - - # The public URL of the SSH server. - # This is the address that will be used to clone repositories. - public_url = "ssh://localhost:23231"; - - # The path to the SSH server's private key. - key_path = "ssh/soft_serve_host"; - - # The path to the SSH server's client private key. - # This key will be used to authenticate the server to make git requests to - # ssh remotes. - client_key_path = "ssh/soft_serve_client"; - - # The maximum number of seconds a connection can take. - # A value of 0 means no timeout. - max_timeout = 0; - - # The number of seconds a connection can be idle before it is closed. - idle_timeout = 120; - }; - # The Git daemon configuration. - git = { - # The address on which the Git daemon will listen. - listen_addr = ":9418"; - - # The maximum number of seconds a connection can take. - # A value of 0 means no timeout. - max_timeout = 0; - - # The number of seconds a connection can be idle before it is closed. - idle_timeout = 3; - - # The maximum number of concurrent connections. - max_connections = 32; - }; - - # The HTTP server configuration. - http = { - # The address on which the HTTP server will listen. - listen_addr = ":23232"; - - # The path to the TLS private key. - tls_key_path = ""; - - # The path to the TLS certificate. - tls_cert_path = ""; - - # The public URL of the HTTP server. - # This is the address that will be used to clone repositories. - # Make sure to use https:// if you are using TLS. - public_url = "http://localhost:23232"; - - }; - - # The stats server configuration. - stats = { - # The address on which the stats server will listen. - listen_addr = ":23233"; - }; - # Additional admin keys. - initial_admin_keys = [ - "ssh-rsa AAAAB3NzaC1yc2..." - ]; - }; - ''; - }; - }; - }; - - config = let stateDir = cfg.stateDir; in mkIf cfg.enable { - users.users = mkIf (cfg.user == "soft-serve") { - soft-serve = { - description = "soft-serve service"; - home = cfg.stateDir; - useDefaultShell = true; - group = cfg.group; - isSystemUser = true; - }; - }; - - users.groups = mkIf (cfg.group == "soft-serve") { - soft-serve = { }; - }; - - systemd.tmpfiles.rules = [ - "d '${stateDir}' 0750 ${cfg.user} ${cfg.group} - -" - ]; - - systemd.services.soft-serve = { - description = "Soft Serve git server ðŸ¦"; - documentation = [ "https://github.com/charmbracelet/soft-serve" ]; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - - environment = { - SOFT_SERVE_DATA_PATH = stateDir; - }; - - preStart = '' - # Link the settings file into the data directory. - ln -fs ${configFile} ${stateDir}/config.yaml - ''; - - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - Restart = "always"; - RestartSec = "1"; - ExecStart = "${exe} serve"; - WorkingDirectory = stateDir; - RuntimeDirectory = "soft-serve"; - RuntimeDirectoryMode = "0750"; - ProcSubset = "pid"; - ProtectProc = "invisible"; - ReadWritePaths = [ stateDir ]; - UMask = "0027"; - CapabilityBoundingSet = ""; - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - RemoveIPC = true; - PrivateMounts = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap" - ]; - }; - }; - }; - - meta.maintainers = [ maintainers.dadada ]; -} diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 5512b1f..3b0ef2d 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -378,6 +378,7 @@ in services.resolved.enable = true; networking.networkmanager.enable = false; + networking.useDHCP = false; # Desktop things for media playback diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index ee79fd5..ee710da 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -60,6 +60,8 @@ in location = "/var/backup/postgresql"; }; + networking.useDHCP = false; + systemd.network = { enable = true; networks = { diff --git a/overlays.nix b/overlays.nix index 636893e..6d636ec 100644 --- a/overlays.nix +++ b/overlays.nix @@ -38,12 +38,4 @@ }; }); }; - - soft-serve = final: prev: { - soft-serve = prev.callPackage ./pkgs/soft-serve.nix { }; - }; - - map = final: prev: { - map = prev.callPackage ./pkgs/map.nix { }; - }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index a9983e9..c78fe50 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,2 @@ { pkgs }: -{ - map = pkgs.callPackage ./map.nix { }; -} +{ } diff --git a/pkgs/map.nix b/pkgs/map.nix deleted file mode 100644 index 8cb9a39..0000000 --- a/pkgs/map.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, stdenv, fetchFromGitHub }: -stdenv.mkDerivation rec { - pname = "map"; - version = "0.1.1"; - - src = fetchFromGitHub { - owner = "soveran"; - repo = pname; - rev = "0.1.1"; - sha256 = "sha256-yGzmhZwv1qKy0JNcSzqL996APQO8OGWQ1GBkEkKTOXA="; - }; - - makefile = "makefile"; - - installPhase = '' - export PREFIX="$out"; - mkdir -p "$out" - make install - ''; - - checkPhase = '' - make test - ''; - - meta = with lib; { - description = "Map lines from stdin to commands"; - license = licenses.bsd2; - homepage = "https://github.com/soveran/map"; - platforms = platforms.all; - maintainers = with maintainers; [ dadada ]; - }; -} diff --git a/pkgs/soft-serve.nix b/pkgs/soft-serve.nix deleted file mode 100644 index 0a397dc..0000000 --- a/pkgs/soft-serve.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Borrowed from nixpkgs. -# See https://github.com/NixOS/nixpkgs/issues/86349 -{ lib, buildGoModule, fetchFromGitHub, makeWrapper, git, bash }: - -buildGoModule rec { - pname = "soft-serve"; - version = "0.7.1"; - - src = fetchFromGitHub { - owner = "charmbracelet"; - repo = "soft-serve"; - rev = "v${version}"; - sha256 = "sha256-PY/BHfuDRHXpzyUawzZhDr1m0c1tWqawW7GP9muhYAs="; - }; - - vendorHash = "sha256-jtEiikjEOThTSrd+UIEInxQmt2z5YVyksuTC17VmdkA="; - - doCheck = false; - - ldflags = [ "-s" "-w" "-X=main.Version=${version}" ]; - - nativeBuildInputs = [ makeWrapper ]; - - postInstall = '' - wrapProgram $out/bin/soft \ - --prefix PATH : "${lib.makeBinPath [ git bash ]}" - ''; - - meta = with lib; { - description = "A tasty, self-hosted Git server for the command line"; - homepage = "https://github.com/charmbracelet/soft-serve"; - changelog = "https://github.com/charmbracelet/soft-serve/releases/tag/v${version}"; - mainProgram = "soft"; - license = licenses.mit; - maintainers = with maintainers; [ penguwin ]; - }; -} diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix deleted file mode 100644 index c513c33..0000000 --- a/pkgs/vimPlugins/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs -, lib -, fetchFromGitHub -, ... -}: -with lib; { - filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "dadadaVimFiletype"; - version = "0.2"; - src = ./filetype; - }; - - spacemacsTheme = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "spacemacs-theme"; - version = "2.0.1"; - src = pkgs.fetchFromGitHub { - owner = "colepeters"; - repo = "spacemacs-theme.vim"; - rev = "056bba9bd05a2c97c63c28216a1c232cfb91529e"; - sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz"; - }; - }; - - vim-buftabline = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "vim-buftabline"; - version = "master"; - src = pkgs.fetchFromGitHub { - owner = "ap"; - repo = "vim-buftabline"; - rev = "73b9ef5dcb6cdf6488bc88adb382f20bc3e3262a"; - sha256 = "1vs4km7fb3di02p0771x42y2bsn1hi4q6iwlbrj0imacd9affv5y"; - }; - }; -} diff --git a/pkgs/vimPlugins/filetype/ftplugin/bash.vim b/pkgs/vimPlugins/filetype/ftplugin/bash.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/bash.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/cpp.vim b/pkgs/vimPlugins/filetype/ftplugin/cpp.vim deleted file mode 100644 index 7cdc5a6..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/cpp.vim +++ /dev/null @@ -1,11 +0,0 @@ -let b:ale_fixers = ['clang-format', 'remove_trailing_lines', 'trim_whitespace'] -let b:ale_linters = ['clangd'] - -"setlocal tabstop=8 expandtab shiftwidth=2 smarttab -" GNU Coding Standards -setlocal cindent -setlocal cinoptions=>4,n-2,{2,^-2,:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1 -setlocal shiftwidth=2 -setlocal softtabstop=2 -setlocal textwidth=79 -setlocal fo-=ro fo+=cql diff --git a/pkgs/vimPlugins/filetype/ftplugin/css.vim b/pkgs/vimPlugins/filetype/ftplugin/css.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/css.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/fish.vim b/pkgs/vimPlugins/filetype/ftplugin/fish.vim deleted file mode 100644 index b1a5c53..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/fish.vim +++ /dev/null @@ -1,2 +0,0 @@ -" Set up :make to use fish for syntax checking. -compiler fish diff --git a/pkgs/vimPlugins/filetype/ftplugin/foo.kt b/pkgs/vimPlugins/filetype/ftplugin/foo.kt deleted file mode 100644 index 892968c..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/foo.kt +++ /dev/null @@ -1,3 +0,0 @@ -class Foo { - fun -} diff --git a/pkgs/vimPlugins/filetype/ftplugin/go.vim b/pkgs/vimPlugins/filetype/ftplugin/go.vim deleted file mode 100644 index 13b8558..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/go.vim +++ /dev/null @@ -1,3 +0,0 @@ -set expandtab& -setlocal shiftwidth=4 -setlocal softtabstop=4 diff --git a/pkgs/vimPlugins/filetype/ftplugin/html.vim b/pkgs/vimPlugins/filetype/ftplugin/html.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/html.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/javascript.vim b/pkgs/vimPlugins/filetype/ftplugin/javascript.vim deleted file mode 100644 index 00196be..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/javascript.vim +++ /dev/null @@ -1,5 +0,0 @@ -let b:ale_fixers = ['prettier', 'eslint'] - -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim b/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim deleted file mode 100644 index 62f7206..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim +++ /dev/null @@ -1,5 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=4 -setlocal softtabstop=4 -let g:ale_kotlin_languageserver_executable = "/home/tim/src/kotlin-language-server/server/build/install/server/bin/kotlin-language-server" - diff --git a/pkgs/vimPlugins/filetype/ftplugin/ledger.vim b/pkgs/vimPlugins/filetype/ftplugin/ledger.vim deleted file mode 100644 index 765e06c..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/ledger.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=4 -setlocal softtabstop=4 diff --git a/pkgs/vimPlugins/filetype/ftplugin/markdown.md b/pkgs/vimPlugins/filetype/ftplugin/markdown.md deleted file mode 100644 index 0c79590..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/markdown.md +++ /dev/null @@ -1,2 +0,0 @@ -let b:ale_linters = {'markdown': ['languagetool']} -let b:ale_fixers = {'markdown': ['languagetool']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/nix.vim b/pkgs/vimPlugins/filetype/ftplugin/nix.vim deleted file mode 100644 index c0b88cf..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/nix.vim +++ /dev/null @@ -1,5 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 - -let b:ale_fixers = [ 'nixpkgs-fmt', 'remove_trailing_lines', 'trim_whitespace'] diff --git a/pkgs/vimPlugins/filetype/ftplugin/perl.vim b/pkgs/vimPlugins/filetype/ftplugin/perl.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/perl.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/python.vim b/pkgs/vimPlugins/filetype/ftplugin/python.vim deleted file mode 100644 index 52a8bc2..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/python.vim +++ /dev/null @@ -1,4 +0,0 @@ -" Check Python files with flake8 and pylint. -let b:ale_linters = ['flake8', 'pylint'] -" Fix Python files with autopep8 and yapf. -let b:ale_fixers = ['autopep8', 'yapf', 'add_blank_lines_for_python_control_statements', 'autopep8', 'remove_trailing_lines', 'reorder-python-imports', 'trim_whitespace'] diff --git a/pkgs/vimPlugins/filetype/ftplugin/rust.vim b/pkgs/vimPlugins/filetype/ftplugin/rust.vim deleted file mode 100644 index 3a4bd48..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/rust.vim +++ /dev/null @@ -1,2 +0,0 @@ -let b:ale_linters = {'rust': ['rustc', 'rls', 'rust-analyzer']} -let b:ale_fixers = {'rust': ['rustfmt']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/scss.vim b/pkgs/vimPlugins/filetype/ftplugin/scss.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/scss.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/tex.vim b/pkgs/vimPlugins/filetype/ftplugin/tex.vim deleted file mode 100644 index 95f2bec..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/tex.vim +++ /dev/null @@ -1,7 +0,0 @@ -setlocal tabstop=2 -setlocal shiftwidth=2 -setlocal expandtab -setlocal textwidth=79 - -let b:ale_linters = {'tex': ['texlab']} -let b:ale_fixers = {'tex': ['remove_trailing_lines', 'trim_whitespace', 'texlab']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/typescript.vim b/pkgs/vimPlugins/filetype/ftplugin/typescript.vim deleted file mode 100644 index 8312237..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/typescript.vim +++ /dev/null @@ -1,5 +0,0 @@ -let b:ale_fixers = ['prettier', 'eslint', 'tsserver'] - -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/yaml.vim b/pkgs/vimPlugins/filetype/ftplugin/yaml.vim deleted file mode 100644 index 51521e2..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/yaml.vim +++ /dev/null @@ -1,4 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 - From 194f9adf67d6e6a8c1fbbe167025966957f20034 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 00:38:23 +0000 Subject: [PATCH 719/988] build(deps): bump DeterminateSystems/nix-installer-action from 6 to 8 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 6 to 8. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v6...v8) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 7a1a9e0..cbe87b1 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v6 + uses: DeterminateSystems/nix-installer-action@v8 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v20 with: From c7e697284e0c63a918355de7b6304fcff0fb0477 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Dec 2023 09:16:56 +0100 Subject: [PATCH 720/988] Remove tubslatex overlay Use tubslatex-nix flake instead --- overlays.nix | 29 ----------------------------- pkgs/tubslatex/default.nix | 18 ------------------ 2 files changed, 47 deletions(-) delete mode 100644 pkgs/tubslatex/default.nix diff --git a/overlays.nix b/overlays.nix index 6d636ec..225e23c 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,33 +1,4 @@ { - tubslatex = final: prev: { - # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 - tubslatex = - prev.lib.overrideDerivation - (prev.texlive.combine { - inherit (prev.texlive) scheme-full; - tubslatex.pkgs = [ (prev.callPackage ../pkgs/tubslatex { }) ]; - }) - (oldAttrs: { - postBuild = - '' - # Save the udpmap.cfg because texlive.combine removes it. - cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 - '' - + oldAttrs.postBuild - + '' - # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it - rm $out/share/texmf/web2c/updmap.cfg || true - cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg - rm $out/share/texmf/web2c/updmap.cfg.1 - perl `type -P mktexlsr.pl` $out/share/texmf - yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true - perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map - # Regenerate .map files. - perl `type -P updmap.pl` --sys - ''; - }); - }; - kanboard = final: prev: { kanboard = prev.kanboard.overrideAttrs (oldAttrs: { src = prev.fetchFromGitHub { diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix deleted file mode 100644 index 36b688a..0000000 --- a/pkgs/tubslatex/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ stdenv -, fetchzip -, unzip -, -}: -stdenv.mkDerivation rec { - src = ./tubslatex_1.3.2.tds.zip; - sourceRoot = "."; - nativeBuildInputs = [ unzip ]; - buildInputs = [ unzip ]; - installPhase = '' - mkdir -p $out - cp -r * $out/ - ''; - pname = "tubslatex"; - name = pname; - tlType = "run"; -} From dfff146068c287d58d5705278e57390c43a80c4d Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 3 Dec 2023 09:27:44 +0100 Subject: [PATCH 721/988] home/helix: fix language server settings --- home/modules/helix/config/languages.toml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 07f8344..2a516ae 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -1,10 +1,19 @@ +[language-server.rust-analyzer] +config = { rust-analyzer = { checkOnSave = { command = "clippy" } } } + +[language-server.nil] +command = "nil" + +[language-server.ltex-ls] +command = "ltex-ls" + [[language]] name = "rust" -config = { rust-analyzer = { checkOnSave = { command = "clippy" } } } +language-servers = [ {name="rust-analyzer"} ] [[language]] name = "latex" -language-server = { command = "ltex-ls" } +language-servers = [{ name = "ltex-ls" }] file-types = ["tex"] scope = "source.latex" roots = [] @@ -12,4 +21,4 @@ roots = [] [[language]] name = "nix" file-types = ["nix"] -language-server = { command = "nil" } +language-servers = [{ name = "nil" }] From af6e077382a8749c455b722748b75f6d16a0d02b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Dec 2023 20:11:43 +0100 Subject: [PATCH 722/988] Add dconf config --- home/dconf.nix | 184 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) create mode 100644 home/dconf.nix diff --git a/home/dconf.nix b/home/dconf.nix new file mode 100644 index 0000000..e1a9635 --- /dev/null +++ b/home/dconf.nix @@ -0,0 +1,184 @@ +{ lib, ... }: +with lib.hm.gvariant; +{ + dconf.settings = with lib.hm.gvariant; { + "org/gnome/shell" = { + favorite-apps = [ + "alacritty.desktop" + "element.desktop" + "evolution.desktop" + "firefox.desktop" + "spotify.desktop" + ]; + }; + + "org/gnome/shell" = { + disable-user-extensions = true; + }; + + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + + "org/gnome/desktop/input-sources" = { + current = mkUint32 0; + per-window = false; + show-all-sources = true; + sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ]; + xkb-options = [ "lv3:ralt_switch" "caps:escape" ]; + }; + + "org/gnome/desktop/interface" = { + clock-show-date = true; + clock-show-seconds = false; + clock-show-weekday = true; + color-scheme = "prefer-dark"; + enable-animations = true; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + font-name = "Cantarell"; + gtk-enable-primary-paste = false; + gtk-key-theme = "Emacs"; + gtk-theme = "Adwaita"; + icon-theme = "Adwaita"; + locate-pointer = false; + monospace-font-name = "JetBrains Mono 10"; + show-battery-percentage = false; + text-scaling-factor = 1.0; + toolkit-accessibility = false; + }; + + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = false; + }; + + "org/gnome/desktop/peripherals/mouse" = { + accel-profile = "default"; + natural-scroll = true; + }; + + "org/gnome/desktop/peripherals/touchpad" = { + send-events = "enabled"; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + + "org/gnome/desktop/privacy" = { + disable-microphone = false; + old-files-age = mkUint32 30; + recent-files-max-age = -1; + report-technical-problems = false; + }; + + "org/gnome/desktop/screensaver" = { + color-shading-type = "solid"; + lock-delay = mkUint32 30; + lock-enabled = true; + }; + + "org/gnome/desktop/session" = { + idle-delay = mkUint32 0; + }; + + "org/gnome/desktop/sound" = { + event-sounds = false; + theme-name = "__custom"; + }; + + "org/gnome/evince/default" = { + continuous = true; + dual-page = false; + dual-page-odd-left = false; + enable-spellchecking = true; + fullscreen = false; + inverted-colors = false; + show-sidebar = false; + sidebar-page = "links"; + sidebar-size = 132; + sizing-mode = "free"; + }; + + "org/gnome/evolution/calendar" = { + editor-show-timezone = true; + use-24hour-format = true; + week-start-day-name = "monday"; + work-day-friday = true; + work-day-monday = true; + work-day-saturday = false; + work-day-sunday = false; + work-day-thursday = true; + work-day-tuesday = true; + work-day-wednesday = true; + }; + + "org/gnome/evolution/mail" = { + browser-close-on-reply-policy = "always"; + composer-attribution-language = "de_DE"; + composer-reply-start-bottom = false; + composer-signature-in-new-only = true; + composer-spell-languages = [ "de" "en_US" ]; + composer-top-signature = false; + composer-unicode-smileys = false; + composer-visually-wrap-long-lines = true; + composer-wrap-quoted-text-in-replies = false; + forward-style = 0; + forward-style-name = "attached"; + headers-collapsed = false; + image-loading-policy = "never"; + junk-check-custom-header = true; + junk-check-incoming = true; + junk-empty-on-exit-days = 0; + junk-lookup-addressbook = false; + notify-remote-content = true; + prompt-check-if-default-mailer = false; + prompt-on-composer-mode-switch = true; + prompt-on-empty-subject = true; + prompt-on-expunge = true; + prompt-on-mark-all-read = false; + prompt-on-mark-as-junk = true; + prompt-on-reply-close-browser = "always"; + prompt-on-unwanted-html = true; + reply-style = 0; + reply-style-name = "quoted"; + search-gravatar-for-photo = false; + }; + + "org/gnome/evolution/plugin/prefer-plain" = { + mode = "only_plain"; + show-suppressed = true; + }; + + "org/gnome/gnome-screenshot" = { + border-effect = "none"; + delay = 0; + include-border = true; + include-pointer = false; + last-save-directory = "file:///home/dadada/lib/pictures/Screenshots"; + }; + + "org/gnome/mutter" = { + attach-modal-dialogs = true; + center-new-windows = true; + dynamic-workspaces = true; + edge-tiling = true; + experimental-features = [ ]; + focus-change-on-pointer-rest = true; + overlay-key = "Super_L"; + workspaces-only-on-primary = true; + }; + + "org/gnome/settings-daemon/plugins/power" = { + idle-dim = false; + power-button-action = "hibernate"; + power-saver-profile-on-low-battery = true; + sleep-inactive-ac-type = "nothing"; + sleep-inactive-battery-timeout = 3600; + sleep-inactive-battery-type = "suspend"; + }; + + "org/gnome/system/location" = { + enabled = false; + }; + }; +} From 6cd183b90ac71e60d0d08fdb492a1f3be3e0ebcc Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Dec 2023 20:11:58 +0100 Subject: [PATCH 723/988] Clean up home config --- home/{home => }/default.nix | 4 ++++ home/{home => }/jjconfig.toml | 0 home/modules/xdg.nix | 8 ++++---- home/{home => }/pkgs.nix | 0 nixos/configurations.nix | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) rename home/{home => }/default.nix (98%) rename home/{home => }/jjconfig.toml (100%) rename home/{home => }/pkgs.nix (100%) diff --git a/home/home/default.nix b/home/default.nix similarity index 98% rename from home/home/default.nix rename to home/default.nix index 27902db..0bd95fb 100644 --- a/home/home/default.nix +++ b/home/default.nix @@ -19,6 +19,10 @@ let ]; in { + imports = [ + ./dconf.nix + ]; + home.stateVersion = "20.09"; programs.gpg.settings.default-key = "99658A3EB5CD7C13"; diff --git a/home/home/jjconfig.toml b/home/jjconfig.toml similarity index 100% rename from home/home/jjconfig.toml rename to home/jjconfig.toml diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index e9f0c0d..e252d60 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -5,8 +5,8 @@ }: with lib; let apps = { - "x-scheme-handler/mailto" = "userapp-Thunderbird-PB7NI0.desktop"; - "message/rfc822" = "userapp-Thunderbird-PB7NI0.desktop"; + "x-scheme-handler/mailto" = "evolution.desktop"; + "message/rfc822" = "evolution.desktop"; "x-scheme-handler/http" = "firefox.desktop"; "x-scheme-handler/https" = "firefox.desktop"; "x-scheme-handler/ftp" = "firefox.desktop"; @@ -18,7 +18,7 @@ with lib; let "application/xhtml+xml" = "firefox.desktop"; "application/x-extension-xhtml" = "firefox.desktop"; "application/x-extension-xht" = "firefox.desktop"; - "application/pdf" = "org.pwmt.zathura.desktop"; + "application/pdf" = "evince.desktop"; }; cfg = config.dadada.home.xdg; in @@ -44,9 +44,9 @@ in }; }; home.packages = with pkgs; [ + evince firefox xdg_utils - zathura ]; }; } diff --git a/home/home/pkgs.nix b/home/pkgs.nix similarity index 100% rename from home/home/pkgs.nix rename to home/pkgs.nix diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 8b664e1..1c1728c 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -47,7 +47,7 @@ in { dadada.home.helix.package = pkgs.helix; } { manual.manpages.enable = false; } ]; - home-manager.users.dadada = import ../home/home; + home-manager.users.dadada = import ../home; }) ./gorgon/configuration.nix ]; From f9c2a592f92d92ca297464c651bec43f56be89c2 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 22 Dec 2023 21:28:21 +0100 Subject: [PATCH 724/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/1aed986e3c81a4f6698e85a7452cbfcc4b31a36e' (2023-10-27) → 'github:numtide/devshell/44ddedcbcfc2d52a76b64fb6122f209881bd3e1e' (2023-12-05) • Updated input 'eza': 'github:eza-community/eza/cf0c57d7ad160f3b73462892609cc9185964b298' (2023-11-13) → 'github:eza-community/eza/cd4038726c695ca7bbfa71ff230804cc24d3dddf' (2023-12-21) • Updated input 'eza/advisory-db': 'github:rustsec/advisory-db/088ec034cfc17c918d8c1d4f9fbb832b935011b0' (2023-11-02) → 'github:rustsec/advisory-db/6ef1d1fd84c57e46253ff16bf7379c115e1062eb' (2023-12-09) • Updated input 'eza/powertest': 'http://rime.cx/v1/github/eza-community/powertest/b/main.tar.gz?narHash=sha256-DaBLTu/GCq7lDWyR9HKj9H1t5mfX7T1eFwrIwJICXZo%3D' → 'http://rime.cx/v1/github/eza-community/powertest.tar.gz?narHash=sha256-%2B5jKG/KmYOopvHwBAGu5iPVFqoug16Bkyk/InwB40tc%3D' (2023-11-16) • Updated input 'eza/pre-commit-hooks': 'http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz?narHash=sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q%3D' → 'http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz?narHash=sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM%3D' (2023-11-25) • Updated input 'flake-utils': 'github:numtide/flake-utils/ff7b65b44d01cf9ba6a71320833626af21126384' (2023-09-12) → 'github:numtide/flake-utils/4022d587cbbfd70fe950c1e2083a02621806a725' (2023-12-04) • Updated input 'home-manager': 'github:nix-community/home-manager/aeb2232d7a32530d3448318790534d196bf9427a' (2023-11-24) → 'github:nix-community/home-manager/0c2353d5d930c3d93724df6858aef064a31b3c00' (2023-12-20) • Updated input 'homePage': 'github:dadada/dadada.li/210dc82ee943943377500667a182046ff647ab9e' (2023-11-14) → 'github:dadada/dadada.li/61500a9a71ddf2a2df4005d3724ac38c6b78ab08' (2023-11-14) • Updated input 'jujutsu': 'github:martinvonz/jj/39b065f7ab16f95174c4239842f45c6a6dc9a50e' (2023-11-14) → 'github:martinvonz/jj/7a44e590dcdd6f9613df3559572ee5ded159a9af' (2023-12-22) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/150f38bd1e09e20987feacb1b0d5991357532fb5' (2023-09-30) → 'github:nix-community/nixos-generators/246219bc21b943c6f6812bb7744218ba0df08600' (2023-12-04) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b' (2023-11-14) → 'github:NixOS/nixos-hardware/7763c6fd1f299cb9361ff2abf755ed9619ef01d6' (2023-12-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5de0b32be6e85dc1a9404c75131316e4ffbc634c' (2023-12-01) → 'github:NixOS/nixpkgs/d65bceaee0fb1e64363f7871bc43dc1c6ecad99f' (2023-12-20) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/e485313fc485700a9f1f9b8b272ddc0621d08357' (2023-11-14) → 'github:oxalica/rust-overlay/b8c487832712f4e3e6f9e81b70e6654eb907abfc' (2023-12-22) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/e82f32aa7f06bbbd56d7b12186d555223dc399d1' (2023-11-12) → 'github:numtide/treefmt-nix/2961375283668d867e64129c22af532de8e77734' (2023-12-19) --- flake.lock | 82 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 42 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index e2ec65c..4c55f54 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "advisory-db": { "flake": false, "locked": { - "lastModified": 1698930228, - "narHash": "sha256-ewxEUkQljd/D6jJyixlgQi0ZBFzYrhIY1EuoPylxkag=", + "lastModified": 1702116332, + "narHash": "sha256-Qzx1cRU8QnCmbEp0LJFoEzm7tetiNTc+wRTJTzPo2ko=", "owner": "rustsec", "repo": "advisory-db", - "rev": "088ec034cfc17c918d8c1d4f9fbb832b935011b0", + "rev": "6ef1d1fd84c57e46253ff16bf7379c115e1062eb", "type": "github" }, "original": { @@ -71,11 +71,11 @@ ] }, "locked": { - "lastModified": 1698410321, - "narHash": "sha256-MphuSlgpmKwtJncGMohryHiK55J1n6WzVQ/OAfmfoMc=", + "lastModified": 1701787589, + "narHash": "sha256-ce+oQR4Zq9VOsLoh9bZT8Ip9PaMLcjjBUHVPzW5d7Cw=", "owner": "numtide", "repo": "devshell", - "rev": "1aed986e3c81a4f6698e85a7452cbfcc4b31a36e", + "rev": "44ddedcbcfc2d52a76b64fb6122f209881bd3e1e", "type": "github" }, "original": { @@ -106,11 +106,11 @@ ] }, "locked": { - "lastModified": 1699894927, - "narHash": "sha256-H679IyWzGASpeFwi1o9QRGRnLF2rxkHGIvCMj2Ry49k=", + "lastModified": 1703136511, + "narHash": "sha256-XGOCw+GOJhuGEADyKqJxJhEgSyEIkudH2+GC5oLmDsQ=", "owner": "eza-community", "repo": "eza", - "rev": "cf0c57d7ad160f3b73462892609cc9185964b298", + "rev": "cd4038726c695ca7bbfa71ff230804cc24d3dddf", "type": "github" }, "original": { @@ -176,11 +176,11 @@ ] }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1700814205, - "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=", + "lastModified": 1703113038, + "narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=", "owner": "nix-community", "repo": "home-manager", - "rev": "aeb2232d7a32530d3448318790534d196bf9427a", + "rev": "0c2353d5d930c3d93724df6858aef064a31b3c00", "type": "github" }, "original": { @@ -256,11 +256,11 @@ "homePage": { "flake": false, "locked": { - "lastModified": 1699985207, - "narHash": "sha256-7M02sURdqIRwRApZ19Q52sBDwXj1hgZmXGpDI66Cb1w=", + "lastModified": 1699995134, + "narHash": "sha256-YZKHkSRsUJL2D4QcABQHeBPJNV4y8P3HOI87LUVbOcM=", "owner": "dadada", "repo": "dadada.li", - "rev": "210dc82ee943943377500667a182046ff647ab9e", + "rev": "61500a9a71ddf2a2df4005d3724ac38c6b78ab08", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1699950927, - "narHash": "sha256-DgBcgQy4YeGH1CbWxeW9WgIIfo7FYrJLUY8XcUZxqzM=", + "lastModified": 1703258057, + "narHash": "sha256-Cyx2jhxX6ilz62YUY6csPhIjJuFxiLyK1roEFpqCAsw=", "owner": "martinvonz", "repo": "jj", - "rev": "39b065f7ab16f95174c4239842f45c6a6dc9a50e", + "rev": "7a44e590dcdd6f9613df3559572ee5ded159a9af", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1696058303, - "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=", + "lastModified": 1701689616, + "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5", + "rev": "246219bc21b943c6f6812bb7744218ba0df08600", "type": "github" }, "original": { @@ -353,11 +353,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1699954245, - "narHash": "sha256-CSnfeOHc/wco8amdA0j268OaLrMcI5gGtK6Zm+y3lT0=", + "lastModified": 1702453208, + "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "df9bb8a436607da124e8cfa0fd19e70e9d9e0b7b", + "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", "type": "github" }, "original": { @@ -369,11 +369,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701389149, - "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=", + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", "type": "github" }, "original": { @@ -420,13 +420,14 @@ ] }, "locked": { - "narHash": "sha256-DaBLTu/GCq7lDWyR9HKj9H1t5mfX7T1eFwrIwJICXZo=", + "lastModified": 1700124898, + "narHash": "sha256-+5jKG/KmYOopvHwBAGu5iPVFqoug16Bkyk/InwB40tc=", "type": "tarball", - "url": "http://rime.cx/v1/github/eza-community/powertest/b/main.tar.gz" + "url": "http://rime.cx/v1/github/eza-community/powertest.tar.gz" }, "original": { "type": "tarball", - "url": "http://rime.cx/v1/github/eza-community/powertest/b/main.tar.gz" + "url": "http://rime.cx/v1/github/eza-community/powertest.tar.gz" } }, "pre-commit-hooks": { @@ -444,7 +445,8 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "narHash": "sha256-Fi5H9jbaQLmLw9qBi/mkR33CoFjNbobo5xWdX4tKz1Q=", + "lastModified": 1700922917, + "narHash": "sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM=", "type": "tarball", "url": "http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz" }, @@ -507,11 +509,11 @@ ] }, "locked": { - "lastModified": 1699928012, - "narHash": "sha256-7WfRTTBdkRJgjiJRsSShMXlfmOG1X0FqNdHaLATAL+w=", + "lastModified": 1703211258, + "narHash": "sha256-ye9HcJ9WH/QCq6R4GC3FvLnIDpa2Kje4nXya9j/mhA4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e485313fc485700a9f1f9b8b272ddc0621d08357", + "rev": "b8c487832712f4e3e6f9e81b70e6654eb907abfc", "type": "github" }, "original": { @@ -557,11 +559,11 @@ ] }, "locked": { - "lastModified": 1699786194, - "narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=", + "lastModified": 1702979157, + "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1", + "rev": "2961375283668d867e64129c22af532de8e77734", "type": "github" }, "original": { From 3ffb8ac9168a5ab277e5a4c80b4ba9c66e4cf227 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 24 Dec 2023 12:17:44 +0100 Subject: [PATCH 725/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/0c2353d5d930c3d93724df6858aef064a31b3c00' (2023-12-20) → 'github:nix-community/home-manager/d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224' (2023-12-23) • Updated input 'jujutsu': 'github:martinvonz/jj/7a44e590dcdd6f9613df3559572ee5ded159a9af' (2023-12-22) → 'github:martinvonz/jj/320d15412b0326b96e69e00421e465f6bb9b49b8' (2023-12-23) • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/b8c487832712f4e3e6f9e81b70e6654eb907abfc' (2023-12-22) → 'github:oxalica/rust-overlay/cb6395cb3c2f69ad028914c90bce833e51d339c9' (2023-12-24) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 4c55f54..522cad1 100644 --- a/flake.lock +++ b/flake.lock @@ -239,11 +239,11 @@ ] }, "locked": { - "lastModified": 1703113038, - "narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=", + "lastModified": 1703367386, + "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", "owner": "nix-community", "repo": "home-manager", - "rev": "0c2353d5d930c3d93724df6858aef064a31b3c00", + "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1703258057, - "narHash": "sha256-Cyx2jhxX6ilz62YUY6csPhIjJuFxiLyK1roEFpqCAsw=", + "lastModified": 1703344967, + "narHash": "sha256-tfaeCftcPun0E2nwppI70+PC4sJnuuHk+dVWZxwOxzc=", "owner": "martinvonz", "repo": "jj", - "rev": "7a44e590dcdd6f9613df3559572ee5ded159a9af", + "rev": "320d15412b0326b96e69e00421e465f6bb9b49b8", "type": "github" }, "original": { @@ -509,11 +509,11 @@ ] }, "locked": { - "lastModified": 1703211258, - "narHash": "sha256-ye9HcJ9WH/QCq6R4GC3FvLnIDpa2Kje4nXya9j/mhA4=", + "lastModified": 1703384182, + "narHash": "sha256-g5K8bFBCIQ3x/j/MFTpkZo4It5SGWPwhBp/lASiy+pA=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "b8c487832712f4e3e6f9e81b70e6654eb907abfc", + "rev": "cb6395cb3c2f69ad028914c90bce833e51d339c9", "type": "github" }, "original": { From 7c9ffc4f2f6c246028733ea03aae0e34476015e9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 24 Dec 2023 12:25:17 +0100 Subject: [PATCH 726/988] Remove eza and jujutsu inputs --- flake.lock | 226 +-------------------------------------- flake.nix | 14 --- home/modules/fish.nix | 2 +- home/modules/zsh.nix | 2 +- home/pkgs.nix | 1 - nixos/configurations.nix | 2 - outputs.nix | 2 - 7 files changed, 4 insertions(+), 245 deletions(-) diff --git a/flake.lock b/flake.lock index 522cad1..2839e8d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "advisory-db": { - "flake": false, - "locked": { - "lastModified": 1702116332, - "narHash": "sha256-Qzx1cRU8QnCmbEp0LJFoEzm7tetiNTc+wRTJTzPo2ko=", - "owner": "rustsec", - "repo": "advisory-db", - "rev": "6ef1d1fd84c57e46253ff16bf7379c115e1062eb", - "type": "github" - }, - "original": { - "owner": "rustsec", - "repo": "advisory-db", - "type": "github" - } - }, "agenix": { "inputs": { "darwin": "darwin", @@ -84,57 +68,6 @@ "type": "github" } }, - "eza": { - "inputs": { - "advisory-db": "advisory-db", - "flake-utils": [ - "flake-utils" - ], - "naersk": [ - "naersk" - ], - "nixpkgs": [ - "nixpkgs" - ], - "powertest": "powertest", - "pre-commit-hooks": "pre-commit-hooks", - "rust-overlay": [ - "rust-overlay" - ], - "treefmt-nix": [ - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1703136511, - "narHash": "sha256-XGOCw+GOJhuGEADyKqJxJhEgSyEIkudH2+GC5oLmDsQ=", - "owner": "eza-community", - "repo": "eza", - "rev": "cd4038726c695ca7bbfa71ff230804cc24d3dddf", - "type": "github" - }, - "original": { - "owner": "eza-community", - "repo": "eza", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-registry": { "flake": false, "locked": { @@ -152,24 +85,6 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": [ "systems" @@ -189,28 +104,6 @@ "type": "github" } }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "eza", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -269,32 +162,6 @@ "type": "github" } }, - "jujutsu": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1703344967, - "narHash": "sha256-tfaeCftcPun0E2nwppI70+PC4sJnuuHk+dVWZxwOxzc=", - "owner": "martinvonz", - "repo": "jj", - "rev": "320d15412b0326b96e69e00421e465f6bb9b49b8", - "type": "github" - }, - "original": { - "owner": "martinvonz", - "repo": "jj", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ @@ -383,78 +250,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1685801374, - "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c37ca420157f4abc31e26f436c1145f8951ff373", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "powertest": { - "inputs": { - "flake-utils": "flake-utils", - "naersk": [ - "eza", - "naersk" - ], - "nixpkgs": [ - "eza", - "nixpkgs" - ], - "rust-overlay": [ - "eza", - "rust-overlay" - ], - "treefmt-nix": [ - "eza", - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1700124898, - "narHash": "sha256-+5jKG/KmYOopvHwBAGu5iPVFqoug16Bkyk/InwB40tc=", - "type": "tarball", - "url": "http://rime.cx/v1/github/eza-community/powertest.tar.gz" - }, - "original": { - "type": "tarball", - "url": "http://rime.cx/v1/github/eza-community/powertest.tar.gz" - } - }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": [ - "eza", - "flake-utils" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "eza", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1700922917, - "narHash": "sha256-ej2fch/T584b5K9sk1UhmZF7W6wEfDHuoUYpFN8dtvM=", - "type": "tarball", - "url": "http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz" - }, - "original": { - "type": "tarball", - "url": "http://rime.cx/v1/github/semnix/pre-commit-hooks.nix.tar.gz" - } - }, "recipemd": { "inputs": { "flake-utils": [ @@ -483,19 +278,17 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", - "eza": "eza", "flake-registry": "flake-registry", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homePage": "homePage", - "jujutsu": "jujutsu", "naersk": "naersk", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "recipemd": "recipemd", "rust-overlay": "rust-overlay", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -537,21 +330,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index ee4b473..d6800c3 100644 --- a/flake.nix +++ b/flake.nix @@ -47,20 +47,6 @@ url = "github:nix-community/naersk"; inputs.nixpkgs.follows = "nixpkgs"; }; - eza = { - url = "github:eza-community/eza"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - inputs.rust-overlay.follows = "rust-overlay"; - inputs.naersk.follows = "naersk"; - inputs.treefmt-nix.follows = "treefmt-nix"; - }; - jujutsu = { - url = "github:martinvonz/jj"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - inputs.rust-overlay.follows = "rust-overlay"; - }; systems.url = "github:nix-systems/default"; treefmt-nix = { url = "github:numtide/treefmt-nix"; diff --git a/home/modules/fish.nix b/home/modules/fish.nix index e10f6b2..6a852bd 100644 --- a/home/modules/fish.nix +++ b/home/modules/fish.nix @@ -80,6 +80,6 @@ in }; }; - home.packages = [ pkgs.exa ]; + home.packages = [ pkgs.eza ]; }; } diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 1f88e8e..187822c 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -72,7 +72,7 @@ in home.packages = with pkgs; [ fzf - exa + eza zsh-git-prompt tmux ]; diff --git a/home/pkgs.nix b/home/pkgs.nix index 910ceb1..b09030f 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -25,7 +25,6 @@ with pkgs; [ element-desktop evince evolution - exa ffmpeg file fx # themable json viewer diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 1c1728c..48d6a2e 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -10,9 +10,7 @@ let more-packages = system: { more-packages = final: prev: { - exa = inputs.eza.packages.${system}.default; recipemd = inputs.recipemd.packages.${system}.recipemd; - jujutsu = inputs.jujutsu.packages.${system}.jujutsu; }; }; diff --git a/outputs.nix b/outputs.nix index 8c0d9ac..16715d2 100644 --- a/outputs.nix +++ b/outputs.nix @@ -9,8 +9,6 @@ , recipemd , agenix , devshell -, jujutsu -, eza , ... } @ inputs: (flake-utils.lib.eachDefaultSystem (system: From 78328291dbe28f7c4237c903d93c0c6682c1b349 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 31 Dec 2023 17:28:40 +0100 Subject: [PATCH 727/988] ninurta: change brother ppl --- nixos/ninurta/printing.nix | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index 2551683..bb71739 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -1,18 +1,11 @@ { pkgs, ... }: { - services.printing = { - enable = true; - drivers = [ pkgs.brlaser ]; - # Remove all state at the start of the service - stateless = true; - }; - hardware = { printers = { ensurePrinters = [ { - name = "Brother_HL-L2310D"; - model = "drv:///brlaser.drv/brl2320d.ppd"; + name = "Brother_HL-L2300D"; + model = "drv:///brlaser.drv/brl2300d.ppd"; location = "BS"; deviceUri = "usb://Brother/HL-L2310D%20series?serial=E78096H3N771439"; ppdOptions = { @@ -35,6 +28,10 @@ }; services.printing = { + enable = true; + drivers = [ pkgs.brlaser ]; + # Remove all state at the start of the service + stateless = true; listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ]; allowFrom = [ "from 192.168.101.0/24" ]; browsing = true; From 31b18436771a1d55bc2d956d9e731fc6c1dc8543 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 1 Jan 2024 16:20:46 +0100 Subject: [PATCH 728/988] gorgon: fix uwu DNS --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 01f98c9..ff84f55 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -168,7 +168,7 @@ in postSetup = '' ${pkgs.systemd}/bin/resolvectl domain uwupn ~uwu - ${pkgs.systemd}/bin/resolvectl dns uwupn 10.0.0.1 + ${pkgs.systemd}/bin/resolvectl dns uwupn 10.11.0.1 ${pkgs.systemd}/bin/resolvectl dnssec uwupn false ''; peers = [ From 71629c7966005a32e90f69d9cbdc672cd00e1fdb Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 1 Jan 2024 17:20:58 +0100 Subject: [PATCH 729/988] overlays: add recipemd Remove unused overlays --- flake.lock | 78 +++------------------------------------- flake.nix | 22 +----------- home/pkgs.nix | 1 + nixos/configurations.nix | 10 ++---- outputs.nix | 1 - overlays.nix | 11 ++++++ pkgs/recipemd.nix | 58 ++++++++++++++++++++++++++++++ 7 files changed, 77 insertions(+), 104 deletions(-) create mode 100644 pkgs/recipemd.nix diff --git a/flake.lock b/flake.lock index 2839e8d..5ff9084 100644 --- a/flake.lock +++ b/flake.lock @@ -9,16 +9,16 @@ ] }, "locked": { - "lastModified": 1694733633, - "narHash": "sha256-/o/OubAsPMbxqru59tLlWzUI7LBNDaoW4rFwQ2Smxcg=", + "lastModified": 1703089996, + "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", "owner": "ryantm", "repo": "agenix", - "rev": "54693c91d923fecb4cf04c4535e3d84f8dec7919", + "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", "type": "github" }, "original": { "owner": "ryantm", - "ref": "0.14.0", + "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -162,26 +162,6 @@ "type": "github" } }, - "naersk": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1698420672, - "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=", - "owner": "nix-community", - "repo": "naersk", - "rev": "aeb58d5e8faead8980a807c840232697982d47b9", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "naersk", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1693701915, @@ -250,30 +230,6 @@ "type": "github" } }, - "recipemd": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1647022391, - "narHash": "sha256-TZih8S/GGmmONaEZchFw0sFS6U9pa+BjaGzNUf1ahi4=", - "owner": "dadada", - "repo": "recipemd", - "rev": "ef3ce521ce4fdc4e2cedb92102433c8a0a9d0335", - "type": "github" - }, - "original": { - "owner": "dadada", - "ref": "nix-flake", - "repo": "recipemd", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -282,39 +238,13 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homePage": "homePage", - "naersk": "naersk", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "recipemd": "recipemd", - "rust-overlay": "rust-overlay", "systems": "systems", "treefmt-nix": "treefmt-nix" } }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703384182, - "narHash": "sha256-g5K8bFBCIQ3x/j/MFTpkZo4It5SGWPwhBp/lASiy+pA=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "cb6395cb3c2f69ad028914c90bce833e51d339c9", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index d6800c3..45af302 100644 --- a/flake.nix +++ b/flake.nix @@ -16,13 +16,8 @@ url = "github:dadada/dadada.li"; flake = false; }; - recipemd = { - url = "github:dadada/recipemd/nix-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; agenix = { - url = "github:ryantm/agenix/0.14.0"; + url = "github:ryantm/agenix/0.15.0"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { @@ -38,15 +33,6 @@ url = "github:NixOS/flake-registry"; flake = false; }; - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - }; - naersk = { - url = "github:nix-community/naersk"; - inputs.nixpkgs.follows = "nixpkgs"; - }; systems.url = "github:nix-systems/default"; treefmt-nix = { url = "github:numtide/treefmt-nix"; @@ -55,10 +41,4 @@ }; outputs = { ... } @ args: import ./outputs.nix args; - - nixConfig = { - extra-trusted-public-keys = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; - extra-substituters = "https://nix-community.cachix.org/"; - extra-trusted-substituters = "https://nix-community.cachix.org/"; - }; } diff --git a/home/pkgs.nix b/home/pkgs.nix index b09030f..3bd0007 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -108,6 +108,7 @@ with pkgs; [ python38Packages.dateutil python38Packages.managesieve ranger + recipemd reptyr ripgrep ripgrep diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 48d6a2e..0474384 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -8,19 +8,13 @@ , ... }@inputs: let - more-packages = system: { - more-packages = final: prev: { - recipemd = inputs.recipemd.packages.${system}.recipemd; - }; - }; - nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { inherit system; modules = [{ # Add flakes to registry and nix path. dadada.inputs = inputs // { dadada = self; }; - nixpkgs.overlays = nixpkgs.lib.attrValues (self.overlays // (more-packages system)); + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in @@ -51,7 +45,7 @@ in ]; }; - surgat = nixosSystem rec { + surgat = nixosSystem { system = "x86_64-linux"; extraModules = [ { diff --git a/outputs.nix b/outputs.nix index 16715d2..8b6a45f 100644 --- a/outputs.nix +++ b/outputs.nix @@ -6,7 +6,6 @@ , nixpkgs , home-manager , nixos-hardware -, recipemd , agenix , devshell , ... diff --git a/overlays.nix b/overlays.nix index 225e23c..bf0588c 100644 --- a/overlays.nix +++ b/overlays.nix @@ -9,4 +9,15 @@ }; }); }; + + recipemd = final: prev: { + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + ( + python-final: python-prev: { + recipemd = python-final.callPackage ./pkgs/recipemd.nix { }; + } + ) + ]; + recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd; + }; } diff --git a/pkgs/recipemd.nix b/pkgs/recipemd.nix new file mode 100644 index 0000000..4879a9a --- /dev/null +++ b/pkgs/recipemd.nix @@ -0,0 +1,58 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, pytestCheckHook +, pythonPackages +, installShellFiles +, pythonOlder +, pythonAtLeast +}: +buildPythonPackage rec { + pname = "recipemd"; + version = "4.0.8"; + + disabled = pythonOlder "3.7" || pythonAtLeast "4"; + + src = fetchFromGitHub { + owner = "tstehr"; + repo = "RecipeMD"; + rev = "v${version}"; + hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc="; + }; + + propagatedBuildInputs = with pythonPackages; [ + dataclasses-json + yarl + CommonMark + argcomplete + pyparsing + ]; + + nativeBuildInputs = [ installShellFiles ]; + + postInstall = '' + ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash + installShellCompletion --bash --name recipemd.bash $out/completions.bash + + ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish + installShellCompletion --fish --name recipemd.fish $out/completions.fish + + # The version of argcomplete in nixpkgs-stable does not have support for zsh + #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh + #installShellCompletion --zsh --name _recipemd $out/completions.zsh + ''; + + checkInputs = [ + pytestCheckHook + pythonPackages.pytestcov + ]; + + doCheck = true; + + meta = with lib; { + description = "Markdown recipe manager, reference implementation of RecipeMD"; + homepage = "https://recipemd.org"; + license = [ licenses.lgpl3Only ]; + maintainers = [ maintainers.dadada ]; + }; +} From edd3352e3cccde715f0b60fb8a84fb75ef571c4c Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 7 Jan 2024 20:38:39 +0100 Subject: [PATCH 730/988] Update flake inputs --- flake.lock | 71 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 51 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 5ff9084..94df5e8 100644 --- a/flake.lock +++ b/flake.lock @@ -47,19 +47,17 @@ }, "devshell": { "inputs": { + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" - ], - "systems": [ - "systems" ] }, "locked": { - "lastModified": 1701787589, - "narHash": "sha256-ce+oQR4Zq9VOsLoh9bZT8Ip9PaMLcjjBUHVPzW5d7Cw=", + "lastModified": 1704648272, + "narHash": "sha256-zCDhWGl3bVpBKpDZ0p3NuGksZVg69BAChsY5W4KARL4=", "owner": "numtide", "repo": "devshell", - "rev": "44ddedcbcfc2d52a76b64fb6122f209881bd3e1e", + "rev": "f54745fd4aae92443817ddc566ce06572b178b5a", "type": "github" }, "original": { @@ -85,6 +83,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": [ "systems" @@ -132,11 +148,11 @@ ] }, "locked": { - "lastModified": 1703367386, - "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", + "lastModified": 1704099619, + "narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", + "rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851", "type": "github" }, "original": { @@ -200,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1702453208, - "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", + "lastModified": 1704632650, + "narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", + "rev": "c478b3d56969006e015e55aaece4931f3600c1b2", "type": "github" }, "original": { @@ -216,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703068421, - "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", + "lastModified": 1704420045, + "narHash": "sha256-C36QmoJd5tdQ5R9MC1jM7fBkZW9zBUqbUCsgwS6j4QU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", + "rev": "c1be43e8e837b8dbee2b3665a007e761680f0c3d", "type": "github" }, "original": { @@ -235,13 +251,13 @@ "agenix": "agenix", "devshell": "devshell", "flake-registry": "flake-registry", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "home-manager": "home-manager_2", "homePage": "homePage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -260,6 +276,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -267,11 +298,11 @@ ] }, "locked": { - "lastModified": 1702979157, - "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=", + "lastModified": 1704649711, + "narHash": "sha256-+qxqJrZwvZGilGiLQj3QbYssPdYCwl7ejwMImgH7VBQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "2961375283668d867e64129c22af532de8e77734", + "rev": "04f25d7bec9fb29d2c3bacaa48a3304840000d36", "type": "github" }, "original": { From 0412258bf4a488f72e144b98686f1db14f6abc86 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 22 Jan 2024 20:38:12 +0100 Subject: [PATCH 731/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/f54745fd4aae92443817ddc566ce06572b178b5a' (2024-01-07) → 'github:numtide/devshell/83cb93d6d063ad290beee669f4badf9914cc16ec' (2024-01-15) • Updated input 'flake-registry': 'github:NixOS/flake-registry/3f641cbae15d3c74370aa9b97fd0ac478a114305' (2023-08-23) → 'github:NixOS/flake-registry/9c69f7bd2363e71fe5cd7f608113290c7614dcdd' (2024-01-15) • Updated input 'flake-utils': 'github:numtide/flake-utils/4022d587cbbfd70fe950c1e2083a02621806a725' (2023-12-04) → 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15) • Updated input 'home-manager': 'github:nix-community/home-manager/7e398b3d76bc1503171b1364c9d4a07ac06f3851' (2024-01-01) → 'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/246219bc21b943c6f6812bb7744218ba0df08600' (2023-12-04) → 'github:nix-community/nixos-generators/ed8ab00e8d92076a7cac1b428881b4d5304bb771' (2024-01-22) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c478b3d56969006e015e55aaece4931f3600c1b2' (2024-01-07) → 'github:NixOS/nixos-hardware/bee2202bec57e521e3bd8acd526884b9767d7fa0' (2024-01-15) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c1be43e8e837b8dbee2b3665a007e761680f0c3d' (2024-01-05) → 'github:NixOS/nixpkgs/1b64fc1287991a9cce717a01c1973ef86cb1af0b' (2024-01-20) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/04f25d7bec9fb29d2c3bacaa48a3304840000d36' (2024-01-07) → 'github:numtide/treefmt-nix/9d458726fed1cc00e48031bb7214dfa3c16b7a0f' (2024-01-22) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 94df5e8..fcc3236 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1704648272, - "narHash": "sha256-zCDhWGl3bVpBKpDZ0p3NuGksZVg69BAChsY5W4KARL4=", + "lastModified": 1705332421, + "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", "owner": "numtide", "repo": "devshell", - "rev": "f54745fd4aae92443817ddc566ce06572b178b5a", + "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", "type": "github" }, "original": { @@ -69,11 +69,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1692779116, - "narHash": "sha256-erTXdDToRA8whxURoEgBGWj550vcUirO6adEFIjQ0M0=", + "lastModified": 1705308826, + "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=", "owner": "NixOS", "repo": "flake-registry", - "rev": "3f641cbae15d3c74370aa9b97fd0ac478a114305", + "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1704099619, - "narHash": "sha256-QRVMkdxLmv+aKGjcgeEg31xtJEIsYq4i1Kbyw5EPS6g=", + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e398b3d76bc1503171b1364c9d4a07ac06f3851", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1701689616, - "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=", + "lastModified": 1705931262, + "narHash": "sha256-JU8Dn3FeLlpC2aCXDbVH+E9koZYw/r1LW+fofWq87mE=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "246219bc21b943c6f6812bb7744218ba0df08600", + "rev": "ed8ab00e8d92076a7cac1b428881b4d5304bb771", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1704632650, - "narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=", + "lastModified": 1705312285, + "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c478b3d56969006e015e55aaece4931f3600c1b2", + "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704420045, - "narHash": "sha256-C36QmoJd5tdQ5R9MC1jM7fBkZW9zBUqbUCsgwS6j4QU=", + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c1be43e8e837b8dbee2b3665a007e761680f0c3d", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1704649711, - "narHash": "sha256-+qxqJrZwvZGilGiLQj3QbYssPdYCwl7ejwMImgH7VBQ=", + "lastModified": 1705910240, + "narHash": "sha256-Mt29QigQALm2YODaidHHokyNew1TxcRVpBBPV3HifKk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "04f25d7bec9fb29d2c3bacaa48a3304840000d36", + "rev": "9d458726fed1cc00e48031bb7214dfa3c16b7a0f", "type": "github" }, "original": { From 96ec8c0e1ba41d1f76fb88bf9802b6ab69445ae3 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 23 Jan 2024 19:38:05 +0100 Subject: [PATCH 732/988] ninurta: allow flareflo access to fginfo-git and fginfo backups --- nixos/modules/borg-server.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index aec4a13..c1aceeb 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -50,13 +50,20 @@ in }; "fginfo" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ]; + authorizedKeysAppendOnly = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup + ]; path = "${cfg.path}/fginfo"; quota = "50G"; }; "fginfo-git" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ]; + authorizedKeysAppendOnly = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCNSecnVGNPpX2BEvP7EkkHzx46RzJ1L3eaAyIfLYRB flareflo@Dragoncave" # restore from backup + ]; path = "${cfg.path}/fginfo-git"; quota = "50G"; }; From 958dacbac5688b752423392219a8551c03a939c5 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Jan 2024 20:51:55 +0100 Subject: [PATCH 733/988] agares: configure local-data for unbound --- nixos/agares/dns.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index fefcf70..b7eedf8 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -38,6 +38,12 @@ hide-version = true; use-caps-for-id = true; val-permissive-mode = true; + local-data = [ + "agares.bs.dadada.li. 10800 IN A 192.168.101.1" + "ninurta.bs.dadada.li. 10800 IN A 192.168.101.184" + "agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1" + "ninurta.bs.dadada.li. 10800 IN A fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" + ]; local-zone = [ "\"168.192.in-addr.arpa.\" nodefault" "\"d.f.ip6.arpa.\" nodefault" From bcc4d5e189a87412ae2aaf6a725aaab2c4014f27 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Jan 2024 21:16:19 +0100 Subject: [PATCH 734/988] agares: add DNS and NTP options (RA and DHCP) --- nixos/agares/network.nix | 12 ++++++++---- nixos/ninurta/configuration.nix | 16 ++++++++++++++-- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index cd6640f..16ae414 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -10,7 +10,7 @@ in enable = true; links = { "10-persistent" = { - matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; + matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network] linkConfig.MACAddressPolicy = "persistent"; }; }; @@ -90,14 +90,18 @@ in } ]; dhcpServerConfig = { - DNS = "${ipv4Prefix}.${subnetId}.1"; - NTP = "${ipv4Prefix}.${subnetId}.1"; + DNS = "_server_address"; + NTP = "_server_address"; EmitDNS = true; EmitNTP = true; EmitRouter = true; PoolOffset = 100; PoolSize = 100; - SendOption = "12:string:${domain}"; + }; + ipv6SendRAConfig = { + EmitDNS = true; + DNS = "_link_local"; + EmitDomains = true; # takes search domains from the [Network] }; linkConfig = { RequiredForOnline = "no"; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 3b0ef2d..d85cb18 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -279,14 +279,26 @@ in "10-lan" = { matchConfig.Name = "enp*"; networkConfig.DHCP = "ipv4"; + networkConfig.Domains = [ "bs.dadada.li" ]; networkConfig.VLAN = [ "backup" ]; networkConfig.IPv6PrivacyExtensions = false; linkConfig.RequiredForOnline = "routable"; + dhcpV4Config = { + UseDomains = true; + UseDNS = true; + UseNTP = true; + }; + ipv6AcceptRAConfig = { + UseDomains = true; + UseDNS = true; + }; }; "20-backup" = { matchConfig.Name = "backup"; - networkConfig.DHCP = "ipv4"; - networkConfig.IPv6PrivacyExtensions = false; + networkConfig = { + DHCP = "ipv4"; + IPv6PrivacyExtensions = false; + }; linkConfig.RequiredForOnline = false; }; "10-hydra" = { From c67b7529751f05204cdee24220073ab0c420bc9a Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Jan 2024 22:21:46 +0100 Subject: [PATCH 735/988] agares: fix local-data --- nixos/agares/dns.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index b7eedf8..2390389 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -39,10 +39,10 @@ use-caps-for-id = true; val-permissive-mode = true; local-data = [ - "agares.bs.dadada.li. 10800 IN A 192.168.101.1" - "ninurta.bs.dadada.li. 10800 IN A 192.168.101.184" - "agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1" - "ninurta.bs.dadada.li. 10800 IN A fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" + "\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\"" + "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\"" + "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\"" + "\"ninurta.bs.dadada.li. 10800 IN A fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" ]; local-zone = [ "\"168.192.in-addr.arpa.\" nodefault" From 47234f72bbf31e1eb4717981d547f87ccf688751 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Jan 2024 22:43:49 +0100 Subject: [PATCH 736/988] agares: fixup --- nixos/agares/dns.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index 2390389..bde100c 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -42,7 +42,7 @@ "\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\"" "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\"" "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\"" - "\"ninurta.bs.dadada.li. 10800 IN A fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" + "\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" ]; local-zone = [ "\"168.192.in-addr.arpa.\" nodefault" From d6583b24fcfcc9e60dd46f85ba9566915472dbe2 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 24 Jan 2024 23:22:45 +0100 Subject: [PATCH 737/988] agares: roadw interface addresses --- nixos/agares/network.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 16ae414..3a79892 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -221,9 +221,9 @@ in }; "10-roadw" = { matchConfig.Name = "roadw"; - address = [ - "${ipv4Prefix}.120.1/32" - "${ulaPrefix}:120::1/128" + addresses = [ + { addressConfig.Address = "${ipv4Prefix}.120.1/24"; } + { addressConfig.Address = "${ulaPrefix}:120::1/64"; } ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; From d81fee6842a1dc5e803383d3a0e8dca6738768c1 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 25 Jan 2024 18:45:27 +0100 Subject: [PATCH 738/988] fix naming of roadwarrior interface --- nixos/agares/rules.nft | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft index b531759..ca574d7 100644 --- a/nixos/agares/rules.nft +++ b/nixos/agares/rules.nft @@ -9,7 +9,7 @@ define IF_SRV = "srv.13" # Modem uses this for internet uplink via our WAN define IF_MODEM = "enp2s0" -define IF_ROADW = "roadwarrior" +define IF_ROADW = "roadw" table inet filter { # Will give "no such file or directory if hardware does not support flow offloading" From bc82597d05e55e53d7216a0ac7e27450d3285659 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 25 Jan 2024 18:55:49 +0100 Subject: [PATCH 739/988] agares: fix listening range of DNS server --- nixos/agares/dns.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index bde100c..075859d 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -8,10 +8,7 @@ access-control = [ "127.0.0.0/8 allow" "127.0.0.1/32 allow_snoop" - "192.168.100.0/24 allow" - "192.168.101.0/24 allow" - "192.168.102.0/24 allow" - "192.168.103.0/24 allow" + "192.168.96.0/19 allow" "192.168.1.0/24 allow" "172.16.128.0/24 allow" "::1/128 allow_snoop" @@ -23,11 +20,14 @@ "192.168.100.1" "192.168.101.1" "192.168.102.1" + "192.168.103.1" + "192.168.120.1" "::1" "fd42:9c3b:f96d:100::1" "fd42:9c3b:f96d:101::1" "fd42:9c3b:f96d:102::1" "fd42:9c3b:f96d:103::1" + "fd42:9c3b:f96d:120::1" ]; prefer-ip6 = true; prefetch = true; From c139794af5819954905fd8b6c487617e3392100c Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 29 Jan 2024 18:36:18 +0100 Subject: [PATCH 740/988] agares: fix traffic shaping bandwidth on inbound traffic via ppp0 --- nixos/agares/network.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 3a79892..1f45e28 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -169,7 +169,7 @@ in extraConfig = '' [CAKE] OverheadBytes = 65 - Bandwidth = 40M + Bandwidth = 100M FlowIsolationMode = triple ''; }; From f93fc7abdcf132d087002cc1c611ace326288691 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 29 Jan 2024 19:12:40 +0100 Subject: [PATCH 741/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/ed8ab00e8d92076a7cac1b428881b4d5304bb771' (2024-01-22) → 'github:nix-community/nixos-generators/896f6589db5b25023b812bbb6c1f5d3a499b1132' (2024-01-24) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/bee2202bec57e521e3bd8acd526884b9767d7fa0' (2024-01-15) → 'github:NixOS/nixos-hardware/f84eaffc35d1a655e84749228cde19922fcf55f1' (2024-01-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1b64fc1287991a9cce717a01c1973ef86cb1af0b' (2024-01-20) → 'github:NixOS/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/9d458726fed1cc00e48031bb7214dfa3c16b7a0f' (2024-01-22) → 'github:numtide/treefmt-nix/c6153c2a3ff4c38d231e3ae99af29b87f1df5901' (2024-01-28) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index fcc3236..c2ad418 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1705931262, - "narHash": "sha256-JU8Dn3FeLlpC2aCXDbVH+E9koZYw/r1LW+fofWq87mE=", + "lastModified": 1706085261, + "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ed8ab00e8d92076a7cac1b428881b4d5304bb771", + "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1705312285, - "narHash": "sha256-rd+dY+v61Y8w3u9bukO/hB55Xl4wXv4/yC8rCGVnK5U=", + "lastModified": 1706182238, + "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "bee2202bec57e521e3bd8acd526884b9767d7fa0", + "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1706373441, + "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1705910240, - "narHash": "sha256-Mt29QigQALm2YODaidHHokyNew1TxcRVpBBPV3HifKk=", + "lastModified": 1706462057, + "narHash": "sha256-7dG1D4iqqt0bEbBqUWk6lZiSqqwwAO0Hd1L5opVyhNM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9d458726fed1cc00e48031bb7214dfa3c16b7a0f", + "rev": "c6153c2a3ff4c38d231e3ae99af29b87f1df5901", "type": "github" }, "original": { From 6d11ae845d5a4ab8d8ce73bd67fa7753fa0fdfd2 Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 30 Jan 2024 18:58:32 +0100 Subject: [PATCH 742/988] agares: set RTT for CAKE --- nixos/agares/network.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 1f45e28..f0950e2 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -118,6 +118,7 @@ in [CAKE] OverheadBytes = 38 Bandwidth = 1G + RTT = lan ''; }; in @@ -171,6 +172,7 @@ in OverheadBytes = 65 Bandwidth = 100M FlowIsolationMode = triple + RTT = internet ''; }; @@ -191,6 +193,7 @@ in Bandwidth = 40M FlowIsolationMode = triple NAT=true + RTT = internet [DHCPv6] PrefixDelegationHint= ::/56 From 10d4ac31e62a4727f3b26ce47f4435862361beab Mon Sep 17 00:00:00 2001 From: dadada Date: Tue, 30 Jan 2024 21:19:52 +0100 Subject: [PATCH 743/988] home: remove gnucash --- home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 3bd0007..9d5c158 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -37,7 +37,6 @@ with pkgs; [ glow glow # render markdown gnome.gnome-tweaks - gnucash gnumake gnupg gping # ping with graphs From afe89df208e70eb817205b39dd20a5b7983b2bbb Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 31 Jan 2024 19:04:50 +0100 Subject: [PATCH 744/988] ninurta: enable libvirtd --- nixos/ninurta/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index d85cb18..ae147d9 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -463,6 +463,8 @@ in password = "media"; }; + virtualization.libvirtd.enable = true; + documentation.enable = true; documentation.nixos.enable = true; From 687c6fb15726df703c7db1940a2672caafbb8b0f Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 31 Jan 2024 19:08:43 +0100 Subject: [PATCH 745/988] flake: remove override for non-existant input --- flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake.nix b/flake.nix index 45af302..81b24d4 100644 --- a/flake.nix +++ b/flake.nix @@ -23,7 +23,6 @@ devshell = { url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.systems.follows = "systems"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; From ddf470a8beb8cdb9d01d05e807caad050d4c10a9 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 31 Jan 2024 19:10:36 +0100 Subject: [PATCH 746/988] ninurta: fix typo --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index ae147d9..508695e 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -463,7 +463,7 @@ in password = "media"; }; - virtualization.libvirtd.enable = true; + virtualisation.libvirtd.enable = true; documentation.enable = true; documentation.nixos.enable = true; From c66a0f847caa7b02f7e81a770b06ccccbb1bb591 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 3 Feb 2024 21:17:13 +0100 Subject: [PATCH 747/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/10cd9c53115061aa6a0a90aad0b0dde6a999cdb9' (2024-01-19) → 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/f84eaffc35d1a655e84749228cde19922fcf55f1' (2024-01-25) → 'github:NixOS/nixos-hardware/83e571bb291161682b9c3ccd48318f115143a550' (2024-02-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/56911ef3403a9318b7621ce745f5452fb9ef6867' (2024-01-27) → 'github:NixOS/nixpkgs/25e3d4c0d3591c99929b1ec07883177f6ea70c9d' (2024-02-01) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index c2ad418..3dc374b 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1705659542, - "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1706182238, - "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=", + "lastModified": 1706834982, + "narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1", + "rev": "83e571bb291161682b9c3ccd48318f115143a550", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706373441, - "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=", + "lastModified": 1706826059, + "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867", + "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d", "type": "github" }, "original": { From 0b874cf25282fe5593321a8957b75d8bfb12ea21 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Feb 2024 17:39:40 +0100 Subject: [PATCH 748/988] ninurta: monitoring with munin --- nixos/agares/configuration.nix | 8 ++++++++ nixos/ninurta/configuration.nix | 2 ++ nixos/ninurta/monitoring.nix | 28 ++++++++++++++++++++++++++++ nixos/surgat/configuration.nix | 9 +++++++++ 4 files changed, 47 insertions(+) create mode 100644 nixos/ninurta/monitoring.nix diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index edf7e9e..4e553e4 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -82,6 +82,14 @@ tcpdump ]; + services.munin-node = { + enable = true; + extraConfig = '' + host_name ${config.networking.hostName} + cidr_allow 192.168.101.184/32 + ''; + }; + # Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal. system.autoUpgrade.allowReboot = false; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 508695e..00b1c26 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -18,6 +18,7 @@ in ../modules/profiles/server.nix ./hardware-configuration.nix ./printing.nix + ./monitoring.nix ]; services.soft-serve = { @@ -377,6 +378,7 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH + 80 # munin web 631 # Printing 3000 # Hydra softServePort diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix new file mode 100644 index 0000000..f582b7f --- /dev/null +++ b/nixos/ninurta/monitoring.nix @@ -0,0 +1,28 @@ +{ config, ... }: +{ + services.nginx.enable = true; + services.nginx.virtualHosts."ninurta.bs.dadada.li" = { + addSSL = false; + enableACME = false; + root = "/var/www/munin/"; + locations = { + "/" = { + root = "/var/www/munin/"; + }; + }; + }; + services.munin-cron = { + enable = true; + hosts = '' + [${config.networking.hostName}] + address localhost + + [surgat] + address 10.3.3.1 + + [agares] + address 192.168.101.1 + ''; + }; + services.munin-node.enable = true; +} diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index ee710da..937afa4 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -123,6 +123,7 @@ in 22 # SSH 80 443 # HTTPS + 4949 # munin-node ]; allowedUDPPorts = [ 51234 # Wireguard @@ -150,5 +151,13 @@ in services.postgresql.package = pkgs.postgresql_15; + services.munin-node = { + enable = true; + extraConfig = '' + host_name surgat + cidr_allow 10.3.3.3/32 + ''; + }; + system.stateVersion = "23.05"; } From c0e9239f199e8a947bad3b8fc78c2c61a18cf5f8 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 4 Feb 2024 18:26:17 +0100 Subject: [PATCH 749/988] ninurta: fix formatting --- nixos/ninurta/monitoring.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix index f582b7f..552dc4d 100644 --- a/nixos/ninurta/monitoring.nix +++ b/nixos/ninurta/monitoring.nix @@ -12,7 +12,7 @@ }; }; services.munin-cron = { - enable = true; + enable = true; hosts = '' [${config.networking.hostName}] address localhost From d920884e63a7ce7073d152e79ce34eed6f1f0859 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Feb 2024 18:28:59 +0100 Subject: [PATCH 750/988] helix: fix reflow --- home/modules/helix/config/config.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 94d8b3c..9657e4c 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -9,5 +9,4 @@ auto-completion = true enable = true [keys.normal] -C-q = [ "goto_prev_paragraph", "goto_next_paragraph", ":reflow 80" ] - +C-q = [ ":reflow 80" ] From 6bea52d957685c4c0383f5e8d66693e283c3ef99 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Feb 2024 18:29:24 +0100 Subject: [PATCH 751/988] home: add h --- home/modules/zsh.nix | 1 + home/pkgs.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 187822c..5e054b7 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -34,6 +34,7 @@ in source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh + eval "$(${pkgs.h}/bin/h --setup ~/src)" bindkey -e '^n' autosuggest-accept diff --git a/home/pkgs.nix b/home/pkgs.nix index 9d5c158..24fc9ea 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -43,6 +43,7 @@ with pkgs; [ graphviz grim gron # make json grepable + h # Manage git repos hexyl # hex viewer htop http-prompt From 870b18fa1f77c1e3cf6f02fb69eff3fa28fc88d4 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 10 Feb 2024 18:44:52 +0100 Subject: [PATCH 752/988] pkgs: remove ultimate plumber --- home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 24fc9ea..76c8ca8 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -130,7 +130,6 @@ with pkgs; [ tmux ttyd unzip - up # ultimate-plumber, interactive pipes usbutils virt-manager viu # view images from the terminal From afed0d7701f36ee4e71aa3c6ff862a457dc9deca Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Feb 2024 21:59:06 +0100 Subject: [PATCH 753/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/896f6589db5b25023b812bbb6c1f5d3a499b1132' (2024-01-24) → 'github:nix-community/nixos-generators/0aa24e93f75370454f0e03747b6836ac2a2c9fca' (2024-02-14) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/83e571bb291161682b9c3ccd48318f115143a550' (2024-02-02) → 'github:NixOS/nixos-hardware/106d3fec43bcea19cb2e061ca02531d54b542ce3' (2024-02-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/25e3d4c0d3591c99929b1ec07883177f6ea70c9d' (2024-02-01) → 'github:NixOS/nixpkgs/1d1817869c47682a6bee85b5b0a6537b6c0fba26' (2024-02-16) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/c6153c2a3ff4c38d231e3ae99af29b87f1df5901' (2024-01-28) → 'github:numtide/treefmt-nix/ac599dab59a66304eb511af07b3883114f061b9d' (2024-02-07) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 3dc374b..2fcb95d 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1706085261, - "narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=", + "lastModified": 1707873059, + "narHash": "sha256-simzllUEmzVqmQogcGCorfIbJpodAhgGSr6vuFtd4XQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132", + "rev": "0aa24e93f75370454f0e03747b6836ac2a2c9fca", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1706834982, - "narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=", + "lastModified": 1708091350, + "narHash": "sha256-o28BJYi68qqvHipT7V2jkWxDiMS1LF9nxUsou+eFUPQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "83e571bb291161682b9c3ccd48318f115143a550", + "rev": "106d3fec43bcea19cb2e061ca02531d54b542ce3", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706826059, - "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=", + "lastModified": 1708105575, + "narHash": "sha256-sS4AItZeUnAei6v8FqxNlm+/27MPlfoGym/TZP0rmH0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d", + "rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1706462057, - "narHash": "sha256-7dG1D4iqqt0bEbBqUWk6lZiSqqwwAO0Hd1L5opVyhNM=", + "lastModified": 1707300477, + "narHash": "sha256-qQF0fEkHlnxHcrKIMRzOETnRBksUK048MXkX0SOmxvA=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c6153c2a3ff4c38d231e3ae99af29b87f1df5901", + "rev": "ac599dab59a66304eb511af07b3883114f061b9d", "type": "github" }, "original": { From bb80b9942be68d17997be1c3d5d4403d502c6cb5 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 17 Feb 2024 23:28:28 +0100 Subject: [PATCH 754/988] Update git config --- home/modules/git.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index 778671d..9476ac0 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -56,21 +56,37 @@ in colorMoved = "default"; }; interactive.diffFilter = "delta --color-only"; - merge.conflictstyle = "diff3"; + merge = { + conflictstyle = "zdiff3"; + keepbackup = false; + tool = "meld"; + }; status = { short = true; branch = true; showUntrackedFiled = "all"; }; log.date = "iso8601-local"; + fetch.prune = true; pull = { prune = true; ff = "only"; rebase = "interactive"; }; - push.default = "upstream"; - rebase.abbreviateCommands = true; + push = { + default = "current"; + autoSetupRemote = true; + }; + rebase = { + abbreviateCommands = true; + # Automatically force-update any branches that point to commits that are being rebased. + updateRefs = true; + }; rerere.enabled = true; + transfer.fsckobjects = true; + fetch.fsckobjects = true; + receive.fsckObjects = true; + branch.sort = "-committerdate"; }; }; From a7c4a7f06440c74668adc25f6d2e1633bde5d659 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Mar 2024 11:17:53 +0100 Subject: [PATCH 755/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/83cb93d6d063ad290beee669f4badf9914cc16ec' (2024-01-15) → 'github:numtide/devshell/5ddecd67edbd568ebe0a55905273e56cc82aabe3' (2024-02-26) • Updated input 'flake-utils': 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15) → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/0aa24e93f75370454f0e03747b6836ac2a2c9fca' (2024-02-14) → 'github:nix-community/nixos-generators/2c9562e7624fa1b50983fc18d504bf86202bef49' (2024-02-29) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/f5af57d3ef9947a70ac86e42695231ac1ad00c25' (2023-09-03) → 'github:nix-community/nixpkgs.lib/479831ed8b3c9c7b80533999f880c7d0bf6a491b' (2024-02-25) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/106d3fec43bcea19cb2e061ca02531d54b542ce3' (2024-02-16) → 'github:NixOS/nixos-hardware/33a97b5814d36ddd65ad678ad07ce43b1a67f159' (2024-02-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1d1817869c47682a6bee85b5b0a6537b6c0fba26' (2024-02-16) → 'github:NixOS/nixpkgs/79baff8812a0d68e24a836df0a364c678089e2c7' (2024-03-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/ac599dab59a66304eb511af07b3883114f061b9d' (2024-02-07) → 'github:numtide/treefmt-nix/093f82e5707bb6f14ee38a742748f9fb4ab1488e' (2024-03-02) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 2fcb95d..fc78911 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1705332421, - "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", + "lastModified": 1708939976, + "narHash": "sha256-O5+nFozxz2Vubpdl1YZtPrilcIXPcRAjqNdNE8oCRoA=", "owner": "numtide", "repo": "devshell", - "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", + "rev": "5ddecd67edbd568ebe0a55905273e56cc82aabe3", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1693701915, - "narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=", + "lastModified": 1708821942, + "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25", + "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1707873059, - "narHash": "sha256-simzllUEmzVqmQogcGCorfIbJpodAhgGSr6vuFtd4XQ=", + "lastModified": 1709226763, + "narHash": "sha256-GlJ7g2srrtx6s5P2uswZ6Zcpy2u90tomIx+Gstlk97s=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "0aa24e93f75370454f0e03747b6836ac2a2c9fca", + "rev": "2c9562e7624fa1b50983fc18d504bf86202bef49", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1708091350, - "narHash": "sha256-o28BJYi68qqvHipT7V2jkWxDiMS1LF9nxUsou+eFUPQ=", + "lastModified": 1709147990, + "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "106d3fec43bcea19cb2e061ca02531d54b542ce3", + "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708105575, - "narHash": "sha256-sS4AItZeUnAei6v8FqxNlm+/27MPlfoGym/TZP0rmH0=", + "lastModified": 1709309926, + "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d1817869c47682a6bee85b5b0a6537b6c0fba26", + "rev": "79baff8812a0d68e24a836df0a364c678089e2c7", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1707300477, - "narHash": "sha256-qQF0fEkHlnxHcrKIMRzOETnRBksUK048MXkX0SOmxvA=", + "lastModified": 1709373438, + "narHash": "sha256-F/Vieen5x2nf05KJ5AitoE/GSB0FU2jMffSM8bHSuBs=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ac599dab59a66304eb511af07b3883114f061b9d", + "rev": "093f82e5707bb6f14ee38a742748f9fb4ab1488e", "type": "github" }, "original": { From cfe49c73fc5e60222619df22edf5a235e8708c8b Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Mar 2024 11:36:22 +0100 Subject: [PATCH 756/988] home: remove unsused modules --- home/modules/default.nix | 5 - home/modules/fish.nix | 85 ---------- home/modules/kitty/config | 62 -------- home/modules/kitty/default.nix | 20 --- home/modules/mako.nix | 37 ----- home/modules/sway/config | 283 --------------------------------- home/modules/sway/default.nix | 45 ------ home/modules/termite.nix | 68 -------- 8 files changed, 605 deletions(-) delete mode 100644 home/modules/fish.nix delete mode 100644 home/modules/kitty/config delete mode 100644 home/modules/kitty/default.nix delete mode 100644 home/modules/mako.nix delete mode 100644 home/modules/sway/config delete mode 100644 home/modules/sway/default.nix delete mode 100644 home/modules/termite.nix diff --git a/home/modules/default.nix b/home/modules/default.nix index 093c10b..b1f117d 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -2,19 +2,14 @@ alacritty = import ./alacritty; colors = import ./colors.nix; direnv = import ./direnv.nix; - fish = import ./fish.nix; git = import ./git.nix; gpg = import ./gpg.nix; gtk = import ./gtk.nix; helix = import ./helix; keyring = import ./keyring.nix; - kitty = import ./kitty; - mako = import ./mako.nix; session = import ./session.nix; ssh = import ./ssh.nix; - sway = import ./sway; syncthing = import ./syncthing.nix; - termite = import ./termite.nix; tmux = import ./tmux.nix; xdg = import ./xdg.nix; zsh = import ./zsh.nix; diff --git a/home/modules/fish.nix b/home/modules/fish.nix deleted file mode 100644 index 6a852bd..0000000 --- a/home/modules/fish.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: -with lib; let - cfg = config.dadada.home.fish; -in -{ - options.dadada.home.fish = { - enable = mkEnableOption "Enable fish config"; - }; - - config = mkIf cfg.enable { - programs.fish = { - enable = true; - plugins = with pkgs; [ - { - name = "fzf"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "fzf"; - rev = "c3defd4a922e97120503b45e26efa775bc672b50"; - sha256 = "1k5b0nva0mbqc9830qhbcwxsi8d9b2p4ws1fq0bw9nkf2ripyp4p"; - }; - } - ]; - interactiveShellInit = '' - # fish git prompt - set __fish_git_prompt_show_informative_status 'yes' - set __fish_git_prompt_showdirtystate 'yes' - set __fish_git_prompt_showstashstate 'yes' - set __fish_git_prompt_showuntrackedfiles 'yes' - set __fish_git_prompt_showupstream 'yes' - set __fish_git_prompt_showcolorhints 'yes' - - set fish_greeting - - # disable path shortening - set fish_prompt_pwd_dir_length 0 - - set -U FZF_LEGACY_KEYBINDINGS 0 - set -x TERM xterm-256color - set -U fish_user_paths ~/bin $fish_user_paths - - #if status is-interactive - #and not status is-login - #and not set -q TMUX - #and string match -qr "^xterm-.*" "$TERM" - # exec tmux - #end - ''; - promptInit = '' - function fish_prompt - set last_status $status - printf '%s %s:%s ' \ - (set_color red - echo $last_status) \ - (set_color green - hostname) \ - (set_color blue - prompt_pwd) - set_color normal - end - - function fish_right_prompt - printf '%s' (__fish_git_prompt) - end - ''; - shellAliases = { - gst = "git status"; - gco = "git commit"; - glo = "git log"; - gad = "git add"; - ls = "exa"; - ll = "exa -l"; - la = "exa -la"; - mv = "mv -i"; - cp = "cp -i"; - }; - }; - - home.packages = [ pkgs.eza ]; - }; -} diff --git a/home/modules/kitty/config b/home/modules/kitty/config deleted file mode 100644 index 4c73ef6..0000000 --- a/home/modules/kitty/config +++ /dev/null @@ -1,62 +0,0 @@ -font_family monospace -font_size 9 -bold_font auto -italic_font auto -bold_italic_font auto -copy_on_select no -clipboard_control no-append write-clipboard read-clipboard -allow_hyperlinks yes -detect_urls yes -strip_trailing_spaces never -window_alert_on_bell yes -enable_audio_bell yes -bell_on_tab yes -tab_bar_style hide -scrollback_lines 20000 - -map ctrl+shift+v no_op -map ctrl+shift+c no_op - -background #1f2022 -foreground #a3a3a3 -selection_background #a3a3a3 -selection_foreground #1f2022 -url_color #b8b8b8 -cursor #a3a3a3 -active_border_color #585858 -inactive_border_color #282828 -active_tab_background #1f2022 -active_tab_foreground #a3a3a3 -inactive_tab_background #282828 -inactive_tab_foreground #b8b8b8 -tab_bar_background #282828 - -# normal -color0 #1f2022 -color1 #f2241f -color2 #67b11d -color3 #b1951d -color4 #4f97d7 -color5 #a31db1 -color6 #2d9574 -color7 #a3a3a3 - -# bright -color8 #585858 -color9 #f2241f -color10 #67b11d -color11 #b1951d -color12 #4f97d7 -color13 #a31db1 -color14 #2d9574 -color15 #f8f8f8 - -# extended base16 colors -color16 #ffa500 -color17 #b03060 -color18 #282828 -color19 #444155 -color20 #b8b8b8 -color21 #e8e8e8 - -#shell tmux diff --git a/home/modules/kitty/default.nix b/home/modules/kitty/default.nix deleted file mode 100644 index 982d938..0000000 --- a/home/modules/kitty/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs -, lib -, config -, ... -}: -with lib; let - cfg = config.dadada.home.kitty; -in -{ - options.dadada.home.kitty = { - enable = mkEnableOption "Enable kitty config"; - }; - config = mkIf cfg.enable { - programs.kitty = { - enable = true; - extraConfig = builtins.readFile ./config; - }; - home.packages = [ pkgs.source-code-pro ]; - }; -} diff --git a/home/modules/mako.nix b/home/modules/mako.nix deleted file mode 100644 index 7fd49b6..0000000 --- a/home/modules/mako.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config -, lib -, pkgs -, colors -, ... -}: -with lib; let - cfg = config.dadada.home.mako; -in -{ - options.dadada.home.mako = { - enable = mkEnableOption "Enable mako config"; - }; - config = mkIf cfg.enable { - programs.mako = { - enable = true; - anchor = "bottom-right"; - backgroundColor = colors.color8; - borderColor = colors.color0; - #defaultTimeout = -1; - font = "Source Code Pro 10"; - format = ''%a %s\n%b''; - height = 100; - #groupBy = "app-name"; - icons = false; - ignoreTimeout = false; - layer = "overlay"; - margin = "0,0,0"; - maxVisible = 200; - padding = "0"; - progressColor = colors.color4; - sort = "+time"; - textColor = colors.foreground; - width = 400; - }; - }; -} diff --git a/home/modules/sway/config b/home/modules/sway/config deleted file mode 100644 index c72960a..0000000 --- a/home/modules/sway/config +++ /dev/null @@ -1,283 +0,0 @@ -set $foreground #a3a3a3ff -set $background #1f2022e5 -set $dark_black #1f2022ff -set $light_black #282828ff -set $dark_red #444155ff -set $light_red #585858ff -set $dark_green #b8b8b8ff -set $light_green #a3a3a3ff -set $dark_yellow #e8e8e8ff -set $light_yellow #f8f8f8ff -set $dark_blue #f2241fff -set $light_blue #ffa500ff -set $dark_magenta #b1951dff -set $light_magenta #67b11dff -set $dark_cyan #2d9574ff -set $light_cyan #4f97d7ff -set $dark_white #a31db1ff -set $light_white #b03060ff - -xwayland enable - -# global modifier key -set $mod Mod4 - -# reload the configuration file -bindsym $mod+Shift+c reload - -# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) -bindsym $mod+Shift+r restart - -# the font to be used for i3bar and window decorations -font pango:Source Code Pro 8 - -bindsym $mod+Return exec alacritty -bindsym $mod+Space exec bemenu-run - -# switch keyboard to neo -#bindsym $mod+F1 exec neo-key -#bindsym $mod+F2 exec eu-key - -# kill focused window -bindsym $mod+Shift+q kill - -# toggle moving floating windows with the mouse -floating_modifier $mod - -# toggle tiling / floating -bindsym $mod+Shift+f floating toggle - -# resize window (you can also use the mouse for that) -mode "resize" { - # resize windows with hjkl - bindsym h resize shrink width 10 px or 10 ppt - bindsym j resize grow height 10 px or 10 ppt - bindsym k resize shrink height 10 px or 10 ppt - bindsym l resize grow width 10 px or 10 ppt - - # back to normal mode - bindsym Return mode "default" - bindsym Escape mode "default" -} - -# switch to resize mode -bindsym $mod+r mode "resize" - -# set border width of new window -default_border pixel 1 - -# keep focus within current container? -focus_wrapping no - -# focus goes to window if mouse is moved onto it -focus_follows_mouse yes - -# enter fullscreen mode for the focused container -bindsym $mod+o fullscreen - -# default orientation of new windows -default_orientation horizontal - -# split in horizontal orientation -bindsym $mod+b split h - -# split in vertical orientation -bindsym $mod+shift+b split v - -# change container layout (stacked, tabbed, toggle split) -bindsym $mod+x layout toggle all - -# name workspaces -set $1 1 -set $2 2 -set $3 3 -set $4 4 -set $5 5 -set $6 6 -set $7 7 -set $8 8 -set $9 9 -set $10 10 - -# default mode -workspace_layout tabbed - -# automatically jump back to previous workspace -workspace_auto_back_and_forth yes - -# messaging -#workspace 2 output LVDS-1 - -# web and doc -#workspace 1 output VGA-1 - -# editor and IDE -#workspace 3 output DP-2 - -# change focus -bindsym $mod+h focus left -bindsym $mod+j focus down -bindsym $mod+k focus up -bindsym $mod+l focus right - -# focus latest urgent window -bindsym $mod+Shift+1 [urgent=latest] focus - -# focus the parent container -bindsym $mod+Up focus parent - -# focus the child container -bindsym $mod+Down focus child - -# focus tiling/floating -bindsym $mod+f focus mode_toggle - -# focus workspace -bindsym $mod+1 workspace number $1 -bindsym $mod+2 workspace number $2 -bindsym $mod+3 workspace number $3 -bindsym $mod+4 workspace number $4 -bindsym $mod+5 workspace number $5 -bindsym $mod+6 workspace number $6 -bindsym $mod+7 workspace number $7 -bindsym $mod+8 workspace number $8 -bindsym $mod+9 workspace number $9 -bindsym $mod+0 workspace number $10 -bindsym $mod+n workspace next_on_output -bindsym $mod+p workspace prev_on_output - -# focus different outputs (displays) -bindsym $mod+shift+h focus output left -bindsym $mod+shift+j focus output down -bindsym $mod+shift+k focus output up -bindsym $mod+shift+l focus output right - -# show the first scratchpad window -bindsym $mod+minus scratchpad show - -set $mode_move "move" -bindsym $mod+m mode "$mode_move" - -mode "$mode_move" { - - # move focused container - bindsym h move left ;mode "default" - bindsym j move down ;mode "default" - bindsym k move up ;mode "default" - bindsym l move right;mode "default" - bindsym 1 move container to workspace number $1 ;mode "default" - bindsym 2 move container to workspace number $2 ;mode "default" - bindsym 3 move container to workspace number $3 ;mode "default" - bindsym 4 move container to workspace number $4 ;mode "default" - bindsym 5 move container to workspace number $5 ;mode "default" - bindsym 6 move container to workspace number $6 ;mode "default" - bindsym 7 move container to workspace number $7 ;mode "default" - bindsym 8 move container to workspace number $8 ;mode "default" - bindsym 9 move container to workspace number $9 ;mode "default" - bindsym 0 move container to workspace number $10 ;mode "default" - bindsym n move container to workspace next_on_output;mode "default" - bindsym p move container to workspace prev_on_output;mode "default" - - # move focused workspace to output - bindsym shift+h move workspace to output left ; mode "default" - bindsym shift+j move workspace to output down ; mode "default" - bindsym shift+k move workspace to output up ; mode "default" - bindsym shift+l move workspace to output right ; mode "default" - bindsym shift+n move container to output next ; mode "default" - bindsym shift+p move container to output prev ; mode "default" - - # make the currently focused window a scratchpad - bindsym minus move scratchpad; mode "default" - - # Move container to the current position of the cursor - bindsym m move position mouse; mode "default" - - bindsym Escape mode "default" -} - -# lock the screen -bindsym $mod+equal exec lock-session - -# control volume -bindsym --locked XF86AudioRaiseVolume exec amixer set 'Master' 5%+ && pkill -RTMIN+10 i3blocks -bindsym --locked XF86AudioLowerVolume exec amixer set 'Master' 5%- && pkill -RTMIN+10 i3blocks -bindsym --locked XF86AudioMute exec amixer set Master toggle && pkill -RTMIN+10 i3blocks -bindsym --locked --to-code XF86AudioMicMute exec --no-startup-id pactl set-source-mute 1 toggle - -# control media player -bindsym --locked XF86AudioPlay exec playerctl play-pause && pkill -RTMIN+11 i3blocks -bindsym --locked XF86LaunchA exec playerctl play-pause && pkill -RTMIN+11 i3blocks -bindsym --locked XF86AudioNext exec playerctl next && pkill -RTMIN+11 i3blocks -bindsym --locked XF86Explorer exec playerctl next && pkill -RTMIN+11 i3blocks -bindsym --locked XF86AudioPrev exec playerctl previous && pkill -RTMIN+11 i3blocks -bindsym --locked XF86Search exec playerctl previous && pkill -RTMIN+11 i3blocks - -# control screen brightness -bindsym --locked XF86MonBrightnessUp exec brightnessctl set -d intel_backlight +5% -bindsym --locked XF86MonBrightnessDown exec brightnessctl set -d intel_backlight 5%- - -# Basic bar configuration using the Base16 variables. -bar { - id bar - status_command i3status - mode dock - modifier $mod - position bottom - strip_workspace_numbers yes - workspace_buttons yes - #output LVDS-1 - - colors { - background $background - separator $light_green - statusline $foreground - - # State Border BG Text - focused_workspace $light_black $dark_cyan $background - active_workspace $light_black $dark_green $background - inactive_workspace $dark_black $background $foreground - urgent_workspace $light_black $dark_red $background - binding_mode $light_black $dark_magenta $background - } -} - -#hide_edge_borders both -bindsym XF86Launch1 exec aplay ~/lib/sounds/wortwitzklingel-mono.wav - -# Basic color configuration using the Base16 variables for windows and borders. -# Property Name Border BG Text Indicator Child Border -client.focused $light_black $dark_cyan $background $dark_cyan $dark_cyan -client.focused_inactive $light_black $dark_green $background $dark_green $dark_green -client.unfocused $light_black $background $foreground $dark_white $dark_white -client.urgent $light_black $dark_red $background $dark_red $dark_red -client.placeholder $light_black $dark_magenta $background $dark_magenta $dark_magenta - -input * { - xkb_layout eu - xkb_model pc105+inet - xkb_options caps:escape - natural_scroll enabled -} - -input 2:7:SynPS/2_Synaptics_TouchPad { - # disables the input device - events disabled -} - -seat * { - hide_cursor 5000 -} - -assign [app_id="thunderbird"] workspace 1 -assign [app_id="telegramdesktop"] workspace 1 -assign [app_id="firefox" title="Riot.*"] workspace 1 -assign [app_id="firefox" title="Instant messaging.*"] workspace 1 -assign [app_id="firefox" title="Threema Web.*"] workspace 1 -assign [app_id="firefox" title="chaos\.social.*"] workspace 1 -assign [app_id="thunderbird" title="Write:.*"] workspace 3 -assign [app_id="firefox"] workspace 2 -assign [app_id="jetbrains-studio"] workspace 3 -assign [app_id="org.keepassxc.KeePassXC"] workspace 10 - -exec xset s off -exec mako diff --git a/home/modules/sway/default.nix b/home/modules/sway/default.nix deleted file mode 100644 index 0f99485..0000000 --- a/home/modules/sway/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config -, pkgs -, lib -, colors -, ... -}: -with lib; let - cfg = config.dadada.home.sway; -in -{ - options.dadada.home.sway = { - enable = mkEnableOption "Enable Sway config"; - }; - config = mkIf cfg.enable { - home.packages = with pkgs; [ - qt5.qtwayland - swayidle - xwayland - mako - kanshi - kitty - i3status - bemenu - xss-lock - swaylock - brightnessctl - playerctl - ]; - - wayland.windowManager.sway = { - enable = true; - config = null; - extraConfig = builtins.readFile ./config; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - # needs qt5.qtwayland in systemPackages - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - # Fix for some Java AWT applications (e.g. Android Studio), - # use this if they aren't displayed properly: - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - }; - }; -} diff --git a/home/modules/termite.nix b/home/modules/termite.nix deleted file mode 100644 index 77bb1e6..0000000 --- a/home/modules/termite.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config -, lib -, pkgs -, colors ? ../../lib/colors.nix -, ... -}: -with lib; let - cfg = config.dadada.home.termite; -in -{ - options.dadada.home.termite = { - enable = mkEnableOption "Enable termite config"; - }; - config = mkIf cfg.enable { - programs.termite = { - enable = true; - allowBold = true; - audibleBell = false; - clickableUrl = true; - dynamicTitle = true; - font = "Source Code Pro 10"; - mouseAutohide = false; - scrollOnOutput = false; - scrollOnKeystroke = true; - scrollbackLines = -1; - searchWrap = true; - urgentOnBell = true; - cursorBlink = "off"; - cursorShape = "block"; - sizeHints = false; - scrollbar = "off"; - colorsExtra = '' - foreground = ${colors.foreground} - foreground_bold = ${colors.foregroundBold} - cursor = ${colors.cursor} - cursor_foreground = ${colors.cursorForeground} - background = ${colors.background} - color0 = ${colors.background} - color8 = ${colors.color8} - color7 = ${colors.color7} - color15 = ${colors.color15} - color1 = ${colors.color1} - color9 = ${colors.color9} - color2 = ${colors.color2} - color10 = ${colors.color10} - color3 = ${colors.color3} - color11 = ${colors.color11} - color4 = ${colors.color4} - color12 = ${colors.color12} - color5 = ${colors.color5} - color13 = ${colors.color13} - color6 = ${colors.color6} - color14 = ${colors.color14} - color16 = ${colors.color16} - color17 = ${colors.color17} - color18 = ${colors.color18} - color19 = ${colors.color19} - color20 = ${colors.color20} - color21 = ${colors.color21} - ''; - }; - - # Add font that is used in config - home.packages = [ - pkgs.source-code-pro - ]; - }; -} From 0a0cdf7188c39eb5c576be13dab11ff4d9a41d87 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Mar 2024 12:23:11 +0100 Subject: [PATCH 757/988] home: automatically create set of HM modules --- home/modules.nix | 8 ++++++++ home/modules/default.nix | 16 ---------------- home/modules/module-list.nix | 19 ------------------- outputs.nix | 2 +- 4 files changed, 9 insertions(+), 36 deletions(-) create mode 100644 home/modules.nix delete mode 100644 home/modules/default.nix delete mode 100644 home/modules/module-list.nix diff --git a/home/modules.nix b/home/modules.nix new file mode 100644 index 0000000..0e295c9 --- /dev/null +++ b/home/modules.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +with lib; let + modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) + (builtins.readDir dir); + modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) + (modules' dir); +in +(modules ./modules) diff --git a/home/modules/default.nix b/home/modules/default.nix deleted file mode 100644 index b1f117d..0000000 --- a/home/modules/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - alacritty = import ./alacritty; - colors = import ./colors.nix; - direnv = import ./direnv.nix; - git = import ./git.nix; - gpg = import ./gpg.nix; - gtk = import ./gtk.nix; - helix = import ./helix; - keyring = import ./keyring.nix; - session = import ./session.nix; - ssh = import ./ssh.nix; - syncthing = import ./syncthing.nix; - tmux = import ./tmux.nix; - xdg = import ./xdg.nix; - zsh = import ./zsh.nix; -} diff --git a/home/modules/module-list.nix b/home/modules/module-list.nix deleted file mode 100644 index bbe6b3f..0000000 --- a/home/modules/module-list.nix +++ /dev/null @@ -1,19 +0,0 @@ -[ - ./colors.nix - ./direnv.nix - ./fish.nix - ./git.nix - ./gpg.nix - ./gtk.nix - ./keyring.nix - ./kitty - ./mako.nix - ./session.nix - ./ssh.nix - ./sway - ./syncthing.nix - ./termite.nix - ./tmux.nix - ./xdg.nix - ./zsh.nix -] diff --git a/outputs.nix b/outputs.nix index 8b6a45f..694a493 100644 --- a/outputs.nix +++ b/outputs.nix @@ -36,7 +36,7 @@ })) // { - hmModules = import ./home/modules; + hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; nixosConfigurations = import ./nixos/configurations.nix inputs; From 3fcebd1de04460255a0644f63576ab0f2d3bca58 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Mar 2024 12:23:36 +0100 Subject: [PATCH 758/988] fix(git): fix formatting --- home/modules/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index 9476ac0..497927c 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -79,7 +79,7 @@ in }; rebase = { abbreviateCommands = true; - # Automatically force-update any branches that point to commits that are being rebased. + # Automatically force-update any branches that point to commits that are being rebased. updateRefs = true; }; rerere.enabled = true; From cb6f66c6c8340233665a973399a0f90d069a7c54 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Mar 2024 22:10:22 +0100 Subject: [PATCH 759/988] borg: switch to ourly backups --- nixos/modules/backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index c18aeb8..0395008 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -169,7 +169,7 @@ in passCommand = "cat ${cfg.backup1.passphrasePath}"; }; compression = "auto,lz4"; - startAt = "daily"; + startAt = "hourly"; }; services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { @@ -185,7 +185,7 @@ in passCommand = "cat ${cfg.backup2.passphrasePath}"; }; compression = "auto,lz4"; - startAt = "daily"; + startAt = "hourly"; environment = { BORG_RELOCATED_REPO_ACCESS_IS_OK = "no"; }; From 72f8cf91bc2074f75fbc67d19f9ee5ce73894473 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 2 Mar 2024 22:11:36 +0100 Subject: [PATCH 760/988] Revert "borg: switch to ourly backups" This reverts commit cb6f66c6c8340233665a973399a0f90d069a7c54. --- nixos/modules/backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 0395008..c18aeb8 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -169,7 +169,7 @@ in passCommand = "cat ${cfg.backup1.passphrasePath}"; }; compression = "auto,lz4"; - startAt = "hourly"; + startAt = "daily"; }; services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { @@ -185,7 +185,7 @@ in passCommand = "cat ${cfg.backup2.passphrasePath}"; }; compression = "auto,lz4"; - startAt = "hourly"; + startAt = "daily"; environment = { BORG_RELOCATED_REPO_ACCESS_IS_OK = "no"; }; From b7d12303a3ec25c1099d9481e7e8ee7ff53228c2 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 4 Mar 2024 22:10:18 +0100 Subject: [PATCH 761/988] remove service VLAN and route to backup1 using wireguard --- nixos/agares/dns.nix | 1 + nixos/agares/network.nix | 13 +---------- nixos/agares/rules.nft | 28 +++++------------------ nixos/gorgon/configuration.nix | 1 - nixos/modules/profiles/base.nix | 5 +++++ nixos/ninurta/configuration.nix | 40 ++++++++------------------------- nixos/surgat/configuration.nix | 18 +++++++-------- 7 files changed, 30 insertions(+), 76 deletions(-) diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index 075859d..bba7c55 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -43,6 +43,7 @@ "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\"" "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\"" "\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" + "\"backup1.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" ]; local-zone = [ "\"168.192.in-addr.arpa.\" nodefault" diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index f0950e2..0eeaa44 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -40,15 +40,6 @@ in Id = 11; }; }; - "20-srv" = { - netdevConfig = { - Kind = "vlan"; - Name = "srv.13"; - }; - vlanConfig = { - Id = 13; - }; - }; "20-roadw" = { netdevConfig = { Kind = "wireguard"; @@ -124,7 +115,7 @@ in in { "10-mgmt" = subnet "enp1s0" "100" // { - networkConfig.VLAN = [ "lan.10" "ff.11" "srv.13" ]; + networkConfig.VLAN = [ "lan.10" "ff.11" ]; dhcpServerStaticLeases = [ { # legion @@ -163,8 +154,6 @@ in "30-ff" = subnet "ff.11" "102"; - "30-srv" = subnet "srv.13" "103"; - "30-ifb4ppp0" = { name = "ifb4ppp0"; extraConfig = '' diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft index ca574d7..a270aab 100644 --- a/nixos/agares/rules.nft +++ b/nixos/agares/rules.nft @@ -4,7 +4,6 @@ define IF_MGMT = "enp1s0" define IF_FF = "ff.11" define IF_LAN = "lan.10" define IF_WAN = "ppp0" -define IF_SRV = "srv.13" # Modem uses this for internet uplink via our WAN define IF_MODEM = "enp2s0" @@ -51,10 +50,6 @@ table inet filter { counter accept comment "Accept all traffic from MGMT" } - chain input_srv { - counter accept comment "Accept all traffic from services" - } - chain input_roadw { counter accept comment "Accept all traffic from roadwarriors" } @@ -69,23 +64,13 @@ table inet filter { udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk" } - chain input_srv { - jump input_icmp_untrusted - - # DHCP - meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client" - - # Allow DNS and DHCP from SRV - udp dport { 53, 67 } accept comment "Allow DNS and DHCP from services" - } - chain input { type filter hook input priority filter; policy drop; ct state {established, related} counter accept comment "Accept packets from established and related connections" ct state invalid counter drop comment "Early drop of invalid packets" - iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, $IF_SRV : jump input_srv } + iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt } } # Only works if hardware flow offloading is available @@ -117,13 +102,10 @@ table inet filter { iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt" # FF -> WAN - iifname { $IF_FF, $IF_SRV } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN" + iifname { $IF_FF } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN" - # { WAN, SRV } -> { FF, LAN, RW, SRV } - iifname { $IF_WAN, $IF_SRV } oifname { $IF_FF, $IF_LAN, $IF_ROADW, $IF_SRV } ct state established,related counter accept comment "Allow established back from WAN and SRV" - - # WAN -> SRV - iifname $IF_WAN oifname $IF_SRV tcp dport ssh accept comment "Allow all SSH traffic forwarding from WAN to services" + # { WAN } -> { FF, LAN, RW } + iifname { $IF_WAN } oifname { $IF_FF, $IF_LAN, $IF_ROADW } ct state established,related counter accept comment "Allow established back from WAN" } chain output { @@ -145,6 +127,6 @@ table ip nat { table arp filter { chain input { type filter hook input priority filter; policy drop; - iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_SRV, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, SRV, modem" + iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem" } } diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index ff84f55..360b612 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -158,7 +158,6 @@ in }; networking.hosts = { - "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; "127.0.0.2" = [ "kanboard.dadada.li" ]; }; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index ca22bec..d2930a7 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -54,6 +54,11 @@ in }; networking.networkmanager.dns = mkDefault "systemd-resolved"; + + networking.hosts = { + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" = [ "backup1.dadada.li" ]; + }; + services.resolved = { enable = mkDefault true; fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 00b1c26..7a8b3c1 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -103,10 +103,6 @@ in }; }; - dadada.ddns.domains = [ "backup1.dadada.li" "soft-serve.dadada.li" ]; - dadada.ddns.credentialsPath = config.age.secrets."ddns-credentials".path; - dadada.ddns.interface = "backup"; - dadada.borgServer = { enable = true; path = "/mnt/storage/backups"; @@ -148,11 +144,6 @@ in location = "/var/backup/postgresql"; }; - age.secrets."ddns-credentials" = { - file = "${secretsPath}/ddns-credentials.age"; - mode = "400"; - }; - age.secrets."ninurta-backup-passphrase" = { file = "${secretsPath}/ninurta-backup-passphrase.age"; mode = "400"; @@ -281,7 +272,7 @@ in matchConfig.Name = "enp*"; networkConfig.DHCP = "ipv4"; networkConfig.Domains = [ "bs.dadada.li" ]; - networkConfig.VLAN = [ "backup" ]; + networkConfig.VLAN = [ ]; networkConfig.IPv6PrivacyExtensions = false; linkConfig.RequiredForOnline = "routable"; dhcpV4Config = { @@ -294,22 +285,15 @@ in UseDNS = true; }; }; - "20-backup" = { - matchConfig.Name = "backup"; - networkConfig = { - DHCP = "ipv4"; - IPv6PrivacyExtensions = false; - }; - linkConfig.RequiredForOnline = false; - }; - "10-hydra" = { - matchConfig.Name = "hydra"; - address = [ "10.3.3.3/24" ]; + "10-surgat" = { + matchConfig.Name = "surgat"; + address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128"]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ { routeConfig = { Destination = "10.3.3.1/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } ]; }; "10-uwu" = { @@ -327,10 +311,10 @@ in }; }; netdevs = { - "10-hydra" = { + "10-surgat" = { netdevConfig = { Kind = "wireguard"; - Name = "hydra"; + Name = "surgat"; }; wireguardConfig = { PrivateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; @@ -339,7 +323,7 @@ in wireguardPeers = [{ wireguardPeerConfig = { PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ "10.3.3.1/32" ]; + AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; PersistentKeepalive = 25; Endpoint = "surgat.dadada.li:51235"; }; @@ -363,13 +347,6 @@ in }; }]; }; - "20-backup" = { - netdevConfig = { - Name = "backup"; - Kind = "vlan"; - }; - vlanConfig.Id = 13; - }; }; }; @@ -388,6 +365,7 @@ in 51234 # Wireguard 51235 # Wireguard ]; + logReversePathDrops = true; }; services.resolved.enable = true; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 937afa4..86f15c9 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -83,24 +83,24 @@ in ]; linkConfig.RequiredForOnline = "routable"; }; - "10-hydra" = { - matchConfig.Name = "hydra"; - address = [ "10.3.3.1/24" ]; + "10-ninurta" = { + matchConfig.Name = "ninurta"; + address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = "no"; routes = [ - { - routeConfig = { Destination = "10.3.3.0/24"; }; - } + { routeConfig = { Destination = "10.3.3.3/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; } ]; }; }; netdevs = { - "10-hydra" = { + "10-ninurta" = { netdevConfig = { Kind = "wireguard"; - Name = "hydra"; + Name = "ninurta"; }; wireguardConfig = { PrivateKeyFile = "/var/lib/wireguard/hydra"; @@ -109,7 +109,7 @@ in wireguardPeers = [{ wireguardPeerConfig = { PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ "10.3.3.3/32" ]; + AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"] ; }; }]; }; From af5418a99506cbbf1f1c004b82cfb125c263dd23 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 16:48:48 +0100 Subject: [PATCH 762/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/2c9562e7624fa1b50983fc18d504bf86202bef49' (2024-02-29) → 'github:nix-community/nixos-generators/bef32a05496d9480b02be586fa7827748b9e597b' (2024-03-08) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/479831ed8b3c9c7b80533999f880c7d0bf6a491b' (2024-02-25) → 'github:nix-community/nixpkgs.lib/7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c' (2024-03-03) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/33a97b5814d36ddd65ad678ad07ce43b1a67f159' (2024-02-28) → 'github:NixOS/nixos-hardware/59e37017b9ed31dee303dbbd4531c594df95cfbc' (2024-03-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/79baff8812a0d68e24a836df0a364c678089e2c7' (2024-03-01) → 'github:NixOS/nixpkgs/2be119add7b37dc535da2dd4cba68e2cf8d1517e' (2024-03-08) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/093f82e5707bb6f14ee38a742748f9fb4ab1488e' (2024-03-02) → 'github:numtide/treefmt-nix/9c57261c71871d2208a6dd4394774cca226c6dbc' (2024-03-08) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index fc78911..1fce37f 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1708821942, - "narHash": "sha256-jd+E1SD59qty65pwqad2mftzkT6vW5nNFWVuvayh4Zw=", + "lastModified": 1709426687, + "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "479831ed8b3c9c7b80533999f880c7d0bf6a491b", + "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1709226763, - "narHash": "sha256-GlJ7g2srrtx6s5P2uswZ6Zcpy2u90tomIx+Gstlk97s=", + "lastModified": 1709887845, + "narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "2c9562e7624fa1b50983fc18d504bf86202bef49", + "rev": "bef32a05496d9480b02be586fa7827748b9e597b", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709147990, - "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", + "lastModified": 1709410583, + "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", + "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709309926, - "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "79baff8812a0d68e24a836df0a364c678089e2c7", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1709373438, - "narHash": "sha256-F/Vieen5x2nf05KJ5AitoE/GSB0FU2jMffSM8bHSuBs=", + "lastModified": 1709911575, + "narHash": "sha256-yC2iOKe0BSZAeXLNPXPrsGn5BwUTYYZESKb+OblLnXY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "093f82e5707bb6f14ee38a742748f9fb4ab1488e", + "rev": "9c57261c71871d2208a6dd4394774cca226c6dbc", "type": "github" }, "original": { From 9334844c6ea69d6021d03ada0d494806b9102d39 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 17:03:39 +0100 Subject: [PATCH 763/988] fix: remove cachix --- nixos/gorgon/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 360b612..2f60801 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -124,7 +124,6 @@ in environment.systemPackages = with pkgs; [ chromium ghostscript - cachix ]; networking.firewall = { From e44daad69a581c2ece4c0ca599d87843a35b9716 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 17:26:32 +0100 Subject: [PATCH 764/988] feat: upgrade state version of gorgon --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 2f60801..524ea4a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -219,5 +219,5 @@ in ]; }; - system.stateVersion = "22.11"; + system.stateVersion = "23.11"; } From 0b8b9127b7952142d566cfe384e03e80186a6c52 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 17:41:09 +0100 Subject: [PATCH 765/988] fix: replace rnix with nixd --- home/modules/helix/config/languages.toml | 6 +++--- home/modules/helix/default.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 2a516ae..1786c91 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -1,8 +1,8 @@ [language-server.rust-analyzer] config = { rust-analyzer = { checkOnSave = { command = "clippy" } } } -[language-server.nil] -command = "nil" +[language-server.nixd] +command = "nixd" [language-server.ltex-ls] command = "ltex-ls" @@ -21,4 +21,4 @@ roots = [] [[language]] name = "nix" file-types = ["nix"] -language-servers = [{ name = "nil" }] +language-servers = [{ name = "nixd" }] diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 3ce4fce..5185875 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -16,7 +16,7 @@ in home.file.".config/helix".source = ./config; home.packages = [ cfg.package - pkgs.rnix-lsp + pkgs.nixd ]; }; } From 11af2dc5a5feb7fc42afa8d5ccebb766953e3a1d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 17:46:57 +0100 Subject: [PATCH 766/988] fix: eval error with default nix version when building nixd --- home/modules/helix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 5185875..2ffdc51 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -16,7 +16,7 @@ in home.file.".config/helix".source = ./config; home.packages = [ cfg.package - pkgs.nixd + #pkgs.nixd ]; }; } From 7d291c2c73c2ae869c4c5c5dd65bc2de55f511b9 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 18:22:00 +0100 Subject: [PATCH 767/988] fix: formatting --- nixos/ninurta/configuration.nix | 2 +- nixos/surgat/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 7a8b3c1..085b5e1 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -287,7 +287,7 @@ in }; "10-surgat" = { matchConfig.Name = "surgat"; - address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128"]; + address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 86f15c9..34b26c6 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -109,7 +109,7 @@ in wireguardPeers = [{ wireguardPeerConfig = { PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"] ; + AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ]; }; }]; }; From 5957c26c936c7048904a918935f182d072e7060a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 22:58:41 +0100 Subject: [PATCH 768/988] feat: zeal --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 76c8ca8..1718dd2 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -142,5 +142,6 @@ with pkgs; [ xxh # portable shells youtube-dl # zotero Marked as insecure + zeal zsh ] From 03a6a9c934843597087f5c7a324231fc120495f6 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 9 Mar 2024 22:59:30 +0100 Subject: [PATCH 769/988] feat!: remove uwu --- nixos/gorgon/configuration.nix | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 524ea4a..f2bf88d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -160,25 +160,6 @@ in "127.0.0.2" = [ "kanboard.dadada.li" ]; }; - networking.wireguard.interfaces.uwupn = { - ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ]; - privateKeyFile = "/var/lib/wireguard/uwu"; - - postSetup = '' - ${pkgs.systemd}/bin/resolvectl domain uwupn ~uwu - ${pkgs.systemd}/bin/resolvectl dns uwupn 10.11.0.1 - ${pkgs.systemd}/bin/resolvectl dnssec uwupn false - ''; - peers = [ - { - publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" ]; - endpoint = "53c70r.de:51820"; - persistentKeepalive = 25; - } - ]; - }; - # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html systemd.timers.wg-reresolve-dns = { wantedBy = [ "timers.target" ]; From 64ad2b6a23d0e2fd02715610de8c7e28d86a1cee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 19:10:30 +0000 Subject: [PATCH 770/988] build(deps): bump cachix/cachix-action from 12 to 14 Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 12 to 14. - [Release notes](https://github.com/cachix/cachix-action/releases) - [Commits](https://github.com/cachix/cachix-action/compare/v12...v14) --- updated-dependencies: - dependency-name: cachix/cachix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 360b57f..1de4691 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -18,7 +18,7 @@ jobs: experimental-features = nix-command flakes access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v12 + - uses: cachix/cachix-action@v14 with: name: dadada signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' From ac9c6a43d1d819d39535575c2f720110f80155ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 00:50:22 +0000 Subject: [PATCH 771/988] build(deps): bump DeterminateSystems/nix-installer-action from 8 to 9 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 8 to 9. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v8...v9) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index cbe87b1..6f5f2c9 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v8 + uses: DeterminateSystems/nix-installer-action@v9 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v20 with: From a7e12063198912cf0f8e2f5ee6a745e2d3d8ebc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 00:33:24 +0000 Subject: [PATCH 772/988] build(deps): bump cachix/install-nix-action from 23 to 25 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 23 to 25. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v23...v25) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index 1de4691..e5b2e44 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v23 + - uses: cachix/install-nix-action@v25 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | From 056753909a5f565ce57528f30de01489e78b98e0 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 11 Mar 2024 21:01:07 +0100 Subject: [PATCH 773/988] fix: override hydra's nix version nix-2.17 is marked as insecure --- overlays.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/overlays.nix b/overlays.nix index bf0588c..bd232b0 100644 --- a/overlays.nix +++ b/overlays.nix @@ -20,4 +20,8 @@ ]; recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd; }; + + insecure = final: prev: { + hydra_unstable = prev.hydra_unstable.override { nix = final.nixVersions.unstable; }; + }; } From 8de346de28ebbddc2132c4636c40b6ef724c441d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 01:10:58 +0000 Subject: [PATCH 774/988] build(deps): bump cachix/install-nix-action from 25 to 26 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 25 to 26. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v25...v26) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index e5b2e44..b0c0fa3 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@v26 with: nix_path: nixpkgs=channel:nixos-stable extra_nix_config: | From fb48bac8c56f06f397803780b1a71d4b3bd6c144 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 01:11:01 +0000 Subject: [PATCH 775/988] build(deps): bump DeterminateSystems/nix-installer-action from 9 to 10 Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 9 to 10. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v9...v10) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 6f5f2c9..8f02f85 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 + uses: DeterminateSystems/nix-installer-action@v10 - name: Update flake.lock uses: DeterminateSystems/update-flake-lock@v20 with: From 017725d2cf62a03a4ab289a0bd3c1ecf9dd506be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 18:06:42 +0000 Subject: [PATCH 776/988] build(deps): bump DeterminateSystems/update-flake-lock from 20 to 21 Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 20 to 21. - [Release notes](https://github.com/determinatesystems/update-flake-lock/releases) - [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v20...v21) --- updated-dependencies: - dependency-name: DeterminateSystems/update-flake-lock dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/nix-flake-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 8f02f85..9045f91 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -13,7 +13,7 @@ jobs: - name: Install Nix uses: DeterminateSystems/nix-installer-action@v10 - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v20 + uses: DeterminateSystems/update-flake-lock@v21 with: pr-title: "Update flake.lock" # Title of PR to be created pr-labels: | # Labels to be set on the PR From 7d1047e5fe06d101a2b06c1b704d4ed994d20553 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 23 Mar 2024 18:37:56 +0100 Subject: [PATCH 777/988] tunnel munin node traffic on lan through wireguard --- nixos/agares/configuration.nix | 2 +- nixos/agares/network.nix | 36 ++++++++++++++++++++++ nixos/agares/rules.nft | 6 +++- nixos/ninurta/configuration.nix | 54 +++++++++++++++++++-------------- nixos/ninurta/monitoring.nix | 4 +-- secrets/agares-wg0-key.age | 10 ++++++ secrets/secrets.nix | 1 + 7 files changed, 87 insertions(+), 26 deletions(-) create mode 100644 secrets/agares-wg0-key.age diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index 4e553e4..c8ab058 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -86,7 +86,7 @@ enable = true; extraConfig = '' host_name ${config.networking.hostName} - cidr_allow 192.168.101.184/32 + cidr_allow 10.3.3.3/32 ''; }; diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 0eeaa44..6ed3f1c 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -63,6 +63,26 @@ in }; }]; }; + "20-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets."wg-privkey-wg0".path; + ListenPort = 51235; + }; + wireguardPeers = lib.singleton { + wireguardPeerConfig = { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" + ]; + }; + }; + }; }; networks = let @@ -126,6 +146,17 @@ in } ]; }; + "30-wg0" = { + matchConfig.Name = "wg0"; + address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = false; + routes = [ + { routeConfig = { Destination = "10.3.3.1/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } + ]; + }; "30-lan" = subnet "lan.10" "101" // { dhcpServerStaticLeases = [ { @@ -237,6 +268,11 @@ in owner = "systemd-network"; }; + age.secrets."wg-privkey-wg0" = { + file = "${config.dadada.secrets.path}/agares-wg0-key.age"; + owner = "systemd-network"; + }; + boot.kernel.sysctl = { # Enable forwarding for interface "net.ipv4.conf.all.forwarding" = "1"; diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft index a270aab..4b41bea 100644 --- a/nixos/agares/rules.nft +++ b/nixos/agares/rules.nft @@ -64,13 +64,17 @@ table inet filter { udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk" } + chain input_wg0 { + tcp dport 4949 accept comment "Munin node" + } + chain input { type filter hook input priority filter; policy drop; ct state {established, related} counter accept comment "Accept packets from established and related connections" ct state invalid counter drop comment "Early drop of invalid packets" - iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt } + iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, wg0 : jump input_wg0 } } # Only works if hardware flow offloading is available diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 085b5e1..aea6d25 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -6,9 +6,9 @@ let "backup1.dadada.li" ]; secretsPath = config.dadada.secrets.path; - wg0PrivKey = "pruflas-wg0-key"; + uwuPrivKey = "pruflas-wg0-key"; wgHydraPrivKey = "pruflas-wg-hydra-key"; - wg0PresharedKey = "pruflas-wg0-preshared-key"; + uwuPresharedKey = "pruflas-wg0-preshared-key"; hydraGitHubAuth = "hydra-github-authorization"; initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; softServePort = 23231; @@ -198,12 +198,13 @@ in "v /mnt/storage/backups 0755 root root - -" ]; - age.secrets.${wg0PrivKey} = { - file = "${secretsPath}/${wg0PrivKey}.age"; + age.secrets.${uwuPrivKey} = { + file = "${secretsPath}/${uwuPrivKey}.age"; owner = "systemd-network"; }; - age.secrets.${wg0PresharedKey} = { - file = "${secretsPath}/${wg0PresharedKey}.age"; + + age.secrets.${uwuPresharedKey} = { + file = "${secretsPath}/${uwuPresharedKey}.age"; owner = "systemd-network"; }; age.secrets.${wgHydraPrivKey} = { @@ -285,8 +286,8 @@ in UseDNS = true; }; }; - "10-surgat" = { - matchConfig.Name = "surgat"; + "30-wg0" = { + matchConfig.Name = "wg0"; address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; @@ -296,7 +297,7 @@ in { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } ]; }; - "10-uwu" = { + "30-uwu" = { matchConfig.Name = "uwu"; address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; dns = [ "10.11.0.1%uwu#uwu" ]; @@ -311,38 +312,47 @@ in }; }; netdevs = { - "10-surgat" = { + "20-wg0" = { netdevConfig = { Kind = "wireguard"; - Name = "surgat"; + Name = "wg0"; }; wireguardConfig = { PrivateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; ListenPort = 51235; }; - wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; - PersistentKeepalive = 25; - Endpoint = "surgat.dadada.li:51235"; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; + PersistentKeepalive = 25; + Endpoint = "surgat.dadada.li:51235"; + }; + } + { + wireguardPeerConfig = { + PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; + AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; + Endpoint = "192.168.101.1:51235"; + }; + } + ]; }; - "10-uwu" = { + "20-uwu" = { netdevConfig = { Kind = "wireguard"; Name = "uwu"; }; wireguardConfig = { - PrivateKeyFile = config.age.secrets.${wg0PrivKey}.path; + PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; }; wireguardPeers = [{ wireguardPeerConfig = { PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${wg0PresharedKey}.path; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; Endpoint = "53c70r.de:51820"; }; }]; diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix index 552dc4d..e3dfa8a 100644 --- a/nixos/ninurta/monitoring.nix +++ b/nixos/ninurta/monitoring.nix @@ -15,13 +15,13 @@ enable = true; hosts = '' [${config.networking.hostName}] - address localhost + address 10.3.3.3 [surgat] address 10.3.3.1 [agares] - address 192.168.101.1 + address 10.3.3.2 ''; }; services.munin-node.enable = true; diff --git a/secrets/agares-wg0-key.age b/secrets/agares-wg0-key.age new file mode 100644 index 0000000..9938b85 --- /dev/null +++ b/secrets/agares-wg0-key.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w ENcdsQ43v/xIe1Ej4BYjb/nTjIk76N2DR/zj754Puz0 +vIDFk+A/m8rOnBNXcvfBX4SJNxT6LP64s674v5pJtcQ +-> ssh-ed25519 Otklkw lLwVf/2E67Bue+VBu+EMupLjuv6wfR656CD1st71GRM +AsXHvpANM0mOiSW3LTqzbEneVQSKNb0TvsMY2WCPfbk +-> DJZq-grease 9))O09 z2- +ZFxd5v9Bma6VVIvpw8VK0DSR55lHUNOTh6cNxFJAezXn1apmjvuZPdMSXZ7OrE23 +qlqnskWvo+SX3JF7NH0yQf53dZJU +--- pSa5IqZmIDAHJkcPgqrS0WUwnD1ipE2pGr87qhTmrjk +Û(E˜/—P(©Õ|J¥€øªëØ‘éÒ‹˜zñ`JOÁ2“ŒÔ–‚Ûñd3qÁ±¤‡O­Ú!”8òùHN3\°Åê‘iš \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0328299..7da57e3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -27,6 +27,7 @@ in "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ]; "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ]; "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ]; + "agares-wg0-key.age".publicKeys = [ systems.agares dadada ]; } // backupSecrets "ninurta" // backupSecrets "gorgon" // From 37badcc33603739a7d44cdb0a752cfd495367287 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 23 Mar 2024 18:57:44 +0100 Subject: [PATCH 778/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/5ddecd67edbd568ebe0a55905273e56cc82aabe3' (2024-02-26) → 'github:numtide/devshell/2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8' (2024-03-22) • Updated input 'flake-utils': 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28) → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11) • Updated input 'home-manager': 'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03) → 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/bef32a05496d9480b02be586fa7827748b9e597b' (2024-03-08) → 'github:nix-community/nixos-generators/417a857dfb824e60930881a254dd67d6796f5884' (2024-03-22) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c' (2024-03-03) → 'github:nix-community/nixpkgs.lib/fa827dda806c5aa98f454da4c567991ab8ce422c' (2024-03-17) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/59e37017b9ed31dee303dbbd4531c594df95cfbc' (2024-03-02) → 'github:NixOS/nixos-hardware/1e679b9a9970780cd5d4dfe755a74a8f96d33388' (2024-03-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/2be119add7b37dc535da2dd4cba68e2cf8d1517e' (2024-03-08) → 'github:NixOS/nixpkgs/56528ee42526794d413d6f244648aaee4a7b56c0' (2024-03-22) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/9c57261c71871d2208a6dd4394774cca226c6dbc' (2024-03-08) → 'github:numtide/treefmt-nix/7ee5aaac63c30d3c97a8c56efe89f3b2aa9ae564' (2024-03-18) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 1fce37f..76be15a 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1708939976, - "narHash": "sha256-O5+nFozxz2Vubpdl1YZtPrilcIXPcRAjqNdNE8oCRoA=", + "lastModified": 1711099426, + "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", "owner": "numtide", "repo": "devshell", - "rev": "5ddecd67edbd568ebe0a55905273e56cc82aabe3", + "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1709126324, - "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1706981411, - "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "lastModified": 1710888565, + "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "owner": "nix-community", "repo": "home-manager", - "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1709426687, - "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", + "lastModified": 1710636348, + "narHash": "sha256-/kB+ZWSdkZjbZ0FTqm0u84sf2jFS+30ysaEajmBjtoY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", + "rev": "fa827dda806c5aa98f454da4c567991ab8ce422c", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1709887845, - "narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=", + "lastModified": 1711108213, + "narHash": "sha256-Q8cwpA2LQOInqeXVckrfFlbzHB8HOWrYntuOxqn3A3g=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "bef32a05496d9480b02be586fa7827748b9e597b", + "rev": "417a857dfb824e60930881a254dd67d6796f5884", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1709410583, - "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", + "lastModified": 1710783728, + "narHash": "sha256-eIsfu3c9JUBgm3cURSKTXLEI9Dlk1azo+MWKZVqrmkc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", + "rev": "1e679b9a9970780cd5d4dfe755a74a8f96d33388", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1711124224, + "narHash": "sha256-l0zlN/3CiodvWDtfBOVxeTwYSRz93muVbXWSpaMjXxM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "56528ee42526794d413d6f244648aaee4a7b56c0", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1709911575, - "narHash": "sha256-yC2iOKe0BSZAeXLNPXPrsGn5BwUTYYZESKb+OblLnXY=", + "lastModified": 1710781103, + "narHash": "sha256-nehQK/XTFxfa6rYKtbi8M1w+IU1v5twYhiyA4dg1vpg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9c57261c71871d2208a6dd4394774cca226c6dbc", + "rev": "7ee5aaac63c30d3c97a8c56efe89f3b2aa9ae564", "type": "github" }, "original": { From bd0d73cc33a2c2e17355b86406764017bfe1540a Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 23 Mar 2024 19:21:16 +0100 Subject: [PATCH 779/988] Remove override for hydra_unstable --- overlays.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/overlays.nix b/overlays.nix index bd232b0..bf0588c 100644 --- a/overlays.nix +++ b/overlays.nix @@ -20,8 +20,4 @@ ]; recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd; }; - - insecure = final: prev: { - hydra_unstable = prev.hydra_unstable.override { nix = final.nixVersions.unstable; }; - }; } From 79c9b0bb75751e8829675f1f01aaa24e5d3da2b3 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 23 Mar 2024 19:43:39 +0100 Subject: [PATCH 780/988] secure munin-node with firewall --- nixos/ninurta/configuration.nix | 12 +++++++++--- nixos/surgat/configuration.nix | 4 +++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index aea6d25..16b629f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -367,15 +367,21 @@ in 22 # SSH 80 # munin web 631 # Printing - 3000 # Hydra - softServePort ]; allowedUDPPorts = [ 631 # Printing 51234 # Wireguard 51235 # Wireguard ]; - logReversePathDrops = true; + interfaces = { + uwu.allowedTCPPorts = [ + softServePort + ]; + wg0.allowedTCPPorts = [ + 3000 # Hydra + 4949 # munin-node + ]; + }; }; services.resolved.enable = true; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 34b26c6..e93b766 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -123,12 +123,14 @@ in 22 # SSH 80 443 # HTTPS - 4949 # munin-node ]; allowedUDPPorts = [ 51234 # Wireguard 51235 # Wireguard ]; + interfaces.ninurta.allowedTCPPorts = [ + 4949 # munin-node + ]; }; # Use the GRUB 2 boot loader. From d8a261d68f1f7c6a888ae38cdc8ca66a80e39a4d Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 25 Mar 2024 20:57:27 +0100 Subject: [PATCH 781/988] fix: DHCP config in management LAN --- nixos/agares/dns.nix | 2 ++ nixos/agares/network.nix | 34 ++++++++++++++++++++++------------ 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index bba7c55..7e52d8b 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -40,6 +40,8 @@ val-permissive-mode = true; local-data = [ "\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\"" + "\"danjal.bs.dadada.li. 10800 IN A 192.168.100.108\"" + "\"legion.bs.dadada.li. 10800 IN A 192.168.100.107\"" "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\"" "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\"" "\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 6ed3f1c..61af8ea 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -134,18 +134,28 @@ in }; in { - "10-mgmt" = subnet "enp1s0" "100" // { - networkConfig.VLAN = [ "lan.10" "ff.11" ]; - dhcpServerStaticLeases = [ - { - # legion - dhcpServerStaticLeaseConfig = { - Address = "192.168.100.107"; - MACAddress = "80:CC:9C:95:4A:60"; - }; - } - ]; - }; + "10-mgmt" = lib.mkMerge [ + (subnet "enp1s0" "100") + { + networkConfig.VLAN = [ "lan.10" "ff.11" ]; + dhcpServerStaticLeases = [ + { + # legion + dhcpServerStaticLeaseConfig = { + Address = "192.168.100.107"; + MACAddress = "80:CC:9C:95:4A:60"; + }; + } + { + # danyal + dhcpServerStaticLeaseConfig = { + Address = "192.168.100.108"; + MACAddress = "c8:9e:43:a3:3d:7f"; + }; + } + ]; + } + ]; "30-wg0" = { matchConfig.Name = "wg0"; address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; From e1f1332728bd953390ea71a558938c68741f0ce4 Mon Sep 17 00:00:00 2001 From: dadada Date: Fri, 5 Apr 2024 21:02:26 +0200 Subject: [PATCH 782/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/417a857dfb824e60930881a254dd67d6796f5884' (2024-03-22) → 'github:nix-community/nixos-generators/0c15e76bed5432d7775a22e8d22059511f59d23a' (2024-04-04) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/fa827dda806c5aa98f454da4c567991ab8ce422c' (2024-03-17) → 'github:nix-community/nixpkgs.lib/90b1a963ff84dc532db92f678296ff2499a60a87' (2024-03-31) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/1e679b9a9970780cd5d4dfe755a74a8f96d33388' (2024-03-18) → 'github:NixOS/nixos-hardware/f3b959627bca46a9f7052b8fbc464b8323e68c2c' (2024-04-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/56528ee42526794d413d6f244648aaee4a7b56c0' (2024-03-22) → 'github:NixOS/nixpkgs/1487bdea619e4a7a53a4590c475deabb5a9d1bfb' (2024-04-03) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/7ee5aaac63c30d3c97a8c56efe89f3b2aa9ae564' (2024-03-18) → 'github:numtide/treefmt-nix/49dc4a92b02b8e68798abd99184f228243b6e3ac' (2024-04-01) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 76be15a..09ec0aa 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1710636348, - "narHash": "sha256-/kB+ZWSdkZjbZ0FTqm0u84sf2jFS+30ysaEajmBjtoY=", + "lastModified": 1711846064, + "narHash": "sha256-cqfX0QJNEnge3a77VnytM0Q6QZZ0DziFXt6tSCV8ZSc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "fa827dda806c5aa98f454da4c567991ab8ce422c", + "rev": "90b1a963ff84dc532db92f678296ff2499a60a87", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1711108213, - "narHash": "sha256-Q8cwpA2LQOInqeXVckrfFlbzHB8HOWrYntuOxqn3A3g=", + "lastModified": 1712191720, + "narHash": "sha256-xXtSSnVHURHsxLQO30dzCKW5NJVGV/umdQPmFjPFMVA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "417a857dfb824e60930881a254dd67d6796f5884", + "rev": "0c15e76bed5432d7775a22e8d22059511f59d23a", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1710783728, - "narHash": "sha256-eIsfu3c9JUBgm3cURSKTXLEI9Dlk1azo+MWKZVqrmkc=", + "lastModified": 1712324865, + "narHash": "sha256-+BatEWd4HlMeK7Ora+gYIkarjxFVCg9oKrIeybHIIX4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1e679b9a9970780cd5d4dfe755a74a8f96d33388", + "rev": "f3b959627bca46a9f7052b8fbc464b8323e68c2c", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711124224, - "narHash": "sha256-l0zlN/3CiodvWDtfBOVxeTwYSRz93muVbXWSpaMjXxM=", + "lastModified": 1712168706, + "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "56528ee42526794d413d6f244648aaee4a7b56c0", + "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1710781103, - "narHash": "sha256-nehQK/XTFxfa6rYKtbi8M1w+IU1v5twYhiyA4dg1vpg=", + "lastModified": 1711963903, + "narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "7ee5aaac63c30d3c97a8c56efe89f3b2aa9ae564", + "rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac", "type": "github" }, "original": { From 557a5c7ce90c2478e37f20815162b1581f46d487 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Apr 2024 13:40:20 +0200 Subject: [PATCH 783/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19) → 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/0c15e76bed5432d7775a22e8d22059511f59d23a' (2024-04-04) → 'github:nix-community/nixos-generators/d942db8df8ee860556a38754f15b8d03bf7e6933' (2024-04-08) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/90b1a963ff84dc532db92f678296ff2499a60a87' (2024-03-31) → 'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f' (2024-04-07) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/f3b959627bca46a9f7052b8fbc464b8323e68c2c' (2024-04-05) → 'github:NixOS/nixos-hardware/f58b25254be441cd2a9b4b444ed83f1e51244f1f' (2024-04-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1487bdea619e4a7a53a4590c475deabb5a9d1bfb' (2024-04-03) → 'github:NixOS/nixpkgs/51651a540816273b67bc4dedea2d37d116c5f7fe' (2024-04-11) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 09ec0aa..54b5970 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1710888565, - "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", + "lastModified": 1712386041, + "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", + "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1711846064, - "narHash": "sha256-cqfX0QJNEnge3a77VnytM0Q6QZZ0DziFXt6tSCV8ZSc=", + "lastModified": 1712450863, + "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "90b1a963ff84dc532db92f678296ff2499a60a87", + "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1712191720, - "narHash": "sha256-xXtSSnVHURHsxLQO30dzCKW5NJVGV/umdQPmFjPFMVA=", + "lastModified": 1712537332, + "narHash": "sha256-yYlxv1sg/TNl6hghjAe0ct+/p5PwXiT1mpuaExjhR88=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "0c15e76bed5432d7775a22e8d22059511f59d23a", + "rev": "d942db8df8ee860556a38754f15b8d03bf7e6933", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1712324865, - "narHash": "sha256-+BatEWd4HlMeK7Ora+gYIkarjxFVCg9oKrIeybHIIX4=", + "lastModified": 1712909959, + "narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f3b959627bca46a9f7052b8fbc464b8323e68c2c", + "rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712168706, - "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=", + "lastModified": 1712867921, + "narHash": "sha256-edTFV4KldkCMdViC/rmpJa7oLIU8SE/S35lh/ukC7bg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb", + "rev": "51651a540816273b67bc4dedea2d37d116c5f7fe", "type": "github" }, "original": { From d3c7b429c7418e868a93601b8f0c6b2eddcdda2e Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 14 Apr 2024 19:31:46 +0200 Subject: [PATCH 784/988] feat: it's summer, use light theme --- home/modules/alacritty/colors.toml | 49 +++++++++++++-------------- home/modules/git.nix | 2 +- home/modules/helix/config/config.toml | 2 +- 3 files changed, 25 insertions(+), 28 deletions(-) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index 0c459b7..2a57edb 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,31 +1,28 @@ +# XTerm's default colors + +# Default colors [colors.primary] -background = "0x0d1117" -foreground = "0xb3b1ad" +background = '#ffffff' +foreground = '#000000' +# Normal colors [colors.normal] -black = "0x484f58" -red = "0xff7b72" -green = "0x3fb950" -yellow = "0xd29922" -blue = "0x58a6ff" -magenta = "0xbc8cff" -cyan = "0x39c5cf" -white = "0xb1bac4" +black = '#000000' +red = '#cd0000' +green = '#00cd00' +yellow = '#cdcd00' +blue = '#0000ee' +magenta = '#cd00cd' +cyan = '#00cdcd' +white = '#e5e5e5' +# Bright colors [colors.bright] -black = "0x6e7681" -red = "0xffa198" -green = "0x56d364" -yellow = "0xe3b341" -blue = "0x79c0ff" -magenta = "0xd2a8ff" -cyan = "0x56d4dd" -white = "0xf0f6fc" - -[[colors.indexed_colors]] -index = 16 -color = "0xd18616" - -[[colors.indexed_colors]] -index = 17 -color = "0xffa198" +black = '#7f7f7f' +red = '#ff0000' +green = '#00ff00' +yellow = '#ffff00' +blue = '#5c5cff' +magenta = '#ff00ff' +cyan = '#00ffff' +white = '#ffffff' diff --git a/home/modules/git.nix b/home/modules/git.nix index 497927c..768da26 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -48,7 +48,7 @@ in navigate = true; # use n and N to move between diff sections side-by-side = false; line-numbers = true; - light = false; + light = true; }; diff = { renames = "copies"; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 9657e4c..4d4c3ef 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "ayu_dark" +theme = "emacs" [editor] line-number = "relative" From cf396ba2206a2fa484761c7e71cbb2ed42232532 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 28 Apr 2024 20:15:36 +0200 Subject: [PATCH 785/988] home: update color scheme to solarized --- home/dconf.nix | 1 - home/modules/alacritty/colors.toml | 38 +++++++++++++-------------- home/modules/helix/config/config.toml | 2 +- 3 files changed, 20 insertions(+), 21 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index e1a9635..ac29248 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -32,7 +32,6 @@ with lib.hm.gvariant; clock-show-date = true; clock-show-seconds = false; clock-show-weekday = true; - color-scheme = "prefer-dark"; enable-animations = true; enable-hot-corners = false; font-antialiasing = "grayscale"; diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml index 2a57edb..3f7eb25 100644 --- a/home/modules/alacritty/colors.toml +++ b/home/modules/alacritty/colors.toml @@ -1,28 +1,28 @@ -# XTerm's default colors +# Colors (Solarized Light) # Default colors [colors.primary] -background = '#ffffff' -foreground = '#000000' +background = '#fdf6e3' +foreground = '#586e75' # Normal colors [colors.normal] -black = '#000000' -red = '#cd0000' -green = '#00cd00' -yellow = '#cdcd00' -blue = '#0000ee' -magenta = '#cd00cd' -cyan = '#00cdcd' -white = '#e5e5e5' +black = '#073642' +red = '#dc322f' +green = '#859900' +yellow = '#b58900' +blue = '#268bd2' +magenta = '#d33682' +cyan = '#2aa198' +white = '#eee8d5' # Bright colors [colors.bright] -black = '#7f7f7f' -red = '#ff0000' -green = '#00ff00' -yellow = '#ffff00' -blue = '#5c5cff' -magenta = '#ff00ff' -cyan = '#00ffff' -white = '#ffffff' +black = '#002b36' +red = '#cb4b16' +green = '#586e75' +yellow = '#657b83' +blue = '#839496' +magenta = '#6c71c4' +cyan = '#93a1a1' +white = '#fdf6e3' diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 4d4c3ef..41cf786 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "emacs" +theme = "solarized_light" [editor] line-number = "relative" From 871c1b8fa8983107d8ddb272d6f4ca9098343517 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 28 Apr 2024 20:16:30 +0200 Subject: [PATCH 786/988] flake: update homePage --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 54b5970..a949173 100644 --- a/flake.lock +++ b/flake.lock @@ -165,11 +165,11 @@ "homePage": { "flake": false, "locked": { - "lastModified": 1699995134, - "narHash": "sha256-YZKHkSRsUJL2D4QcABQHeBPJNV4y8P3HOI87LUVbOcM=", + "lastModified": 1714328013, + "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", "owner": "dadada", "repo": "dadada.li", - "rev": "61500a9a71ddf2a2df4005d3724ac38c6b78ab08", + "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", "type": "github" }, "original": { From 66055e2d2d1f41d35c44d288ee55194d78fd50fd Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 28 Apr 2024 20:19:21 +0200 Subject: [PATCH 787/988] rename homePage to homepage --- flake.lock | 4 ++-- flake.nix | 2 +- nixos/configurations.nix | 4 ++-- nixos/modules/homepage.nix | 4 ++-- nixos/surgat/configuration.nix | 2 +- outputs.nix | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index a949173..367b30f 100644 --- a/flake.lock +++ b/flake.lock @@ -162,7 +162,7 @@ "type": "github" } }, - "homePage": { + "homepage": { "flake": false, "locked": { "lastModified": 1714328013, @@ -253,7 +253,7 @@ "flake-registry": "flake-registry", "flake-utils": "flake-utils_2", "home-manager": "home-manager_2", - "homePage": "homePage", + "homepage": "homepage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 81b24d4..a75d27e 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - homePage = { + homepage = { url = "github:dadada/dadada.li"; flake = false; }; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 0474384..15d1619 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -2,7 +2,7 @@ , agenix , nixpkgs , home-manager -, homePage +, homepage , nixos-hardware , nixos-generators , ... @@ -49,7 +49,7 @@ in system = "x86_64-linux"; extraModules = [ { - dadada.homePage.package = homePage; + dadada.homepage.package = homepage; } ./modules/profiles/server.nix ./surgat/configuration.nix diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index 4508cc7..b04c3b2 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -3,10 +3,10 @@ , ... }: let - cfg = config.dadada.homePage; + cfg = config.dadada.homepage; in with lib; { - options.dadada.homePage = { + options.dadada.homepage = { enable = mkEnableOption "Enable home page"; package = mkOption { type = lib.types.path; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index e93b766..1522855 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -43,7 +43,7 @@ in dadada.gitea.enable = true; dadada.miniflux.enable = true; dadada.weechat.enable = true; - dadada.homePage.enable = true; + dadada.homepage.enable = true; dadada.share.enable = true; dadada.backupClient = { backup1.enable = true; diff --git a/outputs.nix b/outputs.nix index 694a493..11461ee 100644 --- a/outputs.nix +++ b/outputs.nix @@ -2,7 +2,7 @@ { self , flake-utils , flake-registry -, homePage +, homepage , nixpkgs , home-manager , nixos-hardware From 895aa749e8fbbbacf59fdff8c87e975128f9acb8 Mon Sep 17 00:00:00 2001 From: dadada Date: Thu, 2 May 2024 21:18:00 +0200 Subject: [PATCH 788/988] git: set name --- home/modules/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/git.nix b/home/modules/git.nix index 768da26..3b575b7 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -31,7 +31,7 @@ in tag.gpgSign = true; user = { email = "dadada@dadada.li"; - name = "dadada"; + name = "Tim Schubert"; signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada "; }; core = { From db4923fa914a66b72d1f6e6c7df0eb0721989f2d Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 May 2024 22:21:10 +0200 Subject: [PATCH 789/988] home: add zk --- home/modules/helix/config/languages.toml | 11 +++++++++++ home/pkgs.nix | 1 + 2 files changed, 12 insertions(+) diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 1786c91..772a9f8 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -7,6 +7,10 @@ command = "nixd" [language-server.ltex-ls] command = "ltex-ls" +[language-server.zk] +command = "zk" +args = ["lsp"] + [[language]] name = "rust" language-servers = [ {name="rust-analyzer"} ] @@ -22,3 +26,10 @@ roots = [] name = "nix" file-types = ["nix"] language-servers = [{ name = "nixd" }] + +[[language]] +name = "markdown" +scope = "source.md" +injection-regex = "md|markdown" +file-types = ["md", "markdown"] +roots = [".zk"] diff --git a/home/pkgs.nix b/home/pkgs.nix index 1718dd2..afdb1b0 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -143,5 +143,6 @@ with pkgs; [ youtube-dl # zotero Marked as insecure zeal + zk zsh ] From 8de153467a02f142adb4d5896673cf877285acd0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 9 May 2024 13:03:57 +0200 Subject: [PATCH 790/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8' (2024-03-22) → 'github:numtide/devshell/12e914740a25ea1891ec619bb53cf5e6ca922e40' (2024-04-19) • Updated input 'home-manager': 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06) → 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411' (2024-04-25) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d942db8df8ee860556a38754f15b8d03bf7e6933' (2024-04-08) → 'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e' (2024-04-22) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/f58b25254be441cd2a9b4b444ed83f1e51244f1f' (2024-04-12) → 'github:NixOS/nixos-hardware/a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a' (2024-05-08) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/51651a540816273b67bc4dedea2d37d116c5f7fe' (2024-04-11) → 'github:NixOS/nixpkgs/27c13997bf450a01219899f5a83bd6ffbfc70d3c' (2024-05-06) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/49dc4a92b02b8e68798abd99184f228243b6e3ac' (2024-04-01) → 'github:numtide/treefmt-nix/c6aaf729f34a36c445618580a9f95a48f5e4e03f' (2024-04-25) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 367b30f..2620ffc 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1711099426, - "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "lastModified": 1713532798, + "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", "owner": "numtide", "repo": "devshell", - "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1712386041, - "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", + "lastModified": 1714043624, + "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", + "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1712537332, - "narHash": "sha256-yYlxv1sg/TNl6hghjAe0ct+/p5PwXiT1mpuaExjhR88=", + "lastModified": 1713783234, + "narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d942db8df8ee860556a38754f15b8d03bf7e6933", + "rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1712909959, - "narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=", + "lastModified": 1715148395, + "narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f", + "rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712867921, - "narHash": "sha256-edTFV4KldkCMdViC/rmpJa7oLIU8SE/S35lh/ukC7bg=", + "lastModified": 1714971268, + "narHash": "sha256-IKwMSwHj9+ec660l+I4tki/1NRoeGpyA2GdtdYpAgEw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "51651a540816273b67bc4dedea2d37d116c5f7fe", + "rev": "27c13997bf450a01219899f5a83bd6ffbfc70d3c", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1711963903, - "narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=", + "lastModified": 1714058656, + "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac", + "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", "type": "github" }, "original": { From 7af31af8473fd8f8292c16e8b94dd7fe271ab268 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 9 May 2024 13:12:09 +0200 Subject: [PATCH 791/988] agares: do not require some links to be online --- nixos/agares/network.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 61af8ea..af15e05 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -115,7 +115,7 @@ in EmitDomains = true; # takes search domains from the [Network] }; linkConfig = { - RequiredForOnline = "no"; + RequiredForOnline = false; }; networkConfig = { Domains = domain; @@ -204,6 +204,9 @@ in FlowIsolationMode = triple RTT = internet ''; + linkConfig = { + RequiredForOnline = false; + }; }; "30-ppp0" = { @@ -245,7 +248,7 @@ in "enp2s0" = { name = "enp2s0"; linkConfig = { - RequiredForOnline = "no"; + RequiredForOnline = false; }; networkConfig = { Address = "192.168.1.254/24"; @@ -260,7 +263,7 @@ in ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = "no"; + linkConfig.RequiredForOnline = false; routes = [ { routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; From 729eb4b60c18dfa3857c1187a10030974e08cba0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 9 May 2024 13:20:19 +0200 Subject: [PATCH 792/988] ninurta: fix monitoring --- nixos/ninurta/monitoring.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix index e3dfa8a..9a0b983 100644 --- a/nixos/ninurta/monitoring.nix +++ b/nixos/ninurta/monitoring.nix @@ -15,7 +15,7 @@ enable = true; hosts = '' [${config.networking.hostName}] - address 10.3.3.3 + address 127.0.0.1 [surgat] address 10.3.3.1 From 4d77f9184b4cd19c82194c0b3373659ff66ef03f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 16 May 2024 19:43:52 +0200 Subject: [PATCH 793/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411' (2024-04-25) → 'github:nix-community/home-manager/ab5542e9dbd13d0100f8baae2bc2d68af901f4b4' (2024-05-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a' (2024-05-08) → 'github:NixOS/nixos-hardware/d68be3e5e21d829ebce080d96747508fc27ea4e3' (2024-05-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/27c13997bf450a01219899f5a83bd6ffbfc70d3c' (2024-05-06) → 'github:NixOS/nixpkgs/9ddcaffecdf098822d944d4147dd8da30b4e6843' (2024-05-14) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 2620ffc..3e67b2c 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1714043624, - "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", + "lastModified": 1715381426, + "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", "owner": "nix-community", "repo": "home-manager", - "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", + "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1715148395, - "narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=", + "lastModified": 1715881357, + "narHash": "sha256-hOveC1aYL4tInMYw4gBxwctYqLrlqrkppW82752ZhOA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a", + "rev": "d68be3e5e21d829ebce080d96747508fc27ea4e3", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714971268, - "narHash": "sha256-IKwMSwHj9+ec660l+I4tki/1NRoeGpyA2GdtdYpAgEw=", + "lastModified": 1715668745, + "narHash": "sha256-xp62OkRkbUDNUc6VSqH02jB0FbOS+MsfMb7wL1RJOfA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "27c13997bf450a01219899f5a83bd6ffbfc70d3c", + "rev": "9ddcaffecdf098822d944d4147dd8da30b4e6843", "type": "github" }, "original": { From e251d9865c32b287a3cda97c58e18dd0a57e8b35 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 17 May 2024 21:21:29 +0200 Subject: [PATCH 794/988] gorgon: add smartmon --- nixos/gorgon/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index f2bf88d..c4d0af0 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -85,6 +85,8 @@ in services.avahi.enable = true; + services.smartd.enable = true; + services.tor = { enable = true; client.enable = true; @@ -124,6 +126,7 @@ in environment.systemPackages = with pkgs; [ chromium ghostscript + smartmontools ]; networking.firewall = { From cbbc9ff77ffc1a3cc73e1159c1e2c114d3066766 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 26 May 2024 20:40:28 +0200 Subject: [PATCH 795/988] feat: enable auto-scrub on all servers --- nixos/modules/profiles/server.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index a7e28fb..2bbdab7 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -16,6 +16,8 @@ with lib; { documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; + services.btrfs.autoScrub.enable = true; + services.journald.extraConfig = '' SystemKeepFree = 2G ''; From ba010e4e083cfbd1f49d9d06f83064258ab2e4ef Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 26 May 2024 20:44:12 +0200 Subject: [PATCH 796/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/ab5542e9dbd13d0100f8baae2bc2d68af901f4b4' (2024-05-10) → 'github:nix-community/home-manager/2c78a57c544dd19b07442350727ced097e1aa6e6' (2024-05-26) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e' (2024-04-22) → 'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94' (2024-05-20) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/d68be3e5e21d829ebce080d96747508fc27ea4e3' (2024-05-16) → 'github:NixOS/nixos-hardware/2e7d6c568063c83355fe066b8a8917ee758de1b8' (2024-05-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9ddcaffecdf098822d944d4147dd8da30b4e6843' (2024-05-14) → 'github:NixOS/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/c6aaf729f34a36c445618580a9f95a48f5e4e03f' (2024-04-25) → 'github:numtide/treefmt-nix/2fba33a182602b9d49f0b2440513e5ee091d838b' (2024-05-17) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 3e67b2c..c6a5393 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1715381426, - "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", + "lastModified": 1716729592, + "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", "owner": "nix-community", "repo": "home-manager", - "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", + "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1713783234, - "narHash": "sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE+9ytRWxsA5aWtmyI=", + "lastModified": 1716210724, + "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "722b512eb7e6915882f39fff0e4c9dd44f42b77e", + "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1715881357, - "narHash": "sha256-hOveC1aYL4tInMYw4gBxwctYqLrlqrkppW82752ZhOA=", + "lastModified": 1716715385, + "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d68be3e5e21d829ebce080d96747508fc27ea4e3", + "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715668745, - "narHash": "sha256-xp62OkRkbUDNUc6VSqH02jB0FbOS+MsfMb7wL1RJOfA=", + "lastModified": 1716361217, + "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ddcaffecdf098822d944d4147dd8da30b4e6843", + "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1714058656, - "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", + "lastModified": 1715940852, + "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", + "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", "type": "github" }, "original": { From 95fd1b26ec76385b079e14dae800685e3253ae70 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 30 May 2024 11:12:33 +0200 Subject: [PATCH 797/988] gorgon: disable syncthing temporarily --- nixos/gorgon/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index c4d0af0..0896fe6 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -132,10 +132,10 @@ in networking.firewall = { enable = true; allowedTCPPorts = [ - 22000 # Syncthing + # 22000 # Syncthing ]; allowedUDPPorts = [ - 21027 # Syncthing + # 21027 # Syncthing ]; }; From 35a609f12cd37c1d39bbb4c35eae0a86147c5fb8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 30 May 2024 11:27:52 +0200 Subject: [PATCH 798/988] ddns: also update A records --- nixos/modules/ddns.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 807949e..af7d725 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -42,7 +42,8 @@ with lib; let curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl -6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} + ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true + ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} ''; })); }; From c6d2c74b8033e0e0f3b53db3b0bbd772afed93b4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 30 May 2024 11:28:25 +0200 Subject: [PATCH 799/988] update flake.lock --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index c6a5393..57bca43 100644 --- a/flake.lock +++ b/flake.lock @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716715385, - "narHash": "sha256-fe6Z33pbfqu4TI5ijmcaNc5vRBs633tyxJ12HTghy3w=", + "lastModified": 1716987116, + "narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2e7d6c568063c83355fe066b8a8917ee758de1b8", + "rev": "8251761f93d6f5b91cee45ac09edb6e382641009", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "lastModified": 1716633019, + "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", "type": "github" }, "original": { From c32f5b463382a8dcabc3ce1051f30865bffc85b9 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 10:36:31 +0200 Subject: [PATCH 800/988] gorgon: install v4l2loopback kernel module --- nixos/gorgon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0896fe6..5979c06 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -50,6 +50,7 @@ in boot = { kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; kernelParams = [ "resume=/dev/disk/by-label/swap" ]; initrd = { systemd.enable = true; From 63fe114dd1c7de72a2198b7e366ffaa4a586c5ce Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:55:32 +0200 Subject: [PATCH 801/988] fixup! gorgon: disable syncthing temporarily --- nixos/gorgon/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 5979c06..96dbf42 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -133,10 +133,10 @@ in networking.firewall = { enable = true; allowedTCPPorts = [ - # 22000 # Syncthing + # 22000 # Syncthing ]; allowedUDPPorts = [ - # 21027 # Syncthing + # 21027 # Syncthing ]; }; From 13a7abf56c11379e6627151b91588425a82f9038 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 19:41:00 +0200 Subject: [PATCH 802/988] home: disable use of gnome-keyring --- home/default.nix | 2 +- home/modules/git.nix | 1 + nixos/gorgon/configuration.nix | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 0bd95fb..a523270 100644 --- a/home/default.nix +++ b/home/default.nix @@ -10,7 +10,7 @@ let "git" "gpg" "gtk" - "keyring" + #"keyring" "syncthing" "tmux" "xdg" diff --git a/home/modules/git.nix b/home/modules/git.nix index 3b575b7..e89e62a 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -27,6 +27,7 @@ in gpg = { format = "ssh"; ssh.allowedSignersFile = "${allowedSigners}"; + ssh.program = "ssh-keygen"; }; tag.gpgSign = true; user = { diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 96dbf42..0320d16 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -196,6 +196,8 @@ in # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main"; #}; + services.gnome3.gnome-keyring.enable = lib.mkForce false; + hardware.opengl = { enable = true; extraPackages = with pkgs; [ From e4a53b4048000cd9607fc3d214fb42e9dee4b9b8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 12:23:47 +0200 Subject: [PATCH 803/988] flake: ugrade to 24.05 --- flake.lock | 16 ++++++++-------- flake.nix | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 57bca43..ffddf05 100644 --- a/flake.lock +++ b/flake.lock @@ -148,16 +148,16 @@ ] }, "locked": { - "lastModified": 1716729592, - "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -232,16 +232,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index a75d27e..fb8c468 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,13 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager/release-23.11"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; From 71e92dd437b928989362b44a6a33f41e1aab6732 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 10:44:28 +0200 Subject: [PATCH 804/988] gorgon: enable nix-ld --- nixos/modules/profiles/laptop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 551cfc2..117bdf4 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -17,6 +17,7 @@ with lib; { services.fwupd.enable = mkDefault true; programs.ssh.startAgent = true; programs.ssh.enableAskPassword = true; + programs.nix-ld.enable = true; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; From 192734c3238fc20e41ce82b5365e1cd98eaafa3e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 10:48:13 +0200 Subject: [PATCH 805/988] base: remove nixpkgs from closure of non-interactive systems --- nixos/configurations.nix | 4 ++-- nixos/modules/profiles/base.nix | 4 ---- nixos/modules/profiles/laptop.nix | 5 +++++ 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 15d1619..d587829 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -12,8 +12,7 @@ let inherit system; modules = [{ - # Add flakes to registry and nix path. - dadada.inputs = inputs // { dadada = self; }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; @@ -26,6 +25,7 @@ in { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { dadada = self; }; } nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index d2930a7..e97a380 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -16,10 +16,6 @@ in time.timeZone = mkDefault "Europe/Berlin"; - nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; - nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; - nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; - nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 117bdf4..397c04a 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -4,6 +4,7 @@ , ... }: let + inputs = config.dadada.inputs; secretsPath = config.dadada.secrets.path; in with lib; { @@ -19,6 +20,10 @@ with lib; { programs.ssh.enableAskPassword = true; programs.nix-ld.enable = true; + nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; + nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; fonts.packages = mkDefault (with pkgs; [ From 5a9f9eaefec7db88bf7b4d95dfd29ed92797741f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 14:25:09 +0200 Subject: [PATCH 806/988] home: add unixtools.xxd xxd moved from vim package to unixtools.xxd --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index afdb1b0..4bfc21d 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -139,6 +139,7 @@ with pkgs; [ xdg_utils xmlstarlet xsv # cut for csv + unixtools.xxd xxh # portable shells youtube-dl # zotero Marked as insecure From 5df269cd5c3280e7764e1b00a23368b2531b2d08 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:18:16 +0200 Subject: [PATCH 807/988] home: remove pinentryFlavor Since it has not effect --- home/modules/gpg.nix | 1 - home/pkgs.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index 2e77ad0..d1af776 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -27,7 +27,6 @@ in enable = true; defaultCacheTtl = 1800; enableSshSupport = false; - pinentryFlavor = "gnome3"; }; }; } diff --git a/home/pkgs.nix b/home/pkgs.nix index 4bfc21d..a28ccde 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -98,7 +98,6 @@ with pkgs; [ pass pavucontrol picocom - pinentry-gnome playerctl procs # ps in rust prusa-slicer From 7b3d12bbcbdf13757586df897833783c50fd1f81 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:20:19 +0200 Subject: [PATCH 808/988] home: remove dateutil --- home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index a28ccde..fe6a59d 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -104,7 +104,6 @@ with pkgs; [ pv pwgen python3 - python38Packages.dateutil python38Packages.managesieve ranger recipemd From 37ce933a6e070219226fde8df0725ec44d635425 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:24:22 +0200 Subject: [PATCH 809/988] home: add sieveshell --- home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index fe6a59d..4d69b7e 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -104,7 +104,6 @@ with pkgs; [ pv pwgen python3 - python38Packages.managesieve ranger recipemd reptyr @@ -113,6 +112,7 @@ with pkgs; [ rustup saleae-logic-2 sd # search and displace like sed but with better syntax + sieveshell signal-desktop silver-searcher skim # fzf in Rust From df242bd3de27eac9b5c3cd32a4cddca6c6089296 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:49:20 +0200 Subject: [PATCH 810/988] profiles/server: only enable btrfs if have btrfs filesystems --- nixos/modules/profiles/server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 2bbdab7..c10979a 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -16,7 +16,7 @@ with lib; { documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - services.btrfs.autoScrub.enable = true; + services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }); services.journald.extraConfig = '' SystemKeepFree = 2G From 9d1c9974cd5939eb1ebae9d0186394810e24bc67 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:49:57 +0200 Subject: [PATCH 811/988] base: remove redundant zsh config --- nixos/modules/profiles/base.nix | 12 ------------ nixos/modules/zsh.nix | 17 ----------------- 2 files changed, 29 deletions(-) delete mode 100644 nixos/modules/zsh.nix diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index e97a380..3684a98 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -37,18 +37,6 @@ in experimental-features = nix-command flakes ''; - programs.zsh = mkDefault { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - histSize = 100000; - vteIntegration = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; - }; - }; - networking.networkmanager.dns = mkDefault "systemd-resolved"; networking.hosts = { diff --git a/nixos/modules/zsh.nix b/nixos/modules/zsh.nix deleted file mode 100644 index 90e32bb..0000000 --- a/nixos/modules/zsh.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - programs.zsh = { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - histSize = 100000; - vteIntegration = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "pattern" "root" "line" ]; - }; - }; -} From 48d3044763aa0418cc3c5040dc2c7a5860e24681 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:53:56 +0200 Subject: [PATCH 812/988] modules/zsh: fix renamed options --- home/modules/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 5e054b7..58cef5b 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -14,9 +14,9 @@ in programs.fzf.enableZshIntegration = true; programs.zsh = { enable = true; - enableAutosuggestions = true; enableCompletion = true; enableVteIntegration = true; + autosuggestion.enable = true; autocd = true; sessionVariables = { EDITOR = "hx"; From eb0acd229d14632a1fb455caa2ece011a294621d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 15:57:18 +0200 Subject: [PATCH 813/988] ninurta/printing: fix renamed option --- nixos/ninurta/printing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index bb71739..6fdbb08 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -19,7 +19,7 @@ services.avahi = { enable = true; - nssmdns = true; + nssmdns4 = true; openFirewall = true; publish = { enable = true; From 2ec9448b941f45798c5835a55eef5528aef9ea8f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 18:23:38 +0200 Subject: [PATCH 814/988] gorgon: switch to plasma 6 --- flake.lock | 12 ++++++------ home/modules/xdg.nix | 2 +- nixos/gorgon/configuration.nix | 5 +++++ nixos/modules/profiles/base.nix | 2 ++ nixos/modules/profiles/laptop.nix | 4 ---- 5 files changed, 14 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index ffddf05..05dd47c 100644 --- a/flake.lock +++ b/flake.lock @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716987116, - "narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", + "lastModified": 1717248095, + "narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8251761f93d6f5b91cee45ac09edb6e382641009", + "rev": "7b49d3967613d9aacac5b340ef158d493906ba79", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1715940852, - "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", + "lastModified": 1717182148, + "narHash": "sha256-Hi09/RoizxubRf3PHToT2Nm7TL8B/abSVa6q82uEgNI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", + "rev": "03b982b77df58d5974c61c6022085bafe780c1cf", "type": "github" }, "original": { diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index e252d60..b093eca 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -35,12 +35,12 @@ in defaultApplications = apps; }; userDirs = { + desktop = "\$HOME/.desktop"; download = "\$HOME/tmp"; music = "\$HOME/lib/music"; videos = "\$HOME/lib/videos"; pictures = "\$HOME/lib/pictures"; documents = "\$HOME/lib"; - desktop = "$HOME/tmp"; }; }; home.packages = with pkgs; [ diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0320d16..d0d67bf 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -197,6 +197,11 @@ in #}; services.gnome3.gnome-keyring.enable = lib.mkForce false; + programs.gnupg.agent.enable = true; + + services.xserver.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; hardware.opengl = { enable = true; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 3684a98..56e17cd 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -47,5 +47,7 @@ in enable = mkDefault true; fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; }; + + programs.zsh.enable = mkDefault true; } diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 397c04a..cc36988 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -43,10 +43,6 @@ with lib; { networking.networkmanager.enable = mkDefault true; networking.firewall.enable = mkDefault true; - services.xserver.enable = mkDefault true; - services.xserver.displayManager.gdm.enable = mkDefault true; - services.xserver.desktopManager.gnome.enable = mkDefault true; - xdg.mime.enable = mkDefault true; security.rtkit.enable = true; From 30e6a941a78fe38609af9a8512d3d02190448630 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Jun 2024 21:54:18 +0200 Subject: [PATCH 815/988] gorgon: renamed option --- nixos/gorgon/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d0d67bf..108720b 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -196,7 +196,7 @@ in # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main"; #}; - services.gnome3.gnome-keyring.enable = lib.mkForce false; + services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; services.xserver.enable = true; From 52bd13e2834cc680e327ccb2ee34b480e0a2afcd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 2 Jun 2024 00:56:44 +0200 Subject: [PATCH 816/988] home: fix font-name Otherwise gnome-shell will not display text. --- home/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/dconf.nix b/home/dconf.nix index ac29248..4569a88 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -36,7 +36,7 @@ with lib.hm.gvariant; enable-hot-corners = false; font-antialiasing = "grayscale"; font-hinting = "slight"; - font-name = "Cantarell"; + font-name = "Cantarell 10"; gtk-enable-primary-paste = false; gtk-key-theme = "Emacs"; gtk-theme = "Adwaita"; From 431ad5ad9e0af6a461d1a355ce48f200a698885e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 3 Jun 2024 23:45:47 +0200 Subject: [PATCH 817/988] Revert "gorgon: disable syncthing temporarily" This reverts commit 95fd1b26ec76385b079e14dae800685e3253ae70. --- nixos/gorgon/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 108720b..b2da49d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -133,10 +133,10 @@ in networking.firewall = { enable = true; allowedTCPPorts = [ - # 22000 # Syncthing + 22000 # Syncthing ]; allowedUDPPorts = [ - # 21027 # Syncthing + 21027 # Syncthing ]; }; From eb94ce1313393dfedcf21702c2ddd22a5947f638 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 4 Jun 2024 20:27:02 +0200 Subject: [PATCH 818/988] gitea: migrate to forgejo --- nixos/modules/default.nix | 30 ++++++++---------------------- nixos/modules/gitea.nix | 33 ++++++++++++++++++++++++--------- nixos/surgat/configuration.nix | 2 +- outputs.nix | 2 +- 4 files changed, 34 insertions(+), 33 deletions(-) diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index c2b27dc..d0554cc 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,22 +1,8 @@ -{ - admin = import ./admin.nix; - backup = import ./backup.nix; - borgServer = import ./borg-server.nix; - ddns = import ./ddns.nix; - element = import ./element.nix; - fileShare = import ./fileShare.nix; - gitea = import ./gitea.nix; - headphones = import ./headphones.nix; - homepage = import ./homepage.nix; - miniflux = import ./miniflux.nix; - inputs = import ./inputs.nix; - nixpkgs = import ./nixpkgs.nix; - packages = import ./packages.nix; - secrets = import ./secrets.nix; - share = import ./share.nix; - steam = import ./steam.nix; - sway = import ./sway.nix; - vpnServer = import ./vpnServer.nix; - weechat = import ./weechat.nix; - yubikey = import ./yubikey.nix; -} +{ lib, ... }: +with lib; let + modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))) + (builtins.readDir dir); + modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) + (modules' dir); +in +(modules ./.) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index f566024..f73ddc0 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -4,21 +4,27 @@ , ... }: let - cfg = config.dadada.gitea; + cfg = config.dadada.forgejo; in { - options.dadada.gitea = { - enable = lib.mkEnableOption "Enable gitea"; + options.dadada.forgejo = { + enable = lib.mkEnableOption "Enable forgejo"; }; config = lib.mkIf cfg.enable { - services.gitea = { + services.forgejo = { enable = true; - appName = "dadada Gitea"; + user = "gitea"; + group = "gitea"; + stateDir = "/var/lib/gitea"; + database = { type = "postgres"; + name = "gitea"; + user = "gitea"; }; settings = { + DEFAULT.APP_NAME = "dadada forgejo"; service = { DISABLE_REGISTRATION = true; }; @@ -50,15 +56,15 @@ in cache = { ENABLE = true; ADAPTER = "redis"; - HOST = "network=unix,addr=${config.services.redis.servers.gitea.unixSocket},db=0,pool_size=100,idle_timeout=180"; + HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180"; }; }; }; services.redis = { - servers.gitea = { + servers.forgejo = { enable = true; - user = config.services.gitea.user; + user = config.services.forgejo.user; }; vmOverCommit = true; }; @@ -68,8 +74,17 @@ in forceSSL = true; locations."/".extraConfig = '' - proxy_pass http://unix:/run/gitea/gitea.sock:/; + proxy_pass http://unix:/run/forgejo/forgejo.sock:/; ''; }; + + users.users.gitea = { + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + + users.groups.gitea = { }; }; } diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 1522855..9a9bc54 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -40,7 +40,7 @@ in }; dadada.element.enable = true; - dadada.gitea.enable = true; + dadada.forgejo.enable = true; dadada.miniflux.enable = true; dadada.weechat.enable = true; dadada.homepage.enable = true; diff --git a/outputs.nix b/outputs.nix index 11461ee..8199211 100644 --- a/outputs.nix +++ b/outputs.nix @@ -40,7 +40,7 @@ nixosConfigurations = import ./nixos/configurations.nix inputs; - nixosModules = import ./nixos/modules; + nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; overlays = import ./overlays.nix; From bc462eefa747a0cdf41d34d20a4eb6158f720ab6 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 6 Jun 2024 17:57:30 +0200 Subject: [PATCH 819/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/12e914740a25ea1891ec619bb53cf5e6ca922e40' (2024-04-19) → 'github:numtide/devshell/1ebbe68d57457c8cae98145410b164b5477761f4' (2024-06-03) • Updated input 'flake-registry': 'github:NixOS/flake-registry/9c69f7bd2363e71fe5cd7f608113290c7614dcdd' (2024-01-15) → 'github:NixOS/flake-registry/895a65f8d5acf848136ee8fe8e8f736f0d27df96' (2024-06-03) • Updated input 'home-manager': 'github:nix-community/home-manager/a631666f5ec18271e86a5cde998cba68c33d9ac6' (2024-05-26) → 'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/7b49d3967613d9aacac5b340ef158d493906ba79' (2024-06-01) → 'github:NixOS/nixos-hardware/d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177' (2024-06-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/805a384895c696f802a9bf5bf4720f37385df547' (2024-05-31) → 'github:NixOS/nixpkgs/0b8e7a1ae5a94da2e1ee3f3030a32020f6254105' (2024-06-05) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/03b982b77df58d5974c61c6022085bafe780c1cf' (2024-05-31) → 'github:numtide/treefmt-nix/3eb96ca1ae9edf792a8e0963cc92fddfa5a87706' (2024-06-01) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 05dd47c..d09dc7e 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ ] }, "locked": { - "lastModified": 1713532798, - "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -69,11 +69,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1705308826, - "narHash": "sha256-Z3xTYZ9EcRIqZAufZbci912MUKB0sD+qxi/KTGMFVwY=", + "lastModified": 1717415742, + "narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=", "owner": "NixOS", "repo": "flake-registry", - "rev": "9c69f7bd2363e71fe5cd7f608113290c7614dcdd", + "rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96", "type": "github" }, "original": { @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1716736833, - "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", + "lastModified": 1717527182, + "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "owner": "nix-community", "repo": "home-manager", - "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "rev": "845a5c4c073f74105022533907703441e0464bc3", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717248095, - "narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=", + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7b49d3967613d9aacac5b340ef158d493906ba79", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", + "lastModified": 1717555607, + "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1717182148, - "narHash": "sha256-Hi09/RoizxubRf3PHToT2Nm7TL8B/abSVa6q82uEgNI=", + "lastModified": 1717278143, + "narHash": "sha256-u10aDdYrpiGOLoxzY/mJ9llST9yO8Q7K/UlROoNxzDw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "03b982b77df58d5974c61c6022085bafe780c1cf", + "rev": "3eb96ca1ae9edf792a8e0963cc92fddfa5a87706", "type": "github" }, "original": { From 5b4cc979a9c05d08def6afe39b3b5191ab19c383 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 12 Jun 2024 16:35:00 +0200 Subject: [PATCH 820/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94' (2024-05-20) → 'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3' (2024-06-10) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177' (2024-06-05) → 'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0b8e7a1ae5a94da2e1ee3f3030a32020f6254105' (2024-06-05) → 'github:NixOS/nixpkgs/47b604b07d1e8146d5398b42d3306fdebd343986' (2024-06-11) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/3eb96ca1ae9edf792a8e0963cc92fddfa5a87706' (2024-06-01) → 'github:numtide/treefmt-nix/1cb529bffa880746a1d0ec4e0f5076876af931f1' (2024-06-11) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index d09dc7e..94e1fb2 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1716210724, - "narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=", + "lastModified": 1718025593, + "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94", + "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1717995329, + "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "58b52b0dd191af70f538c707c66c682331cfdffc", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717555607, - "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", + "lastModified": 1718086528, + "narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", + "rev": "47b604b07d1e8146d5398b42d3306fdebd343986", "type": "github" }, "original": { @@ -298,11 +298,11 @@ ] }, "locked": { - "lastModified": 1717278143, - "narHash": "sha256-u10aDdYrpiGOLoxzY/mJ9llST9yO8Q7K/UlROoNxzDw=", + "lastModified": 1718139168, + "narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3eb96ca1ae9edf792a8e0963cc92fddfa5a87706", + "rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1", "type": "github" }, "original": { From 0d36fec85de5aa2b7beeb4b1e5d5fef1a2ac0c44 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 22 Jun 2024 11:34:42 +0200 Subject: [PATCH 821/988] fix Rust toolchain not working --- home/modules/helix/config/languages.toml | 2 +- home/pkgs.nix | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml index 772a9f8..070bf61 100644 --- a/home/modules/helix/config/languages.toml +++ b/home/modules/helix/config/languages.toml @@ -1,5 +1,5 @@ [language-server.rust-analyzer] -config = { rust-analyzer = { checkOnSave = { command = "clippy" } } } +config = { rust-analyzer = { checkOnSave = { command = "clippy" }, procMacro.enable = true } } [language-server.nixd] command = "nixd" diff --git a/home/pkgs.nix b/home/pkgs.nix index 4d69b7e..67bf482 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -109,7 +109,6 @@ with pkgs; [ reptyr ripgrep ripgrep - rustup saleae-logic-2 sd # search and displace like sed but with better syntax sieveshell From 3d489f8cad794fa5f599ec3d19540796d6d7cd9a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 22 Jun 2024 11:43:46 +0200 Subject: [PATCH 822/988] Added additional backup for password database --- home/default.nix | 16 ++++++++++++++++ nixos/ninurta/configuration.nix | 10 ++++++++++ 2 files changed, 26 insertions(+) diff --git a/home/default.nix b/home/default.nix index a523270..23ec96b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -111,6 +111,22 @@ in Install.WantedBy = [ "multi-user.target" ]; }; + systemd.user.timers."backup-keepassxc-ninurta" = { + Unit.Description = "Backup password DB to ninurta"; + Timer = { + OnBootSec = "15min"; + OnUnitActiveSec = "1d"; + }; + Install.WantedBy = [ "timers.target" ]; + }; + + systemd.user.services."backup-keepassxc-ninurta" = { + Unit.Description = "Backup password DB to ninurta"; + Unit.Type = "oneshot"; + Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/share/backups/backup-keepassxc/Personal.kdbx"; + Install.WantedBy = [ "multi-user.target" ]; + }; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 16b629f..8bf36de 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -459,6 +459,16 @@ in password = "media"; }; + users.users."backup-keepassxc" = { + home = "/mnt/storage/backups/backup-keepassxc"; + isNormalUser = true; + description = "Backup KeepassXC database"; + extraGroups = [ ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIirODQlcTJ8e9OcFuMlYlGekrUMtDpD5HhbTmuQ+jDW KeepassXC DB backup " + ]; + }; + virtualisation.libvirtd.enable = true; documentation.enable = true; From d6ef9e06858ad727642ad0df6482ef9bd3a31a47 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 22 Jun 2024 12:23:07 +0200 Subject: [PATCH 823/988] Fix typo --- home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 23ec96b..35bd006 100644 --- a/home/default.nix +++ b/home/default.nix @@ -123,7 +123,7 @@ in systemd.user.services."backup-keepassxc-ninurta" = { Unit.Description = "Backup password DB to ninurta"; Unit.Type = "oneshot"; - Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/share/backups/backup-keepassxc/Personal.kdbx"; + Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/storage/backups/backup-keepassxc/Personal.kdbx"; Install.WantedBy = [ "multi-user.target" ]; }; From 82655a38a7231c0bcad598caf06526538abd569e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 13:26:45 +0200 Subject: [PATCH 824/988] fix: mitigation for CVE-2024-6387 --- nixos/modules/profiles/base.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 56e17cd..eaf55e5 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -49,5 +49,10 @@ in }; programs.zsh.enable = mkDefault true; + + # Mitigation for CVE-2024-6387 + # Might be vulnerable to DOS, but better than RCE ... + # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128 + services.openssh.settings.LoginGraceTime = 0; } From 116468e4af7c04d9a832a3b1466b1371899b3469 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:32:28 +0200 Subject: [PATCH 825/988] fix: remove mitigation after update --- nixos/modules/profiles/base.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index eaf55e5..9c78ed7 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -50,9 +50,5 @@ in programs.zsh.enable = mkDefault true; - # Mitigation for CVE-2024-6387 - # Might be vulnerable to DOS, but better than RCE ... - # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128 - services.openssh.settings.LoginGraceTime = 0; } From 3c7d6111975cc46089731b45361fcd2e7534eed7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:31:02 +0200 Subject: [PATCH 826/988] flake: use nixos-*-small by default --- flake.lock | 23 ++++++++++++++++++++--- flake.nix | 3 ++- nixos/configurations.nix | 10 +++++++--- outputs.nix | 1 + 4 files changed, 30 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 94e1fb2..05a5355 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718086528, - "narHash": "sha256-hoB7B7oPgypePz16cKWawPfhVvMSXj4G/qLsfFuhFjw=", + "lastModified": 1719792669, + "narHash": "sha256-VtQjQGdRt6MzowlxEeub86i9Z/M7DNTNwFgZqLiZQVA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47b604b07d1e8146d5398b42d3306fdebd343986", + "rev": "e980b1051c444c81afcf2fee7e4a4c78489f1863", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-full": { + "locked": { + "lastModified": 1719707984, + "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "type": "github" }, "original": { @@ -257,6 +273,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nixpkgs-full": "nixpkgs-full", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index fb8c468..ccc986c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.05"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index d587829..41aabe8 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,7 @@ { self , agenix , nixpkgs +, nixpkgs-full , home-manager , homepage , nixos-hardware @@ -8,17 +9,19 @@ , ... }@inputs: let - nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem { + nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { inherit system; modules = [{ - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; + nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; + }] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in { gorgon = nixosSystem rec { + n_nixpkgs = nixpkgs-full; + system = "x86_64-linux"; extraModules = [ @@ -83,6 +86,7 @@ in }; ninurta = nixosSystem { + n_nixpkgs = nixpkgs-full; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/outputs.nix b/outputs.nix index 8199211..b96b7bb 100644 --- a/outputs.nix +++ b/outputs.nix @@ -6,6 +6,7 @@ , nixpkgs , home-manager , nixos-hardware +, nixpkgs-full , agenix , devshell , ... From b66b445553c127afaafecad45518ad7306efc195 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:32:48 +0200 Subject: [PATCH 827/988] feat: move SSH to non-default port --- nixos/modules/gitea.nix | 5 +++++ nixos/modules/profiles/base.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index f73ddc0..0c808bc 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -37,6 +37,11 @@ in LANDING_PAGE = "explore"; OFFLINE_MODE = true; DISABLE_SSH = false; + + # Use built-in SSH server + START_SSH_SERVER = true; + SSH_PORT = 22; + DOMAIN = "git.dadada.li"; }; picture = { diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index 9c78ed7..fdeb0ee 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -50,5 +50,7 @@ in programs.zsh.enable = mkDefault true; + # Avoid some bots + services.openssh.ports = [ 2222 ]; } From 0015d9d8e13030d214ff8929fefd12dba803d851 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 14:33:55 +0200 Subject: [PATCH 828/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04) → 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/35c20ba421dfa5059e20e0ef2343c875372bdcf3' (2024-06-10) → 'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f' (2024-07-01) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/3c62b6a12571c9a7f65ab037173ee153d539905f' (2024-04-07) → 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10) → 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/e980b1051c444c81afcf2fee7e4a4c78489f1863' (2024-07-01) → 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/1cb529bffa880746a1d0ec4e0f5076876af931f1' (2024-06-11) → 'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 05a5355..8bea2a7 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1717527182, - "narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", + "lastModified": 1719827385, + "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", "owner": "nix-community", "repo": "home-manager", - "rev": "845a5c4c073f74105022533907703441e0464bc3", + "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "nixlib": { "locked": { - "lastModified": 1712450863, - "narHash": "sha256-K6IkdtMtq9xktmYPj0uaYc8NsIqHuaAoRBaMgu9Fvrw=", + "lastModified": 1719708727, + "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "3c62b6a12571c9a7f65ab037173ee153d539905f", + "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1718025593, - "narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=", + "lastModified": 1719796208, + "narHash": "sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3", + "rev": "f7a029d41e49ff0747888105e1ed4314dca8436f", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717995329, - "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "58b52b0dd191af70f538c707c66c682331cfdffc", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719792669, - "narHash": "sha256-VtQjQGdRt6MzowlxEeub86i9Z/M7DNTNwFgZqLiZQVA=", + "lastModified": 1719825363, + "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e980b1051c444c81afcf2fee7e4a4c78489f1863", + "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1718139168, - "narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=", + "lastModified": 1719749022, + "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1", + "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", "type": "github" }, "original": { From 25f782e2fa2a696013e7103b0ddcd354614d3546 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 15:12:47 +0200 Subject: [PATCH 829/988] fix: snapperd config --- nixos/ninurta/configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 8bf36de..003cdbc 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -225,10 +225,10 @@ in SUBVOLUME = "/home"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = 24; - TIMELINE_LIMIT_DAILY = 13; - TIMELINE_LIMIT_WEEKLY = 6; - TIMELINE_LIMIT_MONTHLY = 3; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; configs.var = { SUBVOLUME = "/var"; From c25ecee64a3e7422a8191df8944c39cbad52e4e5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 1 Jul 2024 15:14:28 +0200 Subject: [PATCH 830/988] fix: all snapperd configs --- nixos/ninurta/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 003cdbc..1023d5f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -234,19 +234,19 @@ in SUBVOLUME = "/var"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = 24; - TIMELINE_LIMIT_DAILY = 13; - TIMELINE_LIMIT_WEEKLY = 6; - TIMELINE_LIMIT_MONTHLY = 3; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; configs.storage = { SUBVOLUME = "/mnt/storage"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = 24; - TIMELINE_LIMIT_DAILY = 13; - TIMELINE_LIMIT_WEEKLY = 6; - TIMELINE_LIMIT_MONTHLY = 3; + TIMELINE_LIMIT_HOURLY = "24"; + TIMELINE_LIMIT_DAILY = "13"; + TIMELINE_LIMIT_WEEKLY = "6"; + TIMELINE_LIMIT_MONTHLY = "3"; }; }; From 04ed7401af03557c9622e0928b201a5c227c167b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 2 Jul 2024 12:07:19 +0200 Subject: [PATCH 831/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/f7a029d41e49ff0747888105e1ed4314dca8436f' (2024-07-01) → 'github:nix-community/nixos-generators/140dcc2b9a0eb87ba5e9011076a1a7af19179ab1' (2024-07-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29) → 'github:NixOS/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/7dca15289a1c2990efbe4680f0923ce14139b042' (2024-06-30) → 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd' (2024-06-30) → 'github:numtide/treefmt-nix/bdb6355009562d8f9313d9460c0d3860f525bc6c' (2024-07-02) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8bea2a7..37e8d2e 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1719796208, - "narHash": "sha256-8lsuMR3rnX4yUPPjz04opgb30Z47sCgZu4TIszWBW9A=", + "lastModified": 1719841141, + "narHash": "sha256-WOyohxFJJdfDvEB7N3eTcX44lNU2rZes1inHsyHL7mM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "f7a029d41e49ff0747888105e1ed4314dca8436f", + "rev": "140dcc2b9a0eb87ba5e9011076a1a7af19179ab1", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719681865, - "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", + "lastModified": 1719895800, + "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", + "rev": "6e253f12b1009053eff5344be5e835f604bb64cd", "type": "github" }, "original": { @@ -248,11 +248,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1719707984, - "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1719749022, - "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", + "lastModified": 1719887753, + "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", + "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", "type": "github" }, "original": { From 7e464a5f2693beb45f6f3a4307f975595da9de9b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 2 Jul 2024 12:12:21 +0200 Subject: [PATCH 832/988] fix: overwrite flake registry set by NixOS --- nixos/modules/profiles/laptop.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index cc36988..85e8e86 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -20,8 +20,8 @@ with lib; { programs.ssh.enableAskPassword = true; programs.nix-ld.enable = true; - nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs; - nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs; + nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs); nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; From 149a4313013631a7d55e6c4c7a91430da1c856ca Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 4 Jul 2024 23:12:12 +0200 Subject: [PATCH 833/988] fix: allow forgejo to bind to tcp port 22 --- nixos/modules/gitea.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 0c808bc..259815a 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -74,6 +74,12 @@ in vmOverCommit = true; }; + systemd.services.forgejo.serviceConfig = { + AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE"; + CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE"; + PrivateUsers = lib.mkForce false; + }; + services.nginx.virtualHosts."git.${config.networking.domain}" = { enableACME = true; forceSSL = true; From b104e57b4d94877aedc22f6270e13cafd5a42bc0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 5 Jul 2024 00:23:42 +0200 Subject: [PATCH 834/988] feat: change remote to git.dadada.li --- flake.lock | 14 +++++--------- flake.nix | 2 +- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 37e8d2e..0e5392c 100644 --- a/flake.lock +++ b/flake.lock @@ -165,17 +165,13 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1714328013, - "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", - "owner": "dadada", - "repo": "dadada.li", - "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", - "type": "github" + "narHash": "sha256-3uMz0OG3OopSIilqI9Gx2fyQZe76YEOhRUx0qJM2kP4=", + "type": "file", + "url": "https://git.dadada.li/dadada/dadada.li.git" }, "original": { - "owner": "dadada", - "repo": "dadada.li", - "type": "github" + "type": "file", + "url": "https://git.dadada.li/dadada/dadada.li.git" } }, "nixlib": { diff --git a/flake.nix b/flake.nix index ccc986c..b2d98be 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "github:dadada/dadada.li"; + url = "https://git.dadada.li/dadada/dadada.li.git"; flake = false; }; agenix = { diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index c10979a..925f20e 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -24,7 +24,7 @@ with lib; { system.autoUpgrade = { enable = true; - flake = "github:dadada/nix-config#${config.networking.hostName}"; + flake = "https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From 4678969432208232cf3b9587fc75a1e3019b9408 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 5 Jul 2024 00:24:26 +0200 Subject: [PATCH 835/988] feat: add more supported locals To enable more units. --- nixos/modules/profiles/base.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index fdeb0ee..e375cc9 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -14,6 +14,12 @@ in keyMap = "us"; }; + i18n.supportedLocales = mkDefault [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "de_DE.UTF-8/UTF-8" + ]; + time.timeZone = mkDefault "Europe/Berlin"; nix.settings.substituters = [ https://cache.nixos.org/ ]; From cae05647661195f9588952aeb0123d52c6d72b12 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 20:40:29 +0200 Subject: [PATCH 836/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01) → 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-3uMz0OG3OopSIilqI9Gx2fyQZe76YEOhRUx0qJM2kP4%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-Q6hzrC9mtLnk1EA%2Bh262S09CGliVL1HsLnh8f3dqAn4%3D' • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/140dcc2b9a0eb87ba5e9011076a1a7af19179ab1' (2024-07-01) → 'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7' (2024-07-13) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/6e253f12b1009053eff5344be5e835f604bb64cd' (2024-07-02) → 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/10c832d0548e9e3a6df7eb51e68c2783212a303e' (2024-07-01) → 'github:NixOS/nixpkgs/732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd' (2024-07-15) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/d032c1a6dfad4eedec7e35e91986becc699d7d69' (2024-07-01) → 'github:NixOS/nixpkgs/53e81e790209e41f0c1efa9ff26ff2fd7ab35e27' (2024-07-14) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/bdb6355009562d8f9313d9460c0d3860f525bc6c' (2024-07-02) → 'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15) --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 0e5392c..bc928d6 100644 --- a/flake.lock +++ b/flake.lock @@ -148,11 +148,11 @@ ] }, "locked": { - "lastModified": 1719827385, - "narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=", + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "owner": "nix-community", "repo": "home-manager", - "rev": "391ca6e950c2525b4f853cbe29922452c14eda82", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "type": "github" }, "original": { @@ -165,7 +165,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-3uMz0OG3OopSIilqI9Gx2fyQZe76YEOhRUx0qJM2kP4=", + "narHash": "sha256-Q6hzrC9mtLnk1EA+h262S09CGliVL1HsLnh8f3dqAn4=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1719841141, - "narHash": "sha256-WOyohxFJJdfDvEB7N3eTcX44lNU2rZes1inHsyHL7mM=", + "lastModified": 1720859326, + "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "140dcc2b9a0eb87ba5e9011076a1a7af19179ab1", + "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", "type": "github" }, "original": { @@ -212,11 +212,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1719895800, - "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", + "lastModified": 1720737798, + "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "6e253f12b1009053eff5344be5e835f604bb64cd", + "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", "type": "github" }, "original": { @@ -228,11 +228,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1719825363, - "narHash": "sha256-2ASBatUTQWNIiTeBZRuxROu27MyOavVnzeCv7h40QNw=", + "lastModified": 1721079475, + "narHash": "sha256-wZ62hFCMTUG68u3hSUSJOCP/ltuE32Yb4dy7FfPCpso=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10c832d0548e9e3a6df7eb51e68c2783212a303e", + "rev": "732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd", "type": "github" }, "original": { @@ -244,11 +244,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1719838683, - "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", + "lastModified": 1720954236, + "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", + "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", "type": "github" }, "original": { @@ -311,11 +311,11 @@ ] }, "locked": { - "lastModified": 1719887753, - "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", + "lastModified": 1721059077, + "narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", + "rev": "0fb28f237f83295b4dd05e342f333b447c097398", "type": "github" }, "original": { From 0a5fe27bac5201876a573ba63fb8591159692609 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 21:17:45 +0200 Subject: [PATCH 837/988] fix: replace youtube-dl with yt-dlp --- home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 67bf482..76c8353 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -138,7 +138,7 @@ with pkgs; [ xsv # cut for csv unixtools.xxd xxh # portable shells - youtube-dl + yt-dlp # zotero Marked as insecure zeal zk From 0fa98de9c47e78814fdcafd25d79d37f4c979680 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 23:06:44 +0200 Subject: [PATCH 838/988] feat: enable system-monitor gnome extension --- home/dconf.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/dconf.nix b/home/dconf.nix index 4569a88..645827a 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -13,7 +13,8 @@ with lib.hm.gvariant; }; "org/gnome/shell" = { - disable-user-extensions = true; + disable-user-extensions = false; + enabled-extensions = [ "system-monitor@gnome-shell-extensions.gcampax.github.com" ]; }; "org/gnome/desktop/calendar" = { From d8dd90a8a6d579dd205445997f0fbb8dddf595c0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 17 Jul 2024 23:14:28 +0200 Subject: [PATCH 839/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-Q6hzrC9mtLnk1EA%2Bh262S09CGliVL1HsLnh8f3dqAn4%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu%2Bc%3D' --- flake.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index bc928d6..47ac290 100644 --- a/flake.lock +++ b/flake.lock @@ -165,7 +165,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-Q6hzrC9mtLnk1EA+h262S09CGliVL1HsLnh8f3dqAn4=", + "narHash": "sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu+c=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, From 09ee4d5f16657da6cfa979cd7afabcf735ea9f41 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 3 Aug 2024 14:22:20 +0200 Subject: [PATCH 840/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/1ebbe68d57457c8cae98145410b164b5477761f4' (2024-06-03) → 'github:numtide/devshell/67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae' (2024-07-27) • Removed input 'devshell/flake-utils' • Removed input 'devshell/flake-utils/systems' • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu%2Bc%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-0bBtcABZHBgodfmNPNXpp8Tr3SH7Hufx18xfiSb8cWo%3D' • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7' (2024-07-13) → 'github:nix-community/nixos-generators/75cbb2a5e19c18840d105a72d036c6c92fc46c5d' (2024-07-29) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6' (2024-06-30) → 'github:nix-community/nixpkgs.lib/d15f6f6021693898fcd2c6a9bb13707383da9bbc' (2024-07-28) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11) → 'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd' (2024-07-15) → 'github:NixOS/nixpkgs/15ed5d4537fd46399513bb040bf98415c825281b' (2024-08-02) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/53e81e790209e41f0c1efa9ff26ff2fd7ab35e27' (2024-07-14) → 'github:NixOS/nixpkgs/05405724efa137a0b899cce5ab4dde463b4fd30b' (2024-08-01) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/0fb28f237f83295b4dd05e342f333b447c097398' (2024-07-15) → 'github:numtide/treefmt-nix/768acdb06968e53aa1ee8de207fd955335c754b7' (2024-07-30) --- flake.lock | 82 ++++++++++++++++-------------------------------------- 1 file changed, 24 insertions(+), 58 deletions(-) diff --git a/flake.lock b/flake.lock index 47ac290..43efbdb 100644 --- a/flake.lock +++ b/flake.lock @@ -47,17 +47,16 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1717408969, - "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "lastModified": 1722113426, + "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", "owner": "numtide", "repo": "devshell", - "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", "type": "github" }, "original": { @@ -83,24 +82,6 @@ } }, "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": [ "systems" @@ -165,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-o3OFsygZjTRTzGQk231dii8LWZ9raLCRHxRr0sQwu+c=", + "narHash": "sha256-0bBtcABZHBgodfmNPNXpp8Tr3SH7Hufx18xfiSb8cWo=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -176,11 +157,11 @@ }, "nixlib": { "locked": { - "lastModified": 1719708727, - "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", + "lastModified": 1722128034, + "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", + "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", "type": "github" }, "original": { @@ -197,11 +178,11 @@ ] }, "locked": { - "lastModified": 1720859326, - "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", + "lastModified": 1722214420, + "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", + "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", "type": "github" }, "original": { @@ -212,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1720737798, - "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -228,11 +209,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1721079475, - "narHash": "sha256-wZ62hFCMTUG68u3hSUSJOCP/ltuE32Yb4dy7FfPCpso=", + "lastModified": 1722621932, + "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "732b4f3a3afdfe6a6c4fcb2511e529588d4e5ccd", + "rev": "15ed5d4537fd46399513bb040bf98415c825281b", "type": "github" }, "original": { @@ -244,11 +225,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1720954236, - "narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=", + "lastModified": 1722519197, + "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27", + "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b", "type": "github" }, "original": { @@ -263,14 +244,14 @@ "agenix": "agenix", "devshell": "devshell", "flake-registry": "flake-registry", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -289,21 +270,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -311,11 +277,11 @@ ] }, "locked": { - "lastModified": 1721059077, - "narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=", + "lastModified": 1722330636, + "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0fb28f237f83295b4dd05e342f333b447c097398", + "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", "type": "github" }, "original": { From 54988b2d849abb344be6925832a5416700686fe1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 8 Aug 2024 22:27:26 +0200 Subject: [PATCH 841/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'homepage': 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-PdJ1RA11vx3tM09YYAv3qAlKzENCZZITefHv6KbYhcY%3D' → 'https://git.dadada.li/dadada/dadada.li.git?narHash=sha256-/ir2S0iPNVw5btUtMpmeMy9gKGe/CC7KPrZiK1SFpEQ%3D' --- flake.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 43efbdb..605b1a8 100644 --- a/flake.lock +++ b/flake.lock @@ -146,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-0bBtcABZHBgodfmNPNXpp8Tr3SH7Hufx18xfiSb8cWo=", + "narHash": "sha256-/ir2S0iPNVw5btUtMpmeMy9gKGe/CC7KPrZiK1SFpEQ=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -157,11 +157,11 @@ }, "nixlib": { "locked": { - "lastModified": 1722128034, - "narHash": "sha256-L8rwzYPsLo/TYtydPJoQyYOfetuiyQYnTWYcyB8UE/s=", + "lastModified": 1722732880, + "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "d15f6f6021693898fcd2c6a9bb13707383da9bbc", + "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c", "type": "github" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1722214420, - "narHash": "sha256-qfHC1p5hcErGcE672/KhBkyWYloekQpqIxtcbcUVYkA=", + "lastModified": 1723078345, + "narHash": "sha256-HSxOQEKNZXiJe9aWnckTTCThOhcRCabwHa32IduDKLk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "75cbb2a5e19c18840d105a72d036c6c92fc46c5d", + "rev": "d6c5d29f58acc10ea82afff1de2b28f038f572bd", "type": "github" }, "original": { @@ -209,11 +209,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722621932, - "narHash": "sha256-Uz5xeHsH7+qZVncZwfzGd+CTjxd0mwaP7Q/pbs7OB5c=", + "lastModified": 1723070956, + "narHash": "sha256-bFOTvmkJ2c1ku+E0gvqmNEF2D1PSmujDFLofKAMF/pM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "15ed5d4537fd46399513bb040bf98415c825281b", + "rev": "7cec143201c32c4937f2c153af4a9f28a3d9bec1", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1722519197, - "narHash": "sha256-VEdJmVU2eLFtLqCjTYJd1J7+Go8idAcZoT11IewFiRg=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "05405724efa137a0b899cce5ab4dde463b4fd30b", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { From 879370e4a8d5f1434bff83befd0aff53fc789722 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:33:29 +0200 Subject: [PATCH 842/988] fix: nar hash of homepage --- flake.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 605b1a8..00fcf56 100644 --- a/flake.lock +++ b/flake.lock @@ -146,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-/ir2S0iPNVw5btUtMpmeMy9gKGe/CC7KPrZiK1SFpEQ=", + "narHash": "sha256-A6ottqpZYc3iLJvFg+DP2RNl9ypeskUeWyfdyyjpMZw=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, From 5c9eec85a150b634865f8c9e76a97f1c2ca6b55f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:33:48 +0200 Subject: [PATCH 843/988] feat: add switcher extension to gnome shell --- home/dconf.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index 645827a..b75fb2d 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -1,6 +1,10 @@ -{ lib, ... }: +{ lib, pkgs, ... }: with lib.hm.gvariant; { + home.packages = [ + pkgs.gnomeExtensions.switcher + ]; + dconf.settings = with lib.hm.gvariant; { "org/gnome/shell" = { favorite-apps = [ @@ -14,7 +18,10 @@ with lib.hm.gvariant; "org/gnome/shell" = { disable-user-extensions = false; - enabled-extensions = [ "system-monitor@gnome-shell-extensions.gcampax.github.com" ]; + enabled-extensions = [ + "system-monitor@gnome-shell-extensions.gcampax.github.com" + "switcher@landau.fi" + ]; }; "org/gnome/desktop/calendar" = { From e809610a63f7b559b1999a497cd3d6a93035134b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:34:10 +0200 Subject: [PATCH 844/988] feat: install krita and solvespace --- home/pkgs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 76c8353..ec1deb5 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -68,6 +68,7 @@ with pkgs; [ kcachegrind keepassxc kubetail + krita ldns liboping # oping, ping multiple hosts at once libreoffice @@ -117,6 +118,7 @@ with pkgs; [ skim # fzf in Rust slurp socat + solvespace spotify sqlite sshfs-fuse From b4889eec64e2fb69e333d965c6215f990be3e381 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 13 Aug 2024 17:35:33 +0200 Subject: [PATCH 845/988] chore: update flake inputs --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 00fcf56..29d1dc6 100644 --- a/flake.lock +++ b/flake.lock @@ -146,7 +146,7 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-A6ottqpZYc3iLJvFg+DP2RNl9ypeskUeWyfdyyjpMZw=", + "narHash": "sha256-d72V/oM66V48FbKzXx1Waj09c8VJUg+lbzFHRye40eQ=", "type": "file", "url": "https://git.dadada.li/dadada/dadada.li.git" }, @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1723078345, - "narHash": "sha256-HSxOQEKNZXiJe9aWnckTTCThOhcRCabwHa32IduDKLk=", + "lastModified": 1723444610, + "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d6c5d29f58acc10ea82afff1de2b28f038f572bd", + "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1723310128, + "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", "type": "github" }, "original": { @@ -209,11 +209,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723070956, - "narHash": "sha256-bFOTvmkJ2c1ku+E0gvqmNEF2D1PSmujDFLofKAMF/pM=", + "lastModified": 1723540975, + "narHash": "sha256-rxpxOz2VSqgmwI7g7FGVAoye5bxwO1MSpnELY5bsITw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7cec143201c32c4937f2c153af4a9f28a3d9bec1", + "rev": "fb81cec9eda2a6b5365ad723995f0329d9e356fd", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1722869614, - "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", + "lastModified": 1723400035, + "narHash": "sha256-WoKZDlBEdMhP+hjquBAh0BhUJbcH2+U8g2mHOr1mv8I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", + "rev": "a731b45590a5169542990c36ffcde6cebd9a3356", "type": "github" }, "original": { @@ -277,11 +277,11 @@ ] }, "locked": { - "lastModified": 1722330636, - "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", + "lastModified": 1723454642, + "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", + "rev": "349de7bc435bdff37785c2466f054ed1766173be", "type": "github" }, "original": { From 16e42c3177c3ad60f6996f0176e64a327faa7ce1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 16 Aug 2024 15:21:06 +0200 Subject: [PATCH 846/988] fix: gitea urls --- flake.lock | 40 +++++++++++++++++-------------- flake.nix | 2 +- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 29d1dc6..cd1f21a 100644 --- a/flake.lock +++ b/flake.lock @@ -146,22 +146,26 @@ "homepage": { "flake": false, "locked": { - "narHash": "sha256-d72V/oM66V48FbKzXx1Waj09c8VJUg+lbzFHRye40eQ=", - "type": "file", + "lastModified": 1714328013, + "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", + "ref": "refs/heads/main", + "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", + "revCount": 31, + "type": "git", "url": "https://git.dadada.li/dadada/dadada.li.git" }, "original": { - "type": "file", + "type": "git", "url": "https://git.dadada.li/dadada/dadada.li.git" } }, "nixlib": { "locked": { - "lastModified": 1722732880, - "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=", + "lastModified": 1723337705, + "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c", + "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a", "type": "github" }, "original": { @@ -178,11 +182,11 @@ ] }, "locked": { - "lastModified": 1723444610, - "narHash": "sha256-WzhuUR2ZwafNzBh0VAbk3+320xd2sNWdZdjZa0S9ydY=", + "lastModified": 1723683171, + "narHash": "sha256-hQMQQHOVVkiCO5hmbjI3EVimWFIkRNkGIGUhyIQ0mQ0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "a220fc3a6e144f12f0c3dc3e4d01d44c2e6b0b85", + "rev": "1cb3dc2f3af215ea40911de8fd0942c1ff3fb673", "type": "github" }, "original": { @@ -209,11 +213,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723540975, - "narHash": "sha256-rxpxOz2VSqgmwI7g7FGVAoye5bxwO1MSpnELY5bsITw=", + "lastModified": 1723746470, + "narHash": "sha256-xOWtLQpYetDWPlOvAo04as/ocpGTm1W556zfA24Vdh4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb81cec9eda2a6b5365ad723995f0329d9e356fd", + "rev": "9bbda8b76be48dd59d352199d06c24d61b94206a", "type": "github" }, "original": { @@ -225,11 +229,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1723400035, - "narHash": "sha256-WoKZDlBEdMhP+hjquBAh0BhUJbcH2+U8g2mHOr1mv8I=", + "lastModified": 1723688146, + "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a731b45590a5169542990c36ffcde6cebd9a3356", + "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", "type": "github" }, "original": { @@ -277,11 +281,11 @@ ] }, "locked": { - "lastModified": 1723454642, - "narHash": "sha256-S0Gvsenh0II7EAaoc9158ZB4vYyuycvMGKGxIbERNAM=", + "lastModified": 1723808491, + "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "349de7bc435bdff37785c2466f054ed1766173be", + "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b2d98be..c1836b5 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "https://git.dadada.li/dadada/dadada.li.git"; + url = "git+https://git.dadada.li/dadada/dadada.li.git"; flake = false; }; agenix = { diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 925f20e..e5b6d4c 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -24,7 +24,7 @@ with lib; { system.autoUpgrade = { enable = true; - flake = "https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; + flake = "git+https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From fc616b7be6468b2e18407356728fbc06eb652c78 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 16 Aug 2024 15:33:58 +0200 Subject: [PATCH 847/988] fix: use tar.gz archive instead of git URL --- flake.lock | 10 ++++------ flake.nix | 2 +- nixos/modules/profiles/server.nix | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index cd1f21a..5bd2c90 100644 --- a/flake.lock +++ b/flake.lock @@ -148,15 +148,13 @@ "locked": { "lastModified": 1714328013, "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", - "ref": "refs/heads/main", "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", - "revCount": 31, - "type": "git", - "url": "https://git.dadada.li/dadada/dadada.li.git" + "type": "tarball", + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/b971b5905b38be19b4fa4e7d99a70df0aebfba28.tar.gz" }, "original": { - "type": "git", - "url": "https://git.dadada.li/dadada/dadada.li.git" + "type": "tarball", + "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, "nixlib": { diff --git a/flake.nix b/flake.nix index c1836b5..1e28a54 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { - url = "git+https://git.dadada.li/dadada/dadada.li.git"; + url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; flake = false; }; agenix = { diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index e5b6d4c..d26358c 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -24,7 +24,7 @@ with lib; { system.autoUpgrade = { enable = true; - flake = "git+https://git.dadada.li/dadada/nix-config.git#${config.networking.hostName}"; + flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}"; allowReboot = mkDefault false; randomizedDelaySec = "45min"; }; From 9d91b0388643347eb9bade80fa6b28037a5cf104 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 25 Aug 2024 17:53:19 +0200 Subject: [PATCH 848/988] chore: update homepage --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5bd2c90..e86e642 100644 --- a/flake.lock +++ b/flake.lock @@ -146,11 +146,11 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1714328013, - "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=", - "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28", + "lastModified": 1724600377, + "narHash": "sha256-EdDHxZNjXtWG5CUUznbXF/ktkHWOvl3vDOi90cdE4cU=", + "rev": "40b6196abf7a066e93c68f48f3109b587dad44bf", "type": "tarball", - "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/b971b5905b38be19b4fa4e7d99a70df0aebfba28.tar.gz" + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/40b6196abf7a066e93c68f48f3109b587dad44bf.tar.gz" }, "original": { "type": "tarball", From 532c25a0c5734019c1db591458f58f7bb582fd72 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Sep 2024 16:34:40 +0200 Subject: [PATCH 849/988] chore: update flake inputs --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index e86e642..aa39a63 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726818100, + "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", "type": "github" }, "original": { @@ -159,11 +159,11 @@ }, "nixlib": { "locked": { - "lastModified": 1723337705, - "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=", + "lastModified": 1726362065, + "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a", + "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", "type": "github" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1723683171, - "narHash": "sha256-hQMQQHOVVkiCO5hmbjI3EVimWFIkRNkGIGUhyIQ0mQ0=", + "lastModified": 1726817511, + "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "1cb3dc2f3af215ea40911de8fd0942c1ff3fb673", + "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", "type": "github" }, "original": { @@ -195,11 +195,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1723310128, - "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=", + "lastModified": 1726724509, + "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf", + "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723746470, - "narHash": "sha256-xOWtLQpYetDWPlOvAo04as/ocpGTm1W556zfA24Vdh4=", + "lastModified": 1726688310, + "narHash": "sha256-Xc9lEtentPCEtxc/F1e6jIZsd4MPDYv4Kugl9WtXlz0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9bbda8b76be48dd59d352199d06c24d61b94206a", + "rev": "dbebdd67a6006bb145d98c8debf9140ac7e651d0", "type": "github" }, "original": { @@ -227,11 +227,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1726447378, + "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", "type": "github" }, "original": { @@ -279,11 +279,11 @@ ] }, "locked": { - "lastModified": 1723808491, - "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", + "lastModified": 1726734507, + "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", + "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", "type": "github" }, "original": { From 11ac1b84b78831ed590356b214246d350b66cbac Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Sep 2024 18:23:32 +0200 Subject: [PATCH 850/988] feat: upgrade to Lix --- flake.lock | 53 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 5 ++++ nixos/configurations.nix | 14 ++++++++--- outputs.nix | 1 + 4 files changed, 69 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index aa39a63..9cc797c 100644 --- a/flake.lock +++ b/flake.lock @@ -101,6 +101,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -157,6 +172,43 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1723503926, + "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", + "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723510904, + "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", + "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + } + }, "nixlib": { "locked": { "lastModified": 1726362065, @@ -249,6 +301,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", + "lix-module": "lix-module", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 1e28a54..5e512b9 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,11 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 41aabe8..040ec6b 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,5 +1,6 @@ { self , agenix +, lix-module , nixpkgs , nixpkgs-full , home-manager @@ -9,13 +10,17 @@ , ... }@inputs: let + lixModule = lix-module.nixosModules.default; + nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { inherit system; - modules = [{ - - nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; - }] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; + modules = [ + lixModule + { + nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; + } + ] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; }; in { @@ -68,6 +73,7 @@ in installer = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + lixModule nixos-generators.nixosModules.install-iso self.nixosModules.admin { diff --git a/outputs.nix b/outputs.nix index b96b7bb..efa3dab 100644 --- a/outputs.nix +++ b/outputs.nix @@ -3,6 +3,7 @@ , flake-utils , flake-registry , homepage +, lix-module , nixpkgs , home-manager , nixos-hardware From 34ae7f3748943ca6c2eea7373ccfed3754d538fd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 26 Sep 2024 10:16:38 +0200 Subject: [PATCH 851/988] chore: update flake inputs --- flake.lock | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 9cc797c..b76b11c 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1726818100, - "narHash": "sha256-z2V74f5vXqkN5Q+goFlhbFXY/dNaBAyeLpr2bxu4Eic=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "1bbc1a5a1f4de7401c92db85b2119ed21bb4139d", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -161,11 +161,11 @@ "homepage": { "flake": false, "locked": { - "lastModified": 1724600377, - "narHash": "sha256-EdDHxZNjXtWG5CUUznbXF/ktkHWOvl3vDOi90cdE4cU=", - "rev": "40b6196abf7a066e93c68f48f3109b587dad44bf", + "lastModified": 1727338449, + "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=", + "rev": "60398d3d728a0057b4cad49879ef637c06b28371", "type": "tarball", - "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/40b6196abf7a066e93c68f48f3109b587dad44bf.tar.gz" + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371" }, "original": { "type": "tarball", @@ -202,7 +202,7 @@ "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" }, "original": { "type": "tarball", @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1726362065, - "narHash": "sha256-4h15WKdrs9zf6DGaeeV7ntU/pHHGkH6geYt1QBW0CP4=", + "lastModified": 1726966855, + "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "9db4db09d82e4b2207bfa7f1e747a4f49d214555", + "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1726817511, - "narHash": "sha256-r3R7zZzGklN0udSO/JhWbU/xyq6i1aXKKwfs33LUVls=", + "lastModified": 1727312535, + "narHash": "sha256-exnTgS6OBYvEa8v5x8UsLQK2ERdDFwXNFQHoT2cqycY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "bfa25c9065f4cb5d884a0ad70f6e82f55ae90448", + "rev": "f31447cd3f8e54674bd1675969e97e6043a309bc", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726724509, - "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", + "lastModified": 1727040444, + "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", + "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726688310, - "narHash": "sha256-Xc9lEtentPCEtxc/F1e6jIZsd4MPDYv4Kugl9WtXlz0=", + "lastModified": 1727284797, + "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dbebdd67a6006bb145d98c8debf9140ac7e651d0", + "rev": "37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1726447378, - "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1726734507, - "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", + "lastModified": 1727252110, + "narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", + "rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", "type": "github" }, "original": { From 0ea73f318775e514f9067f6e1c78a5048b5d6aec Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 9 Oct 2024 21:04:52 +0200 Subject: [PATCH 852/988] fix: enable ACME for weechat.dadada.li --- nixos/modules/weechat.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index 340f64c..e3d8f48 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -34,7 +34,7 @@ in }; }; services.nginx.virtualHosts."weechat.dadada.li" = { - useACMEHost = "webchat.dadada.li"; + enableACME = true; forceSSL = true; root = "${pkgs.nginx}/html"; From 8317113c6b1a2d55cebf018a64badb5943101e61 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 23 Oct 2024 21:33:16 +0200 Subject: [PATCH 853/988] chore: update nixpkgs --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index b76b11c..8dce0f2 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1722113426, - "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "owner": "numtide", "repo": "devshell", - "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1726966855, - "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=", + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1727312535, - "narHash": "sha256-exnTgS6OBYvEa8v5x8UsLQK2ERdDFwXNFQHoT2cqycY=", + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "f31447cd3f8e54674bd1675969e97e6043a309bc", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1729690929, + "narHash": "sha256-cTSekmupaDfrhlpLhBUBrU9mUzBaD6mYsMveTX0bKDg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "64d900abe40057393148bc0283d35c2254dd4f57", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727284797, - "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", + "lastModified": 1729675617, + "narHash": "sha256-XAnP0mq9JdMEwEcwATPV7rPp1+ORV8G4rCX6GplYfDA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d", + "rev": "f885d67e3dbd2afe0c779a9f763ddf7a4b603d97", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1727264057, - "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", + "lastModified": 1729449015, + "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", + "rev": "89172919243df199fe237ba0f776c3e3e3d72367", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1727252110, - "narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", + "lastModified": 1729613947, + "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", + "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca", "type": "github" }, "original": { From 61530cc51318713f3da8cb6bffac150b2c8eb4b3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 30 Oct 2024 21:00:27 +0100 Subject: [PATCH 854/988] feat: power management settings --- home/dconf.nix | 8 ++++---- nixos/gorgon/configuration.nix | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index b75fb2d..7fb2800 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -176,11 +176,11 @@ with lib.hm.gvariant; }; "org/gnome/settings-daemon/plugins/power" = { - idle-dim = false; - power-button-action = "hibernate"; + idle-dim = true; + power-button-action = "interactive"; power-saver-profile-on-low-battery = true; - sleep-inactive-ac-type = "nothing"; - sleep-inactive-battery-timeout = 3600; + sleep-inactive-ac-type = "blank"; + sleep-inactive-battery-timeout = 600; sleep-inactive-battery-type = "suspend"; }; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index b2da49d..fd61298 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -143,6 +143,10 @@ in systemd.services.modem-manager.enable = lib.mkForce false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + systemd.sleep.extraConfig = '' + HibernateDelaySec=1h + ''; + services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From c256637dddf9d5be8f25be484ce8ff82b6bee512 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 30 Oct 2024 21:08:17 +0100 Subject: [PATCH 855/988] chore: update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/64d900abe40057393148bc0283d35c2254dd4f57' (2024-10-23) → 'github:NixOS/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f885d67e3dbd2afe0c779a9f763ddf7a4b603d97' (2024-10-23) → 'github:NixOS/nixpkgs/6aa8749b515f9dec000b24794b2787b64037db51' (2024-10-29) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/89172919243df199fe237ba0f776c3e3e3d72367' (2024-10-20) → 'github:NixOS/nixpkgs/64b80bfb316b57cdb8919a9110ef63393d74382a' (2024-10-28) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/aac86347fb5063960eccb19493e0cadcdb4205ca' (2024-10-22) → 'github:numtide/treefmt-nix/9ef337e492a5555d8e17a51c911ff1f02635be15' (2024-10-28) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 8dce0f2..2c62bcf 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729690929, - "narHash": "sha256-cTSekmupaDfrhlpLhBUBrU9mUzBaD6mYsMveTX0bKDg=", + "lastModified": 1730161780, + "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "64d900abe40057393148bc0283d35c2254dd4f57", + "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729675617, - "narHash": "sha256-XAnP0mq9JdMEwEcwATPV7rPp1+ORV8G4rCX6GplYfDA=", + "lastModified": 1730189606, + "narHash": "sha256-LgkEB/b9JRWdGHx95mxSWPV5PaSPp8Aau+lsbDUXb44=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f885d67e3dbd2afe0c779a9f763ddf7a4b603d97", + "rev": "6aa8749b515f9dec000b24794b2787b64037db51", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1729449015, - "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", + "lastModified": 1730137625, + "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1729613947, - "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=", + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", "type": "github" }, "original": { From 80bbfb43ac2e38348e871075b151f4be134e9f7d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 10 Nov 2024 15:34:29 +0100 Subject: [PATCH 856/988] feat(ninurta): remove agares from monitoring --- nixos/ninurta/monitoring.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix index 9a0b983..c8bee05 100644 --- a/nixos/ninurta/monitoring.nix +++ b/nixos/ninurta/monitoring.nix @@ -19,9 +19,6 @@ [surgat] address 10.3.3.1 - - [agares] - address 10.3.3.2 ''; }; services.munin-node.enable = true; From 3824effcb63d9b1306a8a9fcbf47b5337bbbd8f4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 17 Nov 2024 00:36:34 +0100 Subject: [PATCH 857/988] chore: update dependencies --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 2c62bcf..a946b3d 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ ] }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1729386149, - "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", + "lastModified": 1731200463, + "narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", + "rev": "e04234d263750db01c78a412690363dc2226e68a", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1729472750, - "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", + "lastModified": 1731546190, + "narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", + "rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730161780, - "narHash": "sha256-z5ILcmwMtiCoHTXS1KsQWqigO7HJO8sbyK7f7wn9F/E=", + "lastModified": 1731797098, + "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "07d15e8990d5d86a631641b4c429bc0a7400cfb8", + "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730189606, - "narHash": "sha256-LgkEB/b9JRWdGHx95mxSWPV5PaSPp8Aau+lsbDUXb44=", + "lastModified": 1731663789, + "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6aa8749b515f9dec000b24794b2787b64037db51", + "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1730137625, - "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=", + "lastModified": 1731652201, + "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a", + "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1730120726, - "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "lastModified": 1730321837, + "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", + "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", "type": "github" }, "original": { From b7ed2f7ec01eac2142ee08c44fcf99d285649493 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 17 Nov 2024 00:50:21 +0100 Subject: [PATCH 858/988] feat(home): remove jujutsu from pkgs --- home/pkgs.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index ec1deb5..3b1d6ec 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -61,8 +61,6 @@ with pkgs; [ jameica jc # convert output to json josm - jujutsu - jq jq #jupyter kcachegrind From 806da7a64630973ce7e532ff9ed7ddd5034da1d7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 15:58:42 +0100 Subject: [PATCH 859/988] feat: add udev rules from libsigrok --- nixos/gorgon/configuration.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index fd61298..beadbc6 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -147,7 +147,12 @@ in HibernateDelaySec=1h ''; - services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ]; + services.udev.packages = [ + xilinxJtag + saleaeLogic + keychron + pkgs.libsigrok + ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; From c70621ece1e90fdeb69e98e845f49271cf66c7c1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 16:00:50 +0100 Subject: [PATCH 860/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/06ffce1a8d95e95c06a4bcfa117dd960b14a7101' (2024-11-14) → 'github:nix-community/nixos-generators/3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c' (2024-11-21) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/e04234d263750db01c78a412690363dc2226e68a' (2024-11-10) → 'github:nix-community/nixpkgs.lib/b9f04e3cf71c23bea21d2768051e6b3068d44734' (2024-11-17) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/035d434d48f4375ac5d3a620954cf5fda7dd7c36' (2024-11-15) → 'github:NixOS/nixpkgs/df94f897ffe1af1bcd60cb68697c5d8e6431346e' (2024-11-22) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/c21b77913ea840f8bcf9adf4c41cecc2abffd38d' (2024-11-15) → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/746901bb8dba96d154b66492a29f5db0693dbfcc' (2024-10-30) → 'github:numtide/treefmt-nix/705df92694af7093dfbb27109ce16d828a79155f' (2024-11-22) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index a946b3d..21ec40c 100644 --- a/flake.lock +++ b/flake.lock @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1731200463, - "narHash": "sha256-qDaAweJjdFbVExqs8aG27urUgcgKufkIngHW3Rzustg=", + "lastModified": 1731805462, + "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e04234d263750db01c78a412690363dc2226e68a", + "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1731546190, - "narHash": "sha256-kJix8nLyFIJ3EC7VtoXK/85C4ZN2dC5oWoS8+ErehqI=", + "lastModified": 1732151224, + "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "06ffce1a8d95e95c06a4bcfa117dd960b14a7101", + "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731663789, - "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", + "lastModified": 1732244845, + "narHash": "sha256-aspop5sCDNpDMS23BplGFtQDadwkSb/sOxpuC3lafvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", + "rev": "df94f897ffe1af1bcd60cb68697c5d8e6431346e", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1731652201, - "narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1730321837, - "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=", + "lastModified": 1732292307, + "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc", + "rev": "705df92694af7093dfbb27109ce16d828a79155f", "type": "github" }, "original": { From 3bf0f03c0b36818612f5259ff1e14a1c0a29c9a3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 16:08:10 +0100 Subject: [PATCH 861/988] feat: remove unused nixos/sway module --- nixos/modules/sway.nix | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 nixos/modules/sway.nix diff --git a/nixos/modules/sway.nix b/nixos/modules/sway.nix deleted file mode 100644 index 190d13e..0000000 --- a/nixos/modules/sway.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, pkgs, lib, ... }: -let - cfg = config.dadada.sway; -in -{ - options = { - dadada.sway.enable = lib.mkEnableOption "Enable sway"; - }; - - config = lib.mkIf cfg.enable { - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - wrapperFeatures.base = true; - extraPackages = with pkgs; [ - qt5.qtwayland - swayidle - xwayland - mako - kanshi - kitty - i3status - bemenu - xss-lock - swaylock - brightnessctl - playerctl - ]; - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - # needs qt5.qtwayland in systemPackages - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - # Fix for some Java AWT applications (e.g. Android Studio), - # use this if they aren't displayed properly: - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - }; - }; -} From 4e9118e3736c67a0ef542b39e71f86ea357f17fa Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 18:28:34 +0100 Subject: [PATCH 862/988] feat(home): add foot config --- home/default.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/home/default.nix b/home/default.nix index 35bd006..a95f898 100644 --- a/home/default.nix +++ b/home/default.nix @@ -127,6 +127,41 @@ in Install.WantedBy = [ "multi-user.target" ]; }; + programs.foot = { + enable = true; + server.enable = false; + settings = { + main = { + shell = "tmux"; + font = "Jetbrains Mono:size=8"; + dpi-aware = false; + }; + mouse.hide-when-typing = true; + csd.preferred = "none"; + cursor.color = "fdf6e3 586e75"; + colors = { + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; + regular1 = "dc322f"; + regular2 = "859900"; + regular3 = "b58900"; + regular4 = "268bd2"; + regular5 = "d33682"; + regular6 = "2aa198"; + regular7 = "073642"; + bright0 = "cb4b16"; + bright1 = "fdf6e3"; + bright2 = "93a1a1"; + bright3 = "839496"; + bright4 = "657b83"; + bright5 = "6c71c4"; + bright6 = "586e75"; + bright7 = "002b36"; + }; + }; + }; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 0a6e4f99c4f190bd578cedd2e776700dadaa325d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 18:48:14 +0100 Subject: [PATCH 863/988] feat: configure sway --- home/config | 229 +++++++++++++++++++++++++++++++++ home/default.nix | 2 + home/modules/xdg.nix | 1 + nixos/gorgon/configuration.nix | 39 +++++- 4 files changed, 267 insertions(+), 4 deletions(-) create mode 100644 home/config diff --git a/home/config b/home/config new file mode 100644 index 0000000..b379fba --- /dev/null +++ b/home/config @@ -0,0 +1,229 @@ +# Read `man 5 sway` for a complete reference. + +### Variables +# +# Logo key. Use Mod1 for Alt. +set $mod Mod4 +# Home row direction keys, like vim +set $left h +set $down j +set $up k +set $right l +# Your preferred terminal emulator +set $term foot +# Your preferred application launcher +# Note: pass the final command to swaymsg so that the resulting window can be opened +# on the original workspace that the command was run on. +set $menu dmenu_path | wmenu | xargs swaymsg exec -- + +### Output configuration +# +# Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) +output * bg ~/lib/pictures/camera/Camera/PXL_20240302_142813383.jpg fill + +### Idle configuration +# +# Example configuration: +# +exec swayidle -w \ + timeout 300 'swaylock -f -c 000000' \ + timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ + before-sleep 'swaylock -f -c 000000' +# +# This will lock your screen after 300 seconds of inactivity, then turn off +# your displays after another 300 seconds, and turn your screens back on when +# resumed. It will also lock your screen before your computer goes to sleep. + +input * { + xkb_layout eu + xkb_model pc105+inet + xkb_options caps:escape + drag_lock enabled + drag enabled + dwt enabled + tap enabled + tap_button_map lrm + natural_scroll enabled +} + +### Key bindings +# +# Basics: +# +# Start a terminal +bindsym $mod+Return exec $term + +# Kill focused window +bindsym $mod+Shift+q kill + +# Start your launcher +bindsym $mod+d exec $menu + +# Drag floating windows by holding down $mod and left mouse button. +# Resize them with right mouse button + $mod. +# Despite the name, also works for non-floating windows. +# Change normal to inverse to use left mouse button for resizing and right +# mouse button for dragging. +floating_modifier $mod normal + +# Lock the screen +bindsym XF86Sleep exec 'swaylock -f -c 000000' + +# Reload the configuration file +bindsym $mod+Shift+c reload + +# Exit sway (logs you out of your Wayland session) +bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' + +# Brightness +bindsym --locked XF86MonBrightnessDown exec light -U 10 +bindsym --locked XF86MonBrightnessUp exec light -A 10 + +# Volume +bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' +bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' +bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' + +# +# Moving around: +# +# Move your focus around +bindsym $mod+$left focus left +bindsym $mod+$down focus down +bindsym $mod+$up focus up +bindsym $mod+$right focus right +# Or use $mod+[up|down|left|right] +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Move the focused window with the same, but add Shift +bindsym $mod+Shift+$left move left +bindsym $mod+Shift+$down move down +bindsym $mod+Shift+$up move up +bindsym $mod+Shift+$right move right +# Ditto, with arrow keys +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# +# Workspaces: +# +# Switch to workspace +bindsym $mod+1 workspace number 1 +bindsym $mod+2 workspace number 2 +bindsym $mod+3 workspace number 3 +bindsym $mod+4 workspace number 4 +bindsym $mod+5 workspace number 5 +bindsym $mod+6 workspace number 6 +bindsym $mod+7 workspace number 7 +bindsym $mod+8 workspace number 8 +bindsym $mod+9 workspace number 9 +bindsym $mod+0 workspace number 10 +# Move focused container to workspace +bindsym $mod+Shift+1 move container to workspace number 1 +bindsym $mod+Shift+2 move container to workspace number 2 +bindsym $mod+Shift+3 move container to workspace number 3 +bindsym $mod+Shift+4 move container to workspace number 4 +bindsym $mod+Shift+5 move container to workspace number 5 +bindsym $mod+Shift+6 move container to workspace number 6 +bindsym $mod+Shift+7 move container to workspace number 7 +bindsym $mod+Shift+8 move container to workspace number 8 +bindsym $mod+Shift+9 move container to workspace number 9 +bindsym $mod+Shift+0 move container to workspace number 10 +# Note: workspaces can have any name you want, not just numbers. +# We just use 1-10 as the default. + +# +# Layout stuff: +# +# You can "split" the current object of your focus with +# $mod+b or $mod+v, for horizontal and vertical splits +# respectively. +bindsym $mod+b splith +bindsym $mod+v splitv + +# Switch the current container between different layout styles +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +bindsym $mod+e layout toggle split + +# Make the current focus fullscreen +bindsym $mod+f fullscreen + +# Toggle the current focus between tiling and floating mode +bindsym $mod+Shift+space floating toggle + +# Swap focus between the tiling area and the floating area +bindsym $mod+space focus mode_toggle + +# Move focus to the parent container +bindsym $mod+a focus parent + +# +# Font +# +font "pango:Jetbrains Mono 8" + +# +# Scratchpad: +# +# Sway has a "scratchpad", which is a bag of holding for windows. +# You can send windows there and get them back later. + +# Move the currently focused window to the scratchpad +bindsym $mod+Shift+minus move scratchpad + +# Show the next scratchpad window or hide the focused scratchpad window. +# If there are multiple scratchpad windows, this command cycles through them. +bindsym $mod+minus scratchpad show + +# +# Resizing containers: +# +mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" + +# +# Status Bar: +# +# Read `man 5 sway-bar` for more information about this section. +bar { + position top + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command while date +'%Y-%m-%d %X'; do sleep 1; done + + colors { + statusline #ffffff + background #323232 + inactive_workspace #32323200 #32323200 #5c5c5c + } +} + +include /etc/sway/config.d/* + +exec sleep 5; systemctl --user start kanshi.service diff --git a/home/default.nix b/home/default.nix index a95f898..56298f0 100644 --- a/home/default.nix +++ b/home/default.nix @@ -162,6 +162,8 @@ in }; }; + home.file.".config/sway/config".source = ./config; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index b093eca..bb96a7d 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -29,6 +29,7 @@ in config = mkIf cfg.enable { xdg = { enable = true; + configHome = "${config.home.homeDirectory}/.config"; mimeApps = { enable = false; associations.added = apps; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index beadbc6..776165a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -125,9 +125,13 @@ in }; environment.systemPackages = with pkgs; [ - chromium ghostscript smartmontools + + grim # screenshot functionality + slurp # screenshot functionality + mako # notification system developed by swaywm maintainer + pulseaudio ]; networking.firewall = { @@ -208,9 +212,36 @@ in services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; - services.xserver.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.displayManager.gdm.enable = true; + #services.xserver.enable = true; + #services.xserver.desktopManager.gnome.enable = true; + #services.xserver.displayManager.gdm.enable = true; + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + user = "greeter"; + }; + }; + }; + systemd.user.services.kanshi = { + description = "kanshi daemon"; + environment = { + WAYLAND_DISPLAY = "wayland-1"; + DISPLAY = ":0"; + }; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.kanshi}/bin/kanshi''; + }; + }; + # enable Sway window manager + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + programs.light.enable = true; + xdg.portal.wlr.enable = true; hardware.opengl = { enable = true; From 168056ce39135c6495a38c107d8c6e0cdddba4a5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 24 Nov 2024 19:16:34 +0100 Subject: [PATCH 864/988] chore: upgrade to 24.11 --- flake.lock | 44 +++++++++++++++--------------- flake.nix | 8 +++--- home/modules/alacritty/default.nix | 1 - home/modules/xdg.nix | 2 +- home/pkgs.nix | 2 +- nixos/gorgon/configuration.nix | 1 + nixos/ninurta/configuration.nix | 4 +-- 7 files changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 21ec40c..baa2c4e 100644 --- a/flake.lock +++ b/flake.lock @@ -144,16 +144,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -175,15 +175,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1723503926, - "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", - "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" } }, "lix-module": { @@ -198,15 +198,15 @@ ] }, "locked": { - "lastModified": 1723510904, - "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", - "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" } }, "nixlib": { @@ -263,32 +263,32 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732244845, - "narHash": "sha256-aspop5sCDNpDMS23BplGFtQDadwkSb/sOxpuC3lafvo=", + "lastModified": 1732237847, + "narHash": "sha256-WwtrPxym9sQtwZkemxUfT00iCWfXxzuVAC7uFP1m1Y0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "df94f897ffe1af1bcd60cb68697c5d8e6431346e", + "rev": "9bbcb9a5a7e54369faaced5fb0ddad1fda21b751", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "nixos-24.11-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-full": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 5e512b9..3ab6e15 100644 --- a/flake.nix +++ b/flake.nix @@ -2,14 +2,14 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; - nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; + nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; @@ -26,7 +26,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 0b84642..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -11,7 +11,6 @@ in enable = mkEnableOption "Enable alacritty config"; }; config = mkIf cfg.enable { - fonts.fontconfig.enable = true; home.packages = [ pkgs.jetbrains-mono ]; diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index bb96a7d..cccf70e 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -47,7 +47,7 @@ in home.packages = with pkgs; [ evince firefox - xdg_utils + xdg-utils ]; }; } diff --git a/home/pkgs.nix b/home/pkgs.nix index 3b1d6ec..8c1657f 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -133,7 +133,7 @@ with pkgs; [ vscodium whois wireshark - xdg_utils + xdg-utils xmlstarlet xsv # cut for csv unixtools.xxd diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 776165a..3b5a8e9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -242,6 +242,7 @@ in }; programs.light.enable = true; xdg.portal.wlr.enable = true; + hardware.bluetooth.enable = true; hardware.opengl = { enable = true; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 1023d5f..2a9e837 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -158,7 +158,7 @@ in services.hydra = { enable = true; - package = pkgs.hydra-unstable; + package = pkgs.hydra; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; @@ -394,7 +394,7 @@ in services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome = { enable = true; - extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + extraGSettingsOverridePackages = with pkgs; [ gnome.gnome-settings-daemon ]; extraGSettingsOverrides = '' [org.gnome.desktop.screensaver] lock-delay=uint32 30 From bd89f8498e8a22a13fec71e74c680a40ce159b1e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 25 Nov 2024 00:02:08 +0100 Subject: [PATCH 865/988] feat: update wallpaper --- home/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/config b/home/config index b379fba..c77a6b7 100644 --- a/home/config +++ b/home/config @@ -19,7 +19,7 @@ set $menu dmenu_path | wmenu | xargs swaymsg exec -- ### Output configuration # # Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) -output * bg ~/lib/pictures/camera/Camera/PXL_20240302_142813383.jpg fill +output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill ### Idle configuration # From 71de97484728331ec3eb0f1f6d2ca57f69b7bbf3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 25 Nov 2024 00:02:41 +0100 Subject: [PATCH 866/988] fix: disable shared shell history There is some bug preventing the fzf history selection from the widget to be pasted. --- home/modules/zsh.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 58cef5b..ab51e59 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -26,7 +26,9 @@ in ignoreDups = true; ignoreSpace = true; save = 100000; - share = true; + # FIXME https://github.com/junegunn/fzf/issues/4061 + #share = true; + share = false; }; plugins = [ ]; From cf26daecee2d42c9ac9b473bc8d7736997cb0743 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 25 Nov 2024 00:03:44 +0100 Subject: [PATCH 867/988] fix: actually start kanshi --- nixos/gorgon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 3b5a8e9..85bb03d 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -225,6 +225,7 @@ in }; }; systemd.user.services.kanshi = { + enable = true; description = "kanshi daemon"; environment = { WAYLAND_DISPLAY = "wayland-1"; From 429f906a1ab25b7dff7c613e086d4c27b5e652d8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 30 Nov 2024 18:29:51 +0100 Subject: [PATCH 868/988] feat: add status script --- home/config | 2 +- home/default.nix | 1 + home/pkgs.nix | 5 +- home/status | 113 +++++++++++++++++++++++++++++++++ nixos/gorgon/configuration.nix | 1 + 5 files changed, 120 insertions(+), 2 deletions(-) create mode 100755 home/status diff --git a/home/config b/home/config index c77a6b7..bc01bb6 100644 --- a/home/config +++ b/home/config @@ -215,7 +215,7 @@ bar { # When the status_command prints a new line to stdout, swaybar updates. # The default just shows the current date and time. - status_command while date +'%Y-%m-%d %X'; do sleep 1; done + status_command ~/.config/sway/status colors { statusline #ffffff diff --git a/home/default.nix b/home/default.nix index 56298f0..15514f9 100644 --- a/home/default.nix +++ b/home/default.nix @@ -163,6 +163,7 @@ in }; home.file.".config/sway/config".source = ./config; + home.file.".config/sway/status".source = ./status; # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/home/pkgs.nix b/home/pkgs.nix index 8c1657f..0fb833c 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -102,7 +102,10 @@ with pkgs; [ prusa-slicer pv pwgen - python3 + (python3.withPackages (python-pkgs: with python-pkgs; [ + pandas + requests + ])) ranger recipemd reptyr diff --git a/home/status b/home/status new file mode 100755 index 0000000..176467a --- /dev/null +++ b/home/status @@ -0,0 +1,113 @@ +#!/usr/bin/env python3 + +import json +import sys +import time +import requests +import logging + +from datetime import datetime + +logger = logging.getLogger(__name__) + + +class Status: + def status(self): + return None + + +class Cat(Status): + index = 0 + + def status(self): + cat_width = 200 + index = self.index + catwalk = " " * (cat_width - index) + 1 * "ðŸˆðŸ³ï¸â€ðŸŒˆ" + " " * index + self.index = (index + 1) % cat_width + + return catwalk + + +class Space(Status): + backoff = 0 + c_status = None + + def status(self): + backoff = self.backoff + if self.backoff == 0: + self.update() + + return self.c_status + + def update(self): + spacestatus_url = "https://status.stratum0.org/status.json" + resp = requests.get(url=spacestatus_url) + self.backoff = (self.backoff + 1) % 120 + data = resp.json() + if data["isOpen"]: + since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M") + spacestatus = f"Space is open since {since}" + else: + spacestatus = "Space is closed" + self.c_status = spacestatus + + +class Battery(Status): + capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r') + status_file = open('/sys/class/power_supply/BAT0/status', 'r') + + def status(self): + self.status_file.seek(0) + status = self.status_file.read().rstrip() + + self.capacity_file.seek(0) + capacity = self.capacity_file.read().rstrip() + + battery = f"{status} {capacity}%" + + return battery + + +class Time(Status): + def status(state): + return datetime.now().strftime("%Vth %A %H:%M") + + +def print_header(): + header = { + "version": 1, + "click_events": False, + } + print(json.dumps(header)) + print("[") + + +def run(interval, widgets): + print_header() + + while True: + body = [] + + for widget in widgets: + try: + status = widget.status() + except Exception as e: + logger.error(e) + if status: + body += {"full_text": f"{status}"}, + + print(json.dumps(body), ",", flush=True) + + ts = interval - (time.time() % interval) + time.sleep(ts) + + +if __name__ == "__main__": + logging.basicConfig(level=logging.INFO) + + # Interval in seconds + interval = 1.0 + + widgets = [Cat(), Space(), Battery(), Time()] + + run(interval, widgets) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 85bb03d..e0268e2 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,6 +128,7 @@ in ghostscript smartmontools + dmenu grim # screenshot functionality slurp # screenshot functionality mako # notification system developed by swaywm maintainer From 165c9822b985aa9576ff3f2e9f8aaa6f95e91619 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 14:12:05 +0100 Subject: [PATCH 869/988] chore(flake.lock): Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c' (2024-11-21) → 'github:nix-community/nixos-generators/098e8b6ff72c86944a8d54b64ddd7b7e6635830a' (2024-11-25) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/b9f04e3cf71c23bea21d2768051e6b3068d44734' (2024-11-17) → 'github:nix-community/nixpkgs.lib/87b6978992e2eb605732fba842cad0a7e14b2047' (2024-11-24) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16) → 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9bbcb9a5a7e54369faaced5fb0ddad1fda21b751' (2024-11-22) → 'github:NixOS/nixpkgs/d44a276324b63ff7ca4254b7ea51d5bac7eb6c64' (2024-12-01) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/057f63b6dc1a2c67301286152eb5af20747a9cb4' (2024-11-16) → 'github:NixOS/nixpkgs/62c435d93bf046a5396f3016472e8f7c8e2aed65' (2024-11-30) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/705df92694af7093dfbb27109ce16d828a79155f' (2024-11-22) → 'github:numtide/treefmt-nix/6209c381904cab55796c5d7350e89681d3b2a8ef' (2024-11-29) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index baa2c4e..b8383bc 100644 --- a/flake.lock +++ b/flake.lock @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1731805462, - "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", + "lastModified": 1732410305, + "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", + "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1732151224, - "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", + "lastModified": 1732496924, + "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", + "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731797098, - "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732237847, - "narHash": "sha256-WwtrPxym9sQtwZkemxUfT00iCWfXxzuVAC7uFP1m1Y0=", + "lastModified": 1733040108, + "narHash": "sha256-x48Dv2n8d0Ebk0Pp6qk5TW4b+oUfkOpl16ick+npjD0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9bbcb9a5a7e54369faaced5fb0ddad1fda21b751", + "rev": "d44a276324b63ff7ca4254b7ea51d5bac7eb6c64", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1732981179, + "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1732292307, - "narHash": "sha256-5WSng844vXt8uytT5djmqBCkopyle6ciFgteuA9bJpw=", + "lastModified": 1732894027, + "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "705df92694af7093dfbb27109ce16d828a79155f", + "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", "type": "github" }, "original": { From dbb636e7dfd7bd2cd8d7723727ff6538e76becf7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 14:43:32 +0100 Subject: [PATCH 870/988] fix: remove failing units --- nixos/gorgon/configuration.nix | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index e0268e2..12723e0 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -34,6 +34,8 @@ in ./hardware-configuration.nix ]; + dadada.backupClient.bs.enable = false; + dadada.backupClient.backup1.enable = true; dadada.backupClient.backup2 = { enable = true; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; @@ -178,38 +180,6 @@ in "127.0.0.2" = [ "kanboard.dadada.li" ]; }; - # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html - systemd.timers.wg-reresolve-dns = { - wantedBy = [ "timers.target" ]; - partOf = [ "wg-reresolve-dns.service" ]; - timerConfig.OnCalendar = "hourly"; - }; - - systemd.services.wg-reresolve-dns = - let - vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI="; - in - { - serviceConfig.Type = "oneshot"; - script = '' - ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48 - ''; - }; - - #networking.wg-quick.interfaces.mullvad = { - # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ]; - # privateKeyFile = "/var/lib/wireguard/mullvad"; - # peers = [ - # { - # publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k="; - # allowedIPs = [ "0.0.0.0/0" "::0/0" ]; - # endpoint = "193.27.14.66:51820"; - # persistentKeepalive = 25; - # } - # ]; - # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main"; - #}; - services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; From eb81a1fedf47cff9ec5a2711d2606a5006a86877 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 15:14:31 +0100 Subject: [PATCH 871/988] feat: count failed units in status --- home/status | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/home/status b/home/status index 176467a..45e78d8 100755 --- a/home/status +++ b/home/status @@ -5,6 +5,7 @@ import sys import time import requests import logging +import subprocess from datetime import datetime @@ -25,7 +26,7 @@ class Cat(Status): catwalk = " " * (cat_width - index) + 1 * "ðŸˆðŸ³ï¸â€ðŸŒˆ" + " " * index self.index = (index + 1) % cat_width - return catwalk + return {"full_text": catwalk} class Space(Status): @@ -37,7 +38,7 @@ class Space(Status): if self.backoff == 0: self.update() - return self.c_status + return {"full_text": self.c_status} def update(self): spacestatus_url = "https://status.stratum0.org/status.json" @@ -65,12 +66,26 @@ class Battery(Status): battery = f"{status} {capacity}%" - return battery + return {"full_text": battery} class Time(Status): - def status(state): - return datetime.now().strftime("%Vth %A %H:%M") + def status(self): + return {"full_text": datetime.now().strftime("%Vth %A %H:%M") } + + +class FailedUnits(Status): + def status(self): + proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True) + stdout = proc.stdout.decode('utf-8') + failed = 0 + for line in stdout: + if 'failed' in line: + failed += 1 + if failed is 0: + return {"full_text": f"No failed units"} + else: + return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} def print_header(): @@ -94,7 +109,7 @@ def run(interval, widgets): except Exception as e: logger.error(e) if status: - body += {"full_text": f"{status}"}, + body += status, print(json.dumps(body), ",", flush=True) @@ -108,6 +123,6 @@ if __name__ == "__main__": # Interval in seconds interval = 1.0 - widgets = [Cat(), Space(), Battery(), Time()] + widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()] run(interval, widgets) From fc4521750d5308c421c5900204ef1ff2a797da3a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 1 Dec 2024 19:05:49 +0100 Subject: [PATCH 872/988] fix(ninurta): ssh port --- nixos/ninurta/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 2a9e837..7f63e0f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -37,6 +37,8 @@ in }; }; + services.openssh.ports = [ 22 ]; + dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; From 4e44dc164a7a3518153959d8fe10c35f1fe5aec7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:03:45 +0100 Subject: [PATCH 873/988] fix: enable backup1 --- nixos/modules/backup.nix | 2 +- nixos/modules/profiles/backup.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index c18aeb8..0ec680f 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -156,7 +156,7 @@ in }; }; - services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable { + services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable { paths = "/"; exclude = backupExcludes; repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}"; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index a69a89c..a5ad0eb 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -4,7 +4,7 @@ let in { dadada.backupClient.bs = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; From 776f7d2000879e0ec43741cd54f11f8fe7115a6c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:04:37 +0100 Subject: [PATCH 874/988] feat(laptop): remove ssh agent enable by default --- nixos/modules/profiles/laptop.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 85e8e86..a525106 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -16,7 +16,6 @@ with lib; { networking.domain = mkDefault "dadada.li"; services.fwupd.enable = mkDefault true; - programs.ssh.startAgent = true; programs.ssh.enableAskPassword = true; programs.nix-ld.enable = true; From 96dcd17947fff6c172597d2cd79bd3f19e04d5ae Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:10:22 +0100 Subject: [PATCH 875/988] feat(gorgon): enable ssh-agent --- nixos/gorgon/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 12723e0..935052a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -43,6 +43,8 @@ in repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; + programs.ssh.startAgent = true; + nix.extraOptions = '' experimental-features = nix-command flakes # Prevent garbage collection for nix shell and direnv From 3b12ac46af8d5d5ba007f5130505347d7d686835 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:27:55 +0100 Subject: [PATCH 876/988] chore(flake.lock): update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/f3111f62a23451114433888902a55cf0692b408d' (2024-11-24) → 'github:nix-community/home-manager/c7ffc9727d115e433fd884a62dc164b587ff651d' (2024-12-07) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/098e8b6ff72c86944a8d54b64ddd7b7e6635830a' (2024-11-25) → 'github:nix-community/nixos-generators/8cdaf8885c9c85d9d27b594dbe882406aadfe00e' (2024-12-05) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/87b6978992e2eb605732fba842cad0a7e14b2047' (2024-11-24) → 'github:nix-community/nixpkgs.lib/0e4fdd4a0ab733276b6d2274ff84ae353f17129e' (2024-12-01) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/45348ad6fb8ac0e8415f6e5e96efe47dd7f39405' (2024-11-24) → 'github:NixOS/nixos-hardware/e563803af3526852b6b1d77107a81908c66a9fcf' (2024-12-06) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d44a276324b63ff7ca4254b7ea51d5bac7eb6c64' (2024-12-01) → 'github:NixOS/nixpkgs/5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0' (2024-12-08) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/62c435d93bf046a5396f3016472e8f7c8e2aed65' (2024-11-30) → 'github:NixOS/nixpkgs/4dc2fc4e62dbf62b84132fe526356fbac7b03541' (2024-12-05) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/6209c381904cab55796c5d7350e89681d3b2a8ef' (2024-11-29) → 'github:numtide/treefmt-nix/50862ba6a8a0255b87377b9d2d4565e96f29b410' (2024-12-05) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index b8383bc..63f55fd 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1732466619, - "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", + "lastModified": 1733572789, + "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=", "owner": "nix-community", "repo": "home-manager", - "rev": "f3111f62a23451114433888902a55cf0692b408d", + "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1732410305, - "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", + "lastModified": 1733015484, + "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", + "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1732496924, - "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", + "lastModified": 1733360821, + "narHash": "sha256-bNXO+OGxrOjAxv/Lnyj84tNDicJ/FdLyLJHzOKSzYU8=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", + "rev": "8cdaf8885c9c85d9d27b594dbe882406aadfe00e", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733481457, + "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733040108, - "narHash": "sha256-x48Dv2n8d0Ebk0Pp6qk5TW4b+oUfkOpl16ick+npjD0=", + "lastModified": 1733642008, + "narHash": "sha256-ijS1XixgnF1UW1wnsO5J7rw5li0n6SZCBQWCYSfJwXw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d44a276324b63ff7ca4254b7ea51d5bac7eb6c64", + "rev": "5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1732981179, - "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=", + "lastModified": 1733412085, + "narHash": "sha256-FillH0qdWDt/nlO6ED7h4cmN+G9uXwGjwmCnHs0QVYM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65", + "rev": "4dc2fc4e62dbf62b84132fe526356fbac7b03541", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1732894027, - "narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=", + "lastModified": 1733440889, + "narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "6209c381904cab55796c5d7350e89681d3b2a8ef", + "rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410", "type": "github" }, "original": { From b059d11f6338bd93e976ff9e2e7f0c46ff0241a7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Dec 2024 13:32:44 +0100 Subject: [PATCH 877/988] feat(ninurta): remove desktop config --- nixos/ninurta/configuration.nix | 44 --------------------------------- 1 file changed, 44 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 7f63e0f..4bbca26 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -390,30 +390,6 @@ in networking.networkmanager.enable = false; networking.useDHCP = false; - # Desktop things for media playback - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome = { - enable = true; - extraGSettingsOverridePackages = with pkgs; [ gnome.gnome-settings-daemon ]; - extraGSettingsOverrides = '' - [org.gnome.desktop.screensaver] - lock-delay=uint32 30 - lock-enabled=true - - [org.gnome.desktop.session] - idle-delay=uint32 0 - - [org.gnome.settings-daemon.plugins.power] - idle-dim=false - power-button-action='interactive' - power-saver-profile-on-low-battery=false - sleep-inactive-ac-type='nothing' - sleep-inactive-battery-type='nothing' - ''; - }; - powerManagement = { enable = true; cpuFreqGovernor = "powersave"; @@ -424,15 +400,6 @@ in # Configure the disks to spin down after 10 min of inactivity. }; - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - services.udev.packages = [ (pkgs.writeTextFile { name = "60-hdparm"; @@ -446,21 +413,10 @@ in hardware.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ - firefox - spotify - mpv smartmontools hdparm ]; - users.users."media" = { - isNormalUser = true; - description = "Media playback user"; - extraGroups = [ "users" "video" ]; - # allow anyone with physical access to log in - password = "media"; - }; - users.users."backup-keepassxc" = { home = "/mnt/storage/backups/backup-keepassxc"; isNormalUser = true; From da45c026555648b323cf728435698951b95f110d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 14 Dec 2024 21:13:53 +0100 Subject: [PATCH 878/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/c7ffc9727d115e433fd884a62dc164b587ff651d' (2024-12-07) → 'github:nix-community/home-manager/1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f' (2024-12-11) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/8cdaf8885c9c85d9d27b594dbe882406aadfe00e' (2024-12-05) → 'github:nix-community/nixos-generators/d162ffdf0a30f3d19e67df5091d6744ab8b9229f' (2024-12-12) • Updated input 'nixos-generators/nixlib': 'github:nix-community/nixpkgs.lib/0e4fdd4a0ab733276b6d2274ff84ae353f17129e' (2024-12-01) → 'github:nix-community/nixpkgs.lib/f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b' (2024-12-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e563803af3526852b6b1d77107a81908c66a9fcf' (2024-12-06) → 'github:NixOS/nixos-hardware/cf737e2eba82b603f54f71b10cb8fd09d22ce3f5' (2024-12-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0' (2024-12-08) → 'github:NixOS/nixpkgs/8e21c38b7d24eadf3ef672a65a1cc927015d2197' (2024-12-13) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/4dc2fc4e62dbf62b84132fe526356fbac7b03541' (2024-12-05) → 'github:NixOS/nixpkgs/a0f3e10d94359665dba45b71b4227b0aeb851f8e' (2024-12-10) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/50862ba6a8a0255b87377b9d2d4565e96f29b410' (2024-12-05) → 'github:numtide/treefmt-nix/0ce9d149d99bc383d1f2d85f31f6ebd146e46085' (2024-12-09) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 63f55fd..2eace4d 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1733572789, - "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=", + "lastModified": 1733951536, + "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", "owner": "nix-community", "repo": "home-manager", - "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d", + "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733015484, - "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", + "lastModified": 1733620091, + "narHash": "sha256-5WoMeCkaXqTZwwCNLRzyLxEJn8ISwjx4cNqLgqKwg9s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", + "rev": "f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1733360821, - "narHash": "sha256-bNXO+OGxrOjAxv/Lnyj84tNDicJ/FdLyLJHzOKSzYU8=", + "lastModified": 1733965598, + "narHash": "sha256-0tlZU8xfQGPcBOdXZee7P3vJLyPjTrXw7WbIgXD34gM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8cdaf8885c9c85d9d27b594dbe882406aadfe00e", + "rev": "d162ffdf0a30f3d19e67df5091d6744ab8b9229f", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733481457, - "narHash": "sha256-IS3bxa4N1VMSh3/P6vhEAHQZecQ3oAlKCDvzCQSO5Is=", + "lastModified": 1733861262, + "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e563803af3526852b6b1d77107a81908c66a9fcf", + "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733642008, - "narHash": "sha256-ijS1XixgnF1UW1wnsO5J7rw5li0n6SZCBQWCYSfJwXw=", + "lastModified": 1734078800, + "narHash": "sha256-x5OW9e2w1y/7UKvZK0m9vXddociX9cF1F1Cg9/uA/Ts=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e7591e5e8c8cddc1e9c7cad01033e6c2d560cd0", + "rev": "8e21c38b7d24eadf3ef672a65a1cc927015d2197", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1733412085, - "narHash": "sha256-FillH0qdWDt/nlO6ED7h4cmN+G9uXwGjwmCnHs0QVYM=", + "lastModified": 1733808091, + "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4dc2fc4e62dbf62b84132fe526356fbac7b03541", + "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1733440889, - "narHash": "sha256-qKL3vjO+IXFQ0nTinFDqNq/sbbnnS5bMI1y0xX215fU=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "50862ba6a8a0255b87377b9d2d4565e96f29b410", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { From 10876b113e523f66db986b283b90302ed11a0cb6 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 14 Dec 2024 21:19:29 +0100 Subject: [PATCH 879/988] feat(devshell): add nixd, remove nil --- devshell.nix | 1 - home/pkgs.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/devshell.nix b/devshell.nix index 27b9799..ebdfb12 100644 --- a/devshell.nix +++ b/devshell.nix @@ -8,7 +8,6 @@ agenix nixpkgs-fmt nixos-rebuild - nil ]; commands = [ diff --git a/home/pkgs.nix b/home/pkgs.nix index 0fb833c..e2d7eb5 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -81,6 +81,7 @@ with pkgs; [ mumble ncurses newsflash + nixd nfs-utils niv nix-index From 28200e1a8f38ea324dcf10fff0e371bcf637ee60 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 14 Dec 2024 21:40:19 +0100 Subject: [PATCH 880/988] fix: update lix --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2eace4d..09e1517 100644 --- a/flake.lock +++ b/flake.lock @@ -198,15 +198,15 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", - "rev": "9098ac95768f7006d7e070b88bae76939f6034e6", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", + "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" } }, "nixlib": { diff --git a/flake.nix b/flake.nix index 3ab6e15..7519d56 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; From 022507887dd9b4fd4779ee5842a8e4a052adc6ff Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 15 Dec 2024 21:03:31 +0100 Subject: [PATCH 881/988] feat: allow connection to ssh via 2222 --- nixos/ninurta/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 4bbca26..bebea3f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -37,7 +37,7 @@ in }; }; - services.openssh.ports = [ 22 ]; + services.openssh.ports = [ 22 2222 ]; dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -367,6 +367,7 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH + 2222 80 # munin web 631 # Printing ]; From 2129924e78827c7b49fe04e131b06ac57cef7047 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 16 Dec 2024 18:59:14 +0100 Subject: [PATCH 882/988] feat: add bridge device for home assistant --- nixos/ninurta/configuration.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index bebea3f..4200470 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -312,9 +312,20 @@ in { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } ]; }; + "20-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; }; netdevs = { - "20-wg0" = { + "20-br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; + }; + }; + "20-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; @@ -367,7 +378,7 @@ in allowPing = true; allowedTCPPorts = [ 22 # SSH - 2222 + 2222 # SSH 80 # munin web 631 # Printing ]; From f67e77eaa1390bcdbccc68999b1d61cdcb4c54ff Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 16 Dec 2024 19:28:20 +0100 Subject: [PATCH 883/988] fix(ninurta): configure bridge --- nixos/ninurta/configuration.nix | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 4200470..dcd050f 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -273,20 +273,7 @@ in }; "10-lan" = { matchConfig.Name = "enp*"; - networkConfig.DHCP = "ipv4"; - networkConfig.Domains = [ "bs.dadada.li" ]; - networkConfig.VLAN = [ ]; - networkConfig.IPv6PrivacyExtensions = false; - linkConfig.RequiredForOnline = "routable"; - dhcpV4Config = { - UseDomains = true; - UseDNS = true; - UseNTP = true; - }; - ipv6AcceptRAConfig = { - UseDomains = true; - UseDNS = true; - }; + bridge = [ "br0" ]; }; "30-wg0" = { matchConfig.Name = "wg0"; @@ -315,7 +302,19 @@ in "20-br0" = { matchConfig.Name = "br0"; networkConfig.DHCP = "ipv4"; + networkConfig.Domains = [ "bs.dadada.li" ]; + networkConfig.VLAN = [ ]; + networkConfig.IPv6PrivacyExtensions = false; linkConfig.RequiredForOnline = "routable"; + dhcpV4Config = { + UseDomains = true; + UseDNS = true; + UseNTP = true; + }; + ipv6AcceptRAConfig = { + UseDomains = true; + UseDNS = true; + }; }; }; netdevs = { From 87649ec999e0fa14bd2e62db52d1705cc7f23919 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:09:09 +0100 Subject: [PATCH 884/988] fix(ninurta): printer address --- nixos/ninurta/printing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index 6fdbb08..e22c989 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -32,7 +32,7 @@ drivers = [ pkgs.brlaser ]; # Remove all state at the start of the service stateless = true; - listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ]; + listenAddresses = [ "192.168.101.29:631" ]; allowFrom = [ "from 192.168.101.0/24" ]; browsing = true; defaultShared = true; From fe7dd57bc16312259babc650f4d34c0c72063281 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:27:42 +0100 Subject: [PATCH 885/988] feat(gorgon): adapt power management options --- nixos/gorgon/configuration.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 935052a..c90a2eb 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -226,5 +226,16 @@ in ]; }; + powerManagement = { + enable = true; + powertop.enable = true; + cpuFreqGovernor = "schedutil"; + powerUpCommands = '' + echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold + echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold + ''; + }; + services.tlp.enable = false; + system.stateVersion = "23.11"; } From 12b4614fc78db46a8cf6adf6d7ba187ea4e04a97 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:53:21 +0100 Subject: [PATCH 886/988] feat(ninurta): disable hydra --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index dcd050f..9eba60d 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -159,7 +159,7 @@ in }; services.hydra = { - enable = true; + enable = false; package = pkgs.hydra; hydraURL = "https://hydra.dadada.li"; notificationSender = "hydra@localhost"; From 09ca9341f94365d04af34d9461fa06954f2d345a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 20 Dec 2024 23:53:38 +0100 Subject: [PATCH 887/988] feat(ninurta): make firewall configuration a little more restrictive --- nixos/ninurta/configuration.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 9eba60d..e188991 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -376,17 +376,21 @@ in enable = true; allowPing = true; allowedTCPPorts = [ - 22 # SSH 2222 # SSH - 80 # munin web - 631 # Printing ]; allowedUDPPorts = [ - 631 # Printing 51234 # Wireguard 51235 # Wireguard ]; interfaces = { + br0.allowedTCPPorts = [ + 22 # SSH + 80 # munin web + 631 # IPP + ]; + br0.allowedUDPPorts = [ + 631 # IPP + ]; uwu.allowedTCPPorts = [ softServePort ]; From 835bd775ae29747507b9d0e46c22221ebbe5cfe9 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 26 Dec 2024 20:35:53 +0100 Subject: [PATCH 888/988] chore: update flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 09e1517..9dc4020 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1717415742, - "narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=", + "lastModified": 1734450202, + "narHash": "sha256-/3gigrEBFORQs6a8LL5twoHs7biu08y/8Xc5aQmk3b0=", "owner": "NixOS", "repo": "flake-registry", - "rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96", + "rev": "02fe640c9e117dd9d6a34efc7bcb8bd09c08111d", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1733951536, - "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1733620091, - "narHash": "sha256-5WoMeCkaXqTZwwCNLRzyLxEJn8ISwjx4cNqLgqKwg9s=", + "lastModified": 1734829460, + "narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "f4dc9a6c02e5e14d91d158522f69f6ab4194eb5b", + "rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1733965598, - "narHash": "sha256-0tlZU8xfQGPcBOdXZee7P3vJLyPjTrXw7WbIgXD34gM=", + "lastModified": 1734915500, + "narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d162ffdf0a30f3d19e67df5091d6744ab8b9229f", + "rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733861262, - "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734078800, - "narHash": "sha256-x5OW9e2w1y/7UKvZK0m9vXddociX9cF1F1Cg9/uA/Ts=", + "lastModified": 1735191716, + "narHash": "sha256-rwHLmGc/2OfudyjGnH8h5vQK2e5uJ6gt2GwPhWL9pPk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8e21c38b7d24eadf3ef672a65a1cc927015d2197", + "rev": "1dd8f51e62c0ff199e551744ab46fc4fbe6f827a", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1733808091, - "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", + "lastModified": 1735141468, + "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", + "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1733761991, - "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", "type": "github" }, "original": { From 4e869e2cf0484a3a59186d6ea3ca4f6e2aee128d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 27 Dec 2024 15:30:19 +0100 Subject: [PATCH 889/988] fix: formating issues in prompt --- home/status | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/home/status b/home/status index 45e78d8..e24816b 100755 --- a/home/status +++ b/home/status @@ -23,7 +23,7 @@ class Cat(Status): def status(self): cat_width = 200 index = self.index - catwalk = " " * (cat_width - index) + 1 * "ðŸˆðŸ³ï¸â€ðŸŒˆ" + " " * index + catwalk = "ðŸˆðŸ³ï¸â€ðŸŒˆ" + " " * index self.index = (index + 1) % cat_width return {"full_text": catwalk} @@ -71,7 +71,17 @@ class Battery(Status): class Time(Status): def status(self): - return {"full_text": datetime.now().strftime("%Vth %A %H:%M") } + now = datetime.now() + match now.isocalendar().week % 10: + case 1: + th = "st" + case 2: + th = "nd" + case 3: + th = "rd" + case _: + th = "th" + return {"full_text": now.strftime(f"%V{th} %A %H:%M") } class FailedUnits(Status): @@ -82,7 +92,7 @@ class FailedUnits(Status): for line in stdout: if 'failed' in line: failed += 1 - if failed is 0: + if failed == 0: return {"full_text": f"No failed units"} else: return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} From da0069de8c997cc25bab9d41e90e0924e7899338 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 27 Dec 2024 16:40:35 +0100 Subject: [PATCH 890/988] feat: install nixfmt-rfc-style --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index e2d7eb5..5a03528 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -82,6 +82,7 @@ with pkgs; [ ncurses newsflash nixd + nixfmt-rfc-style nfs-utils niv nix-index From 6719d76de887c7975b4698a0633414b48ee7af49 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 12 Jan 2025 19:44:05 +0100 Subject: [PATCH 891/988] chore: Update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/dd6b80932022cea34a019e2bb32f6fa9e494dfef' (2024-10-07) → 'github:numtide/devshell/f7795ede5b02664b57035b3b757876703e2c3eac' (2024-12-31) • Updated input 'home-manager': 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16) → 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56' (2025-01-08) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/def1d472c832d77885f174089b0d34854b007198' (2024-12-23) → 'github:NixOS/nixos-hardware/8870dcaff63dfc6647fb10648b827e9d40b0a337' (2025-01-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1dd8f51e62c0ff199e551744ab46fc4fbe6f827a' (2024-12-26) → 'github:NixOS/nixpkgs/87d46406d6280e1c064bc5df10ebd09ce3113cb3' (2025-01-12) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/4005c3ff7505313cbc21081776ad0ce5dfd7a3ce' (2024-12-25) → 'github:NixOS/nixpkgs/1dab772dd4a68a7bba5d9460685547ff8e17d899' (2025-01-10) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/9e09d30a644c57257715902efbb3adc56c79cf28' (2024-12-25) → 'github:numtide/treefmt-nix/13c913f5deb3a5c08bb810efd89dc8cb24dd968b' (2025-01-06) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 9dc4020..b33294f 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1728330715, - "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", "owner": "numtide", "repo": "devshell", - "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735191716, - "narHash": "sha256-rwHLmGc/2OfudyjGnH8h5vQK2e5uJ6gt2GwPhWL9pPk=", + "lastModified": 1736669804, + "narHash": "sha256-EZusd5yhiZLXdBUDtXB3wCX3QvBeSFx/N0AstaajzpU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1dd8f51e62c0ff199e551744ab46fc4fbe6f827a", + "rev": "87d46406d6280e1c064bc5df10ebd09ce3113cb3", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1735141468, - "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", + "lastModified": 1736549401, + "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", + "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1735135567, - "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { From 21ad250fe7f1d2c73fa502f068abc2a20848c46a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 19:57:35 +0100 Subject: [PATCH 892/988] chore: update flake.lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index b33294f..5aa15f3 100644 --- a/flake.lock +++ b/flake.lock @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1734829460, - "narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=", + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1734915500, - "narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=", + "lastModified": 1736730523, + "narHash": "sha256-mvTZ7fLKA6ggGnA8GZwcXV57EvVReRTCfi26xc08Q3g=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4", + "rev": "74b8e31dd709760c86eed16b6c1d0b88d7360937", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736669804, - "narHash": "sha256-EZusd5yhiZLXdBUDtXB3wCX3QvBeSFx/N0AstaajzpU=", + "lastModified": 1736842851, + "narHash": "sha256-iAYIidDSvqRWMRQrCIn2X8edyrOg/uTBZc1M4bdpQjs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "87d46406d6280e1c064bc5df10ebd09ce3113cb3", + "rev": "a78c63a084314c55196488cf2252c5f6ea5c67a4", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1736549401, - "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "lastModified": 1736754065, + "narHash": "sha256-hcETjfECLklW1ND8svDvN0Nw6H/1qtuoz3rbFNQ1Lrk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "rev": "67e9c880898889470f153157a96b595e758167fc", "type": "github" }, "original": { From 02fcfe7b1d90eaab1ad5142b5868d720043cfcee Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 19:59:42 +0100 Subject: [PATCH 893/988] fix: formating --- nixos/ninurta/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index e188991..15c8a24 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -324,7 +324,7 @@ in Name = "br0"; }; }; - "20-wg0" = { + "20-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; From 7cd9d8c480c045a6cef8d58374961965f768578c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 20:10:36 +0100 Subject: [PATCH 894/988] fix: disable huge swapfile --- nixos/surgat/configuration.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 9a9bc54..66b8e27 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -137,13 +137,6 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; - swapDevices = [ - { - device = "/var/swapfile"; - size = 4096; - } - ]; - services.resolved = { enable = true; fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; From 2486f4c1a6615c694640425c01cc4a1df8d008ca Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 14 Jan 2025 20:16:06 +0100 Subject: [PATCH 895/988] feat: remove weechat --- nixos/surgat/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 66b8e27..6dad1ee 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -42,7 +42,7 @@ in dadada.element.enable = true; dadada.forgejo.enable = true; dadada.miniflux.enable = true; - dadada.weechat.enable = true; + dadada.weechat.enable = false; dadada.homepage.enable = true; dadada.share.enable = true; dadada.backupClient = { From 99e3eaa034d273296d26ba7dc82b9d9e81d3c78e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 16 Jan 2025 18:34:03 +0100 Subject: [PATCH 896/988] fix: rotate SSH key Too many PIN attempts. --- admins.nix | 2 +- home/modules/git.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/admins.nix b/admins.nix index 82f6cef..e5e29ba 100644 --- a/admins.nix +++ b/admins.nix @@ -2,7 +2,7 @@ dadada = { shell = "zsh"; keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada " + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada " ]; }; diff --git a/home/modules/git.nix b/home/modules/git.nix index e89e62a..7762612 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -9,6 +9,7 @@ with lib; let name = "allowed-signers"; text = '' dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada + dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon ''; }; in @@ -33,7 +34,7 @@ in user = { email = "dadada@dadada.li"; name = "Tim Schubert"; - signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada "; + signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon"; }; core = { whitespace = { From c5a0cf2dd8f9bbca8c38bcc83e493c3d4293cf14 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 13:15:14 +0100 Subject: [PATCH 897/988] feat(home): add vegur font --- home/pkgs.nix | 1 + nixos/modules/profiles/laptop.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 5a03528..410abfe 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -133,6 +133,7 @@ with pkgs; [ ttyd unzip usbutils + vegur virt-manager viu # view images from the terminal vscodium diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index a525106..3ad8c11 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -27,6 +27,7 @@ with lib; { fonts.packages = mkDefault (with pkgs; [ source-code-pro + vegur ]); users.mutableUsers = mkDefault true; From e4c603b692e9338b29201eac6de66779040db2f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 13:17:02 +0100 Subject: [PATCH 898/988] chore: update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/74b8e31dd709760c86eed16b6c1d0b88d7360937' (2025-01-13) → 'github:nix-community/nixos-generators/d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453' (2025-01-16) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/8870dcaff63dfc6647fb10648b827e9d40b0a337' (2025-01-09) → 'github:NixOS/nixos-hardware/dfad538f751a5aa5d4436d9781ab27a6128ec9d4' (2025-01-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a78c63a084314c55196488cf2252c5f6ea5c67a4' (2025-01-14) → 'github:NixOS/nixpkgs/035f8c0853c2977b24ffc4d0a42c74f00b182cd8' (2025-01-23) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/67e9c880898889470f153157a96b595e758167fc' (2025-01-13) → 'github:NixOS/nixpkgs/035f8c0853c2977b24ffc4d0a42c74f00b182cd8' (2025-01-23) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/13c913f5deb3a5c08bb810efd89dc8cb24dd968b' (2025-01-06) → 'github:numtide/treefmt-nix/f2cc121df15418d028a59c9737d38e3a90fbaf8f' (2025-01-21) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5aa15f3..771d148 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1736730523, - "narHash": "sha256-mvTZ7fLKA6ggGnA8GZwcXV57EvVReRTCfi26xc08Q3g=", + "lastModified": 1737057290, + "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "74b8e31dd709760c86eed16b6c1d0b88d7360937", + "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1737751639, + "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736842851, - "narHash": "sha256-iAYIidDSvqRWMRQrCIn2X8edyrOg/uTBZc1M4bdpQjs=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a78c63a084314c55196488cf2252c5f6ea5c67a4", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1736754065, - "narHash": "sha256-hcETjfECLklW1ND8svDvN0Nw6H/1qtuoz3rbFNQ1Lrk=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67e9c880898889470f153157a96b595e758167fc", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1737483750, + "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", "type": "github" }, "original": { From 2688a624dd82f82b8f2c34a2c66611f14b325ed8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 13:41:53 +0100 Subject: [PATCH 899/988] feat: bind swaylock --- home/config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/config b/home/config index bc01bb6..6bfc506 100644 --- a/home/config +++ b/home/config @@ -224,6 +224,8 @@ bar { } } +bindsym $mod+grave exec swaylock -c 000000 + include /etc/sway/config.d/* exec sleep 5; systemctl --user start kanshi.service From 2977d1712e71e13d89519c69f8a1a65620c0b8f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 14:03:39 +0100 Subject: [PATCH 900/988] feat: lock password DB before locking screen --- home/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/config b/home/config index 6bfc506..d2a4443 100644 --- a/home/config +++ b/home/config @@ -224,7 +224,7 @@ bar { } } -bindsym $mod+grave exec swaylock -c 000000 +bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c 000000 include /etc/sway/config.d/* From 230d105a47ce17f69f833c5494997d5adec12495 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 14:04:14 +0100 Subject: [PATCH 901/988] feat: add kanshictl to path --- home/pkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 410abfe..50de796 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -62,7 +62,7 @@ with pkgs; [ jc # convert output to json josm jq - #jupyter + kanshi kcachegrind keepassxc kubetail From d68d4fb0d042df6e18c3726571c56e4f1e23c3f4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 14:38:52 +0100 Subject: [PATCH 902/988] fix(home): prefer adwaita light theme variant --- home/dconf.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/dconf.nix b/home/dconf.nix index 7fb2800..2e25aab 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -48,6 +48,7 @@ with lib.hm.gvariant; gtk-enable-primary-paste = false; gtk-key-theme = "Emacs"; gtk-theme = "Adwaita"; + color-scheme = "prefer-light"; icon-theme = "Adwaita"; locate-pointer = false; monospace-font-name = "JetBrains Mono 10"; From b954f7181940d2daa6f8d9e5c767e23d0bc5f897 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 25 Jan 2025 17:43:38 +0100 Subject: [PATCH 903/988] feat(home): template sway config with colors --- home/config | 231 ----------------------------------- home/default.nix | 311 +++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 286 insertions(+), 256 deletions(-) delete mode 100644 home/config diff --git a/home/config b/home/config deleted file mode 100644 index d2a4443..0000000 --- a/home/config +++ /dev/null @@ -1,231 +0,0 @@ -# Read `man 5 sway` for a complete reference. - -### Variables -# -# Logo key. Use Mod1 for Alt. -set $mod Mod4 -# Home row direction keys, like vim -set $left h -set $down j -set $up k -set $right l -# Your preferred terminal emulator -set $term foot -# Your preferred application launcher -# Note: pass the final command to swaymsg so that the resulting window can be opened -# on the original workspace that the command was run on. -set $menu dmenu_path | wmenu | xargs swaymsg exec -- - -### Output configuration -# -# Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) -output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill - -### Idle configuration -# -# Example configuration: -# -exec swayidle -w \ - timeout 300 'swaylock -f -c 000000' \ - timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ - before-sleep 'swaylock -f -c 000000' -# -# This will lock your screen after 300 seconds of inactivity, then turn off -# your displays after another 300 seconds, and turn your screens back on when -# resumed. It will also lock your screen before your computer goes to sleep. - -input * { - xkb_layout eu - xkb_model pc105+inet - xkb_options caps:escape - drag_lock enabled - drag enabled - dwt enabled - tap enabled - tap_button_map lrm - natural_scroll enabled -} - -### Key bindings -# -# Basics: -# -# Start a terminal -bindsym $mod+Return exec $term - -# Kill focused window -bindsym $mod+Shift+q kill - -# Start your launcher -bindsym $mod+d exec $menu - -# Drag floating windows by holding down $mod and left mouse button. -# Resize them with right mouse button + $mod. -# Despite the name, also works for non-floating windows. -# Change normal to inverse to use left mouse button for resizing and right -# mouse button for dragging. -floating_modifier $mod normal - -# Lock the screen -bindsym XF86Sleep exec 'swaylock -f -c 000000' - -# Reload the configuration file -bindsym $mod+Shift+c reload - -# Exit sway (logs you out of your Wayland session) -bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' - -# Brightness -bindsym --locked XF86MonBrightnessDown exec light -U 10 -bindsym --locked XF86MonBrightnessUp exec light -A 10 - -# Volume -bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' -bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' -bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' - -# -# Moving around: -# -# Move your focus around -bindsym $mod+$left focus left -bindsym $mod+$down focus down -bindsym $mod+$up focus up -bindsym $mod+$right focus right -# Or use $mod+[up|down|left|right] -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Move the focused window with the same, but add Shift -bindsym $mod+Shift+$left move left -bindsym $mod+Shift+$down move down -bindsym $mod+Shift+$up move up -bindsym $mod+Shift+$right move right -# Ditto, with arrow keys -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# -# Workspaces: -# -# Switch to workspace -bindsym $mod+1 workspace number 1 -bindsym $mod+2 workspace number 2 -bindsym $mod+3 workspace number 3 -bindsym $mod+4 workspace number 4 -bindsym $mod+5 workspace number 5 -bindsym $mod+6 workspace number 6 -bindsym $mod+7 workspace number 7 -bindsym $mod+8 workspace number 8 -bindsym $mod+9 workspace number 9 -bindsym $mod+0 workspace number 10 -# Move focused container to workspace -bindsym $mod+Shift+1 move container to workspace number 1 -bindsym $mod+Shift+2 move container to workspace number 2 -bindsym $mod+Shift+3 move container to workspace number 3 -bindsym $mod+Shift+4 move container to workspace number 4 -bindsym $mod+Shift+5 move container to workspace number 5 -bindsym $mod+Shift+6 move container to workspace number 6 -bindsym $mod+Shift+7 move container to workspace number 7 -bindsym $mod+Shift+8 move container to workspace number 8 -bindsym $mod+Shift+9 move container to workspace number 9 -bindsym $mod+Shift+0 move container to workspace number 10 -# Note: workspaces can have any name you want, not just numbers. -# We just use 1-10 as the default. - -# -# Layout stuff: -# -# You can "split" the current object of your focus with -# $mod+b or $mod+v, for horizontal and vertical splits -# respectively. -bindsym $mod+b splith -bindsym $mod+v splitv - -# Switch the current container between different layout styles -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -# Make the current focus fullscreen -bindsym $mod+f fullscreen - -# Toggle the current focus between tiling and floating mode -bindsym $mod+Shift+space floating toggle - -# Swap focus between the tiling area and the floating area -bindsym $mod+space focus mode_toggle - -# Move focus to the parent container -bindsym $mod+a focus parent - -# -# Font -# -font "pango:Jetbrains Mono 8" - -# -# Scratchpad: -# -# Sway has a "scratchpad", which is a bag of holding for windows. -# You can send windows there and get them back later. - -# Move the currently focused window to the scratchpad -bindsym $mod+Shift+minus move scratchpad - -# Show the next scratchpad window or hide the focused scratchpad window. -# If there are multiple scratchpad windows, this command cycles through them. -bindsym $mod+minus scratchpad show - -# -# Resizing containers: -# -mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - - # Ditto, with arrow keys - bindsym Left resize shrink width 10px - bindsym Down resize grow height 10px - bindsym Up resize shrink height 10px - bindsym Right resize grow width 10px - - # Return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# -# Status Bar: -# -# Read `man 5 sway-bar` for more information about this section. -bar { - position top - - # When the status_command prints a new line to stdout, swaybar updates. - # The default just shows the current date and time. - status_command ~/.config/sway/status - - colors { - statusline #ffffff - background #323232 - inactive_workspace #32323200 #32323200 #5c5c5c - } -} - -bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c 000000 - -include /etc/sway/config.d/* - -exec sleep 5; systemctl --user start kanshi.service diff --git a/home/default.nix b/home/default.nix index 15514f9..457d7ad 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,6 +1,7 @@ -{ pkgs -, lib -, ... +{ + pkgs, + lib, + ... }: let useFeatures = [ @@ -17,6 +18,26 @@ let "zsh" "helix" ]; + colors = { + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue + }; in { imports = [ @@ -28,7 +49,9 @@ in programs.gpg.settings.default-key = "99658A3EB5CD7C13"; dadada.home = - lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; }) + lib.attrsets.genAttrs useFeatures (useFeatures: { + enable = true; + }) // { session = { enable = true; @@ -56,7 +79,9 @@ in Restart = "always"; }; - Install = { WantedBy = [ "graphical-session.target" ]; }; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; }; programs.offlineimap.enable = false; @@ -131,6 +156,7 @@ in enable = true; server.enable = false; settings = { + inherit colors; main = { shell = "tmux"; font = "Jetbrains Mono:size=8"; @@ -139,31 +165,266 @@ in mouse.hide-when-typing = true; csd.preferred = "none"; cursor.color = "fdf6e3 586e75"; - colors = { - background = "fdf6e3"; - foreground = "657b83"; - regular0 = "eee8d5"; - regular1 = "dc322f"; - regular2 = "859900"; - regular3 = "b58900"; - regular4 = "268bd2"; - regular5 = "d33682"; - regular6 = "2aa198"; - regular7 = "073642"; - bright0 = "cb4b16"; - bright1 = "fdf6e3"; - bright2 = "93a1a1"; - bright3 = "839496"; - bright4 = "657b83"; - bright5 = "6c71c4"; - bright6 = "586e75"; - bright7 = "002b36"; + bell = { + urgent = true; + visual = false; }; }; }; - home.file.".config/sway/config".source = ./config; + home.file.".config/sway/config".text = with colors; '' + # Read `man 5 sway` for a complete reference. + + ### Variables + # + # Logo key. Use Mod1 for Alt. + set $mod Mod4 + # Home row direction keys, like vim + set $left h + set $down j + set $up k + set $right l + # Your preferred terminal emulator + set $term foot + # Your preferred application launcher + # Note: pass the final command to swaymsg so that the resulting window can be opened + # on the original workspace that the command was run on. + set $menu dmenu_path | wmenu | xargs swaymsg exec -- + + ### Idle configuration + # + # Example configuration: + # + exec swayidle -w \ + timeout 300 'swaylock -f -c ${background}' \ + timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ + before-sleep 'swaylock -f -c ${background}' + # + # This will lock your screen after 300 seconds of inactivity, then turn off + # your displays after another 300 seconds, and turn your screens back on when + # resumed. It will also lock your screen before your computer goes to sleep. + + input * { + xkb_layout eu + xkb_model pc105+inet + xkb_options caps:escape + drag_lock enabled + drag enabled + dwt enabled + tap enabled + tap_button_map lrm + natural_scroll enabled + } + + ### Key bindings + # + # Basics: + # + # Start a terminal + bindsym $mod+Return exec $term + + # Kill focused window + bindsym $mod+Shift+q kill + + # Start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Lock the screen + bindsym XF86Sleep exec 'swaylock -f -c ${background}' + + # Reload the configuration file + bindsym $mod+Shift+c reload + + # Exit sway (logs you out of your Wayland session) + bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' + + # Brightness + bindsym --locked XF86MonBrightnessDown exec light -U 10 + bindsym --locked XF86MonBrightnessUp exec light -A 10 + + # Volume + bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' + bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' + bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' + + # + # Moving around: + # + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right + + # + # Workspaces: + # + # Switch to workspace + bindsym $mod+1 workspace number 1 + bindsym $mod+2 workspace number 2 + bindsym $mod+3 workspace number 3 + bindsym $mod+4 workspace number 4 + bindsym $mod+5 workspace number 5 + bindsym $mod+6 workspace number 6 + bindsym $mod+7 workspace number 7 + bindsym $mod+8 workspace number 8 + bindsym $mod+9 workspace number 9 + bindsym $mod+0 workspace number 10 + # Move focused container to workspace + bindsym $mod+Shift+1 move container to workspace number 1 + bindsym $mod+Shift+2 move container to workspace number 2 + bindsym $mod+Shift+3 move container to workspace number 3 + bindsym $mod+Shift+4 move container to workspace number 4 + bindsym $mod+Shift+5 move container to workspace number 5 + bindsym $mod+Shift+6 move container to workspace number 6 + bindsym $mod+Shift+7 move container to workspace number 7 + bindsym $mod+Shift+8 move container to workspace number 8 + bindsym $mod+Shift+9 move container to workspace number 9 + bindsym $mod+Shift+0 move container to workspace number 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. + + # + # Layout stuff: + # + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent + + # + # Font + # + font "pango:Jetbrains Mono 8" + + # + # Scratchpad: + # + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show + + # + # Resizing containers: + # + mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" + } + bindsym $mod+r mode "resize" + + # + # Status Bar: + # + # Read `man 5 sway-bar` for more information about this section. + bar { + position top + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command ~/.config/sway/status + + colors { + statusline ${foreground} + background ${background} + inactive_workspace ${background}ee ${background}ee ${foreground}ee + } + } + + bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 + + # class border backgr. text indicator child_border + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} + + client.background #${foreground} + + include /etc/sway/config.d/* + + exec sleep 5; systemctl --user restart kanshi.service + exec sleep 5; output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill + ''; home.file.".config/sway/status".source = ./status; + home.file.".config/kanshi/config".text = '' + profile Laptop { + output eDP-1 enable + } + + profile Docked { + output eDP-1 disable + output "LG Electronics LG HDR 4K 0x000354D1" { + enable + scale 1.2 + position 0,0 + } + } + ''; # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 77e6017e57d3df42afd0067dbf5a9425e808feeb Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 1 Feb 2025 19:48:37 +0100 Subject: [PATCH 904/988] chore: update flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 771d148..17bea85 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737751639, - "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", + "lastModified": 1738391520, + "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", + "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737672001, - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "lastModified": 1738392223, + "narHash": "sha256-epwD0BvADThOtRrDoI7qJUZPe1vhXoSIwLna2/VoOMA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "rev": "7d84bdf9cb85f399a8eafe8e17acee2354f13a21", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1737672001, - "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", + "lastModified": 1738277201, + "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", + "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1737483750, - "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", + "lastModified": 1738070913, + "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", + "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", "type": "github" }, "original": { From 5f67272146536cfd95b92f61329b65b97a07fc8e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 2 Feb 2025 11:27:52 +0100 Subject: [PATCH 905/988] feat(home): move swaybar to bottom --- home/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 457d7ad..300898b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -381,7 +381,7 @@ in # # Read `man 5 sway-bar` for more information about this section. bar { - position top + position bottom # When the status_command prints a new line to stdout, swaybar updates. # The default just shows the current date and time. From 86e5c155bf069fc6d475078078d65238953b5d7b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 2 Feb 2025 13:07:59 +0100 Subject: [PATCH 906/988] fix(home): adwaita cursor --- home/dconf.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/home/dconf.nix b/home/dconf.nix index 2e25aab..db5ca18 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -2,7 +2,8 @@ with lib.hm.gvariant; { home.packages = [ - pkgs.gnomeExtensions.switcher + pkgs.adwaita-icon-theme + pkgs.adwaita-qt ]; dconf.settings = with lib.hm.gvariant; { @@ -40,6 +41,7 @@ with lib.hm.gvariant; clock-show-date = true; clock-show-seconds = false; clock-show-weekday = true; + cursor-theme = "Adwaita"; enable-animations = true; enable-hot-corners = false; font-antialiasing = "grayscale"; @@ -53,7 +55,7 @@ with lib.hm.gvariant; locate-pointer = false; monospace-font-name = "JetBrains Mono 10"; show-battery-percentage = false; - text-scaling-factor = 1.0; + #text-scaling-factor = 1.0; toolkit-accessibility = false; }; From 8cfa70e239e4fbf5bfc230852fc1f5f81ad4232b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 24 Feb 2025 20:57:18 +0100 Subject: [PATCH 907/988] chore: update nixpkgs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 17bea85..e7556f6 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738391520, - "narHash": "sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0=", + "lastModified": 1740387674, + "narHash": "sha256-pGk/aA0EBvI6o4DeuZsr05Ig/r4uMlSaf5EWUZEWM10=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "34b64e4e1ddb14e3ffc7db8d4a781396dbbab773", + "rev": "d58f642ddb23320965b27beb0beba7236e9117b5", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738392223, - "narHash": "sha256-epwD0BvADThOtRrDoI7qJUZPe1vhXoSIwLna2/VoOMA=", + "lastModified": 1740357648, + "narHash": "sha256-CaawdjLmSny3UV97my2Hg4h867p4lhd+EpRhFQGaHK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7d84bdf9cb85f399a8eafe8e17acee2354f13a21", + "rev": "060b03c5d950ee0592d16e97c63860640bd31f50", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1738277201, - "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", + "lastModified": 1740339700, + "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", + "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1738070913, - "narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", + "lastModified": 1739829690, + "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", + "rev": "3d0579f5cc93436052d94b73925b48973a104204", "type": "github" }, "original": { From 87cb376d4d0b6dce4aed71657ed4db731f4e538a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Fri, 7 Mar 2025 17:55:27 +0100 Subject: [PATCH 908/988] chore: update inputs --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index e7556f6..2d28985 100644 --- a/flake.lock +++ b/flake.lock @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1740947705, + "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "507911df8c35939050ae324caccc7cf4ffb76565", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740387674, - "narHash": "sha256-pGk/aA0EBvI6o4DeuZsr05Ig/r4uMlSaf5EWUZEWM10=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d58f642ddb23320965b27beb0beba7236e9117b5", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740357648, - "narHash": "sha256-CaawdjLmSny3UV97my2Hg4h867p4lhd+EpRhFQGaHK4=", + "lastModified": 1741318725, + "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "060b03c5d950ee0592d16e97c63860640bd31f50", + "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1741196730, + "narHash": "sha256-0Sj6ZKjCpQMfWnN0NURqRCQn2ob7YtXTAOTwCuz7fkA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "48913d8f9127ea6530a2a2f1bd4daa1b8685d8a3", "type": "github" }, "original": { From b5318b48ad7ec5f30406ff407bd2eb922a72caae Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 13 Mar 2025 20:35:36 +0100 Subject: [PATCH 909/988] gorgon: add working printer config --- nixos/gorgon/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index c90a2eb..0d6f0cb 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,6 +128,13 @@ in ]; }; + hardware.printers.ensurePrinters = [{ + name = "Brother_HL-L2300D"; + model = "everywhere"; + location = "BS"; + deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + }]; + environment.systemPackages = with pkgs; [ ghostscript smartmontools From 4ea70d86d240aec198f3d6cc89538edc681c63a0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 26 Mar 2025 20:33:35 +0100 Subject: [PATCH 910/988] feat(home): bind swaylock to mod end --- home/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/default.nix b/home/default.nix index 300898b..2aef870 100644 --- a/home/default.nix +++ b/home/default.nix @@ -238,6 +238,7 @@ in # Lock the screen bindsym XF86Sleep exec 'swaylock -f -c ${background}' + bindsym $mod+End exec 'swaylock -f -c ${background}' # Reload the configuration file bindsym $mod+Shift+c reload From 3be5c51bc7d1e97665edde25b0aa569820707be2 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Wed, 26 Mar 2025 20:36:16 +0100 Subject: [PATCH 911/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'devshell': 'github:numtide/devshell/f7795ede5b02664b57035b3b757876703e2c3eac' (2024-12-31) → 'github:numtide/devshell/7c9e793ebe66bcba8292989a68c0419b737a22a0' (2025-03-08) • Updated input 'home-manager': 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17) → 'github:nix-community/home-manager/0948aeedc296f964140d9429223c7e4a0702a1ff' (2025-03-22) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/507911df8c35939050ae324caccc7cf4ffb76565' (2025-03-02) → 'github:nix-community/nixos-generators/42ee229088490e3777ed7d1162cb9e9d8c3dbb11' (2025-03-21) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/b48cc4dab0f9711af296fc367b6108cf7b8ccb16' (2025-03-07) → 'github:NixOS/nixos-hardware/ecaa2d911e77c265c2a5bac8b583c40b0f151726' (2025-03-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9290fda826610430b3fc8cc98443c3a2faaaf151' (2025-03-07) → 'github:NixOS/nixpkgs/d02d88f8de5b882ccdde0465d8fa2db3aa1169f7' (2025-03-25) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/48913d8f9127ea6530a2a2f1bd4daa1b8685d8a3' (2025-03-05) → 'github:NixOS/nixpkgs/f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092' (2025-03-23) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/3d0579f5cc93436052d94b73925b48973a104204' (2025-02-17) → 'github:numtide/treefmt-nix/61c88349bf6dff49fa52d7dfc39b21026c2a8881' (2025-03-26) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 2d28985..69e3554 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1735644329, - "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", "owner": "numtide", "repo": "devshell", - "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1742655702, + "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1740947705, - "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "507911df8c35939050ae324caccc7cf4ffb76565", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1742806253, + "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741318725, - "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", + "lastModified": 1742937945, + "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", + "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1741196730, - "narHash": "sha256-0Sj6ZKjCpQMfWnN0NURqRCQn2ob7YtXTAOTwCuz7fkA=", + "lastModified": 1742751704, + "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "48913d8f9127ea6530a2a2f1bd4daa1b8685d8a3", + "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742982148, + "narHash": "sha256-aRA6LSxjlbMI6MmMzi/M5WH/ynd8pK+vACD9za3MKLQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "61c88349bf6dff49fa52d7dfc39b21026c2a8881", "type": "github" }, "original": { From d3c2fd9fad8068c3c6236466e887b3f9740724ac Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 31 Mar 2025 20:22:22 +0200 Subject: [PATCH 912/988] feat: android studio --- nixos/gorgon/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0d6f0cb..339f8f4 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -43,6 +43,8 @@ in repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; + nixpkgs.config.android_sdk.accept_license = true; + programs.ssh.startAgent = true; nix.extraOptions = '' @@ -136,6 +138,7 @@ in }]; environment.systemPackages = with pkgs; [ + android-studio ghostscript smartmontools From 5e160905c09cc8df7064f36d230e829921e4c6e3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 31 Mar 2025 20:22:35 +0200 Subject: [PATCH 913/988] feat: add fuzzel --- home/default.nix | 2 +- home/pkgs.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/home/default.nix b/home/default.nix index 2aef870..9dde748 100644 --- a/home/default.nix +++ b/home/default.nix @@ -189,7 +189,7 @@ in # Your preferred application launcher # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. - set $menu dmenu_path | wmenu | xargs swaymsg exec -- + set $menu fuzzel ### Idle configuration # diff --git a/home/pkgs.nix b/home/pkgs.nix index 50de796..d777f41 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -27,6 +27,7 @@ with pkgs; [ evolution ffmpeg file + fuzzel fx # themable json viewer fzf fzf From eff41d31e6e8ff871f06b7b64b1c13196936b7da Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 5 Apr 2025 18:53:39 +0200 Subject: [PATCH 914/988] chore: update inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 69e3554..8521e8e 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742937945, - "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "lastModified": 1743792629, + "narHash": "sha256-dqQv17m0O5j9YUHXM1RZr3jtTDYqLUBjtJUlLHYAZEo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "rev": "749bd56cf89ec71d3c953d5fbfe27ede27d04c37", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1742751704, - "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", + "lastModified": 1743703532, + "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", + "rev": "bdb91860de2f719b57eef819b5617762f7120c70", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1742982148, - "narHash": "sha256-aRA6LSxjlbMI6MmMzi/M5WH/ynd8pK+vACD9za3MKLQ=", + "lastModified": 1743748085, + "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "61c88349bf6dff49fa52d7dfc39b21026c2a8881", + "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", "type": "github" }, "original": { From 5049c9f0196bb7a39ab6b15ea3635a77cda1f16c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 6 Apr 2025 18:06:06 +0200 Subject: [PATCH 915/988] feat: add nix-output-monitor --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index d777f41..d399bd8 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -80,6 +80,7 @@ with pkgs; [ mpv mtr mumble + nix-output-monitor ncurses newsflash nixd From cf328ce296d3ebb8a499a2adf4ef1fb78a3278f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 8 Apr 2025 20:40:39 +0200 Subject: [PATCH 916/988] update flake --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 8521e8e..0521769 100644 --- a/flake.lock +++ b/flake.lock @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1743808813, - "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "lastModified": 1744117652, + "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743792629, - "narHash": "sha256-dqQv17m0O5j9YUHXM1RZr3jtTDYqLUBjtJUlLHYAZEo=", + "lastModified": 1743987495, + "narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "749bd56cf89ec71d3c953d5fbfe27ede27d04c37", + "rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1743703532, - "narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=", + "lastModified": 1743975612, + "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bdb91860de2f719b57eef819b5617762f7120c70", + "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", "type": "github" }, "original": { From eb0b01a17d945da82f160ddcca02f2e573d3f6d4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 15:26:18 +0200 Subject: [PATCH 917/988] fix: sway scaling, wallpaper, gaps --- home/default.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/home/default.nix b/home/default.nix index 9dde748..e601068 100644 --- a/home/default.nix +++ b/home/default.nix @@ -190,15 +190,16 @@ in # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. set $menu fuzzel + set $wallpaper "~/lib/pictures/wallpaper.jpg" ### Idle configuration # # Example configuration: # exec swayidle -w \ - timeout 300 'swaylock -f -c ${background}' \ + timeout 300 'swaylock -f -i $wallpaper -s fill' \ timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ - before-sleep 'swaylock -f -c ${background}' + before-sleep 'swaylock -f -i $wallpaper -s fill' # # This will lock your screen after 300 seconds of inactivity, then turn off # your displays after another 300 seconds, and turn your screens back on when @@ -395,6 +396,10 @@ in } } + # Gaps between multiple tiling windows + gaps inner 10 + smart_gaps on + bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border @@ -409,7 +414,7 @@ in include /etc/sway/config.d/* exec sleep 5; systemctl --user restart kanshi.service - exec sleep 5; output * bg ~/tmp/51761494940_7f9d6ab0e3_o.jpg fill + exec sleep 5; swaymsg output '*' bg $wallpaper fill ''; home.file.".config/sway/status".source = ./status; home.file.".config/kanshi/config".text = '' @@ -420,9 +425,9 @@ in profile Docked { output eDP-1 disable output "LG Electronics LG HDR 4K 0x000354D1" { - enable - scale 1.2 - position 0,0 + enable + scale 1.4 + position 0,0 } } ''; From cc80c71f88f736a7bde9d584a10d69442d0802cd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 15:33:20 +0200 Subject: [PATCH 918/988] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/de6fc5551121c59c01e2a3d45b277a6d05077bc4' (2025-03-31) → 'github:NixOS/nixos-hardware/1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1' (2025-04-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/db8f4fe18ce772a9c8f3adf321416981c8fe9371' (2025-04-07) → 'github:NixOS/nixpkgs/86484f6076aac9141df2bfcddbf7dcfce5e0c6bb' (2025-04-12) • Updated input 'nixpkgs-full': 'github:NixOS/nixpkgs/a880f49904d68b5e53338d1e8c7bf80f59903928' (2025-04-06) → 'github:NixOS/nixpkgs/26d499fc9f1d567283d5d56fcf367edd815dba1d' (2025-04-12) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 0521769..9e7634e 100644 --- a/flake.lock +++ b/flake.lock @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743987495, - "narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=", + "lastModified": 1744492897, + "narHash": "sha256-qqKO4FOo/vPmNIaRPcLqwfudUlQ29iNdI1IbCZfjmxs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371", + "rev": "86484f6076aac9141df2bfcddbf7dcfce5e0c6bb", "type": "github" }, "original": { @@ -279,11 +279,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1743975612, - "narHash": "sha256-o4FjFOUmjSRMK7dn0TFdAT0RRWUWD+WsspPHa+qEQT8=", + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a880f49904d68b5e53338d1e8c7bf80f59903928", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { From d257a18c2c7341eb2397a5591c262edd18b463d7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 19:09:17 +0200 Subject: [PATCH 919/988] feat: add chromium --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index d399bd8..c6ccc73 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -14,6 +14,7 @@ with pkgs; [ bluez-tools btop # htop choose # alternative to cut and awk with more readable syntax + chromium colordiff darcs delta # feature-rich diff viewer From cde3f39c11c9e524a4b79fa2dc6ea840b7d26658 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Apr 2025 20:56:56 +0200 Subject: [PATCH 920/988] feat: switch to black on white theme --- home/default.nix | 36 ++++++++++----------- home/modules/alacritty/default.nix | 2 +- home/modules/helix/config/config.toml | 2 +- home/modules/helix/config/themes/black.toml | 33 +++++++++++++++++++ home/modules/zsh.nix | 1 + 5 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 home/modules/helix/config/themes/black.toml diff --git a/home/default.nix b/home/default.nix index e601068..d35424e 100644 --- a/home/default.nix +++ b/home/default.nix @@ -19,24 +19,24 @@ let "helix" ]; colors = { - background = "fdf6e3"; - foreground = "657b83"; - regular0 = "eee8d5"; # background darker - regular1 = "dc322f"; # red - regular2 = "859900"; # green - regular3 = "b58900"; # dark orange - regular4 = "268bd2"; # azure blue - regular5 = "d33682"; # hot pink - regular6 = "2aa198"; # petrol - regular7 = "073642"; # navy - bright0 = "cb4b16"; # orange - bright1 = "fdf6e3"; # foreground - bright2 = "93a1a1"; # grey - bright3 = "839496"; # slightly darker grey - bright4 = "657b83"; # even slightly darker grey - bright5 = "6c71c4"; # purple - bright6 = "586e75"; # pretty dark grey - bright7 = "002b36"; # dark navy blue + background = "ffffff"; + foreground = "000000"; + regular0 = "000000"; + regular1 = "000000"; + regular2 = "000000"; + regular3 = "000000"; + regular4 = "000000"; + regular5 = "000000"; + regular6 = "000000"; + regular7 = "000000"; + bright0 = "ffffff"; + bright1 = "ffffff"; + bright2 = "ffffff"; + bright3 = "ffffff"; + bright4 = "ffffff"; + bright5 = "ffffff"; + bright6 = "ffffff"; + bright7 = "ffffff"; }; in { diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 086b945..db3db6e 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in programs.alacritty = { enable = true; settings = { - env.TERM = "xterm-256color"; + env.TERM = "xterm-mono"; scrolling.history = 0; font = { size = 9; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 41cf786..71b6c42 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "solarized_light" +theme = "black" [editor] line-number = "relative" diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml new file mode 100644 index 0000000..a403de9 --- /dev/null +++ b/home/modules/helix/config/themes/black.toml @@ -0,0 +1,33 @@ +"ui.background" = {bg="white"} +"ui.text" = "black" +"ui.linenr" = {bg="white", fg="black"} +"ui.linenr.selected" = {bg="white", fg="black"} +"ui.selection" = {bg="black", fg="white"} +"ui.cursorline" = {bg="black", fg="white"} +"ui.statusline" = {fg="white", bg="black"} +"ui.statusline.inactive" = {fg="black", bg="white"} +"ui.virtual" = "indent" +"ui.virtual.ruler" = { bg = "black", fg ="white" } +"ui.cursor.match" = { bg="black", fg="white" } +"ui.cursor" = {bg="black", fg="white"} +"ui.debug" = {fg="black"} +"ui.highlight" = { modifiers = ["underlined"] } +"ui.highlight.frameline" = { bg="black", fg="white" } +"ui.help" = { bg="black", fg="white" } +"ui.popup" = { bg="black", fg="white" } +"ui.text.info" = { bg="black", fg="white" } +"ui.menu" = { fg="white", bg="black" } +"ui.menu.selected" = { bg="white", fg="black" } +"ui.window" = { bg="white" } +"diagnostic" = { modifiers=["reversed"] } +"diagnostic.error" = {modifiers=["bold", "underlined"]} +"diagnostic.warning" = {modifiers=["underlined", "italic"]} +"diagnostic.hint" = {modifiers=["underlined"]} +"diagnostic.unnecessary" = {modifiers = ["dim"]} +"diagnostic.deprecated" = {modifiers = ["crossed_out"]} +"ui.bufferline" = { fg="black", bg="white" } +"ui.bufferline.active" = { fg="black", bg="white" } + +[palette] +white = "#ffffff" +black = "#000000" diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index ab51e59..b22cec0 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -20,6 +20,7 @@ in autocd = true; sessionVariables = { EDITOR = "hx"; + TERM = "xterm-mono"; }; history = { extended = true; From 5acfc7ecdde0627ffbf4827de018b90147f74ef5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 15 Apr 2025 20:37:03 +0200 Subject: [PATCH 921/988] fix: bw theme popovers in tmux and helix --- home/modules/helix/config/themes/black.toml | 21 +++++++++++---------- home/modules/tmux.nix | 4 ++-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml index a403de9..17ddd3d 100644 --- a/home/modules/helix/config/themes/black.toml +++ b/home/modules/helix/config/themes/black.toml @@ -2,21 +2,22 @@ "ui.text" = "black" "ui.linenr" = {bg="white", fg="black"} "ui.linenr.selected" = {bg="white", fg="black"} -"ui.selection" = {bg="black", fg="white"} -"ui.cursorline" = {bg="black", fg="white"} -"ui.statusline" = {fg="white", bg="black"} +"ui.selection" = {modifiers=["reversed"]} +"ui.cursorline" = {modifiers=["reversed"]} +"ui.statusline" = {modifiers=["reversed"]} "ui.statusline.inactive" = {fg="black", bg="white"} "ui.virtual" = "indent" "ui.virtual.ruler" = { bg = "black", fg ="white" } -"ui.cursor.match" = { bg="black", fg="white" } -"ui.cursor" = {bg="black", fg="white"} +"ui.cursor.match" = {modifiers=["reversed"]} +"ui.cursor" = {modifiers=["reversed"]} "ui.debug" = {fg="black"} "ui.highlight" = { modifiers = ["underlined"] } -"ui.highlight.frameline" = { bg="black", fg="white" } -"ui.help" = { bg="black", fg="white" } -"ui.popup" = { bg="black", fg="white" } -"ui.text.info" = { bg="black", fg="white" } -"ui.menu" = { fg="white", bg="black" } +"ui.highlight.frameline" = {modifiers=["reversed"]} +"ui.help" = { modifiers=["reversed"] } +"ui.popup" = { modifiers=["reversed"] } +"ui.popup.info" = { modifiers=["reversed"] } +"ui.text.info" = { modifiers=["reversed"] } +"ui.menu" = { modifiers=["reversed"] } "ui.menu.selected" = { bg="white", fg="black" } "ui.window" = { bg="white" } "diagnostic" = { modifiers=["reversed"] } diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 70f2974..df005ff 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,17 +12,17 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; - terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on - set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' + set -g status-bg "#000000" + set -g status-fg "#ffffff" bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" From fce74c64a96c3a451e41bcb3bc7836b8c35bb8e1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 19 Apr 2025 15:23:46 +0200 Subject: [PATCH 922/988] chore: update inputs --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 9e7634e..c2ee325 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1734450202, - "narHash": "sha256-/3gigrEBFORQs6a8LL5twoHs7biu08y/8Xc5aQmk3b0=", + "lastModified": 1744623129, + "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=", "owner": "NixOS", "repo": "flake-registry", - "rev": "02fe640c9e117dd9d6a34efc7bcb8bd09c08111d", + "rev": "1322f33d5836ae757d2e6190239252cf8402acf6", "type": "github" }, "original": { @@ -144,11 +144,11 @@ ] }, "locked": { - "lastModified": 1744117652, - "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", + "lastModified": 1744743431, + "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", + "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744492897, - "narHash": "sha256-qqKO4FOo/vPmNIaRPcLqwfudUlQ29iNdI1IbCZfjmxs=", + "lastModified": 1744917357, + "narHash": "sha256-1Sj8MToixDwakJYNMYBS/PYbg8Oa4CAxreXraMHB5qg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "86484f6076aac9141df2bfcddbf7dcfce5e0c6bb", + "rev": "1eae3268880484be84199bdb77941c09bb4a97ba", "type": "github" }, "original": { @@ -332,11 +332,11 @@ ] }, "locked": { - "lastModified": 1743748085, - "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", + "lastModified": 1744961264, + "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", + "rev": "8d404a69efe76146368885110f29a2ca3700bee6", "type": "github" }, "original": { From 687cb324007a548471dd9e1fa241fe0347747af1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Apr 2025 19:38:01 +0200 Subject: [PATCH 923/988] feat: switch to unstable channel for gorgon --- flake.lock | 24 +++++++-- flake.nix | 3 +- home/modules/helix/config/themes/black.toml | 2 +- home/pkgs.nix | 10 +--- nixos/configurations.nix | 3 +- nixos/modules/profiles/laptop.nix | 6 --- nixos/modules/yubikey.nix | 3 +- overlays.nix | 21 -------- pkgs/recipemd.nix | 58 --------------------- 9 files changed, 27 insertions(+), 103 deletions(-) delete mode 100644 pkgs/recipemd.nix diff --git a/flake.lock b/flake.lock index c2ee325..e425e8b 100644 --- a/flake.lock +++ b/flake.lock @@ -144,16 +144,15 @@ ] }, "locked": { - "lastModified": 1744743431, - "narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", + "lastModified": 1745251259, + "narHash": "sha256-Hf8WEJMMoP6Fe+k+PYkVJFk5UKory2S0jW7HqRVqQFc=", "owner": "nix-community", "repo": "home-manager", - "rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", + "rev": "82ee14ff60611b46588ea852f267aafcc117c8c8", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -293,6 +292,22 @@ "type": "github" } }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -306,6 +321,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", + "nixpkgs-unstable": "nixpkgs-unstable", "systems": "systems", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 7519d56..8dc1c74 100644 --- a/flake.nix +++ b/flake.nix @@ -3,13 +3,14 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; }; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml index 17ddd3d..88d1a35 100644 --- a/home/modules/helix/config/themes/black.toml +++ b/home/modules/helix/config/themes/black.toml @@ -17,7 +17,7 @@ "ui.popup" = { modifiers=["reversed"] } "ui.popup.info" = { modifiers=["reversed"] } "ui.text.info" = { modifiers=["reversed"] } -"ui.menu" = { modifiers=["reversed"] } +"ui.menu" = { bg="black", fg="white" } "ui.menu.selected" = { bg="white", fg="black" } "ui.window" = { bg="white" } "diagnostic" = { modifiers=["reversed"] } diff --git a/home/pkgs.nix b/home/pkgs.nix index c6ccc73..8615921 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -20,7 +20,6 @@ with pkgs; [ delta # feature-rich diff viewer dig direnv - dstat duf # disk usage dyff # diff tool for YAML element-desktop @@ -38,7 +37,6 @@ with pkgs; [ gimp glow glow # render markdown - gnome.gnome-tweaks gnumake gnupg gping # ping with graphs @@ -65,7 +63,6 @@ with pkgs; [ josm jq kanshi - kcachegrind keepassxc kubetail krita @@ -107,12 +104,8 @@ with pkgs; [ prusa-slicer pv pwgen - (python3.withPackages (python-pkgs: with python-pkgs; [ - pandas - requests - ])) + (python3.withPackages (pkgs: [pkgs.pandas pkgs.requests])) ranger - recipemd reptyr ripgrep ripgrep @@ -144,7 +137,6 @@ with pkgs; [ wireshark xdg-utils xmlstarlet - xsv # cut for csv unixtools.xxd xxh # portable shells yt-dlp diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 040ec6b..48d70cd 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -7,6 +7,7 @@ , homepage , nixos-hardware , nixos-generators +, nixpkgs-unstable , ... }@inputs: let @@ -25,7 +26,7 @@ let in { gorgon = nixosSystem rec { - n_nixpkgs = nixpkgs-full; + n_nixpkgs = nixpkgs-unstable; system = "x86_64-linux"; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 3ad8c11..bdba617 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,5 +1,4 @@ { config -, pkgs , lib , ... }: @@ -25,11 +24,6 @@ with lib; { age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - fonts.packages = mkDefault (with pkgs; [ - source-code-pro - vegur - ]); - users.mutableUsers = mkDefault true; # Use the systemd-boot EFI boot loader. diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 3df9499..77f4394 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -45,8 +45,7 @@ in #linuxPackages.acpi_call pam_u2f pamtester - yubikey-manager - yubikey-manager-qt + yubioath-flutter ]; }; } diff --git a/overlays.nix b/overlays.nix index bf0588c..2c63c08 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,23 +1,2 @@ { - kanboard = final: prev: { - kanboard = prev.kanboard.overrideAttrs (oldAttrs: { - src = prev.fetchFromGitHub { - owner = "kanboard"; - repo = "kanboard"; - rev = "v${oldAttrs.version}"; - sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0="; - }; - }); - }; - - recipemd = final: prev: { - pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ - ( - python-final: python-prev: { - recipemd = python-final.callPackage ./pkgs/recipemd.nix { }; - } - ) - ]; - recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd; - }; } diff --git a/pkgs/recipemd.nix b/pkgs/recipemd.nix deleted file mode 100644 index 4879a9a..0000000 --- a/pkgs/recipemd.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, pytestCheckHook -, pythonPackages -, installShellFiles -, pythonOlder -, pythonAtLeast -}: -buildPythonPackage rec { - pname = "recipemd"; - version = "4.0.8"; - - disabled = pythonOlder "3.7" || pythonAtLeast "4"; - - src = fetchFromGitHub { - owner = "tstehr"; - repo = "RecipeMD"; - rev = "v${version}"; - hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc="; - }; - - propagatedBuildInputs = with pythonPackages; [ - dataclasses-json - yarl - CommonMark - argcomplete - pyparsing - ]; - - nativeBuildInputs = [ installShellFiles ]; - - postInstall = '' - ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash - installShellCompletion --bash --name recipemd.bash $out/completions.bash - - ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish - installShellCompletion --fish --name recipemd.fish $out/completions.fish - - # The version of argcomplete in nixpkgs-stable does not have support for zsh - #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh - #installShellCompletion --zsh --name _recipemd $out/completions.zsh - ''; - - checkInputs = [ - pytestCheckHook - pythonPackages.pytestcov - ]; - - doCheck = true; - - meta = with lib; { - description = "Markdown recipe manager, reference implementation of RecipeMD"; - homepage = "https://recipemd.org"; - license = [ licenses.lgpl3Only ]; - maintainers = [ maintainers.dadada ]; - }; -} From a934dca7b65d5158cb696a786d59211f536c9615 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Apr 2025 19:47:43 +0200 Subject: [PATCH 924/988] feat: add dune 3d --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 8615921..0facf12 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -21,6 +21,7 @@ with pkgs; [ dig direnv duf # disk usage + dune3d dyff # diff tool for YAML element-desktop evince From 65720489b501597a59b967c073f1bfeb78729140 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Apr 2025 21:45:36 +0200 Subject: [PATCH 925/988] chore: make prompt and shell pretty --- home/default.nix | 10 +++++----- home/modules/zsh.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/home/default.nix b/home/default.nix index d35424e..80d53a3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -403,11 +403,11 @@ in bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border - client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} - client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} - client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} - client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} - client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} + client.focused #${background} #${foreground} #${background} #${foreground} #${background} + client.focused_inactive #${background} #${background} #${foreground} #${foreground} #${background} + client.unfocused #${background} #${background} #${foreground} #${foreground} #${background} + client.urgent #${background} #${background} #${foreground} #${foreground} #${background} + client.placeholder #${background} #${background} #${foreground} #${foreground} #${background} client.background #${foreground} diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index b22cec0..fb4cc76 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -43,7 +43,7 @@ in preexec() { echo -n -e "\033]0;$1\007" } - PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " + PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" ''; From 033328e893cbbf2ae67b6d454b802ccda8ebd89b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:27:21 +0200 Subject: [PATCH 926/988] feat(home): add poweralertd --- home/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/default.nix b/home/default.nix index 80d53a3..adeab0b 100644 --- a/home/default.nix +++ b/home/default.nix @@ -432,6 +432,8 @@ in } ''; + services.poweralertd.enable = true; + # Let Home Manager install and manage itself. programs.home-manager.enable = true; From 210fa098aee7b21235c175affcf25e385233ec74 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:27:36 +0200 Subject: [PATCH 927/988] fix: remove commented out line --- home/modules/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index fb4cc76..e7f8e57 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -45,7 +45,6 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' - #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" ''; profileExtra = '' ''; From 2917f96631209e50eacba0180bfc73c406698697 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:30:20 +0200 Subject: [PATCH 928/988] chore: update lix module --- flake.lock | 59 +++++++++++++++++++++++++++++++++++++++++------------- flake.nix | 3 +-- 2 files changed, 46 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index e425e8b..923b31e 100644 --- a/flake.lock +++ b/flake.lock @@ -101,6 +101,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -174,22 +192,20 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -197,15 +213,15 @@ ] }, "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "nixlib": { @@ -322,7 +338,7 @@ "nixpkgs": "nixpkgs", "nixpkgs-full": "nixpkgs-full", "nixpkgs-unstable": "nixpkgs-unstable", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -341,6 +357,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 8dc1c74..021bc7a 100644 --- a/flake.nix +++ b/flake.nix @@ -27,9 +27,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; }; nixos-generators = { url = "github:nix-community/nixos-generators"; From 8d54f859a0aee4d10f33f5b9d5fe090f1df7745b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:34:06 +0200 Subject: [PATCH 929/988] Revert "fix: bw theme popovers in tmux and helix" This reverts commit 5acfc7ecdde0627ffbf4827de018b90147f74ef5. --- home/modules/helix/config/themes/black.toml | 34 --------------------- home/modules/tmux.nix | 4 +-- 2 files changed, 2 insertions(+), 36 deletions(-) delete mode 100644 home/modules/helix/config/themes/black.toml diff --git a/home/modules/helix/config/themes/black.toml b/home/modules/helix/config/themes/black.toml deleted file mode 100644 index 88d1a35..0000000 --- a/home/modules/helix/config/themes/black.toml +++ /dev/null @@ -1,34 +0,0 @@ -"ui.background" = {bg="white"} -"ui.text" = "black" -"ui.linenr" = {bg="white", fg="black"} -"ui.linenr.selected" = {bg="white", fg="black"} -"ui.selection" = {modifiers=["reversed"]} -"ui.cursorline" = {modifiers=["reversed"]} -"ui.statusline" = {modifiers=["reversed"]} -"ui.statusline.inactive" = {fg="black", bg="white"} -"ui.virtual" = "indent" -"ui.virtual.ruler" = { bg = "black", fg ="white" } -"ui.cursor.match" = {modifiers=["reversed"]} -"ui.cursor" = {modifiers=["reversed"]} -"ui.debug" = {fg="black"} -"ui.highlight" = { modifiers = ["underlined"] } -"ui.highlight.frameline" = {modifiers=["reversed"]} -"ui.help" = { modifiers=["reversed"] } -"ui.popup" = { modifiers=["reversed"] } -"ui.popup.info" = { modifiers=["reversed"] } -"ui.text.info" = { modifiers=["reversed"] } -"ui.menu" = { bg="black", fg="white" } -"ui.menu.selected" = { bg="white", fg="black" } -"ui.window" = { bg="white" } -"diagnostic" = { modifiers=["reversed"] } -"diagnostic.error" = {modifiers=["bold", "underlined"]} -"diagnostic.warning" = {modifiers=["underlined", "italic"]} -"diagnostic.hint" = {modifiers=["underlined"]} -"diagnostic.unnecessary" = {modifiers = ["dim"]} -"diagnostic.deprecated" = {modifiers = ["crossed_out"]} -"ui.bufferline" = { fg="black", bg="white" } -"ui.bufferline.active" = { fg="black", bg="white" } - -[palette] -white = "#ffffff" -black = "#000000" diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index df005ff..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -12,17 +12,17 @@ in config = mkIf cfg.enable { programs.tmux = { enable = true; + terminal = "tmux-256color"; extraConfig = '' setw -g mode-keys vi set -g mouse on set -g set-clipboard external set -g set-titles on set -g status on + set -ga terminal-overrides ',*256col*:Tc' set-option -g status-interval 5 set-option -g automatic-rename on set-option -g automatic-rename-format '#{b:pane_current_path}' - set -g status-bg "#000000" - set -g status-fg "#ffffff" bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" From 8baeff1f366e91a7a15cd55e43d6a308dac0645b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:34:08 +0200 Subject: [PATCH 930/988] Revert "feat: switch to black on white theme" This reverts commit cde3f39c11c9e524a4b79fa2dc6ea840b7d26658. --- home/default.nix | 36 +++++++++++++-------------- home/modules/alacritty/default.nix | 2 +- home/modules/helix/config/config.toml | 2 +- home/modules/zsh.nix | 1 - 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/home/default.nix b/home/default.nix index adeab0b..0a0df48 100644 --- a/home/default.nix +++ b/home/default.nix @@ -19,24 +19,24 @@ let "helix" ]; colors = { - background = "ffffff"; - foreground = "000000"; - regular0 = "000000"; - regular1 = "000000"; - regular2 = "000000"; - regular3 = "000000"; - regular4 = "000000"; - regular5 = "000000"; - regular6 = "000000"; - regular7 = "000000"; - bright0 = "ffffff"; - bright1 = "ffffff"; - bright2 = "ffffff"; - bright3 = "ffffff"; - bright4 = "ffffff"; - bright5 = "ffffff"; - bright6 = "ffffff"; - bright7 = "ffffff"; + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue }; in { diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index db3db6e..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -17,7 +17,7 @@ in programs.alacritty = { enable = true; settings = { - env.TERM = "xterm-mono"; + env.TERM = "xterm-256color"; scrolling.history = 0; font = { size = 9; diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml index 71b6c42..41cf786 100644 --- a/home/modules/helix/config/config.toml +++ b/home/modules/helix/config/config.toml @@ -1,4 +1,4 @@ -theme = "black" +theme = "solarized_light" [editor] line-number = "relative" diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index e7f8e57..a095bff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -20,7 +20,6 @@ in autocd = true; sessionVariables = { EDITOR = "hx"; - TERM = "xterm-mono"; }; history = { extended = true; From 787ff188745f410000c3e977a0c8735d29cb3441 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:36:19 +0200 Subject: [PATCH 931/988] Revert "chore: make prompt and shell pretty" This reverts commit 65720489b501597a59b967c073f1bfeb78729140. --- home/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/home/default.nix b/home/default.nix index 0a0df48..fd0ddd3 100644 --- a/home/default.nix +++ b/home/default.nix @@ -403,11 +403,11 @@ in bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 # class border backgr. text indicator child_border - client.focused #${background} #${foreground} #${background} #${foreground} #${background} - client.focused_inactive #${background} #${background} #${foreground} #${foreground} #${background} - client.unfocused #${background} #${background} #${foreground} #${foreground} #${background} - client.urgent #${background} #${background} #${foreground} #${foreground} #${background} - client.placeholder #${background} #${background} #${foreground} #${foreground} #${background} + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} client.background #${foreground} From 091c4243fe759d166eecd9757afab5bcf7df7bf4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:38:15 +0200 Subject: [PATCH 932/988] chore: update nixpkgs --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 923b31e..f95384d 100644 --- a/flake.lock +++ b/flake.lock @@ -162,11 +162,11 @@ ] }, "locked": { - "lastModified": 1745251259, - "narHash": "sha256-Hf8WEJMMoP6Fe+k+PYkVJFk5UKory2S0jW7HqRVqQFc=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "82ee14ff60611b46588ea852f267aafcc117c8c8", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -262,11 +262,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -278,11 +278,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744917357, - "narHash": "sha256-1Sj8MToixDwakJYNMYBS/PYbg8Oa4CAxreXraMHB5qg=", + "lastModified": 1747418223, + "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1eae3268880484be84199bdb77941c09bb4a97ba", + "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8", "type": "github" }, "original": { @@ -294,11 +294,11 @@ }, "nixpkgs-full": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1747335874, + "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", "type": "github" }, "original": { @@ -310,11 +310,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -379,11 +379,11 @@ ] }, "locked": { - "lastModified": 1744961264, - "narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "8d404a69efe76146368885110f29a2ca3700bee6", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { From 6ca9dde866a27d4e0343a28a8cbc1d8b4ba1fb10 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 12:49:05 +0200 Subject: [PATCH 933/988] chore: update nixpkgs --- flake.lock | 51 ++++++------------ flake.nix | 5 +- nixos/configurations.nix | 110 +++++++++++++++++++++++---------------- outputs.nix | 29 +++++------ 4 files changed, 97 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index f95384d..e980db7 100644 --- a/flake.lock +++ b/flake.lock @@ -277,38 +277,6 @@ } }, "nixpkgs": { - "locked": { - "lastModified": 1747418223, - "narHash": "sha256-DkCYFm09AR2+FPKcT7lD8iIMNXqTdesVvwKpCnqKiYg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c9326e40bb557ebb8c040b4375590bc06413f8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-full": { - "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { "locked": { "lastModified": 1747327360, "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", @@ -324,6 +292,22 @@ "type": "github" } }, + "nixpkgs-small": { + "locked": { + "lastModified": 1747452614, + "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e067fb89ac3e59f993f257c799318132f1492f01", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -336,8 +320,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-full": "nixpkgs-full", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-small": "nixpkgs-small", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 021bc7a..ec49fa2 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,8 @@ description = "dadada's nix flake"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-full.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 48d70cd..497a7bf 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,32 +1,42 @@ -{ self -, agenix -, lix-module -, nixpkgs -, nixpkgs-full -, home-manager -, homepage -, nixos-hardware -, nixos-generators -, nixpkgs-unstable -, ... +{ + self, + agenix, + home-manager, + homepage, + lix-module, + nixos-hardware, + nixos-generators, + nixpkgs, + nixpkgs-small, + ... }@inputs: let lixModule = lix-module.nixosModules.default; - nixosSystem = { n_nixpkgs ? nixpkgs, system ? "x86_64-linux", extraModules ? [ ] }: n_nixpkgs.lib.nixosSystem { - inherit system; + nixosSystem = + { + nixpkgs, + system ? "x86_64-linux", + extraModules ? [ ], + }: + nixpkgs.lib.nixosSystem { + inherit system; - modules = [ - lixModule - { - nixpkgs.overlays = n_nixpkgs.lib.attrValues self.overlays; - } - ] ++ (n_nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules; - }; + modules = + [ + lixModule + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; + }; in { gorgon = nixosSystem rec { - n_nixpkgs = nixpkgs-unstable; + nixpkgs = nixpkgs; system = "x86_64-linux"; @@ -34,13 +44,16 @@ in { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { dadada = self; }; + dadada.inputs = inputs // { + dadada = self; + }; } nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 home-manager.nixosModules.home-manager - ({ pkgs, lib, ... }: + ( + { pkgs, lib, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -49,12 +62,14 @@ in { manual.manpages.enable = false; } ]; home-manager.users.dadada = import ../home; - }) + } + ) ./gorgon/configuration.nix ]; }; surgat = nixosSystem { + nixpkgs = nixpkgs-small; system = "x86_64-linux"; extraModules = [ { @@ -66,34 +81,39 @@ in }; agares = nixosSystem { + nixpkgs = nixpkgs-small; extraModules = [ ./agares/configuration.nix ]; }; - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - lixModule - nixos-generators.nixosModules.install-iso - self.nixosModules.admin - { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; - networking.tempAddresses = "disabled"; - dadada.admin.enable = true; - documentation.enable = true; - documentation.nixos.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - } - ]; - }; + installer = + let + nixpkgs = nixpkgs-small; + in + nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + lixModule + nixos-generators.nixosModules.install-iso + self.nixosModules.admin + { + isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = true; + documentation.nixos.enable = true; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ]; + }; ninurta = nixosSystem { - n_nixpkgs = nixpkgs-full; + nixpkgs = nixpkgs-small; extraModules = [ ./ninurta/configuration.nix ]; diff --git a/outputs.nix b/outputs.nix index efa3dab..d588f6e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,18 +1,14 @@ # Adapted from Mic92/dotfiles -{ self -, flake-utils -, flake-registry -, homepage -, lix-module -, nixpkgs -, home-manager -, nixos-hardware -, nixpkgs-full -, agenix -, devshell -, ... -} @ inputs: -(flake-utils.lib.eachDefaultSystem (system: +{ + self, + flake-utils, + nixpkgs, + agenix, + devshell, + ... +}@inputs: +(flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; }; in @@ -35,8 +31,9 @@ packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; }; - })) - // { + } +)) +// { hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; From 0d892a1b7e0a6867e5f6f80777819c64056c0288 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 13:05:33 +0200 Subject: [PATCH 934/988] feat: switch to lix from nixpkgs --- flake.lock | 86 +-------------------------------- flake.nix | 4 -- nixos/configurations.nix | 65 ++++++++++++------------- nixos/modules/profiles/base.nix | 4 +- 4 files changed, 35 insertions(+), 124 deletions(-) diff --git a/flake.lock b/flake.lock index e980db7..8a95fce 100644 --- a/flake.lock +++ b/flake.lock @@ -101,39 +101,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -189,41 +156,6 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -316,12 +248,11 @@ "flake-utils": "flake-utils", "home-manager": "home-manager_2", "homepage": "homepage", - "lix-module": "lix-module", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -340,21 +271,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index ec49fa2..05f7349 100644 --- a/flake.nix +++ b/flake.nix @@ -25,10 +25,6 @@ url = "github:numtide/devshell"; inputs.nixpkgs.follows = "nixpkgs"; }; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 497a7bf..adacb51 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -3,7 +3,6 @@ agenix, home-manager, homepage, - lix-module, nixos-hardware, nixos-generators, nixpkgs, @@ -11,8 +10,6 @@ ... }@inputs: let - lixModule = lix-module.nixosModules.default; - nixosSystem = { nixpkgs, @@ -24,7 +21,6 @@ let modules = [ - lixModule { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; } @@ -35,38 +31,40 @@ let }; in { - gorgon = nixosSystem rec { - nixpkgs = nixpkgs; + gorgon = + let + system = "x86_64-linux"; + in + nixosSystem { + inherit nixpkgs system; - system = "x86_64-linux"; - - extraModules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - - home-manager.nixosModules.home-manager - ( - { pkgs, lib, ... }: + extraModules = [ { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { + dadada = self; + }; } - ) - ./gorgon/configuration.nix - ]; - }; + + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + + home-manager.nixosModules.home-manager + ( + { pkgs, lib, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + { manual.manpages.enable = false; } + ]; + home-manager.users.dadada = import ../home; + } + ) + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { nixpkgs = nixpkgs-small; @@ -94,7 +92,6 @@ in nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - lixModule nixos-generators.nixosModules.install-iso self.nixosModules.admin { diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index e375cc9..c23a273 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -22,6 +22,8 @@ in time.timeZone = mkDefault "Europe/Berlin"; + nix.package = pkgs.lix; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ From cb69d8edb0a321d9069e3fe2f1a95745d783c927 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 13:43:46 +0200 Subject: [PATCH 935/988] fix: set maximum log retention to 100 days --- nixos/modules/profiles/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index d26358c..1aeab43 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -20,6 +20,7 @@ with lib; { services.journald.extraConfig = '' SystemKeepFree = 2G + MaxRetentionSec = 100days ''; system.autoUpgrade = { From 33bc06ee109b9798676f0c6e192f5000ff7fffe3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 17 May 2025 14:01:36 +0200 Subject: [PATCH 936/988] fix(surgat): ssh initrd unlock --- nixos/modules/profiles/cloud.nix | 4 ++-- secrets/secrets.nix | 1 + secrets/surgat-initrd-ssh_host_ed25519_key.age | Bin 0 -> 820 bytes 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 secrets/surgat-initrd-ssh_host_ed25519_key.age diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 98314c7..86e2c74 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; + initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key"; in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; @@ -9,7 +9,7 @@ in enable = true; ssh = { enable = true; - port = 22; + port = 2223; hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7da57e3..d1a5265 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; + "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/surgat-initrd-ssh_host_ed25519_key.age new file mode 100644 index 0000000000000000000000000000000000000000..32dbcbf2ce1b0961f179ad26bb2a5577f8e340cc GIT binary patch literal 820 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73iZz_C|4+tGRfCZ z&d5sgGR!W_3CeS>Dl|^bjxsE-axG0RjLa=_3OB3DF3?X8jN~#X4lm3t^e)eL^GHt% z@isRt&#H*hFUTq`3~<(t(zb{QGRexy^RsYvE=RY`za%>+yIjFFE!W4nFd$evIVZB% zE4#=z(%3E2J0#U3IUuvrE3nu!Afz(I$IQgfJ(;V*JS5fMH6Xy>Fgz^F+a=e}O*_Ri zDLmB3IbFLdBiC2IA}}H^*wMKnDjj5-j&6EUYGQG!LVk^RY!+9cW0Y}rhL1t2g=2U| zdX#fMdPiB~zkGUt8uCA^^sG(y?QfYZensa1UWm=YgK&8HMVs@a9si8}iUx`O} zmVvWDa8ZF_aYZE813kM3k1ORHde^>FMMQs`M%E25m8 zrf<$7t1UjO@xAcLnVW2u?cfU+**y21(FLiW-|v39@qB*&kLfqhSh1E1Gs%Bz`t>Tr zBP3UyThds-|5-%9#B2+F?yXNJueQsZ-Mr6&^Obhkl_gHQEJL<*MQDnse_Wr_7RS%a z{_yj>dv|V3pD=fdd*xpqcbjvb>%V-MTE1qt!ZUfXA1i)ueREBJZlGyprG)>wX!%=W zJGyng-?=lXOYi5dF9ZO&NU2D_HH3{TdTKKN5 zXun#`e);h59lSp{KE9|6e=4~7vQOC0@3U{}mj7RHOLY3bEzyZw=6l|A8wHB3nsQ0$ z#e4_e_%COpJC|6rI~>hyTxXW4737q0n5UmvcSj&j^OB~_+z$Mn$L}z(6)!BRj@;_6pb~8|)hvRk+-ikQ Date: Sat, 17 May 2025 15:02:31 +0200 Subject: [PATCH 937/988] fix(surgat): initrd networking --- nixos/modules/profiles/cloud.nix | 17 +++++++++++++++-- nixos/surgat/configuration.nix | 4 ++++ ... => initrd-surgat-ssh_host_ed25519_key.age} | Bin secrets/secrets.nix | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) rename secrets/{surgat-initrd-ssh_host_ed25519_key.age => initrd-surgat-ssh_host_ed25519_key.age} (100%) diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index 86e2c74..ba131e1 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -1,10 +1,18 @@ { config, lib, ... }: let secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key"; + initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; in { boot.initrd.availableKernelModules = [ "virtio-pci" ]; + + boot.kernelParams = [ + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; boot.initrd.network = { enable = true; ssh = { @@ -27,8 +35,13 @@ in ''; }; + assertions = lib.singleton { + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/${initrdHostKey}.age"; + file = "${secretsPath}/initrd-${initrdHostKey}.age"; mode = "600"; path = "/etc/initrd/${initrdHostKey}"; symlink = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 6dad1ee..f2c7ba2 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -137,6 +137,10 @@ in boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; + boot.kernelParams = [ + "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" + ]; + services.resolved = { enable = true; fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age similarity index 100% rename from secrets/surgat-initrd-ssh_host_ed25519_key.age rename to secrets/initrd-surgat-ssh_host_ed25519_key.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d1a5265..946d855 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,7 +21,7 @@ in "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; "paperless.age".publicKeys = [ systems.gorgon dadada ]; - "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; From 22a525b5b39f8b1231d1db5c959f9a3ee2bf1fc0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 25 May 2025 14:35:05 +0200 Subject: [PATCH 938/988] feat: switch to KDE --- home/default.nix | 4 ++-- nixos/gorgon/configuration.nix | 23 +++++++++++++++-------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/home/default.nix b/home/default.nix index fd0ddd3..a21362c 100644 --- a/home/default.nix +++ b/home/default.nix @@ -10,7 +10,7 @@ let "direnv" "git" "gpg" - "gtk" + #"gtk" #"keyring" "syncthing" "tmux" @@ -432,7 +432,7 @@ in } ''; - services.poweralertd.enable = true; + #services.poweralertd.enable = true; # Let Home Manager install and manage itself. programs.home-manager.enable = true; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 339f8f4..13b861a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -145,8 +145,12 @@ in dmenu grim # screenshot functionality slurp # screenshot functionality - mako # notification system developed by swaywm maintainer + #mako # notification system developed by swaywm maintainer pulseaudio + + # KDE apps + kdePackages.kmail + kdePackages.kmail-account-wizard ]; networking.firewall = { @@ -195,11 +199,14 @@ in services.gnome.gnome-keyring.enable = lib.mkForce false; programs.gnupg.agent.enable = true; - #services.xserver.enable = true; - #services.xserver.desktopManager.gnome.enable = true; - #services.xserver.displayManager.gdm.enable = true; + # KDE + services = { + desktopManager.plasma6.enable = true; + displayManager.sddm.enable = true; + displayManager.sddm.wayland.enable = true; + }; services.greetd = { - enable = true; + enable = false; settings = { default_session = { command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; @@ -208,7 +215,7 @@ in }; }; systemd.user.services.kanshi = { - enable = true; + enable = false; description = "kanshi daemon"; environment = { WAYLAND_DISPLAY = "wayland-1"; @@ -221,11 +228,11 @@ in }; # enable Sway window manager programs.sway = { - enable = true; + enable = false; wrapperFeatures.gtk = true; }; programs.light.enable = true; - xdg.portal.wlr.enable = true; + xdg.portal.wlr.enable = false; hardware.bluetooth.enable = true; hardware.opengl = { From 74fd474e4a149b37682b2d2a0f1c892e10cbd548 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 25 May 2025 14:45:18 +0200 Subject: [PATCH 939/988] fix: put tmps into RAM --- nixos/modules/profiles/base.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index c23a273..bc08040 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -8,6 +8,9 @@ in ./upgrade-pg-cluster.nix ]; + boot.tmp.useTmpfs = true; + boot.tmp.tmpfsSize = "50%"; + i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { font = "Lat2-Terminus16"; From b638c4125bab3d11aaa29a76f09c769370c095f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 3 Jun 2025 19:51:43 +0200 Subject: [PATCH 940/988] chore: update dependencies --- flake.lock | 63 +++++++++++++++++++++++++++++++++--------------------- flake.nix | 2 +- 2 files changed, 40 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 8a95fce..41a9b46 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,19 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1703089996, - "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { "owner": "ryantm", - "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1747439237, - "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", + "lastModified": 1748955489, + "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", "owner": "nix-community", "repo": "home-manager", - "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", + "rev": "bb846c031be68a96466b683be32704ef6e07b159", "type": "github" }, "original": { @@ -179,11 +179,11 @@ ] }, "locked": { - "lastModified": 1742568034, - "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", + "lastModified": 1747663185, + "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", + "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747129300, - "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", + "lastModified": 1748942041, + "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e81fd167b33121269149c57806599045fd33eeed", + "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747327360, - "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1747452614, - "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", + "lastModified": 1748942227, + "narHash": "sha256-U1oNpFoDO7QaO4iHsue7atK/5mJy7U1Y37mLU/SRk0o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e067fb89ac3e59f993f257c799318132f1492f01", + "rev": "7ab490624e297ff96f52858bb32b504516b8bb61", "type": "github" }, "original": { @@ -252,7 +252,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", - "systems": "systems", + "systems": "systems_2", "treefmt-nix": "treefmt-nix" } }, @@ -271,6 +271,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -278,11 +293,11 @@ ] }, "locked": { - "lastModified": 1747469671, - "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 05f7349..801e5a2 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ flake = false; }; agenix = { - url = "github:ryantm/agenix/0.15.0"; + url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { From 1402ee13cc3454cf1634626aa7e80fe3c7e6f33a Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 3 Jun 2025 20:04:44 +0200 Subject: [PATCH 941/988] chore: reformat --- checks.nix | 24 +-- flake.nix | 2 +- home/dconf.nix | 21 ++- home/modules.nix | 15 +- home/modules/alacritty/default.nix | 12 +- home/modules/colors.nix | 10 +- home/modules/direnv.nix | 12 +- home/modules/git.nix | 12 +- home/modules/gpg.nix | 10 +- home/modules/gtk.nix | 12 +- home/modules/helix/default.nix | 7 +- home/modules/keyring.nix | 10 +- home/modules/session.nix | 10 +- home/modules/ssh.nix | 10 +- home/modules/syncthing.nix | 12 +- home/modules/tmux.nix | 10 +- home/modules/xdg.nix | 12 +- home/modules/zsh.nix | 15 +- home/nixpkgs-config.nix | 3 +- home/pkgs.nix | 8 +- hydra-jobs.nix | 7 +- nixos/agares/configuration.nix | 23 ++- nixos/agares/dns.nix | 5 +- nixos/agares/network.nix | 63 ++++--- nixos/agares/ppp.nix | 7 +- nixos/gorgon/configuration.nix | 59 +++++-- nixos/gorgon/hardware-configuration.nix | 23 ++- nixos/modules/admin.nix | 56 +++--- nixos/modules/backup.nix | 12 +- nixos/modules/borg-server.nix | 27 ++- nixos/modules/ddns.nix | 104 ++++++----- nixos/modules/default.nix | 18 +- nixos/modules/element.nix | 9 +- nixos/modules/fileShare.nix | 10 +- nixos/modules/gitea.nix | 9 +- nixos/modules/headphones.nix | 12 +- nixos/modules/homepage.nix | 10 +- nixos/modules/inputs.nix | 9 +- nixos/modules/profiles/backup.nix | 6 +- nixos/modules/profiles/base.nix | 15 +- nixos/modules/profiles/cloud.nix | 19 +- nixos/modules/profiles/laptop.nix | 13 +- nixos/modules/profiles/server.nix | 16 +- nixos/modules/profiles/upgrade-pg-cluster.nix | 7 +- nixos/modules/share.nix | 12 +- nixos/modules/steam.nix | 12 +- nixos/modules/vpnServer.nix | 57 +++--- nixos/modules/weechat.nix | 12 +- nixos/modules/yubikey.nix | 12 +- nixos/ninurta/configuration.nix | 91 +++++++--- nixos/ninurta/hardware-configuration.nix | 166 ++++++++++-------- nixos/surgat/configuration.nix | 53 ++++-- nixos/surgat/hardware-configuration.nix | 22 ++- outputs.nix | 2 +- overlays.nix | 3 +- pkgs/default.nix | 3 +- secrets/secrets.nix | 100 ++++++++--- 57 files changed, 845 insertions(+), 466 deletions(-) diff --git a/checks.nix b/checks.nix index 65d3493..9505c35 100644 --- a/checks.nix +++ b/checks.nix @@ -1,20 +1,20 @@ -{ self -, flake-utils -, nixpkgs -, ... +{ + self, + flake-utils, + nixpkgs, + ... }: -(flake-utils.lib.eachDefaultSystem (system: +(flake-utils.lib.eachDefaultSystem ( + system: let pkgs = nixpkgs.legacyPackages.${system}; formatter = self.formatter.${system}; in { checks = { - format = pkgs.runCommand - "check-format" - { - buildInputs = [ formatter ]; - } - "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; + format = pkgs.runCommand "check-format" { + buildInputs = [ formatter ]; + } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; }; - })).checks + } +)).checks diff --git a/flake.nix b/flake.nix index 801e5a2..0cc4b5c 100644 --- a/flake.nix +++ b/flake.nix @@ -40,5 +40,5 @@ }; }; - outputs = { ... } @ args: import ./outputs.nix args; + outputs = { ... }@args: import ./outputs.nix args; } diff --git a/home/dconf.nix b/home/dconf.nix index db5ca18..5238c97 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -33,8 +33,20 @@ with lib.hm.gvariant; current = mkUint32 0; per-window = false; show-all-sources = true; - sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ]; - xkb-options = [ "lv3:ralt_switch" "caps:escape" ]; + sources = [ + (mkTuple [ + "xkb" + "eu" + ]) + (mkTuple [ + "xkb" + "de" + ]) + ]; + xkb-options = [ + "lv3:ralt_switch" + "caps:escape" + ]; }; "org/gnome/desktop/interface" = { @@ -127,7 +139,10 @@ with lib.hm.gvariant; composer-attribution-language = "de_DE"; composer-reply-start-bottom = false; composer-signature-in-new-only = true; - composer-spell-languages = [ "de" "en_US" ]; + composer-spell-languages = [ + "de" + "en_US" + ]; composer-top-signature = false; composer-unicode-smileys = false; composer-visually-wrap-long-lines = true; diff --git a/home/modules.nix b/home/modules.nix index 0e295c9..0a6c961 100644 --- a/home/modules.nix +++ b/home/modules.nix @@ -1,8 +1,13 @@ { lib, ... }: -with lib; let - modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) - (builtins.readDir dir); - modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) - (modules' dir); +with lib; +let + modules' = + dir: + filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir); + modules = + dir: + mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( + modules' dir + ); in (modules ./modules) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index 086b945..da9f503 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -1,9 +1,11 @@ -{ pkgs -, lib -, config -, ... +{ + pkgs, + lib, + config, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.alacritty; in { diff --git a/home/modules/colors.nix b/home/modules/colors.nix index 5c197a1..a4dc5c7 100644 --- a/home/modules/colors.nix +++ b/home/modules/colors.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; { +with lib; +{ options.dadada.home.colors = mkOption { type = types.attrs; description = "Color scheme"; diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index cf36bf1..27a0907 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.direnv; in { diff --git a/home/modules/git.nix b/home/modules/git.nix index 7762612..92c4c12 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,9 +1,11 @@ -{ config -, lib -, pkgs -, ... +{ + config, + lib, + pkgs, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.git; allowedSigners = pkgs.writeTextFile { name = "allowed-signers"; diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index d1af776..baa17dd 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.gpg; in { diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index eb6dae8..5dcd2e6 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -1,9 +1,11 @@ -{ config -, lib -, pkgs -, ... +{ + config, + lib, + pkgs, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.gtk; in { diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 2ffdc51..7717423 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.dadada.home.helix; in diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index e82d476..48b8b54 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.keyring; in { diff --git a/home/modules/session.nix b/home/modules/session.nix index 879400d..ba5c941 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.session; in { diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index 96f4ed3..b8aab54 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.ssh; in { diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix index fd566b4..8095904 100644 --- a/home/modules/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.syncthing; in { diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 70f2974..063b8f2 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.tmux; in { diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index cccf70e..02cadaf 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let apps = { "x-scheme-handler/mailto" = "evolution.desktop"; "message/rfc822" = "evolution.desktop"; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index a095bff..96364ff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.home.zsh; in { @@ -45,8 +47,7 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' ''; - profileExtra = '' - ''; + profileExtra = ''''; shellAliases = { ga = "git add"; gc = "git commit"; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 83fcdbc..6a29a63 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,4 +1,5 @@ -{ pkgs }: { +{ pkgs }: +{ allowUnfree = true; allowUnfreePredicate = pkg: true; allowBroken = false; diff --git a/home/pkgs.nix b/home/pkgs.nix index 0facf12..8fd23e8 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -1,5 +1,6 @@ { pkgs }: -with pkgs; [ +with pkgs; +[ anki aqbanking aria2 @@ -105,7 +106,10 @@ with pkgs; [ prusa-slicer pv pwgen - (python3.withPackages (pkgs: [pkgs.pandas pkgs.requests])) + (python3.withPackages (pkgs: [ + pkgs.pandas + pkgs.requests + ])) ranger reptyr ripgrep diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 1d7dde7..3369943 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -1,5 +1,4 @@ { self, nixpkgs, ... }: -(nixpkgs.lib.mapAttrs' - (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) - self.nixosConfigurations -) +(nixpkgs.lib.mapAttrs' ( + name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel +) self.nixosConfigurations) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index c8ab058..ba00c29 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,7 +1,8 @@ -{ config -, modulesPath -, pkgs -, ... +{ + config, + modulesPath, + pkgs, + ... }: { imports = [ @@ -30,7 +31,10 @@ fileSystems."/swap" = { device = "/dev/sda1"; fsType = "btrfs"; - options = [ "subvol=/root/swap" "noatime" ]; + options = [ + "subvol=/root/swap" + "noatime" + ]; }; #swapDevices = [{ @@ -49,7 +53,14 @@ networking.hostName = "agares"; networking.domain = "bs.dadada.li"; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "ehci_pci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; # Use the GRUB 2 boot loader. diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index 7e52d8b..fe2843f 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -66,7 +66,10 @@ ]; stub-zone = let - stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; }; + stubZone = name: addrs: { + name = "${name}"; + stub-addr = addrs; + }; in [ #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index af15e05..6d86d22 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -10,7 +10,10 @@ in enable = true; links = { "10-persistent" = { - matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network] + matchConfig.OriginalName = [ + "enp1s0" + "enp2s0" + ]; # takes search domains from the [Network] linkConfig.MACAddressPolicy = "persistent"; }; }; @@ -49,19 +52,21 @@ in PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; ListenPort = 51234; }; - wireguardPeers = [{ - wireguardPeerConfig = - let - peerAddresses = i: [ - "${ipv4Prefix}.120.${i}/32" - "${ulaPrefix}:120::${i}/128" - ]; - in - { - PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - AllowedIPs = peerAddresses "3"; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = + let + peerAddresses = i: [ + "${ipv4Prefix}.120.${i}/32" + "${ulaPrefix}:120::${i}/128" + ]; + in + { + PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + AllowedIPs = peerAddresses "3"; + }; + } + ]; }; "20-wg0" = { netdevConfig = { @@ -137,7 +142,10 @@ in "10-mgmt" = lib.mkMerge [ (subnet "enp1s0" "100") { - networkConfig.VLAN = [ "lan.10" "ff.11" ]; + networkConfig.VLAN = [ + "lan.10" + "ff.11" + ]; dhcpServerStaticLeases = [ { # legion @@ -158,13 +166,24 @@ in ]; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; + address = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Destination = "10.3.3.1/24"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } + { + routeConfig = { + Destination = "10.3.3.1/24"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:121::1/64"; + }; + } ]; }; "30-lan" = subnet "lan.10" "101" // { @@ -266,10 +285,14 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; + routeConfig = { + Destination = "${ipv4Prefix}.120.1/24"; + }; } { - routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; + routeConfig = { + Destination = "${ulaPrefix}::120:1/64"; + }; } ]; }; diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix index dc26e46..ffa5bc4 100644 --- a/nixos/agares/ppp.nix +++ b/nixos/agares/ppp.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let secretsPath = config.dadada.secrets.path; in diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 13b861a..9c8b8e3 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let xilinxJtag = pkgs.writeTextFile { @@ -104,13 +105,18 @@ in passwordFile = config.age.secrets.paperless.path; }; - systemd.tmpfiles.rules = let cfg = config.services.paperless; in [ - (if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; age.secrets.paperless = { file = "${config.dadada.secrets.path}/paperless.age"; @@ -130,12 +136,14 @@ in ]; }; - hardware.printers.ensurePrinters = [{ - name = "Brother_HL-L2300D"; - model = "everywhere"; - location = "BS"; - deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - }]; + hardware.printers.ensurePrinters = [ + { + name = "Brother_HL-L2300D"; + model = "everywhere"; + location = "BS"; + deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + } + ]; environment.systemPackages = with pkgs; [ android-studio @@ -175,7 +183,7 @@ in saleaeLogic keychron pkgs.libsigrok - ]; #noMtpUdevRules ]; + ]; # noMtpUdevRules ]; virtualisation.libvirtd.enable = true; @@ -187,7 +195,20 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ]; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "adbusers" + "kvm" + "video" + "scanner" + "lp" + "docker" + "dialout" + "wireshark" + "paperless" + ]; shell = "/run/current-system/sw/bin/zsh"; }; }; diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index 4155fae..30d7447 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -1,17 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "ehci_pci" + "xhci_pci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 873832d..07323da 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -1,11 +1,16 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.admin; - extraGroups = [ "wheel" "libvirtd" ]; + extraGroups = [ + "wheel" + "libvirtd" + ]; shells = { "bash" = pkgs.bashInteractive; @@ -16,22 +21,32 @@ with lib; let shellNames = builtins.attrNames shells; adminOpts = - { name - , config - , ... - }: { + { + name, + config, + ... + }: + { options = { keys = mkOption { type = types.listOf types.str; default = [ ]; - apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; + apply = + x: + assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); + x; description = '' The keys that should be able to access the account. ''; }; shell = mkOption { type = types.nullOr types.str; - apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; + apply = + x: + assert ( + builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}" + ); + x; default = "zsh"; defaultText = literalExpression "zsh"; example = literalExpression "bash"; @@ -81,15 +96,12 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - users.users = - mapAttrs - (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; - isNormalUser = true; - openssh.authorizedKeys.keys = keys.keys; - }) - cfg.users; + users.users = mapAttrs (user: keys: { + shell = shells."${keys.shell}"; + extraGroups = extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + }) cfg.users; nix.settings.trusted-users = builtins.attrNames cfg.users; @@ -103,7 +115,7 @@ in services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [{ port = 22; }]; + map = [ { port = 22; } ]; }; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 0ec680f..095fd35 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let backupExcludes = [ "/backup" "/dev" diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index c1aceeb..594f356 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -1,6 +1,11 @@ { config, lib, ... }: let - inherit (lib) mkEnableOption mkIf mkOption types; + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; cfg = config.dadada.borgServer; in { @@ -20,31 +25,41 @@ in services.borgbackup.repos = { "metis" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" + ]; path = "${cfg.path}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" + ]; path = "${cfg.path}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" + ]; path = "${cfg.path}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" + ]; path = "${cfg.path}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" + ]; path = "${cfg.path}/wohnzimmerpi"; quota = "50G"; }; diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index af7d725..594be6d 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -1,52 +1,70 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.ddns; - ddnsConfig = { domains, credentialsPath, interface }: { - systemd.timers = listToAttrs (forEach domains (domain: - nameValuePair "ddns-${domain}" - { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${domain}.service" ]; - timerConfig.OnCalendar = "hourly"; - })); + ddnsConfig = + { + domains, + credentialsPath, + interface, + }: + { + systemd.timers = listToAttrs ( + forEach domains ( + domain: + nameValuePair "ddns-${domain}" { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${domain}.service" ]; + timerConfig.OnCalendar = "hourly"; + } + ) + ); - systemd.services = listToAttrs (forEach domains (domain: - nameValuePair "ddns-${domain}" - { - serviceConfig = { - Type = "oneshot"; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - PrivateMounts = true; - PrivateIPC = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - BindReadOnlyPaths = [ credentialsPath ]; - NoNewPrivileges = true; - CapabilitBoundingSet = [ ]; - }; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } + systemd.services = listToAttrs ( + forEach domains ( + domain: + nameValuePair "ddns-${domain}" { + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + PrivateMounts = true; + PrivateIPC = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + BindReadOnlyPaths = [ credentialsPath ]; + NoNewPrivileges = true; + CapabilitBoundingSet = [ ]; + }; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } - IFS=':' - read -r user password < ${credentialsPath} - unset IFS + IFS=':' + read -r user password < ${credentialsPath} + unset IFS - curl_url=$(url "$user" "$password" ${domain}) + curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true - ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} - ''; - })); - }; + ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${ + if interface == null then "" else "--interface ${interface}" + } || true + ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${ + if interface == null then "" else "--interface ${interface}" + } + ''; + } + ) + ); + }; in { options = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index d0554cc..fa94c8c 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,8 +1,16 @@ { lib, ... }: -with lib; let - modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))) - (builtins.readDir dir); - modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) - (modules' dir); +with lib; +let + modules' = + dir: + filterAttrs ( + name: type: + (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))) + ) (builtins.readDir dir); + modules = + dir: + mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( + modules' dir + ); in (modules ./.) diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix index 2a45da1..2fcefec 100644 --- a/nixos/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let cfg = config.dadada.element; diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix index 5b6a0f2..a3a72ba 100644 --- a/nixos/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,8 +1,10 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 259815a..783bf6f 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let cfg = config.dadada.forgejo; diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix index 585a5dd..877be07 100644 --- a/nixos/modules/headphones.nix +++ b/nixos/modules/headphones.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.headphones; in { diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index b04c3b2..193e71e 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,11 +1,13 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: let cfg = config.dadada.homepage; in -with lib; { +with lib; +{ options.dadada.homepage = { enable = mkEnableOption "Enable home page"; package = mkOption { diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix index 4db219c..9d18883 100644 --- a/nixos/modules/inputs.nix +++ b/nixos/modules/inputs.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: let cfg = config.dadada.inputs; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index a5ad0eb..d333804 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -21,6 +21,8 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; + age.secrets."${config.networking.hostName}-backup-passphrase".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = + "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index bc08040..b681d72 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -27,7 +32,7 @@ in nix.package = pkgs.lix; - nix.settings.substituters = [ https://cache.nixos.org/ ]; + nix.settings.substituters = [ "https://cache.nixos.org/" ]; nix.settings.trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" @@ -56,7 +61,10 @@ in services.resolved = { enable = mkDefault true; - fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; + fallbackDns = [ + "9.9.9.9#dns.quad9.net" + "2620:fe::fe:11#dns11.quad9.net" + ]; }; programs.zsh.enable = mkDefault true; @@ -64,4 +72,3 @@ in # Avoid some bots services.openssh.ports = [ 2222 ]; } - diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index ba131e1..de57714 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -21,14 +21,13 @@ in hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; - authorizedKeys = with lib; - concatLists (mapAttrsToList - (name: user: - if elem "wheel" user.extraGroups then - user.openssh.authorizedKeys.keys - else - [ ]) - config.users.users); + authorizedKeys = + with lib; + concatLists ( + mapAttrsToList ( + name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] + ) config.users.users + ); }; postCommands = '' echo 'cryptsetup-askpass' >> /root/.profile @@ -36,7 +35,9 @@ in }; assertions = lib.singleton { - assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + assertion = + (config.boot.initrd.network.ssh.hostKeys != [ ]) + -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index bdba617..d9f0bde 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,12 +1,14 @@ -{ config -, lib -, ... +{ + config, + lib, + ... }: let inputs = config.dadada.inputs; secretsPath = config.dadada.secrets.path; in -with lib; { +with lib; +{ imports = [ ./backup.nix ./base.nix @@ -53,5 +55,6 @@ with lib; { passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 1aeab43..724655f 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; { +with lib; +{ imports = [ ./backup.nix ./base.nix @@ -16,7 +18,9 @@ with lib; { documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }); + services.btrfs.autoScrub.enable = mkDefault ( + (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { } + ); services.journald.extraConfig = '' SystemKeepFree = 2G diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix index 3042265..486bf29 100644 --- a/nixos/modules/profiles/upgrade-pg-cluster.nix +++ b/nixos/modules/profiles/upgrade-pg-cluster.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { environment.systemPackages = lib.mkIf config.services.postgresql.enable [ ( diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix index a4e5f9c..7c7410b 100644 --- a/nixos/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.share; in { diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index 82944eb..b6b0846 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.steam; in { diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index 6c0513f..ee2298e 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,28 +1,32 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.vpnServer; - wgPeer = { name, ... }: { - options = { - name = mkOption { - internal = true; - default = name; - }; - id = mkOption { - description = "VPN client id"; - default = 0; - type = types.str; - }; - key = mkOption { - description = "VPN client public key"; - default = ""; - type = types.str; + wgPeer = + { name, ... }: + { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; + }; }; }; - }; in { options.dadada.vpnServer = { @@ -41,13 +45,10 @@ in privateKeyFile = "/var/lib/wireguard/wg0-key"; ips = [ "fd42:9c3b:f96d:0201::0/64" ]; listenPort = 51234; - peers = - map - (peer: { - allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; - publicKey = peer.key; - }) - (attrValues cfg.peers); + peers = map (peer: { + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; + publicKey = peer.key; + }) (attrValues cfg.peers); postSetup = '' wg set wg0 fwmark 51234 ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index e3d8f48..6ff0106 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.dadada.weechat; in { diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 77f4394..4be4492 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let yubikey = config.dadada.yubikey; in { diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 15c8a24..d4eed97 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let hostAliases = [ "ifrit.dadada.li" @@ -37,7 +42,10 @@ in }; }; - services.openssh.ports = [ 22 2222 ]; + services.openssh.ports = [ + 22 + 2222 + ]; dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -59,7 +67,9 @@ in boot.loader.efi.canTouchEfiVariables = true; assertions = lib.singleton { - assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; + assertion = + (config.boot.initrd.network.ssh.hostKeys != [ ]) + -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; @@ -183,7 +193,12 @@ in { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; maxJobs = 16; } ]; @@ -277,26 +292,48 @@ in }; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ]; + address = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Destination = "10.3.3.1/24"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } + { + routeConfig = { + Destination = "10.3.3.1/24"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:121::1/64"; + }; + } ]; }; "30-uwu" = { matchConfig.Name = "uwu"; - address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; + address = [ + "10.11.0.39/24" + "fc00:1337:dead:beef::10.11.0.39/128" + ]; dns = [ "10.11.0.1%uwu#uwu" ]; domains = [ "uwu" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { routeConfig = { Destination = "10.11.0.0/22"; }; } - { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } + { + routeConfig = { + Destination = "10.11.0.0/22"; + }; + } + { + routeConfig = { + Destination = "fc00:1337:dead:beef::10.11.0.0/118"; + }; + } ]; }; "20-br0" = { @@ -337,7 +374,10 @@ in { wireguardPeerConfig = { PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; + AllowedIPs = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; PersistentKeepalive = 25; Endpoint = "surgat.dadada.li:51235"; }; @@ -345,7 +385,10 @@ in { wireguardPeerConfig = { PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; + AllowedIPs = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; Endpoint = "192.168.101.1:51235"; }; } @@ -359,15 +402,21 @@ in wireguardConfig = { PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; }; - wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ + "10.11.0.0/22" + "fc00:1337:dead:beef::10.11.0.0/118" + "192.168.178.0/23" + ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; + }; + } + ]; }; }; }; diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index 8de34e8..cd6b64b 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -1,89 +1,115 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "igc" + "xhci_pci" + "thunderbolt" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "compress=zstd" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; - fileSystems."/swap" = + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=swap" + "noatime" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "noatime" + "compress=zstd" + ]; + }; + + fileSystems."/var" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=var" + "compress=zstd" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + ]; + }; + + fileSystems."/root" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2E20-49CB"; + fsType = "vfat"; + }; + + swapDevices = [ { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=swap" "noatime" ]; - }; + device = "/swap/swapfile"; + size = 32 * 1024; # 32 GByte + } + ]; - fileSystems."/nix" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=nix" "noatime" "compress=zstd" ]; - }; + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; - fileSystems."/var" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=var" "compress=zstd" ]; - }; - - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" ]; - }; - - fileSystems."/root" = - { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/2E20-49CB"; - fsType = "vfat"; - }; - - swapDevices = [{ - device = "/swap/swapfile"; - size = 32 * 1024; # 32 GByte - }]; - - - fileSystems."/mnt/storage" = - { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" ]; - }; - - - fileSystems."/mnt/storage/backups" = - { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ "subvol=backups" "noatime" ]; - }; + fileSystems."/mnt/storage/backups" = { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ + "subvol=backups" + "noatime" + ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index f2c7ba2..5cd9596 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,6 +1,7 @@ -{ config -, pkgs -, ... +{ + config, + pkgs, + ... }: let hostName = "surgat"; @@ -85,14 +86,29 @@ in }; "10-ninurta" = { matchConfig.Name = "ninurta"; - address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; + address = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = "no"; routes = [ - { routeConfig = { Destination = "10.3.3.3/24"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; } - { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; } + { + routeConfig = { + Destination = "10.3.3.3/24"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:121::/64"; + }; + } + { + routeConfig = { + Destination = "fd42:9c3b:f96d:101::/64"; + }; + } ]; }; }; @@ -106,12 +122,18 @@ in PrivateKeyFile = "/var/lib/wireguard/hydra"; ListenPort = 51235; }; - wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ]; - }; - }]; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" + ]; + }; + } + ]; }; }; }; @@ -143,7 +165,10 @@ in services.resolved = { enable = true; - fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; + fallbackDns = [ + "9.9.9.9" + "2620:fe::fe" + ]; }; system.autoUpgrade.allowReboot = false; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix index 71b7257..8476779 100644 --- a/nixos/surgat/hardware-configuration.nix +++ b/nixos/surgat/hardware-configuration.nix @@ -1,17 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "virtio_pci" + "xhci_pci" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/outputs.nix b/outputs.nix index d588f6e..aea7953 100644 --- a/outputs.nix +++ b/outputs.nix @@ -26,7 +26,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = pkgs.nixpkgs-fmt; + formatter = pkgs.nixfmt-tree; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; diff --git a/overlays.nix b/overlays.nix index 2c63c08..ffcd441 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1,2 +1 @@ -{ -} +{ } diff --git a/pkgs/default.nix b/pkgs/default.nix index c78fe50..9fce6e9 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,2 +1 @@ -{ pkgs }: -{ } +{ pkgs }: { } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 946d855..1da186e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,30 +9,82 @@ let surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; }; backupSecrets = hostName: { - "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ]; - "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ]; + "${hostName}-backup-passphrase.age".publicKeys = [ + systems.${hostName} + dadada + ]; + "${hostName}-backup-ssh-key.age".publicKeys = [ + systems.${hostName} + dadada + ]; }; in { - "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ]; - "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ]; - "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ]; - "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ]; - "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; - "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; - "paperless.age".publicKeys = [ systems.gorgon dadada ]; - "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; - "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; - "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; - "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; - "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ]; - "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ]; - "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ]; - "agares-wg0-key.age".publicKeys = [ systems.agares dadada ]; -} // -backupSecrets "ninurta" // -backupSecrets "gorgon" // -backupSecrets "ifrit" // -backupSecrets "pruflas" // -backupSecrets "surgat" // -backupSecrets "agares" + "pruflas-wg0-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "pruflas-wg0-preshared-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "pruflas-wg-hydra-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "hydra-github-authorization.age".publicKeys = [ + systems.ninurta + dadada + ]; + "miniflux-admin-credentials.age".publicKeys = [ + systems.surgat + dadada + ]; + "gorgon-backup-passphrase-gs.age".publicKeys = [ + systems.gorgon + dadada + ]; + "paperless.age".publicKeys = [ + systems.gorgon + dadada + ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ + systems.surgat + dadada + ]; + "surgat-ssh_host_ed25519_key.age".publicKeys = [ + systems.surgat + dadada + ]; + "ninurta-initrd-ssh-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "ddns-credentials.age".publicKeys = [ + systems.agares + systems.ninurta + dadada + ]; + "etc-ppp-chap-secrets.age".publicKeys = [ + systems.agares + dadada + ]; + "etc-ppp-telekom-secret.age".publicKeys = [ + systems.agares + dadada + ]; + "wg-privkey-vpn-dadada-li.age".publicKeys = [ + systems.agares + dadada + ]; + "agares-wg0-key.age".publicKeys = [ + systems.agares + dadada + ]; +} +// backupSecrets "ninurta" +// backupSecrets "gorgon" +// backupSecrets "ifrit" +// backupSecrets "pruflas" +// backupSecrets "surgat" +// backupSecrets "agares" From 56af1ef2219d7033c33760c48c133f1c52bc1d87 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 8 Jun 2025 15:37:30 +0200 Subject: [PATCH 942/988] chore: update dependencies --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 41a9b46..0aba46f 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1748955489, - "narHash": "sha256-OmZXyW2g5qIuo5Te74McwR0TwauCO2sF3/SjGDVuxyg=", + "lastModified": 1749358668, + "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb846c031be68a96466b683be32704ef6e07b159", + "rev": "06451df423dd5e555f39857438ffc16c5b765862", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1748942041, - "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1749143949, + "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1748942227, - "narHash": "sha256-U1oNpFoDO7QaO4iHsue7atK/5mJy7U1Y37mLU/SRk0o=", + "lastModified": 1749289455, + "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ab490624e297ff96f52858bb32b504516b8bb61", + "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80", "type": "github" }, "original": { @@ -293,11 +293,11 @@ ] }, "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", "type": "github" }, "original": { From 1c96f0b762ee7debf4496075bcf12b9e062667e5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 23 Jun 2025 13:13:28 +0200 Subject: [PATCH 943/988] feat(home): add thunderbird --- home/pkgs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/pkgs.nix b/home/pkgs.nix index 8fd23e8..1a073ce 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -130,6 +130,7 @@ with pkgs; taplo tcpdump tdesktop + thunderbird tmux ttyd unzip From 60a71a78055598560815879b247f2454f6d5c856 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 23 Jun 2025 13:15:02 +0200 Subject: [PATCH 944/988] chore(flake.lock): Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1' (2025-05-18) → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf' (2025-06-17) • Updated input 'home-manager': 'github:nix-community/home-manager/06451df423dd5e555f39857438ffc16c5b765862' (2025-06-08) → 'github:nix-community/home-manager/4c9e99e8e8e36bcdfa9cdb102e45e4dc95aa5c5b' (2025-06-23) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/4602f7e1d3f197b3cb540d5accf5669121629628' (2025-06-06) → 'github:NixOS/nixos-hardware/1552a9f4513f3f0ceedcf90320e48d3d47165712' (2025-06-20) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d3d2d80a2191a73d1e86456a751b83aa13085d7d' (2025-06-05) → 'github:NixOS/nixpkgs/4206c4cb56751df534751b058295ea61357bbbaa' (2025-06-21) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/6dbd508802ef3f74cf792a25b653861ed8360a80' (2025-06-07) → 'github:NixOS/nixpkgs/3233bc422b7c868fe5c853e82888d5dbbbd9f0c6' (2025-06-23) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 0aba46f..db709a1 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1749358668, - "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=", + "lastModified": 1750654717, + "narHash": "sha256-YXlhTUGaLAY1rSosaRXO5RSGriEyF9BGdLkpKV+9jyI=", "owner": "nix-community", "repo": "home-manager", - "rev": "06451df423dd5e555f39857438ffc16c5b765862", + "rev": "4c9e99e8e8e36bcdfa9cdb102e45e4dc95aa5c5b", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1749289455, - "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=", + "lastModified": 1750666157, + "narHash": "sha256-5xSV9MLO0pqsaoGEDx2um0gvEZhMg0uIsR68NrQbiY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80", + "rev": "3233bc422b7c868fe5c853e82888d5dbbbd9f0c6", "type": "github" }, "original": { From b8bab96d1407bffd024b3852361fb8233436a5e1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 13:53:31 +0200 Subject: [PATCH 945/988] feat(gorgon): enable zram swap --- nixos/gorgon/configuration.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9c8b8e3..d73c803 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -70,11 +70,10 @@ in }; }; }; - kernel.sysctl = { - "vm.swappiness" = 90; - }; }; + zramSwap.enable = true; + networking.hostName = "gorgon"; dadada = { From 205358ae772d18fa0fc846d2b320c45cd020f75d Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 13:59:46 +0200 Subject: [PATCH 946/988] chore(flake): update --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index db709a1..61ac08a 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1750654717, - "narHash": "sha256-YXlhTUGaLAY1rSosaRXO5RSGriEyF9BGdLkpKV+9jyI=", + "lastModified": 1750730235, + "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", "owner": "nix-community", "repo": "home-manager", - "rev": "4c9e99e8e8e36bcdfa9cdb102e45e4dc95aa5c5b", + "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750666157, - "narHash": "sha256-5xSV9MLO0pqsaoGEDx2um0gvEZhMg0uIsR68NrQbiY8=", + "lastModified": 1750752886, + "narHash": "sha256-pP1ZBxEo44HbLDyXVPPK8BQO882eGKpW9zzXliGFA/8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3233bc422b7c868fe5c853e82888d5dbbbd9f0c6", + "rev": "83685a4ccd44d2d4c09f2e5f7773d2f3f2156121", "type": "github" }, "original": { From e1b800140719978f54c91298eb4d3799c32d388f Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 14:45:47 +0200 Subject: [PATCH 947/988] fix: replace redundant home-manager input --- flake.lock | 27 ++++----------------------- flake.nix | 1 + 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index 61ac08a..71cdaaa 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,9 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": "home-manager", + "home-manager": [ + "home-manager" + ], "nixpkgs": [ "nixpkgs" ], @@ -102,27 +104,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -246,7 +227,7 @@ "devshell": "devshell", "flake-registry": "flake-registry", "flake-utils": "flake-utils", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "homepage": "homepage", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 0cc4b5c..6ccece0 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; }; devshell = { url = "github:numtide/devshell"; From 89b763e9f8d43a412935c11a8dfc4a839e5f684e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 14:46:01 +0200 Subject: [PATCH 948/988] fix(home): replace broken http-prompt --- home/pkgs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/pkgs.nix b/home/pkgs.nix index 1a073ce..7a707e1 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -48,7 +48,6 @@ with pkgs; h # Manage git repos hexyl # hex viewer htop - http-prompt httpie hub hyperfine # A command-line benchmarking tool. From c53d67a7881eca1a92bffae2f0a590e3c28933d0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 15:10:32 +0200 Subject: [PATCH 949/988] fix(gorgon): comment out failing ensurePrinters --- nixos/gorgon/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d73c803..0f14aa9 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -135,14 +135,14 @@ in ]; }; - hardware.printers.ensurePrinters = [ - { - name = "Brother_HL-L2300D"; - model = "everywhere"; - location = "BS"; - deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - } - ]; + #hardware.printers.ensurePrinters = [ + # { + # name = "Brother_HL-L2300D"; + # model = "everywhere"; + # location = "BS"; + # deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + # } + #]; environment.systemPackages = with pkgs; [ android-studio From f23cbdf69c549fed78850d865c603f3f7c37a279 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Tue, 24 Jun 2025 19:04:13 +0200 Subject: [PATCH 950/988] fix(flake): update inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 71cdaaa..2614b93 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1750730235, - "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", + "lastModified": 1750781171, + "narHash": "sha256-39oPt8TJZmt3bNEKBcwB+QuasiavRDwM5jkw6UkRb98=", "owner": "nix-community", "repo": "home-manager", - "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", + "rev": "a4bac2b9ba2f9bd68032880da8ae6b44fbc46047", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750752886, - "narHash": "sha256-pP1ZBxEo44HbLDyXVPPK8BQO882eGKpW9zzXliGFA/8=", + "lastModified": 1750776346, + "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "83685a4ccd44d2d4c09f2e5f7773d2f3f2156121", + "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", "type": "github" }, "original": { From a414e85e51b52e4c44fc398b07d75c8216eb8213 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 12 Jul 2025 09:56:07 +0200 Subject: [PATCH 951/988] feat: add driver package for ticket printer --- nixos/gorgon/configuration.nix | 1 + nixos/ninurta/printing.nix | 7 +++- pkgs/citizen-cups.nix | 70 ++++++++++++++++++++++++++++++++++ pkgs/default.nix | 4 +- 4 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 pkgs/citizen-cups.nix diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 0f14aa9..d34d0e7 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -128,6 +128,7 @@ in enable = true; browsing = true; drivers = with pkgs; [ + config.dadada.pkgs.citizen-cups hplip brlaser brgenml1lpr diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix index e22c989..c1d2aa8 100644 --- a/nixos/ninurta/printing.nix +++ b/nixos/ninurta/printing.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ cfg, pkgs, ... }: { hardware = { printers = { @@ -29,7 +29,10 @@ services.printing = { enable = true; - drivers = [ pkgs.brlaser ]; + drivers = [ + pkgs.brlaser + pkgs.gutenprint + ]; # Remove all state at the start of the service stateless = true; listenAddresses = [ "192.168.101.29:631" ]; diff --git a/pkgs/citizen-cups.nix b/pkgs/citizen-cups.nix new file mode 100644 index 0000000..9a63bdd --- /dev/null +++ b/pkgs/citizen-cups.nix @@ -0,0 +1,70 @@ +{ + cups, + fetchzip, + lib, + stdenv, + rpm, +}: + +let + version = "1.2.8"; +in +stdenv.mkDerivation { + inherit version; + name = "citizen-cups"; + pname = "citizen-cups"; + + src = fetchzip { + url = "https://www.citizen-systems.com/resource/support/POS/Generic_Printer_Files/CUPS_Linux_Driver/CUPS_Linux_Driver.zip"; + hash = "sha256-2ha24/7oS/rINKmYxyVryX66kkc6niCChxhw/2KOPSw="; + }; + + nativeBuildInputs = [ + rpm + ]; + + buildInputs = [ + cups + ]; + + postUnpack = '' + pushd source + ls -la + rpm2archive ctzpos-cups-1.2.8-0.src.rpm + tar xvf ctzpos-cups-1.2.8-0.src.rpm.tgz + tar xvf ctzpos-cups-1.2.8.tar.bz2 + popd + ''; + + buildPhase = '' + runHook preBuild + pushd "ctzpos-cups-${version}"; + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocbm1k rastertocbm1k.c -lcupsimage -lcups + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocds500 rastertocds500.c -lcupsimage -lcups + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocts2kl rastertocts2kl.c -lcupsimage -lcups + popd + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/cups/filter + install -D -m 755 ./ctzpos-cups-${version}/rastertocbm1k $out/lib/cups/filter/rastertocbm1k + install -D -m 755 ./ctzpos-cups-${version}/rastertocds500 $out/lib/cups/filter/rastertocds500 + install -D -m 755 ./ctzpos-cups-${version}/rastertocts2kl $out/lib/cups/filter/rastertocts2kl + + mkdir -p $out/share/cups/model/citizen + install -D -m 644 ./ctzpos-cups-${version}/*.ppd $out/share/cups/model/citizen + + runHook postInstall + ''; + + meta = with lib; { + description = "Citizen CUPS drivers and filters"; + homepage = "https://www.citizen-systems.com"; + #license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ dadada ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 9fce6e9..9cd9053 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1 +1,3 @@ -{ pkgs }: { } +{ pkgs }: { + citizen-cups = pkgs.callPackage ./citizen-cups.nix {}; +} From 1f9c599c405446eb372c05ee59109cf1113c7fd6 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 12 Jul 2025 09:57:38 +0200 Subject: [PATCH 952/988] chore: Update flake.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/a4bac2b9ba2f9bd68032880da8ae6b44fbc46047' (2025-06-24) → 'github:nix-community/home-manager/392ddb642abec771d63688c49fa7bcbb9d2a5717' (2025-07-12) • Updated input 'nixos-generators': 'github:nix-community/nixos-generators/ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc' (2025-05-19) → 'github:nix-community/nixos-generators/032decf9db65efed428afd2fa39d80f7089085eb' (2025-07-07) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/1552a9f4513f3f0ceedcf90320e48d3d47165712' (2025-06-20) → 'github:NixOS/nixos-hardware/7ced9122cff2163c6a0212b8d1ec8c33a1660806' (2025-07-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4206c4cb56751df534751b058295ea61357bbbaa' (2025-06-21) → 'github:NixOS/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0' (2025-07-08) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/4396a137499b6cc9f9fe9f3c266577bd52d455a4' (2025-06-24) → 'github:NixOS/nixpkgs/d3807bc34e7d086b4754e1c842505570e23f9d01' (2025-07-12) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/a05be418a1af1198ca0f63facb13c985db4cb3c5' (2025-06-06) → 'github:numtide/treefmt-nix/c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9' (2025-07-09) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2614b93..a2f410e 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1750781171, - "narHash": "sha256-39oPt8TJZmt3bNEKBcwB+QuasiavRDwM5jkw6UkRb98=", + "lastModified": 1752286566, + "narHash": "sha256-A4nftqiNz2bNihz0bKY94Hq/6ydR6UQOcGioeL7iymY=", "owner": "nix-community", "repo": "home-manager", - "rev": "a4bac2b9ba2f9bd68032880da8ae6b44fbc46047", + "rev": "392ddb642abec771d63688c49fa7bcbb9d2a5717", "type": "github" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -191,11 +191,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750776346, - "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", + "lastModified": 1752298176, + "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", + "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", "type": "github" }, "original": { @@ -274,11 +274,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { From 0e9b76da4831dcc7ad23f2c93b39a91727ea74f0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Jul 2025 20:36:26 +0200 Subject: [PATCH 953/988] fix: some deprecations --- home/modules/zsh.nix | 2 +- nixos/configurations.nix | 37 +++- nixos/modules/profiles/base.nix | 4 +- nixos/modules/profiles/laptop.nix | 2 +- nixos/stolas/default.nix | 297 ++++++++++++++++++++++++++++++ 5 files changed, 335 insertions(+), 7 deletions(-) create mode 100644 nixos/stolas/default.nix diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 96364ff..7a0cd6c 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -34,7 +34,7 @@ in }; plugins = [ ]; - initExtra = '' + initContent = '' source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh source ${pkgs.fzf}/share/fzf/key-bindings.zsh source ${pkgs.fzf}/share/fzf/completion.zsh diff --git a/nixos/configurations.nix b/nixos/configurations.nix index adacb51..14780f1 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -31,6 +31,39 @@ let }; in { + stolas = + let + system = "x86_64-linux"; + in + nixosSystem { + inherit nixpkgs system; + + extraModules = [ + # TODO lanzaboote.nixosModules.lanzaboote + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + dadada.pkgs = self.packages.${system}; + dadada.inputs = inputs // { + dadada = self; + }; + } + nixos-hardware.nixosModules.framework-amd-ai-300-series + home-manager.nixosModules.home-manager + ( + { pkgs, ... }: + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ + { dadada.home.helix.package = pkgs.helix; } + ]; + home-manager.users.dadada = import ../home; + } + ) + ./stolas + ]; + }; + gorgon = let system = "x86_64-linux"; @@ -46,12 +79,10 @@ in dadada = self; }; } - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager ( - { pkgs, lib, ... }: + { pkgs, ... }: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index b681d72..0976788 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -13,8 +13,8 @@ in ./upgrade-pg-cluster.nix ]; - boot.tmp.useTmpfs = true; - boot.tmp.tmpfsSize = "50%"; + boot.tmp.useTmpfs = lib.mkDefault true; + boot.tmp.tmpfsSize = lib.mkDefault "50%"; i18n.defaultLocale = mkDefault "en_US.UTF-8"; console = mkDefault { diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index d9f0bde..8e0b52f 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -48,7 +48,7 @@ with lib; alsa.support32Bit = true; pulse.enable = true; }; - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; dadada.backupClient.gs = { enable = true; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix new file mode 100644 index 0000000..e526eff --- /dev/null +++ b/nixos/stolas/default.nix @@ -0,0 +1,297 @@ +{ config, lib, pkgs, ... }: +{ + + imports = [ + ../modules/profiles/laptop.nix + ]; + + ### TODO double check with generated hw-config + + boot = { + # TODO lanzaboote = { + # enable = true; + # pkiBundle = "/var/lib/sbctl"; + #}; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + initrd = { + availableKernelModules = [ + "nvme" + "ehci_pci" + "xhci_pci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + # TODO disable for lanzaboote + systemd.enable = true; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + #boot.loader.systemd-boot.enable = lib.mkForce false; + luks.devices = { + root = { + # TODO + device = "/dev/disk/by-uuid/todo"; + allowDiscards = true; + # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL + #crypttabExtraOpts = [ "fido2-device=auto" ]; + }; + }; + }; + }; + + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; + + # TODO compare with nixos-generate-config --show-hardware-config + fileSystems = { + "/boot" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "vfat"; + }; + + "/" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + "/home" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + options = [ + "compress=zstd" + "subvol=home" + ]; + }; + + "/home/dadada" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + options = [ + "compress=zstd" + "subvol=home/dadada" + ]; + }; + + "/nix" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "noatime" + "compress=zstd" + "subvol=nix" + ]; + }; + + "/nix/var/nix/builds" = { + device = "none"; + fsType = "tmpfs"; + options = [ + # Max 80% of available RAM + "size=80%" + # Only owner (nix daemon may write) + "mode=755" + ]; + }; + + "/root" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=root" + ]; + }; + + "/var" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=var" + ]; + }; + + "/var/lib/paperless" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "compress=zstd" + "subvol=var/lib/paperless" + ]; + }; + + "/var/swap" = { + # TODO + device = "/dev/disk/by-uuid/todo"; + fsType = "btrfs"; + options = [ + "noatime" + "subvol=swap" + ]; + }; + + # NOTE: /tmp is tmpfs because of config in base.nix + }; + + # TODO btrfs filesystem mkswapfile --uuid clear /var/swap/swapfile + # swapDevices = [{ + # device = "/var/swap/swapfile"; + # size = 80*1024; # Creates an 80GB swap file + # }]; + + hardware = { + # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features + bluetooth.enable = true; + framework.laptop13.audioEnhancement.enable = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; + }; + + powerManagement = { + enable = true; + cpuFreqGovernor = "schedutil"; + # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod? + powerUpCommands = '' + echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold + ''; + }; + + networking = { + hostName = "stolas"; + firewall = { + enable = true; + allowedTCPPorts = [ + 22000 # Syncthing + ]; + allowedUDPPorts = [ + 21027 # Syncthing + ]; + }; + }; + + nix = { + settings.max-jobs = lib.mkDefault 16; + }; + + # TODO dadada.backupClient.backup1.enable = true; + # dadada.backupClient.backup2 = { + # enable = true; + # passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + # sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + # repo = "u355513-subX@u355513-subX.your-storagebox.de:/home/backup"; + # }; + + programs = { + adb.enable = true; + firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + gnupg.agent.enable = true; + ssh.startAgent = true; + wireshark.enable = true; + }; + + services = { + avahi.enable = true; + desktopManager.plasma6.enable = true; + displayManager = { + sddm.enable = true; + sddm.wayland.enable = true; + }; + gnome.gnome-keyring.enable = lib.mkForce false; + smartd.enable = true; + printing = { + enable = true; + browsing = true; + }; + paperless = { + # TODO migrate DB + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + tlp.enable = false; + }; + + system = { + stateVersion = "25.05"; + }; + + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; + + systemd.services = { + modem-manager.enable = lib.mkForce false; + "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + }; + + systemd.sleep.extraConfig = '' + HibernateDelaySec=1h + ''; + + virtualisation.libvirtd.enable = true; + + users = { + users = { + dadada = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "adbusers" + "kvm" + "video" + "scanner" + "lp" + "docker" + "dialout" + "wireshark" + "paperless" + ]; + shell = "/run/current-system/sw/bin/zsh"; + }; + }; + }; + + age.secrets = { + paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + }; + + # Create compressing swap space in RAM + zramSwap.enable = true; +} From 0b08beee355add707010e684267bdf77bc2dc834 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Jul 2025 20:41:06 +0200 Subject: [PATCH 954/988] feat(stolas): set initial hashed password --- nixos/stolas/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index e526eff..56b3bcb 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -264,6 +264,7 @@ users = { users = { dadada = { + initialHashedPassword = "$y$j9T$43qGBeY6hg6AXQmcVkS131$6AeRDOe6XAnmgA/AkJGaSIYTj5dbQLd9vrQ7zSyi5TA"; isNormalUser = true; extraGroups = [ "wheel" From e58a47af3f383f6358309f80aae39b9a8ad86e77 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 13 Jul 2025 21:53:21 +0200 Subject: [PATCH 955/988] feat(stolas): disko for disk setup --- flake.lock | 21 ++++++++ flake.nix | 4 ++ nixos/configurations.nix | 2 + nixos/stolas/default.nix | 110 +-------------------------------------- nixos/stolas/disks.nix | 99 +++++++++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+), 109 deletions(-) create mode 100644 nixos/stolas/disks.nix diff --git a/flake.lock b/flake.lock index a2f410e..4bab678 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,26 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "owner": "nix-community", + "repo": "disko", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -225,6 +245,7 @@ "inputs": { "agenix": "agenix", "devshell": "devshell", + "disko": "disko", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 6ccece0..622f9f0 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,10 @@ inputs = { nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; flake-utils = { url = "github:numtide/flake-utils"; inputs.systems.follows = "systems"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 14780f1..38c38da 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -1,6 +1,7 @@ { self, agenix, + disko, home-manager, homepage, nixos-hardware, @@ -40,6 +41,7 @@ in extraModules = [ # TODO lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; dadada.pkgs = self.packages.${system}; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 56b3bcb..04fd504 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -3,10 +3,9 @@ imports = [ ../modules/profiles/laptop.nix + ./disks.nix ]; - ### TODO double check with generated hw-config - boot = { # TODO lanzaboote = { # enable = true; @@ -47,113 +46,6 @@ pkgs.sbctl ]; - # TODO compare with nixos-generate-config --show-hardware-config - fileSystems = { - "/boot" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "vfat"; - }; - - "/" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - "/home" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - options = [ - "compress=zstd" - "subvol=home" - ]; - }; - - "/home/dadada" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - options = [ - "compress=zstd" - "subvol=home/dadada" - ]; - }; - - "/nix" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "noatime" - "compress=zstd" - "subvol=nix" - ]; - }; - - "/nix/var/nix/builds" = { - device = "none"; - fsType = "tmpfs"; - options = [ - # Max 80% of available RAM - "size=80%" - # Only owner (nix daemon may write) - "mode=755" - ]; - }; - - "/root" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=root" - ]; - }; - - "/var" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=var" - ]; - }; - - "/var/lib/paperless" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "subvol=var/lib/paperless" - ]; - }; - - "/var/swap" = { - # TODO - device = "/dev/disk/by-uuid/todo"; - fsType = "btrfs"; - options = [ - "noatime" - "subvol=swap" - ]; - }; - - # NOTE: /tmp is tmpfs because of config in base.nix - }; - - # TODO btrfs filesystem mkswapfile --uuid clear /var/swap/swapfile - # swapDevices = [{ - # device = "/var/swap/swapfile"; - # size = 80*1024; # Creates an 80GB swap file - # }]; - hardware = { # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix new file mode 100644 index 0000000..6b07f9b --- /dev/null +++ b/nixos/stolas/disks.nix @@ -0,0 +1,99 @@ +{ + disko.devices = { + nodev."/nix/var/nix/builds" = { + fsType = "tmpfs"; + mountOptions = [ + "size=80%" + "defaults" + "mode=755" + ]; + }; + disk = { + main = { + type = "disk"; + device = "/dev/disk/by-uuid/TODO"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + # TODO tmpfs for nix/var/nix/builds + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + allowDiscards = true; + #keyFile = "/tmp/secret.key"; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/dadada" = { + mountpoint = "/home/dadada"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/var" = { + mountpoint = "/var"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/paperless" = { + mountpoint = "/var/lib/paperless"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "64G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} From f602f150ba45a81e336b8773d6d30f57e118e2b4 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 17 Jul 2025 21:38:11 +0200 Subject: [PATCH 956/988] feat(stolas): add backup config --- nixos/modules/borg-server.nix | 8 ++++++++ nixos/stolas/default.nix | 12 +++++------- secrets/secrets.nix | 2 ++ secrets/stolas-backup-passphrase.age | 7 +++++++ secrets/stolas-backup-ssh-key.age | 8 ++++++++ 5 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 secrets/stolas-backup-passphrase.age create mode 100644 secrets/stolas-backup-ssh-key.age diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index 594f356..e498cd1 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -39,6 +39,14 @@ in path = "${cfg.path}/gorgon"; quota = "1T"; }; + "stolas" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC/mVYd3o7oA0dsA58CgkqR40CSfeuU+rikleSrSXFz dadada@gorgon" + ]; + path = "${cfg.path}/stolas"; + quota = "1T"; + }; "surgat" = { allowSubRepos = false; authorizedKeysAppendOnly = [ diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 04fd504..3a370c3 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -85,13 +85,11 @@ settings.max-jobs = lib.mkDefault 16; }; - # TODO dadada.backupClient.backup1.enable = true; - # dadada.backupClient.backup2 = { - # enable = true; - # passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - # sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - # repo = "u355513-subX@u355513-subX.your-storagebox.de:/home/backup"; - # }; + dadada.backupClient.backup1.enable = true; + dadada.backupClient.backup2 = { + enable = true; + repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + }; programs = { adb.enable = true; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1da186e..a3255e1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,6 +7,7 @@ let ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; + stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV1LSH8jeMnXJ/eqhJCebbwxenJmxNoeB6UGrBmRjZk root@stolas"; }; backupSecrets = hostName: { "${hostName}-backup-passphrase.age".publicKeys = [ @@ -88,3 +89,4 @@ in // backupSecrets "pruflas" // backupSecrets "surgat" // backupSecrets "agares" +// backupSecrets "stolas" diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age new file mode 100644 index 0000000..ff9d514 --- /dev/null +++ b/secrets/stolas-backup-passphrase.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 OgKXZA A8XAP2YQw/CnN//rHPM9m9p1A/l4IiWV1Qhc9+RHdxQ +mcpcULPCQUMtoCiTwiAU2AXD5UVrQkF5LxZqCJ3VEMA +-> ssh-ed25519 Otklkw UzdSM3CCvzQ4owHWWmrBfiC6NuBAu0onns6s4nlR9Vs +UQ4TBW/4O5rVi0xpS2lAS6M7zgUcWtGlXeL+i748KYE +--- tqrtKyZVDght0KJQZDSDVdnEL38KZjPA2xZ3LjeKlI0 +ø2Šl£C@‘þô (ãŽNë3‘-igÁaH?ÿ~üF‚‰ýnòÔqÁ¸·Çc ñÉœçî<ûÛ¼ñ#Fš7ÔaB%®–Ž&t·}¢vr_<î \ No newline at end of file diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age new file mode 100644 index 0000000..cb98c8d --- /dev/null +++ b/secrets/stolas-backup-ssh-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 OgKXZA gTx4Ozd2BU13T8GpiBxSCZdjAwJ/zb10xqW62QMTwms +M9y1f/ndVYnujqIDo0rocQEX/8Isg0vn97mQm8K83iE +-> ssh-ed25519 Otklkw 2hyKMpf/Z8wgBowMgxwb77cj9B5b0/a7q4hq3CxWp0M +jFLwfV72isKUdtr5m2n5303KZiJDKTJny9koUOHLLLg +--- GQfIExiJTJEQTnesTVqF3X7AcorV+SH8TQ9uo5xLwso +u`6^—ü |Ÿ&êµQ¢[KPF»ÏA†Æ‡ÑˆU*nŸ55†¶O–Øz›v…傺-C“0’Êr;6ÅJ¸‚²œC={'÷¼@Ôº9öO'b“½Æô#¬Rw-³õÔ(ØŠRäjFÞ[=€ƒuD·3¨¸×vÚ5bW¸xi†zïÍ¢Å={þS; rÖù.ìÎO´ê´è2ÊÖ|˜É«¯ÉjÞtOrñº‰põžþK2à97˜æœÓY/ñŸÈèé?â8¼³‚&·øpÃÕP:g‡Çÿ<ÓÎh¡Þ*iKùRÚ¨¼É«ÛÏS"Aíˆ+÷ +&%ð×9^„QRŠÍÿ]˜„ âsô'–ðD•D‘•ŠB¦ž§·Å^¤›¡ÉÓí;~ÈÎæO[ +ÇÚˆ'[õ¨Ž®œú'kª'îb ßíO_Bž %z”#Åê{ÂÇ6LD«òÛ8é' Ô­Ö³ê‘^ðõ2Y™BL©ZWsó!¿ÓHi±³Xâ–³·¨”rÙ ížZ!ª\•”…jéÙ€Q€ÿÄ‚îÓ \ No newline at end of file From bdeb5584defc07cc483397ccb69d768a942e879b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Thu, 17 Jul 2025 21:38:35 +0200 Subject: [PATCH 957/988] fix: move paperless config to module --- nixos/stolas/default.nix | 21 ++------------------- nixos/stolas/disks.nix | 1 - nixos/stolas/paperless.nix | 20 ++++++++++++++++++++ 3 files changed, 22 insertions(+), 20 deletions(-) create mode 100644 nixos/stolas/paperless.nix diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 3a370c3..b72f6be 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -4,6 +4,7 @@ imports = [ ../modules/profiles/laptop.nix ./disks.nix + # TODO ./paperless.nix ]; boot = { @@ -32,7 +33,7 @@ luks.devices = { root = { # TODO - device = "/dev/disk/by-uuid/todo"; + device = "/dev/disk/by-uuid/TODO"; allowDiscards = true; # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL #crypttabExtraOpts = [ "fido2-device=auto" ]; @@ -115,11 +116,6 @@ enable = true; browsing = true; }; - paperless = { - # TODO migrate DB - enable = true; - passwordFile = config.age.secrets.paperless.path; - }; tlp.enable = false; }; @@ -127,19 +123,6 @@ stateVersion = "25.05"; }; - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; - systemd.services = { modem-manager.enable = lib.mkForce false; "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 6b07f9b..3ecb67d 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -25,7 +25,6 @@ mountOptions = [ "umask=0077" ]; }; }; - # TODO tmpfs for nix/var/nix/builds luks = { size = "100%"; content = { diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix new file mode 100644 index 0000000..7591f0a --- /dev/null +++ b/nixos/stolas/paperless.nix @@ -0,0 +1,20 @@ +{ config }: +{ + services.paperless = { + # TODO migrate DB + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; +} From d618890198fedd909887b0cf7dde6a79e54938e9 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 17:22:31 +0200 Subject: [PATCH 958/988] feat(stolas): add name of NVME device --- nixos/stolas/disks.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 3ecb67d..5d48d17 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -11,7 +11,7 @@ disk = { main = { type = "disk"; - device = "/dev/disk/by-uuid/TODO"; + device = "/dev/nvme0n1"; content = { type = "gpt"; partitions = { From d81761e519a255025b5adeecf95307b3521943b0 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 17:39:21 +0200 Subject: [PATCH 959/988] fix(stolas): update hardware config --- nixos/stolas/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index b72f6be..6733652 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -7,6 +7,10 @@ # TODO ./paperless.nix ]; + nixpkgs = { + hostPlatform = "x86_64-linux"; + }; + boot = { # TODO lanzaboote = { # enable = true; @@ -17,11 +21,10 @@ initrd = { availableKernelModules = [ "nvme" - "ehci_pci" "xhci_pci" + "thunderbolt" "usb_storage" "sd_mod" - "rtsx_pci_sdmmc" ]; # TODO disable for lanzaboote systemd.enable = true; @@ -50,6 +53,7 @@ hardware = { # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; framework.laptop13.audioEnhancement.enable = true; graphics = { enable = true; From 502d9aa4dc2a1a3371cee33f35abdf7eca432a45 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 18:14:56 +0200 Subject: [PATCH 960/988] fix(stolas): add UUID for root luks device to kernel commandline --- nixos/stolas/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 6733652..10302eb 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -36,7 +36,7 @@ luks.devices = { root = { # TODO - device = "/dev/disk/by-uuid/TODO"; + device = "/dev/disk/by-uuid/81dfbfa5-d578-479c-b11c-3ee5abd6848a"; allowDiscards = true; # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL #crypttabExtraOpts = [ "fido2-device=auto" ]; From b8be17a9a9df21886b89c1a625f639d20933a741 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 20:05:29 +0200 Subject: [PATCH 961/988] fix(stolas): enable lanzaboote and additional firmware --- flake.lock | 165 +++++++++++++++++++++++++++++++++++++++ flake.nix | 4 + nixos/configurations.nix | 3 +- nixos/stolas/default.nix | 22 +++--- 4 files changed, 181 insertions(+), 13 deletions(-) diff --git a/flake.lock b/flake.lock index 4bab678..572619e 100644 --- a/flake.lock +++ b/flake.lock @@ -25,6 +25,21 @@ "type": "github" } }, + "crane": { + "locked": { + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -87,6 +102,43 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-registry": { "flake": false, "locked": { @@ -123,6 +175,28 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -157,6 +231,32 @@ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.2", + "repo": "lanzaboote", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -241,6 +341,49 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -250,6 +393,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "homepage": "homepage", + "lanzaboote": "lanzaboote", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", @@ -258,6 +402,27 @@ "treefmt-nix": "treefmt-nix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 622f9f0..73686ce 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.2"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; homepage = { url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 38c38da..7a4185a 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -4,6 +4,7 @@ disko, home-manager, homepage, + lanzaboote, nixos-hardware, nixos-generators, nixpkgs, @@ -40,7 +41,7 @@ in inherit nixpkgs system; extraModules = [ - # TODO lanzaboote.nixosModules.lanzaboote + lanzaboote.nixosModules.lanzaboote disko.nixosModules.disko { nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 10302eb..5ee2a4a 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -12,12 +12,17 @@ }; boot = { - # TODO lanzaboote = { - # enable = true; - # pkiBundle = "/var/lib/sbctl"; - #}; + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + loader.systemd-boot.enable = lib.mkForce false; initrd = { availableKernelModules = [ "nvme" @@ -26,16 +31,8 @@ "usb_storage" "sd_mod" ]; - # TODO disable for lanzaboote - systemd.enable = true; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - #boot.loader.systemd-boot.enable = lib.mkForce false; luks.devices = { root = { - # TODO device = "/dev/disk/by-uuid/81dfbfa5-d578-479c-b11c-3ee5abd6848a"; allowDiscards = true; # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL @@ -54,6 +51,7 @@ # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + enableAllFirmware = true; framework.laptop13.audioEnhancement.enable = true; graphics = { enable = true; From fc2f547919332fa8b56ecde0c663b888a9723b8e Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 20:07:54 +0200 Subject: [PATCH 962/988] fix(stolas): allow unfree firmware --- nixos/stolas/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 5ee2a4a..db1f640 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -9,6 +9,7 @@ nixpkgs = { hostPlatform = "x86_64-linux"; + config.allowUnfree = true; }; boot = { From 427b62fe07963a6d2dd753d0fc02ccf678466e09 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:02:08 +0200 Subject: [PATCH 963/988] fix(stolas): name of dm-crypt container --- nixos/stolas/default.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index db1f640..197795e 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -32,14 +32,6 @@ "usb_storage" "sd_mod" ]; - luks.devices = { - root = { - device = "/dev/disk/by-uuid/81dfbfa5-d578-479c-b11c-3ee5abd6848a"; - allowDiscards = true; - # TODO lanzaboote + TPM2 unlock with PIN https://www.freedesktop.org/software/systemd/man/251/systemd-cryptenroll.html#--tpm2-with-pin=BOOL - #crypttabExtraOpts = [ "fido2-device=auto" ]; - }; - }; }; }; From ae419eb19a2c1884e57697d2ef437b8770f74e3b Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:15:35 +0200 Subject: [PATCH 964/988] chore: rekey --- secrets/agares-backup-passphrase.age | 16 +++++++--------- secrets/agares-backup-ssh-key.age | Bin 898 -> 741 bytes secrets/agares-wg0-key.age | 15 ++++++--------- secrets/ddns-credentials.age | Bin 521 -> 466 bytes secrets/etc-ppp-chap-secrets.age | 16 ++++++---------- secrets/etc-ppp-telekom-secret.age | Bin 407 -> 370 bytes secrets/gorgon-backup-passphrase-gs.age | Bin 403 -> 343 bytes secrets/gorgon-backup-passphrase.age | 16 +++++++--------- secrets/gorgon-backup-ssh-key.age | Bin 791 -> 721 bytes secrets/hydra-github-authorization.age | 15 ++++++--------- secrets/ifrit-backup-passphrase.age | 15 ++++++--------- secrets/ifrit-backup-ssh-key.age | Bin 775 -> 733 bytes secrets/initrd-surgat-ssh_host_ed25519_key.age | Bin 820 -> 721 bytes secrets/miniflux-admin-credentials.age | 16 +++++++--------- secrets/ninurta-backup-passphrase.age | 15 ++++++--------- secrets/ninurta-backup-ssh-key.age | Bin 759 -> 741 bytes secrets/ninurta-initrd-ssh-key.age | Bin 890 -> 721 bytes secrets/paperless.age | Bin 396 -> 355 bytes secrets/pruflas-backup-passphrase.age | Bin 419 -> 355 bytes secrets/pruflas-backup-ssh-key.age | Bin 844 -> 721 bytes secrets/pruflas-wg-hydra-key.age | Bin 446 -> 367 bytes secrets/pruflas-wg0-key.age | 16 +++++++--------- secrets/pruflas-wg0-preshared-key.age | 17 +++++++---------- secrets/secrets.nix | 2 +- secrets/stolas-backup-passphrase.age | Bin 371 -> 371 bytes secrets/stolas-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/surgat-backup-passphrase.age | 15 +++++++-------- secrets/surgat-backup-ssh-key.age | Bin 790 -> 721 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 806 -> 720 bytes secrets/wg-privkey-vpn-dadada-li.age | Bin 403 -> 367 bytes 30 files changed, 73 insertions(+), 101 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index d538c5a..3139105 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w RayKtknLNvFu88aFp4QL7ZMLAh5VmHmlr1DWVsWBziE -rckeFrazZJ3TxY/yD2wlzRVLh9L4x1bV2Nk7Q0S/RWM --> ssh-ed25519 Otklkw oub7OICQalIkCqAZh4/FfXB9PPBe7j2IpBP7WF/UXGk -gAwxU97b0Js6UPv59/1389/qdPGQb4koa49R14c3UjA --> mU.rG&?F-grease V? d a}mj5 ^&dc?\ -B0k6BjXmH0cm74+rjQrzJwKa1dcFwTdmlgltZ70oHctwA3+E4/CQ1ChH9UHzkHGG -Fb62klB5XYePywsvxLo2nIGVIvhBgsfIvUpq ---- ONLpuXfKtuCB+VD5IQ5KeSPyqgEb4a2y26+n5E8Ph3E -uîD{¨r íÚ˜¡°†RÊ9õP¦ j?hDÃ<™ØOÓœÝáè> ‡Ä-Œu¹áý#…Fñ2N +Ysò\ õ \ No newline at end of file +-> ssh-ed25519 L7f05w ZwPKXDj4QV+9GrvwgEI9vwhwwoHgZlnveG5GwpyeAQ0 +f4iPzhbR2HCeAQ8cUDUqcYmVPoQ9vKMvkFQyVo1T/Qo +-> ssh-ed25519 Otklkw 3y/RbwOR4wv6Iwq9+jMSZ1ntAD6G5jgeMx0PoBq3UwI +CyHATiRIbyj+yzVyhh8ccnL6j4I8BHhiBi8l3RV+mKs +--- 69+YwES2m/Lz68QMJTANOjgIPWmmjgFTrBGoEdHuaPY +¡ö«Çç¥ +ŒÞLÓwJT;&)IjYjzGRmv4A}2dL-6%ZDfJ@g-p}06h zH#Nn`)YQ;Y!M`LsC%arBFV(ozF}2hw*Ey{qGs8mPqCVWiAX(ep&)GZI&&(`6%Qz{; z#lR)q&&wc?%Ook)w@}}$u+qRa$;G?G!==C}(=))$x1hwyAl$;l!pYL#Ft4aQ*`zX( zOIKG{!Q3e|J2=B4E8I6NH$B|I(Ie3#GC#>9tkP89JzU$Z(zn!4KeDPMBrvO(%ZBrc z{vHFZfA!VOm+wArJ<&U7k8jqmsZKLvmOa?hY}z#Sis!XCp}MECm;H+he-N`FJMYWs z&ZAE~?2<0-FF2_m{~_;JXAZQEZZ`%Jge9{BR9myJwMIU(K|88+ae{)tjr)E zWL=t*bx@G2ZhBE_VsWZMxTBqZY@SUdSCW}imaDe8Z&*cMp^L9+NRgjodSG~FV0Khu zWTA6?MN(O0kfpI%u0>Fko1sahc5Z2slet?`uw`MsL7AVEu@9HGzf(q*cT~Qqeqy9$ zaAu{Sb8dLLkDqx#XrxPuk#m@5T2*3HXkngbexb3pS5;P$Sw@L=rjK@INWPnPRk$w~ zm#(g^LV=@Kg}daYtEmNW@^%L;xwbA4yWWTOdFCRD%NCuq-i{f(CSWuqNM$_sx^YY3Lv z65D_ALj8mCg4arMS6(ZIJ-R097e3<=>*w&(6Vm3(G8}IIHI3nY0%zH;?S=_6{~n$C zTTAPB+pi}q_x^heTy}j~DtLTP;@e+25ifu2So1qA;`rWA@!NGaT;ZJkHU8EGqidh5 z49eNJC{;c8NN}j0HBar?C;6tIX_=BHf3o$u+V>^w`&6E?tG+=g{PvfO$&us&P}F@by9H+_UOQZNXzht(J&D_=iywTylJ(Q#c)m@6eKYFQ z5r^bM$*zHmpRV` z2^7Zix4!V`Us&+E{44Y1U8-#r$`iS=o!@z@_L}_?I(c!PbFI=k+1moFM|bmHHa#X> NucEW!@0;3|1^~5_Y;*ts diff --git a/secrets/agares-wg0-key.age b/secrets/agares-wg0-key.age index 9938b85..c673a58 100644 --- a/secrets/agares-wg0-key.age +++ b/secrets/agares-wg0-key.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w ENcdsQ43v/xIe1Ej4BYjb/nTjIk76N2DR/zj754Puz0 -vIDFk+A/m8rOnBNXcvfBX4SJNxT6LP64s674v5pJtcQ --> ssh-ed25519 Otklkw lLwVf/2E67Bue+VBu+EMupLjuv6wfR656CD1st71GRM -AsXHvpANM0mOiSW3LTqzbEneVQSKNb0TvsMY2WCPfbk --> DJZq-grease 9))O09 z2- -ZFxd5v9Bma6VVIvpw8VK0DSR55lHUNOTh6cNxFJAezXn1apmjvuZPdMSXZ7OrE23 -qlqnskWvo+SX3JF7NH0yQf53dZJU ---- pSa5IqZmIDAHJkcPgqrS0WUwnD1ipE2pGr87qhTmrjk -Û(E˜/—P(©Õ|J¥€øªëØ‘éÒ‹˜zñ`JOÁ2“ŒÔ–‚Ûñd3qÁ±¤‡O­Ú!”8òùHN3\°Åê‘iš \ No newline at end of file +-> ssh-ed25519 L7f05w KLdcD878do/oYEztzNfCgKtfh4QCFmCMSZiapueB5Hg +wnSioiBtYXjASmU+6WUGn26ga6Q3REbFC7DxA29PQno +-> ssh-ed25519 Otklkw WstJ3pNxaazVPxNjTx3NsXQFnW8sy51CYoB5WVxwHWo +YOmD3exRcPoNer1y7Me2t3nOtUY9Hc2Oywl5sXMlTWw +--- tCVr+COM2orioyWJZvvwbK4oTlRErsQLywIoCVGrO1Q +‚/ïaÕÎ>0LÜÑ|3ôÏ`.@awGëÖ—š§ií}=ÂKÆ®‰Þ$3?rÃètle ß©Ãb}Cq’£¡×¨²„æU¿ÈbcŒ­!îP \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index 9ae8b774111398e0cee5d98039d21bb154a69c3e..b306c21d933f5e38ebf3b7953e23b8ddca3f81f3 100644 GIT binary patch delta 412 zcmeBVxx_p{r#`XBEkN7VQ9m=IqSUA|EvU*YJep--7~7#(kZDRET|;K$0^bz)F?CEl}p!7p}06h zH#Nn`)YQ;Y!OJYjzpPv#vn;|nJD@l>&?qRUFf7S6(#_ATC@I@8EGon(%+u9Xztlf6 zC$YFB)uN)DtJFC$$uTX$($gs-E!WG-G)UVhqSCS?DmPF&&pEvy%gHZ7+tNQ(->brP z;z#lN9Q~}|VB@?@*F^8Id?SCi5<|CeH#fJ6uxyJABg?e(Z0(}#wpV~dFLpyF~aU0q!TXA>WzbPr3z z$`YSMZ{K{6;F6Nu;>t*0uhdE}Gxx$U_v9k)B;zP^r-*O^E+*y3d~Q|IPfG$&9| GVF>_~iHp(z delta 468 zcmcb_+{rRQr(WN~FI_*#ysF&2(96*+JIFL7HOZyiFT1!bIUprHzce5#E4!>bBs4EC zpUb--F(fP5)7>>cCAZkrFf!erGBL>CIWM==FDKn2#I4N4KP5QJEyu*WDm}!+I5;~g z%fqwEE6XjPtH3lc!{0Z^-w;H0rr3ObwDV4IB-U{fbRJ%ei!Qbrp&YeF_5g zO+8XdEX+$YLJbYvvdc4_jVjAMOmoVj3J*02| diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age index 6a4d954..eb705d9 100644 --- a/secrets/etc-ppp-chap-secrets.age +++ b/secrets/etc-ppp-chap-secrets.age @@ -1,11 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w 6Ct4ARdph2N0g7ZFljPbEAg4R2gP5z2qMupI288AF3c -NaQUNkEt7XsV0A4nNR5uguwK6C2KN26FJjeNB0mtz8U --> ssh-ed25519 Otklkw uyRTZRjgzleuEFqGJDiO84c5yXFV0XtQci7PdroNzAE -vl80LseOwmKyR+d+VXWseuszqao56GjnbyN6XzETKt0 --> {D^ar+U-grease bvk{ `4v Tc? Fv -m/JnzLsIbh8nYWSIvbBl7GwnZQPvAyuHSbmNWiN5pzS7O+wFs9xWwl26Vn6Y/lEf -JL9+Ra5MHsiR7C9XRf7or1rd62SPuIKyaWlq+Z4Vqr4Of4jWyJqQtNo ---- 5cNGpnlhGc0NNriUIZ5KYGR7Erh/fPqV8/8qnpqEn+8 -sqD&Ÿù‰L“‡=7Úämä¦Êií½Ø£%Sf(ž#éreãÎë’)Ú§›^†v÷ãc$g„¥yïyíA•»k6ý¢Ì¦íFñ8¾J=ôôJø -W \ No newline at end of file +-> ssh-ed25519 L7f05w +3ivAltBBSpHDV8MI0WvxF+sQ4a7YAdPQy0YrpVtNEM +JnMWRY55x5/ZGtgZY2Wex+/bfa+/q2cIV/z9OMTIPiA +-> ssh-ed25519 Otklkw hLGKbMeImUkJEXZGW9KeqNNncBCltrVwIipE+wndQlE +zOHgtuhd2EHFfBKry8RORwe/w6naEUK976OuUqywvVU +--- fKBvXBk0gulWSTgRkQBBdSrV7loB+P6YKsdcVWAiofc + ~‘hÍøWÕbø+$^È,¶«µ5Æ_Õùm±,ÜÐ!ÙP«i$ÐÕcÁÝwM¹Y ßLõ âýÌþ]?P4 ô6LŸâÒM«®æÏðÞVL \ No newline at end of file diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age index a97dc40a488de8c7f143cbcc249894bf34c88c55..e3ea72bcf1757feb3e73b5893be562449a0ba3f9 100644 GIT binary patch delta 335 zcmbQv{E2CTPJNb%cZExoerA=0muYE=dx&RlhMS3}MS7}JSZTOvXh~I6phDwwY^gIhU@TLUD11 zZfc5=si~o*f`3VNPIkFMMS6y7x^roMsaIZ_Ur~}*R=u%PVN_PJwwqg(U%7dDet3$7 zON3vdZ@yzXS9xA(gr}o_WpZU!c%Z9!PV5p^UWL0n| zm#(g^f~QAdVO2m#uvbY)mW72^SWr=fPld5(q<*q@m}^mKNkK`be|d0FT3NCQmxPVE zscm)MYmcqxT8>>;NxXJK%W!q(dc%3j%PxJq5n!QyPvWL!g3pXi=D*(Cvwp2LTW`80 iOfEP!<>~J1N$KHlJTwB*{`L#LtJeB<^tDb>BL@H*_Ij28 delta 372 zcmeywG@W^ZPJL01W14<|Q&FBzWO{a{QDTmPpJ7s>U#ex6MWAtHWqM^cX{u+qaiwK>MNx)FctlZ!Yi?wwueU{5rjKiKdS#iZV`xUEzllYdE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1v3XFbX+WS`m}8!iWqGBaYkjDbr)jxGm4}gqe~Q0PUUs6s zZ*s0%Zdil?S7b?&Nw}lGc}S4Cp=EeMv16%GnWt+-s$WWxr$=yTl74uUM@~qliDwYl zx|rN>%PQUUqSVCVRD~K9CACO}+G* Q!NcckrG7_lU3EPH09*8gEdT%j diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index 24beb4001c319a7a7f2465532add0d647fa78741..1ee5a873d11148b47401d58a3c9e52d3d6807191 100644 GIT binary patch delta 308 zcmbQte4S~6PJO0-Zf06(fPaLAV_;O0K~}n1d1QErWoThoVNsQ(fxe@8c2z`rZbVp4 zGM87FQFw^9xtYE}mXoEIM^>(jdyrX_dx(i?Sbng%iEDv(N};!*iEo-?D3`9CLUD11 zZfc5=si~o*f`3VNPIkG1r=eedriq7VX{t$ipr=J)X?&lbH$~8ot3E(4FWDZ{`@-N5;@u3 Go(BNplWNES delta 368 zcmcc4G?{sVPJL2xd0?rrQ%GuINJOM@MsiuAYlUfLYF1%No@sHBSF&$tkWp4ZrbR(u zAXm1diLYtCetw!!xL1mKwsEDGS7MSuPKsxFluxNgSwvZmUwTn#W|B*(Czr0BLUD11 zZfc5=si~o*f`3VNPIkFMa-wmhL1IBvP=QNmNLENvdVOM2fnjBmr$@f0Q<%S_MNvk6 zdWlzPSz=W_SD1fVaD|7zNtUZYva^waSCoEkqhe>2m>46lOHe4mK$2un+!uqf?-$kOskA8n`bDDAv5 zUw!RNqw;hvU0q!TkAPr*w ssh-ed25519 0aOabg rRJrTkyZU+Fmx05c4FvTCW2xrGKVzqqkECywb99OLwg -AELU54TN2oUxQ9r2Zx2CltVvyKh+7kCJnccnENtAZyE --> ssh-ed25519 Otklkw i9UGmqESZAaz3x1B5OjJq/ILEQnDRWsGbgHtnICrBl4 -plEjZljaiRmeOhqFxblzfFcy/VqViE18hSwPrxgHm6Q --> Ukp-grease CP.W -MZp3tfA9p0SwGxc1gaphv1XUPi3jj4dfeiBmiVl/FB7DYubrLzbJZ2Zviz3S2h5l -upLMFRZsTyhskVQ0lCfXFXb86xLXTc6pXM0klBwGajJrJFbF5Q ---- JZS2Vh+BBv5memqLMM+onaaldFUFm6keKFQooGSmL04 -.oçÄTŠ ó2¦«’bºÂ‹k²,¥—·Î·E‡“áÜØÌÄx|•óÑôg‹ÍÅø1­¥˜h;\}“ê¡8¾=e)л±'ïJp(¾ \ No newline at end of file +-> ssh-ed25519 0aOabg Bnv1ysgdcDayoKij0c1pB3s2I+p6Ps9s06SB/NBtQWQ +g7r0THpvT3Gl/yhfuejugvvuEzbl9wupseQuc+Fj6xE +-> ssh-ed25519 Otklkw Uto76sjDKrpHnCfH9wLauXX7hj6eWkiu2ps33lJtbA4 +27yu6fZEFYg2qvFtPvERDUpLVNAO7nVYMP2+5cBL/W8 +--- fmqPTiddDg9/oU6PYfuuB1Me2gDQQBzk5T/2a5GdgBE +HE…°A"U PZMçi~׊P)ø߸C§ûË +ß– kb,c•{ÖÒ·=ò8&ªb›³öc0bzøé\5Ó-›òpœ¶>`¨æO4‚ ;/Å9; \ No newline at end of file diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age index 64ae67527617004f823eec7b5ba94e69efcb3782..6fdd034e5db07d8ca215e0205c1842eb9a07f13e 100644 GIT binary patch delta 689 zcmbQvc9C_0PJK>6uy$~;V}-wqg;9P;X=+G7QlW=uo|loCmzQH0lY5F^c6wx>yK|+l zucxJNWo~FOSEfObqeZg0cAXuiXe}0|o(b5%97u`J`*t%FpLRoS9 zWAC4}iZ^C!Z)>Q{*UAa}JA3+?3ufGFTqXJ~Sq)Fid@LzYs=w!&aHVjqbo|q&FXTBo z|0;-XZ*!Nspj&LaZWHU$9R06{-pq9K0-=)2F#VeTV2(@o!@*c zX7<|Cn?vp!Sw_fQKAz_`C+NJF*V5%lcl7>02$gaFC?0CJWx{6PnVt=qYqc~xo32F& zN~ksZ&SjfYH(@8^nk7@~FWr)9xye3RV~T#t(^Sz{p$y+ltFEtnRw}3YblcsNKkpjy z|6qL=eBCAE;^}3gJ^MQT%n=newCLNO7^W8?+R^+W?3TC5qJQ@f@XopB`{3gV^U_eR z8NrbX r-`#`@Rd;Xf*`~qqZ1XSe**B~kr_B4bO0f0n{c`ovmW++t%;HJ`DH9ng>gYf zD3`vrPnlm}QLb~KkC8z}QhI56Ubd;RS)g%Qka4banwwLavtM$OdrGoTAeXM4LUD11 zZfc5=si~o*f`3VNPIkFMp^r;Isb5}!LAr5rp;uW(P`#P6f4*UOxPC-vhDo?~dP-ql zu3=7Ul2b$=m%e3oRfTg=U|x}hZ+LK3RG5WddQg;WfSFfOl)p)ohkK^6VNq&osi|c? z$U2?GDDO%e-Snc=#Nt$iBEy^#9j>&*jIcb@3ZD>5M*|lVkKD*AM<0LxJSS%ZLzBwl zitN1l#GEh>qcmr4CnrO%axPt6T?Ic!edn_B)DTB6=a51tU!Te}1JB$@6YubJ!%EK( z=fEm$eG`x3$YS#XSFY}}2X{?6^PtbxBHi(i6g(_q=2B(zY1T~ z9xu9@^yb*oJAXe%%#Ajj-Ek(prZ+_3vU>ln`-MLB8#YQ#yLjUC>b+WJy)W)`9$I=d zi)GKF4@=lSeF^{S(D!-Oy*)R)Y-R;>p7oyUyxR2j(#ub_7VJJ#I7{XI6g_2wW8p2n zLZ;_lPH$T+Cv?h5Dkg5T-xh8Tg_vL8E4LNhlCYc4`F#Hg(a1x858JIy)Ry>{I3Ze9 znX_&Av&OHNj%7O5f2mS=%@biDO2)8g~eTN~b=mRc!Yke(ssA!*iK zXd|ONikfX z!KC}#jhF1bJ-rXVdiu`% KWwrX)r+)x(9ZFUJ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index a78cf11..d610670 100644 --- a/secrets/hydra-github-authorization.age +++ b/secrets/hydra-github-authorization.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw UYOoBfgeJfHWWDn9c6YZx5/eKpcESIZ1x5D7YhAzagQ -OLx4uxTWxL3iQqf7PuM4TzEjglyoWc42vcdCQ9wp2CY --> ssh-ed25519 Otklkw UwQM85450Qyg7FzrEYV75tYuD8xylkixRPfkpy36QQ0 -Tr8JHaK5OvsNrFcKujYjFbCnj4mK6C2FHpqWWwmUdY4 --> \rgn:U-grease >9e'r xm jK|e1 X"X -YvR9JDrsZLbAW2LpDP7j6IbGQCfe/FHk9eDvBsiN25yaKOODExRKr3KBTsc+GxK4 -j7Ulhp+uVGLJWxhI7sREmjfM0jthwwEKphPSNj/f3Qyelj/kxboIqfRZp1A ---- elz+4e81h73AF11NOXuhxNwtA0Qnc40N6/oeMPdIwpU -ñ +,GÀpÜ‹4¢¸³„­"A‘÷IE–;¤_‘:ƒ¨TÛ‹Þ¨ùŠ˜ÎØ¡€% —mª®mü(œÕ曺gŸ¦Žé~Œxf"}&ÁL-AÒˆÆÜó+óv* ÇŠ²Ä¯à›g/7½oñÓà’”¼@ú”´ôo²ôhÜ=ì9Ý‘ãÎŒ€õç?óÃÈPý \ No newline at end of file +-> ssh-ed25519 J6ROvw KPY6Uy86G3ixSpmC5jZQccfG931lfJj4ti4rJI4cxDU +mpuAukp6Wbrp+y5/FDeqI8rf30L29VYc3lGHeKOes0g +-> ssh-ed25519 Otklkw gez68dma7MQQ2WAKht9Gakj3XL2seZGusRscwrjcdFw +kLzSfbi3HVws7CBpH71abUe/IItakGZ2W7zGh7UfycA +--- 1eLDLEU93FE2kvXoz+FsgObQpyclU9XVnP/ElbBc0wU +ôFw§%DWä~ɱy×@&{ÈÍðg¶Çkt²8ÔNËMq/sB:)¥*a†|Ï¢õ0'<<9Bg»÷ ztYòî ’P±pývä©z* ¿Û“¿~6Ç æÃ}Û$ã‹Ù{-6ƒ97 äzs<â‚36t2f±¢zÝÑQ Õ:AÁ•Í¼)p \ No newline at end of file diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index 640ac05..d908a11 100644 --- a/secrets/ifrit-backup-passphrase.age +++ b/secrets/ifrit-backup-passphrase.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 yMjj5g FtHlFiQa2xr57K9GiS2VX+NYI/2kP73wWXVBsr61cD8 -Gokj4dzQP6AB9YWRBvmXL8/Sts7NO6g6wP1hIYkKdp4 --> ssh-ed25519 Otklkw UB1L2gKr0wnsGktaVlnbr+nSUZQ34g7JO4uuHYhuuyM -X4AT5taAJBtFia62IUTDa1cdbZtwaxYRQFCDez8aK8k --> r;DMOG-grease h"Tb e?z^VJ icNa -/0ZIHqI0whHoBw2Qs15bxY7o1sudscitKuUB3ysyFwUVsIG4nzTOS2GFuXTQ1WuD -5pH2CQfp33hvqrqV ---- vji5ZWP7+BLgpmyX2Sxgdv7Ht37NvQ8DuY1/t3cvvuI -]ýËe†£¬¸›‰Þ›³,%‰ qôŸ’âån„AM{D‘ ÆJWæL’‚·G@´œòêž/g‚G´o½ð.VÃ4 \ No newline at end of file +-> ssh-ed25519 yMjj5g JOFZJRGtrC1G4btVZ/D/XiKqwqSrpQpOiI6UdfFE+no +1GBByaq2ojp2Xm+FNsIXm3iNcd8BCIo6uBThZEne8/E +-> ssh-ed25519 Otklkw Otqt6BlhQSzreJy5NlCTo/9at9stWnlVN73zNi0xVW8 +5aUfPsoYZEgc8PJXd41wtpeETCTe0LtGPxqAm15Pg90 +--- h2S6vdReOwpqA/C3kr3rnuSeaWKr+3Nvc0vQ53WVNHA +*ÿž§O%ŒCÉ\‰[›+¾‚Vzøë¤/GB e3]<›ç È¢*kO?1·\ÄØð¤iÈ%j \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index 6611b7aa089abeb577c81e8011b04df0c812d410..d7059202b2de26c9d7b6c2c4eb86f181046ab2d3 100644 GIT binary patch delta 701 zcmZo?yURL3r#`AEH!(3N%q-tH*V8C6-Pk+8(BC`PrO47eD!Du?H^SAeJTJ1)(jYwD zlgr7&-zT{&DkICK!oxe;v7p!_px87#%HPq@+{G+aztG4m(l6ZA&p$Y#oJ-eEp}06h zH#Nn`)YQ;Y!M`LsC%arB&@iwl*vQc!!mudNJIlw&vc4kKJTRps+ug4!+0jYcFC!<} z*Eu&i%sDilE8L?f%{$0K+tSfDJHt0COW)C@+&MD6AUh!4G1pK(uh1yO%q6YLurl9~ zOIKG{Aw1V3s30h$Ai%RUH$B~_+%>4wIKtbw$gQHpIVan&(!$%tyjZ(1r$FD4OU-sq zh*qDBNWHm!#ia#T=JQ|YX80J{qsl7#ZRPwuZfxP_gfr*wJblfDm-VUbPL^Wtor=ZN zdyC30{hrm_E8u|sO+ z*Rm`2yuW$n_}iDf;IsGVvSwd^JbML=7g}oM2?n{@LclsQY*0>{e zS76p5F;~UtIt7=b^+$AeN*b(LaOo%4-hY9Dn~wO;yShp|?Na4`+xcD=yCz@PGMuTD zdiRvSNrTAI6}JwHZ(kebds)bM>F$iSiRzv@H$Uz){m;B8L-g(JR&R-YSAKO(V|pS} z_FJC6^rvmLq;tZ)HOy}xvZguc#2m>D+-@x8{QCT>#XH&OcD(lHTCHAe7L;e4{W4RU z>++sgZTs5~aRk4vzIlqpO6ty&lj8H%X0{(o{r2hF(O$jlx3+d)KEI;8RHE?qK0^TQ CN+JdT delta 743 zcmcc1+RipXr`|QM)U+@%D>=xwG}FZ>J2pLa5d>0s`|!_sBRlld4fTt6moGA5HP z+hgMG6BpceHF6m(-J~0%ob^dR<++{nsTrQv6dE3}KP|lPZ_6dCd3}~=e^=t z%=mh(z_;$6vN!h^Y}@hI#9TTvCtm$jiVJIf)EV7>oBngACuQ-@bK32v~QhtfTFP4rCw(RnwO diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age index 32dbcbf2ce1b0961f179ad26bb2a5577f8e340cc..ded499016d73087d35b30f46e0eeaf6d2caacc57 100644 GIT binary patch delta 689 zcmdnOc9C_0PJN_7P(!aYU3sNTi>cw@F!%d1Zk`X0dN@x|egH z1y@#7s;_66pHsPIYKgmfL9wr?i?OzQZjnK%Pei1vMR`taiwWMm3y!S zm#(g^LPcq^i-}{UX>ov2QdU*AMPinpNpgC)lYT~INt#KbQL(deh>?+3MU{mCmsrKz zC1+}i?$wt}?T(tUc;>c@>vofvZ``|_xJI;Z&5;*xC)R6K>VC|!EIqW={?nvt9urAL zqdUnzb?)7r$b8H6Xn0-8uX`HaZPV>ylb`2G-(ySN{9{U@Re{Zl9jokP9w*$9S!={A zd0lu%xRg2Hxzy5dQQ~Q&%WG61zEv$EwJ#&2tgO&FThWd-^5B7RR&Q`l~z+#C{ zW8h5ZjrLY^EV(>I#C18FcWrwi!_Sepey>@b4v%VE2G7pPc1hjaOZ2Yi=`B8W`n%3) ztKvH!eU9IVNb|Bu=B_+uW_8<&|N77Vqav?AGqX#l%({B@AJa_!d1s!a zaN0Az=!;*TsDv?JusSAJ-@4?ZkIYJ`N1K$Q?@8y#$KUa=DB2)Z%lF=R!-DBf+_zWV zo>J$r^OQjS%Nda$PAr|Yj_cI&O(&NsOz#tWJa^UprHA>d^ViC3t~1pPIrih$nqR*b z99n!VqF}~sO|cU`dlv;;W?Fr(iJx)!+v7Q<%1g?2?s#r9t=o;sFKpq=D-E_HTJKIe t?N=zClb+M|xU_x4CI~Rz;M4K~`~LfU|a#wnapcNmf>#pM|q?IhU@TLUD11 zZfc5=si~o*f`3VNPIkG1Yg(?4b74TRc5+T+u~&AHaebt*Tc&qNsz-7_W~EnPv1vd^ zWr~lPiJyBiSA}^RFu0qEskNFQvJ|WkE$rQGRtyPNBu~@tddOMunePoCqu5vtkeQGZKndC%rG+_b5AZ^U0sDx zL&uV&((;fr=g6$ev@HFAN`2$R>_8t=LzgPQ5|8jK180Naq5{L>ib$>pdUg*USIRf^ zu6-N7(qwqq+U5YP2ZeFR$F{l<9p$gGdI~R+rbwu zvU%=1qYF|$zu*0IUEHaw{YS$gxbCIL4R>SSVg~GDLz0T() lO_{kJ_&tx`VPGp>SX3Rk)t^s6CE8@FSp-wL)e4)+BLJ5`MV$Zu diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age index 06ff0e0..76b2fab 100644 --- a/secrets/miniflux-admin-credentials.age +++ b/secrets/miniflux-admin-credentials.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 jUOjpw Tuaz2+fgz5f2ZacAYc3TdREIurh+XG5RjjKpaEFgtGo -gB1iaKV+xAv0PGdjZwmBCxMbxgCqZrM2JBDiEWCl//8 --> ssh-ed25519 Otklkw ocyFHtGzclF+7S9I7uSqsfn5weqxj5Wq32y4c6VDiSA -hDX5Viym/WdFZE5rXzToFhqtGvj+Ft3Hh7oiuzCuG/Q --> b&-grease 2u ~R j4C 3|h`M}/ -fdhnmlw+wqO8nb86f8jdDNW2P2SxzdwuljpRrlG/ZxXcC4QxtnO6RwK9NAS9UBQr -OAxJ6v3P+cMYJcsPNLAr90rEzXfTV2VONZgoNwOKN2l5n/JX8aGCt5i/vVI ---- sYjj24oaGUMZPD4TV8JKfjSPHeYOKh+OpueLZT/TxCQ -›TO&œúDd¬÷C2Æ”ÂËW^Ë»ž€Z¡¬ &b<óvN‚»Žî©Óbµ¡Rÿúß9rŸdàm—ÂÒZ ±Õ}¥Åø¹zÆm‹&m 3^JQC8 \ No newline at end of file +-> ssh-ed25519 jUOjpw sM3nHEEUDrSNaDx2kl18pqwabNSVj4Jbl8DXRKpmhjc +pQDiAqXXAxheyYa14lEGmOFs0hrMgJgvU/ChpmZTNVY +-> ssh-ed25519 Otklkw 4hsEjZuZu32qujYfjP6XXbeEqbQqkN0AgO2lM/hMomE +e4tcDQ1NSd78ob9QNKdOOcoov/xbW0DzvOKCkMGM3HM +--- 8H+daxTtO86AApWyBd18ju2Mwquc07I5vOH8Q8FVsmM +­$0Ó\eg؃#‘>Ù÷ lÕžQŠQÆ Æ[“bœ‘íéËÀàu·½üð,Zž›5 +¿É ´é8߃Œ_¦Q+Y083Ø L*LKü0»²ƒ \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age index be260fe..716f621 100644 --- a/secrets/ninurta-backup-passphrase.age +++ b/secrets/ninurta-backup-passphrase.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw KcokdqclkdrsGZ9qXKbUw+Ewygu/btIG1wp8Zdto7BY -AUIReE3WEkpAFAiiB4nBLpuWIrdgnY1yMxwkrt5cNyc --> ssh-ed25519 Otklkw MO/KVWqohrCV4wcwsaFauzFypDRSwHnU6tz6RZ+1RWU -yJ7leSr7FN2cavJpU19YujUevF+YUxbktoKSnPZxspY --> N8)-grease ! ) -BWnkSuqZDraoIZC2crwtr2uAE0r4AN3ykXJEKy2Ma52VfNgyJXPIpoXngh/eBPOp -1ScTs8U471TjgpwfDw ---- 54cVfZ6HDGsHRxe5tTZqc17rtKD7THHAKaF++J5kFLc -&ñ¥è‡ÚgF˜(²x¯RO£:‡J¢/¬`“ò”3‹Í¹ Û쎓j‚Ò…Åo÷Áûê Øó½5î´¼ï7Kܱ \ No newline at end of file +-> ssh-ed25519 J6ROvw bBg0Jetav225RYL3Ck7MD07JIipkn4wZUHuelLT3tAM +wU2v+LX2QHxcMJ9IMrwNS9yzgCbtEdotKZAavawLBn8 +-> ssh-ed25519 Otklkw zAXdEcOs8sBXtjXAIGl8g6HV+UGo/9OmFt/L5dCVbU8 +pKqm8UlBICMkPr40q9p7mzGZD+qIN+bHA4ZKJAfp9vk +--- VdMIW9DbF7ca2D/a0fABz3EhUzuAZ0vKIFWA1FTiBGc +%ú&1¢ývä ôÑ•CUp øÑ %L#QÁ¯ü8Aw‰åíåå?™¥V1õAÞÚwß6 •pŠàÄIÆ& \ No newline at end of file diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age index 30a2b2e203856d5cd722e549c17249f84b350695..df1657f6e37807706c2630caa705cb8f02eeb0f6 100644 GIT binary patch delta 709 zcmey)`jmBoPJOAjpP7GET8>e&iAzw9pQ%@2cBn~6PNjEckbZemYJNs!xvRN_Q*o4Y zI#;lMq;p`JSE;MNxr@HGpG97|Yni`6riFn|uBTT>qEVVuR(HTR(N2EXI^q~aB-Dyp-*`} zm#(g^Lb{28QL>SbdxUAOc0^fOzO$F9k%6OsfO)=lPH4VkU|4dLTUn}SqGh%LSClO` z$E0eGkb3d-uwU1>cV(SnUU&Y1O!)eRv)-;YJE0+vd*kC`yLZPvww|t=_C0Yz&xiDa z>$a;8Wi_mSd%yFoRfcNEls#Ej_TF8)OlyAGjhxKw;py8J`s8hKn#}V?%)z;Ep z8ohjvSM2vY`=UO&yVUHHa#4%cFY{7fKlz5}_SChwCA~X; zGTBP%^ofs)PN#i8q28|BS+Qc-WGmiFHX#kaoG#=)nX>20e8%GsAI`B@=e6wQpZ_P0 z#ynHLH|Ijp%G28>tPo{VwObU}7pKWNq-GtnmM`v delta 727 zcmaFL`ki%xPJMAyn0|;wMuA(oYgMvOXh2bDXh}t6sCHtqnX_B2QKW~Pc2R(dPiDT6 zBUgrhXt{}Hd00TOYnV%hcUV?-sh?Yhenvn_MQKDvN?uNYrAKa9QCP7>K9{bYLUD11 zZfc5=si~o*f`3VNPIkG1S%sN-YKmb-rlDm>RDO1dXT5f5WS*<5vxljRaeir1c0@q7 zpSe+bNlugqN9FURJm( z$U1#Pd)@S+)WqUcuCU@jE?r$+g{0IROGCrJ5bvOn+=+Mi4St}f3VGd)cBEmUYOnP`$|VG z164%Q_*X9VD=OmheE(PP=Y-Ad5=w`bTvWX2+IQ z@hj~*8Xrq0-%&M@eO}JI^1Ai`8q6 zplyeOapL=@E>g!XoOrUW=jBU_d1VvUA6q9Eo}hg0mF#lK{`C&OoGSkPojB{2n9`lJ zJ-ZZ-gzWz1eO>p?j{1vJ{Fvf?U-I?Nujq{&aC&oqI5=iCQ dof;jVkit~-e`f8$WL^=5U}J&hw{d zCs$Z-PNadiL12nOm~*hZXOW>xsds3qVOC&}nU{x2im^v{g?o5jwrNFqD3`9CLUD11 zZfc5=si~o*f`3VNPIkG1k&#b$aH?0bMWvBpeo#ezPJOmdd4{8jetuL{kbY5yOL{?B zZlQjKX-;K6SCK_&N`SvhvQc40fM0fGx}$GSv2kI#S8|qqYGJm4iEnV8c3Eh?TV#>} zm#(g^LS}kyM52*}zGZrjS+Q|IPDWHfVybVlcX3!+PI_*7a0 zuaj@T@LpHU+-@^t=7gZWl_F0z)oiFykoX~A@ncfzeKN#$Opp7g0 z!MDGsx+q%)#e)E$Nooq`*~fjNft@?ewDFmO8N2`R?Cn5H@^O> zuV`)`|CMDoyfxoEQcddGQU7$){o9u&=r&!<4lVn5{;RO_J%c|lc3fuoq-b@%>-ioR z|LuQ`(~g&&lN0h=5TR_i^Yp8|X4`r-|JjQdM=`eczkQmKKD+s zch0KnfDqq9F_KzM`|p35pHv-T@apCD^amd|>3$B=p6jV_^ui+5Wg4|_C*~dZ)9PHl uxQVG0)GkUsTW;5q;ya5#Ga delta 859 zcmcb}`ipIXPQ9r|iK}r%u18i$aCuQgNm-SlS5Z<`R!&qzc|}2~L1>|Vwv%^gM1WbS z373gWae898Nv?->nMaC?iFcBJkY_}mW2Je1S#X{~g@voXMPXsEeo&F4BbTn7LUD11 zZfc5=si~o*f`3VNPIkFMl1WZLh+l=TVL)bfZdp~HSAAuLnNMF`bc~-80g_&!(Z+3=}duoPunR|tqQ9)#-vvYY_Xiz|MroK-g z$T}CTF#oIq12x_BqSVCVR0ZoaU)vOgD#e6QEA?mvk$WPa_xK(4gEXXRj3BbmOvMcQ@1UvPhRKGw+f@gG472 zH?9aLPah+bVt4IO-yn;k5SNU?P~*aqe0Mjq6bo;oV#}&b?K~5U&^+(t@W{%PC}-2` zQp2jOOrxYCzj9wkE?r$+g@A(eL^J=wur!nUh$xdVCqwgWZDU{KP=mloA4>~;ay)qI?O&eb^GV94AZ-VDW#SyCZ(< zwimCi^#0G?@ GS_S}}onyQJ diff --git a/secrets/paperless.age b/secrets/paperless.age index d2c2d86e184c4de8be4ef80c6125d9533dc2c02b..9de2ffe698260b627b099c0e0b0217880ff6afaa 100644 GIT binary patch delta 320 zcmeBSe#|sMr#{M~IIqeeqP)n_xXipXDcdtB)3hY3GStmI%G|Hgy(q%X#WN~N+dnYW zgv-?+)S@Ij(7?akHOnQ*EI1%C%fv4!KheL+DaFqtvnt0gxT4e~u{6LjkW1H2p}06h zH#Nn`)YQ;Y!M`LsC%arB*}}}%EG^PE%FVDMEW+13t-d71R6E-&yuvHUx57Li)x@~K zxhTjqA~3_1%hNqCB{$66(ahVe!o@4s(%jI|BPh@y!d1WAJvgr*%3M3iDY&B4FW4lM zOIKG{A=4l%CppqHKR?Ys%SAsgvnVnoBi%2>qR1<#Dm^4wyTBmJ#YwxW(zG;`t0C}& zLd`jCIm_awX4St|l=p=!d*1NefQ|jSk+$}VTgof<6fgR_>(ucHb_}IqN`JH19_{A4 TH}P!rA+Ggavap delta 361 zcmaFN)WbYMr`{|u#3C`JqA0M!-MPZD+{`N~AUnyq*x6S>oJJ0&r)D4;UkI4{-0*VD(DLo{z$fqhhG2AJ;!lEG4AV}NYJJBpN&)coa&Be4NKer$!$GAKn zWSwSuxUYe~ZhBE_VsWZMrmB)ci4#|HX^xYVkE5wmiGF~8qGdUkuCA^^SV={Sg-5Yl zUY1i*j#+Ait4V02Uw)9GbE3YNqh)B0w|=;*wwqseZa_&kS5g>H+4PS6RvWt{6EoBv znEXle^IEddDE7q7YDHDUzYlhLCdSl8r0%aUtdod;wn=GL5z}p*lUY{&_MaZs@7njx F6aYcoeLw&J diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age index 7750b1cf6c94258bf30d125c19be3d922b5c97e5..e6297c3b8dcfc4a4e8559577ec9b7beb8261cda9 100644 GIT binary patch delta 320 zcmZ3?{FrHiPJLO4tEE@6ce;6AfJKIl1hDSwIMTWUy zGM9;SSYl9Mig%)SVpU2}ZlZQ%p;?YchFh3dP)3D$uBCTml#_p|QI?xmB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1tFv25q<>LRMwUlrqF;tvc70ZfOKO&@b6Rd@NN8oEe_lzB zxpufyW^uSLmtlo(POf)Bl8;xozFVnDSfHPCmcBtmN_M4tenD|YP=-ZTnWIlcWJG2$ zm#(g^f>CyMfth7meppqcYe__^XL_Kkk*Rl}Q&?r9Q-ObefvJCauB($vlwXl6SL1Od z!-wls0xbJBbp-}-F?n`pBxkplnf>^(o=tbcDUKsYqE5-mSAAeR-C3Nh&F}X26!YtQ SU-lefxYkuEyX1$8nLhwF3k1V~K@xpqpnLnq>ov?x3^KEt9xQ-L0OKIW2%`+AeXM4LUD11 zZfc5=si~o*f`3VNPIkFMRJy6Tkx`mYU`}XBN{MGuKz)IBa%8GYsCjvsSFT@pk$+T@ zWoDqGL27m~S7e2=ziX7McTj$AS+aq#sk387PGNypWHUg7RPw%QS&mp{EW1GlZ(p{ zr-)+njL2fHiAv%;hfKpg)=aRBx~s@w`kh@kPJVB1fWPXrt@FLyCcbpM8Oop$B>Lms d?h@G|U#nTSUmh=6cfCpD_@xWZ{~6}Q0|21chCToQ diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index dd41e2881141ac9ee1cdfe6f225fc3c52888654f..0fcacff217b502d9ca98d0254223018dbd665815 100644 GIT binary patch delta 689 zcmX@Zc9C_0PQ6i?ud!#AcTq%vS3zQ+iFUGuzf*ZhaG9^ClRu0L~>D-MM-X1a!PJqma}VyE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1wvk_QNqSOMVW_J|S!!rdaD8f2c(#W}aBzyRp{09CnNw1z zdzxEnMWkCcSBY0}qNho2R77xIu)l|qzLR#IWu$LNn3J)wrB9WUhl_q{dWvDHTVhc; zm#(g^LWG;MxoeVPuBBm~XH;cGNr-DsWLR=yKuB_8ig{vjW^!6;p?+X+nO}(sm#*IT zBiYKLef10${jC4iSbr6~@_+vFTUVdNpLqN9kLO+JTA z6Bg%3JnB`-dh(;#fXia#s}-U4B8OQ^*V%W4o>>3jbn(1jVf9`CW;_PFo-NoBAmKeh zOCYwn_pwfhBgrrzf}EXn>v&1UugNrO)k$jf4+a~X&Ep6U0YN;uWfN;xG%_aO=gZRqn0ys zn9&3K0e z|1{T1h)0yAF1-7z%k^zT&2Q_CUS>7x4=xXBeej^W;Z?JFS+(eNg@z>pQ@r@rZfTx< zKd>WMuJKx2ROLs>gAJea4o}^tm(f05^{UV^qpwq$*BPB$_ON$vMXgD%Kl^(vpO@1< t%kJE@bGo%-?4=VD2mF;J%QQ?X4I&T7&iK?lj$=ROZM21OSBZE%X2Y delta 813 zcmcb}dWLO+PQ8A(SCFA!RY0b`b4XEflxeX?Rat3JR8fdaq;_z2M5ULxadwu4QHWbr zF;{`1Wp;>xNw!OXzqgZHdSbSJqGf?;cBGkUiBGP(Z((vtL3nANexA0eE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1k)eA?hI6T*Z*X~eXmDkKQ@yWWUSfD+ig&PIhI43I9Ka-LS;~-;wW0Ncc*AOmUU0nr}fT~dK%JKqJQ}cYE@WPzXe6!3DugIXZP!nGx zmka|}3vb7qG{3A0UlXnb1Ch3;nUW%Ljo10=_r)1)wY6`woXYp!=GfL{p+@r`G5=5& zNv^x}=k^?hPlo3!EFaaWCtKN8uM4<2^=vNB#h9ARr3dXl^`APo!~aQQ>?n6(O7H&Hs5_<90;(gl|U3jy?=k2VvQf?Xldy#Q1Hf!eC{%yVZ zDd0joOGHBV0`-H5D_BLJyp8v9a7nRZB42AlF0 zySW%}`}!X>qf;^C>YuaD1> KVVUzfsS*H&)K)V9 diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index be57748a9fe32e160c462ee89c2cdeef18ef72eb..5695f548fb6eb9d2d96d60bd71708e678f8d280e 100644 GIT binary patch delta 332 zcmdnT{GMroPJMAoML~&IYNokGM5cMZQ$%5gsfTHjS6QNgzk#87Zg!Y^m9dF&SZGC- zBbT3Bm4%m2o_~ZzVUSsAU_g?oVL(+yqoQm{v%M_8_9endrJ zaH6A2T3A&+mt#q$VOB(iK}tYio_SVYp_zYU?uQe|P=xTD)%4*W>rr*Zt#>W;>h`#@6e)&v%_iUT)~EARmsHlMaWZ4_KHqsNOlt gZGHIdmZ0bl2mf_y-~G5K{jb6Gb-|I(BwAJj00C!vPXGV_ delta 412 zcmaFQw2yg$PJMoQaI#xYu2W@Vuu*}3R$7{&w~4lgU$TE#zKOPPfO)=wSy4u1T2M}K zF;|FlNT!cdP`+FQ2H4K)>MpjI^|3Cl3z` zm!Q!4va$>(k1)&99K-a&@Ph2fEDJ;Z%s?((U0sF5;DXFVXSb^2+)y{|5|bj=lx!zg zBj-q8CxhJ3^6;YUP>-?{ZGRI-_i`@95}!$4JLf38?VZ>fuw{CH)doM)ZzumKWlh<4 zHeKr*Ls8>Jq21Q88|^Y*PyA%FCeqJ;yU9fbr&Xd_{W@24jh^bq9O)C*c;vigOThkR F(*Q~mk&*xa diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index 122adcd..56c3796 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw R+xnmMAoVmaJi9UMYBSX5CKk21LhI9iIionc6Nh8ZWg -eR+OpFfB6BIOzOUeeY5IzmXerCCiqOYS9ZAGIb0UAS0 --> ssh-ed25519 Otklkw HYpIGulRkcfpKhSdb1mF/hbBHiXCUzYR6/b0KspgHTU -1HAtdynQZ10AVgGqh4cw3qDqSh6Suum3zYo6/G7qKw4 --> +YMQ-grease -wyHx9k+fMnxTm1LMDhmmMye/ ---- g1F7i8Y0foxjDp6qbBtjhY3A/vyxM2R/zIQJZTG2F5o -.Ìþ]ÃnéŸå"wjkYd<2Ï{Nš íN 0òÊÿ©`ÈX³¾¢U”sPxÉV)nš£fO‹g¤µä \ No newline at end of file +-> ssh-ed25519 J6ROvw JrDRK2NkcPjUf7Owco978Saj3FlPGLL9RcOW3aSB7Hs +o/WPV/rBvvc89c5qln+XLVslVed65EGZOkQoYeGgvpQ +-> ssh-ed25519 Otklkw fvLeR4YnqmXYGu8krDmCGDLa0Xh+X+HpCTcqodxOtEA +L304iO2/Xq5TJ3Ui8F3EIR0mXVRmAMAleGexBxWoJN8 +--- B71HeCVbIOOnvWXWwMSk0A19qnsE31Lo36lKOkXLQhI +Õ%>ž™TsSŸ(ƒpµÏfA²Ç¼ÛïÀ–ØÀÛT+ ò$´Ûï R_(ŽNN1xL†ÿ¦‡©7ŸF–^V +ˆø¡ÿÖo›pSj…Ÿ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index 7528977..c9fc294 100644 --- a/secrets/pruflas-wg0-preshared-key.age +++ b/secrets/pruflas-wg0-preshared-key.age @@ -1,11 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw wkW16tPBMBW6C6OPU6Dbq9mfk8w1hdTNB1lEP7r3ym4 -oeGp1/oGD5R208ZutBsJUsA+A94hOASnm0JavDjsHvU --> ssh-ed25519 Otklkw AQCgfaxhvd59oOf/nH75WhHtYt6RXuO/U/c+pKemGDQ -Jx5pffK1rX2Yyal+ZvTTGiMm2PsMZQVIRguHpDU2iig --> ^-grease ' -xxEd1+U8pgjgcmgxRJqbLIHNoga8kUdwaSVsypHL1UB+kPAPFIdZF4KMOj7hshzC -vmaUOinUhDiWXQ ---- A5Ig3NOr1MW/FXwh7xDkITEd3o/LU8TxBdrIq5xLsZc -Ce\BN^Ä¡ª¯´ &.…º½+âk°âÇ,ÿØxÃ)T¦´TS™:hòŽª³SN ±Úmgׂٔ —¯–_aÐ WŒž¢ -/Öõ \ No newline at end of file +-> ssh-ed25519 J6ROvw Csza+rGQxYUDFvGEYm1fWXWb5LjLgnm40FX6ji8iSwk +6WBO1waHHHtS4JXAIWyeAglajZWC9RBGiL4s8jD27k4 +-> ssh-ed25519 Otklkw XUwET0Fnwhv6ZT/LfRJqgJAbMo/+0/klLXZPO52/gBk +he627Zlp56L+u55f4OiaOvFbYBIfabbpOIcymrgfhBI +--- 1KjO/MX2lKusD1cGiyJCoo7XNwNGrXkoxa36k2ROPB8 +™c"ÈtÜr Â,ªâíå“%&£ØÛó|ã„j¸ +$> ­UZ9&á…žÖæ›pe£í®ˆAÁaõ¹Ú^oÿ[Zön9z \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a3255e1..88f46bd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -7,7 +7,7 @@ let ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; - stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV1LSH8jeMnXJ/eqhJCebbwxenJmxNoeB6UGrBmRjZk root@stolas"; + stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObI38cB8gTDXmDb5GcK4pLm5xM+nnvGeSfEpB4lVEwE root@stolas"; }; backupSecrets = hostName: { "${hostName}-backup-passphrase.age".publicKeys = [ diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age index ff9d5146f9f253078b6c2230ffce80ac842abec0..ab532e3730c4fd6e5087d85a64162bed8169f69f 100644 GIT binary patch delta 343 zcmey&^qFabYJIquv#*PzLTHt#zfnk`M{rSQmRprsW@TD>ZkmsoQK7f9w^u}HWua?8 zc5!h;N>zv_mqlq&uuHl}V7^;wioa!^o4Jv5pl`O9cY#}OsIgI!Z<1enc9l_BvSW5J zm#&>cadC!jYKoDmsiCEUe@S*ucDX`|uYrY;OH{B+RDDu;n3H9gfrUY(zE_T8PEMtx zmvNPQnp;?;Yeq$8u3;osT9i>zX{BF8W|F0gccs5qT6Uy`mtUwyiLYyNXoYrCXjD#V zkdte0eyIVMuCA^^h+#>Pr9q}=rln_+L6kv;TaurPPjOCOvXQ%IzENh0QJ7~yglm{_ zqP_vw%z&9Y8Qd#w-8=D#@4Ri{hu5E0F5Qv4eG`M?F+RSVrFT=dKa@&M_@FuC--=Jg r7ZmeS3zmMq9~vYj=<)K1+@!QQp_Z&y?F=7ytd&o-`|{}9m+1@uXa9eE delta 343 zcmey&^qFabYQ2BDcSMw zvZZ#AM@mH?S8j4aa;Q&$b6}`%NxpMtNO`7XsF7oYi)mcadC!jYKoDmsiCEUe@S*ucDX`mRZ6h0v9ohoRehjIez`|@cy5tXTBfs^U#XL0 zsX=~TUa?uRNnTEnWmqv+XrM`mQ@Fl~ziClera?tPuu+aQ= zrn!lQccd$quCA^^NnufmcV$$VOL|6$fwxy+luNKnSW2F&kFkY!R91kaQAL!oPgbgT zj;8_Fj{u{toW;%#6aRf#pfUGxpQPVwETq4dEW+m9#n rd^|aK&hvLRzi;nh{iy6V%UtS8qLb>nX%c;ECEIHkl@-O?yb}cgoPmA` diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age index cb98c8df76663f8f4e8d5e50fb5a9ca3f691ecfd..022ef30981a92c26365c6d6a63f8951bb842764d 100644 GIT binary patch delta 696 zcmcb}dXaU4YJIquv#*Pzf?ttunMFWol}S{fdq|>*sYzjuQ$SdbzGGRSubF;!c44`p zp_7xhsd0`gm$_SNQDvf$MY^SNlD}tSNo0Jsk2A6e^O;;xW7@FL4~7ZR7P?# zm#&>cadC!jYKoDmsiCEUe@S*ucDX`@S(sy(X?Q?rP<>8bv1vw{c2#y-q_25)PE>Gs zL7_#sXGNK7dP!!fd3G{ac3D)0qiKpqYMDi4q<@%iMN+xGVO6$YP=ukkahO*`m9vM5 zzGGOad9W*&uCA^^kcYlYVwFXyd%8uKYo2+2XoX*@flH}=k&APMXNbRPmbPb(Z4?}H{XFs7Yu?3#OCJIC~&S#;p6 z?8CmtKPw($ez)|h-&xc4hU&)Pw;cyel3x9hnWePK{Mh<>jyi6ocbCq;F`D=%L*T5N zl8w1yvvIELOW98f<=nRCe`s7{wtus#z+&G|0iLcknND;5MShhqK6U+rt&OPk{(xC? z!sA@E`rgmgdY^d7WT)=TPfs?q7vU#(Ze`q1|> z$IMWXch(m-yga7zqP|;Ia&^EamS5*hf_r}^OoCA`^`UYNUQ%! z&ELdZ8T#(CVAAayr=tAlmPvYS>}`Je{=~s8>!0s?6wp^~z!y`#jju#)v6cu=8e?MQ zg!;W6I~Hx!k~#j||I55)$A7QW&mQ*DUHQVQhs)zDPj937#m7Bg^{$y3Rv+Ifc4xIy wepQm8K}BJ> znNgr`NO^8Cm#<}|VVZtkN?2rGX;z`9OTIx-esZ8|guaDmak@cSo~3ziV6KI?g>j}U zm#&>cadC!jYKoDmsiCEUe@S*ucDaI4My0oJL7IM)MSXd?Q+~N`dPRAXxp{JyrITrr zfqtTSp-D!ev2#Uufq^eqmYYv`T9~;}X0dl@N=cDvu2G(;v4OF7RHm1UcZgSBrDb-0 zsK1Agk54+6uCA_vdtjQUYelA4h?i?%NM34jNLZnpafG>Ja(+>mcCd#%{Mh|+vY#*M%C=H z)~8Lobe$&~OgdF$ZFbaaN7E+hInK7#{c`Hx_c&bHW%w>~^l?{b!B_Tq|GbSJSenmxHs^Ar zKKsY{tS4UZzhtw2WFfa_bCcTk9|ec62F$feZ$JKD%I5O9jD`2av@*SaN(J3ovFGIK z+vkIOl^ox8Xn*I`R#UD2AaUI?t|c(2>+Jtnff+5_kBYyjPy669)n($;E~jPlmTx~A z$GT+p!jqTZGFdbAiq*-UIQNXhKbni__^l50=&vjK*3J1 ssh-ed25519 jUOjpw zb9yidyhlOj2LnVSCjNwq0MBj8Ik7zdT+6vs5k2vdTY -lxFHzj+mUpW8ogGkfpZZWZRPfMp38Sb2GYojBUrxGB0 --> ssh-ed25519 Otklkw G3tj2S2BM+jmGg5ajD2hTIKAWJMAhuHAT4jpFpu2YmQ -XDLRUWirSzXQ55HnWdICzICPQDL8pyJC9SnS9ODwhdM --> v#M-grease -rEp5i85i+0HA+Rx31HR27NU ---- 2Q+j2Vh/Tbv6NYYg614YL1+yP8hff++2zAuWV7dHDe8 -HôY÷¢¿\ê¥ ¬õž˜\;î¶m~qoà´—»®z8•5ÁZ‘±ÁËÄ«ûà̯e9IûÅaä”éY« \ No newline at end of file +-> ssh-ed25519 jUOjpw hXl01CaHYYlY/orHilx2gv0Fyh1eMXgN1NBzV1vSw1g +B35trnqYoFwg0xhw/QPw56N4VjxMyQAlNGyRFKdHfKE +-> ssh-ed25519 Otklkw SRtMspvRR63U17LRd2aqU0m6f5bnpY7kaUl9uP94hhk +e3XD/s3fY78uxzA7YVs4F4LBFYJOIHZ28Odnnj8Zeac +--- eVNBDHFoU3kBN+SE1osblaJ0yWTv1ZOjJEXKtsI8054 +’ý„ uøÑ'~Ê•‹†v'ªV÷Š}nfuE.J«¼ÀóÍ¥À¸hxïI ^«X—7‚øÆY +E•7•®4º \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 7523e7a3e6e10f57997494739baa6e0039f40107..37cb2a54f553d7c132c2a7b6ed743af2d384fff9 100644 GIT binary patch delta 689 zcmbQnc9C_0PQ5`$l8K{vc(ReHg=ukyTY5mcXOLl@XP&!3ctv_hrmJaaX-<|=m8-L1 zBv)o)cu2WlsIg;UplMZ=QBGKXO1N2yk6B1~XkMmgdaz$XiIHKXx1oPZK9{bYLUD11 zZfc5=si~o*f`3VNPIkFMUZO=-fmx(mSdw?HVNhwYWqnmzcA}$KMrK4omak`ea;BwM zfoWlBKv+aFS42>1RdS@EepyaRL0W;UXOyQ)MRHhfW>$emR&Y*IM7VcQQn^KdS)p?= zm#(g^LSbHBnTKygcu0|#slTD6aYcZ$v!hFaf0m=8QFv0elShD~lV47GNLH>1*Quf& zjl;_h*4LNpSezmE+tMlj{!U5$_{J=)`7%=yofX2;`mI%pS1LS{yr|~TVBz>VwRqBu zHQe9#8co;Rbf!^*$LqxD?$vualJe5|oH={ZyyQW*NO?uiV zvVLtew^gr$uXNUwjT-M}`sr9It%$0WGM=*W(l^Vqhi)#r_)V$!w|I=>>#seRjTrh? zp6A%mwSSVtwm;9BpUZuzzw+Ur*&n-k8S|5BgO{|vlU({fC-KV8dxr`f_#2O$cw4sb z=HeAMoo?N2$#eW};rA~kew*5!cb1oL-Zh&2qMubd&+){@=khz;e=uK9xp3l>M;-IK zM*Yj``RwOjoZ4A^J!;GM6qeb{tD>zcG{1#@dAK`n{*j)WP5;?l3-adab$@Tydb(J` tzV&Cg>MWzztDnUN|Jc%`|J;gqWsv>#9OccbLSEMYg4MP@`n1TR2LO?0GU5OL delta 758 zcmcb}I*o0DPJKy9j6PD?e#b#Sb&a<|?{^#(c2#uH9 z&KL@GT?~2YbzUd4-`1J;Vf%`eRRUax*H+AmXJU>M6i?X|BNG}d@G_#J-$|nM9haki zbk_E@rw`uy{$OSE_gNPvuFUwWljrg0Wx&LutPdPFPqv;o!NTIPIQ^*lTrZ}+RYv*G zY)_UPd4E_ZbVdEeTQQehOjfU5^ZEX2jey79(uS4mA&`*Ka7d&KA ztx@s(uzitApJwk`8)>KfMfVK$UrbT$QLboz)pNJR$Sh~|O3s%NZ}VKOH;P=)FKMl^ z+tIZ4*GqvZndfxoKmIQ9W6IsR0@f{dr9QGHFYZ`xeVvM~jX&J-jBgWzS9j89E;~JYRmN zF=WHF7t6MOI=laE?UIEK<}rtVSVq@5Twk9baJs?LQ>1g^a)st2)dHFw%YFu~Ud9uq I%AoQD04mT%2mk;8 diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index c664303a55a0feff21e5efbc94439ac2b7441f74..1e58cc84eaa73f0283d0c1d349e6e0071802ed40 100644 GIT binary patch delta 688 zcmZ3+c7b(*PQ8C|Rk5j?XOx9kc5%A9pL3XVenF;jMN&qIhhdO^qD#J|c4nYOse6V| zGM7biVwPV-YO+sIx_LxVn4epIsFAj7nn9IIl#^Ffig|`>vVVl7r@3iVB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1Z?1DiihEUAMw*{tafwHTXT58cqiK{$K$wM7nQKmVWlo7x zzF%2{r&mZmmybnYV31{4Vp?dKiLbUtp?O3~gl~nmc9w;Ov$0WFk&$mohNWkAKw60b zm#(g^LS})Pxl?&nV4!byNMJy&zE4s`WO7PSSXfk+Ye8y+u}M}$KzX)%c)4*XmzrIy zDBJe;o9d@0iKH{Cf8tB35T9vTBl~Ut?}VkxB)Pb+lONn;xH5`(v5@n5Q>c)1hQ)@)048 o^So0Hx;D9fU(2$p`O+~aY2A~@@-3EfEx0i8{RTBvi6uq505y*tm;e9( delta 774 zcmcb>x{PgtPJM`(X})8!r)ha{xwBVE{ zC$o~`6r*hI!T{3@KVL5w?Ii8U>we6FJj7m8T_e76=|wm9%%rQp{Ex@(-8 zlFjBEyexKn`necare`lVWH&lF`{y0eJnmq8a$-G?gOBUEo*mh_mtSt~mHhL&>}`G0 z^Oenu-Yr~lY^k%}*1$s=mM>;A9@>6YJnlk?0(XgfzzgHrTd8|LP4~{!d&Uxec4Dxh z#44{gy^o zIC0-p&BZ@n2cB3Nd*j3|m-a7eKZ{Nrh-PGDt6UP)=fLqoN^)n5VsFI7)gB(R{o)*DXqJs{WL=Zs6JNYys^2lut2vZI<%(_c znH`STBh!04JR`5SWw!il-Yi%0U-4bLHd`}qUjOM-roV#U%?-coGtHXn%{^7RUU5yO zFL$~6%Jmk)-F}Ja56~nO7Jdq)5G>pmf7tq;rcYGCBH6) XMd;e(Eq_B@;xARGFz;MR zIah{nN_v^4XK0{Xg=KbBs+)zIdrDb^NvNlxhli6%nxji%V3A=^R#C^qicGKt5aSG5@ql$pEBm(s>5zJZ_fJZf#;Oq}!$0B0I`9{>OV delta 368 zcmaFQG?{sVPQ8mqah{W#g{iS`ZgFLL1K<8 z$T~~i^rF()UB)L^e#PS)n&S~@lv2wS7-RoBjx|6CGXM8iodfe)Z(tRr$Ip4 NEQRur`}dRzT>)h)hoJxf From 49722f705ab5bed23a7c304e9a50048e0d65dcd7 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:20:12 +0200 Subject: [PATCH 965/988] fix(stolas): disable GS location backup --- nixos/gorgon/configuration.nix | 4 ++++ nixos/modules/profiles/laptop.nix | 5 ----- nixos/stolas/default.nix | 1 + 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index d34d0e7..82bb694 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -43,6 +43,10 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; }; + dadada.backupClient.gs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; + }; nixpkgs.config.android_sdk.accept_license = true; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 8e0b52f..2c5accb 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -50,11 +50,6 @@ with lib; }; services.pulseaudio.enable = false; - dadada.backupClient.gs = { - enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; - }; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 197795e..8f23e9f 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -81,6 +81,7 @@ settings.max-jobs = lib.mkDefault 16; }; + dadada.backupClient.gs.enable = false; dadada.backupClient.backup1.enable = true; dadada.backupClient.backup2 = { enable = true; From a45a48cf17ec3f45c0a5013bfe991f329c5921a1 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:21:53 +0200 Subject: [PATCH 966/988] fix(stolas): comment out paperless secrets config --- nixos/stolas/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 8f23e9f..e1f115b 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -154,13 +154,14 @@ }; }; - age.secrets = { - paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; - mode = "700"; - owner = "paperless"; - }; - }; + # TODO + # age.secrets = { + # paperless = { + # file = "${config.dadada.secrets.path}/paperless.age"; + # mode = "700"; + # owner = "paperless"; + # }; + # }; # Create compressing swap space in RAM zramSwap.enable = true; From 215f4313bd67fdd6b0312606ab7b5667eab7f2d5 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Mon, 21 Jul 2025 21:25:30 +0200 Subject: [PATCH 967/988] fixup: backup secrets --- nixos/gorgon/configuration.nix | 4 ++++ nixos/modules/profiles/laptop.nix | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 82bb694..16f8130 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -5,6 +5,7 @@ ... }: let + secretsPath = config.dadada.secrets.path; xilinxJtag = pkgs.writeTextFile { name = "xilinx-jtag"; text = '' @@ -48,6 +49,9 @@ in passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; }; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + nixpkgs.config.android_sdk.accept_license = true; programs.ssh.startAgent = true; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 2c5accb..9cdc314 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -5,7 +5,6 @@ }: let inputs = config.dadada.inputs; - secretsPath = config.dadada.secrets.path; in with lib; { @@ -49,7 +48,4 @@ with lib; pulse.enable = true; }; services.pulseaudio.enable = false; - - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } From 77cdf773c0af1726693964fd16e033eec9499044 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 13:43:39 +0200 Subject: [PATCH 968/988] feat(stolas): enable TPM2 LUKS keyslot --- nixos/stolas/default.nix | 2 ++ nixos/stolas/disks.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index e1f115b..3c72921 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -32,6 +32,8 @@ "usb_storage" "sd_mod" ]; + # Ensure that TPM module is loaded + kernelModules = [ "tpm" ]; }; }; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 5d48d17..01cf635 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -30,10 +30,12 @@ content = { type = "luks"; name = "crypted"; - #passwordFile = "/tmp/secret.key"; # Interactive settings = { allowDiscards = true; - #keyFile = "/tmp/secret.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "tpm2-pin=true" + ]; }; #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; content = { From 5f9eac570088bee40057219ad0bd1989e905cddf Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 15:45:37 +0200 Subject: [PATCH 969/988] chore(flake): update lockfile --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 572619e..8c964f5 100644 --- a/flake.lock +++ b/flake.lock @@ -89,11 +89,11 @@ ] }, "locked": { - "lastModified": 1752113600, - "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "owner": "nix-community", "repo": "disko", - "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "type": "github" }, "original": { @@ -204,11 +204,11 @@ ] }, "locked": { - "lastModified": 1752286566, - "narHash": "sha256-A4nftqiNz2bNihz0bKY94Hq/6ydR6UQOcGioeL7iymY=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "392ddb642abec771d63688c49fa7bcbb9d2a5717", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -295,11 +295,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { @@ -327,11 +327,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1752298176, - "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", + "lastModified": 1753505055, + "narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", + "rev": "7be0239edbf0783ff959f94f9728db414be73002", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1752055615, - "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", + "lastModified": 1753439394, + "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", + "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf", "type": "github" }, "original": { From 2e8aa80b706e1798b3744af0a6e80dcf5386d128 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 16:04:21 +0200 Subject: [PATCH 970/988] feat(stolas): enable admin module --- nixos/modules/admin.nix | 4 ++-- nixos/modules/profiles/laptop.nix | 2 +- nixos/stolas/default.nix | 13 ++++++++----- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 07323da..eb37116 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -97,8 +97,8 @@ in services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; + shell = lib.mkDefault shells."${keys.shell}"; + extraGroups = lib.mkDefault extraGroups; isNormalUser = true; openssh.authorizedKeys.keys = keys.keys; }) cfg.users; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 9cdc314..4d02bb0 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -25,7 +25,7 @@ with lib; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - users.mutableUsers = mkDefault true; + users.mutableUsers = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = mkDefault true; diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 3c72921..46ae536 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -83,11 +83,14 @@ settings.max-jobs = lib.mkDefault 16; }; - dadada.backupClient.gs.enable = false; - dadada.backupClient.backup1.enable = true; - dadada.backupClient.backup2 = { - enable = true; - repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + dadada = { + admin.enable = true; + backupClient.gs.enable = false; + backupClient.backup1.enable = true; + backupClient.backup2 = { + enable = true; + repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + }; }; programs = { From cfb4b8d160e5632d803344db61637f77526fa055 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 18:16:17 +0200 Subject: [PATCH 971/988] fix(stolas): wheel needs password to sudo --- nixos/modules/admin.nix | 2 +- nixos/modules/profiles/laptop.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index eb37116..05acc43 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -93,7 +93,7 @@ in services.sshd.enable = true; services.openssh.settings.PasswordAuthentication = false; - security.sudo.wheelNeedsPassword = false; + security.sudo.wheelNeedsPassword = lib.mkDefault false; services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index 4d02bb0..7089f4e 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -48,4 +48,5 @@ with lib; pulse.enable = true; }; services.pulseaudio.enable = false; + security.sudo.wheelNeedsPassword = true; } From 8908833eb36982d9c5e7125b730d74f79e0a4ff2 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 18:22:00 +0200 Subject: [PATCH 972/988] feat(stolas): migrate paperless --- nixos/stolas/default.nix | 2 +- nixos/stolas/paperless.nix | 10 +++++++++- secrets/secrets.nix | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 46ae536..5f7dfaf 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -4,7 +4,7 @@ imports = [ ../modules/profiles/laptop.nix ./disks.nix - # TODO ./paperless.nix + ./paperless.nix ]; nixpkgs = { diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix index 7591f0a..a5fa69f 100644 --- a/nixos/stolas/paperless.nix +++ b/nixos/stolas/paperless.nix @@ -1,4 +1,4 @@ -{ config }: +{ config, ... }: { services.paperless = { # TODO migrate DB @@ -17,4 +17,12 @@ "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" ) ]; + + age.secrets = { + paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 88f46bd..f449646 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -46,7 +46,8 @@ in dadada ]; "paperless.age".publicKeys = [ - systems.gorgon + #systems.gorgon + systems.stolas dadada ]; "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ From 651ecbc9c4a9455196294cdef9b860c669fc606c Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 18:28:19 +0200 Subject: [PATCH 973/988] chore(secrets): rekey --- secrets/agares-backup-passphrase.age | 13 ++++++------- secrets/agares-backup-ssh-key.age | Bin 741 -> 741 bytes secrets/agares-wg0-key.age | 12 ++++++------ secrets/ddns-credentials.age | Bin 466 -> 466 bytes secrets/etc-ppp-chap-secrets.age | Bin 374 -> 374 bytes secrets/etc-ppp-telekom-secret.age | Bin 370 -> 370 bytes secrets/gorgon-backup-passphrase-gs.age | Bin 343 -> 343 bytes secrets/gorgon-backup-passphrase.age | Bin 372 -> 372 bytes secrets/gorgon-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/hydra-github-authorization.age | Bin 426 -> 426 bytes secrets/ifrit-backup-passphrase.age | 12 ++++++------ secrets/ifrit-backup-ssh-key.age | Bin 733 -> 733 bytes secrets/initrd-surgat-ssh_host_ed25519_key.age | Bin 721 -> 721 bytes secrets/miniflux-admin-credentials.age | 13 ++++++------- secrets/ninurta-backup-passphrase.age | Bin 355 -> 355 bytes secrets/ninurta-backup-ssh-key.age | Bin 741 -> 741 bytes secrets/ninurta-initrd-ssh-key.age | Bin 721 -> 721 bytes secrets/paperless.age | Bin 355 -> 355 bytes secrets/pruflas-backup-passphrase.age | Bin 355 -> 355 bytes secrets/pruflas-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/pruflas-wg-hydra-key.age | 13 +++++++------ secrets/pruflas-wg0-key.age | 13 ++++++------- secrets/pruflas-wg0-preshared-key.age | Bin 367 -> 367 bytes secrets/stolas-backup-passphrase.age | Bin 371 -> 371 bytes secrets/stolas-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/surgat-backup-passphrase.age | 13 ++++++------- secrets/surgat-backup-ssh-key.age | Bin 721 -> 721 bytes secrets/surgat-ssh_host_ed25519_key.age | Bin 720 -> 720 bytes secrets/wg-privkey-vpn-dadada-li.age | Bin 367 -> 367 bytes 29 files changed, 43 insertions(+), 46 deletions(-) diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age index 3139105..d710a45 100644 --- a/secrets/agares-backup-passphrase.age +++ b/secrets/agares-backup-passphrase.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 L7f05w ZwPKXDj4QV+9GrvwgEI9vwhwwoHgZlnveG5GwpyeAQ0 -f4iPzhbR2HCeAQ8cUDUqcYmVPoQ9vKMvkFQyVo1T/Qo --> ssh-ed25519 Otklkw 3y/RbwOR4wv6Iwq9+jMSZ1ntAD6G5jgeMx0PoBq3UwI -CyHATiRIbyj+yzVyhh8ccnL6j4I8BHhiBi8l3RV+mKs ---- 69+YwES2m/Lz68QMJTANOjgIPWmmjgFTrBGoEdHuaPY -¡ö«Çç¥ -ŒÞLÓw ssh-ed25519 L7f05w Sof4o2JYLqx59paPpBJWFek1IwCHb4VhuOcPpBkut20 +QNsXS0H2z5NCnKcDuxDVvY+AnTV27/Ijeo/kd12nkoQ +-> ssh-ed25519 Otklkw WZt99A5jBrb7MNqzpCuGiJ8wJ/NxZrJE5Q02hvcVEVo +yYlAifPMGC01CGpke5ABasi/sJ8O4r3+5SyoVpbpmM4 +--- vIe/LRs2QxPpZJUrdOFuTBNanHcMyzh7iAFRalWd2dU +„ü+Ó]§¨GHuU³îʈƒQ&3'š¦Eãg—…ƒžÜƒ©âçZ‘Š\~¼»ûež)Þ 1º£½ý×»Œy§ÚÈa \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age index 67d570eccb08988e2411b3cc47f33ad972613d05..32c7885d624db13191978fe5165a23397a923261 100644 GIT binary patch delta 709 zcmaFL`jmBoPJNZJLAX(+mv>%xh>uIMxodb~Qk9dDad~D=WO`|Cc}7M+c5z;4iLr}Q zIag%3S5{nzw#MRb^JbPpU~+ew0Chae9P7p=WYhP^v*iRj`+%Yn8bp*O~aU zb)hfvdh3H1IXtQ;-ccShU&!+0f~(&;f22ls1(}OUq=lsSP5#NefTfb{f!7IN9+j^x zYO)i)Sou2cpZ}2I_Wb9M3JNN=#PZIW;hnp6!w(a~J@elx-RNDgLu!%o-qdd|Pq*($ zU-RJ9%pl$!Z}puEqVF*6Ve8l?a`MtN&MAxcUpc~d*tm*ayPj2d_b&BYW)iPH?OWb9 z|Mrw5TiJUjzMhmRjZZgZ?|71FcAo7nm)n)^Z3oY@J!vAG6l`| zU$h-v6Z3!9rjM*AVpdEL;E-_CN$P*TvgeXs^4;c8zlJH#8-Kptro#O?orBzcLxbneAqVoj7IbFOK&dhUhw=*%?sr~) z&uxHI>{iEOK_L%(VuBkI?G00s1ZjyMY`gMobr$xFCWXXL#Usd;azWlirGbgjW zKh!_})kTX72X1K!NFKZKF8!_-Yb9S^&rQjF&ji;Mzd92tbIvkoXZNbEs$Wk#?XFBI ziIv%q`uE}Gr1y!@K{GU&%qNR%I_ve-rRDzS7oTfh>)uK3K9IY^G-pc7{B?r;f2V(n PPQ0kBs@#|4Z@n1+MV3OK delta 709 zcmaFL`jmBoPQ9C#MOZ*esdj0hp>b4Rwz*lVi?OMDh`T|)Phw?Nptf_Wzjl70tATH3 zGFO>@V2MRxKyFy6QChL9wrhGuc%qq$d1^pqa#W?aWt3N8MNW2hx>0zP0hg|wLUD11 zZfc5=si~o*f`3VNPIkFMUaE1aV``~Wu5(&JW`>2nMSZx3L9({HpR;$apP5;DmT^*w zi-AkJpO--(mq}8pZ=t?hVWojciNMKemmks9? z{XGU+|LUumFW-IMdZKsE9^b5AQ=MkUEPJr0*|cfu70+vPLUm7NFZ&l2{vc*UcHWoM zokyQ~*d<-uUvN@C{zKjyS-Gy;KYC88v-90*>fW+Qn<1lc>-|4E&$T0-PW|)JFLqI8 z_si9b&$d?QUj5p_eCXDioEN(G(YG}7J=2$qXXHgMcsbiQwf=3S$5O*J1zDPb_VFg~ zYy>C2wtrvrG}L7Bh6{3&-M*Z#oIpFyfjU&^mOTPgERqWFT?&J`Md-n_q-yxl!J`p&b67semt zRT4W@|10+9eLQn@o9nSD^;1`CE6C0jk-xgL_j^pBNrWkT!-VTv z2SjaW9TK&Zcb~x(Y981veym&c{WTV$7~Xx>uIpm5A|k&F*{h{BJKmX-HNj4Os*;LF zdw$5W178lc{CxOq!xvlgm9k ssh-ed25519 L7f05w KLdcD878do/oYEztzNfCgKtfh4QCFmCMSZiapueB5Hg -wnSioiBtYXjASmU+6WUGn26ga6Q3REbFC7DxA29PQno --> ssh-ed25519 Otklkw WstJ3pNxaazVPxNjTx3NsXQFnW8sy51CYoB5WVxwHWo -YOmD3exRcPoNer1y7Me2t3nOtUY9Hc2Oywl5sXMlTWw ---- tCVr+COM2orioyWJZvvwbK4oTlRErsQLywIoCVGrO1Q -‚/ïaÕÎ>0LÜÑ|3ôÏ`.@awGëÖ—š§ií}=ÂKÆ®‰Þ$3?rÃètle ß©Ãb}Cq’£¡×¨²„æU¿ÈbcŒ­!îP \ No newline at end of file +-> ssh-ed25519 L7f05w Nj0zjzK+5vf4YfUxLPNcBBY4ZC57tH9+rEVCv/ycNWo +5Sk99vaYclDFwTnVKB6IOcTVYJ3SGTuLVJxyjb1W4tM +-> ssh-ed25519 Otklkw ogKGpgcz0Gekw7p4LnmIKU2CEdhlkjypRGVZmFda8TI +nkOU/yc7F5BCBRakevYDXyD8akGqYwD67C+9VDxUgyE +--- zuz8UjdxI+CbMr33Z4P5ga1UoRe+oDXzVWgFUhUH1qE +b#òs‡ÇPàDFúú%¨‹Ó|åUùŠ›ál eæ9f_üUçZ5œoÖeeK}M`a›Mª!ü5R@j}ãéÓ~æ°3ZÍҾ͒\ \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age index b306c21d933f5e38ebf3b7953e23b8ddca3f81f3..e749a1b3c4d67f7309b01e4da0d18d906eefa50f 100644 GIT binary patch delta 412 zcmcb_e2IC2PQ6=MWNMB{nU_zFv!lL~Pm)EINuXJYV^U#hYJpF_rFK@4en`HNSGlLN z373gaj)`Ykh_hd1Wny`xWv+j6s(+Y=er1?Zk#k5+vT1siWm!;Ac|~fGCzr0BLUD11 zZfc5=si~o*f|ps4e_6SLab#AcueoP=rdyzUkc(@EnVXYqzL9@!s&}A8rlV7YkwtNO zcA`l{er{MgS5R(BV2Zz4hEs;CYgL6`Mv05FOJSZ_s!2#iUS?FFf3{&(dXZB^h;u>y z#E;_jshOE(5hmFg&VH4imJzO%M*3CWWte<{-MVH5r!G1hQ4VQW`&03+T|tgK|Ueg#^DB$23eMYT+6I?Es5&Sy0A^-K3Cnl z*76-!cd>nXasSi3avsmm%OY3ZeQ@uOa@O=xy|$Dop7R60-iu|G`@hxa@Z*WvPdK=y I1*R(l0JM&j;s5{u delta 412 zcmcb_e2IC2PJLpLTY$E!qkd*aMX6C`T2Pf)dX{flvPrgOR#AqTwsxssQIKa!VP=wX zAeUi)v7v>fYne%^M^2eXxqDhcPF00vx@T0erBhNtSWrodk5i;cs8MFRE0?aFLUD11 zZfc5=si~o*f|ps4e_6RgW?6)Dc0h4%pixjxVOWxDq??~vQBt;HSX78nn5V0&eyM+C zPGWIMszpUPSE+Mil4DwgrKeLwTCSIuX^^&2M5Sd(RBoVlo^yIZmXlwEwxxfnzE_3o z#E;_jIr>?_!Nz%+u8H1Z`9}V3C5CR{Zfg?DOlj)#|5M81okOR}MH zIah92Vw!fSlar5GVxWgjNkLMTQ>CdzQGHs3OJrqYdPY^Gsc}_CNJ)6M zr%6^)rn8YNSCna*n?ZzGxnWj;d03QtUSd^5XpwWekyn7RWpF@JNu+a_k8ze~Xs&ZM zm#(g^Lbj`^kxxiKR%n)IXjyT&Nl|f5QC3EBM3}R7L0WQ@QMRdten3z~R!C+b*PC0B zCY+nM@A4^fJ2<=ftXBG|vy7~>|EGA)K5z)ap|G;-oF3bl2FtC1E diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age index e3ea72bcf1757feb3e73b5893be562449a0ba3f9..ece12f8c5e37605e00319fd5a82aad16c3ab9131 100644 GIT binary patch delta 335 zcmeyw^oePLPJMD!MnQg9d5N~RX_S+Hc&=MeQl+WCadBj5q(OM3No821Sz)nDv5$7R z1y{PKzQ3V!RkD+NVqRc?zq@vxw{~8zc4b9~d4)-SMu~f_Q@N2*m1$X2D3`9CLUD11 zZfc5=si~o*f`3VNPIkG1Ym~EFYMPUqVSsl;MwnrMYrSVya#ntJxJN~nS-zu*S(&zR zSW={OhC!eSSDtsVd0>9Be@c#LQhsD&Nu*mzo`rUSyLXsZQgV_{Np4Y!lc7tpL5Za+ zm#(g^LPe=xhKXU3Uy8nmp`VGidqt^1iBn~imw!Z>er0lsd3btYRz+rcnx{uO*W1Z^ zmhRYa%gw`)>*?p((+QG)D{7B!o4<^e;SZm7%cgHOYg&2E{SErJ&!f)K^RU}|s{o0- jUAY{mKA-XGcb~WWbo1YD1|bI)bxeQyRj%Yp&a&?S%yEBV delta 335 zcmeyw^oePLPJNb%cZExoerA=0muYE=dx&RlhMS3}MS7}JSZTOvXh~I6phDwwY^gIhU@TLUD11 zZfc5=si~o*f`3VNPIkFMMS6y7x^roMsaIZ_Ur~}*R=u%PVN_PJwwqg(U%7dDet3$7 zON3vdZ@yzXS9xA(gr}o_WpZU!c%Z9!PV5p^UWL0n| zm#(g^f~QAdVO2m#uvbY)mW72^SWr=fPld5(q<*q@m}^mKNkK`be|d0FT3NCQmxPVE zscm)MYmcqxT8>>;NxXJK%W!q(dc%3j%PxJq5n!QyPvWL!g3pXi=D*(Cvwp2LTW`80 iOfEP!<>~J1N$KHlJTwB*{`L#LtJeB<^tDb>BL@JHy?XEf diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age index 1ee5a873d11148b47401d58a3c9e52d3d6807191..416b011d4f1dc17d3442427c915332a46414e481 100644 GIT binary patch delta 308 zcmcc4be(B}PJOvgs-JnTfv3BRf3{;uiE(P6VWEq8vA(aLS+<{VmcEmISiV7&x4%n> z0atmbr%$}hUlvkRwS*E9ZXjFhnR=R$v zZ<=d%s%1nmSEx&gr&(^2eql&zT47~TMMRKec2;NqBa8NN8bhMP;Nb*P7Xz zGkC&Z&eQegDORj9J__mVpt5AMIY`#>&Ey6^?ZCk?3=Hl0`G9$odADxcEua^Lqo G@+ttG3vY7( delta 308 zcmcc4be(B}PJO0-Zf06(fPaLAV_;O0K~}n1d1QErWoThoVNsQ(fxe@8c2z`rZbVp4 zGM87FQFw^9xtYE}mXoEIM^>(jdyrX_dx(i?Sbng%iEDv(N};!*iEo-?D3`9CLUD11 zZfc5=si~o*f`3VNPIkG1r=eedriq7VX{t$ipr=J)X?&lbH$~8ot3E(4FWDZ{`@-N5;@u3 Go(BLkKWhsB diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age index ec7c98de8197f0e8e9264bbccba84a026c167fae..68cc452398bcf4e902958dac2ed5dac0e77bad15 100644 GIT binary patch delta 337 zcmeyu^o41HPJOUpU{S-q2UR*{EyWum@$T2N+)cR;CE zo|mhsx36n4SGbo+Vqv~-szp$VnMHC)WmdAGYl($len4V=u1i>Cwr_DjYI=E*Z1 zm#(g^LV$^BNnufiQ@XcVu5(CmW}dG{Sz%(OX_B!?Mp=n}lz(wrfL}_nlVwsmSKo`U z50a-GIJ|r~B_4Pc&KF#ne&pGa<1ec(cvk4dpKFkj;**!0dX=?v%GV?V`DdIA`eh&g k+5WUUTu`?y%d72_(BTa#Q@%3HoS7EJryk{9cdX$X03}v?B>(^b delta 337 zcmeyu^o41HPQ6oJnPFvddP=fOVr9N}W|l#+VS$rzv5}{CfmuMYWwC)-u#>)@Q%PWW zAXmD1kwJ(@L0O2gdyal(Mp|iVR%v=!S*dGPQjTSLX+d#nU}>_pTb5acE0?aFLUD11 zZfc5=si~o*f`3VNPIkFMXi2`gS#g$&cTs^yo^zUqWqr9%VrfK#c}A95YIt^LsZl|( zv2l)9Ns^-pmyvm8saaZ-t6OBcQDK=|NkExvkV|NRPne&hzjOq8ws~=YV^~qJiC1P;q=9pxNma00HkYoQLUD11 zZfc5=si~o*f`3VNPIkFMNL5~uxxR;UQASBnd3c&jaeZW|rE6iRN3pR{ahAEZX`YF( zc6y|bqh+`+SC+QBQ+P#0esR8+W1xAVOQnUIf22=Hib=AGL1w6FT3VI6b5)6Fij!qB zm#(g^Lb`!|qLX)pOHfF9zHf54NnWC9x=Bh!l0~^^WSXyUa)6t6szsu6v5&JS*W=hr z-xjgvm)6(5=g{I?nio}FZg}R?oeaLPx@Eop*QGMYlbFPWc`Xy|S3+(ev`TE!>lW z*flM>5~ebDZrt`u=lE*2t*md0-4=2``R2SYLHgUDg_bfu>UWf%o7AznvRqHfrJ;2} zNz$Fz;Od2vbCV@}_GfJSi}qaDy+LW}!&7UV9&GGhc6@1K+3(2) zJ~w=>J6!uZ-|7vA^X}Q@?!ogdwycOw}QJ zF0=1foO~S0Z{BI4rM|!_WzF9!yMAsi6*)F_uE5U~8MD)~Ub-J>4Smrfqc73=->r<8o_q!YUcUv-89d+EV!+9@9LpZMr0K?QN)c^nh delta 689 zcmcb}dXaU4PJK>6uy$~;V}-wqg;9P;X=+G7QlW=uo|loCmzQH0lY5F^c6wx>yK|+l zucxJNWo~FOSEfObqeZg0cAXuiXe}0|o(b5%97u`J`*t%FpLRoS9 zWAC4}iZ^C!Z)>Q{*UAa}JA3+?3ufGFTqXJ~Sq)Fid@LzYs=w!&aHVjqbo|q&FXTBo z|0;-XZ*!Nspj&LaZWHU$9R06{-pq9K0-=)2F#VeTV2(@o!@*c zX7<|Cn?vp!Sw_fQKAz_`C+NJF*V5%lcl7>02$gaFC?0CJWx{6PnVt=qYqc~xo32F& zN~ksZ&SjfYH(@8^nk7@~FWr)9xye3RV~T#t(^Sz{p$y+ltFEtnRw}3YblcsNKkpjy z|6qL=eBCAE;^}3gJ^MQT%n=newCLNO7^W8?+R^+W?3TC5qJQ@f@XopB`{3gV^U_eR z8NrbX r-`#`@Rd;Xf*`~qqZ1XSe**B~kr_B4bO0f0n{c`ovmW++t%;HJ`!h|XS diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age index d61067028612eced2b1a26fe4c80f7ffb9c32234..ef32814975a317ef885fdd1114fe2d8f4e8a41c1 100644 GIT binary patch delta 392 zcmZ3*yoz~(PQ816YMMc~cR^95e@ddEc3{3^zOj>2nZKL1n|D#Tzh#z-f2L2MhoyO5 zF_%YpzGp;-YOZ?>sRp^K-FNu^(2h(%^jNmXLGYo&>s1(&X!LUD11 zZfc5=si~o*f`3VNPIkG1Pi2O4c6Mm4nUhPpv$wBzQoWhKv2#d7MWl0fo}*`&evqqq zxq*dQrLVCCSFoR_Nv3guqfb_vw|7XCm%e_8tFfDxbGo}%etN30VW_J|zDs_wvu~aW zm#(g^LWH@gVXC>aOQl(Xk#m4=q<3JNw~4oQfq8zIkCS_ahjUJZyHA8yuyc?J*Sh}s z*KP9kF4wP0&8c}KT*}b$_r(cCW|OX`OZ;bDD4bUlq_D*9!2Yy=Z@v=9EUz93L= zGqmO4i|^qZ!W`22^%pR=TVLI_vPCW;@z}5Ox65;~7SztaI5$G6h~L9a-Sg@-?&#$& qOgU!0-x0p5e?hUOxP5R~Ovm+wr<44mmbeJHGQE`k(9|EpC;KoI+w1ULUD11 zZfc5=si~o*f`3VNPIkFMdTN!KMM`d>xo=>gQMjXbMtzB;dt!E$afFXiacY!%X>m|- za(Pi!a*A6ySGG@8a9UEPu}4^WvAMHTfrq(aVp3?TzNcqNVzzsfQMh@Pdxm*vT4k~$ zm#(g^f?=wUi;rulrLmiSYCj>Yfh3=vO#$$*B7_) z<*LFia`oX)>P~K~yw2gER(;~^hxBd7vr9Hvuw3yw?OUi{>|~|6R4cKq=KP|sEC%W} zHkM8z=@WK;m*TA|iTw1AXHtON#)7|PPgYiG@$A1nc|TK~+3^L>4%gmpRC(Mjdb3*B ptXb63ocl>tvCX3daW diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age index d908a11..b4e55eb 100644 --- a/secrets/ifrit-backup-passphrase.age +++ b/secrets/ifrit-backup-passphrase.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 yMjj5g JOFZJRGtrC1G4btVZ/D/XiKqwqSrpQpOiI6UdfFE+no -1GBByaq2ojp2Xm+FNsIXm3iNcd8BCIo6uBThZEne8/E --> ssh-ed25519 Otklkw Otqt6BlhQSzreJy5NlCTo/9at9stWnlVN73zNi0xVW8 -5aUfPsoYZEgc8PJXd41wtpeETCTe0LtGPxqAm15Pg90 ---- h2S6vdReOwpqA/C3kr3rnuSeaWKr+3Nvc0vQ53WVNHA -*ÿž§O%ŒCÉ\‰[›+¾‚Vzøë¤/GB e3]<›ç È¢*kO?1·\ÄØð¤iÈ%j \ No newline at end of file +-> ssh-ed25519 yMjj5g pE3otZ4+5k1GxhoU7FocCMvcHZ9PFzTRqRYiVXXq/H4 +aKCBiwVwbfetSTRaTJ31iTRsvNnbm2JYFQnqTOgCyOA +-> ssh-ed25519 Otklkw jn4ZUyWFIeAt+XpxmlqckovK4/jit6SR+Xaouv7gfTU +8yJLyWHk1m9KInOWozqRWXi3kiirgQ7c/ONOwgHk/Z8 +--- 8TS+ZFZfHvgcgOYBE3nzSxbCCmCOtqPWyldlegSu6QU +§…:{ ÀÐ4~ÀNŒt¶XRlÁØ ’‹=>$²¼‡8DQ @êGˆ‚ï1Ú÷ å”FAOÑþtΫ \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age index d7059202b2de26c9d7b6c2c4eb86f181046ab2d3..9d2879cb605da0ab76611423aea197bf7358c368 100644 GIT binary patch delta 701 zcmcc1dY5&APQ67?xIsmpXJCbKN`Q~ElY6CGQet9Zl~Jm5M3F&hm|IeKiJwKfL1jp$ zFIQ!iNqA;*iMyMrNwTGDXjV>Mfv;C)T1iAkkz0;$N})+upkqj2Vw$gaD3`9CLUD11 zZfc5=si~o*f`3VNPIkFMnMHn)bCq{_R8p~5vPY^@S-roXak;ms<@X8|!C>eyiK5&Z8bC#?#Icxc{$ZgI`i?{pw%mIVZe4{9%REZMEGlMt;t`8WTj> z{(UsuT5#a1Oi}Jt{Y)=qpWtmZsSJ+mCrZ!CGv8SAW#2USvc*jY1E**@$gIDsx3%O@ zdhH0$v>qFs{IK>j@AY+J`&th!kTd-495~r)nd~T}`<;y0C%zCzz$o06t?F6-?LpOUua zd2<|Jy3Vab)ZuIs-vXZEh+H99ZtT5jEW`DbzC{;X9C z#eCMzV?VmKDEQIeMHl4S`t)*km{;4cD?jC@a4J?dZK1Q(xfRQHy)zUkdYOLuiB7B8 z+3#BnuDUFq|L}$I;^5?)tY?FF-ATMK-KYCi#N^a}=WF-8t0{SDAK|;3KirHzf7!`D zuO((KayzpwqE*`?_H4z1-tG<6jE-BkMc3`$XTEIZ`RGY;XaC+|d>(#*cS(Qk@3h)e E03m8H#Q*>R delta 701 zcmcc1dY5&APJL8SZen6km|4DYuBTCCy0LeFp}%*oOOd5{RC0M(ZiK5_d0u3pr9pVQ zCzq3lzfW>mR7RFdg@<>xV?nV=K(T3fl)s~)xrUq(){ zuXAp4m~&`8SGY$}ns<;xoc3VafG*Vky}NHb56ElrG>YPd9ik3PJzB7mzwRK z5UoBLk$Q9eic1Tw%;&$(&G0d@N0n9f+sgTS+}Og;31`mVdHR|QFY8m=oh-%PI~9wk z_ZF31`aP?;SH!WbE%LBzzU)=s>32d!o0My`>>XRSr?{sX#~7cKpT|41--p|&Vu#es zuVq*4d4KcD@wYE|!DsK!WzYO)E3-kJY6xH5Om_{jIoes7qgd+~p}+Gh2YGxHmkcuin=G$&`n zuFsD?R#|+UbM5aw5rtVog&8TQFDoAMSQS4{*Zq)d=H7pE3VSW4+?Osf@ANq)t#L={ zuE4BAVy=qObqX#=>yPN{lr&hg;L=a7z5fCQHy!bxcXgF`+NH|>w)4F#c1^ynWjIqQ z_3kNulLnEaD{dVY-@Z1=_p*@j(%l(t6V*L+ZhqWp`k#4GhUnYbt=i8+!RxZPOF`Stl%i+8fm?Rf3YwOYN{EGW-7`(>sy z*X2F0+V-~};s}0See)EHmDHUlC&lNj&1^rG`t8%TqrH09Z*A?qe11iFsYK!JeTD$m C8zNf( diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age index ded499016d73087d35b30f46e0eeaf6d2caacc57..36c4b0c9e5804a35d70aed58a226074e53afc21c 100644 GIT binary patch delta 689 zcmcb}dXaU4PQ7bDp=*kdxxZhiv$t=QNq9!CIiA#8)iLriwo2iAjt3i}o zHkYw}L5hWktC?wbs*i6-n2EW+fpJkmrjK(~lt)r&hP$U>rJu8Fq-%&pGMBEMLUD11 zZfc5=si~o*f`3VNPIkG1QITdtpBNT5%$ zkDp!SH4L>dAN~xYF=h>q)S<0l5@UEQBYx(uVaQ`riWvgyFo^Ja%zxwN=kkx zm#(g^LU^T1VX?D|vtN*lMNXP|c~D|`M5(u*YekZgv!SuCiAQ0Ed!JmO;`N8z=t)2Dd{XhGbPn@pmI7yDh zbJBf|y!fpSSrabbt$OL|y(D~nY3dc;B!O|)xHT==tMUPpj^Ri#c`ug|1JQ0Srmpb+x+%5Xr z_sc)dowqi)<>{Y!x9vsrc{T3F(r|gc@Z!Tw8>h$w_02HM5Ie?x&twDcsVhqL5&bMEhdwf*#M#pj=nz2sVWl=HkpITn_s7LGT3*Pk$(!aYU3sNTi>cw@F!%d1Zk`X0dN@x|egH z1y@#7s;_66pHsPIYKgmfL9wr?i?OzQZjnK%Pei1vMR`taiwWMm3y!S zm#(g^LPcq^i-}{UX>ov2QdU*AMPinpNpgC)lYT~INt#KbQL(deh>?+3MU{mCmsrKz zC1+}i?$wt}?T(tUc;>c@>vofvZ``|_xJI;Z&5;*xC)R6K>VC|!EIqW={?nvt9urAL zqdUnzb?)7r$b8H6Xn0-8uX`HaZPV>ylb`2G-(ySN{9{U@Re{Zl9jokP9w*$9S!={A zd0lu%xRg2Hxzy5dQQ~Q&%WG61zEv$EwJ#&2tgO&FThWd-^5B7RR&Q`l~z+#C{ zW8h5ZjrLY^EV(>I#C18FcWrwi!_Sepey>@b4v%VE2G7pPc1hjaOZ2Yi=`B8W`n%3) ztKvH!eU9IVNb|Bu=B_+uW_8<&|N77Vqav?AGqX#l%({B@AJa_!d1s!a zaN0Az=!;*TsDv?JusSAJ-@4?ZkIYJ`N1K$Q?@8y#$KUa=DB2)Z%lF=R!-DBf+_zWV zo>J$r^OQjS%Nda$PAr|Yj_cI&O(&NsOz#tWJa^UprHA>d^ViC3t~1pPIrih$nqR*b z99n!VqF}~sO|cU`dlv;;W?Fr(iJx)!+v7Q<%1g?2?s#r9t=o;sFKpq=D-E_HTJKIe t?N=zCl ssh-ed25519 jUOjpw sM3nHEEUDrSNaDx2kl18pqwabNSVj4Jbl8DXRKpmhjc -pQDiAqXXAxheyYa14lEGmOFs0hrMgJgvU/ChpmZTNVY --> ssh-ed25519 Otklkw 4hsEjZuZu32qujYfjP6XXbeEqbQqkN0AgO2lM/hMomE -e4tcDQ1NSd78ob9QNKdOOcoov/xbW0DzvOKCkMGM3HM ---- 8H+daxTtO86AApWyBd18ju2Mwquc07I5vOH8Q8FVsmM -­$0Ó\eg؃#‘>Ù÷ lÕžQŠQÆ Æ[“bœ‘íéËÀàu·½üð,Zž›5 -¿É ´é8߃Œ_¦Q+Y083Ø L*LKü0»²ƒ \ No newline at end of file +-> ssh-ed25519 jUOjpw 6ThewcuTvg2mn/jC1eqR0KFDXdN8G3JIUBLLiBabkFI +lstfGPvJgaUOp0jriP2nsi4IvgwRjs8dnRye7+ihD/Q +-> ssh-ed25519 Otklkw N0ozjfxbOBq7EIvxP4TRa2XyMQ8fINCiHjK0MFq2X0w +tEeua88G2aN6REaUN6xTlkRLy0GFgNfj7v0VXhqddc4 +--- N9V7UfSDvrOAeOr3MRXiCwIu8JJt3NSL3FrGyPapLrM +E"K?>V¾éÄb¦ñXùåþ”àždgð!„”ѹÁÏ) BØ ÆßfÒì\=½[2L x‘°Áw¤Ýæ•ËXH*®òõl…9w¿½€ \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age index 716f621b44bba11e2ab533e5f094e847f7b581f2..6b89f138fb608501c4fdcf85daeceed46688e0bb 100644 GIT binary patch delta 320 zcmaFN^q6UaPQ6Qxb5**ZdzqzUT1j4DZeek8UX)u@WR!1VR#=Lsc0rPJR<>)nk6DJ1 zD_4+{t8ZASsiRLyn07^4ezsYOrL(hBepZ@iMp95gV5WYRwz;KYfJbIxI+w1ULUD11 zZfc5=si~o*f`3VNPIkG1d2nE$zpHDmn_GFhNuZy73SAln7u0?2$lc%$9c0iGdL7`=Vd2W?^l#6zur=NC`hoec9x0hpDfn`}X zm#(g^LRgBgXSk(HlAC#QqLGV!qCuLYQ=mHk-aF$Hq|+_fak}>1*$&Efd|+B5wdVB?|eGWW|n?ccz~%_nyF8cSGH$qMuAb8PkB&Qxu1c#N1>Nbp|-w@1(&X!LUD11 zZfc5=si~o*f`3VNPIkG1d0|+Hp;1vBOK4^? zm#(g^LWZ+vo_1U9LsfLE>K6qwUY~L8t;JUcuHH?p z{IBl*?D(xMA0j{d=Zt6b!uIqX{9JVK|D#^v8|!8*VVYL&+g05fW^lN3iGD z3kt@yi|)AEx7j#DAYb-p_}^cwzXSOD7Ccr-ylTGv%!ic|3`}{BTv@biqo7P8w-SS~ z)wB0q85R0vSrV4g5v+Cf_G{ycnAa(bbZ1_FH%H}ElIV;OrpvD4ruQ@UCTdQ$6tEAm z{j}9-!_nw#-!9B#P@eF%ZRO;{j|{h0q+6^?(b72M!tlj#qxrONib-48`)XYtX6%Yz z(V@9qOqloM6qj@bH^ewxfZZTP2o9ulIKkZM{>|=7eldSUr(Iq Na_3mR;%PU>M*yPyHAVmc delta 709 zcmaFL`jmBoPJOAjpP7GET8>e&iAzw9pQ%@2cBn~6PNjEckbZemYJNs!xvRN_Q*o4Y zI#;lMq;p`JSE;MNxr@HGpG97|Yni`6riFn|uBTT>qEVVuR(HTR(N2EXI^q~aB-Dyp-*`} zm#(g^Lb{28QL>SbdxUAOc0^fOzO$F9k%6OsfO)=lPH4VkU|4dLTUn}SqGh%LSClO` z$E0eGkb3d-uwU1>cV(SnUU&Y1O!)eRv)-;YJE0+vd*kC`yLZPvww|t=_C0Yz&xiDa z>$a;8Wi_mSd%yFoRfcNEls#Ej_TF8)OlyAGjhxKw;py8J`s8hKn#}V?%)z;Ep z8ohjvSM2vY`=UO&yVUHHa#4%cFY{7fKlz5}_SChwCA~X; zGTBP%^ofs)PN#i8q28|BS+Qc-WGmiFHX#kaoG#=)nX>20e8%GsAI`B@=e6wQpZ_P0 z#ynHLH|Ijp%G28>tPo{VwObU}7pKWNq-G5z&WS@ diff --git a/secrets/ninurta-initrd-ssh-key.age b/secrets/ninurta-initrd-ssh-key.age index 9558a151ac2ff36e9f70a61c466dd8ae766fab61..bdb981ffd84a56374217dabc719fb9317f016f69 100644 GIT binary patch delta 689 zcmcb}dXaU4PQ6KaPHKu-MWTD9OOCUJQ&?$wTCzn%MU-=4S(ZtFe{eyGXJ~Mlms?^; zIhSWhfO&GFw~N1TlwWX4sGmWiW1^E=qIZs~nMIyYrCC)*c(7+mah|bXHkYoQLUD11 zZfc5=si~o*f`3VNPIkG1aaxH_RY_K$U#VMFPI_{2a(zTaQblF5L0MRtk4u$%nuTMs ze|mnIZ$+Rlm#KeLNQ8eyP?^7JahQRpSwT@^VquD3j<$tqm8WZEn2C>{TWDs!g;7R2 zm#(g^LT+TKNmN#`r-?^yxqeltQ?W}~N=3Pset3F8NRoSUs(-LcVp@KBR7FuJ*S0HD zQe*#zeym^87_Jd}qNn_`g!8wmk_^X3F}AyerWMSnzOkp8qhF!g`gEW5PBWPWi{|~C zxXC8yam`Tg$#EJSO;^73DSS$HtIH9CFwbP3N=>aF7q!2t zF|*G4A{l8mZ+fs1mqG(&` z7sa2U3>Eli;;WDWu_x{b;0Fbf4(16GY@z@TcoM|^2_zbOx1VXZq1hc zQkc_or}mC~?ds){e}k0&oyoV{3u?(qnI@SkjuqWxmmd zCs$Z-PNadiL12nOm~*hZXOW>xsds3qVOC&}nU{x2im^v{g?o5jwrNFqD3`9CLUD11 zZfc5=si~o*f`3VNPIkG1k&#b$aH?0bMWvBpeo#ezPJOmdd4{8jetuL{kbY5yOL{?B zZlQjKX-;K6SCK_&N`SvhvQc40fM0fGx}$GSv2kI#S8|qqYGJm4iEnV8c3Eh?TV#>} zm#(g^LS}kyM52*}zGZrjS+Q|IPDWHfVybVlcX3!+PI_*7a0 zuaj@T@LpHU+-@^t=7gZWl_F0z)oiFykoX~A@ncfzeKN#$Opp7g0 z!MDGsx+q%)#e)E$Nooq`*~fjNft@?ewDFmO8N2`R?Cn5H@^O> zuV`)`|CMDoyfxoEQcddGQU7$){o9u&=r&!<4lVn5{;RO_J%c|lc3fuoq-b@%>-ioR z|LuQ`(~g&&lN0h=5TR_i^Yp8|X4`r-|JjQdM=`eczkQmKKD+s zch0KnfDqq9F_KzM`|p35pHv-T@apCD^amd|>3$B=p6jV_^ui+5Wg4|_C*~dZ)9PHl uxQVG0)GkUsTW;5q=XSU6Dt diff --git a/secrets/paperless.age b/secrets/paperless.age index 9de2ffe698260b627b099c0e0b0217880ff6afaa..318a9f94cd6d1ffcfb7acf155c6c3b114041f4c3 100644 GIT binary patch delta 327 zcmaFN^q6UaYJIquv#*Pzf}e|%c9da8LAi%cadC!jYKoDmsiCEUe@S*ucDX{Ok8f~VW=UF7M7_U7VNhYBSGjjZg_%W=fuom4 zaY#|BK}3$9QATNLN_ZrfS7d&=dr7E)k553dSAm~pet529psRs*WwudehF@+)QCND0 zftRmaL53@ruCA^^fqR94MOKDIq?fZxs%u%Md1h3iSwTcmPIUwVkIWpnT;8Rz&dOXSALi~KpBPi!_xN!w+wAx{ ZtCfH4zO8V7(jaxn@B3SaTi(*lH2{c4b^rhX delta 327 zcmaFN^q6UaYP~_Ce_~R)LX<~wUX?*ad6A=WnR#hawr5bLX-QUPsGEC~xnHGwQG}a| zXH=55e_*Hym#aajMM-#|fq%JcmP?XZa6n|1iCcadC!jYKoDmsiCEUe@S*ucDX{bg_*BeTBL83TfJdLScI>6T1kqjcD7k~g;$Vo zg?T`#iE)8*QIKgwV1_G~r+Z#XZkV~FnYUYoi&w6txuK&+P@qACtA4qAa9%-_xptCM za7C$Kut_MFuCA^^ra@Rva-?T|ewu%li+)~aQDjI)x?hS#kylVvdPuT%fkBpwlXg|5 zX=x}|gG1m6g_?8Pa>Y;0s(-C0?+aP>yy3Y48~b%5ZS57elvnO4Ui5d@spAvu7)ryG a{${Z~+Rb-w;@Rj!YHJ(~(vSab{t5uAGX5pve`ToX>0C{PB?~?fd`Kdn1olSn+h5MVE?{t{=;>6S8AvU$@qMOGVnz T&l#dWzUDrO@N!R$S6~4EpCNPe delta 320 zcmaFN^q6UaPJLO4tEE@6ce;6AfJKIl1hDSwIMTWUy zGM9;SSYl9Mig%)SVpU2}ZlZQ%p;?YchFh3dP)3D$uBCTml#_p|QI?xmB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1tFv25q<>LRMwUlrqF;tvc70ZfOKO&@b6Rd@NN8oEe_lzB zxpufyW^uSLmtlo(POf)Bl8;xozFVnDSfHPCmcBtmN_M4tenD|YP=-ZTnWIlcWJG2$ zm#(g^f>CyMfth7meppqcYe__^XL_Kkk*Rl}Q&?r9Q-ObefvJCauB($vlwXl6SL1Od z!-wls0xbJBbp-}-F?n`pBxkplnf>^(o=tbcDUKsYqE5-mSAAeR-C3Nh&F}X26!YtQ SU-lefxYkuEyX1$8nLhx9rE=T= diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age index 0fcacff217b502d9ca98d0254223018dbd665815..57e57c899c5451bced9ccbc208933dbc1053b44f 100644 GIT binary patch delta 689 zcmcb}dXaU4PJNWNYejINvwmTwepyaJ`XdRi=+&a*#)cNuhRWTAHVc zZ-rrCc44^*SE)r-Q9x;OYI>!=V|J8&dZ~|#Uw&#xv9FPSaiB$Bp|(e)L9wxUx@TB9 zm#(g^LVmHKbAGl(a8X5el}SOMb83#Ud8(_4pJ$MhcAAr`o0+zcMVgVhr(=>Q*R#Hb z=g%|quC4#9#@%atL$Q4E>U|c^=0)FozD2s`#Ak`EKR(;BJ(iyE|GSXRA1BMJq6c3| zh@Lq7=|$+~3daN4wFkPwrhb&ueyDQxT)XkJW8rx@C--sgWdBtC;h^+8T^?n&wVu&Q z29uuc)Y*PDx*+D!(?<=}KO3~ZF-Ly;f4QUZcGZsmg3?n?Zmjyl#=efJwJIB?hK4VRtN zt4)t?=cJ0}uZ(T+eX_~>LH&{LwEQzmmfun8tqZLTJ{tQk_phn}r>BRVf@t}>h@YWd zSNdlhI`Ca(Vfx$mw^Cg;OxP05xA|w=XPsp?C$xPmZw}Vpb>n$Vh2VyNCL#}Q@8+~` zI_Rn;^+tK=fH1m0`bp;n0QiA5DgXcg delta 689 zcmcb}dXaU4PQ6i?ud!#AcTq%vS3zQ+iFUGuzf*ZhaG9^ClRu0L~>D-MM-X1a!PJqma}VyE0?aFLUD11 zZfc5=si~o*f`3VNPIkG1wvk_QNqSOMVW_J|S!!rdaD8f2c(#W}aBzyRp{09CnNw1z zdzxEnMWkCcSBY0}qNho2R77xIu)l|qzLR#IWu$LNn3J)wrB9WUhl_q{dWvDHTVhc; zm#(g^LWG;MxoeVPuBBm~XH;cGNr-DsWLR=yKuB_8ig{vjW^!6;p?+X+nO}(sm#*IT zBiYKLef10${jC4iSbr6~@_+vFTUVdNpLqN9kLO+JTA z6Bg%3JnB`-dh(;#fXia#s}-U4B8OQ^*V%W4o>>3jbn(1jVf9`CW;_PFo-NoBAmKeh zOCYwn_pwfhBgrrzf}EXn>v&1UugNrO)k$jf4+a~X&Ep6U0YN;uWfN;xG%_aO=gZRqn0ys zn9&3K0e z|1{T1h)0yAF1-7z%k^zT&2Q_CUS>7x4=xXBeej^W;Z?JFS+(eNg@z>pQ@r@rZfTx< zKd>WMuJKx2ROLs>gAJea4o}^tm(f05^{UV^qpwq$*BPB$_ON$vMXgD%Kl^(vpO@1< t%kJE@bGo%-?4=VD2mF;J%QQ?X4I&T7&iK?lj$=ROZM21OSh;E%*Qc diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age index 5695f54..7c1333d 100644 --- a/secrets/pruflas-wg-hydra-key.age +++ b/secrets/pruflas-wg-hydra-key.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw sdxptJei78Xi7oBXqh5H5bJva0O017mkVGz343VUxjA -NFz8JLnOX8qR6uQPb51PzxYGfg3AW+0nJvO4Ex2/N9M --> ssh-ed25519 Otklkw nyXNF0WhpAk6mezLPiQpdFQbSHqHVm9oXxQSaADfVzo -Ati1jXx0dPQn7jnq6Ol73yKpy90iBlgtoWlXimbbq0s ---- RI/9aP5kvkJVacr5IAx5QCBGR+rLg8f8FybfZ2uGtd8 -Æ›'ó÷ðë~²õÇÞ¯~þ ÃdVE¾M®HnmUÚRL\É@ÂÀ84€%ÜÍ ;Ãí´R[ðÁþ‰+Ýñ¢gý0×®SYæ„« \ No newline at end of file +-> ssh-ed25519 J6ROvw xzey0OqH2HSPLdz9sUHX2d9Xb3j/xnvuz0ekjE5MGh8 +cvfzziAX7cVSJAwRr0Avxeaa5ogXhMxz4c6EcpyIrMM +-> ssh-ed25519 Otklkw qlfHwO86ojlvmdfLHtuZwvpIDCxAFgnOQ4tvsz7VTiI +3eVexGX09ALqANLrZm/3WvzZTIhEs/hWLpvYR5oQFYE +--- /+Xv0iaeal+E0g5+Fphqw260kmzHE/BEWA9UWZqkxpM +Q$¬ +'²H¥­ÕQ6E%Ñû&òúÂÒ‰ž>0—e[Gæöb«g5åû»ú@¿o“ŸÊy»~Û ©V`§y×F½ÕÏuõÞ~<¾ ®¾Ñ \ No newline at end of file diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age index 56c3796..1312de7 100644 --- a/secrets/pruflas-wg0-key.age +++ b/secrets/pruflas-wg0-key.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 J6ROvw JrDRK2NkcPjUf7Owco978Saj3FlPGLL9RcOW3aSB7Hs -o/WPV/rBvvc89c5qln+XLVslVed65EGZOkQoYeGgvpQ --> ssh-ed25519 Otklkw fvLeR4YnqmXYGu8krDmCGDLa0Xh+X+HpCTcqodxOtEA -L304iO2/Xq5TJ3Ui8F3EIR0mXVRmAMAleGexBxWoJN8 ---- B71HeCVbIOOnvWXWwMSk0A19qnsE31Lo36lKOkXLQhI -Õ%>ž™TsSŸ(ƒpµÏfA²Ç¼ÛïÀ–ØÀÛT+ ò$´Ûï R_(ŽNN1xL†ÿ¦‡©7ŸF–^V -ˆø¡ÿÖo›pSj…Ÿ \ No newline at end of file +-> ssh-ed25519 J6ROvw jC7rwmoizfZqenUwlrMlLRyN9yQnog2X3KIJ2GgRZB8 +yGoiZTNfrPm6+fb1BcZGH6Lzm8Pj4aeyjWtLNYbGSFg +-> ssh-ed25519 Otklkw a2/N7JOiOY/orGyCogBIj48EjTltThv7AAHuMHK7Xzo +PTP9vaEpFf7PXoRobHJgAkNVBh+u3+7rUMKiMj+fadQ +--- KR51LRGHd6jWP4rUWvQqXskwEGfxb0tSCNKtnFT255A +GùwÆ)HŽƒïkƒþ«•G¦ FÕñ…&eš[›{Rš€åGôñhÉ"´L{ƒã¢\«Á¢{H€~{.»ˆéuW‰•MaZ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age index c9fc294bd7ebb3f8c6d5409272dd820703c4ca27..94f9a881e2cfc98cacc143846c7cc7682de7fb34 100644 GIT binary patch delta 332 zcmaFQ^qy&gPQANuWl=zAc5Y>`OO#`lQB{FsYEe#Qfon=}X=#*yN>ODf*VmgT z?4EUXO1rkV$RAzvN0YucxI-%Pz%Q5mgq^Z(fy-{NdEw62*= fD!b2{E%~JBUrnWC!w%1<&5z{kTQojim>&WF>K}S% delta 332 zcmaFQ^qy&gPQ7z+Ribv0dtgOmsEb>fyK7{wVOn@Zc#^44mQQ+Ku8DzLgjrUmMP_h$ zHkVnrlfPkkqKAh^NwA4mgrjG8WvXL(PGVM6xU*%DlY6F*NwGzii;;P@374*&LUD11 zZfc5=si~o*f`3VNPIkFML}&KGKpVz-r|qT{~sOoO)yW;lC=r|xuA9T diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age index ab532e3730c4fd6e5087d85a64162bed8169f69f..4b4a687efc68ccff5d2228c8e42b3e7b9ebcdecf 100644 GIT binary patch delta 336 zcmey&^qFabPQ6Efd6}grQlsnQwY%kej2qt6NrJq+xPI zIhU(pQmT=;g`;n2Sz1ViQ%Z`LfmcRkQe=^Lae7&5L{wNnS+J+OlV5?Q0hg|wLUD11 zZfc5=si~o*f`3VNPIkG1qpw9$l5duNsAaO7g`akqOMPN#P-u3UscV>Pd1bhJUXp=N zT7H#FabZs!6Jag}$M0RaCZns((d6n6GzIfWApN zm#(g^g0`D}fN#2SP^nL1ly;JTQHWc1Nw8;8XktlfR7y&KXJUk@OHhPciletHm;6sCm6Hud!F;4n@3AmmKz4C)L`qeN zCznNOQLsz8M_|5NYKp&Qo}0OmbD(dwmv@0%Zm6+Ql5dh8My|VwWs{Y1UuqQzpd|QyoMfEV{#@CiHHdQ=~%XlP&XqMowgr6E^$UA(wx2 z$&H7+vp-4i2yYO+{eSPriB_Gv?b;R?-JSe!%C3aFMv>Fjgx$F%nDOQ7vbc%Mf3h-d zoqM6ZwVksfX5(Rlt&WpS7VbE}Zu@Hcx~FRET$Zsr^RExx=3Rg7S8keROUXXl+>bl@ z3@)AutbOJ--*jnVz~36)h4&TDJQ6iI75KN4#m00&xq$MHM>Ud@YdJF`Wdy@&zoj=a zANUcXc$aC}ymcH8Ps8ZpdDl|XnVy?@c zf}4*89;9X*yq%!_zueg6@2a;s43Wajl?%e-O>~0)#B7^%p>~?by~~dU)@yZVg#U51 rmdoYat?};3|1Xs-5409{xMxL~ zYkEm$sd;uXS9V!chNEeUM{1cxWu$+YZ$(nMzF}3iUr>ahw{e(PM3u9LiN0f4sd=y~ zm#(g^LXd~POJbEpse8Ibm}{PSerSbXs)0+XevylFg=dJrX_mHUlv{>DfTf=+S9lHU zA+76r(e;(fo*H>}^W0SX(LHHt`Ldeer2^B3gz6k=YMEiVzz&?s=#93PXV5;HJMIx{zZP3Fg|ttgRPCI^!|WZbHd|Xwff%A z^ffzpy!vs6A2UO82dA-F_qUUNCtUu8>+~M9Rn|-DajMbj(qFAt!}`$oGRMqNk$2V? zH@rNi@}gT+a&^Eamik}kO@e!Sl&kr8a^gcD=axx&Z0v1*`ToSgE$g4}dlb-DZNL{(zKyR$ZLyXJPa0!l ssh-ed25519 jUOjpw hXl01CaHYYlY/orHilx2gv0Fyh1eMXgN1NBzV1vSw1g -B35trnqYoFwg0xhw/QPw56N4VjxMyQAlNGyRFKdHfKE --> ssh-ed25519 Otklkw SRtMspvRR63U17LRd2aqU0m6f5bnpY7kaUl9uP94hhk -e3XD/s3fY78uxzA7YVs4F4LBFYJOIHZ28Odnnj8Zeac ---- eVNBDHFoU3kBN+SE1osblaJ0yWTv1ZOjJEXKtsI8054 -’ý„ uøÑ'~Ê•‹†v'ªV÷Š}nfuE.J«¼ÀóÍ¥À¸hxïI ^«X—7‚øÆY -E•7•®4º \ No newline at end of file +-> ssh-ed25519 jUOjpw FXHC9VzSKIkbJ9JVge5vsGHiGtxBnxB7Nvqqi4OsRHA +1zhd0kCd37fXmWtq9kRx1vQvjTT4i5HsQ9DibyGmNUI +-> ssh-ed25519 Otklkw ZKy9Vbf1W1UpejNy8nh+eGss19XLqJuHL6qJuG1KP20 +t5C0Jw//1vK5iiG3+tJK6bu/SBR7StHRDog9ivlfVAI +--- 08Q8bBFnJF2TFV62trgPig/VL3RwKN0dyw4PBgg5LDU +F`Çà ³4tÛ­ àÖÙ§áÂûo9õ~}Ù‚›èÁ)ñ7#”§“a/§»Wù\‹;ŽlÏ2»–Рl„ \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age index 37cb2a54f553d7c132c2a7b6ed743af2d384fff9..2abfeacb6afea853c955f0b51900d3245325554a 100644 GIT binary patch delta 689 zcmcb}dXaU4PJN}RMU-iZsgpr!n1NT2bB?E1W|>=dsAEoPUV*n^X_;}9ep*<0x_+KV zHdk_mQ<8apVv4zUig{phqFaz_WtM+hl5>z#j)}LnWnf{FMNvwLN4d6sGMBEMLUD11 zZfc5=si~o*f`3VNPIkG1qoajuws)zQkz=BNR!XpOQN3S&v1OQ1nM-1S42cmYOrTWxwcbqp;Nkfnwe2}WRgW_RC=USie+j+o{_$Xr+I}_fNOCi zm#(g^fw1qvt#&hy<{k*Lo zKCI*WE^<$~%l>o730>DGp8{hhzV*$#sN`&ZWw!l|D`h*4;)P;gHMS}GtWp>F`F=;Z z!OigI!nRLmykA>xh`hZuTI*unB86AG9~Q`OPWn{cm80abtv+n?7WG9r3?h7TjeirY z)syDSzC7EJoAUfxKy{VAy4-b>N6VFJlNi3Zs2Vx^yYi!E)$S|ZEH>%pd0$=Sx6aKh zx*Q>`CVM|xX3F`!qMQQZ{H?T&rNHi;{})Se*Ul+;|u zcJBdm7uVmnec4J4B{!^NCY+h%X|W(S)wuhTy_wAwi?ut_tfm!x|7Lt8z2u5rX70WQ z!JO$kv^Ra+`AuGJUbie?g|_>n?GKXcl58uPPu5K&011-SI)iA r@hz4s%20_fZRw6@%?nqgukK0IoNV&u_BHX=_urpPP~DbmdT{{&@RuxD delta 689 zcmcb}dXaU4PQ5`$l8K{vc(ReHg=ukyTY5mcXOLl@XP&!3ctv_hrmJaaX-<|=m8-L1 zBv)o)cu2WlsIg;UplMZ=QBGKXO1N2yk6B1~XkMmgdaz$XiIHKXx1oPZK9{bYLUD11 zZfc5=si~o*f`3VNPIkFMUZO=-fmx(mSdw?HVNhwYWqnmzcA}$KMrK4omak`ea;BwM zfoWlBKv+aFS42>1RdS@EepyaRL0W;UXOyQ)MRHhfW>$emR&Y*IM7VcQQn^KdS)p?= zm#(g^LSbHBnTKygcu0|#slTD6aYcZ$v!hFaf0m=8QFv0elShD~lV47GNLH>1*Quf& zjl;_h*4LNpSezmE+tMlj{!U5$_{J=)`7%=yofX2;`mI%pS1LS{yr|~TVBz>VwRqBu zHQe9#8co;Rbf!^*$LqxD?$vualJe5|oH={ZyyQW*NO?uiV zvVLtew^gr$uXNUwjT-M}`sr9It%$0WGM=*W(l^Vqhi)#r_)V$!w|I=>>#seRjTrh? zp6A%mwSSVtwm;9BpUZuzzw+Ur*&n-k8S|5BgO{|vlU({fC-KV8dxr`f_#2O$cw4sb z=HeAMoo?N2$#eW};rA~kew*5!cb1oL-Zh&2qMubd&+){@=khz;e=uK9xp3l>M;-IK zM*Yj``RwOjoZ4A^J!;GM6qeb{tD>zcG{1#@dAK`n{*j)WP5;?l3-adab$@Tydb(J` tzV&Cg>MWzztDnUN|Jc%`|J;gqWsv>#9OccbLSEMYg4MP@`n1TR2LLURGaLW_ diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age index 1e58cc84eaa73f0283d0c1d349e6e0071802ed40..7400a57f293740d6889f74b8bb858d55bf1aac5c 100644 GIT binary patch delta 688 zcmcb>dVzICmqnDhS7b@9bCG$9uVZjwrGZa~tC_y3NkK?vZe+GuX;P87M|f1FacV&* zm#(g^LVmERrDsq?idVV0M_{N$PO^)oTWM-yS+ag*Vp(uuRDfepXpWg%kdcKiS7B@v zn?vx^)%AC-Ek5$=lB?#&-}w*k%Sl>#F`xN-iYmK*E%!>aq9Y-@o zw-kKMPM)B-+B}cfBEsOm%_HlUgWq;dWtL`re0_SM`R&Vs%<_Bk+$t7Z_{Gj!ci=6maZ&E(y8{=56K3prlvmQOF~ zeR7d;dD0h7;S&|0+a~bRqK}HA?a%+^%NlE%$I3W` qiNDHwXQx?p{uLYd61FXz`@#bYG-FTv5fedVzIvVVl7r@3iVB$uw8LUD11 zZfc5=si~o*f`3VNPIkG1Z?1DiihEUAMw*{tafwHTXT58cqiK{$K$wM7nQKmVWlo7x zzF%2{r&mZmmybnYV31{4Vp?dKiLbUtp?O3~gl~nmc9w;Ov$0WFk&$mohNWkAKw60b zm#(g^LS})Pxl?&nV4!byNMJy&zE4s`WO7PSSXfk+Ye8y+u}M}$KzX)%c)4*XmzrIy zDBJe;o9d@0iKH{Cf8tB35T9vTBl~Ut?}VkxB)Pb+lONn;xH5`(v5@n5Q>c)1hQ)@)048 o^So0Hx;D9fU(2$p`O+~aY2A~@@-3EfEx0i8{RTBvi6uq50HeSi!2kdN diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age index 479dd4f988e140a5a019bfac8e7e3b9cfb3bc570..4bd9044298b6e50ec3dd263568956efdd00c6235 100644 GIT binary patch delta 332 zcmaFQ^qy&gPJLvie!gd!hlzQSp?PFbWLjuig>k7@Qc7r~PpXe&v2&(LfOC1iMRsT4`W@h)R zIah{nN_v^4XK0{Xg=KbBs+)zIdrDb^NvNlxhli6%nxji%V3A=^R#C^qicGKt5aSG5@ql$pEBm(s>5zJZ_fJZf#;Oq}!$0No#XdH?_b From 66fceb6b15442843cb62c0b54d2448ae802845dc Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 20:12:12 +0200 Subject: [PATCH 974/988] feat(stolas): add snapper snapshots --- nixos/stolas/default.nix | 46 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 5f7dfaf..4383cd0 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -118,6 +118,46 @@ browsing = true; }; tlp.enable = false; + snapper = { + cleanupInterval = "1d"; + snapshotInterval = "hourly"; + configs = { + home = { + SUBVOLUME = "/home/dadada"; + ALLOW_USERS= ["dadada"]; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + var = { + SUBVOLUME = "/var"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + paperless = { + SUBVOLUME = "/var/lib/paperless"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "3600"; + TIMELINE_LIMIT_HOURLY = "10"; + TIMELINE_LIMIT_DAILY = "10"; + TIMELINE_LIMIT_WEEKLY = "10"; + TIMELINE_LIMIT_MONTHLY = "10"; + TIMELINE_LIMIT_YEARLY = "10"; + }; + }; + }; }; system = { @@ -133,6 +173,12 @@ HibernateDelaySec=1h ''; + systemd.tmpfiles.rules = [ + "v /var/.snapshots 0755 root root - -" + "v /var/paperless/.snapshots 0755 root root - -" + "v /home/dadada/.snapshots 0755 root root - -" + ]; + virtualisation.libvirtd.enable = true; users = { From a26418c9c32d3793bffd43b8aba4fed3a5187b19 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 20:18:03 +0200 Subject: [PATCH 975/988] fix(ninurta): only run snapshots daily to limit noise --- nixos/ninurta/configuration.nix | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index d4eed97..46562a8 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -237,33 +237,38 @@ in services.snapper = { cleanupInterval = "1d"; - snapshotInterval = "hourly"; + snapshotInterval = "daily"; configs.home = { SUBVOLUME = "/home"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; }; configs.var = { SUBVOLUME = "/var"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; }; configs.storage = { SUBVOLUME = "/mnt/storage"; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "24"; - TIMELINE_LIMIT_DAILY = "13"; - TIMELINE_LIMIT_WEEKLY = "6"; - TIMELINE_LIMIT_MONTHLY = "3"; + TIMELINE_LIMIT_HOURLY = "10"; + TIMELINE_LIMIT_DAILY = "10"; + TIMELINE_LIMIT_WEEKLY = "10"; + TIMELINE_LIMIT_MONTHLY = "10"; + TIMELINE_LIMIT_YEARLY = "10"; }; }; From 5d55e620daf163818cff3ac356ee465d39b50409 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 20:56:40 +0200 Subject: [PATCH 976/988] chore: fix formatting and add treefmt --- .envrc | 2 ++ .github/dependabot.yml | 2 +- .github/workflows/nix-flake-check.yml | 30 ++++++++++++-------------- .github/workflows/nix-flake-update.yml | 3 +-- devshell.nix | 2 +- nixos/configurations.nix | 17 +++++++-------- nixos/stolas/default.nix | 11 +++++++--- outputs.nix | 5 +++-- pkgs/default.nix | 5 +++-- treefmt.nix | 8 +++++++ 10 files changed, 49 insertions(+), 36 deletions(-) create mode 100644 treefmt.nix diff --git a/.envrc b/.envrc index 3140b68..6a37c4f 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,5 @@ +#!/bin/sh + watch_file devshell.nix use flake diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 49f19df..512e01e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,4 @@ updates: directory: "/" schedule: interval: "weekly" - assignees: [ "dadada" ] + assignees: ["dadada"] diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml index b0c0fa3..28b1d3c 100644 --- a/.github/workflows/nix-flake-check.yml +++ b/.github/workflows/nix-flake-check.yml @@ -1,26 +1,24 @@ name: Continuous Integration - on: pull_request: push: branches: [main] - jobs: checks: name: "Checks" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v26 - with: - nix_path: nixpkgs=channel:nixos-stable - extra_nix_config: | - experimental-features = nix-command flakes - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v14 - with: - name: dadada - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix flake check + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v26 + with: + nix_path: nixpkgs=channel:nixos-stable + extra_nix_config: | + experimental-features = nix-command flakes + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + system-features = nixos-test benchmark big-parallel kvm + - uses: cachix/cachix-action@v14 + with: + name: dadada + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix flake check diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml index 9045f91..33843d1 100644 --- a/.github/workflows/nix-flake-update.yml +++ b/.github/workflows/nix-flake-update.yml @@ -3,7 +3,6 @@ on: workflow_dispatch: # allows manual triggering schedule: - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 - jobs: lockfile: runs-on: ubuntu-latest @@ -16,6 +15,6 @@ jobs: uses: DeterminateSystems/update-flake-lock@v21 with: pr-title: "Update flake.lock" # Title of PR to be created - pr-labels: | # Labels to be set on the PR + pr-labels: | # Labels to be set on the PR dependencies automated diff --git a/devshell.nix b/devshell.nix index ebdfb12..1fbad07 100644 --- a/devshell.nix +++ b/devshell.nix @@ -24,7 +24,7 @@ name = "format"; help = "Format the project"; command = '' - nixpkgs-fmt . + treefmt . ''; category = "dev"; } diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 7a4185a..95b894e 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -21,15 +21,14 @@ let nixpkgs.lib.nixosSystem { inherit system; - modules = - [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - } - ] - ++ (nixpkgs.lib.attrValues self.nixosModules) - ++ [ agenix.nixosModules.age ] - ++ extraModules; + modules = [ + { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + } + ] + ++ (nixpkgs.lib.attrValues self.nixosModules) + ++ [ agenix.nixosModules.age ] + ++ extraModules; }; in { diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 4383cd0..696f55f 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { imports = [ @@ -124,7 +129,7 @@ configs = { home = { SUBVOLUME = "/home/dadada"; - ALLOW_USERS= ["dadada"]; + ALLOW_USERS = [ "dadada" ]; TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; TIMELINE_MIN_AGE = "1800"; @@ -213,7 +218,7 @@ # owner = "paperless"; # }; # }; - + # Create compressing swap space in RAM zramSwap.enable = true; } diff --git a/outputs.nix b/outputs.nix index aea7953..c860d3c 100644 --- a/outputs.nix +++ b/outputs.nix @@ -5,12 +5,14 @@ nixpkgs, agenix, devshell, + treefmt-nix, ... }@inputs: (flake-utils.lib.eachDefaultSystem ( system: let pkgs = import nixpkgs { inherit system; }; + treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; in { devShells.default = @@ -26,7 +28,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = pkgs.nixfmt-tree; + formatter = treefmtEval.config.build.wrapper; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; @@ -34,7 +36,6 @@ } )) // { - hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; nixosConfigurations = import ./nixos/configurations.nix inputs; diff --git a/pkgs/default.nix b/pkgs/default.nix index 9cd9053..9f52a8a 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,4 @@ -{ pkgs }: { - citizen-cups = pkgs.callPackage ./citizen-cups.nix {}; +{ pkgs }: +{ + citizen-cups = pkgs.callPackage ./citizen-cups.nix { }; } diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..75acdfa --- /dev/null +++ b/treefmt.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.shellcheck.enable = pkgs.hostPlatform.system != "riscv64-linux"; + programs.shfmt.enable = pkgs.hostPlatform.system != "riscv64-linux"; + programs.yamlfmt.enable = true; +} From 763d8f478343d903b4f873c318d5ba869ae6a678 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 21:21:46 +0200 Subject: [PATCH 977/988] fix(admin): set shell always from admins.nix --- nixos/modules/admin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 05acc43..bd03ba7 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -97,7 +97,7 @@ in services.openssh.openFirewall = true; users.users = mapAttrs (user: keys: { - shell = lib.mkDefault shells."${keys.shell}"; + shell = shells."${keys.shell}"; extraGroups = lib.mkDefault extraGroups; isNormalUser = true; openssh.authorizedKeys.keys = keys.keys; From 76f29fae245b723584999732fc9e3187c2f581bf Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 21:22:08 +0200 Subject: [PATCH 978/988] fix(ninurta): remove unused postresql backup --- nixos/ninurta/configuration.nix | 7 ------- 1 file changed, 7 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 46562a8..39bdca7 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -149,13 +149,6 @@ in startAt = "daily"; }; - services.postgresqlBackup = { - enable = true; - backupAll = true; - compression = "zstd"; - location = "/var/backup/postgresql"; - }; - age.secrets."ninurta-backup-passphrase" = { file = "${secretsPath}/ninurta-backup-passphrase.age"; mode = "400"; From b12aac6421ad012729cc86d7f770b94206fa9290 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sat, 26 Jul 2025 21:32:35 +0200 Subject: [PATCH 979/988] feat(ninurta): remove hydra --- nixos/ninurta/configuration.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 39bdca7..47c0103 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -14,7 +14,6 @@ let uwuPrivKey = "pruflas-wg0-key"; wgHydraPrivKey = "pruflas-wg-hydra-key"; uwuPresharedKey = "pruflas-wg0-preshared-key"; - hydraGitHubAuth = "hydra-github-authorization"; initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; softServePort = 23231; in @@ -154,34 +153,6 @@ in mode = "400"; }; - age.secrets.${hydraGitHubAuth} = { - file = "${secretsPath}/${hydraGitHubAuth}.age"; - mode = "440"; - owner = "hydra-www"; - group = "hydra"; - }; - - services.hydra = { - enable = false; - package = pkgs.hydra; - hydraURL = "https://hydra.dadada.li"; - notificationSender = "hydra@localhost"; - buildMachinesFiles = [ ]; - useSubstitutes = true; - port = 3000; - listenHost = "10.3.3.3"; - extraConfig = '' - Include ${config.age.secrets."${hydraGitHubAuth}".path} - - - jobs = nix-config:main.* - inputs = nix-config - excludeBuildFromContext = 1 - useShortContext = 1 - - ''; - }; - nix.buildMachines = [ { hostName = "localhost"; From 618a4b3a7331b0c6704bb8f154c96c9c309d49cd Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 00:21:39 +0200 Subject: [PATCH 980/988] fix(stolas): suspend from disk and wifi suspend --- nixos/stolas/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 696f55f..016d986 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -23,7 +23,12 @@ pkiBundle = "/var/lib/sbctl"; }; kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + # Hopefully fixes suspend issues with wifi card + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + ]; + extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false @@ -205,7 +210,6 @@ "wireshark" "paperless" ]; - shell = "/run/current-system/sw/bin/zsh"; }; }; }; From 0909933ba9b1f113224f1979e1b5565bbccc1b97 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 00:22:20 +0200 Subject: [PATCH 981/988] chore(stolas): cleanup config --- nixos/stolas/default.nix | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 016d986..4bc3756 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -27,6 +27,7 @@ kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + "resume_offset=533760" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; # Lanzaboote currently replaces the systemd-boot module. @@ -70,10 +71,6 @@ powerManagement = { enable = true; cpuFreqGovernor = "schedutil"; - # TODO: Limit charge of battery, does this work without kernel patches from hardware.frameworkenableKmod? - powerUpCommands = '' - echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold - ''; }; networking = { @@ -214,15 +211,6 @@ }; }; - # TODO - # age.secrets = { - # paperless = { - # file = "${config.dadada.secrets.path}/paperless.age"; - # mode = "700"; - # owner = "paperless"; - # }; - # }; - # Create compressing swap space in RAM zramSwap.enable = true; } From 03c6c141ee8a9ad848b97483ca242a9bc801dc78 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 00:55:31 +0200 Subject: [PATCH 982/988] feat(stolas): replace zram with zswap --- nixos/stolas/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 4bc3756..08756ee 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -26,8 +26,8 @@ # Hopefully fixes suspend issues with wifi card kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ - "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" "resume_offset=533760" + "zswap.enabled=1" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; # Lanzaboote currently replaces the systemd-boot module. @@ -210,7 +210,4 @@ }; }; }; - - # Create compressing swap space in RAM - zramSwap.enable = true; } From 9ec068865291b811f4ff25685a03f021bdce4162 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 01:00:17 +0200 Subject: [PATCH 983/988] chore(stolas): remove unused option for combined sleep target --- nixos/stolas/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 08756ee..9c3ed83 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -176,10 +176,6 @@ "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; }; - systemd.sleep.extraConfig = '' - HibernateDelaySec=1h - ''; - systemd.tmpfiles.rules = [ "v /var/.snapshots 0755 root root - -" "v /var/paperless/.snapshots 0755 root root - -" From 712cca59093ec0c103e2573560b141a4dec94923 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 01:23:13 +0200 Subject: [PATCH 984/988] feat(stolas): use larger swapfile --- nixos/stolas/default.nix | 3 ++- nixos/stolas/disks.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 9c3ed83..9ae2d23 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -26,7 +26,8 @@ # Hopefully fixes suspend issues with wifi card kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ - "resume_offset=533760" + "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + "resume_offset=79859524" "zswap.enabled=1" ]; extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix index 01cf635..eff5680 100644 --- a/nixos/stolas/disks.nix +++ b/nixos/stolas/disks.nix @@ -86,7 +86,7 @@ }; "/swap" = { mountpoint = "/.swapvol"; - swap.swapfile.size = "64G"; + swap.swapfile.size = "128G"; }; }; }; From 578d4526e5e7c2221bd544e337fa30b8692e4a79 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 15:13:36 +0200 Subject: [PATCH 985/988] chore: clean up nixos configurations Consolidate nixpkgs instances into once for all x86 systems --- flake.lock | 17 --- flake.nix | 1 - home/nixpkgs-config.nix | 7 -- home/pkgs.nix | 1 - hydra-jobs.nix | 4 - nixos/configurations.nix | 175 +++++++++++++------------------ nixos/gorgon/configuration.nix | 5 +- nixos/modules/nixpkgs.nix | 3 - nixos/modules/profiles/cloud.nix | 4 + nixos/modules/profiles/home.nix | 7 ++ nixos/stolas/default.nix | 7 +- outputs.nix | 21 ++-- overlays.nix | 1 - 13 files changed, 92 insertions(+), 161 deletions(-) delete mode 100644 home/nixpkgs-config.nix delete mode 100644 hydra-jobs.nix delete mode 100644 nixos/modules/nixpkgs.nix create mode 100644 nixos/modules/profiles/home.nix delete mode 100644 overlays.nix diff --git a/flake.lock b/flake.lock index 8c964f5..3d0d3f2 100644 --- a/flake.lock +++ b/flake.lock @@ -325,22 +325,6 @@ "type": "github" } }, - "nixpkgs-small": { - "locked": { - "lastModified": 1753505055, - "narHash": "sha256-jQKnNATDGDeuIeUf7r0yHnmirfYkYPHeF0N2Lv8rjPE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7be0239edbf0783ff959f94f9728db414be73002", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1730741070, @@ -397,7 +381,6 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixpkgs-small": "nixpkgs-small", "systems": "systems_2", "treefmt-nix": "treefmt-nix" } diff --git a/flake.nix b/flake.nix index 73686ce..151f1b5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ description = "dadada's nix flake"; inputs = { - nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; disko = { url = "github:nix-community/disko"; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix deleted file mode 100644 index 6a29a63..0000000 --- a/home/nixpkgs-config.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs }: -{ - allowUnfree = true; - allowUnfreePredicate = pkg: true; - allowBroken = false; - android_sdk.accept_license = true; -} diff --git a/home/pkgs.nix b/home/pkgs.nix index 7a707e1..e980614 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -125,7 +125,6 @@ with pkgs; spotify sqlite sshfs-fuse - steam taplo tcpdump tdesktop diff --git a/hydra-jobs.nix b/hydra-jobs.nix deleted file mode 100644 index 3369943..0000000 --- a/hydra-jobs.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ self, nixpkgs, ... }: -(nixpkgs.lib.mapAttrs' ( - name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel -) self.nixosConfigurations) diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 95b894e..220e4d0 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -8,127 +8,92 @@ nixos-hardware, nixos-generators, nixpkgs, - nixpkgs-small, ... }@inputs: let - nixosSystem = + # create a new instance allowing some unfree packages + nixpkgsx86 = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfreePredicate = + pkg: + builtins.elem (nixpkgs.lib.getName pkg) [ + "aspell-dict-en-science" + "brgenml1lpr" + "saleae-logic-2" + "spotify" + ]; + }; + nixosSystem = nixpkgs.lib.nixosSystem; + baseModule = + { lib, ... }: { - nixpkgs, - system ? "x86_64-linux", - extraModules ? [ ], - }: - nixpkgs.lib.nixosSystem { - inherit system; - - modules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - } + _module.args.inputs = inputs; + imports = [ + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + ( + { pkgs, ... }: + { + dadada.homepage.package = homepage; + dadada.pkgs = inputs.self.packages.${pkgs.system}; + dadada.inputs = inputs // { + dadada = inputs.self; + }; + } + ) + inputs.lanzaboote.nixosModules.lanzaboote ] - ++ (nixpkgs.lib.attrValues self.nixosModules) - ++ [ agenix.nixosModules.age ] - ++ extraModules; + ++ (lib.attrValues inputs.self.nixosModules); }; + homeModule = ./modules/profiles/home.nix; in { - stolas = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; + stolas = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + nixos-hardware.nixosModules.framework-amd-ai-300-series + homeModule + ./stolas + ]; + }; - extraModules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - nixos-hardware.nixosModules.framework-amd-ai-300-series - home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./stolas - ]; - }; - - gorgon = - let - system = "x86_64-linux"; - in - nixosSystem { - inherit nixpkgs system; - - extraModules = [ - { - nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; - dadada.pkgs = self.packages.${system}; - dadada.inputs = inputs // { - dadada = self; - }; - } - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [ - { dadada.home.helix.package = pkgs.helix; } - { manual.manpages.enable = false; } - ]; - home-manager.users.dadada = import ../home; - } - ) - ./gorgon/configuration.nix - ]; - }; + gorgon = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + homeModule + ./gorgon/configuration.nix + ]; + }; surgat = nixosSystem { - nixpkgs = nixpkgs-small; - system = "x86_64-linux"; - extraModules = [ - { - dadada.homepage.package = homepage; - } - ./modules/profiles/server.nix + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule ./surgat/configuration.nix ]; }; agares = nixosSystem { - nixpkgs = nixpkgs-small; - extraModules = [ + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule ./agares/configuration.nix ]; }; - installer = - let - nixpkgs = nixpkgs-small; - in - nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - nixos-generators.nixosModules.install-iso - self.nixosModules.admin + installer = nixosSystem { + modules = [ + nixos-generators.nixosModules.install-iso + inputs.self.nixosModules.admin + ( + { lib, ... }: { - isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso"; + nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux"; + isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso"; networking.tempAddresses = "disabled"; dadada.admin.enable = true; documentation.enable = true; @@ -139,12 +104,14 @@ in keyMap = "us"; }; } - ]; - }; + ) + ]; + }; ninurta = nixosSystem { - nixpkgs = nixpkgs-small; - extraModules = [ + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule ./ninurta/configuration.nix ]; }; diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 16f8130..cb99b2a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -52,8 +52,6 @@ in age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; - nixpkgs.config.android_sdk.accept_license = true; - programs.ssh.startAgent = true; nix.extraOptions = '' @@ -85,7 +83,7 @@ in networking.hostName = "gorgon"; dadada = { - steam.enable = true; + steam.enable = false; yubikey.enable = true; }; @@ -154,7 +152,6 @@ in #]; environment.systemPackages = with pkgs; [ - android-studio ghostscript smartmontools diff --git a/nixos/modules/nixpkgs.nix b/nixos/modules/nixpkgs.nix deleted file mode 100644 index 2c5849f..0000000 --- a/nixos/modules/nixpkgs.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - nixpkgs.config.allowUnfreePredicate = pkg: true; -} diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index de57714..1ddbb1e 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -4,6 +4,10 @@ let initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; in { + imports = [ + ./server.nix + ]; + boot.initrd.availableKernelModules = [ "virtio-pci" ]; boot.kernelParams = [ diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix new file mode 100644 index 0000000..a695e8b --- /dev/null +++ b/nixos/modules/profiles/home.nix @@ -0,0 +1,7 @@ +{ pkgs, inputs, ... }: +{ + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules; + home-manager.users.dadada = inputs.self.hmConfigurations.dadada; +} diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix index 9ae2d23..1c5cc9b 100644 --- a/nixos/stolas/default.nix +++ b/nixos/stolas/default.nix @@ -12,11 +12,6 @@ ./paperless.nix ]; - nixpkgs = { - hostPlatform = "x86_64-linux"; - config.allowUnfree = true; - }; - boot = { lanzaboote = { enable = true; @@ -58,7 +53,7 @@ # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features bluetooth.enable = true; cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - enableAllFirmware = true; + enableRedistributableFirmware = true; framework.laptop13.audioEnhancement.enable = true; graphics = { enable = true; diff --git a/outputs.nix b/outputs.nix index c860d3c..08e8ad0 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,4 +1,3 @@ -# Adapted from Mic92/dotfiles { self, flake-utils, @@ -11,7 +10,7 @@ (flake-utils.lib.eachDefaultSystem ( system: let - pkgs = import nixpkgs { inherit system; }; + pkgs = nixpkgs.legacyPackages.${system}; treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; in { @@ -31,20 +30,16 @@ formatter = treefmtEval.config.build.wrapper; packages = import ./pkgs { inherit pkgs; } // { - installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; + installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage; }; } )) // { - hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; - - nixosConfigurations = import ./nixos/configurations.nix inputs; - - nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; - - overlays = import ./overlays.nix; - - hydraJobs = import ./hydra-jobs.nix inputs; - checks = import ./checks.nix inputs; + hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; + hmConfigurations = { + dadada = import ./home; + }; + nixosConfigurations = import ./nixos/configurations.nix inputs; + nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; } diff --git a/overlays.nix b/overlays.nix deleted file mode 100644 index ffcd441..0000000 --- a/overlays.nix +++ /dev/null @@ -1 +0,0 @@ -{ } From 730a4b80b5f33571f79a82fc3a4d06390e9908a8 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 17:14:11 +0200 Subject: [PATCH 986/988] feat(agares): remove unused host --- nixos/agares/configuration.nix | 108 ----------- nixos/agares/ddns.nix | 13 -- nixos/agares/dns.nix | 81 --------- nixos/agares/firewall.nix | 13 -- nixos/agares/network.nix | 323 --------------------------------- nixos/agares/ntp.nix | 12 -- nixos/agares/ppp.nix | 68 ------- nixos/agares/rules.nft | 136 -------------- nixos/configurations.nix | 8 - secrets/secrets.nix | 10 - 10 files changed, 772 deletions(-) delete mode 100644 nixos/agares/configuration.nix delete mode 100644 nixos/agares/ddns.nix delete mode 100644 nixos/agares/dns.nix delete mode 100644 nixos/agares/firewall.nix delete mode 100644 nixos/agares/network.nix delete mode 100644 nixos/agares/ntp.nix delete mode 100644 nixos/agares/ppp.nix delete mode 100644 nixos/agares/rules.nft diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix deleted file mode 100644 index ba00c29..0000000 --- a/nixos/agares/configuration.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ - config, - modulesPath, - pkgs, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ./ddns.nix - ./dns.nix - ./firewall.nix - ../modules/profiles/server.nix - ./network.nix - ./ntp.nix - ./ppp.nix - ]; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - #fileSystems."/nix/store" = { - # device = "/dev/sda1"; - # fsType = "btrfs"; - # options = [ "subvol=/root/nix" "noatime" ]; - #}; - - fileSystems."/swap" = { - device = "/dev/sda1"; - fsType = "btrfs"; - options = [ - "subvol=/root/swap" - "noatime" - ]; - }; - - #swapDevices = [{ - # device = "/swap/swapfile"; - # size = 32 * 1024; # 32 GByte - #}]; - - hardware.cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware; - - dadada = { - admin.enable = true; - }; - - services.smartd.enable = true; - - networking.hostName = "agares"; - networking.domain = "bs.dadada.li"; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "ehci_pci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.extraConfig = " - serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 - terminal_input serial - terminal_output serial - "; - - boot.kernelParams = [ - "console=ttyS0,115200" - "amd_iommu=on" - "iommu=pt" - ]; - - boot.kernelModules = [ - "kvm-amd" - "vfio" - "vfio_iommu_type1" - "vfio_pci" - "vfio_virqfd" - ]; - - environment.systemPackages = with pkgs; [ - curl - flashrom - dmidecode - tcpdump - ]; - - services.munin-node = { - enable = true; - extraConfig = '' - host_name ${config.networking.hostName} - cidr_allow 10.3.3.3/32 - ''; - }; - - # Running router VM. They have to be restarted in the right order, so network comes up cleanly. Not ideal. - system.autoUpgrade.allowReboot = false; - - system.stateVersion = "23.05"; -} diff --git a/nixos/agares/ddns.nix b/nixos/agares/ddns.nix deleted file mode 100644 index 9a5948f..0000000 --- a/nixos/agares/ddns.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: -{ - dadada.ddns = { - domains = [ "vpn.dadada.li" ]; - credentialsPath = config.age.secrets."ddns-credentials".path; - interface = "ppp0"; - }; - - age.secrets."ddns-credentials" = { - file = "${config.dadada.secrets.path}/ddns-credentials.age"; - mode = "400"; - }; -} diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix deleted file mode 100644 index fe2843f..0000000 --- a/nixos/agares/dns.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ ... }: -{ - services.unbound = { - enable = true; - localControlSocketPath = "/run/unbound/unbound.ctl"; - settings = { - server = { - access-control = [ - "127.0.0.0/8 allow" - "127.0.0.1/32 allow_snoop" - "192.168.96.0/19 allow" - "192.168.1.0/24 allow" - "172.16.128.0/24 allow" - "::1/128 allow_snoop" - "fd42:9c3b:f96d::/48 allow" - ]; - interface = [ - "127.0.0.1" - "192.168.1.1" - "192.168.100.1" - "192.168.101.1" - "192.168.102.1" - "192.168.103.1" - "192.168.120.1" - "::1" - "fd42:9c3b:f96d:100::1" - "fd42:9c3b:f96d:101::1" - "fd42:9c3b:f96d:102::1" - "fd42:9c3b:f96d:103::1" - "fd42:9c3b:f96d:120::1" - ]; - prefer-ip6 = true; - prefetch = true; - prefetch-key = true; - serve-expired = false; - aggressive-nsec = true; - hide-identity = true; - hide-version = true; - use-caps-for-id = true; - val-permissive-mode = true; - local-data = [ - "\"agares.bs.dadada.li. 10800 IN A 192.168.101.1\"" - "\"danjal.bs.dadada.li. 10800 IN A 192.168.100.108\"" - "\"legion.bs.dadada.li. 10800 IN A 192.168.100.107\"" - "\"ninurta.bs.dadada.li. 10800 IN A 192.168.101.184\"" - "\"agares.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101::1\"" - "\"ninurta.bs.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" - "\"backup1.dadada.li. 10800 IN AAAA fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe\"" - ]; - local-zone = [ - "\"168.192.in-addr.arpa.\" nodefault" - "\"d.f.ip6.arpa.\" nodefault" - ]; - }; - forward-zone = [ - { - name = "."; - forward-tls-upstream = "yes"; - forward-addr = [ - "2620:fe::fe@853#dns.quad9.net" - "2620:fe::9@853#dns.quad9.net" - "9.9.9.9@853#dns.quad9.net" - "149.112.112.112@853#dns.quad9.net" - ]; - } - ]; - stub-zone = - let - stubZone = name: addrs: { - name = "${name}"; - stub-addr = addrs; - }; - in - [ - #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) - #(stubZone "d.6.9.f.b.3.c.9.2.4.d.f.ip6.arpa" ["192.168.101.220" "2a01:4f8:c010:a710::1"]) - #(stubZone "168.192.in-addr.arpa" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) - ]; - }; - }; -} diff --git a/nixos/agares/firewall.nix b/nixos/agares/firewall.nix deleted file mode 100644 index 569259f..0000000 --- a/nixos/agares/firewall.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - networking = { - useDHCP = false; - nat.enable = false; - firewall.enable = false; - nftables = { - enable = true; - checkRuleset = true; - ruleset = builtins.readFile ./rules.nft; - }; - }; -} diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix deleted file mode 100644 index 6d86d22..0000000 --- a/nixos/agares/network.nix +++ /dev/null @@ -1,323 +0,0 @@ -{ config, lib, ... }: -let - ulaPrefix = "fd42:9c3b:f96d"; # fd42:9c3b:f96d::/48 - ipv4Prefix = "192.168"; # 192.168.96.0/19 - domain = "bs.dadada.li"; -in -{ - networking.useDHCP = false; - systemd.network = { - enable = true; - links = { - "10-persistent" = { - matchConfig.OriginalName = [ - "enp1s0" - "enp2s0" - ]; # takes search domains from the [Network] - linkConfig.MACAddressPolicy = "persistent"; - }; - }; - netdevs = { - # QoS concentrator - "ifb4ppp0" = { - netdevConfig = { - Kind = "ifb"; - Name = "ifb4ppp0"; - }; - }; - "20-lan" = { - netdevConfig = { - Kind = "vlan"; - Name = "lan.10"; - }; - vlanConfig = { - Id = 10; - }; - }; - "20-freifunk" = { - netdevConfig = { - Kind = "vlan"; - Name = "ff.11"; - }; - vlanConfig = { - Id = 11; - }; - }; - "20-roadw" = { - netdevConfig = { - Kind = "wireguard"; - Name = "roadw"; - }; - wireguardConfig = { - PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; - ListenPort = 51234; - }; - wireguardPeers = [ - { - wireguardPeerConfig = - let - peerAddresses = i: [ - "${ipv4Prefix}.120.${i}/32" - "${ulaPrefix}:120::${i}/128" - ]; - in - { - PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - AllowedIPs = peerAddresses "3"; - }; - } - ]; - }; - "20-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - }; - wireguardConfig = { - PrivateKeyFile = config.age.secrets."wg-privkey-wg0".path; - ListenPort = 51235; - }; - wireguardPeers = lib.singleton { - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - }; - }; - }; - }; - networks = - let - subnet = name: subnetId: { - matchConfig.Name = name; - addresses = [ - { addressConfig.Address = "${ipv4Prefix}.${subnetId}.1/24"; } - { addressConfig.Address = "${ulaPrefix}:${subnetId}::1/64"; } - ]; - dhcpPrefixDelegationConfig = { - SubnetId = "auto"; - }; - ipv6Prefixes = [ - { - ipv6PrefixConfig.Prefix = "${ulaPrefix}:${subnetId}::/64"; - } - ]; - dhcpServerConfig = { - DNS = "_server_address"; - NTP = "_server_address"; - EmitDNS = true; - EmitNTP = true; - EmitRouter = true; - PoolOffset = 100; - PoolSize = 100; - }; - ipv6SendRAConfig = { - EmitDNS = true; - DNS = "_link_local"; - EmitDomains = true; # takes search domains from the [Network] - }; - linkConfig = { - RequiredForOnline = false; - }; - networkConfig = { - Domains = domain; - EmitLLDP = "yes"; - IPv6SendRA = true; - IPv6AcceptRA = false; - DHCPPrefixDelegation = true; - DHCPServer = true; - }; - extraConfig = '' - [CAKE] - OverheadBytes = 38 - Bandwidth = 1G - RTT = lan - ''; - }; - in - { - "10-mgmt" = lib.mkMerge [ - (subnet "enp1s0" "100") - { - networkConfig.VLAN = [ - "lan.10" - "ff.11" - ]; - dhcpServerStaticLeases = [ - { - # legion - dhcpServerStaticLeaseConfig = { - Address = "192.168.100.107"; - MACAddress = "80:CC:9C:95:4A:60"; - }; - } - { - # danyal - dhcpServerStaticLeaseConfig = { - Address = "192.168.100.108"; - MACAddress = "c8:9e:43:a3:3d:7f"; - }; - } - ]; - } - ]; - "30-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - routeConfig = { - Destination = "10.3.3.1/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; - } - ]; - }; - "30-lan" = subnet "lan.10" "101" // { - dhcpServerStaticLeases = [ - { - # ninurta - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.184"; - MACAddress = "48:21:0B:3E:9C:FE"; - }; - } - { - # crocell - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.122"; - MACAddress = "9C:C9:EB:4F:3F:0E"; - }; - } - { - # gorgon - dhcpServerStaticLeaseConfig = { - Address = "192.168.101.205"; - MACAddress = "8C:C6:81:6A:39:2F"; - }; - } - ]; - }; - - "30-ff" = subnet "ff.11" "102"; - - "30-ifb4ppp0" = { - name = "ifb4ppp0"; - extraConfig = '' - [CAKE] - OverheadBytes = 65 - Bandwidth = 100M - FlowIsolationMode = triple - RTT = internet - ''; - linkConfig = { - RequiredForOnline = false; - }; - }; - - "30-ppp0" = { - name = "ppp*"; - linkConfig = { - RequiredForOnline = "routable"; - }; - networkConfig = { - KeepConfiguration = "static"; - DefaultRouteOnDevice = true; - LinkLocalAddressing = "ipv6"; - DHCP = "ipv6"; - }; - extraConfig = '' - [CAKE] - OverheadBytes = 65 - Bandwidth = 40M - FlowIsolationMode = triple - NAT=true - RTT = internet - - [DHCPv6] - PrefixDelegationHint= ::/56 - UseAddress = false - UseDelegatedPrefix = true - WithoutRA = solicit - - [DHCPPrefixDelegation] - UplinkInterface=:self - ''; - ipv6SendRAConfig = { - # Let networkd know that we would very much like to use DHCPv6 - # to obtain the "managed" information. Not sure why they can't - # just take that from the upstream RAs. - Managed = true; - }; - }; - # Talk to modem for management - "enp2s0" = { - name = "enp2s0"; - linkConfig = { - RequiredForOnline = false; - }; - networkConfig = { - Address = "192.168.1.254/24"; - EmitLLDP = "yes"; - }; - }; - "10-roadw" = { - matchConfig.Name = "roadw"; - addresses = [ - { addressConfig.Address = "${ipv4Prefix}.120.1/24"; } - { addressConfig.Address = "${ulaPrefix}:120::1/64"; } - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - routeConfig = { - Destination = "${ipv4Prefix}.120.1/24"; - }; - } - { - routeConfig = { - Destination = "${ulaPrefix}::120:1/64"; - }; - } - ]; - }; - }; - }; - - age.secrets."wg-privkey-vpn-dadada-li" = { - file = "${config.dadada.secrets.path}/wg-privkey-vpn-dadada-li.age"; - owner = "systemd-network"; - }; - - age.secrets."wg-privkey-wg0" = { - file = "${config.dadada.secrets.path}/agares-wg0-key.age"; - owner = "systemd-network"; - }; - - boot.kernel.sysctl = { - # Enable forwarding for interface - "net.ipv4.conf.all.forwarding" = "1"; - "net.ipv6.conf.all.forwarding" = "1"; - "net.ipv6.conf.all.accept_ra" = "0"; - "net.ipv6.conf.all.autoconf" = "0"; - # Set via systemd-networkd - #"net.ipv6.conf.${intf}.use_tempaddr" = "0"; - }; - - powerManagement.cpuFreqGovernor = lib.mkDefault "schedutil"; -} diff --git a/nixos/agares/ntp.nix b/nixos/agares/ntp.nix deleted file mode 100644 index c3ec49b..0000000 --- a/nixos/agares/ntp.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - services.chrony = { - enable = true; - extraConfig = '' - allow 192.168.1 - allow 192.168.100 - allow 192.168.101 - allow 192.168.102 - ''; - }; -} diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix deleted file mode 100644 index ffa5bc4..0000000 --- a/nixos/agares/ppp.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -let - secretsPath = config.dadada.secrets.path; -in -{ - # PPPoE - services.pppd = { - enable = true; - peers = { - telekom = { - enable = true; - autostart = true; - config = '' - debug - - plugin pppoe.so enp2s0 - - noauth - hide-password - call telekom-secret - - linkname ppp0 - - persist - maxfail 0 - holdoff 5 - - noipdefault - defaultroute - - lcp-echo-interval 15 - lcp-echo-failure 3 - ''; - }; - }; - }; - - age.secrets."etc-ppp-telekom-secret" = { - file = "${secretsPath}/etc-ppp-telekom-secret.age"; - owner = "root"; - mode = "700"; - path = "/etc/ppp/peers/telekom-secret"; - }; - - age.secrets."etc-ppp-pap-secrets" = { - # format: client server passphrase - file = "${secretsPath}/etc-ppp-chap-secrets.age"; - owner = "root"; - mode = "700"; - path = "/etc/ppp/pap-secrets"; - }; - - # Hook for QoS via Intermediate Functional Block - environment.etc."ppp/ip-up" = { - mode = "755"; - text = with lib; '' - #!/usr/bin/env sh - ${getBin pkgs.iproute2}/bin/tc qdisc del dev $1 ingress - ${getBin pkgs.iproute2}/bin/tc qdisc add dev $1 handle ffff: ingress - ${getBin pkgs.iproute2}/bin/tc filter add dev $1 parent ffff: matchall action mirred egress redirect dev ifb4ppp0 - ''; - }; -} diff --git a/nixos/agares/rules.nft b/nixos/agares/rules.nft deleted file mode 100644 index 4b41bea..0000000 --- a/nixos/agares/rules.nft +++ /dev/null @@ -1,136 +0,0 @@ -flush ruleset - -define IF_MGMT = "enp1s0" -define IF_FF = "ff.11" -define IF_LAN = "lan.10" -define IF_WAN = "ppp0" - -# Modem uses this for internet uplink via our WAN -define IF_MODEM = "enp2s0" - -define IF_ROADW = "roadw" - -table inet filter { - # Will give "no such file or directory if hardware does not support flow offloading" - # flowtable f { - # hook ingress priority 0; devices = { enp1s0, enp2s0 }; flags offload; - # } - - chain input_local { - ip6 saddr != ::1/128 log prefix "Dropped IPv6 nonlocalhost packet on loopback:" drop - accept comment "Accept traffic to loopback interface" - } - - chain input_icmp_untrusted { - # Allow ICMP echo - ip protocol icmp icmp type { echo-request } limit rate 1000/second burst 5 packets accept comment "Accept echo request" - - # Allow some ICMPv6 - icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } limit rate 1000/second burst 5 packets accept comment "Allow some ICMPv6" - } - - chain input_modem { - jump input_icmp_untrusted - } - - chain input_wan { - # DHCPv6 client - meta nfproto ipv6 udp sport 547 accept comment "Allow DHCPv6 client" - - jump input_icmp_untrusted - - udp dport 51234 accept comment "Wireguard roadwarriors" - } - - chain input_lan { - counter accept comment "Accept all traffic from LAN" - } - - chain input_mgmt { - counter accept comment "Accept all traffic from MGMT" - } - - chain input_roadw { - counter accept comment "Accept all traffic from roadwarriors" - } - - chain input_ff { - jump input_icmp_untrusted - - # DHCP - meta nfproto ipv6 udp dport 547 accept comment "Allow DHCPv6 client" - - # Allow DNS and DHCP from Freifunk - udp dport { 53, 67 } accept comment "Allow DNS and DHCP from Freifunk" - } - - chain input_wg0 { - tcp dport 4949 accept comment "Munin node" - } - - chain input { - type filter hook input priority filter; policy drop; - - ct state {established, related} counter accept comment "Accept packets from established and related connections" - ct state invalid counter drop comment "Early drop of invalid packets" - - iifname vmap { lo : accept, $IF_WAN : jump input_wan, $IF_LAN : jump input_lan, $IF_FF : jump input_ff, $IF_ROADW : jump input_roadw, $IF_MODEM : jump input_modem, $IF_MGMT : jump input_mgmt, wg0 : jump input_wg0 } - } - -# Only works if hardware flow offloading is available -# chain offload { -# type filter hook forward priority -100; policy accept; -# ip protocol tcp flow add @f -# counter packets 0 bytes 0 -# } - - chain forward { - type filter hook forward priority filter; policy drop; - - # Accept connections tracked by destination NAT - ct status dnat counter accept comment "Accept connections tracked by DNAT" - - # TCP options - tcp flags syn tcp option maxseg size set rt mtu comment "Remove TCP maximum segment size and set a size based on route information" - - # ICMPv6 - icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, echo-request, echo-reply, parameter-problem } limit rate 5/second counter accept comment "Forward up to five ICMP messages of allowed types per second" - meta l4proto ipv6-icmp accept comment "Forward ICMP in IPv6" - - # mgmt <-> * - iifname { $IF_LAN, $IF_ROADW } oifname $IF_MGMT counter reject comment "Reject traffic from LAN and roadwarrior to MGMT" - iifname $IF_MGMT oifname { $IF_LAN, $IF_ROADW } counter reject comment "Reject traffic from MGMT to LAN and roadwarrior" - # drop (instead of reject) everything else to MGMT - - # LAN, ROADW -> * (except mgmt) - iifname { $IF_LAN, $IF_ROADW } counter accept comment "Allow all traffic forwarding from LAN and roadwarrior to all interfaces, except to mgmt" - - # FF -> WAN - iifname { $IF_FF } oifname $IF_WAN counter accept comment "Allow all traffic forwarding from Freifunk and services to WAN" - - # { WAN } -> { FF, LAN, RW } - iifname { $IF_WAN } oifname { $IF_FF, $IF_LAN, $IF_ROADW } ct state established,related counter accept comment "Allow established back from WAN" - } - - chain output { - type filter hook output priority 100; policy accept; - } -} - -table ip nat { - chain prerouting { - type nat hook prerouting priority dstnat; policy accept; - } - - chain postrouting { - type nat hook postrouting priority srcnat; policy accept; - ip saddr { 192.168.96.0/19 } oifname { $IF_WAN } masquerade comment "Masquerade traffic from LANs" - } -} - -table arp filter { - chain input { - type filter hook input priority filter; policy drop; - iifname { $IF_MGMT, $IF_LAN, $IF_FF, $IF_MODEM } limit rate 1/second burst 2 packets accept comment "Limit number of ARP messages from LAN, FF, MGMT, modem" - } -} diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 220e4d0..877c6a9 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -77,14 +77,6 @@ in ]; }; - agares = nixosSystem { - modules = [ - { nixpkgs.pkgs = nixpkgsx86; } - baseModule - ./agares/configuration.nix - ]; - }; - installer = nixosSystem { modules = [ nixos-generators.nixosModules.install-iso diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f449646..50dd263 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,7 +1,6 @@ let dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) "; systems = { - agares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcbuLtU9/VhFy5VAp/ZI0T+gr7kExG73hmjjvno10gP root@nixos"; gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; @@ -63,24 +62,16 @@ in dadada ]; "ddns-credentials.age".publicKeys = [ - systems.agares systems.ninurta dadada ]; "etc-ppp-chap-secrets.age".publicKeys = [ - systems.agares dadada ]; "etc-ppp-telekom-secret.age".publicKeys = [ - systems.agares dadada ]; "wg-privkey-vpn-dadada-li.age".publicKeys = [ - systems.agares - dadada - ]; - "agares-wg0-key.age".publicKeys = [ - systems.agares dadada ]; } @@ -89,5 +80,4 @@ in // backupSecrets "ifrit" // backupSecrets "pruflas" // backupSecrets "surgat" -// backupSecrets "agares" // backupSecrets "stolas" From 67b04a636c2ae470712eda3ce53171837eddb0e3 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 17:16:00 +0200 Subject: [PATCH 987/988] fix(checks): formating --- checks.nix | 20 -------------------- devshell.nix | 1 - outputs.nix | 5 ++++- 3 files changed, 4 insertions(+), 22 deletions(-) delete mode 100644 checks.nix diff --git a/checks.nix b/checks.nix deleted file mode 100644 index 9505c35..0000000 --- a/checks.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - self, - flake-utils, - nixpkgs, - ... -}: -(flake-utils.lib.eachDefaultSystem ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - formatter = self.formatter.${system}; - in - { - checks = { - format = pkgs.runCommand "check-format" { - buildInputs = [ formatter ]; - } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; - }; - } -)).checks diff --git a/devshell.nix b/devshell.nix index 1fbad07..3931494 100644 --- a/devshell.nix +++ b/devshell.nix @@ -6,7 +6,6 @@ packages = with pkgs; [ agenix - nixpkgs-fmt nixos-rebuild ]; diff --git a/outputs.nix b/outputs.nix index 08e8ad0..ef7a742 100644 --- a/outputs.nix +++ b/outputs.nix @@ -27,6 +27,10 @@ in import ./devshell.nix { inherit pkgs extraModules; }; + checks = { + formatting = treefmtEval.config.build.check self; + }; + formatter = treefmtEval.config.build.wrapper; packages = import ./pkgs { inherit pkgs; } // { @@ -35,7 +39,6 @@ } )) // { - checks = import ./checks.nix inputs; hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; hmConfigurations = { dadada = import ./home; From 02bcc3ede9be81405963319b6eb2f134a8235c04 Mon Sep 17 00:00:00 2001 From: Tim Schubert Date: Sun, 27 Jul 2025 17:19:13 +0200 Subject: [PATCH 988/988] fix: deprecations --- nixos/gorgon/configuration.nix | 2 +- nixos/modules/steam.nix | 5 +-- nixos/modules/yubikey.nix | 2 +- nixos/ninurta/configuration.nix | 68 +++++++++++++-------------------- nixos/surgat/configuration.nix | 34 ++++++----------- 5 files changed, 42 insertions(+), 69 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index cb99b2a..69e7588 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -261,7 +261,7 @@ in xdg.portal.wlr.enable = false; hardware.bluetooth.enable = true; - hardware.opengl = { + hardware.graphics = { enable = true; extraPackages = with pkgs; [ vaapiVdpau diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index b6b0846..e14add3 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -15,11 +15,8 @@ in }; }; config = mkIf cfg.enable { - nixpkgs.config.allowUnfree = true; - - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport32Bit = true; extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; }; diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 4be4492..47699e1 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -34,7 +34,7 @@ in }; u2f = { control = "sufficient"; - cue = true; + settings.cue = true; }; }; diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index 47c0103..d4a7bb9 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -270,14 +270,10 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { - Destination = "10.3.3.1/24"; - }; + Destination = "10.3.3.1/24"; } { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; + Destination = "fd42:9c3b:f96d:121::1/64"; } ]; }; @@ -294,14 +290,10 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { - Destination = "10.11.0.0/22"; - }; + Destination = "10.11.0.0/22"; } { - routeConfig = { - Destination = "fc00:1337:dead:beef::10.11.0.0/118"; - }; + Destination = "fc00:1337:dead:beef::10.11.0.0/118"; } ]; }; @@ -341,25 +333,21 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; - PersistentKeepalive = 25; - Endpoint = "surgat.dadada.li:51235"; - }; + PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + AllowedIPs = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; + PersistentKeepalive = 25; + Endpoint = "surgat.dadada.li:51235"; } { - wireguardPeerConfig = { - PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; - Endpoint = "192.168.101.1:51235"; - }; + PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; + AllowedIPs = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; + Endpoint = "192.168.101.1:51235"; } ]; }; @@ -373,17 +361,15 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ - "10.11.0.0/22" - "fc00:1337:dead:beef::10.11.0.0/118" - "192.168.178.0/23" - ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - }; + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ + "10.11.0.0/22" + "fc00:1337:dead:beef::10.11.0.0/118" + "192.168.178.0/23" + ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; } ]; }; @@ -443,7 +429,7 @@ in }) ]; - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ smartmontools diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 5cd9596..5ddef7f 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -74,12 +74,10 @@ in "2a01:4f8:c17:1d70::/64" ]; routes = [ - { routeConfig.Gateway = "fe80::1"; } + { Gateway = "fe80::1"; } { - routeConfig = { - Gateway = "172.31.1.1"; - GatewayOnLink = true; - }; + Gateway = "172.31.1.1"; + GatewayOnLink = true; } ]; linkConfig.RequiredForOnline = "routable"; @@ -95,19 +93,13 @@ in linkConfig.RequiredForOnline = "no"; routes = [ { - routeConfig = { - Destination = "10.3.3.3/24"; - }; + Destination = "10.3.3.3/24"; } { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::/64"; - }; + Destination = "fd42:9c3b:f96d:121::/64"; } { - routeConfig = { - Destination = "fd42:9c3b:f96d:101::/64"; - }; + Destination = "fd42:9c3b:f96d:101::/64"; } ]; }; @@ -124,14 +116,12 @@ in }; wireguardPeers = [ { - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - }; + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" + ]; } ]; };