diff --git a/ada/services/firewalld.nix b/ada/services/firewalld.nix index 7cd83ae..59366bb 100644 --- a/ada/services/firewalld.nix +++ b/ada/services/firewalld.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { firewalld = { enable = true; diff --git a/flake.lock b/flake.lock index 15fe6de..c7317d3 100644 --- a/flake.lock +++ b/flake.lock @@ -208,6 +208,64 @@ } }, "cachix": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1774017633, + "narHash": "sha256-CWhnwL2M83/ItapPVeJqCevRoQttesYxJ1h0Mo6ZCXs=", + "owner": "cachix", + "repo": "cachix", + "rev": "e8be573b417f3daa3dd4cb9052178f848e0c9d1d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": [ + "cachix", + "devenv" + ], + "flake-compat": [ + "cachix", + "devenv", + "flake-compat" + ], + "git-hooks": [ + "cachix", + "devenv", + "git-hooks" + ], + "nixpkgs": [ + "cachix", + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760971495, + "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", + "owner": "cachix", + "repo": "cachix", + "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "cachix_3": { "inputs": { "devenv": [ "devenv" @@ -277,7 +335,7 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -350,8 +408,8 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_5", "utils": "utils" }, "locked": { @@ -370,13 +428,46 @@ }, "devenv": { "inputs": { - "cachix": "cachix", - "flake-compat": "flake-compat_3", + "cachix": "cachix_2", + "flake-compat": [ + "cachix", + "flake-compat" + ], "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", + "git-hooks": [ + "cachix", + "git-hooks" + ], "nix": "nix", "nixd": "nixd", - "nixpkgs": "nixpkgs_5" + "nixpkgs": [ + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772738982, + "narHash": "sha256-9MN0FV0XeYJV7kFtUxY6uQMxbZmlrPQLUm3yLbEEJ7Q=", + "owner": "cachix", + "repo": "devenv", + "rev": "22ec127af85396b04af045ec20d004d11a0675af", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "devenv_2": { + "inputs": { + "cachix": "cachix_3", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks_2", + "nix": "nix_2", + "nixd": "nixd_2", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1771066302, @@ -413,24 +504,6 @@ "type": "github" } }, - "devshell_2": { - "inputs": { - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1768818222, - "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", - "owner": "numtide", - "repo": "devshell", - "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -473,6 +546,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_7", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1774423251, + "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -506,6 +598,20 @@ } }, "flake-compat_10": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_11": { "flake": false, "locked": { "lastModified": 1767039857, @@ -521,30 +627,14 @@ "type": "github" } }, - "flake-compat_11": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -569,7 +659,39 @@ "type": "github" } }, + "flake-compat_14": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1733328505, @@ -585,7 +707,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1761588595, @@ -601,34 +723,18 @@ "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_5": { "flake": false, "locked": { "lastModified": 1767039857, "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -650,22 +756,6 @@ } }, "flake-compat_7": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { "flake": false, "locked": { "lastModified": 1767039857, @@ -681,18 +771,36 @@ "type": "github" } }, - "flake-compat_9": { + "flake-compat_8": { + "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "revCount": 69, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69" + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" } }, "flake-parts": { @@ -717,6 +825,27 @@ } }, "flake-parts_10": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_11": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_6" }, @@ -734,7 +863,7 @@ "type": "github" } }, - "flake-parts_11": { + "flake-parts_12": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -755,7 +884,7 @@ "type": "github" } }, - "flake-parts_12": { + "flake-parts_13": { "inputs": { "nixpkgs-lib": [ "system-manager", @@ -798,6 +927,7 @@ "flake-parts_3": { "inputs": { "nixpkgs-lib": [ + "cachix", "devenv", "nixpkgs" ] @@ -817,6 +947,27 @@ } }, "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -834,7 +985,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -851,7 +1002,7 @@ "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -872,7 +1023,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, @@ -890,7 +1041,7 @@ "type": "github" } }, - "flake-parts_8": { + "flake-parts_9": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_5" }, @@ -908,28 +1059,22 @@ "type": "github" } }, - "flake-parts_9": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, + "flake-root": { "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "lastModified": 1723604017, + "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", + "owner": "srid", + "repo": "flake-root", + "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "flake-parts", + "owner": "srid", + "repo": "flake-root", "type": "github" } }, - "flake-root": { + "flake-root_2": { "locked": { "lastModified": 1723604017, "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", @@ -1014,10 +1159,10 @@ }, "freesm": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "libnbtplusplus": "libnbtplusplus", "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1770541033, @@ -1052,10 +1197,56 @@ "git-hooks": { "inputs": { "flake-compat": [ - "devenv", + "cachix", "flake-compat" ], "gitignore": "gitignore_2", + "nixpkgs": [ + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772665116, + "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_4", + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "gitignore": "gitignore_3", "nixpkgs": [ "devenv", "nixpkgs" @@ -1075,30 +1266,10 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_3", - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1770726378, - "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "github-actions-nix": { "inputs": { - "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_9" + "flake-parts": "flake-parts_6", + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1770427665, @@ -1139,7 +1310,7 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "devenv", + "cachix", "git-hooks", "nixpkgs" ] @@ -1161,7 +1332,8 @@ "gitignore_3": { "inputs": { "nixpkgs": [ - "git-hooks-nix", + "devenv", + "git-hooks", "nixpkgs" ] }, @@ -1180,6 +1352,27 @@ } }, "gitignore_4": { + "inputs": { + "nixpkgs": [ + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "hyprland", @@ -1201,7 +1394,7 @@ "type": "github" } }, - "gitignore_5": { + "gitignore_6": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -1223,7 +1416,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_7": { "inputs": { "nixpkgs": [ "system-manager", @@ -1445,7 +1638,7 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "pre-commit-hooks": "pre-commit-hooks_2", "systems": "systems_4", "xdph": "xdph" @@ -1748,8 +1941,8 @@ "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_6", + "flake-compat": "flake-compat_8", + "flake-parts": "flake-parts_7", "nixpkgs": [ "nixpkgs" ], @@ -1789,7 +1982,7 @@ }, "ndg": { "inputs": { - "nixpkgs": "nixpkgs_16" + "nixpkgs": "nixpkgs_17" }, "locked": { "lastModified": 1768214250, @@ -1808,7 +2001,7 @@ }, "nekoflake": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1744631782, @@ -1827,34 +2020,40 @@ "nix": { "inputs": { "flake-compat": [ + "cachix", "devenv", "flake-compat" ], "flake-parts": [ + "cachix", "devenv", "flake-parts" ], "git-hooks-nix": [ + "cachix", "devenv", "git-hooks" ], "nixpkgs": [ + "cachix", "devenv", "nixpkgs" ], "nixpkgs-23-11": [ + "cachix", "devenv" ], "nixpkgs-regression": [ + "cachix", "devenv" ] }, "locked": { - "lastModified": 1770395975, - "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", + "lastModified": 1771532737, + "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", "owner": "cachix", "repo": "nix", - "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", + "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", "type": "github" }, "original": { @@ -1866,9 +2065,9 @@ }, "nix-bwrapper": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" }, "locked": { "lastModified": 1770308099, @@ -1888,9 +2087,9 @@ "inputs": { "cachyos-kernel": "cachyos-kernel", "cachyos-kernel-patches": "cachyos-kernel-patches", - "flake-compat": "flake-compat_8", - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_15" + "flake-compat": "flake-compat_9", + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1771091677, @@ -2031,10 +2230,10 @@ }, "nix-mineral": { "inputs": { - "flake-compat": "flake-compat_9", - "flake-parts": "flake-parts_8", + "flake-compat": "flake-compat_10", + "flake-parts": "flake-parts_9", "ndg": "ndg", - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1771115839, @@ -2099,14 +2298,56 @@ "type": "github" } }, + "nix_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "flake-parts": [ + "devenv", + "flake-parts" + ], + "git-hooks-nix": [ + "devenv", + "git-hooks" + ], + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "nixpkgs-23-11": [ + "devenv" + ], + "nixpkgs-regression": [ + "devenv" + ] + }, + "locked": { + "lastModified": 1770395975, + "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", + "owner": "cachix", + "repo": "nix", + "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "devenv-2.32", + "repo": "nix", + "type": "github" + } + }, "nixd": { "inputs": { "flake-parts": [ + "cachix", "devenv", "flake-parts" ], "flake-root": "flake-root", "nixpkgs": [ + "cachix", "devenv", "nixpkgs" ], @@ -2126,6 +2367,33 @@ "type": "github" } }, + "nixd_2": { + "inputs": { + "flake-parts": [ + "devenv", + "flake-parts" + ], + "flake-root": "flake-root_2", + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1763964548, + "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", + "owner": "nix-community", + "repo": "nixd", + "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixd", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -2144,12 +2412,12 @@ "nixos-anywhere": { "inputs": { "disko": "disko_2", - "flake-parts": "flake-parts_9", + "flake-parts": "flake-parts_10", "nix-vm-test": "nix-vm-test", "nixos-images": "nixos-images", "nixos-stable": "nixos-stable", - "nixpkgs": "nixpkgs_18", - "treefmt-nix": "treefmt-nix_4" + "nixpkgs": "nixpkgs_19", + "treefmt-nix": "treefmt-nix_5" }, "locked": { "lastModified": 1769956140, @@ -2167,9 +2435,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_10", - "flake-parts": "flake-parts_10", - "nixpkgs": "nixpkgs_19", + "flake-compat": "flake-compat_11", + "flake-parts": "flake-parts_11", + "nixpkgs": "nixpkgs_20", "optnix": "optnix" }, "locked": { @@ -2250,8 +2518,8 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_12", - "nixpkgs": "nixpkgs_21" + "flake-compat": "flake-compat_13", + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1770657009, @@ -2423,6 +2691,20 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", + "revCount": 940249, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.940249%2Brev-00c21e4c93d963c50d4c0c89bfa84ed6e0694df2/019c2c37-21f9-727c-86c5-0523e601d163/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770841267, "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", @@ -2438,7 +2720,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1742283249, "narHash": "sha256-hYz59vIFHjPt3l4iaXwCGUPu85EVRomzZRONksMVmgY=", @@ -2453,7 +2735,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -2469,7 +2751,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1767892417, "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", @@ -2485,7 +2767,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -2501,7 +2783,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1771045105, "narHash": "sha256-6/VriPJZPqQfOyujd1AEjSYzgP/In4dtmQAbvhkkhyI=", @@ -2517,7 +2799,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1766070988, "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", @@ -2533,7 +2815,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1755593991, "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", @@ -2549,7 +2831,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1769900851, "narHash": "sha256-RgCgXS3WiG9c/1wxFM6OXmmv39dSaLLON9VeAbTTAIM=", @@ -2565,22 +2847,6 @@ "type": "github" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1770197578, @@ -2598,6 +2864,22 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -2613,7 +2895,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -2629,7 +2911,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1771008912, "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", @@ -2645,7 +2927,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1770380644, "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", @@ -2661,7 +2943,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -2677,7 +2959,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_26": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -2693,7 +2975,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_27": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -2708,6 +2990,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1764950072, "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", @@ -2723,7 +3021,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1743014863, "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", @@ -2739,7 +3037,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1761313199, "narHash": "sha256-wCIACXbNtXAlwvQUo1Ed++loFALPjYUA3dpcUJiXO44=", @@ -2755,23 +3053,23 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { - "lastModified": 1762156382, - "narHash": "sha256-Yg7Ag7ov5+36jEFC1DaZh/12SEXo6OO3/8rqADRxiqs=", - "owner": "NixOS", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "7241bcbb4f099a66aafca120d37c65e8dda32717", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -2787,7 +3085,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770073757, "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", @@ -2803,20 +3101,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", - "revCount": 940249, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.940249%2Brev-00c21e4c93d963c50d4c0c89bfa84ed6e0694df2/019c2c37-21f9-727c-86c5-0523e601d163/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" - } - }, "nmd": { "inputs": { "nixpkgs": [ @@ -2904,7 +3188,7 @@ "inputs": { "flake-utils": "flake-utils_2", "ixx": "ixx", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1768249818, @@ -2922,8 +3206,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_11", - "nixpkgs": "nixpkgs_20" + "flake-compat": "flake-compat_12", + "nixpkgs": "nixpkgs_21" }, "locked": { "lastModified": 1765418479, @@ -2968,7 +3252,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -2996,7 +3280,7 @@ "userborn", "flake-compat" ], - "gitignore": "gitignore_6", + "gitignore": "gitignore_7", "nixpkgs": [ "system-manager", "userborn", @@ -3019,8 +3303,8 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_4", + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_5", "nixpkgs": [ "hyprland", "nixpkgs" @@ -3065,12 +3349,13 @@ "agenix": "agenix", "agenix-rekey": "agenix-rekey", "ayugram-desktop": "ayugram-desktop", + "cachix": "cachix", "chaotic": "chaotic", "deploy-rs": "deploy-rs", - "devenv": "devenv", - "devshell": "devshell_2", + "devenv": "devenv_2", "disko": "disko", - "flake-parts": "flake-parts_4", + "fenix": "fenix", + "flake-parts": "flake-parts_5", "freesm": "freesm", "git-hooks-nix": "git-hooks-nix", "github-actions-nix": "github-actions-nix", @@ -3092,17 +3377,34 @@ "nixos-cli": "nixos-cli", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_22", + "nixpkgs": "nixpkgs_23", "noctalia": "noctalia", "quickshell": "quickshell", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix", "system-manager": "system-manager", - "treefmt-nix": "treefmt-nix_5", + "treefmt-nix": "treefmt-nix_6", "vscserver": "vscserver" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1774376228, + "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "eabb84b771420b8396ab4bb4747694302d9be277", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -3184,7 +3486,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1770683991, @@ -3228,9 +3530,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_11", + "flake-parts": "flake-parts_12", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_25", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", @@ -3514,6 +3816,7 @@ "treefmt-nix_2": { "inputs": { "nixpkgs": [ + "cachix", "devenv", "nixd", "nixpkgs" @@ -3535,7 +3838,29 @@ }, "treefmt-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_14" + "nixpkgs": [ + "devenv", + "nixd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734704479, + "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { + "inputs": { + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1770228511, @@ -3551,7 +3876,7 @@ "type": "github" } }, - "treefmt-nix_4": { + "treefmt-nix_5": { "inputs": { "nixpkgs": [ "nixos-anywhere", @@ -3572,9 +3897,9 @@ "type": "github" } }, - "treefmt-nix_5": { + "treefmt-nix_6": { "inputs": { - "nixpkgs": "nixpkgs_25" + "nixpkgs": "nixpkgs_26" }, "locked": { "lastModified": 1770228511, @@ -3592,8 +3917,8 @@ }, "userborn": { "inputs": { - "flake-compat": "flake-compat_13", - "flake-parts": "flake-parts_12", + "flake-compat": "flake-compat_14", + "flake-parts": "flake-parts_13", "nixpkgs": [ "system-manager", "nixpkgs" @@ -3637,7 +3962,7 @@ "vscserver": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_26" + "nixpkgs": "nixpkgs_27" }, "locked": { "lastModified": 1770124655, diff --git a/flake.nix b/flake.nix index af37367..aa0b97a 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,13 @@ repo = "ayugram-desktop"; }; + "cachix" = { + flake = true; + type = "github"; + owner = "cachix"; + repo = "cachix"; + }; + "chaotic" = { flake = true; type = "github"; @@ -51,13 +58,6 @@ repo = "devenv"; }; - "devshell" = { - flake = true; - type = "github"; - owner = "numtide"; - repo = "devshell"; - }; - "disko" = { flake = true; type = "github"; @@ -85,6 +85,13 @@ repo = "freesmlauncher"; }; + "fenix" = { + flake = true; + type = "github"; + owner = "nix-community"; + repo = "fenix"; + }; + "github-actions-nix" = { flake = true; type = "github"; @@ -367,7 +374,7 @@ self ; } { - debug = false; + debug = true; systems = [ "x86_64-linux" @@ -376,20 +383,201 @@ imports = [ # modules - inputs.agenix-rekey.flakeModule inputs.disko.flakeModules.default - inputs.devshell.flakeModule inputs.treefmt-nix.flakeModule inputs.home-manager.flakeModules.home-manager inputs.git-hooks-nix.flakeModule inputs.devenv.flakeModule - # i can't really deside between devenv, devshells and devShells they are equally good for me - # for now, at least, i'm using numtide/devshells inputs.github-actions-nix.flakeModule ]; - flake = { - # home-manager, sorta broken when standalone + flake = let + inherit + (inputs."nixpkgs".lib) + nixosSystem + filesystem + genAttrs + map + ; + + defaultModules = []; + + defaultPath = filesystem.listFilesRecursive "${self}/kyra/"; + + inputedModules = + map ( + { + input, + opt ? "default", + }: + inputs.${input}.nixosModules.${opt} + ) [ + { + opt = "disko"; + input = "disko"; + } + + { + input = "home-manager"; + } + + { + opt = "sops"; + input = "sops-nix"; + } + + { + opt = "nix-index"; + input = "nix-index-database"; + } + + { + opt = "nix-mineral"; + input = "nix-mineral"; + } + ]; + + kyraHost = name: + nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ defaultPath ++ inputedModules; + specialArgs = { + inherit + inputs + name + self + ; + }; + }; + + kyraStack = + genAttrs [ + "hazel" + "lynn" + "yara" + "ivy" + "mel" + ] + kyraHost; + in { + # Main PC + nixosConfigurations = + { + "ada" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/ada/" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.lanzaboote.nixosModules.lanzaboote + inputs.home-manager.nixosModules.default + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # Main Laptop + "isla" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/isla/" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + inputs.lanzaboote.nixosModules.lanzaboote + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # homelab + "viola" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/viola" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.lanzaboote.nixosModules.lanzaboote + inputs.home-manager.nixosModules.default + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # WSL2 + "wanda" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/wanda/" + inputs.nixos-wsl.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # custom ISO + "florence" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/florence/" + ]; + }; + } + // kyraStack; + # few words about kyraStack: + # it's my little fleet, 5 identical VPSes + # really nice that all of them are 2 vCPU 2GB + # tho ssd/nvme/hdd memory is nothing important + # and being KVM VPS / pure VPS too + + # home-manager homeConfigurations = { "hand7s" = inputs.home-manager.lib.homeManagerConfiguration { pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; @@ -407,216 +595,12 @@ inputs.hyprland.homeManagerModules.default inputs.chaotic.homeManagerModules.default inputs.sops-nix.homeManagerModules.sops - inputs.nix-index-database.homeModules.nix-index inputs.noctalia.homeModules.default inputs.stylix.homeModules.stylix ]; }; }; - - # nixos hosts - - # my PC - nixosConfigurations = { - "ada" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/ada/" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.default - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # my laptop - "isla" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/isla/" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.home-manager - inputs.lanzaboote.nixosModules.lanzaboote - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # my VPSes: - - # VPS 1 - "hazel" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "hazel"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 2 - "lynn" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "lynn"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 3 - "ivy" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "ivy"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 4 - "mel" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "mel"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # homelab - "viola" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/viola" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.default - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # WSL2 - "wanda" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/wanda/" - inputs.agenix.nixosModules.default - inputs.nixos-wsl.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - }; }; perSystem = { @@ -630,7 +614,7 @@ flakeCheck = true; programs = { - alejandra = { + "alejandra" = { enable = true; priority = 1; includes = [ @@ -638,7 +622,7 @@ ]; }; - statix = { + "statix" = { enable = true; priority = 1; includes = [ @@ -650,7 +634,7 @@ ]; }; - deadnix = { + "deadnix" = { enable = true; priority = 1; includes = [ @@ -683,72 +667,45 @@ gitPackage = pkgs.git; hooks = { - alejandra = { + "alejandra" = { enable = true; settings = { + verbosity = "quiet"; check = true; }; }; - deadnix = { + "deadnix" = { enable = true; settings = { edit = false; }; }; - statix = { + "statix" = { enable = true; - settings = { - config = "${pkgs.writeText ''statix.toml'' '' - disabled = [ - "empty_pattern" - ] - ''}"; - }; }; }; }; }; - # numtide/devshells, basically a devShells but better - devshells = { - "default" = { - name = "default"; + # cachix/devenv, basically a devShells, even better than numtide/devshells + devenv = { + shells = { + "default" = { + enterShell = config.pre-commit.shellHook; - commands = [ - { - name = "pre"; - category = "[tools]"; - command = "prek run -a"; - help = '' - pre-commit-hook is a tool to execute linters / formatters before `git commit` to verify that code is meeting standarts of code setted up in projects; - ''; - } - - { - name = "fmt"; - category = "[formatters]"; - command = "nix fmt"; - help = '' - nix fmt is built-in formatting solution for nix pacakage manager; - ''; - } - ]; - - devshell = { - startup = { - "git-hooks-nix" = { - text = config.pre-commit.shellHook; - }; + devenv = { + root = toString /home/hand7s/Projects/flake; }; - }; - packages = with pkgs; - [ - just - ] - ++ config.pre-commit.settings.enabledPackages; + packages = + [ + pkgs.just + config.treefmt.build.wrapper + ] + ++ config.pre-commit.settings.enabledPackages; + }; }; }; diff --git a/florence/default.nix b/florence/default.nix new file mode 100644 index 0000000..aaeeeaa --- /dev/null +++ b/florence/default.nix @@ -0,0 +1,32 @@ +{inputs, ...}: { + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix" + ]; + + services = { + openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + }; + }; + + system = { + stateVersion = "25.05"; + }; + + users = { + users = { + "root" = { + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hand7s/default.nix b/hand7s/default.nix index 8600f50..4dfb40a 100644 --- a/hand7s/default.nix +++ b/hand7s/default.nix @@ -5,11 +5,17 @@ "${self}/hand7s/wayland/hyprland.nix" + "${self}/hand7s/gtk/gtk.nix" + "${self}/hand7s/gtk/gtk3.nix" + "${self}/hand7s/gtk/gtk4.nix" + "${self}/hand7s/home/defaults.nix" "${self}/hand7s/home/gui.nix" "${self}/hand7s/home/keyboard.nix" "${self}/hand7s/home/packages.nix" "${self}/hand7s/home/shellAliases.nix" + "${self}/hand7s/home/variables.nix" + "${self}/hand7s/home/shell.nix" "${self}/hand7s/nixpkgs/config.nix" "${self}/hand7s/nixpkgs/overlays.nix" @@ -40,5 +46,15 @@ "${self}/hand7s/programs/direnv.nix" "${self}/hand7s/programs/noctalia.nix" "${self}/hand7s/programs/iamb.nix" + "${self}/hand7s/programs/nushell.nix" + "${self}/hand7s/programs/carapace.nix" + "${self}/hand7s/programs/broot.nix" + "${self}/hand7s/programs/atuin.nix" + "${self}/hand7s/programs/gitui.nix" + + "${self}/hand7s/xdg/portal.nix" + "${self}/hand7s/xdg/mime.nix" + "${self}/hand7s/xdg/configFile.nix" + "${self}/hand7s/xdg/terminal.nix" ]; } diff --git a/hand7s/gtk/gtk.nix b/hand7s/gtk/gtk.nix index 95d197c..6234463 100644 --- a/hand7s/gtk/gtk.nix +++ b/hand7s/gtk/gtk.nix @@ -1,5 +1,8 @@ -_: { +{pkgs, ...}: { gtk = { - enable = true; + iconTheme = { + package = pkgs.morewaita-icon-theme; + name = "MoreWaita"; + }; }; } diff --git a/hand7s/gtk/gtk3.nix b/hand7s/gtk/gtk3.nix new file mode 100644 index 0000000..ce810cb --- /dev/null +++ b/hand7s/gtk/gtk3.nix @@ -0,0 +1,42 @@ +_: { + gtk = { + gtk3 = { + extraCss = '' + headerbar { + background-color: mix(@base0D, @base02, 0.08); + } + + headerbar title { + font-size: 14px; + font-weight: 500; + } + + popover contents, + .menu { + background-color: mix(@base0D, @base02, 0.11); + } + + tooltip { + background-color: mix(@base0D, @base02, 0.14); + } + + button label { + font-size: 12px; + font-weight: 500; + } + + button:hover { + background-color: alpha(@base0D, 0.08); + } + + button:focus { + background-color: alpha(@base0D, 0.12); + } + + button:active { + background-color: alpha(@base0D, 0.16); + } + ''; + }; + }; +} diff --git a/hand7s/gtk/gtk4.nix b/hand7s/gtk/gtk4.nix new file mode 100644 index 0000000..f688b67 --- /dev/null +++ b/hand7s/gtk/gtk4.nix @@ -0,0 +1,37 @@ +_: { + gtk = { + gtk4 = { + extraCss = '' + headerbar { + background-color: mix(@base0D, @base02, 0.08); + } + + headerbar title { + font-size: 14px; + font-weight: 500; + } + + popover contents { + background-color: mix(@base0D, @base02, 0.11); + } + + button label { + font-size: 12px; + font-weight: 500; + } + + button:hover { + background-color: alpha(@base0D, 0.08); + } + + button:focus { + background-color: alpha(@base0D, 0.12); + } + + button:active { + background-color: alpha(@base0D, 0.16); + } + ''; + }; + }; +} diff --git a/hand7s/home/packages.nix b/hand7s/home/packages.nix index 9ccc0ea..d0fd64d 100644 --- a/hand7s/home/packages.nix +++ b/hand7s/home/packages.nix @@ -7,16 +7,17 @@ xh dua nvd + tlrc dust sops rsync procs + sshfs sbctl gping comma trippy bottom - ragenix ripgrep kubectl gitoxide diff --git a/hand7s/home/shell.nix b/hand7s/home/shell.nix new file mode 100644 index 0000000..650e35f --- /dev/null +++ b/hand7s/home/shell.nix @@ -0,0 +1,7 @@ +_: { + home = { + shell = { + enableShellIntegration = true; + }; + }; +} diff --git a/hand7s/home/variables.nix b/hand7s/home/variables.nix new file mode 100644 index 0000000..726737a --- /dev/null +++ b/hand7s/home/variables.nix @@ -0,0 +1,10 @@ +_: { + home = { + sessionVariables = { + CARAPACE_BRIDGES = "fish"; + DIRENV_WARN_TIMEOUT = "5m"; + GTK_USE_PORTAL = "1"; + AQ_NO_MODIFIERS = "1"; + }; + }; +} diff --git a/hand7s/nix/settings/trusted-public-keys.nix b/hand7s/nix/settings/trusted-public-keys.nix index e5cc01b..db02cd7 100644 --- a/hand7s/nix/settings/trusted-public-keys.nix +++ b/hand7s/nix/settings/trusted-public-keys.nix @@ -9,7 +9,6 @@ _: { # cachix.org "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" - "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" ]; diff --git a/hand7s/nixpkgs/overlays.nix b/hand7s/nixpkgs/overlays.nix deleted file mode 100644 index 8db0844..0000000 --- a/hand7s/nixpkgs/overlays.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - nixpkgs = { - overlays = [ - ]; - }; -} diff --git a/hand7s/options/gui.nix b/hand7s/options/gui.nix index c440f21..eefd593 100644 --- a/hand7s/options/gui.nix +++ b/hand7s/options/gui.nix @@ -6,8 +6,8 @@ ... }: let cfg = config.home.gui; - ayugram = self.inputs.ayugram-desktop.packages.${pkgs.system}.ayugram-desktop; - freesm-launcher = self.inputs.freesm.packages.${pkgs.system}.freesmlauncher; + ayugram = self.inputs.ayugram-desktop.packages.${pkgs.stdenv.hostPlatform.system}.ayugram-desktop; + freesm-launcher = self.inputs.freesm.packages.${pkgs.stdenv.hostPlatform.system}.freesmlauncher; in { options.home.gui = { enable = lib.mkEnableOption '' @@ -45,7 +45,6 @@ in { vesktop ayugram anki-bin - obsidian mindustry lan-mouse monero-gui @@ -70,10 +69,10 @@ in { cfg.sessionType == "Hyprland" ) [ fum - timg dconf iwgtk tokei + gajim ifuse yt-dlp termusic @@ -86,17 +85,21 @@ in { yubico-piv-tool yubikey-manager libimobiledevice + ungoogled-chromium yubikey-touch-detector yubikey-personalization self.inputs.noctalia.packages.${system}.default ]; }; + gtk.enable = true; + programs = { chromium.enable = true; spicetify.enable = true; ghostty.enable = true; git.enable = true; + obsidian.enable = true; }; services = with lib.mkDefault; { diff --git a/hand7s/programs/atuin.nix b/hand7s/programs/atuin.nix new file mode 100644 index 0000000..d974cd1 --- /dev/null +++ b/hand7s/programs/atuin.nix @@ -0,0 +1,22 @@ +_: { + programs = { + atuin = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + + settings = { + keymap_mode = "vim-normal"; + }; + + flags = [ + "--disable-up-arrow" + ]; + + daemon = { + enable = true; + logLevel = "info"; + }; + }; + }; +} diff --git a/hand7s/programs/broot.nix b/hand7s/programs/broot.nix new file mode 100644 index 0000000..b0fb242 --- /dev/null +++ b/hand7s/programs/broot.nix @@ -0,0 +1,13 @@ +_: { + programs = { + broot = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + + settings = { + modal = true; + }; + }; + }; +} diff --git a/hand7s/programs/carapace.nix b/hand7s/programs/carapace.nix new file mode 100644 index 0000000..49a3a69 --- /dev/null +++ b/hand7s/programs/carapace.nix @@ -0,0 +1,9 @@ +_: { + programs = { + carapace = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + }; + }; +} diff --git a/hand7s/programs/chrome.nix b/hand7s/programs/chrome.nix index 0259f9d..b67b690 100644 --- a/hand7s/programs/chrome.nix +++ b/hand7s/programs/chrome.nix @@ -4,7 +4,6 @@ package = pkgs.google-chrome.override { commandLineArgs = [ "--enable-features=AcceleratedVideoEncoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,VaapiIgnoreDriverChecks,VaapiVideoDecoder,PlatformHEVCDecoderSupport,UseMultiPlaneFormatForHardwareVideo,SkiaGraphite" - "--enable-unsafe-webgpu" "--ignore-gpu-blocklist" "--enable-zero-copy" ]; diff --git a/hand7s/programs/direnv.nix b/hand7s/programs/direnv.nix index 84af0d8..20b7998 100644 --- a/hand7s/programs/direnv.nix +++ b/hand7s/programs/direnv.nix @@ -3,6 +3,7 @@ _: { direnv = { enable = true; silent = true; + enableNushellIntegration = true; nix-direnv = { enable = true; diff --git a/hand7s/programs/eza.nix b/hand7s/programs/eza.nix index 2ac0ee4..ac804c7 100644 --- a/hand7s/programs/eza.nix +++ b/hand7s/programs/eza.nix @@ -3,6 +3,7 @@ _: { eza = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; git = true; icons = "always"; }; diff --git a/hand7s/programs/fzf.nix b/hand7s/programs/fzf.nix index 31960f5..4c1c4ff 100644 --- a/hand7s/programs/fzf.nix +++ b/hand7s/programs/fzf.nix @@ -3,6 +3,7 @@ _: { fzf = { enable = true; enableFishIntegration = true; + tmux = { enableShellIntegration = true; }; diff --git a/hand7s/programs/ghostty.nix b/hand7s/programs/ghostty.nix index c1e2e65..9f1dca0 100644 --- a/hand7s/programs/ghostty.nix +++ b/hand7s/programs/ghostty.nix @@ -12,7 +12,7 @@ bell-features = "system"; - command = "${lib.getExe pkgs.fish}"; + command = "${lib.getExe pkgs.nushell}"; confirm-close-surface = false; diff --git a/hand7s/programs/gitui.nix b/hand7s/programs/gitui.nix new file mode 100644 index 0000000..23f9ddb --- /dev/null +++ b/hand7s/programs/gitui.nix @@ -0,0 +1,26 @@ +_: { + programs = { + gitui = { + enable = true; + keyConfig = '' + ( + move_left: Some(( code: Char('h'), modifiers: "" )), + move_right: Some(( code: Char('l'), modifiers: "" )), + move_up: Some(( code: Char('k'), modifiers: "" )), + move_down: Some(( code: Char('j'), modifiers: "" )), + + popup_up: Some(( code: Char('k'), modifiers: "" )), + popup_down: Some(( code: Char('j'), modifiers: "" )), + page_up: Some(( code: Char('b'), modifiers: "CONTROL" )), + page_down: Some(( code: Char('f'), modifiers: "CONTROL" )), + + stage_hunk: Some(( code: Char('x'), modifiers: "" )), + status_reset_item: Some(( code: Char('U'), modifiers: "SHIFT" )), + + shift_up: Some(( code: Char('K'), modifiers: "SHIFT" )), + shift_down: Some(( code: Char('J'), modifiers: "SHIFT" )), + ) + ''; + }; + }; +} diff --git a/hand7s/programs/helix.nix b/hand7s/programs/helix.nix index c8ae19c..c24e064 100644 --- a/hand7s/programs/helix.nix +++ b/hand7s/programs/helix.nix @@ -2,7 +2,15 @@ pkgs, lib, ... -}: { +}: let + formatter = { + run = "treefmt"; + args = [ + "--stdin" + "$f" + ]; + }; +in { programs = { helix = { package = pkgs.helix; @@ -10,52 +18,133 @@ defaultEditor = true; extraPackages = with pkgs; [ nixd + ruff + vtsls + rust-analyzer ]; settings = { editor = { line-number = "relative"; cursorline = true; + auto-pairs = true; + auto-save = { + focus-lost = true; + after-delay = { + enable = true; + timeout = 3000; + }; + }; + + soft-wrap = { + enable = true; + }; + + inline-diagnostics = { + cursor-line = "hint"; + }; + lsp = { - display-messages = true; + enable = true; + display-progress-messages = true; + display-inlay-hints = true; + }; + + cursor-shape = { + normal = "underline"; + insert = "block"; + select = "underline"; }; }; }; languages = { language-servers = { - nixd = { + "nixd" = { command = "${lib.getExe pkgs.nixd}"; args = [ "--inlay-hints=true" ]; }; + + "ruff" = { + command = "${lib.getExe pkgs.ruff}"; + args = [ + "server" + ]; + }; + + "vtsls" = { + command = "${lib.getExe pkgs.vtsls}"; + args = [ + "--stdio" + ]; + }; + + "rust-lsp" = { + command = "${lib.getExe pkgs.rust-analyzer}"; + }; }; - language = [ + languages = [ { name = "nix"; - comment-token = "#"; - injection-regex = "nix"; - indent = { - tab-width = 4; - unit = " "; - }; - - formatter = { - command = "${lib.getExe pkgs.nix}"; - args = [ - "fmt" - ]; - }; - - file-types = [ - "nix" - ]; - + auto-format = true; language-servers = [ "nixd" ]; + + inherit + formatter + ; + } + + { + name = "python"; + auto-format = true; + language-servers = [ + "ruff" + ]; + + inherit + formatter + ; + } + + { + name = "rust"; + auto-format = true; + language-servers = [ + "rust-lsp" + ]; + + inherit + formatter + ; + } + + { + name = "javascript"; + auto-format = true; + language-servers = [ + "vtsls" + ]; + + inherit + formatter + ; + } + + { + name = "typescript"; + auto-format = true; + language-servers = [ + "vtsls" + ]; + + inherit + formatter + ; } ]; }; diff --git a/hand7s/programs/index.nix b/hand7s/programs/index.nix index d7475b9..dc16de9 100644 --- a/hand7s/programs/index.nix +++ b/hand7s/programs/index.nix @@ -3,6 +3,7 @@ _: { nix-index = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; }; }; } diff --git a/hand7s/programs/noctalia.nix b/hand7s/programs/noctalia.nix index 662f6cc..ad629d3 100644 --- a/hand7s/programs/noctalia.nix +++ b/hand7s/programs/noctalia.nix @@ -19,9 +19,10 @@ forceBlackScreenCorners = true; showScreenCorners = true; screenRadiusRatio = 1; - radiusRatio = 0.7; + radiusRatio = 1.5; + enableBlurBehind = true; enableShadows = true; - shadowDirection = "center"; + shadowDirection = "bottom_right"; }; appLauncher = { @@ -40,10 +41,12 @@ }; bar = { - floating = false; - density = "default"; + floating = true; + density = "comfortable"; position = "right"; - showCapsule = false; + showCapsule = true; + contentPadding = 8; + widgetSpacing = 10; marginVertical = 1; marginHorizontal = 0.6; monitors = [ @@ -119,7 +122,7 @@ }; notifications = { - location = "top_center"; + location = "top_right"; }; controlCenter = { @@ -147,6 +150,7 @@ }; dock = { + dockType = "static"; displayMode = "auto_hide"; floatingRatio = 1; onlySameOutput = true; @@ -198,9 +202,9 @@ }; ui = { - fontDefault = lib.mkForce "Nerd Fonts Hack"; + fontDefault = lib.mkForce "Monaspace Aether Nerd Font"; fontDefaultScale = 1; - fontFixed = lib.mkForce "Nerd Fonts Hack"; + fontFixed = lib.mkForce "Roboto Mono Nerd Font"; fontFixedScale = 1; idleInhibitorEnabled = false; tooltipsEnabled = true; diff --git a/hand7s/programs/nushell.nix b/hand7s/programs/nushell.nix new file mode 100644 index 0000000..296a012 --- /dev/null +++ b/hand7s/programs/nushell.nix @@ -0,0 +1,24 @@ +{ + pkgs, + lib, + ... +}: { + programs = { + nushell = { + enable = true; + extraEnv = '' + $env.EDITOR = "hx" + ''; + + extraConfig = '' + $env.config.show_banner = false + + $env.config.buffer_editor = "hx" + + def fish-run [cmd: string] { + ^${lib.getExe pkgs.fish} -c $cmd + } + ''; + }; + }; +} diff --git a/hand7s/programs/spicetify.nix b/hand7s/programs/spicetify.nix index 56ab174..3f7be81 100644 --- a/hand7s/programs/spicetify.nix +++ b/hand7s/programs/spicetify.nix @@ -6,13 +6,13 @@ }: { programs = { spicetify = { - enabledExtensions = with self.inputs.spicetify-nix.legacyPackages.${pkgs.system}.extensions; [ + enabledExtensions = with self.inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.extensions; [ adblock hidePodcasts shuffle ]; - theme = lib.mkForce self.inputs.spicetify-nix.legacyPackages.${pkgs.system}.themes.text; + theme = lib.mkForce self.inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.themes.text; colorScheme = lib.mkForce "TokyoNight"; }; }; diff --git a/hand7s/programs/starship.nix b/hand7s/programs/starship.nix index 5228038..cd8615c 100644 --- a/hand7s/programs/starship.nix +++ b/hand7s/programs/starship.nix @@ -3,15 +3,17 @@ _: { starship = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; + settings = { add_newline = true; format = '' [╭──╼](bold blue) $username at $hostname on $os - [┆](bold blue) $directory$git_branch$git_commit$git_state$git_metrics$git_status + [┆](bold blue) $directory$git_branch$git_commit$git_state$git_metrics$git_status$kubernetes$rust [╰─>](bold blue) ''; - right_format = ''$cmd_duration ($character) at ❗$time''; + right_format = ''$cmd_duration ($status) at ❗$time''; os = { format = "[($name $codename$version$edition $symbol )]($style)"; @@ -33,9 +35,18 @@ _: { style_user = "bold green"; }; - character = { - success_symbol = "[✓](bold green)"; - error_symbol = "[✗](bold red)"; + status = { + disabled = false; + format = "[$symbol]($style)"; + symbol = "✗"; + success_symbol = "✓"; + not_executable_symbol = "⃠🚫"; + not_found_symbol = "🔍"; + sigint_symbol = "[🛑](bold red)"; + signal_symbol = "[⚡](bold yellow)"; + + pipestatus = true; + pipestatus_separator = "|"; }; time = { @@ -53,6 +64,14 @@ _: { show_notifications = false; format = "was [$duration](bold green)"; }; + + rust = { + format = "via [⚙️ $version](red bold)"; + }; + + kubernetes = { + disabled = false; + }; }; }; }; diff --git a/hand7s/programs/yazi.nix b/hand7s/programs/yazi.nix index 234c8e9..396e8d9 100644 --- a/hand7s/programs/yazi.nix +++ b/hand7s/programs/yazi.nix @@ -7,6 +7,8 @@ yazi = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; + shellWrapperName = "yz"; settings = { mgr = { @@ -42,33 +44,63 @@ }; opener = { - play = [ + "play" = [ { - run = "${lib.getExe pkgs.mpv} ''$@''"; + run = ''${lib.getExe pkgs.mpv} --vo=tct "%s"''; block = true; for = "unix"; } ]; - view = [ + "view" = [ { - run = "${lib.getExe pkgs.timg} ''-p k -C $@ | ${lib.getExe' pkgs.uutils-coreutils-noprefix "more"}''"; + run = ''${lib.getExe pkgs.viu} -t "%s"''; block = true; for = "unix"; } ]; - edit = [ + "edit" = [ { - run = "${lib.getExe pkgs.helix} ''$@''"; + run = ''${lib.getExe pkgs.helix} "%s"''; block = true; for = "unix"; } ]; - open = [ + "doc" = [ { - run = "${lib.getExe' pkgs.xdg-utils "xdg-open"} ''$@''"; + run = ''${lib.getExe pkgs.tdf} "%s"''; + block = true; + for = "unix"; + } + ]; + + "hex" = [ + { + run = ''${lib.getExe pkgs.hexyl} "$s"''; + } + ]; + + "exfil" = [ + { + run = ''${lib.getExe pkgs.ouch} de "%s"''; + block = true; + for = "unix"; + } + ]; + + "book" = [ + { + run = ''${lib.getExe pkgs.epr} "%s"''; + block = true; + for = "unix"; + } + ]; + + "open" = [ + { + run = ''${lib.getExe' pkgs.xdg-utils "xdg-open"} "%s"''; orphan = true; for = "unix"; } @@ -78,23 +110,83 @@ open = { rules = [ { - mime = "image/*"; - use = "view"; - } - - { - mime = "text/*"; - use = "edit"; + mime = "video/*"; + use = [ + "play" + "open" + ]; } { mime = "audio/*"; - use = "play"; + use = [ + "play" + "open" + ]; } { - mime = "video/*"; - use = "play"; + mime = "application/epub+zip"; + use = [ + "book" + "edit" + ]; + } + + { + mime = "application/pdf"; + use = [ + "doc" + "open" + ]; + } + + { + mime = "application/{octet-stream,x-executable,x-sharedlib,x-pie-executable}"; + use = [ + "hex" + "open" + ]; + } + + { + mime = "application/vnd.*"; + use = [ + "open" + "edit" + ]; + } + + { + mime = "font/*"; + use = [ + "open" + "edit" + ]; + } + + { + mime = "application/{zip,rar,7z*,tar*,x-tar,x-bzip*,x-gzip,x-xz}"; + use = [ + "exfil" + "open" + ]; + } + + { + mime = "text/*"; + use = [ + "edit" + "open" + ]; + } + + { + mime = "*"; + use = [ + "edit" + "open" + ]; } ]; }; diff --git a/hand7s/programs/zellij.nix b/hand7s/programs/zellij.nix index 907eca4..a910b23 100644 --- a/hand7s/programs/zellij.nix +++ b/hand7s/programs/zellij.nix @@ -6,8 +6,32 @@ programs = { zellij = { enable = true; + settings = { - default_shell = "${lib.getExe pkgs.fish}"; + options = { + copy_on_select = false; + }; + + keybinds = { + unbind = [ + "Alt n" + "Alt i" + "Alt o" + "Alt h" + "Alt j" + "Alt k" + "Alt l" + "Alt f" + "Alt Up" + "Alt Down" + "Alt Right" + "Alt Left" + "Alt +" + "Alt -" + ]; + }; + + default_shell = "${lib.getExe pkgs.nushell}"; show_startup_tips = false; show_release_notes = false; simplified_ui = true; diff --git a/hand7s/programs/zoxide.nix b/hand7s/programs/zoxide.nix index 0739e21..0527806 100644 --- a/hand7s/programs/zoxide.nix +++ b/hand7s/programs/zoxide.nix @@ -3,6 +3,7 @@ _: { zoxide = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; }; }; } diff --git a/hand7s/stylix/base16Scheme.nix b/hand7s/stylix/base16Scheme.nix index 6cea17f..169ffc6 100644 --- a/hand7s/stylix/base16Scheme.nix +++ b/hand7s/stylix/base16Scheme.nix @@ -1,22 +1,22 @@ _: { stylix = { base16Scheme = { - scheme = "Tokyonight by Folke Lemaitre (https://github.com/folke)"; - name = "Tokyonight"; + scheme = "Tokyo-Night-Storm-MD3e"; + name = "TokyoNightStormMD3e"; base00 = "#24283b"; base01 = "#1f2335"; base02 = "#292e42"; base03 = "#565f89"; base04 = "#a9b1d6"; base05 = "#c0caf5"; - base06 = "#c0caf5"; - base07 = "#c0caf5"; + base06 = "#cdd6f4"; + base07 = "#d5d6db"; base08 = "#f7768e"; base09 = "#ff9e64"; base0A = "#e0af68"; base0B = "#9ece6a"; - base0C = "#1abc9c"; - base0D = "#41a6b5"; + base0C = "#7dcfff"; + base0D = "#7aa2f7"; base0E = "#bb9af7"; base0F = "#ff007c"; }; diff --git a/hand7s/stylix/fonts.nix b/hand7s/stylix/fonts.nix index 1cea8c4..6b67bb6 100644 --- a/hand7s/stylix/fonts.nix +++ b/hand7s/stylix/fonts.nix @@ -2,30 +2,30 @@ stylix = { fonts = { sizes = { - applications = 10; - desktop = 8; - popups = 10; - terminal = 10; + applications = 12; + desktop = 11; + popups = 11; + terminal = 12; }; monospace = { - package = pkgs.nerd-fonts.roboto-mono; - name = "Roboto-Mono Nerd Font"; + package = pkgs.nerd-fonts.monaspace; + name = "Monospace Aether Nerd Font"; }; emoji = { - package = pkgs.nerd-fonts.symbols-only; - name = "Symbols Only Nerd Font"; + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; }; sansSerif = { - package = pkgs.nerd-fonts.aurulent-sans-mono; - name = "Aurulent Sans Mono Nerd Font"; + package = pkgs.nerd-fonts.iosevka-term-slab; + name = "Iosevka Term Slab Nerd Font"; }; serif = { - package = pkgs.nerd-fonts.hack; - name = "Hack Nerd Font"; + package = pkgs.nerd-fonts.noto; + name = "Noto Serif Nerd Font"; }; }; }; diff --git a/hand7s/stylix/red_ish.nix b/hand7s/stylix/red_ish.nix deleted file mode 100644 index 6c5ae1e..0000000 --- a/hand7s/stylix/red_ish.nix +++ /dev/null @@ -1,32 +0,0 @@ -_: { - stylix = { - base16Scheme = { - base00 = "2a1617"; - base01 = "5d3f3f"; - base02 = "7a5bab"; - base03 = "bb9499"; - base04 = "eea1cf"; - base05 = "f5dddd"; - base06 = "ffebff"; - base07 = "ffede9"; - base08 = "e36b70"; - base09 = "ac878e"; - base0A = "db7356"; - base0B = "a78897"; - base0C = "ca7a79"; - base0D = "b28776"; - base0E = "d8708b"; - base0F = "ec6653"; - base10 = "2a1617"; - base11 = "2a1617"; - base12 = "e36b70"; - base13 = "ac878e"; - base14 = "a78897"; - base15 = "ca7a79"; - base16 = "b28776"; - base17 = "d8708b"; - scheme = "hand7s"; - name = "red_ish"; - }; - }; -} diff --git a/hand7s/stylix/wallpaper3.png b/hand7s/stylix/wallpaper3.png index 97a0dae..fdda3fb 100644 Binary files a/hand7s/stylix/wallpaper3.png and b/hand7s/stylix/wallpaper3.png differ diff --git a/hand7s/wayland/hyprland.nix b/hand7s/wayland/hyprland.nix index 907ee9f..b5122ee 100644 --- a/hand7s/wayland/hyprland.nix +++ b/hand7s/wayland/hyprland.nix @@ -1,6 +1,6 @@ { - self, config, + self, pkgs, lib, ... @@ -14,22 +14,22 @@ ) true; - package = self.inputs.hyprland.packages.${pkgs.system}.hyprland; - portalPackage = self.inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; + package = self.inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}.hyprland; + portalPackage = self.inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; settings = { monitor = ", 2560x1440@165.00Hz, 0x0, 1"; general = { - gaps_in = "5"; - gaps_out = "20"; - border_size = "2"; + gaps_in = 8; + gaps_out = 20; + border_size = 0; layout = "dwindle"; snap = { enabled = false; - window_gap = "5"; - monitor_gap = "5"; + window_gap = 10; + monitor_gap = 10; border_overlap = false; }; }; @@ -39,9 +39,9 @@ kb_options = "grp:caps_toggle"; numlock_by_default = true; - follow_mouse = "1"; + follow_mouse = 1; left_handed = false; - sensitivity = "0"; + sensitivity = 0; special_fallthrough = true; focus_on_close = 1; @@ -64,27 +64,29 @@ }; decoration = { - active_opacity = "0.85"; - inactive_opacity = "0.65"; + active_opacity = "0.92"; + inactive_opacity = "0.88"; fullscreen_opacity = "1.0"; - rounding = "10"; - dim_inactive = true; - dim_strength = "0.15"; - dim_special = "0.0"; - dim_around = "0.05"; + rounding = 24; + rounding_power = "2"; + + dim_inactive = false; shadow = { enabled = true; - render_power = "4"; - range = "4"; + render_power = 3; + range = 20; ignore_window = false; + offset = "0 4"; + scale = "1.0"; }; blur = { enabled = true; - size = "10"; - passes = "5"; + size = 8; + passes = 3; + vibrancy = 0.2; }; }; @@ -92,7 +94,7 @@ "${lib.getExe' pkgs.systemd "systemctl"} --user start hyprpaper.service" "${lib.getExe' pkgs.systemd "systemctl"} --user start hypridle.service" "${lib.getExe' pkgs.systemd "systemctl"} --user start hyprpolkitagent.service" - "${lib.getExe self.inputs.noctalia.packages.${pkgs.system}.default}" + "${lib.getExe self.inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default}" "${lib.getExe' pkgs.hyprland "hyprctl"} setcursor material_light_cursors 20" ]; @@ -100,12 +102,12 @@ bind = [ "ALT, return, exec, ${lib.getExe pkgs.ghostty}" "ALT, Q, killactive," - "ALT, S, exec, ${lib.getExe self.inputs.noctalia.packages.${pkgs.system}.default} ipc call launcher toggle" + "ALT, S, exec, ${lib.getExe self.inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default} ipc call launcher toggle" "ALT, F, fullscreen, 0" "ALT, L, exec, ${lib.getExe pkgs.hyprlock}" "ALT SHIFT, space, togglefloating, active" - "ALT SHIFT, S, exec, ${lib.getExe pkgs.grimblast} --notify --freeze copysave area /home/hand7s/Pictures/Screenshots/$(date '+%y%m%d_%H-%M-%s').png | , killall -9 hyprpicker" + "ALT SHIFT, S, exec, ${lib.getExe pkgs.grimblast} --notify --freeze copysave area /home/hand7s/Pictures/Screenshots/$(date '+%y%m%d_%H-%M-%s').png || , killall -9 hyprpicker" "ALT, left, movefocus, l" "ALT, right, movefocus, r" @@ -163,18 +165,34 @@ ]; animation = [ + "workspace_wraparound = true" "enabled = true" - "animation = windows, 1, 7, popin" - "animation = windowsOut, 1, 7, popin" + "bezier = md3_standard, 0.2, 0.0, 0.0, 1.0" + "bezier = md3_decel, 0.05, 0.7, 0.1, 1.0" + "bezier = md3_accel, 0.3, 0.0, 0.8, 0.15" - "animation = layers, 1, 7, fade" + "bezier = menu_decel, 0.1, 1.0, 0.1, 1.0" + "bezier = menu_accel, 0.38, 0.04, 1.0, 0.07" - "animation = border, 1, 10" - "animation = borderangle, 1, 10" + "animation = windows, 1, 4, md3_decel, slide" + "animation = windowsIn, 1, 4, md3_decel, slide" + "animation = windowsOut, 1, 2, md3_accel, slide" + "animation = fade, 1, 2, md3_standard" + "animation = layers, 1, 2, md3_decel, slide" + "animation = layersIn, 1, 3, md3_decel, slide" + "animation = layersOut, 1, 2, md3_accel, slide" + "animation = fadeLayersIn, 1, 3, menu_decel" + "animation = fadeLayersOut, 1, 2, menu_accel" + "animation = workspaces, 1, 4, md3_standard, slidefade 20%" + "animation = specialWorkspace, 1, 3, md3_decel, slidevert" + ]; - "animation = workspaces, 1, 7, slidevert" - "animation = specialWorkspace, 1, 7, slidevert" + windowrulev2 = [ + "float, class:^(yazi-picker)$" + "center, class:^(yazi-picker)$" + "size 1000 600, class:^(yazi-picker)$" + "stayfocused, class:^(yazi-picker)$" ]; misc = { @@ -185,11 +203,12 @@ animate_mouse_windowdragging = true; focus_on_activate = true; close_special_on_empty = true; - initial_workspace_tracking = "2"; + vrr = "3"; }; render = { cm_auto_hdr = 0; + direct_scanout = "2"; }; binds = { @@ -264,8 +283,7 @@ plugins = with pkgs.hyprlandPlugins; [ hypr-dynamic-cursors - hyprscrolling - hyprexpo + hyprspace ]; }; }; diff --git a/hand7s/xdg/configFile.nix b/hand7s/xdg/configFile.nix new file mode 100644 index 0000000..64cb8e6 --- /dev/null +++ b/hand7s/xdg/configFile.nix @@ -0,0 +1,22 @@ +{ + lib, + pkgs, + ... +}: { + xdg = { + configFile = { + "xdg-desktop-portal-termfilechooser/config" = { + enable = true; + force = true; + text = '' + [filechooser] + cmd="${pkgs.xdg-desktop-portal-termfilechooser}/share/xdg-desktop-portal-termfilechooser/yazi-wrapper.sh" + default_dir=$HOME + env=TERMCMD="${lib.getExe pkgs.ghostty} --title='yazi-picker' -e" + open_mode=suggested + save_mode=last + ''; + }; + }; + }; +} diff --git a/hand7s/xdg/mime.nix b/hand7s/xdg/mime.nix new file mode 100644 index 0000000..1c1102b --- /dev/null +++ b/hand7s/xdg/mime.nix @@ -0,0 +1,11 @@ +_: { + xdg = { + mime = { + enable = true; + }; + + mimeApps = { + enable = true; + }; + }; +} diff --git a/hand7s/xdg/portal.nix b/hand7s/xdg/portal.nix new file mode 100644 index 0000000..c56d593 --- /dev/null +++ b/hand7s/xdg/portal.nix @@ -0,0 +1,35 @@ +{ + config, + pkgs, + lib, + ... +}: { + xdg = { + portal = { + enable = lib.mkIf config.home.gui.enable true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-termfilechooser + ]; + + config = { + common = { + default = [ + "gtk" + ]; + }; + + hyprland = { + default = [ + "gtk" + "hyprland" + ]; + + "org.freedesktop.impl.portal.FileChooser" = [ + "termfilechooser" + ]; + }; + }; + }; + }; +} diff --git a/hand7s/xdg/terminal.nix b/hand7s/xdg/terminal.nix new file mode 100644 index 0000000..64d9c95 --- /dev/null +++ b/hand7s/xdg/terminal.nix @@ -0,0 +1,12 @@ +_: { + xdg = { + terminal-exec = { + enable = true; + settings = { + default = [ + "com.mitchellh.ghostty.desktop" + ]; + }; + }; + }; +} diff --git a/isla/boot/lanzaboote.nix b/isla/boot/lanzaboote.nix index 08d07df..8036b8a 100644 --- a/isla/boot/lanzaboote.nix +++ b/isla/boot/lanzaboote.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { lanzaboote = { enable = true; diff --git a/isla/boot/tmp.nix b/isla/boot/tmp.nix index ac46b34..904e141 100644 --- a/isla/boot/tmp.nix +++ b/isla/boot/tmp.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { tmp = { useTmpfs = true; diff --git a/isla/console/console.nix b/isla/console/console.nix index 1e60d13..e3a24c9 100644 --- a/isla/console/console.nix +++ b/isla/console/console.nix @@ -1,4 +1,4 @@ -{...}: { +_: { console = { useXkbConfig = true; }; diff --git a/isla/disko/disk.nix b/isla/disko/disk.nix index 221caa2..8c60a0e 100644 --- a/isla/disko/disk.nix +++ b/isla/disko/disk.nix @@ -1,4 +1,4 @@ -{...}: { +_: { disko = { devices = { disk = { diff --git a/isla/disko/lvm_vg.nix b/isla/disko/lvm_vg.nix index 8e108be..1c255d5 100644 --- a/isla/disko/lvm_vg.nix +++ b/isla/disko/lvm_vg.nix @@ -1,4 +1,4 @@ -{...}: { +_: { disko = { devices = { lvm_vg = { diff --git a/isla/hardware/cpu.nix b/isla/hardware/cpu.nix index e5746c6..441946f 100644 --- a/isla/hardware/cpu.nix +++ b/isla/hardware/cpu.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware = { enableRedistributableFirmware = true; cpu = { diff --git a/isla/hardware/qmk.nix b/isla/hardware/qmk.nix index 543ece2..8742a19 100644 --- a/isla/hardware/qmk.nix +++ b/isla/hardware/qmk.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware = { keyboard = { qmk = { diff --git a/isla/hardware/zram.nix b/isla/hardware/zram.nix index b973787..0d77537 100644 --- a/isla/hardware/zram.nix +++ b/isla/hardware/zram.nix @@ -1,4 +1,4 @@ -{...}: { +_: { zramSwap = { enable = true; algorithm = "zstd"; diff --git a/isla/i18n/locales.nix b/isla/i18n/locales.nix index 09234a5..f456740 100644 --- a/isla/i18n/locales.nix +++ b/isla/i18n/locales.nix @@ -1,4 +1,4 @@ -{...}: { +_: { i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ diff --git a/isla/networking/firewall.nix b/isla/networking/firewall.nix index c1d1150..4ec736e 100644 --- a/isla/networking/firewall.nix +++ b/isla/networking/firewall.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { firewall = { allowPing = true; diff --git a/isla/networking/hostId.nix b/isla/networking/hostId.nix index 4e2bb58..5267b08 100644 --- a/isla/networking/hostId.nix +++ b/isla/networking/hostId.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hostId = "3c4734c8"; }; diff --git a/isla/networking/hostname.nix b/isla/networking/hostname.nix index ef6faab..c1ba168 100644 --- a/isla/networking/hostname.nix +++ b/isla/networking/hostname.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hostName = "s0melapt0p-nix"; }; diff --git a/isla/networking/hosts.nix b/isla/networking/hosts.nix index 10e63c8..ffff44d 100644 --- a/isla/networking/hosts.nix +++ b/isla/networking/hosts.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hosts = { # EVA00 diff --git a/isla/networking/nameservers.nix b/isla/networking/nameservers.nix index a4d22c1..31726b9 100644 --- a/isla/networking/nameservers.nix +++ b/isla/networking/nameservers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { nameservers = [ # cf dns diff --git a/isla/networking/networkmanager.nix b/isla/networking/networkmanager.nix index 278a693..cce7f65 100644 --- a/isla/networking/networkmanager.nix +++ b/isla/networking/networkmanager.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { networkmanager = { enable = true; diff --git a/isla/networking/timeServers.nix b/isla/networking/timeServers.nix index 88e14c4..9289ea6 100644 --- a/isla/networking/timeServers.nix +++ b/isla/networking/timeServers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { timeServers = [ "0.nixos.pool.ntp.org" diff --git a/isla/networking/wireguard.nix b/isla/networking/wireguard.nix index 2ee5c02..bd2336c 100644 --- a/isla/networking/wireguard.nix +++ b/isla/networking/wireguard.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { wireguard = { enable = true; diff --git a/isla/nix/settings/allowed-users.nix b/isla/nix/settings/allowed-users.nix index d483d0c..0239519 100644 --- a/isla/nix/settings/allowed-users.nix +++ b/isla/nix/settings/allowed-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { sandbox = true; diff --git a/isla/nix/settings/auto-optimise-store.nix b/isla/nix/settings/auto-optimise-store.nix index 14f13c5..cb7a22a 100644 --- a/isla/nix/settings/auto-optimise-store.nix +++ b/isla/nix/settings/auto-optimise-store.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { auto-optimise-store = true; diff --git a/isla/nix/settings/experimental-features.nix b/isla/nix/settings/experimental-features.nix index 7ce7e89..9c45bc4 100644 --- a/isla/nix/settings/experimental-features.nix +++ b/isla/nix/settings/experimental-features.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { experimental-features = [ diff --git a/isla/nix/settings/substituters.nix b/isla/nix/settings/substituters.nix index 762ec5c..f00d6d2 100644 --- a/isla/nix/settings/substituters.nix +++ b/isla/nix/settings/substituters.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { substituters = [ diff --git a/isla/nix/settings/trusted-public-keys.nix b/isla/nix/settings/trusted-public-keys.nix index e8710cb..4a128cb 100644 --- a/isla/nix/settings/trusted-public-keys.nix +++ b/isla/nix/settings/trusted-public-keys.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-public-keys = [ diff --git a/isla/nix/settings/trusted-users.nix b/isla/nix/settings/trusted-users.nix index e4a9dae..4eee825 100644 --- a/isla/nix/settings/trusted-users.nix +++ b/isla/nix/settings/trusted-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-users = [ diff --git a/isla/nixpkgs/config.nix b/isla/nixpkgs/config.nix index 27b79b0..b93e4ef 100644 --- a/isla/nixpkgs/config.nix +++ b/isla/nixpkgs/config.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { config = { allowUnfree = true; diff --git a/isla/nixpkgs/overlays.nix b/isla/nixpkgs/overlays.nix index 2881eba..8db0844 100644 --- a/isla/nixpkgs/overlays.nix +++ b/isla/nixpkgs/overlays.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { overlays = [ ]; diff --git a/isla/nixpkgs/system.nix b/isla/nixpkgs/system.nix index 63fda3b..3cbe59a 100644 --- a/isla/nixpkgs/system.nix +++ b/isla/nixpkgs/system.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { system = "x86_64-linux"; hostPlatform = "x86_64-linux"; diff --git a/isla/programs/gamemode.nix b/isla/programs/gamemode.nix index 5fd437b..c8f046e 100644 --- a/isla/programs/gamemode.nix +++ b/isla/programs/gamemode.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { gamemode = { enable = true; diff --git a/isla/programs/nh.nix b/isla/programs/nh.nix index f43fb06..6d9937d 100644 --- a/isla/programs/nh.nix +++ b/isla/programs/nh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { nh = { enable = true; diff --git a/isla/programs/ssh.nix b/isla/programs/ssh.nix index b7b9d20..5028eaf 100644 --- a/isla/programs/ssh.nix +++ b/isla/programs/ssh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { ssh = { startAgent = true; diff --git a/isla/programs/yubikey-touch-detector.nix b/isla/programs/yubikey-touch-detector.nix index c9815c5..92fe31f 100644 --- a/isla/programs/yubikey-touch-detector.nix +++ b/isla/programs/yubikey-touch-detector.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { yubikey-touch-detector = { enable = true; diff --git a/isla/security/pam/services.nix b/isla/security/pam/services.nix index 565ef37..f4d42e5 100644 --- a/isla/security/pam/services.nix +++ b/isla/security/pam/services.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { pam = { services = { diff --git a/isla/security/polkit.nix b/isla/security/polkit.nix index 7604e82..77e04d1 100644 --- a/isla/security/polkit.nix +++ b/isla/security/polkit.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { polkit = { enable = true; diff --git a/isla/security/rtkit.nix b/isla/security/rtkit.nix index d3604df..dd40f89 100644 --- a/isla/security/rtkit.nix +++ b/isla/security/rtkit.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { rtkit = { enable = true; diff --git a/isla/security/sudo-rs.nix b/isla/security/sudo-rs.nix index 772460d..4f270c9 100644 --- a/isla/security/sudo-rs.nix +++ b/isla/security/sudo-rs.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { sudo-rs = { enable = true; diff --git a/isla/services/fprintd.nix b/isla/services/fprintd.nix index 47c72bc..172b999 100644 --- a/isla/services/fprintd.nix +++ b/isla/services/fprintd.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { fprintd = { enable = true; diff --git a/isla/services/libinput.nix b/isla/services/libinput.nix index 111040e..4eac635 100644 --- a/isla/services/libinput.nix +++ b/isla/services/libinput.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { libinput = { enable = true; diff --git a/isla/services/netbird.nix b/isla/services/netbird.nix index 071330a..f375f14 100644 --- a/isla/services/netbird.nix +++ b/isla/services/netbird.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { netbird = { enable = true; diff --git a/isla/services/pipewire.nix b/isla/services/pipewire.nix index c4bad1e..37c7c5f 100644 --- a/isla/services/pipewire.nix +++ b/isla/services/pipewire.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { pipewire = { enable = true; diff --git a/isla/services/thinkfan.nix b/isla/services/thinkfan.nix index 78a42e4..c53ddef 100644 --- a/isla/services/thinkfan.nix +++ b/isla/services/thinkfan.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { thinkfan = { enable = true; diff --git a/isla/services/zapret.nix b/isla/services/zapret.nix index ad671e1..c512ea0 100644 --- a/isla/services/zapret.nix +++ b/isla/services/zapret.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { zapret = { enable = true; diff --git a/isla/services/zerotier.nix b/isla/services/zerotier.nix index f58210f..b864ebf 100644 --- a/isla/services/zerotier.nix +++ b/isla/services/zerotier.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { zerotierone = { enable = true; diff --git a/isla/systemd/oomd.nix b/isla/systemd/oomd.nix index cbd28f2..bb9a200 100644 --- a/isla/systemd/oomd.nix +++ b/isla/systemd/oomd.nix @@ -1,4 +1,4 @@ -{...}: { +_: { systemd = { oomd = { enable = true; diff --git a/isla/time/timeZone.nix b/isla/time/timeZone.nix index 57bca35..cef1656 100644 --- a/isla/time/timeZone.nix +++ b/isla/time/timeZone.nix @@ -1,4 +1,4 @@ -{...}: { +_: { time = { timeZone = "Europe/Moscow"; hardwareClockInLocalTime = true; diff --git a/isla/users/mutableUsers.nix b/isla/users/mutableUsers.nix index 54415f1..9bb56d0 100644 --- a/isla/users/mutableUsers.nix +++ b/isla/users/mutableUsers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { mutableUsers = false; }; diff --git a/isla/users/users/hand7s.nix b/isla/users/users/hand7s.nix index 8c0df47..e36405b 100644 --- a/isla/users/users/hand7s.nix +++ b/isla/users/users/hand7s.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { users = { hand7s = { diff --git a/isla/users/users/root.nix b/isla/users/users/root.nix index 595a6f6..e1374f1 100644 --- a/isla/users/users/root.nix +++ b/isla/users/users/root.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { users = { root = { diff --git a/isla/virtualisation/docker.nix b/isla/virtualisation/docker.nix index 1edae88..805ac30 100644 --- a/isla/virtualisation/docker.nix +++ b/isla/virtualisation/docker.nix @@ -1,4 +1,4 @@ -{...}: { +_: { virtualisation = { docker = { enable = true; diff --git a/isla/xdg/icons.nix b/isla/xdg/icons.nix index 53ccd0b..7c75adf 100644 --- a/isla/xdg/icons.nix +++ b/isla/xdg/icons.nix @@ -1,4 +1,4 @@ -{...}: { +_: { xdg = { icons = { enable = true; diff --git a/isla/xdg/mime.nix b/isla/xdg/mime.nix index 4b6af20..9197f59 100644 --- a/isla/xdg/mime.nix +++ b/isla/xdg/mime.nix @@ -1,4 +1,4 @@ -{...}: { +_: { xdg = { mime = { enable = true; diff --git a/kyra/default.nix b/kyra/default.nix deleted file mode 100644 index 7624558..0000000 --- a/kyra/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{self, ...}: { - imports = [ - "${self}/kyra/disko/disk.nix" - "${self}/kyra/disko/lvm_vg.nix" - - "${self}/kyra/boot/initrd/availableKernelModules.nix" - "${self}/kyra/boot/initrd/kernelModules.nix" - "${self}/kyra/boot/loader/grub.nix" - "${self}/kyra/boot/kernel.nix" - "${self}/kyra/boot/tmp.nix" - - "${self}/kyra/environment/systemPackages.nix" - - "${self}/kyra/hardware/zram.nix" - - "${self}/kyra/home-manager/users.nix" - - "${self}/kyra/networking/interfaces/ens3.nix" - "${self}/kyra/networking/firewall/ens3.nix" - "${self}/kyra/networking/firewall.nix" - "${self}/kyra/networking/dns.nix" - "${self}/kyra/networking/wireguard.nix" - "${self}/kyra/networking/defaultGateway.nix" - - "${self}/kyra/nix/settings/allowed-users.nix" - "${self}/kyra/nix/settings/experimental-features.nix" - "${self}/kyra/nix/settings/substituters.nix" - "${self}/kyra/nix/settings/trusted-public-keys.nix" - "${self}/kyra/nix/settings/trusted-users.nix" - "${self}/kyra/nix/settings/auto-optimise-store.nix" - - "${self}/kyra/nixpkgs/config.nix" - "${self}/kyra/nixpkgs/platform.nix" - - "${self}/kyra/programs/nh.nix" - - "${self}/kyra/services/openssh.nix" - "${self}/kyra/services/fail2ban.nix" - "${self}/kyra/services/netbird.nix" - "${self}/kyra/services/qemuGuest.nix" - "${self}/kyra/services/caddy.nix" - "${self}/kyra/services/sing-box.nix" - - "${self}/kyra/sops/age.nix" - "${self}/kyra/sops/defaults.nix" - "${self}/kyra/sops/secrets.nix" - - "${self}/kyra/system/stateVersion.nix" - - "${self}/kyra/users/users.nix" - "${self}/kyra/users/users/alep0u.nix" - "${self}/kyra/users/users/hand7s.nix" - "${self}/kyra/users/users/root.nix" - - "${self}/kyra/virtualisation/docker.nix" - ]; -} diff --git a/kyra/disko/disk.nix b/kyra/disko/disk.nix index c0c6cc7..231e00e 100644 --- a/kyra/disko/disk.nix +++ b/kyra/disko/disk.nix @@ -1,9 +1,14 @@ -{ +{name, ...}: { disko = { devices = { disk = { - virt_main = { - device = "/dev/sda"; + "virt_main" = { + device = + { + "yara" = "/dev/vda"; + }.${ + name + } or "/dev/sda"; type = "disk"; content = { type = "gpt"; diff --git a/kyra/home-manager/users.nix b/kyra/home-manager/users.nix index 6590188..0a5f3e3 100644 --- a/kyra/home-manager/users.nix +++ b/kyra/home-manager/users.nix @@ -4,12 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index self.inputs.noctalia.homeModules.default ]; diff --git a/kyra/networking/defaultGateway.nix b/kyra/networking/defaultGateway.nix deleted file mode 100644 index dd70ea4..0000000 --- a/kyra/networking/defaultGateway.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: { - networking = { - defaultGateway = lib.mkIf (config.networking.hostName == "mel") { - address = "45.11.229.1"; - interface = "ens3"; - }; - - defaultGateway6 = lib.mkIf (config.networking.hostName == "mel") { - address = "2a0e:97c0:3e3:2Oa::1"; - interface = "ens3"; - }; - }; -} diff --git a/kyra/networking/firewall.nix b/kyra/networking/firewall.nix index a9a2c40..e7dcb71 100644 --- a/kyra/networking/firewall.nix +++ b/kyra/networking/firewall.nix @@ -1,11 +1,8 @@ _: { networking = { firewall = { - enable = true; - allowPing = true; - checkReversePath = false; + enable = false; }; - useNetworkd = true; }; } diff --git a/kyra/networking/firewall/ens3.nix b/kyra/networking/firewall/ens3.nix deleted file mode 100644 index 7df7284..0000000 --- a/kyra/networking/firewall/ens3.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - ... -}: { - networking = { - firewall = { - interfaces = { - ens3 = { - allowedUDPPorts = - [ - 53580 - 53590 - ] - ++ lib.optionals (config.networking.hostName == "hazel") [ - 443 - - 25565 - - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - 53570 - ]; - - allowedTCPPorts = - [ - 53580 - 53590 - ] - ++ lib.optionals (config.networking.hostName == "hazel") [ - 443 - - 25565 - - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - 53570 - ]; - }; - }; - }; - }; -} diff --git a/kyra/networking/hostname.nix b/kyra/networking/hostname.nix index 7371866..bbd139a 100644 --- a/kyra/networking/hostname.nix +++ b/kyra/networking/hostname.nix @@ -1,5 +1,5 @@ -_: { +{name, ...}: { networking = { - hostName = "kyra"; + hostName = name; }; } diff --git a/kyra/networking/interfaces/ens3.nix b/kyra/networking/interfaces/ens3.nix deleted file mode 100644 index 3820e1f..0000000 --- a/kyra/networking/interfaces/ens3.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - ... -}: { - networking = { - interfaces = { - ens3 = { - ipv4 = { - addresses = lib.optionals (config.networking.hostName == "mel") [ - { - address = "45.11.229.254"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = - lib.optionals (config.networking.hostName == "hazel") [ - { - address = "2a03:6f01:1:2::cb1e"; - prefixLength = 64; - } - ] - ++ lib.optionals (config.networking.hostName == "mel") [ - { - address = "2a0e:97c0:3e3:2Oa::1"; - prefixLength = 64; - } - ]; - }; - }; - }; - }; -} diff --git a/kyra/networking/nftables.nix b/kyra/networking/nftables.nix new file mode 100644 index 0000000..71bfec3 --- /dev/null +++ b/kyra/networking/nftables.nix @@ -0,0 +1,7 @@ +_: { + networking = { + nftables = { + enable = true; + }; + }; +} diff --git a/kyra/security/acme.nix b/kyra/security/acme.nix new file mode 100644 index 0000000..00eb68d --- /dev/null +++ b/kyra/security/acme.nix @@ -0,0 +1,18 @@ +{config, ...}: { + security = { + acme = { + acceptTerms = true; + defaults = { + email = "litvinovb0@gmail.com"; + }; + + certs = { + "hand7s.org" = { + dnsProvider = "cloudflare"; + credentialsFile = config.sops.templates."acme.env".path; + group = "sing-box"; + }; + }; + }; + }; +} diff --git a/kyra/services/alloy.nix b/kyra/services/alloy.nix new file mode 100644 index 0000000..d863d04 --- /dev/null +++ b/kyra/services/alloy.nix @@ -0,0 +1,99 @@ +{ + config, + pkgs, + ... +}: { + services = { + alloy = { + enable = true; + + configPath = pkgs.writeText "alloy-config.alloy" '' + loki.source.journal "system" { + max_age = "24h" + forward_to = [loki.process.production.receiver] + + labels = { + host = "${config.networking.hostName}", + job = "journalctl", + } + } + + loki.process "production" { + forward_to = [loki.write.viola.receiver] + + stage.labels { + values = { + unit = "__journal_systemd_unit__", + } + } + + stage.label_keep { + values = ["unit"] + } + + stage.match { + selector = `{unit=~"(traefik|sing-box|crowdsec|alloy|netbird).*\\.service"}` + action = "drop" + } + } + + prometheus.exporter.unix "node" { + enable_collectors = [ + "cpu", "diskstats", "filesystem", + "loadavg", "meminfo", "netdev", + "time", "uname", + ] + } + + prometheus.scrape "node" { + targets = prometheus.exporter.unix.node.targets + forward_to = [prometheus.remote_write.viola.receiver] + scrape_interval = "30s" + job_name = "node" + } + + prometheus.scrape "alloy" { + targets = [{"__address__" = "127.0.0.1:12345"}] + + forward_to = [prometheus.remote_write.viola.receiver] + job_name = "alloy" + } + + loki.write "viola" { + endpoint { + url = "http://100.109.123.164:3100/loki/api/v1/push" + } + } + + prometheus.remote_write "viola" { + endpoint { + url = "http://100.109.123.164:9009/api/v1/push" + } + } + + otelcol.receiver.otlp "default" { + grpc { + endpoint = "0.0.0.0:4317" + } + + http { + endpoint = "0.0.0.0:4318" + } + + output { + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://100.109.123.164:4317" + tls { + insecure = true + } + } + } + ''; + }; + }; +} diff --git a/kyra/services/caddy.nix b/kyra/services/caddy.nix deleted file mode 100644 index fe3ad02..0000000 --- a/kyra/services/caddy.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - services = { - caddy = { - enable = - lib.mkIf ( - config.networking.hostName == "hazel" - ) - true; - - package = pkgs.caddy.withPlugins { - plugins = [ - "github.com/mholt/caddy-l4@v0.0.0-20250902102621-4a517a98d7fa" - "github.com/caddy-dns/cloudflare@v0.2.1" - ]; - hash = "sha256-1/jRWotKCvx7QncjVSVGYXb2gAmIiokC/ZbCUelG5Rc="; - }; - - globalConfig = '' - debug - email me@hand7s.org - - acme_ca https://acme-v02.api.letsencrypt.org/directory - - ''; - - # acme_ca https://api.zerossl.com/directory - - virtualHosts = { - "hand7s.org" = { - extraConfig = '' - respond "hi! :D WIP btw" - ''; - }; - - "git.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:53350 - ''; - }; - - "bin.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:80 - ''; - }; - - "zitadel.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:8443 - ''; - }; - }; - }; - }; -} diff --git a/kyra/services/firewalld.nix b/kyra/services/firewalld.nix new file mode 100644 index 0000000..1964f11 --- /dev/null +++ b/kyra/services/firewalld.nix @@ -0,0 +1,154 @@ +{ + name, + lib, + ... +}: { + services = { + firewalld = { + enable = true; + + services = { + "ssh" = { + short = "openssh"; + ports = [ + { + port = 60009; + protocol = "tcp"; + } + ]; + }; + + "stalwart" = { + short = "Stalwart-mail"; + ports = + lib.forEach [ + 25 + 110 + 143 + 465 + 993 + 995 + 4190 + ] ( + port: { + protocol = "tcp"; + inherit + port + ; + } + ); + }; + + "consul" = { + short = "Consul"; + ports = + lib.forEach [ + 8300 + 8301 + 8302 + 8500 + 8600 + ] ( + port: { + protocol = "tcp"; + inherit + port + ; + } + ) + ++ lib.forEach [ + 8301 + 8302 + 8600 + ] ( + port: { + protocol = "udp"; + inherit + port + ; + } + ); + }; + }; + + zones = { + "trusted" = { + services = [ + "consul" + ]; + }; + + "wan" = { + ports = [ + { + port = 2053; + protocol = "udp"; + } + + { + port = 8443; + protocol = "tcp"; + } + + { + port = 51820; + protocol = "udp"; + } + ]; + + icmpBlockInversion = true; + icmpBlocks = [ + "echo-request" + "destination-unreachable" + "parameter-problem" + "time-exceeded" + ]; + + interfaces = lib.concatLists [ + ( + lib.optionals ( + lib.elem name [ + "hazel" + "lynn" + "yara" + "ivy" + ] + ) [ + "ens3" + ] + ) + + ( + lib.optionals ( + name == "mel" + ) [ + "eth0" + ] + ) + ]; + + services = lib.concatLists [ + [ + "ssh" + "http" + "https" + ] + + ( + lib.optionals ( + lib.elem name [ + "hazel" + "lynn" + "mel" + ] + ) [ + "minecraft" + "stalwart" + ] + ) + ]; + }; + }; + }; + }; +} diff --git a/kyra/services/netbird.nix b/kyra/services/netbird.nix index 071330a..3f2a353 100644 --- a/kyra/services/netbird.nix +++ b/kyra/services/netbird.nix @@ -1,7 +1,17 @@ -{...}: { +{config, ...}: { services = { netbird = { enable = true; + + clients = { + "wt0" = { + port = 51820; + login = { + enable = true; + setupKeyFile = config.sops.secrets."nbKey".path; + }; + }; + }; }; }; } diff --git a/kyra/services/openssh.nix b/kyra/services/openssh.nix index 6d54477..fb2f45d 100644 --- a/kyra/services/openssh.nix +++ b/kyra/services/openssh.nix @@ -3,7 +3,14 @@ _: { openssh = { enable = true; ports = [ - 58693 + 60009 + ]; + + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } ]; settings = { diff --git a/kyra/services/resolved.nix b/kyra/services/resolved.nix new file mode 100644 index 0000000..ad91e2a --- /dev/null +++ b/kyra/services/resolved.nix @@ -0,0 +1,39 @@ +_: { + services = { + resolved = { + enable = true; + dnsovertls = toString true; + dnssec = toString true; + llmnr = toString true; + domains = [ + "~." + ]; + + fallbackDns = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; + }; +} diff --git a/kyra/services/sing-box.nix b/kyra/services/sing-box.nix index f29526c..d4b5656 100644 --- a/kyra/services/sing-box.nix +++ b/kyra/services/sing-box.nix @@ -1,26 +1,33 @@ -{...}: { +{lib, ...}: { services = { sing-box = { enable = true; settings = { log = { - level = "debug"; + level = "error"; }; dns = { servers = [ { - type = "local"; + tag = "cloudflare"; + type = "quic"; + server = "1.1.1.1"; + } + + { tag = "local"; + type = "local"; } ]; - final = "local"; - strategy = "prefer_ipv6"; + final = "cloudflare"; + strategy = "prefer_ipv4"; }; route = { final = "direct-out"; + default_domain_resolver = "cloudflare"; auto_detect_interface = true; }; @@ -32,54 +39,69 @@ ]; inbounds = [ + { + type = "hysteria2"; + tag = "hy2-in"; + listen = "::"; + listen_port = 2053; + masquerade = "https://hand7s.org"; + up_mbps = 100; + down_mbps = 100; + obfs = { + type = "salamander"; + password = lib.hashString "sha512" "randomstring"; # not a real string + }; + + users = [ + { + name = "hand7s"; + password = lib.hashString "sha512" "userstring"; # not a real string + } + ]; + + tls = { + enabled = true; + server_name = "hand7s.org"; + certificate_path = "/var/lib/acme/hand7s.org/cert.pem"; + key_path = "/var/lib/acme/hand7s.org/key.pem"; + }; + } + { type = "vless"; tag = "vless-inbound"; listen = "::"; - listen_port = 53570; + listen_port = 8443; + + sniff = true; users = [ { - name = "hand7s_1"; - uuid = "${singboxUUID2}"; - flow = "xtls-rprx-vision"; - } - - { - name = "hand7s_2"; - uuid = "${singboxUUID2}"; + name = "hand7s"; + uuid = lib.hashString "sha512" "uuidstring"; # not a real string flow = "xtls-rprx-vision"; } ]; - tls = rec { + tls = { enabled = true; - server_name = "vk.com"; + server_name = "hand7s.org"; reality = { enabled = true; max_time_difference = "5m"; handshake = { - server = server_name; + server = "127.0.0.1"; server_port = 443; }; - private_key = "${singboxKey}"; + private_key = lib.hashString "sha512" "uuidstring"; # not a real string short_id = [ - "${singboxId}" + "shortie" ]; }; }; - - transport = { - type = "httpupgrade"; - }; - - multiplex = { - enabled = true; - padding = false; - }; } ]; }; diff --git a/kyra/services/traefik.nix b/kyra/services/traefik.nix new file mode 100644 index 0000000..fb60af9 --- /dev/null +++ b/kyra/services/traefik.nix @@ -0,0 +1,459 @@ +{config, ...}: { + services = { + traefik = { + enable = true; + + environmentFiles = [ + config.sops.templates."traefik.env".path + ]; + + dynamicConfigOptions = { + http = { + routers = { + "site" = { + rule = "Host(`hand7s.org`)"; + service = "site-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "git" = { + rule = "Host(`git.hand7s.org`)"; + service = "git-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "cicd" = { + rule = "Host(`woodpecker.hand7s.org`)"; + service = "cicd-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "oidc" = { + rule = "Host(`zitadel.hand7s.org`)"; + service = "oidc-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "bin" = { + rule = "Host(`bin.hand7s.org`)"; + service = "bin-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "lgtm" = { + rule = "Host(`grafana.hand7s.org`)"; + service = "lgtm-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + }; + + services = { + "site-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:8180"; + } + ]; + }; + }; + + "git-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53350"; + } + ]; + }; + }; + + "oidc-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:8443"; + } + ]; + }; + }; + + "bin-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53352"; + } + ]; + }; + }; + + "cicd-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53351"; + } + ]; + }; + }; + + "lgtm-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:3030"; + } + ]; + }; + }; + }; + }; + + tcp = { + routers = { + "minecraft" = { + rule = "HostSNI(`*`)"; + service = "mc-svc"; + entryPoints = [ + "minecraft" + ]; + }; + + "smtp" = { + rule = "HostSNI(`*`)"; + service = "smtp-svc"; + entryPoints = [ + "smtp" + ]; + }; + + "pop3" = { + rule = "HostSNI(`*`)"; + service = "pop-svc"; + entryPoints = [ + "pop3" + ]; + }; + + "submissions" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "submissions-svc"; + entryPoints = [ + "submissions" + ]; + }; + + "submission" = { + rule = "HostSNI(`*`)"; + service = "submission-svc"; + entryPoints = [ + "submission" + ]; + }; + + "imaptls" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "imaptls-svc"; + entryPoints = [ + "imaptls" + ]; + }; + + "pop3s" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "pop3s-svc"; + entryPoints = [ + "pop3s" + ]; + }; + + "managesieve" = { + rule = "HostSNI(`*`)"; + service = "managesieve-svc"; + entryPoints = [ + "managesieve" + ]; + }; + }; + }; + + services = { + "mc-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25565"; + } + ]; + }; + }; + + "smtp-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25"; + } + ]; + }; + }; + + "pop3-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:110"; + } + ]; + }; + }; + + "imap-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:143"; + } + ]; + }; + }; + + "submissions-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:465"; + } + ]; + }; + }; + + "submission-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:587"; + } + ]; + }; + }; + + "imaptls-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:993"; + } + ]; + }; + }; + + "pop3s-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:995"; + } + ]; + }; + }; + + "managesieve-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:4190"; + } + ]; + }; + }; + }; + }; + + staticConfigOptions = { + api = { + dashboard = true; + }; + + tracing = { + otlp = { + grpc = { + endpoint = "127.0.0.1:4317"; + insecure = true; + }; + }; + }; + + certificatesResolvers = { + "cloudflare" = { + acme = { + email = "litvinovb0@gmail.com"; + storage = "${config.services.traefik.dataDir}/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ + "1.1.1.1:53" + "8.8.8.8:53" + ]; + }; + }; + }; + }; + + log = { + level = "DEBUG"; + }; + + entryPoints = { + "web" = { + address = ":80"; + http = { + redirections = { + entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + }; + }; + + "websecure" = { + address = ":443"; + http = { + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + }; + }; + + "minecraft" = { + address = ":25565"; + }; + + "smtp" = { + address = ":25"; + }; + + "pop3" = { + address = ":110"; + }; + + "imap" = { + address = ":143"; + }; + + "submissions" = { + address = ":465"; + }; + + "submission" = { + address = ":587"; + }; + + "imaptls" = { + address = ":993"; + }; + + "pop3s" = { + address = ":995"; + }; + + "managesieve" = { + address = ":4190"; + }; + }; + }; + }; + }; +} diff --git a/kyra/systemd/networkd.nix b/kyra/systemd/networkd.nix new file mode 100644 index 0000000..8982b55 --- /dev/null +++ b/kyra/systemd/networkd.nix @@ -0,0 +1,120 @@ +{ + name, + lib, + ... +}: { + systemd = { + network = { + enable = true; + networks = lib.mkMerge [ + ( + lib.mkIf ( + name == "mel" + ) + { + "10-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + IPv6AcceptRA = false; + Address = [ + "45.11.229.245/24" + "2a0e:97c0:3e3:20a::1/64" + ]; + }; + + routes = [ + { + routeConfig = { + Gateway = "45.11.229.1"; + }; + } + + { + routeConfig = { + Gateway = "fe80::1"; + GatewayOnLink = true; + }; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "yara" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + IPv6AcceptRA = false; + Address = [ + "138.124.240.75/32" + "2a0d:d940:1a:1500::2/56" + ]; + }; + + routes = [ + { + routeConfig = { + Gateway = "10.0.0.1"; + GatewayOnLink = true; + }; + } + + { + routeConfig = { + Gateway = "2a0d:d940:1a:1500::1"; + GatewayOnLink = true; + }; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "hazel" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + Address = "90.156.226.152/24"; + Gateway = "90.156.226.1"; + IPv6AcceptRA = false; + }; + }; + } + ) + + ( + lib.mkIf ( + name == "lynn" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + Address = "138.124.72.244/24"; + Gateway = "138.124.72.1"; + IPv6AcceptRA = false; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/kyra/users/users/alep0u.nix b/kyra/users/users/alep0u.nix index faf1630..78766ad 100644 --- a/kyra/users/users/alep0u.nix +++ b/kyra/users/users/alep0u.nix @@ -4,7 +4,6 @@ _: { "alep0u" = { description = "alep0u"; isNormalUser = true; - password = "alep0u"; extraGroups = [ "wheel" "docker" diff --git a/kyra/users/users/hand7s.nix b/kyra/users/users/hand7s.nix index 497573a..11f593a 100644 --- a/kyra/users/users/hand7s.nix +++ b/kyra/users/users/hand7s.nix @@ -4,7 +4,6 @@ _: { "hand7s" = { description = "hands"; isNormalUser = true; - hashedPassword = "$y$j9T$eHfq328GBp7Ga8xsbOTV/0$kcihv7zWLqSkj2jKAhI1pdbTSwvaf2RY5Rokm69XTL/"; extraGroups = [ "wheel" "docker" diff --git a/kyra/virtualisation/docker.nix b/kyra/virtualisation/docker.nix deleted file mode 100644 index 59e76bf..0000000 --- a/kyra/virtualisation/docker.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - virtualisation = { - oci-containers = { - backend = "docker"; - }; - - docker = { - enable = true; - rootless = { - enable = true; - }; - }; - }; -} diff --git a/kyra/virtualisation/vmVariant.nix b/kyra/virtualisation/vmVariant.nix new file mode 100644 index 0000000..c81ecc6 --- /dev/null +++ b/kyra/virtualisation/vmVariant.nix @@ -0,0 +1,11 @@ +_: { + virtualisation = { + vmVariant = { + virtualisation = { + cores = 2; + memorySize = 2048; + diskSize = 20480; + }; + }; + }; +} diff --git a/viola/services/forgejo.nix b/viola/services/forgejo.nix index 84774ef..2f5683f 100644 --- a/viola/services/forgejo.nix +++ b/viola/services/forgejo.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { forgejo = { enable = true; diff --git a/viola/services/homepage.nix b/viola/services/homepage.nix index 2999560..2a2a8f3 100644 --- a/viola/services/homepage.nix +++ b/viola/services/homepage.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { homepage-dashboard = { enable = true; diff --git a/viola/services/postgresql.nix b/viola/services/postgresql.nix index 62c57bb..3b3ad12 100644 --- a/viola/services/postgresql.nix +++ b/viola/services/postgresql.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { postgresql = { enable = true; diff --git a/viola/services/privatebin.nix b/viola/services/privatebin.nix index 0db50ad..24ee0f7 100644 --- a/viola/services/privatebin.nix +++ b/viola/services/privatebin.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { privatebin = { enable = true;