diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..490e97b --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake "git+https://git.lillianviolet.dev/Lillian-Violet/dev-templates.git?dir=nix" diff --git a/README.md b/README.md index a3071c5..31f5291 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,11 @@ if you don't want to use [sops](https://github.com/Mic92/sops-nix) secret manage Upon any of the above changes; also remove/replace the secret files, they can be found under the host configuration folders in ``hosts//secrets/sops.yaml`` -For the hosts EDI and GLaDOS, [lanzaboote](https://github.com/nix-community/lanzaboote) has to be disabled (and re-enabled if you want secure boot after install). You can first replace enabling lanzaboot with systemd-boot. You can do this by commenting out the lanzaboote configuration, and replace the line +For the hosts EDI and GLaDOS, [lanzaboot](https://github.com/nix-community/lanzaboote) has to be disabled (and re-enabled if you want secure boot after install). You can first replace enabling lanzaboot with systemd-boot. You can do this by commenting out the lanzaboot configuration, and replace the line ``boot.loader.systemd-boot.enable = lib.mkForce false;`` with ``boot.loader.systemd-boot.enable = true`` -To turn secure boot back on again you can look at the [lanzaboote](https://github.com/nix-community/lanzaboote) repository and follow the install steps. +To turn secure boot back on again you can look at the [lanzaboot](https://github.com/nix-community/lanzaboote) repository and follow the install steps. Then run this command with your cloned github repo (I put mine in /etc/nixos): @@ -46,16 +46,6 @@ To test if your build succeeds the basic checks and can start building the artif Note: this does not build the full configuration, and errors might still happen in deployment, especially for dependencies that rely on external services like webservers to be called. For obvious reasons the test building does not actually pull in all the artifacts, and does not make external calls aside from to the package files (You will need a built nix store, or a connection to the git repository that hosts your packages, like an internet connection to github, to make the test run) -## Post installation - -I have made a few commands for post installation (and for an iso installer to use) that make life a bit easier, they are automatically added to the [$PATH](https://en.wikipedia.org/wiki/PATH_(variable)). The commands will automatically inhibit sleep and standby so you don't have to worry about them getting interrupted. -| Command | Effect | -| ------------- | ------------- | -| rebuild | Use the latest version of the repo and do a nixos-rebuild switch on it to upgrade your system. | -| update | Update the flake lock in the repo, run a test to see if nothing breaks, and then push the flake lock update done to the repo. | -| upgrade | Run update and rebuild one after the other, useful for a quick upgrade. | -| install | Run a script that automatically lets you select a host to format the disks with disko, install nixos on that disk, and deploy the entire configuration. (useful for instal USBs) | - ## Technical details ### [Home manager](https://github.com/nix-community/home-manager) @@ -66,7 +56,4 @@ The secrets are managed in sops files within the hosts folders, there is only on ``nix-shell -p sops --run "sops ./nixos/hosts//secrets/sops.yaml"`` -This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself. - -### [Just](https://github.com/casey/just) -This repo uses just as a command runner for setting up and building the nixos files more easily. The programs needed to run all the commands are nix, just, and nom (nix output monitor). The commands you can use can be found in the justfile (named justfile in the root of this repo). This is purely for convenience, it doesn't add anything you could not manually do, it just automates a lot of steps. +This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself. \ No newline at end of file diff --git a/disko/GLaDOS/default.nix b/disko/GLaDOS/default.nix index f998acc..c605347 100644 --- a/disko/GLaDOS/default.nix +++ b/disko/GLaDOS/default.nix @@ -1,9 +1,9 @@ { disko.devices = { disk = { - main = { + sda1 = { type = "disk"; - device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1"; + device = "/dev/disk/by-path/pci-0000:06:00.0-ata-6"; content = { type = "gpt"; partitions = { @@ -14,14 +14,16 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ + "defaults" + ]; }; }; - nvme_luks = { + luks = { size = "100%"; content = { type = "luks"; - name = "nvme_crypted"; + name = "crypted"; extraOpenArgs = []; settings = { # if you want to use the key for interactive login be sure there is no trailing newline @@ -29,30 +31,47 @@ #keyFile = "/tmp/secret.key"; allowDiscards = true; }; + #additionalKeyFiles = ["/tmp/additionalSecret.key"]; content = { type = "lvm_pv"; - vg = "nvme_pool"; + vg = "pool"; }; }; }; }; }; }; + #sdc = { + #device = "/dev/disk/by-path/pci-0000:06:00.0-ata-2"; + #type = "disk"; + #content = { + #type = "gpt"; + #partitions = { + #root = { + #size = "100%"; + #content = { + #type = "filesystem"; + #format = "ext4"; + #mountpoint = "/media"; + #}; + #}; + #}; + #}; + #}; }; lvm_vg = { - nvme_pool = { + pool = { type = "lvm_vg"; lvs = { - nvme_swap = { - size = "32G"; + swap = { + size = "16G"; content = { type = "swap"; - discardPolicy = "both"; resumeDevice = true; # resume from hiberation from this device }; }; - nvme_root = { - size = "100%"; + root = { + size = "100%FREE"; content = { type = "filesystem"; format = "ext4"; diff --git a/disko/wheatley/default.nix b/disko/wheatley/default.nix deleted file mode 100644 index 0e892ff..0000000 --- a/disko/wheatley/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - disko = { - devices = { - disk = { - disk1 = { - imageSize = "20G"; - type = "disk"; - device = "/dev/mmcblk0"; - content = { - type = "gpt"; - partitions = { - firmware = { - size = "30M"; - priority = 1; - type = "0700"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/firmware"; - }; - }; - boot = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "filesystem"; - extraArgs = []; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/flake.lock b/flake.lock index e6cc430..63d14af 100644 --- a/flake.lock +++ b/flake.lock @@ -1,70 +1,53 @@ { "nodes": { - "base16": { + "attic": { "inputs": { - "fromYaml": "fromYaml" + "crane": "crane_2", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1755819240, - "narHash": "sha256-qcMhnL7aGAuFuutH4rq9fvAhCpJWVHLcHVZLtPctPlo=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "75ed5e5e3fce37df22e49125181fa37899c3ccd6", + "lastModified": 1725300620, + "narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", "type": "github" }, "original": { - "owner": "SenchoPens", - "repo": "base16.nix", + "owner": "zhaofengli", + "ref": "main", + "repo": "attic", "type": "github" } }, - "base16-fish": { - "flake": false, + "bcachefs-tools": { + "inputs": { + "crane": "crane", + "fenix": "fenix", + "flake-compat": "flake-compat", + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, "locked": { - "lastModified": 1765809053, - "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", + "lastModified": 1728525495, + "narHash": "sha256-dsI85smVkHkv0sXlskE7EzBT7aR2jZYs3sCKhLu48NE=", + "owner": "koverstreet", + "repo": "bcachefs-tools", + "rev": "571ca8b8ce27d35cb7be3442dc55d64814dad11f", "type": "github" }, "original": { - "owner": "tomyun", - "repo": "base16-fish", - "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1760703920, - "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "d646af9b7d14bff08824538164af99d0c521b185", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "owner": "koverstreet", + "repo": "bcachefs-tools", "type": "github" } }, @@ -84,16 +67,71 @@ "type": "gitlab" } }, - "catppuccin": { + "cachix": { "inputs": { - "nixpkgs": "nixpkgs" + "devenv": "devenv", + "flake-compat": "flake-compat_4", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1767641618, - "narHash": "sha256-KuDZDIMU+YyPxWEiPzVCGCmJrARgHqhUcIbMnHz3h3I=", + "lastModified": 1724232775, + "narHash": "sha256-6u2DycIEgrgNYlLxyGqdFVmBNiKIitnQKJ1pbRP5oko=", + "owner": "cachix", + "repo": "cachix", + "rev": "03b6cb3f953097bff378fb8b9ea094bd091a4ec7", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "master", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": "devenv_2", + "flake-compat": [ + "conduwuit", + "cachix", + "devenv", + "flake-compat" + ], + "nixpkgs": [ + "conduwuit", + "cachix", + "devenv", + "nixpkgs" + ], + "pre-commit-hooks": [ + "conduwuit", + "cachix", + "devenv", + "pre-commit-hooks" + ] + }, + "locked": { + "lastModified": 1712055811, + "narHash": "sha256-7FcfMm5A/f02yyzuavJe06zLa9hcMHsagE28ADcmQvk=", + "owner": "cachix", + "repo": "cachix", + "rev": "02e38da89851ec7fec3356a5c04bc8349cae0e30", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, + "catppuccin": { + "locked": { + "lastModified": 1728407414, + "narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=", "owner": "catppuccin", "repo": "nix", - "rev": "ef4a7f437ea76ee3692b81d475ee79684058ff0d", + "rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f", "type": "github" }, "original": { @@ -102,13 +140,66 @@ "type": "github" } }, - "crane": { + "complement": { + "flake": false, "locked": { - "lastModified": 1767461147, - "narHash": "sha256-TH/xTeq/RI+DOzo+c+4F431eVuBpYVwQwBxzURe7kcI=", + "lastModified": 1724347376, + "narHash": "sha256-y0e/ULDJ92IhNQZsS/06g0s+AYZ82aJfrIO9qEse94c=", + "owner": "matrix-org", + "repo": "complement", + "rev": "39733c1b2f8314800776748cc7164f9a34650686", + "type": "github" + }, + "original": { + "owner": "matrix-org", + "ref": "main", + "repo": "complement", + "type": "github" + } + }, + "conduwuit": { + "inputs": { + "attic": "attic", + "cachix": "cachix", + "complement": "complement", + "crane": "crane_3", + "fenix": "fenix_2", + "flake-compat": "flake-compat_5", + "flake-utils": "flake-utils_3", + "liburing": "liburing", + "nix-filter": "nix-filter", + "nixpkgs": [ + "nixpkgs" + ], + "rocksdb": "rocksdb" + }, + "locked": { + "lastModified": 1728182038, + "narHash": "sha256-H6QiZWG95OgV+/T4hIguk7QtS5REVHtdNPObQL5R6bM=", + "owner": "girlbossceo", + "repo": "conduwuit", + "rev": "e589464954ff88bf817b8bdff4c803cc3bf18a28", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "repo": "conduwuit", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "bcachefs-tools", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721842668, + "narHash": "sha256-k3oiD2z2AAwBFLa4+xfU+7G5fisRXfkvrMTCJrjZzXo=", "owner": "ipetkov", "repo": "crane", - "rev": "7d59256814085fd9666a2ae3e774dc5ee216b630", + "rev": "529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf", "type": "github" }, "original": { @@ -118,12 +209,19 @@ } }, "crane_2": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1765739568, - "narHash": "sha256-gQYx35Of4UDKUjAYvmxjUEh/DdszYeTtT6MDin4loGE=", + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "67d2baff0f9f677af35db61b32b5df6863bcc075", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", "type": "github" }, "original": { @@ -132,6 +230,127 @@ "type": "github" } }, + "crane_3": { + "locked": { + "lastModified": 1725409566, + "narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "master", + "repo": "crane", + "type": "github" + } + }, + "crane_4": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721842668, + "narHash": "sha256-k3oiD2z2AAwBFLa4+xfU+7G5fisRXfkvrMTCJrjZzXo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_5": { + "locked": { + "lastModified": 1727974419, + "narHash": "sha256-WD0//20h+2/yPGkO88d2nYbb23WMWYvnRyDQ9Dx4UHg=", + "owner": "ipetkov", + "repo": "crane", + "rev": "37e4f9f0976cb9281cd3f0c70081e5e0ecaee93f", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "devenv": { + "inputs": { + "cachix": "cachix_2", + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "nix": "nix_2", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ], + "pre-commit-hooks": [ + "conduwuit", + "cachix", + "git-hooks" + ] + }, + "locked": { + "lastModified": 1723156315, + "narHash": "sha256-0JrfahRMJ37Rf1i0iOOn+8Z4CLvbcGNwa2ChOAVrp/8=", + "owner": "cachix", + "repo": "devenv", + "rev": "ff5eb4f2accbcda963af67f1a1159e3f6c7f5f91", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "devenv_2": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "devenv", + "cachix", + "flake-compat" + ], + "nix": "nix", + "nixpkgs": "nixpkgs_2", + "poetry2nix": "poetry2nix", + "pre-commit-hooks": [ + "conduwuit", + "cachix", + "devenv", + "cachix", + "pre-commit-hooks" + ] + }, + "locked": { + "lastModified": 1708704632, + "narHash": "sha256-w+dOIW60FKMaHI1q5714CSibk99JfYxm0CzTinYWr+Q=", + "owner": "cachix", + "repo": "devenv", + "rev": "2ee4450b0f4b95a1b90f2eb5ffea98b90e48c196", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "python-rewrite", + "repo": "devenv", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -139,11 +358,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1728334376, + "narHash": "sha256-CTKEKPzD/j8FK6H4DO3EjyixZd3HHvgAgfnCwpGFP5c=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "d39ee334984fcdae6244f5a8e6ab857479cbaefe", "type": "github" }, "original": { @@ -152,34 +371,63 @@ "type": "github" } }, - "firefox-gnome-theme": { - "flake": false, + "fenix": { + "inputs": { + "nixpkgs": [ + "bcachefs-tools", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, "locked": { - "lastModified": 1764724327, - "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", + "lastModified": 1722320953, + "narHash": "sha256-DfGaJtgrzcwPQYLTvjL1KaVIjpvi85b2MpM6yEGvJzM=", + "owner": "nix-community", + "repo": "fenix", + "rev": "483df76def3e5010d709aa3a0418ba2088503994", "type": "github" }, "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "fenix_2": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src_2" + }, + "locked": { + "lastModified": 1725690497, + "narHash": "sha256-5fT+96rV7Hx29HG+4/oBbr3V+yExKuLN2vcBcPbVBlU=", + "owner": "nix-community", + "repo": "fenix", + "rev": "4b8d964df93d1f918ee6c4f003b3548c432cc866", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "fenix", "type": "github" } }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -187,11 +435,92 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "ref": "master", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_7": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -203,15 +532,17 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ + "conduwuit", + "attic", "nixpkgs" ] }, "locked": { - "lastModified": 1767609335, - "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "250481aafeb741edfe23d29195671c19b36b6dca", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -223,16 +554,36 @@ "flake-parts_2": { "inputs": { "nixpkgs-lib": [ - "stylix", "nixpkgs" ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -246,11 +597,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -261,14 +612,14 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -277,40 +628,82 @@ "type": "github" } }, - "fromYaml": { - "flake": false, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { - "owner": "SenchoPens", - "repo": "fromYaml", + "owner": "numtide", + "ref": "main", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, "git-hooks": { "inputs": { "flake-compat": [ - "simple-nixos-mailserver", + "conduwuit", + "cachix", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore", "nixpkgs": [ - "simple-nixos-mailserver", + "conduwuit", + "cachix", "nixpkgs" - ] + ], + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1723202784, + "narHash": "sha256-qbhjc/NEGaDbyy0ucycubq4N3//gDFFH3DOmp1D3u1Q=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "c7012d0c18567c889b948781bc74a501e92275d1", "type": "github" }, "original": { @@ -322,8 +715,9 @@ "gitignore": { "inputs": { "nixpkgs": [ - "lanzaboote", - "pre-commit", + "conduwuit", + "cachix", + "git-hooks", "nixpkgs" ] }, @@ -344,8 +738,8 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "simple-nixos-mailserver", - "git-hooks", + "lanzaboote", + "pre-commit-hooks-nix", "nixpkgs" ] }, @@ -363,25 +757,6 @@ "type": "github" } }, - "gnome-shell": { - "flake": false, - "locked": { - "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", - "type": "gitlab" - }, - "original": { - "host": "gitlab.gnome.org", - "owner": "GNOME", - "ref": "gnome-49", - "repo": "gnome-shell", - "type": "gitlab" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -389,11 +764,11 @@ ] }, "locked": { - "lastModified": 1767702900, - "narHash": "sha256-xMzHmNytl7JgFRov2jHf2GYsLVp/sAfYO0JvbZt0uDo=", + "lastModified": 1728337164, + "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", "owner": "nix-community", "repo": "home-manager", - "rev": "38e187fd2f9efac197e03be0c25f3ee215974144", + "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", "type": "github" }, "original": { @@ -405,15 +780,15 @@ }, "jovian": { "inputs": { - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2" + "nix-github-actions": "nix-github-actions_2", + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1767082077, - "narHash": "sha256-2tL1mRb9uFJThUNfuDm/ehrnPvImL/QDtCxfn71IEz4=", + "lastModified": 1728410210, + "narHash": "sha256-vn6qupt1U0M6Hf3eXhK3/K4Du0Z7A60qYS1G14QsRY8=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "efd4b22e6fdc6d7fb4e186ae333a4b74e03da440", + "rev": "a25f915ec05196d15e3f7f8555ffb612d4f1045d", "type": "github" }, "original": { @@ -424,17 +799,19 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", - "nixpkgs": "nixpkgs_3", - "pre-commit": "pre-commit", + "crane": "crane_4", + "flake-compat": "flake-compat_6", + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_5", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1767697030, - "narHash": "sha256-0iVZ99H3kR5h6Lhw8kDDuUc5C/k6iismeWgCS1qWTQ4=", + "lastModified": 1728199407, + "narHash": "sha256-x4G0ja//3pT/epOvwxKR1XB7GAW7Yuwiy6RYCOgRjuQ=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "657469e8f036334db768daaf7732b1174676054b", + "rev": "0bc127c631999c9555cae2b0cdad2128ff058259", "type": "github" }, "original": { @@ -443,7 +820,94 @@ "type": "github" } }, + "liburing": { + "flake": false, + "locked": { + "lastModified": 1725659644, + "narHash": "sha256-WjnpmopfvFoUbubIu9bki+Y6P4YXDfvnW4+72hniq3g=", + "owner": "axboe", + "repo": "liburing", + "rev": "0fe5c09195c0918f89582dd6ff098a58a0bdf62a", + "type": "github" + }, + "original": { + "owner": "axboe", + "ref": "master", + "repo": "liburing", + "type": "github" + } + }, + "nix": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": [ + "conduwuit", + "cachix", + "devenv", + "cachix", + "devenv", + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1712911606, + "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", + "owner": "domenkozar", + "repo": "nix", + "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.21", + "repo": "nix", + "type": "github" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1710156097, + "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3342559a24e85fc164b295c3444e8a139924675b", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "nix-filter", + "type": "github" + } + }, "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "cachix", + "devenv", + "cachix", + "devenv", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688870561, + "narHash": "sha256-4UYkifnPEw1nAzqqPOTL2MvWtm3sNGw1UTYTalkTcGY=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "165b1650b753316aa7f1787f3005a8d2da0f5301", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-github-actions_2": { "inputs": { "nixpkgs": [ "jovian", @@ -451,11 +915,11 @@ ] }, "locked": { - "lastModified": 1729697500, - "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", + "lastModified": 1690328911, + "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=", "owner": "zhaofengli", "repo": "nix-github-actions", - "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", + "rev": "96df4a39c52f53cb7098b923224d8ce941b64747", "type": "github" }, "original": { @@ -472,11 +936,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1728263287, + "narHash": "sha256-GJDtsxz2/zw6g/Nrp4XVWBS5IaZ7ZUkuvxPOBEDe7pg=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "5fce10c871bab6d7d5ac9e5e7efbb3a2783f5259", "type": "github" }, "original": { @@ -485,13 +949,44 @@ "type": "github" } }, + "nix_2": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "devenv", + "flake-compat" + ], + "nixpkgs": [ + "conduwuit", + "cachix", + "devenv", + "nixpkgs" + ], + "nixpkgs-regression": "nixpkgs-regression_2" + }, + "locked": { + "lastModified": 1712911606, + "narHash": "sha256-BGvBhepCufsjcUkXnEEXhEVjwdJAwPglCC2+bInc794=", + "owner": "domenkozar", + "repo": "nix", + "rev": "b24a9318ea3f3600c1e24b4a00691ee912d4de12", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.21", + "repo": "nix", + "type": "github" + } + }, "nixlib": { "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "lastModified": 1728176478, + "narHash": "sha256-px3Q0W//c+mZ4kPMXq4poztsjtXM1Ja1rN+825YMDUQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "rev": "b61309c3c1b6013d36299bc8285612865b3b9e4c", "type": "github" }, "original": { @@ -508,11 +1003,11 @@ ] }, "locked": { - "lastModified": 1764234087, - "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", + "lastModified": 1728522165, + "narHash": "sha256-UQpsJ0Ev6JBGsCYRlS2oOVvb+eWcDD0xTV3RVlqbeVU=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", + "rev": "40c8d30c490414910fc63626ad1b67af7db40cd3", "type": "github" }, "original": { @@ -523,11 +1018,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1767185284, - "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -539,27 +1034,42 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1724999960, + "narHash": "sha256-LB3jqSGW5u1ZcUcX6vO/qBOq5oXHlmOCxsTXGMEitp4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "b96f849e725333eb2b1c7f1cb84ff102062468ba", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-edge": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1767709687, - "narHash": "sha256-faz9310RieuL6668SZAtUSDW325ndQfQQC6l+TubqUo=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "138acf984420f6e80f26217330055e6b614fd68d", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-24.05", + "type": "indirect" + } + }, + "nixpkgs-edge": { + "locked": { + "lastModified": 1728565888, + "narHash": "sha256-PslcBWpcB0IDe9yxYosT2G/rrsXmAgxrTlEoVFolAPM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "262f0e36d5e5fd4afc695a9ec368fe0704e5252a", "type": "github" }, "original": { @@ -568,13 +1078,109 @@ "type": "indirect" } }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-regression_2": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_3": { + "locked": { + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { + "locked": { + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -586,27 +1192,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766070988, - "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "lastModified": 1692808169, + "narHash": "sha256-x9Opq06rIiwdwGeK2Ykj69dNc2IvUH1fY55Wm7atwrE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "rev": "9201b5ff357e781bf014d0330d18555695df7ba8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { @@ -618,15 +1224,15 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", - "owner": "nixos", + "lastModified": 1727802920, + "narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", + "rev": "27e30d177e57d912d614c88c622dcfdb2e6e6515", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -634,11 +1240,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1764374374, - "narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=", + "lastModified": 1722264024, + "narHash": "sha256-gomyYQrlOltr2/prDRikRDQoPz+J5Qq6SEJrqVC5x2c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6a49303095abc094ee77dc243a9e351b642e8e75", + "rev": "fc5e08c73022f96cfeaefa2e087e8b713d47d201", "type": "github" }, "original": { @@ -650,43 +1256,42 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1767364772, - "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", - "owner": "NixOS", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_7": { "locked": { - "lastModified": 1766651565, - "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { - "owner": "NixOS", + "id": "nixpkgs", "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "nixpkgs_8": { "locked": { - "lastModified": 1765934234, - "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", + "lastModified": 1728093190, + "narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "af84f9d270d404c17699522fab95bbf928a2d92f", + "rev": "e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da", "type": "github" }, "original": { @@ -696,28 +1301,19 @@ "type": "github" } }, - "nur": { - "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, + "nixpkgs_9": { "locked": { - "lastModified": 1764773531, - "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", - "owner": "nix-community", - "repo": "NUR", - "rev": "1d9616689e98beded059ad0384b9951e967a17fa", + "lastModified": 1728061008, + "narHash": "sha256-qjyJDtwmJckqDyXHmBIiN04kzby/TX/kPYmclBXlROA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8bca501bf31b54ae2022fe5065ab475d75f7560e", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "NUR", + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", "type": "github" } }, @@ -731,11 +1327,11 @@ ] }, "locked": { - "lastModified": 1767662275, - "narHash": "sha256-d5Q1GmQ+sW1Bt8cgDE0vOihzLaswsm8cSdg8124EqXE=", + "lastModified": 1727917089, + "narHash": "sha256-XWNBGf8Z03sqA5/m99X6XTFbHGNuVx1gMaMQJbdDIrY=", "owner": "pjones", "repo": "plasma-manager", - "rev": "51816be33a1ff0d4b22427de83222d5bfa96d30e", + "rev": "bc14b17bff1557de8f103172508f896a87bb9cdb", "type": "github" }, "original": { @@ -744,21 +1340,52 @@ "type": "github" } }, - "pre-commit": { + "poetry2nix": { "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", + "flake-utils": "flake-utils_2", + "nix-github-actions": "nix-github-actions", "nixpkgs": [ - "lanzaboote", + "conduwuit", + "cachix", + "devenv", + "cachix", + "devenv", "nixpkgs" ] }, "locked": { - "lastModified": 1767281941, - "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "lastModified": 1692876271, + "narHash": "sha256-IXfZEkI0Mal5y1jr6IRWMqK8GW2/f28xJenZIPQqkY0=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "d5006be9c2c2417dafb2e2e5034d83fabd207ee3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_3" + }, + "locked": { + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { @@ -767,44 +1394,80 @@ "type": "github" } }, - "preservation": { + "rocksdb": { + "flake": false, "locked": { - "lastModified": 1757436102, - "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=", - "owner": "nix-community", - "repo": "preservation", - "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11", + "lastModified": 1725811807, + "narHash": "sha256-k6aubvLSJwW7CtIxBRSlM6Z8UiJDCdFUgDWPYLV47Qk=", + "owner": "girlbossceo", + "repo": "rocksdb", + "rev": "347d50e212b24d98b5ad9841404ff80c1bb873f0", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "preservation", + "owner": "girlbossceo", + "ref": "v9.6.1", + "repo": "rocksdb", "type": "github" } }, "root": { "inputs": { + "bcachefs-tools": "bcachefs-tools", "catppuccin": "catppuccin", + "conduwuit": "conduwuit", "disko": "disko", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_4", "home-manager": "home-manager", "jovian": "jovian", "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_6", "nixpkgs-edge": "nixpkgs-edge", "nixpkgs-unstable": "nixpkgs-unstable", "plasma-manager": "plasma-manager", - "preservation": "preservation", "simple-nixos-mailserver": "simple-nixos-mailserver", "sops-nix": "sops-nix", - "stylix": "stylix", "zjstatus": "zjstatus" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1722262053, + "narHash": "sha256-KxjkPVn9rQqYam6DhiN/V2NcMXtYW25maxkJoiVMpmE=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "a021b85be57d34b1eed687fcafd5d5ec64b2d853", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-analyzer-src_2": { + "flake": false, + "locked": { + "lastModified": 1725630423, + "narHash": "sha256-gNCLk3Zg7JlAwmWbVHTH6f3+iqdeQ4fheOotCZy8x5M=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "08c7bbc2dbe4dcc8968484f1a0e1e6fe7a1d4f6d", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -813,11 +1476,11 @@ ] }, "locked": { - "lastModified": 1767495280, - "narHash": "sha256-hEEgtE/RSRigw8xscchGymf/t1nluZwTfru4QF6O1CQ=", + "lastModified": 1722219664, + "narHash": "sha256-xMOJ+HW4yj6e69PvieohUJ3dBSdgCfvI0nnCEe6/yVc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "cb24c5cc207ba8e9a4ce245eedd2d37c3a988bc1", + "rev": "a6fbda5d9a14fb5f7c69b8489d24afeb349c7bb4", "type": "github" }, "original": { @@ -834,11 +1497,11 @@ ] }, "locked": { - "lastModified": 1765939271, - "narHash": "sha256-7F/d+ZrTYyOxnBZcleQZjOOEWc1IMXR/CLLRLLsVtHo=", + "lastModified": 1728095260, + "narHash": "sha256-X62hA5ivYLY5G5+mXI6l9eUDkgi6Wu/7QUrwXhJ09oo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "8028944c1339469124639da276d403d8ab7929a8", + "rev": "d1d2532ab267cfe6e40dff73fbaf34436c406d26", "type": "github" }, "original": { @@ -850,16 +1513,16 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_2", - "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_5" + "flake-compat": "flake-compat_7", + "nixpkgs": "nixpkgs_7", + "nixpkgs-24_05": "nixpkgs-24_05" }, "locked": { - "lastModified": 1766321686, - "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=", + "lastModified": 1722877200, + "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3", + "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2", "type": "gitlab" }, "original": { @@ -871,14 +1534,15 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_8", + "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { - "lastModified": 1767499857, - "narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { @@ -887,38 +1551,6 @@ "type": "github" } }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_2", - "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_7", - "nur": "nur", - "systems": "systems_2", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1767652667, - "narHash": "sha256-zsgfockkvK0JrSvzVAb8JeUq3SDdITu6ViUf7yeIpi4=", - "owner": "nix-community", - "repo": "stylix", - "rev": "a4406d9799d002c41296c72378a1094a8fc9aa1b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "stylix", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -964,100 +1596,70 @@ "type": "github" } }, - "tinted-foot": { - "flake": false, + "systems_4": { "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "owner": "nix-systems", + "repo": "default", "type": "github" } }, - "tinted-kitty": { - "flake": false, + "systems_5": { "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", + "owner": "nix-systems", + "repo": "default", "type": "github" } }, - "tinted-schemes": { - "flake": false, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "bcachefs-tools", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1763914658, - "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", + "lastModified": 1722330636, + "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", "type": "github" }, "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1764465359, - "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1764464512, - "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } }, "zjstatus": { "inputs": { - "crane": "crane_2", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_8", + "crane": "crane_5", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_9", "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1766016463, - "narHash": "sha256-aWp608krMtk5I+c3GXyuHkb6ugah40cBI0R52fNqMiI=", + "lastModified": 1728141581, + "narHash": "sha256-+wg0Avbw/MC2x3CQK4LyJHCPf+oPllJZzU2p+S/B7MU=", "owner": "dj95", "repo": "zjstatus", - "rev": "9a4b88fdceee8eb2b8c28111c53e94254d61c994", + "rev": "6d13e481aceacd3efe583fb6c442f30e8909f555", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 888c106..95a8488 100644 --- a/flake.nix +++ b/flake.nix @@ -13,11 +13,11 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; - # bcachefs-tools = { - # url = "github:koverstreet/bcachefs-tools"; - # inputs.nixpkgs.follows = "nixpkgs"; - # inputs.flake-parts.follows = "flake-parts"; - # }; + bcachefs-tools = { + url = "github:koverstreet/bcachefs-tools"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; flake-parts = { url = "github:hercules-ci/flake-parts"; # Flake parts for easy flake management @@ -33,7 +33,11 @@ # catpuccin theme catppuccin.url = "github:catppuccin/nix"; - # Conduwuit fork after it shut down + # Conduit fork without all the fuss and drama + conduwuit = { + url = "github:girlbossceo/conduwuit"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # Nix index database files nix-index-database.url = "github:nix-community/nix-index-database"; @@ -70,15 +74,10 @@ zjstatus.url = "github:dj95/zjstatus"; - # preservation - preservation.url = "github:nix-community/preservation"; - # Fix for steam cursor not being visible under wayland # Add any other flake you might need # hardware.url = "github:nixos/nixos-hardware"; - # Stylix theming engine - stylix.url = "github:nix-community/stylix"; }; outputs = { @@ -98,22 +97,14 @@ jovian, nixos-hardware, nix-index-database, - preservation, - stylix, + conduwuit, ... } @ inputs: let - supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; - forEachSupportedSystem = f: - nixpkgs.lib.genAttrs supportedSystems (system: - f { - pkgs = import nixpkgs {inherit system;}; - }); inherit (self) outputs; inherit (inputs) nixpkgs-edge; # Supported systems for your flake packages, shell, etc. systems = [ "x86_64-linux" - "aarch64-linux" ]; # This is a function that generates an attribute by calling a function you # pass to it, with each system as an argument @@ -125,42 +116,7 @@ allowUnfreePredicate = _: true; }; }; - - sharedModules = [ - ./nixos/shared - sops-nix.nixosModules.sops - disko.nixosModules.disko - home-manager.nixosModules.home-manager - catppuccin.nixosModules.catppuccin - stylix.nixosModules.stylix - nix-index-database.nixosModules.nix-index - preservation.nixosModules.preservation - {programs.nix-index-database.comma.enable = true;} - { - home-manager.sharedModules = [ - catppuccin.homeModules.catppuccin - ./home-manager/shared - sops-nix.homeManagerModules.sops - ]; - } - ]; - - desktopModules = [ - ./nixos/desktop - { - home-manager.sharedModules = [ - inputs.plasma-manager.homeModules.plasma-manager - ./home-manager/desktop - ]; - } - ]; in { - devShells = forEachSupportedSystem ({pkgs}: { - default = pkgs.mkShell { - packages = with pkgs; [nom just git]; - }; - }); - # Your custom packages # Accessible through 'nix build', 'nix shell', etc packages = forAllSystems (system: @@ -177,7 +133,7 @@ nixosModules = import ./modules/nixos; # Reusable home-manager modules you might want to export # These are usually stuff you would upstream into home-manager - # homeManagerModules = import ./modules/home-manager; + homeManagerModules = import ./modules/home-manager; # Your custom packages and modifications, exported as overlays overlays = import ./overlays {inherit inputs;}; @@ -185,89 +141,131 @@ # NixOS configuration entrypoint # Available through 'nixos-rebuild --flake .#your-hostname' nixosConfigurations = { - # nixIso = nixpkgs.lib.nixosSystem { - # system = "x86_64-linux"; - # specialArgs = {inherit inputs outputs;}; - # modules = - # sharedModules - # ++ desktopModules - # ++ [ - # ./nixos/hosts/iso/configuration.nix - # "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-base.nix" - # ]; - # }; - EDI = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; - modules = - sharedModules - ++ desktopModules - ++ [ - {_module.args = {inherit pkgs-edge;};} - nixos-hardware.nixosModules.dell-xps-13-7390 - lanzaboote.nixosModules.lanzaboote - # > Our main nixos configuration file < - ./nixos/hosts/EDI/configuration.nix - ]; + modules = [ + {_module.args = {inherit pkgs-edge;};} + nixos-hardware.nixosModules.dell-xps-13-7390 + # > Our main nixos configuration file < + ./nixos/hosts/EDI/configuration.nix + sops-nix.nixosModules.sops + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + nix-index-database.nixosModules.nix-index + catppuccin.nixosModules.catppuccin + { + home-manager.sharedModules = [ + inputs.catppuccin.homeManagerModules.catppuccin + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + } + ]; }; GLaDOS = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; - modules = - sharedModules - ++ desktopModules - ++ [ - {_module.args = {inherit pkgs-edge;};} - # > Our main nixos configuration file < - ./nixos/hosts/GLaDOS/configuration.nix - lanzaboote.nixosModules.lanzaboote - ]; + modules = [ + {_module.args = {inherit pkgs-edge;};} + # > Our main nixos configuration file < + ./nixos/hosts/GLaDOS/configuration.nix + sops-nix.nixosModules.sops + #lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + nix-index-database.nixosModules.nix-index + catppuccin.nixosModules.catppuccin + { + home-manager.sharedModules = [ + inputs.catppuccin.homeManagerModules.catppuccin + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + } + ]; }; queen = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; - modules = - sharedModules - ++ [ - {_module.args = {inherit pkgs-edge;};} - simple-nixos-mailserver.nixosModule - # > Our main nixos configuration file < - ./nixos/hosts/queen/configuration.nix - ]; + modules = [ + {_module.args = {inherit pkgs-edge;};} + # > Our main nixos configuration file < + ./nixos/hosts/queen/configuration.nix + sops-nix.nixosModules.sops + disko.nixosModules.disko + simple-nixos-mailserver.nixosModule + catppuccin.nixosModules.catppuccin + { + home-manager.sharedModules = [ + inputs.catppuccin.homeManagerModules.catppuccin + ]; + } + ]; }; shodan = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs outputs;}; - modules = - sharedModules - ++ desktopModules - ++ [ - {_module.args = {inherit pkgs-edge;};} - # > Our main nixos configuration file < - ./nixos/hosts/shodan/configuration.nix - lanzaboote.nixosModules.lanzaboote - jovian.nixosModules.jovian - { - home-manager.sharedModules = [ - inputs.plasma-manager.homeModules.plasma-manager - ]; - } - ]; + modules = [ + {_module.args = {inherit pkgs-edge;};} + # > Our main nixos configuration file < + ./nixos/hosts/shodan/configuration.nix + sops-nix.nixosModules.sops + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + jovian.nixosModules.jovian + home-manager.nixosModules.home-manager + catppuccin.nixosModules.catppuccin + { + home-manager.sharedModules = [ + inputs.catppuccin.homeManagerModules.catppuccin + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + } + ]; }; - # wheatley = nixpkgs.lib.nixosSystem { - # system = "aarch64-linux"; + # ISO = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; # specialArgs = {inherit inputs outputs;}; - # modules = - # sharedModules - # ++ [ - # {_module.args = {inherit pkgs-edge;};} - # ./nixos/hosts/wheatley/configuration.nix - # ]; + # modules = [ + # {_module.args = {inherit pkgs-edge;};} + # "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix" + # "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix" + # ./nixos/hosts/iso/configuration.nix + # sops-nix.nixosModules.sops + # home-manager.nixosModules.home-manager + # nix-index-database.nixosModules.nix-index + # catppuccin.nixosModules.catppuccin + # { + # home-manager.sharedModules = [ + # inputs.plasma-manager.homeManagerModules.plasma-manager + # inputs.catppuccin.homeManagerModules.catppuccin + # ]; + # } + # ]; + # }; + + # iso_server = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; + # specialArgs = {inherit inputs outputs;}; + # modules = [ + # {_module.args = {inherit pkgs-edge;};} + # "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + # "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix" + # ./nixos/hosts/iso_server/configuration.nix + # sops-nix.nixosModules.sops + # home-manager.nixosModules.home-manager + # nix-index-database.nixosModules.nix-index + # catppuccin.nixosModules.catppuccin + # { + # home-manager.sharedModules = [ + # inputs.catppuccin.homeManagerModules.catppuccin + # ]; + # } + # ]; # }; }; }; diff --git a/home-manager/desktop/default.nix b/home-manager/desktop/default.nix index 60ae31e..947d6dd 100644 --- a/home-manager/desktop/default.nix +++ b/home-manager/desktop/default.nix @@ -1,6 +1,9 @@ { - pkgs, + inputs, + outputs, + lib, config, + pkgs, ... }: { # You can import other home-manager modules here @@ -13,14 +16,13 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix - ./package-configs/plasma-desktop - ./package-configs/firefox + ./package-configs/plasma-desktop.nix + ./package-configs/firefox.nix ./package-configs/konsole ./package-configs/foot - ./package-configs/freetube - ./package-configs/vesktop ]; nixpkgs = { + config.permittedInsecurePackages = ["cinny-4.2.2" "cinny-unwrapped-4.2.2" "cinny-4.2.1" "cinny-unwrapped-4.2.1"]; # You can add overlays here overlays = [ # You can also add overlays exported from other flakes: @@ -32,257 +34,178 @@ # patches = [ ./change-hello-to-hi.patch ]; # }); # }) - # (final: prev: { - # catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: { - # accent = "mauve"; - # boldKeywords = true; - # italicComments = true; - # italicKeywords = true; - # extraBordersEnabled = false; - # workbenchMode = "default"; - # bracketMode = "rainbow"; - # colorOverrides = {}; - # customUIColors = {}; - # }); - # }) - # (final: prev: { - # catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: { - # accent = "mauve"; - # boldKeywords = true; - # italicComments = true; - # italicKeywords = true; - # extraBordersEnabled = false; - # workbenchMode = "default"; - # bracketMode = "rainbow"; - # colorOverrides = {}; - # customUIColors = {}; - # }); - # }) + (final: prev: { + catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: { + accent = "mauve"; + boldKeywords = true; + italicComments = true; + italicKeywords = true; + extraBordersEnabled = false; + workbenchMode = "default"; + bracketMode = "rainbow"; + colorOverrides = {}; + customUIColors = {}; + }); + }) + (final: prev: { + catppuccin-vsc = final.catppuccin-vsc.overrideAttrs (oldAttrs: { + accent = "mauve"; + boldKeywords = true; + italicComments = true; + italicKeywords = true; + extraBordersEnabled = false; + workbenchMode = "default"; + bracketMode = "rainbow"; + colorOverrides = {}; + customUIColors = {}; + }); + }) ]; + # Configure your nixpkgs instance config = { - # Configure your nixpkgs instance - # Disable if you don't want unfree packages allowUnfree = true; }; }; - systemd.user = { - # services."nextcloud-autosync@" = { - # Unit = { - # Description = "Auto sync Nextcloud"; - # After = "network-online.target"; - # PartOf = ["nextcloud-autosyncs.target"]; - # }; - # Service = { - # Type = "simple"; - # ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path /%i /home/lillian/%i https://nextcloud.gladtherescake.eu"; - # TimeoutStopSec = "180"; - # KillMode = "process"; - # KillSignal = "SIGINT"; - # }; - # Install.WantedBy = ["multi-user.target"]; - # }; - # targets.nextcloud-autosyncs = { - # Unit = { - # Description = "workers"; - # Requires = ["nextcloud-autosync@Music" "nextcloud-autosync@Pictures" "nextcloud-autosync@Scripts" "nextcloud-autosync@Videos" "nextcloud-autosync@Documents"]; - # PartOf = "nextcloud-autosyncs.target"; - # }; - # Install.WantedBy = ["multi-user.target"]; - # }; - # timers.nextcloud-autosyncs = { - # Unit.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 60 minutes"; - # Timer.OnBootSec = "5min"; - # Timer.OnUnitActiveSec = "60min"; - # Install.WantedBy = ["multi-user.target" "timers.target"]; - # }; - - # Nicely reload system units when changing configs - startServices = "sd-switch"; - }; home = { username = "lillian"; homeDirectory = "/home/lillian"; + }; - file = { - Music = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Music"; - target = "Music"; - }; - Pictures = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Pictures"; - target = "Pictures"; - }; - Screenshots = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Pictures/Screenshots"; - target = "Screenshots"; - }; - Scripts = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Scripts"; - target = "Scripts"; - }; - Videos = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Videos"; - target = "Videos"; - }; - Documents = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/Documents"; - target = "Documents"; - }; - floorp = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.mozilla/firefox"; - target = ".floorp"; - }; - librewolf = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.mozilla/firefox"; - target = ".librewolf"; - }; - steam = { - source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/.local/share/Steam/"; - target = "Steam"; - }; - # instances = { - # source = config.lib.file.mkOutOfStoreSymlink "/home/lillian/Nextcloud/instances"; - # target = ".local/share/PrismLauncher/instances"; - # force = true; - # }; - }; + # Add stuff for your user as you see fit: + # programs.neovim.enable = true; + # home.packages = with pkgs; [ steam ]; + qt.style.catppuccin.apply = true; + programs.freetube.catppuccin.flavor = "macchiato"; - # Add stuff for your user as you see fit: - # programs.neovim.enable = true; - # home.packages = with pkgs; [ steam ]; + home.packages = with pkgs; [ + # Coding: + direnv + git + git-credential-manager + git-credential-manager + ruff + kate - packages = with pkgs; [ - # Coding: - direnv - git - git-credential-manager - ruff - devtoolbox + # Chat applications: + signal-desktop + vesktop + cinny-desktop - # Chat applications: - signal-desktop - vesktop - # cinny-desktop + # Gaming: + prismlauncher + steam + gamescope - # Gaming: - prismlauncher - heroic + # Multimedia: + freetube + vlc - # Multimedia: - vlc - fcast-receiver - fcast-client + # Office applications: + onlyoffice-bin + gimp + thunderbird - # Office applications: - onlyoffice-desktopeditors - gimp - thunderbird + # System tools: + rage + flameshot + fzf + nextcloud-client + nitrokey-app + protonvpn-gui + virtualbox + #watchmate + qbittorrent - # System tools: - rage - flameshot - fzf - nextcloud-client - # nitrokey-app - # protonvpn-gui - virtualbox - #watchmate - qbittorrent + # Theming: + catppuccin-cursors + (catppuccin-kde.override { + flavour = ["macchiato"]; + accents = ["mauve"]; + }) + catppuccin-sddm-corners - # Theming: - catppuccin-cursors - (catppuccin-kde.override { - flavour = ["macchiato"]; - accents = ["mauve"]; - }) - catppuccin-sddm-corners + # Theming: + catppuccin-cursors + (catppuccin-kde.override { + flavour = ["macchiato"]; + accents = ["mauve"]; + }) + catppuccin-sddm-corners - # Theming: - catppuccin-cursors - (catppuccin-kde.override { - flavour = ["macchiato"]; - accents = ["mauve"]; - }) - catppuccin-sddm-corners + # Web browsing: + firefoxpwa + firefoxpwa + ungoogled-chromium + ]; - # Web browsing: - firefoxpwa - ungoogled-chromium + programs.vscode = { + enable = true; + package = pkgs.vscodium; + extensions = with pkgs.vscode-extensions; [ + catppuccin.catppuccin-vsc + catppuccin.catppuccin-vsc-icons + charliermarsh.ruff + eamodio.gitlens + github.vscode-pull-request-github + jnoortheen.nix-ide + kamadorueda.alejandra + mkhl.direnv + ms-toolsai.jupyter + ms-pyright.pyright + oderwat.indent-rainbow + rust-lang.rust-analyzer + yzhang.markdown-all-in-one ]; }; - programs = { - # vscode = { - # enable = true; - # package = pkgs.vscodium; - # extensions = with pkgs.vscode-extensions; [ - # catppuccin.catppuccin-vsc - # catppuccin.catppuccin-vsc-icons - # charliermarsh.ruff - # eamodio.gitlens - # github.vscode-pull-request-github - # jnoortheen.nix-ide - # kamadorueda.alejandra - # mkhl.direnv - # ms-toolsai.jupyter - # ms-pyright.pyright - # oderwat.indent-rainbow - # rust-lang.rust-analyzer - # yzhang.markdown-all-in-one - # ]; - # }; - chromium = { - extensions = [ - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} - ]; - }; - - obs-studio.enable = true; - obs-studio.plugins = with pkgs.obs-studio-plugins; [ + programs.obs-studio = { + enable = true; + plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-backgroundremoval obs-pipewire-audio-capture ]; + }; - # Enable home-manager and git - home-manager.enable = true; - git = { - enable = true; - settings = { - user = { - name = "Lillian-Violet"; - email = "git@lillianviolet.dev"; - }; - init = { - defaultBranch = "main"; - }; + # Enable home-manager and git + programs.home-manager.enable = true; + programs.git = { + enable = true; + userEmail = "git@lillianviolet.dev"; + userName = "Lillian-Violet"; + extraConfig = { + init = { + defaultBranch = "main"; }; - ignores = [ - "*.direnv" - "*.vscode" - ".envrc" - "venv" - "venv" - ]; - signing.format = "ssh"; }; + ignores = [ + "*.direnv" + "*.vscode" + ".envrc" + "venv" + "venv" + ]; + }; - gpg.enable = true; - gpg.settings = { - default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d"; - default-recipient-self = true; - auto-key-locate = "local,wkd,keyserver"; - keyserver = "hkps://keys.openpgp.org"; - auto-key-retrieve = true; - auto-key-import = true; - keyserver-options = "honor-keyserver-url"; - no-autostart = true; - }; + programs.gpg.enable = true; + programs.gpg.settings = { + default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d"; + default-recipient-self = true; + auto-key-locate = "local,wkd,keyserver"; + keyserver = "hkps://keys.openpgp.org"; + auto-key-retrieve = true; + auto-key-import = true; + keyserver-options = "honor-keyserver-url"; + no-autostart = true; }; - services = { - kdeconnect.package = pkgs.kdePackages.kdeconnect-kde; - kdeconnect.enable = true; + + services.kdeconnect = { + package = pkgs.kdePackages.kdeconnect-kde; + enable = true; }; + + # Nicely reload system units when changing configs + systemd.user.startServices = "sd-switch"; } diff --git a/home-manager/desktop/package-configs/firefox/default.nix b/home-manager/desktop/package-configs/firefox.nix similarity index 64% rename from home-manager/desktop/package-configs/firefox/default.nix rename to home-manager/desktop/package-configs/firefox.nix index 579c3d1..16ad709 100644 --- a/home-manager/desktop/package-configs/firefox/default.nix +++ b/home-manager/desktop/package-configs/firefox.nix @@ -1,16 +1,11 @@ {pkgs, ...}: { - stylix.targets.firefox.profileNames = ["lillian"]; programs.firefox = { enable = true; nativeMessagingHosts = [pkgs.firefoxpwa]; - package = pkgs.librewolf; - profiles.default = {isDefault = false;}; + package = pkgs.floorp; profiles.lillian = { isDefault = true; - id = 1; settings = { - "sidebar.verticalTabs" = true; - "sidebar.visibility" = "expand-on-hover"; "browser.aboutConfig.showWarning" = false; "browser.bookmarks.addedImportButton" = true; "browser.bookmarks.restore_default_bookmarks" = false; @@ -29,106 +24,29 @@ "toolkit.legacyUserProfileCustomizations.stylesheets" = true; "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines" = "DuckDuckGo"; }; - bookmarks = { - force = true; - settings = [ - { - name = "DIY HRT"; - toolbar = false; - bookmarks = [ - { - name = "estrogen production"; - tags = ["chemistry" "oestrogen" "estrogen" "diy"]; - url = "https://crimethinc.com/2022/12/15/producing-transdermal-estrogen-a-do-it-yourself-guide"; - } - { - name = "DIY HRT info"; - tags = ["guides" "wiki" "information" "DIY" "HRT" "estrogen" "testosterone"]; - url = "https://diyhrt.info/"; - } - ]; - } - { - name = "repair resources"; - toolbar = false; - bookmarks = [ - { - name = "manuals library"; - tags = ["repair" "manuals" "documentation"]; - url = "https://manualslib.com/"; - } - ]; - } - { - name = "Nix sites"; - toolbar = false; - bookmarks = [ - { - name = "packages"; - tags = ["packages" "basic" "nix"]; - url = "https://search.nixos.org/"; - } - { - name = "settings"; - tags = ["settings" "services" "packages" "nix"]; - url = "https://mynixos.com"; - } - ]; - } - { - name = "Games"; - toolbar = false; - bookmarks = [ - { - name = "PoE2 build sorceres"; - tags = ["PoE" "PoE2" "path of exile" "path of exile 2" "games" "guides" "build" "sorcerer" "sorceress"]; - url = "https://maxroll.gg/poe2/planner/caeye0hz"; - } - { - name = "PoE2 build ranger"; - tags = ["PoE" "PoE2" "path of exile" "path of exile 2" "games" "guides" "build" "bow" "ranger"]; - url = "https://maxroll.gg/poe2/build-guides/deadeye-gas-arrow-leveling-guide"; - } - ]; - } - { - name = "Cooking"; - toolbar = false; - bookmarks = [ - { - name = "Maldivian chili paste"; - tags = ["cooking" "maldives" "maldivian]" "chili paste" "chili" "spicy" "food" "sauce" "recipes"]; - url = "https://maldivescook.com/recipe/lonumirus/"; - } - { - name = "Samosas"; - tags = ["cooking" "india" "fried" "baked" "snack" "pastry" "samosa"]; - url = "https://www.indianhealthyrecipes.com/samosa-recipe-make-samosa/"; - } - { - name = "Sticky Toffee Pudding"; - tags = ["baking" "UK" "England" "dessert" "treat" "snack" "baked" "sweet" "treacle" "dates"]; - url = "https://www.latimes.com/recipe/sticky-toffee-pudding-moju"; - } - { - name = "Vegan Pumpkin Cheesecake"; - tags = ["baking" "vegan" "US" "cheesecake" "cake" "dessert" "sweet" "baked" "pumpkin" "cream cheese"]; - url = "https://www.karissasvegankitchen.com/vegan-pumpkin-cheesecake/"; - } - { - name = "Vegan Cheesecake"; - tags = ["baking" "US" "vegan" "cheesecake" "cake" "dessert" "sweet" "baked" "nut free" "cream cheese"]; - url = "https://www.noracooks.com/vegan-cheesecake/"; - } - { - name = "Biscotti"; - tags = ["baking" "Italian" "cookies" "sweet" "dessert" "fruits" "nuts" "almonds" "cranberries" "lemon"]; - url = "https://italianchef.org/the-ultimate-guide-to-homemade-italian-biscotti-recipes-tips-and-variations/"; - } - ]; - } - ]; - }; + bookmarks = [ + { + name = "estrogen production"; + tags = ["chemistry" "oestrogen" "estrogen" "diy"]; + url = "https://crimethinc.com/2022/12/15/producing-transdermal-estrogen-a-do-it-yourself-guide"; + } + { + name = "Nix sites"; + toolbar = false; + bookmarks = [ + { + name = "packages"; + tags = ["packages" "basic" "nix"]; + url = "https://search.nixos.org/"; + } + { + name = "settings"; + tags = ["settings" "services" "packages" "nix"]; + url = "https://mynixos.com"; + } + ]; + } + ]; }; }; } diff --git a/home-manager/desktop/package-configs/foot/default.nix b/home-manager/desktop/package-configs/foot/default.nix index aada26e..f1839dc 100644 --- a/home-manager/desktop/package-configs/foot/default.nix +++ b/home-manager/desktop/package-configs/foot/default.nix @@ -1,9 +1,10 @@ {...}: { programs.foot = { enable = true; - # catppuccin.enable = true; + catppuccin.enable = true; settings = { main = { + font = "Fira Code:size=11"; }; mouse = { diff --git a/home-manager/desktop/package-configs/freetube/default.nix b/home-manager/desktop/package-configs/freetube/default.nix deleted file mode 100644 index 34a27a0..0000000 --- a/home-manager/desktop/package-configs/freetube/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - home.file."settings.db" = { - source = ./settings.db; - target = ".config/freetube/settings.db"; - force = true; - }; -} diff --git a/home-manager/desktop/package-configs/freetube/settings.db b/home-manager/desktop/package-configs/freetube/settings.db deleted file mode 100644 index e3dcbc4..0000000 --- a/home-manager/desktop/package-configs/freetube/settings.db +++ /dev/null @@ -1,24 +0,0 @@ -{"_id":"allowDashAv1Formats","value":true} -{"_id":"barColor","value":true} -{"_id":"baseTheme","value":"catppuccinMocha"} -{"_id":"bounds","value":{"x":0,"y":66,"width":2560,"height":1374,"maximized":true,"fullScreen":false}} -{"_id":"defaultQuality","value":"1080"} -{"_id":"fetchSubscriptionsAutomatically","value":false} -{"_id":"generalAutoLoadMorePaginatedItemsEnabled","value":true} -{"_id":"hideActiveSubscriptions","value":true} -{"_id":"hidePopularVideos","value":true} -{"_id":"hideRecommendedVideos","value":true} -{"_id":"hideSubscriptionsCommunity","value":true} -{"_id":"hideSubscriptionsLive","value":true} -{"_id":"hideSubscriptionsShorts","value":true} -{"_id":"hideSubscriptionsVideos","value":true} -{"_id":"hideTrendingVideos","value":true} -{"_id":"landingPage","value":"history"} -{"_id":"mainColor","value":"CatppuccinMochaMauve"} -{"_id":"playNextVideo","value":false} -{"_id":"quickBookmarkTargetPlaylistId","value":"favorites"} -{"_id":"secColor","value":"CatppuccinMochaMauve"} -{"_id":"showDistractionFreeTitles","value":true} -{"_id":"useDeArrowThumbnails","value":true} -{"_id":"useDeArrowTitles","value":true} -{"_id":"useSponsorBlock","value":true} diff --git a/home-manager/desktop/package-configs/plasma-desktop/default.nix b/home-manager/desktop/package-configs/plasma-desktop.nix similarity index 90% rename from home-manager/desktop/package-configs/plasma-desktop/default.nix rename to home-manager/desktop/package-configs/plasma-desktop.nix index c9f3f9e..b1f5c6a 100644 --- a/home-manager/desktop/package-configs/plasma-desktop/default.nix +++ b/home-manager/desktop/package-configs/plasma-desktop.nix @@ -1,88 +1,7 @@ { - osConfig, - pkgs, - config, - ... -}: { - #TODO: make the creation of the command file easier, for now this is a nice solution though - systemd.user.services."set-kde-connect-commands" = { - Install = { - WantedBy = ["default.target"]; - }; - Service = { - Type = "OneShot"; - ExecStart = "${pkgs.writeShellScript "set-kde-connect-commands" '' - #!/run/current-system/sw/bin/bash - find ${config.home.homeDirectory}/.config/kdeconnect/ -type d -name \'kdeconnect_runcommand\' -execdir cp ${builtins.toPath ./kde-connect-commands} {}+"/config" \; - ''}"; - RemainAfterExit = true; - }; - }; - home.file.".config/kdeconnect/config" = { - text = '' - [General] - keyAlgorithm=EC - name=${osConfig.networking.hostName} - customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5 - ''; - target = ".config/kdeconnect/config"; - force = true; - }; - home.file."Games/.directory" = { - text = '' - [Desktop Entry] - Icon=folder-games - ''; - target = "Games/.directory"; - force = true; - }; - home.file."Code/.directory" = { - text = '' - [Desktop Entry] - Icon=folder-script - ''; - target = "Code/.directory"; - force = true; - }; - home.file."Writing/.directory" = { - text = '' - [Desktop Entry] - Icon=folder-notes - ''; - target = "Writing/.directory"; - force = true; - }; - programs.plasma = { enable = true; desktop.mouseActions.verticalScroll = "switchVirtualDesktop"; - kscreenlocker.appearance.wallpaper = "${osConfig.stylix.image}"; - fonts = { - fixedWidth = { - pointSize = 11; - family = "${osConfig.stylix.fonts.monospace.name}"; - }; - general = { - pointSize = 11; - family = "${osConfig.stylix.fonts.serif.name}"; - }; - menu = { - pointSize = 11; - family = "${osConfig.stylix.fonts.sansSerif.name}"; - }; - small = { - pointSize = 11; - family = "${osConfig.stylix.fonts.sansSerif.name}"; - }; - toolbar = { - pointSize = 11; - family = "${osConfig.stylix.fonts.sansSerif.name}"; - }; - windowTitle = { - pointSize = 11; - family = "${osConfig.stylix.fonts.sansSerif.name}"; - }; - }; panels = [ { alignment = "left"; @@ -117,8 +36,6 @@ hidden = [ "Xwayland Video Bridge_pipewireToXProxy" "org.kde.plasma.devicenotifier" - "org.kde.plasma.keyboardindicator" - "org.kde.plasma.keyboardlayout" "org.kde.kscreen" "org.kde.plasma.printmanager" "chrome_status_icon_1" @@ -126,9 +43,7 @@ "Nitrokey App" "qBittorrent" "vlc" - "obs" "steam" - "nitrokey-app" ]; }; } @@ -164,16 +79,18 @@ config = { General = { launchers = [ - "applications:librewolf.desktop" + "applications:floorp.desktop" "applications:systemsettings.desktop" "applications:org.kde.dolphin.desktop" - "applications:signal.desktop" + "applications:signal-desktop.desktop" "applications:vesktop.desktop" - "applications:thunderbird.desktop" + "applications:cinny.desktop" "applications:steam.desktop" "applications:noisetorch.desktop" "applications:org.kde.plasma-systemmonitor.desktop" - "applications:foot.desktop" + "applications:org.codeberg.dnkl.foot.desktop" + "applications:nitrokey-app.desktop" + "applications:codium.desktop" "applications:freetube.desktop" ]; }; @@ -211,15 +128,24 @@ "ksmserver"."Reboot Without Confirmation" = "none,,Reboot Without Confirmation"; "ksmserver"."Shut Down" = "none,,Shut Down"; "kwin"."Activate Window Demanding Attention" = "Meta+Ctrl+A"; + "kwin"."Cycle Overview" = []; + "kwin"."Cycle Overview Opposite" = []; + "kwin"."Decrease Opacity" = "none,,Decrease Opacity of Active Window by 5%"; "kwin"."Edit Tiles" = "Meta+T"; "kwin"."Expose" = "Ctrl+F9"; "kwin"."ExposeAll" = ["Ctrl+F10" "Launch (C),Ctrl+F10" "Launch (C),Toggle Present Windows (All desktops)"]; "kwin"."ExposeClass" = "Ctrl+F7"; + "kwin"."ExposeClassCurrentDesktop" = []; "kwin"."Grid View" = "Meta+G"; "kwin"."Increase Opacity" = "none,,Increase Opacity of Active Window by 5%"; "kwin"."Kill Window" = "Meta+Ctrl+Esc"; + "kwin"."Move Tablet to Next Output" = []; "kwin"."MoveMouseToCenter" = "Meta+F6"; "kwin"."MoveMouseToFocus" = "Meta+F5"; + "kwin"."MoveZoomDown" = []; + "kwin"."MoveZoomLeft" = []; + "kwin"."MoveZoomRight" = []; + "kwin"."MoveZoomUp" = []; "kwin"."Overview" = "Meta+W"; "kwin"."Setup Window Shortcut" = "none,,Setup Window Shortcut"; "kwin"."Show Desktop" = "Meta+D"; @@ -232,47 +158,151 @@ "kwin"."Switch Window Right" = "Meta+Alt+Right"; "kwin"."Switch Window Up" = "Meta+Alt+Up"; "kwin"."Switch to Desktop 1" = "Ctrl+F1"; + "kwin"."Switch to Desktop 10" = "none,,Switch to Desktop 10"; + "kwin"."Switch to Desktop 11" = "none,,Switch to Desktop 11"; + "kwin"."Switch to Desktop 12" = "none,,Switch to Desktop 12"; + "kwin"."Switch to Desktop 13" = "none,,Switch to Desktop 13"; + "kwin"."Switch to Desktop 14" = "none,,Switch to Desktop 14"; + "kwin"."Switch to Desktop 15" = "none,,Switch to Desktop 15"; + "kwin"."Switch to Desktop 16" = "none,,Switch to Desktop 16"; + "kwin"."Switch to Desktop 17" = "none,,Switch to Desktop 17"; + "kwin"."Switch to Desktop 18" = "none,,Switch to Desktop 18"; + "kwin"."Switch to Desktop 19" = "none,,Switch to Desktop 19"; "kwin"."Switch to Desktop 2" = "Ctrl+F2"; + "kwin"."Switch to Desktop 20" = "none,,Switch to Desktop 20"; "kwin"."Switch to Desktop 3" = "Ctrl+F3"; "kwin"."Switch to Desktop 4" = "Ctrl+F4"; + "kwin"."Switch to Desktop 5" = "none,,Switch to Desktop 5"; + "kwin"."Switch to Desktop 6" = "none,,Switch to Desktop 6"; + "kwin"."Switch to Desktop 7" = "none,,Switch to Desktop 7"; + "kwin"."Switch to Desktop 8" = "none,,Switch to Desktop 8"; + "kwin"."Switch to Desktop 9" = "none,,Switch to Desktop 9"; + "kwin"."Switch to Next Desktop" = "none,,Switch to Next Desktop"; + "kwin"."Switch to Next Screen" = "none,,Switch to Next Screen"; + "kwin"."Switch to Previous Desktop" = "none,,Switch to Previous Desktop"; + "kwin"."Switch to Previous Screen" = "none,,Switch to Previous Screen"; + "kwin"."Switch to Screen 0" = "none,,Switch to Screen 0"; + "kwin"."Switch to Screen 1" = "none,,Switch to Screen 1"; + "kwin"."Switch to Screen 2" = "none,,Switch to Screen 2"; + "kwin"."Switch to Screen 3" = "none,,Switch to Screen 3"; + "kwin"."Switch to Screen 4" = "none,,Switch to Screen 4"; + "kwin"."Switch to Screen 5" = "none,,Switch to Screen 5"; + "kwin"."Switch to Screen 6" = "none,,Switch to Screen 6"; + "kwin"."Switch to Screen 7" = "none,,Switch to Screen 7"; + "kwin"."Switch to Screen Above" = "none,,Switch to Screen Above"; + "kwin"."Switch to Screen Below" = "none,,Switch to Screen Below"; + "kwin"."Switch to Screen to the Left" = "none,,Switch to Screen to the Left"; + "kwin"."Switch to Screen to the Right" = "none,,Switch to Screen to the Right"; + "kwin"."Toggle Night Color" = []; + "kwin"."Toggle Window Raise/Lower" = "none,,Toggle Window Raise/Lower"; + "kwin"."Walk Through Desktop List" = []; + "kwin"."Walk Through Desktop List (Reverse)" = []; + "kwin"."Walk Through Desktops" = []; + "kwin"."Walk Through Desktops (Reverse)" = []; "kwin"."Walk Through Windows" = "Alt+Tab"; "kwin"."Walk Through Windows (Reverse)" = "Alt+Shift+Tab"; + "kwin"."Walk Through Windows Alternative" = "none,,Walk Through Windows Alternative"; + "kwin"."Walk Through Windows Alternative (Reverse)" = "none,,Walk Through Windows Alternative (Reverse)"; "kwin"."Walk Through Windows of Current Application" = "Alt+`"; "kwin"."Walk Through Windows of Current Application (Reverse)" = "Alt+~"; + "kwin"."Walk Through Windows of Current Application Alternative" = "none,,Walk Through Windows of Current Application Alternative"; + "kwin"."Walk Through Windows of Current Application Alternative (Reverse)" = "none,,Walk Through Windows of Current Application Alternative (Reverse)"; + "kwin"."Window Above Other Windows" = "none,,Keep Window Above Others"; + "kwin"."Window Below Other Windows" = "none,,Keep Window Below Others"; "kwin"."Window Close" = "Alt+F4"; + "kwin"."Window Fullscreen" = "none,,Make Window Fullscreen"; + "kwin"."Window Grow Horizontal" = "none,,Expand Window Horizontally"; + "kwin"."Window Grow Vertical" = "none,,Expand Window Vertically"; + "kwin"."Window Lower" = "none,,Lower Window"; "kwin"."Window Maximize" = "Meta+PgUp"; + "kwin"."Window Maximize Horizontal" = "none,,Maximize Window Horizontally"; + "kwin"."Window Maximize Vertical" = "none,,Maximize Window Vertically"; "kwin"."Window Minimize" = "Meta+PgDown"; + "kwin"."Window Move" = "none,,Move Window"; + "kwin"."Window Move Center" = "none,,Move Window to the Center"; + "kwin"."Window No Border" = "none,,Toggle Window Titlebar and Frame"; + "kwin"."Window On All Desktops" = "none,,Keep Window on All Desktops"; "kwin"."Window One Desktop Down" = "Meta+Ctrl+Shift+Down"; "kwin"."Window One Desktop Up" = "Meta+Ctrl+Shift+Up"; "kwin"."Window One Desktop to the Left" = "Meta+Ctrl+Shift+Left"; "kwin"."Window One Desktop to the Right" = "Meta+Ctrl+Shift+Right"; + "kwin"."Window One Screen Down" = "none,,Move Window One Screen Down"; + "kwin"."Window One Screen Up" = "none,,Move Window One Screen Up"; + "kwin"."Window One Screen to the Left" = "none,,Move Window One Screen to the Left"; + "kwin"."Window One Screen to the Right" = "none,,Move Window One Screen to the Right"; "kwin"."Window Operations Menu" = "Alt+F3"; + "kwin"."Window Pack Down" = "none,,Move Window Down"; + "kwin"."Window Pack Left" = "none,,Move Window Left"; + "kwin"."Window Pack Right" = "none,,Move Window Right"; + "kwin"."Window Pack Up" = "none,,Move Window Up"; "kwin"."Window Quick Tile Bottom" = "Meta+Down"; + "kwin"."Window Quick Tile Bottom Left" = "none,,Quick Tile Window to the Bottom Left"; + "kwin"."Window Quick Tile Bottom Right" = "none,,Quick Tile Window to the Bottom Right"; "kwin"."Window Quick Tile Left" = "Meta+Left"; "kwin"."Window Quick Tile Right" = "Meta+Right"; "kwin"."Window Quick Tile Top" = "Meta+Up"; + "kwin"."Window Quick Tile Top Left" = "none,,Quick Tile Window to the Top Left"; + "kwin"."Window Quick Tile Top Right" = "none,,Quick Tile Window to the Top Right"; + "kwin"."Window Raise" = "none,,Raise Window"; + "kwin"."Window Resize" = "none,,Resize Window"; + "kwin"."Window Shade" = "none,,Shade Window"; + "kwin"."Window Shrink Horizontal" = "none,,Shrink Window Horizontally"; + "kwin"."Window Shrink Vertical" = "none,,Shrink Window Vertically"; + "kwin"."Window to Desktop 1" = "none,,Window to Desktop 1"; + "kwin"."Window to Desktop 10" = "none,,Window to Desktop 10"; + "kwin"."Window to Desktop 11" = "none,,Window to Desktop 11"; + "kwin"."Window to Desktop 12" = "none,,Window to Desktop 12"; + "kwin"."Window to Desktop 13" = "none,,Window to Desktop 13"; + "kwin"."Window to Desktop 14" = "none,,Window to Desktop 14"; + "kwin"."Window to Desktop 15" = "none,,Window to Desktop 15"; + "kwin"."Window to Desktop 16" = "none,,Window to Desktop 16"; + "kwin"."Window to Desktop 17" = "none,,Window to Desktop 17"; + "kwin"."Window to Desktop 18" = "none,,Window to Desktop 18"; + "kwin"."Window to Desktop 19" = "none,,Window to Desktop 19"; + "kwin"."Window to Desktop 2" = "none,,Window to Desktop 2"; + "kwin"."Window to Desktop 20" = "none,,Window to Desktop 20"; + "kwin"."Window to Desktop 3" = "none,,Window to Desktop 3"; + "kwin"."Window to Desktop 4" = "none,,Window to Desktop 4"; + "kwin"."Window to Desktop 5" = "none,,Window to Desktop 5"; + "kwin"."Window to Desktop 6" = "none,,Window to Desktop 6"; + "kwin"."Window to Desktop 7" = "none,,Window to Desktop 7"; + "kwin"."Window to Desktop 8" = "none,,Window to Desktop 8"; + "kwin"."Window to Desktop 9" = "none,,Window to Desktop 9"; + "kwin"."Window to Next Desktop" = "none,,Window to Next Desktop"; "kwin"."Window to Next Screen" = "Meta+Shift+Right"; "kwin"."Window to Previous Desktop" = "none,,Window to Previous Desktop"; "kwin"."Window to Previous Screen" = "Meta+Shift+Left"; + "kwin"."Window to Screen 0" = "none,,Move Window to Screen 0"; + "kwin"."Window to Screen 1" = "none,,Move Window to Screen 1"; + "kwin"."Window to Screen 2" = "none,,Move Window to Screen 2"; + "kwin"."Window to Screen 3" = "none,,Move Window to Screen 3"; + "kwin"."Window to Screen 4" = "none,,Move Window to Screen 4"; + "kwin"."Window to Screen 5" = "none,,Move Window to Screen 5"; + "kwin"."Window to Screen 6" = "none,,Move Window to Screen 6"; + "kwin"."Window to Screen 7" = "none,,Move Window to Screen 7"; "kwin"."view_actual_size" = "\\, Meta+0\\, ,Meta+0,Zoom to Actual Size"; "kwin"."view_zoom_in" = ["Meta++" "Meta+=,Meta++" "Meta+=,Zoom In"]; "kwin"."view_zoom_out" = "Meta+-"; + "mediacontrol"."mediavolumedown" = []; + "mediacontrol"."mediavolumeup" = "none,,Media volume up"; "mediacontrol"."nextmedia" = "Media Next"; "mediacontrol"."pausemedia" = "Media Pause"; + "mediacontrol"."playmedia" = "none,,Play media playback"; "mediacontrol"."playpausemedia" = "Media Play"; "mediacontrol"."previousmedia" = "Media Previous"; "mediacontrol"."stopmedia" = "Media Stop"; "org_kde_powerdevil"."Decrease Keyboard Brightness" = "Keyboard Brightness Down"; - "org_kde_powerdevil"."Decrease Screen Brightness" = ["Monitor Brightness Down" "Ctrl+Volume Down"]; - "org_kde_powerdevil"."Decrease Screen Brightness Small" = ["Monitor Brightness Down" "Ctrl+Shift+Volume Down"]; + "org_kde_powerdevil"."Decrease Screen Brightness" = "Monitor Brightness Down"; + "org_kde_powerdevil"."Decrease Screen Brightness Small" = "Shift+Monitor Brightness Down"; "org_kde_powerdevil"."Hibernate" = "Hibernate"; "org_kde_powerdevil"."Increase Keyboard Brightness" = "Keyboard Brightness Up"; - "org_kde_powerdevil"."Increase Screen Brightness" = ["Monitor Brightness Up" "Ctrl+Volume Up"]; - "org_kde_powerdevil"."Increase Screen Brightness Small" = ["Shift+Monitor Brightness Up" "Ctrl+Shift+Volume Up"]; + "org_kde_powerdevil"."Increase Screen Brightness" = "Monitor Brightness Up"; + "org_kde_powerdevil"."Increase Screen Brightness Small" = "Shift+Monitor Brightness Up"; "org_kde_powerdevil"."PowerDown" = "Power Down"; "org_kde_powerdevil"."PowerOff" = "Power Off"; "org_kde_powerdevil"."Sleep" = "Sleep"; "org_kde_powerdevil"."Toggle Keyboard Backlight" = "Keyboard Light On/Off"; + "org_kde_powerdevil"."Turn Off Screen" = []; "org_kde_powerdevil"."powerProfile" = ["Battery" "Meta+B,Battery" "Meta+B,Switch Power Profile"]; "plasmashell"."activate application launcher" = ["Meta" "Alt+F1,Meta" "Alt+F1,Activate Application Launcher"]; "plasmashell"."activate task manager entry 1" = "Meta+1"; @@ -288,18 +318,29 @@ "plasmashell"."clear-history" = "none,,Clear Clipboard History"; "plasmashell"."clipboard_action" = "Meta+Ctrl+X"; "plasmashell"."cycle-panels" = "Meta+Alt+P"; + "plasmashell"."cycleNextAction" = "none,,Next History Item"; + "plasmashell"."cyclePrevAction" = "none,,Previous History Item"; "plasmashell"."edit_clipboard" = []; "plasmashell"."manage activities" = "Meta+Q"; + "plasmashell"."next activity" = "\\, \\, ,none,Walk through activities"; + "plasmashell"."previous activity" = ",none,Walk through activities (Reverse)"; "plasmashell"."repeat_action" = "Meta+Ctrl+R"; "plasmashell"."show dashboard" = "Ctrl+F12"; + "plasmashell"."show-barcode" = "none,,Show Barcode…"; "plasmashell"."show-on-mouse-pos" = "Meta+V"; "plasmashell"."stop current activity" = "Meta+S"; + "plasmashell"."switch to next activity" = "none,,Switch to Next Activity"; + "plasmashell"."switch to previous activity" = "none,,Switch to Previous Activity"; + "plasmashell"."toggle do not disturb" = "none,,Toggle do not disturb"; "services/org.kde.krunner.desktop"."_launch" = ["Alt+Space" "Alt+F2" "Ctrl+Shift+Space" "Search"]; "services/org.kde.plasma-systemmonitor.desktop"."_launch" = "Ctrl+Esc"; "services/org.kde.spectacle.desktop"."ActiveWindowScreenShot" = ["Meta+Print" "Ctrl+!"]; "services/org.kde.spectacle.desktop"."CurrentMonitorScreenShot" = "Ctrl+#"; "services/org.kde.spectacle.desktop"."FullScreenScreenShot" = ["Ctrl+$" "Shift+Print"]; "services/org.kde.spectacle.desktop"."OpenWithoutScreenshot" = "Ctrl+^"; + "services/org.kde.spectacle.desktop"."RecordRegion" = []; + "services/org.kde.spectacle.desktop"."RecordScreen" = []; + "services/org.kde.spectacle.desktop"."RecordWindow" = []; "services/org.kde.spectacle.desktop"."RectangularRegionScreenShot" = ["Ctrl+@" "Meta+Shift+Print"]; "services/org.kde.spectacle.desktop"."WindowUnderCursorScreenShot" = ["Meta+Ctrl+Print" "Ctrl+%"]; "services/org.kde.spectacle.desktop"."_launch" = "Print"; @@ -1070,7 +1111,7 @@ "kwinrc"."NightColor"."LatitudeFixed" = 52.31865273558926; "kwinrc"."NightColor"."LongitudeFixed" = 5.44; "kwinrc"."NightColor"."Mode" = "Location"; - "kwinrc"."NightColor"."NightTemperature" = 2000; + "kwinrc"."NightColor"."NightTemperature" = 1400; "kwinrc"."Plugins"."diminactiveEnabled" = true; "kwinrc"."Plugins"."dimscreenEnabled" = true; "kwinrc"."Plugins"."wobblywindowsEnabled" = true; diff --git a/home-manager/desktop/package-configs/plasma-desktop/kde-connect-commands b/home-manager/desktop/package-configs/plasma-desktop/kde-connect-commands deleted file mode 100644 index f494cfc..0000000 --- a/home-manager/desktop/package-configs/plasma-desktop/kde-connect-commands +++ /dev/null @@ -1,2 +0,0 @@ -[General] -commands="@ByteArray({\"2574d457_7a99_40a3_8239_24407c7a074d\":{\"command\":\"loginctl unlock-session\",\"name\":\"unlock\"},\"2bbbb9cc_892a_44a1_b097_27b149387511\":{\"command\":\"bluetoothctl disconnect 38:18:4C:11:56:99\",\"name\":\"disconnect headset\"},\"35ad74aa_c1f0_4dd7_a392_2b2676105b62\":{\"command\":\"systemctl hibernate\",\"name\":\"hibernate\"},\"5dd755de_e098_4907_982d_bedba5c3511d\":{\"command\":\"loginctl lock-session\",\"name\":\"lock\"},\"6423946a_b13e_4127_a0d0_0ca38e79fa0f\":{\"command\":\"bluetoothctl connect 38:18:4C:11:56:99\",\"name\":\"connect headset\"},\"690a4134_162b_4851_83a4_bf75722c699a\":{\"command\":\"systemctl suspend\",\"name\":\"suspend\"},\"99ae3913_1757_4ed0_ad7e_91c6f5d740ef\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"mute\\\"\",\"name\":\"mute\"},\"b11480dd_19f7_49c0_9dcc_3065ddc5150b\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"mic_mute\\\"\",\"name\":\"mute mic\"},\"bd36530a_9ed5_4345_989d_189c27b3ce00\":{\"command\":\"systemctl reboot\",\"name\":\"reboot\"},\"cf6180f7_e4bd_4f15_a9d1_19ed14e99913\":{\"command\":\"file=\\\"$HOME/Images/WebcamImage_$(date \\\"+%Y%m%d_%H%M%S\\\").jpg\\\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \\\"${file}\\\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \\\"${file}\\\"\",\"name\":\"webcam to phone\"},\"d31a3cab_bb6a_459d_89fb_533d0d8fec61\":{\"command\":\"systemctl poweroff\",\"name\":\"shutdown\"},\"f08e1a64_53be_41da_b942_e05e45f1d69c\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"decrease_volume\\\"\",\"name\":\"volume down\"},\"fbd67152_2a58_4d5d_a210_982fa0eeb171\":{\"command\":\"qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \\\"increase_volume\\\"\",\"name\":\"volume up\"},\"fc3adde9_7049_4166_bcda_a74d13ec91eb\":{\"command\":\"file=/tmp/$(hostname)_$(date \\\"+%Y%m%d_%H%M%S\\\").png; spectacle -bo \\\"${file}\\\" && while ! [ -f \\\"${file}\\\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \\\"${file}\\\"\",\"name\":\"screenshot to phone\"}})" diff --git a/home-manager/desktop/package-configs/vesktop/default.nix b/home-manager/desktop/package-configs/vesktop/default.nix deleted file mode 100644 index b02afec..0000000 --- a/home-manager/desktop/package-configs/vesktop/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - home.file."settings.json" = { - source = ./settings.json; - target = ".config/vesktop/settings/settings.json"; - force = true; - }; -} diff --git a/home-manager/desktop/package-configs/vesktop/settings.json b/home-manager/desktop/package-configs/vesktop/settings.json deleted file mode 100644 index 5531e9b..0000000 --- a/home-manager/desktop/package-configs/vesktop/settings.json +++ /dev/null @@ -1,602 +0,0 @@ -{ - "autoUpdate": true, - "autoUpdateNotification": false, - "useQuickCss": true, - "themeLinks": [], - "enabledThemes": [ - "stylix.theme.css" - ], - "enableReactDevtools": false, - "frameless": false, - "transparent": false, - "winCtrlQ": false, - "disableMinSize": false, - "winNativeTitleBar": false, - "plugins": { - "ChatInputButtonAPI": { - "enabled": true - }, - "CommandsAPI": { - "enabled": true - }, - "MemberListDecoratorsAPI": { - "enabled": false - }, - "MessageAccessoriesAPI": { - "enabled": true - }, - "MessageDecorationsAPI": { - "enabled": false - }, - "MessageEventsAPI": { - "enabled": true - }, - "MessagePopoverAPI": { - "enabled": false - }, - "MessageUpdaterAPI": { - "enabled": false - }, - "ServerListAPI": { - "enabled": false - }, - "UserSettingsAPI": { - "enabled": true - }, - "AccountPanelServerProfile": { - "enabled": false - }, - "AlwaysAnimate": { - "enabled": false - }, - "AlwaysExpandRoles": { - "enabled": false - }, - "AlwaysTrust": { - "enabled": true, - "domain": true, - "file": true - }, - "AnonymiseFileNames": { - "enabled": true, - "anonymiseByDefault": true, - "method": 0, - "randomisedLength": 7 - }, - "AppleMusicRichPresence": { - "enabled": false - }, - "WebRichPresence (arRPC)": { - "enabled": false - }, - "BANger": { - "enabled": false - }, - "BetterFolders": { - "enabled": false - }, - "BetterGifAltText": { - "enabled": false - }, - "BetterGifPicker": { - "enabled": false - }, - "BetterNotesBox": { - "enabled": false - }, - "BetterRoleContext": { - "enabled": false - }, - "BetterRoleDot": { - "enabled": false - }, - "BetterSessions": { - "enabled": false - }, - "BetterSettings": { - "enabled": false - }, - "BetterUploadButton": { - "enabled": false - }, - "BiggerStreamPreview": { - "enabled": false - }, - "BlurNSFW": { - "enabled": false - }, - "CallTimer": { - "enabled": false - }, - "ClearURLs": { - "enabled": false - }, - "ClientTheme": { - "enabled": false - }, - "ColorSighted": { - "enabled": false - }, - "ConsoleJanitor": { - "enabled": false - }, - "ConsoleShortcuts": { - "enabled": false - }, - "CopyEmojiMarkdown": { - "enabled": false - }, - "CopyFileContents": { - "enabled": false - }, - "CopyUserURLs": { - "enabled": false - }, - "CrashHandler": { - "enabled": true - }, - "CtrlEnterSend": { - "enabled": false - }, - "CustomRPC": { - "enabled": false - }, - "CustomIdle": { - "enabled": false - }, - "Dearrow": { - "enabled": false - }, - "Decor": { - "enabled": false - }, - "DisableCallIdle": { - "enabled": false - }, - "DontRoundMyTimestamps": { - "enabled": false - }, - "EmoteCloner": { - "enabled": false - }, - "Experiments": { - "enabled": false - }, - "F8Break": { - "enabled": false - }, - "FakeNitro": { - "enabled": true, - "enableEmojiBypass": true, - "emojiSize": 48, - "transformEmojis": true, - "enableStickerBypass": true, - "stickerSize": 160, - "transformStickers": true, - "transformCompoundSentence": false, - "enableStreamQualityBypass": true, - "useHyperLinks": true, - "hyperLinkText": "{{NAME}}", - "disableEmbedPermissionCheck": false - }, - "FakeProfileThemes": { - "enabled": false - }, - "FavoriteEmojiFirst": { - "enabled": false - }, - "FavoriteGifSearch": { - "enabled": false - }, - "FixCodeblockGap": { - "enabled": false - }, - "FixSpotifyEmbeds": { - "enabled": false - }, - "FixYoutubeEmbeds": { - "enabled": false - }, - "ForceOwnerCrown": { - "enabled": false - }, - "FriendInvites": { - "enabled": false - }, - "FriendsSince": { - "enabled": false - }, - "FullSearchContext": { - "enabled": false - }, - "GameActivityToggle": { - "enabled": false - }, - "GifPaste": { - "enabled": false - }, - "GreetStickerPicker": { - "enabled": false - }, - "HideAttachments": { - "enabled": false - }, - "iLoveSpam": { - "enabled": false - }, - "IgnoreActivities": { - "enabled": false - }, - "ImageLink": { - "enabled": false - }, - "ImageZoom": { - "enabled": false - }, - "ImplicitRelationships": { - "enabled": false - }, - "InvisibleChat": { - "enabled": false - }, - "KeepCurrentChannel": { - "enabled": false - }, - "LastFMRichPresence": { - "enabled": false - }, - "LoadingQuotes": { - "enabled": false - }, - "MemberCount": { - "enabled": true, - "memberList": true, - "toolTip": true - }, - "MentionAvatars": { - "enabled": false - }, - "MessageClickActions": { - "enabled": false - }, - "MessageLatency": { - "enabled": false - }, - "MessageLinkEmbeds": { - "enabled": false - }, - "MessageLogger": { - "enabled": false - }, - "MessageTags": { - "enabled": false - }, - "MoreCommands": { - "enabled": false - }, - "MoreKaomoji": { - "enabled": true - }, - "MoreUserTags": { - "enabled": false - }, - "Moyai": { - "enabled": false - }, - "MutualGroupDMs": { - "enabled": false - }, - "NewGuildSettings": { - "enabled": false - }, - "NoBlockedMessages": { - "enabled": false - }, - "NoDevtoolsWarning": { - "enabled": false - }, - "NoF1": { - "enabled": false - }, - "NoMaskedUrlPaste": { - "enabled": false - }, - "NoMosaic": { - "enabled": false - }, - "NoOnboardingDelay": { - "enabled": false - }, - "NoPendingCount": { - "enabled": false - }, - "NoProfileThemes": { - "enabled": false - }, - "NoReplyMention": { - "enabled": false - }, - "NoScreensharePreview": { - "enabled": false - }, - "NoServerEmojis": { - "enabled": false - }, - "NoTypingAnimation": { - "enabled": false - }, - "NoUnblockToJump": { - "enabled": false - }, - "NormalizeMessageLinks": { - "enabled": false - }, - "NotificationVolume": { - "enabled": false - }, - "NSFWGateBypass": { - "enabled": false - }, - "OnePingPerDM": { - "enabled": false - }, - "oneko": { - "enabled": false - }, - "OpenInApp": { - "enabled": false - }, - "OverrideForumDefaults": { - "enabled": false - }, - "PartyMode": { - "enabled": false - }, - "PauseInvitesForever": { - "enabled": false - }, - "PermissionFreeWill": { - "enabled": false - }, - "PermissionsViewer": { - "enabled": false - }, - "petpet": { - "enabled": true - }, - "PictureInPicture": { - "enabled": false - }, - "PinDMs": { - "enabled": false - }, - "PlainFolderIcon": { - "enabled": false - }, - "PlatformIndicators": { - "enabled": false - }, - "PreviewMessage": { - "enabled": false - }, - "QuickMention": { - "enabled": false - }, - "QuickReply": { - "enabled": false - }, - "ReactErrorDecoder": { - "enabled": false - }, - "ReadAllNotificationsButton": { - "enabled": false - }, - "RelationshipNotifier": { - "enabled": false - }, - "ReplaceGoogleSearch": { - "enabled": false - }, - "ReplyTimestamp": { - "enabled": false - }, - "RevealAllSpoilers": { - "enabled": false - }, - "ReverseImageSearch": { - "enabled": false - }, - "ReviewDB": { - "enabled": false - }, - "RoleColorEverywhere": { - "enabled": false - }, - "SecretRingToneEnabler": { - "enabled": false - }, - "Summaries": { - "enabled": false - }, - "SendTimestamps": { - "enabled": true, - "replaceMessageContents": true - }, - "ServerInfo": { - "enabled": false - }, - "ServerListIndicators": { - "enabled": false - }, - "ShikiCodeblocks": { - "enabled": true, - "useDevIcon": "COLOR", - "theme": "https://raw.githubusercontent.com/shikijs/shiki/0b28ad8ccfbf2615f2d9d38ea8255416b8ac3043/packages/shiki/themes/dracula.json", - "tryHljs": "SECONDARY", - "bgOpacity": 100 - }, - "ShowAllMessageButtons": { - "enabled": false - }, - "ShowConnections": { - "enabled": false - }, - "ShowHiddenChannels": { - "enabled": false - }, - "ShowHiddenThings": { - "enabled": false - }, - "ShowMeYourName": { - "enabled": false - }, - "ShowTimeoutDuration": { - "enabled": false - }, - "SilentMessageToggle": { - "enabled": false - }, - "SilentTyping": { - "enabled": false - }, - "SortFriendRequests": { - "enabled": false - }, - "SpotifyControls": { - "enabled": false - }, - "SpotifyCrack": { - "enabled": false - }, - "SpotifyShareCommands": { - "enabled": false - }, - "StartupTimings": { - "enabled": false - }, - "StickerPaste": { - "enabled": false - }, - "StreamerModeOnStream": { - "enabled": false - }, - "SuperReactionTweaks": { - "enabled": false - }, - "TextReplace": { - "enabled": false - }, - "ThemeAttributes": { - "enabled": false - }, - "Translate": { - "enabled": false - }, - "TypingIndicator": { - "enabled": false - }, - "TypingTweaks": { - "enabled": false - }, - "Unindent": { - "enabled": false - }, - "UnlockedAvatarZoom": { - "enabled": false - }, - "UnsuppressEmbeds": { - "enabled": false - }, - "UserVoiceShow": { - "enabled": false - }, - "USRBG": { - "enabled": false - }, - "ValidReply": { - "enabled": false - }, - "ValidUser": { - "enabled": false - }, - "VoiceChatDoubleClick": { - "enabled": false - }, - "VcNarrator": { - "enabled": false - }, - "VencordToolbox": { - "enabled": false - }, - "ViewIcons": { - "enabled": false - }, - "ViewRaw": { - "enabled": false - }, - "VoiceDownload": { - "enabled": false - }, - "VoiceMessages": { - "enabled": false - }, - "VolumeBooster": { - "enabled": false - }, - "WebKeybinds": { - "enabled": true - }, - "WebScreenShareFixes": { - "enabled": true - }, - "WhoReacted": { - "enabled": false - }, - "XSOverlay": { - "enabled": false - }, - "YoutubeAdblock": { - "enabled": true - }, - "NoTrack": { - "enabled": true, - "disableAnalytics": true - }, - "WebContextMenus": { - "enabled": true, - "addBack": true - }, - "Settings": { - "enabled": true, - "settingsLocation": "aboveNitro" - }, - "SupportHelper": { - "enabled": true - }, - "UserMessagesPronouns": { - "enabled": true, - "showInMessages": true, - "showSelf": true, - "pronounSource": 0, - "pronounsFormat": "LOWERCASE" - }, - "DynamicImageModalAPI": { - "enabled": false - }, - "FixImagesQuality": { - "enabled": false - } - }, - "notifications": { - "timeout": 5000, - "position": "bottom-right", - "useNative": "not-focused", - "logLimit": 50 - }, - "cloud": { - "authenticated": false, - "url": "https://api.vencord.dev/", - "settingsSync": false, - "settingsSyncVersion": 1734993730812 - } -} \ No newline at end of file diff --git a/home-manager/hosts/EDI/id_ed25519.pub b/home-manager/hosts/EDI/id_ed25519.pub deleted file mode 100644 index 9c0c307..0000000 --- a/home-manager/hosts/EDI/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI diff --git a/home-manager/hosts/EDI/lillian.nix b/home-manager/hosts/EDI/lillian.nix index ed564ed..f0cd853 100644 --- a/home-manager/hosts/EDI/lillian.nix +++ b/home-manager/hosts/EDI/lillian.nix @@ -16,10 +16,8 @@ ]; home.packages = with pkgs; [ - lutris - android-tools ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "26.05"; + home.stateVersion = "24.11"; } diff --git a/home-manager/hosts/GLaDOS/id_ed25519.pub b/home-manager/hosts/GLaDOS/id_ed25519.pub deleted file mode 100644 index 6f641a9..0000000 --- a/home-manager/hosts/GLaDOS/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS diff --git a/home-manager/hosts/GLaDOS/lillian.nix b/home-manager/hosts/GLaDOS/lillian.nix index a978fd4..0841ff3 100644 --- a/home-manager/hosts/GLaDOS/lillian.nix +++ b/home-manager/hosts/GLaDOS/lillian.nix @@ -16,12 +16,8 @@ ]; home.packages = with pkgs; [ + heroic r2modman - ryubing - lutris - vscodium - intiface-central - unrar ]; programs.mangohud = { @@ -30,5 +26,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "26.05"; + home.stateVersion = "24.11"; } diff --git a/home-manager/hosts/iso/id_ed25519.pub b/home-manager/hosts/iso/id_ed25519.pub deleted file mode 100644 index c1ae600..0000000 --- a/home-manager/hosts/iso/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeZHHAEoUh/Ly9F1xUSPZLPNE0Yh/wM2qWgKvlEBa8A lillian@GLaDOS diff --git a/home-manager/hosts/iso/lillian.nix b/home-manager/hosts/iso/lillian.nix index b76bd91..f0cd853 100644 --- a/home-manager/hosts/iso/lillian.nix +++ b/home-manager/hosts/iso/lillian.nix @@ -11,11 +11,13 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix + ../../desktop + ../../shared ]; home.packages = with pkgs; [ ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.11"; + home.stateVersion = "24.11"; } diff --git a/home-manager/hosts/iso_server/lillian.nix b/home-manager/hosts/iso_server/lillian.nix index 2b344a4..278806e 100644 --- a/home-manager/hosts/iso_server/lillian.nix +++ b/home-manager/hosts/iso_server/lillian.nix @@ -18,5 +18,5 @@ ]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "25.05"; + home.stateVersion = "24.11"; } diff --git a/home-manager/hosts/queen/id_ed25519.pub b/home-manager/hosts/queen/id_ed25519.pub deleted file mode 100644 index bf8d43c..0000000 --- a/home-manager/hosts/queen/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtwcWXnwOOI8G3NqAMfTeuSuDk9ly5xqwQDH2Iey3u+ lillian@queen diff --git a/home-manager/hosts/queen/lillian.nix b/home-manager/hosts/queen/lillian.nix index 9297b6a..5acc4b0 100644 --- a/home-manager/hosts/queen/lillian.nix +++ b/home-manager/hosts/queen/lillian.nix @@ -35,5 +35,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "26.05"; + home.stateVersion = "24.11"; } diff --git a/home-manager/hosts/shodan/id_ed25519.pub b/home-manager/hosts/shodan/id_ed25519.pub deleted file mode 100644 index 2f2ee8f..0000000 --- a/home-manager/hosts/shodan/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL279XPFj1nzLDozFclntPh8rOcn3d1B5iJNGds9Ray6 lillian@shodan diff --git a/home-manager/hosts/shodan/lillian.nix b/home-manager/hosts/shodan/lillian.nix index e072776..52f1d3d 100644 --- a/home-manager/hosts/shodan/lillian.nix +++ b/home-manager/hosts/shodan/lillian.nix @@ -12,8 +12,11 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix + ../../desktop/package-configs/plasma-desktop.nix + ../../desktop/package-configs/firefox.nix + ../../desktop/package-configs/konsole + ../../desktop/package-configs/foot ../../shared - ../../desktop ]; nixpkgs = { # You can add overlays here @@ -28,17 +31,76 @@ # }); # }) ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + home = { + username = "lillian"; + homeDirectory = "/home/lillian"; }; home.packages = with pkgs; [ + #Chat: + vesktop + #Gaming: prismlauncher r2modman - ryubing + ryujinx + + # Multimedia: + freetube + obs-studio + vlc + + # System tools: + rage + discover + flameshot + fzf + nextcloud-client + nitrokey-app + protonvpn-gui + sops + #watchmate + qbittorrent + zsh + + # Theming: + catppuccin-cursors + (catppuccin-kde.override { + flavour = ["macchiato"]; + accents = ["mauve"]; + }) + catppuccin-plymouth + catppuccin-sddm-corners + + # Web browsing: + firefox + ungoogled-chromium ]; - # Make the kde screenlock not require a password :) - programs.plasma.kscreenlocker.passwordRequired = false; + + # # Automount services for user + # programs.bashmount.enable = true; + # services.udiskie = { + # enable = true; + # automount = true; + # notify = false; + # tray = "never"; + # }; + + # Enable home-manager and git + programs.home-manager.enable = true; + programs.git = { + enable = true; + userEmail = "git@lillianviolet.dev"; + userName = "Lillian-Violet"; + }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "26.05"; + home.stateVersion = "24.11"; } diff --git a/home-manager/hosts/wheatley/id_ed25519.pub b/home-manager/hosts/wheatley/id_ed25519.pub deleted file mode 100644 index dbfe237..0000000 --- a/home-manager/hosts/wheatley/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxXVL6QAiMLwvUYBtXCbkHEh6ENgaEO/rkZWSPJrjLJ lillian@wheatley diff --git a/home-manager/hosts/wheatley/lillian.nix b/home-manager/hosts/wheatley/lillian.nix index 9297b6a..afb1b42 100644 --- a/home-manager/hosts/wheatley/lillian.nix +++ b/home-manager/hosts/wheatley/lillian.nix @@ -11,7 +11,8 @@ # You can also split up your configuration and import pieces of it here: # ./nvim.nix - ../../shared + ../../package-configs/zsh.nix + ../../package-configs/helix.nix ]; nixpkgs = { @@ -35,5 +36,5 @@ }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - home.stateVersion = "26.05"; + home.stateVersion = "24.05"; } diff --git a/home-manager/shared/background.jpg b/home-manager/shared/background.jpg deleted file mode 100644 index 2ad658c..0000000 Binary files a/home-manager/shared/background.jpg and /dev/null differ diff --git a/home-manager/shared/default.nix b/home-manager/shared/default.nix index 5889b96..07f7fde 100644 --- a/home-manager/shared/default.nix +++ b/home-manager/shared/default.nix @@ -1,10 +1,5 @@ -{ - pkgs, - osConfig, - ... -}: { +{pkgs, ...}: { imports = [ - ./ssh ./shell/helix ./shell/zellij ./shell/zsh.nix @@ -12,78 +7,28 @@ ./shell/eza.nix ./shell/hyfetch.nix ]; - home = { username = "lillian"; homeDirectory = "/home/lillian"; - file."id_ed25519.pub" = { - source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub; - target = ".ssh/id_ed25519.pub"; - force = true; - }; - - packages = with pkgs; [ - # System tools: - vscode-langservers-extracted - sops - zsh - bat - btop - broot - lazygit - navi - nil - gh - ]; }; catppuccin = { + enable = true; flavor = "macchiato"; - btop.enable = true; - cache.enable = true; - chromium.enable = true; - freetube.enable = true; - freetube.flavor = "macchiato"; }; - programs = { - navi.enable = true; - yazi = { - enable = true; - # package = pkgs.yazi.override { - # _7zz = pkgs._7zz.override {useUasm = true;}; - # }; - }; - }; - # stylix.enable = true; - # qt.platformTheme.name = lib.mkForce "kvantum"; - # qt.style.name = lib.mkForce "kvantum"; - # stylix = { - # enable = true; - # autoEnable = true; - # base16Scheme = { - # scheme = "Catppuccin Macchiato"; - # author = "https://github.com/catppuccin/catppuccin"; - # base00 = "24273a"; - # base01 = "1e2030"; - # base02 = "363a4f"; - # base03 = "494d64"; - # base04 = "5b6078"; - # base05 = "cad3f5"; - # base06 = "f4dbd6"; - # base07 = "b7bdf8"; - # base08 = "ed8796"; - # base09 = "f5a97f"; - # base0A = "eed49f"; - # base0B = "a6da95"; - # base0C = "8bd5ca"; - # base0D = "8aadf4"; - # base0E = "c6a0f6"; - # base0F = "f0c6c6"; - # }; - # image = ./background.jpg; - # cursor.package = pkgs.catppuccin-cursors; - # cursor.name = "catppuccin-macchiato-mauve-cursors"; - # cursor.size = 16; - # }; + home.packages = with pkgs; [ + # System tools: + vscode-langservers-extracted + sops + zsh + bat + btop + broot + lazygit + navi + yazi + nil + ]; + programs.navi.enable = true; } diff --git a/home-manager/shared/kde-connect-commands.json b/home-manager/shared/kde-connect-commands.json deleted file mode 100644 index ebe234e..0000000 --- a/home-manager/shared/kde-connect-commands.json +++ /dev/null @@ -1,50 +0,0 @@ -[ - { - "command": "systemctl poweroff", - "name": "shutdown" - }, - { - "command": "systemctl reboot", - "name": "reboot" - }, - { - "command": "systemctl suspend", - "name": "suspend" - }, - { - "command": "systemctl hibernate", - "name": "hibernate" - }, - { - "command": "loginctl lock-session", - "name": "lock" - }, - { - "command": "loginctl unlock-session", - "name": "unlock" - }, - { - "command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"", - "name": "mute" - }, - { - "command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"", - "name": "mute mic" - }, - { - "command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"", - "name": "screenshot to phone" - }, - { - "command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"", - "name": "webcam to phone" - }, - { - "command": "bluetoothctl connect 38:18:4C:11:56:99", - "name": "connect headset" - }, - { - "command": "bluetoothctl disconnect 38:18:4C:11:56:99", - "name": "disconnect headset" - } -] \ No newline at end of file diff --git a/home-manager/shared/shell/bat.nix b/home-manager/shared/shell/bat.nix index 8658a54..2afdce3 100644 --- a/home-manager/shared/shell/bat.nix +++ b/home-manager/shared/shell/bat.nix @@ -2,6 +2,6 @@ programs.bat = { enable = true; extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch]; - # catppuccin.enable = true; + catppuccin.enable = true; }; } diff --git a/home-manager/shared/shell/helix/default.nix b/home-manager/shared/shell/helix/default.nix index 249254b..bba04a9 100644 --- a/home-manager/shared/shell/helix/default.nix +++ b/home-manager/shared/shell/helix/default.nix @@ -16,21 +16,24 @@ '' #! ~/.nix-profile/bin/zsh is_new() { - new=0; - mkdir -p /tmp/rjh; - if [[ -a "/tmp/rjh/$(pwd | tr \"/\" -).json" ]]; then - new=1 - fi - return $new + new=1; + touch /tmp/rjh; + while IFS="" read -r p || [ -n "$p" ]; do + if [ $(pwd) = $p ]; then + new=0; + fi + done < /tmp/rjh + return $new } - is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh/$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && sleep 3 - rm -f /tmp/pipe-rjh - mkfifo /tmp/pipe-rjh - cat > /tmp/pipe-rjh - zellij run -f -n "REPL" -- direnv exec . just send < /tmp/pipe-rjh - rm /tmp/pipe-rjh - + send_to_jupyter() { + is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh-$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && zellij action write 29 25 && zellij action write 17 + pwd >> /tmp/rjh + zellij action write 29 25 + zellij action write 17 + cat | just send + } + send_to_jupyter ''; in { programs.helix = { @@ -48,11 +51,6 @@ in { j = ":pipe-to just jupyter"; }; editor = { - auto-save = { - focus-lost = true; - after-delay.enable = true; - after-delay.timeout = 3000; - }; line-number = "relative"; lsp.display-messages = true; lsp.display-inlay-hints = true; diff --git a/home-manager/shared/shell/helix/helix.nix b/home-manager/shared/shell/helix/helix.nix deleted file mode 100644 index bbadd82..0000000 --- a/home-manager/shared/shell/helix/helix.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - fetchzip, - lib, - rustPlatform, - git, - installShellFiles, -}: -rustPlatform.buildRustPackage rec { - pname = "helix"; - version = "25.01.1"; - - # This release tarball includes source code for the tree-sitter grammars, - # which is not ordinarily part of the repository. - src = fetchzip { - url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz"; - hash = ""; - stripRoot = false; - }; - - useFetchCargoVendor = true; - cargoHash = ""; - - nativeBuildInputs = [git installShellFiles]; - - env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime"; - - postInstall = '' - # not needed at runtime - rm -r runtime/grammars/sources - - mkdir -p $out/lib - cp -r runtime $out/lib - installShellCompletion contrib/completion/hx.{bash,fish,zsh} - mkdir -p $out/share/{applications,icons/hicolor/256x256/apps} - cp contrib/Helix.desktop $out/share/applications - cp contrib/helix.png $out/share/icons/hicolor/256x256/apps - ''; - - meta = with lib; { - description = "Post-modern modal text editor"; - homepage = "https://helix-editor.com"; - license = licenses.mpl20; - mainProgram = "hx"; - maintainers = with maintainers; [danth yusdacra zowoq]; - }; -} diff --git a/home-manager/shared/shell/hyfetch.nix b/home-manager/shared/shell/hyfetch.nix index 00f2035..774a3d7 100644 --- a/home-manager/shared/shell/hyfetch.nix +++ b/home-manager/shared/shell/hyfetch.nix @@ -10,7 +10,6 @@ mode = "horizontal"; }; backend = "neofetch"; - pride_month_disable = false; }; }; } diff --git a/home-manager/shared/shell/starship.nix b/home-manager/shared/shell/starship.nix index 90dda44..4cbba8e 100644 --- a/home-manager/shared/shell/starship.nix +++ b/home-manager/shared/shell/starship.nix @@ -35,6 +35,7 @@ git_branch.style = "bold blue"; directory.style = "bold blue"; direnv.disabled = false; + palette = "catppuccin_${flavor}"; } // builtins.fromTOML (builtins.readFile (pkgs.fetchFromGitHub diff --git a/home-manager/shared/shell/zellij/default.nix b/home-manager/shared/shell/zellij/default.nix index b84dcb9..6e154ec 100644 --- a/home-manager/shared/shell/zellij/default.nix +++ b/home-manager/shared/shell/zellij/default.nix @@ -55,23 +55,23 @@ default_tab_template { pane size=1 borderless=true { - plugin location="file:${inputs.zjstatus.packages.${pkgs.stdenv.hostPlatform.system}.default}/bin/zjstatus.wasm" { - format_left "#[bg=#24273A,fg=#cad3f5,bold] {session} {mode} {tabs}" - format_right "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#1e2030,bold]{datetime}#[bg=#24273A,fg=#cad3f5]" + plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" { + format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}" + format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]" mode_locked "#[fg=magenta,bold] {name} " mode_normal "#[fg=green,bold] {name} " mode_resize "#[fg=orange,bold] {name} " mode_default_to_mode "resize" - tab_normal "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#24273A,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#cad3f5,fg=#cad3f5]#[bg=#24273A,fg=#cad3f5]" - tab_active "#[bg=#a6da95,fg=#24273A]#[bg=#a6da95,fg=#a6da95]#[bg=#a6da95,fg=#1e2030,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#a6da95,fg=#a6da95]#[bg=#24273A,fg=#a6da95]" + tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]" + tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]" tab_sync_indicator " " tab_fullscreen_indicator "□ " tab_floating_indicator "󰉈 " - datetime "#[bg=#cad3f5,fg=#1e2030,bold]{format} " + datetime "#[bg=#C9D2F5,fg=#1D1D2E,bold]{format} " datetime_format "%Y-%m-%d %H:%M" datetime_timezone "Europe/Amsterdam" } @@ -138,23 +138,23 @@ default_tab_template { pane size=1 borderless=true { - plugin location="file:${inputs.zjstatus.packages.${pkgs.stdenv.hostPlatform.system}.default}/bin/zjstatus.wasm" { - format_left "#[bg=#24273A,fg=#cad3f5,bold] {session} {mode} {tabs}" - format_right "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#1e2030,bold]{datetime}#[bg=#24273A,fg=#cad3f5]" + plugin location="file:${inputs.zjstatus.packages.${pkgs.system}.default}/bin/zjstatus.wasm" { + format_left "#[bg=#1D1D2E,fg=#C9D2F5,bold] {session} {mode} {tabs}" + format_right "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{datetime}#[bg=#1D1D2E,fg=#C9D2F5]" mode_locked "#[fg=magenta,bold] {name} " mode_normal "#[fg=green,bold] {name} " mode_resize "#[fg=orange,bold] {name} " mode_default_to_mode "resize" - tab_normal "#[bg=#cad3f5,fg=#24273A]#[bg=#cad3f5,fg=#cad3f5]#[bg=#cad3f5,fg=#1e2030,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#cad3f5,fg=#cad3f5]#[bg=#24273A,fg=#cad3f5]" - tab_active "#[bg=#a6da95,fg=#24273A]#[bg=#a6da95,fg=#a6da95]#[bg=#a6da95,fg=#1e2030,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#a6da95,fg=#a6da95]#[bg=#24273A,fg=#a6da95]" + tab_normal "#[bg=#C9D2F5,fg=#1D1D2E]#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#C9D2F5,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#C9D2F5,fg=#C9D2F5]#[bg=#1D1D2E,fg=#C9D2F5]" + tab_active "#[bg=#A6DA95,fg=#1D1D2E]#[bg=#A6DA95,fg=#A6DA95]#[bg=#A6DA95,fg=#1D1D2E,bold]{name}{sync_indicator}{fullscreen_indicator}{floating_indicator}#[bg=#A6DA95,fg=#A6DA95]#[bg=#1D1D2E,fg=#A6DA95]" tab_sync_indicator " " tab_fullscreen_indicator "□ " tab_floating_indicator "󰉈 " - datetime "#[bg=#cad3f5,fg=#1e2030,bold]{format} " + datetime "#[bg=#C9D2F5,fg=#1D1D2E,bold]{format} " datetime_format "%Y-%m-%d %H:%M" datetime_timezone "Europe/Amsterdam" } @@ -174,7 +174,7 @@ in { enableZshIntegration = true; settings = { session_serialization = true; - # theme = "catppuccin-macchiato"; + theme = "catppuccin-macchiato"; themes = { catppuccin-mocha = { @@ -206,12 +206,14 @@ in { }; }; }; + home.file = { "layout" = { source = "${layout}"; target = ".config/zellij/layouts/default.kdl"; }; - + }; + home.file = { "helix_zellij" = { source = "${helix_zellij}"; target = ".config/zellij/layouts/helix.kdl"; diff --git a/home-manager/shared/shell/zsh.nix b/home-manager/shared/shell/zsh.nix index 7579669..3c814c1 100644 --- a/home-manager/shared/shell/zsh.nix +++ b/home-manager/shared/shell/zsh.nix @@ -1,71 +1,70 @@ {pkgs, ...}: { - programs = { - zoxide = { - enable = true; + programs.zoxide = { + enable = true; + }; + + programs.zsh = { + enable = true; + shellAliases = { + cd = "z"; + code = "codium ./"; + ls = "eza"; + lh = "ls -lah"; + cat = "bat"; + tree = "tre"; + neofetch = "hyfetch"; + shutdown = "shutdown 0"; + reboot = "reboot 0"; }; - zsh = { + plugins = [ + { + name = "zsh-nix-shell"; + file = "nix-shell.plugin.zsh"; + src = pkgs.fetchFromGitHub { + owner = "chisui"; + repo = "zsh-nix-shell"; + rev = "v0.8.0"; + sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM="; + }; + } + { + name = "terraform"; + src = pkgs.fetchFromGitHub { + owner = "macunha1"; + repo = "zsh-terraform"; + rev = "fd1471d3757f8ed13f56c4426f88616111de2a87"; + sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc"; + }; + } + ]; + autosuggestion.enable = true; + enableCompletion = true; + historySubstringSearch.enable = true; + syntaxHighlighting.enable = true; + #zsh-abbr.enable = true; + oh-my-zsh = { enable = true; - shellAliases = { - cd = "z"; - code = "codium ./"; - ls = "eza"; - lh = "ls -lah"; - cat = "bat"; - tree = "tre"; - neofetch = "hyfetch"; - shutdown = "shutdown 0"; - reboot = "reboot 0"; - }; plugins = [ - { - name = "zsh-nix-shell"; - file = "nix-shell.plugin.zsh"; - src = pkgs.fetchFromGitHub { - owner = "chisui"; - repo = "zsh-nix-shell"; - rev = "v0.8.0"; - sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM="; - }; - } - { - name = "terraform"; - src = pkgs.fetchFromGitHub { - owner = "macunha1"; - repo = "zsh-terraform"; - rev = "fd1471d3757f8ed13f56c4426f88616111de2a87"; - sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc"; - }; - } + "git" + "colored-man-pages" + "colorize" + "dirhistory" + "dirpersist" + "history" + "history-substring-search" + "fancy-ctrl-z" + "git-flow" + "isodate" + "z" + "zsh-interactive-cd" + "zsh-navigation-tools" ]; - autosuggestion.enable = true; - enableCompletion = true; - historySubstringSearch.enable = true; - syntaxHighlighting.enable = true; - #zsh-abbr.enable = true; - oh-my-zsh = { - enable = true; - plugins = [ - "git" - "colored-man-pages" - "colorize" - "dirhistory" - "dirpersist" - "history" - "history-substring-search" - "fancy-ctrl-z" - "git-flow" - "isodate" - "z" - "zsh-interactive-cd" - "zsh-navigation-tools" - ]; - }; - # Extra commands that take more complex forms - initContent = '' - eval "$(zoxide init --cmd cd zsh)" - tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; } - zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; } - ''; }; + # Extra commands that take more complex forms + initExtra = '' + eval "$(zoxide init --cmd cd zsh)" + tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; } + zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; } + ''; }; } diff --git a/home-manager/shared/ssh/config b/home-manager/shared/ssh/config deleted file mode 100644 index 9469604..0000000 --- a/home-manager/shared/ssh/config +++ /dev/null @@ -1,25 +0,0 @@ -Host wheatley -HostName 10.0.0.1 -User lillian -Port 22 - -Host GLaDOS -HostName 10.0.0.2 -User lillian -Port 22 - -Host EDI -HostName 10.0.0.3 -User lillian -Port 22 - -Host shodan -HostName 10.0.0.4 -User lillian -Port 22 - -Host queen -HostName gladtherescake.eu -User lillian -Port 22 - diff --git a/home-manager/shared/ssh/default.nix b/home-manager/shared/ssh/default.nix deleted file mode 100644 index aef7a98..0000000 --- a/home-manager/shared/ssh/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - home.file."sshconfig" = { - source = ./config; - target = ".config/ssh/config"; - force = true; - }; -} diff --git a/justfile b/justfile index 44b9a63..a6da660 100644 --- a/justfile +++ b/justfile @@ -1,46 +1,15 @@ -# Build the nixos configuration and switch to it build: - sudo echo "sudo check..." && sudo nixos-rebuild --fallback --log-format internal-json -v switch --flake .# --show-trace |& nom --json + sudo nixos-rebuild switch --flake .# --show-trace -# Build the nixos configuration bot don't switch to it until a reboot -boot: - sudo echo "sudo check..." && sudo nixos-rebuild --fallback --log-format internal-json -v boot --flake .# --show-trace |& nom --json - -# Run the nix flake in the nix repl run: nix-repl -f flake:nixpkgs -# Check the nix configuration for errors test: - sudo echo "sudo check..." && sudo nix flake check --show-trace --log-format internal-json -v |& nom --json + sudo nix flake check --show-trace -# Update the flake lock update: - nix flake update --log-format internal-json -v |& nom --json && zsh + nix flake update -# Clean your nix store and optimize it clean: sudo nix-collect-garbage sudo nix-store --optimise - -# Set up the commit hook for testing before doing a commit -setup: - #!/run/current-system/sw/bin/bash -e - if [ -s ./.git/hooks/pre-commit ]; then - read -p $"This file already contains the following text: - $(<./.git/hooks/pre-commit) - Do you want to add the test hook (y/N)? (This will NOT delete data)" choice - case "$choice" in - y|Y ) echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit && echo "Added test hook to pre-commit.";; - * ) echo "No test added to pre-commit.";; - esac - else - echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit - fi - -# Make sure all the git actions of pulling, adding all files, committing, and pushing are done in one command -push: - git pull - git add * - read -p "Commit message: " -r message && git commit -m "$message" - git push diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 4be86f1..8685807 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,5 +1,6 @@ # Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). # These should be stuff you would like to share with others, not your personal configurations. { - vpn-ip = import ./vpn-ip; + # List your module files here + contabo.wan = import ./contabo/wan; } diff --git a/modules/nixos/vpn-ip/default.nix b/modules/nixos/vpn-ip/default.nix deleted file mode 100644 index 71d56a6..0000000 --- a/modules/nixos/vpn-ip/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{lib, ...}: -with lib; { - # Declare what settings a user of this "hello.nix" module CAN SET. - options.services.vpn-ip = { - enable = mkOption { - type = types.bool; - default = true; - }; - ip = mkOption { - type = types.str; - default = "0"; - }; - publicKey = mkOption { - type = types.str; - default = ""; - }; - }; -} diff --git a/nixos/desktop/default.nix b/nixos/desktop/default.nix index bbb9dc8..44e3892 100644 --- a/nixos/desktop/default.nix +++ b/nixos/desktop/default.nix @@ -28,15 +28,14 @@ allowUnfree = true; }; }; - services.udev.extraRules = '' - KERNEL=="hidraw*", ATTRS{idVendor}=="057e", MODE="0660", TAG+="uaccess" - KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess" - KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" - KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" - ''; - environment.systemPackages = with pkgs; - [ + # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently + programs.command-not-found.enable = lib.mkForce false; + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; + + environment.systemPackages = + (with pkgs; [ # Custom tools dvd dvt @@ -45,13 +44,9 @@ # System tools aha - ttf-ms-win10 - wineWowPackages.stable - bottles - tpm2-abrmd - jdk21_headless #bcachefs-tools clinfo + comma direnv exfat exfatprogs @@ -68,16 +63,12 @@ # waydroid waypipe wayland-utils + xwaylandvideobridge yubikey-personalization zsh # KDE/QT - kdePackages.plasma-desktop - kdePackages.plasma-wayland-protocols - kdePackages.libplasma - kdePackages.plasma-integration - kdePackages.plasma-activities - kdePackages.plasma-workspace + krunner-translator kdePackages.discover kdePackages.filelight kdePackages.kcalc @@ -92,164 +83,114 @@ kdePackages.sddm-kcm kdePackages.dolphin-plugins kdePackages.qtstyleplugin-kvantum - kdePackages.krdc - kdePackages.krfb - kdePackages.kate libportal-qt5 libportal # User tools - freetube noisetorch qjackctl wireplumber - intiface-central #rustdesk - ] + ]) ++ (with pkgs-edge; [ - kdePackages.plasma-vault + # list of latest packages from nixpkgs master + # Can be used to install latest version of some packages ]); - fonts.packages = [pkgs.ttf-ms-win10]; - sops = { - secrets."nextcloud-password" = { - mode = "0600"; - owner = config.users.users.lillian.name; - path = "/home/lillian/.netrc"; - }; - secrets."prod.keys" = { - mode = "0600"; - owner = config.users.users.lillian.name; - path = "/home/lillian/.config/Ryujinx/system/prod.keys"; - }; - secrets."title.keys" = { - mode = "0600"; - owner = config.users.users.lillian.name; - path = "/home/lillian/.config/Ryujinx/system/title.keys"; - }; + programs.direnv = { + enable = true; }; - programs = { - # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently - command-not-found.enable = lib.mkForce false; - # nix-index.enable = true; - nix-index-database.comma.enable = true; - - direnv = { - enable = true; - }; - - # steam = { - # enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - # extest.enable = true; - # }; - kdeconnect.enable = true; - - noisetorch = { - enable = true; - }; - }; - - xdg.portal.enable = true; - # Enable networking - networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses + networking.networkmanager.enable = true; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + extest.enable = true; + }; + hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses # Set your time zone. time.timeZone = "Europe/Amsterdam"; - services = { - # Enable the X11 windowing system. - xserver.enable = true; - # Enable the KDE Plasma Desktop Environment. - # displayManager.sddm = { - # enable = true; - # wayland.enable = true; - # }; - displayManager.defaultSession = "plasma"; - desktopManager.plasma6.enable = true; - desktopManager.plasma6.notoPackage = pkgs.atkinson-hyperlegible; + # Enable the X11 windowing system. + services.xserver.enable = true; - # Enable flatpak support - flatpak.enable = true; - packagekit.enable = true; - - # Configure keymap in X11 - xserver.xkb = { - layout = "us"; - variant = ""; - options = "terminate:ctrl_alt_bksp,compose:caps_toggle"; - }; - - # Enable CUPS to print documents. - printing.enable = true; - - # Enable fwupd daemon and user space client - fwupd.enable = true; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - - avahi = { - nssmdns4 = true; - enable = true; - ipv4 = true; - ipv6 = true; - publish = { - enable = true; - addresses = true; - workstation = true; - }; - }; + # Enable the KDE Plasma Desktop Environment. + services.displayManager.sddm = { + enable = true; + wayland.enable = true; }; - hardware = { - graphics.enable32Bit = true; + services.displayManager.defaultSession = "plasma"; + services.desktopManager.plasma6.enable = true; + programs.kdeconnect.enable = true; - # Enable bluetooth hardware - bluetooth.enable = true; + # Enable flatpak support + services.flatpak.enable = true; + services.packagekit.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + options = "terminate:ctrl_alt_bksp,compose:caps_toggle"; }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable bluetooth hardware + hardware.bluetooth.enable = true; + + # Enable fwupd daemon and user space client + services.fwupd.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + + programs.noisetorch = { + enable = true; + }; - services.pulseaudio.enable = false; virtualisation.podman = { enable = true; dockerCompat = true; }; - security.tpm2 = { - enable = true; - pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - tctiEnvironment.enable = true; - }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - users.users.lillian.extraGroups = ["tss"]; - boot = { - # tss group has access to TPM devices - bootspec.enable = true; - binfmt.emulatedSystems = ["aarch64-linux"]; - #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - #boot.supportedFilesystems = ["bcachefs"]; - extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out]; - kernelModules = [ - # Virtual Camera - "v4l2loopback" - # Virtual Microphone, built-in - "snd-aloop" - ]; - # Set initial kernel module settings - extraModprobeConfig = '' - # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming - # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams - # https://github.com/umlaeute/v4l2loopback - options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" - ''; - loader.systemd-boot.configurationLimit = 3; - loader.efi.canTouchEfiVariables = true; - }; + security.tpm2.enable = true; + security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices + + # FIXME: re-enable virtual camera loopback when it build again. + boot.bootspec.enable = true; + #boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + #boot.supportedFilesystems = ["bcachefs"]; + boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out]; + boot.kernelModules = [ + # Virtual Camera + "v4l2loopback" + # Virtual Microphone, built-in + "snd-aloop" + ]; + # Set initial kernel module settings + boot.extraModprobeConfig = '' + # exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming + # card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams + # https://github.com/umlaeute/v4l2loopback + options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" + ''; + boot.loader.systemd-boot.configurationLimit = 3; + boot.loader.efi.canTouchEfiVariables = true; } diff --git a/nixos/desktop/package-configs/firefox/default.nix b/nixos/desktop/package-configs/firefox/default.nix index c57887f..432111e 100644 --- a/nixos/desktop/package-configs/firefox/default.nix +++ b/nixos/desktop/package-configs/firefox/default.nix @@ -1,7 +1,11 @@ -{pkgs, ...}: { +{ + config, + pkgs, + ... +}: { programs.firefox = { enable = true; - package = pkgs.librewolf; + package = pkgs.floorp; policies = { DisableTelemetry = true; DisableFirefoxStudies = true; @@ -114,16 +118,6 @@ install_url = "https://addons.mozilla.org/firefox/downloads/file/4047136/wayback_machine_new-3.2.xpi"; installation_mode = "force_installed"; }; - # Tree Style Tabs - # "treestyletab@piro.sakura.ne.jp" = { - # install_url = "https://addons.mozilla.org/firefox/downloads/latest/tree-style-tab/latest.xpi"; - # installation_mode = "force_installed"; - # }; - # Adaptive Tab Bar Colour - "ATBC@EasonWong" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/Adaptive-Tab-Bar-Colour/latest.xpi"; - installation_mode = "force_installed"; - }; }; FirefoxHome = { Search = true; @@ -156,8 +150,6 @@ "floorp.tabbar.style" = 2; "floorp.browser.user.interface" = 8; "signon.rememberSignons" = true; - "browser.ml.chat.enabled" = false; - "browser.ml.chat.shortcuts" = false; }; # TODO: switch to ManagedBookmarks as this will be dropped at some point https://mozilla.github.io/policy-templates/#managedbookmarks # Bookmarks = [ diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index fbe3c05..a71f2fb 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -1,6 +1,7 @@ # This is your system's configuration file. # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) { + inputs, outputs, lib, pkgs, @@ -8,6 +9,8 @@ }: { # You can import other NixOS modules here imports = [ + # Import home-manager's NixOS module + inputs.home-manager.nixosModules.home-manager # If you want to use modules your own flake exports (from modules/nixos): # outputs.nixosModules.example @@ -18,92 +21,41 @@ # You can also split up your configuration and import pieces of it here: # ./users.nix - outputs.nixosModules.vpn-ip + ../../desktop ../../../disko/EDI + + # Import your generated (nixos-generate-config) hardware configuration + ./hardware-configuration.nix ]; + sops.defaultSopsFile = ./secrets/sops.yaml; + + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/EDI; + }; + }; + environment.systemPackages = with pkgs; [ - gparted ]; - programs.steam = { + networking.hostName = "EDI"; + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.initrd.systemd.enable = true; + + boot.lanzaboote = { enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - extest.enable = true; - }; - - programs.virt-manager.enable = true; - - users.groups.libvirtd.members = ["lillian"]; - - virtualisation.libvirtd.enable = true; - - virtualisation.spiceUSBRedirection.enable = true; - - services.displayManager.sddm = { - enable = true; - wayland.enable = true; - }; - - services.displayManager.defaultSession = "plasma"; - services.desktopManager.plasma6.enable = true; - - services.samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "invalid users" = [ - "root" - ]; - "passwd program" = "/run/wrappers/bin/passwd %u"; - security = "user"; - }; - public = { - browseable = "yes"; - comment = "Public samba share."; - "guest ok" = "yes"; - path = "/home/lillian/samba"; - "read only" = "no"; - }; - }; - }; - users.groups.samba.members = ["lillian"]; - - services.vpn-ip = { - ip = "3"; - }; - - networking = { - hostName = "EDI"; - networkmanager.enable = true; - }; - - hardware.enableAllFirmware = true; - hardware.enableRedistributableFirmware = true; - - boot = { - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - loader.systemd-boot.enable = lib.mkForce false; - initrd.systemd.enable = true; - - binfmt.emulatedSystems = ["aarch64-linux"]; - - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - kernelModules = [ - "iwlmvm" - "iwlwifi" - ]; + pkiBundle = "/etc/secureboot"; }; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "26.05"; + system.stateVersion = "24.11"; } diff --git a/nixos/hosts/EDI/secrets/sops.yaml b/nixos/hosts/EDI/secrets/sops.yaml index 4db54a6..195607f 100644 --- a/nixos/hosts/EDI/secrets/sops.yaml +++ b/nixos/hosts/EDI/secrets/sops.yaml @@ -1,7 +1,4 @@ lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str] -wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str] -nextcloud-password: ENC[AES256_GCM,data:h93FmVY3XZdRZECEzz5ArBPnuRYyp0kJ6UUoxKmWVuVeFVkOzxQ5dGra6R/jZg8ofjhu+WosoDso3S/i,iv:J1K2NMAjv7Y26q91V/f11gNs82/UD6jbrMy0hVh81pw=,tag:/mQFulslQ3Mqabnc0mb1lQ==,type:str] -ssh-private-key: ENC[AES256_GCM,data:AYyOFlqcNrlTnKSewgb8B/XzegkJGB79gUT419n6aYiH0xom+DmxfRqQm46x/fldlSeN8u2mmzisC6xcRt3fnK4+0gN5Ywvr6hQEtKKxu2N6Pj7+tFLvFmbYPFplecyGBs1S092UXL65ozQs8aYbogoXxVTVu6/MuCsks9UO1JQWq5utCAyU8VGc0/Ft4OZN2qUbS+VZ0ONZ0WzBA+s+CFZ1FNKsr4tvltLXf8fgpsiSHLUigS4rojlxm84+w8omE1IwpAOxOa9n9X1EDuPxrQvZ+LvcJcgwqrtU2HVGis1GfytPM6vRAoVdBKX37enXelPBX2z9W7wPtmTxippD7yzcEJOggJ6ETMUessNKm3yBsMzTcojSWYzHo4v3San1I+ZiNxjvykuHmomRhXdzdM/2RsBpev8q2sC9YU4euzjzCQdwfoNqhbqyN/1X2BOkJMceMqw8fD8nLc3mIbczMFNO6ByVocZ+iC9BvaBYeLrFd3gncqGRRCJdBCD5CYiOYcdIAipNGL7NQVhM1tcv,iv:RZKsKCENIKhIWo4aKyDVj9xx0GfdjhYLP0B2Rad2LSM=,tag:XOOxsyGidnKWzgGlUPmvXw==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +14,8 @@ sops: eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0 GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-09T23:59:45Z" - mac: ENC[AES256_GCM,data:DQ8uXsVkbzc1JrMDaTGHb9ijRB//6I6GN4bAU1LWnhyxGA2QjYEk5xwEI1950kroXVf1hDTw5fdh+MXvvEcNUL6BZOc4Ecl5lPliZ4aemjhz+O8FCkSbnW2o5JnV4m/rFe9CP6KaoFdr/tgSBVklzaUE4Qdo1DUWCfF7XssXECw=,iv:gb1b569ar5wlc2XMkLXnYfyVp/ZMsLjh9cXM85GrUz0=,tag:MGFgFcF4jIdJxteiFp2n/Q==,type:str] + lastmodified: "2024-02-21T10:15:11Z" + mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.8.1 diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index e8c31c5..f4e7041 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -10,7 +10,6 @@ imports = [ # Import home-manager's NixOS module inputs.home-manager.nixosModules.home-manager - outputs.nixosModules.vpn-ip # If you want to use modules your own flake exports (from modules/nixos): # outputs.nixosModules.example @@ -29,72 +28,63 @@ ./hardware-configuration.nix ]; + sops.defaultSopsFile = ./secrets/sops.yaml; + environment.systemPackages = with pkgs; [ - gparted ]; - services.displayManager.sddm = { - enable = true; - wayland.enable = true; - }; - - services.displayManager.defaultSession = "plasma"; - services.desktopManager.plasma6.enable = true; - - services.vpn-ip = { - ip = "2"; - }; - - networking.hostName = "GLaDOS"; - services.xserver.videoDrivers = ["amdgpu"]; - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - extest.enable = true; + + # Add vulkan support to GPU + hardware.graphics.extraPackages = with pkgs; [ + amdvlk + ]; + # For 32 bit applications + hardware.graphics.extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + ]; + + programs.gamemode = { + enable = true; + settings = { + general = { + renice = 10; + }; + + # Warning: GPU optimisations have the potential to damage hardware + gpu = { + apply_gpu_optimisations = "accept-responsibility"; + gpu_device = 0; + amd_performance_level = "high"; + }; + + custom = { + start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; + end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; + }; }; - - # gamemode.enable = false; - # gamemode.settings = { - # general = { - # renice = 10; - # }; - - # # Warning: GPU optimisations have the potential to damage hardware - # # gpu = { - # # apply_gpu_optimisations = "accept-responsibility"; - # # gpu_device = 0; - # # amd_performance_level = "high"; - # # }; - - # custom = { - # start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; - # end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; - # }; - # }; }; - boot = { - loader.systemd-boot.enable = false; - initrd.systemd.enable = true; + boot.loader.systemd-boot.enable = true; - binfmt.emulatedSystems = ["aarch64-linux"]; - - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - extraModprobeConfig = '' - #fix for https://gitlab.freedesktop.org/drm/amd/-/issues/4141 - amdgpu.runpm=0 - amdgpu.dcdebugmask=0x10 - ''; - }; + # boot.lanzaboote = { + # enable = true; + # pkiBundle = "/etc/secureboot"; + # }; users.users.lillian.extraGroups = ["gamemode"]; + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/GLaDOS; + }; + }; + + # virtualisation.waydroid.enable = false; + networking.hostName = "GLaDOS"; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "26.05"; + system.stateVersion = "24.11"; } diff --git a/nixos/hosts/GLaDOS/secrets/sops.yaml b/nixos/hosts/GLaDOS/secrets/sops.yaml index 6e48ec8..66274e0 100644 --- a/nixos/hosts/GLaDOS/secrets/sops.yaml +++ b/nixos/hosts/GLaDOS/secrets/sops.yaml @@ -1,11 +1,9 @@ lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str] -#ENC[AES256_GCM,data:RrwVo88C14k703l24w5RQd81lQFy/49aJUa1IZWdY0at1GfiKSbbep+kdxtQBpU0Bp9VYg==,iv:+K1BLn+6SlQC5JAjgzMUZnuqT4cuqisETzHBKUfS+y4=,tag:jTMn4LcoNnhWyzVzLOvXrA==,type:comment] -wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str] -ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str] -nextcloud-password: ENC[AES256_GCM,data:ClQk7M7BTeIhgWTWsgjTFb0Um8qZ901530dI9xnbs63ZGIni4+bWjLPetOmM3+PPsg33vF6r0xiwu0Ff,iv:jDy8miUoPcua3sraRQWOHWrhNacKEgf6nGsi8PVTYaY=,tag:ldGta+DdUmoajtAE6HLtkw==,type:str] -prod.keys: ENC[AES256_GCM,data:cOorjpYxhenJgr8cfF1A+eSS/Wr/PUOPfCsfqdvGod/2x/SVIUkt4hMK1dLyfFNA2ip2RObZMDUwhw5V0U/7Mqog6T7mBi2MYh9Sk+z2awvgBk7X6KjiKxlRsxArdtUxIzNzlMUEbas1u4SDnIDxGSX6AehGqVFSEtetFOGxtamMMYZa85bEpWc2gffPwWoU1OKV/yhTmj+/V7lfB3maGp5JifENScs8T2HRvw/MlNlu4gYslyF1OhLo8V3Rt49GkF/q1mPg8YrhcOvCYY1jcZzymOBwgB/0RXjHkXAZEY5y8JLaBES6Ssnd/XYy5VulgVAHSK1HeNjYWduH4b6/TQLnoHNmpmcLew8HtHjR8nJW4pm2BjqxgSxE4BsjtrNc08Atb+FOKaNGnLMHArUBBBFEKrjHl8VwfyHusLI71OnojQE5vMrpXu6osuahx1Jr7+KCYBpx1rHDJHYXWyNoVCfph40RMO3+uqekyZ+VTo5QFTDH3n1n61xkBROP48KZJ7J4UyUBBq0nkXu0P5BXGPB1uCEOEpGta2p7z4zq8q3LvR8oca9670nHshzxsnwI+kn6osNJa2xc8BwjAzCxatqkgT5pZMiuDEv4BynKmSVE/zFaIIAcCKzpvBRVBjoZCGgLHuAdwj13XVBxLdT0ECZiEOfhJQNN9g7xXplFkgL7Er/E29+Y38HCe/YG8UmMsA8xL1+h7HoLEbUUWegmfXlam7+7+tbc3kcrP9HUzqZ/O4hpBgsrVd5n1kKH0GvfqmLLYRVPjnchc2/L4rf5jfLp6NiN5nV2FUurYsGM+/zfXu1GZUZZkdGJEbCDlAEiRrPp8eRZKvRdWoIJY2TqwQnpiSF9EVHiAs6embjmRzJSqPbDqvpLqZfcbx+8F0DMrevkMONBggWAfLk6ekBk8SeQxYt+jkmTwsyB7O7QbfmBsU6DKA83XKSVebHZmkVHsK08BdKil6+dw3nbqgsTe66klZzQs11H7DDK8yXDN6nvnetaRfFTBK5Q0IzEbCvpdYh68bM2Tlcu1Vt0TMtYuQuwTBOlolEt+Q2UrjjPbsOfao4qhOfcLFFCOn5CwceZeOyt/gySogKwzfK8ETkFFets5FFbL4UI3WuTrAwTQZdPglFmIjLix4hPxPeRYeUWtrxPstpgyzLkZWuKgEA30UlnUCUOux5plniUutMm7e2BC7dkfolxFiYjak+Zae6/QBtmmqphG1GiBdKbJy7oeGMnbOJJbbznFTutPtfNHhxASqnjv/mBdfdht5tSKsIAvFCJJ/Ea9YVwJt5d0H2yzLqTRIwMzGNWz4XAtYjR1CaRlMoDwIGdHqKQ6XadME2g3Y9pjUPSGjqGsIDF6dAfEXNi8zBMWXeon14w8k606dstjvZJXwsH0hO2VoKjco77CWcLXoIpVyk8aR4aothEihQmuCgxZ0upUziFcFwXR2lBHBE7hM+GsVIBpoG92lJq2Br2RJRhsKAL3nd+ZnZxxaYqfbI4zY8THEiJXbm1UGES9T6NxFYahdpVkQh11+O6tZ/MOoMhIAFJLwbvd3utJGgE03z7CtAPchcYUGkuWeAg3FR7EDYHY2EzRIVDK9NplmHHQneOSiJNrEUzpc/ucPyjjUqSnEdVISkqY+SPtoAaqd4vmd3ZKFMX17hWZ09Zr+EYkrBG+K4O16Nf6V6DaUbzdH4hAqH5sYTUZt/3znqMyX5UhCwMlOrzhqs4AUpeEYunJEAbFTB3t5Ba5pTUpKBsy0u2H0Oo52FDByzW6bwodW9LL0OG3Ccwz+qb9XTyVDp7h95J+tQIhFgl1E/enzzQym0jX9kqkt80NNhzjsbaj8AuBlc4s8TdESPWDntFqq0ILb6IAgcZ2IQrS8VMxMYfvF6tZXS4UPfAaTrPLSdHBKOihBJIpDf+miC580uGazksDWIOiF7ZAiLGuu4Afgb29cSSirUIJHiRmTOBJI9QRHMP/QZ8xFKG70dEzk4wBjNG5LUItf4108vuXJl5K4iUkLopjskV3c1cpRw4dmF2y6pvgfEt1SvX+XmMh4d16HnRBgCT2l++xpsunFLO2gDMimhoQb1dZteYkGJL49SBsuaH/w/Kmn2DOkUaym8/TC+R7C4s2KJXiIRlIc1VSY5LCDSbVaqGFnti1yQAeVq+eoZO3eNdjog1R2Jikki3W3x0DA3mzqL/09gelwsWOfPWA7cMBQpjDsNcO81v7q0PISc/EQ91sF0MxCY0uJYFaDgWStnfTVDar/IHCzCTi4KN1JOhYhKYDi8PO5KDd1xJOo412zAqVwKC6EtZoc2q4EL/Kxln4L3J34brxDEBUWv/EyR982Qd/bxa0f6iQrJGV9AA3C6CJ7+ANrWNsoD2Ne6slJtJwKLgvL3BjRpIqT27z6t0ZQGWmTRnpYKNu1c8soEbZ4sv8WHvvD7qJ/hRb1IflECvRChjWutnv6gYBDZKY98h81SMGZKVqUsZ/7DJV+JdiBbekcSby2MVWpWINoWKx6N0PPNB9dYCM6DMcNlBXV7nHTJlX+z5H8m/mMlixohYU/NtjXN2UxOC1uDSFH2E6mt9l69RE51Y4SnnGUnpgabXTAh+IaOplghi9z8RNkHuMbhyydMA/x5d+UHXn6JkMcj3kUh944usUtlHCoA7Rk9KrV9ioI6abWB3DYsqAgP4/SKRdQQ3+vO2GVM3dHXftSSROHUcZEylx0Fj3rTwxQ50S4rJBKw0og69F4SbE9O+TX6pVn1qxM7ozn3vSIhUzweFiWb3oN9HzlUExAyX3NrWwgWxS1bqQy+WYPrSVIS6ehNx1VSe2nlRoSJ4XHd/HrBEAyWvQ9jriYkuWw5rws1tdgnFRvKZGidOszLMC46YC6kyd6n3XlpyvCVSF4jR6AbrzXMLsqhauEt5Qdh37RG4aqbI9aoxvxdBdIxsyoxxA74kcieYjuk02t6ZMPgRCBinRZzbUfHePw6lsVgMnMKNYL0DHpr/sf39MCezi5QxCLUO3kIMxp1P5uT6vHIaiLdn45Fqm2lWjWSQdhiDkZ7YHh9pXmjy04KzLNYCC5w7Y6bFzQyOCU/qBQ7ytuioDNi4QOTmP24xMQwtMAMA10Rwz0GfAc8SnFt/0e6C48mSz8bOERroUnguPks613Mt4tK6F/D0LlVVpqsY0cuMEgg1w0nsZ4Zg2SU7mMd+5GIYayS3DYJ0t8L+z7sbiLjjTRhNs52guGcTNiRrshAGIvzbgf9WpB/whnnJ6ySmHP5x9Tyd7Fq2ItaFG0CuN7tIuvMMzdqQDNP9hFtb0muACeS9jghd7XIhkJiukdL+61TATup1FaXSo3QMC4k/n/FjWvrIqpc0NnYwsYx+Q9YXuIgZI7oQetWn45TQ/M45KsaSgmTkpLdNqByneWX5IPj4N7zIU6tIufYyEm+cLK7RmDmF3KCyHZHLboH+Nh/ChdjaHkUuo4z9T7kQKLQDi3mJ3ExiWaB32niWP/Y7Fl2RmMf80uUFrbwC+fBdnlQ6iSGMSEqjziKt0dnZ+BtnfW8WGM4ZqD7feN/xRQJrK6mNJYgxpVOWJ4ekE1HHZIBqQu6mQJENQXx7QqSCw0B1Jj/fgfB9voxXBHaYlLmDnLjnD6oXPpYMl8Nb/cW9qdOZinT547WGMLBb/7dqkjfRqFSO/kEtVFkhz4Rlif8KnC75+L9AP+97u4gvIYAD4bb5V2Hrba0D+EhtkjG8Fd4R4YTuqfGrgZ4m8ed8Nu4XoHXvRzY+UQJvQj0CcGmtOATcsoZzAzNWdFbmChXtZyhvMkEiyAivZr4UmZUqCUVaeWUl9Awmjcecp1+xx5imGmFbsb9WZ/XRmMtOAvCOs0TOBLnG6EDxWaE3ZsoZGOBFUKnBc0yLJF5NWkIxviDPVW4iIR0ltqbAc3UmecRsKC4wxjnX0PqzQCzhrRrdw8O239n35EBYvnxDVaggnKq2jnvJKOOMHSAYofsLOxtlv48+iFCfn3AcNF9m/nWX5H+JVns6byAot0+1oq4HTf6oPIBNicbmKLBIfDt6hHWHpgqShBfbSaFsiCRRPU+Q5i1Fp39uBNp4782R68hZMCL6hq95W76HbkiKYflASXLkn0O4Yr77zhdTRi3XaSkTYw4+54t1pS5keO1i3o6l6bNq8gvoCrgSavA8aCcdyeSjAK4NGp4D/QnNc+z3cGaYZBtLq5dg+45yPbD+beE3PkYYeAiNp3t+vbaE+BR8cot8cwKxYi5VvFMkiGypeenaMXeSIxgT8TjpWt0hYMRCFn+AWpGR4meg8O851gWkw19GmM2Dg8mDBUY25ql1CspHbe1Sy4HrlZb+hs/uhNEWWV99C6FDlFNZk65vN77zGwlC6Wg1t1M7Y0raZMHnYHyttqlJDvwxRCt8MjB3eChb6oYF+T6IlLaiGuN3yNMtASWggfKKAyGV7UCeMmiKlj6ja8TEf5oIntlUJrlgoKODfTX9EqngmAfi+B/WmLDNHm7iVM0YIo3jAxe3hg0mvIZJoltnxgqUCID+a8wlNbxvL++FzdArJIiKeqc2Ux7EHItTQA+ZCBheuFoDsASxL13ZGtxIJ160q7VrDcBFn3by7PF4iCgLIG626Ts6k11KYow/RX/U0DBFqMfskNQvW2cmJ4KyPvVEigX/w/VYPo3jKy2axmD9NIUSD1RVHYaMRDx9T6UmHOAz/Ecwx7p9UBYKZwO6nh7+jriiMQOtw5NfHwl2Eli3oD7cxFwC/xiEsPTYSjQDVNJ6iCfZFhTrJ78dfxZBWvZ32vGHdgnLV0+ewQqyId9RMR/1tEymoLIBJfxiKM8XbEBjWAnV5FQX/SZxrHWS2DNsQdcvK0EU5Fu4vhtLx/3T3b6eEfhWZs9OREzjwsaroofFnwddzaYNfhUmRDTLom8Otwxf6qNb88WZzH38zlt0NmTsFT9+V99sdIDXISdJ1cqK7CfjFwOyRz9W9m2gcbce6K5IWa7HYB1IFkxTuBY38LLTBuHpjGw9g4KoapqesRBvzLHsF97x6TvPN4nSmJ7X18ah6EOwQIrJren0L0fVDNBVDDsjAUoB4slR8anXrQNv976uiYE8pNqRoajOBUnHAqvr7OsqTUjyK7B/Kp5cInJR7xc/KcMtRl4HPK9bD2WxJyROJAhIbjYOYRzLWycWmWAwf7U8RUIgd6wuk2GIpDOEdWe3ISx5zDAoirmULFu5ewxeOuZn+ixH12FKsMGUfPu8Rs9Nx+V0DM1DsBHR/bS+hzfqMyIz+XNBV4TwIiIfc7fqqaf/OIYltQWoQsQ0tdluZskaMzhHKE3LS2zVQ343LNecPDwGfC9kcOFbV0POjBW2OzJTPoqSKyTC/Xi+J7IlSl79BlDP4NGvbCd0illODy+DFhF3dZVrkZBeJvF1L2XWMSE/eum7x+PSQV6gnWq4MBp9AiLEJiHBk9EC7MCAmvh8wER8P6dLCzBdj4x6oXOdCamKTPG243R0jVXm/RxNUFE8MaCFvpgPqQbMjyKbbSCUHSYJXKpL8kbfRcPtdfBV4WfQJPqoEgcneaf4lv0bRPtJDUvHpkLWCVhqvM1K9FGR1Lh9hw8dMWsNJkJNLZehrpuxP17oRB6LxjCR+L7AyQW0tZL+Wr07p8p1zmyC+dobg/aHk3Gk2ynIb4p3FC0ddnXAVX3SQQOd6iXjIdPxMuBDbcJWgGPUGulGtIrC7g+bROKE2KtlabuJlu4Xur9hWAgjmfdUBwX+S9QM8nI7W3/khiKfrE8y32W0UkJ6In/3xFT39wzh/pDEak6/ZS/OKaMGS77CjzbBur5ywyWYZFLWqj+Xj90gJVVZeXw3o4tU0q0qbEpIUQk85UFcI3P2xbtfIbB++jmE7AasqRt16sODtFT3yvmkn2BgdO7FmUqpPCCGhQ8HUO+QkDihUVgsklut9g2b2ExEKh2nF67iyHesesx0MsAdJBL1buP4kK/3JP5AGCJAjIJ2ZRrmW4BCaHn75JRwqHzbi0qRzislrMhABA/Sd50dchh5DtHNQrxHHE1wZlXp2QOnhinJ+s9ydm7qLaZvMKdJMOyOpHs5TSeXcxEiGF+DEyWeuu2NKg00jNtalW8TT1Gwb9HT0/EWQNiGKkBJVKfKboHecGaaI+O+7/h+xZBhYPTI4Uy5GBvzUUn34LBc4zIkxy9JgUneN9BZK00RJLZeT9O75l0hDkxwpYmJBGnC7skkOGS+E1377x9MZ+8wzJDtJiZpfS8HQX1Erqp8QIIPruGzIUKiZWn5kfs+bFULoSpoxRjHzNrHxXcq65ANtlF8OD3+ArySc3iHSIT6gRl4LKKf2+xftuszrcfsE2L/p09fuZayamW5t15UAfAcUmrI5Ljsg8j7Zu/kBFH51j2m8THJ3cVCRES4F5CKByJUs7NEYzukBkYVaTzGsgsFccHRESA50w+7KIzhiGL4H2quXQ5kPw4SH/XDVqsKvkkqPA8OWGhvdfTnDFeXgYdWDtzRlP3UdAMJuMmxiN0j6rwM1Mualev7Mr/CVvoPsScdZbNOIkugMmPSNSRjT6QV0nQBODl9pNA4c0PBV1TClo1NdulyAo1W8ocoPHKO0C8kkIUBWm4k3QLbyKfcQqWJnzQRO0rnlxPrVOR4TjSS65Z6WNX9pI425KLhD66RkBk82oMgYA9ggxMxEmN6nBqnJcxmGAlhXqgNnmkSnuNWkzjZ4SRidsMWnTrS+lkyMZamdrvEsihARgtXSk+ksdZjbfdzyU4e2PPfQDamehlx3LFVDVshd7cznFrAl+eDSLYEiw89NRIdhWvbFYh7n4P4p/Hsx8oVTcfuqm5MNzTaPMVXgTHeI+2Kj2VVr49i4j/TZwZsOQV4ihuL0gU1/GaF3lj+P6R55dIvujxjdCKjiU+FvMn7K5Ijpsawon8cIedmjJKsAFiQnD91Mk5YwtnFqikRSkysUfdPojhW9j0XirpdWsAdQCvxDQ1VSj2tfXhg8/qWDQbO7/8s4ZhuGp+3nnHK+6YRLn0Zh51Bd20nLpzj2i5AgfXEW6Dg1N2IsfIaTyEuhDEaV374Y2ZJ0lzmRPULkquna/Hbfvr3oUNb0EqJym+m4RChJwgbpCcoeHDn75YVVzuzKxC+s6Hq4CWZQRC49knOPzHDeOVBs/l7k2EV97kFhmGa5ZxqgX9B/dhhEZNQMf/scWrB7yxOsCXzXZwNdZ4l9UL+eyRSC0ElyHwG7FC9wtFFWWCLzk6V3vLPe4ApNcBMXpEcNtq5DaqlfmDqoT+MV/ETUjq4jOPLYTQG+tB2bm6E0DdBGXh6+qgOFry5T0Wu9W6eCs/EwsCiW0d7PkvREw37GP4X0mpQOrt7na7TFMw80NYleipuUVgfeWREtnZmKSaDVXDvecel2Vr7c3JTjLPgBaSXonbQa8Jqw3PSfmI9HcmZkp1/f+Ti+D8y+lX+y096lB/NpnPLFA+uh1VMVNfDlnTKQJ3DN1snSwnCKb1KXYf9OabRI+lxOxa+95AGvUyJb+xtw8+/WaY8fb+vvznLvIrdUZSx8NjQ6qVxrDu75I0C1y8ufSoczsjX1kEquS52YAfi3n7FkCL+8BKH+v8C8UqxMv57sL2678llSgli8/FDzHaSAh9I+wTFv+Im5ez7LHXCBSfZ4ZTqrEKCObnZM4YM5txid5tk+gUi7Zf7ezI43hJ2vY8OCAbndK7p6Elvmz69lpLn4d5oNAPzamWB3TIHfj8GDc9kYpSP3Uvs/pB87fN0oR7MmS9dRyzHv8DDu44nsp8Vz2qpwJzrlgL30Fefz5eYb7e1IGcDYXcNA5ceOTxz0LLpmntZzrmifo8iMy9LhILjh/fgydPkJxnDB/MFaNWM3Yh1VMAfAB2lXozzlOV/qcXMFGlnckxauesCNlB9cCWrW6KtaCSAprtBWr6GYOKWAKfLvB1/QIr2E9O82x7voUV185zpd0H/nha8YGC10iaHI2LgJG+RUvmdxL2P69MzcYP0w4nnRxNPO+nBY54TneVddGctEbGpNn5VVckQctGvqb6hp4cRcR/emgawhuTLu7SDfb+C404u8VzBI8M4B/yiOgu2PFhsxSObT6t2gkDAk28t612noyQ+1u1R5xfwpUM6q2OP0objwkhdFepXb4nz4v7TMPgtbJkwA8JkOzkmFi6v3d6UwwlSx1j3cqQrKPa9atbj55frQwTKBjBruhvkpe3B4rS+R2frQfEm1L3IKzItq5N+y5hMjE7VsVksUmedTXCzHQUlsgJszj/Nnli0I8kzb5lmomvzZrsPUIixHh2uGUX4Vp6Sc73PA31EmMd4JCBB0LabDSZaGXkCwtdWhiL3vpvX51T+cHHGO9tsGvxw5T4XLbxweodkCUnUdsUZ6PnAAgGswi5XIL8nLewpWrk8pJ1vbMuZmJwZMTbCq6CXvoqx7x3By/GHZTaKPD/G702Gbilz2g3GgLXW+mJHEMOAgjaU4CtNnQLseagtnXpVVP5/iCKk3JzaRvuSbQ1Gvx/pEGkUsxJw9DK98kCbM+Sh7U/RgIyh4jXX8ZAAaqw/KJMn3xFB6pMsShtG/3xwzvhlRM/kBHYNT0kyY9dZ4rn7iwr4xGs7YP2o5LwUpb5zy+rT2xyk4OqgGpZKlheTdysOZ15eUodvLcmW93/TjNYMl3b+wCJVBFPF+R4bF0utQhq1fi8zEu25AJtJ77wBrUUxA7jdxbTZczjgeX0jelJPpFSxV7t6d9GWbVlZIzXOwsRsSzEiszb2jcrJ+oLidFpUAklDBIvfWCct+3ksS9ugu+Y+pkPM7O/JqLGZpdB7pQg+z+fSF/s7eYsGlb9I2tjgw08YEt/rDzMO2DhgXOlDSifX5/rZeFwNEgMvIkoM3Ohe8aymtPsOe7nJe+dcxG0ZK1qbaynpB6BvKnmD4a8pr/lnIw0PZ6HkdGhQYwmoXrxguwkkeOHmXrUxDeTq/U4nrm1Va93fNVnw9a0bDGemf8v5J6Fhhms+ONrlR39jZQEOs/KCqr8c9g5ql3JVkhIl5p2p25Kwp4pYoA3lq5qozEeWslpxAxEMnLCigcxW7CASYGpv57ItNBsmcz0stO90zAMniXQezJ8ltv+BVGsWpCVNquZEwJdnIKl/Gz3teH2tb0hSbwTQvfgwEtjG/fYsMXz6MusS4kHXJikveiYryYA0wJL37RluSVTEW11e5ELCGhDYmZnV5WGaMDSb7LwHKSRLFfsN4MxzFRr5j7C5x3u1egWJcFqY0/iveljkI3BcGVRiiOErlN5itUtM/Y7Ww/zDlk/EgqkKCfLldPboEE98rsk4ZYfJW7buJe52dOVPuiulifhdKi4ungW++kHVUEMGf4ne+gqSeNdMDOc9pMMCPR8HnpcScuXGOtZ4mU/5dCDfZzHeJOPzbYZuQJe2dn6qzDEa/RZocUTufTfYeRaaSngxU3yIZBizrPrMxMKER6LXO/Jvxl+llmfAVesJHYDRxtm9ZZaNCa163Lvf1WbzwO7gHlOWXgqJ77A3sfsovcgUqOi67MNVRlw3QzHdL3Ej6d4nFVeBsLlkgGTzVVf0uYeSg3dfy89Gu/ey1/8YvDmuCgNmLsDy0/VzgelQdVqprRVpfQCU1DHiC3kAtz/1NHD+GmXZiokdIsdpWRJeycB2NZlRvfooUB4YiUxTgkLAFYuvQh41bCTkPVb2175+2tOs1HTlRF7/VaM5RfKhW/Js70hiR/ueixlkXTr+ATDCWO4BQ9d2gZU8n7kyOWUV/DbiNmyTw+GvlAchIBFVwiFrtz4xn/bFnUa00K81FRuCqtLiKIqx9vlJmvYNV4JsnKC63f6xiTK14GJkIAI46mmYkVWnM+1TiAiCCs3T3LkvV07cgjkF1SgqaC6RHmeK2GQrONIaWwUvw2rShETu+mfBU9E2CJu+Cm6E06pHLRZy13CHDGkjAcDC7933O3s3gymjHjv8vjsqe4sriUOoMoygW+ywe7frs0urqK5hmzvrU/ymFq/yJywcX3IXZmm7n1cqiKiPoKdaJeV9Py7kACyluDjbm/MgDMUK0kVeWh49edRaRniwxLM3R+Vv+QqwmRqur941Wr32CsKJVsXyTbt7+VIQriYwwttWiEjk/LA9cVPYrEZI1vB9aQvn14HJuMq1u5HgE7KWzQ6ej+zdRSGzTvoHQKG8+fW8E3ZtW/k5d+J8q9wxTZ/ttvqOfEkWkS+h+nNJDEehdur5yTC18NQZtGjA7q4kJFqU0a9RVc/WS7cgGoQLiEhaCvt0nUVR/LhmOHdTPr8zLPe6FyABdPy6iQO8ZaEbdlg3srpyFZBrnSErI31HhtjZdNpkeghs7IKXenJRWdPW/gwboyHyIy87IODE7gu2f65Fnad9I2728WNRCfCFLMyjbfLJ9ahUKiO0NcAfUwMV9Mo40nzz1WiMMC6vZTZbGBKhggwKTaOYNhPnsp4AOlpocCLEjZjvbADhbh25wIu700WjN/4OpObwd27UYK+Qb0uK/IKlkeSj9rWE3+kiZeI2eDRz+276unIuIuikzkPSMVMRPyg/QJQBcyosx/2kpBQ8oz+lFnSYGYXYOIeD1Aa8LulLGzmNxVN4SSbzQD5olHE3V5Svvz6Zblt/V2qa9WUgVETujs7vV24tnWF/3cqjNb4wiHprIM7boZmSFptO0SX66tOZuL6aOnpF/khFyfEV3JPOSneH2ep2+ZC0t0u7+ZtmZmbSuXzSYoZO+W6ijJxSpQq16Ib6Tr/YR9JCXe9YDj4k9k8msnXQwwyc5AjpnRx6t6ya/rJn4eaASrSsbCX6IY4SppLNSS6PelXe/BV5cUqxT1iGgQICBYGIp1P+29NZqaUePWpvnQ2czcYAIJ4FSEAkzrwbLbj5gRd/WMjSkPaoTPA+lnr8Hb3arVHQhD9gJn2bMFgRySBhN8AWeoQsJyxNC0VP7/sxtjmxd+FwjFa1RqyKoAiYL7nY+pCOq4h6nmyjG3fOABGfIt/NIoJNbo91t3MGfF7YYFfiA1AG1CCpnJhIwbCLeBkqrIQ+fW6f2spgAtWf0IxJgm9OPlFNEGb23GolGLe/Yv6JL4YDMkwCPFQKUjmjOnB1sr1y1HRyVY8ATqMAn3fnHe/zzI1q6CWdWSKIYOXV0sYcV5cl+SKc5l3NcLbUcKSUzbSN6cWnM/qb1/3G1TugzenoVox6UbxUFGRQbLhjgEgGg91qeicaVwdl7D5EVhMCVq5YFbcmJLbUjYuZcu67HiYoh/L96uA47RoBvLlDOp0YLI0DZTwJdMDYB2R/bY/xBdg7bmc1PaLlUBw170qVi/v7GFjCCvQZl0wDl/Lmd4j0wvw5mkZloU38OrSvIRtUbki40+JB/EUTnEgB/ZW5SogIADzwAcke4RAoI5HsJvvle55Wcutwwii8luU9re5y4fMLXjh+67dsmsn66y3+MtRtvsevPf6PTQNMbVOaA4pvOPECf2gWRxH4NWYpwZdW4+cdB4V6brd0ez/LzDBKRq7L8r2O4wguxWzgw1SvBX3rGkIUZ/oY3Qrh5WmoTg6ZwB6D4wwm7zVFwR5Af0UpUG19m+fj+Bl7uKBuXhGTH8KtogebZGv+t/UvrTmUSMZryV+mbY3Cqvotytp0rrd13SNgAu/aJGCSk0AtfwilAhdyZV8IBVL1mmrzQz56RMmt4xGFBQAmXItTJJC46ZUJOaA2j6g7mEc7zkh99njd3FMX+Sj39ObeLRvfk6MLSNdsd0yvxm/TrnOHHD4xpTtey5ZeURnyR+XN0twvBSoYkpX0j+7zf6WHYk88muOYEAArTKdiFRw1Fobn3ZJkrvHul+1R1d/UqxKzoybMHIC4kniAn6qG/Jfmb7I2s6R5NWHiu+aRtWdT8ZB6GVhrWmhwhyE5LMIeDOjpTm0YyX4mjUXZY/5/jsnVpNThzP2qPYRgEsf0134AN7hvOozcDtWXrEhRdtIZ6shC5GhItutJOrrKVtBh1Q8HGZMYXvAmdfziBAUzcSNzQEJRpeX9/Iig2B+WmRBH9OJSd2JF7KyfAwXuK7TjbuYy8983xc2fvo8CN3Sjn9+GNJbXwWsmatfSGiyGYPUnprKyX2r+lSCgs+auarM/vdEY9TH1SHygqvlReNdAeCvVzqIhkHNUjbs2VixQzZ9gbVRhrZbROrO4Aos6G2meRBekLMIjkZMbw9Wxw5Q0hqdxTrCTIYW4w8Kdf5LwuWD/FkjEBIIjjhhf5w8jFyAQ9+tOiO9H9wcQDUB5q1E1U0wEAr/2h/FeyM2mu/phSKE7VFxdKFvQls2qE+FSPQg+isZ0vVbAKgptW+l2gRaDFyL6TgUWfIZlblRKePiPXxUa2Tcqs1uRQFnwu/ChqZm7PztyzLhm2A8l9OwWR+mG8gpdnWUPP9JcwJuG24z4WGP+7gSNaGbmIqXTFXSG2gvYvx1BQXXPZ7Ke5mAlBMDhfgUK95d/4MaiEW/MwAELkf+iLODqhTAdUiPq+iKOP4tA1ZcI/quEnahDcCrwRtmvQTX7OsfAVGhwAFRhfcnxhkqKZHRgUYk1vAbgNgDdfjD5uqqbJqKzoi/73DavPxPeuahDH76jfhmCMm3LTJOryMMfnRsl+ZCLvXofaL5jqAsQeLfDuON3eB5vwZ2CxXA5aDVxefci5WJX2TWiiivdTzUBQKcq+wXHbzZ/I2s4NXFRPalNnfs1F2alrBebCYePrl4irGHJ/iKgng9TXcVbCQSvtVPZr3QEcnUzahtw6bA49q+teQcEhFGZlkyn0+IvXswgxhsP12kE99JdNA212ru5Q0V0el9bc4EOq2jeV0zL8dxkbG6cnkJMVjOvvV85NnPhw+AIu76TqPu+iR/IKyDC4+NvsaSrOsriiXmOiuyC9MbBV7HE7MI0H7B5GOmdTtHAKkTaubw4+ecjX1k5+zdBYZnfU41Kz3k0AyNAQ99ERPNx7YZAErUThfiAL6A7pndCHu8IL0Wi080ZaaMphdE24dKK58Ue8EgU61iBWyfhVQtzi5PQfUhRAqw0DSbkxJookwuf1b8/B54KZ2VnoXzXATUrTSPgZC1cmL+XAIuJbQFD6regMdVpBKM9VeqPmQKMjWAO9EbCxLJGXBniJ1c9KpXzrKjHJZTnQVv3nRt+oOZ94aHo4PqiNsD/STQRxx3E3EOQr1MOKPlmjLb2Nf0HHPxeSIE7P6b7BJe8d+zwG7LpVNmJir0aXAajFc8KW0tS7mp1N4qshoUEdPbhptaU4j7mFxaLUWL4IB7nJZk0AvYMtOqPl8kr09aEHYurWE5ry5wmAI3/mwHF6yNwGstEEAaDvxsvgrFJFV/8+Wrkyw2Zcw3jUBOt1Ond3daEFxOEHHYKzCjh7cWBUIPfu6qOX02hFt8hMv0iaeu4guDM0rVlgNmUUzSYxOEFLqn+Ppt0K/7GMGuRYmjsb0E8QXPF3s0b9Z27e0rG2oSnwvrbXobR/paonwgEZ3kPvWMdd5em+0rzBn4OG7kHZfw4cnQUMrwIp17dYNPXOvQHMtn83ufUiCorxVcBfhmCnKV1EJmR0cLlmDRC89b3aZxDjomn8lCwMDnJyrV/VQbUjU0/syjI4b8OSdS+adT5GILsbDOVUQo56ts3sgH8iB0ik47vjcp5RLCpHU2odiRb9QkzQG1OxcJzur3mAEYgmvLwHv7UQhf2LESjMV0Cnh98oWdeasPrZ0jorUVpPvrOkv/08ZWwnaoqNYtBcrRb8XCByWpklLwwvudGQ7DDssz0a/486iaUwXC108yzCx4Oz4XJzvjL6iQaPUJiCxwCO3yCWsL3kxy2YykGAq/w7iBU9Dg3QwOkc/sBBVuZRS/7HCVjT/twTCm9joNU2nF8+g4tYPMQaAe9frVKCgbWyTvmIudsxBzqM7mh1SU9DXyQLBzmLSjB091y7rYqtkzhgNQC+ORlkZPLUdWZWdOh2gWxh1ruO+jY+a2EsnqkOKwOXyACIyQHaOM1SgPtdxU0/bJFZ6NjbN6S8PrdmRrNLKlLyAz8HOq/tX8j6m9BtrgPDvU++ZzFNkvZoPMhxZbPTrZNCkxJX6PBNaNGcfY/32KY4X2unlnQNo7vPbzs8J366WDAZLItyHSVMB5isobckMNy5svFo4DQpx98Qha9rBRYwUJEAFC0zIshIpA5PMR9wLg0wHCXtPha/j+gb60i3wvoSLSGFvOZcuQ9BAlgn7MQG6ccdnbc9RHJywHKB9Sh/zwZbC4VvXsAd8xVhhV6NGzZh2DaDgqLjpX0AKHbN/9e4aGJWa0O55DKszXiBi5lWZXz9RnwhjiXhZZFsOsfZ27jPk4ENQJNrd9cNi3drQNr28PpalaXrbj5KEo3DtguMicqgDB1NX+2GD/MR0sjqPafl3T979b7rFK59vwtF7L8Gayfapi7Ts7tsIo7Qc1q+3kTxgAO/cerV55EwcGsnAWlU+Sw13xhOMGGEBwM2wV9/LNOHOH2znZRSb3jwve7mO4aNhIAkrLh/SKL/BD7yiQOS/cp/zdrRoS8G+d2z9PxiyrH42i6KMFdvN8MtMoQ0aoSTzeKQWsOb8uc/mfdOtHLIkpDxkLcUQoVKA7USYKU4yMGua24aoJO63CEAVgXZI2IJD8rM7yQGbcpVJ0ZAACoQ03WQY918fkeBjHuhcbAho7oU5VmqXc75ej2UFfgTUatqD8dBf7mtT61ZoYnRh+Lwx+8lDi8jGxtgtj41NhPyzwSp5h5bevNu1znyVyk0yunmYkajwwKUicu2TVBsnA2OZ5SYvAvF50SmhjQzE+lXHo/59LmIn2MFHxW5Rur/YN523RW5cKLoZzKodW47ePkaHGKXvWCjztuq0uzlmKh1bxMcUUpvLUk6vHpJs5rRnh2xfsouGwWaXoCmF8uUcwvetiDBFUrw5EWz+0VUPdRp1hLwPsLgmpD9C6dA2I6Amld4Ksv1KVx5A0lEJ3scy36W8+wvHXG+2oOsPxdKswThO18BqFxG12HKVw7bCHOfz0YJmIR27LeNytvE+hd9BbgD4ErY/F58USq+IYiFYuvLZAGQJjKc/xn8OvSCSRcD59LSVbTHyM4uLXy2/IvluRH8lTuq0L5YEoWeKS9rR1u9EbI5DDXdqsDDKVp3ybNP1Gbg0XM9MeuQ1Ak2DY7t1/9fBfF519Vi1ud0IkTPRthm/qCfttSi9Yfzol9fkfEYuCf/Ei4j9l2n7/cT2rMYgNxVsZQwfRancmCLEmxSoc8GSrm/yqfoVgY0aT27s2Na0/M7Voll4JmGL/cOLQ6msxunLO8unm02wHoEc9EgZCP0WnAzZbiFOcgDO9Mj1PFFyxFz6eJ1RSLtl9ofZaflY+bSIcLhWzGhUa6ohNAYMifSmpoNPuV41NLtaZPHaGbMWBFCpxlJvBy834vQK8XaP7LdaJzKk8N0eELRltUTZWMIEosSJIWySXHkaGUMOXyemY4C2bQkNt4yBds9z3Uu3/T0EvONAVmO12oCzhxOWJ2MsMrhYYSPYGMivjiOtXCc3UKZijmO7FPb3MyKONLrz53Q/PAGXHUta1HzZiv6zWPyXqFTRNQ3kqV44FMDJnJ2OWdor2kzxkjYZSa4HG0P47sr4aLyDUoKQUVwGhSvvmyOF0n1mTAGMcKN2jaiguuT3O++T0DU4sIjTivfGjAdL0Ut1Kxa566BOpyms8y2exV/eKULDiRn0iIh81KwxXJ2OFVs73HVMQNjXKePBzkQw5k9hzeoIH7DEV3WPLjz9e2BGFQszym0pDBY25IDEZmzuyEeYuGT2HXrveZ0wQQTNCU6bK+oEK7i1w9DwCOmmkh4xwdjNP/Lc0FGJcHKG1942NMh07QBJ+sPDrZYHlAmQpZuVd2RKAf54HKhmg5KWCV9TLdYMa70abGgauQvnHFpNoFGpGdAEiWXwVYsQb1jdU+RmzsEoNfaQjplEjdgXl+pxrmjqpX4o8IfzMJrniSfZCmIZoFZaHZSS7zN/od4X9OCYpoLo58V7a3yOET8ph6PloQaCH3Os2M2jamo+DiyfPKOGFi+UbpZsHfi1ftHH3tI0xiGoXAVtS0mpTcXc38hOvGguuLcBjwje6vXnjsAsaWgv77kL+ow66u4nAzU62SNt+7EZZ+HVoSnjTLjA9z4pwAIyH3e/M2kO/Kdmd00qsyfY+tWWOYtjALTdlF99l0ZKGQNbzFaYLOaa82FCK4Azuz6yfw2RvV/ZOkyJ6dMIcle6sCtM6lFyAEUFNXLK+964uA3x/8fg188+aNvG610zZSPIjObJBjuQ8kDhV0mzA/QYDgg/vT4lsUDMJL/XCGJQoiyeyEkRIqVJL3VzAoVsGYDdZm7u1/IPoJJdn19FORFr/1UZqEnrQy3/4Yb2E1IdEllOPnueZiO6qXS2GsN2VcaUNd1uY1RNU2XX0rs3/cuc+NZm0zmmYlobDghzxOV2GT5vMxAZGsaefF/NmaKSRmsRj+mICbsXWqKhOV0aCgDr/2O63fze8YETG/RQb10IRE67D/jHvHsMesVU4yO+KAybGuOGxU44nWyFEP0nJ+tf1097SEaApb1ntLb9OC4CLbDADwiUVz1am2xwfjCz870qn/xcMIRjPMeUH4+vqUJ7yokgZuMlgkH1L++7Tkik4BwWPXwQOGyoW+GbCWO9vv4/SZsRm2NcrvbLTThFks6qVfxDdohv1sIatx69Bn2QGuipLli+fu0DDn0aZgjfzv+C8xiLYa7mE3flaqe2QI25Qb1L0nmUZTs48CPa0t3g26pivBs0fa5qeJdkia6Xmt3ShOuajO55gxCvtiWo0ClIbBOGUEbc7Gkp+k99hT4QPrIivf9q5y/MoyyKqGcs9/QpCS69T7W1ZEqC7m3inTFtYxeoS2DZSZjYa6wrJ8SjGe1vasFFkzrKZuPRc6NRWhwz9amp5a8LpYFRt0RNK/teNyM6zcLKkuZMIKByYEBOnU0kLSIfJcmuir85X7g1/B0It+/PWPBErefOf7jRnkXV34miyMmOscm8491PJkJWQlkMwS9CeScTwtqZUHyJURd/6Gku+1suYqhXnfVRnUbLyX+c6w8FqVZnooJPgL6I7Lf6gpr0T3ufElxQPaugnJWBedRlhx1a2LqfDlD7K2A+N5nTe3VK6cLsZI9Ug+CKAcSAcCuLaBZ6r4knTza/vu8rDywHEH4V3s51aHs+KM1iMWXB7zisgkeDLz6mJd2kpRCE77SG905Y+h6Yx8SeOZ7yBZ1MnHGCJ08GHmr3WZN+wT2pZuWsThWPhJ2Myw6PiKVSYlYNBeN/6+1oRopp6A8YNhpz88UhgFWMLK5rlfPXxLJqlX3Bb7YBTdb6/4M/BR5e6mOoxFzDVolMYSdBq1LeDLPb9rAnlXGv/nRFlX26AhK1pKRBUvsw4oAMr6r+OhSkGrDHcCTYJ4NSX+7j+7P1XoQ5w74YVM4qTTes/TPVyutI9nGWtZmlO6W7vy7WHXxiICkPokMB/Ib+tXYWJxPAcBOMhm3az3vVRniAvsHnIkSblO0go1NL+KGoMrdT8QN/oj43Ge3QuVOk++2UEnqTYztUfCqnqcsgqhUsKYzHd1Iy/hF46lbwg4KNS5XoAB4lmCOwvZYisxBUFFoZEU7P4lSOD+jMikClqsQYMRP1FR+tAqrdBd5+GEa4302y3Bf69R0+c+/NOzizCJlShr1XJyavPScrnJo87nKqLOX9CqeFNz3lIit+0927FdWNtbvHllxuupL6GYMPwJpLXabFv8UZZuBl7uPqoj/g/jBtFnPpME9fv+tBKTIf7JRm+MqqcFbTh62qUzc8NU28IJDyMzWjhR79SOTvuA5y2nM9H2AbxmOqAyKz/u3KsuPwHuLAGqAYd8Vuik/UfTK2jfqDw8+Pw6TjfDir4SRPt4mSzXR4PCmbBs1/cY5ELAvgfM7YlRggrFwXQXQ9Nz3Ft9ikqmhSpRnb/c6yY6fARnIsK4px9W76qf/s0rGmMS2U5UGKzshimUbl6CBWfpCHtmhlIZmf1twN4P7fZQSa+oDvG/V/pVRCF+w+f137IYh+JJvGygJBDIO+rhNXAxBPnrUvM8sh/D5osX50Zr71pQSFKWcr/n4D/Li9cra7zoP7B27QatL0fFm/pF1CVo/jvxxPP24hEJA1WQJIJ+5LZDT6vP8C7iw3ysZZOYlbw48UqZxi1qJnS4E8mRWe2vg9JB6MtqRoFCxCCBRRiVIZQyN8G8nBcnnkA1KS/cu2znSky/g597uoOUGNGWvpde3PUmdu+cGU8cLCyClWLjxyZk9uqsE2UJwlspfB8d5R6Q+eSSXfpo5AtAn7uxPeFnljUx9ehUlPSfB5CJB0N+5YUam0z/eSXAeojgtm0BLSf7gJhqC9fGFsMe1dqulj5GvJ0XTt8/G8CtNLi5jywRVMc8U7fyvMrTqEfYaUwm4V8Nq4ORjDP2NAZROfaU4BeAaCnGCzKHih85v3IDPer4dZvNWHyQTZj3dnjWPw7bJSpAqBevAvItQtcHOjipFpwhRe7is3mc3I3NLWIRjBfanH2QcFbELt1Zftp1ywwjOpeujZ0KyonSbT4zdJkj6VLfWLIFNw0UquYE2xIvk0Iaer70sfZ0LFl3qam9pAyqAp7XaqGyj5twDYQ5NHseN+1hqwUAyzpqnBjZV7RTJpCnJ54dz/y+fFwxx6g3mali9YmplbLBN+FoxpmHgT+NQZuwE26ciVDGT0T4ggKzk0D6njCIBcz7G2ebkY5TcQ6MX5T/bXpWXEu9Vo9s600AX9HDeplSaUObDwlC4bMLwrbBxATq4cAgUiY5hNiEzg7ZtpU43AJ+/kJVGqTmr1FVpM8wvkdl2v6/shHKtqPiDuXKrzhw5JOz8IpXfLNOnDpH5hPmW88Ema0fT6V9D39UXUhjxPxUiHkyoruEbAdLkygGuL+uV7lmihuNaHyMF4l2kUZBK7ZjDyHxmSQK7VdjwkMNAJmciWWeOcWorNqYK0AL4cPoRXkcxf+xrXR/CH9EO1WZbucPLmoyqpoNXz1y/UcZhBeP2TFG1QPBb/fRZUmwJ/lwz/ifjGSnkiHp9/CzTJnRk/9fYAtMLNvLjv+myHqvIeOERXLrA7FV3RR/NtU4ScbL2U9F5PTZnv7HRW+QasmgvQ7zJYyedMKctPEoSVKUr1EC7G7Mye9DHTcT6hDEyALlqeLkh8yDJjq0/KDdzT2RKZ3pT2/t/uRud0n3qX0hjW1ls/9BUkhUZslbdm7HDrNC3PHXlcAH0kLL6CUWpnHv5LUal4z2Gp8UDe+cuZHGduOq+ESf3hY0K39bchiVqIqmijOHRwy6ZWK+neqkxLdpttQkex19LNqDkqZTaIEdxBEZk0IlYXZH418De+bjIvT8f5GwK52wyhmJdRZ306j8eJhe6BA+5ra2T90tomquiUYiIhWKfv4iCGWVEp97hwo8tlr0wTuoKvIn8FWjTN4Bz4XsrAeeHDtrHmqcYJBm+lML1jeWgu0uUqwpE6XONgtBpy+wDC3IbBliRzPIGqPKz33lRxAdWcWpUZJY8nhn1ZUrzFowMQR72UtOY2ULZsRngmB1m0pTVvgvtOoTbGEF9RWoJ1pUFz610TkkHsUSuqrGBgtRBY3K9+e2RMauRpFbvgyvdZT9K8bd0iC02IcqI7arnia4H6ddcCrqHTN0cqSl7Paes0zmN1ryIPWrW1fYpq+QjlIjnORrtiY0FGWPibSAZP5sZeNSvW+MemmCNmrEZewSIVJX0f84YXhgADcrRsPBhaUk3do3Qhi4UFb/cWMM60a52d6p6xEy9G3x8mLyXhUnDbf3D0OetOT4wT9TxJvxHMMUnKjd0w1VCMqITYQ+1cyYe6yqDD+o6JKyWOOt1NL3g1tly9dgpFkBLqnCwscXu2H8h6P0geuqSXFhPC2kcytHtcENNv1AVKOIkGr7LmQx2lwl2M5aJ9PeYjHkjSfbUE7dXCsao+SV8rWLQ94rrw0VflNGsSzU/MwDbczhtYh1nwPOkVfizNeHIN7RNfb67f4iJ7ybG4pTrtxvGVtjOf4QdAptD/tHDBvHyD0wSJcESZ3ulQxt2eRIEAY7YX27ZHDZVr/zU/8uR4JG3QT0OlWteIkRhkvFHmtvUueI0i5IX0Fu6I/Diz98/TLQc3mrjjmy5ndrhJSsl1UhXCL8UQI3Usz1ll7SDxGYOJNnPGjLwbWlV+KxK6E1LvFrqxKCf7DwdpHfXaZ2xI0wBS6PW8Iwjyg65UdobRtcfDBOaqFVs3IqAal6hyMocVWMMwu6d4BboZbKe/oCZ5TkdtR8riFntDkRF6Q+G7BqJn7VpwXQOAWHVF+/YLo/zkGoXcZBUw9tAE53JA6W1gWrnr0T5CuWxu+5I0y9vH2i61rjCbfCm4lhcTySt7FbjSIoSSbiKGmo1PiboXVUcWMw72LYqzj5cGwV4Vi/2FBTCP+OVKyB60Qg4SKpLZaiAKoZqx+2FA5DHId2Akrodcw1cKoPN/7uBjawPYO+1gAZjjcbsZEP58PJXhmhL/BiK5UKSdiBPkMTj1Hd6pxjvS3UObc74Y7GChZoHWLoUtD2enNrFyy10CxJfvPQB24ccZk8O5cX4/OiT44gbrCzkWM/jJw2LPs03GLiPatzObPShzyGzCfjogeBvl1ItaI9PHYQJ1a4c6Ju7ZR/59SKAT0zEbho6/quj5CGqMBWBUvtgxL5x4g2Vlr0n5//cocH+4tDKWuxzXkzbhvZT1HLtGuLP/GMe+QhX89ZQSG0YINZRnjsJTlD8vZcTVl6SdNwQGQ9CBwQKkrwtzx7He1fCQ/lOntWpo2/UbWcTz6LTpc0pdnc6IIwplQFTOi8lJ6ahlCJ/GMDjG0fbd0HOZ7slFhpgbckwXK4n1B+L+ZDMpkVzbVoQBfMJvIVcQdJOZSIbkdFOsrlzzgAq6T+FyBhQwlsTbLXvWWmKYkRNv0zMpk/EHIWyCDLVumHQ7CO1Ml56588uF81rYeQ61851o/8ttMv7qSVleILbPw9Qc4a6GpXVUQmuBw6E2Ws3TPFG9+my6jbvT+WBmVBk3GU4j9csrnZxhZFfHvU3sZhTcBQsLk25j0AxEgxQ0LkGbD3MsRRUvjxcar4C63VfdeWAjt4OihizfphsRTOd6GzLnRj/XhQCVAsOisvrrig1jdE9g0aM4t/SDCUHgxCnDQa/r3zPe/uf6t3N3Cn+YmmPyI76T2+zkbW5M6y1Vbt1dbrBMAvdy5iTkOdv1Z50H1h5ipQBRTSdtv6v82gvFxkL/1ADqpgSLwl6Gk1S9buXzDPKlJePqnlq1KGBXAcPECcHn0R0SmylyUEsJtju6iB+kx0AK5+QczIAVGO41hefmUF5A2e9u11KvEPhc0LEIBTEIQs2JuPErDzt5ErGzcpnnmGhpcMzjlfjKg2hW8PFTuQqddPWEoRC/61deK8VHmHH8B61kbiwGUO6t3z4oHEBY0=,iv:0QEPw6CMkOeGPkpZq3hZenkKDFnAdNiBbJbIMOLCbHw=,tag:SqHlmsYEPIMlGfPhkVrDAQ==,type:str] -title.keys: ENC[AES256_GCM,data:mAlox5nq4dyZHmDndZkmghu8Qp7F5oTSx7CKEiygztmrFaSNji8csIdMp+t9eL43elrVatckALrLIw4e3Zlh7Osf9dqLAVbE6SV7YUfo/AeKfbmYU9UoM7+YlnxqS9T83xvmr++pNM/mxSZJwvgDTbQVWeW2T6+6Mglozmh/8yDOqT/vmj+gsHD6ndXID+FxohgI+kP3b8YI1oYlwdZaPAVtZYrYhgWpZ6yBiZbhhjtoBV5xIfQQRQdDAx8kC1xDbA0Ntmn5hGgPbCwpina3K+1Ukh30orGq1dB/7hb2AsuxsRVgWQ5uqSHCCV+BkybgoeHFR8G58VYl5/TzQbJSRb+NOo/2XeVByUq++kFyudQTSZvhijyjZ+GmErftpEz6rC4a/jte9j1MGaMLbAzEMTFZbBte4VLVgC4k/CNFDxkeYKcB3+Dspl4tMw+R70WWr5vo1hduUCkhC2N+2VlJ2vokFkoL+E4pw1r8XaQZN60JHz/3C5hgw/FwlNidro6DzlFzWSpZoRymkr1UPuEICb5P7fDB3au0yDYpqpWXCPqTU1WtFvAf2273kip2VOd1iWpcx4LcVOYdwvM2NkGx/gIzEmU2sJAIdB8m/p9Jjj3WHOxnXTR75OZo5zHi1aQiBvMjW+xg37pu6Dt7m9LNabPWpedgQtZxw3bhWhDrOqo0DfQEsyHvjaNzCTro3zZKnCPSqDPcEpAxD8fogtpSZoa6beNVCJYQ54o5qlGoH2eRvG/M2ncq9tzn9iwAP8MfKWlyIyPUwQzZaT14Wl3pl90HRrolu3tzZpAFNc1Ok7zKYTIXKzxMl3Au5hyP2mvGXYZl+GwhO2rk1CpdhFjNvq6orxFmnDQjX1e8QmxlR0B6tUeIwDWyssGO+Ie2k23eOW3mM1JLt+7HY3R65MoI6SdNaQxH7lqNnm21rp9eKjIQS0NBwLeO8XVM7VtyeYt7Awl7eBybmDrrRLTBi4JD2eayhBTqtvmjIwndNcxmSbY9chYs1n128ujNuzHud/QdTx4w0CndR9F8zIpISakonSZvVb4vh6JFY5uymONK0tlLy63sDLjPh3NMIM4/qEC7W0wTgX1uHG5Ac4AY2ptaaKFLlM/WNNS5cmObWZgytpR+UEWh5S+gmcSePf6DzAoZu/U2gBX+vA3eVA1Y5aAQA0gdDa+AI9jaBT9YGdM/+8im9brIzEozscybltpAdTe8/mUwl06FmziX1mO37mv/uxBAig4o2lUrEinH1vJEKWHtWWIOGIMIkz4BY0/3KK5vO/liie6aY2BbCnx47slRZg9r2jgPtz9iKxSW53QFeg62b51futQbmuipKoGwp0hW2NiKfa3UY5YQUNOoismU0YHvNGRm0VIKhUZZq7DUyHigxAQqrPFjpqw3318gVHQXWwacCgcr6onQ48Ke/H7/Vop/dRNmK7T5CKQE/zP+S/j9AixxNsnZ/FUBiRXQIeQoonrzo45Uh+9DEsn4G91S7utwrxYVEkNLIjGu4h80zpgxHqODop9v5dsvpvje2MX2C84hRttjB+zM1K5T3/xyH+g2Hk7owg9aIZsE+th8cGCkl2BVMl9750+fx5+K7j4iPgbw+6cub09W99Na+tuOMWAJT0M/IHr3,iv:LDGFvr5s5WvigWGeKmjOlY2mKEjAu+So3n6pRbChE+Q=,tag:9gQhB5fcFHNk7IltvrygKQ==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -16,7 +14,8 @@ sops: MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD +DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-29T14:31:21Z" - mac: ENC[AES256_GCM,data:K6gtlrWGtNvWwcE7zExB45kl9dxpA3zxbaqAFJd18HhVZb6VP1QRe2VcaoS/rlKBU508Z76sVuh/9hj7PBUMp+oPxWyxuUD4PUkYHxvELN4sHFzrJ+whXQVxCC81VwP6adA0fhwSyMxRLETf0tZo/09jTXMmbLZKZIDnFI5vbLs=,iv:Fg1tyIr4yKtdi0R1k+9j+1wxkAGtwvCGwGVHVQMfeuU=,tag:vND8ZazwY7i+DFj4nnTrsA==,type:str] + lastmodified: "2024-02-22T11:58:42Z" + mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.8.1 diff --git a/nixos/hosts/iso/configuration.nix b/nixos/hosts/iso/configuration.nix index e2d7688..1c45890 100644 --- a/nixos/hosts/iso/configuration.nix +++ b/nixos/hosts/iso/configuration.nix @@ -10,20 +10,20 @@ # outputs.homeManagerModules.example # outputs.nixosModules.contabo.wan inputs.home-manager.nixosModules.home-manager - outputs.nixosModules.vpn-ip # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.defaults # Import shared settings + ../../shared ]; - # programs.command-not-found.enable = lib.mkForce false; - # programs.nix-index.enable = true; - # programs.nix-index-database.comma.enable = true; + programs.command-not-found.enable = lib.mkForce false; + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; - # boot.tmp.cleanOnBoot = true; - # zramSwap.enable = false; - # networking.domain = ""; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = false; + networking.domain = ""; services.openssh = { enable = true; # require public key authentication for better security @@ -45,9 +45,7 @@ #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys sops.defaultSopsFile = ./secrets/sops.yaml; - services.vpn-ip.enable = false; - - # services.desktopManager.plasma6.enable = true; + services.desktopManager.plasma6.enable = true; environment.systemPackages = with pkgs; [ # Custom tools @@ -67,9 +65,11 @@ sbctl tpm2-tools tpm2-tss + waydroid zsh # KDE/QT + krunner-translator kdePackages.discover kdePackages.kcalc kdePackages.kdepim-addons @@ -81,14 +81,13 @@ kdePackages.plasma-pa kdePackages.sddm-kcm kdePackages.dolphin-plugins + libportal-qt5 libportal ]; # Enable networking networking.networkmanager.enable = true; - networking.hostName = "iso"; - # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53" networking.firewall.enable = true; @@ -107,24 +106,24 @@ # Enable bluetooth hardware hardware.bluetooth.enable = true; - # security.tpm2.enable = true; - # security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so - # security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - # users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices + security.tpm2.enable = true; + security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices # Set your time zone. time.timeZone = "Europe/Amsterdam"; - # programs.git = { - # enable = true; - # }; + programs.git = { + enable = true; + }; - # programs.direnv = { - # enable = true; - # }; + programs.direnv = { + enable = true; + }; - # # Enable completion of system packages by zsh - # environment.pathsToLink = ["/share/zsh"]; + # Enable completion of system packages by zsh + environment.pathsToLink = ["/share/zsh"]; # kde power settings do not turn off screen systemd = { @@ -137,17 +136,17 @@ }; }; - # home-manager = { - # extraSpecialArgs = {inherit inputs outputs;}; - # users = { - # # Import your home-manager configuration - # lillian = import ../../../home-manager/hosts/iso; - # }; - # }; + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/iso; + }; + }; - # boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - # boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "25.11"; + system.stateVersion = "24.11"; } diff --git a/nixos/hosts/iso/secrets/sops.yaml b/nixos/hosts/iso/secrets/sops.yaml index 27763b5..92548c8 100644 --- a/nixos/hosts/iso/secrets/sops.yaml +++ b/nixos/hosts/iso/secrets/sops.yaml @@ -1,8 +1,9 @@ lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str] -ssh-private-key: ENC[AES256_GCM,data:YQ+9aKpBL9XYl0IBxpPttUli6/E25alUhO36dZwPPSIBLI1ehyczocQMxNRYNtB2xKYx4wPaYIndLBhj9VdTUgaOWUd2C6aU6YgXgFAsjgEwqVDZWRp7TrTHojtrS5HnJgfopx6EqPf/uljD9yQsOkubDDUbpYkpWX/3vixm9LJ1eRXxTxXW8D3O5OM2Z1NsqA7meVa1xhvWJokqS4sD5ntp1HT78Xmu62EweHQVGaznUvWZupYh0uCQd0tr6GVTZLHdyCdaFUGHRbRddBcljpBIRWaWkhIrkjejvptUZ4Ht/UN5XM5z+zfU3DxsDOxeJ7m83om9I3WdZSdq1aDXe+VFEfMrx/0QTk2LtAmOvujcN6wO7a77SD4Rpuvq8KH2CeKrwMLlFf2BeGIcGhvAhRYUVxtypM38DEdbf/7xIcw0vQP2zNZN4QWdukUInDndnAxMfbIXKpYI5OPRaZMTVui41hkS86LBfbd5RhTjyzrtIpVSq9XkKRX7d5i8Gcjb4ORpQvrNNYMo+TXCiLNTg3/q0My/jEhfjfTF,iv:EpKC9judTZ1+0Y2LC1OK2YzGH/orRpZNtE7O+ZZyU1E=,tag:S6ju/FkwIBbBA8YU3dRo1A==,type:str] -nextcloud-password: ENC[AES256_GCM,data:5u8j1wau5FewTe+t3YZ365Acfcrt09XDgCUNpDbuVKaNZIEW3gdR60XACQeAvsyQeznynILJnz7/txV2,iv:l1xYhUkQGdWYNNy1lG9xB5SgL9cn2FdzAs19iVCohlA=,tag:rT0flG+v9wd8jSUm8DrCjg==,type:str] -wg-private-key: ENC[AES256_GCM,data:3JpyscuzK4LG1lfM3oyQNBHy7BQ2WeTaSyaZoaNfS4U7KkpEaCp5EVLBYiY=,iv:odDG8xp+d+O4FuECfeCJn/z2ka4KSzSBvgBCmcMZ0S0=,tag:iPwnqgtap+i44Mru/S7TyA==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -13,7 +14,8 @@ sops: dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-14T18:00:16Z" - mac: ENC[AES256_GCM,data:NnX0hMrfeKJucgqgVUIUS0WOHerkDtKe3P+4vvWRCMX3eXg4Tsju8pZySZP7RSZX7+2W3OUHMOUuAum0YrVasTXuhm6jPvlbqvRnVXaVzCNheIUvTCF7LFeJEOQYKS5m8AiVKFRrxz+dGn90DSeijjajSePBjo8AnKyAOQEt1S8=,iv:1iJiqJU0vdDiWnJAYDlbOBBa9lBOODjjdlsRH54aTGI=,tag:JZtgVeLvFN6vcCZkRnuNcQ==,type:str] + lastmodified: "2024-03-20T18:17:48Z" + mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.8.1 diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index 6984f31..8ba1916 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -3,7 +3,6 @@ outputs, lib, pkgs, - config, ... }: { imports = [ @@ -14,8 +13,6 @@ # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.default - outputs.nixosModules.vpn-ip - # You can also split up your configuration and import pieces of it here: # ./nvim.nix ./hardware-configuration.nix @@ -30,34 +27,15 @@ # ../../../disko/queen ]; - preservation.enable = lib.mkForce false; - - services.anubis.instances.default.settings.TARGET = "http://localhost:8123"; - - # required due to unix socket permissions - users.users.nginx.extraGroups = [config.users.groups.anubis.name]; - services.nginx.virtualHosts."*.gladtherescake.eu" = { - locations = { - "/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}"; - }; - }; - services.nginx.virtualHosts."*.lillianviolet.dev" = { - locations = { - "/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}"; - }; - }; - + boot.tmp.cleanOnBoot = true; zramSwap.enable = false; - services = { - openssh = { - enable = true; - settings = { - # require public key authentication for better security - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - }; - }; + networking.domain = ""; + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "no"; }; nixpkgs = { @@ -72,8 +50,12 @@ }; }; + #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys + sops.defaultSopsFile = ./secrets/sops.yaml; + environment.systemPackages = with pkgs; [ fzf + matrix-conduit docker docker-compose gitea @@ -86,113 +68,78 @@ #jellyfin #jellyfin-web #jellyfin-ffmpeg - nextcloud-spreed-signaling - nats-server + nextcloud28 nginx onlyoffice-documentserver - libressl + openssl + phanpy postgresql_16 python310 - # python310Packages.nbconvert - janus-gateway + python310Packages.nbconvert jupyter - # rabbitmq-server + rabbitmq-server roundcube roundcubePlugins.contextmenu roundcubePlugins.carddav roundcubePlugins.custom_from roundcubePlugins.persistent_login roundcubePlugins.thunderbird_labels + youtube-dl sqlite + rocksdb ]; - services.vpn-ip = { - enable = false; + + # Create an auto-update systemd service that runs every day + # system.autoUpgrade = { + # flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git"; + # dates = "daily"; + # enable = true; + # }; + + # systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug"; + # Enable networking + # networking.networkmanager.enable = true; + # networking.nat.enable = true; + # networking.nat.internalInterfaces = ["ve-+"]; + # networking.nat.externalInterface = "ens18"; + networking.enableIPv6 = lib.mkForce true; + networking.nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"]; + + # networking.interfaces.ens18.ipv4.addresses = [ + # { + # address = "62.171.160.195"; + # prefixLength = 32; + # } + # ]; + + networking.interfaces.ens18.ipv6.addresses = [ + { + address = "2a02:c207:2063:2448::1"; + prefixLength = 64; + } + ]; + networking.defaultGateway6 = { + address = "fe80::1"; + interface = "ens18"; }; - systemd = { - services."upgrade-nextcloud" = { - path = with pkgs; [nextcloud31]; - enable = true; - unitConfig = { - after = "nextcloud-setup.service"; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ upgrade"; - RemainAfterExit = "yes"; - }; - }; - - timers."upgrade-nextcloud" = { - wantedBy = ["timers.target"]; - partOf = ["upgrade-nextcloud.service"]; - timerConfig = { - OnCalendar = "daily"; - Unit = "nextcloud-setup.service"; - }; - }; - }; - - networking = { - domain = ""; - - # Create an auto-update systemd service that runs every day - # system.autoUpgrade = { - # flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git"; - # dates = "daily"; - # enable = true; - # }; - - # systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug"; - # Enable networking - # networking.networkmanager.enable = true; - # networking.nat.enable = true; - # networking.nat.internalInterfaces = ["ve-+"]; - # networking.nat.externalInterface = "ens18"; - enableIPv6 = lib.mkForce true; - nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"]; - - # networking.interfaces.ens18.ipv4.addresses = [ - # { - # address = "62.171.160.195"; - # prefixLength = 32; - # } - # ]; - - interfaces.ens18.ipv6.addresses = [ - { - address = "2a02:c207:2063:2448::1"; - prefixLength = 64; - } + # Open ports in the firewall. + networking.firewall = { + enable = true; + allowPing = false; + allowedTCPPorts = [ + 22 # SSH + 5349 # STUN tls + 5350 # STUN tls alt + 80 # http + 443 # https + ]; + allowedUDPPortRanges = [ + { + from = 49152; + to = 49999; + } # TURN relay ]; - defaultGateway6 = { - address = "fe80::1"; - interface = "ens18"; - }; - firewall = { - # Open ports in the firewall. - - enable = true; - allowPing = false; - allowedTCPPorts = [ - 22 # SSH - 5349 # STUN tls - 5350 # STUN tls alt - 80 # http - 443 # https - ]; - allowedUDPPortRanges = [ - { - from = 49152; - to = 49999; - } # TURN relay - ]; - }; - - hostName = "queen"; - - # Disable the server going through wireguard vpn for now - wireguard.enable = lib.mkForce false; }; # networking.useNetworkd = true; @@ -225,15 +172,20 @@ # Enable completion of system packages by zsh environment.pathsToLink = ["/share/zsh"]; - boot = { - tmp.cleanOnBoot = true; - loader.grub = { - enable = true; - configurationLimit = 3; + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/queen; }; - loader.efi.canTouchEfiVariables = true; }; + networking.hostName = "queen"; + + boot.loader.grub.enable = true; + boot.loader.grub.configurationLimit = 3; + boot.loader.efi.canTouchEfiVariables = true; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "26.05"; + system.stateVersion = "24.11"; } diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index c0edc61..2213774 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -6,17 +6,18 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/ mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str] mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str] rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str] -wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str] +wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str] lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str] -coturn-auth-secret: ENC[AES256_GCM,data:1K7WX5FGhF7+CRZs4SEVKogsGv/93IJVvLeMe6/d1dg3g5/6fQkRCVl1KicMUOsqUxMweUn5hUXSO1h/ruWvPA==,iv:0U/JoeVin2zTkyk60x2boUQRzGW+9swlbxP1ENCbAFQ=,tag:ll8WCgMNtun5Va0VpC81Tw==,type:str] -hpb-secret: ENC[AES256_GCM,data:I/64j3nA0BWW5YY4STMFzxnSKQ+TmiHvweIIGOMJvV4=,iv:zezsPPnKlVBVlrJeG4pGbtuiz1GEWLmQaZl1isNa+pk=,tag:YbTWLAjIIMDn5Jo43U0QtA==,type:str] +coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str] grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str] sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] -ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str] -mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -27,7 +28,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-04T13:04:56Z" - mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str] + lastmodified: "2024-08-16T13:34:43Z" + mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.9.0 diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix index 262332b..6120091 100644 --- a/nixos/hosts/shodan/configuration.nix +++ b/nixos/hosts/shodan/configuration.nix @@ -14,10 +14,9 @@ # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.default - outputs.nixosModules.vpn-ip - # Import the shared settings - ../../desktop + ../../shared + ../../desktop/package-configs/firefox # You can also split up your configuration and import pieces of it here: # ./nvim.nix @@ -25,119 +24,66 @@ ../../../disko/shodan - # ./auto-mount.nix + ./auto-mount.nix ]; - boot = { - tmp.cleanOnBoot = true; - loader = { - # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables - # tss group has access to TPM devices - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - systemd-boot.enable = lib.mkForce false; - systemd-boot.configurationLimit = 3; - timeout = 0; - efi.canTouchEfiVariables = true; - }; - initrd.systemd.enable = true; - - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - consoleLogLevel = 0; - kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"]; - plymouth.enable = true; - }; - services.udev.extraRules = '' - KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess" - KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess" - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2dc8", MODE="0666" - ''; + boot.tmp.cleanOnBoot = true; zramSwap.enable = false; - networking = { - domain = ""; + networking.domain = ""; + services.openssh.enable = true; - # Enable networking - networkmanager.enable = true; - - firewall.enable = true; - firewall.interfaces."wg0".allowedTCPPorts = [8080]; - firewall.interfaces."wg0".allowedUDPPorts = [8080]; - firewall.allowedTCPPorts = [22 8080 8091 9090 9777 46899 46898]; - firewall.allowedUDPPorts = [22 8080 8091 9090 9777 46899 46898]; - - hostName = "shodan"; - }; - services.vpn-ip = { - ip = "4"; - }; - - xdg.portal.extraPortals = [pkgs.kdePackages.xdg-desktop-portal-kde]; - services = { - openssh = { - enable = true; - settings = { - # require public key authentication for better security - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - PermitRootLogin = "no"; - }; - }; - displayManager = { - # defaultSession = "plasma"; - sddm.wayland.enable = lib.mkForce true; - sddm.settings = { - Autologin = { - Session = "plasma.desktop"; - User = "lillian"; - }; - }; + nixpkgs = { + # You can add overlays here + overlays = [ + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; }; }; + #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys + sops.defaultSopsFile = ./secrets/sops.yaml; + environment.systemPackages = with pkgs; [ # Custom tools + auto-mount #System: + btrfs-progs decky-loader - jre8 - # jellyfin-media-player - + efitools + jq + noto-fonts + noto-fonts-emoji-blob-bin + noto-fonts-emoji #rustdesk + sbctl + udisks + util-linux + waypipe + python3 + protonup-qt + + #KDE: + krunner-translator + kdePackages.discover + kdePackages.kcalc + kdePackages.kdepim-addons + kdePackages.kirigami + kdePackages.kdeconnect-kde + # kdePackages.krunner-ssh + # kdePackages.krunner-symbols + kdePackages.qtvirtualkeyboard + kdePackages.packagekit-qt + libportal #Gaming: heroic legendary-gl protontricks rare - lutris - - (kodi.withPackages (kodiPkgs: - with kodiPkgs; [ - steam-controller - invidious - youtube - netflix - upnext - sponsorblock - sendtokodi - jellyfin - inputstream-adaptive - inputstreamhelper - inputstream-ffmpegdirect - upnext - sponsorblock - sendtokodi - routing - requests-cache - requests - plugin-cache - a4ksubtitles - ])) ]; jovian = { @@ -150,23 +96,130 @@ decky-loader = { enable = true; package = pkgs.decky-loader-prerelease; - extraPackages = [pkgs.python3 pkgs.flatpak pkgs.uutils-findutils]; + extraPackages = [pkgs.python3]; }; devices.steamdeck = { enable = true; autoUpdate = true; - }; - steamos = { - enableAutoMountUdevRules = true; + enableGyroDsuService = true; }; }; - fonts.packages = [pkgs.ttf-ms-win10]; + + programs.steam = lib.mkForce { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + extest.enable = true; + }; + hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.desktopManager.plasma6.enable = true; + programs.kdeconnect.enable = true; + + services.displayManager.defaultSession = "plasma"; + services.displayManager.sddm.wayland.enable = lib.mkForce true; + services.displayManager.sddm.settings = { + Autologin = { + Session = "plasma.desktop"; + User = "lillian"; + }; + }; + + # Enable flatpak support + services.flatpak.enable = true; + services.packagekit.enable = true; + + # Configure keymap in X11 + services.xserver = { + xkb.layout = "us"; + xkb.variant = ""; + }; + + # Enable networking + networking.networkmanager.enable = true; + + networking.firewall.enable = true; + + networking.firewall.allowedTCPPorts = [22]; + # # Enable automounting of removable media # services.udisks2.enable = true; # services.devmon.enable = true; # services.gvfs.enable = true; # environment.variables.GIO_EXTRA_MODULES = lib.mkForce ["${pkgs.gvfs}/lib/gio/modules"]; + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable bluetooth hardware + hardware.bluetooth.enable = true; + + # Enable fwupd daemon and user space client + services.fwupd.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + programs.noisetorch = { + enable = true; + }; + + programs.git = { + enable = true; + }; + + users.users.lillian.extraGroups = ["decky" "tss" "input"]; + + # Enable completion of system packages by zsh + environment.pathsToLink = ["/share/zsh"]; + + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/shodan; + }; + }; + + networking.hostName = "shodan"; + + security.tpm2.enable = true; + security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so + security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables + # tss group has access to TPM devices + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + boot.initrd.systemd.enable = true; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + boot.loader.systemd-boot.configurationLimit = 3; + boot.loader.timeout = 0; + boot.loader.efi.canTouchEfiVariables = true; + boot.consoleLogLevel = 0; + boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"]; + boot.plymouth.enable = true; + # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion - system.stateVersion = "26.05"; + system.stateVersion = "24.11"; } diff --git a/nixos/hosts/shodan/secrets/sops.yaml b/nixos/hosts/shodan/secrets/sops.yaml index c6a2065..f203c8e 100644 --- a/nixos/hosts/shodan/secrets/sops.yaml +++ b/nixos/hosts/shodan/secrets/sops.yaml @@ -1,8 +1,9 @@ lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str] -wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str] -ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str] -nextcloud-password: ENC[AES256_GCM,data:vA+L/7rTne16AZbibUAaLAcQKLoKPvM1ATNL/hbzjVt+qmxHhmuQq0cqKdoPOFlOftMNLo5HSKiHdLxh,iv:kw0IorbyjT/ocanJDcR3kuPCqHsPwSD4axIp2dfn1Fc=,tag:5QLl3xKq4a0EiImO07ardQ==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz enc: | @@ -13,7 +14,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-22T13:25:05Z" - mac: ENC[AES256_GCM,data:qGLiJvoU+lyzMBr1jW3My5kNLCm59xVmdc3knyg64KMbAL65q7m5EJBC9uvRX0ZcxaNXWuRJWyUu1VV9tIKtSW+HLVJUZuTCi+0qswOL331LLuyDzhIkOKbPUPiDzKaMLif7EqENN9kN2aGSivpMVB5QkqRccmg6ya1Qkx5Ao7A=,iv:RiaIdq5Ve/PNVTD38Qh4YM+2x8fEU027r7hlmoNZI9A=,tag:jm9ZThwSVtpyed+kMIgaJw==,type:str] + lastmodified: "2024-03-19T00:42:59Z" + mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.8.1 diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index ff89965..b609001 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -1,417 +1,127 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). { - lib, - pkgs, + inputs, outputs, + lib, config, - modulesPath, + pkgs, ... }: { imports = [ - # inputs.nixos-hardware.nixosModules.raspberry-pi-4 - (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") - outputs.nixosModules.vpn-ip + inputs.home-manager.nixosModules.home-manager + ./armv7l.nix ./hardware-configuration.nix - # Import shared settings + # Import shared configurations + ../../shared ]; - hardware.enableRedistributableFirmware = true; - powerManagement.cpuFreqGovernor = "ondemand"; - hardware.graphics.enable = true; + boot.loader.generic-extlinux-compatible.enable = true; + boot.loader.generic-extlinux-compatible.configurationLimit = 5; + boot.loader.grub.enable = false; + boot.tmp.cleanOnBoot = true; - nixpkgs.overlays = [ - (final: super: { - makeModulesClosure = x: - super.makeModulesClosure (x // {allowMissing = true;}); - }) - ]; - programs = { - # Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently - command-not-found.enable = lib.mkForce false; - # nix-index.enable = true; - nix-index-database.comma.enable = true; - }; - services = { - automatic-timezoned.enable = true; - - # stubby = { - # enable = true; - # settings = - # pkgs.stubby.passthru.settingsExample - # // { - # upstream_recursive_servers = [ - # { - # address_data = "94.140.14.49"; - # tls_auth_name = "4b921896.d.adguard-dns.com"; - # tls_pubkey_pinset = [ - # { - # digest = "sha256"; - # value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; - # } - # ]; - # } - # { - # address_data = "94.140.14.59"; - # tls_auth_name = "4b921896.d.adguard-dns.com"; - # tls_pubkey_pinset = [ - # { - # digest = "sha256"; - # value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; - # } - # ]; - # } - # { - # address_data = "2a10:50c0:0:0:0:0:ded:ff"; - # tls_auth_name = "4b921896.d.adguard-dns.com"; - # tls_pubkey_pinset = [ - # { - # digest = "sha256"; - # value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; - # } - # ]; - # } - # { - # address_data = "2a10:50c0:0:0:0:0:dad:ff"; - # tls_auth_name = "4b921896.d.adguard-dns.com"; - # tls_pubkey_pinset = [ - # { - # digest = "sha256"; - # value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; - # } - # ]; - # } - # ]; - # }; - # }; - - openssh = { - enable = true; - # require public key authentication for better security - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - settings.PermitRootLogin = "no"; - }; - - davfs2.enable = true; - - aria2 = { - enable = true; - settings = { - dir = "/var/lib/media"; - rpc-listen-port = 6969; - }; - rpcSecretFile = config.sops.secrets."rpcSecret".path; - }; - dnsmasq = { - enable = true; - settings = { - interface = "wg1"; - }; - }; - }; - - sops = { - # users.users = { - # ombi.extraGroups = ["radarr" "sonarr" "aria2"]; - # }; - # services.ombi = { - # enable = true; - # port = 2368; - # }; - - # users.users = { - # radarr.extraGroups = ["aria2"]; - # sonarr.extraGroups = ["aria2"]; - # }; - - # services = { - # #uses port 7878 - # radarr.enable = true; - # #uses port 8989 - # sonarr.enable = true; - # prowlarr.enable = true; - # }; - - secrets."webdav-secret" = { - mode = "0600"; - path = "/etc/davfs2/secrets"; - owner = config.users.users.root.name; - }; - - secrets."rpcSecret".mode = "0440"; - secrets."rpcSecret".owner = config.users.users.aria2.name; - - secrets."protonvpn-priv-key".mode = "0440"; - secrets."protonvpn-priv-key".owner = config.users.users.root.name; - }; - boot = { - kernelPackages = lib.mkForce pkgs.linuxPackages_latest; - - initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0" "reset-raspberrypi"]; - kernelParams = ["video=HDMI-A-1:1920x1080@60D"]; - kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - }; - - sdImage.compressImage = false; - - services.vpn-ip = { - enable = false; - }; - - services.stubby = { - enable = true; - settings = - pkgs.stubby.passthru.settingsExample - // { - upstream_recursive_servers = [ - { - address_data = "192.242.2.4"; - tls_auth_name = "base.dns.mullvad.net"; - tls_pubkey_pinset = [ - { - digest = "sha256"; - value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI="; - } - ]; - } - { - address_data = "2a07:e340::4"; - tls_auth_name = "base.dns.mullvad.net"; - tls_pubkey_pinset = [ - { - digest = "sha256"; - value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI="; - } - ]; - } - ]; - }; - }; - - networking = { - hostName = "wheatley"; - - networkmanager.enable = true; - - # Disable NetworkManager's internal DNS resolution - networkmanager.dns = "none"; - - # These options are unnecessary when managing DNS ourselves - useDHCP = false; - dhcpcd.enable = false; - - # Configure DNS servers manually (this example uses Cloudflare and Google DNS) - # IPv6 DNS servers can be used here as well. - nameservers = [ - "194.242.2.4" - "2a07:e340::4" + # boot.extraModulePackages = [ + # (pkgs.callPackage ./rtl8189es.nix { + # kernel = config.boot.kernelPackages.kernel; + # }) + # ]; + nixpkgs = { + # You can add overlays here + overlays = [ ]; - - wireguard.enable = true; - - wg-quick.interfaces = { - # # "wg0" is the network interface name. You can name the interface arbitrarily. - # wg0 = { - # autostart = true; - # # Determines the IP address and subnet of the server's end of the tunnel interface. - # address = ["10.2.0.2/32"]; - - # # The port that WireGuard listens to. Must be accessible by the client. - # listenPort = 51820; - - # dns = ["10.2.0.1"]; - # # Path to the private key file. - # # - # # Note: The private key can also be included inline via the privateKey option, - # # but this makes the private key world-readable; thus, using privateKeyFile is - # # recommended. - # privateKeyFile = config.sops.secrets."protonvpn-priv-key".path; - - # peers = [ - # # List of allowed peers. - # { - # # Feel free to give a meaning full name - # # Public key of the peer (not a file path). - # publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg="; - # # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "146.70.86.114:51820"; - # } - # ]; - # }; - - # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= - # TODO: generate this dynamically based on other hosts - wg0 = { - address = ["10.70.93.226/32" "fc00:bbbb:bbbb:bb01::7:5de1/128"]; - privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; - dns = ["100.64.0.7"]; - extraOptions = { - FwMark = 51820; - }; - - listenPort = 51820; - - postUp = '' - ${pkgs.iproute2}/bin/ip rule add from 192.168.2.43 table main - ${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -i end0 -j CONNMARK --set-mark 51820 - ${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820 - ''; - - preDown = '' - ${pkgs.iproute2}/bin/ip rule del from 192.168.2.43 table main - ${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -i end0 -j CONNMARK --set-mark 51820 - ${pkgs.iptables}/bin/iptables -t mangle -D PREROUTING -m connmark --mark 51820 -j MARK --set-mark 51820 - ''; - - peers = [ - { - publicKey = "/wPQafVa/60OIp8KqhC1xTTG+nQXZF17uo8XfdUnz2E="; - allowedIPs = ["0.0.0.0/0" "::0/0"]; - endpoint = "31.171.154.50:51820"; - } - ]; - }; - wg1 = { - # Determines the IP address and subnet of the server's end of the tunnel interface. - address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; - - # The port that WireGuard listens to. Must be accessible by the client. - listenPort = 51821; - - # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - postUp = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE - ''; - - # Undo the above - preDown = '' - ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE - ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE - ''; - - privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; - - extraOptions = { - FwMark = 51820; - }; - - peers = [ - { - #GLaDOS public key - publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38="; - allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"]; - } - { - #EDI public key - publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704="; - allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"]; - } - { - #Shodan public key - publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw="; - allowedIPs = ["10.0.0.4/32" "fdc9:281f:04d7:9ee9::3/128"]; - } - { - #ADA public key - publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo="; - allowedIPs = ["10.0.0.5/32" "fdc9:281f:04d7:9ee9::3/128"]; - } - #Queen public key: FVTrYM7S2Ev2rGrYrHsG2et1/SU3UjEBQH2AOen4+04= - ]; - }; - }; - nat = { - # enable NAT - enable = true; - externalInterface = "end0"; - internalInterfaces = ["wg1" "wg0"]; - }; - firewall = { - enable = true; - allowPing = false; - allowedTCPPorts = [ - 22 # SSH - 5349 # STUN tls - 5350 # STUN tls alt - 80 # http - 443 # https - 51821 # wg - 51820 # wg-mullvad - 7878 - 53 # dnsmasq - ]; - allowedUDPPorts = [ - 53 #dnsmasq - ]; - allowedUDPPortRanges = [ - { - from = 51820; - to = 51822; # wg - } - { - from = 49152; - to = 49999; - } # TURN relay - ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; }; }; - systemd.mounts = [ - { - enable = true; - description = "Webdav mount point"; - after = ["network-online.target"]; - wants = ["network-online.target"]; - what = "https://nextcloud.gladtherescake.eu/remote.php/dav/files/GLaDTheresCake"; - where = "/home/kodi/nextcloud"; - options = "uid=1002,gid=100,file_mode=0664,dir_mode=2775"; - type = "davfs"; - } + sops.defaultSopsFile = ./secrets/sops.yaml; + + sops.secrets."wireless.env".mode = "0440"; + sops.secrets."wireless.env".owner = config.users.users.root.name; + + environment.systemPackages = with pkgs; [ + age + git + htop ]; - environment.systemPackages = [ - pkgs.mpv-unwrapped - # (pkgs.kodi.withPackages (kodiPkgs: - # with kodiPkgs; [ - # steam-controller - # invidious - # youtube - # netflix - # upnext - # sponsorblock - # sendtokodi - # jellyfin - # inputstream-adaptive - # inputstreamhelper - # inputstream-ffmpegdirect - # upnext - # sponsorblock - # sendtokodi - # routing - # requests-cache - # requests - # plugin-cache - # a4ksubtitles - # ])) - pkgs.iptables + boot.kernelParams = [ + "console=ttyS0,115200n8" ]; - users.extraUsers.kodi.isNormalUser = true; - services.cage.user = "kodi"; - services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; - services.cage.enable = true; - nixpkgs.config.kodi.enableAdvancedLauncher = true; + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + # This will add each flake input as a registry + # To make nix3 commands consistent with your flake + registry = lib.mapAttrs (_: value: {flake = value;}) inputs; - system.stateVersion = "26.05"; - nixpkgs.hostPlatform = lib.mkForce "aarch64-linux"; + # This will additionally add your inputs to the system's legacy channels + # Making legacy nix commands consistent as well, awesome! + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + + settings = { + # Enable flakes and new 'nix' command + experimental-features = "nix-command flakes"; + # Deduplicate and optimize nix store + auto-optimise-store = true; + }; + }; + + networking.wireless.enable = true; + networking.wireless.environmentFile = config.sops.secrets."wireless.env".path; + networking.wireless.networks."KPNAA6306" = { + hidden = true; + auth = '' + key_mgmt=WPA-PSK + password="@PSK_HOME@" + ''; + }; + + networking.firewall.enable = true; + + networking.firewall = { + allowedTCPPorts = [22 80 443 5335 8080]; + allowedUDPPorts = [5335]; + }; + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + programs.zsh = { + enable = true; + }; + + programs.git = { + enable = true; + }; + + home-manager = { + extraSpecialArgs = {inherit inputs outputs;}; + users = { + # Import your home-manager configuration + lillian = import ../../../home-manager/hosts/wheatley; + }; + }; + + networking.hostName = "wheatley"; # Define your hostname + + networking.wireless.interfaces = ["enu1u1"]; + + # powerManagement.cpuFreqGovernor = "powersave"; + powerManagement.cpufreq.max = 648000; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "unstable"; # Did you read the comment? } diff --git a/nixos/hosts/wheatley/hardware-configuration.nix b/nixos/hosts/wheatley/hardware-configuration.nix index 3f0b8dc..efbc691 100644 --- a/nixos/hosts/wheatley/hardware-configuration.nix +++ b/nixos/hosts/wheatley/hardware-configuration.nix @@ -10,26 +10,40 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci"]; + boot.initrd.availableKernelModules = ["usbhid"]; boot.initrd.kernelModules = []; boot.kernelModules = []; boot.extraModulePackages = []; - boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"]; - swapDevices = [ - { - device = "/swapfile"; - size = 16 * 1024; - } - ]; + fileSystems = { + # Prior to 19.09, the boot partition was hosted on the smaller first partition + # Starting with 19.09, the /boot folder is on the main bigger partition. + # The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed + + # "/boot" = { + # device = "/dev/disk/by-label/FIRMWARE"; + # fsType = "vfat"; + # }; + + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + swapDevices = [{device = "/dev/disk/by-uuid/b299ad0d-37a0-43d6-9647-5f717aca7b3";}]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.enu1u1.useDHCP = lib.mkDefault true; + # networking.interfaces.ip6tnl0.useDHCP = lib.mkDefault true; + # networking.interfaces.sit0.useDHCP = lib.mkDefault true; # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; + nixpkgs.hostPlatform = lib.mkDefault "armv7l-linux"; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/nixos/hosts/wheatley/secrets/sops.yaml b/nixos/hosts/wheatley/secrets/sops.yaml index 6fcd84c..5594a50 100644 --- a/nixos/hosts/wheatley/secrets/sops.yaml +++ b/nixos/hosts/wheatley/secrets/sops.yaml @@ -1,10 +1,5 @@ wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str] lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str] -protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str] -rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str] -webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str] -wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str] -ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +15,8 @@ sops: Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-22T22:37:02Z" - mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str] + lastmodified: "2024-02-22T11:57:45Z" + mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.8.1 diff --git a/nixos/server/package-configs/caddy/default.nix b/nixos/server/package-configs/caddy/default.nix deleted file mode 100644 index 029c590..0000000 --- a/nixos/server/package-configs/caddy/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{config, ...}: { - services.phpfpm.pools.nextcloud.settings = { - "listen.owner" = config.services.caddy.user; - "listen.group" = config.services.caddy.group; - }; - - users.users.caddy.extraGroups = ["nextcloud"]; - - services.caddy = { - enable = true; - - # Setup Nextcloud virtual host to listen on ports - virtualHosts = { - "${config.services.nextcloud.hostName}" = { - useACMEHost = "${config.services.nextcloud.hostName}"; - extraConfig = '' - redir /.well-known/carddav /remote.php/dav 301 - redir /.well-known/caldav /remote.php/dav 301 - redir /.well-known/webfinger /index.php/.well-known/webfinger 301 - redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301 - - encode gzip - reverse_proxy localhost:9000 - header Strict-Transport-Security max-age=31536000; - @forbidden { - path /.htaccess - path /data/* - path /config/* - path /db_structure - path /.xml - path /README - path /3rdparty/* - path /lib/* - path /templates/* - path /occ - path /console.php - } - handle @forbidden { - respond 404 - } - - handle { - root * /var/www/html - php_fastcgi 127.0.0.1:9000 { - # Tells nextcloud to remove /index.php from URLs in links - env front_controller_active true - } - file_server - } - ''; - }; - "onlyoffice.gladtherescake.eu" = { - }; - }; - }; -} diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index 17424c4..b9debce 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + inputs, ... }: let # You'll need to edit these values @@ -29,13 +30,17 @@ ''; in { # Configure Conduit itself - services.matrix-continuwuity = { + services.matrix-conduit = { enable = true; + # This causes NixOS to use the flake defined in this repository instead of + # the build of Conduit built into nixpkgs. + package = inputs.conduwuit.packages.${pkgs.system}.default; + settings.global = { inherit server_name; + database_backend = "rocksdb"; allow_registration = false; - # emergency_password = "testpassword"; turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT"; well_known = { @@ -111,7 +116,6 @@ in { locations."=/.well-known/matrix/client" = { # Use the contents of the derivation built previously alias = "${well_known_client}"; - return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${server_name}\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://${server_name}\"}}'"; extraConfig = '' # Set the header since by default NGINX thinks it's just bytes @@ -125,7 +129,6 @@ in { proxyPass = "http://matrix.gladtherescake.eu/client/unstable/org.matrix.msc3575/sync"; proxyWebsockets = true; recommendedProxySettings = false; - return = "200 '{\"contacts\": [{\"matrix_id\": \"@admin:server.name\", \"email_address\": \"admin@server.name\", \"role\": \"m.role.admin\"}]}'"; extraConfig = '' proxy_set_header Host $host; proxy_buffering off; diff --git a/nixos/server/package-configs/coturn/default.nix b/nixos/server/package-configs/coturn/default.nix index db36913..5bae63e 100644 --- a/nixos/server/package-configs/coturn/default.nix +++ b/nixos/server/package-configs/coturn/default.nix @@ -5,7 +5,7 @@ services.coturn = { enable = true; use-auth-secret = true; - static-auth-secret-file = config.sops.secrets."coturn-auth-secret".path; + static-auth-secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT"; realm = "turn.gladtherescake.eu"; relay-ips = [ "62.171.160.195" diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix index 41f696e..2ea84c6 100644 --- a/nixos/server/package-configs/dashboard/grafana/default.nix +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -18,13 +18,13 @@ url = "http://localhost:${toString config.services.prometheus.port}"; isDefault = true; } - { - name = "Loki"; - type = "loki"; - access = "proxy"; - url = "http://localhost:3100"; - isDefault = true; - } + # { + # name = "Loki"; + # type = "loki"; + # access = "proxy"; + # url = "http://localhost:${config.services.loki.port}"; + # isDefault = true; + # } ]; }; }; diff --git a/nixos/server/package-configs/dashboard/prometheus/default.nix b/nixos/server/package-configs/dashboard/prometheus/default.nix index fd08b3e..36710a1 100644 --- a/nixos/server/package-configs/dashboard/prometheus/default.nix +++ b/nixos/server/package-configs/dashboard/prometheus/default.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{...}: { services.prometheus = { enable = true; port = 9001; @@ -16,19 +16,19 @@ job_name = "GrafanaService system"; static_configs = [ { - targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; + targets = ["127.0.0.1:9002"]; } ]; } # Scrape the Loki service - { - job_name = "Loki service"; - static_configs = [ - { - targets = ["127.0.0.1:3100"]; - } - ]; - } + # { + # job_name = "Loki service"; + # static_configs = [ + # { + # targets = ["127.0.0.1:3100"]; + # } + # ]; + # } ]; }; } diff --git a/nixos/server/package-configs/default.nix b/nixos/server/package-configs/default.nix index 9c129cb..4dd970f 100644 --- a/nixos/server/package-configs/default.nix +++ b/nixos/server/package-configs/default.nix @@ -5,15 +5,13 @@ ./gotosocial ./mail-server ./nextcloud - # ./phanpy + ./phanpy ./postgres ./roundcube ./coturn - # ./dashboard + ./dashboard #./cinny #./firefox-sync ./writefreely - ./mollysocket - ./jellyfin ]; } diff --git a/nixos/server/package-configs/jellyfin/default.nix b/nixos/server/package-configs/jellyfin/default.nix index d172e97..cc492d4 100644 --- a/nixos/server/package-configs/jellyfin/default.nix +++ b/nixos/server/package-configs/jellyfin/default.nix @@ -1,4 +1,6 @@ {...}: { + users.users.jellyfin.extraGroups = ["nextcloud" "aria2"]; + services.nginx = { virtualHosts = { "video.gladtherescake.eu" = { @@ -14,7 +16,5 @@ services.jellyfin = { enable = true; - user = "nextcloud"; - group = "nextcloud"; }; } diff --git a/nixos/server/package-configs/mail-server/default.nix b/nixos/server/package-configs/mail-server/default.nix index 1f0311c..878be36 100644 --- a/nixos/server/package-configs/mail-server/default.nix +++ b/nixos/server/package-configs/mail-server/default.nix @@ -3,10 +3,9 @@ sops.secrets."mailpass".owner = config.users.users.virtualMail.name; #Fix for the dovecot update - # services.dovecot2.sieve.extensions = ["fileinto"]; + services.dovecot2.sieve.extensions = ["fileinto"]; mailserver = { - stateVersion = 3; enable = true; enableImap = true; enableSubmission = true; @@ -15,21 +14,11 @@ "nextcloud.gladtherescake.eu" "akkoma.gladtherescake.eu" "social.gladtherescake.eu" - "gladtherescake.eu" "lillianviolet.dev" "git.lillianviolet.dev" ]; loginAccounts = { - "me@gladtherescake.eu" = { - hashedPasswordFile = config.sops.secrets."mailpass".path; - aliases = [ - "@gladtherescake.eu" - ]; - catchAll = [ - "gladtherescake.eu" - ]; - }; "no-reply@nextcloud.gladtherescake.eu" = { hashedPasswordFile = config.sops.secrets."mailpass".path; }; @@ -85,18 +74,13 @@ "no-reply@akkoma.gladtherescake.eu" "no-reply@social.gladtherescake.eu" "no-reply@git.lillianviolet.dev" - "ongebonden@gladtherescake.eu" ]; - x509.useACMEHost = config.mailserver.fqdn; - }; - security.acme.certs.${config.mailserver.fqdn} = { - webroot = "/var/lib/acme/acme-challenge/"; - extraDomainNames = [ + certificateScheme = "acme-nginx"; + certificateDomains = [ "imap.lillianviolet.dev" "mail.lillianviolet.dev" "pop3.lillianviolet.dev" "lillianviolet.dev" - "gladtherescake.eu" "mail.gladtherescake.eu" ]; }; diff --git a/nixos/server/package-configs/mollysocket/default.nix b/nixos/server/package-configs/mollysocket/default.nix deleted file mode 100644 index 1d445ea..0000000 --- a/nixos/server/package-configs/mollysocket/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{config, ...}: { - sops.secrets."mollysocket-vapid-key".mode = "0440"; - - services.mollysocket = { - enable = true; - environmentFile = config.sops.secrets."mollysocket-vapid-key".path; - settings = { - port = 4381; - allowed_endpoints = ["https://molly.gladtherescake.eu" "https://nextcloud.gladtherescake.eu"]; - allowed_uuids = ["db639f29-b7e7-431a-9c75-bcdcb87b6bdf"]; - webserver = true; - }; - }; - services.nginx = { - virtualHosts = { - "molly.gladtherescake.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:4381"; - }; - }; - }; - }; -} diff --git a/nixos/server/package-configs/nextcloud/default.nix b/nixos/server/package-configs/nextcloud/default.nix index aff2c38..a3ed25a 100644 --- a/nixos/server/package-configs/nextcloud/default.nix +++ b/nixos/server/package-configs/nextcloud/default.nix @@ -7,14 +7,13 @@ sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name; sops.secrets."nextclouddb".mode = "0440"; sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name; - # sops.secrets."local.json".mode = "0440"; - # sops.secrets."local.json".owner = config.users.users.onlyoffice.name; + sops.secrets."local.json".mode = "0440"; + sops.secrets."local.json".owner = config.users.users.onlyoffice.name; users.users = { - # nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name]; - nextcloud.extraGroups = [config.users.groups.keys.name]; + nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name]; #aria2.extraGroups = ["nextcloud"]; - # onlyoffice.extraGroups = [config.users.users.nextcloud.name]; + onlyoffice.extraGroups = [config.users.users.nextcloud.name]; }; # Enable Nginx @@ -50,7 +49,7 @@ enable = true; hostName = "nextcloud.gladtherescake.eu"; - package = pkgs.nextcloud32; + package = pkgs.nextcloud30; # Use HTTPS for links https = true; @@ -69,7 +68,6 @@ overwriteprotocol = "https"; default_phone_region = "NL"; maintenance_window_start = 3; - log_type = "file"; }; appstoreEnable = true; extraAppsEnable = true; @@ -92,19 +90,19 @@ }; }; - # services.onlyoffice = { - # port = 16783; - # enable = true; - # hostname = "onlyoffice.gladtherescake.eu"; - # #postgresHost = "/run/postgesql"; - # #postgresUser = "onlyoffice"; - # #postgresName = "onlyoffice"; - # #jwtSecretFile = config.sops.secrets."local.json".path; - # }; + services.onlyoffice = { + port = 16783; + enable = true; + hostname = "onlyoffice.gladtherescake.eu"; + #postgresHost = "/run/postgesql"; + #postgresUser = "onlyoffice"; + #postgresName = "onlyoffice"; + #jwtSecretFile = config.sops.secrets."local.json".path; + }; - # services.rabbitmq = { - # enable = true; - # }; + services.rabbitmq = { + enable = true; + }; systemd.services."sops-nix.service" = { before = [ diff --git a/nixos/server/package-configs/writefreely/default.nix b/nixos/server/package-configs/writefreely/default.nix index aeb9fa2..43dc7bc 100644 --- a/nixos/server/package-configs/writefreely/default.nix +++ b/nixos/server/package-configs/writefreely/default.nix @@ -34,6 +34,6 @@ }; }; systemd.services.writefreely = { - path = [pkgs.libressl]; + path = [pkgs.openssl]; }; } diff --git a/nixos/shared/background.jpg b/nixos/shared/background.jpg deleted file mode 100644 index 2ad658c..0000000 Binary files a/nixos/shared/background.jpg and /dev/null differ diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index c2995fd..b664165 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -1,40 +1,23 @@ { inputs, - outputs, lib, config, pkgs, - pkgs-edge, ... }: { imports = [ ./locale ./packages - ./preservation.nix - inputs.home-manager.nixosModules.home-manager - #../hosts/${config.networking.hostName}/hardware-configuration.nix ]; - sops = { - age.keyFile = "var/secrets/keys.txt"; - secrets."lillian-password".neededForUsers = true; + sops.age.keyFile = ../../../../../../var/secrets/keys.txt; + sops.secrets."lillian-password".neededForUsers = true; - defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml; - - secrets."wg-private-key".mode = "0440"; - secrets."wg-private-key".owner = config.users.users.root.name; - - secrets."ssh-private-key" = { - mode = "0600"; - owner = config.users.users.lillian.name; - path = "/home/lillian/.ssh/id_ed25519"; - }; - }; #TODO: remove this when unneeded for freetube nixpkgs.config.permittedInsecurePackages = [ + "python3.12-youtube-dl-2021.12.17" ]; - nix = { - package = pkgs-edge.lix; + package = pkgs.lix; gc = { automatic = true; dates = "weekly"; @@ -49,7 +32,6 @@ nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; settings = { - trusted-users = ["root" "lillian"]; # Enable flakes and new 'nix' command experimental-features = "nix-command flakes"; # Deduplicate and optimize nix store @@ -59,229 +41,46 @@ "https://nix-community.cachix.org" "https://nixpkgs-unfree.cachix.org" "https://0uptime.cachix.org" + "https://attic.kennel.juneis.dog/conduit" ]; trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs=" "0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE=" + "conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=" ]; }; }; - #TODO: ugly hardcoded delete, if it ever becomes a problem fix this, else just leave it I guess - system.userActivationScripts = { - removeConflictingFiles = { - text = '' - rm -f /home/lillian/.config/gtk-3.0/settings.ini.backup - rm -f /home/lillian/.config/gtk-3.0/gtk.css.backup - rm -f /home/lillian/.config/gtk-4.0/settings.ini.backup - rm -f /home/lillian/.config/gtk-4.0/gtk.css.backup - ''; - }; - }; + catppuccin.flavor = "macchiato"; + catppuccin.enable = true; - catppuccin = { - flavor = "macchiato"; - tty.enable = true; - sddm.enable = true; - sddm.flavor = "macchiato"; - forgejo.enable = true; - forgejo.flavor = "macchiato"; - # plymouth.enable = false; - # grub.enable = false; - }; + console.catppuccin.enable = true; - programs = { - zsh = { - enable = true; - }; + home-manager.backupFileExtension = "backup"; - gnupg.agent = { - enable = true; - enableBrowserSocket = true; - }; - chromium = { - enable = true; - #Bet these options get renamed and put under a SearchProvider subheader... - defaultSearchProviderSearchURL = "https://noai.duckduckgo.com/?t=ftab&q={searchTerms}"; - defaultSearchProviderEnabled = true; - extensions = ["cjpalhdlnbpafiamejdnhcphjbkeiagm" "gcbommkclmclpchllfjekcdonpmejbdp"]; - }; - }; - - stylix = { - # targets.qt.platform = lib.mkForce "kde"; - enable = true; - # targets.qt.platform = "kde6"; - autoEnable = true; - base16Scheme = { - scheme = "Catppuccin Macchiato"; - author = "https://github.com/catppuccin/catppuccin"; - base00 = "24273a"; - base01 = "1e2030"; - base02 = "363a4f"; - base03 = "494d64"; - base04 = "5b6078"; - base05 = "cad3f5"; - base06 = "f4dbd6"; - base07 = "b7bdf8"; - base08 = "ed8796"; - base09 = "f5a97f"; - base0A = "eed49f"; - base0B = "a6da95"; - base0C = "8bd5ca"; - base0D = "8aadf4"; - base0E = "c6a0f6"; - base0F = "f0c6c6"; - }; - image = ./background.jpg; - cursor.package = pkgs.catppuccin-cursors.macchiatoMauve; - cursor.name = "catppuccin-macchiato-mauve-cursors"; - cursor.size = 24; - homeManagerIntegration.followSystem = true; - fonts = { - serif = { - package = pkgs.atkinson-hyperlegible; - name = "Atkinson Hyperlegible"; - }; - - monospace = { - package = pkgs.dejavu_fonts; - name = "DejaVu Sans Mono"; - }; - - sansSerif = { - package = pkgs.atkinson-hyperlegible; - name = "Atkinson Hyperlegible"; - }; - - emoji = { - package = pkgs.noto-fonts-emoji-blob-bin; - name = "Blobmoji"; - }; - }; - }; - - services.scx.enable = - if (pkgs.stdenv.hostPlatform.system == "aarch64-linux") - then false - else true; - - fonts.packages = [ - pkgs.atkinson-hyperlegible - pkgs.atkinson-monolegible - pkgs.noto-fonts-emoji-blob-bin - pkgs.noto-fonts - pkgs.nerd-fonts.fira-mono - pkgs.font-awesome - pkgs.liberation_ttf - ]; - - fonts.fontconfig = { - useEmbeddedBitmaps = true; - # defaultFonts = { - # emoji = ["Blobmoji"]; - # monospace = ["Atkinson Monolegible"]; - # sansSerif = ["Atkinson Hyperlegible"]; - # }; - }; - systemd = { - services."shutdown-zellij-zsh" = { - path = with pkgs; [killall]; - enable = true; - unitConfig = { - Before = "shutdown.target"; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.killall}/bin/killall -SIGKILL zellij zsh"; - RemainAfterExit = "yes"; - }; - }; - - services."start-vpn-wg" = - if config.services.vpn-ip.enable - then { - path = with pkgs; [systemd]; - enable = true; - unitConfig = { - Wants = "network-online.target"; - After = "network-online.target"; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.systemd}/bin/systemctl start wg-quick-wg0.service"; - RemainAfterExit = "yes"; - }; - } - else {}; - }; - - networking = - if config.services.vpn-ip.enable - then { - wireguard.enable = true; - - wg-quick.interfaces = { - wg0 = { - autostart = false; - address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"]; - dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; - listenPort = 51821; - privateKeyFile = config.sops.secrets."wg-private-key".path; - peers = [ - { - publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; - endpoint = "84.87.146.85:51821"; - allowedIPs = ["0.0.0.0/0" "::/0"]; - persistentKeepalive = 25; - } - ]; - }; - }; - } - else {}; - - environment = { - systemPackages = with pkgs; [ - nix-output-monitor - usbutils + users.users.lillian = { + isNormalUser = true; + extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"]; + shell = pkgs.zsh; + hashedPasswordFile = config.sops.secrets."lillian-password".path; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS" ]; - - # Enable completion of system packages by zsh - pathsToLink = ["/share/zsh"]; }; - home-manager = { - backupFileExtension = "backup"; - extraSpecialArgs = { - inputs = inputs; - outputs = outputs; - }; - users = { - # Import your home-manager configuration - lillian = import ../../home-manager/hosts/${config.networking.hostName}; - }; + programs.zsh = { + enable = true; }; - users = { - users = { - lillian = { - isNormalUser = true; - extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"]; - shell = pkgs.zsh; - hashedPasswordFile = config.sops.secrets."lillian-password".path; - openssh.authorizedKeys.keys = [ - "${builtins.readFile ../../home-manager/hosts/GLaDOS/id_ed25519.pub}" - "${builtins.readFile ../../home-manager/hosts/EDI/id_ed25519.pub}" - ]; - }; + # Enable completion of system packages by zsh + environment.pathsToLink = ["/share/zsh"]; - root = { - hashedPassword = "*"; - }; - }; - mutableUsers = false; + users.mutableUsers = false; + + users.users.root = { + hashedPassword = "*"; }; } diff --git a/nixos/shared/packages/default.nix b/nixos/shared/packages/default.nix index e6ee20c..b59dcc2 100644 --- a/nixos/shared/packages/default.nix +++ b/nixos/shared/packages/default.nix @@ -22,16 +22,14 @@ install-nix-no-inhibit update upgrade - simple-completion-language-server + # simple-completion-language-server # System tools age alejandra e2fsprogs - # uutils-findutils git git-filter-repo - pre-commit helix home-manager htop @@ -43,10 +41,6 @@ wget zsh tldr - nmap - knot-dns - libressl - nettools # System libraries ]) @@ -55,24 +49,24 @@ # Can be used to install latest version of some packages ]); - # fonts = { - # packages = with pkgs; [ - # noto-fonts-emoji-blob-bin - # cantarell-fonts - # dejavu_fonts - # fira-code - # noto-fonts - # noto-fonts-cjk-sans - # noto-fonts-cjk-serif - # paratype-pt-sans - # paratype-pt-mono - # paratype-pt-serif - # roboto - # twemoji-color-font - # font-awesome - # atkinson-hyperlegible - # fira-code-nerdfont - # ]; - # enableDefaultPackages = false; - # }; + fonts = { + packages = with pkgs; [ + noto-fonts-emoji-blob-bin + cantarell-fonts + dejavu_fonts + fira-code + noto-fonts + noto-fonts-cjk-sans + noto-fonts-cjk-serif + paratype-pt-sans + paratype-pt-mono + paratype-pt-serif + roboto + twemoji-color-font + font-awesome + atkinson-hyperlegible + fira-code-nerdfont + ]; + enableDefaultPackages = false; + }; } diff --git a/nixos/shared/preservation.nix b/nixos/shared/preservation.nix deleted file mode 100644 index 36bcb48..0000000 --- a/nixos/shared/preservation.nix +++ /dev/null @@ -1,194 +0,0 @@ -{...}: { - preservation = { - # the module doesn't do anything unless it is enabled - enable = true; - - preserveAt."/persistent" = { - # preserve system directories - directories = [ - #Shared - "/var/lib/sbctl" - "/var/lib/bluetooth" - "/var/lib/fprint" - "/var/lib/fwupd" - "/var/lib/libvirt" - "/var/lib/tpm2-tss" - "/var/lib/tpm2-udev-trigger" - "/var/lib/power-profiles-daemon" - "/var/lib/systemd/coredump" - "/var/lib/systemd/rfkill" - "/var/lib/systemd/timers" - "/var/log" - #Desktop - "/var/lib/decky-loader" - "/var/lib/flatpak" - #Server - "/var/lib/continuwuity" - "/var/lib/dhcpcd" - "/var/lib/docker" - "/var/lib/dovecot" - "/var/lib/forgejo" - "/var/lib/gotosocial" - "/var/lib/grafana" - "/var/lib/jellyfin" - "/var/lib/media" - "/var/lib/mollysocket" - "/var/lib/private" - "/var/lib/mysql" - "/var/lib/nextcloud" - "/var/lib/onlyoffice" - "/var/lib/postfix" - "/var/lib/postgresql" - "/var/lib/prometheus2" - "/var/lib/rabbitmq" - "/var/lib/redis-nextcloud" - "/var/lib/redis-rspamd" - "/var/lib/secrets" - "/var/lib/writefreely" - "/var/db" - "/var/dkim" - "/var/secrets" - "/var/sieve" - "/var/vmail" - "/var/mysql" - { - directory = "/var/lib/nixos"; - inInitrd = true; - } - ]; - - # preserve system files - files = [ - { - file = "/etc/machine-id"; - inInitrd = true; - } - { - file = "/etc/ssh/ssh_host_rsa_key"; - how = "symlink"; - configureParent = true; - } - { - file = "/etc/ssh/ssh_host_ed25519_key"; - how = "symlink"; - configureParent = true; - } - "/var/lib/usbguard/rules.conf" - - # creates a symlink on the volatile root - # creates an empty directory on the persistent volume, i.e. /persistent/var/lib/systemd - # does not create an empty file at the symlink's target (would require `createLinkTarget = true`) - { - file = "/var/lib/systemd/random-seed"; - how = "symlink"; - inInitrd = true; - configureParent = true; - } - "/var/lib/systemd/tpm2-srk-public-key.pem" - "/var/lib/systemd/tpm2-srk-public-key.tpm2b_public" - ]; - - # preserve user-specific files, implies ownership - users = { - lillian = { - commonMountOptions = [ - "x-gvfs-hide" - ]; - directories = [ - { - directory = ".ssh"; - mode = "0700"; - } - #Desktop - ".local/state/wireplumber" - ".local/share/direnv" - ".local/state/nix" - ".local/state/comma" - ".local/state/home-manager" - ".local/share/PrismLauncher" - ".local/share/qBittorrent" - ".local/share/kwalletd" - ".local/share/kwin" #TODO: add the window script via nix instead of saving it imperatively and keeping it - ".local/share/lutris" - ".local/share/Nextcloud" - ".local/share/Steam" - ".local/share/zoxide" - ".local/share/flatpak" - ".local/share/applications" - ".local/share/firefoxpwa/" - ".local/share/com.nonpolynomial.intiface_central" - ".mozilla" - ".steam" - ".zsh" - ".pki" - ".tldrc" - ".thunderbird" - "Code" - "Writing" - ".config/kdeconnect" - ".config/Nextcloud" - ".config/noisetorch" - ".config/qBittorrent" - ".config/r2modman" - ".config/r2modmanPlus-local" - ".config/Ryujinx" - ".config/Signal" - ".config/sops" - ".config/vesktop" - ]; - #Shared - files = [ - ".z" - ".zsh_history" - ]; - }; - root = { - # specify user home when it is not `/home/${user}` - home = "/root"; - directories = [ - { - directory = ".ssh"; - mode = "0700"; - } - ]; - }; - }; - }; - }; - - # Create some directories with custom permissions. - # - # In this configuration the path `/home/butz/.local` is not an immediate parent - # of any persisted file, so it would be created with the systemd-tmpfiles default - # ownership `root:root` and mode `0755`. This would mean that the user `butz` - # could not create other files or directories inside `/home/butz/.local`. - # - # Therefore systemd-tmpfiles is used to prepare such directories with - # appropriate permissions. - # - # Note that immediate parent directories of persisted files can also be - # configured with ownership and permissions from the `parent` settings if - # `configureParent = true` is set for the file. - systemd.tmpfiles.settings.preservation = { - "/home/lillian/.config".d = { - user = "lillian"; - group = "users"; - mode = "0755"; - }; - "/home/lillian/.local".d = { - user = "lillian"; - group = "users"; - mode = "0755"; - }; - "/home/lillian/.local/share".d = { - user = "lillian"; - group = "users"; - mode = "0755"; - }; - "/home/lillian/.local/state".d = { - user = "lillian"; - group = "users"; - mode = "0755"; - }; - }; -} diff --git a/overlays/flake.nix b/overlays/flake.nix deleted file mode 100644 index cfa353a..0000000 --- a/overlays/flake.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - description = "An overlay to remove fascist artifacts"; - - inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; - - outputs = { self, nixpkgs }: { - overlays.antifa = final: prev: - let - patchSystemd = d: d.overrideAttrs (old: { - # https://github.com/systemd/systemd/pull/39285 - patches = old.patches ++ [ ./systemd-detect-fash.patch ]; - }); - disableAuthor = author: throw '' - This package was disabled by nixpkgs-antifa because: it is authored by ${author} - ''; - disableCorp = corp: throw '' - This package was disabled by nixpkgs-antifa because: it exclusively integrates with offerings from ${corp} - ''; - # NB: not listing out culture names in code -- yet - disablePropaganda = throw '' - This package was disabled by nixpkgs-antifa because: it is ethnonationalist propaganda - ''; - in rec { - # https://lix.systems/add-to-config/#flake-based-configurations - inherit (prev.lixPackageSets.stable) lix nixpkgs-review nix-eval-jobs nix-fast-build colmena; - nix = lix; - - certmgr = disableAuthor "Cloudflare"; - cf-terraforming = disableAuthor "Cloudflare"; - cf-vault = disableCorp "Cloudflare"; - cfdyndns = disableCorp "Cloudflare"; - cfssl = disableAuthor "Cloudflare"; - cloudflare-cli = disableCorp "Cloudflare"; - cloudflare-dynamic-dns = disableCorp "Cloudflare"; - cloudflare-dyndns = disableCorp "Cloudflare"; - cloudflare-utils = disableCorp "Cloudflare"; - cloudflare-warp = disableAuthor "Cloudflare"; - cloudflared = disableAuthor "Cloudflare"; - flarectl = disableAuthor "Cloudflare"; - gortr = disableAuthor "Cloudflare"; - prometheus-cloudflare-exporter = disableCorp "Cloudflare"; - proski = disableCorp "Cloudflare"; - wgcf = disableCorp "Cloudflare"; - worker-build = disableAuthor "Cloudflare"; - wrangler = disableAuthor "Cloudflare"; - wrangler_1 = disableAuthor "Cloudflare"; - gnomeExtensions.warp-toggle = disableCorp "Cloudflare"; - octodns-providers.cloudflare = disableCorp "Cloudflare"; - pythonPackages.certbot-dns-cloudflare = disableCorp "Cloudflare"; - pythonPackages.cloudflare = disableAuthor "Cloudflare"; - pythonPackages.pycfdns = disableCorp "Cloudflare"; - terraform-providers.cloudflare = disableCorp "Cloudflare"; - - brave = disableAuthor "Brendan Eich"; - - ladybird = disableAuthor "Andreas Kling"; - - palemoon = disableAuthor "Moonchild Straver"; - - _9base = disableAuthor "suckless"; - dmenu = disableAuthor "suckless"; - dwm = disableAuthor "suckless"; - farbfeld = disableAuthor "suckless"; - ii = disableAuthor "suckless"; - libgrapheme = disableAuthor "suckless"; - quark = disableAuthor "suckless"; - sent = disableAuthor "suckless"; - sic = disableAuthor "suckless"; - sinit = disableAuthor "suckless"; - slock = disableAuthor "suckless"; - slstatus = disableAuthor "suckless"; - sselp = disableAuthor "suckless"; - st = disableAuthor "suckless"; - surf = disableAuthor "suckless"; - svkbd = disableAuthor "suckless"; - tabbed = disableAuthor "suckless"; - wmname = disableAuthor "suckless"; - xssstate = disableAuthor "suckless"; - - blink = disableAuthor "Justine Tunney"; - cosmopolitan = disableAuthor "Justine Tunney"; - jart-jsoncpp = disableAuthor "Justine Tunney"; - pythonPackages.fabulous = disableAuthor "Justine Tunney"; - - hyprland = disableAuthor "Vaxry"; - - tailwindcss = disableAuthor "Adam Wathan"; - - urbit = disableAuthor "Curtis Yarvin"; - - bibletime = disablePropaganda; - biblesync = disablePropaganda; - grb = disablePropaganda; - kjv = disablePropaganda; - lukesmithxyz-bible-kjv = disablePropaganda; - sword = disablePropaganda; - vul = disablePropaganda; - xiphos = disablePropaganda; - - gnomeExtensions.quran-player = disablePropaganda; - - emacsPackages.holy-books = disablePropaganda; - - systemd = patchSystemd prev.systemd; - }; - nixosModules.antifa = { lib, pkgs, ... }: { - nix.package = lib.mkForce pkgs.lix; - }; - }; -} diff --git a/overlays/systemd-detect-fash.patch b/overlays/systemd-detect-fash.patch deleted file mode 100644 index a7c8cd6..0000000 --- a/overlays/systemd-detect-fash.patch +++ /dev/null @@ -1,554 +0,0 @@ -From f09346dd2ceb30d0c7ea03bbd0099967e7e54be0 Mon Sep 17 00:00:00 2001 -From: soscho2143 -Date: Sun, 12 Oct 2025 13:52:36 -0400 -Subject: [PATCH 1/2] detect-fash: implement systemd-detect-fash - ---- - man/systemd-detect-fash.xml | 131 +++++++++ - shell-completion/bash/systemd-detect-fash | 40 +++ - src/detect-fash/detect-fash.c | 312 ++++++++++++++++++++++ - src/detect-fash/meson.build | 9 + - 4 files changed, 492 insertions(+) - create mode 100644 man/systemd-detect-fash.xml - create mode 100644 shell-completion/bash/systemd-detect-fash - create mode 100644 src/detect-fash/detect-fash.c - create mode 100644 src/detect-fash/meson.build - -diff --git a/man/systemd-detect-fash.xml b/man/systemd-detect-fash.xml -new file mode 100644 -index 0000000000000..aaebf4e48650b ---- /dev/null -+++ b/man/systemd-detect-fash.xml -@@ -0,0 +1,131 @@ -+ -+ -+ -+ -+ -+ -+ -+ systemd-detect-fash -+ systemd -+ -+ -+ -+ systemd-detect-fash -+ 1 -+ -+ -+ -+ systemd-detect-fash -+ Detect execution in a fascist environment -+ -+ -+ -+ -+ systemd-detect-fash -+ OPTIONS -+ -+ -+ -+ -+ Description -+ -+ systemd-detect-fash detects execution in -+ a fascist environment. It identifies the fascist -+ technology and can distinguish full machine fascism from -+ installed fashware. systemd-detect-fash -+ exits with a return value of 0 (success) if a fascism -+ technology is detected, and non-zero (error) otherwise. -+ -+ When executed without will print a -+ short identifier for the detected fascist technology. The -+ following technologies are currently identified: -+ -+ -+ Known fascist technologies -+ -+ -+ -+ -+ -+ -+ Type -+ ID -+ Product -+ -+ -+ -+ -+ omarchy -+ Omarchy linux distro. Detected by checking os-release. -+ -+ -+ -+ ladybird -+ Ladybird browser. Detected by checking for "ladybird" binary in path. -+ -+ -+ -+ hyprland -+ Hyperland window manager. Detected by checking the existence of hyprland config files on disk. -+ -+ -+ -+ dhh -+ Checks for DHH's public key on disk. -+ -+ -+ -+
-+ -+ -+ -+ Options -+ -+ The following options are understood: -+ -+ -+ -+ -+ -+ -+ Only detects if os-release is Omarchy. -+ -+ -+ -+ -+ -+ -+ Only detects Hyprland. -+ -+ -+ -+ -+ -+ -+ Only detects Ladybird. -+ -+ -+ -+ -+ -+ -+ Only detects DHH. -+ -+ -+ -+ -+ -+ -+ Suppress output of the fascist technology identifier. -+ -+ -+ -+ -+ Exit status -+ -+ If a fascist technology is detected, 0 is returned, a -+ non-zero code otherwise. -+ -+ -diff --git a/shell-completion/bash/systemd-detect-fash b/shell-completion/bash/systemd-detect-fash -new file mode 100644 -index 0000000000000..dc2a7f5f4774a ---- /dev/null -+++ b/shell-completion/bash/systemd-detect-fash -@@ -0,0 +1,40 @@ -+# shellcheck shell=bash -+# systemd-detect-fash(1) completion -*- shell-script -*- -+# SPDX-License-Identifier: LGPL-2.1-or-later -+# -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it -+# under the terms of the GNU Lesser General Public License as published by -+# the Free Software Foundation; either version 2.1 of the License, or -+# (at your option) any later version. -+# -+# systemd is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+# General Public License for more details. -+# -+# You should have received a copy of the GNU Lesser General Public License -+# along with systemd; If not, see . -+ -+__contains_word() { -+ local w word=$1; shift -+ for w in "$@"; do -+ [[ $w = "$word" ]] && return -+ done -+} -+ -+_systemd_detect_fash() { -+ local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword -+ local i verb comps -+ -+ local -A OPTS=( -+ [STANDALONE]='-h --help --version -q --quiet -o --omarchy -l --ladybird -y --hyprland -d --dhh' -+ ) -+ -+ _init_completion || return -+ -+ COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") ) -+} -+ -+complete -F _systemd_detect_fash systemd-detect-fash -diff --git a/src/detect-fash/detect-fash.c b/src/detect-fash/detect-fash.c -new file mode 100644 -index 0000000000000..311547ec6a619 ---- /dev/null -+++ b/src/detect-fash/detect-fash.c -@@ -0,0 +1,312 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include "alloc-util.h" -+#include "build.h" -+#include "log.h" -+#include "main-func.h" -+#include "pretty-print.h" -+#include "string-table.h" -+ -+static bool arg_quiet = false; -+static enum { -+ ANY_FASCISM, -+ ONLY_LADYBIRD, -+ ONLY_OMARCHY, -+ ONLY_HYPRLAND, -+ ONLY_DHH -+} arg_mode = ANY_FASCISM; -+ -+/* detects if os-release is omarchy */ -+static int detect_omarchy(void) { -+ const char *term = "omarchy"; -+ const int len = 256; -+ -+ /* if we cannot access os-release we cannot check */ -+ if (access("/etc/os-release", F_OK) != 0) -+ return -1; -+ -+ FILE *osfile = fopen("/etc/os-release", "r"); -+ char os[len]; -+ fgets(os, len, osfile); -+ if (strcasestr(os, term) != NULL) -+ return 1; -+ -+ return 0; -+} -+ -+/* -+ detects if the LadyBird browser -+ has been built on this machine -+ or if the binary exists in $PATH -+*/ -+static unsigned detect_ladybird(void) { -+ -+ /* name of the ladybird binary */ -+ const char* ladybird_bin = "/ladybird"; -+ -+ /* check if build variable is available */ -+ char* LADYBIRD_SOURCE_DIR = getenv("LADYBIRD_SOURCE_DIR"); -+ if (LADYBIRD_SOURCE_DIR != NULL) -+ return 1; -+ -+ char* PATH = getenv("PATH"); -+ if (PATH == NULL) -+ return 0; -+ -+ /* this value will get mutated so we need to duplicate it */ -+ char* path = strdup(PATH); -+ /* loop through PATH until we find a file named "ladybird" */ -+ char* path_iter = strtok(path, ":"); -+ char* abs_path = malloc(256); -+ while (path_iter != NULL) { -+ strncat(abs_path, path_iter, 128); -+ strncat(abs_path, ladybird_bin, 128); -+ /* if we do NOT find the binary at current path, keep going */ -+ if (access(abs_path, F_OK) != 0){ -+ path_iter = strtok(NULL, ":"); -+ abs_path[0] = 0; -+ continue; -+ } -+ free(abs_path); -+ free(path); -+ return 1; -+ } -+ free(abs_path); -+ free(path); -+ return 0; -+} -+ -+/* detects if hyprland is installed */ -+static unsigned detect_hyprland(void) { -+ const char* hyprland_config = "/hypr/hyprland.conf"; -+ const char* XDG_CONFIG_HOME = getenv("XDG_CONFIG_HOME"); -+ const char* HOME = getenv("HOME"); -+ int maxlen = 128; -+ -+ char *hyprland_abs_path = malloc(maxlen); -+ -+ if (XDG_CONFIG_HOME != NULL) { -+ strncat(hyprland_abs_path, XDG_CONFIG_HOME, maxlen - strlen(hyprland_config)); -+ } else if (HOME != NULL) { -+ strncat(hyprland_abs_path, HOME, maxlen - strlen(hyprland_config)); -+ strcat(hyprland_abs_path, "/.config"); -+ } else { -+ return 0; -+ } -+ strcat(hyprland_abs_path, hyprland_config); -+ if (access(hyprland_abs_path, F_OK) == 0){ -+ free(hyprland_abs_path); -+ return 1; -+ } -+ free(hyprland_abs_path); -+ return 0; -+} -+ -+/* detects if this is dhh's computer using his ssh pubkey */ -+static int detect_dhh(void) { -+ /* fingerprint of dhh's ssh public key */ -+ const char *dhh_fingerprint = "SHA256:YCKX7xo5Hkihy/NVH5ang8Oty9q8Vvqu4sxI7EbDxPg"; -+ /* path to ssh pubkey */ -+ const char *ssh_pubkey = "/.ssh/id_ed25519.pub"; -+ /* command to generate fingerprint */ -+ const char *ssh_fingerpint_cmd = "ssh-keygen -E sha256 -lf "; -+ -+ /* get the home directory */ -+ char *HOME = getenv("HOME"); -+ -+ if (HOME == NULL) -+ return -1; -+ /* check if we have read access to the public key on disk */ -+ char *ssh_pubkey_abs_path = (char *)malloc(strlen(HOME) + strlen(ssh_pubkey) + 1); -+ ssh_pubkey_abs_path[0] = 0; -+ strcat(ssh_pubkey_abs_path, HOME); -+ strcat(ssh_pubkey_abs_path, ssh_pubkey); -+ if (access(ssh_pubkey_abs_path, F_OK) != 0) -+ return 0; -+ -+ /* generate a fingerprint of it */ -+ char *get_fingerprint_cmd = (char *)malloc(strlen(ssh_fingerpint_cmd) + strlen(ssh_pubkey_abs_path) + 1); -+ get_fingerprint_cmd[0] = 0; -+ strcat(get_fingerprint_cmd, ssh_fingerpint_cmd); -+ strcat(get_fingerprint_cmd, ssh_pubkey_abs_path); -+ -+ char fingerprint[70]; -+ FILE *fingerprint_cmd_output = popen(get_fingerprint_cmd, "r"); -+ -+ if (fingerprint_cmd_output == NULL) -+ return -1; -+ fgets(fingerprint, 70, fingerprint_cmd_output); -+ -+ /* free memory */ -+ pclose(fingerprint_cmd_output); -+ free(ssh_pubkey_abs_path); -+ free(get_fingerprint_cmd); -+ -+ /* comare it to DHH's fingerprint */ -+ if (strstr(fingerprint, dhh_fingerprint) != NULL) -+ return 1; -+ return 0; -+} -+ -+static int help(void) { -+ _cleanup_free_ char *link = NULL; -+ int r; -+ -+ r = terminal_urlify_man("systemd-detect-fash", "1", &link); -+ if (r < 0) -+ return log_oom(); -+ -+ printf("%s [OPTIONS...]\n\n" -+ "Detect execution in a fascist environment.\n\n" -+ " -h --help Show this help\n" -+ " --version Show package version\n" -+ " -q --quiet Quiet mode\n" -+ " -o --omarchy Only detect omarchy\n" -+ " -l --ladybird Only detect ladybird\n" -+ " -y --hyprland Only detect hyprland\n" -+ " -d --dhh Only detect dhh\n" -+ "\nSee the %s for details.\n", -+ program_invocation_short_name, -+ link); -+ -+ return 0; -+} -+ -+static int parse_argv(int argc, char *argv[]) { -+ -+ enum { -+ ARG_VERSION = 0x100, -+ ARG_OMARCHY, -+ ARG_LADYBIRD, -+ ARG_HYPRLAND, -+ ARG_DHH -+ }; -+ -+ static const struct option options[] = { -+ { "help", no_argument, NULL, 'h' }, -+ { "version", no_argument, NULL, ARG_VERSION }, -+ { "omarchy", no_argument, NULL, 'o' }, -+ { "ladybird", no_argument, NULL, 'l' }, -+ { "hyprland", no_argument, NULL, 'y' }, -+ { "dhh", no_argument, NULL, 'd' }, -+ {} -+ }; -+ -+ int c; -+ -+ assert(argc >= 0); -+ assert(argv); -+ -+ while ((c = getopt_long(argc, argv, "hqolyd", options, NULL)) >= 0) -+ -+ switch (c) { -+ -+ case 'h': -+ return help(); -+ -+ case ARG_VERSION: -+ return version(); -+ -+ case 'q': -+ arg_quiet = true; -+ break; -+ -+ case 'l': -+ arg_mode = ONLY_LADYBIRD; -+ break; -+ -+ case 'o': -+ arg_mode = ONLY_OMARCHY; -+ break; -+ -+ case 'y': -+ arg_mode = ONLY_HYPRLAND; -+ break; -+ -+ case 'd': -+ arg_mode = ONLY_DHH; -+ break; -+ -+ case '?': -+ return -EINVAL; -+ -+ default: -+ assert_not_reached(); -+ } -+ return 1; -+} -+ -+static int run(int argc, char *argv[]) { -+ int dhh = 0; -+ int hyprland = 0; -+ int ladybird = 0; -+ int omarchy = 0; -+ int fascism = 0; -+ int r; -+ -+ /* This is mostly intended to be used for scripts which want -+ * to detect whether we are being run in a fascist -+ * environment or not */ -+ -+ log_setup(); -+ -+ r = parse_argv(argc, argv); -+ if (r <= 0) -+ return r; -+ -+ switch (arg_mode) { -+ case ONLY_OMARCHY: -+ omarchy = detect_omarchy(); -+ fascism = omarchy; -+ if (omarchy < 0) -+ return log_error_errno(fascism, "Failed to check for omarchy: %m"); -+ break; -+ -+ case ONLY_LADYBIRD: -+ ladybird = detect_ladybird(); -+ fascism = ladybird; -+ if (ladybird < 0) -+ return log_error_errno(fascism, "Failed to check for ladybird: %m"); -+ break; -+ -+ case ONLY_HYPRLAND: -+ hyprland = detect_hyprland(); -+ fascism = hyprland; -+ if (hyprland < 0) -+ return log_error_errno(fascism, "Failed to check for hyprland: %m"); -+ break; -+ -+ case ONLY_DHH: -+ dhh = detect_dhh(); -+ fascism = dhh; -+ if (dhh < 0) -+ return log_error_errno(fascism, "Failed to check for dhh: %m"); -+ break; -+ -+ case ANY_FASCISM: -+ default: -+ ladybird = detect_ladybird(); -+ omarchy = detect_omarchy(); -+ hyprland = detect_hyprland(); -+ dhh = detect_dhh(); -+ fascism = (ladybird | omarchy | hyprland | dhh); -+ if (fascism < 0) -+ return log_error_errno(fascism, "Failed to check for fascism: %m"); -+ } -+ -+ if (!arg_quiet) { -+ if (ladybird) puts("ladybird"); -+ if (omarchy) puts("omarchy"); -+ if (dhh) puts("dhh"); -+ if (hyprland) puts("hyprland"); -+ } -+ return fascism; -+} -+ -+DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run); -diff --git a/src/detect-fash/meson.build b/src/detect-fash/meson.build -new file mode 100644 -index 0000000000000..f4cca34117e7b ---- /dev/null -+++ b/src/detect-fash/meson.build -@@ -0,0 +1,9 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+ -+executables += [ -+ executable_template + { -+ 'name' : 'systemd-detect-fash', -+ 'public' : true, -+ 'sources' : files('detect-fash.c'), -+ }, -+] - -From 825072a331cb6d7464eb4479c4998ab0d020e32f Mon Sep 17 00:00:00 2001 -From: soscho2143 -Date: Sun, 12 Oct 2025 14:18:49 -0400 -Subject: [PATCH 2/2] detect-fash: added to meson.build - ---- - meson.build | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/meson.build b/meson.build -index c67e7b6c30de4..76c625d22080d 100644 ---- a/meson.build -+++ b/meson.build -@@ -2353,6 +2353,7 @@ subdir('src/cryptenroll') - subdir('src/cryptsetup') - subdir('src/debug-generator') - subdir('src/delta') -+subdir('src/detect-fash') - subdir('src/detect-virt') - subdir('src/dissect') - subdir('src/environment-d-generator') diff --git a/pkgs/altsendme/default.nix b/pkgs/altsendme/default.nix deleted file mode 100644 index e69de29..0000000 diff --git a/pkgs/default.nix b/pkgs/default.nix index c979e58..464322b 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -14,6 +14,4 @@ pkgs: { phanpy = pkgs.callPackage ./phanpy {}; auto-mount = pkgs.callPackage ./auto-mount {}; simple-completion-language-server = pkgs.callPackage ./simple-completion-language-server {}; - freetube-0236 = pkgs.callPackage ./freetube-0.23.6 {}; - ttf-ms-win10 = pkgs.callPackage ./ttf-ms-win10 {}; } diff --git a/pkgs/fcast/default.nix b/pkgs/fcast/default.nix new file mode 100644 index 0000000..3919a72 --- /dev/null +++ b/pkgs/fcast/default.nix @@ -0,0 +1,202 @@ +{ + lib, + buildNpmPackage, + cargo, + copyDesktopItems, + dbus, + electron_28, + fetchFromGitLab, + glib, + gnome, + gtk3, + jq, + libsecret, + makeDesktopItem, + makeWrapper, + moreutils, + napi-rs-cli, + nodejs_18, + patchutils_0_4_2, + pkg-config, + python3, + runCommand, + rustc, + rustPlatform, +}: let + description = "A secure and free password manager for all of your devices"; + icon = "bitwarden"; + electron = electron_28; +in + buildNpmPackage rec { + pname = "bitwarden-desktop"; + version = "2024.3.0"; + + src = fetchFromGitLab { + owner = "videostreaming"; + repo = "fcast"; + rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539"; + hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g="; + }; + + patches = [ + ./electron-builder-package-lock.patch + ]; + + # The nested package-lock.json from upstream is out-of-date, so copy the + # lock metadata from the root package-lock.json. + postPatch = '' + cat {,apps/desktop/src/}package-lock.json \ + | ${lib.getExe jq} -s ' + .[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2 + | .[0].packages."" = .[1].packages."" + | .[1].packages = .[0].packages + | .[1] + ' \ + | ${moreutils}/bin/sponge apps/desktop/src/package-lock.json + ''; + + nodejs = nodejs_18; + + makeCacheWritable = true; + npmFlags = ["--legacy-peer-deps"]; + npmWorkspace = "apps/desktop"; + npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc="; + + cargoDeps = rustPlatform.fetchCargoTarball { + name = "${pname}-${version}"; + inherit src; + patches = + map + ( + patch: + runCommand + (builtins.baseNameOf patch) + {nativeBuildInputs = [patchutils_0_4_2];} + '' + < ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out + '' + ) + patches; + patchFlags = ["-p4"]; + sourceRoot = "${src.name}/${cargoRoot}"; + hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI="; + }; + cargoRoot = "apps/desktop/desktop_native"; + + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + nativeBuildInputs = [ + cargo + copyDesktopItems + jq + makeWrapper + moreutils + napi-rs-cli + pkg-config + python3 + rustc + rustPlatform.cargoCheckHook + rustPlatform.cargoSetupHook + ]; + + buildInputs = [ + glib + gtk3 + libsecret + ]; + + preBuild = '' + if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then + echo 'ERROR: electron version mismatch' + exit 1 + fi + ''; + + postBuild = '' + pushd apps/desktop + + # desktop_native/index.js loads a file of that name regarldess of the libc being used + mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node + + npm exec electron-builder -- \ + --dir \ + -c.electronDist=${electron}/libexec/electron \ + -c.electronVersion=${electron.version} + + popd + ''; + + doCheck = true; + + nativeCheckInputs = [ + dbus + (gnome.gnome-keyring.override {useWrappedDaemon = false;}) + ]; + + checkFlags = [ + "--skip=password::password::tests::test" + ]; + + checkPhase = '' + runHook preCheck + + pushd ${cargoRoot} + export HOME=$(mktemp -d) + export -f cargoCheckHook runHook _eval _callImplicitHook + export cargoCheckType=release + dbus-run-session \ + --config-file=${dbus}/share/dbus-1/session.conf \ + -- bash -e -c cargoCheckHook + popd + + runHook postCheck + ''; + + installPhase = '' + runHook preInstall + + mkdir $out + + pushd apps/desktop/dist/linux-unpacked + mkdir -p $out/opt/Bitwarden + cp -r locales resources{,.pak} $out/opt/Bitwarden + popd + + makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \ + --add-flags $out/opt/Bitwarden/resources/app.asar \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default ELECTRON_IS_DEV 0 \ + --inherit-argv0 + + pushd apps/desktop/resources/icons + for icon in *.png; do + dir=$out/share/icons/hicolor/"''${icon%.png}"/apps + mkdir -p "$dir" + cp "$icon" "$dir"/${icon}.png + done + popd + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + name = "bitwarden"; + exec = "bitwarden %U"; + inherit icon; + comment = description; + desktopName = "Bitwarden"; + categories = ["Utility"]; + }) + ]; + + meta = { + changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}"; + inherit description; + homepage = "https://bitwarden.com"; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [amarshall kiwi]; + platforms = ["x86_64-linux"]; + mainProgram = "bitwarden"; + }; + } diff --git a/pkgs/freetube-0.23.6/default.nix b/pkgs/freetube-0.23.6/default.nix deleted file mode 100644 index 8391130..0000000 --- a/pkgs/freetube-0.23.6/default.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - lib, - stdenvNoCC, - fetchFromGitHub, - fetchYarnDeps, - replaceVars, - makeDesktopItem, - - nodejs, - yarnConfigHook, - yarnBuildHook, - makeShellWrapper, - copyDesktopItems, - electron, - - nixosTests, -}: -let - description = "Open Source YouTube app for privacy"; -in -stdenvNoCC.mkDerivation (finalAttrs: { - pname = "freetube"; - version = "0.23.6"; - - src = fetchFromGitHub { - owner = "FreeTubeApp"; - repo = "FreeTube"; - tag = "v${finalAttrs.version}-beta"; - hash = "sha256-Z1L45RHlmylfqKBY37PC5TQ3ubOgH0AHFGM7VkmtkZ0="; - }; - - # Darwin requires writable Electron dist - postUnpack = - if stdenvNoCC.hostPlatform.isDarwin then - '' - cp -r ${electron.dist} electron-dist - chmod -R u+w electron-dist - '' - else - '' - ln -s ${electron.dist} electron-dist - ''; - - patches = [ - (replaceVars ./patch-build-script.patch { - electron-version = electron.version; - }) - ]; - - yarnOfflineCache = fetchYarnDeps { - yarnLock = "${finalAttrs.src}/yarn.lock"; - hash = "sha256-ia5wLRt3Hmo4/dsB1/rhGWGJ7LMnVR9ju9lSlQZDTTg="; - }; - - nativeBuildInputs = [ - nodejs - yarnConfigHook - yarnBuildHook - makeShellWrapper - copyDesktopItems - ]; - - installPhase = '' - runHook preInstall - '' - + lib.optionalString stdenvNoCC.hostPlatform.isLinux '' - mkdir -p $out/share/freetube - cp -r build/*-unpacked/{locales,resources{,.pak}} -t $out/share/freetube - - makeWrapper ${lib.getExe electron} $out/bin/freetube \ - --add-flags "$out/share/freetube/resources/app.asar" \ - --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime=true}}" - - install -D _icons/icon.svg $out/share/icons/hicolor/scalable/apps/freetube.svg - '' - + lib.optionalString stdenvNoCC.hostPlatform.isDarwin '' - mkdir -p $out/Applications - cp -r build/mac*/FreeTube.app $out/Applications - ln -s "$out/Applications/FreeTube.app/Contents/MacOS/FreeTube" $out/bin/freetube - '' - + '' - runHook postInstall - ''; - - desktopItems = [ - (makeDesktopItem { - name = "freetube"; - desktopName = "FreeTube"; - comment = description; - exec = "freetube %U"; - terminal = false; - type = "Application"; - icon = "freetube"; - startupWMClass = "FreeTube"; - mimeTypes = [ "x-scheme-handler/freetube" ]; - categories = [ "Network" ]; - }) - ]; - - passthru.tests = nixosTests.freetube; - - meta = { - inherit description; - homepage = "https://freetubeapp.io/"; - license = lib.licenses.agpl3Only; - maintainers = with lib.maintainers; [ - ryneeverett - pentane - ryand56 - sigmasquadron - ddogfoodd - ]; - badPlatforms = [ - # output app is called "Electron.app" while derivation expects "FreeTube.app" - #see: https://github.com/NixOS/nixpkgs/pull/384596#issuecomment-2677141349 - lib.systems.inspect.patterns.isDarwin - ]; - inherit (electron.meta) platforms; - mainProgram = "freetube"; - }; -}) diff --git a/pkgs/freetube-0.23.6/patch-build-script.patch b/pkgs/freetube-0.23.6/patch-build-script.patch deleted file mode 100644 index c543391..0000000 --- a/pkgs/freetube-0.23.6/patch-build-script.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/_scripts/ebuilder.config.js b/_scripts/ebuilder.config.js -index 5b79d961..9f5945d2 100644 ---- a/_scripts/ebuilder.config.js -+++ b/_scripts/ebuilder.config.js -@@ -1,6 +1,8 @@ - const { name, productName } = require('../package.json') - - const config = { -+ electronVersion: "@electron-version@", -+ electronDist: "electron-dist", - appId: `io.freetubeapp.${name}`, - copyright: 'Copyleft © 2020-2024 freetubeapp@protonmail.com', - // asar: false, diff --git a/pkgs/install-nix-no-inhibit/default.nix b/pkgs/install-nix-no-inhibit/default.nix index a1dff9e..622170a 100644 --- a/pkgs/install-nix-no-inhibit/default.nix +++ b/pkgs/install-nix-no-inhibit/default.nix @@ -1,6 +1,5 @@ { git, - nix-output-monitor, gum, writeShellApplication, }: @@ -8,7 +7,7 @@ writeShellApplication { name = "install-nix-no-inhibit"; - runtimeInputs = [git gum nix-output-monitor]; + runtimeInputs = [git gum]; text = '' # An install script for NixOS installation to /tmp @@ -37,8 +36,8 @@ writeShellApplication --mode zap_create_mount \ "./disko/''${dir}/default.nix" echo "NixOS Installing..." - sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json - sudo nixos-install --flake .#"''${dir}" --show-trace --log-format internal-json -v |& nom --json + sudo nixos-install --flake .#"''${dir}" + sudo nixos-install --flake .#"''${dir}" popd > /dev/null echo "Cleaning up repository in '/tmp/install-nix'..." rm -rf ./install-nix diff --git a/pkgs/rebuild-no-inhibit/default.nix b/pkgs/rebuild-no-inhibit/default.nix index 207a086..e4bd280 100644 --- a/pkgs/rebuild-no-inhibit/default.nix +++ b/pkgs/rebuild-no-inhibit/default.nix @@ -1,13 +1,9 @@ -{ - writeShellApplication, - nix-output-monitor, - just, -}: +{writeShellApplication}: writeShellApplication { name = "rebuild-no-inhibit"; - runtimeInputs = [nix-output-monitor just]; + runtimeInputs = []; text = '' # A rebuild script for NixOS @@ -18,11 +14,7 @@ writeShellApplication git clone https://codeberg.org/Lillian-Violet/NixOS-Config.git ./rebuild pushd ./rebuild > /dev/null echo "NixOS Rebuilding..." - if [ "''$HOSTNAME" = shodan ]; then - just boot - else - just build - fi + sudo nixos-rebuild switch --flake .# popd > /dev/null echo "Cleaning up repository in '/tmp/rebuild'..." rm -rf ./rebuild diff --git a/pkgs/simple-completion-language-server/default.nix b/pkgs/simple-completion-language-server/default.nix index 4ab8766..00d16a2 100644 --- a/pkgs/simple-completion-language-server/default.nix +++ b/pkgs/simple-completion-language-server/default.nix @@ -5,16 +5,16 @@ }: rustPlatform.buildRustPackage rec { pname = "simple-completion-language-server"; - version = "6c797949ad5a6e9548b60b5475d1c9977f26c811"; + version = "ff9f90bc96c347f284571bc6310bc31f95508d55"; src = fetchFromGitHub { owner = "estin"; repo = pname; rev = version; - hash = "sha256-cITZdlDB03i7gOYbahV99wZOQ7tisnqdT/N2Z12oLFM="; + hash = "sha256-qybbZXjKzKcc6UXfAjwmkkB+qEUuGQXABRbMj7bNksM="; }; - cargoHash = "sha256-nannF4BKRLCcsS7VznzEHqrhLHYvN4X22t8jud87XEM="; + cargoHash = "sha256-VTz2Fm+PRUPM5+u9D+2TzGGIEQwb1j0Lz0WRaQ5/Yzo="; meta = with lib; { description = "Language server to enable word completion and snippets for Helix editor"; homepage = "https://github.com/estin/simple-completion-language-server"; diff --git a/pkgs/simple-completion-language-server/result b/pkgs/simple-completion-language-server/result new file mode 120000 index 0000000..5a7c687 --- /dev/null +++ b/pkgs/simple-completion-language-server/result @@ -0,0 +1 @@ +/nix/store/3l0wgxsvf5sz2q9sgyj0blc1ivzg808b-simple-completion-language-server-ff9f90bc96c347f284571bc6310bc31f95508d55 \ No newline at end of file diff --git a/pkgs/ttf-ms-win10/default.nix b/pkgs/ttf-ms-win10/default.nix deleted file mode 100644 index 17a5407..0000000 --- a/pkgs/ttf-ms-win10/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - stdenvNoCC, - fetchzip, -}: -stdenvNoCC.mkDerivation rec { - pname = "ttf-ms-win10"; - version = "1.0"; - - src = fetchzip { - url = "https://github.com/streetsamurai00mi/ttf-ms-win10/archive/refs/heads/build.zip"; - hash = "sha256-UwkHlrSRaXhfoMlimyXFETV9yq1SbvUXykrhigf+wP8="; - }; - - installPhase = '' - runHook preInstall - - install -Dm644 *.ttf -t $out/share/fonts/truetype - - runHook postInstall - ''; - - meta = with lib; { - homepage = "https://github.com/streetsamurai00mi/ttf-ms-win10"; - description = "Windows 10 ttf Fonts"; - license = licenses.unfree; - maintainers = []; - }; -}