diff options
43 files changed, 1136 insertions, 585 deletions
diff --git a/darwin/default.nix b/darwin/default.nix new file mode 100644 index 0000000..babf824 --- /dev/null +++ b/darwin/default.nix @@ -0,0 +1,8 @@ +{ self, unstable, ... }: + +{ + delta = self.lib.mkDarwin { + name = "delta"; + nixpkgs = unstable; + }; +} diff --git a/darwin/delta/configuration.nix b/darwin/delta/configuration.nix new file mode 100644 index 0000000..3f5e94a --- /dev/null +++ b/darwin/delta/configuration.nix @@ -0,0 +1,48 @@ +{ pkgs, ... }: + +{ + homebrew = { + enable = true; + + taps = [ + "dwarvesf/homebrew-tap" + ]; + + brews = [ + # Thunderbird requires GPGME in 'standard locations' + "gpgme" + ]; + + casks = [ + "bentobox" + "bettertouchtool" + "bitwarden" + "jetbrains-toolbox" + "jordanbaird-ice" + "karabiner-elements" + "kicad" # XXX: Nix one marked as broken on darwin + "little-snitch" + "macfuse" + "micro-snitch" + "monarch" + "notchnook" + "openmtp" + "orbstack" + "raycast" + "spotify" + "tailscale" + "transmission" + "transmission" + "vimmotion" + "vlc" + "yubico-yubikey-manager" + ]; + }; + + # Necessary for using flakes on this system. + nix.settings.experimental-features = "nix-command flakes"; + + # $ darwin-rebuild changelog + system.stateVersion = 5; + nixpkgs.hostPlatform = "aarch64-darwin"; +} diff --git a/flake.lock b/flake.lock index 365bda5..d687c32 100644 --- a/flake.lock +++ b/flake.lock @@ -1,42 +1,36 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, + "cl-nix-lite": { "locked": { - "lastModified": 1717279440, - "narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "717cc95983cdc357bc347d70be20ced21f935843", + "lastModified": 1728174978, + "narHash": "sha256-Grqqg+xuicANB85j0gNEXxi9SBKY7bzGeTuyi95eGcY=", + "owner": "hraban", + "repo": "cl-nix-lite", + "rev": "31cfe6275c341eb3120a99f4b1c8516c49a29d87", "type": "github" }, "original": { - "owner": "zhaofengli", - "repo": "attic", + "owner": "hraban", + "repo": "cl-nix-lite", "type": "github" } }, "colmena": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", "nixpkgs": [ "unstable" ], "stable": "stable" }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1731527002, + "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", "type": "github" }, "original": { @@ -48,16 +42,16 @@ "crane": { "inputs": { "nixpkgs": [ - "attic", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1717025063, - "narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=", + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", "owner": "ipetkov", "repo": "crane", - "rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", "type": "github" }, "original": { @@ -69,11 +63,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", "type": "github" }, "original": { @@ -85,11 +79,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -117,15 +111,16 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", + "lastModified": 1730663653, + "narHash": "sha256-kFCUWettiFHDIqxCWWQ9qY8pVh+Lj+XL0Giyy/kdomg=", + "owner": "hraban", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "e5b16676185cb7548581c852f51ce7f3a49bba5e", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "hraban", + "ref": "fixed-output", "repo": "flake-compat", "type": "github" } @@ -133,11 +128,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -180,17 +175,16 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "hydra", - "nix", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -207,11 +201,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -229,11 +223,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -246,11 +240,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -268,11 +262,11 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", "type": "github" }, "original": { @@ -281,22 +275,28 @@ "type": "github" } }, - "flake-utils": { + "flake-parts_6": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "flake-utils_2": { + "flake-utils": { "locked": { "lastModified": 1659877975, "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", @@ -311,13 +311,16 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -326,34 +329,36 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "inputs": { - "systems": "systems" + "systems": [ + "mac-app-util", + "systems" + ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" + "id": "flake-utils", + "type": "indirect" } }, - "flake-utils_5": { + "flake-utils_4": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -365,7 +370,7 @@ "git-hooks": { "inputs": { "flake-compat": "flake-compat_6", - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "neovim-nightly", "nixpkgs" @@ -376,11 +381,11 @@ ] }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -392,6 +397,28 @@ "gitignore": { "inputs": { "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ "neovim-nightly", "git-hooks", "nixpkgs" @@ -420,11 +447,11 @@ ] }, "locked": { - "lastModified": 1718018037, - "narHash": "sha256-03rLBd/lKecgaKz0j5ESUf9lDn5R0SJatZTKLL5unWE=", + "lastModified": 1733333617, + "narHash": "sha256-nMMQXREGvLOLvUa0ByhYFdaL0Jov0t1wzLbKjr05P2w=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "0ab08b23ce3c3f75fe9a5598756b6fb8bcf0b414", + "rev": "56f8ea8d502c87cf62444bec4ee04512e8ea24ea", "type": "github" }, "original": { @@ -440,11 +467,11 @@ ] }, "locked": { - "lastModified": 1718243258, - "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -455,15 +482,16 @@ }, "hydra": { "inputs": { + "libgit2": "libgit2", "nix": "nix", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1716479415, - "narHash": "sha256-WAJJ4UL3hsqsfZ05cHthjEwItnv7Xy84r2y6lzkBMh8=", + "lastModified": 1733444895, + "narHash": "sha256-r+t/0U8Pp6/Lvi3s3v8nDB9xCggvxFsnCEJ9TuZvVJc=", "owner": "NixOS", "repo": "hydra", - "rev": "b3e0d9a8b78d55e5fea394839524f5a24d694230", + "rev": "250668a19fa4d8ff9a6176ee6c44ca3003adedf1", "type": "github" }, "original": { @@ -474,11 +502,11 @@ }, "impermanence": { "locked": { - "lastModified": 1717932370, - "narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -487,17 +515,44 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "unstable" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.1", + "repo": "lanzaboote", + "type": "github" + } + }, "lib-aggregate": { "inputs": { "flake-utils": "flake-utils_4", "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1717935050, - "narHash": "sha256-UWi8G3J+pS+9LVMdjrpLJwncdiMQWrnuUd5ygxCHeNc=", + "lastModified": 1734264809, + "narHash": "sha256-94fu5E0gM8aMY0bX/ix7BWGf/e/OfGjoCtNrJfwL0dM=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "1b6ea3be6ba37d4d3ba6e5041e2f152bb684ba2c", + "rev": "46bedda9e45f2735f41ec3c01cba2b8ce7ba9808", "type": "github" }, "original": { @@ -509,19 +564,57 @@ "libgit2": { "flake": false, "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "lastModified": 1715853528, + "narHash": "sha256-J2rCxTecyLbbDdsyBWn9w7r3pbKRMkI9E7RvRgAqBdY=", "owner": "libgit2", "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "rev": "36f7e21ad757a3dacc58cf7944329da6bc1d6e96", "type": "github" }, "original": { "owner": "libgit2", + "ref": "v1.8.1", "repo": "libgit2", "type": "github" } }, + "mac-app-util": { + "inputs": { + "cl-nix-lite": "cl-nix-lite", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2", + "systems": "systems_2" + }, + "locked": { + "lastModified": 1732920695, + "narHash": "sha256-1fxvJZUznwrmEtYqpPuWi2tPcL9kj6v7p1J7ZZncAPE=", + "owner": "hraban", + "repo": "mac-app-util", + "rev": "548672d0cb661ce11d08ee8bde92b87d2a75c872", + "type": "github" + }, + "original": { + "owner": "hraban", + "repo": "mac-app-util", + "type": "github" + } + }, + "madness-ld": { + "locked": { + "lastModified": 1720637547, + "narHash": "sha256-5MGG0iRBvP35VlcHvxVrapuLygZwHwMB3g0M0fWxz58=", + "owner": "antithesishq", + "repo": "madness", + "rev": "c22c9c03579b7175d94f63e44ee0e518bb5ccdba", + "type": "github" + }, + "original": { + "owner": "antithesishq", + "repo": "madness", + "type": "github" + } + }, "neovim-nightly": { "inputs": { "flake-compat": "flake-compat_5", @@ -531,14 +624,15 @@ "neovim-src": "neovim-src", "nixpkgs": [ "unstable" - ] + ], + "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1718424280, - "narHash": "sha256-Y1Bjk8e9KJQ+5gwxNcRSz4l6k0yDLQ28MZ9qoeEeCII=", + "lastModified": 1734377470, + "narHash": "sha256-2ICLd6Pc1ATA008wHi4k0JsV5mWM4jmEULINxdnd/+c=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "450744cea2778415ff8c23553d37048d01df6c5b", + "rev": "f54ecbd4dc854d955fa3a06cecf5217130b70f61", "type": "github" }, "original": { @@ -550,11 +644,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1718407238, - "narHash": "sha256-eJ0qrdEWH7WRwLTBIXIOYB/DvBHvgvm6x4bBonkzXLQ=", + "lastModified": 1734351849, + "narHash": "sha256-fRNSqRIwg/J46FA27cunOXgzBRZ7mfGDCtpdNI0MTtc=", "owner": "neovim", "repo": "neovim", - "rev": "199d852d9f8584217be38efb56b725aa3db62931", + "rev": "798f9284793ad9693c68352f5d07dafb73fd281e", "type": "github" }, "original": { @@ -565,44 +659,76 @@ }, "nix": { "inputs": { - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts", - "libgit2": "libgit2", + "flake-compat": [ + "hydra" + ], + "flake-parts": [ + "hydra" + ], + "git-hooks-nix": [ + "hydra" + ], + "libgit2": [ + "hydra", + "libgit2" + ], "nixpkgs": [ "hydra", "nixpkgs" ], - "nixpkgs-regression": "nixpkgs-regression", - "pre-commit-hooks": "pre-commit-hooks" + "nixpkgs-23-11": [ + "hydra" + ], + "nixpkgs-regression": [ + "hydra" + ] }, "locked": { - "lastModified": 1713874370, - "narHash": "sha256-gW1mO/CvsQQ5gvgiwzxsGhPFI/tx30NING+qgF5Do0s=", + "lastModified": 1726787955, + "narHash": "sha256-XFznzb8L4SdUm9u+w3DPpMWJhffuv+/6+aiVl00slns=", "owner": "NixOS", "repo": "nix", - "rev": "1c8150ac312b5f9ba1b3f6768ff43b09867e5883", + "rev": "a7fdef6858dd45b9d7bda7c92324c63faee7f509", "type": "github" }, "original": { "owner": "NixOS", - "ref": "2.22-maintenance", + "ref": "2.24-maintenance", "repo": "nix", "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1737085297, + "narHash": "sha256-0gpgsX7hCauT6pblVg+hrDnt83lPoYzq/2BqqyvU8Tc=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "09414c7e2def24a5c52e588017b8524bcb68972a", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_5", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_3", - "treefmt-nix": "treefmt-nix" + "nix-github-actions": "nix-github-actions_2", + "nixpkgs": "nixpkgs_4", + "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1717698186, - "narHash": "sha256-e3/cvm7bAn0RsTBcPfHwuYOi2lwoO4jpTn4nmMSvHfU=", + "lastModified": 1733909753, + "narHash": "sha256-5GChR6LKh6EwGXLfR3HLW2Z0AWoyce4Hyp3VB5C4FCk=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "b6169e08e76e10b673d1b54f944cddb1e7cbea97", + "rev": "b1f94fed4af8e7f30665a3bf8b369dc3b8a95884", "type": "github" }, "original": { @@ -616,14 +742,15 @@ "flake-parts": "flake-parts_4", "nixpkgs": [ "unstable" - ] + ], + "umu": "umu" }, "locked": { - "lastModified": 1718328127, - "narHash": "sha256-2ldscRIlStuv/fRmifXbvjlMpyVuy8Z9zhiDBRM6oe0=", + "lastModified": 1734313951, + "narHash": "sha256-DCjhmX5dVn11J8Ss+5Py4yMh8k7a63HakMENccGZBr4=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "2c9a664875b410d12282fed9043f4703b6fdb029", + "rev": "a5f8dee3f7e6864da0d69a227bc8a90a3cbf9d0f", "type": "github" }, "original": { @@ -635,17 +762,38 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-github-actions_2": { + "inputs": { + "nixpkgs": [ "nixpkgs-wayland", "nix-eval-jobs", "nixpkgs" ] }, "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", + "lastModified": 1731952509, + "narHash": "sha256-p4gB3Rhw8R6Ak4eMl8pqjCPOLCZRqaehZxdZ/mbFClM=", "owner": "nix-community", "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "rev": "7b5f051df789b6b20d259924d349a9ba3319b226", "type": "github" }, "original": { @@ -656,27 +804,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711401922, - "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=", + "lastModified": 1726688310, + "narHash": "sha256-Xc9lEtentPCEtxc/F1e6jIZsd4MPDYv4Kugl9WtXlz0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "07262b18b97000d16a4bdb003418bd2fb067a932", + "rev": "dbebdd67a6006bb145d98c8debf9140ac7e651d0", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-24.05-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-2311": { "locked": { - "lastModified": 1718229064, - "narHash": "sha256-ZFav8A9zPNfjZg/wrxh1uZeMJHELRfRgFP+meq01XYk=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5c2ec3a5c2ee9909904f860dadc19bc12cd9cc44", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -688,23 +836,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1717284937, - "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1717894324, - "narHash": "sha256-4q6ZO3BqHgdd3Aacb/xiQXB4g9TQKpQg/praTpD9vbI=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "13eac98dc5233fe7e52f0cd0e2cba7dcd77feca5", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -715,11 +863,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1718446532, - "narHash": "sha256-u73is+EmDoCg+6fRiRVm3491/Zbbnw4XUosxa6CNV/I=", + "lastModified": 1734391385, + "narHash": "sha256-qySKxm95i2LwZ9bsuGI++01DXVVwX/D+MX5HMsn4Saw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c339c066b893e5683830ba870b1ccd3bbea88ece", + "rev": "c16f43f97c059903ac4d07ad5c5e193beeaf1f7b", "type": "github" }, "original": { @@ -729,29 +877,13 @@ "type": "github" } }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { - "lastModified": 1711460390, - "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "44733514b72e732bd49f5511bd0203dea9b9a434", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", "type": "github" }, "original": { @@ -761,22 +893,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1717880976, - "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-wayland": { "inputs": { "flake-compat": "flake-compat_7", @@ -787,11 +903,11 @@ ] }, "locked": { - "lastModified": 1718399896, - "narHash": "sha256-32ukRcPI2W5exf4A7/ISqoKp+sL1MxdMjFt3I+8XS5Y=", + "lastModified": 1734366874, + "narHash": "sha256-DBB1cTb+gmjUpcR3Ki+qQbdQsHwBjW7FB7iOp39WF0g=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "422bb5c5106008418f499ca591c0138f73e213f4", + "rev": "7c76738f71e0d4a0365ad95ab3a09e236a655f30", "type": "github" }, "original": { @@ -802,27 +918,43 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1712848736, - "narHash": "sha256-CzZwhqyLlebljv1zFS2KWVH/3byHND0LfaO1jKsGuVo=", + "lastModified": 1732617236, + "narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1d6a23f11e44d0fb64b3237569b87658a9eb5643", + "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11-small", "repo": "nixpkgs", + "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1715037484, - "narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=", + "lastModified": 1736241350, + "narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1732238832, + "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ad7efee13e0d216bf29992311536fce1d3eefbef", + "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", "type": "github" }, "original": { @@ -832,13 +964,34 @@ "type": "github" } }, + "nixpkgs_5": { + "locked": { + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { + "inputs": { + "flake-parts": "flake-parts_6", + "nixpkgs": "nixpkgs_5", + "treefmt-nix": "treefmt-nix_3" + }, "locked": { - "lastModified": 1718447279, - "narHash": "sha256-1fDQmySl7Q9iEjAkIQl9xrKU4yb0XxpKMGy8WaAibBw=", + "lastModified": 1734392816, + "narHash": "sha256-c5+jESqfMDazS1U0fyfE/oea3PJUtz9QgdG3sdqAUP0=", "owner": "nix-community", "repo": "NUR", - "rev": "33e61fa0c96330985e302a0800fdc550caf5f1d7", + "rev": "4bb63c4c7ee2eb895a9c17c7e3a3252586f3ffa2", "type": "github" }, "original": { @@ -847,34 +1000,25 @@ "type": "github" } }, - "pre-commit-hooks": { + "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ - "hydra", - "nix" - ], - "flake-utils": "flake-utils_3", - "gitignore": [ - "hydra", - "nix" + "lanzaboote", + "flake-compat" ], + "gitignore": "gitignore", "nixpkgs": [ - "hydra", - "nix", + "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": [ - "hydra", - "nix", - "nixpkgs" - ] + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1712897695, - "narHash": "sha256-nMirxrGteNAl9sWiOhoN5tIHyjBbVi5e2tgZUgZlK3Y=", + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "40e6053ecb65fcbf12863338a6dcefb3f55f1bf8", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "type": "github" }, "original": { @@ -885,13 +1029,16 @@ }, "root": { "inputs": { - "attic": "attic", "colmena": "colmena", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "home-manager": "home-manager", "hydra": "hydra", "impermanence": "impermanence", + "lanzaboote": "lanzaboote", + "mac-app-util": "mac-app-util", + "madness-ld": "madness-ld", "neovim-nightly": "neovim-nightly", + "nix-darwin": "nix-darwin", "nix-gaming": "nix-gaming", "nixpkgs-2311": "nixpkgs-2311", "nixpkgs-master": "nixpkgs-master", @@ -905,17 +1052,41 @@ }, "rust": { "inputs": { - "flake-utils": "flake-utils_5", "nixpkgs": [ "unstable" ] }, "locked": { - "lastModified": 1718417877, - "narHash": "sha256-s8QrTANEtY6UxzfkcBfoN93bgW9aCRIq54LPRVNu/4c=", + "lastModified": 1734316514, + "narHash": "sha256-0aLx44yMblcOGpfFXKCzp2GhU5JaE6OTvdU+JYrXiUc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7c2d603cb67c974ef8c5cfee1150060dbb299e04", + "rev": "83ee8ff74d6294a7657320f16814754c4594127b", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", "type": "github" }, "original": { @@ -928,15 +1099,14 @@ "inputs": { "nixpkgs": [ "unstable" - ], - "nixpkgs-stable": "nixpkgs-stable_2" + ] }, "locked": { - "lastModified": 1718137936, - "narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=", + "lastModified": 1733965552, + "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c279dec105dd53df13a5e57525da97905cc0f0d6", + "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004", "type": "github" }, "original": { @@ -947,16 +1117,16 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } @@ -978,6 +1148,21 @@ }, "systems_2": { "locked": { + "lastModified": 1689347925, + "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=", + "owner": "nix-systems", + "repo": "default-darwin", + "rev": "2235d7e6cc29ae99878133c95e9fe5e157661ffb", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-darwin", + "type": "github" + } + }, + "systems_3": { + "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", @@ -994,17 +1179,59 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ + "neovim-nightly", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ "nixpkgs-wayland", "nix-eval-jobs", "nixpkgs" ] }, "locked": { - "lastModified": 1711963903, - "narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=", + "lastModified": 1723303070, + "narHash": "sha256-krGNVA30yptyRonohQ+i9cnK+CfCpedg6z3qzqVJcTs=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "14c092e0326de759e16b37535161b3cb9770cea3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", "type": "github" }, "original": { @@ -1013,13 +1240,38 @@ "type": "github" } }, + "umu": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "dir": "packaging/nix", + "lastModified": 1734207213, + "narHash": "sha256-5CZPAeKm24Y1BKnN8Md3HUViCMCs7AVghRC+05Bdlkk=", + "ref": "refs/heads/main", + "rev": "6189d0d9fd062e89a375db20aeae1d1c009e9833", + "revCount": 869, + "submodules": true, + "type": "git", + "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" + }, + "original": { + "dir": "packaging/nix", + "submodules": true, + "type": "git", + "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" + } + }, "unstable": { "locked": { - "lastModified": 1718318537, - "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -1031,11 +1283,11 @@ }, "unstable-small": { "locked": { - "lastModified": 1718419000, - "narHash": "sha256-v4+aJpRDbJil691DXo5SydqowcB01B6E9+wFH/pNk6k=", + "lastModified": 1734318609, + "narHash": "sha256-VPbVfHSvFs58T+kbseS7wa9WP6p2z7RJmjTnV4pAPQ0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "24b048f70e34020c93ed7c11491bc050ff6eb142", + "rev": "66cdf593c0041cf1efc9b2889d80c9a5c497b284", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c6c7350..67e1701 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,8 @@ nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.11"; + nix-darwin.url = "github:LnL7/nix-darwin"; + home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "unstable"; @@ -20,15 +22,20 @@ impermanence.url = "github:nix-community/impermanence"; + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1"; + lanzaboote.inputs.nixpkgs.follows = "unstable"; + sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "unstable"; + madness-ld.url = "github:antithesishq/madness"; + flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; hydra.url = "github:NixOS/hydra"; - attic.url = "github:zhaofengli/attic"; + mac-app-util.url = "github:hraban/mac-app-util"; neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; neovim-nightly.inputs.nixpkgs.follows = "unstable"; @@ -50,6 +57,8 @@ nixosConfigurations = import ./nixos inputs; + darwinConfigurations = import ./darwin inputs; + homeConfigurations = import ./home inputs; colmena = self.lib.mkColmenaFromNixOSConfigurations self.nixosConfigurations; diff --git a/home/configs/delta/remirin.nix b/home/configs/delta/remirin.nix new file mode 100644 index 0000000..aa6eac3 --- /dev/null +++ b/home/configs/delta/remirin.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: + +{ + config = { + activeProfiles = [ + "base" + "darwin" +# "gui" +# "browsing" + "development" + "communication" +# "multimedia" +# "creative" + "research" +# "security" +# "gaming" + ]; + + programs.htop.settings.detailed_cpu_time = true; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.gnupg.home = "/Users/remirin/.gnupg"; + }; +} diff --git a/home/configs/haruka/sefidel.nix b/home/configs/haruka/sefidel.nix index 22e53e9..9782020 100644 --- a/home/configs/haruka/sefidel.nix +++ b/home/configs/haruka/sefidel.nix @@ -17,7 +17,7 @@ profiles.gui = { laptop.enable = true; font = { - name = "ProFont"; + name = "Iosevka Term NF"; pixelSize = 14; }; }; diff --git a/home/default.nix b/home/default.nix index 0d414f3..2bb23a1 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,4 +1,4 @@ -{ self, unstable, ... } @ inputs: +{ self, unstable, nixpkgs-2311, ... } @ inputs: { "sefidel@alpha" = self.lib.mkHome { @@ -9,7 +9,7 @@ overlays = with inputs; [ rust.overlays.default neovim-nightly.overlays.default - nur.overlay + nur.overlays.default nixpkgs-wayland.overlay ]; }; @@ -42,15 +42,8 @@ overlays = with inputs; [ rust.overlays.default neovim-nightly.overlays.default - nur.overlay + nur.overlays.default nixpkgs-wayland.overlay - # TODO: fractional scaling is broken on 1.8+ - (final: prev: - let - nixpkgs2311 = import nixpkgs-2311 { system = "x86_64-linux"; }; - in { - sway-unwrapped = nixpkgs2311.pkgs.sway-unwrapped; - }) ]; }; @@ -73,6 +66,38 @@ version = "23.11"; }; + "remirin@delta" = self.lib.mkHome { + username = "remirin"; + hostname = "delta"; + homeDirectory = "/Users/remirin"; + pkgs = import unstable { + system = "aarch64-apple-darwin"; + overlays = with inputs; [ + rust.overlays.default + neovim-nightly.overlays.default + nur.overlays.default + ]; + }; + + extraModules = [ + ./profiles/populate.nix + ./profiles/base + ./profiles/darwin + ./profiles/browsing + ./profiles/development + ./profiles/communication + ./profiles/multimedia + ./profiles/creative + ./profiles/research + ./profiles/security + + inputs.mac-app-util.homeManagerModules.default + inputs.sops-nix.homeManagerModules.sops + ]; + + version = "25.05"; + }; + "sefidel@cobalt" = self.lib.mkHome { username = "sefidel"; hostname = "cobalt"; diff --git a/home/profiles/base/default.nix b/home/profiles/base/default.nix index 5e01ca0..a2e44c9 100644 --- a/home/profiles/base/default.nix +++ b/home/profiles/base/default.nix @@ -23,14 +23,17 @@ in # Airport AIRPORT_USER = "20963"; AIRPORT_HOST = "hk-s020.rsync.net"; + + # TODO: https://github.com/nix-community/home-manager/pull/5901 + SSH_AUTH_SOCK = lib.mkIf (config.services.gpg-agent.enable && pkgs.stdenv.isDarwin) "$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)"; }; home.keyboard.layout = "us"; home.packages = [ # Nix Tools + pkgs.nh pkgs.nix-index pkgs.nix-tree - pkgs.nix-top pkgs.nix-update pkgs.hydra-check @@ -48,6 +51,7 @@ in pkgs.procs pkgs.sops pkgs.tree + pkgs.units pkgs.neovim # Common build tools @@ -158,7 +162,7 @@ in }; } - { + (lib.mkIf pkgs.stdenv.isLinux { name = "doas-zsh-plugin"; src = pkgs.fetchFromGitHub { owner = "anatolykopyl"; @@ -167,6 +171,18 @@ in sha256 = "sha256-10rcF9cho9GuZCFQVIdFjvHCAlTLHNaLY4twxjT2jcE="; }; file = "doas.plugin.zsh"; + }) + + (lib.mkIf pkgs.stdenv.isDarwin { + name = "sudo-zsh-plugin"; + src = pkgs.oh-my-zsh.src; + file = "plugins/sudo/sudo.plugin.zsh"; + }) + + { + name = "zsh-vi-mode"; + src = pkgs.zsh-vi-mode; + file = "share/zsh-vi-mode/zsh-vi-mode.plugin.zsh"; } ]; @@ -244,9 +260,9 @@ in ''; services = { - gpg-agent = lib.mkIf pkgs.stdenv.isLinux { + gpg-agent = { enable = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentryPackage = lib.mkIf pkgs.stdenv.isLinux pkgs.pinentry-gnome3; defaultCacheTtl = 3600; defaultCacheTtlSsh = 3600; maxCacheTtl = 86400; diff --git a/home/profiles/browsing/default.nix b/home/profiles/browsing/default.nix index e2baa0a..5634b34 100644 --- a/home/profiles/browsing/default.nix +++ b/home/profiles/browsing/default.nix @@ -98,6 +98,7 @@ in extensions = with pkgs.nur.repos.rycee.firefox-addons; [ bitwarden + consent-o-matic kagi-search tridactyl ]; diff --git a/home/profiles/communication/default.nix b/home/profiles/communication/default.nix index 4a287ee..38d14b1 100644 --- a/home/profiles/communication/default.nix +++ b/home/profiles/communication/default.nix @@ -25,7 +25,7 @@ in }; config = lib.mkIf cfg.enable (lib.mkMerge [ - # TODO: is this needed? + # TODO: also configure mail in Darwin (lib.mkIf pkgs.stdenv.isLinux { sops.secrets.sef-email-password = { }; @@ -407,10 +407,8 @@ in ispell urlscan - discord-canary + discord element-desktop - kiwitalk - nheko slack (weechat.override { configure = { availablePlugins, ... }: { @@ -426,9 +424,14 @@ in }) ]; - nixpkgs.allowedUnfree = [ "slack" "discord-canary" ]; + nixpkgs.allowedUnfree = [ "slack" "discord" ]; xdg.configFile."Element/config.json".text = builtins.toJSON (import ./element-config.nix); } + (lib.mkIf pkgs.stdenv.isDarwin { + home.packages = with pkgs; [ + thunderbird-latest-unwrapped + ]; + }) ]); } diff --git a/home/profiles/darwin/default.nix b/home/profiles/darwin/default.nix new file mode 100644 index 0000000..989beb1 --- /dev/null +++ b/home/profiles/darwin/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: +let cfg = config.profiles.darwin; +in +{ + options.profiles.darwin = { + enable = lib.mkEnableOption + "Profile for darwin-related packages"; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + pkgs.iterm2 + # pkgs.karabiner-elements # Package 'damaged', even with trampoline + ]; + + }; +} diff --git a/home/profiles/development/default.nix b/home/profiles/development/default.nix index 15cec65..dbc3767 100644 --- a/home/profiles/development/default.nix +++ b/home/profiles/development/default.nix @@ -41,7 +41,7 @@ in init.defaultBranch = "main"; pull.rebase = true; - merge.conflictStyle = "diff3"; + merge.conflictStyle = "zdiff3"; mergetool.fugitive = { cmd = ''nvim -f -c "Gvdiffsplit!" "$MERGED"''; @@ -222,7 +222,6 @@ in pkgs.du-dust pkgs.deploy-rs pkgs.dnsutils - pkgs.gdb # TODO: https://github.com/cli/cli/issues/4955 pkgs.gh pkgs.git-annex @@ -233,7 +232,6 @@ in pkgs.ouch pkgs.tcpdump pkgs.tokei - pkgs.valgrind pkgs.mtr pkgs.nil pkgs.nixpkgs-fmt @@ -244,6 +242,7 @@ in pkgs.rust-analyzer pkgs.sd pkgs.tig + pkgs.wireshark pkgs.xh pkgs.cargo-play pkgs.cargo-edit @@ -262,6 +261,10 @@ in pkgs.pkg-config (pkgs.python3.withPackages (ps: with ps; [ pynvim ])) pkgs.gopls + ] ++ lib.optionals (pkgs.stdenv.isLinux) [ + pkgs.gdb + pkgs.kicad # Marked as broken on Darwin + pkgs.valgrind # Marked as broken on Darwin ]; }; } diff --git a/home/profiles/fonts/default.nix b/home/profiles/fonts/default.nix index 3f4edab..b886d78 100644 --- a/home/profiles/fonts/default.nix +++ b/home/profiles/fonts/default.nix @@ -10,12 +10,15 @@ in config = lib.mkIf cfg.enable { home.packages = with pkgs; [ dina-font + iosevka sarasa-gothic #siji # TODO: bitmap font conflict jetbrains-mono twemoji-color-font emacs-all-the-icons-fonts - (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) + nerd-fonts.iosevka + nerd-fonts.iosevka-term + nerd-fonts.jetbrains-mono ]; fonts.fontconfig.enable = true; diff --git a/home/profiles/gui/config/dunst.nix b/home/profiles/gui/config/dunst.nix deleted file mode 100644 index f6e80b3..0000000 --- a/home/profiles/gui/config/dunst.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, neotheme }: - -with neotheme.colors; - -let - guiCfg = config.profiles.gui; -in -{ - global = { - padding = 8; - width = "330"; - origin = "top-right"; - offset = "8x25"; - notification_limit = 5; - frame_width = 2; - vertical_alignment = "center"; - horizontal_padding = 8; - icon_position = "left"; - corner_radius = 10; - - markup = "full"; - word_wrap = true; - show_indicators = false; - format = "<b>%s</b>\\n\\n%b"; - font = "${guiCfg.font.name} ${toString guiCfg.font.size}"; - frame_color = "#${color3}"; - separator_color = "auto"; - max_icon_size = 80; - }; - - urgency_low = { - foreground = "#${foreground}"; - background = "#${background}"; - frame_color = "#${color4}"; - timeout = 4; - }; - - urgency_normal = { - foreground = "#${foreground}"; - background = "#${background}"; - frame_color = "#${color3}"; - timeout = 8; - }; - - urgency_critical = { - foreground = "#${foreground}"; - background = "#${background}"; - frame_color = "#${color1}"; - }; -} diff --git a/home/profiles/gui/config/mako.nix b/home/profiles/gui/config/mako.nix new file mode 100644 index 0000000..a471a6a --- /dev/null +++ b/home/profiles/gui/config/mako.nix @@ -0,0 +1,45 @@ +{ config, neotheme }: + +with neotheme.colors; + +let + guiCfg = config.profiles.gui; +in +{ + anchor = "top-right"; + width = 330; + padding = "8"; + margin = "16,8"; + borderRadius = 10; + borderSize = 2; + + borderColor = "#${color3}"; + backgroundColor = "#${background}"; + textColor = "#${foreground}"; + progressColor = "over #${color5}"; + + markup = true; + font = "${guiCfg.font.name} ${toString guiCfg.font.size}"; + + maxVisible = 5; + + extraConfig = '' + [urgency=low] + border-color=#${color4} + default-timeout=4000 + + [urgency=normal] + border-color=#${color3} + default-timeout=8000 + + [urgency=critical] + border-color=#${color1} + default-timeout=0 + + [app-name=yubikey-touch-detector] + anchor=bottom-center + text-alignment=center + padding=32 + + ''; +} diff --git a/home/profiles/gui/config/sway.nix b/home/profiles/gui/config/sway.nix index 36b1b95..162be7d 100644 --- a/home/profiles/gui/config/sway.nix +++ b/home/profiles/gui/config/sway.nix @@ -70,6 +70,11 @@ in # floating bindsym $mod+f floating toggle + bindsym $mod+Shift+f move position center + + # scratchpad + bindsym $mod+grave scratchpad show; focus + bindsym $mod+shift+grave move scratchpad # kill focused bindsym $mod+w kill @@ -84,6 +89,7 @@ in for_window [window_type="dialog"] floating enable for_window [window_type="menu"] floating enable for_window [class="mpv"] floating enable + for_window [app_id="kicad"] floating enable for_window [class=".*"] inhibit_idle fullscreen for_window [app_id=".*"] title_format "" for_window [class=".*"] title_format "" @@ -200,6 +206,8 @@ in default_border pixel 3 hide_edge_borders --i3 smart gaps inner 8 + # TODO: https://github.com/swaywm/sway/issues/8102 + gaps right 2 smart_borders on set $color0 #${color0} @@ -250,9 +258,11 @@ in tap_button_map lmr #1Finger > Left Click , 2Finger > Right Click, 3Fingers > MiddleClick } - input "1149:8264:Primax_Kensington_Eagle_Trackball" { - accel_profile flat - pointer_accel 0 + # Kensington Slimblade Pro + # TODO: directly handle device? + input "4012:6878:keyd_virtual_pointer" { + accel_profile adaptive + pointer_accel -0.7 } input type:keyboard { diff --git a/home/profiles/gui/config/waybar/settings.nix b/home/profiles/gui/config/waybar/settings.nix index 9470824..341a1b3 100644 --- a/home/profiles/gui/config/waybar/settings.nix +++ b/home/profiles/gui/config/waybar/settings.nix @@ -1,4 +1,4 @@ -{ config, lib, neotheme }: +{ config, lib, pkgs, neotheme }: with neotheme.colors; @@ -10,7 +10,7 @@ in position = "top"; height = 22; modules-left = [ "wireplumber" "custom/separator" "cpu" "custom/separator" "memory" "custom/separator" "idle_inhibitor" ]; - modules-center = [ "sway/workspaces" ]; + modules-center = [ "sway/workspaces" "custom/scratchpad-indicator" ]; modules-right = [ "group/tray" "custom/separator" "network" "custom/separator" ] ++ lib.optionals (guiCfg.laptop.enable) [ "battery" "custom/separator" ] ++ [ "clock" ]; @@ -96,6 +96,16 @@ in tooltip = false; }; + "custom/scratchpad-indicator" = { + format = "(+{})"; + interval = 3; + return-type = "json"; + hide-empty-text = true; + exec = "${pkgs.writeShellScript "scratchpad-indicator" (import ../../scripts/scratchpad-indicator.nix)}"; + on-click = "exec swaymsg scratchpad show"; + on-click-right = "exec swaymsg move scratchpad"; + }; + "custom/separator" = { format = "|"; interval = "once"; diff --git a/home/profiles/gui/config/waybar/style.nix b/home/profiles/gui/config/waybar/style.nix index 92eb772..1f5327e 100644 --- a/home/profiles/gui/config/waybar/style.nix +++ b/home/profiles/gui/config/waybar/style.nix @@ -73,6 +73,21 @@ in border-bottom: 1px solid #${bright0}; } + @keyframes blinkBattery { + to { + border-color: #${color3}; + } + } + + #battery.charging { + border-bottom: 1px solid transparent; + animation-name: blinkBattery; + animation-duration: 1s; + animation-timing-function: steps(12); + animation-iteration-count: infinite; + animation-direction: alternate; + } + #tray { /* TODO: https://github.com/Alexays/Waybar/issues/2906 */ margin: 0; @@ -92,6 +107,10 @@ in padding-right: 0.2rem; } + #custom-scratchpad-indicator { + color: #f0a0c0; + } + #custom-separator { color: #${alt1}; background-color: #${background}; diff --git a/home/profiles/gui/default.nix b/home/profiles/gui/default.nix index 838d2ab..966f2ba 100644 --- a/home/profiles/gui/default.nix +++ b/home/profiles/gui/default.nix @@ -66,8 +66,8 @@ in }; gtk = { - theme.dark = "Orchis-Dark-Compact"; - theme.light = "Orchis-Light-Compact"; + theme.dark = "Adwaita-dark"; + theme.light = "Adwaita"; iconTheme.dark = "Papirus-Dark"; iconTheme.light = "Papirus-Light"; }; @@ -76,7 +76,7 @@ in gtk.enable = true; gtk.iconTheme.package = pkgs.papirus-icon-theme; gtk.iconTheme.name = neotheme.gtk.iconTheme.dark; - gtk.theme.package = (pkgs.orchis-theme.override { tweaks = [ "primary" "compact" ]; }); + gtk.theme.package = pkgs.gnome-themes-extra; gtk.theme.name = neotheme.gtk.theme.dark; gtk.font.name = "${cfg.font.name} ${toString cfg.font.size}"; @@ -84,6 +84,7 @@ in home.packages = [ # Sway + pkgs.alsa-utils pkgs.autotiling pkgs.brightnessctl pkgs.blueberry @@ -105,26 +106,17 @@ in ]; home.sessionVariables = { - # Disabled as Element/Discord currently uses an old version of Electron - # that doesn't support IM. - # NIXOS_OZONE_WL = 1; # NOTE: might cause problems with old electron + NIXOS_OZONE_WL = 1; # NOTE: might cause problems with old electron _JAVA_AWT_WM_NONREPARENTING = 1; # Fix 'grey screen' issue on java apps SDL_VIDEODRIVER = "wayland"; + # TODO: https://github.com/qutebrowser/qutebrowser/discussions/7938 + QT_SCALE_FACTOR_ROUNDING_POLICY = "RoundPreferFloor"; }; wayland.windowManager.sway = { enable = true; - package = - if cfg.laptop.enable then - options.wayland.windowManager.sway.package.default.override - (prev: { - sway-unwrapped = prev.sway-unwrapped.override (s-prev: { - wlroots = s-prev.wlroots.overrideAttrs { - patches = [ ../../../overlays/patches/wlroots-displaylink/DisplayLink_v2.patch ]; - }; - }); - }) else options.wayland.windowManager.sway.package.default; + package = options.wayland.windowManager.sway.package.default; wrapperFeatures = { base = true; @@ -164,16 +156,45 @@ in waybar = { enable = config.wayland.windowManager.sway.enable; - settings = [ (import ./config/waybar/settings.nix { inherit config lib neotheme; }) ]; + settings = [ (import ./config/waybar/settings.nix { inherit config lib pkgs neotheme; }) ]; style = import ./config/waybar/style.nix { inherit config neotheme; }; }; }; services = { - dunst = { + darkman = { enable = true; - settings = import ./config/dunst.nix { inherit config neotheme; }; + settings = { + lat = 36.5; + lng = 127.2; + usegeoclue = true; + }; + + darkModeScripts = { + gtk-theme = '' + ${pkgs.dconf}/bin/dconf write \ + /org/gnome/desktop/interface/color-scheme "'prefer-dark'" + + ${pkgs.dconf}/bin/dconf write \ + /org/gnome/desktop/interface/gtk-theme "'${neotheme.gtk.theme.dark}'" + + ${pkgs.dconf}/bin/dconf write \ + /org/gnome/desktop/interface/icon-theme "'${neotheme.gtk.iconTheme.dark}'" + ''; + }; + lightModeScripts = { + gtk-theme = '' + ${pkgs.dconf}/bin/dconf write \ + /org/gnome/desktop/interface/color-scheme "'prefer-light'" + + ${pkgs.dconf}/bin/dconf write \ + /org/gnome/desktop/interface/gtk-theme "'${neotheme.gtk.theme.light}'" + + ${pkgs.dconf}/bin/dconf write \ + /org/gnome/desktop/interface/icon-theme "'${neotheme.gtk.iconTheme.light}'" + ''; + }; }; kanshi = { @@ -206,6 +227,10 @@ in ]; }; + mako = { + enable = true; + } // import ./config/mako.nix { inherit config neotheme; }; + swayidle = let # TODO: remove when >1.6.11 @@ -247,13 +272,7 @@ in { timeout = 270; command = "${pkgs.libnotify}/bin/notify-send -t 30000 'Locking screen in 30 seconds'"; } # 5m { timeout = 300; command = lockCommand; } - ] ++ lib.optionals (!cfg.laptop.enable) - [{ - # 10m (desktop only) - timeout = 600; - command = "${config.wayland.windowManager.sway.package}/bin/swaymsg 'output * dpms off'"; - resumeCommand = "${config.wayland.windowManager.sway.package}/bin/swaymsg 'output * dpms on'"; - }] ++ [ + ] ++ [ { # 10m on laptops, 15m on desktop timeout = if cfg.laptop.enable then 600 else 900; @@ -267,40 +286,6 @@ in latitude = "36.5"; longitude = "127.2"; }; - - darkman = { - enable = true; - settings = { - lat = 36.5; - lng = 127.2; - usegeoclue = true; - }; - - darkModeScripts = { - gtk-theme = '' - ${pkgs.dconf}/bin/dconf write \ - /org/gnome/desktop/interface/color-scheme "'prefer-dark'" - - ${pkgs.dconf}/bin/dconf write \ - /org/gnome/desktop/interface/gtk-theme "'${neotheme.gtk.theme.dark}'" - - ${pkgs.dconf}/bin/dconf write \ - /org/gnome/desktop/interface/icon-theme "'${neotheme.gtk.iconTheme.dark}'" - ''; - }; - lightModeScripts = { - gtk-theme = '' - ${pkgs.dconf}/bin/dconf write \ - /org/gnome/desktop/interface/color-scheme "'prefer-light'" - - ${pkgs.dconf}/bin/dconf write \ - /org/gnome/desktop/interface/gtk-theme "'${neotheme.gtk.theme.light}'" - - ${pkgs.dconf}/bin/dconf write \ - /org/gnome/desktop/interface/icon-theme "'${neotheme.gtk.iconTheme.light}'" - ''; - }; - }; }; }; } diff --git a/home/profiles/gui/scripts/aeroplane-mode.nix b/home/profiles/gui/scripts/aeroplane-mode.nix index 9f09c05..0b1ecf3 100644 --- a/home/profiles/gui/scripts/aeroplane-mode.nix +++ b/home/profiles/gui/scripts/aeroplane-mode.nix @@ -1,15 +1,13 @@ '' set -euo pipefail -rfkill_soft=$(rfkill -ro soft | tail -n +2 | sort -u) +radio_status=$(nmcli radio | tail -n +2 | awk 'OFS="\n" {print $2,$4}' | sort -u) -rfkill toggle all - -if [[ $rfkill_soft == "unblocked" ]]; then +if [[ $radio_status == "enabled" ]]; then + nmcli radio all off notify-send --urgency=critical "Aeroplane mode ACTIVATED" -elif [[ $rfkill_soft == "blocked" ]]; then - notify-send --urgency=critical "Aeroplane mode DEACTIVATED" else - notify-send --urgency=critical "WARN: RFKill was in inconsistent state. Aeroplane mode ACTIVATED" + nmcli radio all on + notify-send --urgency=low "Aeroplane mode DEACTIVATED" fi '' diff --git a/home/profiles/gui/scripts/scratchpad-indicator.nix b/home/profiles/gui/scripts/scratchpad-indicator.nix new file mode 100644 index 0000000..7ee66c3 --- /dev/null +++ b/home/profiles/gui/scripts/scratchpad-indicator.nix @@ -0,0 +1,18 @@ +'' +output="$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]?)|recurse(.floating_nodes[]?)|select(.name == "__i3_scratch").floating_nodes[]|"`<b>"+.name+"`</b> - "+.app_id+" "+(.id|tostring)')" +number="$(swaymsg -r -t get_tree | jq -r 'recurse(.nodes[]) | first(select(.name=="__i3_scratch")) | .floating_nodes | length')" + +if [ "$number" -gt 0 ]; then + text="$number" +else + text="" +fi + +output="$(echo "$output" | sed -r 's/[&]+/and/g')" # Replace unprintable & character with the word 'and' +tooltip="Scratchpad\n\n" +tooltip+="$(echo "$output" | sed -z 's/\n/\\n/g')" +tooltip=''${tooltip::-2} + +echo "{\"text\":\"$text\", \"tooltip\":\"$tooltip\"}" +exit 0 +'' diff --git a/home/profiles/research/default.nix b/home/profiles/research/default.nix index 2d98905..fd85282 100644 --- a/home/profiles/research/default.nix +++ b/home/profiles/research/default.nix @@ -31,8 +31,8 @@ in index-active-bg = "#dbd3c4"; index-active-fg = "#4f5058"; - highlight-color = "#d4ae80"; - highlight-active-color = "#8197bf"; + highlight-color = "#rgba(212,174,128,0.5)"; + highlight-active-color = "rgba(129,151,191,0.5)"; notification-bg = "#dbd3c4"; notification-fg = "#151515"; @@ -51,16 +51,12 @@ in }; home.packages = [ - pkgs.kicad pkgs.ltex-ls - pkgs.libreoffice pkgs.obsidian pkgs.pandoc - pkgs.tana pkgs.texlive.combined.scheme-small + pkgs.tinymist pkgs.typst - pkgs.typst-lsp - pkgs.typst-preview pkgs.websocat pkgs.nanum @@ -69,6 +65,6 @@ in # Let HM manage installed fonts fonts.fontconfig.enable = true; - nixpkgs.allowedUnfree = [ "obsidian" "tana" ]; + nixpkgs.allowedUnfree = [ "obsidian" ]; }; } diff --git a/home/profiles/security/default.nix b/home/profiles/security/default.nix index b64de22..2201f3e 100644 --- a/home/profiles/security/default.nix +++ b/home/profiles/security/default.nix @@ -12,7 +12,6 @@ in pkgs.yubikey-manager pkgs.age-plugin-yubikey - pkgs.keepassxc pkgs.bitwarden pkgs.bitwarden-cli @@ -20,5 +19,31 @@ in pkgs.protonvpn-gui ]; + + systemd.user = lib.mkIf pkgs.stdenv.isLinux { + sockets.yubikey-touch-detector = { + Unit.Description = "Unix socket activation for YubiKey touch detector service"; + Socket = { + ListenStream = "%t/yubikey-touch-detector.socket"; + RemoveOnStop = true; + }; + Install.WantedBy = [ "sockets.target" ]; + }; + + services.yubikey-touch-detector = { + Unit = { + Description = "Detects when your YubiKey is waiting for a touch"; + Requires = "yubikey-touch-detector.socket"; + }; + Service = { + ExecStart = "${lib.getExe pkgs.yubikey-touch-detector} --libnotify -v"; + EnvironmentFile = "-%E/yubikey-touch-detector/service.conf"; + }; + Install = { + Also = "yubikey-touch-detector.socket"; + WantedBy = [ "default.target" ]; + }; + }; + }; }; } diff --git a/lib/default.nix b/lib/default.nix index d437dc6..2ed3bca 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,7 +11,7 @@ let mylib = makeExtensible (self: mapModules ./. - (file: import file ({ inherit lib; } // inputs))); + (file: import file ({ inherit lib inputs; } // inputs))); in mylib.extend (self: super: diff --git a/lib/mk_darwin.nix b/lib/mk_darwin.nix new file mode 100644 index 0000000..1da4dc3 --- /dev/null +++ b/lib/mk_darwin.nix @@ -0,0 +1,23 @@ +{ self, unstable, nix-darwin, ... } @ args: +{ + mkDarwin = { name, nixpkgs ? unstable, system ? "aarch64-darwin", overlays ? null, extraModules ? null }: + nix-darwin.lib.darwinSystem ( + let + configFolder = "${self}/darwin"; + entryPoint = "${configFolder}/${name}/configuration.nix"; + in + { + system = system; + pkgs = import nixpkgs { inherit system; }; + + modules = [ + { + networking.hostName = name; + system.configurationRevision = self.rev or self.dirtyRev; + } + entryPoint + ] ++ nixpkgs.lib.optional (overlays != null) { nixpkgs.overlays = overlays; } + ++ nixpkgs.lib.optionals (extraModules != null) extraModules; + } + ); +} diff --git a/lib/mk_home.nix b/lib/mk_home.nix index d416787..b7f780e 100644 --- a/lib/mk_home.nix +++ b/lib/mk_home.nix @@ -1,6 +1,6 @@ { self, home-manager, unstable, ... } @ inputs: { - mkHome = { username, hostname, pkgs, version, extraModules ? null }: + mkHome = { username, hostname, homeDirectory ? "/home/${username}", pkgs, version, extraModules ? null }: let entrypoint = "${self}/home/configs/${hostname}/${username}.nix"; defaultModule = { lib, config, ... }: { @@ -14,8 +14,7 @@ }; home = { - inherit username; - homeDirectory = "/home/${username}"; + inherit username homeDirectory; stateVersion = version; }; }; diff --git a/modules/keyd-qol.nix b/modules/keyd-qol.nix index 2f720d7..23ea784 100644 --- a/modules/keyd-qol.nix +++ b/modules/keyd-qol.nix @@ -31,6 +31,25 @@ }; }; }; + + kensington_trackball = { + ids = [ + # Slimblade Pro + "047d:80d4" # Bluetooth + "047d:80d6" # 2.4Ghz + "047d:80d7" # Wired + ]; + settings = { + main = { + # MIDDLE / MOUSE1 + # LEFT / RIGHT + middlemouse = "middlemouse"; + mouse1 = "rightmouse"; + leftmouse = "leftmouse"; + rightmouse = "back"; + }; + }; + }; }; }; } diff --git a/modules/persistence.nix b/modules/persistence.nix index 3131d61..989bed0 100644 --- a/modules/persistence.nix +++ b/modules/persistence.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, inputs, lib, ... }: with lib; @@ -6,6 +6,10 @@ let cfg = config.modules.persistence; in { + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + options.modules.persistence = { enable = mkEnableOption "impermanence persistence"; @@ -17,6 +21,8 @@ in ''; }; + setupSshHostKeys = mkEnableOption "configure persistence for OpenSSH Host keys"; + directories = mkOption { type = types.listOf types.str; default = [ ]; @@ -28,7 +34,7 @@ in environment.persistence.${cfg.storagePath}.directories = cfg.directories; - services.openssh.hostKeys = [ + services.openssh.hostKeys = mkIf cfg.setupSshHostKeys [ { path = "${cfg.storagePath}/ssh/ssh_host_ed25519_key"; type = "ed25519"; diff --git a/modules/secure-boot.nix b/modules/secure-boot.nix new file mode 100644 index 0000000..7f079e4 --- /dev/null +++ b/modules/secure-boot.nix @@ -0,0 +1,28 @@ +{ config, inputs, pkgs, lib, ... }: + +let + cfg = config.modules.secure-boot; +in +{ + imports = [ + inputs.lanzaboote.nixosModules.lanzaboote + ]; + + options.modules.secure-boot = { + enable = lib.mkEnableOption "Secure boot with lanzaboote"; + }; + + config = lib.mkIf cfg.enable { + boot.lanzaboote.enable = true; + boot.lanzaboote.pkiBundle = "/etc/secureboot"; + + # Managed by lanzaboote + boot.loader.systemd-boot.enable = lib.mkForce false; + + modules.persistence.directories = [ + "/etc/secureboot" + ]; + + environment.systemPackages = [ pkgs.sbctl ]; + }; +} diff --git a/modules/services/atticd.nix b/modules/services/atticd.nix index ef79871..fe11074 100644 --- a/modules/services/atticd.nix +++ b/modules/services/atticd.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, inputs, lib, pkgs, ... }: with lib; let @@ -24,7 +24,7 @@ in (mkIf cfg.enable { services.atticd = { enable = true; - credentialsFile = cfg.secrets.attic-credentials; + environmentFile = cfg.secrets.attic-credentials; settings = { listen = "[::]:4005"; @@ -104,7 +104,7 @@ in # NOTE: currently this expects `attic/config.toml` to be manually # generated and placed on `/var/lib/atticd-watch-store` Environment = "XDG_CONFIG_HOME=/var/lib/atticd-watch-store"; - ExecStart = "${pkgs.attic}/bin/attic watch-store hydra"; + ExecStart = "${pkgs.attic-client}/bin/attic watch-store hydra"; Restart = "on-failure"; RestartSec = "5s"; ProtectKernelLogs = true; diff --git a/modules/services/blocky/grafana_blocky_rev3.json b/modules/services/blocky/grafana_blocky_rev3.json index e4e837c..01e6ea5 100644 --- a/modules/services/blocky/grafana_blocky_rev3.json +++ b/modules/services/blocky/grafana_blocky_rev3.json @@ -861,7 +861,7 @@ "datasource": { "uid": "5Z0Y8D3GXAMDODSF" }, - "description": "Number of occured errors", + "description": "Number of errors occurred", "fieldConfig": { "defaults": { "decimals": 0, diff --git a/modules/services/hydra.nix b/modules/services/hydra.nix index d0e5968..be30db3 100644 --- a/modules/services/hydra.nix +++ b/modules/services/hydra.nix @@ -9,7 +9,7 @@ in enable = mkEnableOption "Whether to enable Hydra, a Nix-based continuous build system"; baseURL = mkOption { type = types.str; - example = "https://hydra.kusanari.network"; + example = "https://hydra.kanata.network"; description = "The base URL for the Hydra webserver instance"; }; }; @@ -23,7 +23,7 @@ in hydraURL = cfg.baseURL; dbi = "dbi:Pg:dbname=hydra;user=hydra;"; useSubstitutes = true; - notificationSender = "hydra@kusanari.network"; + notificationSender = "hydra@kanata.network"; listenHost = "localhost"; port = 4004; diff --git a/modules/services/invidious.nix b/modules/services/invidious.nix index 949f2c7..8952cda 100644 --- a/modules/services/invidious.nix +++ b/modules/services/invidious.nix @@ -27,6 +27,7 @@ in database.createLocally = true; http3-ytproxy.enable = true; + sig-helper.enable = true; settings = { db.user = "indivious"; diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix new file mode 100644 index 0000000..1936a54 --- /dev/null +++ b/modules/services/jellyfin.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.modules.services.jellyfin; +in +{ + options.modules.services.jellyfin = { + enable = mkEnableOption ""; + + dataDir = mkOption { type = types.str; }; + }; + + config = mkIf cfg.enable { + services.jellyfin = { + enable = true; + + dataDir = cfg.dataDir; + }; + + environment.systemPackages = with pkgs; [ + jellyfin-web + jellyfin-ffmpeg + ]; + }; +} diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 70b08e6..9a472a8 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -36,7 +36,7 @@ in services.nextcloud = { enable = true; - package = pkgs.nextcloud29; + package = pkgs.nextcloud30; database.createLocally = true; hostName = cfg.realHost; diff --git a/modules/tailscale-initrd.nix b/modules/tailscale-initrd.nix index 4429d60..21bbd53 100644 --- a/modules/tailscale-initrd.nix +++ b/modules/tailscale-initrd.nix @@ -83,7 +83,7 @@ extraUtilsCommands = '' copy_bin_and_libs ${pkgs.tailscale}/bin/tailscaled copy_bin_and_libs ${pkgs.tailscale}/bin/tailscale - copy_bin_and_libs ${pkgs.iproute}/bin/ip + copy_bin_and_libs ${pkgs.iproute2}/bin/ip copy_bin_and_libs ${iptables-static}/bin/iptables copy_bin_and_libs ${iptables-static}/bin/xtables-legacy-multi diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index f0fbf27..2098d1b 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -16,7 +16,8 @@ sudo.wheelNeedsPassword = false; }; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + # Use latest LTS kernel (https://github.com/NixOS/nixpkgs/pull/341596) + boot.kernelPackages = pkgs.linuxPackages; boot.kernelParams = [ # "nohibernate" "console=tty1" @@ -33,24 +34,16 @@ boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS - # GRUB bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - - efiSupport = true; - configurationLimit = 10; - device = "nodev"; - useOSProber = true; - copyKernels = true; - extraEntries = '' - menuentry "Reboot" { - reboot - } - menuentry "Shutdown" { - halt - } - ''; + boot.loader.systemd-boot = { + # Managed by lanzaboote + enable = false; + editor = false; + configurationLimit = 16; + # TODO: https://github.com/NixOS/nixpkgs/pull/334526 + # bootCounting.enable = true; + # bootCounting.tries = 3; + # bootCounting.enable = true; + # bootCounting.tries = 3; }; boot.initrd.postDeviceCommands = lib.mkAfter '' @@ -115,17 +108,25 @@ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; + + modules = { + secure-boot.enable = true; + + persistence = { + enable = true; + storagePath = "/persist"; + setupSshHostKeys = true; + + directories = [ + "/etc/NetworkManager/system-connections" + "/var/lib/nixos" + "/var/lib/bluetooth" + "/var/lib/tailscale" + "/var/lib/libvirt" + "/etc/cups" + ]; + }; + }; sops.secrets.borg-alpha-rolling-pass = { }; services.borgbackup.jobs.alpha-rolling = { @@ -138,6 +139,7 @@ # Ephemeral user files "**/.cache" "**/.nix-profile" + "**/.config" # Rust build files "**/target" # Large, non-essential files @@ -175,8 +177,6 @@ services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; - sound.enable = true; - services.pipewire = { enable = true; @@ -208,14 +208,6 @@ services.avahi.enable = true; services.avahi.nssmdns4 = true; - environment.persistence."/persist".directories = [ - "/etc/NetworkManager/system-connections" - "/var/lib/bluetooth" - "/var/lib/tailscale" - "/var/lib/libvirt" - "/etc/cups" - ]; - services.pcscd.enable = true; programs.dconf.enable = true; @@ -284,7 +276,8 @@ fontDir.enable = true; packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) + nerd-fonts.iosevka + nerd-fonts.jetbrains-mono cozette dina-font emacs-all-the-icons-fonts @@ -342,16 +335,16 @@ remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; - nixpkgs.allowedUnfree = [ "steam" "steam-original" "steam-run" "brgenml1lpr" ]; + nixpkgs.allowedUnfree = [ "steam" "steam-unwrapped" "brgenml1lpr" ]; + + madness.enable = true; environment.sessionVariables = { WLR_NO_HARDWARE_CURSORS = "1"; # Prevent cursors disappearing on nouveau }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; @@ -367,8 +360,6 @@ users.mutableUsers = false; - fileSystems."/persist".neededForBoot = true; - users.users = { root.hashedPasswordFile = config.sops.secrets.root-password.path; sefidel = { diff --git a/nixos/alpha/hardware-configuration.nix b/nixos/alpha/hardware-configuration.nix index 5ec5d86..8c40065 100644 --- a/nixos/alpha/hardware-configuration.nix +++ b/nixos/alpha/hardware-configuration.nix @@ -21,6 +21,7 @@ fileSystems."/boot" = { device = "/dev/disk/by-uuid/12CE-A600"; fsType = "vfat"; + options = [ "umask=0077" ]; }; fileSystems."/nix" = diff --git a/nixos/default.nix b/nixos/default.nix index 599ba75..22593b5 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -6,8 +6,7 @@ nixpkgs = unstable; extraModules = [ inputs.sops-nix.nixosModules.sops - inputs.impermanence.nixosModules.impermanence - inputs.attic.nixosModules.atticd + inputs.madness-ld.nixosModules.madness ]; }; @@ -16,8 +15,6 @@ nixpkgs = unstable; extraModules = [ inputs.sops-nix.nixosModules.sops - inputs.impermanence.nixosModules.impermanence - inputs.attic.nixosModules.atticd ]; }; @@ -26,8 +23,6 @@ nixpkgs = unstable; extraModules = [ inputs.sops-nix.nixosModules.sops - inputs.impermanence.nixosModules.impermanence - inputs.attic.nixosModules.atticd ]; overlays = [ (final: prev: { diff --git a/nixos/haruka/configuration.nix b/nixos/haruka/configuration.nix index a36d8b3..f7c0ce4 100644 --- a/nixos/haruka/configuration.nix +++ b/nixos/haruka/configuration.nix @@ -16,7 +16,8 @@ sudo.wheelNeedsPassword = false; }; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + # Use latest LTS kernel (https://github.com/NixOS/nixpkgs/pull/341596) + boot.kernelPackages = pkgs.linuxPackages; boot.kernelParams = [ "console=tty1" "i915.fastboot=1" @@ -36,27 +37,14 @@ boot.zfs.forceImportAll = false; boot.zfs.allowHibernation = true; # NOTE: disable if using swap on ZFS - # GRUB bootloader - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.grub = { - enable = true; - - efiSupport = true; - configurationLimit = 10; - device = "nodev"; - useOSProber = true; - copyKernels = true; - gfxmodeEfi = "1920x1200"; - fontSize = 32; - - extraEntries = '' - menuentry "Reboot" { - reboot - } - menuentry "Shutdown" { - halt - } - ''; + boot.loader.systemd-boot = { + # Managed by lanzaboote + enable = false; + editor = false; + configurationLimit = 16; + # TODO: https://github.com/NixOS/nixpkgs/pull/334526 + # bootCounting.enable = true; + # bootCounting.tries = 3; }; # Erase your darlings. @@ -126,17 +114,25 @@ services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; + + modules = { + secure-boot.enable = true; + + persistence = { + enable = true; + storagePath = "/persist"; + setupSshHostKeys = true; + + directories = [ + "/etc/NetworkManager/system-connections" + "/etc/cups" + "/var/lib/nixos" + "/var/lib/fprint" + "/var/lib/bluetooth" + "/var/lib/tailscale" + ]; + }; + }; sops.secrets.borg-haruka-rolling-pass = { }; services.borgbackup.jobs.haruka-rolling = { @@ -149,6 +145,7 @@ # Ephemeral user files "**/.cache" "**/.nix-profile" + "**/.config" # Rust build files "**/target" ]; @@ -184,8 +181,6 @@ services.openssh.knownHosts."hk-s020.rsync.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcPl9x9JfRFwsn09NnDw/xBZbAN80ZQck+h6AqlVqPH"; - sound.enable = true; - services.pipewire = { enable = true; @@ -223,14 +218,6 @@ services.avahi.enable = true; services.avahi.nssmdns4 = true; - environment.persistence."/persist".directories = [ - "/etc/NetworkManager/system-connections" - "/etc/cups" - "/var/lib/fprint" - "/var/lib/bluetooth" - "/var/lib/tailscale" - ]; - services.pcscd.enable = true; programs.dconf.enable = true; @@ -297,8 +284,11 @@ fontDir.enable = true; packages = with pkgs; [ - (nerdfonts.override { fonts = [ "Iosevka" "JetBrainsMono" ]; }) + nerd-fonts.iosevka + nerd-fonts.iosevka-term + nerd-fonts.jetbrains-mono emacs-all-the-icons-fonts + iosevka jetbrains-mono nanum profont @@ -349,10 +339,8 @@ zsh.enableCompletion = true; }; - hardware.opengl.enable = true; - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ]; xdg.portal = { enable = true; @@ -368,8 +356,6 @@ users.mutableUsers = false; - fileSystems."/persist".neededForBoot = true; - users.users = { root.hashedPasswordFile = config.sops.secrets.root-password.path; sefidel = { diff --git a/nixos/haruka/hardware-configuration.nix b/nixos/haruka/hardware-configuration.nix index 06a342f..6820226 100644 --- a/nixos/haruka/hardware-configuration.nix +++ b/nixos/haruka/hardware-configuration.nix @@ -24,6 +24,7 @@ { device = "/dev/disk/by-uuid/5382-69DE"; fsType = "vfat"; + options = [ "umask=0077" ]; }; fileSystems."/nix" = diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix index a5ed1be..c0120bb 100644 --- a/nixos/kanata/configuration.nix +++ b/nixos/kanata/configuration.nix @@ -62,7 +62,7 @@ in modules.tailscale-initrd = { enable = true; - # XXX: This has to be manually generatd during NixOS install. + # XXX: This has to be manually generated during NixOS install. # The files are then copied to initrd secrets during activation. tailscaleStatePath = "/persist/initrd/tailscale-initrd.state"; }; @@ -70,22 +70,6 @@ in services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = maintainerKeys; - # NOTE: managed by modules.persistence - # TODO: remove? - # fileSystems."/persist".neededForBoot = true; - # - # services.openssh.hostKeys = [ - # { - # path = "/persist/ssh/ssh_host_ed25519_key"; - # type = "ed25519"; - # } - # { - # path = "/persist/ssh/ssh_host_rsa_key"; - # type = "rsa"; - # bits = 4096; - # } - # ]; - sops.defaultSopsFile = ./secrets/secrets.yaml; powerManagement.cpuFreqGovernor = "ondemand"; @@ -94,7 +78,7 @@ in sops.secrets.nextcloud-admin-pass = { owner = "nextcloud"; }; sops.secrets.acme-credentials = { owner = "acme"; }; sops.secrets.grafana-admin-pass = { owner = "grafana"; }; - sops.secrets.cf-kusanari-kanata-credentials = { owner = "cloudflared"; }; + sops.secrets.cf-kanata-credentials = { owner = "cloudflared"; }; sops.secrets.nitter-account-jsonl = { }; # sops.secrets.interlink-private-key = { }; sops.secrets.interlink-wg-config = { }; @@ -118,6 +102,46 @@ in enableIPv6 = true; }; + services.nscd = { + enable = true; + config = '' + # We basically use nscd as a proxy for forwarding nss requests to appropriate + # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory + # containing all such modules + # Note that we can not use `enable-cache no` As this will actually cause nscd + # to just reject the nss requests it receives, which then causes glibc to + # fallback to trying to handle the request by itself. Which won't work as glibc + # is not aware of the path in which the nss modules live. As a workaround, we + # have `enable-cache yes` with an explicit ttl of 0 + server-user nscd + + enable-cache passwd yes + positive-time-to-live passwd 0 + negative-time-to-live passwd 0 + shared passwd yes + + enable-cache group yes + positive-time-to-live group 0 + negative-time-to-live group 0 + shared group yes + + enable-cache netgroup yes + positive-time-to-live netgroup 0 + negative-time-to-live netgroup 0 + shared netgroup yes + + enable-cache hosts yes + positive-time-to-live hosts 3600 # Invidious spams DNS queries to PubSubHubBub + negative-time-to-live hosts 0 + shared hosts yes + + enable-cache services yes + positive-time-to-live services 0 + negative-time-to-live services 0 + shared services yes + ''; + }; + services.tailscale = { enable = true; useRoutingFeatures = "both"; @@ -136,6 +160,7 @@ in networking.firewall.allowedTCPPorts = [ 80 443 ]; modules = { persistence.directories = [ + "/var/lib/nixos" "/var/lib/tailscale" "/var/lib/nixos-containers" ]; @@ -143,6 +168,7 @@ in persistence = { enable = true; storagePath = "/persist"; + setupSshHostKeys = true; }; # NOTE: This module only populates route entries, @@ -151,18 +177,18 @@ in enable = true; routes = { - "dns.kusanari.network".to = "http://localhost:4000"; - "metrics.kusanari.network".to = "http://localhost:4001"; - "nitter.kusanari.network".to = "http://localhost:4002"; - "invidious.kusanari.network".to = "http://localhost:4003"; - "hydra.kusanari.network".to = "http://localhost:4004"; - "cache.kusanari.network".to = "http://localhost:4005"; - "torrent.kusanari.network".to = "http://localhost:4006"; - "paperless.kusanari.network".to = "http://localhost:4007"; - "change.labs.kusanari.network".to = "http://localhost:4901"; + "dns.kanata.network".to = "http://localhost:4000"; + "metrics.kanata.network".to = "http://localhost:4001"; + "nitter.kanata.network".to = "http://localhost:4002"; + "invidious.kanata.network".to = "http://localhost:4003"; + "hydra.kanata.network".to = "http://localhost:4004"; + "cache.kanata.network".to = "http://localhost:4005"; + "torrent.kanata.network".to = "http://localhost:4006"; + "paperless.kanata.network".to = "http://localhost:4007"; + "jellyfin.kanata.network".to = "http://localhost:8096"; # Nginx pre-configured routes - "nextcloud.kusanari.network" = { + "nextcloud.kanata.network" = { to = "http://localhost:80"; configureNginx = false; }; @@ -170,13 +196,13 @@ in ssl = { enable = true; - acmeHost = "kusanari.network"; + acmeHost = "kanata.network"; }; tailscaleIp = "100.93.1.1"; - # kusanari-kanata @ core + # kanata @ core cloudflareUUID = "bf6dcc14-d315-41c7-b798-3fe0e0e968eb"; - secrets.cloudflare-credentials = config.sops.secrets.cf-kusanari-kanata-credentials.path; + secrets.cloudflare-credentials = config.sops.secrets.cf-kanata-credentials.path; }; services.nginx.enable = true; @@ -186,7 +212,7 @@ in email = poorObfuscation "sefidel.net" "postmaster"; certs = { - "kusanari.network" = { + "kanata.network" = { subDomains = [ "*.labs" "cache" @@ -208,7 +234,7 @@ in services.metrics = { enable = true; - realHost = "metrics.kusanari.network"; + realHost = "metrics.kanata.network"; secrets.adminPassword = config.sops.secrets.grafana-admin-pass.path; }; @@ -217,7 +243,7 @@ in services.blocky = { enable = true; - realHost = "dns.kusanari.network"; + realHost = "dns.kanata.network"; }; services.nextcloud = rec { @@ -228,40 +254,40 @@ in acmeHost = domain; }; - domain = "kusanari.network"; - realHost = "nextcloud.kusanari.network"; + domain = "kanata.network"; + realHost = "nextcloud.kanata.network"; secrets.admin-pass = config.sops.secrets.nextcloud-admin-pass.path; }; services.nitter = { enable = true; - title = "Kusanari Nitter"; + title = "Kanata Nitter"; - domain = "kusanari.network"; - realHost = "nitter.kusanari.network"; + domain = "kanata.network"; + realHost = "nitter.kanata.network"; secrets.nitter-guest-accounts = config.sops.secrets.nitter-account-jsonl.path; }; services.invidious = { enable = true; - domain = "kusanari.network"; - realHost = "invidious.kusanari.network"; + domain = "kanata.network"; + realHost = "invidious.kanata.network"; secrets.invidious-hmac-key = config.sops.secrets.invidious-hmac.path; }; services.hydra = { enable = true; - baseURL = "https://hydra.kusanari.network"; + baseURL = "https://hydra.kanata.network"; }; services.atticd = { enable = true; - hosts = [ "cache.kusanari.network" ]; - baseURL = "https://cache.kusanari.network/"; + hosts = [ "cache.kanata.network" ]; + baseURL = "https://cache.kanata.network/"; storagePath = "/smol/archive/attic"; @@ -280,33 +306,17 @@ in services.paperless = { enable = true; - realHost = "paperless.kusanari.network"; + realHost = "paperless.kanata.network"; secrets.paperless-superuser-password = config.sops.secrets.paperless-superuser-password.path; }; - }; - - services.changedetection-io = { - enable = true; - - listenAddress = "localhost"; - port = 4901; + services.jellyfin = { + enable = true; - baseURL = "https://change.labs.kusanari.network"; - behindProxy = true; - webDriverSupport = true; + dataDir = "/smol/moon/jellyfin"; + }; }; - services.nginx.virtualHosts."change.labs.kusanari.network".locations."/" = { - proxyWebsockets = true; - extraConfig = '' - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Referer "https://change.labs.kusanari.network"; - ''; - }; + users.groups.media.members = [ "jellyfin" "nextcloud" ]; containers.v-interlink = { autoStart = true; diff --git a/nixos/kanata/secrets/secrets.yaml b/nixos/kanata/secrets/secrets.yaml index a32a80f..277ddd9 100644 --- a/nixos/kanata/secrets/secrets.yaml +++ b/nixos/kanata/secrets/secrets.yaml @@ -4,12 +4,12 @@ initrd-ts-state: ENC[AES256_GCM,data:8xftKiXfuaWB4XxvP9LBAmFTbX1VbGJix6SqkIbDliU zfs-smol-key: ENC[AES256_GCM,data:M6JUsFoAvt2nqI/9bVq0slhrcQE8sGgC3s0x,iv:hZK99Veh+oMhxxA9BbBe7OBisjhF00baAb1JQ7yfMaA=,tag:30GjpPzIpgw5htoK1BcmUg==,type:str] nextcloud-admin-pass: ENC[AES256_GCM,data:Lvk/j/3fissx6Kyccp9q2gi7ahbd+pR7jFXnx5OL0JRG,iv:Y0GI/z4pFW98Ll6xpuENr+fTrm7JoE9KadDKx2O4WLI=,tag:ofln+SgrhJm8BpKnVSngoQ==,type:str] grafana-admin-pass: ENC[AES256_GCM,data:waHiV4NyatwQrvRkws8FQut49/ryh9srNSshUbvm,iv:XvU06AqljDsUk9smAak/4OCursX6U/SckPc92AkSTWk=,tag:xBcELmTUUs0mzOY+oiqidA==,type:str] -cf-kusanari-kanata-credentials: ENC[AES256_GCM,data:whwnxMT9JS3iDHbGTk2FoeDBiug26JoRWlyA3sOij861PVJZBEvQJubXD2E5hSwJhyoMIUpb8wgnvB/6GhznouwWfsNh7I39wcaxvHArTNkW+LXrAu8m7ra5dtSUHhPUQifLNYB/TsKHsB+TMhc5IMD6hAHs4uraZHmF1cej8PufTDKDLHjwVwDDJSP1ujQaUrRUvp4NUc8ImVCwnG0PYCVv,iv:umi4Yj11E6+BriksGLzvm+YW7NuARmRtvHz2cixILQA=,tag:+LQs2veOW0CmSKCUNtd9KA==,type:str] +cf-kanata-credentials: ENC[AES256_GCM,data:zOKmtTXbmkFD8QOY2dO3pIhru3+2N5DqP+CQUPdiW5guXCzxBUI9ueosoT7qbmm9Ks1KlJ372Ah5riKHT4x2qUg642bnDrjbx4IvKZgenvLsf6XIEFKuV6XKfp6XI6cMoOGF6J/HGv0s/my9jBMAWMNgLC8ilQXH8L3BzjRANJpkzrak6oEMbarTIdwsZoBOD7xDnt4nDerAANsfaYEzt2YU,iv:imseTCuMGUSR9WkDHGlUmjdqOKGBigAEX3ClckIYa9U=,tag:0of2EZxi1QWejfK8s4x7mw==,type:str] nitter-account-jsonl: ENC[AES256_GCM,data:a7nSbFcG+E5xXnY4moLAu1ULujjZ8czGGLQNqaLZtFISG5Fc/0mMwRxKdArp9pwdUrteSUWzoKlkeTfsHsoS4TmPMuna/nLKSjBV1bvPdOuBEIi6IP9o6zb9izUvcwTAcMiWPjeRYNyLy5p9tvdIQ0MmRmd5UW9WUILLs7r5dmIK/ssNgYf89jJsdhBRpzOmjOtBbzn2uTA6+3s7ldswSWhAP94654Hrbg1IKxvefAgAqm+/2aNvY1Jxh71bNlWH+/WNBtH7pC24NeNWjiNHKzGhix2UecmcQ5/CEo8DBa6mg4gpe9i+VxzHhl3NJoFrfuicFT2ebTEjv8p7ZXLF3ZRgscXXb9YJ5CjmVILiUh/yYqM2jzSLbGHKIetlNFlmNkAYXN3j+A4w4Jiu4lVA3jwFPVxk92pSHi7hhib5gP3P20Zfbr89zk9tGIBQVDWo4p1LrwumH6aCq+XaIPAHOspFheIteZUJ1q0V2vylrBfkrj+ISDQ94aWgSKC74dynGL4joH4DJ2g6xSh26FMNlvBR7Mwg1PpfmJKx0I3iROoEc3RCPdxaoPiJNL7gpRlHV2a5H+ZCgpuWxcQ=,iv:joZcbUidniBqGu9Lkg6wd+mBdmgU/inbPEOlXewU5U4=,tag:y8Uv4zxuTAsTKB+OB4S6Xw==,type:str] acme-credentials: ENC[AES256_GCM,data:6SIuFH3sRcz/Z855br7VgFKEEA1crztKmhVd3chK7ERJpfG9pTxxX0mAxG3aK5OhXwZpDMp0YkxtEphdkb5m0ZU=,iv:bUMtK0SvtrNwlhuY1k0dNVIOcJgM1OLjmbl+X+Zj01E=,tag:x6kdGrSsImZlpHrPnEAmXA==,type:str] invidious-hmac: ENC[AES256_GCM,data:uIw4aQm6oYd5heSxrJnt6Nvc+fTPLMSEDtDyZ/ayogl6qx/gPg==,iv:8AVzwO9peE0UC70nLxBxHKzTcitrzvBvy120fdQD1+c=,tag:rr7MOqgOFFxXN8W+9MKvLg==,type:str] #ENC[AES256_GCM,data:c0B2RqGRFmyxyz93TCWL5wMTYiFmnvWU9aQwZszQ137fhL7bQdENPLWQkoiWyW6o3GXTyuL2bni1VnO4eD5idWzt7dw=,iv:147La8vNPRLMnK992cQD1NmQgbDrDBLwSPEX4haeIS4=,tag:hmGGslH4O9dlTSoDTWIdIg==,type:comment] -interlink-wg-config: ENC[AES256_GCM,data:zT0yr7O4JhpmnI5++cK7aJEKkLM9rxcWGyvwJ7Q4ZR6wWLe0LnNIzEpjjMAvh/If4NYOU8qpVOUgxaREij3hIhJ1QzyAb/nF80msZWDmmMvtVLZmC1wNw+p88UKrPwRBbLIwVbwCyWJtIdnZTHzscktfSY+mC/mB8fESh8XpRXH7YW/W1+nyrSQCmJ3LGopHBukqJstLunu7qW34xZ5k37/TKToyqW4JLUxamrPsBycR1ZnfTvIHluOvXhQLOleBEJN+GyduRqPV7tAajbMZAlyZa5Y6mGVA0kcba3GpuiV4uQjFJcSiYLa2JztWSbsWFJBl1YPXdsWzWOrQ,iv:iiye6Zb2OlctZFFuRbJ7RiXW0k400/DmWDlh5SXgp+Q=,tag:qa3BedClEOaSyst+xjPe4Q==,type:str] +interlink-wg-config: ENC[AES256_GCM,data:vao5c0rUCjjd+c2bqqpk7VQZ28yWmAEpBp9sXyh1IRE2MeoWNj0m+e4EbqmEFVKfRbOFgkj5Ek5dAKs7UEb2NMxNYh+s/3cDj8i0cls7fRyb02ctMEVQN2hgArOwG4MdFHPn8BDhyChnAo+FkSS7q8p3AOLehB2jrQg+tzY31l3d01Cfcqswh1wJ8p4eSevvmx5PwNeH7fh35HOh5qzcJFrHkr+eUnKWXyF3zKiKAf/KM5cfz/3WVg4omRjrQCWRHjXrCHh53a7QGlYy1V4KFjzJGriywicGsbvLrnR5Fr2AZCK781NWO/Vxf2PiFzsLHpJ4wTmfkUKNrWDu,iv:iJNc+HrCKs6fUtMkSZ8HZJQE0+GXzxZBIAWFO13DseY=,tag:wUww5nKO+h21HAor+UUIAg==,type:str] proton-private-key: ENC[AES256_GCM,data:OnZGYf/203XOLXyDRIqrRKwLe0cN2c0RF+CkwwNtttP+ACD3AJCY0rNgKoc=,iv:IWFF95Z3r+OuSu+GfJWJjwRv5b9KZSKGMuxSnkRGqlg=,tag:QvDBvSzzGxwawhaio47MEQ==,type:str] attic-credentials: ENC[AES256_GCM,data:S25D1E4kTp2Nre1uu1WWVV1jrEpQtPz5+5XQ/W0pr0CF5pFm0UEyGn2XdJKQzyM5CYSCo581JeJNMtTKIwEKm8lYY9X5e8Jgwe2o5f5YRwmHSfvK1UAJoUdM7Q0FaAcVTU3bNis1dClqDvB0QbNjF1xsYCKCgZRe8TSenmJgPjA=,iv:m+UzkoVsEfUtKIYaGZIej4efhVuWN4EKCqMamlQwWaI=,tag:vBPq0JkRDbKmyw9qLbh1gg==,type:str] transmission-extra-config: ENC[AES256_GCM,data:lyZ8Nkjp0Mjm4HFDqRN1G6iyBksHT6dKKQDSO8Br1DpXxKLDBclQ4L2F1FqQJ3OB/7o4EqWFX8J1ZjVYDCQkQnhr6v13glvFciICQ99hPsypUS349936vDCgEF/WP0RAHOsaRq81JnMDegZvEg==,iv:bfN2oEfQ3uk4i6hwHp2ZdYCf3l7Kb0EoXSEGyOSB8CM=,tag:fZkMayEJiXzifTCiVLJq6w==,type:str] @@ -38,8 +38,8 @@ sops: YkRGS2ZBbm1keWpUQUFOWDRtTWZVa0EKc+lKEP0L/yoFLx6p1zbWfifPWc7Y9Qqh qccODSyHqzwdriHLxXuw9SCnF+SeA721te6+pDVhJj8vqv2UqHiATw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-05T15:01:25Z" - mac: ENC[AES256_GCM,data:ndnsAuHSyQSGx0G2YzECaZhGDvVbbXDbSWLdh1r2Vy6beVeX/e6JP7AxnIRfhipKfJLlhOA1rtbCOiwpq4FubozXDJOviI0oLZWU4ZDSCgWHKsUVoMdC3gqw87Qhts77PfDqdYVgglAr2/n6AzhY8NVkjuMWu4iDiD9yfb+bJ5o=,iv:J32wZYk6yiEgJBWrs6QTjM/EY6XqRfu/BkhiP9PxAWQ=,tag:eL3mcerITq55qYlxF5JhEw==,type:str] + lastmodified: "2024-12-08T16:00:13Z" + mac: ENC[AES256_GCM,data:6SjNDZWaGYObqWM9UXlxPEwbSdu74Ih21sYcUnqVDttznMtCTbsJ154bhNQXSK4LhKnfocp0IpO9Ft5ZLS4cEXJ6XqWeZKqTl+b14Y0Pw6xEq7330DxbDxwMSwk+0IEn0Xo3vMy6MisSgcOsm9R5E61vjNfWFH6EKTjE0MefbbQ=,iv:KvYvDo9GM+qimRjmE6NcGAoGfp8w+I+1YCI4gwrq9eI=,tag:96oHidSwuJdC8+HVNtD+zA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 |