diff --git a/ada/security/sudo-rs.nix b/ada/security/sudo-rs.nix index 35b28ec..4f270c9 100644 --- a/ada/security/sudo-rs.nix +++ b/ada/security/sudo-rs.nix @@ -4,9 +4,6 @@ _: { enable = true; wheelNeedsPassword = true; execWheelOnly = true; - extraConfig = '' - Defaults !pwfeedback - ''; }; }; } diff --git a/flake.lock b/flake.lock index 8dc76a9..ae5d2c5 100644 --- a/flake.lock +++ b/flake.lock @@ -33,11 +33,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1774522439, - "narHash": "sha256-GvINrdGznE7mGlDNjW0/PMgOJlC+Nl9MkfxALB4QvWs=", + "lastModified": 1772478757, + "narHash": "sha256-OZ/rD87JVagLiHCz5M/kfu5n3+32G+kvoZ3F5xmzVng=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "8b9c179bc1300ab130c90f2d25426bf0e7a2b58d", + "rev": "4b0b511675cc368956a3917f0710dd62ba7b4043", "type": "github" }, "original": { @@ -107,14 +107,14 @@ "inputs": { "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1775356343, - "narHash": "sha256-m+A5+jOaQsYLtjaKT2pysVoUwoTn8iUHI+V9wB1FuyU=", + "lastModified": 1774211056, + "narHash": "sha256-3RwmBh/JSjeDaD7xstcnsbb0Z/n7QctYU+dkiqaPdGI=", "owner": "ndfined-crp", "repo": "ayugram-desktop", - "rev": "bcae077f1a028e2f274f644d4194b907cd5b52c1", + "rev": "0d6745f4fe12d2f2e6273b330071c575fcf9b65b", "type": "github" }, "original": { @@ -194,16 +194,16 @@ "brew-src": { "flake": false, "locked": { - "lastModified": 1774235677, - "narHash": "sha256-0ryNYmzDAeRlrzPTAgmzGH/Cgc8iv/LBN6jWGUANvIk=", + "lastModified": 1769363988, + "narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=", "owner": "Homebrew", "repo": "brew", - "rev": "894a3d23ac0c8aaf561b9874b528b9cb2e839201", + "rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2", "type": "github" }, "original": { "owner": "Homebrew", - "ref": "5.1.1", + "ref": "5.0.12", "repo": "brew", "type": "github" } @@ -213,7 +213,7 @@ "devenv": "devenv", "flake-compat": "flake-compat_3", "git-hooks": "git-hooks_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1774017633, @@ -310,7 +310,7 @@ "crate2nix" ], "git-hooks": "git-hooks_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1767714506, @@ -340,7 +340,7 @@ "crate2nix_stable" ], "git-hooks": "git-hooks_4", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1767714506, @@ -360,11 +360,11 @@ "cachyos-kernel": { "flake": false, "locked": { - "lastModified": 1775145950, - "narHash": "sha256-AfVja9nvYHm0BHbuTvn+K8rKfLmPl5QjoiNecp9HOJU=", + "lastModified": 1774160598, + "narHash": "sha256-ArPoVPHpXauFDGsz7nGBiXljj7keGcp/O4Pf4ZU4/30=", "owner": "CachyOS", "repo": "linux-cachyos", - "rev": "b91624f68ceaf5394ef1571f60290dca6ba22b45", + "rev": "1caa0b77871d4537f0d629a2ce30edb2f6178d19", "type": "github" }, "original": { @@ -376,11 +376,11 @@ "cachyos-kernel-patches": { "flake": false, "locked": { - "lastModified": 1775157685, - "narHash": "sha256-g8HgH7gADoEnrBN30BK3pz7+M2pT/p3xtfRFEuEov5w=", + "lastModified": 1774023710, + "narHash": "sha256-Oc+4K6edCv0fdvfe6UW+OpJiXYWkXRrOH9TDMNwi+J8=", "owner": "CachyOS", "repo": "kernel-patches", - "rev": "c1ba300617a12d257b5721572b9bbe28efae182f", + "rev": "a4e26fa95257ac09bd42930334399b0eabd5b5b1", "type": "github" }, "original": { @@ -394,7 +394,7 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -457,17 +457,16 @@ "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { - "lastModified": 1772186516, - "narHash": "sha256-8s28pzmQ6TOIUzznwFibtW1CMieMUl1rYJIxoQYor58=", - "owner": "rossng", + "lastModified": 1773440526, + "narHash": "sha256-OcX1MYqUdoalY3/vU67PEx8m6RvqGxX0LwKonjzXn7I=", + "owner": "nix-community", "repo": "crate2nix", - "rev": "ba5dd398e31ee422fbe021767eb83b0650303a6e", + "rev": "e697d3049c909580128caa856ab8eb709556a97b", "type": "github" }, "original": { - "owner": "rossng", + "owner": "nix-community", "repo": "crate2nix", - "rev": "ba5dd398e31ee422fbe021767eb83b0650303a6e", "type": "github" } }, @@ -483,7 +482,7 @@ "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_4", "nix-test-runner": "nix-test-runner", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { @@ -527,7 +526,7 @@ "deploy-rs": { "inputs": { "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "utils": "utils" }, "locked": { @@ -586,15 +585,15 @@ "git-hooks": "git-hooks_5", "nix": "nix_2", "nixd": "nixd_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1775334024, - "narHash": "sha256-vg1CVojgtjLPZNFe7QVd/d97E12TLUgBQDlCqMqbEGU=", + "lastModified": 1774428097, + "narHash": "sha256-yQAutPgbsVHsN/SygZDyzMRxQn6Im53PJkrI377N8Sg=", "owner": "cachix", "repo": "devenv", - "rev": "f30a244f8175ef14ed1a4e4dfc737d28ecc5d852", + "rev": "957d63f663f230dc8ac3b85f950690e56fe8b1e0", "type": "github" }, "original": { @@ -713,15 +712,15 @@ }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1775373929, - "narHash": "sha256-Elx3es3UvLova3YBdJTc9rju9ULl9+5XF4K5t5Ejsa8=", + "lastModified": 1774423251, + "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=", "owner": "nix-community", "repo": "fenix", - "rev": "221468471f762f355db24ce728012544561650f5", + "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf", "type": "github" }, "original": { @@ -733,11 +732,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1775176642, - "narHash": "sha256-2veEED0Fg7Fsh81tvVDNYR6SzjqQxa7hbi18Jv4LWpM=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "179704030c5286c729b5b0522037d1d51341022c", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -1022,11 +1021,11 @@ "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -1100,11 +1099,11 @@ ] }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -1140,11 +1139,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -1246,11 +1245,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -1385,14 +1384,14 @@ "flake-compat": "flake-compat_8", "libnbtplusplus": "libnbtplusplus", "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_12" }, "locked": { - "lastModified": 1774815961, - "narHash": "sha256-F8T9kMowfbIO8zMpVcpoAhNntZ+kt2SYFtegM3YEcbc=", + "lastModified": 1774208136, + "narHash": "sha256-+k5LUBOXNHgWfAQhPJtCpz7LtFZVOr1YT0YPZswMXbA=", "owner": "freesmteam", "repo": "freesmlauncher", - "rev": "ff52d69721449f9e3ee447f2642a65e9e08375ff", + "rev": "e1af3554cde670819270dc9e9fdb916adb12d4f5", "type": "github" }, "original": { @@ -1421,17 +1420,14 @@ "inputs": { "flake-compat": "flake-compat_2", "gitignore": "gitignore_2", - "nixpkgs": [ - "ayugram-desktop", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1775036584, - "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", + "lastModified": 1774104215, + "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", + "rev": "f799ae951fde0627157f40aec28dec27b22076d0", "type": "github" }, "original": { @@ -1444,14 +1440,14 @@ "inputs": { "flake-compat": "flake-compat_9", "gitignore": "gitignore_9", - "nixpkgs": "nixpkgs_12" + "nixpkgs": "nixpkgs_13" }, "locked": { - "lastModified": 1775036584, - "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", + "lastModified": 1774104215, + "narHash": "sha256-EAtviqz0sEAxdHS4crqu7JGR5oI3BwaqG0mw7CmXkO8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", + "rev": "f799ae951fde0627157f40aec28dec27b22076d0", "type": "github" }, "original": { @@ -1577,7 +1573,7 @@ "github-actions-nix": { "inputs": { "flake-parts": "flake-parts_8", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1773808042, @@ -1868,18 +1864,20 @@ "gnome-shell": { "flake": false, "locked": { + "host": "gitlab.gnome.org", "lastModified": 1767737596, "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", "rev": "ef02db02bf0ff342734d525b5767814770d85b49", - "type": "github" + "type": "gitlab" }, "original": { + "host": "gitlab.gnome.org", "owner": "GNOME", + "ref": "gnome-49", "repo": "gnome-shell", - "rev": "ef02db02bf0ff342734d525b5767814770d85b49", - "type": "github" + "type": "gitlab" } }, "home-manager": { @@ -1932,11 +1930,11 @@ ] }, "locked": { - "lastModified": 1775427330, - "narHash": "sha256-pm1SDX9Tj4eHWwjtDEqSU+5QZO7nHHqU8GT0JtbI9rc=", + "lastModified": 1774379316, + "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e7269ac064bea120d7b23daed432a096617872d", + "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7", "type": "github" }, "original": { @@ -1964,11 +1962,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1775435801, - "narHash": "sha256-FySeFQfWyWduCiyV6JkDvi+wiFqRaXY/nhNq5s+zduI=", + "lastModified": 1774452530, + "narHash": "sha256-qSvlnzAvT8v8pHWGYjA2RLyAwqbxk5KSBZokH7qwNAU=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "ee0aa698999970b8b49bc4960f63d609e2a1b77e", + "rev": "1d4adcff8d114371f210c5d88a8d184b7ddfe67c", "type": "github" }, "original": { @@ -1980,11 +1978,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1775439497, - "narHash": "sha256-DgRSpwokqer+9BBI+/Y9UW1bgwfBGKzppAG2IXGjiJI=", + "lastModified": 1774452579, + "narHash": "sha256-a6HzxdO577V11yoPnEojHZ/7nZyOWzuGMnciQKyGQAA=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "1aa7031176dce5364b68ee6c9b74a863ca0c5c11", + "rev": "813204046dc991a111a53d5728776c76b68b44f5", "type": "github" }, "original": { @@ -2062,17 +2060,17 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_14", + "nixpkgs": "nixpkgs_15", "pre-commit-hooks": "pre-commit-hooks_4", "systems": "systems_4", "xdph": "xdph" }, "locked": { - "lastModified": 1775416789, - "narHash": "sha256-0IELkB6YXCZGqZqLdmOcTw8mki6NNhDmG47y7Qynuj8=", + "lastModified": 1774445873, + "narHash": "sha256-GroDkLSY4r7356gneOoIytG3yhlsIJwjTsKNCStmJvQ=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "aaa2fc342f002bf4acd965f1ad2ead3796347e35", + "rev": "8196711aaa78c8f62e6f720636ef707783685036", "type": "github" }, "original": { @@ -2406,7 +2404,7 @@ }, "ndg": { "inputs": { - "nixpkgs": "nixpkgs_18" + "nixpkgs": "nixpkgs_21" }, "locked": { "lastModified": 1768214250, @@ -2425,7 +2423,7 @@ }, "nekoflake": { "inputs": { - "nixpkgs": "nixpkgs_15" + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1744631782, @@ -2489,16 +2487,16 @@ }, "nix-bwrapper": { "inputs": { - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "nuschtosSearch": "nuschtosSearch", "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1774788895, - "narHash": "sha256-wyIX/5EK9QG7o5oAXZhRghOIKKDHYGda7H97IxKvZfk=", + "lastModified": 1772136788, + "narHash": "sha256-5M9aiuBAm1nQd/8UAGrgnr2untzliTiWQIo1sHrGEMY=", "owner": "Naxdy", "repo": "nix-bwrapper", - "rev": "024f91da43f3917e4b26542af75f2a641297ceb1", + "rev": "49749a10842ebcc7ff0d2daea660d3b29ca5abb5", "type": "github" }, "original": { @@ -2513,14 +2511,14 @@ "cachyos-kernel-patches": "cachyos-kernel-patches", "flake-compat": "flake-compat_12", "flake-parts": "flake-parts_10", - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_20" }, "locked": { - "lastModified": 1775239578, - "narHash": "sha256-MKJmDHlaxwBcnfCUEA89AwKOOONjOjbjHNNWdSdg5RA=", + "lastModified": 1774290535, + "narHash": "sha256-dnFbucSiAjjWmPENgyIiK/ocCuYSp4sM6Sq4WCVjG+8=", "owner": "xddxdd", "repo": "nix-cachyos-kernel", - "rev": "beaf7a533ae106c2681de2624da94707f9857f1f", + "rev": "c0fcdf5cab21b7e3157e84046b57407a60934415", "type": "github" }, "original": { @@ -2537,11 +2535,11 @@ ] }, "locked": { - "lastModified": 1775037210, - "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", + "lastModified": 1773000227, + "narHash": "sha256-zm3ftUQw0MPumYi91HovoGhgyZBlM4o3Zy0LhPNwzXE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "06648f4902343228ce2de79f291dd5a58ee12146", + "rev": "da529ac9e46f25ed5616fd634079a5f3c579135f", "type": "github" }, "original": { @@ -2619,11 +2617,11 @@ "brew-src": "brew-src" }, "locked": { - "lastModified": 1774720267, - "narHash": "sha256-YYftFe8jyfpQI649yfr0E+dqEXE2jznZNcYvy/lKV1U=", + "lastModified": 1769437432, + "narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=", "owner": "zhaofengli", "repo": "nix-homebrew", - "rev": "a7760a3a83f7609f742861afb5732210fdc437ed", + "rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5", "type": "github" }, "original": { @@ -2639,11 +2637,11 @@ ] }, "locked": { - "lastModified": 1775365369, - "narHash": "sha256-DgH5mveLoau20CuTnaU5RXZWgFQWn56onQ4Du2CqYoI=", + "lastModified": 1774156144, + "narHash": "sha256-gdYe9wTPl4ignDyXUl1LlICWj41+S0GB5lG1fKP17+A=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "cef5cf82671e749ac87d69aadecbb75967e6f6c3", + "rev": "55b588747fa3d7fc351a11831c4b874dab992862", "type": "github" }, "original": { @@ -2657,7 +2655,7 @@ "flake-compat": "flake-compat_13", "flake-parts": "flake-parts_11", "ndg": "ndg", - "nixpkgs": "nixpkgs_19" + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1773682734, @@ -2871,7 +2869,7 @@ "nix-vm-test": "nix-vm-test", "nixos-images": "nixos-images", "nixos-stable": "nixos-stable", - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_23", "treefmt-nix": "treefmt-nix_5" }, "locked": { @@ -2892,15 +2890,15 @@ "inputs": { "flake-compat": "flake-compat_14", "flake-parts": "flake-parts_13", - "nixpkgs": "nixpkgs_21", + "nixpkgs": "nixpkgs_24", "optnix": "optnix" }, "locked": { - "lastModified": 1775373899, - "narHash": "sha256-V5c/01KFksD459zETtWFmjIG/haiRA5rF3R5DxhtFbQ=", + "lastModified": 1774427328, + "narHash": "sha256-KtGThScvwNbCm+6XwUKRfpTjJVKV9SHswm29px3m4pw=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "694753213dd9a8dbf38e572f053bc49b6382425f", + "rev": "23e7540706eb5271f4ab37b9e52532637d57c63b", "type": "github" }, "original": { @@ -2974,14 +2972,14 @@ "nixos-wsl": { "inputs": { "flake-compat": "flake-compat_15", - "nixpkgs": "nixpkgs_22" + "nixpkgs": "nixpkgs_25" }, "locked": { - "lastModified": 1774972752, - "narHash": "sha256-DnLIpFxznohpLkIFs390uZ0gxwkVyhtknhKNu+lQJK8=", + "lastModified": 1773882647, + "narHash": "sha256-VzcOcE0LLpEnyoxLuMuptZ9ZWCkSBn99bTgEQoz5Viw=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "d97e078f4788cddb8d11c3c99f72a4bb9ddec221", + "rev": "fd0eae98d1ecee31024271f8d64676250a386ee7", "type": "github" }, "original": { @@ -3041,11 +3039,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -3056,11 +3054,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -3086,11 +3084,11 @@ }, "nixpkgs-lib_4": { "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -3163,38 +3161,57 @@ } }, "nixpkgs_10": { + "inputs": { + "nixpkgs-src": "nixpkgs-src" + }, "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "lastModified": 1773704619, + "narHash": "sha256-LKtmit8Sr81z8+N2vpIaN/fyiQJ8f7XJ6tMSKyDVQ9s=", + "owner": "cachix", + "repo": "devenv-nixpkgs", + "rev": "906534d75b0e2fe74a719559dfb1ad3563485f43", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", + "owner": "cachix", + "ref": "rolling", + "repo": "devenv-nixpkgs", "type": "github" } }, "nixpkgs_11": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", - "owner": "NixOS", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_12": { + "locked": { + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_13": { "locked": { "lastModified": 1770073757, "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", @@ -3210,7 +3227,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -3224,7 +3241,7 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1774106199, "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", @@ -3240,7 +3257,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1742283249, "narHash": "sha256-hYz59vIFHjPt3l4iaXwCGUPu85EVRomzZRONksMVmgY=", @@ -3255,13 +3272,13 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "type": "github" }, "original": { @@ -3271,29 +3288,13 @@ "type": "github" } }, - "nixpkgs_17": { - "locked": { - "lastModified": 1775231746, - "narHash": "sha256-EFaDQ0rnuSjKfC/DUKHS4toV4rEBuWhSgyX2Yy0kp00=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0eac666efaa8a9afea2821f9efc7921b4ef39b4e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_18": { "locked": { - "lastModified": 1766070988, - "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "lastModified": 1767892417, + "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba", "type": "github" }, "original": { @@ -3304,134 +3305,6 @@ } }, "nixpkgs_19": { - "locked": { - "lastModified": 1755593991, - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_20": { - "locked": { - "lastModified": 1769900851, - "narHash": "sha256-RgCgXS3WiG9c/1wxFM6OXmmv39dSaLLON9VeAbTTAIM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "30a3e96da641620c63f2e1f345ea434ac78f5de1", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_21": { - "locked": { - "lastModified": 1774855581, - "narHash": "sha256-YkreHeMgTCYvJ5fESV0YyqQK49bHGe2B51tH6claUh4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "15c6719d8c604779cf59e03c245ea61d3d7ab69b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_22": { - "locked": { - "lastModified": 1773734432, - "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cda48547b432e8d3b18b4180ba07473762ec8558", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_23": { - "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_24": { - "locked": { - "lastModified": 1775126147, - "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_25": { - "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_26": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -3447,7 +3320,199 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1770073757, + "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "47472570b1e607482890801aeaf29bfb749884f6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_20": { + "locked": { + "lastModified": 1774235121, + "narHash": "sha256-CzpSER+YKq4yD+RPom6Su9c/4FutF+sD4rEnls+4MyM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1116aed2cee959f7d054a462458513ad323b710a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { + "locked": { + "lastModified": 1766070988, + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_22": { + "locked": { + "lastModified": 1755593991, + "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_23": { + "locked": { + "lastModified": 1769900851, + "narHash": "sha256-RgCgXS3WiG9c/1wxFM6OXmmv39dSaLLON9VeAbTTAIM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "30a3e96da641620c63f2e1f345ea434ac78f5de1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_24": { + "locked": { + "lastModified": 1772956932, + "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "608d0cadfed240589a7eea422407a547ad626a14", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_25": { + "locked": { + "lastModified": 1773734432, + "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cda48547b432e8d3b18b4180ba07473762ec8558", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_26": { + "locked": { + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_27": { + "locked": { + "lastModified": 1773840656, + "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_28": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_29": { + "locked": { + "lastModified": 1770107345, + "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4533d9293756b63904b7238acb84ac8fe4c8c2c4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_30": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -3461,7 +3526,7 @@ "type": "indirect" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1772624091, "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", @@ -3477,7 +3542,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1764950072, "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", @@ -3493,7 +3558,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1743014863, "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", @@ -3509,22 +3574,6 @@ "type": "github" } }, - "nixpkgs_6": { - "locked": { - "lastModified": 1765186076, - "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_7": { "locked": { "lastModified": 1765186076, @@ -3542,6 +3591,22 @@ } }, "nixpkgs_8": { + "locked": { + "lastModified": 1765186076, + "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { "locked": { "lastModified": 1769433173, "narHash": "sha256-Gf1dFYgD344WZ3q0LPlRoWaNdNQq8kSBDLEWulRQSEs=", @@ -3557,25 +3622,6 @@ "type": "github" } }, - "nixpkgs_9": { - "inputs": { - "nixpkgs-src": "nixpkgs-src" - }, - "locked": { - "lastModified": 1773704619, - "narHash": "sha256-LKtmit8Sr81z8+N2vpIaN/fyiQJ8f7XJ6tMSKyDVQ9s=", - "owner": "cachix", - "repo": "devenv-nixpkgs", - "rev": "906534d75b0e2fe74a719559dfb1ad3563485f43", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "rolling", - "repo": "devenv-nixpkgs", - "type": "github" - } - }, "nmd": { "inputs": { "nixpkgs": [ @@ -3622,11 +3668,11 @@ "noctalia-qs": "noctalia-qs" }, "locked": { - "lastModified": 1775438319, - "narHash": "sha256-woO1IU6q5x6HGegm9D7y17o/3CvWaj92ZDrjI6deSDQ=", + "lastModified": 1774442185, + "narHash": "sha256-dHxsDxA3kIn22eJZ+AhgIOJO6BLPH88DJfnviJ0le28=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "ef147f24f16f3aaca116cb93c716326b04d37c21", + "rev": "c960e17791bdd73300c37ebb1619bc8f3ee45ade", "type": "github" }, "original": { @@ -3645,11 +3691,11 @@ "treefmt-nix": "treefmt-nix_6" }, "locked": { - "lastModified": 1775352167, - "narHash": "sha256-5ytGzf6tWONKfgVG2JUZBa/lAHSArPYu/2l2z5lPsF0=", + "lastModified": 1774351986, + "narHash": "sha256-N131zILQ06ZNEvtgtjjFZ0N5qEI70rKKhCZsBcZoDH8=", "owner": "noctalia-dev", "repo": "noctalia-qs", - "rev": "736ceb63476597b1dea14fa053d5acf9070c6c4b", + "rev": "066835ebd5daeabc86df1e62fb5fe82a51407cc0", "type": "github" }, "original": { @@ -3670,11 +3716,11 @@ ] }, "locked": { - "lastModified": 1775228139, - "narHash": "sha256-ebbeHmg+V7w8050bwQOuhmQHoLOEOfqKzM1KgCTexK4=", + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "owner": "nix-community", "repo": "NUR", - "rev": "601971b9c89e0304561977f2c28fa25e73aa7132", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "type": "github" }, "original": { @@ -3687,10 +3733,7 @@ "inputs": { "flake-utils": "flake-utils_2", "ixx": "ixx", - "nixpkgs": [ - "nix-bwrapper", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1768249818, @@ -3702,7 +3745,6 @@ }, "original": { "owner": "NuschtOS", - "ref": "v0.1.0", "repo": "search", "type": "github" } @@ -3719,11 +3761,11 @@ ] }, "locked": { - "lastModified": 1774559664, - "narHash": "sha256-a8FWQZgqaS7o484iH7dFK+F9t7oMahKbcH2piIwUwFc=", + "lastModified": 1770000117, + "narHash": "sha256-kZ1eLvCxfN+6RYQdcWUdIf+2WuiNiAfbJq+VetT+kos=", "owner": "water-sucks", "repo": "optnix", - "rev": "853323ece22fb1ffed19cea4ae22804032034a8e", + "rev": "e3a8a63d8a9dcad01f499b2ece87db3545443f05", "type": "github" }, "original": { @@ -3898,11 +3940,11 @@ ] }, "locked": { - "lastModified": 1775335892, - "narHash": "sha256-rWJ//l6k1hwe/A2fNdzuvEuHedBQkMIHLU9eNTu4N7I=", + "lastModified": 1774422996, + "narHash": "sha256-mWjBJIbiMPCpljAQDk8RYf+92/lYZ5npHe2r2SJ+QWc=", "ref": "refs/heads/master", - "rev": "ad5fd9116e25bc502468f4dfa884ee027887c51c", - "revCount": 793, + "rev": "08058326f04e9b5e55c903b3702405a8d3556ac6", + "revCount": 775, "type": "git", "url": "https://git.outfoxxed.me/quickshell/quickshell" }, @@ -3944,7 +3986,7 @@ "nixos-cli": "nixos-cli", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_23", + "nixpkgs": "nixpkgs_26", "noctalia": "noctalia", "quickshell": "quickshell", "sops-nix": "sops-nix", @@ -3958,11 +4000,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1775228522, - "narHash": "sha256-+6eTD6EAabjow5gdjWRP6aI2UUwOZJEjzzsvvbVu8f8=", + "lastModified": 1774376228, + "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "f4b77dc99d9925667246e2887783b79bdc46a50d", + "rev": "eabb84b771420b8396ab4bb4747694302d9be277", "type": "github" }, "original": { @@ -4074,14 +4116,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_24" + "nixpkgs": "nixpkgs_27" }, "locked": { - "lastModified": 1775365543, - "narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=", + "lastModified": 1774303811, + "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a4ee2de76efb759fe8d4868c33dec9937897916f", + "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "type": "github" }, "original": { @@ -4098,11 +4140,11 @@ "systems": "systems_7" }, "locked": { - "lastModified": 1775421933, - "narHash": "sha256-JkEbzFDFTsUlVtHEzA8Y4r3O9LInhb96eOCbtGjGnbM=", + "lastModified": 1774157037, + "narHash": "sha256-kJpgEIF0sxMW0vx543m3AwyqptJOxPoOJY1DfJ4jQas=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "ec8d73085fdf807d55765335dc8126e14e7b2096", + "rev": "2e2234c2932a3aff5f845cda33cb1972a9e889aa", "type": "github" }, "original": { @@ -4120,20 +4162,21 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_14", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_25", + "nixpkgs": "nixpkgs_28", "nur": "nur", "systems": "systems_8", + "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", "tinted-tmux": "tinted-tmux", "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1775429060, - "narHash": "sha256-wbFF5cRxQOCzL/wHOKYm21t5AHPH2Lfp0mVPCOAvEoc=", + "lastModified": 1774124764, + "narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=", "owner": "nix-community", "repo": "stylix", - "rev": "d27951a6539951d87f75cf0a7cda8a3a24016019", + "rev": "e31c79f571c5595a155f84b9d77ce53a84745494", "type": "github" }, "original": { @@ -4151,11 +4194,11 @@ "userborn": "userborn" }, "locked": { - "lastModified": 1775069719, - "narHash": "sha256-NO8/XIfx/MVpWPL4KzdezhmdwDLT6B699cS/RkhoVb0=", + "lastModified": 1774368849, + "narHash": "sha256-P+LGXMzw1ohdbDidDjG+NCgCyNFt88iatOgL8qkgTyY=", "owner": "numtide", "repo": "system-manager", - "rev": "7dced4829576f6e540e2b985b9e47859ac5b8421", + "rev": "8b78ce2e8ad618d88cf0332238696ada67376496", "type": "github" }, "original": { @@ -4314,6 +4357,23 @@ "type": "github" } }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, "tinted-kitty": { "flake": false, "locked": { @@ -4333,11 +4393,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1772661346, - "narHash": "sha256-4eu3LqB9tPqe0Vaqxd4wkZiBbthLbpb7llcoE/p5HT0=", + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "owner": "tinted-theming", "repo": "schemes", - "rev": "13b5b0c299982bb361039601e2d72587d6846294", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "type": "github" }, "original": { @@ -4349,11 +4409,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1772934010, - "narHash": "sha256-x+6+4UvaG+RBRQ6UaX+o6DjEg28u4eqhVRM9kpgJGjQ=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "c3529673a5ab6e1b6830f618c45d9ce1bcdd829d", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -4365,11 +4425,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1772909925, - "narHash": "sha256-jx/5+pgYR0noHa3hk2esin18VMbnPSvWPL5bBjfTIAU=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "b4d3a1b3bcbd090937ef609a0a3b37237af974df", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -4446,17 +4506,14 @@ }, "treefmt-nix_4": { "inputs": { - "nixpkgs": [ - "nix-bwrapper", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_19" }, "locked": { - "lastModified": 1773297127, - "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { @@ -4495,11 +4552,11 @@ ] }, "locked": { - "lastModified": 1775125835, - "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "75925962939880974e3ab417879daffcba36c4a3", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { @@ -4510,14 +4567,14 @@ }, "treefmt-nix_7": { "inputs": { - "nixpkgs": "nixpkgs_26" + "nixpkgs": "nixpkgs_29" }, "locked": { - "lastModified": 1775125835, - "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=", + "lastModified": 1773297127, + "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "75925962939880974e3ab417879daffcba36c4a3", + "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", "type": "github" }, "original": { @@ -4576,7 +4633,7 @@ "vscserver": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_27" + "nixpkgs": "nixpkgs_30" }, "locked": { "lastModified": 1770124655, diff --git a/hand7s/nix/settings/substituters.nix b/hand7s/nix/settings/substituters.nix index 223e765..da0035f 100644 --- a/hand7s/nix/settings/substituters.nix +++ b/hand7s/nix/settings/substituters.nix @@ -13,8 +13,6 @@ _: { "https://chaotic-nyx.cachix.org/" # nix-community "https://hydra.nix-community.org/" - # yandex mirror - "https://mirror.yandex.ru/nixos/" ]; }; }; diff --git a/hand7s/programs/yazi.nix b/hand7s/programs/yazi.nix index 8743290..396e8d9 100644 --- a/hand7s/programs/yazi.nix +++ b/hand7s/programs/yazi.nix @@ -84,7 +84,7 @@ "exfil" = [ { - run = ''${lib.getExe pkgs.ouch} d "%s"''; + run = ''${lib.getExe pkgs.ouch} de "%s"''; block = true; for = "unix"; } diff --git a/isla/security/sudo-rs.nix b/isla/security/sudo-rs.nix index 35b28ec..4f270c9 100644 --- a/isla/security/sudo-rs.nix +++ b/isla/security/sudo-rs.nix @@ -4,9 +4,6 @@ _: { enable = true; wheelNeedsPassword = true; execWheelOnly = true; - extraConfig = '' - Defaults !pwfeedback - ''; }; }; } diff --git a/kyra/boot/initrd.nix b/kyra/boot/initrd.nix deleted file mode 100644 index 1d213f0..0000000 --- a/kyra/boot/initrd.nix +++ /dev/null @@ -1,228 +0,0 @@ -{ - lib, - name, - pkgs, - ... -}: { - boot = { - initrd = { - availableKernelModules = [ - "virtio_rng" - "virtio_pci" - "virtio_net" - "virtio_scsi" - "virtio_blk" - "sd_mod" - "sr_mod" - "dm_crypt" - ]; - - luks = { - mitigateDMAAttacks = true; - cryptoModules = [ - "aesni_intel" - "cryptd" - ]; - }; - - systemd = { - enable = true; - emergencyAccess = false; - - extraBin = { - "pw" = "${lib.getExe' pkgs.systemd "systemd-tty-ask-password-agent"}"; - }; - - network = { - networks = lib.mkMerge [ - ( - lib.mkIf ( - name == "ivy" - ) - { - "10-ens3" = { - matchConfig = { - Name = "ens3"; - }; - - addresses = [ - { - Address = "93.115.203.92/24"; - } - - { - Address = "2001:67c:263c::8fa/64"; - } - ]; - - routes = [ - { - Gateway = "93.115.203.1"; - } - - { - Gateway = "2001:67c:263c::1"; - } - ]; - }; - } - ) - - ( - lib.mkIf ( - name == "mel" - ) - { - "10-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - addresses = [ - { - Address = "45.11.229.245/24"; - } - - { - Address = "2a0e:97c0:3e3:20a::1/64"; - } - ]; - - networkConfig = { - IPv6AcceptRA = false; - }; - - routes = [ - { - Gateway = "45.11.229.1"; - } - - { - Gateway = "fe80::1"; - GatewayOnLink = true; - } - ]; - }; - } - ) - - ( - lib.mkIf ( - name == "yara" - ) - { - "10-ens3" = { - matchConfig = { - Name = "ens3"; - }; - - addresses = [ - { - Address = "138.124.240.75/32"; - } - - { - Address = "2a0d:d940:1a:1500::2/56"; - } - ]; - - networkConfig = { - IPv6AcceptRA = false; - }; - - routes = [ - { - Gateway = "10.0.0.1"; - GatewayOnLink = true; - } - - { - Gateway = "2a0d:d940:1a:1500::1"; - GatewayOnLink = true; - } - ]; - }; - } - ) - - ( - lib.mkIf ( - name == "hazel" - ) - { - "10-ens3" = { - matchConfig = { - Name = "ens3"; - }; - - addresses = [ - { - Address = "90.156.226.152"; - } - - { - Address = "2a03:6f01:1:2::cb1e"; - } - ]; - - routes = [ - { - Gateway = "90.156.226.1"; - } - - { - Gateway = "2a03:6f01:1:2::1"; - GatewayOnLink = true; - } - ]; - - networkConfig = { - IPv6AcceptRA = false; - }; - }; - } - ) - - ( - lib.mkIf ( - name == "lynn" - ) - { - "10-ens3" = { - matchConfig = { - Name = "ens3"; - }; - - addresses = [ - { - Address = "138.124.72.244"; - } - ]; - - routes = [ - { - Gateway = "138.124.72.1"; - } - ]; - }; - } - ) - ]; - }; - }; - - network = { - enable = true; - - ssh = { - enable = true; - port = 27485; - - hostKeys = [ - "/etc/ssh/initrd_ssh_host_ed25519_key" - ]; - }; - }; - }; - }; -} diff --git a/kyra/boot/initrd/availableKernelModules.nix b/kyra/boot/initrd/availableKernelModules.nix new file mode 100644 index 0000000..b20a92e --- /dev/null +++ b/kyra/boot/initrd/availableKernelModules.nix @@ -0,0 +1,19 @@ +_: { + boot = { + initrd = { + availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + "virtio_net" + "virtio_pci" + "virtio_mmio" + "virtio_blk" + "virtio_scsi" + "9p" + "9pnet_virtio" + ]; + }; + }; +} diff --git a/kyra/boot/initrd/kernelModules.nix b/kyra/boot/initrd/kernelModules.nix new file mode 100644 index 0000000..61c2afd --- /dev/null +++ b/kyra/boot/initrd/kernelModules.nix @@ -0,0 +1,14 @@ +_: { + boot = { + initrd = { + kernelModules = [ + "virtio_balloon" + "virtio_console" + "virtio_rng" + "virtio_gpu" + "nvme" + "kvm-amd" + ]; + }; + }; +} diff --git a/kyra/boot/kernel.nix b/kyra/boot/kernel.nix index adf1260..fcbd80d 100644 --- a/kyra/boot/kernel.nix +++ b/kyra/boot/kernel.nix @@ -1,93 +1,11 @@ -{self, ...}: { +_: { boot = { - kernelPackages = self.inputs."nix-cachyos-kernel".legacyPackages.x86_64-linux.linuxPackages-cachyos-hardened-lto; - - kernelParams = [ - "slab_nomerge" - "init_on_alloc=1" - "init_on_free=1" - "page_alloc.shuffle=1" - "oops=panic" - "mitigations=all" - "spectre_v2=on" - "spec_store_bypass_disable=on" - "l1tf=full,force" - "mds=full,force" - "tsx=off" - "tsx_async_abort=full,force" - "kvm.nx_huge_pages=force" - "page_poison=1" - "iommu=force" - "intel_iommu=on" - "amd_iommu=on" - "bpf_jit_enable=0" - ]; - - blacklistedKernelModules = [ - "dccp" - "sctp" - "rds" - "tipc" - "hfs" - "hfsplus" - "squashfs" - "jfs" - "minix" - "nilfs2" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" - "zfs" - "ntfs" - "bluetooth" - "btusb" - "uvcvideo" - "joydev" - "pcspkr" - "snd_pcsp" - ]; - kernel = { sysctl = { - "vm.mmap_rnd_bits" = 32; - "vm.mmap_rnd_compat_bits" = 16; - - "net.ipv6.conf.all.forwarding" = 1; - "net.ipv4.ip_forward" = 1; - - "net.ipv4.conf.all.rp_filter" = 1; - "net.ipv4.conf.all.accept_redirects" = 0; - "net.ipv4.conf.all.secure_redirects" = 0; - "net.ipv6.conf.all.accept_redirects" = 0; - - "net.ipv4.conf.default.rp_filter" = 1; - "net.ipv4.conf.default.accept_redirects" = 0; - "net.ipv4.conf.default.secure_redirects" = 0; - "net.ipv6.conf.default.accept_redirects" = 0; - - "net.ipv4.tcp_rfc1337" = 1; - "net.ipv4.tcp_syncookies" = 1; - - "net.core.bpf_jit_harden" = 2; - - "dev.tty.ldisc_autoload" = 0; - - "kernel.yama.ptrace_scope" = 2; - "kernel.core_pattern" = "|/bin/false"; - "kernel.kptr_restrict" = 2; - "kernel.dmesg_restrict" = 1; - "kernel.unprivileged_bpf_disabled" = 1; - "kernel.unprivileged_userns_clone" = 0; - "kernel.perf_event_paranoid" = 3; - "kernel.kstack_override" = 0; - - "fs.protected_fifos" = 2; - "fs.protected_regular" = 2; - "fs.protected_hardlinks" = 1; - "fs.protected_symlinks" = 1; + "net.ipv6.conf.all.forwarding" = 1; + "net.ipv4.ip_nonlocal_bind" = 1; + "net.ipv6.ip_nonlocal_bind" = 1; }; }; }; diff --git a/kyra/boot/loader/limine.nix b/kyra/boot/loader/grub.nix similarity index 88% rename from kyra/boot/loader/limine.nix rename to kyra/boot/loader/grub.nix index a260af2..fc1a00b 100644 --- a/kyra/boot/loader/limine.nix +++ b/kyra/boot/loader/grub.nix @@ -1,7 +1,7 @@ _: { boot = { loader = { - liminie = { + grub = { enable = true; efiSupport = true; efiInstallAsRemovable = true; diff --git a/kyra/boot/tmp.nix b/kyra/boot/tmp.nix index 5fa53a6..0482683 100644 --- a/kyra/boot/tmp.nix +++ b/kyra/boot/tmp.nix @@ -2,10 +2,6 @@ _: { boot = { tmp = { cleanOnBoot = true; - useZram = true; - useTmpfs = true; - tmpfsSize = "50%"; - tmpfsHugeMemoryPages = "within_size"; }; }; } diff --git a/kyra/containers/mihomo.nix b/kyra/containers/mihomo.nix deleted file mode 100644 index f31a32c..0000000 --- a/kyra/containers/mihomo.nix +++ /dev/null @@ -1,126 +0,0 @@ -_: { - containers = { - "mihomo" = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.101.1"; - localAddress = "192.168.101.2"; - - bindMounts = { - "acme" = { - isReadOnly = true; - hostPath = "/var/lib/acme/hand7s.org"; - mountPoint = "/var/lib/acme/hand7s.org"; - }; - }; - - config = { - pkgs, - name, - lib, - ... - }: { - services = { - mihomo = { - enable = true; - configFile = (pkgs.formats.yaml {}).generate "config.yaml" { - dns = { - enable = true; - enhanced-mode = "fake-ip"; - respect-rules = true; - nameserver = [ - "tcp://192.168.101.1:8853" - ]; - }; - - sniffer = { - enable = true; - sniff = { - quic = { - ports = [ - 443 - ]; - }; - - tls = { - override-destination = true; - ports = [ - 443 - 8443 - ]; - }; - }; - }; - - rules = [ - "IP-CIDR,10.0.0.0/8,DIRECT,no-resolve" - "IP-CIDR,127.0.0.0/8,DIRECT,no-resolve" - - "MATCH,direct" - ]; - - experimental = { - udp-base-routing = true; - }; - - profile = { - store-selected = false; - store-fake-ip = false; - }; - - listeners = [ - { - name = "hy2-in"; - type = "hysteria2"; - listen = "[::]"; - port = 443; - masquerade = "https://hand7s.org"; - up = "100 Mbps"; - down = "100 Mpbs"; - obfs = "salamander"; - obfs-password = lib.hashString "md5" "password"; - - certificate = "/var/lib/acme/hand7s.org/cert.pem"; - private-key = "/var/lib/acme/hand7s.org/key.pem"; - - users = [ - "hand7s:" - ]; - } - - { - name = "vless-in"; - type = "vless"; - listen = "[::]"; - port = 8443; - udp = true; - - reality-config = { - dest = "192.168.101.1:444"; - private-key = lib.hasString "md5" "pkb"; - - short-id = [ - "shortie" - ]; - - server-names = [ - "${name}.hand7s.org" - ]; - }; - - users = [ - { - username = "hand7s"; - flow = "xtls-rprx-vision"; - uuid = "very-real-uuid-btws"; - } - ]; - } - ]; - }; - }; - }; - }; - }; - }; -} diff --git a/kyra/disko/disk.nix b/kyra/disko/disk.nix index a22cce7..231e00e 100644 --- a/kyra/disko/disk.nix +++ b/kyra/disko/disk.nix @@ -21,7 +21,7 @@ ESP = { name = "ESP"; - size = "128M"; + size = "1024M"; type = "EF00"; content = { type = "filesystem"; @@ -29,27 +29,15 @@ mountpoint = "/boot"; mountOptions = [ "umask=0077" - "noexec" - "nosuid" - "nodev" - "ro" ]; }; }; - luks = { + root = { size = "100%"; content = { - type = "luks"; - name = "crypted"; - settings = { - allowDiscards = true; - }; - - content = { - type = "lvm_pv"; - vg = "pool"; - }; + type = "lvm_pv"; + vg = "pool"; }; }; }; diff --git a/kyra/disko/lvm_vg.nix b/kyra/disko/lvm_vg.nix index 2cc4044..e23c049 100644 --- a/kyra/disko/lvm_vg.nix +++ b/kyra/disko/lvm_vg.nix @@ -1,39 +1,22 @@ -_: { +{ disko = { devices = { lvm_vg = { - "pool" = { + pool = { type = "lvm_vg"; lvs = { - "root" = { + root = { size = "100%FREE"; content = { type = "btrfs"; + mountpoint = "/"; extraArgs = [ "-f" ]; - subvolumes = { - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "compress=zstd" - "noatime" - "nodev" - "nosuid" - ]; - }; - - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ - "compress=zstd" - "noatime" - "nodev" - "nosuid" - ]; - }; - }; + mountOptions = [ + "compress=zstd" + ]; }; }; }; diff --git a/kyra/disko/nodev.nix b/kyra/disko/nodev.nix deleted file mode 100644 index 31a3b68..0000000 --- a/kyra/disko/nodev.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - disko = { - devices = { - nodev = { - "/" = { - fsType = "tmpfs"; - mountOptions = [ - "size=1G" - "mode=755" - "nodev" - "nosuid" - "rw" - ]; - }; - }; - }; - }; -} diff --git a/kyra/environment/memoryAllocator.nix b/kyra/environment/memoryAllocator.nix deleted file mode 100644 index 2f171ec..0000000 --- a/kyra/environment/memoryAllocator.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - environment = { - memoryAllocator = { - provider = pkgs.graphene-hardened; - }; - }; -} diff --git a/kyra/environment/persistence.nix b/kyra/environment/persistence.nix deleted file mode 100644 index 8b325de..0000000 --- a/kyra/environment/persistence.nix +++ /dev/null @@ -1,64 +0,0 @@ -_: { - environment = { - persistence = { - "/persist" = { - enable = true; - hideMounts = true; - directories = [ - "/var/log" - "/etc/ssh" - "/var/lib/nixos" - "/var/lib/netbird" - "/var/lib/netbird-wt0" - "/var/lib/firewalld" - - { - directory = "/var/lib/traefik"; - user = "traefik"; - group = "traefik"; - mode = "0700"; - } - - { - directory = "/var/lib/crowdsec"; - user = "crowdsec"; - group = "crowdsec"; - mode = "0750"; - } - - { - directory = "/var/lib/sing-box"; - user = "sing-box"; - group = "sing-box"; - mode = "0700"; - } - - { - directory = "/var/lib/step-ca"; - user = "step-ca"; - group = "step-ca"; - mode = "0700"; - } - - { - directory = "/var/lib/acme"; - user = "acme"; - group = "acme"; - mode = "0751"; - } - - { - directory = "/var/lib/otel-collector"; - user = "otel-collector"; - group = "otel-collector"; - mode = "0700"; - } - ]; - - files = [ - "/etc/machine-id" - ]; - }; - }; - }; -} diff --git a/kyra/environment/systemPackages.nix b/kyra/environment/systemPackages.nix index a638f05..4aa3b17 100644 --- a/kyra/environment/systemPackages.nix +++ b/kyra/environment/systemPackages.nix @@ -1,8 +1,8 @@ {pkgs, ...}: { environment = { - systemPackages = with pkgs; [ - # (lib.hiPrio uutils-coreutils-noprefix) - # unless fix + systemPackages = [ + pkgs.helix + pkgs.comma ]; enableAllTerminfo = true; diff --git a/kyra/fileSystems/persist.nix b/kyra/fileSystems/persist.nix deleted file mode 100644 index 67b87f5..0000000 --- a/kyra/fileSystems/persist.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - fileSystems = { - "/persist" = { - neededForBoot = true; - }; - }; -} diff --git a/kyra/home-manager/users.nix b/kyra/home-manager/users.nix new file mode 100644 index 0000000..0a5f3e3 --- /dev/null +++ b/kyra/home-manager/users.nix @@ -0,0 +1,25 @@ +{self, ...}: { + home-manager = { + users = { + "hand7s" = { + imports = [ + "${self}/hand7s/" + self.inputs.spicetify-nix.homeManagerModules.default + self.inputs.hyprland.homeManagerModules.default + self.inputs.chaotic.homeManagerModules.default + self.inputs.sops-nix.homeManagerModules.sops + self.inputs.nix-index-database.homeModules.nix-index + self.inputs.noctalia.homeModules.default + ]; + }; + }; + + backupFileExtension = "force"; + + extraSpecialArgs = { + inherit + self + ; + }; + }; +} diff --git a/kyra/networking/dns.nix b/kyra/networking/dns.nix new file mode 100644 index 0000000..31726b9 --- /dev/null +++ b/kyra/networking/dns.nix @@ -0,0 +1,29 @@ +_: { + networking = { + nameservers = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; +} diff --git a/kyra/nix/settings/substituters.nix b/kyra/nix/settings/substituters.nix index 9ad4cea..da0035f 100644 --- a/kyra/nix/settings/substituters.nix +++ b/kyra/nix/settings/substituters.nix @@ -4,6 +4,15 @@ _: { substituters = [ # cache.nixos.org "https://cache.nixos.org" + # cache.garnix.org + "https://cache.garnix.io" + # cachix + "https://nix-community.cachix.org/" + "https://chaotic-nyx.cachix.org/" + "https://hyprland.cachix.org" + "https://chaotic-nyx.cachix.org/" + # nix-community + "https://hydra.nix-community.org/" ]; }; }; diff --git a/kyra/nix/settings/trusted-public-keys.nix b/kyra/nix/settings/trusted-public-keys.nix index e6c2346..e5cc01b 100644 --- a/kyra/nix/settings/trusted-public-keys.nix +++ b/kyra/nix/settings/trusted-public-keys.nix @@ -4,6 +4,14 @@ _: { trusted-public-keys = [ # cache.nixos.org "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + # cache.garnix.io + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + # cachix.org + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" ]; }; }; diff --git a/kyra/programs/fuse.nix b/kyra/programs/fuse.nix deleted file mode 100644 index e474cfb..0000000 --- a/kyra/programs/fuse.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - programs = { - fuse = { - userAllowOther = true; - }; - }; -} diff --git a/kyra/programs/nh.nix b/kyra/programs/nh.nix index d9021ae..f3d17d5 100644 --- a/kyra/programs/nh.nix +++ b/kyra/programs/nh.nix @@ -2,14 +2,6 @@ _: { programs = { nh = { enable = true; - clean = { - enable = true; - dates = "daily"; - extraArgs = [ - "-k 2" - "-K 1d" - ]; - }; }; }; } diff --git a/kyra/security/acme.nix b/kyra/security/acme.nix index 0a0a358..00eb68d 100644 --- a/kyra/security/acme.nix +++ b/kyra/security/acme.nix @@ -3,20 +3,14 @@ acme = { acceptTerms = true; defaults = { - email = "me@hand7s.org"; + email = "litvinovb0@gmail.com"; }; certs = { "hand7s.org" = { dnsProvider = "cloudflare"; - environmentFile = config.sops.templates."acme.env".path; - group = "mihomo"; - }; - - "ntp.hand7s.org" = { - dnsProvider = "cloudflare"; - environmentFile = config.sops.templates."acme.env".path; - group = "ntpd-rs"; + credentialsFile = config.sops.templates."acme.env".path; + group = "sing-box"; }; }; }; diff --git a/kyra/security/polkit.nix b/kyra/security/polkit.nix deleted file mode 100644 index 77e04d1..0000000 --- a/kyra/security/polkit.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - security = { - polkit = { - enable = true; - adminIdentities = [ - "unix-group:wheel" - ]; - }; - }; -} diff --git a/kyra/security/sudo-rs.nix b/kyra/security/sudo-rs.nix deleted file mode 100644 index 4f270c9..0000000 --- a/kyra/security/sudo-rs.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - security = { - sudo-rs = { - enable = true; - wheelNeedsPassword = true; - execWheelOnly = true; - }; - }; -} diff --git a/kyra/security/sudo.nix b/kyra/security/sudo.nix deleted file mode 100644 index 393528d..0000000 --- a/kyra/security/sudo.nix +++ /dev/null @@ -1,7 +0,0 @@ -{lib, ...}: { - security = { - sudo = { - enable = lib.mkDefault false; - }; - }; -} diff --git a/kyra/services/alloy.nix b/kyra/services/alloy.nix new file mode 100644 index 0000000..d863d04 --- /dev/null +++ b/kyra/services/alloy.nix @@ -0,0 +1,99 @@ +{ + config, + pkgs, + ... +}: { + services = { + alloy = { + enable = true; + + configPath = pkgs.writeText "alloy-config.alloy" '' + loki.source.journal "system" { + max_age = "24h" + forward_to = [loki.process.production.receiver] + + labels = { + host = "${config.networking.hostName}", + job = "journalctl", + } + } + + loki.process "production" { + forward_to = [loki.write.viola.receiver] + + stage.labels { + values = { + unit = "__journal_systemd_unit__", + } + } + + stage.label_keep { + values = ["unit"] + } + + stage.match { + selector = `{unit=~"(traefik|sing-box|crowdsec|alloy|netbird).*\\.service"}` + action = "drop" + } + } + + prometheus.exporter.unix "node" { + enable_collectors = [ + "cpu", "diskstats", "filesystem", + "loadavg", "meminfo", "netdev", + "time", "uname", + ] + } + + prometheus.scrape "node" { + targets = prometheus.exporter.unix.node.targets + forward_to = [prometheus.remote_write.viola.receiver] + scrape_interval = "30s" + job_name = "node" + } + + prometheus.scrape "alloy" { + targets = [{"__address__" = "127.0.0.1:12345"}] + + forward_to = [prometheus.remote_write.viola.receiver] + job_name = "alloy" + } + + loki.write "viola" { + endpoint { + url = "http://100.109.123.164:3100/loki/api/v1/push" + } + } + + prometheus.remote_write "viola" { + endpoint { + url = "http://100.109.123.164:9009/api/v1/push" + } + } + + otelcol.receiver.otlp "default" { + grpc { + endpoint = "0.0.0.0:4317" + } + + http { + endpoint = "0.0.0.0:4318" + } + + output { + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://100.109.123.164:4317" + tls { + insecure = true + } + } + } + ''; + }; + }; +} diff --git a/kyra/services/consul.nix b/kyra/services/consul.nix deleted file mode 100644 index 7d3402d..0000000 --- a/kyra/services/consul.nix +++ /dev/null @@ -1,187 +0,0 @@ -_: { - services = { - consul = { - enable = true; - webUi = false; - - interface = { - bind = "nb-wt0"; - advertise = "nb-wt0"; - }; - - extraConfig = { - server = false; - retry_join = [ - "100.109.123.164" - ]; - - services = [ - { - name = "git-svc"; - port = 53350; - tags = [ - "traefik.enable=true" - "traefik.http.routers.git.rule=Host(`git.hand7s.org`)" - "traefik.http.routers.git.entrypoints=websecure" - ]; - - check = { - http = "http://localhost:3000/api/v1/version"; - interval = "10s"; - }; - } - - { - name = "oidc-svc"; - port = 8443; - tags = [ - "traefik.enable=true" - "traefik.http.routers.oidc.rule=Host(`zitadel.hand7s.org`)" - "traefik.http.routers.oidc.entrypoints=websecure" - ]; - - check = { - http = "http://localhost:3000/api/v1/version"; - interval = "10s"; - }; - } - - { - name = "bin-svc"; - port = 53352; - tags = [ - "traefik.enable=true" - "traefik.http.routers.bin.rule=Host(`bin.hand7s.org`)" - "traefik.http.routers.bin.entrypoints=websecure" - ]; - - check = { - http = "http://localhost:3000/api/v1/version"; - interval = "10s"; - }; - } - - { - name = "cicd-svc"; - port = 53351; - tags = [ - "traefik.enable=true" - "traefik.http.routers.cicd.rule=Host(`woodpecker.hand7s.org`)" - "traefik.http.routers.cicd.entrypoints=websecure" - ]; - - check = { - http = "http://localhost:3000/api/v1/version"; - interval = "10s"; - }; - } - - { - name = "lgtm-svc"; - port = 3030; - tags = [ - "traefik.enable=true" - "traefik.http.routers.lgtm.rule=Host(`grafana.hand7s.org`)" - "traefik.http.routers.lgtm.entrypoints=websecure" - ]; - - check = { - http = "http://localhost:3000/api/v1/version"; - interval = "10s"; - }; - } - - { - name = "mc-svc"; - port = 25565; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.mc.rule=HostSNI(`mc.hand7s.org`)" - "traefik.tcp.routers.mc.entrypoints=minecraft" - ]; - } - - { - name = "smtp-svc"; - port = 25; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.smtp.rule=HostSNI(`*`)" - "traefik.tcp.routers.smtp.entrypoints=smtp" - ]; - } - - { - name = "pop3-svc"; - port = 110; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.pop3.rule=HostSNI(`*`)" - "traefik.tcp.routers.pop3.entrypoints=pop3" - ]; - } - - { - name = "imap-svc"; - port = 143; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.imap.rule=HostSNI(`*`)" - "traefik.tcp.routers.imap.entrypoints=imap" - ]; - } - - { - name = "submissions-svc"; - port = 465; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.submissions.rule=HostSNI(`*`)" - "traefik.tcp.routers.submissions.entrypoints=submissions" - ]; - } - - { - name = "submission-svc"; - port = 587; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.submission.rule=HostSNI(`*`)" - "traefik.tcp.routers.submission.entrypoints=submission" - ]; - } - - { - name = "pop3s-svc"; - port = 995; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.pop3s.rule=HostSNI(`*`)" - "traefik.tcp.routers.pop3s.entrypoints=pop3s" - ]; - } - - { - name = "imaptls-svc"; - port = 993; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.imaptls.rule=HostSNI(`*`)" - "traefik.tcp.routers.imaptls.entrypoints=imaptls" - ]; - } - - { - name = "managesieve-svc"; - port = 4190; - tags = [ - "traefik.enable=true" - "traefik.tcp.routers.managesieve.rule=HostSNI(`*`)" - "traefik.tcp.routers.managesieve.entrypoints=managesieve" - ]; - } - ]; - }; - }; - }; -} diff --git a/kyra/services/crowdsec.nix b/kyra/services/crowdsec.nix deleted file mode 100644 index 5a35464..0000000 --- a/kyra/services/crowdsec.nix +++ /dev/null @@ -1,51 +0,0 @@ -_: { - services = { - crowdsec = { - enable = true; - settings = { - hub = { - collections = [ - "crowdsecurity/linux" - "crowdsecurity/traefik" - "crowdsecurity/http-dos" - "crowdsecurity/cloudflare" - ]; - }; - - acquisitions = [ - { - source = "journalctl"; - - journalctl_filter = [ - "_SYSTEMD_UNIT=traefik.service" - ]; - - labels = { - type = "traefik"; - }; - } - - { - source = "journalctl"; - - journalctl_filter = [ - "_SYSTEMD_UNIT=sshd.service" - ]; - - labels = { - type = "syslog"; - }; - } - ]; - }; - }; - - crowdsec-firewall-bouncer = { - enable = true; - - settings = { - mode = "firewalld"; - }; - }; - }; -} diff --git a/kyra/services/fail2ban.nix b/kyra/services/fail2ban.nix new file mode 100644 index 0000000..87e2508 --- /dev/null +++ b/kyra/services/fail2ban.nix @@ -0,0 +1,14 @@ +_: { + services = { + fail2ban = { + enable = true; + bantime-increment = { + enable = true; + factor = "10"; + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + overalljails = true; + maxtime = "500h"; + }; + }; + }; +} diff --git a/kyra/services/firewalld.nix b/kyra/services/firewalld.nix index c15605b..8502323 100644 --- a/kyra/services/firewalld.nix +++ b/kyra/services/firewalld.nix @@ -7,48 +7,7 @@ firewalld = { enable = true; - settings = { - IPv6_rpfilter = "strict"; - CleanupModulesOnExit = true; - StrictForwardPorts = true; - }; - services = { - "ntp" = { - short = "ntpd-rs"; - ports = [ - { - port = 123; - protocol = "udp"; - } - - { - port = 4460; - protocol = "tcp"; - } - ]; - }; - - "dns" = { - short = "hickory-dns"; - ports = [ - { - port = 853; - protocol = "tcp"; - } - ]; - }; - - "quic" = { - short = "http3"; - ports = [ - { - port = 443; - protocol = "udp"; - } - ]; - }; - "stalwart" = { short = "Stalwart-mail"; ports = @@ -103,28 +62,24 @@ }; zones = { - "netbird" = { + "trusted" = { services = [ - "ssh" "consul" ]; }; "wan" = { - target = "DROP"; - - masquerade = true; - - forwardPorts = [ - { - port = 443; - protocol = "udp"; - to-port = 8443; - to-addr = "192.168.101.2"; - } - ]; - ports = [ + { + port = 2053; + protocol = "udp"; + } + + { + port = 8443; + protocol = "tcp"; + } + { port = 51820; protocol = "udp"; @@ -164,17 +119,17 @@ services = lib.concatLists [ [ - "quic" + "ssh" "http" "https" - "ntp" - "dns" ] ( lib.optionals ( lib.elem name [ "hazel" + "lynn" + "mel" ] ) [ "minecraft" diff --git a/kyra/services/hickory.nix b/kyra/services/hickory.nix deleted file mode 100644 index 06eff1a..0000000 --- a/kyra/services/hickory.nix +++ /dev/null @@ -1,58 +0,0 @@ -_: { - services = { - hickory-dns = { - enable = true; - settings = { - remote_resolvers = [ - { - socket_addr = "1.1.1.1:853"; - protocol = "tls"; - tls_dns_name = "cloudflare-dns.com"; - } - - { - socket_addr = "1.1.1.1:443"; - protocol = "https"; - tls_dns_name = "cloudflare-dns.com"; - } - - { - socket_addr = "9.9.9.9:853"; - protocol = "tls"; - tls_dns_name = "dns.quad9.net"; - } - - { - socket_addr = "9.9.9.9:443"; - protocol = "https"; - tls_dns_name = "dns.quad9.net"; - } - - { - socket_addr = "8.8.8.8:853"; - protocol = "tls"; - tls_dns_name = "dns.google"; - } - - { - socket_addr = "8.8.8.8:443"; - protocol = "https"; - tls_dns_name = "dns.google"; - } - ]; - - listen_addrs_http = [ - { - socket_addr = "[::]:8053"; - } - ]; - - listen_addrs_tcp = [ - { - socket_addr = "[::]:8853"; - } - ]; - }; - }; - }; -} diff --git a/kyra/services/ntpd-rs.nix b/kyra/services/ntpd-rs.nix deleted file mode 100644 index a76b759..0000000 --- a/kyra/services/ntpd-rs.nix +++ /dev/null @@ -1,42 +0,0 @@ -_: { - services = { - ntpd-rs = { - enable = true; - metrics = { - enable = true; - }; - - settings = { - source = [ - { - mode = "nts"; - address = "time.cloudflare.com"; - } - - { - mode = "nts"; - address = "nts.ntp.se"; - } - ]; - - server = [ - { - listen = "[::]:123"; - } - ]; - - nts-ke-server = [ - { - listen = "[::]:4460"; - certificate-chain-path = "/var/lib/acme/ntp.hand7s.org/fullchain.pem"; - private-key-path = "/var/lib/acme/ntp.hand7s.org/key.pem"; - } - ]; - - synchronization = { - minimum-agreeing-sources = 2; - }; - }; - }; - }; -} diff --git a/kyra/services/openssh.nix b/kyra/services/openssh.nix index 0cef913..fdc6e7b 100644 --- a/kyra/services/openssh.nix +++ b/kyra/services/openssh.nix @@ -2,6 +2,7 @@ _: { services = { openssh = { enable = true; + hostKeys = [ { path = "/etc/ssh/ssh_host_ed25519_key"; diff --git a/kyra/services/otelc.nix b/kyra/services/otelc.nix deleted file mode 100644 index 74f14c9..0000000 --- a/kyra/services/otelc.nix +++ /dev/null @@ -1,53 +0,0 @@ -{lib, ...}: { - services = { - opentelemetry-collector = { - enable = true; - settings = { - receivers = { - otlp = { - protocols = { - grpc = { - endpoint = "127.0.0.1:4317"; - }; - - http = { - endpoint = "127.0.0.1:4318"; - }; - }; - }; - }; - - exporters = { - otlp = { - endpoint = "http://100.109.123.164:4317"; - tls = { - insecure = true; - }; - }; - }; - - service = { - pipelines = - lib.genAttrs [ - "traces" - "metrics" - "logs" - ] ( - _type: { - receivers = [ - "otlp" - ]; - exporters = [ - "otlp" - ]; - - processors = [ - "batch" - ]; - } - ); - }; - }; - }; - }; -} diff --git a/kyra/services/qemuGuest.nix b/kyra/services/qemuGuest.nix index 8bae939..7fb4eb6 100644 --- a/kyra/services/qemuGuest.nix +++ b/kyra/services/qemuGuest.nix @@ -1,7 +1,7 @@ _: { services = { qemuGuest = { - enable = false; + enable = true; }; }; } diff --git a/kyra/services/resolved.nix b/kyra/services/resolved.nix index f97c61f..ad91e2a 100644 --- a/kyra/services/resolved.nix +++ b/kyra/services/resolved.nix @@ -2,39 +2,38 @@ _: { services = { resolved = { enable = true; - settings = { - Resolve = { - DNSOverTLS = true; - DNSSEC = true; - Domains = [ - "~." - ]; + dnsovertls = toString true; + dnssec = toString true; + llmnr = toString true; + domains = [ + "~." + ]; - DNS = [ - # hand7s dns - "127.0.0.1#dns.hand7s.org" - "::1#dns.hand7s.org" + fallbackDns = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" - # cf dns - "1.1.1.1#cloudflare-dns.com" - "1.0.0.1#cloudflare-dns.com" - "2606:4700:4700::1111#cloudflare-dns.com" - "2606:4700:4700::1001#cloudflare-dns.com" + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" - # google dns - "8.8.8.8#dns.google" - "8.8.4.4#dns.google" - "2001:4860:4860::8888#dns.google" - "2001:4860:4860::8844#dns.google" + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" - # q9 dns - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" - "2620:fe::fe#dns.quad9.net" - "2620:fe::9#dns.quad9.net" - ]; - }; - }; + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; }; }; } diff --git a/kyra/services/sing-box.nix b/kyra/services/sing-box.nix new file mode 100644 index 0000000..d4b5656 --- /dev/null +++ b/kyra/services/sing-box.nix @@ -0,0 +1,110 @@ +{lib, ...}: { + services = { + sing-box = { + enable = true; + settings = { + log = { + level = "error"; + }; + + dns = { + servers = [ + { + tag = "cloudflare"; + type = "quic"; + server = "1.1.1.1"; + } + + { + tag = "local"; + type = "local"; + } + ]; + + final = "cloudflare"; + strategy = "prefer_ipv4"; + }; + + route = { + final = "direct-out"; + default_domain_resolver = "cloudflare"; + auto_detect_interface = true; + }; + + outbounds = [ + { + tag = "direct-out"; + type = "direct"; + } + ]; + + inbounds = [ + { + type = "hysteria2"; + tag = "hy2-in"; + listen = "::"; + listen_port = 2053; + masquerade = "https://hand7s.org"; + up_mbps = 100; + down_mbps = 100; + obfs = { + type = "salamander"; + password = lib.hashString "sha512" "randomstring"; # not a real string + }; + + users = [ + { + name = "hand7s"; + password = lib.hashString "sha512" "userstring"; # not a real string + } + ]; + + tls = { + enabled = true; + server_name = "hand7s.org"; + certificate_path = "/var/lib/acme/hand7s.org/cert.pem"; + key_path = "/var/lib/acme/hand7s.org/key.pem"; + }; + } + + { + type = "vless"; + tag = "vless-inbound"; + + listen = "::"; + listen_port = 8443; + + sniff = true; + + users = [ + { + name = "hand7s"; + uuid = lib.hashString "sha512" "uuidstring"; # not a real string + flow = "xtls-rprx-vision"; + } + ]; + + tls = { + enabled = true; + server_name = "hand7s.org"; + reality = { + enabled = true; + max_time_difference = "5m"; + handshake = { + server = "127.0.0.1"; + server_port = 443; + }; + + private_key = lib.hashString "sha512" "uuidstring"; # not a real string + + short_id = [ + "shortie" + ]; + }; + }; + } + ]; + }; + }; + }; +} diff --git a/kyra/services/step-ca.nix b/kyra/services/step-ca.nix deleted file mode 100644 index 8d5c7e2..0000000 --- a/kyra/services/step-ca.nix +++ /dev/null @@ -1,28 +0,0 @@ -{config, ...}: { - services = { - step-ca = { - enable = true; - address = "[::]"; - port = 8443; - intermediatePasswordFile = config.sops.secrets."stepPass".path; - - settings = { - dnsNames = [ - "ca.hand7s.org" - ]; - - authority = { - provisioners = [ - { - type = "ACME"; - name = "cloudflare"; - claims = { - enable_dns_01 = true; - }; - } - ]; - }; - }; - }; - }; -} diff --git a/kyra/services/traefik.nix b/kyra/services/traefik.nix index ab38ffd..fb60af9 100644 --- a/kyra/services/traefik.nix +++ b/kyra/services/traefik.nix @@ -1,8 +1,4 @@ -{ - config, - name, - ... -}: { +{config, ...}: { services = { traefik = { enable = true; @@ -12,44 +8,29 @@ ]; dynamicConfigOptions = { - providers = { - consulCatalog = { - endpoint = { - address = "127.0.0.1:8500"; - exposedByDefault = false; - prefix = "traefik"; - }; - }; - }; - - udp = { - routers = { - "ntp" = { - service = "ntp-svc"; - entryPoints = [ - "ntp" - ]; - }; - }; - - services = { - "ntp-svc" = { - loadBalancer = { - servers = [ - { - address = "127.0.0.1:123"; - } - ]; - }; - }; - }; - }; - http = { routers = { "site" = { rule = "Host(`hand7s.org`)"; service = "site-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "git" = { + rule = "Host(`git.hand7s.org`)"; + service = "git-svc"; tls = { certResolver = "cloudflare"; domains = [ @@ -64,16 +45,15 @@ entryPoints = [ "websecure" - "loopback" ]; }; - "ca" = { - rule = "Host(`ca.hand7s.org`)"; - service = "ca-svc"; + "cicd" = { + rule = "Host(`woodpecker.hand7s.org`)"; + service = "cicd-svc"; tls = { certResolver = "cloudflare"; - domain = [ + domains = [ { main = "hand7s.org"; sans = [ @@ -82,11 +62,55 @@ } ]; }; + + entryPoints = [ + "websecure" + ]; }; - "doh" = { - rule = "Host(`dns.hand7s.org`) && PathPrefix(`/dns-query`)"; - service = "doh-svc"; + "oidc" = { + rule = "Host(`zitadel.hand7s.org`)"; + service = "oidc-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "bin" = { + rule = "Host(`bin.hand7s.org`)"; + service = "bin-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "lgtm" = { + rule = "Host(`grafana.hand7s.org`)"; + service = "lgtm-svc"; tls = { certResolver = "cloudflare"; domains = [ @@ -116,21 +140,51 @@ }; }; - "ca-svc" = { + "git-svc" = { loadBalancer = { servers = [ { - url = "http://127.0.0.1:8443"; + url = "http://100.109.123.164:53350"; } ]; }; }; - "doh-svc" = { + "oidc-svc" = { loadBalancer = { servers = [ { - url = "http://127.0.0.1:8053"; + url = "http://100.109.123.164:8443"; + } + ]; + }; + }; + + "bin-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53352"; + } + ]; + }; + }; + + "cicd-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53351"; + } + ]; + }; + }; + + "lgtm-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:3030"; } ]; }; @@ -140,72 +194,160 @@ tcp = { routers = { - "nts-ke" = { - rule = "HostSNI(`ntp.hand7s.org`)"; - services = "nts-ke-svc"; - tls = { - passthrough = true; - }; - + "minecraft" = { + rule = "HostSNI(`*`)"; + service = "mc-svc"; entryPoints = [ - "nts-ke" + "minecraft" ]; }; - "dot" = { - rule = "HostSNI(`dns.hand7s.org`)"; - services = "dot-svc"; + "smtp" = { + rule = "HostSNI(`*`)"; + service = "smtp-svc"; entryPoints = [ - "dot" + "smtp" ]; - - tls = { - certResolver = "cloudflare"; - }; }; - "vless" = { - rule = "HostSNI(`${name}.hand7s.org`)"; - service = "vless-svc"; - tls = { - passthrough = true; - }; - + "pop3" = { + rule = "HostSNI(`*`)"; + service = "pop-svc"; entryPoints = [ - "websecure" + "pop3" + ]; + }; + + "submissions" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "submissions-svc"; + entryPoints = [ + "submissions" + ]; + }; + + "submission" = { + rule = "HostSNI(`*`)"; + service = "submission-svc"; + entryPoints = [ + "submission" + ]; + }; + + "imaptls" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "imaptls-svc"; + entryPoints = [ + "imaptls" + ]; + }; + + "pop3s" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "pop3s-svc"; + entryPoints = [ + "pop3s" + ]; + }; + + "managesieve" = { + rule = "HostSNI(`*`)"; + service = "managesieve-svc"; + entryPoints = [ + "managesieve" + ]; + }; + }; + }; + + services = { + "mc-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25565"; + } ]; }; }; - services = { - "vless-svc" = { - loadBalancer = { - servers = [ - { - address = "192.168.101.2:8443"; - } - ]; - }; + "smtp-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25"; + } + ]; }; + }; - "nts-ke-svc" = { - loadBalancer = { - servers = [ - { - address = "127.0.0.1:4460"; - } - ]; - }; + "pop3-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:110"; + } + ]; }; + }; - "dot-svc" = { - loadBalancer = { - servers = [ - { - url = "http://127.0.0.1:8853"; - } - ]; - }; + "imap-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:143"; + } + ]; + }; + }; + + "submissions-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:465"; + } + ]; + }; + }; + + "submission-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:587"; + } + ]; + }; + }; + + "imaptls-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:993"; + } + ]; + }; + }; + + "pop3s-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:995"; + } + ]; + }; + }; + + "managesieve-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:4190"; + } + ]; }; }; }; @@ -228,22 +370,17 @@ certificatesResolvers = { "cloudflare" = { acme = { - email = "me@hand7s.com"; + email = "litvinovb0@gmail.com"; storage = "${config.services.traefik.dataDir}/acme.json"; dnsChallenge = { provider = "cloudflare"; + resolvers = [ + "1.1.1.1:53" + "8.8.8.8:53" + ]; }; }; }; - - "step-ca" = { - caServer = "https://ca.hand7s.org"; - acme = { - email = "me@hand7s.com"; - storage = "${config.services.traefik.dataDir}/acme.json"; - tlsChallenge = {}; - }; - }; }; log = { @@ -280,35 +417,6 @@ }; }; - "loopback" = { - address = "127.0.0.1:444"; - http = { - tls = { - certResolver = "cloudflare"; - domains = [ - { - main = "hand7s.org"; - sans = [ - "*.hand7s.org" - ]; - } - ]; - }; - }; - }; - - "ntp" = { - address = ":123"; - }; - - "nts-ke" = { - address = ":4460"; - }; - - "dot" = { - address = ":853"; - }; - "minecraft" = { address = ":25565"; }; diff --git a/kyra/systemd/networkd.nix b/kyra/systemd/networkd.nix index 1343078..8982b55 100644 --- a/kyra/systemd/networkd.nix +++ b/kyra/systemd/networkd.nix @@ -7,71 +7,33 @@ network = { enable = true; networks = lib.mkMerge [ - ( - lib.mkIf ( - name == "ivy" - ) - { - "10-ens3" = { - matchConfig = { - Name = "ens3"; - }; - - addresses = [ - { - Address = "93.115.203.92/24"; - } - - { - Address = "2001:67c:263c::8fa/64"; - } - ]; - - routes = [ - { - Gateway = "93.115.203.1"; - } - - { - Gateway = "2001:67c:263c::1"; - } - ]; - }; - } - ) - ( lib.mkIf ( name == "mel" ) { "10-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - addresses = [ - { - Address = "45.11.229.245/24"; - } - - { - Address = "2a0e:97c0:3e3:20a::1/64"; - } - ]; - + matchConfig.Name = "eth0"; networkConfig = { IPv6AcceptRA = false; + Address = [ + "45.11.229.245/24" + "2a0e:97c0:3e3:20a::1/64" + ]; }; routes = [ { - Gateway = "45.11.229.1"; + routeConfig = { + Gateway = "45.11.229.1"; + }; } { - Gateway = "fe80::1"; - GatewayOnLink = true; + routeConfig = { + Gateway = "fe80::1"; + GatewayOnLink = true; + }; } ]; }; @@ -88,29 +50,27 @@ Name = "ens3"; }; - addresses = [ - { - Address = "138.124.240.75/32"; - } - - { - Address = "2a0d:d940:1a:1500::2/56"; - } - ]; - networkConfig = { IPv6AcceptRA = false; + Address = [ + "138.124.240.75/32" + "2a0d:d940:1a:1500::2/56" + ]; }; routes = [ { - Gateway = "10.0.0.1"; - GatewayOnLink = true; + routeConfig = { + Gateway = "10.0.0.1"; + GatewayOnLink = true; + }; } { - Gateway = "2a0d:d940:1a:1500::1"; - GatewayOnLink = true; + routeConfig = { + Gateway = "2a0d:d940:1a:1500::1"; + GatewayOnLink = true; + }; } ]; }; @@ -127,28 +87,9 @@ Name = "ens3"; }; - addresses = [ - { - Address = "90.156.226.152"; - } - - { - Address = "2a03:6f01:1:2::cb1e"; - } - ]; - - routes = [ - { - Gateway = "90.156.226.1"; - } - - { - Gateway = "2a03:6f01:1:2::1"; - GatewayOnLink = true; - } - ]; - networkConfig = { + Address = "90.156.226.152/24"; + Gateway = "90.156.226.1"; IPv6AcceptRA = false; }; }; @@ -165,17 +106,11 @@ Name = "ens3"; }; - addresses = [ - { - Address = "138.124.72.244"; - } - ]; - - routes = [ - { - Gateway = "138.124.72.1"; - } - ]; + networkConfig = { + Address = "138.124.72.244/24"; + Gateway = "138.124.72.1"; + IPv6AcceptRA = false; + }; }; } ) diff --git a/kyra/systemd/step-ca-service.nix b/kyra/systemd/step-ca-service.nix deleted file mode 100644 index cd61269..0000000 --- a/kyra/systemd/step-ca-service.nix +++ /dev/null @@ -1,13 +0,0 @@ -{config, ...}: { - systemd = { - services = { - "step-ca" = { - serviceConfig = { - EnvironmentFile = [ - config.sops.templates."step-ca.env".path - ]; - }; - }; - }; - }; -} diff --git a/kyra/users/users/alep0u.nix b/kyra/users/users/alep0u.nix index a140cb0..78766ad 100644 --- a/kyra/users/users/alep0u.nix +++ b/kyra/users/users/alep0u.nix @@ -6,6 +6,7 @@ _: { isNormalUser = true; extraGroups = [ "wheel" + "docker" ]; openssh = { diff --git a/kyra/users/users/hand7s.nix b/kyra/users/users/hand7s.nix index 69812a9..11f593a 100644 --- a/kyra/users/users/hand7s.nix +++ b/kyra/users/users/hand7s.nix @@ -6,6 +6,7 @@ _: { isNormalUser = true; extraGroups = [ "wheel" + "docker" ]; openssh = { diff --git a/kyra/users/users/root.nix b/kyra/users/users/root.nix index 480d3dc..4044315 100644 --- a/kyra/users/users/root.nix +++ b/kyra/users/users/root.nix @@ -3,7 +3,6 @@ users = { "root" = { shell = "${pkgs.util-linux}/bin/nologin"; - initialHashedPassword = "!"; }; }; }; diff --git a/viola/nix/settings/substituters.nix b/viola/nix/settings/substituters.nix index 223e765..da0035f 100644 --- a/viola/nix/settings/substituters.nix +++ b/viola/nix/settings/substituters.nix @@ -13,8 +13,6 @@ _: { "https://chaotic-nyx.cachix.org/" # nix-community "https://hydra.nix-community.org/" - # yandex mirror - "https://mirror.yandex.ru/nixos/" ]; }; }; diff --git a/viola/security/sudo-rs.nix b/viola/security/sudo-rs.nix index 35b28ec..4f270c9 100644 --- a/viola/security/sudo-rs.nix +++ b/viola/security/sudo-rs.nix @@ -4,9 +4,6 @@ _: { enable = true; wheelNeedsPassword = true; execWheelOnly = true; - extraConfig = '' - Defaults !pwfeedback - ''; }; }; } diff --git a/wanda/nix/settings/substituters.nix b/wanda/nix/settings/substituters.nix index 223e765..da0035f 100644 --- a/wanda/nix/settings/substituters.nix +++ b/wanda/nix/settings/substituters.nix @@ -13,8 +13,6 @@ _: { "https://chaotic-nyx.cachix.org/" # nix-community "https://hydra.nix-community.org/" - # yandex mirror - "https://mirror.yandex.ru/nixos/" ]; }; }; diff --git a/wanda/security/sudo-rs.nix b/wanda/security/sudo-rs.nix index 35b28ec..4f270c9 100644 --- a/wanda/security/sudo-rs.nix +++ b/wanda/security/sudo-rs.nix @@ -4,9 +4,6 @@ _: { enable = true; wheelNeedsPassword = true; execWheelOnly = true; - extraConfig = '' - Defaults !pwfeedback - ''; }; }; }