From 2519acee6843dd25dbab3e71f0af6229f3cc5714 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 22 Jul 2025 14:58:21 +0200 Subject: [PATCH 001/162] flake: update --- flake.lock | 134 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 82 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index 0ce872c..00e2b73 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1751272032, - "narHash": "sha256-493llKN7yyLkKlz8uYVAyvXH261IpDzuVA+TnewFIAg=", + "lastModified": 1752663231, + "narHash": "sha256-rTItuAWpzICMREF8Ww8cK4hYgNMRXJ4wjkN0akLlaWE=", "owner": "KZDKM", "repo": "Hyprspace", - "rev": "847a770436e1ecebdbe5ed006a93db7666937ff2", + "rev": "0a82e3724f929de8ad8fb04d2b7fa128493f24f7", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1751740947, - "narHash": "sha256-35040CHH7P3JGmhGVfEb2oJHL/A5mI2IXumhkxrBnao=", + "lastModified": 1752743471, + "narHash": "sha256-4izhj1j7J4mE8LgljCXSIUDculqOsxxhdoC81VhqizM=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "dfc1db15a08c4cd234288f66e1199c653495301f", + "rev": "e31b575d19e7cf8a8f4398e2f9cffe27a1332506", "type": "github" }, "original": { @@ -101,11 +101,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1751880463, - "narHash": "sha256-aSQllMKqsTYAUp4yhpspZn0Hj5yIj7Mh4UD5iyk5iMM=", + "lastModified": 1753176825, + "narHash": "sha256-a2SRRDqZJRBM1PsqyCS9mUjTVvf7DoOZHE9CCQpHV0Y=", "owner": "catppuccin", "repo": "nix", - "rev": "9474347c69e93e392f194dda7a57c641ba4b998e", + "rev": "77508ef18131ba2c3c304dbdeacb945299a09d8d", "type": "github" }, "original": { @@ -337,11 +337,11 @@ ] }, "locked": { - "lastModified": 1751990210, - "narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=", + "lastModified": 1753180535, + "narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=", "owner": "nix-community", "repo": "home-manager", - "rev": "218da00bfa73f2a61682417efe74549416c16ba6", + "rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc", "type": "github" }, "original": { @@ -355,11 +355,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1751715349, - "narHash": "sha256-cP76ijtfGTFTpWFfmyFHA2MpDlIyKpWwW82kqQSQ6s0=", + "lastModified": 1752857088, + "narHash": "sha256-usBNOT/uzFdsKDe5Ik+C36zqL+BfT7Lp2rqKWrpQuqk=", "owner": "hyprwm", "repo": "contrib", - "rev": "dafa5d09b413d08a55a81f6f8e85775d717bacda", + "rev": "481175e17e155f19a3b31416530b6edf725e7034", "type": "github" }, "original": { @@ -413,11 +413,11 @@ ] }, "locked": { - "lastModified": 1751808145, - "narHash": "sha256-OXgL0XaKMmfX2rRQkt9SkJw+QNfv0jExlySt1D6O72g=", + "lastModified": 1752149140, + "narHash": "sha256-gbh1HL98Fdqu0jJIWN4OJQN7Kkth7+rbkFpSZLm/62A=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "b841473a0bd4a1a74a0b64f1ec2ab199035c349f", + "rev": "340494a38b5ec453dfc542c6226481f736cc8a9a", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1751995875, - "narHash": "sha256-oGufLuYzFSdLP6fUSLsIm2m4QscfTPbRT1fzQTdkw4M=", + "lastModified": 1753175652, + "narHash": "sha256-bZvBovQ/c/F26QaOEm3IVOnLCxa17oc9QZ5ot18mqck=", "ref": "refs/heads/main", - "rev": "9517d0eaa4ef93de67dc80fecca7a826f7ad556d", - "revCount": 6256, + "rev": "fdbbad04bbf2382e9a980418c976668fc062f195", + "revCount": 6305, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -606,6 +606,35 @@ "type": "github" } }, + "hyprlang_2": { + "inputs": { + "hyprutils": [ + "hyprsunset", + "hyprutils" + ], + "nixpkgs": [ + "hyprsunset", + "nixpkgs" + ], + "systems": [ + "hyprsunset", + "systems" + ] + }, + "locked": { + "lastModified": 1750371198, + "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "cee01452bca58d6cadb3224e21e370de8bc20f0b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, "hyprpicker": { "inputs": { "hyprutils": "hyprutils_2", @@ -630,17 +659,18 @@ "hyprsunset": { "inputs": { "hyprland-protocols": "hyprland-protocols_2", + "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", "nixpkgs": "nixpkgs_6", "systems": "systems_5" }, "locked": { - "lastModified": 1751567624, - "narHash": "sha256-tUVODSZhvafXmuN+5SwZpNWV+2cvhSd+5IJ5TXu3YgI=", + "lastModified": 1753044964, + "narHash": "sha256-etkR2MZTTHb6p0KOR1NDbPKC+wZ+G8rKw/mJNTQ9oPA=", "owner": "hyprwm", "repo": "hyprsunset", - "rev": "4b2f0f9f46a6552930eecb979d18ac48d7079312", + "rev": "f075fc4dd15800d6153dcb0f8c3ee3383ae7d732", "type": "github" }, "original": { @@ -661,11 +691,11 @@ ] }, "locked": { - "lastModified": 1751888065, - "narHash": "sha256-F2SV9WGqgtRsXIdUrl3sRe0wXlQD+kRRZcSfbepjPJY=", + "lastModified": 1752252310, + "narHash": "sha256-06i1pIh6wb+sDeDmWlzuPwIdaFMxLlj1J9I5B9XqSeo=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "a8229739cf36d159001cfc203871917b83fdf917", + "rev": "bcabcbada90ed2aacb435dc09b91001819a6dc82", "type": "github" }, "original": { @@ -736,11 +766,11 @@ ] }, "locked": { - "lastModified": 1751881472, - "narHash": "sha256-meB0SnXbwIe2trD041MLKEv6R7NZ759QwBcVIhlSBfE=", + "lastModified": 1751897909, + "narHash": "sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "8fb426b3e5452fd9169453fd6c10f8c14ca37120", + "rev": "fcca0c61f988a9d092cbb33e906775014c61579d", "type": "github" }, "original": { @@ -835,11 +865,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1752026525, - "narHash": "sha256-uCkk6qnQFNKJh0wwpeN/B/S27834c0DpBSK/Frovvyo=", + "lastModified": 1753150084, + "narHash": "sha256-RuC74MBCivhlQJAWgXllT5Mym55HkR46sxR3kHgKsqA=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "9d902f4f96cba7226f242045a5605b1ffcf18cd4", + "rev": "465fa426242404f8abfc2f6c8526a6b84a45609d", "type": "github" }, "original": { @@ -850,11 +880,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1751432711, - "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -927,11 +957,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -959,11 +989,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1750776420, - "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -1023,11 +1053,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1751625545, - "narHash": "sha256-4E7wWftF1ExK5ZEDzj41+9mVgxtuRV3wWCId7QAYMAU=", + "lastModified": 1752900028, + "narHash": "sha256-dPALCtmik9Wr14MGqVXm+OQcv7vhPBXcWNIOThGnB/Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c860cf0b3a0829f0f6cf344ca8de83a2bbfab428", + "rev": "6b4955211758ba47fac850c040a27f23b9b4008f", "type": "github" }, "original": { @@ -1039,11 +1069,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1751792365, - "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -1115,11 +1145,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1752047019, - "narHash": "sha256-cquBxPthNijnDaoX6Pj5V0jQ5BhoqJOJ/DdGzeJ0xyg=", + "lastModified": 1753188105, + "narHash": "sha256-+TzCdjqNolMiaXQputij1ZRd1kP5xp2AIcwWzxh+gDU=", "owner": "nix-community", "repo": "NUR", - "rev": "64185b1642f23c6340e3ebd52eabccfadfb78cfb", + "rev": "e5000d3243509388c73347fab9d6adccba943a61", "type": "github" }, "original": { From f625e11ad9aad934b915f79b0dfb2f8514096b8c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 22 Jul 2025 14:58:35 +0200 Subject: [PATCH 002/162] feat: enable vaultwarden --- modules/services/violet.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 2f31873..d036137 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -24,7 +24,8 @@ ++ [ (import ./sharkey-proxy.nix) ] # ++ [ (import ./komga.nix) ] # ++ [ (import ./xmpp.nix) ] - ++ [ (import ./tailscale.nix) ]; + ++ [ (import ./tailscale.nix) ] + ++ [ (import ./vaultwarden.nix) ]; # ++ [ (import ./smart-monitoring.nix) ] # ++ [ (import ./jitsi-meet.nix) ] } From e23badca2a634a7e1937db51fb2ef9dc85c07b2c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 24 Jul 2025 23:35:53 +0200 Subject: [PATCH 003/162] feat: enable command-not-found; set zsh histsize higher --- modules/home/zsh.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index d771fdc..8082e59 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -7,6 +7,7 @@ }: { programs = { + command-not-found.enable = true; zsh = { enable = true; autocd = true; @@ -27,8 +28,8 @@ SYSTEMD_LESS = "FRXMK"; # Fix weird sideways scrolling in systemctl status ... ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#808080"; ZSH_AUTOSUGGEST_USE_ASYNC = 1; - HISTSIZE = 100000; - SAVEHIST = 100000; + HISTSIZE = 10000000; + SAVEHIST = 10000000; HISTFILE = "~/.zsh_history"; HISTORY_SUBSTRING_SEARCH_ENSURE_UNIQUE = 1; }; From 9e0c2b9919eadf3809dcf163a0fd2086ed87d39f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 24 Jul 2025 23:36:07 +0200 Subject: [PATCH 004/162] flake: update --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 00e2b73..1178345 100644 --- a/flake.lock +++ b/flake.lock @@ -101,11 +101,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1753176825, - "narHash": "sha256-a2SRRDqZJRBM1PsqyCS9mUjTVvf7DoOZHE9CCQpHV0Y=", + "lastModified": 1753284130, + "narHash": "sha256-qadXtVNH5qFiD3zIAk7mk6E8kV+TuK86a7TUhs0kouc=", "owner": "catppuccin", "repo": "nix", - "rev": "77508ef18131ba2c3c304dbdeacb945299a09d8d", + "rev": "6365c59e7506fd3e6e5050c8184b41aa7410d6e7", "type": "github" }, "original": { @@ -337,11 +337,11 @@ ] }, "locked": { - "lastModified": 1753180535, - "narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=", + "lastModified": 1753373145, + "narHash": "sha256-UhuUj46dobD/POOdVNxKvAvP3luI2T0MZPm2IXl266Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc", + "rev": "64796151f79e6f3834bfc55f07c5487708bb5b3f", "type": "github" }, "original": { @@ -355,11 +355,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1752857088, - "narHash": "sha256-usBNOT/uzFdsKDe5Ik+C36zqL+BfT7Lp2rqKWrpQuqk=", + "lastModified": 1753252360, + "narHash": "sha256-PFAJoEqQWMlo1J+yZb+4HixmhbRVmmNl58e/AkLYDDI=", "owner": "hyprwm", "repo": "contrib", - "rev": "481175e17e155f19a3b31416530b6edf725e7034", + "rev": "6839b23345b71db17cd408373de4f5605bf589b8", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1753175652, - "narHash": "sha256-bZvBovQ/c/F26QaOEm3IVOnLCxa17oc9QZ5ot18mqck=", + "lastModified": 1753310189, + "narHash": "sha256-EgDpsy/2ge/88Zd5ML+m0tyFVwXCeUoPQTOs4YtWZ8w=", "ref": "refs/heads/main", - "rev": "fdbbad04bbf2382e9a980418c976668fc062f195", - "revCount": 6305, + "rev": "31cc7f3b87d1d9670b66e73e3720da2e2da49acd", + "revCount": 6311, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -666,11 +666,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1753044964, - "narHash": "sha256-etkR2MZTTHb6p0KOR1NDbPKC+wZ+G8rKw/mJNTQ9oPA=", + "lastModified": 1753378338, + "narHash": "sha256-Ctk7zophp8obM/u9S2c8a6nOWV+VeIzq6ma+dI5BE3s=", "owner": "hyprwm", "repo": "hyprsunset", - "rev": "f075fc4dd15800d6153dcb0f8c3ee3383ae7d732", + "rev": "962f519df793ea804810b1ddebfc8a88b80a845c", "type": "github" }, "original": { @@ -865,11 +865,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1753150084, - "narHash": "sha256-RuC74MBCivhlQJAWgXllT5Mym55HkR46sxR3kHgKsqA=", + "lastModified": 1753367463, + "narHash": "sha256-57dj9Yg+R+70TEjQ2Zd1ytbo+6Tgzd6vBcUWcMDXHWU=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "465fa426242404f8abfc2f6c8526a6b84a45609d", + "rev": "f459134cf7b4f4f890736063a7cde1cf3b9fb7e6", "type": "github" }, "original": { @@ -957,11 +957,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", "type": "github" }, "original": { @@ -1069,11 +1069,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", "type": "github" }, "original": { @@ -1145,11 +1145,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1753188105, - "narHash": "sha256-+TzCdjqNolMiaXQputij1ZRd1kP5xp2AIcwWzxh+gDU=", + "lastModified": 1753382346, + "narHash": "sha256-zmwOtA2ug12q+n50PZloOR9BdR/NN+iugdYyTjtKgS0=", "owner": "nix-community", "repo": "NUR", - "rev": "e5000d3243509388c73347fab9d6adccba943a61", + "rev": "36c64dfbef717701d0a9cac2ea26e4357d782357", "type": "github" }, "original": { From 38ea54d1b9d8789c7964cc9333ff2ff05a0a246b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 24 Jul 2025 23:36:23 +0200 Subject: [PATCH 005/162] feat: adds sshpass --- modules/home/packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 4ac677b..4c503db 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -60,6 +60,7 @@ delta powertop android-tools + sshpass # GUI shit element-desktop @@ -79,6 +80,7 @@ lxqt.pavucontrol-qt mpv plasma5Packages.kdeconnect-kde + # onthespot-overlay # Gaming lunar-client From c6d77088e1157529ac293ca49da883326df6bea7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 17:10:33 +0200 Subject: [PATCH 006/162] feat: move waybar to bottom, also make it more transparent --- modules/home/waybar/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/home/waybar/default.nix b/modules/home/waybar/default.nix index 184134c..5572f57 100644 --- a/modules/home/waybar/default.nix +++ b/modules/home/waybar/default.nix @@ -23,8 +23,8 @@ "/home/${username}/.config/waybar/config" = { text = '' [{ - "layer": "top", - "position": "top", + "layer": "bottom", + "position": "bottom", "modules-left": [ "privacy", @@ -377,9 +377,9 @@ /* margin: 0 0px; */ } - window#waybar.top { + window#waybar.bottom { /* background-color: rgba(115, 116, 116, 0.22); */ - background-color: rgba(0, 0, 0, 0.75); + background-color: rgba(0, 0, 0, 0.25); border-bottom: none; color: #eeeeee; transition-property: background-color; @@ -387,7 +387,7 @@ } window#waybar.hidden { - opacity: 0.5; + opacity: 0.25; } label#window { From e8536922d796ff699567d03b2a6ff7b4ec0d525f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 17:10:39 +0200 Subject: [PATCH 007/162] flake: update --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 1178345..ff76c8b 100644 --- a/flake.lock +++ b/flake.lock @@ -101,11 +101,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1753284130, - "narHash": "sha256-qadXtVNH5qFiD3zIAk7mk6E8kV+TuK86a7TUhs0kouc=", + "lastModified": 1753471400, + "narHash": "sha256-HFoF82El1cjuiz5se+SeawMwWseUUtYBimq3Iu6G2D0=", "owner": "catppuccin", "repo": "nix", - "rev": "6365c59e7506fd3e6e5050c8184b41aa7410d6e7", + "rev": "bc6d2b7b57dd29389538f8c4465e408c07187404", "type": "github" }, "original": { @@ -337,11 +337,11 @@ ] }, "locked": { - "lastModified": 1753373145, - "narHash": "sha256-UhuUj46dobD/POOdVNxKvAvP3luI2T0MZPm2IXl266Y=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "64796151f79e6f3834bfc55f07c5487708bb5b3f", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1753310189, - "narHash": "sha256-EgDpsy/2ge/88Zd5ML+m0tyFVwXCeUoPQTOs4YtWZ8w=", + "lastModified": 1753523167, + "narHash": "sha256-DLVvtdF8zPmL+7dYubnMfK9IIITriecCg7ijLErUTg0=", "ref": "refs/heads/main", - "rev": "31cc7f3b87d1d9670b66e73e3720da2e2da49acd", - "revCount": 6311, + "rev": "e1fff05d0db9c266679ec7ea1b5734c73d6b0a57", + "revCount": 6314, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -865,11 +865,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1753367463, - "narHash": "sha256-57dj9Yg+R+70TEjQ2Zd1ytbo+6Tgzd6vBcUWcMDXHWU=", + "lastModified": 1753447932, + "narHash": "sha256-uKZ2HAJlQK4WUowggB4pVGFFqMVqVTkQaQ2+48/J+pY=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "f459134cf7b4f4f890736063a7cde1cf3b9fb7e6", + "rev": "1e3c1bd1461e9296334e039eeb20f7100153e98a", "type": "github" }, "original": { @@ -957,11 +957,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { @@ -989,11 +989,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", "type": "github" }, "original": { @@ -1069,11 +1069,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "type": "github" }, "original": { @@ -1106,11 +1106,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1749898168, - "narHash": "sha256-aOUvfBcLdrNzI1BL+jhPh0y0cFkgjne2tstDb8k1vI0=", + "lastModified": 1753530968, + "narHash": "sha256-mn0wmdFjtZdPQNvReOnyXI8YPCT3arnAKyfuRZuIOiQ=", "owner": "ahwxorg", "repo": "nixvim-config", - "rev": "546d385ec71b0ed34abc3f32100e3d0792c349c8", + "rev": "bdb8c7c4c77d2757c7e8fdd6e853060ba8287e90", "type": "github" }, "original": { @@ -1145,11 +1145,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1753382346, - "narHash": "sha256-zmwOtA2ug12q+n50PZloOR9BdR/NN+iugdYyTjtKgS0=", + "lastModified": 1753530457, + "narHash": "sha256-ElI7ya0YQ07RMDEaF94bQe7Rmz4tr2pKYa+KdRchrEY=", "owner": "nix-community", "repo": "NUR", - "rev": "36c64dfbef717701d0a9cac2ea26e4357d782357", + "rev": "8c37eaf318485018b37efa1006af881c5c7f5616", "type": "github" }, "original": { From 42cc781bd7fe7367d3ac4a476701a6acf786e6b2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 19:04:45 +0200 Subject: [PATCH 008/162] feat: adds sleep-then-hibernate to `sakura` --- hosts/sakura/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 99124c4..18e2ded 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -71,6 +71,10 @@ ${pkgs.fw-ectool}/bin/ectool led battery auto ''; }; + systemd.sleep.extraConfig = '' + HibernateDelaySec=30m + ''; + services.logind.lidSwitch = "suspend-then-hibernate"; boot = { plymouth.enable = true; kernelParams = [ From f62efc1eeead657cbd28a3340ff8c64401569ab2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 19:06:05 +0200 Subject: [PATCH 009/162] feat: write `plymouth` module --- modules/core/default.nix | 1 + modules/core/plymouth.nix | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 modules/core/plymouth.nix diff --git a/modules/core/default.nix b/modules/core/default.nix index 36b87a6..a91aa3a 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -9,6 +9,7 @@ ++ [ (import ./network.nix) ] ++ [ (import ./pipewire.nix) ] ++ [ (import ./program.nix) ] + ++ [ (import ./plymouth.nix) ] ++ [ (import ./sshd.nix) ] ++ [ (import ./security.nix) ] ++ [ (import ./services.nix) ] diff --git a/modules/core/plymouth.nix b/modules/core/plymouth.nix new file mode 100644 index 0000000..042236e --- /dev/null +++ b/modules/core/plymouth.nix @@ -0,0 +1,23 @@ +{ + pkgs, + lib, + ... +}: +{ + # TODO: add https://github.com/FraioVeio/plymouth-xp-theme + boot.loader.timeout = 1; + boot.plymouth = { + enable = lib.mkDefault true; + themePackages = with pkgs; [ + # By default we would install all themes + (adi1090x-plymouth-themes.override { + selected_themes = [ "lone" ]; + # selected_themes = [ "sliced" ]; + # selected_themes = [ "rings" ]; + # selected_themes = [ "red_loader" ]; + # selected_themes = [ "dna" ]; + # selected_themes = [ "hexagon_dots" ]; + }) + ]; + }; +} From 4741c430f92b8a7f201784166afbde60831bfcac Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 19:06:18 +0200 Subject: [PATCH 010/162] chore: disable plymouth on sakura as the module is now in use --- hosts/sakura/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 18e2ded..a84814b 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -76,7 +76,7 @@ ''; services.logind.lidSwitch = "suspend-then-hibernate"; boot = { - plymouth.enable = true; + # plymouth.enable = true; # is a module now kernelParams = [ "mem_sleep_default=deep" "acpi_osi=\"!Windows 2020\"" # otherwise GPU does weird shit that makes the computer look like the RAM is broken From 570f3d511a46fc97e0a2e76dbe63eeb91ad773a5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 19:06:39 +0200 Subject: [PATCH 011/162] chore: cleanup; hard-disable avahi since it's not required --- modules/core/network.nix | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/modules/core/network.nix b/modules/core/network.nix index 2c80cdb..919bb45 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -1,20 +1,13 @@ -{ pkgs, ... }: +{ pkgs, ... }: { networking = { networkmanager.enable = true; nameservers = [ "9.9.9.9" ]; firewall = { enable = true; - # allowedTCPPorts = [ 22 80 443 59010 59011 ]; - # allowedUDPPorts = [ 59010 59011 ]; - # allowedUDPPortRanges = [ - # { from = 4000; to = 4007; } - # { from = 8000; to = 8010; } - # ]; }; }; - - # environment.systemPackages = with pkgs; [ - # networkmanagerapplet - # ]; + services = { + avahi.enable = false; + }; } From 664a158281b09b731e7d8f20068e5a6369ecb92d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 19:06:51 +0200 Subject: [PATCH 012/162] feat: adds nixcd function --- modules/home/zsh.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 8082e59..53e7fbb 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -110,6 +110,20 @@ printf "%s\n" "''${url}" } + function nixcd () { sakura + PACKAGE_NAME="$1" + if [[ "$PACKAGE_NAME" = "" ]]; then + echo "Usage: nixcd " + fi + PKGINSTORE="$(NIXPKGS_ALLOW_UNFREE=1 nix path-info nixpkgs#$PACKAGE_NAME --impure)" + if [[ -d "$PKGINSTORE" ]]; then + cd $PKGINSTORE + else + echo "Could not find path for package: $PKGINSTORE" + return 1 + fi + } + export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then From ed59dde6cacf698c6c7e7e9137b0fefa55f5fd37 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 20:01:11 +0200 Subject: [PATCH 013/162] chore: remove `sakura` as that was left from a paste --- modules/home/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 53e7fbb..a5c83e8 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -110,7 +110,7 @@ printf "%s\n" "''${url}" } - function nixcd () { sakura + function nixcd () { PACKAGE_NAME="$1" if [[ "$PACKAGE_NAME" = "" ]]; then echo "Usage: nixcd " From 0477b8b4e3f40216bbc7db5d7db1d257ed102c77 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 20:06:08 +0200 Subject: [PATCH 014/162] chore: remove steam; remove desktop profile since it is not used --- modules/core/default.nix | 1 - modules/core/steam.nix | 9 --------- modules/core/system.nix | 20 ++++++++++++++------ modules/core/user.nix | 4 +--- modules/home/default.desktop.nix | 5 ----- modules/home/gaming.nix | 10 ---------- modules/home/steam.nix | 20 -------------------- 7 files changed, 15 insertions(+), 54 deletions(-) delete mode 100644 modules/core/steam.nix delete mode 100644 modules/home/default.desktop.nix delete mode 100644 modules/home/gaming.nix delete mode 100644 modules/home/steam.nix diff --git a/modules/core/default.nix b/modules/core/default.nix index a91aa3a..10c17fa 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -17,6 +17,5 @@ ++ [ (import ./user.nix) ] ++ [ (import ./bluetooth.nix) ] ++ [ (import ./yubikey.nix) ] - # ++ [ (import ./steam.nix) ] ++ [ (import ./wayland.nix) ]; } diff --git a/modules/core/steam.nix b/modules/core/steam.nix deleted file mode 100644 index 0901a55..0000000 --- a/modules/core/steam.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; -} diff --git a/modules/core/system.nix b/modules/core/system.nix index 7ac70fe..3fff33f 100644 --- a/modules/core/system.nix +++ b/modules/core/system.nix @@ -1,12 +1,20 @@ -{ self, pkgs, lib, inputs, ...}: { - # imports = [ inputs.nix-gaming.nixosModules.default ]; + self, + pkgs, + lib, + inputs, + ... +}: +{ nix = { settings = { auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - substituters = [ "https://nix-gaming.cachix.org" ]; - trusted-public-keys = [ "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + # substituters = [ "" ]; + # trusted-public-keys = [ "" ]; }; gc = { automatic = true; @@ -41,7 +49,7 @@ "en_US.UTF-8/UTF-8" "ja_JP.UTF-8/UTF-8" ]; - + # Font packages environment.systemPackages = with pkgs; [ noto-fonts-cjk-sans diff --git a/modules/core/user.nix b/modules/core/user.nix index 5ddb8db..a6b72b9 100644 --- a/modules/core/user.nix +++ b/modules/core/user.nix @@ -17,9 +17,7 @@ extraSpecialArgs = { inherit inputs username host; }; users.${username} = { imports = - if (host == "desktop") then - [ ./../home/default.desktop.nix ] - else if (host == "violet") then + if (host == "violet") then [ ./../home/default.server.nix ] else if (host == "dandelion") then [ ./../home/default.server.nix ] diff --git a/modules/home/default.desktop.nix b/modules/home/default.desktop.nix deleted file mode 100644 index 4e658d9..0000000 --- a/modules/home/default.desktop.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ ...}: { - imports = - [(import ./default.nix)] - ++ [ (import ./steam.nix) ]; -} diff --git a/modules/home/gaming.nix b/modules/home/gaming.nix deleted file mode 100644 index c9e167f..0000000 --- a/modules/home/gaming.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, config, inputs, ... }: -{ - home.packages = with pkgs;[ - ## Utils - # gamemode - # gamescope - # winetricks - # inputs.nix-gaming.packages.${pkgs.system}.wine-ge - ]; -} diff --git a/modules/home/steam.nix b/modules/home/steam.nix deleted file mode 100644 index 4b559a5..0000000 --- a/modules/home/steam.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, ... }: -{ - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = false; - }; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "steam" - "steam-original" - "steam-runtime" - ]; - # proton-ge-bin - -# warning: The package proton-ge in nix-gaming has been deprecated as of 2024-03-17. - -# You should use proton-ge-bin from Nixpkgs, which conforms to -# the new `extraCompatTools` module option under `programs.steam` -# For details, see the relevant pull request: -} From 9d63509ad91349fc85e2806b037dc9d743b6ad5e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 20:07:16 +0200 Subject: [PATCH 015/162] chore: remove rests of desktop and vm --- hosts/desktop/default.nix | 15 --------- hosts/desktop/hardware-configuration.nix | 41 ------------------------ hosts/vm/default.nix | 36 --------------------- hosts/vm/hardware-configuration.nix | 31 ------------------ 4 files changed, 123 deletions(-) delete mode 100644 hosts/desktop/default.nix delete mode 100644 hosts/desktop/hardware-configuration.nix delete mode 100644 hosts/vm/default.nix delete mode 100644 hosts/vm/hardware-configuration.nix diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix deleted file mode 100644 index 555e686..0000000 --- a/hosts/desktop/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./../../modules/core - ]; - - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; - - liv.desktop.enable = true; - liv.gui.enable = true; -} diff --git a/hosts/desktop/hardware-configuration.nix b/hosts/desktop/hardware-configuration.nix deleted file mode 100644 index 3cf9604..0000000 --- a/hosts/desktop/hardware-configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/6b518d54-a144-42fe-b500-b6651038bbcc"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/D1A5-9B92"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/2d69abc2-3d44-481b-ada8-b436c2b9c8c2"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix deleted file mode 100644 index b0a72a8..0000000 --- a/hosts/vm/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - imports = [ - ./hardware-configuration.nix - ./../../modules/core - ]; - - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; - - - # kvm/qemu doesn't use UEFI firmware mode by default. - # so we force-override the setting here - # and configure GRUB instead. - boot.loader = { - systemd-boot.enable = lib.mkForce false; - grub = { - enable = true; - device = "/dev/vda"; - useOSProber = false; - }; - }; - - # allow local remote access to make it easier to toy around with the system - services.openssh = { - enable = true; - ports = [22]; - settings = { - # PasswordAuthentication = lib.mkOverride true; - AllowUsers = null; - # PermitRootLogin = "yes"; - }; - }; -} diff --git a/hosts/vm/hardware-configuration.nix b/hosts/vm/hardware-configuration.nix deleted file mode 100644 index 7cd128a..0000000 --- a/hosts/vm/hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/631775ef-6851-4fe7-997f-189372f87437"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} From 23ab37bf70ef51eb38e195c38c8a169bcb4a1282 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 20:07:52 +0200 Subject: [PATCH 016/162] chore: remove catppuccin and nix-gaming inputs, remove desktop/vm hosts, add nix-index-database for command-not-found --- flake.nix | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/flake.nix b/flake.nix index 5371b3e..955a9e1 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,6 @@ inputs = { agenix.url = "github:ryantm/agenix"; alejandra.url = "github:kamadorueda/alejandra/3.0.0"; - catppuccin.url = "github:catppuccin/nix"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -25,14 +24,14 @@ nur.url = "github:nix-community/NUR"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixvim.url = "github:ahwxorg/nixvim-config"; - nix-gaming.url = "github:fufexan/nix-gaming"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, - catppuccin, agenix, ... }@inputs: @@ -48,16 +47,6 @@ { overlays.default = overlays.addition; nixosConfigurations = { - desktop = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/desktop) - ]; - specialArgs = { - host = "desktop"; - inherit self inputs username; - }; - }; sakura = nixpkgs.lib.nixosSystem { inherit system; modules = [ @@ -124,17 +113,6 @@ inherit self inputs username; }; }; - - vm = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/vm) - ]; - specialArgs = { - host = "vm"; - inherit self inputs username; - }; - }; }; }; } From 05d817ef8abd259ba3314ec3751450fa96bce0a5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 21:03:26 +0200 Subject: [PATCH 017/162] flake: change inputs --- flake.lock | 209 ++++++++++++++++------------------------------------- 1 file changed, 63 insertions(+), 146 deletions(-) diff --git a/flake.lock b/flake.lock index ff76c8b..5b65471 100644 --- a/flake.lock +++ b/flake.lock @@ -96,24 +96,6 @@ "type": "github" } }, - "catppuccin": { - "inputs": { - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1753471400, - "narHash": "sha256-HFoF82El1cjuiz5se+SeawMwWseUUtYBimq3Iu6G2D0=", - "owner": "catppuccin", - "repo": "nix", - "rev": "bc6d2b7b57dd29389538f8c4465e408c07187404", - "type": "github" - }, - "original": { - "owner": "catppuccin", - "repo": "nix", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -178,24 +160,6 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, "locked": { "lastModified": 1741352980, "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", @@ -210,7 +174,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -232,7 +196,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nur", @@ -352,7 +316,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1753252360, @@ -639,7 +603,7 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "systems": "systems_4" }, "locked": { @@ -662,7 +626,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "systems": "systems_5" }, "locked": { @@ -859,22 +823,23 @@ "type": "github" } }, - "nix-gaming": { + "nix-index-database": { "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_7" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1753447932, - "narHash": "sha256-uKZ2HAJlQK4WUowggB4pVGFFqMVqVTkQaQ2+48/J+pY=", - "owner": "fufexan", - "repo": "nix-gaming", - "rev": "1e3c1bd1461e9296334e039eeb20f7100153e98a", + "lastModified": 1752985182, + "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c", "type": "github" }, "original": { - "owner": "fufexan", - "repo": "nix-gaming", + "owner": "nix-community", + "repo": "nix-index-database", "type": "github" } }, @@ -910,21 +875,6 @@ } }, "nixpkgs-lib": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-lib_2": { "locked": { "lastModified": 1740877520, "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", @@ -939,38 +889,6 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1742800061, - "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1657425264, @@ -989,11 +907,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { @@ -1005,11 +923,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -1036,38 +954,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1752900028, - "narHash": "sha256-dPALCtmik9Wr14MGqVXm+OQcv7vhPBXcWNIOThGnB/Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6b4955211758ba47fac850c040a27f23b9b4008f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -1083,7 +969,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_7": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -1099,10 +985,42 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1742800061, + "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_9", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim_2" }, "locked": { @@ -1121,8 +1039,8 @@ }, "nixvim_2": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_10", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_8", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -1141,8 +1059,8 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_11" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1753530457, @@ -1210,15 +1128,14 @@ "Hyprspace": "Hyprspace", "agenix": "agenix", "alejandra": "alejandra", - "catppuccin": "catppuccin", "home-manager": "home-manager_2", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", - "nix-gaming": "nix-gaming", + "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim", "nur": "nur" } From e9cb874ec935e96a749496deba951cac7c8be483 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 21:46:44 +0200 Subject: [PATCH 018/162] chore: disable immich (via nix) and nextcloud for now --- modules/services/dandelion.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/dandelion.nix b/modules/services/dandelion.nix index 6bd0cd9..c11eff1 100644 --- a/modules/services/dandelion.nix +++ b/modules/services/dandelion.nix @@ -2,8 +2,8 @@ { imports = [ (import ./docker.nix) ] - ++ [ (import ./immich.nix) ] - ++ [ (import ./nextcloud.nix) ] + # ++ [ (import ./immich.nix) ] + # ++ [ (import ./nextcloud.nix) ] ++ [ (import ./home-assistant.nix) ] ++ [ (import ./monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ] From c7484bcda54c3217f702d3898f94039ba70a5cd4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 21:47:14 +0200 Subject: [PATCH 019/162] feat: configure new zfs pools for dandelion --- hosts/dandelion/default.nix | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 313dbc2..afee27e 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -60,10 +60,16 @@ trim.enable = true; }; - # boot.zfs.extraPools = [ "terrabite" ]; + boot.zfs.extraPools = [ "spinners" ]; - # fileSystems."/terrabite/main" = { - # device = "terrabite/main"; - # fsType = "zfs"; - # }; + fileSystems = { + "/spinners/rootvol" = { + device = "terrabite/rootvol"; + fsType = "zfs"; + }; + "/spinners/ahwx" = { + device = "terrabite/ahwx"; + fsType = "zfs"; + }; + }; } From b5251f42b92c29d205819ded955129aae6c10c7d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 21:54:21 +0200 Subject: [PATCH 020/162] chore: adds v4l2loopback and config for the obs virtual camera --- hosts/sakura/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index a84814b..f44da1b 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -93,7 +93,11 @@ [ acpi_call cpupower + v4l2loopback ] ++ [ pkgs.cpupower-gui ]; + extraModprobeConfig = '' + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; }; } From f25337f54852b1a5062f022e80b00a91191c2cf0 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 22:10:37 +0200 Subject: [PATCH 021/162] flake: remove nix-index-database; it sucks --- flake.lock | 21 --------------------- flake.nix | 2 -- 2 files changed, 23 deletions(-) diff --git a/flake.lock b/flake.lock index 5b65471..5785f02 100644 --- a/flake.lock +++ b/flake.lock @@ -823,26 +823,6 @@ "type": "github" } }, - "nix-index-database": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752985182, - "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=", - "owner": "nix-community", - "repo": "nix-index-database", - "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-index-database", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1753122741, @@ -1133,7 +1113,6 @@ "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", - "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_6", "nixvim": "nixvim", diff --git a/flake.nix b/flake.nix index 955a9e1..854257d 100644 --- a/flake.nix +++ b/flake.nix @@ -24,8 +24,6 @@ nur.url = "github:nix-community/NUR"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixvim.url = "github:ahwxorg/nixvim-config"; - nix-index-database.url = "github:nix-community/nix-index-database"; - nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = From fd68b40a72877205d414bdfb0ff3d2109da4fb50 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 22:10:49 +0200 Subject: [PATCH 022/162] chore: remove command-not-found; it sucks --- modules/home/zsh.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index a5c83e8..795ddf1 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -7,7 +7,6 @@ }: { programs = { - command-not-found.enable = true; zsh = { enable = true; autocd = true; From 28475cea7d71262d5ec26735aae4d5a640f43db0 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 23:12:13 +0200 Subject: [PATCH 023/162] chore: remove `plymouth` from `ichiyo` as it is enabled by default anyways nowadays --- hosts/ichiyo/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/ichiyo/default.nix b/hosts/ichiyo/default.nix index f56d168..527fb84 100644 --- a/hosts/ichiyo/default.nix +++ b/hosts/ichiyo/default.nix @@ -11,9 +11,6 @@ ./../../modules/core ]; - # Enable fancy boot animations - boot.plymouth.enable = true; - powerManagement = { enable = true; # powertop.enable = true; From c5184d62dab8330f2d2f3dc1f17712e986946c46 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 23:16:21 +0200 Subject: [PATCH 024/162] feat: make kitty more transparent as that works better with the bar --- modules/home/kitty.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/kitty.nix b/modules/home/kitty.nix index cac7f8c..3f20039 100644 --- a/modules/home/kitty.nix +++ b/modules/home/kitty.nix @@ -12,7 +12,7 @@ settings = { confirm_os_window_close = 0; - background_opacity = "0.75"; + background_opacity = "0.25"; window_padding_width = 10; scrollback_lines = 10000; enable_audio_bell = false; From 2f23a9f717720edfca06232be344c09db65b06a6 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 23:18:57 +0200 Subject: [PATCH 025/162] feat: open firewall as we now also host minecraft (wooo!) --- hosts/violet/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/violet/default.nix b/hosts/violet/default.nix index 8aa285d..bc15f41 100644 --- a/hosts/violet/default.nix +++ b/hosts/violet/default.nix @@ -33,6 +33,14 @@ xserver.videoDrivers = [ "nvidia" ]; }; + networking.firewall = { + allowedTCPPorts = [ + 80 + 443 + 25565 + ]; + }; + liv.nvidia.enable = true; boot = { From e9bd003401ee5e069420b03d7607fef7045add1b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 26 Jul 2025 23:35:29 +0200 Subject: [PATCH 026/162] feat: adds `zinnia` host --- flake.nix | 11 +++++ hosts/zinnia/default.nix | 61 +++++++++++++++++++++++++ hosts/zinnia/hardware-configuration.nix | 45 ++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 hosts/zinnia/default.nix create mode 100644 hosts/zinnia/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 854257d..34b2afc 100644 --- a/flake.nix +++ b/flake.nix @@ -111,6 +111,17 @@ inherit self inputs username; }; }; + zinnia = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/zinnia) + agenix.nixosModules.default + ]; + specialArgs = { + host = "zinnia"; + inherit self inputs username; + }; + }; }; }; } diff --git a/hosts/zinnia/default.nix b/hosts/zinnia/default.nix new file mode 100644 index 0000000..f7ba60b --- /dev/null +++ b/hosts/zinnia/default.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + pkgs, + ... +}: + +{ + imports = [ + ./hardware-configuration.nix + ./../../modules/core + ./../../modules/services/tailscale.nix + ./../../modules/services/mpd.nix + ]; + + liv = { + laptop.enable = true; + gui.enable = true; + desktop.enable = false; + creative.enable = false; + amdgpu.enable = false; + }; + + services = { + vnstat.enable = true; + }; + + networking.hostName = "zinnia"; + + powerManagement = { + enable = true; + powertop.enable = true; + cpuFreqGovernor = lib.mkDefault "ondemand"; + }; + + boot.initrd.luks.devices."luks-59aff546-c2c2-4697-a5f2-40a12f259f5a".device = + "/dev/disk/by-uuid/59aff546-c2c2-4697-a5f2-40a12f259f5a"; + + boot = { + kernelParams = [ + "mem_sleep_default=deep" + ]; + kernelModules = [ "acpi_call" ]; + kernelPackages = pkgs.linuxPackages_latest; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + systemd-boot.configurationLimit = 10; + }; + extraModulePackages = + with config.boot.kernelPackages; + [ + acpi_call + cpupower + ] + ++ [ pkgs.cpupower-gui ]; + }; + + time.timeZone = "Europe/Amsterdam"; + nixpkgs.config.allowUnfree = true; +} diff --git a/hosts/zinnia/hardware-configuration.nix b/hosts/zinnia/hardware-configuration.nix new file mode 100644 index 0000000..eb9890f --- /dev/null +++ b/hosts/zinnia/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/hardware/network/broadcom-43xx.nix") + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c9f69c59-2014-41de-b169-53c38c7d9f15"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-ad0e2f90-490d-4a2b-8484-8d18bc9bdff5".device = "/dev/disk/by-uuid/ad0e2f90-490d-4a2b-8484-8d18bc9bdff5"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0AEC-87AF"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/18a2707c-9fe0-4dc4-a15f-6908cc34f26e"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wwp0s20f0u2c2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From b27442991ee21e0a5274095d7d062e791237d0ec Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 00:10:08 +0200 Subject: [PATCH 027/162] feat: write big cursed function to make `zinnia`'s display work --- modules/home/hyprland/config.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index a014d1e..5452bb1 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, host, ... }: { fonts.fontconfig.enable = true; home.packages = [ @@ -58,7 +58,14 @@ source = "~/nixos-config/modules/home/hyprland/displays.conf"; "debug:disable_scale_checks" = true; - monitor = "eDP-1, 2256x1504@60, 0x0, 1.5"; + # monitor = "eDP-1, 2256x1504@60, 0x0, 1.5"; + monitor = + if (host == "sakura") then + "eDP-1, 2256x1504@60, 0x0, 1.5" + else if (host == "zinnia") then + "eDP-1, 1920x1080@60, 0x0, 1.0" + else + ", preferred, auto, 1"; # autostart exec-once = [ From 863e43f7e95bc5d1a9841fced770927e601417f4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 00:15:39 +0200 Subject: [PATCH 028/162] feat: adds key for `zinnia` to ssh config for all devices --- modules/core/sshd.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix index 36f4637..9cccd6d 100644 --- a/modules/core/sshd.nix +++ b/modules/core/sshd.nix @@ -14,9 +14,11 @@ networking.firewall.allowedTCPPorts = config.services.openssh.ports; users.users.liv.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # 2nd laptop + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # sakura + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # ichiyo + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDltZ7vfyrLrl32TIWCC3iUx40TrCtIz6Ssi/SZvikg liv@zinnia" # zinnia + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c ]; } From aa3b1439b059deae246ccc75a7fe7961b972ccd8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 00:16:39 +0200 Subject: [PATCH 029/162] feat: adds `gp` abbreviation --- modules/home/zsh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 795ddf1..28fde10 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -147,6 +147,7 @@ gcm = "git commit -m"; gph = "git push -u origin main"; g = "git"; + gp = "git pull"; calc = "eva"; wikipedia = "wikit"; From f78c95efe3200edceaf2378654e85df65c90d533 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 00:17:02 +0200 Subject: [PATCH 030/162] feat: adds script to install python-pip packages for when required --- modules/home/packages.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 4c503db..53f5652 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -62,6 +62,13 @@ android-tools sshpass + # Install pip packages + # python3 + # python3Packages.pip + # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. + # pip install --user --break-system-packages + # '') + # GUI shit element-desktop gajim From 825b6ecced905b7b9ced007c0f1d8f4f7d747823 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 00:41:43 +0200 Subject: [PATCH 031/162] feat: actually set theme; also enable silent boot --- modules/core/plymouth.nix | 43 +++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/modules/core/plymouth.nix b/modules/core/plymouth.nix index 042236e..384b4b6 100644 --- a/modules/core/plymouth.nix +++ b/modules/core/plymouth.nix @@ -5,19 +5,36 @@ }: { # TODO: add https://github.com/FraioVeio/plymouth-xp-theme - boot.loader.timeout = 1; - boot.plymouth = { - enable = lib.mkDefault true; - themePackages = with pkgs; [ - # By default we would install all themes - (adi1090x-plymouth-themes.override { - selected_themes = [ "lone" ]; - # selected_themes = [ "sliced" ]; - # selected_themes = [ "rings" ]; - # selected_themes = [ "red_loader" ]; - # selected_themes = [ "dna" ]; - # selected_themes = [ "hexagon_dots" ]; - }) + boot = { + plymouth = { + enable = lib.mkDefault true; + theme = "lone"; + themePackages = with pkgs; [ + # By default we would install all themes + (adi1090x-plymouth-themes.override { + selected_themes = [ "lone" ]; + # selected_themes = [ "sliced" ]; + # selected_themes = [ "rings" ]; + # selected_themes = [ "red_loader" ]; + # selected_themes = [ "dna" ]; + # selected_themes = [ "hexagon_dots" ]; + }) + ]; + }; + + # Enable "Silent boot" + consoleLogLevel = 3; + initrd.verbose = false; + kernelParams = [ + "quiet" + "splash" + "boot.shell_on_fail" + "udev.log_priority=3" + "rd.systemd.show_status=auto" ]; + # Hide the OS choice for bootloaders. + # It's still possible to open the bootloader list by pressing any key + # It will just not appear on screen unless a key is pressed + loader.timeout = 1; }; } From 8c174b1e465ae17a709bcb052c9910a8c52a1398 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 10:50:37 +0200 Subject: [PATCH 032/162] flake: update (nixvim) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 5785f02..a412133 100644 --- a/flake.lock +++ b/flake.lock @@ -1004,11 +1004,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1753530968, - "narHash": "sha256-mn0wmdFjtZdPQNvReOnyXI8YPCT3arnAKyfuRZuIOiQ=", + "lastModified": 1753605519, + "narHash": "sha256-RJTIXX9JMeUOA3sJuiqJRBXFzzQLM6GrOFrL8+Iy6hg=", "owner": "ahwxorg", "repo": "nixvim-config", - "rev": "bdb8c7c4c77d2757c7e8fdd6e853060ba8287e90", + "rev": "20053a4d7a90b56cb7fe38d9557d71aeecd2cb47", "type": "github" }, "original": { From 6a8c0a82b0915023076c9738da68e2e72ed72800 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 11:00:42 +0200 Subject: [PATCH 033/162] chore: move `agenix` --- modules/{home => core}/agenix.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) rename modules/{home => core}/agenix.nix (60%) diff --git a/modules/home/agenix.nix b/modules/core/agenix.nix similarity index 60% rename from modules/home/agenix.nix rename to modules/core/agenix.nix index fd3662a..7a13dbd 100644 --- a/modules/home/agenix.nix +++ b/modules/core/agenix.nix @@ -1,4 +1,12 @@ -{ config, pkgs, lib, inputs, ... }:{ +{ + config, + system, + pkgs, + lib, + inputs, + ... +}: +{ environment.systemPackages = [ inputs.agenix.packages."${system}".default ]; From ed0b3cd1d9c5feb8f37d27ff505c12229cb2c0cb Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 12:43:44 +0200 Subject: [PATCH 034/162] feat: import agenix to all systems --- modules/core/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/default.nix b/modules/core/default.nix index 10c17fa..2624277 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -2,6 +2,7 @@ { imports = [ (import ./docker.nix) ] + ++ [ (import ./agenix.nix) ] ++ [ (import ./hardware.nix) ] # ++ [(import ./displaylink.nix)] # ++ [(import ./printing.nix)] From b6e52ec1e203f899d78770752631e6bcafb4764d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 12:43:57 +0200 Subject: [PATCH 035/162] fix: set correct package for agenix --- modules/core/agenix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/agenix.nix b/modules/core/agenix.nix index 7a13dbd..6e56039 100644 --- a/modules/core/agenix.nix +++ b/modules/core/agenix.nix @@ -8,6 +8,6 @@ }: { environment.systemPackages = [ - inputs.agenix.packages."${system}".default + inputs.agenix.packages.${pkgs.system}.default ]; } From 4c22af50a40f983ccb02005df5208176642443df Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 12:44:14 +0200 Subject: [PATCH 036/162] feat: enable smart-monitoring module for sakura --- hosts/sakura/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index f44da1b..dff5d04 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -12,6 +12,7 @@ ./../../modules/core/virtualization.nix ./../../modules/services/tailscale.nix ./../../modules/services/mpd.nix + ./../../modules/services/smart-monitoring.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; From 7210e9f9f20afa92b464864345a07ee2bc402284 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 15:28:27 +0200 Subject: [PATCH 037/162] chore: haha nope we're not doing agenix --- modules/core/agenix.nix | 13 ------------- modules/core/default.nix | 1 - modules/core/program.nix | 3 +-- 3 files changed, 1 insertion(+), 16 deletions(-) delete mode 100644 modules/core/agenix.nix diff --git a/modules/core/agenix.nix b/modules/core/agenix.nix deleted file mode 100644 index 6e56039..0000000 --- a/modules/core/agenix.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - system, - pkgs, - lib, - inputs, - ... -}: -{ - environment.systemPackages = [ - inputs.agenix.packages.${pkgs.system}.default - ]; -} diff --git a/modules/core/default.nix b/modules/core/default.nix index 2624277..10c17fa 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -2,7 +2,6 @@ { imports = [ (import ./docker.nix) ] - ++ [ (import ./agenix.nix) ] ++ [ (import ./hardware.nix) ] # ++ [(import ./displaylink.nix)] # ++ [(import ./printing.nix)] diff --git a/modules/core/program.nix b/modules/core/program.nix index 2e7a9e7..5def924 100644 --- a/modules/core/program.nix +++ b/modules/core/program.nix @@ -1,4 +1,4 @@ -{ pkgs, agenix, ... }: +{ pkgs, ... }: { programs = { dconf.enable = true; @@ -15,6 +15,5 @@ git dig traceroute - # agenix.packages.x86_64-linux.default ]; } From 0cbf189fa5f392107ba17a1c603bd39064248081 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 15:29:29 +0200 Subject: [PATCH 038/162] feat: adds senderEmail as a variable --- variables.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/variables.nix b/variables.nix index 95798b8..9d61168 100644 --- a/variables.nix +++ b/variables.nix @@ -29,5 +29,11 @@ in readOnly = true; description = "My primary email"; }; + senderEmail = mkOption { + default = "notifications@liv.town"; + type = types.str; + readOnly = true; + description = "Emailaddress used to send mails from the system"; + }; }; } From 0ed60a4352ea9d94059c4f9fd4cc0f17bf4e645f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 21:06:47 +0200 Subject: [PATCH 039/162] feat: harden sudo configuration a little bit --- modules/core/security.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/core/security.nix b/modules/core/security.nix index f95be92..a7c557e 100644 --- a/modules/core/security.nix +++ b/modules/core/security.nix @@ -8,9 +8,17 @@ security = { rtkit.enable = true; pam.services.swaylock = { }; + auditd.enable = true; + audit = { + enable = true; + rules = [ + "-a exit,always -F arch=b64 -S execve" + ]; + }; sudo = { enable = true; + execWheelOnly = true; extraRules = [ { groups = [ "wheel" ]; @@ -20,7 +28,7 @@ options = [ "NOPASSWD" ]; } { - command = "/home/liv/.local/src/framework-system/target/debug/framework_tool"; + command = "/run/current-system/sw/bin/framework_tool --privacy"; options = [ "NOPASSWD" ]; } ]; From 66f7aca58666999faf99808ed712445cb1166712 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 21:07:10 +0200 Subject: [PATCH 040/162] fix: use system level tool instead of a version compiled from source --- modules/home/waybar/scripts.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/waybar/scripts.nix b/modules/home/waybar/scripts.nix index c24b8d3..a4a7bb7 100644 --- a/modules/home/waybar/scripts.nix +++ b/modules/home/waybar/scripts.nix @@ -187,8 +187,8 @@ LTEXT="󰛧 " fi - MICROPHONE_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n2 | head -n1)" - CAMERA_STATE="$(sudo /home/liv/.local/src/framework-system/target/debug/framework_tool --privacy | tail -n1)" + MICROPHONE_STATE="$(sudo framework_tool --privacy | tail -n2 | head -n1)" + CAMERA_STATE="$(sudo framework_tool --privacy | tail -n1)" if [[ "$(echo $MICROPHONE_STATE | grep 'Microphone: Connected')" ]]; then MIC=1 From f7b58567af8f971569d902c58aadb0c7fe9b65c2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 21:08:53 +0200 Subject: [PATCH 041/162] chore: adds a bunch of notifications to various unfuck scripts so that nopasswd sudo access to systemctl can be dropped --- modules/home/scripts/scripts/unfuck.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/scripts/scripts/unfuck.sh b/modules/home/scripts/scripts/unfuck.sh index d49273e..4e7dbb6 100644 --- a/modules/home/scripts/scripts/unfuck.sh +++ b/modules/home/scripts/scripts/unfuck.sh @@ -26,7 +26,9 @@ unfuck_wallpaper() { } unfuck_fingerprint() { - systemctl restart fprintd.service + notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds." + sleep 10 + sudo systemctl restart fprintd.service } unfuck_bar() { @@ -37,6 +39,8 @@ unfuck_bar() { unfuck_networkmanager() { # sudo modprobe -r iwlwifi # sudo modprobe iwlwifi + notify-send "Touch sensor or use YubiKey." "Sleeping for 10 seconds." + sleep 10 sudo systemctl restart NetworkManager } From 1249f617ef4790922874fefbbbf42e1e181bbe50 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 27 Jul 2025 21:09:16 +0200 Subject: [PATCH 042/162] flake: install sops-nix --- flake.lock | 242 ++++++++++++++++------------------------------------- flake.nix | 35 +++----- 2 files changed, 85 insertions(+), 192 deletions(-) diff --git a/flake.lock b/flake.lock index a412133..c6d5cbf 100644 --- a/flake.lock +++ b/flake.lock @@ -1,52 +1,10 @@ { "nodes": { - "Hyprspace": { - "inputs": { - "hyprland": [ - "hyprland" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1752663231, - "narHash": "sha256-rTItuAWpzICMREF8Ww8cK4hYgNMRXJ4wjkN0akLlaWE=", - "owner": "KZDKM", - "repo": "Hyprspace", - "rev": "0a82e3724f929de8ad8fb04d2b7fa128493f24f7", - "type": "github" - }, - "original": { - "owner": "KZDKM", - "repo": "Hyprspace", - "type": "github" - } - }, - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", - "systems": "systems_2" - }, - "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", - "owner": "ryantm", - "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "alejandra": { "inputs": { "fenix": "fenix", "flakeCompat": "flakeCompat", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1660592437, @@ -96,28 +54,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -219,7 +155,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_6" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -274,27 +210,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -316,7 +231,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1753252360, @@ -404,7 +319,7 @@ "nixpkgs" ], "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems_3", + "systems": "systems", "xdph": "xdph" }, "locked": { @@ -603,8 +518,8 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_4", - "systems": "systems_4" + "nixpkgs": "nixpkgs_3", + "systems": "systems_2" }, "locked": { "lastModified": 1750371999, @@ -626,8 +541,8 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_5", - "systems": "systems_5" + "nixpkgs": "nixpkgs_4", + "systems": "systems_3" }, "locked": { "lastModified": 1753378338, @@ -840,16 +755,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", - "owner": "NixOS", + "lastModified": 1657425264, + "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } @@ -871,27 +786,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1657425264, - "narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=", - "owner": "nixos", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "de5b3dd17034e6106e75746e81618e5bd408de8a", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -918,22 +833,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -949,7 +848,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -965,7 +864,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -981,7 +880,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -997,10 +896,26 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1753432016, + "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim_2" }, "locked": { @@ -1020,7 +935,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -1040,7 +955,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1753530457, @@ -1105,18 +1020,17 @@ }, "root": { "inputs": { - "Hyprspace": "Hyprspace", - "agenix": "agenix", "alejandra": "alejandra", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nixvim": "nixvim", - "nur": "nur" + "nur": "nur", + "sops-nix": "sops-nix" } }, "rust-analyzer-src": { @@ -1136,6 +1050,24 @@ "type": "github" } }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, @@ -1153,16 +1085,16 @@ }, "systems_2": { "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default", + "repo": "default-linux", "type": "github" } }, @@ -1182,36 +1114,6 @@ } }, "systems_4": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_6": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index 34b2afc..93bb76a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,35 +2,26 @@ description = "liv's NixOS configuration"; inputs = { - agenix.url = "github:ryantm/agenix"; alejandra.url = "github:kamadorueda/alejandra/3.0.0"; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - hyprland = { - url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; + hyprland.inputs.nixpkgs.follows = "nixpkgs"; hypr-contrib.url = "github:hyprwm/contrib"; hyprpicker.url = "github:hyprwm/hyprpicker"; hyprsunset.url = "github:hyprwm/hyprsunset"; - Hyprspace = { - url = "github:KZDKM/Hyprspace"; - inputs.hyprland.follows = "hyprland"; # Hyprspace uses latest Hyprland. We declare this to keep them in sync. - }; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; nixos-hardware.url = "github:nixos/nixos-hardware"; nixvim.url = "github:ahwxorg/nixvim-config"; + sops-nix.url = "github:Mic92/sops-nix"; }; outputs = { self, nixpkgs, - agenix, + sops-nix, ... }@inputs: let @@ -49,7 +40,7 @@ inherit system; modules = [ (import ./hosts/sakura) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "sakura"; @@ -60,7 +51,7 @@ inherit system; modules = [ (import ./hosts/yoshino) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "yoshino"; @@ -71,7 +62,7 @@ inherit system; modules = [ (import ./hosts/ichiyo) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "ichiyo"; @@ -82,7 +73,7 @@ inherit system; modules = [ (import ./hosts/violet) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "violet"; @@ -93,7 +84,7 @@ inherit system; modules = [ (import ./hosts/dandelion) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "dandelion"; @@ -104,7 +95,7 @@ inherit system; modules = [ (import ./hosts/lily) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "lily"; @@ -115,7 +106,7 @@ inherit system; modules = [ (import ./hosts/zinnia) - agenix.nixosModules.default + # sops-nix.nixosModules.sops ]; specialArgs = { host = "zinnia"; From 491419f6256eef171351438a52b41e02023b71a9 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 00:55:05 +0200 Subject: [PATCH 043/162] feat: adds `sops-nix` --- .sops.yaml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .sops.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..9f9f023 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w +creation_rules: + - path_regex: secrets/secrets.yaml + key_groups: + - age: + - *sakura From 24b6a385d69f5fe60107b9f5f766764bdee886cc Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 00:55:27 +0200 Subject: [PATCH 044/162] feat: set up a system mailer so that errors will be emailed --- modules/services/email.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 modules/services/email.nix diff --git a/modules/services/email.nix b/modules/services/email.nix new file mode 100644 index 0000000..5876fa9 --- /dev/null +++ b/modules/services/email.nix @@ -0,0 +1,19 @@ +{ + pkgs, + config, + ... +}: +{ + programs.msmtp = { + enable = true; + accounts.default = { + auth = true; + tls = true; + port = 465; + host = "smtp.migadu.com"; + from = config.liv.variables.senderEmail; + user = config.liv.variables.senderEmail; + passwordeval = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.systemMailerPassword.path}"; + }; + }; +} From 3401e1d05a7d9e8beca230018b6333fbe96234fd Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 00:57:04 +0200 Subject: [PATCH 045/162] feat: enable `scrutiny` on dandelion, disable otherwise; enable `smartd` with system mailer --- modules/services/smart-monitoring.nix | 38 +++++++++++++++++---------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/modules/services/smart-monitoring.nix b/modules/services/smart-monitoring.nix index 0b4e63c..055b0ae 100644 --- a/modules/services/smart-monitoring.nix +++ b/modules/services/smart-monitoring.nix @@ -1,7 +1,15 @@ -{ config, ... }: +{ config, host, ... }: { + imports = [ ./email.nix ]; services.scrutiny = { - enable = true; + # Enable based on name of host + enable = + if (host == "dandelion") then + true + else if (host == "lily") then + true + else + false; collector.enable = true; settings.web.listen.port = 8181; settings.notify.urls = [ @@ -10,18 +18,20 @@ ]; }; - # services.smartd = { - # enable = true; - # autodetect = true; - # notifications = { - # mail = { - # enable = true; - # # mailer = "/path/to/mailer/binary"; # Need to get system emails working first - # sender = "${config.liv.variables.fromEmail}"; - # recipient = "${config.liv.variables.toEmail}"; - # }; - # }; - # }; + services.smartd = { + enable = true; + autodetect = true; + notifications = { + wall = { + enable = true; + }; + mail = { + enable = true; + sender = config.liv.variables.senderEmail; + recipient = config.liv.variables.email; + }; + }; + }; # services.nginx.virtualHosts."" = { # locations."/" = { From 5073d1b2b1baf75ea7981532140517052a45fa5b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 00:57:48 +0200 Subject: [PATCH 046/162] feat: adds user `liv` to `wheel` group; adds `sops-nix` module to user profile --- modules/core/user.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/core/user.nix b/modules/core/user.nix index a6b72b9..756878a 100644 --- a/modules/core/user.nix +++ b/modules/core/user.nix @@ -10,6 +10,7 @@ imports = [ inputs.home-manager.nixosModules.home-manager ] ++ [ ./../../roles/default.nix ] + ++ [ ./sops.nix ] ++ [ ./../../variables.nix ]; home-manager = { useUserPackages = true; @@ -38,8 +39,6 @@ fonts.fontconfig.antialias = false; - users.groups.gay = { }; - users.users.${username} = { isNormalUser = true; description = "${username}"; @@ -48,8 +47,8 @@ "wheel" "docker" "input" - "gay" "dialout" + "wheel" ]; shell = pkgs.zsh; }; From 4e63e558080bf8b1ebb41a0bd3c49a6b47e745c2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 00:58:31 +0200 Subject: [PATCH 047/162] feat: adds macAddress randomization for `networkmanager` --- modules/core/network.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/core/network.nix b/modules/core/network.nix index 919bb45..dd950fc 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -1,7 +1,10 @@ { pkgs, ... }: { networking = { - networkmanager.enable = true; + networkmanager = { + enable = true; + wifi.macAddress = "stable-ssid"; + }; nameservers = [ "9.9.9.9" ]; firewall = { enable = true; From 197ac138e3836db6cfe2feea76437fa6221b7a10 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:00:22 +0200 Subject: [PATCH 048/162] feat: only allow `@wheel` to use nix --- modules/core/system.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/core/system.nix b/modules/core/system.nix index 3fff33f..cc2ab7c 100644 --- a/modules/core/system.nix +++ b/modules/core/system.nix @@ -8,13 +8,12 @@ { nix = { settings = { + allowed-users = [ "@wheel" ]; auto-optimise-store = true; experimental-features = [ "nix-command" "flakes" ]; - # substituters = [ "" ]; - # trusted-public-keys = [ "" ]; }; gc = { automatic = true; From 36e14eb6a651d14510abc97e31517eed5ce96b3a Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:00:47 +0200 Subject: [PATCH 049/162] feat: adds module for `sops-nix` --- modules/core/sops.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 modules/core/sops.nix diff --git a/modules/core/sops.nix b/modules/core/sops.nix new file mode 100644 index 0000000..d57f4d9 --- /dev/null +++ b/modules/core/sops.nix @@ -0,0 +1,22 @@ +{ + pkgs, + inputs, + username, + ... +}: +{ + imports = [ inputs.sops-nix.nixosModules.sops ]; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; + secrets = { + "systemMailerPassword" = { }; + }; + }; + + environment.systemPackages = with pkgs; [ + sops + ]; +} From e0884ae60d120e0f70b26a6a4a70a68b1dd1f2c2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:02:29 +0200 Subject: [PATCH 050/162] chore: remove `secrets` folder from ignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 55f30a3..7ab9c97 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ -secrets/ modules/services/matrix/default.nix result From cf1dd963677ca7d215fbd9bc21a61b303c69588a Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:03:03 +0200 Subject: [PATCH 051/162] sops: update (init + mailer password) --- secrets/secrets.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 secrets/secrets.yaml diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..bfc4ad8 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,30 @@ +systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str] +# +# +# +#ENC[AES256_GCM,data:WflW57V0HPZBinBmThQZxDjILXgY62hOrQLKjp2mElmaHt09pd0SS/qZvYZEyLQ=,iv:1GF427GJB8sZbD4cPYiX6vWXW+g7ITAyXz8dWPqpcvM=,tag:SewPaiwvOXfuYu1boXbEkg==,type:comment] +hello: ENC[AES256_GCM,data:ayluRTSd1xDWGf1K+rMibtj+9fCDy5GMwv0wTDdf1C2hIQeColi6gUdpYTwwZw==,iv:DfG10vFe0HAaCnN8e6ik3QixjhTj2KsDGiwg6XufpBQ=,tag:Y1q3uREa3CXSFZBJMYc6cQ==,type:str] +example_key: ENC[AES256_GCM,data:YdS40bL6x1LmRwg76Q==,iv:5FdtHG3iE50vktShWVdkv9oBrUQoqUesGSvPoaD0j2U=,tag:DDaJXIyozB6N2Cj6Bxk1nA==,type:str] +#ENC[AES256_GCM,data:VMGPI7MXiCSTO9QDlT5DUg==,iv:qkKFWGJKQswSdvetMrn3oD1o3c5nzk1UUDpjlbNnRgY=,tag:ZdP7az9j92eYzfQSqFF5gQ==,type:comment] +example_array: + - ENC[AES256_GCM,data:afMceLch3kcnHzf73Ic=,iv:CQbLPVQVo4QB696Z6J5tgF+1/ZL+9/rKOuGsY8xV1XI=,tag:8yG6JXG9C4KXhiA+AyeSGg==,type:str] + - ENC[AES256_GCM,data:QIa8LkkS1c3AW3T3hbs=,iv:8v20+UPaPnddw8WPJo1tTpf/o7Xi+3cFnwjNOM0UaqQ=,tag:FbWSFLwTcDwBtd+gGeONNg==,type:str] +example_number: ENC[AES256_GCM,data:7ok2x8uHYpAFoQ==,iv:S16WiwAx0OWtuDeuLINJH8xllMGWxzt/3+K5/RNlY5U=,tag:6ytIj66O8rRtTObpmIB/UQ==,type:float] +example_booleans: + - ENC[AES256_GCM,data:Npqj1Q==,iv:uPFu6d24WJVz4N0eOKRSgDgiHYxQoAhPqNRY0dk9rVQ=,tag:V9FEUgx8W707N+q+K63yoA==,type:bool] + - ENC[AES256_GCM,data:J1LcbM8=,iv:TLFH/WyteSCphbR4IlzUr12sUfmCj3mpIeBbBqfNnb4=,tag:YDEJvQB8c8xEeXOupNrYmQ==,type:bool] +sops: + age: + - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cFNzYWRSTTdwMXY1K3hK + MEJ6TEN1YS9XdkJOclhmWVVBWmxJcEsrdWxjCld4NThJdmoyMGRKbFNVZWdWQ1FQ + MmpQMm1TOTZhQlllWlV4Y0tiUGxDNkkKLS0tIFVBcEgzNlBVaHozOTViZG1FcXIx + bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/ + JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-27T20:46:35Z" + mac: ENC[AES256_GCM,data:HyQOP4ZgKnsCp1ALlTgDzEDhZ8mQZo6xSALKFyW96Wc9FjulHdBq9DRMXeRBgDzT8u9doM96ATS53d3Dnxr4h9N26rCqZrZBCcWSb9PO4zRTigSdPvcIFxLeqpb65kArlycoBRm2MjwmH9yPzQNvXAPotHN1LhCXBc+LeYHrrho=,iv:cSXpz5egH5EePoT69YuiWK5sJXZhQsG23kt2UNmhduA=,tag:xazSpDEes/Vf1NJyJ40nbA==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From f31937a56db3a7fc6cfe6d7483a1f948b4eb99d8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:11:57 +0200 Subject: [PATCH 052/162] feat: adds `violet` to `sops-nix` --- .sops.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.sops.yaml b/.sops.yaml index 9f9f023..a029b6b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,6 @@ keys: - &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w + - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 creation_rules: - path_regex: secrets/secrets.yaml key_groups: From 33a9ea177160dea0d710a579291696eb7c1d95da Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:21:38 +0200 Subject: [PATCH 053/162] fix: adds `violet` as well; work this time(?) --- .sops.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.sops.yaml b/.sops.yaml index a029b6b..69afeda 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,3 +6,4 @@ creation_rules: key_groups: - age: - *sakura + - *violet From 83ea9f4916da22ed86531986be377d55ba21e0e8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 01:21:44 +0200 Subject: [PATCH 054/162] sops: update --- secrets/secrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index bfc4ad8..0dab49b 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -24,7 +24,7 @@ sops: bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/ JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-27T20:46:35Z" - mac: ENC[AES256_GCM,data:HyQOP4ZgKnsCp1ALlTgDzEDhZ8mQZo6xSALKFyW96Wc9FjulHdBq9DRMXeRBgDzT8u9doM96ATS53d3Dnxr4h9N26rCqZrZBCcWSb9PO4zRTigSdPvcIFxLeqpb65kArlycoBRm2MjwmH9yPzQNvXAPotHN1LhCXBc+LeYHrrho=,iv:cSXpz5egH5EePoT69YuiWK5sJXZhQsG23kt2UNmhduA=,tag:xazSpDEes/Vf1NJyJ40nbA==,type:str] + lastmodified: "2025-07-27T23:20:55Z" + mac: ENC[AES256_GCM,data:hKxGeDETPmOxbyXm2zd/wNKY8nmlUGjbBQorV2pmUgFSNGXxkZifwzT5b0E4ZWaxWyO0bqqEH/jRkIwrU46SDN+RAqZBm5iDwFfmV9QPOlUOgfPDFi2Ho8yDlouvjB6FkwJwooGF3uvGs1bM2in9WMCcI+GFiEi5+VOHBmKtx8U=,iv:1gKoMdKhujmvMyAi4cU4av5tkSPY2ykJShMTtK+2Dnk=,tag:AhuWcD9+Gi9UsQXJm/6qEQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From a43d03525785de869857a5cc175a095770218a7d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 15:03:57 +0200 Subject: [PATCH 055/162] fix: forgot that frameworks don't work like normal computers do with suspend/hibernate :( --- hosts/sakura/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index dff5d04..0d48a0b 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -75,7 +75,7 @@ systemd.sleep.extraConfig = '' HibernateDelaySec=30m ''; - services.logind.lidSwitch = "suspend-then-hibernate"; + services.logind.lidSwitch = "suspend"; boot = { # plymouth.enable = true; # is a module now kernelParams = [ From d9b9208aa849972ba7f0506ff6d4284d17cc5017 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 16:04:11 +0200 Subject: [PATCH 056/162] feat: adds `posy` host --- flake.nix | 17 ++++++++++------- modules/core/user.nix | 2 ++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 93bb76a..1256397 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,6 @@ inherit system; modules = [ (import ./hosts/sakura) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "sakura"; @@ -51,7 +50,6 @@ inherit system; modules = [ (import ./hosts/yoshino) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "yoshino"; @@ -62,7 +60,6 @@ inherit system; modules = [ (import ./hosts/ichiyo) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "ichiyo"; @@ -73,7 +70,6 @@ inherit system; modules = [ (import ./hosts/violet) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "violet"; @@ -84,7 +80,6 @@ inherit system; modules = [ (import ./hosts/dandelion) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "dandelion"; @@ -95,7 +90,6 @@ inherit system; modules = [ (import ./hosts/lily) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "lily"; @@ -106,13 +100,22 @@ inherit system; modules = [ (import ./hosts/zinnia) - # sops-nix.nixosModules.sops ]; specialArgs = { host = "zinnia"; inherit self inputs username; }; }; + posy = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import ./hosts/posy) + ]; + specialArgs = { + host = "posy"; + inherit self inputs username; + }; + }; }; }; } diff --git a/modules/core/user.nix b/modules/core/user.nix index 756878a..eef3a74 100644 --- a/modules/core/user.nix +++ b/modules/core/user.nix @@ -24,6 +24,8 @@ [ ./../home/default.server.nix ] else if (host == "lily") then [ ./../home/default.server.nix ] + else if (host == "posy") then + [ ./../home/default.server.nix ] # else if (host == "yoshino") then # [ ./../home/default.nix ] else From dc7bf48ea55d35450f5b53d65ebae008665a7958 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 16:04:40 +0200 Subject: [PATCH 057/162] feat: adds `rfkill` commands as bluetooth apparently dies even more sometimes --- modules/home/scripts/scripts/unfuck.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/scripts/scripts/unfuck.sh b/modules/home/scripts/scripts/unfuck.sh index 4e7dbb6..480bd72 100644 --- a/modules/home/scripts/scripts/unfuck.sh +++ b/modules/home/scripts/scripts/unfuck.sh @@ -62,6 +62,8 @@ unfuck_audio() { devices+=("$device") done systemctl --user restart wireplumber pipewire pipewire-pulse bluetooth + rfkill block bluetooth + rfkill unblock bluetooth bluetoothctl power off bluetoothctl power on for device in ${devices[*]}; do From 11004284838bd6f573059d35aecbdc7e5158d052 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 28 Jul 2025 16:05:11 +0200 Subject: [PATCH 058/162] feat: adds `posy` host (2) --- hosts/posy/default.nix | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 hosts/posy/default.nix diff --git a/hosts/posy/default.nix b/hosts/posy/default.nix new file mode 100644 index 0000000..e51f387 --- /dev/null +++ b/hosts/posy/default.nix @@ -0,0 +1,41 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + ./../../modules/core/default.server.nix + ./../../modules/services/mpd.nix + ]; + + networking.hostName = "posy"; + + time.timeZone = "Europe/Amsterdam"; + + environment.systemPackages = with pkgs; [ + pkgs.kitty.terminfo + ]; + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + services = { + smartd = { + enable = lib.mkForce false; + autodetect = lib.mkForce false; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + hardware.enableRedistributableFirmware = true; +} From fdc031ea4d27370c7ced25fa18f3e8a4d5548e3c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 13:24:21 +0200 Subject: [PATCH 059/162] feat: write cursed function so that secrets are host-based --- modules/core/sops.nix | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index d57f4d9..ddb6ee7 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -2,18 +2,29 @@ pkgs, inputs, username, + host, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { - defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFile = ../../secrets/${host}/secrets.yaml; defaultSopsFormat = "yaml"; age.keyFile = "/home/${username}/.config/sops/age/keys.txt"; - secrets = { - "systemMailerPassword" = { }; - }; + secrets = + if (host == "violet") then + { + "systemMailerPassword" = { }; + "forgejoWorkerSecret" = { }; + "matrixRegistrationSecret" = { }; + } + else if (host == "sakura") then + { + "systemMailerPassword" = { }; + } + else + { }; }; environment.systemPackages = with pkgs; [ From d1c0a81809285e9f750068e599d151d3763ee4d2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 13:24:40 +0200 Subject: [PATCH 060/162] feat: adds key group for `violet` --- .sops.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.sops.yaml b/.sops.yaml index 69afeda..071f3c5 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,10 @@ keys: - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 creation_rules: - path_regex: secrets/secrets.yaml + key_groups: + - age: + - *sakura + - path_regex: secrets/violet/secrets.yaml key_groups: - age: - *sakura From 783b52e6812a874f697a0c406e27ebd266b39f8f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 13:37:50 +0200 Subject: [PATCH 061/162] feat: enable some services for `violet` --- modules/services/violet.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index d036137..dc09fbd 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -19,9 +19,12 @@ ++ [ (import ./monitoring.nix) ] ++ [ (import ./ntfy.nix) ] ++ [ (import ./nginx.nix) ] + ++ [ (import ./nix-serve.nix) ] ++ [ (import ./radicale.nix) ] + ++ [ (import ./remote-build.nix) ] ++ [ (import ./readarr.nix) ] ++ [ (import ./sharkey-proxy.nix) ] + ++ [ (import ./smokeping.nix) ] # ++ [ (import ./komga.nix) ] # ++ [ (import ./xmpp.nix) ] ++ [ (import ./tailscale.nix) ] From d8d6bc67d8e492c5c7f16d5466d19c35d9bbe8f1 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 13:38:07 +0200 Subject: [PATCH 062/162] feat: adds `vaultwarden` configuration --- modules/services/vaultwarden.nix | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 modules/services/vaultwarden.nix diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix new file mode 100644 index 0000000..38a2192 --- /dev/null +++ b/modules/services/vaultwarden.nix @@ -0,0 +1,34 @@ +{ config, ... }: +{ + services.vaultwarden = { + enable = true; + dbBackend = "sqlite"; + config = { + SIGNUPS_ALLOWED = false; + ENABLE_WEBSOCKET = true; + SENDS_ALLOWED = true; + INVITATIONS_ENABLED = true; + EMERGENCY_ACCESS_ALLOWED = true; + EMAIL_ACCESS_ALLOWED = true; + DOMAIN = "https://passwords.liv.town"; + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = 8003; + }; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "passwords.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + proxyWebsockets = true; + }; + }; + }; + }; +} From b663614fa5448ac604fa16b5f82b655a2ce6621b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 13:54:14 +0200 Subject: [PATCH 063/162] feat: update `forgejo` settings to include `mailer` and `gitea-actions-runner` configuration now that we have `sops-nix` --- modules/services/forgejo.nix | 97 +++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 45 deletions(-) diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 52e94bc..8291bcc 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -9,57 +9,64 @@ let srv = cfg.settings.server; in { - services.forgejo = { - enable = true; - # database.type = "postgres"; - # Enable support for Git Large File Storage - lfs.enable = true; - settings = { - server = { - DOMAIN = "code.liv.town"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 3050; - }; - # You can temporarily allow registration to create an admin user. - service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; - }; - # Sending emails is completely optional - # You can send a test email from the web UI at: - # Profile Picture > Site Administration > Configuration > Mailer Configuration - # mailer = { - # ENABLED = true; - # SMTP_ADDR = "mail.example.com"; - # FROM = "noreply@${srv.DOMAIN}"; - # USER = "noreply@${srv.DOMAIN}"; - # }; - }; - # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; - }; - # gitea-actions-runner = { - # package = pkgs.forgejo-runner; - # instances.my-forgejo-instance = { - # enable = true; - # name = "forgejo-01"; - # token = ""; # TODO: fill in tokens etc - # url = "https://code.liv.town"; - # labels = [ - # "node-22:docker://node:22-bookworm" - # "nixos-latest:docker://nixos/nix" - # ]; - # }; - # }; services = { + forgejo = { + enable = true; + # database.type = "postgres"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "code.liv.town"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 3050; + }; + # You can temporarily allow registration to create an admin user. + service.DISABLE_REGISTRATION = true; + # Add support for actions, based on act: https://github.com/nektos/act + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + # TODO: run own email server that sends users emails! + # You can send a test email from the web UI at: + # Profile Picture > Site Administration > Configuration > Mailer Configuration + mailer = { + ENABLED = true; + SMTP_ADDR = "smtp.migadu.com"; + FROM = config.liv.variables.senderEmail; + USER = config.liv.variables.senderEmail; + }; + }; + mailerPasswordFile = config.sops.secrets.systemMailerPassword.path; + }; + gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.code-liv-town = { + enable = true; + name = "forgejo-01"; + tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; + url = "https://code.liv.town"; + labels = [ + "node-22:docker://node:22-bookworm" + "nixos-latest:docker://nixos/nix" + ]; + }; + }; + anubis.instances.forgejo = { + settings = { + TARGET = "http://localhost:3050"; + BIND = ":3051"; + BIND_NETWORK = "tcp"; + }; + }; nginx.virtualHosts."code.liv.town" = { forceSSL = true; sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; locations."/" = { - proxyPass = "http://localhost:3050"; + proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}"; proxyWebsockets = true; }; }; From 3aa990e2036c370931ea7ff9e7fc399e26168033 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:17:17 +0200 Subject: [PATCH 064/162] chore: remove `smokeping` from `violet` as it is now a `prometheus` module --- modules/services/violet.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index dc09fbd..122aa03 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -24,7 +24,6 @@ ++ [ (import ./remote-build.nix) ] ++ [ (import ./readarr.nix) ] ++ [ (import ./sharkey-proxy.nix) ] - ++ [ (import ./smokeping.nix) ] # ++ [ (import ./komga.nix) ] # ++ [ (import ./xmpp.nix) ] ++ [ (import ./tailscale.nix) ] From 550fa87fbc3dc3c88f9da9e9d3be927a1aa4c3ff Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:20:03 +0200 Subject: [PATCH 065/162] feat: adds `prometheus` exporter for `smokeping` to see latency --- modules/services/monitoring.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/modules/services/monitoring.nix b/modules/services/monitoring.nix index 43b5319..b24e67b 100644 --- a/modules/services/monitoring.nix +++ b/modules/services/monitoring.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, host, ... }: { services = { prometheus = { @@ -10,6 +10,15 @@ enabledCollectors = [ "systemd" ]; port = 9002; }; + smokeping = { + enable = true; + hosts = [ + "172.16.10.1" + "172.16.10.2" + "9.9.9.9" + "149.112.112.112" + ]; + }; }; scrapeConfigs = [ { @@ -20,6 +29,14 @@ } ]; } + { + job_name = "${host} - smokeping"; + static_configs = [ + { + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.smokeping.port}" ]; + } + ]; + } ]; }; }; From a042d3790d0cdfb3eee694c46400a1aaee95b213 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:23:14 +0200 Subject: [PATCH 066/162] sops: update --- secrets/violet/secrets.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 secrets/violet/secrets.yaml diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml new file mode 100644 index 0000000..1cfdb0b --- /dev/null +++ b/secrets/violet/secrets.yaml @@ -0,0 +1,27 @@ +systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] +forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] +matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] +sops: + age: + - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeG8vNWltdmJGcHhpMFVv + L2loTVRWeUVQMjdFbXlLdDZ4NWd2czlMa1JVClErdlhXdlJKSDFrakhqVjRQMlBx + RStBKzI3bHkzWlZrdkFTZFZvRjN0eFUKLS0tIGJFaTRkVGhSbmZSbEdYZEFWV2Fz + bytGVUhvL1dKNk41cytPajJMUFdXQmMKbJZ7RDB5MXqotaLrWABIKFs2wEZtIAVm + +k+ykISzj/XhhCt2J4IWbhPqRDlivsOLvQF1srNgk02/laE+0Nz5Pg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWV2NkVGSWR3UzBPWmFQ + S2lQRm9zZENGc29mN1VxT3hsb2c5d3k3ZGw4Ck5JWlpXQUU0WnhXT2ZocFZFSlkr + WjhZM214YVBDR3UzcU9SQ09ucWJDSUUKLS0tIE00aXVkeTQ5eG1TTTA2UnBuVnVB + S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI + VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-07-30T11:20:39Z" + mac: ENC[AES256_GCM,data:BLP2Op9c2N9KuP6wAWT6TZZeHfUKF+J0FOtnoxfmG9yTViM21Jf39xxMvV4ZOtmp0pVFnV3NxT4So/dBpTObDe6Qv+X8Jsyt6voIQEXmah1FSol9ybUobYero1+5YmDwyGjQ6xTny+MRuG5hC7OAshVAtlFm+LH7/3hDgl6S6W8=,iv:D7FRlxPpy59jQYd5/sBT/DaFZo997GjlBKhJQldN6VY=,tag:dYsKOSjh14ZMbAOq6Vx6nQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From 525b24ac25668834048a61347d4fa12245b28083 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:37:35 +0200 Subject: [PATCH 067/162] feat: set correct owner for `matrix-synapse` key --- modules/core/sops.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index ddb6ee7..1e4847a 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -3,6 +3,7 @@ inputs, username, host, + config, ... }: { @@ -17,7 +18,9 @@ { "systemMailerPassword" = { }; "forgejoWorkerSecret" = { }; - "matrixRegistrationSecret" = { }; + "matrixRegistrationSecret" = { + owner = "matrix-synapse"; + }; } else if (host == "sakura") then { From 11992d9506d3781a4f6bda61a4588fd9fb982111 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:37:59 +0200 Subject: [PATCH 068/162] sops: update --- secrets/violet/secrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 1cfdb0b..2d64eda 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -21,7 +21,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-30T11:20:39Z" - mac: ENC[AES256_GCM,data:BLP2Op9c2N9KuP6wAWT6TZZeHfUKF+J0FOtnoxfmG9yTViM21Jf39xxMvV4ZOtmp0pVFnV3NxT4So/dBpTObDe6Qv+X8Jsyt6voIQEXmah1FSol9ybUobYero1+5YmDwyGjQ6xTny+MRuG5hC7OAshVAtlFm+LH7/3hDgl6S6W8=,iv:D7FRlxPpy59jQYd5/sBT/DaFZo997GjlBKhJQldN6VY=,tag:dYsKOSjh14ZMbAOq6Vx6nQ==,type:str] + lastmodified: "2025-07-30T12:37:11Z" + mac: ENC[AES256_GCM,data:pGnJaFRqa3sjouALSjy8+ClhqE+RNR4b5SMLKB356WtnHtALrGnd/RzPTMyLLTOht1td1Fk5jY8WoUy225qqfI1yy0Mne+qtnFqd9++XTmiY1b7ARBeNvvM/mMuZyp34Mz8WLx+imrLcX6TAlpRZ/SWtv5BE9nleHCwpNvFpqfc=,iv:q8bKIFQd6dRSDBk3qhipOK0E/4NZgIcVCo4Mwu9Ddf8=,tag:JjL3sFxSMx4dp1Swt2lbvg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 146176af45b3eadc8c2d6baedc581ee00f483798 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:49:19 +0200 Subject: [PATCH 069/162] chore: remove unused files --- modules/services/matrix/secrets.yaml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 modules/services/matrix/secrets.yaml diff --git a/modules/services/matrix/secrets.yaml b/modules/services/matrix/secrets.yaml deleted file mode 100644 index 357c281..0000000 --- a/modules/services/matrix/secrets.yaml +++ /dev/null @@ -1,3 +0,0 @@ -registration_shared_secret: "" - -report_stats: false From 4358dd95b9c5d1c42f7520a8acf1f6804c4cedfa Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 14:49:53 +0200 Subject: [PATCH 070/162] chore: remove things from gitignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 7ab9c97..b2be92b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -modules/services/matrix/default.nix result From 3e1692f454f35f3959eeca330cb4b2181283215e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:24:31 +0200 Subject: [PATCH 071/162] feat: adds `hazel` host --- hosts/hazel/default.nix | 48 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 hosts/hazel/default.nix diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix new file mode 100644 index 0000000..03a0fad --- /dev/null +++ b/hosts/hazel/default.nix @@ -0,0 +1,48 @@ +{ + pkgs, + config, + lib, + inputs, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + ./disko.nix + ./../../modules/core/default.server.nix + # ./../../modules/services/hazel.nix + ]; + + networking.hostName = "hazel"; + + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "olm-3.2.16" + ]; + + time.timeZone = lib.mkForce "Europe/Paris"; + + environment.systemPackages = with pkgs; [ + kitty.terminfo + ]; + + services = { + smartd = { + enable = true; + autodetect = true; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ + 9123 + ]; + }; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + }; + }; +} From 13228786c89724e8b3c1bd3593ccd42ddbfbec56 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:25:01 +0200 Subject: [PATCH 072/162] feat: adds `hardware-configuration.nix` for `hazel` --- hosts/hazel/hardware-configuration.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 hosts/hazel/hardware-configuration.nix diff --git a/hosts/hazel/hardware-configuration.nix b/hosts/hazel/hardware-configuration.nix new file mode 100644 index 0000000..bfac344 --- /dev/null +++ b/hosts/hazel/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 45be0c928d7f2320bc905fbdbb03383688bff40b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:25:24 +0200 Subject: [PATCH 073/162] feat: adds disk layout for `hazel` --- hosts/hazel/disko.nix | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 hosts/hazel/disko.nix diff --git a/hosts/hazel/disko.nix b/hosts/hazel/disko.nix new file mode 100644 index 0000000..d308f8b --- /dev/null +++ b/hosts/hazel/disko.nix @@ -0,0 +1,37 @@ +{ inputs, ... }: +{ + imports = [ + inputs.disko.nixosModules.disko + ]; + disko.devices = { + disk = { + my-disk = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} From efb7abb67e7845288441ebdda6cabdb71368295e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:33:15 +0200 Subject: [PATCH 074/162] chore: adds `disko` and `hazel` host --- flake.lock | 106 +++++++++++++++++++++++++++++++++++------------------ flake.nix | 12 ++++++ 2 files changed, 83 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index c6d5cbf..3be4fca 100644 --- a/flake.lock +++ b/flake.lock @@ -54,6 +54,25 @@ "type": "github" } }, + "disko": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1746728054, + "narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff442f5d1425feb86344c028298548024f21256d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -231,7 +250,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1753252360, @@ -518,7 +537,7 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "systems": "systems_2" }, "locked": { @@ -541,7 +560,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_3" }, "locked": { @@ -784,29 +803,45 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_10": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1753432016, + "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1746576598, + "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { @@ -833,6 +868,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -848,7 +899,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -864,7 +915,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -880,7 +931,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1753429684, "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", @@ -896,26 +947,10 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1753432016, - "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim_2" }, "locked": { @@ -935,7 +970,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -955,7 +990,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1753530457, @@ -1021,13 +1056,14 @@ "root": { "inputs": { "alejandra": "alejandra", + "disko": "disko", "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim", "nur": "nur", "sops-nix": "sops-nix" @@ -1052,7 +1088,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1752544651, diff --git a/flake.nix b/flake.nix index 1256397..ddd5625 100644 --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,7 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; nixvim.url = "github:ahwxorg/nixvim-config"; sops-nix.url = "github:Mic92/sops-nix"; + disko.url = "github:nix-community/disko/latest"; }; outputs = @@ -22,6 +23,7 @@ self, nixpkgs, sops-nix, + disko, ... }@inputs: let @@ -116,6 +118,16 @@ inherit self inputs username; }; }; + hazel = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/hazel) + ]; + specialArgs = { + host = "hazel"; + inherit self inputs username; + }; + }; }; }; } From 962f39659683e4f16fa07d6e7b0b38b3115e37ef Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:33:52 +0200 Subject: [PATCH 075/162] feat: write cursed package function --- modules/home/packages.nix | 219 +++++++++++++++++++++----------------- 1 file changed, 119 insertions(+), 100 deletions(-) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 53f5652..aa7f77d 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -1,107 +1,126 @@ -{ inputs, pkgs, ... }: { - home.packages = with pkgs; [ - # Environment shit - tesseract - yubikey-touch-detector - wireguard-tools - openresolv - xdg-utils - killall - libnotify - openssl - pamixer - playerctl - wl-clipboard - cliphist - poweralertd - ffmpeg - zip - unzip - wget - xxd - gcc - gnumake - python3 + inputs, + lib, + pkgs, + ... +}: +with lib; +let + guiPkgs = + if (config.liv.gui == true) then + [ + element-desktop + gajim + signal-desktop + anki-bin + obs-studio + wdisplays + librewolf # main + ungoogled-chromium # for things that don't work with librewolf + nsxiv + imv + libreoffice + xfce.thunar + spotify + spotify-player + thunderbird + lxqt.pavucontrol-qt + mpv + plasma5Packages.kdeconnect-kde + # onthespot-overlay - # CLI shit - termpdfpy - vimv - iamb - pass - lm_sensors - neofetch - hyfetch - glow - eva - exiftool - translate-shell - progress - pwgen - jq - tmux - htop - eza - file - fzf - lazygit - gitleaks - ripgrep - yt-dlp - spotify-player - nodejs_22 - yarn - cargo - rustc - wikit - reader - nmap - speedtest-go - delta - powertop - android-tools - sshpass + # Gaming + lunar-client + ] + else + [ + killall + ]; +in +{ + home.packages = + with pkgs; + [ + # Environment shit + tesseract + yubikey-touch-detector + wireguard-tools + openresolv + xdg-utils + killall + libnotify + openssl + pamixer + playerctl + wl-clipboard + cliphist + poweralertd + ffmpeg + zip + unzip + wget + xxd + gcc + gnumake + python3 - # Install pip packages - # python3 - # python3Packages.pip - # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. - # pip install --user --break-system-packages - # '') + # CLI shit + termpdfpy + vimv + iamb + pass + lm_sensors + neofetch + hyfetch + glow + eva + exiftool + translate-shell + progress + pwgen + jq + tmux + htop + eza + file + fzf + lazygit + gitleaks + ripgrep + yt-dlp + nodejs_22 + yarn + cargo + rustc + wikit + reader + nmap + speedtest-go + delta + powertop + android-tools + sshpass + net-tools + nmap - # GUI shit - element-desktop - gajim - signal-desktop - anki-bin - obs-studio - wdisplays - librewolf # main - ungoogled-chromium # for things that don't work with librewolf - nsxiv - imv - libreoffice - xfce.thunar - spotify - thunderbird - lxqt.pavucontrol-qt - mpv - plasma5Packages.kdeconnect-kde - # onthespot-overlay + # Install pip packages + # python3 + # python3Packages.pip + # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. + # pip install --user --break-system-packages + # '') - # Gaming - lunar-client + inputs.alejandra.defaultPackage.${system} + inputs.nixvim.packages.${pkgs.system}.default + mermaid-cli + gnuplot - inputs.alejandra.defaultPackage.${system} - inputs.nixvim.packages.${pkgs.system}.default - mermaid-cli - gnuplot - - # Email/calendar/etc - neomutt - w3m - khard - khal - vdirsyncer - ]; + # Email/calendar/etc + neomutt + w3m + khard + khal + vdirsyncer + ] + ++ guiPkgs; } From 5813c632bf9fd3191596e5db00c1ddcc90c9c180 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:36:26 +0200 Subject: [PATCH 076/162] fix: make `config` input available so it can find `config.liv.gui` --- modules/home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index aa7f77d..ec02ef3 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -2,6 +2,7 @@ inputs, lib, pkgs, + config, ... }: with lib; From 81344ed4028429790cc79b8833f3bb083f7a29d4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:46:08 +0200 Subject: [PATCH 077/162] chore: update `hazel`'s configuration --- hosts/hazel/default.nix | 2 +- hosts/hazel/hardware-configuration.nix | 43 +++++++++++++++++++------- 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 03a0fad..fe687f7 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -42,7 +42,7 @@ boot = { loader.grub = { enable = true; - device = "/dev/sda"; + # device = "/dev/sda"; }; }; } diff --git a/hosts/hazel/hardware-configuration.nix b/hosts/hazel/hardware-configuration.nix index bfac344..37b1ec9 100644 --- a/hosts/hazel/hardware-configuration.nix +++ b/hosts/hazel/hardware-configuration.nix @@ -1,25 +1,44 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + fileSystems."/" = { + device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/E141-F5CE"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From cb3b12b8794113f67a728b95c3a2ea12ad2735c1 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:47:32 +0200 Subject: [PATCH 078/162] chore: disable `disko` as initial config is done --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index fe687f7..c350c3a 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -8,7 +8,7 @@ { imports = [ ./hardware-configuration.nix - ./disko.nix + # ./disko.nix ./../../modules/core/default.server.nix # ./../../modules/services/hazel.nix ]; From 274232c66b7cf3ed3205edc0e2b26cde2fb7edd6 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 30 Jul 2025 16:48:18 +0200 Subject: [PATCH 079/162] chore: adds device to `grub` on `hazel` --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index c350c3a..8bf4405 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -42,7 +42,7 @@ boot = { loader.grub = { enable = true; - # device = "/dev/sda"; + device = "/dev/sda"; }; }; } From 87d35346c5765ba9b3b58e376de1a57b18a0ba8f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:13:42 +0200 Subject: [PATCH 080/162] chore: partition disk `sda` with `mbr` so that grub wont be mad --- hosts/hazel/disko.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hazel/disko.nix b/hosts/hazel/disko.nix index d308f8b..957609b 100644 --- a/hosts/hazel/disko.nix +++ b/hosts/hazel/disko.nix @@ -5,11 +5,11 @@ ]; disko.devices = { disk = { - my-disk = { + sda = { device = "/dev/sda"; type = "disk"; content = { - type = "gpt"; + type = "mbr"; partitions = { ESP = { type = "EF00"; From d07c7417478b6ae2791abde7ba4d372bfdcd6a15 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:13:54 +0200 Subject: [PATCH 081/162] chore: adds winbox --- modules/home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index ec02ef3..d1ec514 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -28,6 +28,7 @@ let lxqt.pavucontrol-qt mpv plasma5Packages.kdeconnect-kde + winbox # onthespot-overlay # Gaming From 3c265f96fdbeaa2e56343ae21871197bc4788dfe Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:14:09 +0200 Subject: [PATCH 082/162] chore: adds `dandelion` to sops file --- .sops.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.sops.yaml b/.sops.yaml index 071f3c5..ca78916 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,7 @@ keys: - &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 + - &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd creation_rules: - path_regex: secrets/secrets.yaml key_groups: @@ -11,3 +12,8 @@ creation_rules: - age: - *sakura - *violet + - path_regex: secrets/dandelion/secrets.yaml + key_groups: + - age: + - *sakura + - *dandelion From 1d735c345a15c65e853aa29d99aeb6281b29f7cf Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:19:50 +0200 Subject: [PATCH 083/162] fix: set `avahi.enable` to `lib.mkDefault false` instead of `false` so that individual hosts can override this --- modules/core/network.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/core/network.nix b/modules/core/network.nix index dd950fc..9cb9355 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { networking = { networkmanager = { @@ -11,6 +11,6 @@ }; }; services = { - avahi.enable = false; + avahi.enable = lib.mkDefault false; }; } From 7e88abdfc1e458054777659e3dbfbcdcaf3e01a4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:20:46 +0200 Subject: [PATCH 084/162] chore: set `avahi.enable` to `lib.mkForce true` as it is being disabled by default for all networking-enabled machines --- modules/services/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nfs.nix b/modules/services/nfs.nix index 5391100..f49ee2e 100644 --- a/modules/services/nfs.nix +++ b/modules/services/nfs.nix @@ -26,7 +26,7 @@ # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` #nssmdns4 = true; # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it - enable = true; + enable = lib.mkForce true; openFirewall = true; }; samba-wsdd = { From 5cfbf7437d6cb9acd25cd94eba54108665ba8444 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:21:03 +0200 Subject: [PATCH 085/162] feat: adds `secrets.yaml` file for `dandelion` --- secrets/dandelion/secrets.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 secrets/dandelion/secrets.yaml diff --git a/secrets/dandelion/secrets.yaml b/secrets/dandelion/secrets.yaml new file mode 100644 index 0000000..110de11 --- /dev/null +++ b/secrets/dandelion/secrets.yaml @@ -0,0 +1,25 @@ +systemMailerPassword: ENC[AES256_GCM,data:b9Mmxo3beDpo1pi1Y+5TZn64ZeKJzJXlJwYFs5BjVMngeej+Y0naWmwBdlTEwzPm6OiO/N1haNQUlwT4KdOTx7t8PsZwQ5dOQl1gjWp0T+0ImWLImvINyvDIg6uh9RsvqLIJBvgLAtiUHE3jq7vLwDPaZ69tvjmGACNfNKX8A0A=,iv:BvmZ7GtDsHFWSY+cL10P1e7I75ZwrzjFJ6e5J2IbEic=,tag:g9yqAQtJ9kD3o1cfng0gTA==,type:str] +sops: + age: + - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcHFGUFltcUVSNnJXNWhI + TU5ySU1SQXVYdUFNOUlXdmZzYTZnZFhWQVJnCmV6T1duSnlGejNMc1hDUHovYTJE + Ri93OURqaEVrd0xCRUZZdWhsKzI1QkEKLS0tIExDeE9BNUxoYjhzWjBrM1FIUzV1 + cGpiNmJ6blQ2c1FiOEFnNllrbWxjWmsKDXsXc2tlmgXHmEveCVq1WMrFRtzLttgc + 0sMlwMFo71eV5JWrDjPbg0WwXonGI9TILJ09FFSTK7FRhwyFpgL6TA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS250MmZyazRFVGMzdzVy + T09EaE1lY1h1d3BiMFRlNWV2SXNXNFBuekRnClRieVJrbGFMRjdCZEFVUjdoa2JQ + K1RzalZBVThOMWl3T2pZakxUTUI5cXcKLS0tIHBPeVdtUmtCUmtOTVVRZlNwUXpO + L1d2bW5tRDhjQ2VaU0xDWWlZYi94TEUKvjD1Pk8/Jq18nCJioeVBYbfaT3rSYr4l + aZ+j21bb7tE3JbUQfGkYo2blJqZsxFxblZlvf6tK2DU39Tl64naUpQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-01T08:17:35Z" + mac: ENC[AES256_GCM,data:WrMLYUSjwh0MOPPAjGTzLip5I+4LxrQoSreKANsl6xwakMmDKzENgp3kzsZyAqWaX6OgLWh1YrpnN+9z6n3UDi+LGYj1WZwHeZnBCwnuyq9cyAhLdPxcvqp0bcNaZfI04IUPpMTk/8o14gpTsbCYy+eIUc/19golYN2NKr2B03Y=,iv:Np1OeYCWdnun3QlQ8MAPd2TRMFwdx1l3Ca0JffqCv64=,tag:jTLzww9TKQnmkla2PhCR1Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From 17acf4b2d8527e204e9ca567d63051503622e0da Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:24:49 +0200 Subject: [PATCH 086/162] feat: adds `else if` for `dandelion` --- modules/core/sops.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 1e4847a..1ec50d1 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -26,6 +26,10 @@ { "systemMailerPassword" = { }; } + else if (host == "dandelion") then + { + "systemMailerPassword" = { }; + } else { }; }; From 9b3ab6acf3e635cfab8757a885a6a1417e54940a Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 13:17:40 +0200 Subject: [PATCH 087/162] feat: import disko again --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 8bf4405..03a0fad 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -8,7 +8,7 @@ { imports = [ ./hardware-configuration.nix - # ./disko.nix + ./disko.nix ./../../modules/core/default.server.nix # ./../../modules/services/hazel.nix ]; From c0cab9eb1db6e22ef305119f3296275c2de2afdc Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 13:17:48 +0200 Subject: [PATCH 088/162] feat: make gpt but properly now --- hosts/hazel/disko.nix | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/hosts/hazel/disko.nix b/hosts/hazel/disko.nix index 957609b..c95d152 100644 --- a/hosts/hazel/disko.nix +++ b/hosts/hazel/disko.nix @@ -9,17 +9,12 @@ device = "/dev/sda"; type = "disk"; content = { - type = "mbr"; + type = "gpt"; partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; + boot = { + size = "1M"; + type = "EF02"; + priority = 1; }; root = { size = "100%"; From 29839e9f5b06fb3565163a1ac69a7a851cd5c1a7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 13:18:13 +0200 Subject: [PATCH 089/162] chore: comment out things from `hardware-configuration.nix` as those are no longer valid --- hosts/hazel/hardware-configuration.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hosts/hazel/hardware-configuration.nix b/hosts/hazel/hardware-configuration.nix index 37b1ec9..a1d5101 100644 --- a/hosts/hazel/hardware-configuration.nix +++ b/hosts/hazel/hardware-configuration.nix @@ -24,21 +24,21 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6"; - fsType = "ext4"; - }; + # fileSystems."/" = { + # device = "/dev/disk/by-uuid/864dfbec-81f0-460f-b970-27693a0ad0e6"; + # fsType = "ext4"; + # }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/E141-F5CE"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; + # fileSystems."/boot" = { + # device = "/dev/disk/by-uuid/E141-F5CE"; + # fsType = "vfat"; + # options = [ + # "fmask=0077" + # "dmask=0077" + # ]; + # }; - swapDevices = [ ]; + # swapDevices = [ ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From fe43e44718865758d70983deef3ae927b39785f2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 13:18:32 +0200 Subject: [PATCH 090/162] feat: move `guiPkgs` to `gui.nix` --- modules/home/packages.nix | 193 +++++++++++++++----------------------- roles/gui.nix | 26 +++++ 2 files changed, 104 insertions(+), 115 deletions(-) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index d1ec514..9fa833f 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -5,124 +5,87 @@ config, ... }: -with lib; -let - guiPkgs = - if (config.liv.gui == true) then - [ - element-desktop - gajim - signal-desktop - anki-bin - obs-studio - wdisplays - librewolf # main - ungoogled-chromium # for things that don't work with librewolf - nsxiv - imv - libreoffice - xfce.thunar - spotify - spotify-player - thunderbird - lxqt.pavucontrol-qt - mpv - plasma5Packages.kdeconnect-kde - winbox - # onthespot-overlay - - # Gaming - lunar-client - ] - else - [ - killall - ]; -in { - home.packages = - with pkgs; - [ - # Environment shit - tesseract - yubikey-touch-detector - wireguard-tools - openresolv - xdg-utils - killall - libnotify - openssl - pamixer - playerctl - wl-clipboard - cliphist - poweralertd - ffmpeg - zip - unzip - wget - xxd - gcc - gnumake - python3 + home.packages = with pkgs; [ + # Environment shit + tesseract + yubikey-touch-detector + wireguard-tools + openresolv + xdg-utils + killall + libnotify + openssl + pamixer + playerctl + wl-clipboard + cliphist + poweralertd + ffmpeg + zip + unzip + wget + xxd + gcc + gnumake + python3 - # CLI shit - termpdfpy - vimv - iamb - pass - lm_sensors - neofetch - hyfetch - glow - eva - exiftool - translate-shell - progress - pwgen - jq - tmux - htop - eza - file - fzf - lazygit - gitleaks - ripgrep - yt-dlp - nodejs_22 - yarn - cargo - rustc - wikit - reader - nmap - speedtest-go - delta - powertop - android-tools - sshpass - net-tools - nmap + # CLI shit + termpdfpy + vimv + iamb + pass + lm_sensors + neofetch + hyfetch + glow + eva + exiftool + translate-shell + progress + pwgen + jq + tmux + htop + eza + file + fzf + lazygit + gitleaks + ripgrep + yt-dlp + nodejs_22 + yarn + cargo + rustc + wikit + reader + nmap + speedtest-go + delta + powertop + android-tools + sshpass + net-tools + nmap - # Install pip packages - # python3 - # python3Packages.pip - # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. - # pip install --user --break-system-packages - # '') + # Install pip packages + # python3 + # python3Packages.pip + # (writeShellScriptBin "install-pip-packages" '' # This script does not run, yet. + # pip install --user --break-system-packages + # '') - inputs.alejandra.defaultPackage.${system} - inputs.nixvim.packages.${pkgs.system}.default - mermaid-cli - gnuplot + inputs.alejandra.defaultPackage.${system} + inputs.nixvim.packages.${pkgs.system}.default + mermaid-cli + gnuplot - # Email/calendar/etc - neomutt - w3m - khard - khal - vdirsyncer - ] - ++ guiPkgs; + # Email/calendar/etc + neomutt + w3m + khard + khal + vdirsyncer + ]; } diff --git a/roles/gui.nix b/roles/gui.nix index 4b05bd4..150c808 100644 --- a/roles/gui.nix +++ b/roles/gui.nix @@ -21,5 +21,31 @@ in gnome.gnome-keyring.enable = true; dbus.enable = true; }; + + home-manager.users.${username}.home.packages = with pkgs; [ + element-desktop + gajim + signal-desktop + anki-bin + obs-studio + wdisplays + librewolf # main + ungoogled-chromium # for things that don't work with librewolf + nsxiv + imv + libreoffice + xfce.thunar + spotify + spotify-player + thunderbird + lxqt.pavucontrol-qt + mpv + plasma5Packages.kdeconnect-kde + winbox + # onthespot-overlay + + # Gaming + lunar-client + ]; }; } From cc566fed4f4e8ecf6498aa3029d416bd38f38695 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 13:18:45 +0200 Subject: [PATCH 091/162] chore: cleanup old code --- modules/services/nginx.nix | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index fd64712..cda6d24 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -37,24 +37,6 @@ recommendedProxySettings = true; clientMaxBodySize = lib.mkDefault "10G"; - #defaultListen = - # let - # listen = [ - # { - # addr = "[::]"; - # port = 80; - # extraParameters = [ "proxy_protocol" ]; - # } - # { - # addr = "[::]"; - # port = 443; - # ssl = true; - # extraParameters = [ "proxy_protocol" ]; - # } - # ]; - # in - # map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen; - # Hardened TLS and HSTS preloading appendHttpConfig = '' # Proxying From f7b25b3316473f88411f23edf189c49e41e3fc33 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 2 Aug 2025 00:40:47 +0200 Subject: [PATCH 092/162] feat: adds `sshuttle` to gui systems --- roles/gui.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/gui.nix b/roles/gui.nix index 150c808..387ed07 100644 --- a/roles/gui.nix +++ b/roles/gui.nix @@ -46,6 +46,9 @@ in # Gaming lunar-client + + # Not GUI but specific to GUI usage + sshuttle ]; }; } From 96772558fada8c5953e8992d0796c6147fab7d7b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 2 Aug 2025 01:14:21 +0200 Subject: [PATCH 093/162] feat: adds `daisy` host --- hosts/daisy/default.nix | 48 ++++++++++++++++++++++++++ hosts/daisy/hardware-configuration.nix | 37 ++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 hosts/daisy/default.nix create mode 100644 hosts/daisy/hardware-configuration.nix diff --git a/hosts/daisy/default.nix b/hosts/daisy/default.nix new file mode 100644 index 0000000..f511347 --- /dev/null +++ b/hosts/daisy/default.nix @@ -0,0 +1,48 @@ +{ + pkgs, + config, + lib, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + ./../../modules/core/default.server.nix + # ./../../modules/services/violet.nix + ]; + + networking = { + hostName = "daisy"; + networkmanager.enable = true; + firewall = { + allowedTCPPorts = [ + # 80 + # 443 + # 25565 + 9123 + ]; + }; + }; + + time.timeZone = "Europe/Amsterdam"; + + environment.systemPackages = with pkgs; [ + pkgs.kitty.terminfo + ]; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sdb"; + useOSProber = true; + }; + kernelModules = [ "acpi_call" ]; + extraModulePackages = + with config.boot.kernelPackages; + [ + acpi_call + cpupower + ] + ++ [ pkgs.cpupower-gui ]; + }; +} diff --git a/hosts/daisy/hardware-configuration.nix b/hosts/daisy/hardware-configuration.nix new file mode 100644 index 0000000..4508655 --- /dev/null +++ b/hosts/daisy/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "hpsa" "mpt3sas" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/02aaca49-be45-42ad-ba44-6f5dbfe9032e"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/40aff86f-c371-4f7f-ab62-5665c4f1c071"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.eno3.useDHCP = lib.mkDefault true; + # networking.interfaces.eno4.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 0547c948ab95f966f01e97f5df47e350eb193061 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 2 Aug 2025 01:17:07 +0200 Subject: [PATCH 094/162] feat: adds `hazel` and `daisy` as servers instead of normal user machines --- modules/core/user.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/core/user.nix b/modules/core/user.nix index eef3a74..8370132 100644 --- a/modules/core/user.nix +++ b/modules/core/user.nix @@ -26,6 +26,10 @@ [ ./../home/default.server.nix ] else if (host == "posy") then [ ./../home/default.server.nix ] + else if (host == "hazel") then + [ ./../home/default.server.nix ] + else if (host == "daisy") then + [ ./../home/default.server.nix ] # else if (host == "yoshino") then # [ ./../home/default.nix ] else From ff942eb88a369e9e9b9f8206e241f53ab2473586 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 2 Aug 2025 01:17:19 +0200 Subject: [PATCH 095/162] feat: adds `daisy` host to flake --- flake.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/flake.nix b/flake.nix index ddd5625..dee9411 100644 --- a/flake.nix +++ b/flake.nix @@ -128,6 +128,16 @@ inherit self inputs username; }; }; + daisy = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/daisy) + ]; + specialArgs = { + host = "daisy"; + inherit self inputs username; + }; + }; }; }; } From e110052eea93f3634b98219671e858f3e806b7c9 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 2 Aug 2025 12:35:38 +0200 Subject: [PATCH 096/162] chore: comment out bootloader as that's not required apparently?? --- hosts/hazel/default.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 03a0fad..ddf9849 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -39,10 +39,11 @@ ]; }; - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - }; + #boot = { + # loader.grub = { + # enable = true; + # device = "/dev/sda"; + # useOSProber = true; + # }; + #}; } From b4e6c45ca5c1d558820a3a5989f25ea28bc58e22 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 2 Aug 2025 12:39:09 +0200 Subject: [PATCH 097/162] feat: set `initialPassword` --- modules/core/user.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/user.nix b/modules/core/user.nix index 8370132..aa2c3ec 100644 --- a/modules/core/user.nix +++ b/modules/core/user.nix @@ -57,6 +57,7 @@ "wheel" ]; shell = pkgs.zsh; + initialPassword = "temporary-password"; }; nix.settings.allowed-users = [ "${username}" ]; } From 58e4e735dc3aeee71e4c1a87c88b9e7edbbd4b84 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:17:11 +0200 Subject: [PATCH 098/162] feat: enable `nix-serve` for local devices --- modules/services/nix-serve.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 modules/services/nix-serve.nix diff --git a/modules/services/nix-serve.nix b/modules/services/nix-serve.nix new file mode 100644 index 0000000..06fcdfc --- /dev/null +++ b/modules/services/nix-serve.nix @@ -0,0 +1,18 @@ +{ config, ... }: +{ + services = { + nix-serve = { + enable = true; + secretKeyFile = "/var/secrets/cache-private-key.pem"; + }; + + nginx.virtualHosts."violet.booping.local" = { + forceSSL = false; + # sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + # sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + }; + }; +} From c2159bf950528b784b9fd5fff98f3309a0223149 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:17:51 +0200 Subject: [PATCH 099/162] feat: adds user for remote building --- modules/services/remote-build.nix | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 modules/services/remote-build.nix diff --git a/modules/services/remote-build.nix b/modules/services/remote-build.nix new file mode 100644 index 0000000..811231f --- /dev/null +++ b/modules/services/remote-build.nix @@ -0,0 +1,55 @@ +{ + config, + pkgs, + username, + ... +}: +{ + users.users.remotebuild = { + isNormalUser = true; + createHome = false; + group = "remotebuild"; + openssh.authorizedKeys.keys = config.users.users.${username}.openssh.authorizedKeys.keys ++ [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion +" + ]; + }; + + users.groups.remotebuild = { }; + + nix = { + nrBuildUsers = 64; + settings = { + trusted-users = [ "remotebuild" ]; + + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + + max-jobs = "auto"; + cores = 0; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + + # add to clients: + # nix.distributedBuilds = true; + # nix.settings.builders-use-substitutes = true; + # nix.buildMachines = [ + # { + # hostName = "violet"; + # sshUser = "remotebuild"; + # sshKey = "/home/liv/.ssh/id_ed25519"; # Make sure to give a key that works for this user. + # system = pkgs.stdenv.hostPlatform.system; + # supportedFeatures = [ + # "nixos-test" + # "big-parallel" + # "kvm" + # ]; + # } + # ]; +} From 9c5f55644faa926a3437ef0bcb9d167f2e861a9a Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:18:40 +0200 Subject: [PATCH 100/162] chore: move `secrets.yaml` to host-specific folder --- secrets/{ => sakura}/secrets.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename secrets/{ => sakura}/secrets.yaml (100%) diff --git a/secrets/secrets.yaml b/secrets/sakura/secrets.yaml similarity index 100% rename from secrets/secrets.yaml rename to secrets/sakura/secrets.yaml From 69a7d717d68a4ce239e772db77418c32af82f83e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:18:51 +0200 Subject: [PATCH 101/162] flake: update (nixvim) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 3be4fca..ea8e840 100644 --- a/flake.lock +++ b/flake.lock @@ -954,11 +954,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1753605519, - "narHash": "sha256-RJTIXX9JMeUOA3sJuiqJRBXFzzQLM6GrOFrL8+Iy6hg=", + "lastModified": 1754172548, + "narHash": "sha256-8lWMN23VGQHTN5Kg5Kz1UMakt42brOlMz2IKxFBvKog=", "owner": "ahwxorg", "repo": "nixvim-config", - "rev": "20053a4d7a90b56cb7fe38d9557d71aeecd2cb47", + "rev": "fe2f1c27fa532489800b8f4d17f12c13299afa8d", "type": "github" }, "original": { From 1f06aba566244bfd0ea47d0984b215662d43fb71 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:20:32 +0200 Subject: [PATCH 102/162] feat: adds `nix-ld` and no longer hard-code timezone --- modules/core/system.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/core/system.nix b/modules/core/system.nix index cc2ab7c..71ecb33 100644 --- a/modules/core/system.nix +++ b/modules/core/system.nix @@ -14,6 +14,8 @@ "nix-command" "flakes" ]; + # substituters = [ "http://violet.booping.local" ]; + # trusted-public-keys = [ "violet.booping.local:2gshN3xfGSL7eKFc8tGkqSoIb3WQxuB2RJ8DuakLLqc=%" ]; }; gc = { automatic = true; @@ -22,6 +24,11 @@ }; }; + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ ]; + }; + # nixpkgs = { # overlays = [ # self.overlays.default @@ -56,6 +63,6 @@ ipaexfont ]; - time.timeZone = "Europe/Amsterdam"; + time.timeZone = lib.mkDefault "Europe/Amsterdam"; system.stateVersion = "24.05"; } From ee59ff3f3b2fec0067fe600354558c37aa9003b7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:20:57 +0200 Subject: [PATCH 103/162] feat: set new colorscheme for kitty; fix deprecation error for `theme` option --- modules/home/kitty.nix | 101 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 99 insertions(+), 2 deletions(-) diff --git a/modules/home/kitty.nix b/modules/home/kitty.nix index 3f20039..39371d6 100644 --- a/modules/home/kitty.nix +++ b/modules/home/kitty.nix @@ -3,7 +3,7 @@ programs.kitty = { enable = true; - theme = "3024 Night"; + # theme = "3024 Night"; font = { name = "GohuFont 14 Nerd Font Mono"; @@ -12,7 +12,7 @@ settings = { confirm_os_window_close = 0; - background_opacity = "0.25"; + background_opacity = "0.50"; window_padding_width = 10; scrollback_lines = 10000; enable_audio_bell = false; @@ -35,5 +35,102 @@ "ctrl+shift+left" = "no_op"; "ctrl+shift+right" = "no_op"; }; + extraConfig = '' + # vim:ft=kitty + + ## name: Base2Tone Suburb Dark + ## author: Bram de Haan (https://github.com/atelierbram) + ## license: MIT + ## upstream: https://github.com/atelierbram/Base2Tone-kitty/blob/main/themes/base2tone-suburb-dark.conf + ## blurb: duotone theme | warm blue - bright pink + + + #: The basic colors + + foreground #878ba6 + # background #1e202f + selection_foreground #878ba6 + selection_background #292c3d + + + #: Cursor colors + + cursor #d14781 + cursor_text_color #1e202f + + + #: URL underline color when hovering with mouse + + url_color #d2d8fe + + + #: kitty window border colors and terminal bell colors + + active_border_color #444864 + inactive_border_color #1e202f + bell_border_color #5165e6 + visual_bell_color none + + + #: OS Window titlebar colors + + wayland_titlebar_color #292c3d + macos_titlebar_color #292c3d + + + #: Tab bar colors + + active_tab_foreground #fbf9fa + active_tab_background #1e202f + inactive_tab_foreground #b0a6aa + inactive_tab_background #292c3d + tab_bar_background #292c3d + tab_bar_margin_color none + + + #: Colors for marks (marked text in the terminal) + + mark1_foreground #1e202f + mark1_background #6375ee + mark2_foreground #1e202f + mark2_background #8d8186 + mark3_foreground #1e202f + mark3_background #e44e8c + + + #: The basic 16 colors + + #: black + color0 #1e202f + color8 #4f5472 + + #: red + color1 #7586f5 + color9 #fe81b5 + + #: green + color2 #fb6fa9 + color10 #292c3d + + #: yellow + color3 #ffb3d2 + color11 #444864 + + #: blue + color4 #8696fd + color12 #5b6080 + + #: magenta + color5 #fb6fa9 + color13 #d2d8fe + + #: cyan + color6 #a0acfe + color14 #f764a1 + + #: white + color7 #878ba6 + color15 #ebedff + ''; }; } From 0fa2dd54dcfe50689eed1e25dc7e1e5994cb4580 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 3 Aug 2025 12:21:14 +0200 Subject: [PATCH 104/162] feat: adds more `zsh` things --- modules/home/zsh.nix | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 28fde10..35d8bb5 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -11,6 +11,18 @@ enable = true; autocd = true; autosuggestion.enable = true; + syntaxHighlighting = { + enable = true; + highlighters = [ + "main" + "brackets" + "pattern" + "regexp" + "cursor" + "root" + "line" + ]; + }; enableCompletion = true; # enableGlobalCompInit = true; # Should be a thing according to NixOS options but is not a thing? @@ -137,6 +149,7 @@ enable = true; abbreviations = { mkdir = "mkdir -p"; + mv = "mv --interactive"; vim = "nvim"; v = "nvim"; vi = "nvim"; @@ -191,6 +204,7 @@ sxiv = "nsxiv"; enby = "man"; woman = "man"; + mkcd = "mkdir $1 && cd $1"; # NixOS ns = "nix-shell --run zsh"; @@ -202,16 +216,16 @@ }; plugins = with pkgs; [ - { - name = "zsh-syntax-highlighting"; - src = fetchFromGitHub { - owner = "zsh-users"; - repo = "zsh-syntax-highlighting"; - rev = "0.6.0"; - sha256 = "0zmq66dzasmr5pwribyh4kbkk23jxbpdw4rjxx0i7dx8jjp2lzl4"; - }; - file = "zsh-syntax-highlighting.zsh"; - } + #{ + # name = "zsh-syntax-highlighting"; + # src = fetchFromGitHub { + # owner = "zsh-users"; + # repo = "zsh-syntax-highlighting"; + # rev = "0.6.0"; + # sha256 = "0zmq66dzasmr5pwribyh4kbkk23jxbpdw4rjxx0i7dx8jjp2lzl4"; + # }; + # file = "zsh-syntax-highlighting.zsh"; + #} { name = "zsh-autopair"; src = fetchFromGitHub { From 62f1aa90c2410dbabd2db7e1091d8603cec42e2d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 4 Aug 2025 14:27:34 +0200 Subject: [PATCH 105/162] chore: secrets --- secrets/dandelion/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/dandelion/secrets.yaml b/secrets/dandelion/secrets.yaml index 110de11..250086e 100644 --- a/secrets/dandelion/secrets.yaml +++ b/secrets/dandelion/secrets.yaml @@ -1,4 +1,5 @@ systemMailerPassword: ENC[AES256_GCM,data:b9Mmxo3beDpo1pi1Y+5TZn64ZeKJzJXlJwYFs5BjVMngeej+Y0naWmwBdlTEwzPm6OiO/N1haNQUlwT4KdOTx7t8PsZwQ5dOQl1gjWp0T+0ImWLImvINyvDIg6uh9RsvqLIJBvgLAtiUHE3jq7vLwDPaZ69tvjmGACNfNKX8A0A=,iv:BvmZ7GtDsHFWSY+cL10P1e7I75ZwrzjFJ6e5J2IbEic=,tag:g9yqAQtJ9kD3o1cfng0gTA==,type:str] +dandelionSyncthingId: ENC[AES256_GCM,data:YgkjHxSD5mp44MMd7X46Rt5FqW89prMvhrkvHN5dxvPJ937cOGV9WYXf69A0+0XEbO97jlDAp7ph1GF0Q9UV,iv:45gaF2MZh1GbZmvKRnEtkQfNgx11r9xYaxvqAkU2ZkM=,tag:f9Iel/5029acJuzzTmyHXQ==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -19,7 +20,7 @@ sops: L1d2bW5tRDhjQ2VaU0xDWWlZYi94TEUKvjD1Pk8/Jq18nCJioeVBYbfaT3rSYr4l aZ+j21bb7tE3JbUQfGkYo2blJqZsxFxblZlvf6tK2DU39Tl64naUpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-01T08:17:35Z" - mac: ENC[AES256_GCM,data:WrMLYUSjwh0MOPPAjGTzLip5I+4LxrQoSreKANsl6xwakMmDKzENgp3kzsZyAqWaX6OgLWh1YrpnN+9z6n3UDi+LGYj1WZwHeZnBCwnuyq9cyAhLdPxcvqp0bcNaZfI04IUPpMTk/8o14gpTsbCYy+eIUc/19golYN2NKr2B03Y=,iv:Np1OeYCWdnun3QlQ8MAPd2TRMFwdx1l3Ca0JffqCv64=,tag:jTLzww9TKQnmkla2PhCR1Q==,type:str] + lastmodified: "2025-08-04T12:19:27Z" + mac: ENC[AES256_GCM,data:5bbqvvcMj3t7quhjgZ5By2vRaz0pOdPSbZaGJ1p6QLEJvynm/9wOPt/8xs4dOYFlXbQ52PlouXVkdp6J8RPLeD/tpDFmMy7QIN1mHdcFQmsiulML43n4gSPV3ZAbJ1hlTjfBHNN5hyXKDzXxMXjTQL+jCeA/7493JVaC/Yv1psw=,iv:0RcZmJT72Ih4JyMby0F0ALkKsN0bXPy1E/7GtpUdgt4=,tag:s6MmfLhGDaIJr0Q0RucZQw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 5adcaba8ecb34401838f83cb2e9d2ad4eb44872e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 4 Aug 2025 14:27:38 +0200 Subject: [PATCH 106/162] chore: secrets --- secrets/sakura/secrets.yaml | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/secrets/sakura/secrets.yaml b/secrets/sakura/secrets.yaml index 0dab49b..f16d281 100644 --- a/secrets/sakura/secrets.yaml +++ b/secrets/sakura/secrets.yaml @@ -1,18 +1,5 @@ systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str] -# -# -# -#ENC[AES256_GCM,data:WflW57V0HPZBinBmThQZxDjILXgY62hOrQLKjp2mElmaHt09pd0SS/qZvYZEyLQ=,iv:1GF427GJB8sZbD4cPYiX6vWXW+g7ITAyXz8dWPqpcvM=,tag:SewPaiwvOXfuYu1boXbEkg==,type:comment] -hello: ENC[AES256_GCM,data:ayluRTSd1xDWGf1K+rMibtj+9fCDy5GMwv0wTDdf1C2hIQeColi6gUdpYTwwZw==,iv:DfG10vFe0HAaCnN8e6ik3QixjhTj2KsDGiwg6XufpBQ=,tag:Y1q3uREa3CXSFZBJMYc6cQ==,type:str] -example_key: ENC[AES256_GCM,data:YdS40bL6x1LmRwg76Q==,iv:5FdtHG3iE50vktShWVdkv9oBrUQoqUesGSvPoaD0j2U=,tag:DDaJXIyozB6N2Cj6Bxk1nA==,type:str] -#ENC[AES256_GCM,data:VMGPI7MXiCSTO9QDlT5DUg==,iv:qkKFWGJKQswSdvetMrn3oD1o3c5nzk1UUDpjlbNnRgY=,tag:ZdP7az9j92eYzfQSqFF5gQ==,type:comment] -example_array: - - ENC[AES256_GCM,data:afMceLch3kcnHzf73Ic=,iv:CQbLPVQVo4QB696Z6J5tgF+1/ZL+9/rKOuGsY8xV1XI=,tag:8yG6JXG9C4KXhiA+AyeSGg==,type:str] - - ENC[AES256_GCM,data:QIa8LkkS1c3AW3T3hbs=,iv:8v20+UPaPnddw8WPJo1tTpf/o7Xi+3cFnwjNOM0UaqQ=,tag:FbWSFLwTcDwBtd+gGeONNg==,type:str] -example_number: ENC[AES256_GCM,data:7ok2x8uHYpAFoQ==,iv:S16WiwAx0OWtuDeuLINJH8xllMGWxzt/3+K5/RNlY5U=,tag:6ytIj66O8rRtTObpmIB/UQ==,type:float] -example_booleans: - - ENC[AES256_GCM,data:Npqj1Q==,iv:uPFu6d24WJVz4N0eOKRSgDgiHYxQoAhPqNRY0dk9rVQ=,tag:V9FEUgx8W707N+q+K63yoA==,type:bool] - - ENC[AES256_GCM,data:J1LcbM8=,iv:TLFH/WyteSCphbR4IlzUr12sUfmCj3mpIeBbBqfNnb4=,tag:YDEJvQB8c8xEeXOupNrYmQ==,type:bool] +dandelionSyncthingId: ENC[AES256_GCM,data:crzT7Ph2gDYm/LAyEM2yw/THzu+Dv5SBrw17NF42j2jCvGMLaDgdlMAhkJlr7bonnpjII+9/TLjEXtcEIhcd,iv:6e94tT8rCLFxwDWLNj2T/Fx+0yAuhfS2AdjAKJKt/k0=,tag:Ai44ZvRZps4lQ4gLBbfUDw==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -24,7 +11,7 @@ sops: bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/ JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-27T23:20:55Z" - mac: ENC[AES256_GCM,data:hKxGeDETPmOxbyXm2zd/wNKY8nmlUGjbBQorV2pmUgFSNGXxkZifwzT5b0E4ZWaxWyO0bqqEH/jRkIwrU46SDN+RAqZBm5iDwFfmV9QPOlUOgfPDFi2Ho8yDlouvjB6FkwJwooGF3uvGs1bM2in9WMCcI+GFiEi5+VOHBmKtx8U=,iv:1gKoMdKhujmvMyAi4cU4av5tkSPY2ykJShMTtK+2Dnk=,tag:AhuWcD9+Gi9UsQXJm/6qEQ==,type:str] + lastmodified: "2025-08-04T12:27:22Z" + mac: ENC[AES256_GCM,data:P5S1Rv3nViY/1L5Ne2eBt0LTkZc59Oz5r07WqitZfqUyW6n11VjRFCAbB4EODZUEemUVR5KgBh1LXoZuhMb16jjTHviFW/ODTliBD9JdddG9CMVTygly49Jr4zscoMGcqZi3zQD/iuKygVxJsBM7LlF8lumyT+wGO2G/3uyeO74=,iv:Q5NOgpkRtBcRJndRZbEFQCn4xoa7yvUNoJFDUTK3xxQ=,tag:sOL1Enx0Cc2tfvwXr1JMyA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From a21233bcdc9458b026dc81a77ae0e985404998af Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 4 Aug 2025 14:27:47 +0200 Subject: [PATCH 107/162] fix: allow sops to use new location --- .sops.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index ca78916..b08f268 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,7 @@ keys: - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 - &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd creation_rules: - - path_regex: secrets/secrets.yaml + - path_regex: secrets/sakura/secrets.yaml key_groups: - age: - *sakura From 32a29ebba0ffe662c40f34fadd464bbedf6526cf Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 4 Aug 2025 14:33:04 +0200 Subject: [PATCH 108/162] chore: secrets --- secrets/dandelion/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/dandelion/secrets.yaml b/secrets/dandelion/secrets.yaml index 250086e..1d7791f 100644 --- a/secrets/dandelion/secrets.yaml +++ b/secrets/dandelion/secrets.yaml @@ -1,5 +1,6 @@ systemMailerPassword: ENC[AES256_GCM,data:b9Mmxo3beDpo1pi1Y+5TZn64ZeKJzJXlJwYFs5BjVMngeej+Y0naWmwBdlTEwzPm6OiO/N1haNQUlwT4KdOTx7t8PsZwQ5dOQl1gjWp0T+0ImWLImvINyvDIg6uh9RsvqLIJBvgLAtiUHE3jq7vLwDPaZ69tvjmGACNfNKX8A0A=,iv:BvmZ7GtDsHFWSY+cL10P1e7I75ZwrzjFJ6e5J2IbEic=,tag:g9yqAQtJ9kD3o1cfng0gTA==,type:str] dandelionSyncthingId: ENC[AES256_GCM,data:YgkjHxSD5mp44MMd7X46Rt5FqW89prMvhrkvHN5dxvPJ937cOGV9WYXf69A0+0XEbO97jlDAp7ph1GF0Q9UV,iv:45gaF2MZh1GbZmvKRnEtkQfNgx11r9xYaxvqAkU2ZkM=,tag:f9Iel/5029acJuzzTmyHXQ==,type:str] +sakuraSyncthingId: ENC[AES256_GCM,data:dzMpAy6wzlbGdnsesc7OUB25AkvdRwReT+o1UUqoz1VXXldy5esTpa3vGqM2B/Qa3lZq999VX4hejisSRBGd,iv:Eorc7tX4cnu2n2Kc1uPrfTdU5KQ8jjUsKDuByf1/mts=,tag:+ev+2RbN1v22N96zuQHV9w==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -20,7 +21,7 @@ sops: L1d2bW5tRDhjQ2VaU0xDWWlZYi94TEUKvjD1Pk8/Jq18nCJioeVBYbfaT3rSYr4l aZ+j21bb7tE3JbUQfGkYo2blJqZsxFxblZlvf6tK2DU39Tl64naUpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-04T12:19:27Z" - mac: ENC[AES256_GCM,data:5bbqvvcMj3t7quhjgZ5By2vRaz0pOdPSbZaGJ1p6QLEJvynm/9wOPt/8xs4dOYFlXbQ52PlouXVkdp6J8RPLeD/tpDFmMy7QIN1mHdcFQmsiulML43n4gSPV3ZAbJ1hlTjfBHNN5hyXKDzXxMXjTQL+jCeA/7493JVaC/Yv1psw=,iv:0RcZmJT72Ih4JyMby0F0ALkKsN0bXPy1E/7GtpUdgt4=,tag:s6MmfLhGDaIJr0Q0RucZQw==,type:str] + lastmodified: "2025-08-04T12:32:42Z" + mac: ENC[AES256_GCM,data:JrU10DY9ih8eMtR3vNpuGppU4gZQyxAzDZ7R2+UFnv/g0zGVYnIKyVEQB9AfO2PEc+nBIYvruiO8XJrqx9O3osf7gvICXnWgEB8C4VPv7IvgniPz68O0hAgpBKkh7Lj0ZP/EGpjXjMr1yBTLtMWsFBXqJa16cD21qsHnlQjBp9Q=,iv:4LWlyE86dKDgwErqE/PmbquGFyQxUVfZw8bifjSB51I=,tag:95INrs/69ipBIutWb5ZbrA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 48ca8a3495bfe9ff3932e9e0fbe1d4cb6684866b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 4 Aug 2025 14:33:10 +0200 Subject: [PATCH 109/162] chore: secrets --- secrets/sakura/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/sakura/secrets.yaml b/secrets/sakura/secrets.yaml index f16d281..b6ee715 100644 --- a/secrets/sakura/secrets.yaml +++ b/secrets/sakura/secrets.yaml @@ -1,5 +1,6 @@ systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str] dandelionSyncthingId: ENC[AES256_GCM,data:crzT7Ph2gDYm/LAyEM2yw/THzu+Dv5SBrw17NF42j2jCvGMLaDgdlMAhkJlr7bonnpjII+9/TLjEXtcEIhcd,iv:6e94tT8rCLFxwDWLNj2T/Fx+0yAuhfS2AdjAKJKt/k0=,tag:Ai44ZvRZps4lQ4gLBbfUDw==,type:str] +sakuraSyncthingId: ENC[AES256_GCM,data:/4MQEcCYVsw2ad2WmUn8Y2f/9mUcyjU9l7Z7PorexQfwaIucmfNH1+Z/FF+0wRj4uaUQLqpR29bRl3EQr/ve,iv:FsiLQYuLZ9YvkfqyF3mAV6jW7csZ5+yXx0sN8f768BE=,tag:U/OTuSnjkOeVT6Vdz96bOw==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -11,7 +12,7 @@ sops: bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/ JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-04T12:27:22Z" - mac: ENC[AES256_GCM,data:P5S1Rv3nViY/1L5Ne2eBt0LTkZc59Oz5r07WqitZfqUyW6n11VjRFCAbB4EODZUEemUVR5KgBh1LXoZuhMb16jjTHviFW/ODTliBD9JdddG9CMVTygly49Jr4zscoMGcqZi3zQD/iuKygVxJsBM7LlF8lumyT+wGO2G/3uyeO74=,iv:Q5NOgpkRtBcRJndRZbEFQCn4xoa7yvUNoJFDUTK3xxQ=,tag:sOL1Enx0Cc2tfvwXr1JMyA==,type:str] + lastmodified: "2025-08-04T12:32:56Z" + mac: ENC[AES256_GCM,data:so7buQVx6nUTRYBfCPdITDccVWOjEmfPslkG8+Z0RKkDgIgwH4Aa/GnTkX0WxmB2bbI6/GQ1PhILE4UXTo8O7W0OO10+PWV2AWwngMcog+ggbH7qpd1395Tw0A8KiiXdPXwxFBEZqrYkKmYVyw314H02+h5+Qd3irH0bWqmpGOg=,iv:Sy4wR3GdSJCR1tlAxV2lau7cpLox/CoiGTC5eZoNVos=,tag:W2pv//unvIE0HBuJ0v35GA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From e9dd877b7782b9515a09b83aced6b37f2f29cbce Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 20:56:02 +0200 Subject: [PATCH 110/162] fix: `zfs` volumes and allow ports for `iperf` --- hosts/dandelion/default.nix | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index afee27e..70aae74 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -40,6 +40,15 @@ ]; }; + networking.firewall = { + allowedTCPPorts = [ + 5201 + ]; + allowedUDPPorts = [ + 5201 + ]; + }; + environment.systemPackages = with pkgs; [ kitty.terminfo zfs @@ -60,16 +69,22 @@ trim.enable = true; }; - boot.zfs.extraPools = [ "spinners" ]; + boot.zfs.extraPools = [ + "spinners" + ]; - fileSystems = { - "/spinners/rootvol" = { - device = "terrabite/rootvol"; - fsType = "zfs"; - }; - "/spinners/ahwx" = { - device = "terrabite/ahwx"; - fsType = "zfs"; - }; - }; + # fileSystems = { + # "/spinners/rootvol" = { + # device = "spinners/rootvol"; + # fsType = "zfs"; + # }; + # "/spinners/ahwx" = { + # device = "spinners/ahwx"; + # fsType = "zfs"; + # }; + # "/spinners/violet" = { + # device = "spinners/violet"; + # fsType = "zfs"; + # }; + # }; } From 89c0f745f811ec17e7cb520df14dbc22866eaa5d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 20:58:50 +0200 Subject: [PATCH 111/162] fix: replace `pkgs.samba4Full` for `pkgs.samba` --- modules/services/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nfs.nix b/modules/services/nfs.nix index f49ee2e..2f9d3c4 100644 --- a/modules/services/nfs.nix +++ b/modules/services/nfs.nix @@ -8,7 +8,7 @@ services = { # Network shares samba = { - package = pkgs.samba4Full; + package = pkgs.samba; # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba` # Required for samba to register mDNS records for auto discovery # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 From df4605bda6bf05fc05baa7d263f9dee64e8dd5f7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 20:59:51 +0200 Subject: [PATCH 112/162] flake: update --- flake.lock | 105 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 61 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index ea8e840..8a8da14 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1752743471, - "narHash": "sha256-4izhj1j7J4mE8LgljCXSIUDculqOsxxhdoC81VhqizM=", + "lastModified": 1753216019, + "narHash": "sha256-zik7WISrR1ks2l6T1MZqZHb/OqroHdJnSnAehkE0kCk=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "e31b575d19e7cf8a8f4398e2f9cffe27a1332506", + "rev": "be166e11d86ba4186db93e10c54a141058bdce49", "type": "github" }, "original": { @@ -235,11 +235,11 @@ ] }, "locked": { - "lastModified": 1753470191, - "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", + "lastModified": 1754263839, + "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", + "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", "type": "github" }, "original": { @@ -282,11 +282,11 @@ ] }, "locked": { - "lastModified": 1749155331, - "narHash": "sha256-XR9fsI0zwLiFWfqi/pdS/VD+YNorKb3XIykgTg4l1nA=", + "lastModified": 1753964049, + "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "45fcc10b4c282746d93ec406a740c43b48b4ef80", + "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1753523167, - "narHash": "sha256-DLVvtdF8zPmL+7dYubnMfK9IIITriecCg7ijLErUTg0=", + "lastModified": 1754254502, + "narHash": "sha256-uxfjGhR1BeD1lgPgPjIkcGxdWHOKA0+KoCTWfIsegLM=", "ref": "refs/heads/main", - "rev": "e1fff05d0db9c266679ec7ea1b5734c73d6b0a57", - "revCount": 6314, + "rev": "1b86d35f7ebc2c613f5ef6cba89dcd8d1ceedaa4", + "revCount": 6344, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -462,11 +462,11 @@ ] }, "locked": { - "lastModified": 1750371812, - "narHash": "sha256-D868K1dVEACw17elVxRgXC6hOxY+54wIEjURztDWLk8=", + "lastModified": 1753819801, + "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "b13c7481e37856f322177010bdf75fccacd1adc8", + "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", "type": "github" }, "original": { @@ -491,11 +491,11 @@ ] }, "locked": { - "lastModified": 1750371198, - "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=", + "lastModified": 1753622892, + "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "cee01452bca58d6cadb3224e21e370de8bc20f0b", + "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809", "type": "github" }, "original": { @@ -564,11 +564,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1753378338, - "narHash": "sha256-Ctk7zophp8obM/u9S2c8a6nOWV+VeIzq6ma+dI5BE3s=", + "lastModified": 1753819183, + "narHash": "sha256-KjuaXO9pdSHwpnsdj+TXqLDVZ8EhqfV5duSzIssBlzY=", "owner": "hyprwm", "repo": "hyprsunset", - "rev": "962f519df793ea804810b1ddebfc8a88b80a845c", + "rev": "233aaccdbdd20af848be3f30ab318342e28cd7e3", "type": "github" }, "original": { @@ -589,11 +589,11 @@ ] }, "locked": { - "lastModified": 1752252310, - "narHash": "sha256-06i1pIh6wb+sDeDmWlzuPwIdaFMxLlj1J9I5B9XqSeo=", + "lastModified": 1753800567, + "narHash": "sha256-W0xgXsaqGa/5/7IBzKNhf0+23MqGPymYYfqT7ECqeTE=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "bcabcbada90ed2aacb435dc09b91001819a6dc82", + "rev": "c65d41d4f4e6ded6fdb9d508a73e2fe90e55cdf7", "type": "github" }, "original": { @@ -759,11 +759,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754316476, + "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28", "type": "github" }, "original": { @@ -805,11 +805,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1753432016, - "narHash": "sha256-cnL5WWn/xkZoyH/03NNUS7QgW5vI7D1i74g48qplCvg=", + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6027c30c8e9810896b92429f0092f624f7b1aace", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", "type": "github" }, "original": { @@ -885,11 +885,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -933,11 +933,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1754214453, + "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "type": "github" }, "original": { @@ -993,11 +993,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1753530457, - "narHash": "sha256-ElI7ya0YQ07RMDEaF94bQe7Rmz4tr2pKYa+KdRchrEY=", + "lastModified": 1754319480, + "narHash": "sha256-Q2sQCiGrQ80bPdD2b8xrjKXEr+frwDP7Oa5LtgRqiy8=", "owner": "nix-community", "repo": "NUR", - "rev": "8c37eaf318485018b37efa1006af881c5c7f5616", + "rev": "4de6ec34385c2fdd449989fc3751586caaf1dc12", "type": "github" }, "original": { @@ -1066,7 +1066,8 @@ "nixpkgs": "nixpkgs_6", "nixvim": "nixvim", "nur": "nur", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "stablepkgs": "stablepkgs" } }, "rust-analyzer-src": { @@ -1104,6 +1105,22 @@ "type": "github" } }, + "stablepkgs": { + "locked": { + "lastModified": 1754292888, + "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, @@ -1192,11 +1209,11 @@ ] }, "locked": { - "lastModified": 1751300244, - "narHash": "sha256-PFuv1TZVYvQhha0ac53E3YgdtmLShrN0t4T6xqHl0jE=", + "lastModified": 1753633878, + "narHash": "sha256-js2sLRtsOUA/aT10OCDaTjO80yplqwOIaLUqEe0nMx0=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "6115f3fdcb2c1a57b4a80a69f3c797e47607b90a", + "rev": "371b96bd11ad2006ed4f21229dbd1be69bed3e8a", "type": "github" }, "original": { From 5e49a17aa563a8ae1a05a0ca56752c0d3e8f03ca Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 21:01:38 +0200 Subject: [PATCH 113/162] feat: adds syncthing ids --- modules/core/sops.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 1ec50d1..0ef4b58 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -25,10 +25,14 @@ else if (host == "sakura") then { "systemMailerPassword" = { }; + "dandelionSyncthingId" = { }; + "sakuraSyncthingId" = { }; } else if (host == "dandelion") then { "systemMailerPassword" = { }; + "dandelionSyncthingId" = { }; + "sakuraSyncthingId" = { }; } else { }; From 29521f8994aa2b5669583c42bf5411f9ee808964 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 21:02:01 +0200 Subject: [PATCH 114/162] chore: import `syncthing` on `dandelion` --- modules/services/dandelion.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/dandelion.nix b/modules/services/dandelion.nix index c11eff1..ec6d4a1 100644 --- a/modules/services/dandelion.nix +++ b/modules/services/dandelion.nix @@ -7,6 +7,7 @@ ++ [ (import ./home-assistant.nix) ] ++ [ (import ./monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ] + ++ [ (import ./syncthing.nix) ] ++ [ (import ./tailscale.nix) ] ++ [ (import ./nfs.nix) ] ++ [ (import ./hd-idle.nix) ]; From ac6f4b4fcd11366ed664450ef658779371996214 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 21:47:13 +0200 Subject: [PATCH 115/162] feat: add static ip for 40gbit nic --- hosts/yoshino/default.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/hosts/yoshino/default.nix b/hosts/yoshino/default.nix index f61d5b5..da4ee92 100644 --- a/hosts/yoshino/default.nix +++ b/hosts/yoshino/default.nix @@ -20,6 +20,24 @@ cpuFreqGovernor = lib.mkDefault "performance"; }; + networking = { + hostName = "yoshino"; + networkmanager.enable = true; + }; + + systemd.network.networks."99-local" = { + matchConfig.name = "enp68s0"; + address = [ + "192.168.1.100/24" + ]; + routes = [ + { + Gateway = "172.16.10.1"; + GatewayOnLink = false; + } + ]; + }; + liv = { desktop.enable = true; creative.enable = true; @@ -28,11 +46,6 @@ gui.enable = true; }; - networking = { - hostName = "yoshino"; - networkmanager.enable = true; - }; - boot = { kernelParams = [ ]; kernelModules = [ "acpi_call" ]; From d35ded419e3d4aaed6e5c83468a6e25ebc84ff41 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 21:48:15 +0200 Subject: [PATCH 116/162] feat: open all ports on 40gbit nic as its a local link --- hosts/dandelion/default.nix | 39 +++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 70aae74..511be93 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -16,8 +16,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups ]; - networking.hostName = "dandelion"; - liv.server.enable = true; nixpkgs.config.permittedInsecurePackages = [ @@ -27,8 +25,34 @@ time.timeZone = "Europe/Amsterdam"; + networking = { + hostName = "dandelion"; + firewall = { + allowedTCPPorts = [ + 5201 + ]; + allowedUDPPorts = [ + 5201 + ]; + interfaces."ens4s1".allowedTCPPorts = [ + # allow everything for local link + { + from = 1; + to = 65354; + } + ]; + interfaces."ens4s1".allowedUDPPorts = [ + # allow everything for local link + { + from = 1; + to = 65354; + } + ]; + }; + }; + systemd.network.networks."99-local" = { - matchConfig.name = "ens3s1"; + matchConfig.name = "ens4s1"; address = [ "192.168.1.100/24" ]; @@ -40,15 +64,6 @@ ]; }; - networking.firewall = { - allowedTCPPorts = [ - 5201 - ]; - allowedUDPPorts = [ - 5201 - ]; - }; - environment.systemPackages = with pkgs; [ kitty.terminfo zfs From d9380699ddf6ac5dd6854db87e742f911eca8e92 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 21:49:08 +0200 Subject: [PATCH 117/162] feat: adds `mpd` for `yoshino` --- hosts/yoshino/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/yoshino/default.nix b/hosts/yoshino/default.nix index da4ee92..94a9e67 100644 --- a/hosts/yoshino/default.nix +++ b/hosts/yoshino/default.nix @@ -12,6 +12,7 @@ # ./../../modules/home/nfs.nix ./../../modules/core/virtualization.nix ./../../modules/services/tailscale.nix + ./../../modules/services/mpd.nix ]; powerManagement = { From 5a3a3b0cd5a3d383121508428928893e051067b1 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 5 Aug 2025 21:50:31 +0200 Subject: [PATCH 118/162] chore: remove old setting that no longer has any effect --- modules/core/services.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/services.nix b/modules/core/services.nix index 8ec1b02..0020bf2 100644 --- a/modules/core/services.nix +++ b/modules/core/services.nix @@ -9,5 +9,5 @@ ''; # To prevent getting stuck at shutdown. - systemd.extraConfig = "DefaultTimeoutStopSec=10s"; + # systemd.extraConfig = "DefaultTimeoutStopSec=10s"; # Deprecated now } From b68a9d133daff21777cbcfbf9285be9896ce5988 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 6 Aug 2025 13:34:08 +0200 Subject: [PATCH 119/162] feat: adds macaddress and import `syncthing` --- hosts/sakura/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 0d48a0b..1c150ac 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -12,6 +12,7 @@ ./../../modules/core/virtualization.nix ./../../modules/services/tailscale.nix ./../../modules/services/mpd.nix + ./../../modules/services/syncthing.nix ./../../modules/services/smart-monitoring.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; @@ -46,7 +47,10 @@ # Disable light sensors and accelerometers as they are not used and consume extra battery hardware.sensor.iio.enable = lib.mkForce false; - networking.hostName = "sakura"; + networking = { + hostName = "sakura"; + networkmanager.ethernet.macAddress = "13:37:13:37:13:37"; + }; powerManagement = { enable = true; From e65fdd653763a48e524407af4791ab4dc977a29f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 6 Aug 2025 13:34:29 +0200 Subject: [PATCH 120/162] flake: update --- flake.lock | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 8a8da14..947571b 100644 --- a/flake.lock +++ b/flake.lock @@ -1066,8 +1066,7 @@ "nixpkgs": "nixpkgs_6", "nixvim": "nixvim", "nur": "nur", - "sops-nix": "sops-nix", - "stablepkgs": "stablepkgs" + "sops-nix": "sops-nix" } }, "rust-analyzer-src": { @@ -1105,22 +1104,6 @@ "type": "github" } }, - "stablepkgs": { - "locked": { - "lastModified": 1754292888, - "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1689347949, From 970e9edecc828bff3b2d49e14a22fa3192a21cc2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 7 Aug 2025 13:33:58 +0200 Subject: [PATCH 121/162] chore: allow port `5201` --- hosts/violet/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/violet/default.nix b/hosts/violet/default.nix index bc15f41..d361648 100644 --- a/hosts/violet/default.nix +++ b/hosts/violet/default.nix @@ -38,6 +38,10 @@ 80 443 25565 + 5201 + ]; + allowedUDPPorts = [ + 5201 ]; }; From 90fd076356e4bc9edc67ca83d51be287939267b1 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 7 Aug 2025 13:40:41 +0200 Subject: [PATCH 122/162] chore: secrets --- secrets/violet/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 2d64eda..64f39ae 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -1,6 +1,7 @@ systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] +minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -21,7 +22,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-30T12:37:11Z" - mac: ENC[AES256_GCM,data:pGnJaFRqa3sjouALSjy8+ClhqE+RNR4b5SMLKB356WtnHtALrGnd/RzPTMyLLTOht1td1Fk5jY8WoUy225qqfI1yy0Mne+qtnFqd9++XTmiY1b7ARBeNvvM/mMuZyp34Mz8WLx+imrLcX6TAlpRZ/SWtv5BE9nleHCwpNvFpqfc=,iv:q8bKIFQd6dRSDBk3qhipOK0E/4NZgIcVCo4Mwu9Ddf8=,tag:JjL3sFxSMx4dp1Swt2lbvg==,type:str] + lastmodified: "2025-08-06T12:33:06Z" + mac: ENC[AES256_GCM,data:9U5QLQrk+61pIgfWSC468m7url0GGztamVlu0D74hSOf8iyLHiL1RHIKuB9t8Dk5bIGruVQE2zN8TZIHzktMofc1arSP69Zxl41EGNCyrm2uAyEguQelxZzRb/7bNe/Kkm6oLN1fQ8TJ1t7nyiTQCdbhl/wFZwSZxGemv7t8hKI=,iv:AEvP5cdOl0dX3o/0Zoy8112rqhE0cKNX8B5lyFEe6f4=,tag:LRqM5L3DB4Tyhe++4Hcqcw==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 24fa9dbc9f7ccd079806cdaf64cf6151ad9b1b5f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 7 Aug 2025 13:41:11 +0200 Subject: [PATCH 123/162] chore: comply with new `forgejo` namings --- modules/services/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 8291bcc..a2dc10e 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -39,7 +39,7 @@ in USER = config.liv.variables.senderEmail; }; }; - mailerPasswordFile = config.sops.secrets.systemMailerPassword.path; + secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path; }; gitea-actions-runner = { package = pkgs.forgejo-runner; From b9e9c239fb59ec6dea5c792a23e1bd0ce650682f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 7 Aug 2025 13:41:26 +0200 Subject: [PATCH 124/162] chore: secrets --- modules/core/sops.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 0ef4b58..e457888 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -18,6 +18,7 @@ { "systemMailerPassword" = { }; "forgejoWorkerSecret" = { }; + "minioRootCredentials" = { }; "matrixRegistrationSecret" = { owner = "matrix-synapse"; }; From 33df54268cfec77af2ab99501b3af9ccac7b254c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 9 Aug 2025 20:00:25 +0200 Subject: [PATCH 125/162] chore: adds ssh keys for `posy` to `dandelion` --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 511be93..7349609 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -14,6 +14,7 @@ users.users.liv.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi8gt51xGRzLSqaNr1LKSdrJ0VHps8U8FME71YCrs6K liv@posy" # allow posy to log in over ssh to mount music folder ]; liv.server.enable = true; From d6f7d1b303708e92ac76c85ad8e59cde5ebaf41b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 11 Aug 2025 22:27:43 +0200 Subject: [PATCH 126/162] flake: update --- flake.lock | 68 +++++++++++++++++++++++++++--------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index 947571b..ea2838d 100644 --- a/flake.lock +++ b/flake.lock @@ -98,11 +98,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -235,11 +235,11 @@ ] }, "locked": { - "lastModified": 1754263839, - "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", + "lastModified": 1754924470, + "narHash": "sha256-asI/or9AcUMydwzodCgpHGytnMSNUlciw3uaycpXm4E=", "owner": "nix-community", "repo": "home-manager", - "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", + "rev": "67393957c27b4e4c6c48a60108a201413ced7800", "type": "github" }, "original": { @@ -311,11 +311,11 @@ ] }, "locked": { - "lastModified": 1752149140, - "narHash": "sha256-gbh1HL98Fdqu0jJIWN4OJQN7Kkth7+rbkFpSZLm/62A=", + "lastModified": 1754305013, + "narHash": "sha256-u+M2f0Xf1lVHzIPQ7DsNCDkM1NYxykOSsRr4t3TbSM4=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "340494a38b5ec453dfc542c6226481f736cc8a9a", + "rev": "4c1d63a0f22135db123fc789f174b89544c6ec2d", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1754254502, - "narHash": "sha256-uxfjGhR1BeD1lgPgPjIkcGxdWHOKA0+KoCTWfIsegLM=", + "lastModified": 1754935293, + "narHash": "sha256-aLnHm/FPjPR8Flv8ixBk+bmd10A8BZvtLe2i9WTzNfU=", "ref": "refs/heads/main", - "rev": "1b86d35f7ebc2c613f5ef6cba89dcd8d1ceedaa4", - "revCount": 6344, + "rev": "cb6589db98325705cef5dcaf92ccdf41ab21386d", + "revCount": 6358, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -589,11 +589,11 @@ ] }, "locked": { - "lastModified": 1753800567, - "narHash": "sha256-W0xgXsaqGa/5/7IBzKNhf0+23MqGPymYYfqT7ECqeTE=", + "lastModified": 1754481650, + "narHash": "sha256-6u6HdEFJh5gY6VfyMQbhP7zDdVcqOrCDTkbiHJmAtMI=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "c65d41d4f4e6ded6fdb9d508a73e2fe90e55cdf7", + "rev": "df6b8820c4a0835d83d0c7c7be86fbc555f1f7fd", "type": "github" }, "original": { @@ -759,11 +759,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754316476, - "narHash": "sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w=", + "lastModified": 1754564048, + "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "9368056b73efb46eb14fd4667b99e0f81b805f28", + "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", "type": "github" }, "original": { @@ -885,11 +885,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1754214453, - "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { @@ -933,11 +933,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1754214453, - "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { @@ -993,11 +993,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1754319480, - "narHash": "sha256-Q2sQCiGrQ80bPdD2b8xrjKXEr+frwDP7Oa5LtgRqiy8=", + "lastModified": 1754935554, + "narHash": "sha256-5qa0fxwxmrNCiKqdfXKx8t4tn9E0aenG8IZcWFV/Jco=", "owner": "nix-community", "repo": "NUR", - "rev": "4de6ec34385c2fdd449989fc3751586caaf1dc12", + "rev": "ac764b3412faeed1a37c7d21f30bc0fbe547f773", "type": "github" }, "original": { @@ -1040,11 +1040,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754328224, + "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", "type": "github" }, "original": { From 64d4cc9607aa0e4f58a248c7716965b046dd810d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 13:46:27 +0200 Subject: [PATCH 127/162] feat: add own overlay again; unblock libsoup as something required that?? --- modules/core/system.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/core/system.nix b/modules/core/system.nix index 71ecb33..664a91a 100644 --- a/modules/core/system.nix +++ b/modules/core/system.nix @@ -29,18 +29,19 @@ libraries = with pkgs; [ ]; }; - # nixpkgs = { - # overlays = [ - # self.overlays.default - # inputs.nur.overlay - # ]; - # }; + nixpkgs = { + overlays = [ + self.overlays.default + # inputs.nur.overlay + ]; + }; nixpkgs.config = { allowUnfree = true; permittedInsecurePackages = [ "jitsi-meet-1.0.8043" "olm-3.2.16" + "libsoup-2.74.3" ]; overlays = [ self.overlays.default From 071540b706815cec186c90a4d26a3c691c721469 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 13:46:49 +0200 Subject: [PATCH 128/162] feat: adds pywal-16 to hyprland configuration --- modules/home/hyprland/config.nix | 1 + modules/home/scripts/scripts/setbg | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index 5452bb1..b538f0c 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -8,6 +8,7 @@ pkgs.noto-fonts-emoji pkgs.swww pkgs.swaylock + pkgs.pywal16 ]; gtk = { diff --git a/modules/home/scripts/scripts/setbg b/modules/home/scripts/scripts/setbg index c0e7277..e796894 100644 --- a/modules/home/scripts/scripts/setbg +++ b/modules/home/scripts/scripts/setbg @@ -1,4 +1,5 @@ #!/usr/bin/env bash magick convert "$1" ~/.local/share/bg.png +wal -i "$1" swww img ~/.local/share/bg.png --transition-type fade From 16fee5870550cbbbc83c30305765d6f0d1e05f8e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:21:06 +0200 Subject: [PATCH 129/162] feat: adds back overlays and adds `nix-search-fzf` stolen from this file: https://github.com/IvarWithoutBones/dotfiles/blob/main/home-manager/modules/zsh.nix#L65 --- overlays/default.nix | 2 +- pkgs/nix-search-fzf/default.nix | 50 ++++++++ pkgs/nix-search-fzf/fzf-preview.sh | 73 ++++++++++++ pkgs/nix-search-fzf/nix-search-fzf.sh | 161 ++++++++++++++++++++++++++ 4 files changed, 285 insertions(+), 1 deletion(-) create mode 100644 pkgs/nix-search-fzf/default.nix create mode 100644 pkgs/nix-search-fzf/fzf-preview.sh create mode 100644 pkgs/nix-search-fzf/nix-search-fzf.sh diff --git a/overlays/default.nix b/overlays/default.nix index 29457b4..9086c35 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,3 +1,3 @@ { - addition = final: _: import ../pkgs { pkgs = final; }; + addition = final: _: import ../pkgs/default.nix { pkgs = final; }; } diff --git a/pkgs/nix-search-fzf/default.nix b/pkgs/nix-search-fzf/default.nix new file mode 100644 index 0000000..63e4a37 --- /dev/null +++ b/pkgs/nix-search-fzf/default.nix @@ -0,0 +1,50 @@ +{ + createScript, + replaceVars, + gnused, + jq, + fzf, + nix, + coreutils, + bash, + nix-search-fzf, + writeShellScript, +}: + +let + previewText = createScript "fzf-preview" ./fzf-preview.sh { }; + src = replaceVars ./nix-search-fzf.sh { + previewText = "${previewText}/bin/fzf-preview"; + }; +in +createScript "nix-search-fzf" src { + dependencies = [ + gnused + jq + fzf + nix + coreutils + bash + ]; + + # Enter a 'nix shell' with packages selected by this script + passthru.zsh-shell-widget = writeShellScript "nix-search-fzf-shell-widget" '' + nix-search-fzf-shell-widget() { + setopt localoptions pipefail no_aliases 2> /dev/null + local cmd="$(eval "${nix-search-fzf}/bin/nix-search-fzf -c")" + if [[ -z "$cmd" ]]; then + zle redisplay + return 0 + fi + zle push-line + BUFFER="''${cmd}" + zle accept-line + local ret=$? + unset cmd + zle reset-prompt + return $ret + } + ''; + + meta.description = "a wrapper around 'nix {run,shell,edit}' with autocomplete using fzf"; +} diff --git a/pkgs/nix-search-fzf/fzf-preview.sh b/pkgs/nix-search-fzf/fzf-preview.sh new file mode 100644 index 0000000..fabdc12 --- /dev/null +++ b/pkgs/nix-search-fzf/fzf-preview.sh @@ -0,0 +1,73 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p +# shellcheck shell=bash + +set -euo pipefail + +PKG_NAME="$1" +FLAKE="$2" +FLAKE_PATH="${FLAKE}#${PKG_NAME}" + +removeQuotes() { + local flag="$*" + flag="${flag%\"}" + echo "${flag#\"}" +} + +newlinesToCommaSeperated() { + echo "$@" | sed ':a;N;$!ba;s/\n/, /g' +} + +evalAttr() { + local attr data + attr="$1" + data="$(nix eval "$FLAKE_PATH"."$attr" 2>/dev/null)" + [[ $data != "null" && $data != "false" && -n $data ]] && removeQuotes "$data" +} + +evalJsonAttr() { + local attr jqArgs data + attr="$1" + jqArgs="$2" + data="$(nix eval --json "$FLAKE_PATH"."$attr" 2>/dev/null | jq -r "$jqArgs")" + [[ $data != "null" && -n $data ]] && echo "$data" +} + +evalNixpkgsLib() { + local function data + function="$1" + # Impure is needed to import the flake reference + data="$(nix eval --raw --impure --expr "let pkgs = (builtins.getFlake \"flake:$FLAKE\"); in pkgs.lib.$function pkgs.$PKG_NAME" 2>/dev/null)" + [[ $data != "null" && -n $data ]] && echo "$data" +} + +maybeEcho() { + local -r prefix="$1" + local flag="$2" + local -r commaSeperated="${3:-false}" + [[ $commaSeperated == "true" ]] && flag="$(newlinesToCommaSeperated "$flag")" + test -n "$flag" && echo "$prefix $flag" +} + +test -n "$(evalAttr "meta.broken")" && echo "broken: true" +test -n "$(evalAttr "meta.insecure")" && echo "insecure: true" + +version="$(evalAttr "version")" +# Derive the version from "name" using 'lib.getVersion' if it's not set +test -z "$version" && version="$(evalNixpkgsLib "getVersion")" +maybeEcho "version:" "$version" + +homepage="$(evalAttr "meta.homepage")" +maybeEcho "homepage:" "$homepage" + +description="$(evalAttr "meta.description")" +maybeEcho "description:" "$description" + +license="$(evalJsonAttr "meta.license" 'if type=="array" then .[].fullName else .fullName end')" +maybeEcho "license:" "$license" true + +maintainers="$(evalJsonAttr "meta.maintainers" '.[].github')" +maybeEcho "maintainers:" "$maintainers" true + +platforms="$(evalJsonAttr "meta.platforms" 'if type=="array" then .[] else . end')" +maybeEcho "platforms:" "$platforms" true diff --git a/pkgs/nix-search-fzf/nix-search-fzf.sh b/pkgs/nix-search-fzf/nix-search-fzf.sh new file mode 100644 index 0000000..b7a3036 --- /dev/null +++ b/pkgs/nix-search-fzf/nix-search-fzf.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env bash + +# An fzf script with autocomplete from "nix search" which allows for interactive fuzzy searching of derivations. +# After the search a nix subcommand is executed on the selected derivation(s), e.g. "nix shell" or "nix run". + +set -eou pipefail + +FLAKE="nixpkgs" # The default flake to use. TODO: make this configurable +NIX_SUBCOMMAND="shell" # The default nix subcommand to execute +MULTIPLE_SELECTION=true # Whether to allow the user to select multiple derivations +PRINT_COMMAND=false # Only print the command that would be executed, don't execute it + +if [ -n "${XDG_CACHE_HOME-}" ]; then + CACHE_PATH="$XDG_CACHE_HOME/nix-search-fzf/cache.txt" +else + CACHE_PATH="$HOME/.cache/nix-search-fzf/cache.txt" +fi + +# Because fzf executes commands from keybindings in a subprocess, we cannot directly change this scripts state. +# Instead we can use a temporary file as an IPC mechanism, to change which subcommand to execute. +TMP_FILE="$(mktemp --dry-run --suffix "-nix-search-fzf")" +trap 'rm -f "$TMP_FILE"' EXIT INT TERM + +handleArguments() { + while (("$#" > 0)); do + case "$1" in + -s | shell | --shell) + NIX_SUBCOMMAND="shell" + ;; + -b | build | --build) + NIX_SUBCOMMAND="build" + ;; + -r | run | --run) + NIX_SUBCOMMAND="run" + MULTIPLE_SELECTION=false + ;; + -e | edit | --edit) + NIX_SUBCOMMAND="edit" + MULTIPLE_SELECTION=false + ;; + -c | command | --command) + PRINT_COMMAND=true + ;; + -u | update | --update) + manageCache true + exit + ;; + -h | help | --help) + echo "Usage: $(basename "$0") [--shell|--build|--run|--edit|--update]" + echo " --shell: enter a nix shell with the selected package(s). This is the default" + echo " --build: build the selected package(s) with nix build" + echo " --run: run the selected package with nix run" + echo " --edit: edit the selected package with nix edit" + echo " --command: only print the command that would be executed, don't execute it" + echo " --update: update the nix search cache, this is done automatically every 10 days" + echo " --help: show this help message" + exit 0 + ;; + *) + echo "Unknown option '$1'" + exit 1 + ;; + esac + shift 1 + done +} + +runColored() { + printf "\e[32m\$ %s\n\e[0m" "$1" + eval "$1" +} + +manageCache() { + local doUpdate="${1:-false}" + mkdir -p "$(dirname "$CACHE_PATH")" + + if [ ! -f "$CACHE_PATH" ] || [ ! -s "$CACHE_PATH" ]; then + doUpdate="true" + echo "attribute path cache does not exist, generating..." >&2 + elif (($(date -r "$CACHE_PATH" +%s) < $(date -d "now - 10 days" +%s))); then + doUpdate="true" + echo "cache file is older than 10 days, updating..." >&2 + fi + + if [ "$doUpdate" == "true" ]; then + echo "caching attribute paths..." >&2 + # Create a list of all attribute paths with "legacyPackages.$arch" stripped + # In the future this could contain metadata as well, doing a "nix-eval" for each is not the fastest + nix search "$FLAKE" "^" --quiet --json | jq -r 'keys[]' | cut -d'.' -f3- >"$CACHE_PATH" + echo "successfully generated attribute path cache" >&2 + fi +} + +fzfBindingFlag() { + local tmpFile="$1" + local -A bindings=( + ["shell"]="ctrl-s" + ["build"]="ctrl-b" + ["edit"]="ctrl-e" + ["run"]="ctrl-r" + ) + + local result="--bind=" + for subCommand in "${!bindings[@]}"; do + local binding="${bindings[$subCommand]}" + # When pressed, write the appropriate command to our temporary IPC file, and change the prompt accordingly + result+="$binding:execute-silent(echo $subCommand > $tmpFile)+change-prompt($subCommand > )," + done + echo "${result%,}" +} + +runFzf() { + local multi_flag + if [ "$MULTIPLE_SELECTION" == true ]; then + multi_flag="--multi" + else + multi_flag="--no-multi" + fi + + fzf "$multi_flag" \ + --height 40% \ + --preview-window right,70% \ + --border rounded \ + --prompt "$NIX_SUBCOMMAND > " \ + --preview "bash -c \"@previewText@ {} $FLAKE\"" \ + "$(fzfBindingFlag "$TMP_FILE")" <"$CACHE_PATH" +} + +runNix() { + local packages selectedPkgs command + readarray -t selectedPkgs <<<"$@" + ((${#selectedPkgs[@]} == 0)) && exit 0 + + if [ "$MULTIPLE_SELECTION" == true ] && ((${#selectedPkgs[@]} > 1)); then + # Build a brace expansion string + local pkg_list="{" + for pkg in "${selectedPkgs[@]}"; do + pkg_list+="$pkg," + done + packages="${pkg_list%,}}" + else + packages="${selectedPkgs[0]}" + fi + + ((${#packages} == 0)) && exit 0 + + # Update what subcommand to execute, in case it was changed by a keybinding from fzf + [ -s "$TMP_FILE" ] && NIX_SUBCOMMAND="$(<"$TMP_FILE")" + + command="NIXPKGS_ALLOW_UNFREE=1 nix $NIX_SUBCOMMAND $FLAKE#$packages --impure" + if [ "$PRINT_COMMAND" == true ]; then + echo "$command" + exit 0 + else + runColored "$command" + fi +} + +handleArguments "$@" +manageCache +runNix "$(runFzf)" From a57b3e0102353b8e0c8a703d694b57978abe9d95 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:21:25 +0200 Subject: [PATCH 130/162] fix: actually import `nix-search-fzf` --- pkgs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index ec41d4e..7950850 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,5 @@ -{ pkgs } : +{ pkgs }: { wikit = pkgs.callPackage ./wikit/default.nix { }; + nix-search-fzf = pkgs.callPackage ./nix-search-fzf/default.nix { }; } From 5e7744d9d022fc1261940197639e503e98511003 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:22:44 +0200 Subject: [PATCH 131/162] feat: adds more qol changes such as dust/fd/delta/bat/nix-search-fzf --- modules/home/zsh.nix | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 35d8bb5..8a4e5de 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -3,6 +3,7 @@ config, pkgs, host, + lib, ... }: { @@ -46,6 +47,8 @@ }; initContent = '' + export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" + autoload -U add-zsh-hook autoload -U compinit zmodload zsh/complist @@ -135,7 +138,11 @@ fi } - export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" + # Enter a 'nix shell' with packages selected by fzf + source ${pkgs.nix-search-fzf.zsh-shell-widget} + zle -N nix-search-fzf-shell-widget + bindkey '^O' nix-search-fzf-shell-widget + # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then # alias imv="sxiv" @@ -149,7 +156,6 @@ enable = true; abbreviations = { mkdir = "mkdir -p"; - mv = "mv --interactive"; vim = "nvim"; v = "nvim"; vi = "nvim"; @@ -198,13 +204,19 @@ yt-dlp-audio = "yt-dlp -f 'ba' -x --audio-format mp3"; open = "xdg-open"; tree = "eza --icons --tree --group-directories-first"; - # nvim = "nix run /home/liv/Development/nixvim --"; - vim = "nvim"; doas = "sudo"; sxiv = "nsxiv"; enby = "man"; woman = "man"; mkcd = "mkdir $1 && cd $1"; + du = "dust"; + cp = "cp -i -v"; + mv = "mv -i -v"; + rm = "rm -i -v"; + cat = "${lib.getExe pkgs.bat} --plain"; + diff = "${lib.getExe pkgs.delta} --color-only"; + battery-left = "${lib.getExe pkgs.acpi} | cut -d' ' -f5"; + github-actions = "${lib.getExe pkgs.act} -s GITHUB_TOKEN=\"$(${lib.getExe pkgs.github-cli} auth token)\""; # NixOS ns = "nix-shell --run zsh"; @@ -249,4 +261,11 @@ enableZshIntegration = true; }; }; + home.packages = with pkgs; [ + dust + fd + delta + bat + nix-search-fzf.zsh-shell-widget + ]; } From ff1c9f7c63d3d4489d02cf23171b37b9a39090e9 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:25:36 +0200 Subject: [PATCH 132/162] chore: `delta` is now located elsewhere --- modules/home/packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 9fa833f..34db02f 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -62,7 +62,6 @@ reader nmap speedtest-go - delta powertop android-tools sshpass From 7b223abb1237c41edb068b205dee87d9a1c636e6 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:27:31 +0200 Subject: [PATCH 133/162] revert: okay this breaks everything --- hosts/sakura/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 1c150ac..3413bf8 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -49,7 +49,7 @@ networking = { hostName = "sakura"; - networkmanager.ethernet.macAddress = "13:37:13:37:13:37"; + # networkmanager.ethernet.macAddress = "13:37:6a:8a:ed:a4"; }; powerManagement = { From c9757d7585ecbb0d63bab0fe033ead114ee557ea Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:50:27 +0200 Subject: [PATCH 134/162] chore: remove wikit as it is a native package now --- pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 7950850..6b1c5d1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,5 @@ { pkgs }: { - wikit = pkgs.callPackage ./wikit/default.nix { }; + # wikit = pkgs.callPackage ./wikit/default.nix { }; nix-search-fzf = pkgs.callPackage ./nix-search-fzf/default.nix { }; } From c92ad2008dee49b13c59478a2d2ac05bdc211be5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 15:50:42 +0200 Subject: [PATCH 135/162] chore: remove wikit as it is a native package now (part 2) --- pkgs/wikit/default.nix | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 pkgs/wikit/default.nix diff --git a/pkgs/wikit/default.nix b/pkgs/wikit/default.nix deleted file mode 100644 index fa9ab39..0000000 --- a/pkgs/wikit/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ... }: -with lib; -let - src = fetchFromGitHub { - owner = "KorySchneider"; - repo = "wikit"; - rev = "6432c6020606868cc5f240d0317040e38b992292"; - }; -in { - wikit = mkYarnPackage { - name = "wikit"; - inherit src; - packageJSON = src + "./package.json"; - yarnLock = src + "./yarn.lock"; - }; -} From 1e931d68767e238007af88578d29520455f4866d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 16:17:40 +0200 Subject: [PATCH 136/162] chore: got mad at syncthing --- hosts/sakura/default.nix | 1 - modules/services/dandelion.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 3413bf8..41fb1a0 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -12,7 +12,6 @@ ./../../modules/core/virtualization.nix ./../../modules/services/tailscale.nix ./../../modules/services/mpd.nix - ./../../modules/services/syncthing.nix ./../../modules/services/smart-monitoring.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; diff --git a/modules/services/dandelion.nix b/modules/services/dandelion.nix index ec6d4a1..c11eff1 100644 --- a/modules/services/dandelion.nix +++ b/modules/services/dandelion.nix @@ -7,7 +7,6 @@ ++ [ (import ./home-assistant.nix) ] ++ [ (import ./monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ] - ++ [ (import ./syncthing.nix) ] ++ [ (import ./tailscale.nix) ] ++ [ (import ./nfs.nix) ] ++ [ (import ./hd-idle.nix) ]; From e9c413994f4117c1e8f8696955dbacc3f18922d6 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 16:18:16 +0200 Subject: [PATCH 137/162] feat: add `createScript` wrapper also stolen from @ivarwithoutbones --- pkgs/createScript/default.nix | 40 +++++++++++++++++++++++++++++++++++ pkgs/default.nix | 2 +- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 pkgs/createScript/default.nix diff --git a/pkgs/createScript/default.nix b/pkgs/createScript/default.nix new file mode 100644 index 0000000..f69f894 --- /dev/null +++ b/pkgs/createScript/default.nix @@ -0,0 +1,40 @@ +{ + lib, + runCommand, + makeWrapper, +}: + +# A function which creates a shell script with optional dependencies added to PATH. + +name: src: +{ + dependencies ? [ ], + ... +}@attrs: + +runCommand name + ( + { + inherit src; + nativeBuildInputs = lib.optionals (dependencies != [ ]) (attrs.nativeBuildInputs or [ ]) ++ [ + makeWrapper + ]; + + meta = { + mainProgram = name; + } // attrs.meta or { }; + } + // (builtins.removeAttrs attrs [ + "nativeBuildInputs" + "meta" + ]) + ) + '' + mkdir -p $out/bin + install -Dm755 $src $out/bin/$name + patchShebangs $out/bin/$name + + ${lib.optionalString (dependencies != [ ]) '' + wrapProgram $out/bin/$name --prefix PATH : ${lib.makeBinPath dependencies} + ''} + '' diff --git a/pkgs/default.nix b/pkgs/default.nix index 6b1c5d1..7d89d6c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,5 @@ { pkgs }: { - # wikit = pkgs.callPackage ./wikit/default.nix { }; + createScript = pkgs.callPackage ./createScript/default.nix { }; nix-search-fzf = pkgs.callPackage ./nix-search-fzf/default.nix { }; } From bce1448454d3abf22a03181f1466d0b2f3e1696e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 16:21:02 +0200 Subject: [PATCH 138/162] chore: credit ivar as well! --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c42c555..56c28ba 100644 --- a/README.md +++ b/README.md @@ -161,6 +161,7 @@ toggle_oppacity.sh Other dotfiles that I learned / copy from: - [Frost-Phoenix/nixos-config](https://github.com/Frost-Phoenix/nixos-config): This is the repository that I cloned and changed to my needs. Their credits are in their repository's readme. +- [IvarWithoutBones/dotfiles](https://github.com/IvarWithoutBones/dotfiles) - [notthebee/nix-config](https://github.com/notthebee/nix-config) - [mrusme/dotfiles](https://github.com/mrusme/dotfiles) From d4ba9c5552bb2070de98377c9a869050091813f1 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 12 Aug 2025 16:30:09 +0200 Subject: [PATCH 139/162] chore: adds sshfs (and niri, need to move away from hyprland as it sucks) --- roles/gui.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/gui.nix b/roles/gui.nix index 387ed07..de10ee3 100644 --- a/roles/gui.nix +++ b/roles/gui.nix @@ -49,6 +49,10 @@ in # Not GUI but specific to GUI usage sshuttle + sshfs + + # try out for a bit + niri ]; }; } From 0d871a7411828a223d78b7170ad2e43c3a902867 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 13 Aug 2025 13:28:32 +0200 Subject: [PATCH 140/162] fix: `writeShellScript` -> `writeShellScriptBin`: allow for adding to env --- pkgs/nix-search-fzf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/nix-search-fzf/default.nix b/pkgs/nix-search-fzf/default.nix index 63e4a37..d9116fd 100644 --- a/pkgs/nix-search-fzf/default.nix +++ b/pkgs/nix-search-fzf/default.nix @@ -8,7 +8,7 @@ coreutils, bash, nix-search-fzf, - writeShellScript, + writeShellScriptBin, }: let @@ -28,7 +28,7 @@ createScript "nix-search-fzf" src { ]; # Enter a 'nix shell' with packages selected by this script - passthru.zsh-shell-widget = writeShellScript "nix-search-fzf-shell-widget" '' + passthru.zsh-shell-widget = writeShellScriptBin "nix-search-fzf-shell-widget" '' nix-search-fzf-shell-widget() { setopt localoptions pipefail no_aliases 2> /dev/null local cmd="$(eval "${nix-search-fzf}/bin/nix-search-fzf -c")" From 4891753215555b30d88f170539adabc7a9ece806 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 13 Aug 2025 13:30:03 +0200 Subject: [PATCH 141/162] feat: set better vi-mode; adds `nix-search-fzf`; fix: unbork `syntax-highlighting` --- modules/home/zsh.nix | 60 +++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 8a4e5de..0408d7f 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -12,18 +12,21 @@ enable = true; autocd = true; autosuggestion.enable = true; - syntaxHighlighting = { - enable = true; - highlighters = [ - "main" - "brackets" - "pattern" - "regexp" - "cursor" - "root" - "line" - ]; - }; + #syntaxHighlighting = { + # enable = true; + # highlighters = [ + # "main" + # "brackets" + # "pattern" + # "regexp" + # "cursor" + # "root" + # "line" + # ]; + #}; + + defaultKeymap = "viins"; + enableCompletion = true; # enableGlobalCompInit = true; # Should be a thing according to NixOS options but is not a thing? @@ -44,6 +47,7 @@ SAVEHIST = 10000000; HISTFILE = "~/.zsh_history"; HISTORY_SUBSTRING_SEARCH_ENSURE_UNIQUE = 1; + KEYTIMEOUT = 1; # make Vi-mode transitions faster }; initContent = '' @@ -139,7 +143,7 @@ } # Enter a 'nix shell' with packages selected by fzf - source ${pkgs.nix-search-fzf.zsh-shell-widget} + source ${pkgs.nix-search-fzf.zsh-shell-widget}/bin/nix-search-fzf-shell-widget zle -N nix-search-fzf-shell-widget bindkey '^O' nix-search-fzf-shell-widget @@ -228,16 +232,16 @@ }; plugins = with pkgs; [ - #{ - # name = "zsh-syntax-highlighting"; - # src = fetchFromGitHub { - # owner = "zsh-users"; - # repo = "zsh-syntax-highlighting"; - # rev = "0.6.0"; - # sha256 = "0zmq66dzasmr5pwribyh4kbkk23jxbpdw4rjxx0i7dx8jjp2lzl4"; - # }; - # file = "zsh-syntax-highlighting.zsh"; - #} + { + name = "zsh-syntax-highlighting"; + src = fetchFromGitHub { + owner = "zsh-users"; + repo = "zsh-syntax-highlighting"; + rev = "0.6.0"; + sha256 = "0zmq66dzasmr5pwribyh4kbkk23jxbpdw4rjxx0i7dx8jjp2lzl4"; + }; + file = "zsh-syntax-highlighting.zsh"; + } { name = "zsh-autopair"; src = fetchFromGitHub { @@ -248,6 +252,16 @@ }; file = "autopair.zsh"; } + { + name = "zsh-vi-mode"; + file = "zsh-vi-mode.plugin.zsh"; + src = pkgs.fetchFromGitHub { + owner = "jeffreytse"; + repo = "zsh-vi-mode"; + rev = "3eeca1bc6db172edee5a2ca13d9ff588b305b455"; + sha256 = "0na6b5b46k4473c53mv1wkb009i6b592gxpjq94bdnlz1kkcqwg6"; + }; + } ]; }; From d6b69dc2feb466cf87e702e64c4ae24815d793d7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 13:45:49 +0200 Subject: [PATCH 142/162] chore: install new swaync files --- modules/home/swaync/default.nix | 544 ++++++++++++-------------------- 1 file changed, 198 insertions(+), 346 deletions(-) diff --git a/modules/home/swaync/default.nix b/modules/home/swaync/default.nix index f70bcbd..45d3fe4 100644 --- a/modules/home/swaync/default.nix +++ b/modules/home/swaync/default.nix @@ -1,381 +1,233 @@ { pkgs, username, ... }: { home = { - packages = with pkgs; [ swaynotificationcenter ]; + packages = with pkgs; [ + swaynotificationcenter + wlogout + ]; file."/home/${username}/.config/swaync/config.json".text = '' - { - "positionX": "right", - "positionY": "top", - "layer": "overlay", - "layer-shell": "true", - "cssPriority": "application", - "control-center-margin-top": 10, - "control-center-margin-bottom": 10, - "control-center-margin-right": 10, - "control-center-margin-left": 10, - "notification-icon-size": 64, - "notification-body-image-height": 128, - "notification-body-image-width": 200, - "timeout": 10, - "timeout-low": 5, - "timeout-critical": 0, - "fit-to-screen": true, - "control-center-width": 400, - "control-center-height": 650, - "notification-window-width": 350, - "keyboard-shortcuts": true, - "image-visibility": "when-available", - "transition-time": 200, - "hide-on-clear": false, - "hide-on-action": true, - "script-fail-notify": true, - "widgets": [ - "title", - "dnd", - "notifications" - ], - "widget-config": { - "title": { - "text": "Notifications", - "clear-all-button": true, - "button-text": " Clear all " - }, - "dnd": { - "text": " Do not disturb" - }, - } + { + "$schema": "/etc/xdg/swaync/configSchema.json", + "positionX": "right", + "positionY": "top", + "layer": "overlay", + "layer-shell": true, + "cssPriority": "user", + + "control-center-width": 380, + "control-center-height": 860, + "control-center-margin-top": 8, + "control-center-margin-bottom": 8, + "control-center-margin-right": 8, + "control-center-margin-left": 8, + + "notification-window-width": 400, + "notification-icon-size": 48, + "notification-body-image-height": 160, + "notification-body-image-width": 200, + + "widgets": ["buttons-grid", "title", "dnd", "notifications", "mpris"], + "widget-config": { + "title": { + "text": "Notifications", + "clear-all-button": true, + "button-text": "Clear All" + }, + "dnd": { + "text": "Do Not Disturb" + }, + "label": { + "max-lines": 1, + "text": " " + }, + "mpris": { + "image-size": 60, + "image-radius": 12 + }, + "buttons-grid": { + "actions": [ + { + "label": " ", + "command": "kitty -e nmtui-connect" + }, + { + "label": "󰂯", + "command": "waybar-bluetooth toggle" + }, + { + "label": "󰏘", + "command": "kitty -e walp" + }, + { + "label": "⏻", + "command": "wlogout" + } + ] + } + } } ''; - file = { - "/home/${username}/.config/swaync/style.css".text = '' - * { - all: unset; - font-size: 14px; - font-family: "GohuFont 14 Nerd Font Mono"; - transition: 200ms; - } + file."/home/${username}/.config/swaync/style.css".text = '' + @import "../../.cache/wal/colors-waybar.css"; - trough highlight { - background: #cdd6f4; - } + @define-color text @foreground; + @define-color bg @color1; + @define-color selected @color6; + @define-color hover alpha(@selected, .4); - scale trough { - margin: 0rem 1rem; - background-color: #313244; - min-height: 8px; - min-width: 70px; - } + * { + outline: none; + transition: 200ms; + padding: 1px; + background: transparent; + } - slider { - background-color: #89b4fa; - } + .notification-row { + outline: none; + margin: 0; + padding: 0px; + } - .floating-notifications.background .notification-row .notification-background { - box-shadow: 0 0 8px 0 rgba(0, 0, 0, 0.8), inset 0 0 0 1px #313244; - margin: 18px; - background-color: #000000; - color: #cdd6f4; - padding: 0; - } + .notification-row .notification-background .close-button { + /* The notification Close Button */ + background: transparent; + color: @text; + text-shadow: none; + box-shadow: none; + margin-top: 2px; + margin-right: 2px; + padding: 0; + border: none; + border-radius: 100%; + min-width: 24px; + min-height: 24px; + } - .floating-notifications.background .notification-row .notification-background .notification { - padding: 7px; - } + .notification-row .notification-background .close-button:hover { + box-shadow: none; + background: transparent; + transition: background 0.15s ease-in-out; + border: 0px; + } - .floating-notifications.background .notification-row .notification-background .notification.critical { - box-shadow: inset 0 0 7px 0 #f38ba8; - } + .notification-row .notification-background .notification { + /* The actual notification */ + background: transparent; + } - .floating-notifications.background .notification-row .notification-background .notification .notification-content { - margin: 7px; - } + .notification-group .notification-group-headers { + /* Notficiation Group Headers */ + margin-top: 10px; + margin-bottom: 10px; + } - .floating-notifications.background .notification-row .notification-background .notification .notification-content .summary { - color: #cdd6f4; - } + .notification-group .notification-group-headers .notification-group-header { + font-size: 20px; + margin-left: 3px; + } - .floating-notifications.background .notification-row .notification-background .notification .notification-content .time { - color: #a6adc8; - } + .notification-group.collapsed .notification-row .notification { + background: alpha(@background, 0.55); + } - .floating-notifications.background .notification-row .notification-background .notification .notification-content .body { - color: #cdd6f4; - } + .control-center { + /* The Control Center which contains the old notifications + widgets */ + margin: 18px; + padding: 14px; + box-shadow: 0px 2px 5px black; + background: alpha(@background, 0.55); + border: 2px solid @selected; + } - .floating-notifications.background .notification-row .notification-background .notification > *:last-child > * { - min-height: 3.4em; - } + .control-center-clear-all { + /* Clear All button */ + background: transparent; + padding: 5px; + } - .floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action { - color: #cdd6f4; - background-color: #000000; - box-shadow: inset 0 0 0 1px #45475a; - margin: 7px; - } + .control-center-clear-all:hover { + background: @hover; + } - .floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action:hover { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #000000; - color: #cdd6f4; - } + .control-center-clear-all:active { + background: @selected; + } - .floating-notifications.background .notification-row .notification-background .notification > *:last-child > * .notification-action:active { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #000000; - color: #cdd6f4; - } + /*** Widgets ***/ + /* Title widget */ + .widget-title { + background: transparent; + margin-top: 15px; + margin-left: 15px; + margin-right: 15px; + } - .floating-notifications.background .notification-row .notification-background .close-button { - margin: 7px; - padding: 2px; - color: #1e1e2e; - background-color: #000000; - } + /* Do Not Disturb widget */ + .widget-dnd { + background: transparent; + margin-left: 15px; + margin-right: 15px; + } - .floating-notifications.background .notification-row .notification-background .close-button:hover { - background-color: #000000; - color: #1e1e2e; - } + .widget-dnd > switch { + background: @bg; + font-size: initial; + border-radius: 12px; + box-shadow: none; + padding: 2px; + } - .floating-notifications.background .notification-row .notification-background .close-button:active { - background-color: #000000; - color: #1e1e2e; - } + /* Media Player widget */ + @define-color mpris-album-art-overlay rgba(0, 0, 0, 0.55); + @define-color mpris-button-hover rgba(0, 0, 0, 0.50); - .control-center { - box-shadow: 0 0 8px 0 rgba(0, 0, 0, 0.8), inset 0 0 0 1px #313244; - margin: 18px; - background-color: #000000; - color: #cdd6f4; - padding: 14px; - } + .widget-mpris { + } - .control-center .widget-title > label { - color: #cdd6f4; - font-size: 1.3em; - } + .widget-mpris .widget-mpris-player { + padding: 10px; + margin: 8px 15px; + /* background-color: @mpris-album-art-overlay; */ + box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.75); + border: 2px; + } - .control-center .widget-title button { - color: #cdd6f4; - background-color: #313244; - box-shadow: inset 0 0 0 1px #45475a; - padding: 8px; - } + .widget-mpris .widget-mpris-player .widget-mpris-title { + font-size: 16px; + } - .control-center .widget-title button:hover { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #585b70; - color: #cdd6f4; - } + .widget-mpris .widget-mpris-player .widget-mpris-subtitle { + font-size: 14px; + } - .control-center .widget-title button:active { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #74c7ec; - color: #1e1e2e; - } + /* Buttons widget */ + .widget-buttons-grid { + /* background-color: alpha(@color2, 0.5); */ + } - .control-center .notification-row .notification-background { - color: #cdd6f4; - background-color: #313244; - box-shadow: inset 0 0 0 1px #45475a; - margin-top: 14px; - } + .widget-buttons-grid > flowbox > flowboxchild > button { + /* background: alpha(@color2, 0.5); */ + /* border-radius: 12px; */ + min-width: 45px; + } - .control-center .notification-row .notification-background .notification { - padding: 7px; - } + .control-center .notification-row .notification-background .notification { + padding: 10px; + } - .control-center .notification-row .notification-background .notification.critical { - box-shadow: inset 0 0 7px 0 #f38ba8; - } + .floating-notifications.background .notification-row .notification-background .close-button { + margin: 10px; + padding: 2px; + } - .control-center .notification-row .notification-background .notification .notification-content { - margin: 7px; - } + .floating-notifications.background .notification-row .notification-background { + margin: 18px; + padding: 0; + } - .control-center .notification-row .notification-background .notification .notification-content .summary { - color: #cdd6f4; - } - - .control-center .notification-row .notification-background .notification .notification-content .time { - color: #a6adc8; - } - - .control-center .notification-row .notification-background .notification .notification-content .body { - color: #cdd6f4; - } - - .control-center .notification-row .notification-background .notification > *:last-child > * { - min-height: 3.4em; - } - - .control-center .notification-row .notification-background .notification > *:last-child > * .notification-action { - color: #cdd6f4; - background-color: #11111b; - box-shadow: inset 0 0 0 1px #45475a; - margin: 7px; - } - - .control-center .notification-row .notification-background .notification > *:last-child > * .notification-action:hover { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #313244; - color: #cdd6f4; - } - - .control-center .notification-row .notification-background .notification > *:last-child > * .notification-action:active { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #74c7ec; - color: #cdd6f4; - } - - .control-center .notification-row .notification-background .close-button { - margin: 7px; - padding: 2px; - color: #1e1e2e; - background-color: #eba0ac; - } - - .close-button { - } - - .control-center .notification-row .notification-background .close-button:hover { - background-color: #f38ba8; - color: #1e1e2e; - } - - .control-center .notification-row .notification-background .close-button:active { - background-color: #f38ba8; - color: #1e1e2e; - } - - .control-center .notification-row .notification-background:hover { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #7f849c; - color: #cdd6f4; - } - - .control-center .notification-row .notification-background:active { - box-shadow: inset 0 0 0 1px #45475a; - background-color: #74c7ec; - color: #cdd6f4; - } - - .notification.critical progress { - background-color: #f38ba8; - } - - .notification.low progress, - .notification.normal progress { - background-color: #89b4fa; - } - - .control-center-dnd { - margin-top: 5px; - background: #313244; - border: 1px solid #45475a; - box-shadow: none; - } - - .control-center-dnd:checked { - background: #313244; - } - - .control-center-dnd slider { - background: #45475a; - } - - .widget-dnd { - margin: 0px; - font-size: 1.1rem; - } - - .widget-dnd > switch { - font-size: initial; - background: #313244; - border: 1px solid #45475a; - box-shadow: none; - } - - .widget-dnd > switch:checked { - background: #313244; - } - - .widget-dnd > switch slider { - background: #45475a; - border: 1px solid #6c7086; - } - - .widget-mpris .widget-mpris-player { - background: #313244; - padding: 7px; - } - - .widget-mpris .widget-mpris-title { - font-size: 1.2rem; - } - - .widget-mpris .widget-mpris-subtitle { - font-size: 0.8rem; - } - - .widget-menubar > box > .menu-button-bar > button > label { - font-size: 3rem; - padding: 0.5rem 2rem; - } - - .widget-menubar > box > .menu-button-bar > :last-child { - color: #f38ba8; - } - - .power-buttons button:hover, - .powermode-buttons button:hover, - .screenshot-buttons button:hover { - background: #313244; - } - - .control-center .widget-label > label { - color: #cdd6f4; - font-size: 2rem; - } - - .widget-buttons-grid { - padding-top: 1rem; - } - - .widget-buttons-grid > flowbox > flowboxchild > button label { - font-size: 2.5rem; - } - - .widget-volume { - padding-top: 1rem; - } - - .widget-volume label { - font-size: 1.5rem; - color: #74c7ec; - } - - .widget-volume trough highlight { - background: #74c7ec; - } - - .widget-backlight trough highlight { - background: #f9e2af; - } - - .widget-backlight scale { - margin-right: 1rem; - } - - .widget-backlight label { - font-size: 1.5rem; - color: #f9e2af; - } - - .widget-backlight .KB { - padding-bottom: 1rem; - } - ''; - }; + .floating-notifications.background .notification-row .notification-background .notification { + padding: 7px; + } + ''; }; } From 4206faadc4d3be3f1f14d33e2b0760861a690489 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 13:45:57 +0200 Subject: [PATCH 143/162] feat: adds mumble to pkgs --- roles/gui.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/gui.nix b/roles/gui.nix index de10ee3..ca6cc4b 100644 --- a/roles/gui.nix +++ b/roles/gui.nix @@ -26,6 +26,7 @@ in element-desktop gajim signal-desktop + mumble anki-bin obs-studio wdisplays From c20fbd3a5dbfc9b399673515e107088170f3516d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 13:46:59 +0200 Subject: [PATCH 144/162] chore: switch back to swaylock as hyprlock is causing issues *again* --- modules/home/hyprland/config.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index b538f0c..cd1d242 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -1,4 +1,9 @@ -{ pkgs, host, ... }: +{ + pkgs, + host, + username, + ... +}: { fonts.fontconfig.enable = true; home.packages = [ @@ -59,7 +64,6 @@ source = "~/nixos-config/modules/home/hyprland/displays.conf"; "debug:disable_scale_checks" = true; - # monitor = "eDP-1, 2256x1504@60, 0x0, 1.5"; monitor = if (host == "sakura") then "eDP-1, 2256x1504@60, 0x0, 1.5" @@ -215,7 +219,7 @@ "$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar "$mainMod, Space, togglefloating," "$mainMod, D, exec, bemenu-run -l 5 --ignorecase" - "SUPER SHIFT, L, exec, hyprlock" + "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "$mainMod, E, exec, thunar" "$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped" "$mainMod, C,exec, hyprpicker -a" From f1590d88e88cf658e75928aa6139b1f7683fc15e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 14:05:23 +0200 Subject: [PATCH 145/162] feat: adds paperless-ngx --- modules/services/paperless-ngx.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 modules/services/paperless-ngx.nix diff --git a/modules/services/paperless-ngx.nix b/modules/services/paperless-ngx.nix new file mode 100644 index 0000000..4ab78b1 --- /dev/null +++ b/modules/services/paperless-ngx.nix @@ -0,0 +1,29 @@ +{ + services = { + paperless = { + enable = true; + consumptionDirIsPublic = true; + settings = { + PAPERLESS_CONSUMER_IGNORE_PATTERN = [ + ".DS_STORE/*" + "desktop.ini" + ]; + PAPERLESS_OCR_LANGUAGE = "deu+eng+nld"; + PAPERLESS_OCR_USER_ARGS = { + optimize = 1; + pdfa_image_compression = "lossless"; + }; + PAPERLESS_URL = "https://documents.liv.town"; + }; + }; + nginx.virtualHosts."documents.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://127.0.0.1:28981"; + proxyWebsockets = true; + }; + }; + }; +} From 42944da173c825cec7aa00c0a65e0a8c5a983818 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 14:05:57 +0200 Subject: [PATCH 146/162] feat: adds email and paperless-ngx to `violet` --- modules/services/violet.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 122aa03..15639ef 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -7,6 +7,7 @@ ++ [ (import ./binternet-proxy.nix) ] ++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./docker.nix) ] + ++ [ (import ./email.nix) ] ++ [ (import ./forgejo.nix) ] ++ [ (import ./grafana.nix) ] ++ [ (import ./guacamole.nix) ] @@ -17,9 +18,12 @@ ++ [ (import ./matrix/default.nix) ] ++ [ (import ./mumble.nix) ] ++ [ (import ./monitoring.nix) ] + # ++ [ (import ./minio.nix) ] + # ++ [ (import ./nextcloud.nix) ] ++ [ (import ./ntfy.nix) ] ++ [ (import ./nginx.nix) ] ++ [ (import ./nix-serve.nix) ] + ++ [ (import ./paperless-ngx.nix) ] ++ [ (import ./radicale.nix) ] ++ [ (import ./remote-build.nix) ] ++ [ (import ./readarr.nix) ] From 34cf53a50991df5a5c4af027b1b8510448ca542a Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 14:06:39 +0200 Subject: [PATCH 147/162] flake: update --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ea2838d..1fb8902 100644 --- a/flake.lock +++ b/flake.lock @@ -885,11 +885,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From fa9bff88da4e6810e02c15acb9555ca238375d5c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 14:08:13 +0200 Subject: [PATCH 148/162] chore: only enable virtualisation for hosts that require it --- modules/core/virtualization.nix | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/modules/core/virtualization.nix b/modules/core/virtualization.nix index eeca5d6..3ad3ae8 100644 --- a/modules/core/virtualization.nix +++ b/modules/core/virtualization.nix @@ -1,9 +1,17 @@ -{ pkgs, ... }: +{ pkgs, host, ... }: { virtualisation = { # vmware.host.enable = true; # Causes issues for now :p - waydroid.enable = true; - libvirtd.enable = true; + waydroid.enable = if (host == "sakura") then true else false; + libvirtd.enable = + if (host == "violet") then + true + else if (host == "sakura") then + true + else if (host == "yoshino") then + true + else + false; spiceUSBRedirection.enable = true; }; From 5cc46993c8afb1b51cf2f73295e065177c122df8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 14:11:42 +0200 Subject: [PATCH 149/162] feat: adds borgbackup job for vaultwarden --- modules/services/vaultwarden.nix | 90 ++++++++++++++++++++++---------- 1 file changed, 63 insertions(+), 27 deletions(-) diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix index 38a2192..93ce630 100644 --- a/modules/services/vaultwarden.nix +++ b/modules/services/vaultwarden.nix @@ -1,34 +1,70 @@ -{ config, ... }: { - services.vaultwarden = { - enable = true; - dbBackend = "sqlite"; - config = { - SIGNUPS_ALLOWED = false; - ENABLE_WEBSOCKET = true; - SENDS_ALLOWED = true; - INVITATIONS_ENABLED = true; - EMERGENCY_ACCESS_ALLOWED = true; - EMAIL_ACCESS_ALLOWED = true; - DOMAIN = "https://passwords.liv.town"; - ROCKET_ADDRESS = "0.0.0.0"; - ROCKET_PORT = 8003; + config, + host, + pkgs, + username, + ... +}: +let + baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${host}"; +in +{ + services = { + vaultwarden = { + enable = true; + dbBackend = "sqlite"; + config = { + SIGNUPS_ALLOWED = false; + ENABLE_WEBSOCKET = true; + SENDS_ALLOWED = true; + INVITATIONS_ENABLED = true; + EMERGENCY_ACCESS_ALLOWED = true; + EMAIL_ACCESS_ALLOWED = true; + DOMAIN = "https://passwords.liv.town"; + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = 8003; + }; }; - }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "passwords.liv.town" = { - forceSSL = true; - sslCertificate = "/var/lib/acme/liv.town/cert.pem"; - sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; - proxyWebsockets = true; + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = { + "passwords.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + proxyWebsockets = true; + }; }; }; }; + borgbackup.jobs."violet-vaultwarden" = { + paths = [ "/var/lib/bitwarden_rs" ]; + repo = "${baseRepo}/var-vaultwarden"; + encryption.mode = "none"; + compression = "auto,zstd"; + startAt = "daily"; + preHook = '' + systemctl stop vaultwarden + ''; + postHook = '' + systemctl start vaultwarden + if [ $exitStatus -eq 2 ]; then + ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) failed with errors" + else + ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) completed succesfully with exit status $exitStatus" + fi + ''; + user = "root"; + extraCreateArgs = [ + "--stats" + ]; + environment = { + BORG_RSH = "ssh -p 9123 -i /home/${username}/.ssh/id_ed25519"; + }; + }; }; } From e6e576cd43285ff97fb343fe4ff0c3d409a942c2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 14:12:17 +0200 Subject: [PATCH 150/162] chore: adds excludes to service-wide borgbackup job so that items are not backup up double --- modules/services/borg.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/services/borg.nix b/modules/services/borg.nix index fad706a..668e70c 100644 --- a/modules/services/borg.nix +++ b/modules/services/borg.nix @@ -37,6 +37,12 @@ in paths = [ "/var/lib" ]; + exclude = [ + "/var/lib/matrix-synapse" + "/var/lib/mautrix-signal" + "/var/lib/mautrix-whatsapp" + "/var/lib/bitwarden_rs" + ]; repo = "${baseRepo}/var-lib"; encryption.mode = "none"; compression = "auto,zstd"; From e785b697a5874944f733b259c185a5a581bd6d5f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 17 Aug 2025 15:01:39 +0200 Subject: [PATCH 151/162] chore: sops-nix things --- secrets/violet/secrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 64f39ae..f497f8d 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -22,7 +22,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-06T12:33:06Z" - mac: ENC[AES256_GCM,data:9U5QLQrk+61pIgfWSC468m7url0GGztamVlu0D74hSOf8iyLHiL1RHIKuB9t8Dk5bIGruVQE2zN8TZIHzktMofc1arSP69Zxl41EGNCyrm2uAyEguQelxZzRb/7bNe/Kkm6oLN1fQ8TJ1t7nyiTQCdbhl/wFZwSZxGemv7t8hKI=,iv:AEvP5cdOl0dX3o/0Zoy8112rqhE0cKNX8B5lyFEe6f4=,tag:LRqM5L3DB4Tyhe++4Hcqcw==,type:str] + lastmodified: "2025-08-17T12:59:12Z" + mac: ENC[AES256_GCM,data:d0fls75JYsDd4QyF1lUi6CGinPJBRNOwgHg4fbnp40P/5rhGZsH8dL9+n2qQjCqEWPtBDbAGz0LYQ8T/VxaNHQwuvCX1Q1LCjlwbrZHEMLXNhd3VOa4b7e9k8+mgccLKDj52PlXSNxW+ATplZSTCMFnrBuDkfiW09gz8He8s8jo=,iv:v8XNLDFu1VhQ7A+CpimWJb95YvzRCWpgqRj6Uhx5wLU=,tag:kAg/NDen7VkMrOfV92SEkA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From cd81467518294a1c11b3b4e66ed3e6bf82d64121 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:14:04 +0200 Subject: [PATCH 152/162] feat: adds `smb` share for `violet` --- hosts/violet/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hosts/violet/default.nix b/hosts/violet/default.nix index d361648..b9e9a0c 100644 --- a/hosts/violet/default.nix +++ b/hosts/violet/default.nix @@ -22,7 +22,8 @@ time.timeZone = "Europe/Amsterdam"; environment.systemPackages = with pkgs; [ - pkgs.kitty.terminfo + kitty.terminfo + cifs-utils ]; services = { @@ -62,4 +63,14 @@ ] ++ [ pkgs.cpupower-gui ]; }; + + fileSystems."/mnt/nfs/violet" = { + device = "//172.16.10.130/spinners/violet"; # not ideal, should get the static IP from dandelion from a config attribute but whatever... + fsType = "cifs"; + options = [ + "x-systemd.automount" + "noauto" + "credentials=${config.sops.secrets.smbLoginDetails.path}" + ]; + }; } From 026cf9d822059d51de189ecaafaa5d82021876d8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:14:15 +0200 Subject: [PATCH 153/162] chore: adds `smbLoginDetails` --- modules/core/sops.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index e457888..27b1c10 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -22,6 +22,7 @@ "matrixRegistrationSecret" = { owner = "matrix-synapse"; }; + "smbLoginDetails" = { }; } else if (host == "sakura") then { From f13fde7e9129c5091fa84782419f40becb136e38 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:14:34 +0200 Subject: [PATCH 154/162] chore: update secrets --- secrets/violet/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index f497f8d..f8d5015 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -2,6 +2,7 @@ systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str] +smbLoginDetails: ENC[AES256_GCM,data:Puv+Vewv0TDpiYM+Uym180CLT+vXKoeSW/uNxAX7f9y0NvG2Uqqglj/HcCMhyQn9GpCIQyb+xidlLWn3Ywdg6ybaf4WN5EdAEXMK/FRQyVIvvOcCcwG+IeUc1Wc5NmM2qEbxLqLNDWxiH8/QsrT9rWWxxx4c4eD1HOpIv9LCuavXXLmKy6JvtxYwtOv4u8ukp+e0uP7pLN7d,iv:XH+6soi7lZiGz9ZGlQb49f44API715ib/Y7Zh3hFnDM=,tag:iz8RYRSwNxrMxy+rqeM07Q==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -22,7 +23,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-17T12:59:12Z" - mac: ENC[AES256_GCM,data:d0fls75JYsDd4QyF1lUi6CGinPJBRNOwgHg4fbnp40P/5rhGZsH8dL9+n2qQjCqEWPtBDbAGz0LYQ8T/VxaNHQwuvCX1Q1LCjlwbrZHEMLXNhd3VOa4b7e9k8+mgccLKDj52PlXSNxW+ATplZSTCMFnrBuDkfiW09gz8He8s8jo=,iv:v8XNLDFu1VhQ7A+CpimWJb95YvzRCWpgqRj6Uhx5wLU=,tag:kAg/NDen7VkMrOfV92SEkA==,type:str] + lastmodified: "2025-08-19T12:23:05Z" + mac: ENC[AES256_GCM,data:hH3cTyHeFMTH5zYpCWyM1uqLta/uzQcLc5HPSdsR52Skh89/5h51vC666g0JuVm/sXh3gv6XQ1AGidPMAmx60qmHjiWE/LRli7xDwKk3p4mldC7RC2FrR0JPmfhDzXIo7VL60PCq4CPWevyRpAWMEMgnc3Z/IzmfDObUsvU+rg0=,iv:CrL4uqV8keGMw+tuqvkNrpKoM0qqr1vsdhESPUb+Hig=,tag:O2NKejf2dpkrkTzX1IfQcA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From b36623d091feefb5d646695faeb20cf43a43fe81 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:14:39 +0200 Subject: [PATCH 155/162] flake: update --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index 1fb8902..bf17cbe 100644 --- a/flake.lock +++ b/flake.lock @@ -235,11 +235,11 @@ ] }, "locked": { - "lastModified": 1754924470, - "narHash": "sha256-asI/or9AcUMydwzodCgpHGytnMSNUlciw3uaycpXm4E=", + "lastModified": 1755397986, + "narHash": "sha256-qwrF5laj6eE3Zht0wKYTmH6QzL7bdOyE2f6jd3WCO8g=", "owner": "nix-community", "repo": "home-manager", - "rev": "67393957c27b4e4c6c48a60108a201413ced7800", + "rev": "8b4ac149687e8520187a66f05e9d4eafebf96522", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1754935293, - "narHash": "sha256-aLnHm/FPjPR8Flv8ixBk+bmd10A8BZvtLe2i9WTzNfU=", + "lastModified": 1755416233, + "narHash": "sha256-tydnBQmV8pPHPlvq7sTEOEhkjXnYaeJtMN+77Rf/1NU=", "ref": "refs/heads/main", - "rev": "cb6589db98325705cef5dcaf92ccdf41ab21386d", - "revCount": 6358, + "rev": "251288ec5942b3544ad31de1299569284d80f0d7", + "revCount": 6370, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -564,11 +564,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1753819183, - "narHash": "sha256-KjuaXO9pdSHwpnsdj+TXqLDVZ8EhqfV5duSzIssBlzY=", + "lastModified": 1755112136, + "narHash": "sha256-eYLtZJayWWbKBC3u/gvDSqVyffuD+egryr7zPWRAeyY=", "owner": "hyprwm", "repo": "hyprsunset", - "rev": "233aaccdbdd20af848be3f30ab318342e28cd7e3", + "rev": "1f9afca28fac5f490e5f232e6f1887a69ff34896", "type": "github" }, "original": { @@ -759,11 +759,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754564048, - "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -933,11 +933,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -954,11 +954,11 @@ "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1754172548, - "narHash": "sha256-8lWMN23VGQHTN5Kg5Kz1UMakt42brOlMz2IKxFBvKog=", + "lastModified": 1755007783, + "narHash": "sha256-mxKUvsLy6Nf8Td8jQ0Q7q+A+FcTuYMyp/qmnnCRK1QE=", "owner": "ahwxorg", "repo": "nixvim-config", - "rev": "fe2f1c27fa532489800b8f4d17f12c13299afa8d", + "rev": "d4b1e0a37718bd4b704c5c055151135094d911eb", "type": "github" }, "original": { @@ -993,11 +993,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1754935554, - "narHash": "sha256-5qa0fxwxmrNCiKqdfXKx8t4tn9E0aenG8IZcWFV/Jco=", + "lastModified": 1755435577, + "narHash": "sha256-Rgcfyl8sWF+Uxe2HM51kJ72aNtaoy/UPiblwGTZHANU=", "owner": "nix-community", "repo": "NUR", - "rev": "ac764b3412faeed1a37c7d21f30bc0fbe547f773", + "rev": "199390e7082f9307578531d389cccd9f37412156", "type": "github" }, "original": { @@ -1091,11 +1091,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1754328224, - "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { From ed7de3830721611ab355c7df92f7d4f967b61f80 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:15:04 +0200 Subject: [PATCH 156/162] chore: remove old code --- hosts/sakura/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 41fb1a0..f901a81 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -56,6 +56,7 @@ # powertop.enable = true; cpuFreqGovernor = lib.mkDefault "ondemand"; }; + # change battery led to blue on suspend to indicate device is in suspend mode systemd.services."suspend-led-set" = { description = "blue led for sleep"; @@ -80,7 +81,6 @@ ''; services.logind.lidSwitch = "suspend"; boot = { - # plymouth.enable = true; # is a module now kernelParams = [ "mem_sleep_default=deep" "acpi_osi=\"!Windows 2020\"" # otherwise GPU does weird shit that makes the computer look like the RAM is broken From c058b40299b518512c64b5bd540f8717a80555b0 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:15:37 +0200 Subject: [PATCH 157/162] chore: adds a few zsh widgets; adds `fzf-zsh-plugin` --- modules/home/zsh.nix | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index 0408d7f..fa1f4b6 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -147,6 +147,19 @@ zle -N nix-search-fzf-shell-widget bindkey '^O' nix-search-fzf-shell-widget + # Use fzf as a history widget + zle -N fzf-history-widget + bindkey '^R' fzf-history-widget + bindkey -M viins '^R' fzf-history-widget + bindkey -M vicmd '^R' fzf-history-widget + + # Use fzf as a cd completion widget + zle -N fzf-cd-widget + bindkey '^G' fzf-cd-widget + + # Use fzf as a file completion widget + zle -N fzf-file-widget + bindkey '^F' fzf-file-widget # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then # alias imv="sxiv" @@ -172,8 +185,7 @@ g = "git"; gp = "git pull"; - calc = "eva"; - wikipedia = "wikit"; + wiki = "wikit"; }; }; @@ -262,9 +274,18 @@ sha256 = "0na6b5b46k4473c53mv1wkb009i6b592gxpjq94bdnlz1kkcqwg6"; }; } + { + name = "fzf-zsh-plugin"; + src = fetchFromGitHub { + owner = "unixorn"; + repo = "fzf-zsh-plugin"; + rev = "04ae801499a7844c87ff1d7b97cdf57530856c65"; + sha256 = "sha256-FEGhx36Z5pqHEOgPsidiHDN5SXviqMsf6t6hUZo+I8A="; + }; + file = "fzf-zsh-plugin.plugin.zsh"; + } ]; }; - fzf = { enable = true; enableZshIntegration = true; From 8ffc2e28a86b50b504a3ea61c038d5e755fe1809 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 19 Aug 2025 15:16:10 +0200 Subject: [PATCH 158/162] chore: sets `gfvs` package to the `gnome` one using `lib.mkForce` --- roles/gui.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/gui.nix b/roles/gui.nix index ca6cc4b..ff059bd 100644 --- a/roles/gui.nix +++ b/roles/gui.nix @@ -17,7 +17,10 @@ in config = mkIf cfg.enable { services = { - gvfs.enable = true; + gvfs = { + enable = true; + package = lib.mkForce pkgs.gnome.gvfs; + }; gnome.gnome-keyring.enable = true; dbus.enable = true; }; From 707934a1b706c1ed5fadd3e0437c32d24297b414 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 3 Sep 2025 14:46:19 +0200 Subject: [PATCH 159/162] chore: adds back normal am/pm time and move minutes to slide-out-menu; adds ssid to network thingy --- modules/home/waybar/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/waybar/default.nix b/modules/home/waybar/default.nix index 5572f57..dfe464a 100644 --- a/modules/home/waybar/default.nix +++ b/modules/home/waybar/default.nix @@ -85,7 +85,7 @@ "network": { "format": "󰈀 {ifname}", - "format-wifi": " {ipaddr}/{cidr} {signalStrength}%", + "format-wifi": " {essid} - {ipaddr}/{cidr} {signalStrength}%", "format-ethernet": "󰈀 {ipaddr}/{cidr}", "format-disconnected": "󰈂", "tooltip-format": "{ifname} via {gwaddr}", @@ -316,7 +316,7 @@ "group/clock": { "orientation": "horizontal", - "modules": [ "custom/clock#minutes", "clock#time", "clock#date" ], + "modules": [ "clock#time", "custom/clock#minutes", "clock#date" ], "drawer": { "transition-left-to-right": false, "transition-duration": 500 @@ -349,7 +349,7 @@ "clock#time": { "interval": 60, - "format": " {:%I:%M %p}", + "format": " {:%I:%M %p}", "actions": { "on-scroll-up": "tz_up", "on-scroll-down": "tz_down" From 0562b41396ad93decbcc9601954de36de2b70aa7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 3 Sep 2025 19:56:33 +0200 Subject: [PATCH 160/162] feat: adds hyprspace and hyprbars; configures hyprbars --- modules/home/hyprland/config.nix | 16 ++++++++++++++++ modules/home/hyprland/hyprland.nix | 2 ++ 2 files changed, 18 insertions(+) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index cd1d242..0bfab5d 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -388,6 +388,22 @@ xwayland { force_zero_scaling = true } + + plugin { + hyprbars { + bar_height = 38 + bar_color = rgb(1e1e1e) + col.text = $foreground + bar_text_size = 12 + bar_text_font = GohuFont 11 Nerd Font Propo + bar_button_padding = 12 + bar_padding = 10 + bar_precedence_over_border = true + hyprbars-button = $color1, 20, , hyprctl dispatch killactive + hyprbars-button = $color3, 20, , hyprctl dispatch fullscreen 2 + hyprbars-button = $color4, 20, , hyprctl dispatch togglefloating + } + } "; }; } diff --git a/modules/home/hyprland/hyprland.nix b/modules/home/hyprland/hyprland.nix index ed959a4..c277b9b 100644 --- a/modules/home/hyprland/hyprland.nix +++ b/modules/home/hyprland/hyprland.nix @@ -24,6 +24,8 @@ plugins = [ # inputs.Hyprspace.packages.${pkgs.system}.Hyprspace # inputs.Hyswipe.packages.${pkgs.system}.Hyswipe + pkgs.hyprlandPlugins.hyprbars + pkgs.hyprlandPlugins.hyprspace ]; }; } From 8818d78baeceb89a2d538d0183837d72f0b70767 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 3 Sep 2025 20:56:10 +0200 Subject: [PATCH 161/162] chore: disable hyprspace as it kills hyprland on a gesture --- modules/home/hyprland/hyprland.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/home/hyprland/hyprland.nix b/modules/home/hyprland/hyprland.nix index c277b9b..283e464 100644 --- a/modules/home/hyprland/hyprland.nix +++ b/modules/home/hyprland/hyprland.nix @@ -22,10 +22,8 @@ # enableNvidiaPatches = false; systemd.enable = true; plugins = [ - # inputs.Hyprspace.packages.${pkgs.system}.Hyprspace - # inputs.Hyswipe.packages.${pkgs.system}.Hyswipe pkgs.hyprlandPlugins.hyprbars - pkgs.hyprlandPlugins.hyprspace + # pkgs.hyprlandPlugins.hyprspace # causes hyprland to crash on 4-finger swipe; great software ]; }; } From e7e637b2f6988a720c1344451aba5a4b94adcc91 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 5 Sep 2025 18:44:50 +0200 Subject: [PATCH 162/162] feat: adds iris --- README.md | 1 + flake.nix | 10 ++++ hosts/iris/default.nix | 68 +++++++++++++++++++++++++++ hosts/iris/hardware-configuration.nix | 43 +++++++++++++++++ modules/core/sshd.nix | 1 + modules/core/virtualization.nix | 2 + 6 files changed, 125 insertions(+) create mode 100644 hosts/iris/default.nix create mode 100644 hosts/iris/hardware-configuration.nix diff --git a/README.md b/README.md index 56c28ba..78be231 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ - [variables.nix](variables.nix): base variables useful for all hosts - [hosts](hosts): per-host configurations that contain host specific settings - [yoshino](hosts/yoshino/): Desktop (yoshino) specific configuration + - [iris](hosts/iris/): Desktop (iris) specific configuration - [sakura](hosts/sakura/): Laptop (sakura) specific configuration - [ichiyo](hosts/ichiyo/): Laptop (ichiyo) specific configuration - [violet](hosts/violet/): Server (violet) specific configuration diff --git a/flake.nix b/flake.nix index dee9411..74cece5 100644 --- a/flake.nix +++ b/flake.nix @@ -138,6 +138,16 @@ inherit self inputs username; }; }; + iris = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/iris) + ]; + specialArgs = { + host = "iris"; + inherit self inputs username; + }; + }; }; }; } diff --git a/hosts/iris/default.nix b/hosts/iris/default.nix new file mode 100644 index 0000000..bc47be4 --- /dev/null +++ b/hosts/iris/default.nix @@ -0,0 +1,68 @@ +{ + inputs, + pkgs, + config, + lib, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + ./../../modules/core + # ./../../modules/home/nfs.nix + ./../../modules/core/virtualization.nix + ./../../modules/services/tailscale.nix + ./../../modules/services/mpd.nix + ]; + + powerManagement = { + enable = true; + # powertop.enable = true; + cpuFreqGovernor = lib.mkDefault "performance"; + }; + + networking = { + hostName = "iris"; + networkmanager.enable = true; + }; + + systemd.network.networks."99-local" = { + matchConfig.name = "enp68s0"; + address = [ + "192.168.1.100/24" + ]; + routes = [ + { + Gateway = "172.16.10.1"; + GatewayOnLink = false; + } + ]; + }; + + liv = { + desktop.enable = true; + creative.enable = true; + amdgpu.enable = true; + wine.enable = false; # use VM for this + gui.enable = true; + }; + + boot = { + kernelParams = [ ]; + kernelModules = [ "acpi_call" ]; + kernelPackages = pkgs.linuxPackages_latest; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + systemd-boot.configurationLimit = 10; + }; + extraModulePackages = + with config.boot.kernelPackages; + [ + acpi_call + cpupower + v4l2loopback + ] + ++ [ pkgs.cpupower-gui ]; + }; +} diff --git a/hosts/iris/hardware-configuration.nix b/hosts/iris/hardware-configuration.nix new file mode 100644 index 0000000..81f813e --- /dev/null +++ b/hosts/iris/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6609be3d-2dda-4961-9247-6463349f196c"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-e8a36fde-6d6f-4650-b0dc-3152ef561c99".device = "/dev/disk/by-uuid/e8a36fde-6d6f-4650-b0dc-3152ef561c99"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1793-F35D"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.ens4f0.useDHCP = lib.mkDefault true; + # networking.interfaces.ens4f1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix index 9cccd6d..64d60bd 100644 --- a/modules/core/sshd.nix +++ b/modules/core/sshd.nix @@ -17,6 +17,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # sakura "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # ichiyo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDltZ7vfyrLrl32TIWCC3iUx40TrCtIz6Ssi/SZvikg liv@zinnia" # zinnia + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c diff --git a/modules/core/virtualization.nix b/modules/core/virtualization.nix index 3ad3ae8..e800e35 100644 --- a/modules/core/virtualization.nix +++ b/modules/core/virtualization.nix @@ -10,6 +10,8 @@ true else if (host == "yoshino") then true + else if (host == "iris") then + true else false; spiceUSBRedirection.enable = true;