diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..d0eb512 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "nixEnvSelector.nixFile": "${workspaceRoot}/shell.nix" +} diff --git a/nix/default.nix b/nix/default.nix index af2ccdc..888a4e9 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -8,16 +8,17 @@ inherit name; inherit (channelVersion) url ref rev; }; - nixPath = builtins.concatStringsSep ":" (builtins.map (elemName: let - elem = builtins.getAttr elemName channelVersions; - elemPath = mkChannelSource elemName; - suffix = - if builtins.hasAttr "suffix" elem - then elem.suffix - else ""; - in - builtins.concatStringsSep "=" [elemName elemPath] + suffix) - (builtins.attrNames channelVersions)); + nixPath = builtins.concatStringsSep ":" (builtins.map + (elemName: let + elem = builtins.getAttr elemName channelVersions; + elemPath = mkChannelSource elemName; + suffix = + if builtins.hasAttr "suffix" elem + then elem.suffix + else ""; + in + builtins.concatStringsSep "=" [elemName elemPath] + suffix) + (builtins.attrNames channelVersions)); pkgs = import (mkChannelSource "nixpkgs") {}; in { inherit nixPath; diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 885689f..03666ab 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -107,10 +107,12 @@ in aspellDicts.de skypeforlinux unstablepkgs.jitsi-meet-electron - unstablepkgs.zoom-us thunderbird evolution # gnome4.glib_networking kotatogram-desktop + zoom-us + thunderbird + evolution # gnome4.glib_networking gnome.cheese masterpkgs.discord diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 5df046f..2d08388 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -7,10 +7,15 @@ in { nixpkgs.overlays = builtins.attrValues (import ../../overlays); nixpkgs.config = { - allowBroken = true; + allowBroken = false; allowUnfree = true; + + permittedInsecurePackages = []; }; + nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"]; + nix.settings.sandbox = "relaxed"; + home.keyboard = { layout = "us"; variant = "altgr-intl"; @@ -48,4 +53,6 @@ in { ripgrep du-dust ]); + + home.stateVersion = "22.05"; } diff --git a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix index 564d476..84d629f 100644 --- a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix +++ b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix @@ -5,7 +5,8 @@ ... }: let repoBareLocal = - pkgs.runCommand "fetchbare" { + pkgs.runCommand "fetchbare" + { outputHashMode = "recursive"; outputHashAlgo = "sha256"; outputHash = "0000000000000000000000000000000000000000000000000000"; diff --git a/nix/home-manager/profiles/qtile-desktop.nix b/nix/home-manager/profiles/qtile-desktop.nix index 98e7042..6cc9b1f 100644 --- a/nix/home-manager/profiles/qtile-desktop.nix +++ b/nix/home-manager/profiles/qtile-desktop.nix @@ -1,4 +1,6 @@ {pkgs, ...}: let + passwords = import ../../variables/passwords.crypt.nix; + inherit (import ../lib.nix {}) mkSimpleTrayService; audio = pkgs.writeShellScript "audio" '' @@ -208,9 +210,9 @@ widget.WindowName(), widget.Prompt(), widget.CPUGraph(), - widget.ThermalSensor(), + widget.ThermalSensor(tag_sensor = "CPU"), widget.Memory(), - widget.Net(interface='eth0'), + # widget.Net(interface='eth0'), widget.Net(interface='wlan0'), widget.Clock(format='%Y-%m-%d %a %I:%M %p'), ] @@ -253,6 +255,8 @@ in { services = {}; }; + # systemd.user.sockets.gpg-agent.Socket.Accept = true; + services = { gnome-keyring.enable = true; blueman-applet.enable = true; @@ -270,14 +274,16 @@ in { grabKeyboardAndMouse = true; pinentryFlavor = "gtk2"; extraConfig = ""; + + defaultCacheTtl = 0; + maxCacheTtl = 0; }; flameshot.enable = true; pasystray.enable = true; cbatticon.enable = true; redshift = { enable = true; - longitude = "9.1698"; - latitude = "47.6691"; + inherit (passwords.location.stefan) longitude latitude; temperature = { day = 6700; night = 3700; diff --git a/nix/home-manager/programs/vscode/default.nix b/nix/home-manager/programs/vscode/default.nix index 9e27a30..71996cd 100644 --- a/nix/home-manager/programs/vscode/default.nix +++ b/nix/home-manager/programs/vscode/default.nix @@ -469,7 +469,7 @@ in { ; }; - home.packages = [pkgs.nixpkgs-fmt]; + home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra]; } # TODO: automate # rustup install stable diff --git a/nix/os/devices/steveej-t14/boot.nix b/nix/os/devices/steveej-t14/boot.nix index f6b8c57..c48bdc6 100644 --- a/nix/os/devices/steveej-t14/boot.nix +++ b/nix/os/devices/steveej-t14/boot.nix @@ -6,4 +6,9 @@ boot.loader.grub.efiInstallAsRemovable = lib.mkForce true; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; + + # boot.tmpOnTmpfs = lib.mkForce false; + boot.tmpOnTmpfsSize = "100%"; + # TODO: make this work + # systemd.tmpfiles.rules = lib.mkForce [ "d /tmp 1777 root root 1d" ]; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 11bf117..fcfdb17 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -5,6 +5,7 @@ ... }: let keys = import ../../../variables/keys.nix; + passwords = import ../../../variables/passwords.crypt.nix; in { nix = { binaryCaches = ["https://holochain-ci.cachix.org" "https://cache.holo.host/"]; @@ -13,6 +14,9 @@ in { "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE=" "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ=" ]; + + settings.extra-experimental-features = ["impure-derivations"]; + settings.system-features = ["recursive-nix"]; }; # TASK: new device @@ -78,5 +82,7 @@ in { Option "OffTime" "0" ''; + time.timeZone = lib.mkForce passwords.timeZone.stefan; + hardware.ledger.enable = true; } diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index 04e5489..e284b53 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -11,4 +11,6 @@ in { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; }; + + nix.settings.trusted-users = ["steveej"]; } diff --git a/nix/os/devices/steveej-t14/versions.nix b/nix/os/devices/steveej-t14/versions.nix index 89c4552..e8417f5 100644 --- a/nix/os/devices/steveej-t14/versions.nix +++ b/nix/os/devices/steveej-t14/versions.nix @@ -1,9 +1,9 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; + ref = "nixos-22.11"; rev = '' - c5091eec689acc45d4d818109236da31d3685ca2''; + 0218941ea68b4c625533bead7bbb94ccce52dceb''; }; in { inherit nixpkgs; @@ -13,24 +13,24 @@ in { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; rev = '' - 5f588eb4a958f1a526ed8da02d6ea1bea0047b9f''; + 2caf4ef5005ecc68141ecb4aac271079f7371c44''; }; "channels-nixos-unstable-small" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable-small"; rev = '' - fc07622617a373a742ed96d4dd536849d4bc1ec6''; + e7c66e1d78fdc7da61dc04ca0f94a8d59b034d5a''; }; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; rev = '' - b8e83fd7e16529ee331313993508c3bf918f1d57''; + 3efe76e8efa1c2ac1f8f766ce1812a40a7861878''; }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; + ref = "release-22.11"; rev = '' - 6639e3a837fc5deb6f99554072789724997bc8e5''; + 65c47ced082e3353113614f77b1bc18822dc731f''; }; } diff --git a/nix/os/devices/steveej-t14/versions.tmpl.nix b/nix/os/devices/steveej-t14/versions.tmpl.nix index 4640c3c..a0fa34a 100644 --- a/nix/os/devices/steveej-t14/versions.tmpl.nix +++ b/nix/os/devices/steveej-t14/versions.tmpl.nix @@ -1,9 +1,9 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; + ref = "nixos-22.11"; rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; in { @@ -33,9 +33,9 @@ in { }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; + ref = "release-22.11"; rev = '' - <% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; } diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 16493cf..72c7a7f 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -21,7 +21,6 @@ nix.maxJobs = lib.mkDefault "auto"; nix.buildCores = lib.mkDefault 0; nix.useSandbox = true; - nix.package = pkgs.nixUnstable; environment.etc."lvm/lvm.conf".text = '' devices { @@ -37,7 +36,7 @@ console.font = "lat9w-16"; i18n = {defaultLocale = "en_US.UTF-8";}; - time.timeZone = "Europe/Berlin"; + time.timeZone = "Etc/UTC"; services.gpm.enable = true; services.packagekit.enable = true; diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index 8c3f28d..959d466 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -50,7 +50,8 @@ in rec { }; php5 = (pkgs.callPackage - "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" { + "${nixpkgsWithPhp5}/pkgs/development/interpreters/php/default.nix" + { config = pkgs.lib.attrsets.recursiveUpdate pkgs.config { php = { imap = false; diff --git a/nix/pkgs/staruml.nix b/nix/pkgs/staruml.nix index 958adc5..a0e9d90 100644 --- a/nix/pkgs/staruml.nix +++ b/nix/pkgs/staruml.nix @@ -37,7 +37,8 @@ in src = if stdenv.system == "i686-linux" then - fetchurl { + fetchurl + { url = "http://staruml.io/download/release/v${version}/StarUML-v${version}-32-bit.deb"; sha256 = "0vb3k9m3l6pmsid4shlk0xdjsriq3gxzm8q7l04didsppg0vvq1n"; } diff --git a/nix/sources.nix b/nix/sources.nix index cddde5c..87a7093 100644 --- a/nix/sources.nix +++ b/nix/sources.nix @@ -8,7 +8,8 @@ let in if spec.builtin or true then - builtins_fetchurl { + builtins_fetchurl + { inherit (spec) url sha256; name = name'; } @@ -23,7 +24,8 @@ let in if spec.builtin or true then - builtins_fetchTarball { + builtins_fetchTarball + { name = name'; inherit (spec) url sha256; } @@ -54,9 +56,11 @@ let emptyArgWithWarning = if submodules == true then - builtins.trace (''The niv input "${name}" uses submodules '' + builtins.trace + (''The niv input "${name}" uses submodules '' + "but your nix's (${builtins.nixVersion}) builtins.fetchGit " - + "does not support them") {} + + "does not support them") + {} else {}; in if nixSupportsSubmodules @@ -100,7 +104,8 @@ let mkPkgs = sources: system: let sourcesNixpkgs = import - (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) { + (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) + { inherit system; }; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; @@ -220,7 +225,8 @@ let # Create the final "sources" from the config mkSources = config: - mapAttrs (name: spec: + mapAttrs + (name: spec: if builtins.hasAttr "outPath" spec then abort diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix index 3f4d752..24c3d5e 100644 Binary files a/nix/variables/passwords.crypt.nix and b/nix/variables/passwords.crypt.nix differ diff --git a/nix/variables/versions.nix b/nix/variables/versions.nix index 343eff0..dfd0677 100644 --- a/nix/variables/versions.nix +++ b/nix/variables/versions.nix @@ -1,8 +1,8 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; - rev = "08950a6e29cf7bddee466592eb790a417550f7f9"; + ref = "nixos-22.11"; + rev = "dac57a4eccf1442e8bf4030df6fcbb55883cb682"; }; in { inherit nixpkgs; @@ -11,16 +11,16 @@ in { "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "nixos-unstable"; - rev = "f1c167688a6f81f4a51ab542e5f476c8c595e457"; + rev = "1eb875e811dd59e21e77f6337f2c1592889b48b3"; }; "nixpkgs-master" = { url = "https://github.com/NixOS/nixpkgs/"; ref = "master"; - rev = "5ebfb1845b1a77716ecd706b8f589c722584ed2a"; + rev = "590321a5defbbabe96f8def70013d5b45406dee4"; }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; - rev = "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675"; + ref = "release-22.11"; + rev = "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706"; }; } diff --git a/nix/variables/versions.tmpl.nix b/nix/variables/versions.tmpl.nix index 520e26e..e0734f1 100644 --- a/nix/variables/versions.tmpl.nix +++ b/nix/variables/versions.tmpl.nix @@ -1,9 +1,9 @@ let nixpkgs = { url = "https://github.com/NixOS/nixpkgs/"; - ref = "nixos-22.05"; + ref = "nixos-22.11"; rev = '' - <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; in { @@ -26,9 +26,9 @@ in { }; "home-manager-module" = { url = "https://github.com/nix-community/home-manager"; - ref = "release-22.05"; + ref = "release-22.11"; rev = '' - <% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d ' + <% git ls-remote https://github.com/nix-community/home-manager.git release-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; }