diff --git a/ada/boot/initrd.nix b/ada/boot/initrd.nix index 6924fac..a6b9a83 100644 --- a/ada/boot/initrd.nix +++ b/ada/boot/initrd.nix @@ -9,7 +9,6 @@ _: { "usb_storage" "sd_mod" "btrfs" - "amneziawg" "cryptd" ]; @@ -22,7 +21,7 @@ _: { kernelModules = [ "amdgpu" "zenpower" - "amneziawg" + "i2c-dev" ]; luks = { diff --git a/ada/boot/kernel.nix b/ada/boot/kernel.nix index c3a04ac..1f4c0cb 100644 --- a/ada/boot/kernel.nix +++ b/ada/boot/kernel.nix @@ -20,14 +20,13 @@ extraModulePackages = with config.boot.kernelPackages; [ zenpower v4l2loopback - amneziawg ]; kernelModules = [ "amdgpu" "zenpower" "v4l2loopback" - "amneziawg" + "i2c_dev" ]; kernelParams = [ diff --git a/ada/default.nix b/ada/default.nix index 483d476..38a0838 100644 --- a/ada/default.nix +++ b/ada/default.nix @@ -1,5 +1,7 @@ {self, ...}: { imports = [ + "${self}/ada/age/rekey.nix" + "${self}/ada/boot/initrd.nix" "${self}/ada/boot/kernel.nix" "${self}/ada/boot/lanzaboote.nix" @@ -39,7 +41,6 @@ "${self}/ada/nix/package.nix" "${self}/ada/nix/settings/allowed-users.nix" "${self}/ada/nix/settings/experimental-features.nix" - "${self}/ada/nix/settings/substituters.nix" "${self}/ada/nix/settings/trusted-public-keys.nix" "${self}/ada/nix/settings/trusted-substituters.nix" "${self}/ada/nix/settings/trusted-users.nix" @@ -70,12 +71,14 @@ "${self}/ada/services/qmk.nix" "${self}/ada/services/scx.nix" "${self}/ada/services/xserver.nix" + "${self}/ada/services/yggdrasil.nix" "${self}/ada/services/sunshine.nix" "${self}/ada/services/usbmuxd.nix" "${self}/ada/services/irqbalance.nix" "${self}/ada/services/yubikey-agent.nix" "${self}/ada/services/resolved.nix" "${self}/ada/services/firewalld.nix" + "${self}/ada/services/zerotier.nix" "${self}/ada/sops/defaults.nix" "${self}/ada/sops/secrets.nix" diff --git a/ada/disko/disk.nix b/ada/disko/disk.nix index 3152264..a26aa05 100644 --- a/ada/disko/disk.nix +++ b/ada/disko/disk.nix @@ -2,7 +2,7 @@ disko = { devices = { disk = { - main = { + "main" = { device = "/dev/disk/by-id/nvme-KINGSTON_SKC3000S_1024G_AA000000000000000013"; type = "disk"; content = { diff --git a/ada/environment/variables.nix b/ada/environment/variables.nix index 9c47685..e6cf3b1 100644 --- a/ada/environment/variables.nix +++ b/ada/environment/variables.nix @@ -1,16 +1,20 @@ -{config, ...}: { +{ + config, + lib, + ... +}: { environment = { variables = { - AMD_VULKAN_ICD = "AMDVLK"; HOSTNAME = config.networking.hostName; - QT_QPA_PLATFORM = "wayland"; + QT_QPA_PLATFORMTHEME = lib.mkForce "xdgdesktopportal"; + TDESKTOP_USE_GTK_FILE_DIALOG = 1; SDL_VIDEODRIVER = "wayland"; CLUTTER_BACKEND = "wayland"; GDK_BACKEND = "wayland"; - NIXPKGS_ALLOW_UNFREE = "1"; - NIXPKGS_ALLOW_INSECURE = "1"; - NIXOS_OZONE_WL = "1"; - GRIMBLAST_HIDE_CURSOR = "0"; + NIXPKGS_ALLOW_UNFREE = 1; + NIXPKGS_ALLOW_INSECURE = 1; + NIXOS_OZONE_WL = 1; + GRIMBLAST_HIDE_CURSOR = 1; TERM = "xterm-256color"; }; }; diff --git a/ada/home-manager/users.nix b/ada/home-manager/users.nix index 6590188..0a5f3e3 100644 --- a/ada/home-manager/users.nix +++ b/ada/home-manager/users.nix @@ -4,12 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index self.inputs.noctalia.homeModules.default ]; diff --git a/ada/networking/hosts.nix b/ada/networking/hosts.nix deleted file mode 100644 index e42e2b1..0000000 --- a/ada/networking/hosts.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - networking = { - hosts = { - # nope - }; - }; -} diff --git a/ada/networking/timeServers.nix b/ada/networking/timeServers.nix index 9289ea6..c1257cd 100644 --- a/ada/networking/timeServers.nix +++ b/ada/networking/timeServers.nix @@ -1,10 +1,9 @@ _: { networking = { timeServers = [ - "0.nixos.pool.ntp.org" - "1.nixos.pool.ntp.org" - "2.nixos.pool.ntp.org" - "3.nixos.pool.ntp.org" + "time.cloudflare.com" + "time.google.com" + "ru.pool.ntp.org" ]; }; } diff --git a/ada/nix/settings/substituters.nix b/ada/nix/settings/substituters.nix deleted file mode 100644 index da0035f..0000000 --- a/ada/nix/settings/substituters.nix +++ /dev/null @@ -1,19 +0,0 @@ -_: { - nix = { - settings = { - substituters = [ - # cache.nixos.org - "https://cache.nixos.org" - # cache.garnix.org - "https://cache.garnix.io" - # cachix - "https://nix-community.cachix.org/" - "https://chaotic-nyx.cachix.org/" - "https://hyprland.cachix.org" - "https://chaotic-nyx.cachix.org/" - # nix-community - "https://hydra.nix-community.org/" - ]; - }; - }; -} diff --git a/ada/nix/settings/trusted-public-keys.nix b/ada/nix/settings/trusted-public-keys.nix index 4a128cb..87843e2 100644 --- a/ada/nix/settings/trusted-public-keys.nix +++ b/ada/nix/settings/trusted-public-keys.nix @@ -7,12 +7,11 @@ _: { # cache.garnix.io "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" # cachix.org + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" - "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" - "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" ]; }; }; diff --git a/ada/security/pam/yubico.nix b/ada/security/pam/yubico.nix index cd8a4a1..c172958 100644 --- a/ada/security/pam/yubico.nix +++ b/ada/security/pam/yubico.nix @@ -7,7 +7,7 @@ _: { mode = "challenge-response"; control = "sufficient"; id = [ - "1873055870" + "funnyID" ]; }; }; diff --git a/ada/services/firewalld.nix b/ada/services/firewalld.nix index 7cd83ae..0602c8d 100644 --- a/ada/services/firewalld.nix +++ b/ada/services/firewalld.nix @@ -1,14 +1,18 @@ -{...}: { +_: { services = { firewalld = { enable = true; - settings = { - # nope - }; - zones = { - # nope + "eno1" = { + interfaces = [ + "ens1" + ]; + + services = [ + "sunshine" + ]; + }; }; }; }; diff --git a/ada/services/openssh.nix b/ada/services/openssh.nix index 71ee4c2..e136f96 100644 --- a/ada/services/openssh.nix +++ b/ada/services/openssh.nix @@ -5,7 +5,7 @@ allowSFTP = true; openFirewall = true; ports = [ - 53864 + 6969 ]; settings = { diff --git a/ada/services/yggdrasil.nix b/ada/services/yggdrasil.nix deleted file mode 100644 index c24275b..0000000 --- a/ada/services/yggdrasil.nix +++ /dev/null @@ -1,11 +0,0 @@ -_: { - services = { - yggdrasil = { - enable = false; - persistentKeys = false; - settings = { - # nope - }; - }; - }; -} diff --git a/ada/services/zerotier.nix b/ada/services/zerotier.nix deleted file mode 100644 index b864ebf..0000000 --- a/ada/services/zerotier.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - services = { - zerotierone = { - enable = true; - joinNetworks = [ - # nope - ]; - }; - }; -} diff --git a/ada/time/timeZone.nix b/ada/time/timeZone.nix index cef1656..cf8c6a1 100644 --- a/ada/time/timeZone.nix +++ b/ada/time/timeZone.nix @@ -1,6 +1,6 @@ _: { time = { timeZone = "Europe/Moscow"; - hardwareClockInLocalTime = true; + hardwareClockInLocalTime = false; }; } diff --git a/ada/users/users/hand7s.nix b/ada/users/users/hand7s.nix index 39aed35..866be86 100644 --- a/ada/users/users/hand7s.nix +++ b/ada/users/users/hand7s.nix @@ -5,10 +5,18 @@ _: { description = "me"; isSystemUser = false; isNormalUser = true; - initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/"; + initialHashedPassword = lib.hashString "sha512" "hand7s"; extraGroups = [ "wheel" ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; }; }; }; diff --git a/ada/users/users/root.nix b/ada/users/users/root.nix index faa89b7..2039a85 100644 --- a/ada/users/users/root.nix +++ b/ada/users/users/root.nix @@ -1,8 +1,8 @@ -_: { +{lib, ...}: { users = { users = { "root" = { - initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0"; + initialHashedPassword = lib.hashString "sha512" "root"; }; }; }; diff --git a/doc/flake-tree.canvas b/doc/flake-tree.canvas deleted file mode 100644 index 96f90c9..0000000 --- a/doc/flake-tree.canvas +++ /dev/null @@ -1,104 +0,0 @@ -{ - "nodes":[ - {"id":"2e0f697730e2619e","type":"text","text":"nixpkgs","x":-380,"y":240,"width":250,"height":60}, - {"id":"d23c9d730a76b4da","type":"text","text":"nixos-harware","x":-380,"y":300,"width":250,"height":60}, - {"id":"0387e0bebaecd2c1","type":"text","text":"nixgl","x":-380,"y":360,"width":250,"height":60}, - {"id":"8d542b4f6da1a433","type":"text","text":"nur","x":-380,"y":420,"width":250,"height":60}, - {"id":"0fa8d015874c9fd6","type":"text","text":"nixos-generator","x":-380,"y":480,"width":250,"height":60}, - {"id":"1d22c5b5fc58c6aa","type":"text","text":"nixos-anywhere","x":-380,"y":540,"width":250,"height":60}, - {"id":"5057c539e6b7bafd","type":"text","text":"impermanence ","x":-380,"y":600,"width":250,"height":60}, - {"id":"2183745b1c5ce269","type":"text","text":"home-manager","x":-380,"y":660,"width":250,"height":60}, - {"id":"93fb370c180eaeb4","type":"text","text":"disko","x":-380,"y":720,"width":250,"height":60}, - {"id":"8ebb54f97002b2ff","type":"text","text":"lanzaboote","x":-380,"y":780,"width":250,"height":60}, - {"id":"cfa0732596d24a19","type":"text","text":"vscodeserver","x":-380,"y":840,"width":250,"height":60}, - {"id":"71e717dc368710cb","type":"text","text":"nix-on-droid","x":-380,"y":900,"width":250,"height":60}, - {"id":"bb6dd845b1c0b50d","type":"text","text":"freesm","x":-380,"y":960,"width":250,"height":60}, - {"id":"6d6c9faee88a194d","type":"text","text":"agenix","x":-380,"y":1020,"width":250,"height":60}, - {"id":"5023b8a10dfa74f3","type":"text","text":"chaotic","x":-380,"y":1080,"width":250,"height":60}, - {"id":"0e41786babac8426","type":"text","text":"nix-homebrew","x":-380,"y":1140,"width":250,"height":60}, - {"id":"7fa86bf455f32e1e","type":"text","text":"homebrew-cask","x":-320,"y":1280,"width":250,"height":60}, - {"id":"412593ea3f394221","type":"text","text":"homebrew-bundle","x":-320,"y":1340,"width":250,"height":60}, - {"id":"f7b5a940a04300d9","type":"text","text":"homebrew-core","x":-320,"y":1220,"width":250,"height":60}, - {"id":"ddf0875c03bc6a7d","type":"text","text":"sops-nix","x":-380,"y":1420,"width":250,"height":60}, - {"id":"db2cc385a2d4fe4a","type":"text","text":"stylix","x":-380,"y":1480,"width":250,"height":60}, - {"id":"8ce9b94fa9c3dbc3","type":"text","text":"ayugram-desktop","x":-380,"y":1540,"width":250,"height":60}, - {"id":"7804c9935f33249b","type":"text","text":"hyprland","x":-380,"y":1600,"width":250,"height":60}, - {"id":"417b94b46101411d","type":"text","text":"hyprland-plugins","x":-380,"y":1660,"width":250,"height":60}, - {"id":"b63e2557fb721db2","type":"text","text":"hyprpanel","x":-380,"y":1720,"width":250,"height":60}, - {"id":"f2939ae2d4065467","type":"text","text":"spicetify-nix","x":-380,"y":1780,"width":250,"height":60}, - {"id":"5bcee2b96bd8f463","type":"text","text":"zen-browser","x":-380,"y":1840,"width":250,"height":60}, - {"id":"5c2f0aa731fa3834","type":"text","text":"inputs","x":-980,"y":1025,"width":125,"height":50}, - {"id":"e57fb6514f7cfacb","type":"text","text":"outputs","x":160,"y":1020,"width":140,"height":60}, - {"id":"0f7dafd0f244f528","type":"text","text":"self","x":160,"y":1140,"width":140,"height":60}, - {"id":"fd45c7cb969458c8","type":"text","text":"[[s0mePC-tree.canvas|s0mePC]]","x":835,"y":1080,"width":250,"height":60}, - {"id":"78627bb71578ceae","type":"text","text":"nixosConfigurations","x":480,"y":1160,"width":250,"height":60}, - {"id":"cf45cc727edde7ce","type":"text","text":"homeConfigurations","x":500,"y":900,"width":250,"height":60}, - {"id":"f3f3f84c33e79188","type":"text","text":"[[hand7s-tree.canvas|hand7s-tree]]","x":840,"y":900,"width":245,"height":60}, - {"id":"cbf70b360b7cfced","type":"text","text":"[[s0melapt0p-tree.canvas|s0melapt0p-nix]]","x":835,"y":1240,"width":250,"height":60} - ], - "edges":[ - {"id":"70e70085e4d2b6c5","fromNode":"0fa8d015874c9fd6","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"92b387632167e8cd","fromNode":"2183745b1c5ce269","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"9276e3b627e969cd","fromNode":"93fb370c180eaeb4","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"04a6a301b61f0669","fromNode":"8ebb54f97002b2ff","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"fa5adda740f95804","fromNode":"71e717dc368710cb","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"79638d1638fc055b","fromNode":"71e717dc368710cb","fromSide":"right","toNode":"2183745b1c5ce269","toSide":"right"}, - {"id":"409a221869f5eae6","fromNode":"0e41786babac8426","fromSide":"bottom","toNode":"f7b5a940a04300d9","toSide":"top"}, - {"id":"d9815f6c2e5f060b","fromNode":"7804c9935f33249b","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"f59d921bc2efc072","fromNode":"417b94b46101411d","fromSide":"right","toNode":"7804c9935f33249b","toSide":"right"}, - {"id":"a12a057beed06fe6","fromNode":"b63e2557fb721db2","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"94a006ae6b3eb631","fromNode":"f2939ae2d4065467","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"1e083e4b0e867f6c","fromNode":"5bcee2b96bd8f463","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"right"}, - {"id":"f7c96f262dc3c46c","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"2e0f697730e2619e","toSide":"left"}, - {"id":"034d59b5311aa3fc","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"d23c9d730a76b4da","toSide":"left"}, - {"id":"4daefbc4ba7eed3e","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"0387e0bebaecd2c1","toSide":"left"}, - {"id":"73efdb690d8324be","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"8d542b4f6da1a433","toSide":"left"}, - {"id":"4aa419e5129ae060","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"0fa8d015874c9fd6","toSide":"left"}, - {"id":"43458f9da955f5fd","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"1d22c5b5fc58c6aa","toSide":"left"}, - {"id":"a59d76d319843936","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"5057c539e6b7bafd","toSide":"left"}, - {"id":"52b2670e5609a721","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"2183745b1c5ce269","toSide":"left"}, - {"id":"1e8a37dc0f373531","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"93fb370c180eaeb4","toSide":"left"}, - {"id":"27ca008c53c7b578","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"8ebb54f97002b2ff","toSide":"left"}, - {"id":"fcba43865282441f","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"cfa0732596d24a19","toSide":"left"}, - {"id":"dbca5ce1ea606beb","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"71e717dc368710cb","toSide":"left"}, - {"id":"4c74ed1ca6f5fdb8","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"bb6dd845b1c0b50d","toSide":"left"}, - {"id":"d7ace2b8b3726213","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"6d6c9faee88a194d","toSide":"left"}, - {"id":"0d35286e9f54e677","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"5023b8a10dfa74f3","toSide":"left"}, - {"id":"fbd45a9f59479acf","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"0e41786babac8426","toSide":"left"}, - {"id":"e2ffea1413ce0dff","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"f7b5a940a04300d9","toSide":"left"}, - {"id":"1ab265aa41091996","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"7fa86bf455f32e1e","toSide":"left","label":"flake \n= false;"}, - {"id":"ddfbcf4e635221a3","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"412593ea3f394221","toSide":"left"}, - {"id":"e4fcb6496fe6f2cb","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"db2cc385a2d4fe4a","toSide":"left"}, - {"id":"19b40c794af7a4c0","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"ddf0875c03bc6a7d","toSide":"left"}, - {"id":"32bbb751f7a82ac9","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"8ce9b94fa9c3dbc3","toSide":"left"}, - {"id":"ccc70845fe2798b4","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"7804c9935f33249b","toSide":"left"}, - {"id":"abc24ddd45469787","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"417b94b46101411d","toSide":"left"}, - {"id":"6a06cd4c618afc28","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"b63e2557fb721db2","toSide":"left"}, - {"id":"8ae4a543eca051b1","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"f2939ae2d4065467","toSide":"left"}, - {"id":"c0665ac7bd526cdf","fromNode":"5c2f0aa731fa3834","fromSide":"right","toNode":"5bcee2b96bd8f463","toSide":"left"}, - {"id":"d02633d09736a559","fromNode":"2e0f697730e2619e","fromSide":"right","toNode":"e57fb6514f7cfacb","toSide":"top"}, - {"id":"dfea38e0ab142ef6","fromNode":"2183745b1c5ce269","fromSide":"right","toNode":"e57fb6514f7cfacb","toSide":"top"}, - {"id":"70b641d576f5dcfc","fromNode":"e57fb6514f7cfacb","fromSide":"bottom","toNode":"0f7dafd0f244f528","toSide":"top","fromEnd":"arrow"}, - {"id":"fe4b65ad9fdb0f45","fromNode":"e57fb6514f7cfacb","fromSide":"right","toNode":"cf45cc727edde7ce","toSide":"left"}, - {"id":"331f59d890ef043a","fromNode":"e57fb6514f7cfacb","fromSide":"right","toNode":"78627bb71578ceae","toSide":"left"}, - {"id":"e6a5ddd80fc9d413","fromNode":"cf45cc727edde7ce","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left"}, - {"id":"846ba90021efc1c9","fromNode":"db2cc385a2d4fe4a","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left"}, - {"id":"25b976815340aac3","fromNode":"5023b8a10dfa74f3","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left"}, - {"id":"91e162c9594490f6","fromNode":"ddf0875c03bc6a7d","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left"}, - {"id":"3b5256b2162968ed","fromNode":"93fb370c180eaeb4","fromSide":"right","toNode":"78627bb71578ceae","toSide":"left"}, - {"id":"66793eecb03a70a4","fromNode":"b63e2557fb721db2","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left"}, - {"id":"3fc2d4bbae15d101","fromNode":"f2939ae2d4065467","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left","label":"homeManagerModules"}, - {"id":"12e833368aafd1e9","fromNode":"7804c9935f33249b","fromSide":"right","toNode":"f3f3f84c33e79188","toSide":"left"}, - {"id":"b18c4c642a0ca6e4","fromNode":"78627bb71578ceae","fromSide":"right","toNode":"fd45c7cb969458c8","toSide":"left"}, - {"id":"93a7f7adabe88748","fromNode":"78627bb71578ceae","fromSide":"right","toNode":"cbf70b360b7cfced","toSide":"left"}, - {"id":"fafb3515ba73a919","fromNode":"5023b8a10dfa74f3","fromSide":"right","toNode":"fd45c7cb969458c8","toSide":"left","label":"nixosModules"}, - {"id":"97ae652bb18ef96d","fromNode":"db2cc385a2d4fe4a","fromSide":"right","toNode":"fd45c7cb969458c8","toSide":"left"}, - {"id":"91c1a91b4ee3e106","fromNode":"ddf0875c03bc6a7d","fromSide":"right","toNode":"fd45c7cb969458c8","toSide":"left"}, - {"id":"7a059c4eb7b1872f","fromNode":"2183745b1c5ce269","fromSide":"right","toNode":"fd45c7cb969458c8","toSide":"left"}, - {"id":"c96faa14fa94236c","fromNode":"db2cc385a2d4fe4a","fromSide":"right","toNode":"cbf70b360b7cfced","toSide":"left"}, - {"id":"0d12efecb603dbb3","fromNode":"ddf0875c03bc6a7d","fromSide":"right","toNode":"cbf70b360b7cfced","toSide":"left"}, - {"id":"a05f4e5560f31997","fromNode":"5023b8a10dfa74f3","fromSide":"right","toNode":"cbf70b360b7cfced","toSide":"left"}, - {"id":"26e844af79b11d3b","fromNode":"93fb370c180eaeb4","fromSide":"right","toNode":"cbf70b360b7cfced","toSide":"left"}, - {"id":"f91126b555e1427c","fromNode":"2183745b1c5ce269","fromSide":"right","toNode":"cbf70b360b7cfced","toSide":"left"} - ] -} \ No newline at end of file diff --git a/doc/hand7s-tree.canvas b/doc/hand7s-tree.canvas deleted file mode 100644 index 5ffc5af..0000000 --- a/doc/hand7s-tree.canvas +++ /dev/null @@ -1,52 +0,0 @@ -{ - "nodes":[ - {"id":"8b913a2d080b9765","type":"text","text":"default.nix","x":-622,"y":-140,"width":250,"height":60}, - {"id":"9c241fea3014bc1b","type":"text","text":"standalone.nix","x":-622,"y":-240,"width":250,"height":60}, - {"id":"2207049065e4fe70","type":"text","text":"options/","x":-120,"y":-240,"width":250,"height":60}, - {"id":"3e0c3f65bfc654f7","type":"text","text":"programs/","x":-120,"y":-140,"width":250,"height":60}, - {"id":"b52312243341f867","type":"text","text":"nixpkgs/","x":-120,"y":-340,"width":250,"height":60}, - {"id":"5f9292a9f706b6e2","type":"text","text":"qt/","x":-120,"y":-40,"width":250,"height":60}, - {"id":"70d6c502448f74e4","type":"text","text":"nix/","x":-120,"y":-440,"width":250,"height":60}, - {"id":"773f4b0553cf1bfc","type":"text","text":"services/","x":-120,"y":60,"width":250,"height":60}, - {"id":"8d6914af7faf9540","type":"text","text":"home/","x":-120,"y":-540,"width":250,"height":60}, - {"id":"310abb33ae703607","type":"text","text":"stylix/","x":-120,"y":160,"width":250,"height":60}, - {"id":"c1282eb91194e07b","type":"text","text":"systemd/","x":-120,"y":260,"width":250,"height":60}, - {"id":"d4009703e71bcde9","type":"text","text":"gtk/","x":-120,"y":-640,"width":250,"height":60}, - {"id":"3429bb37044f88e1","type":"text","text":"wayland/","x":-120,"y":360,"width":250,"height":60}, - {"id":"564cf2e6e156599d","type":"text","text":"fonts/","x":-120,"y":-740,"width":250,"height":60}, - {"id":"99d6d895a3fef9bd","type":"text","text":"[[flake-tree.canvas|flake.nix]]/hand7s","x":-834,"y":-439,"width":212,"height":59}, - {"id":"4b51874d4cb8c512","type":"text","text":"[[s0mePC-tree.canvas|s0mePC-nix]]","x":-834,"y":0,"width":212,"height":60}, - {"id":"b2840e8af6e98e99","type":"text","text":"[[s0melapt0p-tree.canvas|s0melapt0p-nix]]","x":-834,"y":120,"width":212,"height":60} - ], - "edges":[ - {"id":"d804153a40eca89a","fromNode":"4b51874d4cb8c512","fromSide":"right","toNode":"8b913a2d080b9765","toSide":"bottom"}, - {"id":"f314999f47e16026","fromNode":"99d6d895a3fef9bd","fromSide":"right","toNode":"9c241fea3014bc1b","toSide":"top"}, - {"id":"4eb2e7db8cc19c80","fromNode":"b2840e8af6e98e99","fromSide":"right","toNode":"8b913a2d080b9765","toSide":"bottom"}, - {"id":"cf5246390b75b266","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"564cf2e6e156599d","toSide":"left"}, - {"id":"592f487af0b6f7dd","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"d4009703e71bcde9","toSide":"left"}, - {"id":"99d2c67366e5225e","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"8d6914af7faf9540","toSide":"left"}, - {"id":"e4a1c79669d1133e","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"70d6c502448f74e4","toSide":"left"}, - {"id":"6efcabccdae1baf1","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"b52312243341f867","toSide":"left"}, - {"id":"f1934806d61119b6","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"2207049065e4fe70","toSide":"left"}, - {"id":"ef398e7ac4815af8","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"3e0c3f65bfc654f7","toSide":"left"}, - {"id":"cc58b91953b6c766","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"5f9292a9f706b6e2","toSide":"left"}, - {"id":"902272466e9d843d","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"773f4b0553cf1bfc","toSide":"left"}, - {"id":"041fae76354acdd9","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"310abb33ae703607","toSide":"left"}, - {"id":"95796dedf0456a0c","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"c1282eb91194e07b","toSide":"left"}, - {"id":"42ac954ade28a370","fromNode":"9c241fea3014bc1b","fromSide":"right","toNode":"3429bb37044f88e1","toSide":"left"}, - {"id":"e8b8cacf3d4c37be","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"564cf2e6e156599d","toSide":"left"}, - {"id":"cb737fc0d7af5b18","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"d4009703e71bcde9","toSide":"left"}, - {"id":"35708988ff820190","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"8d6914af7faf9540","toSide":"left"}, - {"id":"3cdf6601cc95f6c8","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"2207049065e4fe70","toSide":"left"}, - {"id":"e0830b61ade3375d","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"3e0c3f65bfc654f7","toSide":"left"}, - {"id":"d820a59fd2e3552e","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"5f9292a9f706b6e2","toSide":"left"}, - {"id":"b551b9e00abaf7af","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"2207049065e4fe70","toSide":"left"}, - {"id":"453617935378d7db","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"773f4b0553cf1bfc","toSide":"left"}, - {"id":"9ff520f23512db9e","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"c1282eb91194e07b","toSide":"left"}, - {"id":"d70cbf4741c01ad2","fromNode":"8b913a2d080b9765","fromSide":"right","toNode":"3429bb37044f88e1","toSide":"left"}, - {"id":"66fbefd742e9482a","fromNode":"99d6d895a3fef9bd","fromSide":"right","toNode":"2207049065e4fe70","toSide":"left"}, - {"id":"9e0eccd752c4120a","fromNode":"99d6d895a3fef9bd","fromSide":"bottom","toNode":"2207049065e4fe70","toSide":"left"}, - {"id":"8c18cf6c6fde94b0","fromNode":"99d6d895a3fef9bd","fromSide":"bottom","toNode":"3e0c3f65bfc654f7","toSide":"left"}, - {"id":"724e4419030882c9","fromNode":"99d6d895a3fef9bd","fromSide":"bottom","toNode":"310abb33ae703607","toSide":"left","label":"inputs"} - ] -} \ No newline at end of file diff --git a/doc/s0mePC-tree.canvas b/doc/s0mePC-tree.canvas deleted file mode 100644 index c8fd7bc..0000000 --- a/doc/s0mePC-tree.canvas +++ /dev/null @@ -1,51 +0,0 @@ -{ - "nodes":[ - {"id":"52477f25cd9313f9","type":"text","text":"[[flake-tree.canvas|flake.nix]]/s0melapt0p-nix","x":-500,"y":-320,"width":273,"height":60}, - {"id":"656ae4fe3c2ecd24","type":"text","text":"security","x":140,"y":-120,"width":250,"height":60}, - {"id":"89219c2aca202139","type":"text","text":"progams","x":140,"y":-200,"width":250,"height":60}, - {"id":"09050a2729925990","type":"text","text":"services/","x":140,"y":-40,"width":250,"height":60}, - {"id":"9c54796e439b0f5b","type":"text","text":"~~sops/~~ (not included)","x":140,"y":40,"width":250,"height":60}, - {"id":"e8779b73e199bcf6","type":"text","text":"stylix/","x":140,"y":120,"width":250,"height":60}, - {"id":"c820b80f2803db97","type":"text","text":"system/","x":140,"y":200,"width":250,"height":60}, - {"id":"ff454e151245e473","type":"text","text":"time/","x":140,"y":280,"width":250,"height":60}, - {"id":"a12b9d85a8d9aaf0","type":"text","text":"users/","x":140,"y":360,"width":250,"height":60}, - {"id":"b682f26e0c5772ab","type":"text","text":"virtualisation/","x":140,"y":440,"width":250,"height":60}, - {"id":"39a33c5c1b57cfbc","type":"text","text":"nix/","x":140,"y":-290,"width":250,"height":60}, - {"id":"91dd5508b7be6a58","type":"text","text":"networking/","x":140,"y":-380,"width":250,"height":60}, - {"id":"aa258b60522c12a1","type":"text","text":"i18n/","x":140,"y":-460,"width":250,"height":60}, - {"id":"d1607fb2e7e67782","type":"text","text":"home-manager/","x":140,"y":-540,"width":250,"height":60}, - {"id":"7a3e84bfb5bf0a77","type":"text","text":"hardware","x":140,"y":-620,"width":250,"height":60}, - {"id":"3a525cf3bb5749d2","type":"text","text":"environment","x":140,"y":-700,"width":250,"height":60}, - {"id":"299e10060c92dc79","type":"text","text":"xdg/","x":140,"y":520,"width":250,"height":60}, - {"id":"31d735f24354a46a","type":"text","text":"console/","x":140,"y":-780,"width":250,"height":60}, - {"id":"ff41445ee9f66727","type":"text","text":"boot/","x":140,"y":-860,"width":250,"height":60}, - {"id":"89667c76b1cff4b4","type":"text","text":"[[hand7s-tree.canvas|hand7s]]/default.nix","x":540,"y":-540,"width":250,"height":60}, - {"id":"b5a77770636904fe","type":"text","text":"default.nix","x":-160,"y":-200,"width":147,"height":60} - ], - "edges":[ - {"id":"8ae81d676613fbb3","fromNode":"52477f25cd9313f9","fromSide":"right","toNode":"b5a77770636904fe","toSide":"top"}, - {"id":"b8a089af90c22ce5","fromNode":"d1607fb2e7e67782","fromSide":"right","toNode":"89667c76b1cff4b4","toSide":"top"}, - {"id":"cb12e6d7f284d814","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"ff41445ee9f66727","toSide":"left"}, - {"id":"d9025f0c300d7c11","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"31d735f24354a46a","toSide":"left"}, - {"id":"3b3973e125f1f46a","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"3a525cf3bb5749d2","toSide":"left"}, - {"id":"b6ec7e0d7f09c72e","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"7a3e84bfb5bf0a77","toSide":"left"}, - {"id":"ae4c58dbacb97aa6","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"d1607fb2e7e67782","toSide":"left"}, - {"id":"d4a26cb113cbd3d7","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"aa258b60522c12a1","toSide":"left"}, - {"id":"dc06709d01cc417d","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"91dd5508b7be6a58","toSide":"left"}, - {"id":"96ff134a2746065d","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"39a33c5c1b57cfbc","toSide":"left"}, - {"id":"4e76a33396965cc2","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"89219c2aca202139","toSide":"left"}, - {"id":"5a90c383825629af","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"656ae4fe3c2ecd24","toSide":"left"}, - {"id":"758f54d1607c0fb6","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"09050a2729925990","toSide":"left"}, - {"id":"9166a494ff2ad45c","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"9c54796e439b0f5b","toSide":"left"}, - {"id":"f1257707e5801b96","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"e8779b73e199bcf6","toSide":"left"}, - {"id":"e5db44e099326823","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"c820b80f2803db97","toSide":"left"}, - {"id":"d11c62f447ee4733","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"ff454e151245e473","toSide":"left"}, - {"id":"927b694304548bee","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"a12b9d85a8d9aaf0","toSide":"left"}, - {"id":"83b838f79175c4be","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"b682f26e0c5772ab","toSide":"left"}, - {"id":"29ea4d67235b5bcd","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"299e10060c92dc79","toSide":"left"}, - {"id":"165c9098d8f8595a","fromNode":"52477f25cd9313f9","fromSide":"top","toNode":"ff41445ee9f66727","toSide":"left","label":"inputs"}, - {"id":"b27ff33fb53c9675","fromNode":"52477f25cd9313f9","fromSide":"top","toNode":"d1607fb2e7e67782","toSide":"left"}, - {"id":"c9dab9a88e555ac4","fromNode":"52477f25cd9313f9","fromSide":"bottom","toNode":"9c54796e439b0f5b","toSide":"left"}, - {"id":"8368dfdcfc2ecafd","fromNode":"52477f25cd9313f9","fromSide":"bottom","toNode":"e8779b73e199bcf6","toSide":"left"} - ] -} \ No newline at end of file diff --git a/doc/s0melapt0p-tree.canvas b/doc/s0melapt0p-tree.canvas deleted file mode 100644 index 871fc13..0000000 --- a/doc/s0melapt0p-tree.canvas +++ /dev/null @@ -1,51 +0,0 @@ -{ - "nodes":[ - {"id":"52477f25cd9313f9","type":"text","text":"[[flake-tree.canvas|flake.nix]]/s0mePC-nix","x":-477,"y":-320,"width":250,"height":60}, - {"id":"656ae4fe3c2ecd24","type":"text","text":"security","x":140,"y":-120,"width":250,"height":60}, - {"id":"89219c2aca202139","type":"text","text":"progams","x":140,"y":-200,"width":250,"height":60}, - {"id":"09050a2729925990","type":"text","text":"services/","x":140,"y":-40,"width":250,"height":60}, - {"id":"9c54796e439b0f5b","type":"text","text":"~~sops/~~ (not included)","x":140,"y":40,"width":250,"height":60}, - {"id":"e8779b73e199bcf6","type":"text","text":"stylix/","x":140,"y":120,"width":250,"height":60}, - {"id":"c820b80f2803db97","type":"text","text":"system/","x":140,"y":200,"width":250,"height":60}, - {"id":"ff454e151245e473","type":"text","text":"time/","x":140,"y":280,"width":250,"height":60}, - {"id":"a12b9d85a8d9aaf0","type":"text","text":"users/","x":140,"y":360,"width":250,"height":60}, - {"id":"b682f26e0c5772ab","type":"text","text":"virtualisation/","x":140,"y":440,"width":250,"height":60}, - {"id":"39a33c5c1b57cfbc","type":"text","text":"nix/","x":140,"y":-290,"width":250,"height":60}, - {"id":"91dd5508b7be6a58","type":"text","text":"networking/","x":140,"y":-380,"width":250,"height":60}, - {"id":"aa258b60522c12a1","type":"text","text":"i18n/","x":140,"y":-460,"width":250,"height":60}, - {"id":"d1607fb2e7e67782","type":"text","text":"home-manager/","x":140,"y":-540,"width":250,"height":60}, - {"id":"7a3e84bfb5bf0a77","type":"text","text":"hardware","x":140,"y":-620,"width":250,"height":60}, - {"id":"3a525cf3bb5749d2","type":"text","text":"environment","x":140,"y":-700,"width":250,"height":60}, - {"id":"299e10060c92dc79","type":"text","text":"xdg/","x":140,"y":520,"width":250,"height":60}, - {"id":"31d735f24354a46a","type":"text","text":"console/","x":140,"y":-780,"width":250,"height":60}, - {"id":"ff41445ee9f66727","type":"text","text":"boot/","x":140,"y":-860,"width":250,"height":60}, - {"id":"89667c76b1cff4b4","type":"text","text":"[[hand7s-tree.canvas|hand7s]]/default.nix","x":540,"y":-540,"width":250,"height":60}, - {"id":"b5a77770636904fe","type":"text","text":"default.nix","x":-160,"y":-200,"width":147,"height":60} - ], - "edges":[ - {"id":"8ae81d676613fbb3","fromNode":"52477f25cd9313f9","fromSide":"right","toNode":"b5a77770636904fe","toSide":"top"}, - {"id":"b8a089af90c22ce5","fromNode":"d1607fb2e7e67782","fromSide":"right","toNode":"89667c76b1cff4b4","toSide":"top"}, - {"id":"cb12e6d7f284d814","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"ff41445ee9f66727","toSide":"left"}, - {"id":"d9025f0c300d7c11","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"31d735f24354a46a","toSide":"left"}, - {"id":"3b3973e125f1f46a","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"3a525cf3bb5749d2","toSide":"left"}, - {"id":"b6ec7e0d7f09c72e","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"7a3e84bfb5bf0a77","toSide":"left"}, - {"id":"ae4c58dbacb97aa6","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"d1607fb2e7e67782","toSide":"left"}, - {"id":"d4a26cb113cbd3d7","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"aa258b60522c12a1","toSide":"left"}, - {"id":"dc06709d01cc417d","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"91dd5508b7be6a58","toSide":"left"}, - {"id":"96ff134a2746065d","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"39a33c5c1b57cfbc","toSide":"left"}, - {"id":"4e76a33396965cc2","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"89219c2aca202139","toSide":"left"}, - {"id":"5a90c383825629af","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"656ae4fe3c2ecd24","toSide":"left"}, - {"id":"758f54d1607c0fb6","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"09050a2729925990","toSide":"left"}, - {"id":"9166a494ff2ad45c","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"9c54796e439b0f5b","toSide":"left"}, - {"id":"f1257707e5801b96","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"e8779b73e199bcf6","toSide":"left"}, - {"id":"e5db44e099326823","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"c820b80f2803db97","toSide":"left"}, - {"id":"d11c62f447ee4733","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"ff454e151245e473","toSide":"left"}, - {"id":"927b694304548bee","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"a12b9d85a8d9aaf0","toSide":"left"}, - {"id":"83b838f79175c4be","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"b682f26e0c5772ab","toSide":"left"}, - {"id":"29ea4d67235b5bcd","fromNode":"b5a77770636904fe","fromSide":"right","toNode":"299e10060c92dc79","toSide":"left"}, - {"id":"165c9098d8f8595a","fromNode":"52477f25cd9313f9","fromSide":"top","toNode":"ff41445ee9f66727","toSide":"left","label":"inputs"}, - {"id":"b27ff33fb53c9675","fromNode":"52477f25cd9313f9","fromSide":"top","toNode":"d1607fb2e7e67782","toSide":"left"}, - {"id":"c9dab9a88e555ac4","fromNode":"52477f25cd9313f9","fromSide":"bottom","toNode":"9c54796e439b0f5b","toSide":"left"}, - {"id":"8368dfdcfc2ecafd","fromNode":"52477f25cd9313f9","fromSide":"bottom","toNode":"e8779b73e199bcf6","toSide":"left"} - ] -} \ No newline at end of file diff --git a/doc/screen.png b/doc/screen.png deleted file mode 100644 index 9cdbd23..0000000 Binary files a/doc/screen.png and /dev/null differ diff --git a/flake.lock b/flake.lock index 15fe6de..c7317d3 100644 --- a/flake.lock +++ b/flake.lock @@ -208,6 +208,64 @@ } }, "cachix": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1774017633, + "narHash": "sha256-CWhnwL2M83/ItapPVeJqCevRoQttesYxJ1h0Mo6ZCXs=", + "owner": "cachix", + "repo": "cachix", + "rev": "e8be573b417f3daa3dd4cb9052178f848e0c9d1d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": [ + "cachix", + "devenv" + ], + "flake-compat": [ + "cachix", + "devenv", + "flake-compat" + ], + "git-hooks": [ + "cachix", + "devenv", + "git-hooks" + ], + "nixpkgs": [ + "cachix", + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760971495, + "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", + "owner": "cachix", + "repo": "cachix", + "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "cachix_3": { "inputs": { "devenv": [ "devenv" @@ -277,7 +335,7 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -350,8 +408,8 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_5", "utils": "utils" }, "locked": { @@ -370,13 +428,46 @@ }, "devenv": { "inputs": { - "cachix": "cachix", - "flake-compat": "flake-compat_3", + "cachix": "cachix_2", + "flake-compat": [ + "cachix", + "flake-compat" + ], "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", + "git-hooks": [ + "cachix", + "git-hooks" + ], "nix": "nix", "nixd": "nixd", - "nixpkgs": "nixpkgs_5" + "nixpkgs": [ + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772738982, + "narHash": "sha256-9MN0FV0XeYJV7kFtUxY6uQMxbZmlrPQLUm3yLbEEJ7Q=", + "owner": "cachix", + "repo": "devenv", + "rev": "22ec127af85396b04af045ec20d004d11a0675af", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "devenv_2": { + "inputs": { + "cachix": "cachix_3", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks_2", + "nix": "nix_2", + "nixd": "nixd_2", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1771066302, @@ -413,24 +504,6 @@ "type": "github" } }, - "devshell_2": { - "inputs": { - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1768818222, - "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", - "owner": "numtide", - "repo": "devshell", - "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -473,6 +546,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_7", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1774423251, + "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -506,6 +598,20 @@ } }, "flake-compat_10": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_11": { "flake": false, "locked": { "lastModified": 1767039857, @@ -521,30 +627,14 @@ "type": "github" } }, - "flake-compat_11": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -569,7 +659,39 @@ "type": "github" } }, + "flake-compat_14": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1733328505, @@ -585,7 +707,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1761588595, @@ -601,34 +723,18 @@ "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_5": { "flake": false, "locked": { "lastModified": 1767039857, "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -650,22 +756,6 @@ } }, "flake-compat_7": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { "flake": false, "locked": { "lastModified": 1767039857, @@ -681,18 +771,36 @@ "type": "github" } }, - "flake-compat_9": { + "flake-compat_8": { + "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "revCount": 69, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69" + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" } }, "flake-parts": { @@ -717,6 +825,27 @@ } }, "flake-parts_10": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_11": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_6" }, @@ -734,7 +863,7 @@ "type": "github" } }, - "flake-parts_11": { + "flake-parts_12": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -755,7 +884,7 @@ "type": "github" } }, - "flake-parts_12": { + "flake-parts_13": { "inputs": { "nixpkgs-lib": [ "system-manager", @@ -798,6 +927,7 @@ "flake-parts_3": { "inputs": { "nixpkgs-lib": [ + "cachix", "devenv", "nixpkgs" ] @@ -817,6 +947,27 @@ } }, "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -834,7 +985,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -851,7 +1002,7 @@ "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -872,7 +1023,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, @@ -890,7 +1041,7 @@ "type": "github" } }, - "flake-parts_8": { + "flake-parts_9": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_5" }, @@ -908,28 +1059,22 @@ "type": "github" } }, - "flake-parts_9": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, + "flake-root": { "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "lastModified": 1723604017, + "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", + "owner": "srid", + "repo": "flake-root", + "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "flake-parts", + "owner": "srid", + "repo": "flake-root", "type": "github" } }, - "flake-root": { + "flake-root_2": { "locked": { "lastModified": 1723604017, "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", @@ -1014,10 +1159,10 @@ }, "freesm": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "libnbtplusplus": "libnbtplusplus", "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1770541033, @@ -1052,10 +1197,56 @@ "git-hooks": { "inputs": { "flake-compat": [ - "devenv", + "cachix", "flake-compat" ], "gitignore": "gitignore_2", + "nixpkgs": [ + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772665116, + "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_4", + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "gitignore": "gitignore_3", "nixpkgs": [ "devenv", "nixpkgs" @@ -1075,30 +1266,10 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_3", - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1770726378, - "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "github-actions-nix": { "inputs": { - "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_9" + "flake-parts": "flake-parts_6", + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1770427665, @@ -1139,7 +1310,7 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "devenv", + "cachix", "git-hooks", "nixpkgs" ] @@ -1161,7 +1332,8 @@ "gitignore_3": { "inputs": { "nixpkgs": [ - "git-hooks-nix", + "devenv", + "git-hooks", "nixpkgs" ] }, @@ -1180,6 +1352,27 @@ } }, "gitignore_4": { + "inputs": { + "nixpkgs": [ + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "hyprland", @@ -1201,7 +1394,7 @@ "type": "github" } }, - "gitignore_5": { + "gitignore_6": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -1223,7 +1416,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_7": { "inputs": { "nixpkgs": [ "system-manager", @@ -1445,7 +1638,7 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "pre-commit-hooks": "pre-commit-hooks_2", "systems": "systems_4", "xdph": "xdph" @@ -1748,8 +1941,8 @@ "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_6", + "flake-compat": "flake-compat_8", + "flake-parts": "flake-parts_7", "nixpkgs": [ "nixpkgs" ], @@ -1789,7 +1982,7 @@ }, "ndg": { "inputs": { - "nixpkgs": "nixpkgs_16" + "nixpkgs": "nixpkgs_17" }, "locked": { "lastModified": 1768214250, @@ -1808,7 +2001,7 @@ }, "nekoflake": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1744631782, @@ -1827,34 +2020,40 @@ "nix": { "inputs": { "flake-compat": [ + "cachix", "devenv", "flake-compat" ], "flake-parts": [ + "cachix", "devenv", "flake-parts" ], "git-hooks-nix": [ + "cachix", "devenv", "git-hooks" ], "nixpkgs": [ + "cachix", "devenv", "nixpkgs" ], "nixpkgs-23-11": [ + "cachix", "devenv" ], "nixpkgs-regression": [ + "cachix", "devenv" ] }, "locked": { - "lastModified": 1770395975, - "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", + "lastModified": 1771532737, + "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", "owner": "cachix", "repo": "nix", - "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", + "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", "type": "github" }, "original": { @@ -1866,9 +2065,9 @@ }, "nix-bwrapper": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" }, "locked": { "lastModified": 1770308099, @@ -1888,9 +2087,9 @@ "inputs": { "cachyos-kernel": "cachyos-kernel", "cachyos-kernel-patches": "cachyos-kernel-patches", - "flake-compat": "flake-compat_8", - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_15" + "flake-compat": "flake-compat_9", + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1771091677, @@ -2031,10 +2230,10 @@ }, "nix-mineral": { "inputs": { - "flake-compat": "flake-compat_9", - "flake-parts": "flake-parts_8", + "flake-compat": "flake-compat_10", + "flake-parts": "flake-parts_9", "ndg": "ndg", - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1771115839, @@ -2099,14 +2298,56 @@ "type": "github" } }, + "nix_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "flake-parts": [ + "devenv", + "flake-parts" + ], + "git-hooks-nix": [ + "devenv", + "git-hooks" + ], + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "nixpkgs-23-11": [ + "devenv" + ], + "nixpkgs-regression": [ + "devenv" + ] + }, + "locked": { + "lastModified": 1770395975, + "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", + "owner": "cachix", + "repo": "nix", + "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "devenv-2.32", + "repo": "nix", + "type": "github" + } + }, "nixd": { "inputs": { "flake-parts": [ + "cachix", "devenv", "flake-parts" ], "flake-root": "flake-root", "nixpkgs": [ + "cachix", "devenv", "nixpkgs" ], @@ -2126,6 +2367,33 @@ "type": "github" } }, + "nixd_2": { + "inputs": { + "flake-parts": [ + "devenv", + "flake-parts" + ], + "flake-root": "flake-root_2", + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1763964548, + "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", + "owner": "nix-community", + "repo": "nixd", + "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixd", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -2144,12 +2412,12 @@ "nixos-anywhere": { "inputs": { "disko": "disko_2", - "flake-parts": "flake-parts_9", + "flake-parts": "flake-parts_10", "nix-vm-test": "nix-vm-test", "nixos-images": "nixos-images", "nixos-stable": "nixos-stable", - "nixpkgs": "nixpkgs_18", - "treefmt-nix": "treefmt-nix_4" + "nixpkgs": "nixpkgs_19", + "treefmt-nix": "treefmt-nix_5" }, "locked": { "lastModified": 1769956140, @@ -2167,9 +2435,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_10", - "flake-parts": "flake-parts_10", - "nixpkgs": "nixpkgs_19", + "flake-compat": "flake-compat_11", + "flake-parts": "flake-parts_11", + "nixpkgs": "nixpkgs_20", "optnix": "optnix" }, "locked": { @@ -2250,8 +2518,8 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_12", - "nixpkgs": "nixpkgs_21" + "flake-compat": "flake-compat_13", + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1770657009, @@ -2423,6 +2691,20 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", + "revCount": 940249, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.940249%2Brev-00c21e4c93d963c50d4c0c89bfa84ed6e0694df2/019c2c37-21f9-727c-86c5-0523e601d163/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770841267, "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", @@ -2438,7 +2720,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1742283249, "narHash": "sha256-hYz59vIFHjPt3l4iaXwCGUPu85EVRomzZRONksMVmgY=", @@ -2453,7 +2735,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -2469,7 +2751,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1767892417, "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", @@ -2485,7 +2767,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -2501,7 +2783,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1771045105, "narHash": "sha256-6/VriPJZPqQfOyujd1AEjSYzgP/In4dtmQAbvhkkhyI=", @@ -2517,7 +2799,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1766070988, "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", @@ -2533,7 +2815,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1755593991, "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", @@ -2549,7 +2831,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1769900851, "narHash": "sha256-RgCgXS3WiG9c/1wxFM6OXmmv39dSaLLON9VeAbTTAIM=", @@ -2565,22 +2847,6 @@ "type": "github" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1770197578, @@ -2598,6 +2864,22 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -2613,7 +2895,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -2629,7 +2911,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1771008912, "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", @@ -2645,7 +2927,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1770380644, "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", @@ -2661,7 +2943,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -2677,7 +2959,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_26": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -2693,7 +2975,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_27": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -2708,6 +2990,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1764950072, "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", @@ -2723,7 +3021,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1743014863, "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", @@ -2739,7 +3037,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1761313199, "narHash": "sha256-wCIACXbNtXAlwvQUo1Ed++loFALPjYUA3dpcUJiXO44=", @@ -2755,23 +3053,23 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { - "lastModified": 1762156382, - "narHash": "sha256-Yg7Ag7ov5+36jEFC1DaZh/12SEXo6OO3/8rqADRxiqs=", - "owner": "NixOS", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "7241bcbb4f099a66aafca120d37c65e8dda32717", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -2787,7 +3085,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770073757, "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", @@ -2803,20 +3101,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", - "revCount": 940249, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.940249%2Brev-00c21e4c93d963c50d4c0c89bfa84ed6e0694df2/019c2c37-21f9-727c-86c5-0523e601d163/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" - } - }, "nmd": { "inputs": { "nixpkgs": [ @@ -2904,7 +3188,7 @@ "inputs": { "flake-utils": "flake-utils_2", "ixx": "ixx", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1768249818, @@ -2922,8 +3206,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_11", - "nixpkgs": "nixpkgs_20" + "flake-compat": "flake-compat_12", + "nixpkgs": "nixpkgs_21" }, "locked": { "lastModified": 1765418479, @@ -2968,7 +3252,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -2996,7 +3280,7 @@ "userborn", "flake-compat" ], - "gitignore": "gitignore_6", + "gitignore": "gitignore_7", "nixpkgs": [ "system-manager", "userborn", @@ -3019,8 +3303,8 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_4", + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_5", "nixpkgs": [ "hyprland", "nixpkgs" @@ -3065,12 +3349,13 @@ "agenix": "agenix", "agenix-rekey": "agenix-rekey", "ayugram-desktop": "ayugram-desktop", + "cachix": "cachix", "chaotic": "chaotic", "deploy-rs": "deploy-rs", - "devenv": "devenv", - "devshell": "devshell_2", + "devenv": "devenv_2", "disko": "disko", - "flake-parts": "flake-parts_4", + "fenix": "fenix", + "flake-parts": "flake-parts_5", "freesm": "freesm", "git-hooks-nix": "git-hooks-nix", "github-actions-nix": "github-actions-nix", @@ -3092,17 +3377,34 @@ "nixos-cli": "nixos-cli", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_22", + "nixpkgs": "nixpkgs_23", "noctalia": "noctalia", "quickshell": "quickshell", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix", "system-manager": "system-manager", - "treefmt-nix": "treefmt-nix_5", + "treefmt-nix": "treefmt-nix_6", "vscserver": "vscserver" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1774376228, + "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "eabb84b771420b8396ab4bb4747694302d9be277", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -3184,7 +3486,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1770683991, @@ -3228,9 +3530,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_11", + "flake-parts": "flake-parts_12", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_25", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", @@ -3514,6 +3816,7 @@ "treefmt-nix_2": { "inputs": { "nixpkgs": [ + "cachix", "devenv", "nixd", "nixpkgs" @@ -3535,7 +3838,29 @@ }, "treefmt-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_14" + "nixpkgs": [ + "devenv", + "nixd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734704479, + "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { + "inputs": { + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1770228511, @@ -3551,7 +3876,7 @@ "type": "github" } }, - "treefmt-nix_4": { + "treefmt-nix_5": { "inputs": { "nixpkgs": [ "nixos-anywhere", @@ -3572,9 +3897,9 @@ "type": "github" } }, - "treefmt-nix_5": { + "treefmt-nix_6": { "inputs": { - "nixpkgs": "nixpkgs_25" + "nixpkgs": "nixpkgs_26" }, "locked": { "lastModified": 1770228511, @@ -3592,8 +3917,8 @@ }, "userborn": { "inputs": { - "flake-compat": "flake-compat_13", - "flake-parts": "flake-parts_12", + "flake-compat": "flake-compat_14", + "flake-parts": "flake-parts_13", "nixpkgs": [ "system-manager", "nixpkgs" @@ -3637,7 +3962,7 @@ "vscserver": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_26" + "nixpkgs": "nixpkgs_27" }, "locked": { "lastModified": 1770124655, diff --git a/flake.nix b/flake.nix index af37367..aa0b97a 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,13 @@ repo = "ayugram-desktop"; }; + "cachix" = { + flake = true; + type = "github"; + owner = "cachix"; + repo = "cachix"; + }; + "chaotic" = { flake = true; type = "github"; @@ -51,13 +58,6 @@ repo = "devenv"; }; - "devshell" = { - flake = true; - type = "github"; - owner = "numtide"; - repo = "devshell"; - }; - "disko" = { flake = true; type = "github"; @@ -85,6 +85,13 @@ repo = "freesmlauncher"; }; + "fenix" = { + flake = true; + type = "github"; + owner = "nix-community"; + repo = "fenix"; + }; + "github-actions-nix" = { flake = true; type = "github"; @@ -367,7 +374,7 @@ self ; } { - debug = false; + debug = true; systems = [ "x86_64-linux" @@ -376,20 +383,201 @@ imports = [ # modules - inputs.agenix-rekey.flakeModule inputs.disko.flakeModules.default - inputs.devshell.flakeModule inputs.treefmt-nix.flakeModule inputs.home-manager.flakeModules.home-manager inputs.git-hooks-nix.flakeModule inputs.devenv.flakeModule - # i can't really deside between devenv, devshells and devShells they are equally good for me - # for now, at least, i'm using numtide/devshells inputs.github-actions-nix.flakeModule ]; - flake = { - # home-manager, sorta broken when standalone + flake = let + inherit + (inputs."nixpkgs".lib) + nixosSystem + filesystem + genAttrs + map + ; + + defaultModules = []; + + defaultPath = filesystem.listFilesRecursive "${self}/kyra/"; + + inputedModules = + map ( + { + input, + opt ? "default", + }: + inputs.${input}.nixosModules.${opt} + ) [ + { + opt = "disko"; + input = "disko"; + } + + { + input = "home-manager"; + } + + { + opt = "sops"; + input = "sops-nix"; + } + + { + opt = "nix-index"; + input = "nix-index-database"; + } + + { + opt = "nix-mineral"; + input = "nix-mineral"; + } + ]; + + kyraHost = name: + nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ defaultPath ++ inputedModules; + specialArgs = { + inherit + inputs + name + self + ; + }; + }; + + kyraStack = + genAttrs [ + "hazel" + "lynn" + "yara" + "ivy" + "mel" + ] + kyraHost; + in { + # Main PC + nixosConfigurations = + { + "ada" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/ada/" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.lanzaboote.nixosModules.lanzaboote + inputs.home-manager.nixosModules.default + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # Main Laptop + "isla" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/isla/" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + inputs.lanzaboote.nixosModules.lanzaboote + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # homelab + "viola" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/viola" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.lanzaboote.nixosModules.lanzaboote + inputs.home-manager.nixosModules.default + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # WSL2 + "wanda" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/wanda/" + inputs.nixos-wsl.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # custom ISO + "florence" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/florence/" + ]; + }; + } + // kyraStack; + # few words about kyraStack: + # it's my little fleet, 5 identical VPSes + # really nice that all of them are 2 vCPU 2GB + # tho ssd/nvme/hdd memory is nothing important + # and being KVM VPS / pure VPS too + + # home-manager homeConfigurations = { "hand7s" = inputs.home-manager.lib.homeManagerConfiguration { pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; @@ -407,216 +595,12 @@ inputs.hyprland.homeManagerModules.default inputs.chaotic.homeManagerModules.default inputs.sops-nix.homeManagerModules.sops - inputs.nix-index-database.homeModules.nix-index inputs.noctalia.homeModules.default inputs.stylix.homeModules.stylix ]; }; }; - - # nixos hosts - - # my PC - nixosConfigurations = { - "ada" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/ada/" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.default - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # my laptop - "isla" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/isla/" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.home-manager - inputs.lanzaboote.nixosModules.lanzaboote - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # my VPSes: - - # VPS 1 - "hazel" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "hazel"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 2 - "lynn" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "lynn"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 3 - "ivy" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "ivy"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 4 - "mel" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "mel"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # homelab - "viola" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/viola" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.default - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # WSL2 - "wanda" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/wanda/" - inputs.agenix.nixosModules.default - inputs.nixos-wsl.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - }; }; perSystem = { @@ -630,7 +614,7 @@ flakeCheck = true; programs = { - alejandra = { + "alejandra" = { enable = true; priority = 1; includes = [ @@ -638,7 +622,7 @@ ]; }; - statix = { + "statix" = { enable = true; priority = 1; includes = [ @@ -650,7 +634,7 @@ ]; }; - deadnix = { + "deadnix" = { enable = true; priority = 1; includes = [ @@ -683,72 +667,45 @@ gitPackage = pkgs.git; hooks = { - alejandra = { + "alejandra" = { enable = true; settings = { + verbosity = "quiet"; check = true; }; }; - deadnix = { + "deadnix" = { enable = true; settings = { edit = false; }; }; - statix = { + "statix" = { enable = true; - settings = { - config = "${pkgs.writeText ''statix.toml'' '' - disabled = [ - "empty_pattern" - ] - ''}"; - }; }; }; }; }; - # numtide/devshells, basically a devShells but better - devshells = { - "default" = { - name = "default"; + # cachix/devenv, basically a devShells, even better than numtide/devshells + devenv = { + shells = { + "default" = { + enterShell = config.pre-commit.shellHook; - commands = [ - { - name = "pre"; - category = "[tools]"; - command = "prek run -a"; - help = '' - pre-commit-hook is a tool to execute linters / formatters before `git commit` to verify that code is meeting standarts of code setted up in projects; - ''; - } - - { - name = "fmt"; - category = "[formatters]"; - command = "nix fmt"; - help = '' - nix fmt is built-in formatting solution for nix pacakage manager; - ''; - } - ]; - - devshell = { - startup = { - "git-hooks-nix" = { - text = config.pre-commit.shellHook; - }; + devenv = { + root = toString /home/hand7s/Projects/flake; }; - }; - packages = with pkgs; - [ - just - ] - ++ config.pre-commit.settings.enabledPackages; + packages = + [ + pkgs.just + config.treefmt.build.wrapper + ] + ++ config.pre-commit.settings.enabledPackages; + }; }; }; diff --git a/florence/default.nix b/florence/default.nix new file mode 100644 index 0000000..aaeeeaa --- /dev/null +++ b/florence/default.nix @@ -0,0 +1,32 @@ +{inputs, ...}: { + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix" + ]; + + services = { + openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + }; + }; + + system = { + stateVersion = "25.05"; + }; + + users = { + users = { + "root" = { + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hand7s/default.nix b/hand7s/default.nix index 8600f50..4dfb40a 100644 --- a/hand7s/default.nix +++ b/hand7s/default.nix @@ -5,11 +5,17 @@ "${self}/hand7s/wayland/hyprland.nix" + "${self}/hand7s/gtk/gtk.nix" + "${self}/hand7s/gtk/gtk3.nix" + "${self}/hand7s/gtk/gtk4.nix" + "${self}/hand7s/home/defaults.nix" "${self}/hand7s/home/gui.nix" "${self}/hand7s/home/keyboard.nix" "${self}/hand7s/home/packages.nix" "${self}/hand7s/home/shellAliases.nix" + "${self}/hand7s/home/variables.nix" + "${self}/hand7s/home/shell.nix" "${self}/hand7s/nixpkgs/config.nix" "${self}/hand7s/nixpkgs/overlays.nix" @@ -40,5 +46,15 @@ "${self}/hand7s/programs/direnv.nix" "${self}/hand7s/programs/noctalia.nix" "${self}/hand7s/programs/iamb.nix" + "${self}/hand7s/programs/nushell.nix" + "${self}/hand7s/programs/carapace.nix" + "${self}/hand7s/programs/broot.nix" + "${self}/hand7s/programs/atuin.nix" + "${self}/hand7s/programs/gitui.nix" + + "${self}/hand7s/xdg/portal.nix" + "${self}/hand7s/xdg/mime.nix" + "${self}/hand7s/xdg/configFile.nix" + "${self}/hand7s/xdg/terminal.nix" ]; } diff --git a/hand7s/gtk/gtk.nix b/hand7s/gtk/gtk.nix index 95d197c..6234463 100644 --- a/hand7s/gtk/gtk.nix +++ b/hand7s/gtk/gtk.nix @@ -1,5 +1,8 @@ -_: { +{pkgs, ...}: { gtk = { - enable = true; + iconTheme = { + package = pkgs.morewaita-icon-theme; + name = "MoreWaita"; + }; }; } diff --git a/hand7s/gtk/gtk3.nix b/hand7s/gtk/gtk3.nix new file mode 100644 index 0000000..ce810cb --- /dev/null +++ b/hand7s/gtk/gtk3.nix @@ -0,0 +1,42 @@ +_: { + gtk = { + gtk3 = { + extraCss = '' + headerbar { + background-color: mix(@base0D, @base02, 0.08); + } + + headerbar title { + font-size: 14px; + font-weight: 500; + } + + popover contents, + .menu { + background-color: mix(@base0D, @base02, 0.11); + } + + tooltip { + background-color: mix(@base0D, @base02, 0.14); + } + + button label { + font-size: 12px; + font-weight: 500; + } + + button:hover { + background-color: alpha(@base0D, 0.08); + } + + button:focus { + background-color: alpha(@base0D, 0.12); + } + + button:active { + background-color: alpha(@base0D, 0.16); + } + ''; + }; + }; +} diff --git a/hand7s/gtk/gtk4.nix b/hand7s/gtk/gtk4.nix new file mode 100644 index 0000000..f688b67 --- /dev/null +++ b/hand7s/gtk/gtk4.nix @@ -0,0 +1,37 @@ +_: { + gtk = { + gtk4 = { + extraCss = '' + headerbar { + background-color: mix(@base0D, @base02, 0.08); + } + + headerbar title { + font-size: 14px; + font-weight: 500; + } + + popover contents { + background-color: mix(@base0D, @base02, 0.11); + } + + button label { + font-size: 12px; + font-weight: 500; + } + + button:hover { + background-color: alpha(@base0D, 0.08); + } + + button:focus { + background-color: alpha(@base0D, 0.12); + } + + button:active { + background-color: alpha(@base0D, 0.16); + } + ''; + }; + }; +} diff --git a/hand7s/home/packages.nix b/hand7s/home/packages.nix index 9ccc0ea..d0fd64d 100644 --- a/hand7s/home/packages.nix +++ b/hand7s/home/packages.nix @@ -7,16 +7,17 @@ xh dua nvd + tlrc dust sops rsync procs + sshfs sbctl gping comma trippy bottom - ragenix ripgrep kubectl gitoxide diff --git a/hand7s/home/shell.nix b/hand7s/home/shell.nix new file mode 100644 index 0000000..650e35f --- /dev/null +++ b/hand7s/home/shell.nix @@ -0,0 +1,7 @@ +_: { + home = { + shell = { + enableShellIntegration = true; + }; + }; +} diff --git a/hand7s/home/variables.nix b/hand7s/home/variables.nix new file mode 100644 index 0000000..726737a --- /dev/null +++ b/hand7s/home/variables.nix @@ -0,0 +1,10 @@ +_: { + home = { + sessionVariables = { + CARAPACE_BRIDGES = "fish"; + DIRENV_WARN_TIMEOUT = "5m"; + GTK_USE_PORTAL = "1"; + AQ_NO_MODIFIERS = "1"; + }; + }; +} diff --git a/hand7s/nix/settings/trusted-public-keys.nix b/hand7s/nix/settings/trusted-public-keys.nix index e5cc01b..db02cd7 100644 --- a/hand7s/nix/settings/trusted-public-keys.nix +++ b/hand7s/nix/settings/trusted-public-keys.nix @@ -9,7 +9,6 @@ _: { # cachix.org "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" - "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" ]; diff --git a/hand7s/nixpkgs/overlays.nix b/hand7s/nixpkgs/overlays.nix deleted file mode 100644 index 8db0844..0000000 --- a/hand7s/nixpkgs/overlays.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - nixpkgs = { - overlays = [ - ]; - }; -} diff --git a/hand7s/options/gui.nix b/hand7s/options/gui.nix index c440f21..eefd593 100644 --- a/hand7s/options/gui.nix +++ b/hand7s/options/gui.nix @@ -6,8 +6,8 @@ ... }: let cfg = config.home.gui; - ayugram = self.inputs.ayugram-desktop.packages.${pkgs.system}.ayugram-desktop; - freesm-launcher = self.inputs.freesm.packages.${pkgs.system}.freesmlauncher; + ayugram = self.inputs.ayugram-desktop.packages.${pkgs.stdenv.hostPlatform.system}.ayugram-desktop; + freesm-launcher = self.inputs.freesm.packages.${pkgs.stdenv.hostPlatform.system}.freesmlauncher; in { options.home.gui = { enable = lib.mkEnableOption '' @@ -45,7 +45,6 @@ in { vesktop ayugram anki-bin - obsidian mindustry lan-mouse monero-gui @@ -70,10 +69,10 @@ in { cfg.sessionType == "Hyprland" ) [ fum - timg dconf iwgtk tokei + gajim ifuse yt-dlp termusic @@ -86,17 +85,21 @@ in { yubico-piv-tool yubikey-manager libimobiledevice + ungoogled-chromium yubikey-touch-detector yubikey-personalization self.inputs.noctalia.packages.${system}.default ]; }; + gtk.enable = true; + programs = { chromium.enable = true; spicetify.enable = true; ghostty.enable = true; git.enable = true; + obsidian.enable = true; }; services = with lib.mkDefault; { diff --git a/hand7s/programs/atuin.nix b/hand7s/programs/atuin.nix new file mode 100644 index 0000000..d974cd1 --- /dev/null +++ b/hand7s/programs/atuin.nix @@ -0,0 +1,22 @@ +_: { + programs = { + atuin = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + + settings = { + keymap_mode = "vim-normal"; + }; + + flags = [ + "--disable-up-arrow" + ]; + + daemon = { + enable = true; + logLevel = "info"; + }; + }; + }; +} diff --git a/hand7s/programs/broot.nix b/hand7s/programs/broot.nix new file mode 100644 index 0000000..b0fb242 --- /dev/null +++ b/hand7s/programs/broot.nix @@ -0,0 +1,13 @@ +_: { + programs = { + broot = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + + settings = { + modal = true; + }; + }; + }; +} diff --git a/hand7s/programs/carapace.nix b/hand7s/programs/carapace.nix new file mode 100644 index 0000000..49a3a69 --- /dev/null +++ b/hand7s/programs/carapace.nix @@ -0,0 +1,9 @@ +_: { + programs = { + carapace = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + }; + }; +} diff --git a/hand7s/programs/chrome.nix b/hand7s/programs/chrome.nix index 0259f9d..b67b690 100644 --- a/hand7s/programs/chrome.nix +++ b/hand7s/programs/chrome.nix @@ -4,7 +4,6 @@ package = pkgs.google-chrome.override { commandLineArgs = [ "--enable-features=AcceleratedVideoEncoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,VaapiIgnoreDriverChecks,VaapiVideoDecoder,PlatformHEVCDecoderSupport,UseMultiPlaneFormatForHardwareVideo,SkiaGraphite" - "--enable-unsafe-webgpu" "--ignore-gpu-blocklist" "--enable-zero-copy" ]; diff --git a/hand7s/programs/direnv.nix b/hand7s/programs/direnv.nix index 84af0d8..20b7998 100644 --- a/hand7s/programs/direnv.nix +++ b/hand7s/programs/direnv.nix @@ -3,6 +3,7 @@ _: { direnv = { enable = true; silent = true; + enableNushellIntegration = true; nix-direnv = { enable = true; diff --git a/hand7s/programs/eza.nix b/hand7s/programs/eza.nix index 2ac0ee4..ac804c7 100644 --- a/hand7s/programs/eza.nix +++ b/hand7s/programs/eza.nix @@ -3,6 +3,7 @@ _: { eza = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; git = true; icons = "always"; }; diff --git a/hand7s/programs/fzf.nix b/hand7s/programs/fzf.nix index 31960f5..4c1c4ff 100644 --- a/hand7s/programs/fzf.nix +++ b/hand7s/programs/fzf.nix @@ -3,6 +3,7 @@ _: { fzf = { enable = true; enableFishIntegration = true; + tmux = { enableShellIntegration = true; }; diff --git a/hand7s/programs/ghostty.nix b/hand7s/programs/ghostty.nix index c1e2e65..9f1dca0 100644 --- a/hand7s/programs/ghostty.nix +++ b/hand7s/programs/ghostty.nix @@ -12,7 +12,7 @@ bell-features = "system"; - command = "${lib.getExe pkgs.fish}"; + command = "${lib.getExe pkgs.nushell}"; confirm-close-surface = false; diff --git a/hand7s/programs/gitui.nix b/hand7s/programs/gitui.nix new file mode 100644 index 0000000..23f9ddb --- /dev/null +++ b/hand7s/programs/gitui.nix @@ -0,0 +1,26 @@ +_: { + programs = { + gitui = { + enable = true; + keyConfig = '' + ( + move_left: Some(( code: Char('h'), modifiers: "" )), + move_right: Some(( code: Char('l'), modifiers: "" )), + move_up: Some(( code: Char('k'), modifiers: "" )), + move_down: Some(( code: Char('j'), modifiers: "" )), + + popup_up: Some(( code: Char('k'), modifiers: "" )), + popup_down: Some(( code: Char('j'), modifiers: "" )), + page_up: Some(( code: Char('b'), modifiers: "CONTROL" )), + page_down: Some(( code: Char('f'), modifiers: "CONTROL" )), + + stage_hunk: Some(( code: Char('x'), modifiers: "" )), + status_reset_item: Some(( code: Char('U'), modifiers: "SHIFT" )), + + shift_up: Some(( code: Char('K'), modifiers: "SHIFT" )), + shift_down: Some(( code: Char('J'), modifiers: "SHIFT" )), + ) + ''; + }; + }; +} diff --git a/hand7s/programs/helix.nix b/hand7s/programs/helix.nix index c8ae19c..c24e064 100644 --- a/hand7s/programs/helix.nix +++ b/hand7s/programs/helix.nix @@ -2,7 +2,15 @@ pkgs, lib, ... -}: { +}: let + formatter = { + run = "treefmt"; + args = [ + "--stdin" + "$f" + ]; + }; +in { programs = { helix = { package = pkgs.helix; @@ -10,52 +18,133 @@ defaultEditor = true; extraPackages = with pkgs; [ nixd + ruff + vtsls + rust-analyzer ]; settings = { editor = { line-number = "relative"; cursorline = true; + auto-pairs = true; + auto-save = { + focus-lost = true; + after-delay = { + enable = true; + timeout = 3000; + }; + }; + + soft-wrap = { + enable = true; + }; + + inline-diagnostics = { + cursor-line = "hint"; + }; + lsp = { - display-messages = true; + enable = true; + display-progress-messages = true; + display-inlay-hints = true; + }; + + cursor-shape = { + normal = "underline"; + insert = "block"; + select = "underline"; }; }; }; languages = { language-servers = { - nixd = { + "nixd" = { command = "${lib.getExe pkgs.nixd}"; args = [ "--inlay-hints=true" ]; }; + + "ruff" = { + command = "${lib.getExe pkgs.ruff}"; + args = [ + "server" + ]; + }; + + "vtsls" = { + command = "${lib.getExe pkgs.vtsls}"; + args = [ + "--stdio" + ]; + }; + + "rust-lsp" = { + command = "${lib.getExe pkgs.rust-analyzer}"; + }; }; - language = [ + languages = [ { name = "nix"; - comment-token = "#"; - injection-regex = "nix"; - indent = { - tab-width = 4; - unit = " "; - }; - - formatter = { - command = "${lib.getExe pkgs.nix}"; - args = [ - "fmt" - ]; - }; - - file-types = [ - "nix" - ]; - + auto-format = true; language-servers = [ "nixd" ]; + + inherit + formatter + ; + } + + { + name = "python"; + auto-format = true; + language-servers = [ + "ruff" + ]; + + inherit + formatter + ; + } + + { + name = "rust"; + auto-format = true; + language-servers = [ + "rust-lsp" + ]; + + inherit + formatter + ; + } + + { + name = "javascript"; + auto-format = true; + language-servers = [ + "vtsls" + ]; + + inherit + formatter + ; + } + + { + name = "typescript"; + auto-format = true; + language-servers = [ + "vtsls" + ]; + + inherit + formatter + ; } ]; }; diff --git a/hand7s/programs/index.nix b/hand7s/programs/index.nix index d7475b9..dc16de9 100644 --- a/hand7s/programs/index.nix +++ b/hand7s/programs/index.nix @@ -3,6 +3,7 @@ _: { nix-index = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; }; }; } diff --git a/hand7s/programs/noctalia.nix b/hand7s/programs/noctalia.nix index 662f6cc..ad629d3 100644 --- a/hand7s/programs/noctalia.nix +++ b/hand7s/programs/noctalia.nix @@ -19,9 +19,10 @@ forceBlackScreenCorners = true; showScreenCorners = true; screenRadiusRatio = 1; - radiusRatio = 0.7; + radiusRatio = 1.5; + enableBlurBehind = true; enableShadows = true; - shadowDirection = "center"; + shadowDirection = "bottom_right"; }; appLauncher = { @@ -40,10 +41,12 @@ }; bar = { - floating = false; - density = "default"; + floating = true; + density = "comfortable"; position = "right"; - showCapsule = false; + showCapsule = true; + contentPadding = 8; + widgetSpacing = 10; marginVertical = 1; marginHorizontal = 0.6; monitors = [ @@ -119,7 +122,7 @@ }; notifications = { - location = "top_center"; + location = "top_right"; }; controlCenter = { @@ -147,6 +150,7 @@ }; dock = { + dockType = "static"; displayMode = "auto_hide"; floatingRatio = 1; onlySameOutput = true; @@ -198,9 +202,9 @@ }; ui = { - fontDefault = lib.mkForce "Nerd Fonts Hack"; + fontDefault = lib.mkForce "Monaspace Aether Nerd Font"; fontDefaultScale = 1; - fontFixed = lib.mkForce "Nerd Fonts Hack"; + fontFixed = lib.mkForce "Roboto Mono Nerd Font"; fontFixedScale = 1; idleInhibitorEnabled = false; tooltipsEnabled = true; diff --git a/hand7s/programs/nushell.nix b/hand7s/programs/nushell.nix new file mode 100644 index 0000000..296a012 --- /dev/null +++ b/hand7s/programs/nushell.nix @@ -0,0 +1,24 @@ +{ + pkgs, + lib, + ... +}: { + programs = { + nushell = { + enable = true; + extraEnv = '' + $env.EDITOR = "hx" + ''; + + extraConfig = '' + $env.config.show_banner = false + + $env.config.buffer_editor = "hx" + + def fish-run [cmd: string] { + ^${lib.getExe pkgs.fish} -c $cmd + } + ''; + }; + }; +} diff --git a/hand7s/programs/spicetify.nix b/hand7s/programs/spicetify.nix index 56ab174..3f7be81 100644 --- a/hand7s/programs/spicetify.nix +++ b/hand7s/programs/spicetify.nix @@ -6,13 +6,13 @@ }: { programs = { spicetify = { - enabledExtensions = with self.inputs.spicetify-nix.legacyPackages.${pkgs.system}.extensions; [ + enabledExtensions = with self.inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.extensions; [ adblock hidePodcasts shuffle ]; - theme = lib.mkForce self.inputs.spicetify-nix.legacyPackages.${pkgs.system}.themes.text; + theme = lib.mkForce self.inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.themes.text; colorScheme = lib.mkForce "TokyoNight"; }; }; diff --git a/hand7s/programs/starship.nix b/hand7s/programs/starship.nix index 5228038..cd8615c 100644 --- a/hand7s/programs/starship.nix +++ b/hand7s/programs/starship.nix @@ -3,15 +3,17 @@ _: { starship = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; + settings = { add_newline = true; format = '' [╭──╼](bold blue) $username at $hostname on $os - [┆](bold blue) $directory$git_branch$git_commit$git_state$git_metrics$git_status + [┆](bold blue) $directory$git_branch$git_commit$git_state$git_metrics$git_status$kubernetes$rust [╰─>](bold blue) ''; - right_format = ''$cmd_duration ($character) at ❗$time''; + right_format = ''$cmd_duration ($status) at ❗$time''; os = { format = "[($name $codename$version$edition $symbol )]($style)"; @@ -33,9 +35,18 @@ _: { style_user = "bold green"; }; - character = { - success_symbol = "[✓](bold green)"; - error_symbol = "[✗](bold red)"; + status = { + disabled = false; + format = "[$symbol]($style)"; + symbol = "✗"; + success_symbol = "✓"; + not_executable_symbol = "⃠🚫"; + not_found_symbol = "🔍"; + sigint_symbol = "[🛑](bold red)"; + signal_symbol = "[⚡](bold yellow)"; + + pipestatus = true; + pipestatus_separator = "|"; }; time = { @@ -53,6 +64,14 @@ _: { show_notifications = false; format = "was [$duration](bold green)"; }; + + rust = { + format = "via [⚙️ $version](red bold)"; + }; + + kubernetes = { + disabled = false; + }; }; }; }; diff --git a/hand7s/programs/yazi.nix b/hand7s/programs/yazi.nix index 234c8e9..396e8d9 100644 --- a/hand7s/programs/yazi.nix +++ b/hand7s/programs/yazi.nix @@ -7,6 +7,8 @@ yazi = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; + shellWrapperName = "yz"; settings = { mgr = { @@ -42,33 +44,63 @@ }; opener = { - play = [ + "play" = [ { - run = "${lib.getExe pkgs.mpv} ''$@''"; + run = ''${lib.getExe pkgs.mpv} --vo=tct "%s"''; block = true; for = "unix"; } ]; - view = [ + "view" = [ { - run = "${lib.getExe pkgs.timg} ''-p k -C $@ | ${lib.getExe' pkgs.uutils-coreutils-noprefix "more"}''"; + run = ''${lib.getExe pkgs.viu} -t "%s"''; block = true; for = "unix"; } ]; - edit = [ + "edit" = [ { - run = "${lib.getExe pkgs.helix} ''$@''"; + run = ''${lib.getExe pkgs.helix} "%s"''; block = true; for = "unix"; } ]; - open = [ + "doc" = [ { - run = "${lib.getExe' pkgs.xdg-utils "xdg-open"} ''$@''"; + run = ''${lib.getExe pkgs.tdf} "%s"''; + block = true; + for = "unix"; + } + ]; + + "hex" = [ + { + run = ''${lib.getExe pkgs.hexyl} "$s"''; + } + ]; + + "exfil" = [ + { + run = ''${lib.getExe pkgs.ouch} de "%s"''; + block = true; + for = "unix"; + } + ]; + + "book" = [ + { + run = ''${lib.getExe pkgs.epr} "%s"''; + block = true; + for = "unix"; + } + ]; + + "open" = [ + { + run = ''${lib.getExe' pkgs.xdg-utils "xdg-open"} "%s"''; orphan = true; for = "unix"; } @@ -78,23 +110,83 @@ open = { rules = [ { - mime = "image/*"; - use = "view"; - } - - { - mime = "text/*"; - use = "edit"; + mime = "video/*"; + use = [ + "play" + "open" + ]; } { mime = "audio/*"; - use = "play"; + use = [ + "play" + "open" + ]; } { - mime = "video/*"; - use = "play"; + mime = "application/epub+zip"; + use = [ + "book" + "edit" + ]; + } + + { + mime = "application/pdf"; + use = [ + "doc" + "open" + ]; + } + + { + mime = "application/{octet-stream,x-executable,x-sharedlib,x-pie-executable}"; + use = [ + "hex" + "open" + ]; + } + + { + mime = "application/vnd.*"; + use = [ + "open" + "edit" + ]; + } + + { + mime = "font/*"; + use = [ + "open" + "edit" + ]; + } + + { + mime = "application/{zip,rar,7z*,tar*,x-tar,x-bzip*,x-gzip,x-xz}"; + use = [ + "exfil" + "open" + ]; + } + + { + mime = "text/*"; + use = [ + "edit" + "open" + ]; + } + + { + mime = "*"; + use = [ + "edit" + "open" + ]; } ]; }; diff --git a/hand7s/programs/zellij.nix b/hand7s/programs/zellij.nix index 907eca4..a910b23 100644 --- a/hand7s/programs/zellij.nix +++ b/hand7s/programs/zellij.nix @@ -6,8 +6,32 @@ programs = { zellij = { enable = true; + settings = { - default_shell = "${lib.getExe pkgs.fish}"; + options = { + copy_on_select = false; + }; + + keybinds = { + unbind = [ + "Alt n" + "Alt i" + "Alt o" + "Alt h" + "Alt j" + "Alt k" + "Alt l" + "Alt f" + "Alt Up" + "Alt Down" + "Alt Right" + "Alt Left" + "Alt +" + "Alt -" + ]; + }; + + default_shell = "${lib.getExe pkgs.nushell}"; show_startup_tips = false; show_release_notes = false; simplified_ui = true; diff --git a/hand7s/programs/zoxide.nix b/hand7s/programs/zoxide.nix index 0739e21..0527806 100644 --- a/hand7s/programs/zoxide.nix +++ b/hand7s/programs/zoxide.nix @@ -3,6 +3,7 @@ _: { zoxide = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; }; }; } diff --git a/hand7s/stylix/base16Scheme.nix b/hand7s/stylix/base16Scheme.nix index 6cea17f..169ffc6 100644 --- a/hand7s/stylix/base16Scheme.nix +++ b/hand7s/stylix/base16Scheme.nix @@ -1,22 +1,22 @@ _: { stylix = { base16Scheme = { - scheme = "Tokyonight by Folke Lemaitre (https://github.com/folke)"; - name = "Tokyonight"; + scheme = "Tokyo-Night-Storm-MD3e"; + name = "TokyoNightStormMD3e"; base00 = "#24283b"; base01 = "#1f2335"; base02 = "#292e42"; base03 = "#565f89"; base04 = "#a9b1d6"; base05 = "#c0caf5"; - base06 = "#c0caf5"; - base07 = "#c0caf5"; + base06 = "#cdd6f4"; + base07 = "#d5d6db"; base08 = "#f7768e"; base09 = "#ff9e64"; base0A = "#e0af68"; base0B = "#9ece6a"; - base0C = "#1abc9c"; - base0D = "#41a6b5"; + base0C = "#7dcfff"; + base0D = "#7aa2f7"; base0E = "#bb9af7"; base0F = "#ff007c"; }; diff --git a/hand7s/stylix/fonts.nix b/hand7s/stylix/fonts.nix index 1cea8c4..6b67bb6 100644 --- a/hand7s/stylix/fonts.nix +++ b/hand7s/stylix/fonts.nix @@ -2,30 +2,30 @@ stylix = { fonts = { sizes = { - applications = 10; - desktop = 8; - popups = 10; - terminal = 10; + applications = 12; + desktop = 11; + popups = 11; + terminal = 12; }; monospace = { - package = pkgs.nerd-fonts.roboto-mono; - name = "Roboto-Mono Nerd Font"; + package = pkgs.nerd-fonts.monaspace; + name = "Monospace Aether Nerd Font"; }; emoji = { - package = pkgs.nerd-fonts.symbols-only; - name = "Symbols Only Nerd Font"; + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; }; sansSerif = { - package = pkgs.nerd-fonts.aurulent-sans-mono; - name = "Aurulent Sans Mono Nerd Font"; + package = pkgs.nerd-fonts.iosevka-term-slab; + name = "Iosevka Term Slab Nerd Font"; }; serif = { - package = pkgs.nerd-fonts.hack; - name = "Hack Nerd Font"; + package = pkgs.nerd-fonts.noto; + name = "Noto Serif Nerd Font"; }; }; }; diff --git a/hand7s/stylix/red_ish.nix b/hand7s/stylix/red_ish.nix deleted file mode 100644 index 6c5ae1e..0000000 --- a/hand7s/stylix/red_ish.nix +++ /dev/null @@ -1,32 +0,0 @@ -_: { - stylix = { - base16Scheme = { - base00 = "2a1617"; - base01 = "5d3f3f"; - base02 = "7a5bab"; - base03 = "bb9499"; - base04 = "eea1cf"; - base05 = "f5dddd"; - base06 = "ffebff"; - base07 = "ffede9"; - base08 = "e36b70"; - base09 = "ac878e"; - base0A = "db7356"; - base0B = "a78897"; - base0C = "ca7a79"; - base0D = "b28776"; - base0E = "d8708b"; - base0F = "ec6653"; - base10 = "2a1617"; - base11 = "2a1617"; - base12 = "e36b70"; - base13 = "ac878e"; - base14 = "a78897"; - base15 = "ca7a79"; - base16 = "b28776"; - base17 = "d8708b"; - scheme = "hand7s"; - name = "red_ish"; - }; - }; -} diff --git a/hand7s/stylix/wallpaper3.png b/hand7s/stylix/wallpaper3.png index 97a0dae..fdda3fb 100644 Binary files a/hand7s/stylix/wallpaper3.png and b/hand7s/stylix/wallpaper3.png differ diff --git a/hand7s/wayland/hyprland.nix b/hand7s/wayland/hyprland.nix index 907ee9f..b5122ee 100644 --- a/hand7s/wayland/hyprland.nix +++ b/hand7s/wayland/hyprland.nix @@ -1,6 +1,6 @@ { - self, config, + self, pkgs, lib, ... @@ -14,22 +14,22 @@ ) true; - package = self.inputs.hyprland.packages.${pkgs.system}.hyprland; - portalPackage = self.inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; + package = self.inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}.hyprland; + portalPackage = self.inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; settings = { monitor = ", 2560x1440@165.00Hz, 0x0, 1"; general = { - gaps_in = "5"; - gaps_out = "20"; - border_size = "2"; + gaps_in = 8; + gaps_out = 20; + border_size = 0; layout = "dwindle"; snap = { enabled = false; - window_gap = "5"; - monitor_gap = "5"; + window_gap = 10; + monitor_gap = 10; border_overlap = false; }; }; @@ -39,9 +39,9 @@ kb_options = "grp:caps_toggle"; numlock_by_default = true; - follow_mouse = "1"; + follow_mouse = 1; left_handed = false; - sensitivity = "0"; + sensitivity = 0; special_fallthrough = true; focus_on_close = 1; @@ -64,27 +64,29 @@ }; decoration = { - active_opacity = "0.85"; - inactive_opacity = "0.65"; + active_opacity = "0.92"; + inactive_opacity = "0.88"; fullscreen_opacity = "1.0"; - rounding = "10"; - dim_inactive = true; - dim_strength = "0.15"; - dim_special = "0.0"; - dim_around = "0.05"; + rounding = 24; + rounding_power = "2"; + + dim_inactive = false; shadow = { enabled = true; - render_power = "4"; - range = "4"; + render_power = 3; + range = 20; ignore_window = false; + offset = "0 4"; + scale = "1.0"; }; blur = { enabled = true; - size = "10"; - passes = "5"; + size = 8; + passes = 3; + vibrancy = 0.2; }; }; @@ -92,7 +94,7 @@ "${lib.getExe' pkgs.systemd "systemctl"} --user start hyprpaper.service" "${lib.getExe' pkgs.systemd "systemctl"} --user start hypridle.service" "${lib.getExe' pkgs.systemd "systemctl"} --user start hyprpolkitagent.service" - "${lib.getExe self.inputs.noctalia.packages.${pkgs.system}.default}" + "${lib.getExe self.inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default}" "${lib.getExe' pkgs.hyprland "hyprctl"} setcursor material_light_cursors 20" ]; @@ -100,12 +102,12 @@ bind = [ "ALT, return, exec, ${lib.getExe pkgs.ghostty}" "ALT, Q, killactive," - "ALT, S, exec, ${lib.getExe self.inputs.noctalia.packages.${pkgs.system}.default} ipc call launcher toggle" + "ALT, S, exec, ${lib.getExe self.inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default} ipc call launcher toggle" "ALT, F, fullscreen, 0" "ALT, L, exec, ${lib.getExe pkgs.hyprlock}" "ALT SHIFT, space, togglefloating, active" - "ALT SHIFT, S, exec, ${lib.getExe pkgs.grimblast} --notify --freeze copysave area /home/hand7s/Pictures/Screenshots/$(date '+%y%m%d_%H-%M-%s').png | , killall -9 hyprpicker" + "ALT SHIFT, S, exec, ${lib.getExe pkgs.grimblast} --notify --freeze copysave area /home/hand7s/Pictures/Screenshots/$(date '+%y%m%d_%H-%M-%s').png || , killall -9 hyprpicker" "ALT, left, movefocus, l" "ALT, right, movefocus, r" @@ -163,18 +165,34 @@ ]; animation = [ + "workspace_wraparound = true" "enabled = true" - "animation = windows, 1, 7, popin" - "animation = windowsOut, 1, 7, popin" + "bezier = md3_standard, 0.2, 0.0, 0.0, 1.0" + "bezier = md3_decel, 0.05, 0.7, 0.1, 1.0" + "bezier = md3_accel, 0.3, 0.0, 0.8, 0.15" - "animation = layers, 1, 7, fade" + "bezier = menu_decel, 0.1, 1.0, 0.1, 1.0" + "bezier = menu_accel, 0.38, 0.04, 1.0, 0.07" - "animation = border, 1, 10" - "animation = borderangle, 1, 10" + "animation = windows, 1, 4, md3_decel, slide" + "animation = windowsIn, 1, 4, md3_decel, slide" + "animation = windowsOut, 1, 2, md3_accel, slide" + "animation = fade, 1, 2, md3_standard" + "animation = layers, 1, 2, md3_decel, slide" + "animation = layersIn, 1, 3, md3_decel, slide" + "animation = layersOut, 1, 2, md3_accel, slide" + "animation = fadeLayersIn, 1, 3, menu_decel" + "animation = fadeLayersOut, 1, 2, menu_accel" + "animation = workspaces, 1, 4, md3_standard, slidefade 20%" + "animation = specialWorkspace, 1, 3, md3_decel, slidevert" + ]; - "animation = workspaces, 1, 7, slidevert" - "animation = specialWorkspace, 1, 7, slidevert" + windowrulev2 = [ + "float, class:^(yazi-picker)$" + "center, class:^(yazi-picker)$" + "size 1000 600, class:^(yazi-picker)$" + "stayfocused, class:^(yazi-picker)$" ]; misc = { @@ -185,11 +203,12 @@ animate_mouse_windowdragging = true; focus_on_activate = true; close_special_on_empty = true; - initial_workspace_tracking = "2"; + vrr = "3"; }; render = { cm_auto_hdr = 0; + direct_scanout = "2"; }; binds = { @@ -264,8 +283,7 @@ plugins = with pkgs.hyprlandPlugins; [ hypr-dynamic-cursors - hyprscrolling - hyprexpo + hyprspace ]; }; }; diff --git a/hand7s/xdg/configFile.nix b/hand7s/xdg/configFile.nix new file mode 100644 index 0000000..64cb8e6 --- /dev/null +++ b/hand7s/xdg/configFile.nix @@ -0,0 +1,22 @@ +{ + lib, + pkgs, + ... +}: { + xdg = { + configFile = { + "xdg-desktop-portal-termfilechooser/config" = { + enable = true; + force = true; + text = '' + [filechooser] + cmd="${pkgs.xdg-desktop-portal-termfilechooser}/share/xdg-desktop-portal-termfilechooser/yazi-wrapper.sh" + default_dir=$HOME + env=TERMCMD="${lib.getExe pkgs.ghostty} --title='yazi-picker' -e" + open_mode=suggested + save_mode=last + ''; + }; + }; + }; +} diff --git a/hand7s/xdg/mime.nix b/hand7s/xdg/mime.nix new file mode 100644 index 0000000..1c1102b --- /dev/null +++ b/hand7s/xdg/mime.nix @@ -0,0 +1,11 @@ +_: { + xdg = { + mime = { + enable = true; + }; + + mimeApps = { + enable = true; + }; + }; +} diff --git a/hand7s/xdg/portal.nix b/hand7s/xdg/portal.nix new file mode 100644 index 0000000..c56d593 --- /dev/null +++ b/hand7s/xdg/portal.nix @@ -0,0 +1,35 @@ +{ + config, + pkgs, + lib, + ... +}: { + xdg = { + portal = { + enable = lib.mkIf config.home.gui.enable true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-termfilechooser + ]; + + config = { + common = { + default = [ + "gtk" + ]; + }; + + hyprland = { + default = [ + "gtk" + "hyprland" + ]; + + "org.freedesktop.impl.portal.FileChooser" = [ + "termfilechooser" + ]; + }; + }; + }; + }; +} diff --git a/hand7s/xdg/terminal.nix b/hand7s/xdg/terminal.nix new file mode 100644 index 0000000..64d9c95 --- /dev/null +++ b/hand7s/xdg/terminal.nix @@ -0,0 +1,12 @@ +_: { + xdg = { + terminal-exec = { + enable = true; + settings = { + default = [ + "com.mitchellh.ghostty.desktop" + ]; + }; + }; + }; +} diff --git a/isla/boot/initrd.nix b/isla/boot/initrd.nix index 4f1ef31..8169876 100644 --- a/isla/boot/initrd.nix +++ b/isla/boot/initrd.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +_: { boot = { initrd = { availableKernelModules = [ @@ -17,13 +17,8 @@ supportedFilesystems = { vfat = true; btrfs = true; - zfs = lib.mkForce false; }; - kernelModules = [ - "i915" - ]; - luks = { devices = { cryptroot = { diff --git a/isla/boot/kernel.nix b/isla/boot/kernel.nix index 0931dbc..0a0fe19 100644 --- a/isla/boot/kernel.nix +++ b/isla/boot/kernel.nix @@ -1,8 +1,4 @@ -{ - pkgs, - lib, - ... -}: { +{pkgs, ...}: { boot = { kernel = { sysctl = { @@ -16,13 +12,9 @@ }; }; - kernelPackages = pkgs.linuxPackages_zen; - extraModprobeConfig = '' - options thinkpad_acpi fan_control=1 - ''; + kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ - "i915.enable_rc6=7" "udev.log_priority=3" "quiet" "splash" @@ -35,15 +27,12 @@ "page_alloc.shuffle=1" "page_poison=1" "slab_nomerge" + "zswap.enabled=0" "kernel.watchdog=0" "oops=panic" ]; - kernelModules = [ - "tp_smapi" - ]; - blacklistedKernelModules = [ "k10temp" "ax25" @@ -77,9 +66,6 @@ supportedFilesystems = { vfat = true; btrfs = true; - zfs = lib.mkForce false; }; - - # consoleLogLevel = 0; }; } diff --git a/isla/boot/lanzaboote.nix b/isla/boot/lanzaboote.nix index 08d07df..8036b8a 100644 --- a/isla/boot/lanzaboote.nix +++ b/isla/boot/lanzaboote.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { lanzaboote = { enable = true; diff --git a/isla/boot/tmp.nix b/isla/boot/tmp.nix index ac46b34..904e141 100644 --- a/isla/boot/tmp.nix +++ b/isla/boot/tmp.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { tmp = { useTmpfs = true; diff --git a/isla/console/console.nix b/isla/console/console.nix index 1e60d13..e3a24c9 100644 --- a/isla/console/console.nix +++ b/isla/console/console.nix @@ -1,4 +1,4 @@ -{...}: { +_: { console = { useXkbConfig = true; }; diff --git a/isla/default.nix b/isla/default.nix index 08bdc02..df175fb 100644 --- a/isla/default.nix +++ b/isla/default.nix @@ -3,7 +3,7 @@ "${self}/isla/disko/disk.nix" "${self}/isla/disko/lvm_vg.nix" - "${self}/isla/boot/loader/system-boot.nix" + "${self}/isla/boot/loader/systemd-boot.nix" "${self}/isla/boot/lanzaboote.nix" "${self}/isla/boot/initrd.nix" "${self}/isla/boot/kernel.nix" diff --git a/isla/disko/disk.nix b/isla/disko/disk.nix index 221caa2..630fe89 100644 --- a/isla/disko/disk.nix +++ b/isla/disko/disk.nix @@ -1,8 +1,8 @@ -{...}: { +_: { disko = { devices = { disk = { - main = { + "main" = { device = "/dev/disk/by-id/ata-ST92503010AS_5YH0CJFL"; type = "disk"; content = { diff --git a/isla/disko/lvm_vg.nix b/isla/disko/lvm_vg.nix index 8e108be..1c255d5 100644 --- a/isla/disko/lvm_vg.nix +++ b/isla/disko/lvm_vg.nix @@ -1,4 +1,4 @@ -{...}: { +_: { disko = { devices = { lvm_vg = { diff --git a/isla/hardware/cpu.nix b/isla/hardware/cpu.nix index e5746c6..441946f 100644 --- a/isla/hardware/cpu.nix +++ b/isla/hardware/cpu.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware = { enableRedistributableFirmware = true; cpu = { diff --git a/isla/hardware/qmk.nix b/isla/hardware/qmk.nix index 543ece2..8742a19 100644 --- a/isla/hardware/qmk.nix +++ b/isla/hardware/qmk.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware = { keyboard = { qmk = { diff --git a/isla/hardware/zram.nix b/isla/hardware/zram.nix index b973787..0d77537 100644 --- a/isla/hardware/zram.nix +++ b/isla/hardware/zram.nix @@ -1,4 +1,4 @@ -{...}: { +_: { zramSwap = { enable = true; algorithm = "zstd"; diff --git a/isla/home-manager/users.nix b/isla/home-manager/users.nix index 04c47d9..0a5f3e3 100644 --- a/isla/home-manager/users.nix +++ b/isla/home-manager/users.nix @@ -1,19 +1,15 @@ -{ - inputs, - self, - ... -}: { +{self, ...}: { home-manager = { users = { - hand7s = { + "hand7s" = { imports = [ "${self}/hand7s/" - inputs.spicetify-nix.homeManagerModules.default - inputs.hyprland.homeManagerModules.default - inputs.chaotic.homeManagerModules.default - inputs.sops-nix.homeManagerModules.sops - - inputs.nix-index-database.homeModules.nix-index + self.inputs.spicetify-nix.homeManagerModules.default + self.inputs.hyprland.homeManagerModules.default + self.inputs.chaotic.homeManagerModules.default + self.inputs.sops-nix.homeManagerModules.sops + self.inputs.nix-index-database.homeModules.nix-index + self.inputs.noctalia.homeModules.default ]; }; }; @@ -22,7 +18,6 @@ extraSpecialArgs = { inherit - inputs self ; }; diff --git a/isla/i18n/locales.nix b/isla/i18n/locales.nix index 09234a5..f456740 100644 --- a/isla/i18n/locales.nix +++ b/isla/i18n/locales.nix @@ -1,4 +1,4 @@ -{...}: { +_: { i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ diff --git a/isla/networking/firewall.nix b/isla/networking/firewall.nix index c1d1150..4ec736e 100644 --- a/isla/networking/firewall.nix +++ b/isla/networking/firewall.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { firewall = { allowPing = true; diff --git a/isla/networking/hostId.nix b/isla/networking/hostId.nix index 4e2bb58..5267b08 100644 --- a/isla/networking/hostId.nix +++ b/isla/networking/hostId.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hostId = "3c4734c8"; }; diff --git a/isla/networking/hostname.nix b/isla/networking/hostname.nix index ef6faab..99feb11 100644 --- a/isla/networking/hostname.nix +++ b/isla/networking/hostname.nix @@ -1,5 +1,5 @@ -{...}: { +_: { networking = { - hostName = "s0melapt0p-nix"; + hostName = "isla"; }; } diff --git a/isla/networking/hosts.nix b/isla/networking/hosts.nix deleted file mode 100644 index 10e63c8..0000000 --- a/isla/networking/hosts.nix +++ /dev/null @@ -1,64 +0,0 @@ -{...}: { - networking = { - hosts = { - # EVA00 - "100.109.169.141" = [ - "eva00-nix.netbird.cloud" - "eva00-nix" - ]; - - "90.156.226.152" = [ - "eva00-nix.lan" - "eva00-nix" - ]; - - "200:deb2:ed25:a9e5:e30:4900:f88f:cb87" = [ - "eva00-nix.ygg" - "eva00-nix" - ]; - - # EVA01 - "100.109.107.176" = [ - "eva01-nix.netbird.cloud" - "eva01-nix" - ]; - - "37.114.50.235" = [ - "eva01-nix.lan" - "eva01-nix" - ]; - - "200:6ef:a61f:2f01:71d4:196:ab70:2103" = [ - "eva01-nix.ygg" - "eva01-nix" - ]; - - # EVA02 - "100.109.178.135" = [ - "eva02-nix.netbird.cloud" - "eva02-nix" - ]; - - "51.195.222.85" = [ - "eva02-nix.lan" - "eva02-nix" - ]; - - "201:52d6:c753:c1fd:f8b6:5897:cc6a:e1be" = [ - "eva02-nix.ygg" - "eva02-nix" - ]; - - # nerv-nix - "100.109.7.114" = [ - "nerv-nix.netbird.cloud" - "nerv-nix" - ]; - - "200:7abc:53c9:be8a:9941:96d:221b:cc76" = [ - "nerv-nix.ygg" - "nerv-nix" - ]; - }; - }; -} diff --git a/isla/networking/nameservers.nix b/isla/networking/nameservers.nix index a4d22c1..31726b9 100644 --- a/isla/networking/nameservers.nix +++ b/isla/networking/nameservers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { nameservers = [ # cf dns diff --git a/isla/networking/networkmanager.nix b/isla/networking/networkmanager.nix index 278a693..cce7f65 100644 --- a/isla/networking/networkmanager.nix +++ b/isla/networking/networkmanager.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { networkmanager = { enable = true; diff --git a/isla/networking/timeServers.nix b/isla/networking/timeServers.nix index 88e14c4..9289ea6 100644 --- a/isla/networking/timeServers.nix +++ b/isla/networking/timeServers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { timeServers = [ "0.nixos.pool.ntp.org" diff --git a/isla/networking/wireguard.nix b/isla/networking/wireguard.nix index 2ee5c02..bd2336c 100644 --- a/isla/networking/wireguard.nix +++ b/isla/networking/wireguard.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { wireguard = { enable = true; diff --git a/isla/nix/settings/allowed-users.nix b/isla/nix/settings/allowed-users.nix index d483d0c..0239519 100644 --- a/isla/nix/settings/allowed-users.nix +++ b/isla/nix/settings/allowed-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { sandbox = true; diff --git a/isla/nix/settings/auto-optimise-store.nix b/isla/nix/settings/auto-optimise-store.nix index 14f13c5..cb7a22a 100644 --- a/isla/nix/settings/auto-optimise-store.nix +++ b/isla/nix/settings/auto-optimise-store.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { auto-optimise-store = true; diff --git a/isla/nix/settings/experimental-features.nix b/isla/nix/settings/experimental-features.nix index 7ce7e89..9c45bc4 100644 --- a/isla/nix/settings/experimental-features.nix +++ b/isla/nix/settings/experimental-features.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { experimental-features = [ diff --git a/isla/nix/settings/substituters.nix b/isla/nix/settings/substituters.nix index 762ec5c..da0035f 100644 --- a/isla/nix/settings/substituters.nix +++ b/isla/nix/settings/substituters.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { substituters = [ @@ -9,10 +9,10 @@ # cachix "https://nix-community.cachix.org/" "https://chaotic-nyx.cachix.org/" - "https://ags.cachix.org" "https://hyprland.cachix.org" "https://chaotic-nyx.cachix.org/" - "https://colmena.cachix.org" + # nix-community + "https://hydra.nix-community.org/" ]; }; }; diff --git a/isla/nix/settings/trusted-public-keys.nix b/isla/nix/settings/trusted-public-keys.nix index e8710cb..4a128cb 100644 --- a/isla/nix/settings/trusted-public-keys.nix +++ b/isla/nix/settings/trusted-public-keys.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-public-keys = [ diff --git a/isla/nix/settings/trusted-users.nix b/isla/nix/settings/trusted-users.nix index e4a9dae..4eee825 100644 --- a/isla/nix/settings/trusted-users.nix +++ b/isla/nix/settings/trusted-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-users = [ diff --git a/isla/nixpkgs/config.nix b/isla/nixpkgs/config.nix index 27b79b0..b93e4ef 100644 --- a/isla/nixpkgs/config.nix +++ b/isla/nixpkgs/config.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { config = { allowUnfree = true; diff --git a/isla/nixpkgs/overlays.nix b/isla/nixpkgs/overlays.nix index 2881eba..8db0844 100644 --- a/isla/nixpkgs/overlays.nix +++ b/isla/nixpkgs/overlays.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { overlays = [ ]; diff --git a/isla/nixpkgs/system.nix b/isla/nixpkgs/system.nix index 63fda3b..3cbe59a 100644 --- a/isla/nixpkgs/system.nix +++ b/isla/nixpkgs/system.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { system = "x86_64-linux"; hostPlatform = "x86_64-linux"; diff --git a/isla/programs/gamemode.nix b/isla/programs/gamemode.nix index 5fd437b..c8f046e 100644 --- a/isla/programs/gamemode.nix +++ b/isla/programs/gamemode.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { gamemode = { enable = true; diff --git a/isla/programs/nh.nix b/isla/programs/nh.nix index f43fb06..6d9937d 100644 --- a/isla/programs/nh.nix +++ b/isla/programs/nh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { nh = { enable = true; diff --git a/isla/programs/ssh.nix b/isla/programs/ssh.nix index b7b9d20..5028eaf 100644 --- a/isla/programs/ssh.nix +++ b/isla/programs/ssh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { ssh = { startAgent = true; diff --git a/isla/programs/yubikey-touch-detector.nix b/isla/programs/yubikey-touch-detector.nix index c9815c5..92fe31f 100644 --- a/isla/programs/yubikey-touch-detector.nix +++ b/isla/programs/yubikey-touch-detector.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { yubikey-touch-detector = { enable = true; diff --git a/isla/security/pam/services.nix b/isla/security/pam/services.nix index 565ef37..f4d42e5 100644 --- a/isla/security/pam/services.nix +++ b/isla/security/pam/services.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { pam = { services = { diff --git a/isla/security/polkit.nix b/isla/security/polkit.nix index 7604e82..77e04d1 100644 --- a/isla/security/polkit.nix +++ b/isla/security/polkit.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { polkit = { enable = true; diff --git a/isla/security/rtkit.nix b/isla/security/rtkit.nix index d3604df..dd40f89 100644 --- a/isla/security/rtkit.nix +++ b/isla/security/rtkit.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { rtkit = { enable = true; diff --git a/isla/security/sudo-rs.nix b/isla/security/sudo-rs.nix index 772460d..4f270c9 100644 --- a/isla/security/sudo-rs.nix +++ b/isla/security/sudo-rs.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { sudo-rs = { enable = true; diff --git a/isla/services/fprintd.nix b/isla/services/fprintd.nix index 47c72bc..172b999 100644 --- a/isla/services/fprintd.nix +++ b/isla/services/fprintd.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { fprintd = { enable = true; diff --git a/isla/services/libinput.nix b/isla/services/libinput.nix index 111040e..4eac635 100644 --- a/isla/services/libinput.nix +++ b/isla/services/libinput.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { libinput = { enable = true; diff --git a/isla/services/netbird.nix b/isla/services/netbird.nix index 071330a..f375f14 100644 --- a/isla/services/netbird.nix +++ b/isla/services/netbird.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { netbird = { enable = true; diff --git a/isla/services/pipewire.nix b/isla/services/pipewire.nix index c4bad1e..37c7c5f 100644 --- a/isla/services/pipewire.nix +++ b/isla/services/pipewire.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { pipewire = { enable = true; diff --git a/isla/services/thinkfan.nix b/isla/services/thinkfan.nix index 78a42e4..c53ddef 100644 --- a/isla/services/thinkfan.nix +++ b/isla/services/thinkfan.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { thinkfan = { enable = true; diff --git a/isla/services/yggdrasil.nix b/isla/services/yggdrasil.nix deleted file mode 100644 index faf7afb..0000000 --- a/isla/services/yggdrasil.nix +++ /dev/null @@ -1,46 +0,0 @@ -{config, ...}: { - services = { - yggdrasil = { - enable = true; - persistentKeys = false; - settings = { - PrivateKey = config.sops.secrets.yggKeyLT.path; - - Peers = [ - # only 1W+ peers (some exeptions are possible) - - # Russia - "tls://yggno.de:18227" - "tcp://yggno.de:18226" - - "tcp://kzn1.neonxp.ru:7991" - "tls://kzn1.neonxp.ru:7992" - "ws://kzn1.neonxp.ru:7993" - "quic://kzn1.neonxp.ru:7994" - ]; - - Listen = [ - # - ]; - - MulticastInterfaces = [ - { - Regex = ".*"; - Beacon = true; - Listen = false; - Password = ""; - } - ]; - - AllowedPublicKeys = [ - # - ]; - - IfName = "auto"; - - IfMTU = 65535; - NodeInfoPrivacy = false; - }; - }; - }; -} diff --git a/isla/services/zapret.nix b/isla/services/zapret.nix deleted file mode 100644 index ad671e1..0000000 --- a/isla/services/zapret.nix +++ /dev/null @@ -1,145 +0,0 @@ -{...}: { - services = { - zapret = { - enable = true; - configureFirewall = true; - qnum = 350; - params = [ - "--wssize 1:6" - - "--filter-tcp=80" - "--dpi-desync=multisplit" - "--dpi-desync-split-pos=10" - "--dpi-desync-repeats=6" - "--new" - - "--filter-tcp=443" - "--dpi-desync=multidisorder" - "--dpi-desync-split-pos=1,midsld" - "--new" - - "--filter-tcp=443" - "--dpi-desync=syndata" - "--dpi-desync-fake-syndata=0x00000000" - "--dpi-desync-ttl=10" - "--new" - - "--filter-udp=443" - "--dpi-desync=fake" - "--dpi-desync-repeats=6" - "--dpi-desync-fake-quic=0x00000000" - "--new" - - "--filter-udp=443" - "--dpi-desync=fake,udplen" - "--dpi-desync-udplen-increment=5" - "--dpi-desync-fake-tls=0x00000000" - "--dpi-desync-cutoff=n3" - "--dpi-desync-repeats=2" - "--new" - - "--filter-tcp=443" - "--dpi-desync=split" - "--dpi-desync-fooling=md5sig,badseq" - "--dpi-desync-fake-tls=0x00000000" - "--dpi-desync-split-pos=1" - "--dpi-desync-repeats=10" - "--new" - - "--filter-tcp=443" - "--dpi-desync=fake,split2" - "--dpi-desync-fooling=md5sig" - "--dpi-desync-fake-tls=0x00000000" - "--dpi-desync-split-seqovl=2" - "--dpi-desync-split-pos=2" - - "--dpi-desync-autottl" - "--new" - "--filter-tcp=443" - "--dpi-desync=fake,split2" - "--dpi-desync-fooling=md5sig" - "--dpi-desync-fake-tls=0x00000000" - "--dpi-desync-split-seqovl=2" - "--dpi-desync-split-pos=2" - "--dpi-desync-autottl" - "--new" - - "--filter-tcp=80" - "--dpi-desync=fake,split2" - "--dpi-desync-fooling=md5sig" - "--dpi-desync-fake-tls=0x00000000" - "--dpi-desync-autottl" - "--new" - - "--filter-tcp=80" - "--dpi-desync-ttl=1" - "--dpi-desync-autottl=2" - "--dpi-desync-fake-tls=0x00000000" - "--dpi-desync-split-pos=1" - "--dpi-desync=fake,split2" - "--dpi-desync-repeats=6" - "--dpi-desync-fooling=md5sig" - "--new" - ]; - - whitelist = [ - "googlevideo.com" - "youtu.be" - "youtube.com" - "youtubei.googleapis.com" - "googlevideo.com" - "youtu.be" - "youtube.com" - "youtubei.googleapis.com" - "youtubeembeddedplayer.googleapis.com" - "ytimg.l.google.com" - "ytimg.com" - "jnn-pa.googleapis.com" - "youtube-nocookie.com" - "youtube-ui.l.google.com" - "yt-video-upload.l.google.com" - "wide-youtube.l.google.com" - "youtubekids.com" - "ggpht.com" - "music.youtube.com" - "test.googlevideo.com" - "discord.com" - "gateway.discord.gg" - "cdn.discordapp.com" - "discordapp.net" - "discordapp.com" - "discord.gg" - "media.discordapp.net" - "images-ext-1.discordapp.net" - "discord.app" - "discord.media" - "discordcdn.com" - "discord.dev" - "discord.new" - "discord.gift" - "discordstatus.com" - "dis.gd" - "discord.co" - "discord-attachments-uploads-prd.storage.googleapis.com" - "7tv.app" - "7tv.io" - "10tv.app" - "x.com" - "t.co" - "ads-twitter.com" - "twimg.com" - "twitter.com" - "pscp.tv" - "twtrdns.net" - "twttr.com" - "periscope.tv" - "tweetdeck.com" - "twitpic.com" - "twitter.co" - "twitterinc.com" - "twitteroauth.com" - "twitterstat.us" - ]; - }; - }; -} diff --git a/isla/services/zerotier.nix b/isla/services/zerotier.nix deleted file mode 100644 index f58210f..0000000 --- a/isla/services/zerotier.nix +++ /dev/null @@ -1,10 +0,0 @@ -{...}: { - services = { - zerotierone = { - enable = true; - joinNetworks = [ - # nope - ]; - }; - }; -} diff --git a/isla/systemd/oomd.nix b/isla/systemd/oomd.nix index cbd28f2..bb9a200 100644 --- a/isla/systemd/oomd.nix +++ b/isla/systemd/oomd.nix @@ -1,4 +1,4 @@ -{...}: { +_: { systemd = { oomd = { enable = true; diff --git a/isla/time/timeZone.nix b/isla/time/timeZone.nix index 57bca35..0bd1f2a 100644 --- a/isla/time/timeZone.nix +++ b/isla/time/timeZone.nix @@ -1,6 +1,5 @@ -{...}: { +_: { time = { timeZone = "Europe/Moscow"; - hardwareClockInLocalTime = true; }; } diff --git a/isla/users/mutableUsers.nix b/isla/users/mutableUsers.nix index 54415f1..9bb56d0 100644 --- a/isla/users/mutableUsers.nix +++ b/isla/users/mutableUsers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { mutableUsers = false; }; diff --git a/isla/users/users/hand7s.nix b/isla/users/users/hand7s.nix index 8c0df47..e31caf3 100644 --- a/isla/users/users/hand7s.nix +++ b/isla/users/users/hand7s.nix @@ -1,16 +1,22 @@ -{...}: { +{lib, ...}: { users = { users = { - hand7s = { + "hand7s" = { description = "me"; isSystemUser = false; isNormalUser = true; - initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/"; + initialHashedPassword = lib.hashString "sha512" "hand7s"; extraGroups = [ "wheel" - "networkmanager" - "docker" ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; }; }; }; diff --git a/isla/users/users/root.nix b/isla/users/users/root.nix index 595a6f6..f85caae 100644 --- a/isla/users/users/root.nix +++ b/isla/users/users/root.nix @@ -1,8 +1,8 @@ -{...}: { +_: { users = { users = { - root = { - initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0"; + "root" = { + initialHashedPassword = lib.hashString "sha512" "root"; }; }; }; diff --git a/isla/virtualisation/docker.nix b/isla/virtualisation/docker.nix deleted file mode 100644 index 1edae88..0000000 --- a/isla/virtualisation/docker.nix +++ /dev/null @@ -1,10 +0,0 @@ -{...}: { - virtualisation = { - docker = { - enable = true; - rootless = { - enable = true; - }; - }; - }; -} diff --git a/isla/xdg/icons.nix b/isla/xdg/icons.nix index 53ccd0b..7c75adf 100644 --- a/isla/xdg/icons.nix +++ b/isla/xdg/icons.nix @@ -1,4 +1,4 @@ -{...}: { +_: { xdg = { icons = { enable = true; diff --git a/isla/xdg/mime.nix b/isla/xdg/mime.nix index 4b6af20..9197f59 100644 --- a/isla/xdg/mime.nix +++ b/isla/xdg/mime.nix @@ -1,4 +1,4 @@ -{...}: { +_: { xdg = { mime = { enable = true; diff --git a/isla/xdg/portal.nix b/isla/xdg/portal.nix index 80146ce..7744d29 100644 --- a/isla/xdg/portal.nix +++ b/isla/xdg/portal.nix @@ -20,8 +20,10 @@ }; extraPortals = with pkgs; [ + xdg-desktop-portal xdg-desktop-portal-gtk xdg-desktop-portal-wlr + xdg-desktop-portal-termfilechooser ]; }; }; diff --git a/kyra/default.nix b/kyra/default.nix deleted file mode 100644 index 7624558..0000000 --- a/kyra/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{self, ...}: { - imports = [ - "${self}/kyra/disko/disk.nix" - "${self}/kyra/disko/lvm_vg.nix" - - "${self}/kyra/boot/initrd/availableKernelModules.nix" - "${self}/kyra/boot/initrd/kernelModules.nix" - "${self}/kyra/boot/loader/grub.nix" - "${self}/kyra/boot/kernel.nix" - "${self}/kyra/boot/tmp.nix" - - "${self}/kyra/environment/systemPackages.nix" - - "${self}/kyra/hardware/zram.nix" - - "${self}/kyra/home-manager/users.nix" - - "${self}/kyra/networking/interfaces/ens3.nix" - "${self}/kyra/networking/firewall/ens3.nix" - "${self}/kyra/networking/firewall.nix" - "${self}/kyra/networking/dns.nix" - "${self}/kyra/networking/wireguard.nix" - "${self}/kyra/networking/defaultGateway.nix" - - "${self}/kyra/nix/settings/allowed-users.nix" - "${self}/kyra/nix/settings/experimental-features.nix" - "${self}/kyra/nix/settings/substituters.nix" - "${self}/kyra/nix/settings/trusted-public-keys.nix" - "${self}/kyra/nix/settings/trusted-users.nix" - "${self}/kyra/nix/settings/auto-optimise-store.nix" - - "${self}/kyra/nixpkgs/config.nix" - "${self}/kyra/nixpkgs/platform.nix" - - "${self}/kyra/programs/nh.nix" - - "${self}/kyra/services/openssh.nix" - "${self}/kyra/services/fail2ban.nix" - "${self}/kyra/services/netbird.nix" - "${self}/kyra/services/qemuGuest.nix" - "${self}/kyra/services/caddy.nix" - "${self}/kyra/services/sing-box.nix" - - "${self}/kyra/sops/age.nix" - "${self}/kyra/sops/defaults.nix" - "${self}/kyra/sops/secrets.nix" - - "${self}/kyra/system/stateVersion.nix" - - "${self}/kyra/users/users.nix" - "${self}/kyra/users/users/alep0u.nix" - "${self}/kyra/users/users/hand7s.nix" - "${self}/kyra/users/users/root.nix" - - "${self}/kyra/virtualisation/docker.nix" - ]; -} diff --git a/kyra/disko/disk.nix b/kyra/disko/disk.nix index c0c6cc7..231e00e 100644 --- a/kyra/disko/disk.nix +++ b/kyra/disko/disk.nix @@ -1,9 +1,14 @@ -{ +{name, ...}: { disko = { devices = { disk = { - virt_main = { - device = "/dev/sda"; + "virt_main" = { + device = + { + "yara" = "/dev/vda"; + }.${ + name + } or "/dev/sda"; type = "disk"; content = { type = "gpt"; diff --git a/kyra/home-manager/users.nix b/kyra/home-manager/users.nix index 6590188..0a5f3e3 100644 --- a/kyra/home-manager/users.nix +++ b/kyra/home-manager/users.nix @@ -4,12 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index self.inputs.noctalia.homeModules.default ]; diff --git a/kyra/networking/defaultGateway.nix b/kyra/networking/defaultGateway.nix deleted file mode 100644 index dd70ea4..0000000 --- a/kyra/networking/defaultGateway.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: { - networking = { - defaultGateway = lib.mkIf (config.networking.hostName == "mel") { - address = "45.11.229.1"; - interface = "ens3"; - }; - - defaultGateway6 = lib.mkIf (config.networking.hostName == "mel") { - address = "2a0e:97c0:3e3:2Oa::1"; - interface = "ens3"; - }; - }; -} diff --git a/kyra/networking/firewall.nix b/kyra/networking/firewall.nix index a9a2c40..e7dcb71 100644 --- a/kyra/networking/firewall.nix +++ b/kyra/networking/firewall.nix @@ -1,11 +1,8 @@ _: { networking = { firewall = { - enable = true; - allowPing = true; - checkReversePath = false; + enable = false; }; - useNetworkd = true; }; } diff --git a/kyra/networking/firewall/ens3.nix b/kyra/networking/firewall/ens3.nix deleted file mode 100644 index 7df7284..0000000 --- a/kyra/networking/firewall/ens3.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - ... -}: { - networking = { - firewall = { - interfaces = { - ens3 = { - allowedUDPPorts = - [ - 53580 - 53590 - ] - ++ lib.optionals (config.networking.hostName == "hazel") [ - 443 - - 25565 - - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - 53570 - ]; - - allowedTCPPorts = - [ - 53580 - 53590 - ] - ++ lib.optionals (config.networking.hostName == "hazel") [ - 443 - - 25565 - - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - 53570 - ]; - }; - }; - }; - }; -} diff --git a/kyra/networking/hostname.nix b/kyra/networking/hostname.nix index 7371866..bbd139a 100644 --- a/kyra/networking/hostname.nix +++ b/kyra/networking/hostname.nix @@ -1,5 +1,5 @@ -_: { +{name, ...}: { networking = { - hostName = "kyra"; + hostName = name; }; } diff --git a/kyra/networking/interfaces/ens3.nix b/kyra/networking/interfaces/ens3.nix deleted file mode 100644 index 3820e1f..0000000 --- a/kyra/networking/interfaces/ens3.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - ... -}: { - networking = { - interfaces = { - ens3 = { - ipv4 = { - addresses = lib.optionals (config.networking.hostName == "mel") [ - { - address = "45.11.229.254"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = - lib.optionals (config.networking.hostName == "hazel") [ - { - address = "2a03:6f01:1:2::cb1e"; - prefixLength = 64; - } - ] - ++ lib.optionals (config.networking.hostName == "mel") [ - { - address = "2a0e:97c0:3e3:2Oa::1"; - prefixLength = 64; - } - ]; - }; - }; - }; - }; -} diff --git a/kyra/networking/nftables.nix b/kyra/networking/nftables.nix new file mode 100644 index 0000000..71bfec3 --- /dev/null +++ b/kyra/networking/nftables.nix @@ -0,0 +1,7 @@ +_: { + networking = { + nftables = { + enable = true; + }; + }; +} diff --git a/kyra/security/acme.nix b/kyra/security/acme.nix new file mode 100644 index 0000000..00eb68d --- /dev/null +++ b/kyra/security/acme.nix @@ -0,0 +1,18 @@ +{config, ...}: { + security = { + acme = { + acceptTerms = true; + defaults = { + email = "litvinovb0@gmail.com"; + }; + + certs = { + "hand7s.org" = { + dnsProvider = "cloudflare"; + credentialsFile = config.sops.templates."acme.env".path; + group = "sing-box"; + }; + }; + }; + }; +} diff --git a/kyra/services/alloy.nix b/kyra/services/alloy.nix new file mode 100644 index 0000000..d863d04 --- /dev/null +++ b/kyra/services/alloy.nix @@ -0,0 +1,99 @@ +{ + config, + pkgs, + ... +}: { + services = { + alloy = { + enable = true; + + configPath = pkgs.writeText "alloy-config.alloy" '' + loki.source.journal "system" { + max_age = "24h" + forward_to = [loki.process.production.receiver] + + labels = { + host = "${config.networking.hostName}", + job = "journalctl", + } + } + + loki.process "production" { + forward_to = [loki.write.viola.receiver] + + stage.labels { + values = { + unit = "__journal_systemd_unit__", + } + } + + stage.label_keep { + values = ["unit"] + } + + stage.match { + selector = `{unit=~"(traefik|sing-box|crowdsec|alloy|netbird).*\\.service"}` + action = "drop" + } + } + + prometheus.exporter.unix "node" { + enable_collectors = [ + "cpu", "diskstats", "filesystem", + "loadavg", "meminfo", "netdev", + "time", "uname", + ] + } + + prometheus.scrape "node" { + targets = prometheus.exporter.unix.node.targets + forward_to = [prometheus.remote_write.viola.receiver] + scrape_interval = "30s" + job_name = "node" + } + + prometheus.scrape "alloy" { + targets = [{"__address__" = "127.0.0.1:12345"}] + + forward_to = [prometheus.remote_write.viola.receiver] + job_name = "alloy" + } + + loki.write "viola" { + endpoint { + url = "http://100.109.123.164:3100/loki/api/v1/push" + } + } + + prometheus.remote_write "viola" { + endpoint { + url = "http://100.109.123.164:9009/api/v1/push" + } + } + + otelcol.receiver.otlp "default" { + grpc { + endpoint = "0.0.0.0:4317" + } + + http { + endpoint = "0.0.0.0:4318" + } + + output { + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://100.109.123.164:4317" + tls { + insecure = true + } + } + } + ''; + }; + }; +} diff --git a/kyra/services/caddy.nix b/kyra/services/caddy.nix deleted file mode 100644 index fe3ad02..0000000 --- a/kyra/services/caddy.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - services = { - caddy = { - enable = - lib.mkIf ( - config.networking.hostName == "hazel" - ) - true; - - package = pkgs.caddy.withPlugins { - plugins = [ - "github.com/mholt/caddy-l4@v0.0.0-20250902102621-4a517a98d7fa" - "github.com/caddy-dns/cloudflare@v0.2.1" - ]; - hash = "sha256-1/jRWotKCvx7QncjVSVGYXb2gAmIiokC/ZbCUelG5Rc="; - }; - - globalConfig = '' - debug - email me@hand7s.org - - acme_ca https://acme-v02.api.letsencrypt.org/directory - - ''; - - # acme_ca https://api.zerossl.com/directory - - virtualHosts = { - "hand7s.org" = { - extraConfig = '' - respond "hi! :D WIP btw" - ''; - }; - - "git.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:53350 - ''; - }; - - "bin.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:80 - ''; - }; - - "zitadel.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:8443 - ''; - }; - }; - }; - }; -} diff --git a/kyra/services/firewalld.nix b/kyra/services/firewalld.nix new file mode 100644 index 0000000..8502323 --- /dev/null +++ b/kyra/services/firewalld.nix @@ -0,0 +1,144 @@ +{ + name, + lib, + ... +}: { + services = { + firewalld = { + enable = true; + + services = { + "stalwart" = { + short = "Stalwart-mail"; + ports = + lib.forEach [ + 25 + 110 + 143 + 465 + 993 + 995 + 4190 + ] ( + port: { + protocol = "tcp"; + inherit + port + ; + } + ); + }; + + "consul" = { + short = "Consul"; + ports = + lib.forEach [ + 8300 + 8301 + 8302 + 8500 + 8600 + ] ( + port: { + protocol = "tcp"; + inherit + port + ; + } + ) + ++ lib.forEach [ + 8301 + 8302 + 8600 + ] ( + port: { + protocol = "udp"; + inherit + port + ; + } + ); + }; + }; + + zones = { + "trusted" = { + services = [ + "consul" + ]; + }; + + "wan" = { + ports = [ + { + port = 2053; + protocol = "udp"; + } + + { + port = 8443; + protocol = "tcp"; + } + + { + port = 51820; + protocol = "udp"; + } + ]; + + icmpBlockInversion = true; + icmpBlocks = [ + "echo-request" + "destination-unreachable" + "parameter-problem" + "time-exceeded" + ]; + + interfaces = lib.concatLists [ + ( + lib.optionals ( + lib.elem name [ + "hazel" + "lynn" + "yara" + "ivy" + ] + ) [ + "ens3" + ] + ) + + ( + lib.optionals ( + name == "mel" + ) [ + "eth0" + ] + ) + ]; + + services = lib.concatLists [ + [ + "ssh" + "http" + "https" + ] + + ( + lib.optionals ( + lib.elem name [ + "hazel" + "lynn" + "mel" + ] + ) [ + "minecraft" + "stalwart" + ] + ) + ]; + }; + }; + }; + }; +} diff --git a/kyra/services/netbird.nix b/kyra/services/netbird.nix index 071330a..3f2a353 100644 --- a/kyra/services/netbird.nix +++ b/kyra/services/netbird.nix @@ -1,7 +1,17 @@ -{...}: { +{config, ...}: { services = { netbird = { enable = true; + + clients = { + "wt0" = { + port = 51820; + login = { + enable = true; + setupKeyFile = config.sops.secrets."nbKey".path; + }; + }; + }; }; }; } diff --git a/kyra/services/openssh.nix b/kyra/services/openssh.nix index 6d54477..fdc6e7b 100644 --- a/kyra/services/openssh.nix +++ b/kyra/services/openssh.nix @@ -2,8 +2,12 @@ _: { services = { openssh = { enable = true; - ports = [ - 58693 + + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } ]; settings = { diff --git a/kyra/services/resolved.nix b/kyra/services/resolved.nix new file mode 100644 index 0000000..ad91e2a --- /dev/null +++ b/kyra/services/resolved.nix @@ -0,0 +1,39 @@ +_: { + services = { + resolved = { + enable = true; + dnsovertls = toString true; + dnssec = toString true; + llmnr = toString true; + domains = [ + "~." + ]; + + fallbackDns = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; + }; +} diff --git a/kyra/services/sing-box.nix b/kyra/services/sing-box.nix index f29526c..d4b5656 100644 --- a/kyra/services/sing-box.nix +++ b/kyra/services/sing-box.nix @@ -1,26 +1,33 @@ -{...}: { +{lib, ...}: { services = { sing-box = { enable = true; settings = { log = { - level = "debug"; + level = "error"; }; dns = { servers = [ { - type = "local"; + tag = "cloudflare"; + type = "quic"; + server = "1.1.1.1"; + } + + { tag = "local"; + type = "local"; } ]; - final = "local"; - strategy = "prefer_ipv6"; + final = "cloudflare"; + strategy = "prefer_ipv4"; }; route = { final = "direct-out"; + default_domain_resolver = "cloudflare"; auto_detect_interface = true; }; @@ -32,54 +39,69 @@ ]; inbounds = [ + { + type = "hysteria2"; + tag = "hy2-in"; + listen = "::"; + listen_port = 2053; + masquerade = "https://hand7s.org"; + up_mbps = 100; + down_mbps = 100; + obfs = { + type = "salamander"; + password = lib.hashString "sha512" "randomstring"; # not a real string + }; + + users = [ + { + name = "hand7s"; + password = lib.hashString "sha512" "userstring"; # not a real string + } + ]; + + tls = { + enabled = true; + server_name = "hand7s.org"; + certificate_path = "/var/lib/acme/hand7s.org/cert.pem"; + key_path = "/var/lib/acme/hand7s.org/key.pem"; + }; + } + { type = "vless"; tag = "vless-inbound"; listen = "::"; - listen_port = 53570; + listen_port = 8443; + + sniff = true; users = [ { - name = "hand7s_1"; - uuid = "${singboxUUID2}"; - flow = "xtls-rprx-vision"; - } - - { - name = "hand7s_2"; - uuid = "${singboxUUID2}"; + name = "hand7s"; + uuid = lib.hashString "sha512" "uuidstring"; # not a real string flow = "xtls-rprx-vision"; } ]; - tls = rec { + tls = { enabled = true; - server_name = "vk.com"; + server_name = "hand7s.org"; reality = { enabled = true; max_time_difference = "5m"; handshake = { - server = server_name; + server = "127.0.0.1"; server_port = 443; }; - private_key = "${singboxKey}"; + private_key = lib.hashString "sha512" "uuidstring"; # not a real string short_id = [ - "${singboxId}" + "shortie" ]; }; }; - - transport = { - type = "httpupgrade"; - }; - - multiplex = { - enabled = true; - padding = false; - }; } ]; }; diff --git a/kyra/services/traefik.nix b/kyra/services/traefik.nix new file mode 100644 index 0000000..fb60af9 --- /dev/null +++ b/kyra/services/traefik.nix @@ -0,0 +1,459 @@ +{config, ...}: { + services = { + traefik = { + enable = true; + + environmentFiles = [ + config.sops.templates."traefik.env".path + ]; + + dynamicConfigOptions = { + http = { + routers = { + "site" = { + rule = "Host(`hand7s.org`)"; + service = "site-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "git" = { + rule = "Host(`git.hand7s.org`)"; + service = "git-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "cicd" = { + rule = "Host(`woodpecker.hand7s.org`)"; + service = "cicd-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "oidc" = { + rule = "Host(`zitadel.hand7s.org`)"; + service = "oidc-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "bin" = { + rule = "Host(`bin.hand7s.org`)"; + service = "bin-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "lgtm" = { + rule = "Host(`grafana.hand7s.org`)"; + service = "lgtm-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + }; + + services = { + "site-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:8180"; + } + ]; + }; + }; + + "git-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53350"; + } + ]; + }; + }; + + "oidc-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:8443"; + } + ]; + }; + }; + + "bin-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53352"; + } + ]; + }; + }; + + "cicd-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53351"; + } + ]; + }; + }; + + "lgtm-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:3030"; + } + ]; + }; + }; + }; + }; + + tcp = { + routers = { + "minecraft" = { + rule = "HostSNI(`*`)"; + service = "mc-svc"; + entryPoints = [ + "minecraft" + ]; + }; + + "smtp" = { + rule = "HostSNI(`*`)"; + service = "smtp-svc"; + entryPoints = [ + "smtp" + ]; + }; + + "pop3" = { + rule = "HostSNI(`*`)"; + service = "pop-svc"; + entryPoints = [ + "pop3" + ]; + }; + + "submissions" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "submissions-svc"; + entryPoints = [ + "submissions" + ]; + }; + + "submission" = { + rule = "HostSNI(`*`)"; + service = "submission-svc"; + entryPoints = [ + "submission" + ]; + }; + + "imaptls" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "imaptls-svc"; + entryPoints = [ + "imaptls" + ]; + }; + + "pop3s" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "pop3s-svc"; + entryPoints = [ + "pop3s" + ]; + }; + + "managesieve" = { + rule = "HostSNI(`*`)"; + service = "managesieve-svc"; + entryPoints = [ + "managesieve" + ]; + }; + }; + }; + + services = { + "mc-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25565"; + } + ]; + }; + }; + + "smtp-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25"; + } + ]; + }; + }; + + "pop3-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:110"; + } + ]; + }; + }; + + "imap-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:143"; + } + ]; + }; + }; + + "submissions-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:465"; + } + ]; + }; + }; + + "submission-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:587"; + } + ]; + }; + }; + + "imaptls-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:993"; + } + ]; + }; + }; + + "pop3s-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:995"; + } + ]; + }; + }; + + "managesieve-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:4190"; + } + ]; + }; + }; + }; + }; + + staticConfigOptions = { + api = { + dashboard = true; + }; + + tracing = { + otlp = { + grpc = { + endpoint = "127.0.0.1:4317"; + insecure = true; + }; + }; + }; + + certificatesResolvers = { + "cloudflare" = { + acme = { + email = "litvinovb0@gmail.com"; + storage = "${config.services.traefik.dataDir}/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ + "1.1.1.1:53" + "8.8.8.8:53" + ]; + }; + }; + }; + }; + + log = { + level = "DEBUG"; + }; + + entryPoints = { + "web" = { + address = ":80"; + http = { + redirections = { + entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + }; + }; + + "websecure" = { + address = ":443"; + http = { + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + }; + }; + + "minecraft" = { + address = ":25565"; + }; + + "smtp" = { + address = ":25"; + }; + + "pop3" = { + address = ":110"; + }; + + "imap" = { + address = ":143"; + }; + + "submissions" = { + address = ":465"; + }; + + "submission" = { + address = ":587"; + }; + + "imaptls" = { + address = ":993"; + }; + + "pop3s" = { + address = ":995"; + }; + + "managesieve" = { + address = ":4190"; + }; + }; + }; + }; + }; +} diff --git a/kyra/systemd/networkd.nix b/kyra/systemd/networkd.nix new file mode 100644 index 0000000..8982b55 --- /dev/null +++ b/kyra/systemd/networkd.nix @@ -0,0 +1,120 @@ +{ + name, + lib, + ... +}: { + systemd = { + network = { + enable = true; + networks = lib.mkMerge [ + ( + lib.mkIf ( + name == "mel" + ) + { + "10-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + IPv6AcceptRA = false; + Address = [ + "45.11.229.245/24" + "2a0e:97c0:3e3:20a::1/64" + ]; + }; + + routes = [ + { + routeConfig = { + Gateway = "45.11.229.1"; + }; + } + + { + routeConfig = { + Gateway = "fe80::1"; + GatewayOnLink = true; + }; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "yara" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + IPv6AcceptRA = false; + Address = [ + "138.124.240.75/32" + "2a0d:d940:1a:1500::2/56" + ]; + }; + + routes = [ + { + routeConfig = { + Gateway = "10.0.0.1"; + GatewayOnLink = true; + }; + } + + { + routeConfig = { + Gateway = "2a0d:d940:1a:1500::1"; + GatewayOnLink = true; + }; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "hazel" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + Address = "90.156.226.152/24"; + Gateway = "90.156.226.1"; + IPv6AcceptRA = false; + }; + }; + } + ) + + ( + lib.mkIf ( + name == "lynn" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + Address = "138.124.72.244/24"; + Gateway = "138.124.72.1"; + IPv6AcceptRA = false; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/kyra/users/users/alep0u.nix b/kyra/users/users/alep0u.nix index faf1630..78766ad 100644 --- a/kyra/users/users/alep0u.nix +++ b/kyra/users/users/alep0u.nix @@ -4,7 +4,6 @@ _: { "alep0u" = { description = "alep0u"; isNormalUser = true; - password = "alep0u"; extraGroups = [ "wheel" "docker" diff --git a/kyra/users/users/hand7s.nix b/kyra/users/users/hand7s.nix index 497573a..11f593a 100644 --- a/kyra/users/users/hand7s.nix +++ b/kyra/users/users/hand7s.nix @@ -4,7 +4,6 @@ _: { "hand7s" = { description = "hands"; isNormalUser = true; - hashedPassword = "$y$j9T$eHfq328GBp7Ga8xsbOTV/0$kcihv7zWLqSkj2jKAhI1pdbTSwvaf2RY5Rokm69XTL/"; extraGroups = [ "wheel" "docker" diff --git a/kyra/virtualisation/docker.nix b/kyra/virtualisation/docker.nix deleted file mode 100644 index 59e76bf..0000000 --- a/kyra/virtualisation/docker.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - virtualisation = { - oci-containers = { - backend = "docker"; - }; - - docker = { - enable = true; - rootless = { - enable = true; - }; - }; - }; -} diff --git a/kyra/virtualisation/vmVariant.nix b/kyra/virtualisation/vmVariant.nix new file mode 100644 index 0000000..c81ecc6 --- /dev/null +++ b/kyra/virtualisation/vmVariant.nix @@ -0,0 +1,11 @@ +_: { + virtualisation = { + vmVariant = { + virtualisation = { + cores = 2; + memorySize = 2048; + diskSize = 20480; + }; + }; + }; +} diff --git a/viola/boot/kernel.nix b/viola/boot/kernel.nix index 275cc4c..ed7b745 100644 --- a/viola/boot/kernel.nix +++ b/viola/boot/kernel.nix @@ -9,9 +9,14 @@ "vm.dirty_writeback_centisecs" = 100; "vm.vfs_cache_pressure" = 50; "vm.max_map_count" = 1048576; + + "net.ipv6.conf.all.disable_ipv6" = 1; + "net.ipv6.conf.default.disable_ipv6" = 1; + "net.ipv6.conf.lo.disable_ipv6" = 1; }; }; + # kernelPackages = self.inputs.nix-cachyos-kernel.legacyPackages.x86_64-linux.linuxPackages-cachyos-server-lto; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce yt6801 @@ -34,6 +39,8 @@ "kernel.watchdog=0" "oops=panic" + + "ipv6.disable=1" ]; blacklistedKernelModules = [ @@ -71,6 +78,6 @@ btrfs = true; }; - consoleLogLevel = 0; + consoleLogLevel = 7; }; } diff --git a/viola/default.nix b/viola/default.nix index 535051b..d5d0a08 100644 --- a/viola/default.nix +++ b/viola/default.nix @@ -23,7 +23,6 @@ "${self}/viola/i18n/locales.nix" - "${self}/viola/networking/dhcp.nix" "${self}/viola/networking/firewall.nix" "${self}/viola/networking/hostname.nix" "${self}/viola/networking/networkmanager.nix" @@ -64,16 +63,26 @@ "${self}/viola/services/forgejo.nix" "${self}/viola/services/postgresql.nix" "${self}/viola/services/vaultwarden.nix" - "${self}/viola/services/privatebin.nix" "${self}/viola/services/woodpecker.nix" "${self}/viola/services/stalwart.nix" "${self}/viola/services/homepage.nix" "${self}/viola/services/redis.nix" "${self}/viola/services/zitadel.nix" "${self}/viola/services/garage.nix" + "${self}/viola/services/traefik.nix" + "${self}/viola/services/resolved.nix" + "${self}/viola/services/alloy.nix" + "${self}/viola/services/grafana.nix" + "${self}/viola/services/loki.nix" + "${self}/viola/services/tempo.nix" + "${self}/viola/services/mimir.nix" + "${self}/viola/services/sws.nix" + "${self}/viola/services/alertmanager.nix" + "${self}/viola/sops/age.nix" "${self}/viola/sops/defaults.nix" "${self}/viola/sops/secrets.nix" + "${self}/viola/sops/templates.nix" "${self}/hand7s/stylix/base16Scheme.nix" "${self}/hand7s/stylix/cursor.nix" @@ -85,6 +94,7 @@ "${self}/viola/system/stateVersion.nix" "${self}/viola/systemd/oomd.nix" + "${self}/viola/systemd/tmpfiles/rules.nix" "${self}/viola/systemd/slices/system-slice.nix" "${self}/viola/systemd/slices/user-slice.nix" "${self}/viola/systemd/slices/root-slice.nix" diff --git a/viola/disko/disk.nix b/viola/disko/disk.nix index 2eb4b2e..78cb8cc 100644 --- a/viola/disko/disk.nix +++ b/viola/disko/disk.nix @@ -2,7 +2,7 @@ disko = { devices = { disk = { - main = { + "main" = { device = "/dev/disk/by-id/ata-EAGET_SSD_256GB_EAGET20250505V00003"; type = "disk"; content = { diff --git a/viola/environment/variables.nix b/viola/environment/variables.nix index 2cd14c2..9fd91b8 100644 --- a/viola/environment/variables.nix +++ b/viola/environment/variables.nix @@ -1,7 +1,6 @@ {config, ...}: { environment = { variables = { - AMD_VULKAN_ICD = "RADV"; HOSTNAME = config.networking.hostName; QT_QPA_PLATFORM = "wayland"; SDL_VIDEODRIVER = "wayland"; diff --git a/viola/home-manager/users.nix b/viola/home-manager/users.nix index 9d92dc6..57bf966 100644 --- a/viola/home-manager/users.nix +++ b/viola/home-manager/users.nix @@ -4,12 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index ]; }; diff --git a/viola/networking/dhcp.nix b/viola/networking/dhcp.nix deleted file mode 100644 index 0740ea3..0000000 --- a/viola/networking/dhcp.nix +++ /dev/null @@ -1,10 +0,0 @@ -{lib, ...}: { - networking = { - useDHCP = lib.mkDefault true; - dhcpcd = { - enable = true; - persistent = false; - wait = "any"; - }; - }; -} diff --git a/viola/networking/firewall.nix b/viola/networking/firewall.nix deleted file mode 100644 index 04c13fd..0000000 --- a/viola/networking/firewall.nix +++ /dev/null @@ -1,56 +0,0 @@ -_: { - networking = { - firewall = { - allowPing = true; - enable = true; - checkReversePath = false; - allowedUDPPorts = [ - 80 - 8080 - 8443 - 8980 - 53350 - 53351 - 53353 - - # mc - 25565 - - # mail - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - ]; - - allowedTCPPorts = [ - 80 - 8080 - 8443 - 8980 - 53350 - 53351 - 53353 - - # mc - 25565 - - # mail - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - ]; - }; - }; -} diff --git a/viola/networking/hosts.nix b/viola/networking/hosts.nix deleted file mode 100644 index e42e2b1..0000000 --- a/viola/networking/hosts.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - networking = { - hosts = { - # nope - }; - }; -} diff --git a/viola/networking/interfaces.nix b/viola/networking/interfaces.nix deleted file mode 100644 index 03a3a3e..0000000 --- a/viola/networking/interfaces.nix +++ /dev/null @@ -1,31 +0,0 @@ -_: { - networking = { - firewall = { - interfaces = { - wt0 = { - allowedUDPPorts = [ - 25 - 6969 - 8080 - 8443 - 8980 - 53350 - 53351 - 53352 - ]; - - allowedTCPPorts = [ - 25 - 6969 - 8080 - 8443 - 8980 - 53350 - 53351 - 53352 - ]; - }; - }; - }; - }; -} diff --git a/viola/services/alertmanager.nix b/viola/services/alertmanager.nix new file mode 100644 index 0000000..4026d99 --- /dev/null +++ b/viola/services/alertmanager.nix @@ -0,0 +1,27 @@ +_: { + services = { + prometheus = { + alertmanager = { + enable = true; + configuration = { + route = { + receiver = "null"; + group_by = [ + "alertname" + "job" + ]; + + group_wait = "30s"; + group_interval = "5m"; + repeat_interval = "12h"; + }; + receivers = [ + { + name = "null"; + } + ]; + }; + }; + }; + }; +} diff --git a/viola/services/alloy.nix b/viola/services/alloy.nix new file mode 100644 index 0000000..f6b5c4d --- /dev/null +++ b/viola/services/alloy.nix @@ -0,0 +1,93 @@ +{pkgs, ...}: { + services = { + alloy = { + enable = true; + configPath = pkgs.writeText "alloy-config.alloy" '' + loki.source.journal "system" { + forward_to = [loki.process.production.receiver] + relabel_rules = loki.relabel.journal.rules + labels = { + host = "viola", + job = "systemd", + } + } + + loki.relabel "journal" { + forward_to = [] + rule { + source_labels = ["__journal__systemd_unit"] + target_label = "unit" + } + } + + loki.write "local" { + endpoint { + url = "http://127.0.0.1:3100/loki/api/v1/push" + } + } + + loki.process "production" { + forward_to = [loki.write.local.receiver] + + stage.match { + selector = `{service_name=~"(alloy|forgejo|grafana|loki|microbin|mimir|stalwart|postgresql|redis|stalwart|static-web-server|tempo|traefik|vaultwarden|woodpecker|zitadel)\\.service"}` + action = "keep" + } + } + + prometheus.exporter.unix "node" { + enable_collectors = [ + "cpu", "diskstats", "filesystem", + "loadavg", "meminfo", "netdev", + "systemd", "time", "uname", + ] + } + + prometheus.scrape "node" { + targets = prometheus.exporter.unix.node.targets + forward_to = [prometheus.remote_write.mimir.receiver] + scrape_interval = "30s" + job_name = "node" + } + + prometheus.scrape "alloy" { + targets = [{"__address__" = "127.0.0.1:12345"}] + + forward_to = [prometheus.remote_write.mimir.receiver] + job_name = "alloy" + } + + prometheus.remote_write "mimir" { + endpoint { + url = "http://127.0.0.1:9009/api/v1/push" + } + } + + otelcol.receiver.otlp "default" { + grpc { + endpoint = "0.0.0.0:4317" + } + + http { + endpoint = "0.0.0.0:4318" + } + + output { + traces = [otelcol.exporter.otlp.tempo.input] + logs = [otelcol.exporter.loki.local.input] + } + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://127.0.0.1:4317" + } + } + + otelcol.exporter.loki "local" { + forward_to = [loki.write.local.receiver] + } + ''; + }; + }; +} diff --git a/viola/services/firewalld.nix b/viola/services/firewalld.nix new file mode 100644 index 0000000..e8eb510 --- /dev/null +++ b/viola/services/firewalld.nix @@ -0,0 +1,19 @@ +_: { + services = { + firewalld = { + enable = false; + + zones = { + "eno1" = { + interfaces = [ + "ens1" + ]; + + services = [ + "sunshine" + ]; + }; + }; + }; + }; +} diff --git a/viola/services/forgejo.nix b/viola/services/forgejo.nix index 84774ef..075d0d3 100644 --- a/viola/services/forgejo.nix +++ b/viola/services/forgejo.nix @@ -1,11 +1,11 @@ -{...}: { +_: { services = { forgejo = { enable = true; database = { type = "postgres"; - port = "${dbport}"; + host = "localhost"; }; settings = { @@ -19,9 +19,9 @@ repository = { DEFAULT_PRIVATE = "last"; PREFERRED_LICENSES = "MIT"; - DISABLE_HTTP_GIT = true; + DISABLE_HTTP_GIT = false; USE_COMPAT_SSH_URI = true; - GO_GET_CLONE_URL_PROTOCOL = "ssh"; + GO_GET_CLONE_URL_PROTOCOL = "http"; DEFAULT_BRANCH = "master"; }; @@ -47,6 +47,11 @@ MERGES = "always"; }; + opentelemetry = { + EXPORTER = "otlp"; + ENDPOINT = "http://127.0.0.1:4318"; + }; + badges = { ENABLED = false; }; @@ -90,6 +95,13 @@ service = { DISABLE_REGISTRATION = true; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + }; + + oauth2_client = { + ENABLE_AUTO_REGISTER = true; + ACCOUNT_LINKING = "auto"; + USERNAME = "preferred_username"; }; "service.explore" = { diff --git a/viola/services/garage.nix b/viola/services/garage.nix index 607f265..aae0fd5 100644 --- a/viola/services/garage.nix +++ b/viola/services/garage.nix @@ -5,7 +5,28 @@ package = pkgs.garage; logLevel = "error"; settings = { - # nope + replication_factor = 1; + consistency_mode = "consistent"; + use_local_tz = true; + + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "127.0.0.1:3901"; + + "s3_api" = { + s3_region = "garage"; + api_bind_addr = "[::]:3900"; + root_domain = ".s3.garage.localhost"; + }; + + "s3_web" = { + bind_addr = "[::]:3902"; + root_domain = ".web.garage.localhost"; + index = "index.html"; + }; + + "k2v_api" = { + api_bind_addr = "[::]:3904"; + }; }; }; }; diff --git a/viola/services/grafana.nix b/viola/services/grafana.nix new file mode 100644 index 0000000..3b7d8c7 --- /dev/null +++ b/viola/services/grafana.nix @@ -0,0 +1,137 @@ +{ + config, + lib, + pkgs, + ... +}: { + services = { + grafana = { + enable = true; + declarativePlugins = with pkgs.grafanaPlugins; [ + grafana-lokiexplore-app + grafana-exploretraces-app + grafana-metricsdrilldown-app + grafana-pyroscope-app + + redis-datasource + redis-explorer-app + + volkovlabs-rss-datasource + ]; + + settings = { + log = { + level = "info"; + mode = "console"; + }; + + security = { + secret_key = config.sops.secrets."grafanaKey".path; + }; + + server = { + http_addr = "0.0.0.0"; + http_port = 3030; + domain = "grafana.hand7s.org"; + root_url = "https://grafana.hand7s.org"; + }; + + "auth.generic_oauth" = { + enabled = true; + name = "Zitadel"; + icon = "signin"; + scopes = "openid profile email offline_access urn:zitadel:iam:org:project:id:zitadel:aud"; + client_id = ""; + client_secret = ""; + auth_url = "https://zitadel.hand7s.org/oauth/v2/authorize"; + token_url = "http://zitadel.hand7s.org:8443/oauth/v2/token"; + api_url = "http://zitadel.hand7s.org:8443/oidc/v1/userinfo"; + tls_skip_verify_insecure = true; + allow_assign_grafana_admin = true; + role_attribute_strict = true; + skip_org_role_sync = false; + use_pkce = true; + + role_attribute_path = ''"urn:zitadel:iam:org:project:roles"."grafana-admin" && 'GrafanaAdmin' || 'Viewer' ''; + }; + + "auth" = { + disable_login_form = true; + signout_redirect_url = "https://zitadel.hand7s.org/oidc/v1/end_session"; + }; + }; + + provision = { + enable = true; + + datasources = { + settings = { + datasources = + [ + { + name = "Loki-LGTM"; + type = "loki"; + url = "http://127.0.0.1:3100"; + isDefault = false; + jsonData = { + derivedFields = [ + { + name = "traceID"; + matcherRegex = "traceID=(\\w+)"; + url = "http://127.0.0.1:3200"; + datasourceUid = "tempo"; + } + ]; + }; + } + + { + name = "Mimir-LGTM"; + type = "prometheus"; + url = "http://127.0.0.1:9009/prometheus"; + isDefault = true; + } + + { + name = "Tempo-LGTM"; + type = "tempo"; + uid = "tempo"; + url = "http://127.0.0.1:3200"; + jsonData = { + lokiSearch = { + datasourceUid = "loki"; + }; + + serviceMap = { + datasourceUid = "mimir"; + }; + + nodeGraph = { + enabled = true; + }; + }; + } + ] + ++ lib.forEach [ + "forgejo" + "loki" + "mimir" + "stalwart" + "traefik" + "zitadel" + ] ( + name: { + name = "Redis-${name}"; + type = "redis-datasource"; + url = "unix:/run/redis-${name}/redis.sock"; + secureJsonData = { + password = name; + }; + } + ); + }; + }; + }; + }; + }; +} diff --git a/viola/services/homepage.nix b/viola/services/homepage.nix index 2999560..322c070 100644 --- a/viola/services/homepage.nix +++ b/viola/services/homepage.nix @@ -1,7 +1,8 @@ -{...}: { +_: { services = { homepage-dashboard = { enable = true; + allowedHosts = "localhost:8080,127.0.0.1:8080,192.168.1.144:8080,100.109.71.194:8080,home.hand7s.org"; listenPort = 8080; settings = { @@ -11,50 +12,83 @@ background = "https://w.wallhaven.cc/full/1q/wallhaven-1q87xv.png"; color = "violet"; headerStyle = "boxed"; - - layout = [ - { - Dev = { - iconsOnly = true; - }; - } - ]; }; bookmarks = [ - { - Dev = [ - { - GitHub = [ - { - abbr = "GH"; - href = "https://github.com/"; - } - ]; - } - - { - Forgejo = [ - { - abbr = "Forge"; - href = "https://git.hand7s.org/"; - } - ]; - } - - { - PivateBin = [ - { - abbr = "PB"; - href = "https://bin.hand7s.org/"; - } - ]; - } - ]; - } ]; services = [ + { + "Local-only" = [ + { + "Vaultwarden" = { + icon = "vaultwarden"; + href = "https://pass.hand7s.org"; + description = "vaultwarden"; + }; + } + + { + "Syncthing" = { + icon = "syncthing"; + href = "https://sync.hand7s.org"; + description = "syncing"; + }; + } + + { + "OpenWRT" = { + icon = "openwrt"; + href = "https://luci.hand7s.org"; + description = "router"; + }; + } + ]; + } + + { + "Local-host" = [ + { + "Grafana" = { + icon = "grafana"; + href = "https://grafana.hand7s.org"; + description = "observability"; + }; + } + + { + "Forgejo" = { + icon = "gitea"; + href = "https://git.hand7s.org"; + description = "git"; + }; + } + + { + "Woodpecker" = { + icon = "woodpecker-ci"; + href = "https://woodpecker.hand7s.org/"; + description = "cicd"; + }; + } + + { + "Stalwart" = { + icon = "stalwart"; + href = "https://mail.hand7s.org"; + description = "mail"; + }; + } + + { + "Zitadel" = { + icon = "zitadel"; + href = "https://zitadel.hand7s.org"; + description = "idp"; + }; + } + ]; + } ]; widgets = [ @@ -73,6 +107,14 @@ }; } + { + search = { + provider = "perplexity"; + target = "_blank"; + focus = false; + }; + } + { resources = { cpu = true; diff --git a/viola/services/loki.nix b/viola/services/loki.nix new file mode 100644 index 0000000..5b2a6fb --- /dev/null +++ b/viola/services/loki.nix @@ -0,0 +1,127 @@ +{ + pkgs, + lib, + ... +}: { + services = { + loki = { + enable = true; + + configuration = { + auth_enabled = false; + server = { + http_listen_port = 3100; + grpc_listen_port = 9097; + }; + + common = { + replication_factor = 1; + path_prefix = "/var/lib/loki"; + ring = { + instance_addr = "127.0.0.1"; + kvstore = { + store = "inmemory"; + }; + }; + }; + + schema_config = { + configs = [ + { + from = "2025-01-01"; + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; + index = { + prefix = "index_"; + period = "24h"; + }; + } + ]; + }; + + storage_config = { + filesystem = { + directory = "/var/lib/loki/chunks"; + }; + }; + + chunk_store_config = { + chunk_cache_config = { + redis = { + endpoint = "127.0.0.1:6385"; + password = "loki"; + db = 0; + timeout = "500ms"; + expiration = "24h"; + }; + }; + }; + + compactor = { + working_directory = "/var/lib/loki/compactor"; + retention_enabled = true; + delete_request_store = "filesystem"; + }; + + limits_config = { + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + retention_period = "720h"; + }; + + query_range = { + cache_results = true; + results_cache = { + cache = { + redis = { + endpoint = "127.0.0.1:6385"; + password = "loki"; + db = 0; + timeout = "500ms"; + expiration = "1h"; + }; + }; + }; + }; + + ruler = { + enable_api = true; + alertmanager_url = "http://127.0.0.1:9093"; + storage = { + type = "local"; + local = { + directory = "${pkgs.writeTextDir "fake/homelab.yaml" (lib.generators.toYAML {} { + groups = [ + { + name = "homelab"; + interval = "1m"; + rules = [ + { + alert = "HostDown"; + expr = ''absent_over_time({host="viola"}[10m])''; + for = "10m"; + labels = {severity = "critical";}; + annotations = { + summary = "Host viola not sending logs"; + }; + } + { + alert = "OOMKiller"; + expr = ''count_over_time({host="viola"} |= "Out of memory: Killed process" [5m]) > 0''; + labels = {severity = "warning";}; + annotations = { + summary = "OOM killer fired on viola"; + }; + } + ]; + } + ]; + })}"; + }; + }; + }; + }; + }; + }; +} diff --git a/viola/services/microbin.nix b/viola/services/microbin.nix new file mode 100644 index 0000000..a79a074 --- /dev/null +++ b/viola/services/microbin.nix @@ -0,0 +1,18 @@ +{config, ...}: { + services = { + microbin = { + enable = true; + passwordFile = toString config.sops.secrets.microbinPass; + settings = { + MICROBIN_PORT = 8080; + MICROBIN_BIND = "[::]"; + MICROBIN_PUBLIC_PATH = "bin.hand7s.org"; + MICROBIN_READONLY = true; + MICROBIN_ENABLE_BURN_AFTER = true; + MICROBIN_DEFAULT_BURN_AFTER = 100; + MICROBIN_DEFAULT_EXPIRY = "1week"; + MICROBIN_QR = true; + }; + }; + }; +} diff --git a/viola/services/mimir.nix b/viola/services/mimir.nix new file mode 100644 index 0000000..0e93a63 --- /dev/null +++ b/viola/services/mimir.nix @@ -0,0 +1,124 @@ +{ + lib, + pkgs, + ... +}: { + services = { + mimir = { + enable = true; + + configuration = { + multitenancy_enabled = false; + + target = "all"; + server = { + http_listen_port = 9009; + }; + + common = { + storage = { + backend = "filesystem"; + filesystem = { + dir = "/var/lib/mimir"; + }; + }; + }; + + blocks_storage = { + backend = "filesystem"; + filesystem = { + dir = "/var/lib/mimir/blocks"; + }; + + tsdb = { + dir = "/var/lib/mimir/tsdb"; + }; + }; + + compactor = { + data_dir = "/var/lib/mimir/compactor"; + }; + + ingester = { + ring = { + instance_addr = "127.0.0.1"; + replication_factor = 1; + kvstore = { + store = "memberlist"; + }; + }; + }; + + store_gateway = { + sharding_ring = { + replication_factor = 1; + }; + }; + + ruler = { + alertmanager_url = "http://127.0.0.1:9093"; + }; + + ruler_storage = { + backend = "local"; + local = { + directory = "${pkgs.writeTextDir "anonymous/homelab.yml" (lib.generators.toYAML {} { + groups = [ + { + name = "homelab"; + interval = "1m"; + rules = [ + { + alert = "HighDiskUsage"; + expr = '' + (1 - node_btrfs_device_unused_bytes / node_btrfs_device_size_bytes) * 100 > 85 + ''; + for = "5m"; + labels = {severity = "warning";}; + annotations = { + summary = "High disk usage on {{ $labels.instance }}"; + }; + } + { + alert = "HighMemoryUsage"; + expr = '' + (1 - node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes) * 100 > 90 + ''; + for = "5m"; + labels = {severity = "warning";}; + annotations = { + summary = "High memory usage on {{ $labels.instance }}"; + }; + } + { + alert = "HighCpuUsage"; + expr = '' + 100 - (avg by (instance) (rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80 + ''; + for = "5m"; + labels = {severity = "warning";}; + annotations = { + summary = "High CPU usage on {{ $labels.instance }}"; + }; + } + { + alert = "ServiceDown"; + expr = '' + node_systemd_unit_state{state="active"} == 0 + ''; + for = "2m"; + labels = {severity = "critical";}; + annotations = { + summary = "Service {{ $labels.name }} is down on {{ $labels.instance }}"; + }; + } + ]; + } + ]; + })}"; + }; + }; + }; + }; + }; +} diff --git a/viola/services/openssh.nix b/viola/services/openssh.nix index 0abb7bf..e136f96 100644 --- a/viola/services/openssh.nix +++ b/viola/services/openssh.nix @@ -5,7 +5,7 @@ allowSFTP = true; openFirewall = true; ports = [ - 47345 + 6969 ]; settings = { diff --git a/viola/services/postgresql.nix b/viola/services/postgresql.nix index 62c57bb..c9e502b 100644 --- a/viola/services/postgresql.nix +++ b/viola/services/postgresql.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { postgresql = { enable = true; @@ -44,12 +44,8 @@ "zitadel" ]; - initialScript = ""; # nope - - authentication = ""; #nope - settings = { - port = "${dbport}"; + port = "????"; }; }; }; diff --git a/viola/services/privatebin.nix b/viola/services/privatebin.nix deleted file mode 100644 index 0db50ad..0000000 --- a/viola/services/privatebin.nix +++ /dev/null @@ -1,43 +0,0 @@ -{...}: { - services = { - privatebin = { - enable = true; - enableNginx = true; - virtualHost = "bin.hand7s.org"; - settings = { - main = { - name = "hand7s bin"; - discussion = false; - qrcode = false; - compression = "none"; - defaultformatter = "plaintext"; - fileupload = false; - languageselection = false; - password = true; - sizelimit = 10 * 1000 * 1000; - template = "bootstrap5"; - }; - - expire = { - default = "1week"; - clone = false; - }; - - formatter_options = { - markdown = "Markdown"; - plaintext = "Plain Text"; - syntaxhighlighting = "Source Code"; - }; - - traffic = { - limit = 5; - }; - - purge = { - limit = 0; - batchsize = 10; - }; - }; - }; - }; -} diff --git a/viola/services/redis.nix b/viola/services/redis.nix index 75fdfed..c0ce477 100644 --- a/viola/services/redis.nix +++ b/viola/services/redis.nix @@ -5,47 +5,11 @@ servers = { "forgejo" = { enable = true; - port = "${cacheport1}"; + port = 6381; logLevel = "warning"; databases = 16; maxclients = 10000; - requirePass = "${cachepass1}"; - - settings = { - stop-writes-on-bgsave-error = "yes"; - rdbcompression = "yes"; - rdbchecksum = "yes"; - - maxmemory = "1GB"; - maxmemory-policy = "volatile-lru"; - maxmemory-samples = 3; - }; - - save = [ - [ - 900 - 1 - ] - - [ - 300 - 10 - ] - - [ - 60 - 1000 - ] - ]; - }; - - "woodpecker" = { - enable = false; - port = "${cacheport2}"; - logLevel = "warning"; - databases = 16; - maxclients = 10000; - requirePass = "${cachepass2}"; + requirePass = "forgejo"; settings = { stop-writes-on-bgsave-error = "yes"; @@ -77,11 +41,11 @@ "stalwart" = { enable = true; - port = "${cacheport3}"; + port = 6382; logLevel = "warning"; databases = 16; maxclients = 10000; - requirePass = "${cachepass3}"; + requirePass = lib.hashString "md5" "stalwart"; settings = { stop-writes-on-bgsave-error = "yes"; @@ -113,11 +77,11 @@ "zitadel" = { enable = true; - port = "${cacheport4}"; + port = 6383; logLevel = "warning"; databases = 16; maxclients = 10000; - requirePass = "${cachepass4}"; + requirePass = lib.hashString "md5" "zitadel"; settings = { stop-writes-on-bgsave-error = "yes"; @@ -146,6 +110,114 @@ ] ]; }; + + "traefik" = { + enable = true; + port = 6384; + logLevel = "warning"; + databases = 16; + maxclients = 10000; + requirePass = lib.hashString "md5" "traefik"; + + settings = { + stop-writes-on-bgsave-error = "yes"; + rdbcompression = "yes"; + rdbchecksum = "yes"; + + maxmemory = "1GB"; + maxmemory-policy = "volatile-lru"; + maxmemory-samples = 3; + }; + + save = [ + [ + 900 + 1 + ] + + [ + 300 + 10 + ] + + [ + 60 + 1000 + ] + ]; + }; + + "loki" = { + enable = true; + port = 6385; + logLevel = "warning"; + databases = 16; + maxclients = 10000; + requirePass = lib.hashString "md5" "loki"; + + settings = { + stop-writes-on-bgsave-error = "yes"; + rdbcompression = "yes"; + rdbchecksum = "yes"; + + maxmemory = "1GB"; + maxmemory-policy = "allkeys-lru"; + maxmemory-samples = 3; + }; + + save = [ + [ + 900 + 1 + ] + + [ + 300 + 10 + ] + + [ + 60 + 1000 + ] + ]; + }; + + "mimir" = { + enable = true; + port = 6386; + logLevel = "warning"; + databases = 16; + maxclients = 10000; + requirePass = lib.hashString "md5" "mimir"; + + settings = { + stop-writes-on-bgsave-error = "yes"; + rdbcompression = "yes"; + rdbchecksum = "yes"; + + maxmemory = "1GB"; + maxmemory-policy = "allkeys-lru"; + maxmemory-samples = 3; + }; + + save = [ + [ + 900 + 1 + ] + + [ + 300 + 10 + ] + + [ + 60 + 1000 + ] + ]; + }; }; }; }; diff --git a/viola/services/resolved.nix b/viola/services/resolved.nix new file mode 100644 index 0000000..8c268e8 --- /dev/null +++ b/viola/services/resolved.nix @@ -0,0 +1,39 @@ +_: { + services = { + resolved = { + enable = true; + dnsovertls = "true"; + dnssec = "true"; + llmnr = "true"; + domains = [ + "~." + ]; + + fallbackDns = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; + }; +} diff --git a/viola/services/stalwart.nix b/viola/services/stalwart.nix index 9523498..4ef544f 100644 --- a/viola/services/stalwart.nix +++ b/viola/services/stalwart.nix @@ -1,87 +1,118 @@ -_: { +{config, ...}: { services = { - stalwart-mail = { + stalwart = { enable = true; settings = { - acme = { - "cloudflare" = { - default = true; - challenge = "dns-01"; - provider = "cloudflare"; - origin = "hand7s.org"; - secret = "${mail_secret}"; - contact = [ - "me@hand7s.org" - ]; - - email = "me@hand7s.org"; - directory = "https://acme-staging-v02.api.letsencrypt.org/directory"; - domains = [ - "mail.hand7s.org" - ]; - }; - }; - server = { - hostname = "mail.hand7s.org"; + allowed-ip = [ + "127.0.0.1" + "100.109.201.146" + "192.168.1.0/24" + ]; + + auto-ban = { + enable = false; + unban-after = "1h"; + }; proxy = { trusted-networks = [ + "127.0.0.0/8" "::1" - "100.109.213.170/16" + "100.109.201.146" ]; }; + hostname = "mail.hand7s.org"; + + proxy-networks = [ + "127.0.0.1/32" + "100.109.201.146" + ]; + listener = { "lmtp" = { - bind = "[::]:24"; + bind = "0.0.0.0:24"; protocol = "lmtp"; }; "smtp" = { - bind = "[::]:25"; + bind = "0.0.0.0:25"; protocol = "smtp"; + proxy-protocol = true; }; "pop3" = { - bind = "[::]:110"; + bind = "0.0.0.0:110"; protocol = "pop3"; + proxy-protocol = true; }; "imap" = { - bind = "[::]:143"; + bind = "0.0.0.0:143"; protocol = "imap"; + proxy-protocol = true; + tls = { + enable = true; + implicit = false; + certificate = "default"; + }; }; "submissions" = { - bind = "[::]:465"; + bind = "0.0.0.0:465"; protocol = "smtp"; + proxy-protocol = true; + tls = { + certificate = "default"; + implicit = true; + enable = true; + }; }; "submission" = { - bind = "[::]:587"; + bind = "0.0.0.0:587"; protocol = "smtp"; + proxy-protocol = true; + tls = { + enable = true; + implicit = false; + certificate = "default"; + }; }; "imaptls" = { - bind = "[::]:993"; - protocol = "smtp"; + bind = "0.0.0.0:993"; + protocol = "imap"; + proxy-protocol = true; + tls = { + certificate = "default"; + implicit = true; + enable = true; + }; }; "pop3s" = { - bind = "[::]:995"; + bind = "0.0.0.0:995"; protocol = "pop3"; + proxy-protocol = true; + tls = { + certificate = "default"; + implicit = true; + enable = true; + }; }; "sieve" = { - bind = "[::]:4190"; + bind = "0.0.0.0:4190"; + proxy-protocol = true; protocol = "managesieve"; }; "management" = { protocol = "http"; bind = [ - "127.0.0.1:8980" + "0.0.0.0:8980" ]; }; }; @@ -102,18 +133,54 @@ _: { }; store = { - # nope - # i'm not redacting my main config - # here to show it here - # refer to stalwart mail - # ty + "postgresql" = { + type = "postgresql"; + host = "localhost"; + timeout = "15s"; + + tls = { + enable = false; + allow-invalid-certs = false; + }; + + pool = { + max-connections = 10; + }; + }; + + "redis" = { + type = "redis"; + redis-type = "single"; + urls = ''redis+unix:///run/redis-stalwart/redis.sock?password=${config.services."stalwart".settings.requirePass}''; + timeout = "180s"; + }; + }; + + oauth = { + "zitadel" = { + type = "oidc"; + issuer = "http://zitadel.hand7s.org:8443/.well-known/openid-configuration"; + tls-allow-invalid-certs = true; + }; + }; + + directory = { + "zitadel" = { + type = "oidc"; + timeout = "1s"; + issuer = "http://zitadel.hand7s.org:8443/.well-known/openid-configuration"; + tls-allow-invalid-certs = true; + }; }; authentication = { - fallback-admin = { - user = "admin"; - secret = "admin"; - }; + directories = [ + "zitadel" + ]; + + oauth = [ + "zitadel" + ]; }; tracer = { @@ -123,6 +190,14 @@ _: { level = "debug"; }; + otlp = { + enable = true; + type = "open-telemetry"; + endpoint = "http://127.0.0.1:4317"; + transport = "grpc"; + level = "info"; + }; + console = { enable = true; type = "console"; diff --git a/viola/services/sws.nix b/viola/services/sws.nix new file mode 100644 index 0000000..99d75cd --- /dev/null +++ b/viola/services/sws.nix @@ -0,0 +1,9 @@ +_: { + services = { + static-web-server = { + enable = true; + listen = "0.0.0.0:8180"; + root = "/home/hand7s/site"; + }; + }; +} diff --git a/viola/services/tempo.nix b/viola/services/tempo.nix new file mode 100644 index 0000000..6ebd89b --- /dev/null +++ b/viola/services/tempo.nix @@ -0,0 +1,90 @@ +_: { + services = { + tempo = { + enable = true; + + settings = { + server = { + http_listen_port = 3200; + grpc_listen_port = 9096; + }; + + distributor = { + receivers = { + otlp = { + protocols = { + grpc = { + endpoint = "0.0.0.0:4317"; + }; + + http = { + endpoint = "0.0.0.0:4318"; + }; + }; + }; + }; + }; + + ingester = { + lifecycler = { + ring = { + replication_factor = 1; + }; + }; + }; + + storage = { + trace = { + backend = "local"; + local = { + path = "/var/lib/tempo/blocks"; + }; + + block = { + version = "vParquet4"; + }; + + wal = { + path = "/var/lib/tempo/wal"; + }; + }; + }; + + compactor = { + compaction = { + block_retention = "720h"; + }; + }; + + metrics_generator = { + registry = { + external_labels = { + source = "tempo"; + }; + }; + + storage = { + path = "/var/lib/tempo/generator"; + remote_write = [ + { + url = "http://127.0.0.1:9009/api/v1/push"; + } + ]; + }; + }; + + overrides = { + defaults = { + metrics_generator = { + processors = [ + "service-graphs" + "span-metrics" + "local-blocks" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/viola/services/traefik.nix b/viola/services/traefik.nix new file mode 100644 index 0000000..0350407 --- /dev/null +++ b/viola/services/traefik.nix @@ -0,0 +1,197 @@ +{config, ...}: { + services = { + traefik = { + enable = true; + + environmentFiles = [ + config.sops.templates."traefik.env".path + ]; + + dynamicConfigOptions = { + http = { + routers = { + "home" = { + rule = "Host(`home.hand7s.org`)"; + service = "home-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "pass" = { + rule = "Host(`pass.hand7s.org`)"; + service = "pass-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "luci" = { + rule = "Host(`luci.hand7s.org`)"; + service = "luci-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "sync" = { + rule = "Host(`sync.hand7s.org`)"; + service = "sync-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + }; + + entryPoints = [ + "websecure" + ]; + }; + + services = { + "home-svc" = { + loadBalancer = { + servers = [ + { + url = "http://127.0.0.1:8080"; + } + ]; + }; + }; + + "pass-svc" = { + loadBalancer = { + servers = [ + { + url = "http://127.0.0.1:53353"; + } + ]; + }; + }; + + "sync-svc" = { + loadBalancer = { + servers = [ + { + url = "http://127.0.0.1:80"; + } + ]; + }; + }; + + "luci-svc" = { + loadBalancer = { + servers = [ + { + url = "http://192.168.1.2"; + } + ]; + }; + }; + }; + }; + }; + + staticConfigOptions = { + api = { + dashboard = true; + }; + + tracing = { + otlp = { + grpc = { + endpoint = "127.0.0.1:4317"; + insecure = true; + }; + }; + }; + + certificatesResolvers = { + "cloudflare" = { + acme = { + email = "litvinovb0@gmail.com"; + storage = "${config.services.traefik.dataDir}/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ + "1.1.1.1:53" + "8.8.8.8:53" + ]; + }; + }; + }; + }; + + log = { + level = "INFO"; + }; + + entryPoints = { + "web" = { + address = ":80"; + http = { + redirections = { + entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + }; + }; + + "websecure" = { + address = ":443"; + http = { + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/viola/services/vaultwarden.nix b/viola/services/vaultwarden.nix deleted file mode 100644 index cddc3d6..0000000 --- a/viola/services/vaultwarden.nix +++ /dev/null @@ -1,12 +0,0 @@ -_: { - services = { - vaultwarden = { - enable = true; - dbBackend = "postgresql"; - config = { - # holy private thing - # im NOT sharing it here - }; - }; - }; -} diff --git a/viola/services/woodpecker.nix b/viola/services/woodpecker.nix index c3fe436..2bfde39 100644 --- a/viola/services/woodpecker.nix +++ b/viola/services/woodpecker.nix @@ -1,19 +1,40 @@ -_: { +{lib, ...}: { services = { woodpecker-server = { - enable = false; + enable = true; environment = { - WOODPECKER_OPEN = "true"; + WOODPECKER_OPEN = toString true; + WOODPECKER_ADMINS = "s0me1newithhand7s"; WOODPECKER_DATABASE_DRIVER = "postgres"; - WOODPECKER_DATABASE_DATASOURCE = "${pqsql_socket}"; - WOODPECKER_SERVER_ADDR = "${ciport1}"; - WOODPECKER_GRPC_ADDR = "${ciport1}"; - WOODPECKER_HOST = "https://cicd.hand7s.org"; + WOODPECKER_SERVER_ADDR = ":53351"; + WOODPECKER_GRPC_ADDR = ":53352"; + WOODPECKER_HOST = "https://woodpecker.hand7s.org"; - WOODPECKER_FORGEJO = "true"; + WOODPECKER_AGENT_SECRET = lib.hashString "md5" "woodpeckerAgent"; + + WOODPECKER_FORGEJO = toString true; WOODPECKER_FORGEJO_URL = "https://git.hand7s.org"; - WOODPECKER_FORGEJO_CLIENT = "${cisecret1}"; - FORGEJO_SECRET = "${cisecret2}"; + WOODPECKER_FORGEJO_CLIENT = lib.hashString "md5" "replaceme1"; + WOODPECKER_FORGEJO_SECRET = lib.hashString "md5" "replaceme2"; + }; + }; + + woodpecker-agents = { + agents = { + "podman" = { + enable = true; + extraGroups = [ + "podman" + ]; + + environment = { + WOODPECKER_AGENT_SECRET = lib.hashString "md5" "woodpeckerAgent"; + WOODPECKER_SERVER = "localhost:53352"; + WOODPECKER_MAX_WORKFLOWS = "4"; + WOODPECKER_BACKEND = "docker"; + DOCKER_HOST = "unix:///var/run/podman/podman.sock"; + }; + }; }; }; }; diff --git a/viola/services/zitadel.nix b/viola/services/zitadel.nix index 9b1b65a..1c7566d 100644 --- a/viola/services/zitadel.nix +++ b/viola/services/zitadel.nix @@ -3,7 +3,6 @@ zitadel = { enable = true; tlsMode = "external"; - masterKeyFile = config.sops.secrets.zitadelMasterKey; steps = { FirstInstance = { @@ -24,7 +23,7 @@ PreferredLanguage = "en"; Email = { - Address = "me@hand7s.org"; + Address = "admin@hand7s.org"; Verified = true; }; }; @@ -38,8 +37,17 @@ ExternalDomain = "zitadel.hand7s.org"; ExternalSecure = true; + Machine = { + MachineID = { + Type = "static"; + Static = { + MachineID = 1; + }; + }; + }; + Log = { - Level = "debug"; + Level = "info"; }; Telemetry = { @@ -48,15 +56,7 @@ Database = { postgres = { - Host = "${dbhost}"; - Port = "${dbport}"; - Database = "zitadel"; - User = { - Username = "zitadel"; - SSL = { - Mode = "disable"; - }; - }; + Host = "localhost"; }; }; @@ -64,8 +64,8 @@ Connectors = { Redis = { Enabled = true; - Addr = "${cahceaddress}"; - Password = "${cahcepass}"; + Addr = "localhost:6383"; + Password = config.services.stalwart-mail.settings.requirePass; PoolSize = "900"; PoolTimeout = "1800s"; }; diff --git a/viola/systemd/tmpfiles/rules.nix b/viola/systemd/tmpfiles/rules.nix new file mode 100644 index 0000000..a9a94f5 --- /dev/null +++ b/viola/systemd/tmpfiles/rules.nix @@ -0,0 +1,9 @@ +_: { + systemd = { + tmpfiles = { + rules = [ + # chaos + ]; + }; + }; +} diff --git a/viola/users/users/hand7s.nix b/viola/users/users/hand7s.nix index 141b5a3..c80bf46 100644 --- a/viola/users/users/hand7s.nix +++ b/viola/users/users/hand7s.nix @@ -8,8 +8,17 @@ _: { initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/"; extraGroups = [ "wheel" + "networkmanager" "docker" ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; }; }; }; diff --git a/viola/virtualisation/docker.nix b/viola/virtualisation/docker.nix index 805ac30..b5b81d7 100644 --- a/viola/virtualisation/docker.nix +++ b/viola/virtualisation/docker.nix @@ -1,9 +1,11 @@ _: { virtualisation = { - docker = { + podman = { enable = true; - rootless = { - enable = true; + defaultNetwork = { + settings = { + dns_enabled = true; + }; }; }; }; diff --git a/wanda/environment/variables.nix b/wanda/environment/variables.nix index 9c47685..9fd91b8 100644 --- a/wanda/environment/variables.nix +++ b/wanda/environment/variables.nix @@ -1,7 +1,6 @@ {config, ...}: { environment = { variables = { - AMD_VULKAN_ICD = "AMDVLK"; HOSTNAME = config.networking.hostName; QT_QPA_PLATFORM = "wayland"; SDL_VIDEODRIVER = "wayland"; diff --git a/wanda/home-manager/users.nix b/wanda/home-manager/users.nix index ac58a26..0a5f3e3 100644 --- a/wanda/home-manager/users.nix +++ b/wanda/home-manager/users.nix @@ -4,13 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index self.inputs.noctalia.homeModules.default ]; diff --git a/wanda/networking/firewall.nix b/wanda/networking/firewall.nix index 1287f81..6659b35 100644 --- a/wanda/networking/firewall.nix +++ b/wanda/networking/firewall.nix @@ -3,6 +3,28 @@ _: { firewall = { allowPing = true; enable = true; + checkReversePath = false; + + interfaces = { + eno1 = rec { + allowedTCPPortRanges = [ + { + from = 1714; + to = 1764; + } + ]; + + allowedUDPPortRanges = allowedTCPPortRanges; + }; + + salt-hand7s-pc = rec { + allowedTCPPorts = [ + 6567 + ]; + + allowedUDPPorts = allowedTCPPorts; + }; + }; }; }; } diff --git a/wanda/networking/hostname.nix b/wanda/networking/hostname.nix index c91aef8..6fa24b6 100644 --- a/wanda/networking/hostname.nix +++ b/wanda/networking/hostname.nix @@ -1,5 +1,5 @@ _: { networking = { - hostName = "wanda"; + hostName = "wand"; }; } diff --git a/wanda/networking/hosts.nix b/wanda/networking/hosts.nix deleted file mode 100644 index 2ebdee6..0000000 --- a/wanda/networking/hosts.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - networking = { - hosts = { - # nope. - }; - }; -} diff --git a/wanda/security/pam/yubico.nix b/wanda/security/pam/yubico.nix index cd8a4a1..c172958 100644 --- a/wanda/security/pam/yubico.nix +++ b/wanda/security/pam/yubico.nix @@ -7,7 +7,7 @@ _: { mode = "challenge-response"; control = "sufficient"; id = [ - "1873055870" + "funnyID" ]; }; }; diff --git a/wanda/services/openssh.nix b/wanda/services/openssh.nix index 989beca..e136f96 100644 --- a/wanda/services/openssh.nix +++ b/wanda/services/openssh.nix @@ -5,7 +5,7 @@ allowSFTP = true; openFirewall = true; ports = [ - 48630 + 6969 ]; settings = { diff --git a/wanda/services/zerotier.nix b/wanda/services/zerotier.nix deleted file mode 100644 index 42e91a8..0000000 --- a/wanda/services/zerotier.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - services = { - zerotierone = { - enable = true; - joinNetworks = [ - # - ]; - }; - }; -} diff --git a/wanda/time/timeZone.nix b/wanda/time/timeZone.nix index cef1656..0bd1f2a 100644 --- a/wanda/time/timeZone.nix +++ b/wanda/time/timeZone.nix @@ -1,6 +1,5 @@ _: { time = { timeZone = "Europe/Moscow"; - hardwareClockInLocalTime = true; }; } diff --git a/wanda/users/users/hand7s.nix b/wanda/users/users/hand7s.nix index 39aed35..866be86 100644 --- a/wanda/users/users/hand7s.nix +++ b/wanda/users/users/hand7s.nix @@ -5,10 +5,18 @@ _: { description = "me"; isSystemUser = false; isNormalUser = true; - initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/"; + initialHashedPassword = lib.hashString "sha512" "hand7s"; extraGroups = [ "wheel" ]; + + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; }; }; }; diff --git a/wanda/users/users/root.nix b/wanda/users/users/root.nix index faa89b7..2039a85 100644 --- a/wanda/users/users/root.nix +++ b/wanda/users/users/root.nix @@ -1,8 +1,8 @@ -_: { +{lib, ...}: { users = { users = { "root" = { - initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0"; + initialHashedPassword = lib.hashString "sha512" "root"; }; }; };