From 123e7088f5aa5d28d7dcc43d4e2282e7022fe4c7 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 18 Jan 2025 00:18:11 +0000 Subject: [PATCH 1/4] alpine: many changes - updates - snapserver - graphana dashboards - loki - ddclient - arr suite, jellyseer - mautrix fixes --- .rgignore | 2 + .sops.yaml | 4 + certs/alpine.prawn-justice.ts.net.crt | 48 ++ certs/alpine.prawn-justice.ts.net.key | 20 + flake.lock | 697 +++++++++++++----- flake.nix | 152 ++-- hardware/alpine.nix | 37 +- hardware/fcs-tristan-nixbook.nix | 20 +- hardware/vm.nix | 2 +- hardware/zenix.nix | 8 +- home/default.nix | 8 +- home/desktop/cosmic/default.nix | 82 +++ home/desktop/hyprland/default.nix | 78 +- home/desktop/utils/swayidle.nix | 2 +- home/desktop/utils/waybar.nix | 2 +- home/modules/aerc/binds.conf | 185 +++++ home/modules/aerc/default.nix | 21 + home/modules/email.nix | 152 +--- home/modules/menu.nix | 3 +- home/programs/git.nix | 28 +- home/programs/graphical.nix | 31 +- home/programs/lf/default.nix | 1 + home/programs/neovim/config.lua | 30 - home/programs/neovim/default.nix | 67 +- home/programs/neovim/lspconfig.lua | 54 -- home/programs/personal/default.nix | 28 +- home/programs/scripts.nix | 16 +- home/programs/tmux.nix | 43 ++ home/programs/vscode.nix | 3 + home/programs/work.nix | 31 +- home/workstation.nix | 5 +- lib/cypress.nix | 14 + lib/emotes.txt | 1 + lib/mkconf.nix | 10 +- lib/nixvim.nix | 279 +++++++ nixos/default.nix | 26 +- nixos/modules/work.nix | 9 + nixos/programs/cosmic.nix | 20 + nixos/programs/gamer.nix | 11 +- nixos/programs/hyprland.nix | 13 + nixos/programs/pipewire.nix | 14 + nixos/services/arr.nix | 70 ++ nixos/services/authentik.nix | 97 +++ nixos/services/grafana.nix | 27 +- nixos/services/jellyfin.nix | 1 + nixos/services/loki.nix | 94 +++ nixos/services/mautrix/signal.nix | 45 +- nixos/services/mautrix/whatsapp.nix | 37 +- nixos/services/monero.nix | 16 + nixos/services/mpd.nix | 20 + nixos/services/nextcloud.nix | 11 +- nixos/services/prometheus.nix | 5 + .../{synapse.nix => synapse/default.nix} | 4 +- nixos/services/synapse/metrics.nix | 25 + nixos/workstation.nix | 62 +- pkgs/mongodb.nix | 34 + pkgs/mpv-skipsilence.nix | 6 +- secrets/secrets.yaml | 60 +- 58 files changed, 2136 insertions(+), 735 deletions(-) create mode 100644 .rgignore create mode 100644 certs/alpine.prawn-justice.ts.net.crt create mode 100644 certs/alpine.prawn-justice.ts.net.key create mode 100644 home/desktop/cosmic/default.nix create mode 100644 home/modules/aerc/binds.conf create mode 100644 home/modules/aerc/default.nix delete mode 100644 home/programs/neovim/config.lua delete mode 100644 home/programs/neovim/lspconfig.lua create mode 100644 home/programs/tmux.nix create mode 100644 lib/cypress.nix create mode 100644 lib/nixvim.nix create mode 100644 nixos/programs/cosmic.nix create mode 100644 nixos/programs/hyprland.nix create mode 100644 nixos/programs/pipewire.nix create mode 100644 nixos/services/arr.nix create mode 100644 nixos/services/authentik.nix create mode 100644 nixos/services/loki.nix create mode 100644 nixos/services/monero.nix rename nixos/services/{synapse.nix => synapse/default.nix} (98%) create mode 100644 nixos/services/synapse/metrics.nix create mode 100644 pkgs/mongodb.nix diff --git a/.rgignore b/.rgignore new file mode 100644 index 0000000..13ba0e2 --- /dev/null +++ b/.rgignore @@ -0,0 +1,2 @@ +lib/words.txt +flake.lock diff --git a/.sops.yaml b/.sops.yaml index 943ea6a..be682be 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,3 +6,7 @@ creation_rules: key_groups: - age: - *alpine + - path_regex: certs/.*.key + key_groups: + - age: + - *alpine diff --git a/certs/alpine.prawn-justice.ts.net.crt b/certs/alpine.prawn-justice.ts.net.crt new file mode 100644 index 0000000..2b780d3 --- /dev/null +++ b/certs/alpine.prawn-justice.ts.net.crt @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDljCCAxygAwIBAgISBBQT2OlSax8juBh/IQex2igaMAoGCCqGSM49BAMDMDIx +CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF +NTAeFw0yNDEwMTMwMTQ4MDFaFw0yNTAxMTEwMTQ4MDBaMCYxJDAiBgNVBAMTG2Fs +cGluZS5wcmF3bi1qdXN0aWNlLnRzLm5ldDBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABNB7TDo//14hkP6lbTpMessnFDWiXCQ55C/+rPRuMK0kxMV9Uj9hVCaq6YI1 +Nxug1DBmQvAVtMNho60wCUR0ocijggIcMIICGDAOBgNVHQ8BAf8EBAMCB4AwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O +BBYEFL+YrMuDYngdndFxmQ8DyIaF5FZuMB8GA1UdIwQYMBaAFJ8rX888IU+dBLft +KyzExnCL0tcNMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U1 +Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5vcmcv +MCYGA1UdEQQfMB2CG2FscGluZS5wcmF3bi1qdXN0aWNlLnRzLm5ldDATBgNVHSAE +DDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AD8XS0/XIkdY +lB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABkoPFMKkAAAQDAEcwRQIhAMB1F+1H +QkW08Lu2AQr8bcYCqg43niOw2EHl9cTqIMngAiBOQz14/mZsA09MjLO4QSgnC8pW +wSHaf791o2N/HPHWiAB1ABNK3xq1mEIJeAxv70x6kaQWtyNJzlhXat+u2qfCq+Ai +AAABkoPFMagAAAQDAEYwRAIgR3BMtNMq8ubpJQanyZ5VPkX7OCIVyjmWD/iQDKHo +VkUCIBXczglskWwyZEwhCv1lNmgCfZmIF32rywaEsKBjQ/2QMAoGCCqGSM49BAMD +A2gAMGUCMQCruWjBoT4D97a/TQACEWs2UZ5ZUm+RmZS7VA4kVm9Q1bFFrftD1FEQ +dB88W+jYPN8CMAervvI7Jb19X+wDktnp958XUodwOhhd0NNvQ4HS/TEUxSDV04Xb +FahrrdXWaqt3nQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw +WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK +a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO +VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw +gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw +i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g +BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C +2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ +bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG +6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV +XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO +koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq +cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI +E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e +K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX +GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL +sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd +VQD9F6Na/+zmXCc= +-----END CERTIFICATE----- diff --git a/certs/alpine.prawn-justice.ts.net.key b/certs/alpine.prawn-justice.ts.net.key new file mode 100644 index 0000000..3b07f1c --- /dev/null +++ b/certs/alpine.prawn-justice.ts.net.key @@ -0,0 +1,20 @@ +{ + "data": "ENC[AES256_GCM,data:8ILElQXr1whCq6/Jvh2+0RN23cKn4Hd6GHd4/1pwfPzp+dzCcKe3gN4LY4NwTNM3fCeW2gX3DWHqXJxGxxjhlpLnFuEu9Q6eVAhjBIAEdUOAaOefQgBsY805hJ2+3oaASO1gTW64M4Rb7twhlJvtzfvl6dy5JuASv/mp3qlpmoIitFe0h1EAi0QkG5y1K7bDrmca7g9PhdelnJeIBAj9vjevtQAtJe3C1G/R3kfCLnPJQAC1BDBt97CXCux8uWgqSjH4ndp6c2cJH9UK87rB/w1+7ihSQGAfEAHNrdXMCSkcC9w=,iv:GiLNz81b7gLQZiX01wXQlYRogXwdyqX7HwOfVLUQHoo=,tag:MC6YZkidZHePXWTiUogJkQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbVI0M0o3TEFObEQ0RVJo\ncFp4djEvTzdndFV0OU5PKyt6WlpRYlowUlZBCkJYZm9JS1VZRGhwQ1c0K1JBVHIy\nelJNd3E1eUlPUDVGdUd3YzJrenFUY3cKLS0tIGhWWUt2TUthR1BncjN4UW9kQ1Vl\nM3JuVkUvZkZoM1ZabXhnRG1lRktrazAKesQXHUogJ0bo34Ibp5JxqaG7OCrbUteh\nrIyWr1bUQruhffOVJo+SQzKtNMwA2XwwU1xJb4YbBUXwe9/4G8KpqQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-10-13T03:10:45Z", + "mac": "ENC[AES256_GCM,data:iY5zcanENCJLwwaK0Gz/HZTAXvwbHDK5AZ7buHVjg22jQlFKlg46abBy1KIBOzurH7Z8i7lLSSF1DFzGbR63NjEWFiv4hJsDuFgvLxFm/GxERl+JnadKaaooYQavkE99J1uiPIr7BCZppC+MdvqG1IqkSeLO737KLniisprKe1g=,iv:VtHXpnZVoTpmLcmSVxvCZSxongAXwelE02OA/5afQ9k=,tag:y2GmUBzg6tspfjZi8TyhuQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.0" + } +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1b04b4f..32ecd43 100644 --- a/flake.lock +++ b/flake.lock @@ -18,39 +18,6 @@ "type": "github" } }, - "base16-alacritty": { - "flake": false, - "locked": { - "lastModified": 1703982197, - "narHash": "sha256-TNxKbwdiUXGi4Z4chT72l3mt3GSvOcz6NZsUH8bQU/k=", - "owner": "aarowill", - "repo": "base16-alacritty", - "rev": "c95c200b3af739708455a03b5d185d3d2d263c6e", - "type": "github" - }, - "original": { - "owner": "aarowill", - "repo": "base16-alacritty", - "type": "github" - } - }, - "base16-alacritty-yaml": { - "flake": false, - "locked": { - "lastModified": 1674275109, - "narHash": "sha256-Adwx9yP70I6mJrjjODOgZJjt4OPPe8gJu7UuBboXO4M=", - "owner": "aarowill", - "repo": "base16-alacritty", - "rev": "63d8ae5dfefe5db825dd4c699d0cdc2fc2c3eaf7", - "type": "github" - }, - "original": { - "owner": "aarowill", - "repo": "base16-alacritty", - "rev": "63d8ae5dfefe5db825dd4c699d0cdc2fc2c3eaf7", - "type": "github" - } - }, "base16-fish": { "flake": false, "locked": { @@ -67,30 +34,14 @@ "type": "github" } }, - "base16-foot": { - "flake": false, - "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", - "owner": "tinted-theming", - "repo": "base16-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-foot", - "type": "github" - } - }, "base16-helix": { "flake": false, "locked": { - "lastModified": 1696727917, - "narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=", + "lastModified": 1725860795, + "narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb", + "rev": "7f795bf75d38e0eea9fed287264067ca187b88a9", "type": "github" }, "original": { @@ -99,55 +50,74 @@ "type": "github" } }, - "base16-kitty": { - "flake": false, - "locked": { - "lastModified": 1665001328, - "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", - "owner": "kdrag0n", - "repo": "base16-kitty", - "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", - "type": "github" - }, - "original": { - "owner": "kdrag0n", - "repo": "base16-kitty", - "type": "github" - } - }, - "base16-tmux": { - "flake": false, - "locked": { - "lastModified": 1696725902, - "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", - "owner": "tinted-theming", - "repo": "base16-tmux", - "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-tmux", - "type": "github" - } - }, "base16-vim": { "flake": false, "locked": { - "lastModified": 1663659192, - "narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=", - "owner": "chriskempson", + "lastModified": 1716150083, + "narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=", + "owner": "tinted-theming", "repo": "base16-vim", - "rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d", + "rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d", "type": "github" }, "original": { - "owner": "chriskempson", + "owner": "tinted-theming", "repo": "base16-vim", "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722113426, + "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", + "owner": "numtide", + "repo": "devshell", + "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1673956053, @@ -163,6 +133,66 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": [ + "stylix", + "systems" + ] + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -179,19 +209,71 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "nixvim", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726745158, + "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gnome-shell": { "flake": false, "locked": { - "lastModified": 1698794309, - "narHash": "sha256-/TIkZ8y5Wv3QHLFp79Poao9fINurKs5pa4z0CRe+F8s=", + "lastModified": 1713702291, + "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "a7c169c6c29cf02a4c392fa0acbbc5f5072823e7", + "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", "type": "github" }, "original": { "owner": "GNOME", - "ref": "45.1", + "ref": "46.1", "repo": "gnome-shell", "type": "github" } @@ -203,11 +285,11 @@ ] }, "locked": { - "lastModified": 1713166971, - "narHash": "sha256-t0P/rKlsE5l1O3O2LYtAelLzp7PeoPCSzsIietQ1hSM=", + "lastModified": 1727346017, + "narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=", "owner": "nix-community", "repo": "home-manager", - "rev": "1c43dcfac48a2d622797f7ab741670fdbcf8f609", + "rev": "c124568e1054a62c20fbe036155cc99237633327", "type": "github" }, "original": { @@ -217,19 +299,38 @@ "type": "github" } }, + "home-manager-cosmic": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1728250817, + "narHash": "sha256-OVHpUlNxHpQUe2Waav/MR+Z7fm6ft/w8SxWlvXv+AdU=", + "owner": "tristanbeedell", + "repo": "home-manager", + "rev": "ce770a3e442b2105852a6f5f79f3645b4c64505c", + "type": "github" + }, + "original": { + "owner": "tristanbeedell", + "ref": "cosmic", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ - "stylix", + "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1706001011, - "narHash": "sha256-J7Bs9LHdZubgNHZ6+eE/7C18lZ1P6S5/zdJSdXFItI4=", + "lastModified": 1726985855, + "narHash": "sha256-NJPGK030Y3qETpWBhj9oobDQRbXdXOPxtu+YgGvZ84o=", "owner": "nix-community", "repo": "home-manager", - "rev": "3df2a80f3f85f91ea06e5e91071fa74ba92e5084", + "rev": "04213d1ce4221f5d9b40bcee30706ce9a91d148d", "type": "github" }, "original": { @@ -238,13 +339,126 @@ "type": "github" } }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727003835, + "narHash": "sha256-Cfllbt/ADfO8oxbT984MhPHR6FJBaglsr1SxtDGbpec=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nixos-cosmic": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1727314564, + "narHash": "sha256-UE98O6EQYUiDp7rypkBfJG0XSz0c5FxkslyP+7Gskt8=", + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "rev": "f2aa34f521da1d6335301fc1b58dde8ed779d632", + "type": "github" + }, + "original": { + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "lastModified": 1722185531, + "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1727129439, + "narHash": "sha256-nPyrcFm6FSk7CxzVW4x2hu62aLDghNcv9dX6DF3dXw8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "babc25a577c3310cce57c72d5bed70f4c3c3843a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1727122398, + "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093", "type": "github" }, "original": { @@ -253,45 +467,13 @@ "type": "indirect" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1713042715, - "narHash": "sha256-RifMwYuKu5v6x6O65msKDTqKkQ9crGwOB7yr20qMEuE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c27f3b6d8e29346af16eecc0e9d54b1071eae27e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1712883908, - "narHash": "sha256-icE1IJE9fHcbDfJ0+qWoDdcBXUoZCcIJxME4lMHwvSM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_3": { "locked": { - "lastModified": 1700856099, - "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -301,26 +483,115 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1725194671, + "narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "home-manager": "home-manager_2", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1727328717, + "narHash": "sha256-tGEVv5mFs38m6+60fNKlZn/6ucoOotfwn9FikXiYSlk=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "2ab8751b8be55accb78ca0ca58f1f4ff387001d7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726995581, + "narHash": "sha256-lgsE/CTkZk9OIiFGEIrxXZQ7Feiv41dqlN7pEfTdgew=", + "owner": "NuschtOS", + "repo": "search", + "rev": "3b7dd61b365ca45380707453758a45f2e9977be3", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "home-manager-cosmic": "home-manager-cosmic", + "nixos-cosmic": "nixos-cosmic", + "nixpkgs": "nixpkgs_2", + "nixvim": "nixvim", "sops-nix": "sops-nix", - "stable-nixpkgs": "stable-nixpkgs", "stylix": "stylix" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixos-cosmic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727231386, + "narHash": "sha256-XLloPtQHKk/Tdt8t8zIb+JhmunlH3YB9Jz8RTlQ3N/4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "b5f76c3b09a8194889f5328a480fbea1a9115518", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1713174909, - "narHash": "sha256-APoDs2GtzVrsE+Z9w72qpHzEtEDfuinWcNTN7zhwLxg=", + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cc535d07cbcdd562bcca418e475c7b1959cefa4b", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", "type": "github" }, "original": { @@ -329,43 +600,28 @@ "type": "github" } }, - "stable-nixpkgs": { - "locked": { - "lastModified": 1713013257, - "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.11", - "type": "indirect" - } - }, "stylix": { "inputs": { "base16": "base16", - "base16-alacritty": "base16-alacritty", - "base16-alacritty-yaml": "base16-alacritty-yaml", "base16-fish": "base16-fish", - "base16-foot": "base16-foot", "base16-helix": "base16-helix", - "base16-kitty": "base16-kitty", - "base16-tmux": "base16-tmux", "base16-vim": "base16-vim", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_2", "gnome-shell": "gnome-shell", - "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_3" + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_4", + "systems": "systems_2", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1713025302, - "narHash": "sha256-za4w2wYt1fg9EdTv5fYLwEqAyHgPmPq88HmlxirXuEk=", + "lastModified": 1727355527, + "narHash": "sha256-qFSPHeImI00fBzGTA94D66HMD+fJDkuz04WHp2Sg8eA=", "owner": "danth", "repo": "stylix", - "rev": "83866ed8800ed39519a79ea30b18c8eb21f26080", + "rev": "993fcabd83d1e0ee5ea038b87041593cc73c1ebe", "type": "github" }, "original": { @@ -373,6 +629,105 @@ "repo": "stylix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1696725948, + "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1665001328, + "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1696725902, + "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726734507, + "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 086c84d..8ebc2f4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,22 +1,25 @@ { description = "A flake using my config"; - inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; - stable-nixpkgs.url = "nixpkgs/nixos-23.11"; home-manager = { url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + home-manager-cosmic.url = "github:tristanbeedell/home-manager/cosmic"; stylix.url = "github:danth/stylix"; - # hyprland = { - # url = "github:hyprwm/Hyprland/v0.36.0"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; sops-nix.url = "github:Mic92/sops-nix"; + nixos-cosmic = { + url = "github:lilyinstarlight/nixos-cosmic"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = inputs: let + outputs = {nixvim, ...} @ inputs: let system = "x86_64-linux"; pkgs = import inputs.nixpkgs {inherit system;}; user = "tristan"; @@ -27,51 +30,57 @@ in { formatter.${system} = pkgs.alejandra; nixosConfigurations = { - zenix = - mkConf [ + zenix = mkConf { + nixos-modules = [ ./hardware/zenix.nix - (auto-login "Hyprland") + ./nixos/programs/cosmic.nix ./nixos/programs/gamer.nix ./nixos/programs/personal.nix ./nixos/workstation.nix - ] [ - ./home/workstation.nix - ./home/desktop/hyprland/. + ]; + home-modules = [ ./home/programs/graphical.nix ./home/programs/gamer.nix ./home/programs/personal/. - ./home/programs/xr.nix ]; + }; - FCS-Tristan-Nixbook = - mkConf [ - # inputs.hyprland.nixosModules.default + FCS-Tristan-Nixbook = mkConf { + nixos-modules = [ ./hardware/fcs-tristan-nixbook.nix - (auto-login "Hyprland") - ./nixos/modules/work.nix + # (auto-login "Hyprland") + # ./nixos/programs/hyprland.nix ./nixos/workstation.nix - ] [ - ./home/workstation.nix - ./home/desktop/hyprland/. + ./nixos/modules/work.nix + ./nixos/programs/cosmic.nix + ]; + home-modules = [ ./home/programs/work.nix ./home/programs/graphical.nix ]; + }; - alpine = mkConf [ - ./hardware/alpine.nix - ./nixos/services/anki.nix - ./nixos/services/forgejo.nix - ./nixos/services/vaultwarden.nix - ./nixos/services/jellyfin.nix - ./nixos/services/mpd.nix - ./nixos/services/prometheus.nix - ./nixos/services/grafana.nix - ./nixos/services/synapse.nix - ./nixos/services/mautrix/whatsapp.nix - ./nixos/services/mautrix/signal.nix - ./nixos/services/nextcloud.nix - ./nixos/services/ntfy.nix - ] []; + alpine = mkConf { + nixos-modules = [ + ./hardware/alpine.nix + ./nixos/services/anki.nix + ./nixos/services/forgejo.nix + ./nixos/services/vaultwarden.nix + ./nixos/services/jellyfin.nix + ./nixos/services/mpd.nix + ./nixos/services/prometheus.nix + ./nixos/services/grafana.nix + ./nixos/services/loki.nix + ./nixos/services/synapse/. + ./nixos/services/mautrix/whatsapp.nix + ./nixos/services/mautrix/signal.nix + ./nixos/services/nextcloud.nix + ./nixos/services/ntfy.nix + ./nixos/services/authentik.nix + ./nixos/services/monero.nix + ./nixos/services/arr.nix + ]; + }; vm-sway = builtins.trace '' @@ -81,14 +90,30 @@ start the vm with '-vga qxl' or '-vga virtio' '' mkConf - [ - ./hardware/vm.nix - (auto-login "sway") - ./nixos/workstation.nix - ] [ - ./home/desktop/sway/. - ./home/workstation.nix - ]; + { + nixos-modules = [ + ./hardware/vm.nix + (auto-login "sway") + ./nixos/workstation.nix + ]; + home-modules = [ + ./home/desktop/sway/. + ./home/workstation.nix + ]; + }; + + vm-cosmic = + mkConf + { + nixos-modules = [ + ./hardware/vm.nix + ./nixos/workstation.nix + ./nixos/programs/cosmic.nix + ]; + home-modules = [ + ./home/workstation.nix + ]; + }; vm-hyprland = builtins.trace '' @@ -100,18 +125,33 @@ start with '-vga virtio' '' mkConf - [ - ./hardware/vm.nix - (auto-login "Hyprland") - ./nixos/workstation.nix - ] [ - ./home/desktop/hyprland/. - ./home/workstation.nix - ]; + { + nixos-modules = [ + ./hardware/vm.nix + (auto-login "Hyprland") + ./nixos/programs/hyprland.nix + ]; + }; - vm-tty = mkConf [ - ./hardware/vm.nix - ] []; + vm-tty = + mkConf + { + nixos-modules = [ + ./hardware/vm.nix + ]; + }; + }; + + packages.${system} = { + nixvim = let + nixvim' = nixvim.legacyPackages.${system}; + nixvimModule = { + inherit pkgs; + module = import ./lib/nixvim.nix; + }; + nvim = nixvim'.makeNixvimWithModule nixvimModule; + in + nvim; }; }; } diff --git a/hardware/alpine.nix b/hardware/alpine.nix index 29a68ee..4938eca 100644 --- a/hardware/alpine.nix +++ b/hardware/alpine.nix @@ -59,13 +59,11 @@ in { fsType = "fuse.mergerfs"; depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"]; options = [ - "direct_io" - "use_ino" - "allow_other" "minfreespace=50G" "fsname=mergerfs" "category.create=mfs" - "func.mkdir=epall" + "cache.files=auto-all" + "dropcacheonclose=true" ]; }; @@ -113,9 +111,13 @@ in { ]; }; + virtualisation.oci-containers.backend = "podman"; + virtualisation = { podman = { enable = true; + autoPrune.enable = true; + defaultNetwork.settings.dns_enabled = true; }; }; @@ -136,18 +138,11 @@ in { globalRedirect = "tristans.cloud"; }; "tristans.cloud" = { + default = true; forceSSL = true; enableACME = true; root = "/srv/www/tristans.cloud"; }; - "auth.tristans.cloud" = { - forceSSL = true; - enableACME = true; - locations."~" = { - proxyPass = "http://localhost:8084"; - proxyWebsockets = true; - }; - }; }; }; security.acme = { @@ -155,14 +150,15 @@ in { defaults.email = "tristan@tristans.cloud"; }; + sops.secrets."namecheap" = {}; services.ddclient = { - # enable = true; - protocol = "duckdns"; - use = "if, if=enp4s0"; - ssl = true; - username = ""; - passwordFile = "/home/tristan/duckdnstoken"; - domains = ["tlbean"]; + enable = true; + protocol = "namecheap"; + usev4 = "webv4, webv4=ipify-ipv4"; + usev6 = ""; + username = "tristans.cloud"; + passwordFile = config.sops.secrets."namecheap".path; + domains = ["@" "*"]; }; services.mpd = { @@ -172,4 +168,7 @@ in { services.grafana.settings.server = { http_port = 3001; # forgejo and grafana default to 3000 }; + + systemd.services.NetworkManager-wait-online.enable = false; + } diff --git a/hardware/fcs-tristan-nixbook.nix b/hardware/fcs-tristan-nixbook.nix index a6f26f9..a3370d4 100644 --- a/hardware/fcs-tristan-nixbook.nix +++ b/hardware/fcs-tristan-nixbook.nix @@ -23,14 +23,17 @@ in { options = ["subvol=@" "compress=zstd" "autodefrag"]; }; - boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt { - keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0"; - keypartname = "usbkey"; - }); + boot.initrd.luks.devices."usbkey" = { + device = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0"; + }; boot.initrd.luks.devices."cryptroot" = { device = "/dev/disk/by-uuid/570cc51f-bd5c-4bee-a18f-f6aabaf60881"; keyFileSize = 4096; + preOpenCommands = '' + mkdir -m 0755 -p /key + mount -n -t vfat -o ro /dev/mapper/usbkey /key + ''; keyFile = "/key/keyfile"; preLVM = false; }; @@ -54,6 +57,11 @@ in { swapDevices = [{device = "/swap/swapfile";}]; + boot.plymouth.enable = true; + boot.initrd.verbose = false; + boot.consoleLogLevel = 1; + boot.kernelParams = ["quiet" "udev.log_level=3"]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction @@ -66,7 +74,7 @@ in { powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.opengl = { + hardware.graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD @@ -102,6 +110,4 @@ in { }; } ]; - - services.tlp.enable = true; } diff --git a/hardware/vm.nix b/hardware/vm.nix index f71fc8c..878ef4e 100644 --- a/hardware/vm.nix +++ b/hardware/vm.nix @@ -1,7 +1,7 @@ {config, ...}: let user = config.user; in { - hardware.opengl.enable = true; + hardware.graphics.enable = true; boot.kernelModules = ["kvm-amd" "qxl" "bochs_drm"]; system.stateVersion = "24.05"; diff --git a/hardware/zenix.nix b/hardware/zenix.nix index 0e439f4..3a3cd19 100644 --- a/hardware/zenix.nix +++ b/hardware/zenix.nix @@ -17,7 +17,6 @@ in { boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"]; boot.kernelModules = ["kvm-amd"]; - boot.kernelPackages = pkgs.linuxPackages_xanmod_latest; boot.extraModulePackages = []; fileSystems."/" = { @@ -26,6 +25,13 @@ in { options = ["subvol=@" "compress=zstd" "autodefrag"]; }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/nix"; + fsType = "f2fs"; + neededForBoot = true; + options = ["noatime"]; + }; + boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt { keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0"; keypartname = "usbkey"; diff --git a/home/default.nix b/home/default.nix index 2f4091e..6d7549f 100644 --- a/home/default.nix +++ b/home/default.nix @@ -10,6 +10,7 @@ ./programs/git.nix ./programs/lf/. ./programs/zsh.nix + ./programs/tmux.nix ]; programs.home-manager.enable = true; @@ -34,12 +35,15 @@ htop libsixel yt-dlp - ytfzf - neofetch + fastfetch tree ansible + ytfzf + lazygit ]; + programs.zoxide.enable = true; + programs.rbw = { enable = true; settings = { diff --git a/home/desktop/cosmic/default.nix b/home/desktop/cosmic/default.nix new file mode 100644 index 0000000..6a12893 --- /dev/null +++ b/home/desktop/cosmic/default.nix @@ -0,0 +1,82 @@ +{ + pkgs, + config, + ... +}: let + inherit (config.lib.cosmic) Actions; +in { + programs.cosmic = { + enable = true; + input.asDefaults = true; + input.binds = { + # Navigation + Super. "h" = Actions.Focus "Left"; + Super. "l" = Actions.Focus "Right"; + Super. "j" = Actions.Focus "Down"; + Super. "k" = Actions.Focus "Up"; + Super.Shift. "h" = Actions.Move "Left"; + Super.Shift. "l" = Actions.Move "Right"; + Super.Shift. "j" = Actions.Move "Down"; + Super.Shift. "k" = Actions.Move "Up"; + Super. "1" = Actions.Workspace 1; + Super. "2" = Actions.Workspace 2; + Super. "3" = Actions.Workspace 3; + Super. "4" = Actions.Workspace 4; + Super. "5" = Actions.Workspace 5; + Super.Shift. "1" = Actions.MoveToWorkspace 1; + Super.Shift. "2" = Actions.MoveToWorkspace 2; + Super.Shift. "3" = Actions.MoveToWorkspace 3; + Super.Shift. "4" = Actions.MoveToWorkspace 4; + Super.Shift. "5" = Actions.MoveToWorkspace 5; + Super. "Space" = Actions.ToggleWindowFloating; + Super. "f" = Actions.Maximize; + Super. "m" = Actions.Minimize; + Super.Shift. "x" = Actions.Close; + Super.Shift. "v" = Actions.ToggleStacking; + Super.Shift. "y" = Actions.ToggleSticky; + # System + Super. "d" = Actions.Spawn config.programs.menu.drunCommand; + Super. "Return" = Actions.Spawn pkgs.alacritty; + Super. "o" = Actions.System "HomeFolder"; + Super.Shift. "s" = Actions.System "Screenshot"; + }; + background = { + displays = { + all = { + source = ../../../images/nier2.jpg; + }; + }; + }; + panels = { + "Bar" = { + applets = { + start = [ + "com.system76.CosmicAppletWorkspaces" + ]; + center = []; + end = [ + "com.system76.CosmicAppletTime" + "com.system76.CosmicAppletTiling" + "com.system76.CosmicAppletAudio" + "com.system76.CosmicAppletNotifications" + "com.system76.CosmicAppletMinimize" + "com.system76.CosmicAppletPower" + ]; + }; + options = { + size = "XS"; + border_radius = 0; + }; + }; + }; + settings = { + "com.system76.CosmicComp".options = { + autotile = true; + active_hint = true; + focus_follows_cursor = true; + focus_follows_cursor_delay = 0; + cursor_follows_focus = true; + }; + }; + }; +} diff --git a/home/desktop/hyprland/default.nix b/home/desktop/hyprland/default.nix index 9402090..33fb7a2 100644 --- a/home/desktop/hyprland/default.nix +++ b/home/desktop/hyprland/default.nix @@ -6,24 +6,91 @@ }: let modifier = config.windowManager.modifierKey; menu = config.programs.menu.dmenuCommand; + lock_cmd = "${config.programs.hyprlock.package}/bin/hyprlock"; + color = { + inherit (config.lib.stylix.colors) yellow red; + bg = config.lib.stylix.colors.base00; + fg = config.lib.stylix.colors.base07; + text = config.lib.stylix.colors.base05; + }; + rgb = color: "rgb(${color})"; in { imports = [ - (import ../utils/swaylock.nix) - (import ../utils/swayidle.nix) (import ../utils/waybar.nix) (import ../utils/display.nix) + ../../workstation.nix ]; xdg.portal = { enable = true; configPackages = [pkgs.hyprland]; - extraPortals = [pkgs.xdg-desktop-portal-hyprland pkgs.xdg-desktop-portal-gtk]; + extraPortals = [pkgs.xdg-desktop-portal-gtk]; + }; + + services.hypridle = { + enable = true; + settings = { + general = { + before_sleep_cmd = "rbw lock"; + after_sleep_cmd = "hyprctl dispatch dpms on"; + ignore_dbus_inhibit = false; + lock_cmd = "pidof ${lock_cmd} || ${lock_cmd}"; + }; + + listener = [ + { + timeout = 300; + on-timeout = "loginctl lock-session"; + } + { + timeout = 1200; + on-timeout = "hyprctl dispatch dpms off"; + on-resume = "hyprctl dispatch dpms on"; + } + ]; + }; + }; + + programs.hyprlock = { + enable = true; + settings = { + # https://wiki.hyprland.org/Hypr-Ecosystem/hyprlock/ + general = { + hide_cursor = true; + grace = 10; + ignore_empty_input = true; + }; + + background = [ + { + path = "screenshot"; + blur_passes = 3; + blur_size = 8; + } + ]; + + input-field = [ + { + dots_center = true; + fade_on_empty = true; + outline_thickness = 5; + shadow_passes = 2; + inner_color = rgb color.bg; + outer_color = rgb color.fg; + font_color = rgb color.text; + fail_color = rgb color.red; + check_color = rgb color.yellow; + } + ]; + }; }; wayland.windowManager.hyprland = { enable = true; - systemd.enable = true; + systemd = { + enable = true; + variables = ["--all"]; + }; settings = { - exec-once = ["${pkgs.swaybg}/bin/swaybg -i ${config.stylix.image} -m fill"]; input = { touchpad = { natural_scroll = true; @@ -35,7 +102,6 @@ in { }; gestures = { workspace_swipe = true; - workspace_swipe_numbered = false; }; decoration = { rounding = 0; diff --git a/home/desktop/utils/swayidle.nix b/home/desktop/utils/swayidle.nix index ee99499..f9d2bd4 100644 --- a/home/desktop/utils/swayidle.nix +++ b/home/desktop/utils/swayidle.nix @@ -15,7 +15,7 @@ timeouts = [ { timeout = 300; - command = "${pkgs.swaylock-effects}/bin/swaylock -f"; + command = "loginctl lock-session"; } { timeout = 600; diff --git a/home/desktop/utils/waybar.nix b/home/desktop/utils/waybar.nix index 97fa670..f03354f 100644 --- a/home/desktop/utils/waybar.nix +++ b/home/desktop/utils/waybar.nix @@ -4,7 +4,7 @@ systemd.enable = true; settings = { mainBar = { - layer = "top"; + layer = "bottom"; position = "top"; height = 36; modules-right = ["mpris" "idle_inhibitor" "pulseaudio" "clock" "tray" "battery"]; diff --git a/home/modules/aerc/binds.conf b/home/modules/aerc/binds.conf new file mode 100644 index 0000000..8b4c057 --- /dev/null +++ b/home/modules/aerc/binds.conf @@ -0,0 +1,185 @@ +# Binds are of the form = +# To use '=' in a key sequence, substitute it with "Eq": "" +# If you wish to bind #, you can wrap the key sequence in quotes: "#" = quit + = :prev-tab + = :prev-tab + = :next-tab + = :next-tab +\[t = :prev-tab +\]t = :next-tab + = :term +? = :help keys + = :prompt 'Quit?' quit + = :prompt 'Quit?' quit + = :suspend + +[messages] +o = :term mbsync -a +q = :prompt 'Quit?' quit + +j = :next + = :next + = :next 50% + = :next 100% + = :next 100% + +k = :prev + = :prev + = :prev 50% + = :prev 100% + = :prev 100% +g = :select 0 +G = :select -1 + +J = :next-folder + = :next-folder +K = :prev-folder + = :prev-folder +H = :collapse-folder + = :collapse-folder +L = :expand-folder + = :expand-folder + +v = :mark -t + = :mark -t:next +V = :mark -v + +T = :toggle-threads +zc = :fold +zo = :unfold +za = :fold -t +zM = :fold -a +zR = :unfold -a + = :fold -t + +zz = :align center +zt = :align top +zb = :align bottom + + = :view +d = :choose -o y 'Really delete this message' delete-message +D = :delete +a = :archive flat +A = :unmark -a:mark -T:archive flat + +C = :compose +m = :compose + +b = :bounce + +rr = :reply -a +rq = :reply -aq +Rr = :reply +Rq = :reply -q + +c = :cf +$ = :term +! = :term +| = :pipe + +/ = :search +\ = :filter +n = :next-result +N = :prev-result + = :clear + +s = :split +S = :vsplit + +pl = :patch list +pa = :patch apply +pd = :patch drop +pb = :patch rebase +pt = :patch term +ps = :patch switch + +[messages:folder=Drafts] + = :recall + +[view] +/ = :toggle-key-passthrough/ +q = :close +O = :open +o = :open +S = :save +| = :pipe +D = :delete +A = :archive flat + + = :open-link + +f = :forward +rr = :reply -a +rq = :reply -aq +Rr = :reply +Rq = :reply -q + +H = :toggle-headers + = :prev-part + = :prev-part + = :next-part + = :next-part +J = :next + = :next +K = :prev + = :prev + +[view::passthrough] +$noinherit = true +$ex = + = :toggle-key-passthrough + +[compose] +# Keybindings used when the embedded terminal is not selected in the compose +# view +$noinherit = true +$ex = +$complete = + = :prev-field + = :prev-field + = :next-field + = :next-field + = :switch-account -p + = :switch-account -p + = :switch-account -n + = :switch-account -n + = :next-field + = :prev-field + = :prev-tab + = :prev-tab + = :next-tab + = :next-tab + +[compose::editor] +# Keybindings used when the embedded terminal is selected in the compose view +$noinherit = true +$ex = + = :prev-field + = :prev-field + = :next-field + = :next-field + = :prev-tab + = :prev-tab + = :next-tab + = :next-tab + +[compose::review] +# Keybindings used when reviewing a message to be sent +# Inline comments are used as descriptions on the review screen +y = :send # Send +n = :abort # Abort (discard message, no confirmation) +v = :preview # Preview message +p = :postpone # Postpone +q = :choose -o d discard abort -o p postpone postpone # Abort or postpone +e = :edit # Edit +a = :attach # Add attachment +d = :detach # Remove attachment + +[terminal] +$noinherit = true +$ex = + + = :prev-tab + = :next-tab + = :prev-tab + = :next-tab diff --git a/home/modules/aerc/default.nix b/home/modules/aerc/default.nix new file mode 100644 index 0000000..83ad896 --- /dev/null +++ b/home/modules/aerc/default.nix @@ -0,0 +1,21 @@ +{ + programs.aerc = { + extraBinds = builtins.readFile ./binds.conf; # default binds + extraConfig = { + general = { + pgp-provider = "gpg"; + unsafe-accounts-conf = true; + }; + ui = {}; + viewer = {}; + filters = { + "text/plain" = "colorize"; + "text/calendar" = "calendar"; + "message/delivery-status" = "colorize"; + "message/rfc822" = "colorize"; + "image/*" = "img2sixel"; + "text/html" = "html | colorize"; + }; + }; + }; +} diff --git a/home/modules/email.nix b/home/modules/email.nix index a4fc403..6b491c5 100644 --- a/home/modules/email.nix +++ b/home/modules/email.nix @@ -21,6 +21,8 @@ in { }; }; + imports = [./aerc/.]; + config = lib.mkIf cfg.enable { programs.scripts = [ { @@ -73,156 +75,6 @@ in { programs.aerc = { enable = cfg.terminal; - extraBinds = '' - # Binds are of the form = - # To use '=' in a key sequence, substitute it with "Eq": "" - # If you wish to bind #, you can wrap the key sequence in quotes: "#" = quit - = :prev-tab - = :next-tab - = :term - - [messages] - Q = :quit - - T = :toggle-threads - - j = :next - = :next - = :next 50% - = :next 100% - = :next -s 100% - - k = :prev - = :prev - = :prev 50% - = :prev - = :prev -s 100% - gg = :select 0 - G = :select -1 - - J = :next-folder - K = :prev-folder - - v = :mark -t - V = :mark -v - - f = :flag - F = :unflag - - t = :toggle-threads - - = :view - D = :mv Trash - - C = :compose - - Rr = :reply - Rq = :reply -q - rr = :reply -a - rq = :reply -aq - rt = :unflag:reply -a -Tthanks - Rt = :unflag:reply -qa -Tquoted_thanks - - a = :mv Archive - - c = :cf - $ = :term - ! = :term - | = :pipe - - ga = :flag:pipe -mb git am -3 - gp = :term git push - gl = :term git log - - / = :search - \ = :filter - n = :next-result - N = :prev-result - - o = :term mbsync -a - q = :quit - - [view] - / = :toggle-key-passthrough/ - q = :close - | = :pipe -m - S = :save - H = :toggle-headers - D = :mv Trash - = :prev-part - = :next-part - J = :next - K = :prev - - f = :forward - Rr = :reply - Rq = :reply -q - rr = :reply -a - rq = :reply -aq - rt = :reply -Tthanks - - ga = :pipe -b git am -3 - gp = :term git push - gl = :term git log - - [view::passthrough] - $noinherit = true - $ex = - = :toggle-key-passthrough - - [compose] - $ex = - = :prev-field - = :next-field - = :next-field - - [compose::editor] - # Keybindings used when the embedded terminal is selected in the compose view - $noinherit = true - $ex = - = :term - = :prev-field - = :next-field - = :prev-tab - = :next-tab - - [compose::review] - # Keybindings used when reviewing a message to be sent - y = :send - n = :abort - e = :edit - a = :attach - c = :encrypt - s = :sign - V = :header -f X-Sourcehut-Patchset-Update NEEDS_REVISION - A = :header -f X-Sourcehut-Patchset-Update APPLIED - R = :header -f X-Sourcehut-Patchset-Update REJECTED - - [terminal] - $noinherit = true - $ex = - - = :term - = :prev-tab - = :next-tab - ''; - - extraConfig = { - general = { - pgp-provider = "gpg"; - unsafe-accounts-conf = true; - }; - ui = {}; - viewer = {}; - filters = { - "text/plain" = "colorize"; - "text/calendar" = "calendar"; - "message/delivery-status" = "colorize"; - "message/rfc822" = "colorize"; - "image/*" = "img2sixel"; - "text/html" = "html | colorize"; - }; - }; }; }; } diff --git a/home/modules/menu.nix b/home/modules/menu.nix index 3e7943b..ea30348 100644 --- a/home/modules/menu.nix +++ b/home/modules/menu.nix @@ -8,8 +8,9 @@ terminal = config.programs.terminal; termcmd = "${terminal}/bin/${terminal.pname}"; menucmd = config.programs.menu.drunCommand; + inherit (lib) mkPackageOption mkOption; in { - options.programs = with lib; { + options.programs = { menu = { package = mkPackageOption pkgs "wofi" { example = "pkgs.dmenu-wayland"; diff --git a/home/programs/git.nix b/home/programs/git.nix index ff6e6d2..e7cd7aa 100644 --- a/home/programs/git.nix +++ b/home/programs/git.nix @@ -1,4 +1,4 @@ -{ +{pkgs, ...}: { programs.git = { enable = true; aliases = { @@ -6,6 +6,32 @@ amend = "commit --amend --no-edit"; sdiff = "diff --staged"; t = "tag --annotate"; + bclone = "!sh ${pkgs.writeShellScriptBin "bare-clone" '' + url=$1 + basename=''${url##*/} + if [[ $2 == -* ]] + then + opts=''${@:2} + name=''${basename%.*} + else + opts=''${@:3} + name=''${2:-''${basename%.*}} + fi + + mkdir "$name" + + git clone --bare "$url" "$name/.bare" $opts || { + rm -r "$name" + exit 1 + } + + cd "$name" + echo "gitdir: ./.bare" > .git + + git config remote.origin.fetch "+refs/heads/*:refs/remotes/origin/*" + + git fetch origin $opts + ''}/bin/bare-clone"; }; delta = { enable = true; diff --git a/home/programs/graphical.nix b/home/programs/graphical.nix index ccddb6a..6c5050f 100644 --- a/home/programs/graphical.nix +++ b/home/programs/graphical.nix @@ -1,10 +1,5 @@ -{ - pkgs, - lib, - ... -}: { +{pkgs, ...}: { imports = [ - ./qutebrowser.nix ./pcmanfm.nix ./mpv.nix ./vscode.nix @@ -18,13 +13,11 @@ helvum # tools - obs-studio inkscape libsForQt5.okular gimp libreoffice - dbeaver - insomnia + dbeaver-bin drawio # entertainment @@ -32,13 +25,16 @@ shortwave # other - element-desktop + element-desktop-wayland brave - vieb bitwarden - logseq ]; + programs.obs-studio = { + enable = true; + plugins = [pkgs.obs-studio-plugins.wlrobs]; + }; + xdg.mimeApps.defaultApplications = { "application/pdf" = "sioyek.desktop"; }; @@ -48,21 +44,10 @@ gtk = { enable = true; - iconTheme = { - name = "Vimix-Doder"; - package = pkgs.vimix-icon-theme; - }; - cursorTheme = { - name = "Vanilla-DMZ"; - package = pkgs.vanilla-dmz; - size = 24; - }; gtk3.bookmarks = [ "file:///home/tristan/Documents" "file:///home/tristan/Pictures/Screenshots" "file:///home/tristan/Downloads" ]; }; - - programs.librewolf.enable = true; } diff --git a/home/programs/lf/default.nix b/home/programs/lf/default.nix index d63dc3b..a0b3a17 100644 --- a/home/programs/lf/default.nix +++ b/home/programs/lf/default.nix @@ -37,6 +37,7 @@ in { R = "drag"; "" = ":rename"; "" = "open-with"; + "" = ":reload"; }; programs.lf.extraConfig = '' set sixel true diff --git a/home/programs/neovim/config.lua b/home/programs/neovim/config.lua deleted file mode 100644 index 68fc1f4..0000000 --- a/home/programs/neovim/config.lua +++ /dev/null @@ -1,30 +0,0 @@ -vim.g.mapleader = ' ' -vim.g.maplocalleader = ' ' -vim.o.relativenumber = true -vim.o.number = true -vim.o.signcolumn = 'yes' -vim.o.tabstop = 2 -vim.o.shiftwidth = 2 -vim.o.expandtab = true -vim.o.smartindent = true -vim.o.scrolloff = 4 -vim.o.undofile = true -vim.o.undodir = vim.fn.expand("$HOME/.local/share/nvim/undo") - -vim.keymap.set("v", "J", ":m '>+1gv=gv") -vim.keymap.set("v", "K", ":m '<-2gv=gv") - -vim.keymap.set("x", "p", "\"_dP") - -vim.keymap.set("n", "y", "\"+y") -vim.keymap.set("v", "y", "\"+y") - --- Global mappings. --- See `:help vim.diagnostic.*` for documentation on any of the below functions -vim.keymap.set('n', 'e', vim.diagnostic.open_float) -vim.keymap.set('n', '[d', vim.diagnostic.goto_prev) -vim.keymap.set('n', ']d', vim.diagnostic.goto_next) -vim.keymap.set('n', 'q', vim.diagnostic.setloclist) - -vim.keymap.set('v', '', '"+y') -vim.keymap.set('i', '', '"+p') diff --git a/home/programs/neovim/default.nix b/home/programs/neovim/default.nix index fc4d219..5508be3 100644 --- a/home/programs/neovim/default.nix +++ b/home/programs/neovim/default.nix @@ -1,61 +1,20 @@ -{pkgs, ...}: { - programs.neovim = { - enable = true; - defaultEditor = true; - extraLuaConfig = '' - ${builtins.readFile ./config.lua} - ''; - extraPackages = with pkgs; [ - nodePackages_latest.typescript-language-server - vscode-langservers-extracted - gopls - nil - rust-analyzer - ]; - plugins = with pkgs.vimPlugins; [ - { - plugin = nvim-surround; - type = "lua"; - config = '' - require("nvim-surround").setup() - ''; - } - { - plugin = comment-nvim; - type = "lua"; - config = '' - require("Comment").setup() - ''; - } - { - plugin = vimwiki; - config = '' - let g:vimwiki_list = [{'path': '~/Documents/vimwiki/', 'syntax': 'markdown', 'ext': '.md'}] - ''; - } - { - plugin = telescope-nvim; - type = "lua"; - config = '' - local builtin = require('telescope.builtin') - vim.keymap.set('n', 'ff', builtin.find_files, {}) - vim.keymap.set('n', 'fg', builtin.live_grep, {}) - vim.keymap.set('n', 'fb', builtin.buffers, {}) - vim.keymap.set('n', 'fh', builtin.help_tags, {}) - ''; - } - { - plugin = nvim-lspconfig; - type = "lua"; - config = builtins.readFile ./lspconfig.lua; - } - ]; - }; +{ + config, + pkgs, + lib, + ... +}: { + programs.nixvim = + { + enable = true; + } + // (import ../../../lib/nixvim.nix {inherit pkgs;}); programs.vscode = { extensions = [pkgs.vscode-extensions.asvetliakov.vscode-neovim]; userSettings = { - "vscode-neovim.neovimExecutablePaths.linux" = "${pkgs.neovim}/bin/nvim"; + "vscode-neovim.neovimExecutablePaths.linux" = + lib.getExe config.programs.nixvim.package; "extensions.experimental.affinity" = { "asvetliakov.vscode-neovim" = 1; }; diff --git a/home/programs/neovim/lspconfig.lua b/home/programs/neovim/lspconfig.lua deleted file mode 100644 index 6d39e7f..0000000 --- a/home/programs/neovim/lspconfig.lua +++ /dev/null @@ -1,54 +0,0 @@ --- Setup language servers. -local lspconfig = require('lspconfig') - -local on_attach = function(client) - require'completion'.on_attach(client) - client.server_capabilities.documentFormattingProvider = false -end - -lspconfig.tsserver.setup { - on_attach = on_attach -} - -lspconfig.eslint.setup { - on_attach = on_attach -} - -lspconfig.rust_analyzer.setup { - on_attach = on_attach -} - -lspconfig.gopls.setup {} -lspconfig.nil_ls.setup {} -lspconfig.rust_analyzer.setup {} - --- Use LspAttach autocommand to only map the following keys --- after the language server attaches to the current buffer -vim.api.nvim_create_autocmd('LspAttach', { - group = vim.api.nvim_create_augroup('UserLspConfig', {}), - callback = function(ev) - -- Enable completion triggered by - vim.bo[ev.buf].omnifunc = 'v:lua.vim.lsp.omnifunc' - - -- Buffer local mappings. - -- See `:help vim.lsp.*` for documentation on any of the below functions - local opts = { buffer = ev.buf } - vim.keymap.set('n', 'gD', vim.lsp.buf.declaration, opts) - vim.keymap.set('n', 'gd', vim.lsp.buf.definition, opts) - vim.keymap.set('n', 'K', vim.lsp.buf.hover, opts) - vim.keymap.set('n', 'gi', vim.lsp.buf.implementation, opts) - vim.keymap.set('n', '', vim.lsp.buf.signature_help, opts) - vim.keymap.set('n', 'wa', vim.lsp.buf.add_workspace_folder, opts) - vim.keymap.set('n', 'wr', vim.lsp.buf.remove_workspace_folder, opts) - vim.keymap.set('n', 'wl', function() - print(vim.inspect(vim.lsp.buf.list_workspace_folders())) - end, opts) - vim.keymap.set('n', 'D', vim.lsp.buf.type_definition, opts) - vim.keymap.set('n', 'rn', vim.lsp.buf.rename, opts) - vim.keymap.set({ 'n', 'v' }, 'ca', vim.lsp.buf.code_action, opts) - vim.keymap.set('n', 'gr', vim.lsp.buf.references, opts) - vim.keymap.set('n', 'f', function() - vim.lsp.buf.format { async = true } - end, opts) - end, -}) diff --git a/home/programs/personal/default.nix b/home/programs/personal/default.nix index d2ff861..a740d23 100644 --- a/home/programs/personal/default.nix +++ b/home/programs/personal/default.nix @@ -14,20 +14,38 @@ services.nextcloud-client.enable = true; + programs.nixvim.plugins = { + lsp = { + servers.gdscript.enable = true; + }; + godot.enable = true; + dap = { + enable = true; + adapters.servers.godot = { + host = "127.0.0.1"; + port = 6006; + }; + configurations.gdscript = [ + { + type = "godot"; + request = "launch"; + name = "Launch scene"; + project = "\${workspaceFolder}"; + } + ]; + }; + }; + home.packages = with pkgs; [ godot_4 ardour blender - # musescore + musescore monero-gui - electrum - xmrig transmission-remote-gtk krita organicmaps anki - hugo - libsForQt5.neochat bookworm jellyfin-mpv-shim ]; diff --git a/home/programs/scripts.nix b/home/programs/scripts.nix index e273227..8673d76 100644 --- a/home/programs/scripts.nix +++ b/home/programs/scripts.nix @@ -12,7 +12,6 @@ grim = "${pkgs.grim}/bin/grim"; slurp = "${pkgs.slurp}/bin/slurp"; amixer = "${pkgs.alsa-utils}/bin/amixer"; - swaybg = "${pkgs.swaybg}/bin/swaybg"; chafa = "${pkgs.chafa}/bin/chafa"; exiftool = "${pkgs.exiftool}/bin/exiftool"; wc = "${pkgs.coreutils}/bin/wc"; @@ -25,6 +24,7 @@ gawk = "${pkgs.gawk}/bin/awk"; hyprpicker = "${pkgs.hyprpicker}/bin/hyprpicker"; sed = "${pkgs.gnused}/bin/sed"; + lock = "${pkgs.hyprlock}/bin/hyprlock"; }; in { programs.scripts = [ @@ -55,14 +55,13 @@ in { echo "$items" | ${my-deps.menu} | xargs -I_ rbw get _ | wl-copy -n ''; hotkeys = [{key = "P";}]; - install = false; } { name = "bwusernamemenu"; text = '' items="$(rbw list)" echo "$items" | ${my-deps.menu} | xargs -I_ rbw get --field username _ \ - | awk '{print $2}' | wl-copy -n + | wl-copy -n ''; hotkeys = [ { @@ -70,7 +69,6 @@ in { key = "P"; } ]; - install = false; } { name = "bwotpmenu"; @@ -84,7 +82,6 @@ in { key = "P"; } ]; - install = false; } { name = "screenshot"; @@ -279,7 +276,7 @@ in { sleep hibernate" | ${my-deps.menu}) case $res in - lock) swaylock;; + lock) ${my-deps.lock};; sleep) systemctl suspend;; hibernate) systemctl hibernate;; esac @@ -344,5 +341,12 @@ in { } ]; } + { + name = "prefetch-url"; + text = '' + nix-build -E "with import {}; fetchzip {url = \"$1\"; sha256 = lib.fakeSha256; }" + ''; + install = true; + } ]; } diff --git a/home/programs/tmux.nix b/home/programs/tmux.nix new file mode 100644 index 0000000..f2b301d --- /dev/null +++ b/home/programs/tmux.nix @@ -0,0 +1,43 @@ +{ + programs.tmux = { + enable = true; + baseIndex = 1; + escapeTime = 0; + keyMode = "vi"; + mouse = true; + terminal = "screen-256color"; + historyLimit = 5000; + extraConfig = '' + bind -n M-s split-window -v + bind -n M-v split-window -h + bind -n M-Enter split-window -h + bind -n M-h select-pane -L + bind -n M-j select-pane -D + bind -n M-k select-pane -U + bind -n M-l select-pane -R + bind -n M-q kill-pane + bind -n M-< resize-pane -L 10 + bind -n M-> resize-pane -R 10 + bind -n M-- resize-pane -D 10 + bind -n M-+ resize-pane -U 10 + bind -n M-z resize-pane -Z + bind -n M-u copy-mode + bind -n M-p paste-buffer + bind -n M-n next-window + + set-option -g renumber-windows on + ''; + }; + + # programs.kitty = { + # enable = true; + # keybindings = { + # "alt+h" = "neighboring_window left"; + # "alt+l" = "neighboring_window right"; + # "alt+j" = "neighboring_window down"; + # "alt+k" = "neighboring_window up"; + # "alt+enter" = "new_window"; + # }; + # shellIntegration.enableZshIntegration = true; + # }; +} diff --git a/home/programs/vscode.nix b/home/programs/vscode.nix index 86d8cfc..5be9d65 100644 --- a/home/programs/vscode.nix +++ b/home/programs/vscode.nix @@ -19,6 +19,9 @@ in { "gitlens.telemetry.enabled" = false; "redhat.telemetry.enabled" = false; "cSpell.language" = "en,en-GB"; + "[typescript]" = { + "editor.defaultFormatter" = "vscode.typescript-language-features"; + }; }; }; diff --git a/home/programs/work.nix b/home/programs/work.nix index 0f742ab..803b582 100644 --- a/home/programs/work.nix +++ b/home/programs/work.nix @@ -4,6 +4,7 @@ ... }: let modifier = config.windowManager.modifierKey; + browser = "${pkgs.brave}/opt/brave.com/brave/brave-browser"; pwa = { slack = "mpagibdhafmlkgpemeicgogjnhclenoc"; teams = "cifhbcnohmdccbgoicgdjpfamggdegmo"; @@ -15,23 +16,39 @@ in { terminal = false; }; - home.packages = with pkgs; [ - thunderbird - remmina + home.packages = [ + pkgs.thunderbird + pkgs.remmina (import ../../lib/mkapp.nix "slack" { - inherit pkgs; + inherit pkgs browser; desktopName = "Slack"; app-id = pwa.slack; - browser = "${brave}/opt/brave.com/brave/brave-browser"; }) (import ../../lib/mkapp.nix "teams" { - inherit pkgs; - browser = "${brave}/opt/brave.com/brave/brave-browser"; + inherit pkgs browser; app-id = pwa.teams; desktopName = "Microsoft Teams"; }) + pkgs.devcontainer + (pkgs.writeShellScriptBin "devcontainer-open" (let + jq = "${pkgs.jq}/bin/jq"; + devcontainer = "${pkgs.devcontainer}/bin/devcontainer"; + in '' + res=$(${devcontainer} up --workspace-folder .) + outcome=$(echo $res | ${jq} -r '.outcome') + [[ $outcome = "success" ]] || exit 1 + containerId=$(echo $res | ${jq} -r '.containerId') + remoteWorkspaceFolder=$(echo $res | ${jq} -r '.remoteWorkspaceFolder') + docker exec -it --workdir=$remoteWorkspaceFolder $containerId bash + '')) ]; + home.sessionVariables = { + CYPRESS_INSTALL_BINARY = 0; + CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress"; + MONGOMS_SYSTEM_BINARY = "${pkgs.callPackage ../../pkgs/mongodb.nix pkgs}/bin/mongod"; + }; + gtk.gtk3.bookmarks = [ "file:///home/tristan/OneDrive/ OneDrive" ]; diff --git a/home/workstation.nix b/home/workstation.nix index 9b57960..88ebdcf 100644 --- a/home/workstation.nix +++ b/home/workstation.nix @@ -8,7 +8,6 @@ ./modules/terminal.nix ./modules/scripts.nix ./modules/email.nix - ./modules/mpd.nix ./modules/menu.nix ./modules/scripts.nix @@ -23,7 +22,6 @@ dmenuCommand = "${pkgs.tofi}/bin/tofi --fuzzy-match true"; drunCommand = "${pkgs.tofi}/bin/tofi-drun --drun-launch true"; }; - roles.mpd.enable = true; home.packages = with pkgs; [ wl-clipboard @@ -38,8 +36,7 @@ programs.rbw.settings.pinentry = pkgs.pinentry-gnome3; - home.file.".icons/default".source = "${pkgs.vanilla-dmz}/share/icons/Vanilla-DMZ"; - home.file.".config/pipewire/pipewire.conf.d/raop-discover.conf".text = '' + xdg.configFile."pipewire/pipewire.conf.d/raop-discover.conf".text = '' context.modules = [ { name = libpipewire-module-raop-discover diff --git a/lib/cypress.nix b/lib/cypress.nix new file mode 100644 index 0000000..e735b87 --- /dev/null +++ b/lib/cypress.nix @@ -0,0 +1,14 @@ +final: prev: { + cypress = prev.cypress.overrideAttrs (oldAttrs: rec { + pname = "cypress"; + version = "13.13.0"; + + src = prev.fetchzip { + url = "https://cdn.cypress.io/desktop/${version}/linux-x64/cypress.zip"; + sha256 = "sha256-FGaopXp8T0swY0v6IH7cuhp/IolTmJ8vXLLslPtBOJw="; + ## Note: sha256 is computed via (note the version): + ## + ## nix-prefetch-url --unpack https://cdn.cypress.io/desktop/${version}/linux-x64/cypress.zip + }; + }); +} diff --git a/lib/emotes.txt b/lib/emotes.txt index dac74ec..7d30825 100644 --- a/lib/emotes.txt +++ b/lib/emotes.txt @@ -1188,3 +1188,4 @@ 8⃣ keycap: 8 ~ Symbols (keycap) 9⃣ keycap: 9 ~ Symbols (keycap) ¯\_(ツ)_/¯ shrug +• bullet point diff --git a/lib/mkconf.nix b/lib/mkconf.nix index 8f8e302..f779cdb 100644 --- a/lib/mkconf.nix +++ b/lib/mkconf.nix @@ -4,8 +4,11 @@ user, userFullname, ... -}: modules: home-modules: let - inherit (inputs) home-manager nixpkgs sops-nix; +}: { + nixos-modules ? [], + home-modules ? [], +}: let + inherit (inputs) home-manager nixpkgs sops-nix nixvim; in nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; @@ -13,7 +16,7 @@ in inherit system; modules = - modules + nixos-modules ++ [ home-manager.nixosModules.home-manager sops-nix.nixosModules.sops @@ -24,6 +27,7 @@ in users.${user}.imports = home-modules ++ [ + nixvim.homeManagerModules.nixvim ../home/. { options.home.userFullname = nixpkgs.lib.mkOption {default = userFullname;}; diff --git a/lib/nixvim.nix b/lib/nixvim.nix new file mode 100644 index 0000000..221fc0c --- /dev/null +++ b/lib/nixvim.nix @@ -0,0 +1,279 @@ +{pkgs, ...}: { + globals = { + mapleader = " "; + }; + opts = { + number = true; + relativenumber = true; + tabstop = 4; + shiftwidth = 2; + expandtab = true; + smartindent = true; + scrolloff = 4; + + undofile = true; + undodir.__raw = ''vim.fn.expand("$HOME/.local/share/nvim/undo")''; + + list = true; + listchars = builtins.concatStringsSep "," [ + "tab: >" + "leadmultispace: |" + "trail:." + "extends:>" + "precedes:<" + ]; + }; + extraPlugins = [(pkgs.vimPlugins.actions-preview-nvim)]; + extraConfigLua = '' + require("actions-preview").setup { + highlight_command = { + require("actions-preview.highlight").delta("${pkgs.delta}/bin/delta --no-gitconfig --side-by-side"), + }, + telescope = { + sorting_strategy = "ascending", + layout_strategy = "vertical", + layout_config = { + width = 0.8, + height = 0.9, + prompt_position = "top", + preview_cutoff = 20, + preview_height = function(_, _, max_lines) + return max_lines - 10 + end, + }, + }, + } + vim.keymap.set({ "v", "n" }, "", require("actions-preview").code_actions) + vim.keymap.set({ "n" }, "ca", require("actions-preview").code_actions) + ''; + keymaps = [ + { + key = ""; + action = ''"+y''; + options.desc = "copy to clipboard"; + } + { + key = "ca"; + action = '' + require("actions-preview").code_actions + ''; + } + { + key = ""; + action = "tabnext"; + } + { + key = ""; + action = "tabprev"; + } + { + key = "gl"; + action = "g$"; + } + { + key = "gh"; + action = "g0"; + } + { + mode = "v"; + key = ">"; + action = ">gv"; + options.desc = "indent"; + options.silent = true; + } + { + mode = "v"; + key = "<"; + action = "fg" = "live_grep"; + "/" = "live_grep"; + "ff" = "find_files"; + "fb" = "buffers"; + "fh" = "help_tags"; + ":" = "commands"; + "ft" = "treesitter"; + "fr" = "lsp_references"; + "cr" = "lsp_definition"; + }; + }; + + lsp = { + enable = true; + servers = { + ts-ls.enable = true; + nil-ls.enable = true; + gopls.enable = true; + }; + keymaps = { + lspBuf = { + "ck" = "hover"; + "K" = "hover"; + "cr" = "rename"; + "" = "rename"; + }; + }; + }; + + cmp = { + enable = true; + settings = { + mapping = { + "" = "cmp.mapping.complete()"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.close()"; + "" = "cmp.mapping.confirm({ select = true })"; + "" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})"; + "" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; + }; + sources = [ + {name = "nvim_lsp";} + {name = "path";} + {name = "buffer";} + ]; + }; + }; + cmp-nvim-lsp.enable = true; + cmp-nvim-lsp-signature-help.enable = true; + cmp-path.enable = true; + cmp-buffer.enable = true; + + trouble.enable = true; + + gitsigns.enable = true; + git-worktree = { + enable = true; + enableTelescope = true; + }; + + lazygit.enable = true; + which-key.enable = true; + + harpoon = { + enable = true; + keymaps = { + addFile = "ha"; + toggleQuickMenu = "hf"; + navNext = "n"; + }; + }; + + vim-css-color.enable = true; + + treesitter = { + enable = true; + folding = true; + }; + treesitter-textobjects = { + enable = true; + select = { + enable = true; + lookahead = true; + keymaps = { + "af" = { + query = "@function.outer"; + desc = "Function Outer"; + }; + "ac" = { + query = "@comment.outer"; + desc = "Comment Outer"; + }; + "if" = { + query = "@function.inner"; + desc = "Function Inner"; + }; + }; + }; + }; + + oil.enable = true; + ts-autotag.enable = true; + guess-indent.enable = true; + }; +} diff --git a/nixos/default.nix b/nixos/default.nix index 80ce0b5..917111b 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -8,6 +8,7 @@ }: let user = config.user; in { + nix = { settings = { experimental-features = ["nix-command" "flakes"]; @@ -94,31 +95,6 @@ in { sops ]; - programs.tmux.enable = true; - programs.tmux.extraConfig = '' - set escape-time 0 - set -g default-terminal screen - - bind -n M-s split-window -v - bind -n M-v split-window -h - bind -n M-Enter split-window -h - bind -n M-h select-pane -L - bind -n M-j select-pane -D - bind -n M-k select-pane -U - bind -n M-l select-pane -R - bind -n M-q kill-pane - bind -n M-< resize-pane -L 10 - bind -n M-> resize-pane -R 10 - bind -n M-- resize-pane -D 10 - bind -n M-+ resize-pane -U 10 - bind -n M-u copy-mode - bind -n M-p paste-buffer - - set-window-option -g mode-keys vi - bind-key -T copy-mode-vi v send-keys -X begin-selection - bind-key -T copy-mode-vi y send-keys -X copy-selection - ''; - boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 53; }; diff --git a/nixos/modules/work.nix b/nixos/modules/work.nix index 4c533b0..675ac39 100644 --- a/nixos/modules/work.nix +++ b/nixos/modules/work.nix @@ -13,12 +13,21 @@ in { "steam-run" ]; + nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1w" # required for mongodb + ]; + networking = { networkmanager = { plugins = [pkgs.networkmanager-openvpn]; }; }; + # breaks some work projects ):< + networking.stevenblack.enable = false; + + nixpkgs.overlays = [(import ../../lib/cypress.nix)]; + services.onedrive.enable = true; users.users.${user}.extraGroups = ["docker"]; diff --git a/nixos/programs/cosmic.nix b/nixos/programs/cosmic.nix new file mode 100644 index 0000000..8028081 --- /dev/null +++ b/nixos/programs/cosmic.nix @@ -0,0 +1,20 @@ +{ + inputs, + config, + ... +}: { + imports = [ + inputs.nixos-cosmic.nixosModules.default + ]; + nix.settings = { + substituters = ["https://cosmic.cachix.org/"]; + trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; + }; + services.desktopManager.cosmic.enable = true; + services.displayManager.cosmic-greeter.enable = true; + services.system76-scheduler.enable = true; + home-manager.users.${config.user}.imports = [ + (import "${inputs.home-manager-cosmic}/modules/programs/cosmic/.") + ../../home/desktop/cosmic/. + ]; +} diff --git a/nixos/programs/gamer.nix b/nixos/programs/gamer.nix index 5f941eb..b676f2e 100644 --- a/nixos/programs/gamer.nix +++ b/nixos/programs/gamer.nix @@ -1,4 +1,8 @@ -{lib, ...}: { +{ + lib, + pkgs, + ... +}: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "steam" @@ -6,9 +10,12 @@ "steam-original" "osu-lazer" ]; - programs.steam = { enable = true; + extest.enable = true; + extraCompatPackages = with pkgs; [ + proton-ge-bin + ]; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; diff --git a/nixos/programs/hyprland.nix b/nixos/programs/hyprland.nix new file mode 100644 index 0000000..0b00516 --- /dev/null +++ b/nixos/programs/hyprland.nix @@ -0,0 +1,13 @@ +{config, ...}: { + programs.hyprland.enable = true; + security.pam.services.hyprlock = {}; + + imports = [ + ./pipewire.nix + ../workstation.nix + ]; + + home-manager.users.${config.user}.imports = [ + ../../home/desktop/hyprland/. + ]; +} diff --git a/nixos/programs/pipewire.nix b/nixos/programs/pipewire.nix new file mode 100644 index 0000000..57a8694 --- /dev/null +++ b/nixos/programs/pipewire.nix @@ -0,0 +1,14 @@ +{ + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + raopOpenFirewall = true; + }; + # network streaming + networking.firewall.allowedTCPPorts = [4713]; +} diff --git a/nixos/services/arr.nix b/nixos/services/arr.nix new file mode 100644 index 0000000..eef5b50 --- /dev/null +++ b/nixos/services/arr.nix @@ -0,0 +1,70 @@ +{config, lib, ...}: let + inherit (config) sops; + inherit (sops) templates placeholder; +in { + users.groups.media = {}; + services.jackett = { + enable = true; + }; + services.lidarr = { + enable = true; + group = "media"; + }; + services.sonarr = { + enable = true; + group = "media"; + }; + services.radarr = { + enable = true; + group = "media"; + }; + services.jellyseerr.enable = true; + sops.secrets.sonarr-sslkey = { + sopsFile = ../../certs/alpine.prawn-justice.ts.net.key; + format = "binary"; + owner = "nginx"; + }; + # this was fun to figure out, but pointless atm. + services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = { + forceSSL = true; + sslCertificateKey = config.sops.secrets.sonarr-sslkey.path; + sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt; + }; + # probably easier if i just put this in a nixos-container + virtualisation.oci-containers.containers.transmission = { + autoStart = false; + image = "docker.io/haugene/transmission-openvpn:5.3.1"; + ports = ["9091:9091"]; + volumes = [ + "/mnt/storage/downloads:/data" + "transmission-config:/config" + "/mnt/storage/media/unsorted:/data/completed" + ]; + environmentFiles = [ templates."transmission/env".path ]; + environment = { + PUID = "1000"; + GUID = "1000"; + SUBNET = "100.0.0.0/8"; + }; + extraOptions = builtins.map (cap: "--cap-add=${cap}") [ + "NET_ADMIN" + "NET_RAW" + "MKNOD" + ]; + }; + sops.secrets = { + "transmission/auth/OPENVPN_PROVIDER" = {}; + "transmission/auth/OPENVPN_CONFIG" = {}; + "transmission/auth/OPENVPN_USERNAME" = {}; + "transmission/auth/OPENVPN_PASSWORD" = {}; + }; + sops.templates."transmission/env" = { + owner = "tristan"; + content = '' + OPENVPN_PROVIDER="${placeholder."transmission/auth/OPENVPN_PROVIDER"}" + OPENVPN_CONFIG="${placeholder."transmission/auth/OPENVPN_CONFIG"}" + OPENVPN_USERNAME="${placeholder."transmission/auth/OPENVPN_USERNAME"}" + OPENVPN_PASSWORD="${placeholder."transmission/auth/OPENVPN_PASSWORD"}" + ''; + }; +} diff --git a/nixos/services/authentik.nix b/nixos/services/authentik.nix new file mode 100644 index 0000000..24bc72a --- /dev/null +++ b/nixos/services/authentik.nix @@ -0,0 +1,97 @@ +{config, ...}: let + inherit (config) sops; + inherit (sops) templates placeholder; + redis_port = "6380"; + authentik_port = "8084"; + postgres = { + user = "authentik"; + db = "authentik"; + port = "5437"; + }; + authentik-config = { + autoStart = true; + image = "ghcr.io/goauthentik/server:2024.8.2"; + volumes = ["/home/tristan/pods/authentik/media:/media"]; + environment = { + AUTHENTIK_POSTGRESQL__USER = postgres.user; + AUTHENTIK_POSTGRESQL__HOST = "192.168.1.2"; + AUTHENTIK_POSTGRESQL__PORT = postgres.port; + AUTHENTIK_REDIS__HOST = "192.168.1.2"; + AUTHENTIK_REDIS__PORT = redis_port; + AUTHENTIK_EMAIL__FROM = "Authentik "; + AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME = "false"; + }; + environmentFiles = [templates."authentik/environment".path]; + dependsOn = ["authentik-redis" "authentik-postgres"]; + }; +in { + sops.secrets = { + "authentik/postgres_password" = {}; + "authentik/secret_key" = {}; + "mail/host" = {}; + "mail/port" = {}; + "mail/username" = {}; + "mail/password" = {}; + "mail/ssl" = {}; + }; + sops.templates = { + "authentik/environment" = { + content = '' + AUTHENTIK_POSTGRESQL__PASSWORD="${placeholder."authentik/postgres_password"}" + AUTHENTIK_SECRET_KEY="${placeholder."authentik/secret_key"}" + AUTHENTIK_EMAIL__HOST="${placeholder."mail/host"}" + AUTHENTIK_EMAIL__PORT="${placeholder."mail/port"}" + AUTHENTIK_EMAIL__USERNAME="${placeholder."mail/username"}" + AUTHENTIK_EMAIL__PASSWORD="${placeholder."mail/password"}" + AUTHENTIK_EMAIL__USE_SSL="${placeholder."mail/ssl"}" + ''; + }; + "authentik/postgres_env" = { + content = '' + POSTGRES_PASSWORD="${placeholder."authentik/postgres_password"}" + ''; + }; + }; + virtualisation.oci-containers.containers = { + authentik-redis = { + autoStart = true; + image = "redis:7.2-alpine"; + ports = ["${redis_port}:6379"]; + volumes = ["authentik-redis:/data"]; + }; + + authentik-server = + authentik-config + // { + cmd = ["server"]; + ports = ["${authentik_port}:9000" "9084:9300"]; + }; + + authentik-worker = + authentik-config + // { + cmd = ["worker"]; + }; + + authentik-postgres = { + autoStart = true; + image = "docker.io/postgres:14-alpine"; + ports = ["${postgres.port}:5432"]; + volumes = ["/home/tristan/pods/authentik/db:/var/lib/postgresql/data"]; + environment = { + POSTGRES_USER = postgres.user; + POSTGRES_DB = postgres.db; + }; + environmentFiles = [templates."authentik/postgres_env".path]; + }; + }; + + services.nginx.virtualHosts."auth.tristans.cloud" = { + forceSSL = true; + enableACME = true; + locations."~" = { + proxyPass = "http://localhost:${authentik_port}"; + proxyWebsockets = true; + }; + }; +} diff --git a/nixos/services/grafana.nix b/nixos/services/grafana.nix index 253fe24..353bbc8 100644 --- a/nixos/services/grafana.nix +++ b/nixos/services/grafana.nix @@ -1,6 +1,15 @@ -{config, ...}: let +{config, lib, pkgs, ...}: let cfg = config.services.grafana; secrets = config.sops.secrets; + mkDashboards = dashboards: pkgs.symlinkJoin { + name = "dashboards"; + paths = map mkDashboard dashboards; + }; + mkDashboard = {name, url, sha256}: pkgs.writeTextFile { + inherit name; + text = builtins.readFile ( builtins.fetchurl {inherit url sha256;} ); + destination = "/dash/${name}.json"; + }; in { sops.secrets."grafana/oidc_client_secret" = { owner = "grafana"; @@ -25,6 +34,22 @@ in { role_attribute_path = "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"; }; }; + provision.dashboards.settings.providers = [{ + name = "Node Exporter"; + type = "file"; + options.path = mkDashboards [ + { + name = "node-exporter"; + url = "https://grafana.com/api/dashboards/1860/revisions/37/download"; + sha256 = "sha256:0qza4j8lywrj08bqbww52dgh2p2b9rkhq5p313g72i57lrlkacfl"; + } + { + name = "synapse"; + url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json"; + sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s"; + } + ]; + }]; }; services.nginx.virtualHosts = { ${cfg.settings.server.domain} = { diff --git a/nixos/services/jellyfin.nix b/nixos/services/jellyfin.nix index db598f0..9eba39e 100644 --- a/nixos/services/jellyfin.nix +++ b/nixos/services/jellyfin.nix @@ -1,6 +1,7 @@ { services.jellyfin = { enable = true; + group = "media"; # access to user stuff }; services.nginx.virtualHosts."movies.tristans.cloud" = { forceSSL = true; diff --git a/nixos/services/loki.nix b/nixos/services/loki.nix new file mode 100644 index 0000000..1e84fc8 --- /dev/null +++ b/nixos/services/loki.nix @@ -0,0 +1,94 @@ +{config, ...}: let + inherit (config.services) loki; +in { + services.loki = { + enable = true; + configuration = { + auth_enabled = false; + server.http_listen_port = 3100; + schema_config.configs = [ + { + from = "2024-10-12"; + object_store = "filesystem"; + store = "tsdb"; + schema = "v13"; + index = { + prefix = "index_"; + period = "24h"; + }; + } + ]; + storage_config."filesystem".directory = "/tmp/loki/chunks"; + common = { + ring = { + instance_addr = "127.0.0.1"; + kvstore.store = "inmemory"; + }; + replication_factor = 1; + path_prefix = "/tmp/loki"; + }; + limits_config.ingestion_rate_strategy = "local"; + }; + }; + services.prometheus.scrapeConfigs = [{ + job_name = "loki"; + static_configs = [ + { + targets = ["localhost:3100"]; + } + ]; + }]; + services.promtail = { + enable = true; + # https://grafana.com/docs/loki/latest/send-data/promtail/configuration/ + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + clients = [ + {url = "http://localhost:3100/loki/api/v1/push";} + ]; + scrape_configs = [ + { + job_name = "system"; + journal = { + path = "/var/log/journal/"; + }; + relabel_configs = [ + { + source_labels = ["__journal_message"]; + target_label = "message"; + regex = "(.+)"; + } + { + source_labels = ["__journal__systemd_unit"]; + target_label = "systemd_unit"; + regex = "(.+)"; + } + { + source_labels = ["__journal__systemd_user_unit"]; + target_label = "systemd_user_unit"; + regex = "(.+)"; + } + { + source_labels = ["__journal__transport"]; + target_label = "transport"; + regex = "(.+)"; + } + { + source_labels = ["__journal__priority_keyword"]; + target_label = "severity"; + regex = "(.+)"; + } + ]; + } + ]; + }; + }; + services.grafana.provision.datasources.settings.datasources = [{ + name = "Loki"; + type = "loki"; + url = "http://localhost:${toString loki.configuration.server.http_listen_port}"; + }]; +} diff --git a/nixos/services/mautrix/signal.nix b/nixos/services/mautrix/signal.nix index b6f1194..52468a4 100644 --- a/nixos/services/mautrix/signal.nix +++ b/nixos/services/mautrix/signal.nix @@ -1,9 +1,44 @@ -{config, ...}: let - inherit (config) sops; - inherit (sops) templates placeholder; +{config, lib, ...}: let inherit (import ./lib.nix) toAppRegistration; + inherit (config.sops) templates placeholder; in { + + virtualisation.oci-containers.containers.mautrix-signal = { + image = "dock.mau.dev/mautrix/signal:v0.7.1"; + dependsOn = ["mautrix-signal-psql"]; + volumes = [ + "/home/tristan/pods/signal-bridge/mautrix-signal:/data:z" + ]; + ports = [ + "29328:29328" + "8000:8000" + ]; + }; + +# when you get around to backing this up +# 1. stop the server. +# 2. backup the db. +# 3. migrate to newer version of postgres +# 4. migrate db to local + virtualisation.oci-containers.containers.mautrix-signal-psql = { + image = "docker.io/postgres:14-alpine"; + # ports = [ "127.0.0.1:5435:5432" ]; + ports = [ "5435:5432" ]; + volumes = [ "/home/tristan/pods/signal-bridge/db:/var/lib/postgresql/data" ]; + environmentFiles = [templates."mautrix-signal/psql.env".path]; + }; + sops.templates = { + "mautrix-signal/psql.env" = { + owner = config.users.users.nobody.name; + content = lib.strings.toShellVars { + POSTGRES_PASSWORD = placeholder."mautrix-signal/postgres_password"; + POSTGRES_USER = "signald"; + POSTGRES_DB = "signald"; + }; + }; + }; sops.secrets = { + "mautrix-signal/postgres_password" = {}; "mautrix-signal/as_token" = {}; "mautrix-signal/hs_token" = {}; }; @@ -20,10 +55,8 @@ in { }; }; }; - - # mautrix-signal server currently in ansible/podman - services.matrix-synapse.settings.app_service_config_files = [ templates."mautrix-signal/appservice.yaml".path ]; + } diff --git a/nixos/services/mautrix/whatsapp.nix b/nixos/services/mautrix/whatsapp.nix index 67b9a5e..2fb005b 100644 --- a/nixos/services/mautrix/whatsapp.nix +++ b/nixos/services/mautrix/whatsapp.nix @@ -1,33 +1,11 @@ -{config, ...}: let - inherit (config) sops; - inherit (sops) templates placeholder; - inherit (import ./lib.nix) toAppRegistration; -in { - sops.secrets = { - "mautrix-whatsapp/as_token" = {}; - "mautrix-whatsapp/hs_token" = {}; - }; - sops.templates = { - "mautrix-whatsapp/appservice.yaml" = { - owner = "matrix-synapse"; - content = toAppRegistration { - id = "whatsapp"; - port = config.services.mautrix-whatsapp.settings.appservice.port; - as_token = placeholder."mautrix-whatsapp/as_token"; - hs_token = placeholder."mautrix-whatsapp/hs_token"; - sender_localpart = "Gx8tLTHsxVlrdD3qibaPdaP9t7GhfciV"; - "de.sorunome.msc2409.push_ephemeral" = true; - }; - }; - # "mautrix-whatsapp/env".content = '' - # MAUTRIX_WHATSAPP_APPSERVICE_AS_TOKEN=${placeholder."mautrix-whatsapp/as_token"} - # MAUTRIX_WHATSAPP_APPSERVICE_HS_TOKEN=${placeholder."mautrix-whatsapp/hs_token"} - # ''; - }; +{config, ...}: { + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; services.mautrix-whatsapp = { enable = true; - # environmentFile = templates."mautrix-whatsapp/env".path; + registerToSynapse = true; settings = { homeserver = { address = "http://localhost:8008"; @@ -46,9 +24,4 @@ in { }; }; }; - - services.matrix-synapse.settings.app_service_config_files = [ - templates."mautrix-whatsapp/appservice.yaml".path - # "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" - ]; } diff --git a/nixos/services/monero.nix b/nixos/services/monero.nix new file mode 100644 index 0000000..c502f0d --- /dev/null +++ b/nixos/services/monero.nix @@ -0,0 +1,16 @@ +{...}: { + services.monero = { + enable = true; + rpc = { + address = "0.0.0.0"; + restricted = true; + }; + extraConfig = '' + prune-blockchain=1 + confirm-external-bind=1 + out-peers=64 # This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays + in-peers=1024 # The default is unlimited; we prefer to put a cap on this + zmq-pub=tcp://localhost:18083 + ''; + }; +} diff --git a/nixos/services/mpd.nix b/nixos/services/mpd.nix index 9589de5..ab09e2b 100644 --- a/nixos/services/mpd.nix +++ b/nixos/services/mpd.nix @@ -2,6 +2,26 @@ services.mpd = { enable = true; network.listenAddress = "0.0.0.0"; + extraConfig = '' + audio_output { + type "fifo" + name "snapcast" + path "${config.services.snapserver.streams.mpd.location}" + format "${config.services.snapserver.streams.mpd.sampleFormat}" + mixer_type "software" + } + ''; }; networking.firewall.allowedTCPPorts = [config.services.mpd.network.port]; + services.snapserver = { + enable = true; + openFirewall = true; + buffer = 1000; + streams.mpd = { + type = "pipe"; + location = "/run/snapserver/mpd"; + sampleFormat = "44100:16:2"; + codec = "pcm"; + }; + }; } diff --git a/nixos/services/nextcloud.nix b/nixos/services/nextcloud.nix index a5fa2ef..23be426 100644 --- a/nixos/services/nextcloud.nix +++ b/nixos/services/nextcloud.nix @@ -1,6 +1,7 @@ { config, pkgs, + lib, ... }: let nextcloud = config.services.nextcloud; @@ -27,6 +28,7 @@ in { services.nextcloud = { enable = true; https = true; + package = pkgs.nextcloud29; hostName = "files.${config.networking.domain}"; configureRedis = true; database.createLocally = true; @@ -78,15 +80,16 @@ in { notes maps previewgenerator + deck ; oidc_login = pkgs.fetchNextcloudApp { - sha256 = "sha256-cN5azlThKPKRVip14yfUNR85of5z+N6NVI7sg6pSGQI="; - url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.0.2/oidc_login.tar.gz"; + sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA="; + url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz"; license = "agpl3Only"; }; news = pkgs.fetchNextcloudApp { - sha256 = "sha256-aePXUn57U+1e01dntxFuzWZ8ILzwbnsAOs60Yz/6zUU="; - url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha4/news.tar.gz"; + sha256 = "sha256-jH1F/IZItlZEpsfgXhRojiYD6ZEVhsuRvz8Qs0Z3UFI="; + url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha9/news.tar.gz"; license = "agpl3Only"; }; }; diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix index dfc5ade..e38cb64 100644 --- a/nixos/services/prometheus.nix +++ b/nixos/services/prometheus.nix @@ -34,4 +34,9 @@ in { }; }; }; + services.grafana.provision.datasources.settings.datasources = [{ + name = "Prometheus"; + type = "prometheus"; + url = "http://localhost:${toString prometheus.port}"; + }]; } diff --git a/nixos/services/synapse.nix b/nixos/services/synapse/default.nix similarity index 98% rename from nixos/services/synapse.nix rename to nixos/services/synapse/default.nix index d5256df..d324a0a 100644 --- a/nixos/services/synapse.nix +++ b/nixos/services/synapse/default.nix @@ -16,6 +16,8 @@ inherit (config.services) matrix-synapse matrix-sliding-sync; inherit (sops) secrets templates; in { + imports = [./metrics.nix]; + services.postgresql.enable = true; services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; @@ -66,7 +68,7 @@ in { server_name = domain; baseurl = "https://${domain}"; oidc_providers = []; - settings.listeners = [ + listeners = [ { inherit port; bind_addresses = ["localhost"]; diff --git a/nixos/services/synapse/metrics.nix b/nixos/services/synapse/metrics.nix new file mode 100644 index 0000000..322bc49 --- /dev/null +++ b/nixos/services/synapse/metrics.nix @@ -0,0 +1,25 @@ +let + port = 9008; +in { + services.prometheus.scrapeConfigs = [{ + job_name = "synapse"; + metrics_path = "/_synapse/metrics"; + static_configs = [{ + targets = ["localhost:${toString port}"]; + }]; + }]; + services.matrix-synapse.settings = { + enable_metrics = true; + listeners = [ + { + port = port; + type = "metrics"; + bind_addresses = ["127.0.0.1"]; + tls = false; + resources = []; # unneeded with type: metrics, just to make the nix module happy + } + ]; + }; +# Grafana rules? +# https://github.com/element-hq/synapse/tree/master/contrib/prometheus/ +} diff --git a/nixos/workstation.nix b/nixos/workstation.nix index 07d2d6e..b997b05 100644 --- a/nixos/workstation.nix +++ b/nixos/workstation.nix @@ -1,45 +1,15 @@ { inputs, pkgs, + lib, + config, ... }: { imports = [ inputs.stylix.nixosModules.stylix ]; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - # use pipewire - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - # pipewire raop - networking.firewall.allowedUDPPorts = [6002 6001]; - # network streaming - networking.firewall.allowedTCPPorts = [4713]; - - security.pam.services.swaylock = {}; security.polkit.enable = true; - systemd.user.services.polkit-gnome-authentication-agent-1 = { - description = "polkit-gnome-authentication-agent-1"; - wantedBy = ["graphical-session.target"]; - wants = ["graphical-session.target"]; - after = ["graphical-session.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; - Restart = "on-failure"; - RestartSec = 1; - TimeoutStopSec = 10; - }; - }; hardware.opentabletdriver.enable = true; @@ -47,7 +17,10 @@ services.printing.enable = true; - services.dbus.enable = true; + services.dbus = { + enable = true; + packages = [pkgs.gcr]; + }; programs.light.enable = true; programs.dconf.enable = true; @@ -59,19 +32,34 @@ virtualisation.waydroid.enable = true; networking.stevenblack = { - enable = true; + enable = lib.mkDefault true; block = ["porn" "gambling"]; }; stylix = { + enable = true; image = ../images/nix-soft.png; - base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-hard.yaml"; opacity = { terminal = 0.9; applications = 0.9; desktop = 0.9; popups = 0.9; }; + cursor = { + name = "Vanilla-DMZ"; + package = pkgs.vanilla-dmz; + size = 24; + }; + targets = { + gtk.enable = false; # fails to switch with cosmic overriding it (grr) + grub = { + useImage = true; + }; + nixvim = { + transparentBackground.main = true; + }; + }; }; nixpkgs.overlays = [ @@ -84,4 +72,8 @@ nerdfonts interalia ]; + + home-manager.users.${config.user}.imports = [ + ../home/workstation.nix + ]; } diff --git a/pkgs/mongodb.nix b/pkgs/mongodb.nix new file mode 100644 index 0000000..46f2cac --- /dev/null +++ b/pkgs/mongodb.nix @@ -0,0 +1,34 @@ +{ + stdenv, + pkgs, + ... +}: let + version = "6.0.14"; +in + stdenv.mkDerivation { + name = "mongodb"; + inherit version; + + src = builtins.fetchTarball { + url = "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-debian11-${version}.tgz"; + sha256 = "sha256:0lghfh8dpq159y2m0b7wg3xks2s59n9s5xmcw6ng2lrg815s6aiz"; + }; + dontBuild = true; + + nativeBuildInputs = with pkgs; [ + openssl_1_1 + xz + curl + libgcc + autoPatchelfHook + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + cp -R bin $out/ + + runHook postInstall + ''; + } diff --git a/pkgs/mpv-skipsilence.nix b/pkgs/mpv-skipsilence.nix index ffc0881..33d6b1f 100644 --- a/pkgs/mpv-skipsilence.nix +++ b/pkgs/mpv-skipsilence.nix @@ -4,20 +4,20 @@ fetchgit, gitUpdater, }: -buildLua rec { +buildLua { pname = "mpv-skipsilence"; version = "1.0"; src = fetchgit { url = "https://codeberg.org/ferreum/mpv-skipsilence.git"; - hash = "sha256-aAzLegotOUILhpz7GcMJvCY4R3jSZCDIKOwVfM21kdY="; + hash = "sha256-fg8vfeb68nr0bTBIvr0FnRnoB48/kV957pn22tWcz1g="; }; passthru.updateScript = gitUpdater {}; meta = with lib; { description = "Increase playback speed during silence - a revolution in attention-deficit induction technology."; homepage = "https://github.com/ferreum/mpv-skipsilence"; - license = licenses.unlicense; # actually they don't have a license + license = licenses.gpl2; maintainers = []; }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index e336487..d38eaa9 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,24 +1,38 @@ nextcloud: - admin_password: ENC[AES256_GCM,data:ZBc/Z5F/DWPM78XhO3mVxEfEYjPoXHgqfg==,iv:ih9YuI+k4ksKBOhpezoJ/L5ac7P/JGLqs2B6ZuqZrj0=,tag:IDFU9NQoXHR1Ph5YtLC4lQ==,type:str] - oidc_client_secret: ENC[AES256_GCM,data:nIVLfC+22fEurR6FXdUwz4+rPuXzlM5HG4lnRI/m1lOaiw+C9DA3WV15DP5IXMn6BeBmDMnXbfdGt0hoV32y8bkfcals0C4wUitI63sYRJ6+f+N85IeAolfvYi+6gCwKZZhwRZdZJOQVOoFH8bvC0zLz6dzjL1/C5POX4C57URs=,iv:uV6KssluRg4+aOg7DPewK9c3eIkY3y/7ij7uYBLx9Kw=,tag:gEvApHIStThboRsP0YEoFw==,type:str] + admin_password: ENC[AES256_GCM,data:oE7SeKE40NsLF5FrxKJheyzSXLcL8Hs1+w==,iv:ih9YuI+k4ksKBOhpezoJ/L5ac7P/JGLqs2B6ZuqZrj0=,tag:tRTNDAaAvRe7FSMMCneYkA==,type:str] + oidc_client_secret: ENC[AES256_GCM,data:dTQlsiPvKPRETEy1cg7RIWxeapFOdoMqp1xpVnYFd8zxRyZGIYJNlSZAkc4ZZIMM76jrAnMw7jVArqCX/pma0GMxb4GqITYAHJfe6yVPZYVY9UHUeCQpwwdIMUxYJqYgcCL4VFn7tdtc6vITl+b0KH0GBFQWg07ROJCGfFiICa4=,iv:uV6KssluRg4+aOg7DPewK9c3eIkY3y/7ij7uYBLx9Kw=,tag:UM7fvtjscORH0BxoiUm++Q==,type:str] grafana: - oidc_client_secret: ENC[AES256_GCM,data:XU81XrM/aTZ/RDc3UPunOFQdfjJldKw3usMA5NfQkgxJYSq5NSu1ZQXsMuly4xbcYULiuUtkTAnb7Xzge+yIDoLfrZHab4mQgtLeK6hzZgLHYeSSEtQCXEYsL0p6ulA2OLrW6KoKl/o1EjiA+8htimgc7yNatdo6pBwwUXZFxpQ=,iv:de2P5uu1t0si7s7BqG4ukvouxH1TlCxgR28wRsz7i/I=,tag:1u0Wd9HRzbJRQtNbwDHOIQ==,type:str] + oidc_client_secret: ENC[AES256_GCM,data:vC/9eABn0slzgiaI372dhD46ggU+dsjgA9B7Kv2SLS15OWFBwqRnRhGxNYO6Iwev656t2RwZlJwbQwS8sIrnFD3NU+IEGMvz4sVWbSj7tHxojNo3+Ne8Kg7b03AlBYcEmYqTIx94Nbx8DsZtFRGAIuFYDpEpVxC9jWgPtqB21OE=,iv:de2P5uu1t0si7s7BqG4ukvouxH1TlCxgR28wRsz7i/I=,tag:wToLDNtOafhuMe9thxZDuQ==,type:str] anki: - password: ENC[AES256_GCM,data:dZsz/Z0rdP8vVFEGlck=,iv:rLjrfKXnz7hiYSOOY+uTGQCmvMLZbo3Xle+069hAB+A=,tag:sNuvL9tGBXs9OPoFVfjdSw==,type:str] + password: ENC[AES256_GCM,data:Lz9WwJ/JgboJEqnClj4=,iv:rLjrfKXnz7hiYSOOY+uTGQCmvMLZbo3Xle+069hAB+A=,tag:PrWQlZYREWGQJwPVFX0byQ==,type:str] synapse: - postgres: ENC[AES256_GCM,data:pP/Clrcd/dTjI81Wr9I=,iv:nx3eVKH1DXGk3tipbzlIGGyZB3/bJP5TSVMFVNHTIPs=,tag:3PbODZtFlb9XtuBfO/Ey/g==,type:str] - oidc_client_secret: ENC[AES256_GCM,data:GXEHHAf5pi/34DY8rUtb1r+0w9HdH2LfeYzREq9BssbspORGd2lOGW22kpUWQzMP/LN8qqx0+EDxlnUuz6MbKofdDPO53Ghrkv7eKsgHdI4g8NbneOEIe4Uurjsg+ibn2EIAWP6HsdwDoLPpS260HyciHJz15i8OpyPatv+bhUc=,iv:pigc8d/LPwy/mBrlUzOFR1nIUrulYZ67nq4bI4Mn+MI=,tag:5fQj8XiXmlC0/T4Muht7bA==,type:str] - signing_key: ENC[AES256_GCM,data:AuXyep/aoKn0EoXFgphhlwyvqiwnmRAbGsjzQtCHOVe1Nsdd1aZZdmANt3NXbNJbtjbowIYGbYTizQ==,iv:jKfEBdXSIrg1WQRvWxi+CUiO2mXOfULkg/i3YSD4d9k=,tag:EZJnoZVyrjb0fcRbvyuiPg==,type:str] - sliding_sync_secret: ENC[AES256_GCM,data:EureGgSONw+29RnTBcG7+Hpjs3mOk1Zr75glc582Tr9ITFfMczAdfY0FlWQgDxiPnl3o2GqlvdQ2CwDmpVGUVQ==,iv:JUKLrxrYQmCF15o+PwY1PzNW1h9FrGxdbSFGCzm3RdA=,tag:/TMv9LcCRLoTw3MDmpE0oQ==,type:str] -mautrix-whatsapp: - as_token: ENC[AES256_GCM,data:x1iIfwaRdSzC7wo684FY5ZCytj+uQSS2k8UZ/Sm/0gy7jnjsb6Eyl0I5tdNf7mYk2gdTtfmc+dVThOP3aGIZXQ==,iv:hvVr1MZfpLewomTW5pUhOvrQ2fEkQy4LNnfqslkeFgQ=,tag:5eUZLn5Bd2D5GWyIx9xevw==,type:str] - hs_token: ENC[AES256_GCM,data:y8q41zg1NFco0fs7Q/yZVIPCdrUsB8/CRiffBpAVWsH0vCCHQvBs6VUGZmZwJVySkxSfFqBdCc/TF38SPwhxCg==,iv:sJ0cldlCTpGRMYT0u9ZGFVI70m3VBCZqn/l4cwUDyAI=,tag:D0QE2TQxLNnEv6/ECCLnRw==,type:str] + postgres: ENC[AES256_GCM,data:/jukTywBVoRi8KkDpAA=,iv:nx3eVKH1DXGk3tipbzlIGGyZB3/bJP5TSVMFVNHTIPs=,tag:DDmnJ1yiiZcGqvGj6uTG7w==,type:str] + oidc_client_secret: ENC[AES256_GCM,data:QdTHn5n+VcZ7EpZRI9EGHm+F5CWWr72nEqyJC4itEnSM+MZfnp941rRBUefU067VCf/mZR8UWkMJYATR2wcQTGluF73nHOeV8c1XUwT0TXNgPNhPdXisRcZF8OCYzU9HmdMKieiH/Bmc/mSXU3AZuTe9UXhf0CyVs1HgoENyfJQ=,iv:pigc8d/LPwy/mBrlUzOFR1nIUrulYZ67nq4bI4Mn+MI=,tag:nKDeJBp9VhzS3fOx64N0kA==,type:str] + signing_key: ENC[AES256_GCM,data:f3EEHTnY5qm2TUKEXMLsrMt9qhJaz9VzRwGFV9+xUP32fwxwbZc/EopOVJ03OvQwG695at+26MRWcQ==,iv:jKfEBdXSIrg1WQRvWxi+CUiO2mXOfULkg/i3YSD4d9k=,tag:EYhdgGZkx0qZqAqlA/RJuQ==,type:str] + sliding_sync_secret: ENC[AES256_GCM,data:zog0Bw+GyNnaLKtxhH3p4nMYtT6CcJ6bpaq1UagIxuywKjxSJkjKdmWXDrQ+mgswvc8rZ1GRDTsuYJmjcr3JwQ==,iv:JUKLrxrYQmCF15o+PwY1PzNW1h9FrGxdbSFGCzm3RdA=,tag:EXxXOAVbGAemOBFRhXKPqg==,type:str] mautrix-signal: - as_token: ENC[AES256_GCM,data:wu9ohlIUn6dBYxa7jZzG9DRVRrBCnmXsc7txntF6U6eW6rpe/bvKWDR5/db1ZtMxAv/MZrTephJ81yqtr8aDsw==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:J6F3CP5OJbyPBr5iVWhg0w==,type:str] - hs_token: ENC[AES256_GCM,data:8OAHb5+k7uRW5EtjrNiTFjG1lf3txePHjpVYaDtJ1MfbtU8jN/T50PENPwFHR9iJSh2Zma7PGgFjwlWHGQEW8A==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:3y/K1iztmWrWR34/3vjopA==,type:str] + as_token: ENC[AES256_GCM,data:13EBWO8ZD2LjkFLI3Clvn4qU1u+rCrPwlvwLaNDlKt3Zf2YxCvM3m1dprj5FyF3fNETSgzbMe6tXsHcxjMi5ag==,iv:L+Pj1Mg5SlaKs0kb68qPzJX1FI7mV8boh4OonfWBy8o=,tag:nIsr0NdIDU2a3DYGm7OXeA==,type:str] + hs_token: ENC[AES256_GCM,data:PJkY4F3Nu6C79v3FaEw6sVr7Y+IIjLJbc2h+L7pEFYyfyolWPMTeQf85Js1zbGEsRLWvyJTAQXdg68KldYCg2Q==,iv:YoHj7qGYVA8C8HL8XLcarHwkVrdc7dQHecYF0yxvqwM=,tag:xoxt0sprxTpHhf4XLfrCaA==,type:str] + postgres_password: ENC[AES256_GCM,data:k+BHWgiNXQeujuShmDgu3anjLgcd,iv:J8sUNC6S/RsMhu3LW37xp5sddJxicfVaOrsfsptp/W4=,tag:7RB6j19tBEp7Z+VSEUR4mQ==,type:str] mautrix-instagram: - as_token: ENC[AES256_GCM,data:pNO76BcGejQdCc5X4f/UvSsBIPU6QZCCQTJvwVIXRf3rnb9ewWNMEtYXlqj886yh3g5SgqQ4Uhqby/7vrMxREA==,iv:uYU7ACk4wEPzqUCpt5KBt5Y8LoVIdAlNvdWj5Jm94qM=,tag:vJHOhwJBPlgUPu1SFqI4ew==,type:str] - hs_token: ENC[AES256_GCM,data:m1CK8Ae6QyJKgDZm904xMpZ1KgKxEUpmQ1jdKOkjexgwAWjjtYF+RVximtcXwxPg/0jkbK/LMlxA89ic+zajiA==,iv:YLed92mS+2Cpud2f8Gq+zlpSVyPo7RVNGOUPCIRDi94=,tag:rRwhYn88ZZwm5sDI1etR2g==,type:str] + as_token: ENC[AES256_GCM,data:DP/VQGK2DO4ixT/3wLBhvKxCcauEgXmDD4vW8k5uJFXAq7gtUXasLIYZ6pkUx0Vzd5kT/XZMhFOJyOT2Cyv38Q==,iv:uYU7ACk4wEPzqUCpt5KBt5Y8LoVIdAlNvdWj5Jm94qM=,tag:RoOhGoQ2BeDe0n6/w4TuPA==,type:str] + hs_token: ENC[AES256_GCM,data:ljzZE6uwHq7jH5oIej4TWMeFtDolRSCg1oNr7xkjK7t3EpZrkg2YVOvWJtf/B+43cx7/BzVftBM4NOElQfRUDA==,iv:YLed92mS+2Cpud2f8Gq+zlpSVyPo7RVNGOUPCIRDi94=,tag:KEqa64BqbG7lmpV2sTqHkg==,type:str] +authentik: + postgres_password: ENC[AES256_GCM,data:jUVLMW1kFABZ3uWeWp4oWGOQDm7IBpF1BKNg/h88UqbpgakSCVuF+GIOSTxpSdc0,iv:UxFDFYWNBQospGoHlrvLQJyypIszPqpkeJy1IGr6/7I=,tag:IIN24+k4k37IszNFK1+rRg==,type:str] + secret_key: ENC[AES256_GCM,data:qYS0HIImVKnMS9ywEJK2E0WLHgcWIYTZVapA/fL79abqK1qKPeVIQ3u/SqwkGBgg,iv:WN/LXUNrd+DbxfxwotedlYnyzE2D1c6C2e0UgCXUWX8=,tag:E5ABLXy5vDxDPdBGR5HoLg==,type:str] +mail: + host: ENC[AES256_GCM,data:FGKGHXYVwbDp17nYwrQtvGp0FYuK,iv:+hjhL2jbMP9NWYub/etBhFXxAfzoIEneepRw5uHL8bs=,tag:Uy3BihID9/h1Y7874KqHMw==,type:str] + port: ENC[AES256_GCM,data:q3NZ,iv:I3dK4v/h5nFLNk4yihQxkJiyAir9MLDAQIeGbSn3j+I=,tag:TAZg45IQF/dlLrH1vjBlmA==,type:str] + username: ENC[AES256_GCM,data:DJ8D7TY2o2PimB0WX4L6gEJr7M6XRQ==,iv:LkZh8eaBZ+Z3+bjpyB3MkWTRpjtk3/bszseT9KCfDmM=,tag:Nf7ePRKAqk+xRpKSem/QSw==,type:str] + password: ENC[AES256_GCM,data:GqR8lvyF21djWQT0smHQb42FOt56ZHPnLYS0ekoyyH0=,iv:Rn30tJAoahkMr2ISDbyHClHDdjSF41MqtTwlSGUQELw=,tag:ab7k7Afi5Dfw4NkLbF/cUg==,type:str] + ssl: ENC[AES256_GCM,data:swCVBQ==,iv:Us4kZfQ2wIx/qJXDaPDuUNvGU2F+U8EtV21SPbTebe8=,tag:Zuc0y6aTyjQBe4ZV7zy3NA==,type:str] +transmission: + auth: + OPENVPN_PROVIDER: ENC[AES256_GCM,data:uk/rxQ==,iv:WycsUcM9qRW6ExylDK9kCD2PKT9XMijLBJXkYKUmhDI=,tag:AiBA+UVlKfMhpyV3MB9ZBA==,type:str] + OPENVPN_CONFIG: ENC[AES256_GCM,data:mHMLA2Rqte+aEGstKCan3fNPEqwb,iv:wvLx3rWNcDVek6bmXBu+39AlnXpviNNwCItLAWWVDzY=,tag:1ArWMperFmOFSCdehWibNg==,type:str] + OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str] + OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str] +namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str] sops: kms: [] gcp_kms: [] @@ -28,14 +42,14 @@ sops: - recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4a3EwTXQwV3hxNW1zNXow - Q1UxRHcwaVdhNHo5N0QvbE1maTkxdFBKZUJvCnpVYklIamlic1A4SDluQnhod2Z3 - MTVxRlJLVWd5dkZlTjE1OGRIZVo4QmsKLS0tIHI4bm01WjNucUlvYzFTSzhNSkQ3 - NUFIN3NPU2pTZ0NZRXdQY0xhWlI5T3cKd5XCj1aNsD+7+MfiAPGb1iAW9AgzyagG - A7cwF9kQwWWLud9z4v6epuDkqGF+7uIy7N/CwBaEgi8+AS8o27wo4g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1R5TFAvZFFMbTJqWVl5 + STA0YjBRSmk2N1dvUG9ETWYvRTNXMTFoYUVJCk81dmM2c0JLcnpzUjBsazZrenRK + YXZkQ2pqRTNrTDBFK1FrQ3BRNmI0STQKLS0tIHpseXFsSlhLNVhHeFNhVXNEcmM3 + S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x + UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-23T23:24:16Z" - mac: ENC[AES256_GCM,data:bs8t7nH5BdIz4uQd33M2pt+AVhqfBEJy9l8AFl8p80GLAMg5zKlDWxtVCPrWk8viJvfMkhvwEovBizoy3m7gt8iWLf+dtznBjALtUXVAc/+dmACUS8E9JHHKcvOHxT/cYCuU3t6pDJWlbfnpBtKSSHH8Z/YblYMlkeoNeNOoAwU=,iv:9fKO44c5TNMBgHqcuV6Fu+GW8TjND+32KDEerawpZL4=,tag:Ps8kelq+8iY88mdqugRTMg==,type:str] + lastmodified: "2025-01-17T23:54:41Z" + mac: ENC[AES256_GCM,data:kX07sYwKyAu2ElYoBIuaVVryIGIUowxS4ZMxIoX9/aDQY9+yVrmaWzj1kmQNyTqoSBZyetDGQzNV3mMjgCpIQ2XjJdCB5lH4M5DOV63A3pwDwDeHSzzTrURY6xubeswl8o+2k+gxD0/oLLB9j+YZxb9F1oKQt2cK1dzOYPdtUL8=,iv:ftaeEg78WejtZM6J8BiahmsSbQub/5Kz/oLVU3nJhtA=,tag:eobu6KIZwltpC43qXpTVaQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 From 5732609a52a14346ae0fd487d64fe3c96f71ab48 Mon Sep 17 00:00:00 2001 From: Tristan Date: Thu, 3 Apr 2025 15:05:50 +0100 Subject: [PATCH 2/4] alpine: something something --- nixos/services/jellyfin.nix | 1 + nixos/services/loki.nix | 6 +++++- nixos/services/mautrix/whatsapp.nix | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/services/jellyfin.nix b/nixos/services/jellyfin.nix index 9eba39e..583a411 100644 --- a/nixos/services/jellyfin.nix +++ b/nixos/services/jellyfin.nix @@ -2,6 +2,7 @@ services.jellyfin = { enable = true; group = "media"; # access to user stuff + openFirewall = true; }; services.nginx.virtualHosts."movies.tristans.cloud" = { forceSSL = true; diff --git a/nixos/services/loki.nix b/nixos/services/loki.nix index 1e84fc8..d114318 100644 --- a/nixos/services/loki.nix +++ b/nixos/services/loki.nix @@ -27,7 +27,11 @@ in { replication_factor = 1; path_prefix = "/tmp/loki"; }; - limits_config.ingestion_rate_strategy = "local"; + limits_config = { + ingestion_rate_strategy = "local"; + ingestion_rate_mb = 24; + ingestion_burst_size_mb = 36; + }; }; }; services.prometheus.scrapeConfigs = [{ diff --git a/nixos/services/mautrix/whatsapp.nix b/nixos/services/mautrix/whatsapp.nix index cc65690..99ba1f9 100644 --- a/nixos/services/mautrix/whatsapp.nix +++ b/nixos/services/mautrix/whatsapp.nix @@ -1,6 +1,9 @@ {config, ...}: { # TODO: totally borked for some reason. DB migration? + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; services.mautrix-whatsapp = { enable = true; registerToSynapse = true; From 99481b0c20dccdeae47ccd4aef20879a245332f4 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 29 Apr 2025 02:37:13 +0100 Subject: [PATCH 3/4] alpine: remove mpd --- flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/flake.nix b/flake.nix index 320b3bf..ede8ff3 100644 --- a/flake.nix +++ b/flake.nix @@ -44,7 +44,6 @@ ./nixos/programs/hyprland.nix ]; home-modules = [ - ./home/programs/mpd.nix ./home/programs/graphical.nix ./home/programs/gamer.nix ./home/programs/personal/. @@ -61,7 +60,6 @@ ./nixos/programs/hyprland.nix ]; home-modules = [ - ./home/programs/mpd.nix ./home/programs/work.nix ./home/programs/graphical.nix ./home/desktop/cosmic/laptop.nix @@ -89,7 +87,6 @@ ./nixos/services/forgejo.nix ./nixos/services/vaultwarden.nix ./nixos/services/jellyfin.nix - ./nixos/services/mpd.nix ./nixos/services/prometheus.nix ./nixos/services/grafana.nix ./nixos/services/loki.nix From d6da45e36a5c7e5042a1de865eb7b2e1d4dd096b Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 29 Apr 2025 03:16:50 +0100 Subject: [PATCH 4/4] alpine: update nextcloud30 and authentik 2025.2.4 --- nixos/services/authentik.nix | 2 +- nixos/services/nextcloud.nix | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/nixos/services/authentik.nix b/nixos/services/authentik.nix index 24bc72a..c6435cc 100644 --- a/nixos/services/authentik.nix +++ b/nixos/services/authentik.nix @@ -10,7 +10,7 @@ }; authentik-config = { autoStart = true; - image = "ghcr.io/goauthentik/server:2024.8.2"; + image = "ghcr.io/goauthentik/server:2025.2.4"; volumes = ["/home/tristan/pods/authentik/media:/media"]; environment = { AUTHENTIK_POSTGRESQL__USER = postgres.user; diff --git a/nixos/services/nextcloud.nix b/nixos/services/nextcloud.nix index d13cc16..06f4a88 100644 --- a/nixos/services/nextcloud.nix +++ b/nixos/services/nextcloud.nix @@ -28,7 +28,7 @@ in { services.nextcloud = { enable = true; https = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; hostName = "files.${config.networking.domain}"; configureRedis = true; database.createLocally = true; @@ -37,6 +37,7 @@ in { dbtype = "pgsql"; }; secretFile = sops.templates."nextcloud/secrets.json".path; + phpOptions."opcache.interned_strings_buffer" = "23"; settings = { maintenance_window_start = 2; default_phone_region = "GB"; @@ -82,12 +83,8 @@ in { previewgenerator deck news + oidc_login ; - oidc_login = pkgs.fetchNextcloudApp { - sha256 = "sha256-DrbaKENMz2QJfbDKCMrNGEZYpUEvtcsiqw9WnveaPZA="; - url = "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.0/oidc_login.tar.gz"; - license = "agpl3Only"; - }; }; maxUploadSize = "5G"; };